| java.lang.Object | |
| ↳ | org.springframework.security.access.vote.RoleVoter |
 Known Direct Subclasses
|
Class Overview
Votes if any getAttribute() starts with a prefix
indicating that it is a role. The default prefix string is ROLE_,
but this may be overridden to any value. It may also be set to empty, which
means that essentially any attribute will be voted on. As described further
below, the effect of an empty prefix may not be quite desirable.
Abstains from voting if no configuration attribute commences with the role
prefix. Votes to grant access if there is an exact matching
GrantedAuthority to a ConfigAttribute
starting with the role prefix. Votes to deny access if there is no exact
matching GrantedAuthority to a ConfigAttribute
starting with the role prefix.
An empty role prefix means that the voter will vote for every
ConfigAttribute. When there are different categories of ConfigAttributes
used, this will not be optimal since the voter will be voting for attributes
which do not represent roles. However, this option may be of some use when
using pre-existing role names without a prefix, and no ability exists to
prefix them with a role prefix on reading them in, such as provided for
example in JdbcDaoImpl.
All comparisons and prefixes are case sensitive.
Summary
|
[Expand]
Inherited Constants | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
From interface
org.springframework.security.access.AccessDecisionVoter
| |||||||||||
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Allows the default role prefix of
ROLE_ to be overridden. | |||||||||||
This implementation supports any type of class, because it does not query
the presented secure object.
| |||||||||||
Indicates whether this
AccessDecisionVoter is able to vote on the passed ConfigAttribute. | |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
From class
java.lang.Object
| |||||||||||
|
From interface
org.springframework.security.access.AccessDecisionVoter
| |||||||||||
Public Constructors
public RoleVoter ()
Public Methods
public void setRolePrefix (String rolePrefix)
Allows the default role prefix of ROLE_ to be overridden.
May be set to an empty value, although this is usually not desirable.
Parameters
| rolePrefix | the new prefix |
|---|
public boolean supports (Class<?> clazz)
This implementation supports any type of class, because it does not query the presented secure object.
Parameters
| clazz | the secure object |
|---|
Returns
- always
true
public boolean supports (ConfigAttribute attribute)
Indicates whether this AccessDecisionVoter is able to vote on the passed ConfigAttribute.
This allows the AbstractSecurityInterceptor to check every configuration attribute can be consumed by
the configured AccessDecisionManager and/or RunAsManager and/or AfterInvocationManager.
Parameters
| attribute | a configuration attribute that has been configured against the
AbstractSecurityInterceptor |
|---|
Returns
- true if this
AccessDecisionVotercan support the passed configuration attribute