public class AuthenticatedVoter extends Object implements AccessDecisionVoter<Object>
IS_AUTHENTICATED_ANONYMOUSLYis present. This list is in order of most strict checking to least strict checking.
Authentication will be inspected to determine if the principal has a particular
level of authentication. The "FULLY" authenticated option means the user is authenticated fully (i.e.
AuthenticationTrustResolver.isAnonymous(Authentication) is false and
AuthenticationTrustResolver.isRememberMe(Authentication) is false). The "REMEMBERED" will grant
access if the principal was either authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY" will
grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.
All comparisons and prefixes are case sensitive.
|Modifier and Type||Field and Description|
|Constructor and Description|
|Modifier and Type||Method and Description|
This implementation supports any type of class, because it does not query the presented secure object.
Indicates whether this
Indicates whether or not access is granted.
public static final String IS_AUTHENTICATED_FULLY
public static final String IS_AUTHENTICATED_REMEMBERED
public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver)
public boolean supports(ConfigAttribute attribute)
AccessDecisionVoteris able to vote on the passed
This allows the
AbstractSecurityInterceptor to check every configuration attribute can be consumed by
public boolean supports(Class<?> clazz)
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes)
The decision must be affirmative (
ACCESS_GRANTED), negative (
AccessDecisionVoter can abstain (
ACCESS_ABSTAIN) from voting.
Under no circumstances should implementing classes return any other value. If a weighting of results is desired,
this should be handled in a custom
AccessDecisionVoter is specifically intended to vote on an access control
decision due to a passed method invocation or configuration attribute parameter, it must return
ACCESS_ABSTAIN. This prevents the coordinating
AccessDecisionManager from counting
votes from those
AccessDecisionVoters without a legitimate interest in the access control
Whilst the secured object (such as a
MethodInvocation) is passed as a parameter to maximise flexibility
in making access control decisions, implementing classes should not modify it or cause the represented invocation
to take place (for example, by calling
authentication- the caller making the invocation
object- the secured object being invoked
attributes- the configuration attributes associated with the secured object