Class PreInvocationAuthorizationAdviceVoter
- java.lang.Object
-
- org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter
-
- All Implemented Interfaces:
AccessDecisionVoter<org.aopalliance.intercept.MethodInvocation>
public class PreInvocationAuthorizationAdviceVoter extends java.lang.Object implements AccessDecisionVoter<org.aopalliance.intercept.MethodInvocation>
Voter which performs the actions using a PreInvocationAuthorizationAdvice implementation generated from @PreFilter and @PreAuthorize annotations.In practice, if these annotations are being used, they will normally contain all the necessary access control logic, so a voter-based system is not really necessary and a single AccessDecisionManager which contained the same logic would suffice. However, this class fits in readily with the traditional voter-based AccessDecisionManager implementations used by Spring Security.
- Since:
- 3.0
-
-
Field Summary
Fields Modifier and Type Field Description protected org.apache.commons.logging.Log
logger
-
Fields inherited from interface org.springframework.security.access.AccessDecisionVoter
ACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED
-
-
Constructor Summary
Constructors Constructor Description PreInvocationAuthorizationAdviceVoter(PreInvocationAuthorizationAdvice pre)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
supports(java.lang.Class<?> clazz)
Indicates whether theAccessDecisionVoter
implementation is able to provide access control votes for the indicated secured object type.boolean
supports(ConfigAttribute attribute)
Indicates whether thisAccessDecisionVoter
is able to vote on the passedConfigAttribute
.int
vote(Authentication authentication, org.aopalliance.intercept.MethodInvocation method, java.util.Collection<ConfigAttribute> attributes)
Indicates whether or not access is granted.
-
-
-
Constructor Detail
-
PreInvocationAuthorizationAdviceVoter
public PreInvocationAuthorizationAdviceVoter(PreInvocationAuthorizationAdvice pre)
-
-
Method Detail
-
supports
public boolean supports(ConfigAttribute attribute)
Description copied from interface:AccessDecisionVoter
Indicates whether thisAccessDecisionVoter
is able to vote on the passedConfigAttribute
.This allows the
AbstractSecurityInterceptor
to check every configuration attribute can be consumed by the configuredAccessDecisionManager
and/orRunAsManager
and/orAfterInvocationManager
.- Specified by:
supports
in interfaceAccessDecisionVoter<org.aopalliance.intercept.MethodInvocation>
- Parameters:
attribute
- a configuration attribute that has been configured against theAbstractSecurityInterceptor
- Returns:
- true if this
AccessDecisionVoter
can support the passed configuration attribute
-
supports
public boolean supports(java.lang.Class<?> clazz)
Description copied from interface:AccessDecisionVoter
Indicates whether theAccessDecisionVoter
implementation is able to provide access control votes for the indicated secured object type.- Specified by:
supports
in interfaceAccessDecisionVoter<org.aopalliance.intercept.MethodInvocation>
- Parameters:
clazz
- the class that is being queried- Returns:
- true if the implementation can process the indicated class
-
vote
public int vote(Authentication authentication, org.aopalliance.intercept.MethodInvocation method, java.util.Collection<ConfigAttribute> attributes)
Description copied from interface:AccessDecisionVoter
Indicates whether or not access is granted.The decision must be affirmative (
ACCESS_GRANTED
), negative (ACCESS_DENIED
) or theAccessDecisionVoter
can abstain (ACCESS_ABSTAIN
) from voting. Under no circumstances should implementing classes return any other value. If a weighting of results is desired, this should be handled in a customAccessDecisionManager
instead.Unless an
AccessDecisionVoter
is specifically intended to vote on an access control decision due to a passed method invocation or configuration attribute parameter, it must returnACCESS_ABSTAIN
. This prevents the coordinatingAccessDecisionManager
from counting votes from thoseAccessDecisionVoter
s without a legitimate interest in the access control decision.Whilst the secured object (such as a
MethodInvocation
) is passed as a parameter to maximise flexibility in making access control decisions, implementing classes should not modify it or cause the represented invocation to take place (for example, by callingMethodInvocation.proceed()
).- Specified by:
vote
in interfaceAccessDecisionVoter<org.aopalliance.intercept.MethodInvocation>
- Parameters:
authentication
- the caller making the invocationmethod
- the secured object being invokedattributes
- the configuration attributes associated with the secured object- Returns:
- either
AccessDecisionVoter.ACCESS_GRANTED
,AccessDecisionVoter.ACCESS_ABSTAIN
orAccessDecisionVoter.ACCESS_DENIED
-
-