Interface AccessDecisionVoter<S>
- 
- All Known Implementing Classes:
- AbstractAclVoter,- AclEntryVoter,- AuthenticatedVoter,- Jsr250Voter,- MessageExpressionVoter,- PreInvocationAuthorizationAdviceVoter,- RoleHierarchyVoter,- RoleVoter,- WebExpressionVoter
 
 public interface AccessDecisionVoter<S>Indicates a class is responsible for voting on authorization decisions.The coordination of voting (ie polling AccessDecisionVoters, tallying their responses, and making the final authorization decision) is performed by anAccessDecisionManager.
- 
- 
Field SummaryFields Modifier and Type Field Description static intACCESS_ABSTAINstatic intACCESS_DENIEDstatic intACCESS_GRANTED
 - 
Method SummaryAll Methods Instance Methods Abstract Methods Modifier and Type Method Description booleansupports(java.lang.Class<?> clazz)Indicates whether theAccessDecisionVoterimplementation is able to provide access control votes for the indicated secured object type.booleansupports(ConfigAttribute attribute)Indicates whether thisAccessDecisionVoteris able to vote on the passedConfigAttribute.intvote(Authentication authentication, S object, java.util.Collection<ConfigAttribute> attributes)Indicates whether or not access is granted.
 
- 
- 
- 
Field Detail- 
ACCESS_GRANTEDstatic final int ACCESS_GRANTED - See Also:
- Constant Field Values
 
 - 
ACCESS_ABSTAINstatic final int ACCESS_ABSTAIN - See Also:
- Constant Field Values
 
 - 
ACCESS_DENIEDstatic final int ACCESS_DENIED - See Also:
- Constant Field Values
 
 
- 
 - 
Method Detail- 
supportsboolean supports(ConfigAttribute attribute) Indicates whether thisAccessDecisionVoteris able to vote on the passedConfigAttribute.This allows the AbstractSecurityInterceptorto check every configuration attribute can be consumed by the configuredAccessDecisionManagerand/orRunAsManagerand/orAfterInvocationManager.- Parameters:
- attribute- a configuration attribute that has been configured against the- AbstractSecurityInterceptor
- Returns:
- true if this AccessDecisionVotercan support the passed configuration attribute
 
 - 
supportsboolean supports(java.lang.Class<?> clazz) Indicates whether theAccessDecisionVoterimplementation is able to provide access control votes for the indicated secured object type.- Parameters:
- clazz- the class that is being queried
- Returns:
- true if the implementation can process the indicated class
 
 - 
voteint vote(Authentication authentication, S object, java.util.Collection<ConfigAttribute> attributes) Indicates whether or not access is granted.The decision must be affirmative ( ACCESS_GRANTED), negative (ACCESS_DENIED) or theAccessDecisionVotercan abstain (ACCESS_ABSTAIN) from voting. Under no circumstances should implementing classes return any other value. If a weighting of results is desired, this should be handled in a customAccessDecisionManagerinstead.Unless an AccessDecisionVoteris specifically intended to vote on an access control decision due to a passed method invocation or configuration attribute parameter, it must returnACCESS_ABSTAIN. This prevents the coordinatingAccessDecisionManagerfrom counting votes from thoseAccessDecisionVoters without a legitimate interest in the access control decision.Whilst the secured object (such as a MethodInvocation) is passed as a parameter to maximise flexibility in making access control decisions, implementing classes should not modify it or cause the represented invocation to take place (for example, by callingMethodInvocation.proceed()).- Parameters:
- authentication- the caller making the invocation
- object- the secured object being invoked
- attributes- the configuration attributes associated with the secured object
- Returns:
- either ACCESS_GRANTED,ACCESS_ABSTAINorACCESS_DENIED
 
 
- 
 
-