public class PreInvocationAuthorizationAdviceVoter extends java.lang.Object implements AccessDecisionVoter<org.aopalliance.intercept.MethodInvocation>
In practice, if these annotations are being used, they will normally contain all the necessary access control logic, so a voter-based system is not really necessary and a single AccessDecisionManager which contained the same logic would suffice. However, this class fits in readily with the traditional voter-based AccessDecisionManager implementations used by Spring Security.
| Modifier and Type | Field and Description |
|---|---|
protected org.apache.commons.logging.Log |
logger |
ACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED| Constructor and Description |
|---|
PreInvocationAuthorizationAdviceVoter(PreInvocationAuthorizationAdvice pre) |
| Modifier and Type | Method and Description |
|---|---|
boolean |
supports(java.lang.Class<?> clazz)
Indicates whether the
AccessDecisionVoter implementation is able to provide
access control votes for the indicated secured object type. |
boolean |
supports(ConfigAttribute attribute)
Indicates whether this
AccessDecisionVoter is able to vote on the passed
ConfigAttribute. |
int |
vote(Authentication authentication,
org.aopalliance.intercept.MethodInvocation method,
java.util.Collection<ConfigAttribute> attributes)
Indicates whether or not access is granted.
|
public PreInvocationAuthorizationAdviceVoter(PreInvocationAuthorizationAdvice pre)
public boolean supports(ConfigAttribute attribute)
AccessDecisionVoterAccessDecisionVoter is able to vote on the passed
ConfigAttribute.
This allows the AbstractSecurityInterceptor to check every configuration
attribute can be consumed by the configured AccessDecisionManager and/or
RunAsManager and/or AfterInvocationManager.
supports in interface AccessDecisionVoter<org.aopalliance.intercept.MethodInvocation>attribute - a configuration attribute that has been configured against the
AbstractSecurityInterceptorAccessDecisionVoter can support the passed
configuration attributepublic boolean supports(java.lang.Class<?> clazz)
AccessDecisionVoterAccessDecisionVoter implementation is able to provide
access control votes for the indicated secured object type.supports in interface AccessDecisionVoter<org.aopalliance.intercept.MethodInvocation>clazz - the class that is being queriedpublic int vote(Authentication authentication, org.aopalliance.intercept.MethodInvocation method, java.util.Collection<ConfigAttribute> attributes)
AccessDecisionVoter
The decision must be affirmative (ACCESS_GRANTED), negative (
ACCESS_DENIED) or the AccessDecisionVoter can abstain (
ACCESS_ABSTAIN) from voting. Under no circumstances should implementing
classes return any other value. If a weighting of results is desired, this should
be handled in a custom
AccessDecisionManager instead.
Unless an AccessDecisionVoter is specifically intended to vote on an access
control decision due to a passed method invocation or configuration attribute
parameter, it must return ACCESS_ABSTAIN. This prevents the coordinating
AccessDecisionManager from counting votes from those
AccessDecisionVoters without a legitimate interest in the access control
decision.
Whilst the secured object (such as a MethodInvocation) is passed as a
parameter to maximise flexibility in making access control decisions, implementing
classes should not modify it or cause the represented invocation to take place (for
example, by calling MethodInvocation.proceed()).
vote in interface AccessDecisionVoter<org.aopalliance.intercept.MethodInvocation>authentication - the caller making the invocationmethod - the secured object being invokedattributes - the configuration attributes associated with the secured objectAccessDecisionVoter.ACCESS_GRANTED, AccessDecisionVoter.ACCESS_ABSTAIN or
AccessDecisionVoter.ACCESS_DENIED