spring security voter

Voting Decision Manager

1 这里分析下AccessDecisionVoter权限投票器的使用；

spring security提供了三种类型的AccessDecisionManager：

1.1 ConsensusBased

官方解释：The ConsensusBased implementation will grant or deny access based on the consensus of non-abstain votes. Properties are provided to control behavior in the event of an equality of votes or if all votes are abstain.

基于此策略的权限控制器，会寻求所有投票器取得一致结果，才最终判断授权或拒绝，前提是没有弃权票；可以设置一个属性来控制选票平等或者所有投票器都是弃权的操作；

1.2 AffirmativeBased

官方解释：AffirmativeBased implementation will grant access if one or more ACCESS_GRANTED votes were received (i.e. a deny vote will be ignored, provided there was at least one grant vote).Like the ConsensusBased implementation, there is a parameter that controls the behavior if all voters abstain.

基于此策略的权限控制器，只要有一个或多个赞成票，就会判定具有权限，同时忽略其它的否决票；同样可以设定一个参数来决定所有投票器都是弃权票时，最终的结果。使用如下：

1.3 UnanimousBased

官方解释：The UnanimousBased provider expects unanimous ACCESS_GRANTED votes in order to grant access, ignoring abstains. It will deny access if there is any ACCESS_DENIED vote. Like the other implementations, there is a parameter that controls the behaviour if all voters abstain.

基于此策略的权限控制器，只有所有投票器都是一致赞成票时，最终才会判定授权；只要有一个拒绝票或多个拒绝票时，就不会授权；可以设定一个参数来决定所有投票器都是弃权票时，最终的结果。

1.4 也可以自己扩展定义判定权限策略，比如实现一票否决权等；