public interface AccessDecisionManager
Modifier and Type | Method and Description |
---|---|
void |
decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> configAttributes)
Resolves an access control decision for the passed parameters.
|
boolean |
supports(Class<?> clazz)
Indicates whether the
AccessDecisionManager implementation is able to
provide access control decisions for the indicated secured object type. |
boolean |
supports(ConfigAttribute attribute)
Indicates whether this
AccessDecisionManager is able to process
authorization requests presented with the passed ConfigAttribute . |
void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException
authentication
- the caller invoking the method (not null)object
- the secured object being calledconfigAttributes
- the configuration attributes associated with the secured
object being invokedAccessDeniedException
- if access is denied as the authentication does not
hold a required authority or ACL privilegeInsufficientAuthenticationException
- if access is denied as the
authentication does not provide a sufficient level of trustboolean supports(ConfigAttribute attribute)
AccessDecisionManager
is able to process
authorization requests presented with the passed ConfigAttribute
.
This allows the AbstractSecurityInterceptor
to check every
configuration attribute can be consumed by the configured
AccessDecisionManager
and/or RunAsManager
and/or
AfterInvocationManager
.
attribute
- a configuration attribute that has been configured against the
AbstractSecurityInterceptor
AccessDecisionManager
can support the passed
configuration attributeboolean supports(Class<?> clazz)
AccessDecisionManager
implementation is able to
provide access control decisions for the indicated secured object type.clazz
- the class that is being queriedtrue
if the implementation can process the indicated class