- java.lang.Object
-
- io.helidon.security.abac.role.RoleValidator
-
- All Implemented Interfaces:
AbacValidator<RoleValidator.RoleConfig>
public final class RoleValidator extends Object implements AbacValidator<RoleValidator.RoleConfig>
Validator capable of validating role attributes of a subject. In default configuration, checks roles of current user's subject. This can be overridden to support user and service, or just a service either on global level (seeRoleValidatorService.configKey()andconfigKey().This validator supports both
RolesAllowedandRoleValidator.Rolesannotations.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classRoleValidator.RoleConfigAttribute configuration class for Role validator.static interfaceRoleValidator.RolesA definition of "roles allowed" for a specific subject type.static interfaceRoleValidator.RolesContainerRepeatable annotation forRoleValidator.Roles.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description Class<RoleValidator.RoleConfig>configClass()Class of the configuration type.StringconfigKey()Key of a configuration entry that maps to this validator's configuration.static RoleValidatorcreate()Create a new instance of role validator.RoleValidator.RoleConfigfromAnnotations(EndpointConfig endpointConfig)Load configuration class instance from annotations this validator expects.RoleValidator.RoleConfigfromConfig(Config config)Load configuration class instance fromConfig.Collection<Class<? extends Annotation>>supportedAnnotations()Provide extension annotations supported by this validator (e.g.voidvalidate(RoleValidator.RoleConfig config, Errors.Collector collector, ProviderRequest request)Validate that the configuration provided would grant access to the resource.
-
-
-
Method Detail
-
create
public static RoleValidator create()
Create a new instance of role validator.- Returns:
- a new instance with default configuration
-
configClass
public Class<RoleValidator.RoleConfig> configClass()
Description copied from interface:AbacValidatorClass of the configuration type.- Specified by:
configClassin interfaceAbacValidator<RoleValidator.RoleConfig>- Returns:
- class of the type
-
configKey
public String configKey()
Description copied from interface:AbacValidatorKey of a configuration entry that maps to this validator's configuration.- Specified by:
configKeyin interfaceAbacValidator<RoleValidator.RoleConfig>- Returns:
- key in a config
Config
-
fromConfig
public RoleValidator.RoleConfig fromConfig(Config config)
Description copied from interface:AbacValidatorLoad configuration class instance fromConfig.- Specified by:
fromConfigin interfaceAbacValidator<RoleValidator.RoleConfig>- Parameters:
config- configuration located on the key this validator expects inAbacValidator.configKey()- Returns:
- instance of configuration class
-
fromAnnotations
public RoleValidator.RoleConfig fromAnnotations(EndpointConfig endpointConfig)
Description copied from interface:AbacValidatorLoad configuration class instance from annotations this validator expects.- Specified by:
fromAnnotationsin interfaceAbacValidator<RoleValidator.RoleConfig>- Parameters:
endpointConfig- endpoint config- Returns:
- instance of configuration class
-
validate
public void validate(RoleValidator.RoleConfig config, Errors.Collector collector, ProviderRequest request)
Description copied from interface:AbacValidatorValidate that the configuration provided would grant access to the resource. Update collector with errors, if access should be denied usingErrors.Collector.fatal(Object, String).- Specified by:
validatein interfaceAbacValidator<RoleValidator.RoleConfig>- Parameters:
config- configuration of this validatorcollector- error collector to gather issues with this request (e.g. "service not in role ABC")request- ABAC context containing subject(s), object(s) and environment
-
supportedAnnotations
public Collection<Class<? extends Annotation>> supportedAnnotations()
Description copied from interface:AbacValidatorProvide extension annotations supported by this validator (e.g.RolesAllowed). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected. The annotations will be transformed to configuration byAbacValidator.fromAnnotations(EndpointConfig).- Specified by:
supportedAnnotationsin interfaceAbacValidator<RoleValidator.RoleConfig>- Returns:
- Collection of annotations this provider expects.
-
-