Package org.springframework.security.access

Interface AccessDecisionManager

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      void decide​(Authentication authentication, java.lang.Object object, java.util.Collection<ConfigAttribute> configAttributes)
      Resolves an access control decision for the passed parameters.
      boolean supports​(java.lang.Class<?> clazz)
      Indicates whether the AccessDecisionManager implementation is able to provide access control decisions for the indicated secured object type.
      boolean supports​(ConfigAttribute attribute)
      Indicates whether this AccessDecisionManager is able to process authorization requests presented with the passed ConfigAttribute.

    • Method Detail

      • decide

        void decide​(Authentication authentication,
            java.lang.Object object,
            java.util.Collection<ConfigAttribute> configAttributes)
     throws AccessDeniedException,
            InsufficientAuthenticationException
        Resolves an access control decision for the passed parameters.
        Parameters:
        authentication - the caller invoking the method (not null)
        object - the secured object being called
        configAttributes - the configuration attributes associated with the secured object being invoked
        Throws:
        AccessDeniedException - if access is denied as the authentication does not hold a required authority or ACL privilege
        InsufficientAuthenticationException - if access is denied as the authentication does not provide a sufficient level of trust

      • supports

        boolean supports​(ConfigAttribute attribute)
        Indicates whether this AccessDecisionManager is able to process authorization requests presented with the passed ConfigAttribute.

        This allows the AbstractSecurityInterceptor to check every configuration attribute can be consumed by the configured AccessDecisionManager and/or RunAsManager and/or AfterInvocationManager.

        Parameters:
        attribute - a configuration attribute that has been configured against the AbstractSecurityInterceptor
        Returns:
        true if this AccessDecisionManager can support the passed configuration attribute

      • supports

        boolean supports​(java.lang.Class<?> clazz)
        Indicates whether the AccessDecisionManager implementation is able to provide access control decisions for the indicated secured object type.
        Parameters:
        clazz - the class that is being queried
        Returns:
        true if the implementation can process the indicated class