@Override public Privilege apply(String privilege) { return privilegeFactory.createPrivilege(privilege); } });
private boolean doHasAccess(Subject subject, List<? extends Authorizable> authorizables, Set<? extends Action> actions, ActiveRoleSet roleSet) { Set<String> groups = getGroups(subject); Set<String> hierarchy = new HashSet<String>(); for (Authorizable authorizable : authorizables) { hierarchy.add(KV_JOINER.join(authorizable.getTypeName(), authorizable.getName())); } List<String> requestPrivileges = buildPermissions(authorizables, actions); Iterable<Privilege> privileges = getPrivileges(groups, roleSet, authorizables.toArray(new Authorizable[0])); lastFailedPrivileges.get().clear(); for (String requestPrivilege : requestPrivileges) { for (Privilege permission : privileges) { /* * Does the permission granted in the policy file imply the requested action? */ boolean result = permission.implies(privilegeFactory.createPrivilege(requestPrivilege)); if (LOGGER.isDebugEnabled()) { LOGGER.debug("ProviderPrivilege {}, RequestPrivilege {}, RoleSet, {}, Result {}", new Object[]{ permission, requestPrivilege, roleSet, result}); } if (result) { return true; } } } lastFailedPrivileges.get().addAll(requestPrivileges); return false; }