public class MessageExpressionVoter<T> extends Object implements AccessDecisionVoter<org.springframework.messaging.Message<T>>
Message authorisation decisions. If a
MessageExpressionConfigAttribute is found, then its expression is evaluated. If
true, ACCESS_GRANTED is returned. If false, ACCESS_DENIED is returned.
If no MessageExpressionConfigAttribute is found, then ACCESS_ABSTAIN is
returned.ACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED| Constructor and Description |
|---|
MessageExpressionVoter() |
| Modifier and Type | Method and Description |
|---|---|
void |
setExpressionHandler(SecurityExpressionHandler<org.springframework.messaging.Message<T>> expressionHandler) |
boolean |
supports(Class<?> clazz)
Indicates whether the
AccessDecisionVoter implementation is able to provide
access control votes for the indicated secured object type. |
boolean |
supports(ConfigAttribute attribute)
Indicates whether this
AccessDecisionVoter is able to vote on the passed
ConfigAttribute. |
int |
vote(Authentication authentication,
org.springframework.messaging.Message<T> message,
Collection<ConfigAttribute> attributes)
Indicates whether or not access is granted.
|
public int vote(Authentication authentication, org.springframework.messaging.Message<T> message, Collection<ConfigAttribute> attributes)
AccessDecisionVoter
The decision must be affirmative (ACCESS_GRANTED), negative (
ACCESS_DENIED) or the AccessDecisionVoter can abstain (
ACCESS_ABSTAIN) from voting. Under no circumstances should implementing
classes return any other value. If a weighting of results is desired, this should
be handled in a custom
AccessDecisionManager instead.
Unless an AccessDecisionVoter is specifically intended to vote on an access
control decision due to a passed method invocation or configuration attribute
parameter, it must return ACCESS_ABSTAIN. This prevents the coordinating
AccessDecisionManager from counting votes from those
AccessDecisionVoters without a legitimate interest in the access control
decision.
Whilst the secured object (such as a MethodInvocation) is passed as a
parameter to maximise flexibility in making access control decisions, implementing
classes should not modify it or cause the represented invocation to take place (for
example, by calling MethodInvocation.proceed()).
vote in interface AccessDecisionVoter<org.springframework.messaging.Message<T>>authentication - the caller making the invocationmessage - the secured object being invokedattributes - the configuration attributes associated with the secured objectAccessDecisionVoter.ACCESS_GRANTED, AccessDecisionVoter.ACCESS_ABSTAIN or
AccessDecisionVoter.ACCESS_DENIEDpublic boolean supports(ConfigAttribute attribute)
AccessDecisionVoterAccessDecisionVoter is able to vote on the passed
ConfigAttribute.
This allows the AbstractSecurityInterceptor to check every configuration
attribute can be consumed by the configured AccessDecisionManager and/or
RunAsManager and/or AfterInvocationManager.
supports in interface AccessDecisionVoter<org.springframework.messaging.Message<T>>attribute - a configuration attribute that has been configured against the
AbstractSecurityInterceptorAccessDecisionVoter can support the passed
configuration attributepublic boolean supports(Class<?> clazz)
AccessDecisionVoterAccessDecisionVoter implementation is able to provide
access control votes for the indicated secured object type.supports in interface AccessDecisionVoter<org.springframework.messaging.Message<T>>clazz - the class that is being queriedpublic void setExpressionHandler(SecurityExpressionHandler<org.springframework.messaging.Message<T>> expressionHandler)