org.springframework.security.access.AccessDecisionVoter<S> |
Known Indirect Subclasses |
Indicates a class is responsible for voting on authorization decisions.
The coordination of voting (ie polling AccessDecisionVoter
s,
tallying their responses, and making the final authorization decision) is
performed by an AccessDecisionManager
.
Constants | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
int | ACCESS_ABSTAIN | ||||||||||
int | ACCESS_DENIED | ||||||||||
int | ACCESS_GRANTED |
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Indicates whether the
AccessDecisionVoter implementation is able to provide access control
votes for the indicated secured object type. | |||||||||||
Indicates whether this
AccessDecisionVoter is able to vote on the passed ConfigAttribute . | |||||||||||
Indicates whether or not access is granted.
|
Indicates whether the AccessDecisionVoter
implementation is able to provide access control
votes for the indicated secured object type.
clazz | the class that is being queried |
---|
Indicates whether this AccessDecisionVoter
is able to vote on the passed ConfigAttribute
.
This allows the AbstractSecurityInterceptor
to check every configuration attribute can be consumed by
the configured AccessDecisionManager
and/or RunAsManager
and/or AfterInvocationManager
.
attribute | a configuration attribute that has been configured against the
AbstractSecurityInterceptor |
---|
AccessDecisionVoter
can support the passed configuration attribute
Indicates whether or not access is granted.
The decision must be affirmative (ACCESS_GRANTED
), negative (ACCESS_DENIED
)
or the AccessDecisionVoter
can abstain (ACCESS_ABSTAIN
) from voting.
Under no circumstances should implementing classes return any other value. If a weighting of results is desired,
this should be handled in a custom AccessDecisionManager
instead.
Unless an AccessDecisionVoter
is specifically intended to vote on an access control
decision due to a passed method invocation or configuration attribute parameter, it must return
ACCESS_ABSTAIN
. This prevents the coordinating AccessDecisionManager
from counting
votes from those AccessDecisionVoter
s without a legitimate interest in the access control
decision.
Whilst the secured object (such as a MethodInvocation
) is passed as a parameter to maximise flexibility
in making access control decisions, implementing classes should not modify it or cause the represented invocation
to take place (for example, by calling MethodInvocation.proceed()
).
authentication | the caller making the invocation |
---|---|
object | the secured object being invoked |
attributes | the configuration attributes associated with the secured object |
ACCESS_GRANTED
, ACCESS_ABSTAIN
or ACCESS_DENIED