• Home
• org.springframework.security
• spring-security-core
• 5.4.6
• source code
• RoleVoter.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.springframework.security.access.vote.RoleVoter Maven / Gradle / Ivy

/*
 * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.security.access.vote;

import java.util.Collection;

import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/**
 * Votes if any {@link ConfigAttribute#getAttribute()} starts with a prefix indicating
 * that it is a role. The default prefix string is ROLE_, but this may be
 * overridden to any value. It may also be set to empty, which means that essentially any
 * attribute will be voted on. As described further below, the effect of an empty prefix
 * may not be quite desirable.
 * 

 * Abstains from voting if no configuration attribute commences with the role prefix.
 * Votes to grant access if there is an exact matching
 * {@link org.springframework.security.core.GrantedAuthority} to a
 * ConfigAttribute starting with the role prefix. Votes to deny access if
 * there is no exact matching GrantedAuthority to a
 * ConfigAttribute starting with the role prefix.
 * 

 * An empty role prefix means that the voter will vote for every ConfigAttribute. When
 * there are different categories of ConfigAttributes used, this will not be optimal since
 * the voter will be voting for attributes which do not represent roles. However, this
 * option may be of some use when using pre-existing role names without a prefix, and no
 * ability exists to prefix them with a role prefix on reading them in, such as provided
 * for example in {@link org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl}.
 * 

 * All comparisons and prefixes are case sensitive.
 *
 * @author Ben Alex
 * @author colin sampaleanu
 */
public class RoleVoter implements AccessDecisionVoter