org.springframework.security.oauth2.provider.vote.ScopeVoter
|
||||||||||
| 上一个类 下一个类 | 框架 无框架 | |||||||||
| 摘要: 嵌套 | 字段 | 构造方法 | 方法 | 详细信息: 字段 | 构造方法 | 方法 | |||||||||
java.lang.Object
public class ScopeVoter
Votes if any ConfigAttribute.getAttribute() starts with a prefix indicating that it is an OAuth2 scope. The
default prefix string is SCOPE_, but this may be overridden to any value. Can also be used to deny
access to an OAuth2 client by explicitly specifying an attribute value DENY_OAUTH. Typically you would
want to explicitly deny access to all non-public resources that are not part of any scope.
Abstains from voting if no configuration attribute commences with the scope prefix, or if the current
Authentication is not a OAuth2Authentication or the current client authentication is not a
AuthorizationRequest (which contains the scope data). Votes to grant access if there is an exact matching
authorized scope to a ConfigAttribute starting with the scope
prefix. Votes to deny access if there is no exact matching authorized scope to a ConfigAttribute
starting with the scope prefix.
All comparisons and prefixes are case insensitive so you can use (e.g.) SCOPE_READ for simple
Facebook-like scope names that might be lower case in the resource definition, or
scope=http://my.company.com/scopes/read/ (scopePrefix="scope=") for Google-like URI scope
names.
| 字段摘要 |
|---|
| 从接口 org.springframework.security.access.AccessDecisionVoter 继承的字段 |
|---|
ACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED |
| 构造方法摘要 | |
|---|---|
ScopeVoter()
|
|
| 方法摘要 | |
|---|---|
void |
setDenyAccess(String denyAccess)
The name of the config attribute that can be used to deny access to OAuth2 client. |
void |
setScopePrefix(String scopePrefix)
Allows the default role prefix of SCOPE_ to be overridden. |
void |
setThrowException(boolean throwException)
Flag to determine the behaviour on access denied. |
boolean |
supports(Class<?> clazz)
This implementation supports any type of class, because it does not query the presented secure object. |
boolean |
supports(org.springframework.security.access.ConfigAttribute attribute)
|
int |
vote(org.springframework.security.core.Authentication authentication,
Object object,
Collection<org.springframework.security.access.ConfigAttribute> attributes)
|
| 从类 java.lang.Object 继承的方法 |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| 构造方法详细信息 |
|---|
public ScopeVoter()
| 方法详细信息 |
|---|
public void setThrowException(boolean throwException)
InsufficientScopeException
instead of returning AccessDecisionVoter.ACCESS_DENIED. This is unconventional for an access decision
voter because it vetos the other voters in the chain, but it enables us to pass a message to the caller with
information about the required scope.
throwException - the flag to set (default true)public void setScopePrefix(String scopePrefix)
SCOPE_ to be overridden. May be set to an empty value, although
this is usually not desirable.
scopePrefix - the new prefixpublic void setDenyAccess(String denyAccess)
DENY_OAUTH.
denyAccess - the deny access attribute value to setpublic boolean supports(org.springframework.security.access.ConfigAttribute attribute)
org.springframework.security.access.AccessDecisionVoter<Object> 中的 supportspublic boolean supports(Class<?> clazz)
org.springframework.security.access.AccessDecisionVoter<Object> 中的 supportsclazz - the secure object
true
public int vote(org.springframework.security.core.Authentication authentication,
Object object,
Collection<org.springframework.security.access.ConfigAttribute> attributes)
org.springframework.security.access.AccessDecisionVoter<Object> 中的 vote
|
||||||||||
| 上一个类 下一个类 | 框架 无框架 | |||||||||
| 摘要: 嵌套 | 字段 | 构造方法 | 方法 | 详细信息: 字段 | 构造方法 | 方法 | |||||||||