AccessDecisionVoter

Overview

Package

Class

Use

Deprecated

Index

Home >> All >> org >> acegisecurity >> [ vote overview ]

PREV CLASS NEXT CLASS

SUMMARY:

JAVADOC |

Sourc code of org.acegisecurity.vote.AccessDecisionVoter

SOURCE |

Download org.acegisecurity.vote.AccessDecisionVoter

DOWNLOAD | NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.vote
Interface AccessDecisionVoter

All Known Implementing Classes:: AbstractAclVoter, AuthenticatedVoter, RoleVoter

public interface AccessDecisionVoter

Indicates a class is responsible for voting on authorization decisions.

The coordination of voting (ie polling AccessDecisionVoters, tallying their responses, and making the final authorization decision) is performed by an org.acegisecurity.AccessDecisionManager.

Version:: $Id: AccessDecisionVoter.java,v 1.5 2005/11/17 00:55:47 benalex Exp $

Field Summary

static int ACCESS_ABSTAIN


static int ACCESS_DENIED


static int ACCESS_GRANTED


Method Summary

boolean supports(ConfigAttribute attribute)
          Indicates whether this AccessDecisionVoter is able to vote on the passed ConfigAttribute.

int vote(org.acegisecurity.Authentication authentication, java.lang.Object object, ConfigAttributeDefinition config)
          Indicates whether or not access is granted.

Field Detail

ACCESS_GRANTED

public static final int ACCESS_GRANTED

See Also:: Constant Field Values

ACCESS_ABSTAIN

public static final int ACCESS_ABSTAIN

See Also:: Constant Field Values

ACCESS_DENIED

public static final int ACCESS_DENIED

See Also:: Constant Field Values

Method Detail

supports

public boolean supports(ConfigAttribute attribute)

Indicates whether this AccessDecisionVoter is able to vote on the passed ConfigAttribute.

This allows the AbstractSecurityInterceptor to check every configuration attribute can be consumed by the configured AccessDecisionManager and/or RunAsManager and/or AccessDecisionManager.

vote

public int vote(org.acegisecurity.Authentication authentication,
                java.lang.Object object,
                ConfigAttributeDefinition config)

Indicates whether or not access is granted.

The decision must be affirmative (ACCESS_GRANTED), negative (ACCESS_DENIED) or the AccessDecisionVoter can abstain (ACCESS_ABSTAIN) from voting. Under no circumstances should implementing classes return any other value. If a weighting of results is desired, this should be handled in a custom org.acegisecurity.AccessDecisionManager instead.

Unless an AccessDecisionVoter is specifically intended to vote on an access control decision due to a passed method invocation or configuration attribute parameter, it must return ACCESS_ABSTAIN. This prevents the coordinating AccessDecisionManager from counting votes from those AccessDecisionVoters without a legitimate interest in the access control decision.

Whilst the method invocation is passed as a parameter to maximise flexibility in making access control decisions, implementing classes must never modify the behaviour of the method invocation (such as calling MethodInvocation.proceed()).