Overview  Package   Class  Use  Deprecated  Index
Home >> All >> org >> acegisecurity >> [ vote overview ]	PREV CLASS  NEXT CLASS
SUMMARY:  JAVADOC |  SOURCE |  DOWNLOAD | NESTED | FIELD | CONSTR | METHOD	DETAIL: FIELD | CONSTR | METHOD

---

org.acegisecurity.vote
Class RoleVoter  

java.lang.Object
  org.acegisecurity.vote.RoleVoter

All Implemented Interfaces:

AccessDecisionVoter

---

public class RoleVoter

extends java.lang.Object

implements AccessDecisionVoter

Votes if any ConfigAttribute#getAttribute() starts with a prefix indicating that it is a role. The default prefix string is ROLE_, but this may be overriden to any value. It may also be set to empty, which means that essentially any attribute will be voted on. As described further below, the effect of an empty prefix may not be quite desireable.

Abstains from voting if no configuration attribute commences with the role prefix. Votes to grant access if there is an exact matching org.acegisecurity.GrantedAuthority to a ConfigAttribute starting with the role prefix. Votes to deny access if there is no exact matching GrantedAuthority to a ConfigAttribute starting with the role prefix.

An empty role prefix means that the voter will vote for every ConfigAttribute. When there are different categories of ConfigAttributes used, this will not be optimal since the voter will be voting for attributes which do not represent roles. However, this option may be of some use when using preexisting role names without a prefix, and no ability exists to prefix them with a role prefix on reading them in, such as provided for example in org.acegisecurity.userdetails.jdbc.JdbcDaoImpl.

All comparisons and prefixes are case sensitive.

Version:

$Id: RoleVoter.java,v 1.6 2005/11/29 13:10:15 benalex Exp $

---

Field Summary
private  java.lang.String	rolePrefix

 

Fields inherited from interface org.acegisecurity.vote.AccessDecisionVoter

ACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED

 

Constructor Summary

RoleVoter()

 

Method Summary
java.lang.String	getRolePrefix()
void	setRolePrefix(java.lang.String rolePrefix)           Allows the default role prefix of ROLE_ to be overriden.
boolean	supports(ConfigAttribute attribute)           Indicates whether this AccessDecisionVoter is able to vote on the passed ConfigAttribute.
int	vote(org.acegisecurity.Authentication authentication, java.lang.Object object, ConfigAttributeDefinition config)           Indicates whether or not access is granted.

 

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Field Detail

rolePrefix

private java.lang.String rolePrefix

Constructor Detail

RoleVoter

public RoleVoter()

Method Detail

setRolePrefix

public void setRolePrefix(java.lang.String rolePrefix)

Allows the default role prefix of ROLE_ to be overriden. May be set to an empty value, although this is usually not desireable.

---

getRolePrefix

public java.lang.String getRolePrefix()

---

supports

public boolean supports(ConfigAttribute attribute)

Description copied from interface: AccessDecisionVoter

Indicates whether this AccessDecisionVoter is able to vote on the passed ConfigAttribute.

This allows the AbstractSecurityInterceptor to check every configuration attribute can be consumed by the configured AccessDecisionManager and/or RunAsManager and/or AccessDecisionManager.

Specified by:

supports in interface AccessDecisionVoter

---

vote

public int vote(org.acegisecurity.Authentication authentication,
                java.lang.Object object,
                ConfigAttributeDefinition config)

Description copied from interface: AccessDecisionVoter

Indicates whether or not access is granted.

The decision must be affirmative (ACCESS_GRANTED), negative (ACCESS_DENIED) or the AccessDecisionVoter can abstain (ACCESS_ABSTAIN) from voting. Under no circumstances should implementing classes return any other value. If a weighting of results is desired, this should be handled in a custom org.acegisecurity.AccessDecisionManager instead.

Unless an AccessDecisionVoter is specifically intended to vote on an access control decision due to a passed method invocation or configuration attribute parameter, it must return ACCESS_ABSTAIN. This prevents the coordinating AccessDecisionManager from counting votes from those AccessDecisionVoters without a legitimate interest in the access control decision.

Whilst the method invocation is passed as a parameter to maximise flexibility in making access control decisions, implementing classes must never modify the behaviour of the method invocation (such as calling MethodInvocation.proceed()).

Specified by:

vote in interface AccessDecisionVoter

---

Overview  Package   Class  Use  Deprecated  Index
Home >> All >> org >> acegisecurity >> [ vote overview ]	PREV CLASS  NEXT CLASS
SUMMARY:  JAVADOC |  SOURCE |  DOWNLOAD | NESTED | FIELD | CONSTR | METHOD	DETAIL: FIELD | CONSTR | METHOD

---