Interface AccessDecisionManager
- All Known Implementing Classes:
AbstractAccessDecisionManager
,AffirmativeBased
,ConsensusBased
,UnanimousBased
public interface AccessDecisionManager
Makes a final access control (authorization) decision.
-
Method Summary
Modifier and TypeMethodDescriptionvoid
decide
(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) Resolves an access control decision for the passed parameters.boolean
Indicates whether theAccessDecisionManager
implementation is able to provide access control decisions for the indicated secured object type.boolean
supports
(ConfigAttribute attribute) Indicates whether thisAccessDecisionManager
is able to process authorization requests presented with the passedConfigAttribute
.
-
Method Details
-
decide
void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException Resolves an access control decision for the passed parameters.- Parameters:
authentication
- the caller invoking the method (not null)object
- the secured object being calledconfigAttributes
- the configuration attributes associated with the secured object being invoked- Throws:
AccessDeniedException
- if access is denied as the authentication does not hold a required authority or ACL privilegeInsufficientAuthenticationException
- if access is denied as the authentication does not provide a sufficient level of trust
-
supports
Indicates whether thisAccessDecisionManager
is able to process authorization requests presented with the passedConfigAttribute
.This allows the
AbstractSecurityInterceptor
to check every configuration attribute can be consumed by the configuredAccessDecisionManager
and/orRunAsManager
and/orAfterInvocationManager
.- Parameters:
attribute
- a configuration attribute that has been configured against theAbstractSecurityInterceptor
- Returns:
- true if this
AccessDecisionManager
can support the passed configuration attribute
-
supports
Indicates whether theAccessDecisionManager
implementation is able to provide access control decisions for the indicated secured object type.- Parameters:
clazz
- the class that is being queried- Returns:
true
if the implementation can process the indicated class
-