MotechAccessVoter

public class MotechAccessVoter implements AccessDecisionVoter<Object>

A custom AccessDecisionVoter for voting on whether a specific user has access to a particular URL. For example, a security rule can specify that the users motech and admin have access to a particular URL. This loads the metadata source with attributes for ACCESS_motech and ACCESS_admin. When a user invokes that URL, an affirmative based voting system will check whether or not the user is motech or admin. If not, they are denied permission, otherwise they are granted access.

Methods

supports

public boolean supports(ConfigAttribute attribute)

supports

public boolean supports(Class<?> clazz)

vote

public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes)

Checks if given user has access to given URL. If authentication details are not instance of MotechUserProfile or ConfigAttributes are empty then return ACCESS_ABSTAIN. If attribute is supported but User is not allowed then return ACCESS_DENIED, otherwise return ACCESS_GRANTED

Parameters:
  • authentication – to be used for check
  • object – the resource to which the access is being voted on
  • attributes – that contains information about access for users
Returns:

ACCESS_ABSTAIN, ACCESS_DENIED or ACCESS_GRANTED