org.springframework.security.web.access.expression.WebExpressionVoter
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public class WebExpressionVoter
Voter which handles web authorisation decisions.
| Field Summary |
|---|
| Fields inherited from interface org.springframework.security.access.AccessDecisionVoter |
|---|
ACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED |
| Constructor Summary | |
|---|---|
WebExpressionVoter()
|
|
| Method Summary | |
|---|---|
void |
setExpressionHandler(WebSecurityExpressionHandler expressionHandler)
|
boolean |
supports(Class<?> clazz)
Indicates whether the AccessDecisionVoter implementation is able to provide access control
votes for the indicated secured object type. |
boolean |
supports(ConfigAttribute attribute)
Indicates whether this AccessDecisionVoter is able to vote on the passed
ConfigAttribute. |
int |
vote(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes)
Indicates whether or not access is granted. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public WebExpressionVoter()
| Method Detail |
|---|
public int vote(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes)
AccessDecisionVoterThe decision must be affirmative (ACCESS_GRANTED), negative (ACCESS_DENIED)
or the AccessDecisionVoter can abstain (ACCESS_ABSTAIN) from voting.
Under no circumstances should implementing classes return any other value. If a weighting of results is desired,
this should be handled in a custom AccessDecisionManager instead.
Unless an AccessDecisionVoter is specifically intended to vote on an access control
decision due to a passed method invocation or configuration attribute parameter, it must return
ACCESS_ABSTAIN. This prevents the coordinating AccessDecisionManager from counting
votes from those AccessDecisionVoters without a legitimate interest in the access control
decision.
Whilst the method invocation is passed as a parameter to maximise flexibility in making access
control decisions, implementing classes must never modify the behaviour of the method invocation (such as
calling MethodInvocation.proceed()).
vote in interface AccessDecisionVoterauthentication - the caller invoking the methodobject - the secured objectattributes - the configuration attributes associated with the method being invoked
AccessDecisionVoter.ACCESS_GRANTED, AccessDecisionVoter.ACCESS_ABSTAIN or AccessDecisionVoter.ACCESS_DENIEDpublic boolean supports(ConfigAttribute attribute)
AccessDecisionVoterAccessDecisionVoter is able to vote on the passed
ConfigAttribute.This allows the AbstractSecurityInterceptor to check every
configuration attribute can be consumed by the configured AccessDecisionManager and/or
RunAsManager and/or AfterInvocationManager.
supports in interface AccessDecisionVoterattribute - a configuration attribute that has been configured against the
AbstractSecurityInterceptor
AccessDecisionVoter can support the passed configuration attributepublic boolean supports(Class<?> clazz)
AccessDecisionVoterAccessDecisionVoter implementation is able to provide access control
votes for the indicated secured object type.
supports in interface AccessDecisionVoterclazz - the class that is being queried
public void setExpressionHandler(WebSecurityExpressionHandler expressionHandler)
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||