|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Objectorg.springframework.security.access.vote.AuthenticatedVoter
public class AuthenticatedVoter
Votes if a ConfigAttribute.getAttribute() of IS_AUTHENTICATED_FULLY or
IS_AUTHENTICATED_REMEMBERED or IS_AUTHENTICATED_ANONYMOUSLY is present. This list is in
order of most strict checking to least strict checking.
The current Authentication will be inspected to determine if the principal has a particular
level of authentication. The "FULLY" authenticated option means the user is authenticated fully (i.e. AuthenticationTrustResolver.isAnonymous(Authentication) is false and AuthenticationTrustResolver.isRememberMe(Authentication) is false). The "REMEMBERED" will grant
access if the principal was either authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY" will
grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.
All comparisons and prefixes are case sensitive.
| Field Summary | |
|---|---|
static String |
IS_AUTHENTICATED_ANONYMOUSLY
|
static String |
IS_AUTHENTICATED_FULLY
|
static String |
IS_AUTHENTICATED_REMEMBERED
|
| Fields inherited from interface org.springframework.security.access.AccessDecisionVoter |
|---|
ACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED |
| Constructor Summary | |
|---|---|
AuthenticatedVoter()
|
|
| Method Summary | |
|---|---|
void |
setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver)
|
boolean |
supports(Class<?> clazz)
This implementation supports any type of class, because it does not query the presented secure object. |
boolean |
supports(ConfigAttribute attribute)
Indicates whether this AccessDecisionVoter is able to vote on the passed
ConfigAttribute. |
int |
vote(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes)
Indicates whether or not access is granted. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
public static final String IS_AUTHENTICATED_FULLY
public static final String IS_AUTHENTICATED_REMEMBERED
public static final String IS_AUTHENTICATED_ANONYMOUSLY
| Constructor Detail |
|---|
public AuthenticatedVoter()
| Method Detail |
|---|
public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver)
public boolean supports(ConfigAttribute attribute)
AccessDecisionVoterAccessDecisionVoter is able to vote on the passed
ConfigAttribute.This allows the AbstractSecurityInterceptor to check every
configuration attribute can be consumed by the configured AccessDecisionManager and/or
RunAsManager and/or AfterInvocationManager.
supports in interface AccessDecisionVoterattribute - a configuration attribute that has been configured against the
AbstractSecurityInterceptor
AccessDecisionVoter can support the passed configuration attributepublic boolean supports(Class<?> clazz)
supports in interface AccessDecisionVoterclazz - the secure object
true
public int vote(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes)
AccessDecisionVoterThe decision must be affirmative (ACCESS_GRANTED), negative (ACCESS_DENIED)
or the AccessDecisionVoter can abstain (ACCESS_ABSTAIN) from voting.
Under no circumstances should implementing classes return any other value. If a weighting of results is desired,
this should be handled in a custom AccessDecisionManager instead.
Unless an AccessDecisionVoter is specifically intended to vote on an access control
decision due to a passed method invocation or configuration attribute parameter, it must return
ACCESS_ABSTAIN. This prevents the coordinating AccessDecisionManager from counting
votes from those AccessDecisionVoters without a legitimate interest in the access control
decision.
Whilst the method invocation is passed as a parameter to maximise flexibility in making access
control decisions, implementing classes must never modify the behaviour of the method invocation (such as
calling MethodInvocation.proceed()).
vote in interface AccessDecisionVoterauthentication - the caller invoking the methodobject - the secured objectattributes - the configuration attributes associated with the method being invoked
AccessDecisionVoter.ACCESS_GRANTED, AccessDecisionVoter.ACCESS_ABSTAIN or AccessDecisionVoter.ACCESS_DENIED
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||