org.springframework.security.access.vote.RoleVoter类的使用及代码示例
本文整理了Java中org.springframework.security.access.vote.RoleVoter类的一些代码示例,展示了RoleVoter类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。RoleVoter类的具体详情如下:
包路径:org.springframework.security.access.vote.RoleVoter
类名称:RoleVoter
RoleVoter介绍
[英]Votes if any ConfigAttribute#getAttribute() starts with a prefix indicating that it is a role. The default prefix string is ROLE_, but this may be overridden to any value. It may also be set to empty, which means that essentially any attribute will be voted on. As described further below, the effect of an empty prefix may not be quite desirable.
Abstains from voting if no configuration attribute commences with the role prefix. Votes to grant access if there is an exact matching org.springframework.security.core.GrantedAuthority to a ConfigAttribute starting with the role prefix. Votes to deny access if there is no exact matching GrantedAuthority to a ConfigAttribute starting with the role prefix.
An empty role prefix means that the voter will vote for every ConfigAttribute. When there are different categories of ConfigAttributes used, this will not be optimal since the voter will be voting for attributes which do not represent roles. However, this option may be of some use when using pre-existing role names without a prefix, and no ability exists to prefix them with a role prefix on reading them in, such as provided for example in org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl.
All comparisons and prefixes are case sensitive.
[中]如果任何ConfigAttribute#getAttribute()以前缀开头,表明它是一个角色,则进行投票。默认前缀字符串为ROLE_,但这可能会被覆盖为任何值。它也可能被设置为空,这意味着本质上任何属性都将被投票。如下文进一步所述,空前缀的效果可能不太理想。
如果没有以角色前缀开头的配置属性,则放弃投票。如果存在完全匹配的组织,则投票授予访问权限。springframework。安全果心授予以角色前缀开头的ConfigAttribute的权限。如果GrantedAuthority与以角色前缀开头的ConfigAttribute没有精确匹配,则投票拒绝访问。
空角色前缀意味着投票者将为每个ConfigAttribute投票。当使用不同类别的ConfigAttributes时,这将不是最佳选择,因为投票者将投票选择不代表角色的属性。但是,当使用不带前缀的预先存在的角色名称时,此选项可能会有一些用处,并且在读取它们时,不存在使用角色前缀的能力,例如在org中提供的。springframework。安全果心用户详细信息。jdbc。JdbcDaoImpl。
所有比较和前缀都区分大小写。
代码示例
代码示例来源:origin: spring-projects/spring-security
/**
* Creates the default {@link AccessDecisionVoter} instances used if an
* {@link AccessDecisionManager} was not specified.
*
* @param http the builder to use
*/
@Override
@SuppressWarnings("rawtypes")
final List<AccessDecisionVoter<? extends Object>> getDecisionVoters(H http) {
List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>();
decisionVoters.add(new RoleVoter());
decisionVoters.add(new AuthenticatedVoter());
return decisionVoters;
}代码示例来源:origin: spring-projects/spring-security
private UnanimousBased makeDecisionManagerWithFooBarPrefix() {
RoleVoter roleVoter = new RoleVoter();
roleVoter.setRolePrefix("FOOBAR_");
DenyVoter denyForSureVoter = new DenyVoter();
DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
List<AccessDecisionVoter<? extends Object>> voters = new Vector<AccessDecisionVoter<? extends Object>>();
voters.add(roleVoter);
voters.add(denyForSureVoter);
voters.add(denyAgainForSureVoter);
return new UnanimousBased(voters);
}代码示例来源:origin: spring-projects/spring-security
public boolean supports(ConfigAttribute attribute) {
if ((attribute.getAttribute() != null)
&& attribute.getAttribute().startsWith(getRolePrefix())) {
return true;
}
else {
return false;
}
}代码示例来源:origin: spring-projects/spring-security
public int vote(Authentication authentication, Object object,
Collection<ConfigAttribute> attributes) {
if (authentication == null) {
return ACCESS_DENIED;
}
int result = ACCESS_ABSTAIN;
Collection<? extends GrantedAuthority> authorities = extractAuthorities(authentication);
for (ConfigAttribute attribute : attributes) {
if (this.supports(attribute)) {
result = ACCESS_DENIED;
// Attempt to find a matching granted authority
for (GrantedAuthority authority : authorities) {
if (attribute.getAttribute().equals(authority.getAuthority())) {
return ACCESS_GRANTED;
}
}
}
}
return result;
}代码示例来源:origin: spring-projects/spring-security
@Test
public void testRoleVoterAlwaysReturnsTrueToSupports() {
RoleVoter rv = new RoleVoter();
assertThat(rv.supports(String.class)).isTrue();
}代码示例来源:origin: spring-projects/spring-security
@Test
public void nullAuthenticationDenies() {
RoleVoter voter = new RoleVoter();
voter.setRolePrefix("");
Authentication notAuthenitcated = null;
assertThat(voter.vote(notAuthenitcated, this, SecurityConfig.createList("A"))).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
}
}代码示例来源:origin: spring-projects/spring-security
public RoleVoter getBean() {
voter.setRolePrefix(this.rolePrefix);
return voter;
}
}代码示例来源:origin: org.springframework.boot/spring-boot-actuator
@Override
public boolean isUserInRole(String role) {
if (!role.startsWith(this.roleVoter.getRolePrefix())) {
