Module io.helidon.security.providers.abac

Package io.helidon.security.providers.abac

Class AbacProvider

java.lang.Object

io.helidon.security.providers.abac.AbacProvider

All Implemented Interfaces:

AuthorizationProvider, SecurityProvider

public final class AbacProvider
extends Object
implements AuthorizationProvider

Attribute based access control (ABAC) provider. This provider gathers all attributes to be validated on endpoint and makes sure they are all validated as expected during authorization process. Each attribute to be validated must have a AbacValidator implemented.

See Also:

• builder()
• create(Config)

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	AbacProvider.Builder	A fluent API builder for AbacProvider.

Method Summary

Modifier and Type	Method	Description
AuthorizationResponse	authorize(ProviderRequest providerRequest)	Authorize a request based on configuration.
static AbacProvider.Builder	builder()	Creates a fluent API builder to build new instances of this class.
static AbacProvider	create()	Creates a new provider instance with default configuration.
static AbacProvider	create(Config config)	Creates a new provider instance from configuration.
Collection<Class<? extends Annotation>>	supportedAnnotations()	Provide extension annotations supported by this provider (e.g.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.helidon.security.spi.AuthorizationProvider

isUserInRole

Methods inherited from interface io.helidon.security.spi.SecurityProvider

supportedAttributes, supportedConfigKeys, supportedCustomObjects

Method Details

builder

public static AbacProvider.Builder builder()

Creates a fluent API builder to build new instances of this class.

Returns:

a new builder instance

create

public static AbacProvider create(Config config)

Creates a new provider instance from configuration.

Parameters:

config - configuration

Returns:

ABAC provider instantiated from config

create

public static AbacProvider create()

Creates a new provider instance with default configuration.

Returns:

ABAC provider

supportedAnnotations

public Collection<Class<? extends Annotation>> supportedAnnotations()

Description copied from interface: SecurityProvider

Provide extension annotations supported by this provider (e.g. jakarta.annotation.security.RolesAllowed). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected.

Specified by:

supportedAnnotations in interface SecurityProvider

Returns:

Collection of annotations this provider expects.

authorize

public AuthorizationResponse authorize(ProviderRequest providerRequest)

Description copied from interface: AuthorizationProvider

Authorize a request based on configuration. Authorization cannot be optional. If this method is called, it should always attempt to authorize the current request. This method will be invoked for inbound requests ONLY.

Specified by:

authorize in interface AuthorizationProvider

Parameters:

providerRequest - context of this security enforcement/validation

Returns:

response that either permits, denies or abstains from decision

See Also:

• AuthorizationResponse.permit()