Summary: Methods | [Expand All]
public interface

AccessDecisionManager

org.springframework.security.access.AccessDecisionManager
Known Indirect Subclasses

Class Overview

Makes a final access control (authorization) decision.

Summary

Public Methods
abstract void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
Resolves an access control decision for the passed parameters.
abstract boolean supports(Class<?> clazz)
Indicates whether the AccessDecisionManager implementation is able to provide access control decisions for the indicated secured object type.
abstract boolean supports(ConfigAttribute attribute)
Indicates whether this AccessDecisionManager is able to process authorization requests presented with the passed ConfigAttribute.

Public Methods

public abstract void decide (Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)

Resolves an access control decision for the passed parameters.

Parameters
authentication the caller invoking the method (not null)
object the secured object being called
configAttributes the configuration attributes associated with the secured object being invoked
Throws
AccessDeniedException if access is denied as the authentication does not hold a required authority or ACL privilege
InsufficientAuthenticationException if access is denied as the authentication does not provide a sufficient level of trust

public abstract boolean supports (Class<?> clazz)

Indicates whether the AccessDecisionManager implementation is able to provide access control decisions for the indicated secured object type.

Parameters
clazz the class that is being queried
Returns
  • true if the implementation can process the indicated class

public abstract boolean supports (ConfigAttribute attribute)

Indicates whether this AccessDecisionManager is able to process authorization requests presented with the passed ConfigAttribute.

This allows the AbstractSecurityInterceptor to check every configuration attribute can be consumed by the configured AccessDecisionManager and/or RunAsManager and/or AfterInvocationManager.

Parameters
attribute a configuration attribute that has been configured against the AbstractSecurityInterceptor
Returns
  • true if this AccessDecisionManager can support the passed configuration attribute