role = this.roleVoter.getRolePrefix() + role;
}
return this.roleVoter.vote(this.authentication, null,
Collections.singletonList(new SecurityConfig(
role))) == AccessDecisionVoter.ACCESS_GRANTED;
}代码示例来源:origin: codeabovelab/haven-platform
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
for (GrantedAuthority authority : authentication.getAuthorities()) {
if (authority.getAuthority().equals(Authorities.ADMIN_ROLE)) {
return ACCESS_GRANTED;
}
}
return super.vote(authentication, object, attributes);
}
}代码示例来源:origin: spring-projects/spring-security
@Test
public void oneMatchingAttributeGrantsAccess() {
RoleVoter voter = new RoleVoter();
voter.setRolePrefix("");
Authentication userAB = new TestingAuthenticationToken("user", "pass", "A", "B");
// Vote on attribute list that has two attributes A and C (i.e. only one matching)
assertThat(voter.vote(userAB, this, SecurityConfig.createList("A", "C"))).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
}代码示例来源:origin: org.springframework.security/spring-security-core
public int vote(Authentication authentication, Object object,
Collection<ConfigAttribute> attributes) {
if (authentication == null) {
return ACCESS_DENIED;
}
int result = ACCESS_ABSTAIN;
Collection<? extends GrantedAuthority> authorities = extractAuthorities(authentication);
for (ConfigAttribute attribute : attributes) {
if (this.supports(attribute)) {
result = ACCESS_DENIED;
// Attempt to find a matching granted authority
for (GrantedAuthority authority : authorities) {
if (attribute.getAttribute().equals(authority.getAuthority())) {
return ACCESS_GRANTED;
}
}
}
}
return result;
}代码示例来源:origin: org.springframework.security/spring-security-config
public RoleVoter getBean() {
voter.setRolePrefix(this.rolePrefix);
return voter;
}
}代码示例来源:origin: org.duracloud/security
/**
* This method is a pass-through for Spring-RoleVoter.
*
* @param authentication principal seeking AuthZ
* @param resource that is under protection
* @param config access-attributes defined on resource
* @return vote (AccessDecisionVoter.ACCESS_GRANTED, ACCESS_DENIED, ACCESS_ABSTAIN)
*/
@Override
public int vote(Authentication authentication,
Object resource,
Collection<ConfigAttribute> config) {
int decision = super.vote(authentication, resource, config);
log.debug(VoterUtil.debugText("RoleVoterImpl",
authentication,
config,
resource,
decision));
return decision;
}代码示例来源:origin: spring-projects/spring-security
private UnanimousBased makeDecisionManager() {
RoleVoter roleVoter = new RoleVoter();
DenyVoter denyForSureVoter = new DenyVoter();
DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
List<AccessDecisionVoter<? extends Object>> voters = new Vector<AccessDecisionVoter<? extends Object>>();
voters.add(roleVoter);
voters.add(denyForSureVoter);
voters.add(denyAgainForSureVoter);
return new UnanimousBased(voters);
}代码示例来源:origin: spring-projects/spring-security
decisionVoters.add(new Jsr250Voter());
RoleVoter roleVoter = new RoleVoter();
GrantedAuthorityDefaults grantedAuthorityDefaults =
getSingleBeanOrNull(GrantedAuthorityDefaults.class);
if (grantedAuthorityDefaults != null) {
roleVoter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix());代码示例来源:origin: org.springframework.security/org.springframework.security.core
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
int result = ACCESS_ABSTAIN;
Collection<? extends GrantedAuthority> authorities = extractAuthorities(authentication);
for (ConfigAttribute attribute : attributes) {
if (this.supports(attribute)) {
result = ACCESS_DENIED;
// Attempt to find a matching granted authority
for (GrantedAuthority authority : authorities) {
if (attribute.getAttribute().equals(authority.getAuthority())) {
return ACCESS_GRANTED;
}
}
}
}
return result;
}代码示例来源:origin: apache/servicemix-bundles
public RoleVoter getBean() {
voter.setRolePrefix(this.rolePrefix);
return voter;
}
}代码示例来源:origin: org.springframework.security/spring-security-core
public boolean supports(ConfigAttribute attribute) {
if ((attribute.getAttribute() != null)
&& attribute.getAttribute().startsWith(getRolePrefix())) {
return true;
}
else {
return false;
}
}代码示例来源:origin: spring-projects/spring-security
private ConsensusBased makeDecisionManager() {
RoleVoter roleVoter = new RoleVoter();
DenyVoter denyForSureVoter = new DenyVoter();
DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
List<AccessDecisionVoter<? extends Object>> voters = new Vector<AccessDecisionVoter<? extends Object>>();
voters.add(roleVoter);
voters.add(denyForSureVoter);
voters.add(denyAgainForSureVoter);
return new ConsensusBased(voters);
}代码示例来源:origin: geoserver/geoserver
RoleVoter roleVoter = new RoleVoter();
roleVoter.setRolePrefix("");
voters.add(roleVoter);
voters.add(new AuthenticatedVoter());内容来源于网络,如有侵权,请联系作者删除!
