org.springframework.security.web.access.expression.WebExpressionVoter
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
public class WebExpressionVoter
Voter which handles web authorisation decisions.
| Field Summary |
|---|
| Fields inherited from interface org.springframework.security.access.AccessDecisionVoter |
|---|
ACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED |
| Constructor Summary | |
|---|---|
WebExpressionVoter()
|
|
| Method Summary | |
|---|---|
void |
setExpressionHandler(SecurityExpressionHandler<FilterInvocation> expressionHandler)
|
boolean |
supports(Class<?> clazz)
Indicates whether the AccessDecisionVoter implementation is able to provide access control
votes for the indicated secured object type. |
boolean |
supports(ConfigAttribute attribute)
Indicates whether this AccessDecisionVoter is able to vote on the passed ConfigAttribute. |
int |
vote(Authentication authentication,
FilterInvocation fi,
Collection<ConfigAttribute> attributes)
Indicates whether or not access is granted. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public WebExpressionVoter()
| Method Detail |
|---|
public int vote(Authentication authentication,
FilterInvocation fi,
Collection<ConfigAttribute> attributes)
AccessDecisionVoter
The decision must be affirmative (ACCESS_GRANTED), negative (ACCESS_DENIED)
or the AccessDecisionVoter can abstain (ACCESS_ABSTAIN) from voting.
Under no circumstances should implementing classes return any other value. If a weighting of results is desired,
this should be handled in a custom AccessDecisionManager instead.
Unless an AccessDecisionVoter is specifically intended to vote on an access control
decision due to a passed method invocation or configuration attribute parameter, it must return
ACCESS_ABSTAIN. This prevents the coordinating AccessDecisionManager from counting
votes from those AccessDecisionVoters without a legitimate interest in the access control
decision.
Whilst the secured object (such as a MethodInvocation) is passed as a parameter to maximise flexibility
in making access control decisions, implementing classes should not modify it or cause the represented invocation
to take place (for example, by calling MethodInvocation.proceed()).
vote in interface AccessDecisionVoter<FilterInvocation>authentication - the caller making the invocationfi - the secured object being invokedattributes - the configuration attributes associated with the secured object
AccessDecisionVoter.ACCESS_GRANTED, AccessDecisionVoter.ACCESS_ABSTAIN or AccessDecisionVoter.ACCESS_DENIEDpublic boolean supports(ConfigAttribute attribute)
AccessDecisionVoterAccessDecisionVoter is able to vote on the passed ConfigAttribute.
This allows the AbstractSecurityInterceptor to check every configuration attribute can be consumed by
the configured AccessDecisionManager and/or RunAsManager and/or AfterInvocationManager.
supports in interface AccessDecisionVoter<FilterInvocation>attribute - a configuration attribute that has been configured against the
AbstractSecurityInterceptor
AccessDecisionVoter can support the passed configuration attributepublic boolean supports(Class<?> clazz)
AccessDecisionVoterAccessDecisionVoter implementation is able to provide access control
votes for the indicated secured object type.
supports in interface AccessDecisionVoter<FilterInvocation>clazz - the class that is being queried
public void setExpressionHandler(SecurityExpressionHandler<FilterInvocation> expressionHandler)
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||