Package io.helidon.security.abac.policy
Class PolicyValidator
java.lang.Object
io.helidon.security.abac.policy.PolicyValidator
- All Implemented Interfaces:
AbacValidator<PolicyValidator.PolicyConfig>
public final class PolicyValidator
extends Object
implements AbacValidator<PolicyValidator.PolicyConfig>
Abac validator based on a
PolicyValidator.PolicyStatement. The statement itself is not resolved by this validator
and is delegated to another module implementing the PolicyExecutor obtained through a PolicyExecutorService
java service.
Implementations provided by Helidon security:
- Java EE expression language support, artifact id: "helidon-security-abac-policy-el"
@PolicyStatement("${env.time.year >= 2017 && object.owner == subject.principal.id}")-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final classA fluent API builder forPolicyValidator.static final classConfiguration of policy validator - a statement and whether to inherit value from parents.static @interfaceAnnotate resource classes, methods, application etc. -
Method Summary
Modifier and TypeMethodDescriptionstatic PolicyValidator.Builderbuilder()Creates a fluent API builder to build new instances of this class.Class of the configuration type.Key of a configuration entry that maps to this validator's configuration.static PolicyValidatorDeprecated, for removal: This API element is subject to removal in a future version.static PolicyValidatorCreate an instance from configuration.fromAnnotations(EndpointConfig endpointConfig) Load configuration class instance from annotations this validator expects.fromConfig(Config config) Load configuration class instance from configuration.Collection<Class<? extends Annotation>> Provide extension annotations supported by this validator (e.g.voidvalidate(PolicyValidator.PolicyConfig config, Errors.Collector collector, ProviderRequest request) Validate that the configuration provided would grant access to the resource.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface io.helidon.security.providers.abac.spi.AbacValidator
fromConfig
-
Method Details
-
builder
Creates a fluent API builder to build new instances of this class.- Returns:
- a new builder instance
-
create
Deprecated, for removal: This API element is subject to removal in a future version.usecreate(io.helidon.config.Config)insteadCreate an instance from configuration.- Parameters:
config- configuration to load this class from- Returns:
- a new instance from config
-
create
Create an instance from configuration. Example:# configuration of this validator (current key in config passed to this instance) policy-validator: # explicit validators - only needed if not implementing service interface
PolicyExecutorServicevalidators: - class: "io.helidon.security.abac.policy.DefaultPolicyValidator" - class: "..." # configuration of a policy executor - provide this name throughPolicyExecutorService.configKey()my-custom-policy-engine: some-key: "some value" another-key: "another value"- Parameters:
config- configuration to load this class from- Returns:
- a new instance from config
-
supportedAnnotations
Description copied from interface:AbacValidatorProvide extension annotations supported by this validator (e.g.RolesAllowed). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected. The annotations will be transformed to configuration byAbacValidator.fromAnnotations(EndpointConfig).- Specified by:
supportedAnnotationsin interfaceAbacValidator<PolicyValidator.PolicyConfig>- Returns:
- Collection of annotations this provider expects.
-
configClass
Description copied from interface:AbacValidatorClass of the configuration type.- Specified by:
configClassin interfaceAbacValidator<PolicyValidator.PolicyConfig>- Returns:
- class of the type
-
configKey
Description copied from interface:AbacValidatorKey of a configuration entry that maps to this validator's configuration.- Specified by:
configKeyin interfaceAbacValidator<PolicyValidator.PolicyConfig>- Returns:
- key in a config
Config
-
fromConfig
Description copied from interface:AbacValidatorLoad configuration class instance from configuration.API Note: the default method implementation is provided for backward compatibility and will be removed in the next major version
- Specified by:
fromConfigin interfaceAbacValidator<PolicyValidator.PolicyConfig>- Parameters:
config- configuration located on the key this validator expects inAbacValidator.configKey()- Returns:
- instance of configuration class
-
fromAnnotations
Description copied from interface:AbacValidatorLoad configuration class instance from annotations this validator expects.- Specified by:
fromAnnotationsin interfaceAbacValidator<PolicyValidator.PolicyConfig>- Parameters:
endpointConfig- endpoint config- Returns:
- instance of configuration class
-
validate
public void validate(PolicyValidator.PolicyConfig config, Errors.Collector collector, ProviderRequest request) Description copied from interface:AbacValidatorValidate that the configuration provided would grant access to the resource. Update collector with errors, if access should be denied usingErrors.Collector.fatal(Object, String).- Specified by:
validatein interfaceAbacValidator<PolicyValidator.PolicyConfig>- Parameters:
config- configuration of this validatorcollector- error collector to gather issues with this request (e.g. "service not in role ABC")request- ABAC context containing subject(s), object(s) and environment
-
create(io.helidon.config.Config)instead