java.lang.Object | |
↳ | org.springframework.security.access.vote.RoleVoter |
Known Direct Subclasses |
Votes if any getAttribute()
starts with a prefix
indicating that it is a role. The default prefix string is ROLE_
,
but this may be overridden to any value. It may also be set to empty, which
means that essentially any attribute will be voted on. As described further
below, the effect of an empty prefix may not be quite desirable.
Abstains from voting if no configuration attribute commences with the role
prefix. Votes to grant access if there is an exact matching
GrantedAuthority
to a ConfigAttribute
starting with the role prefix. Votes to deny access if there is no exact
matching GrantedAuthority
to a ConfigAttribute
starting with the role prefix.
An empty role prefix means that the voter will vote for every
ConfigAttribute. When there are different categories of ConfigAttributes
used, this will not be optimal since the voter will be voting for attributes
which do not represent roles. However, this option may be of some use when
using pre-existing role names without a prefix, and no ability exists to
prefix them with a role prefix on reading them in, such as provided for
example in JdbcDaoImpl
.
All comparisons and prefixes are case sensitive.
[Expand]
Inherited Constants | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From interface
org.springframework.security.access.AccessDecisionVoter
|
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Allows the default role prefix of
ROLE_ to be overridden. | |||||||||||
This implementation supports any type of class, because it does not query
the presented secure object.
| |||||||||||
Indicates whether this
AccessDecisionVoter is able to vote on the passed ConfigAttribute . | |||||||||||
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
From interface
org.springframework.security.access.AccessDecisionVoter
|
Allows the default role prefix of ROLE_
to be overridden.
May be set to an empty value, although this is usually not desirable.
rolePrefix | the new prefix |
---|
This implementation supports any type of class, because it does not query the presented secure object.
clazz | the secure object |
---|
true
Indicates whether this AccessDecisionVoter
is able to vote on the passed ConfigAttribute
.
This allows the AbstractSecurityInterceptor
to check every configuration attribute can be consumed by
the configured AccessDecisionManager
and/or RunAsManager
and/or AfterInvocationManager
.
attribute | a configuration attribute that has been configured against the
AbstractSecurityInterceptor |
---|
AccessDecisionVoter
can support the passed configuration attribute