AllRequiredFactorsAuthorizationManager (spring-security-docs 7.0.0 API)

java.lang.Object

org.springframework.security.authorization.AllRequiredFactorsAuthorizationManager<T>

All Implemented Interfaces:: AuthorizationManager<T>

public final class AllRequiredFactorsAuthorizationManager<T> extends Object implements AuthorizationManager<T>

An AuthorizationManager that determines if the current user is authorized by evaluating if the Authentication contains a FactorGrantedAuthority that is not expired for each RequiredFactor.

Since:

7.0

See Also:

AuthorityAuthorizationManager

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

static final class

AllRequiredFactorsAuthorizationManager.Builder<T>

A builder for AllRequiredFactorsAuthorizationManager.
Method Summary

Modifier and Type

Method

Description

FactorAuthorizationDecision

authorize(Supplier<? extends @Nullable Authentication> authentication, T object)

For each RequiredFactor finds the first FactorGrantedAuthority.getAuthority() that matches the RequiredFactor.getAuthority().

static <T> AllRequiredFactorsAuthorizationManager.Builder<T>

builder()

Creates a new AllRequiredFactorsAuthorizationManager.Builder

void

setClock(Clock clock)

Sets the Clock to use.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.authorization.AuthorizationManager
verify

Method Details
- setClock
  
  public void setClock(Clock clock)
  
  Sets the Clock to use.
  
  Parameters:
  
  clock - the Clock to use. Cannot be null.
- authorize
  
  public FactorAuthorizationDecision authorize(Supplier<? extends @Nullable Authentication> authentication, T object)
  
  For each RequiredFactor finds the first FactorGrantedAuthority.getAuthority() that matches the RequiredFactor.getAuthority(). The FactorGrantedAuthority.getIssuedAt() must be more recent than RequiredFactor.getValidDuration() (if non-null).
  
  Specified by:
  
  authorize in interface AuthorizationManager<T>
  
  Parameters:
  
  authentication - the Supplier of the Authentication to check
  
  object - the object to check authorization on (not used).
  
  Returns:
  
  an FactorAuthorizationDecision
- builder
  
  public static <T> AllRequiredFactorsAuthorizationManager.Builder<T> builder()
  
  Creates a new AllRequiredFactorsAuthorizationManager.Builder
  
  Returns: