Voting Decision Manager
1 这里分析下AccessDecisionVoter权限投票器的使用;
spring security提供了三种类型的AccessDecisionManager:
1.1 ConsensusBased
官方解释:The ConsensusBased
implementation will grant or deny access based on the consensus of non-abstain votes. Properties are provided to control behavior in the event of an equality of votes or if all votes are abstain.
基于此策略的权限控制器,会寻求所有投票器取得一致结果,才最终判断授权或拒绝,前提是没有弃权票;可以设置一个属性来控制选票平等或者所有投票器都是弃权的操作;
1.2 AffirmativeBased
官方解释:AffirmativeBased
implementation will grant access if one or more ACCESS_GRANTED
votes were received (i.e. a deny vote will be ignored, provided there was at least one grant vote).Like the ConsensusBased
implementation, there is a parameter that controls the behavior if all voters abstain.
基于此策略的权限控制器,只要有一个或多个赞成票,就会判定具有权限,同时忽略其它的否决票;同样可以设定一个参数来决定所有投票器都是弃权票时,最终的结果。使用如下:
1.3 UnanimousBased
官方解释:The UnanimousBased
provider expects unanimous ACCESS_GRANTED
votes in order to grant access, ignoring abstains. It will deny access if there is any ACCESS_DENIED
vote. Like the other implementations, there is a parameter that controls the behaviour if all voters abstain.
基于此策略的权限控制器,只有所有投票器都是一致赞成票时,最终才会判定授权;只要有一个拒绝票或多个拒绝票时,就不会授权;可以设定一个参数来决定所有投票器都是弃权票时,最终的结果。
1.4 也可以自己扩展定义判定权限策略,比如实现一票否决权等;