public function AuthorizeAccess($resource, ORBSecurity $security) { $resource = ServiceRegistry::GetMapping($resource); $accessConstraintList = $security->GetConstraints($resource); $grantConstraints = array(); $rejectConstraints = array(); /*int*/ $currentPriority = 0; while ($currentPriority < count($accessConstraintList)) { /*StringCollection*/ $accessConstraintsNames = (array) $accessConstraintList[$currentPriority]; //StringCollection accessConstraintsNames = accessConstraintList[currentPriority]; foreach ($accessConstraintsNames as $constraintName) { /*AccessConstraint*/ $constraint = $security->getAccessConstraint($constraintName); //AccessConstraint constraint = (AccessConstraint)security.getAccessConstraint(constraintName); if ($constraint->IsGrant()) { array_push($grantConstraints, $constraint); } else { array_push($rejectConstraints, $constraint); } } ++$currentPriority; } foreach ($grantConstraints as $constraint) { if ($constraint->Validate()) { if (LOGGING) { Log::log(LoggingConstants::SECURITY, "access allowed. resource name - '" . $resource . "'. reason - " . $constraint->GetReason()); } return true; } } foreach ($rejectConstraints as $constraint) { if (!$constraint->Validate()) { if (LOGGING) { Log::log(LoggingConstants::SECURITY, "access denied. resource name - '" . $resource . "'. reason - " . $constraint->GetReason()); } return false; } } if ($security->GetDeploymentMode() == ORBSecurity::CLOSEDSYSTEM_MODE) { if (LOGGING) { Log::log(LoggingConstants::SECURITY, "access to resource " . $resource . " has been denied. WebORB Closed-System Mode requires explicit access declaration for all resources"); } return false; } return true; }