Class AllRequiredFactorsAuthorizationManager<T>

java.lang.Object

org.springframework.security.authorization.AllRequiredFactorsAuthorizationManager<T>

All Implemented Interfaces:

AuthorizationManager<T>

public final class AllRequiredFactorsAuthorizationManager<T>
extends Object
implements AuthorizationManager<T>

An AuthorizationManager that determines if the current user is authorized by evaluating if the Authentication contains a FactorGrantedAuthority that is not expired for each RequiredFactor.

Since:

7.0

See Also:

• AuthorityAuthorizationManager

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	AllRequiredFactorsAuthorizationManager.Builder<T>	A builder for AllRequiredFactorsAuthorizationManager.

Method Summary

Modifier and Type	Method	Description
static <T> AuthorizationManager<T>	anyOf(AllRequiredFactorsAuthorizationManager<T>... managers)	Creates an AuthorizationManager that grants access if at least one AllRequiredFactorsAuthorizationManager granted.
FactorAuthorizationDecision	authorize(Supplier<? extends @Nullable Authentication> authentication, T object)	For each RequiredFactor finds the first FactorGrantedAuthority.getAuthority() that matches the RequiredFactor.getAuthority().
static <T> AllRequiredFactorsAuthorizationManager.Builder<T>	builder()	Creates a new AllRequiredFactorsAuthorizationManager.Builder
void	setClock(Clock clock)	Sets the Clock to use.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface AuthorizationManager

verify

Method Details

anyOf

@SafeVarargs
public static <T> AuthorizationManager<T> anyOf(AllRequiredFactorsAuthorizationManager<T>... managers)

Creates an AuthorizationManager that grants access if at least one AllRequiredFactorsAuthorizationManager granted. When all managers deny, collects the unique RequiredFactorErrors from each manager.

Type Parameters:

T - the type of object that is being authorized

Parameters:

managers - the AllRequiredFactorsAuthorizationManagers to use; cannot be empty or contain null elements

Returns:

the AuthorizationManager to use

Since:

7.1

See Also:

• AuthorizationManagers.anyOf(AuthorizationManager[])

setClock

public void setClock(Clock clock)

Sets the Clock to use.

Parameters:

clock - the Clock to use. Cannot be null.

authorize

public FactorAuthorizationDecision authorize(Supplier<? extends @Nullable Authentication> authentication,
 T object)

For each RequiredFactor finds the first FactorGrantedAuthority.getAuthority() that matches the RequiredFactor.getAuthority(). The FactorGrantedAuthority.getIssuedAt() must be more recent than RequiredFactor.getValidDuration() (if non-null).

Specified by:

authorize in interface AuthorizationManager<T>

Parameters:

authentication - the Supplier of the Authentication to check

object - the object to check authorization on (not used).

Returns:

an FactorAuthorizationDecision

builder

public static <T>
AllRequiredFactorsAuthorizationManager.Builder<T> builder()

Creates a new AllRequiredFactorsAuthorizationManager.Builder

Returns: