01: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
02: *
03: * Licensed under the Apache License, Version 2.0 (the "License");
04: * you may not use this file except in compliance with the License.
05: * You may obtain a copy of the License at
06: *
07: * http://www.apache.org/licenses/LICENSE-2.0
08: *
09: * Unless required by applicable law or agreed to in writing, software
10: * distributed under the License is distributed on an "AS IS" BASIS,
11: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12: * See the License for the specific language governing permissions and
13: * limitations under the License.
14: */
15:
16: package org.acegisecurity;
17:
18: /**
19: * Makes a final access control (authorization) decision.
20: *
21: * @author Ben Alex
22: * @version $Id: AccessDecisionManager.java 1784 2007-02-24 21:00:24Z luke_t $
23: */
24: public interface AccessDecisionManager {
25: //~ Methods ========================================================================================================
26:
27: /**
28: * Resolves an access control decision for the passed parameters.
29: *
30: * @param authentication the caller invoking the method
31: * @param object the secured object being called
32: * @param config the configuration attributes associated with the secured object being invoked
33: *
34: * @throws AccessDeniedException if access is denied as the authentication does not hold a required authority or
35: * ACL privilege
36: * @throws InsufficientAuthenticationException if access is denied as the authentication does not provide a
37: * sufficient level of trust
38: */
39: void decide(Authentication authentication, Object object,
40: ConfigAttributeDefinition config)
41: throws AccessDeniedException,
42: InsufficientAuthenticationException;
43:
44: /**
45: * Indicates whether this <code>AccessDecisionManager</code> is able to process authorization requests
46: * presented with the passed <code>ConfigAttribute</code>.<p>This allows the
47: * <code>AbstractSecurityInterceptor</code> to check every configuration attribute can be consumed by the
48: * configured <code>AccessDecisionManager</code> and/or <code>RunAsManager</code> and/or
49: * <code>AfterInvocationManager</code>.</p>
50: *
51: * @param attribute a configuration attribute that has been configured against the
52: * <code>AbstractSecurityInterceptor</code>
53: *
54: * @return true if this <code>AccessDecisionManager</code> can support the passed configuration attribute
55: */
56: boolean supports(ConfigAttribute attribute);
57:
58: /**
59: * Indicates whether the <code>AccessDecisionManager</code> implementation is able to provide access
60: * control decisions for the indicated secured object type.
61: *
62: * @param clazz the class that is being queried
63: *
64: * @return <code>true</code> if the implementation can process the indicated class
65: */
66: boolean supports(Class clazz);
67: }
|