Class PreInvocationAuthorizationAdviceVoter
- java.lang.Object
- 
- org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter
 
- 
- All Implemented Interfaces:
- AccessDecisionVoter<org.aopalliance.intercept.MethodInvocation>
 
 public class PreInvocationAuthorizationAdviceVoter extends java.lang.Object implements AccessDecisionVoter<org.aopalliance.intercept.MethodInvocation> Voter which performs the actions using a PreInvocationAuthorizationAdvice implementation generated from @PreFilter and @PreAuthorize annotations.In practice, if these annotations are being used, they will normally contain all the necessary access control logic, so a voter-based system is not really necessary and a single AccessDecisionManager which contained the same logic would suffice. However, this class fits in readily with the traditional voter-based AccessDecisionManager implementations used by Spring Security. - Since:
- 3.0
 
- 
- 
Field SummaryFields Modifier and Type Field Description protected org.apache.commons.logging.Loglogger- 
Fields inherited from interface org.springframework.security.access.AccessDecisionVoterACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED
 
- 
 - 
Constructor SummaryConstructors Constructor Description PreInvocationAuthorizationAdviceVoter(PreInvocationAuthorizationAdvice pre)
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Modifier and Type Method Description booleansupports(java.lang.Class<?> clazz)Indicates whether theAccessDecisionVoterimplementation is able to provide access control votes for the indicated secured object type.booleansupports(ConfigAttribute attribute)Indicates whether thisAccessDecisionVoteris able to vote on the passedConfigAttribute.intvote(Authentication authentication, org.aopalliance.intercept.MethodInvocation method, java.util.Collection<ConfigAttribute> attributes)Indicates whether or not access is granted.
 
- 
- 
- 
Constructor Detail- 
PreInvocationAuthorizationAdviceVoterpublic PreInvocationAuthorizationAdviceVoter(PreInvocationAuthorizationAdvice pre) 
 
- 
 - 
Method Detail- 
supportspublic boolean supports(ConfigAttribute attribute) Description copied from interface:AccessDecisionVoterIndicates whether thisAccessDecisionVoteris able to vote on the passedConfigAttribute.This allows the AbstractSecurityInterceptorto check every configuration attribute can be consumed by the configuredAccessDecisionManagerand/orRunAsManagerand/orAfterInvocationManager.- Specified by:
- supportsin interface- AccessDecisionVoter<org.aopalliance.intercept.MethodInvocation>
- Parameters:
- attribute- a configuration attribute that has been configured against the- AbstractSecurityInterceptor
- Returns:
- true if this AccessDecisionVotercan support the passed configuration attribute
 
 - 
supportspublic boolean supports(java.lang.Class<?> clazz) Description copied from interface:AccessDecisionVoterIndicates whether theAccessDecisionVoterimplementation is able to provide access control votes for the indicated secured object type.- Specified by:
- supportsin interface- AccessDecisionVoter<org.aopalliance.intercept.MethodInvocation>
- Parameters:
- clazz- the class that is being queried
- Returns:
- true if the implementation can process the indicated class
 
 - 
votepublic int vote(Authentication authentication, org.aopalliance.intercept.MethodInvocation method, java.util.Collection<ConfigAttribute> attributes) Description copied from interface:AccessDecisionVoterIndicates whether or not access is granted.The decision must be affirmative ( ACCESS_GRANTED), negative (ACCESS_DENIED) or theAccessDecisionVotercan abstain (ACCESS_ABSTAIN) from voting. Under no circumstances should implementing classes return any other value. If a weighting of results is desired, this should be handled in a customAccessDecisionManagerinstead.Unless an AccessDecisionVoteris specifically intended to vote on an access control decision due to a passed method invocation or configuration attribute parameter, it must returnACCESS_ABSTAIN. This prevents the coordinatingAccessDecisionManagerfrom counting votes from thoseAccessDecisionVoters without a legitimate interest in the access control decision.Whilst the secured object (such as a MethodInvocation) is passed as a parameter to maximise flexibility in making access control decisions, implementing classes should not modify it or cause the represented invocation to take place (for example, by callingMethodInvocation.proceed()).- Specified by:
- votein interface- AccessDecisionVoter<org.aopalliance.intercept.MethodInvocation>
- Parameters:
- authentication- the caller making the invocation
- method- the secured object being invoked
- attributes- the configuration attributes associated with the secured object
- Returns:
- either AccessDecisionVoter.ACCESS_GRANTED,AccessDecisionVoter.ACCESS_ABSTAINorAccessDecisionVoter.ACCESS_DENIED
 
 
- 
 
-