spring security默认访问权限判定源码

public class AffirmativeBased extends AbstractAccessDecisionManager {
	/**
	 * @param authentication 调用方认证信息
	 * @param object 被调用的收保护的对象(方法)
	 * @param configAttributes 对象相关的访问控制配置属性
	 *
	 * @throws AccessDeniedException 拒绝访问时抛出此异常
	 */
	public void decide(Authentication authentication, Object object,
			Collection<ConfigAttribute> configAttributes) throws AccessDeniedException {
		int deny = 0;

		for (AccessDecisionVoter voter : getDecisionVoters()) {
			int result = voter.vote(authentication, object, configAttributes);

			if (logger.isDebugEnabled()) {
				logger.debug("Voter: " + voter + ", returned: " + result);
			}

			switch (result) {
			case AccessDecisionVoter.ACCESS_GRANTED:
				return;

			case AccessDecisionVoter.ACCESS_DENIED:
				deny++;

				break;

			default:
				break;
			}
		}

		if (deny > 0) {
			throw new AccessDeniedException(messages.getMessage(
					"AbstractAccessDecisionManager.accessDenied", "Access is denied"));
		}

		checkAllowIfAllAbstainDecisions();
	}
}