Package io.helidon.security.abac.scope
Class ScopeValidator
- java.lang.Object
-
- io.helidon.security.abac.scope.ScopeValidator
-
- All Implemented Interfaces:
AbacValidator<ScopeValidator.ScopesConfig>
public final class ScopeValidator extends Object implements AbacValidator<ScopeValidator.ScopesConfig>
ABAC validator for OAuth2 scopes.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
ScopeValidator.Builder
A fluent API builder forScopeValidator
.static interface
ScopeValidator.Scope
Scope annotation.static interface
ScopeValidator.Scopes
Repeatable annotation forScopeValidator.Scope
.static class
ScopeValidator.ScopesConfig
Configuration custom class for scope validator.
-
Field Summary
Fields Modifier and Type Field Description static String
SCOPE_GRANT_TYPE
Use this type when constructing aGrant
, so this validator can accept it as a scope.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static ScopeValidator.Builder
builder()
Create a fluent API builder.Class<ScopeValidator.ScopesConfig>
configClass()
Class of the configuration type.String
configKey()
Key of a configuration entry that maps to this validator's configuration.static ScopeValidator
create()
Create an instance of scope validator with default configuration.static ScopeValidator
create(Config config)
Create a new validator instance from configuration.ScopeValidator.ScopesConfig
fromAnnotations(EndpointConfig endpointConfig)
Load configuration class instance from annotations this validator expects.ScopeValidator.ScopesConfig
fromConfig(Config config)
Load configuration class instance fromConfig
.Collection<Class<? extends Annotation>>
supportedAnnotations()
Provide extension annotations supported by this validator (e.g.void
validate(ScopeValidator.ScopesConfig config, Errors.Collector collector, ProviderRequest request)
Validate that the configuration provided would grant access to the resource.
-
-
-
Field Detail
-
SCOPE_GRANT_TYPE
public static final String SCOPE_GRANT_TYPE
Use this type when constructing aGrant
, so this validator can accept it as a scope.- See Also:
- Constant Field Values
-
-
Method Detail
-
builder
public static ScopeValidator.Builder builder()
Create a fluent API builder.- Returns:
- a new builder instance
-
create
public static ScopeValidator create()
Create an instance of scope validator with default configuration.- Returns:
- scope validator that uses "AND" operator for required scopes
-
create
public static ScopeValidator create(Config config)
Create a new validator instance from configuration.- Parameters:
config
- configuration on the key of this provider- Returns:
- scope validator instance
-
configClass
public Class<ScopeValidator.ScopesConfig> configClass()
Description copied from interface:AbacValidator
Class of the configuration type.- Specified by:
configClass
in interfaceAbacValidator<ScopeValidator.ScopesConfig>
- Returns:
- class of the type
-
supportedAnnotations
public Collection<Class<? extends Annotation>> supportedAnnotations()
Description copied from interface:AbacValidator
Provide extension annotations supported by this validator (e.g.RolesAllowed
). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected. The annotations will be transformed to configuration byAbacValidator.fromAnnotations(EndpointConfig)
.- Specified by:
supportedAnnotations
in interfaceAbacValidator<ScopeValidator.ScopesConfig>
- Returns:
- Collection of annotations this provider expects.
-
configKey
public String configKey()
Description copied from interface:AbacValidator
Key of a configuration entry that maps to this validator's configuration.- Specified by:
configKey
in interfaceAbacValidator<ScopeValidator.ScopesConfig>
- Returns:
- key in a config
Config
-
fromConfig
public ScopeValidator.ScopesConfig fromConfig(Config config)
Description copied from interface:AbacValidator
Load configuration class instance fromConfig
.- Specified by:
fromConfig
in interfaceAbacValidator<ScopeValidator.ScopesConfig>
- Parameters:
config
- configuration located on the key this validator expects inAbacValidator.configKey()
- Returns:
- instance of configuration class
-
fromAnnotations
public ScopeValidator.ScopesConfig fromAnnotations(EndpointConfig endpointConfig)
Description copied from interface:AbacValidator
Load configuration class instance from annotations this validator expects.- Specified by:
fromAnnotations
in interfaceAbacValidator<ScopeValidator.ScopesConfig>
- Parameters:
endpointConfig
- endpoint config- Returns:
- instance of configuration class
-
validate
public void validate(ScopeValidator.ScopesConfig config, Errors.Collector collector, ProviderRequest request)
Description copied from interface:AbacValidator
Validate that the configuration provided would grant access to the resource. Update collector with errors, if access should be denied usingErrors.Collector.fatal(Object, String)
.- Specified by:
validate
in interfaceAbacValidator<ScopeValidator.ScopesConfig>
- Parameters:
config
- configuration of this validatorcollector
- error collector to gather issues with this request (e.g. "service not in role ABC")request
- ABAC context containing subject(s), object(s) and environment
-
-