if (restriction == null || restriction.isEmpty()) {
return ACCESS_ABSTAIN;
}
boolean invertResult = false;
VotingStrategy votingStrategy = null;
for (final String trait : restriction.getTraits()) {
if (trait.equals(All.class.getName())) {
votingStrategy = ALL_VOTER;
} else if (trait.equals(Authorized.class.getName())) {
if (subject != null) {
return ACCESS_GRANTED;
}
} else if (trait.equals(Deny.class.getName())) {
invertResult = true;
}
}
if (votingStrategy == null) {
votingStrategy = DEFAULT_VOTER;
}
final RolesResource rolesResource = new RolesResource() {
@Override
public Collection<Role> getRoles() {
return restriction.getRoles();
}
};
final AuthorizationResult result = votingStrategy.vote(roleDecisionManager.decide(rolesResource, subject));
if (invertResult) {
cache.put(subject, runtimeResource, result.invert());
} else {
cache.put(subject, runtimeResource, result);