java.lang.Object
io.helidon.security.abac.scope.ScopeValidator
- All Implemented Interfaces:
AbacValidator<ScopeValidator.ScopesConfig>
public final class ScopeValidator
extends Object
implements AbacValidator<ScopeValidator.ScopesConfig>
ABAC validator for OAuth2 scopes.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final classA fluent API builder forScopeValidator.static @interfaceScope annotation.static @interfaceRepeatable annotation forScopeValidator.Scope.static final classConfiguration custom class for scope validator. -
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionstatic ScopeValidator.Builderbuilder()Create a fluent API builder.Class of the configuration type.Key of a configuration entry that maps to this validator's configuration.static ScopeValidatorcreate()Create an instance of scope validator with default configuration.static ScopeValidatorCreate a new validator instance from configuration.fromAnnotations(EndpointConfig endpointConfig) Load configuration class instance from annotations this validator expects.fromConfig(Config config) Load configuration class instance fromConfig.Collection<Class<? extends Annotation>> Provide extension annotations supported by this validator (e.g.voidvalidate(ScopeValidator.ScopesConfig config, Errors.Collector collector, ProviderRequest request) Validate that the configuration provided would grant access to the resource.
-
Field Details
-
SCOPE_GRANT_TYPE
Use this type when constructing aGrant, so this validator can accept it as a scope.- See Also:
-
-
Method Details
-
builder
Create a fluent API builder.- Returns:
- a new builder instance
-
create
Create an instance of scope validator with default configuration.- Returns:
- scope validator that uses "AND" operator for required scopes
-
create
Create a new validator instance from configuration.- Parameters:
config- configuration on the key of this provider- Returns:
- scope validator instance
-
configClass
Description copied from interface:AbacValidatorClass of the configuration type.- Specified by:
configClassin interfaceAbacValidator<ScopeValidator.ScopesConfig>- Returns:
- class of the type
-
supportedAnnotations
Description copied from interface:AbacValidatorProvide extension annotations supported by this validator (e.g.RolesAllowed). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected. The annotations will be transformed to configuration byAbacValidator.fromAnnotations(EndpointConfig).- Specified by:
supportedAnnotationsin interfaceAbacValidator<ScopeValidator.ScopesConfig>- Returns:
- Collection of annotations this provider expects.
-
configKey
Description copied from interface:AbacValidatorKey of a configuration entry that maps to this validator's configuration.- Specified by:
configKeyin interfaceAbacValidator<ScopeValidator.ScopesConfig>- Returns:
- key in a config
Config
-
fromConfig
Description copied from interface:AbacValidatorLoad configuration class instance fromConfig.- Specified by:
fromConfigin interfaceAbacValidator<ScopeValidator.ScopesConfig>- Parameters:
config- configuration located on the key this validator expects inAbacValidator.configKey()- Returns:
- instance of configuration class
-
fromAnnotations
Description copied from interface:AbacValidatorLoad configuration class instance from annotations this validator expects.- Specified by:
fromAnnotationsin interfaceAbacValidator<ScopeValidator.ScopesConfig>- Parameters:
endpointConfig- endpoint config- Returns:
- instance of configuration class
-
validate
public void validate(ScopeValidator.ScopesConfig config, Errors.Collector collector, ProviderRequest request) Description copied from interface:AbacValidatorValidate that the configuration provided would grant access to the resource. Update collector with errors, if access should be denied usingErrors.Collector.fatal(Object, String).- Specified by:
validatein interfaceAbacValidator<ScopeValidator.ScopesConfig>- Parameters:
config- configuration of this validatorcollector- error collector to gather issues with this request (e.g. "service not in role ABC")request- ABAC context containing subject(s), object(s) and environment
-