|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.web.access.expression.WebExpressionVoter
public class WebExpressionVoter
Voter which handles web authorisation decisions.
Field Summary |
---|
Fields inherited from interface org.springframework.security.access.AccessDecisionVoter |
---|
ACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED |
Constructor Summary | |
---|---|
WebExpressionVoter()
|
Method Summary | |
---|---|
void |
setExpressionHandler(WebSecurityExpressionHandler expressionHandler)
|
boolean |
supports(Class<?> clazz)
Indicates whether the AccessDecisionVoter implementation is able to provide access control
votes for the indicated secured object type. |
boolean |
supports(ConfigAttribute attribute)
Indicates whether this AccessDecisionVoter is able to vote on the passed
ConfigAttribute . |
int |
vote(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes)
Indicates whether or not access is granted. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public WebExpressionVoter()
Method Detail |
---|
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes)
AccessDecisionVoter
The decision must be affirmative (ACCESS_GRANTED
), negative (ACCESS_DENIED
)
or the AccessDecisionVoter
can abstain (ACCESS_ABSTAIN
) from voting.
Under no circumstances should implementing classes return any other value. If a weighting of results is desired,
this should be handled in a custom AccessDecisionManager
instead.
Unless an AccessDecisionVoter
is specifically intended to vote on an access control
decision due to a passed method invocation or configuration attribute parameter, it must return
ACCESS_ABSTAIN
. This prevents the coordinating AccessDecisionManager
from counting
votes from those AccessDecisionVoter
s without a legitimate interest in the access control
decision.
Whilst the method invocation is passed as a parameter to maximise flexibility in making access
control decisions, implementing classes must never modify the behaviour of the method invocation (such as
calling MethodInvocation.proceed()
).
vote
in interface AccessDecisionVoter
authentication
- the caller invoking the methodobject
- the secured objectattributes
- the configuration attributes associated with the method being invoked
AccessDecisionVoter.ACCESS_GRANTED
, AccessDecisionVoter.ACCESS_ABSTAIN
or AccessDecisionVoter.ACCESS_DENIED
public boolean supports(ConfigAttribute attribute)
AccessDecisionVoter
AccessDecisionVoter
is able to vote on the passed
ConfigAttribute
.This allows the AbstractSecurityInterceptor
to check every
configuration attribute can be consumed by the configured AccessDecisionManager
and/or
RunAsManager
and/or AfterInvocationManager
.
supports
in interface AccessDecisionVoter
attribute
- a configuration attribute that has been configured against the
AbstractSecurityInterceptor
AccessDecisionVoter
can support the passed configuration attributepublic boolean supports(Class<?> clazz)
AccessDecisionVoter
AccessDecisionVoter
implementation is able to provide access control
votes for the indicated secured object type.
supports
in interface AccessDecisionVoter
clazz
- the class that is being queried
public void setExpressionHandler(WebSecurityExpressionHandler expressionHandler)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |