All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.acegisecurity.vote.AccessDecisionVoter Maven / Gradle / Ivy

There is a newer version: 1.0.7
Show newest version
/* Copyright 2004 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.acegisecurity.vote;

import org.acegisecurity.Authentication;
import org.acegisecurity.ConfigAttribute;
import org.acegisecurity.ConfigAttributeDefinition;


/**
 * Indicates a class is responsible for voting on authorization decisions.
 * 
 * 

* The coordination of voting (ie polling AccessDecisionVoters, * tallying their responses, and making the final authorization decision) is * performed by an {@link org.acegisecurity.AccessDecisionManager}. *

* * @author Ben Alex * @version $Id: AccessDecisionVoter.java,v 1.5 2005/11/17 00:55:47 benalex Exp $ */ public interface AccessDecisionVoter { //~ Static fields/initializers ============================================= public static final int ACCESS_GRANTED = 1; public static final int ACCESS_ABSTAIN = 0; public static final int ACCESS_DENIED = -1; //~ Methods ================================================================ /** * Indicates whether this AccessDecisionVoter is able to vote * on the passed ConfigAttribute. * *

* This allows the AbstractSecurityInterceptor to check every * configuration attribute can be consumed by the configured * AccessDecisionManager and/or RunAsManager * and/or AccessDecisionManager. *

* * @param attribute a configuration attribute that has been configured * against the AbstractSecurityInterceptor * * @return true if this AccessDecisionVoter can support the * passed configuration attribute */ public boolean supports(ConfigAttribute attribute); /** * Indicates whether the AccessDecisionVoter implementation is * able to provide access control votes for the indicated secured object * type. * * @param clazz the class that is being queried * * @return true if the implementation can process the indicated class */ public boolean supports(Class clazz); /** * Indicates whether or not access is granted. * *

* The decision must be affirmative (ACCESS_GRANTED), negative * (ACCESS_DENIED) or the AccessDecisionVoter * can abstain (ACCESS_ABSTAIN) from voting. Under no * circumstances should implementing classes return any other value. If a * weighting of results is desired, this should be handled in a custom * {@link org.acegisecurity.AccessDecisionManager} instead. *

* *

* Unless an AccessDecisionVoter is specifically intended to * vote on an access control decision due to a passed method invocation or * configuration attribute parameter, it must return * ACCESS_ABSTAIN. This prevents the coordinating * AccessDecisionManager from counting votes from those * AccessDecisionVoters without a legitimate interest in the * access control decision. *

* *

* Whilst the method invocation is passed as a parameter to maximise * flexibility in making access control decisions, implementing classes * must never modify the behaviour of the method invocation (such as * calling MethodInvocation.proceed()). *

* * @param authentication the caller invoking the method * @param object the secured object * @param config the configuration attributes associated with the method * being invoked * * @return either {@link #ACCESS_GRANTED}, {@link #ACCESS_ABSTAIN} or * {@link #ACCESS_DENIED} */ public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config); }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy