Search in sources :

Example 1 with AuthenticatedVoter

use of org.springframework.security.access.vote.AuthenticatedVoter in project spring-security by spring-projects.

the class UrlAuthorizationConfigurer method getDecisionVoters.

/**
	 * Creates the default {@link AccessDecisionVoter} instances used if an
	 * {@link AccessDecisionManager} was not specified.
	 *
	 * @param http the builder to use
	 */
@Override
@SuppressWarnings("rawtypes")
final List<AccessDecisionVoter<? extends Object>> getDecisionVoters(H http) {
    List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>();
    decisionVoters.add(new RoleVoter());
    decisionVoters.add(new AuthenticatedVoter());
    return decisionVoters;
}
Also used : AuthenticatedVoter(org.springframework.security.access.vote.AuthenticatedVoter) ArrayList(java.util.ArrayList) RoleVoter(org.springframework.security.access.vote.RoleVoter) AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter)

Example 2 with AuthenticatedVoter

use of org.springframework.security.access.vote.AuthenticatedVoter in project spring-security by spring-projects.

the class GlobalMethodSecurityConfiguration method accessDecisionManager.

/**
	 * Allows subclasses to provide a custom {@link AccessDecisionManager}. The default is
	 * a {@link AffirmativeBased} with the following voters:
	 *
	 * <ul>
	 * <li>{@link PreInvocationAuthorizationAdviceVoter}</li>
	 * <li>{@link RoleVoter}</li>
	 * <li>{@link AuthenticatedVoter}</li>
	 * </ul>
	 *
	 * @return
	 */
protected AccessDecisionManager accessDecisionManager() {
    List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>();
    ExpressionBasedPreInvocationAdvice expressionAdvice = new ExpressionBasedPreInvocationAdvice();
    expressionAdvice.setExpressionHandler(getExpressionHandler());
    if (prePostEnabled()) {
        decisionVoters.add(new PreInvocationAuthorizationAdviceVoter(expressionAdvice));
    }
    if (jsr250Enabled()) {
        decisionVoters.add(new Jsr250Voter());
    }
    decisionVoters.add(new RoleVoter());
    decisionVoters.add(new AuthenticatedVoter());
    return new AffirmativeBased(decisionVoters);
}
Also used : AuthenticatedVoter(org.springframework.security.access.vote.AuthenticatedVoter) Jsr250Voter(org.springframework.security.access.annotation.Jsr250Voter) AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased) ArrayList(java.util.ArrayList) RoleVoter(org.springframework.security.access.vote.RoleVoter) AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter) ExpressionBasedPreInvocationAdvice(org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice) PreInvocationAuthorizationAdviceVoter(org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter)

Aggregations

ArrayList (java.util.ArrayList)2 AccessDecisionVoter (org.springframework.security.access.AccessDecisionVoter)2 AuthenticatedVoter (org.springframework.security.access.vote.AuthenticatedVoter)2 RoleVoter (org.springframework.security.access.vote.RoleVoter)2 Jsr250Voter (org.springframework.security.access.annotation.Jsr250Voter)1 ExpressionBasedPreInvocationAdvice (org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice)1 PreInvocationAuthorizationAdviceVoter (org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter)1 AffirmativeBased (org.springframework.security.access.vote.AffirmativeBased)1