AccessDecisionManager xref

View Javadoc

1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity;
17  
18  /***
19   * Makes a final access control (authorization) decision.
20   *
21   * @author Ben Alex
22   * @version $Id: AccessDecisionManager.java,v 1.8 2005/11/17 00:55:49 benalex Exp $
23   */
24  public interface AccessDecisionManager {
25      //~ Methods ================================================================
26  
27      /***
28       * Resolves an access control decision for the passed parameters.
29       *
30       * @param authentication the caller invoking the method
31       * @param object the secured object being called
32       * @param config the configuration attributes associated with the secured
33       *        object being invoked
34       *
35       * @throws AccessDeniedException if access is denied as the authentication
36       *         does not hold a required authority or ACL privilege
37       * @throws InsufficientAuthenticationException if access is denied as the
38       *         authentication does not provide a sufficient level of trust
39       */
40      public void decide(Authentication authentication, Object object,
41          ConfigAttributeDefinition config)
42          throws AccessDeniedException, InsufficientAuthenticationException;
43  
44      /***
45       * Indicates whether this <code>AccessDecisionManager</code> is able to
46       * process authorization requests presented with the passed
47       * <code>ConfigAttribute</code>.
48       * 
49       * <p>
50       * This allows the <code>AbstractSecurityInterceptor</code> to check every
51       * configuration attribute can be consumed by the configured
52       * <code>AccessDecisionManager</code> and/or <code>RunAsManager</code>
53       * and/or <code>AfterInvocationManager</code>.
54       * </p>
55       *
56       * @param attribute a configuration attribute that has been configured
57       *        against the <code>AbstractSecurityInterceptor</code>
58       *
59       * @return true if this <code>AccessDecisionManager</code> can support the
60       *         passed configuration attribute
61       */
62      public boolean supports(ConfigAttribute attribute);
63  
64      /***
65       * Indicates whether the <code>AccessDecisionManager</code> implementation
66       * is able to provide access control decisions for the indicated secured
67       * object type.
68       *
69       * @param clazz the class that is being queried
70       *
71       * @return <code>true</code> if the implementation can process the
72       *         indicated class
73       */
74      public boolean supports(Class clazz);
75  }