diff --git a/core/src/main/java/org/springframework/security/vote/ConsensusBased.java b/core/src/main/java/org/springframework/security/vote/ConsensusBased.java index a021ba694f..eca091b066 100644 --- a/core/src/main/java/org/springframework/security/vote/ConsensusBased.java +++ b/core/src/main/java/org/springframework/security/vote/ConsensusBased.java @@ -15,17 +15,18 @@ package org.springframework.security.vote; +import java.util.List; + import org.springframework.security.AccessDeniedException; import org.springframework.security.Authentication; import org.springframework.security.ConfigAttribute; -import java.util.Iterator; -import java.util.List; - - /** - * Simple concrete implementation of {@link org.springframework.security.AccessDecisionManager} that uses a consensus-based - * approach. + * Simple concrete implementation of {@link org.springframework.security.AccessDecisionManager} that uses a + * consensus-based approach. + *

+ * "Consensus" here means majority-rule (ignoring abstains) rather than unanimous agreement (ignoring abstains). + * If you require unanimity, please see {@link UnanimousBased}. */ public class ConsensusBased extends AbstractAccessDecisionManager { //~ Instance fields ================================================================================================ @@ -36,11 +37,13 @@ public class ConsensusBased extends AbstractAccessDecisionManager { /** * This concrete implementation simply polls all configured {@link AccessDecisionVoter}s and upon - * completion determines the consensus of granted vs denied responses.

If there were an equal number of - * grant and deny votes, the decision will be based on the {@link #isAllowIfEqualGrantedDeniedDecisions()} - * property (defaults to true).

- *

If every AccessDecisionVoter abstained from voting, the decision will be based on the - * {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).

+ * completion determines the consensus of granted against denied responses. + *

+ * If there were an equal number of grant and deny votes, the decision will be based on the + * {@link #isAllowIfEqualGrantedDeniedDecisions()} property (defaults to true). + *

+ * If every AccessDecisionVoter abstained from voting, the decision will be based on the + * {@link #isAllowIfAllAbstainDecisions()} property (defaults to false). * * @param authentication the caller invoking the method * @param object the secured object @@ -49,14 +52,12 @@ public class ConsensusBased extends AbstractAccessDecisionManager { * @throws AccessDeniedException if access is denied */ public void decide(Authentication authentication, Object object, List configAttributes) - throws AccessDeniedException { - Iterator iter = this.getDecisionVoters().iterator(); + throws AccessDeniedException { int grant = 0; int deny = 0; int abstain = 0; - while (iter.hasNext()) { - AccessDecisionVoter voter = (AccessDecisionVoter) iter.next(); + for (AccessDecisionVoter voter : getDecisionVoters()) { int result = voter.vote(authentication, object, configAttributes); switch (result) {