public interface AccessDecisionManager
| Modifier and Type | Method and Description |
|---|---|
void |
decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> configAttributes)
Resolves an access control decision for the passed parameters.
|
boolean |
supports(Class<?> clazz)
Indicates whether the
AccessDecisionManager implementation is able to provide access
control decisions for the indicated secured object type. |
boolean |
supports(ConfigAttribute attribute)
Indicates whether this
AccessDecisionManager is able to process authorization requests
presented with the passed ConfigAttribute. |
void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException
authentication - the caller invoking the method (not null)object - the secured object being calledconfigAttributes - the configuration attributes associated with the secured object being invokedAccessDeniedException - if access is denied as the authentication does not hold a required authority or
ACL privilegeInsufficientAuthenticationException - if access is denied as the authentication does not provide a
sufficient level of trustboolean supports(ConfigAttribute attribute)
AccessDecisionManager is able to process authorization requests
presented with the passed ConfigAttribute.This allows the
AbstractSecurityInterceptor to check every configuration attribute can be consumed by the
configured AccessDecisionManager and/or RunAsManager and/or
AfterInvocationManager.
attribute - a configuration attribute that has been configured against the
AbstractSecurityInterceptorAccessDecisionManager can support the passed configuration attributeboolean supports(Class<?> clazz)
AccessDecisionManager implementation is able to provide access
control decisions for the indicated secured object type.clazz - the class that is being queriedtrue if the implementation can process the indicated class