Spring Security Framework

org.springframework.security
Class AuthenticationTrustResolverImpl

java.lang.Object
  extended by org.springframework.security.AuthenticationTrustResolverImpl
All Implemented Interfaces:
AuthenticationTrustResolver

public class AuthenticationTrustResolverImpl
extends Object
implements AuthenticationTrustResolver

Basic implementation of AuthenticationTrustResolver.

Makes trust decisions based on whether the passed Authentication is an instance of a defined class.

If anonymousClass or rememberMeClass is null, the corresponding method will always return false.

Version:
$Id$
Author:
Ben Alex

Constructor Summary
AuthenticationTrustResolverImpl()
           
 
Method Summary
 Class getAnonymousClass()
           
 Class getRememberMeClass()
           
 boolean isAnonymous(Authentication authentication)
          Indicates whether the passed Authentication token represents an anonymous user.
 boolean isRememberMe(Authentication authentication)
          Indicates whether the passed Authentication token represents user that has been remembered (ie not a user that has been fully authenticated).
 void setAnonymousClass(Class anonymousClass)
           
 void setRememberMeClass(Class rememberMeClass)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AuthenticationTrustResolverImpl

public AuthenticationTrustResolverImpl()
Method Detail

getAnonymousClass

public Class getAnonymousClass()

getRememberMeClass

public Class getRememberMeClass()

isAnonymous

public boolean isAnonymous(Authentication authentication)
Description copied from interface: AuthenticationTrustResolver
Indicates whether the passed Authentication token represents an anonymous user. Typically the framework will call this method if it is trying to decide whether an AccessDeniedException should result in a final rejection (ie as would be the case if the principal was non-anonymous/fully authenticated) or direct the principal to attempt actual authentication (ie as would be the case if the Authentication was merely anonymous).

Specified by:
isAnonymous in interface AuthenticationTrustResolver
Parameters:
authentication - to test (may be null in which case the method will always return false)
Returns:
true the passed authentication token represented an anonymous principal, false otherwise

isRememberMe

public boolean isRememberMe(Authentication authentication)
Description copied from interface: AuthenticationTrustResolver
Indicates whether the passed Authentication token represents user that has been remembered (ie not a user that has been fully authenticated).

No part of the framework uses this method, as it is a weak definition of trust levels. The method is provided simply to assist with custom AccessDecisionVoters and the like that you might develop. Of course, you don't need to use this method either and can develop your own "trust level" hierarchy instead.

Specified by:
isRememberMe in interface AuthenticationTrustResolver
Parameters:
authentication - to test (may be null in which case the method will always return false)
Returns:
true the passed authentication token represented a principal authenticated using a remember-me token, false otherwise

setAnonymousClass

public void setAnonymousClass(Class anonymousClass)

setRememberMeClass

public void setRememberMeClass(Class rememberMeClass)

Spring Security Framework

Copyright © 2004-2010 SpringSource, Inc. All Rights Reserved.