Interface AbacValidator<T extends AbacValidatorConfig>
-
- Type Parameters:
T
- type of configuration used by this validator. Each validator must have its ownAbacValidatorConfig
class, so we can uniquely identify the one to call
- All Known Implementing Classes:
PolicyValidator
,RoleValidator
,ScopeValidator
,TimeValidator
public interface AbacValidator<T extends AbacValidatorConfig>
Service interface for attribute based access control (ABAC) validator. The validator provides information about itself:- Annotations it expects - should be meta-annotated with
AbacAnnotation
, so we can check all are processed even if validator is missing - Configuration key expected when configured through a file (or other config source)
- Class of configuration of this attribute validator (also the type parameter of this class)
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description Class<T>
configClass()
Class of the configuration type.String
configKey()
Key of a configuration entry that maps to this validator's configuration.T
fromAnnotations(EndpointConfig endpointConfig)
Load configuration class instance from annotations this validator expects.T
fromConfig(Config config)
Load configuration class instance fromConfig
.default Collection<Class<? extends Annotation>>
supportedAnnotations()
Provide extension annotations supported by this validator (e.g.void
validate(T config, Errors.Collector collector, ProviderRequest request)
Validate that the configuration provided would grant access to the resource.
-
-
-
Method Detail
-
supportedAnnotations
default Collection<Class<? extends Annotation>> supportedAnnotations()
Provide extension annotations supported by this validator (e.g.RolesAllowed
). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected. The annotations will be transformed to configuration byfromAnnotations(EndpointConfig)
.- Returns:
- Collection of annotations this provider expects.
-
configKey
String configKey()
Key of a configuration entry that maps to this validator's configuration.- Returns:
- key in a config
Config
-
fromConfig
T fromConfig(Config config)
Load configuration class instance fromConfig
.- Parameters:
config
- configuration located on the key this validator expects inconfigKey()
- Returns:
- instance of configuration class
-
fromAnnotations
T fromAnnotations(EndpointConfig endpointConfig)
Load configuration class instance from annotations this validator expects.- Parameters:
endpointConfig
- endpoint config- Returns:
- instance of configuration class
-
validate
void validate(T config, Errors.Collector collector, ProviderRequest request)
Validate that the configuration provided would grant access to the resource. Update collector with errors, if access should be denied usingErrors.Collector.fatal(Object, String)
.- Parameters:
config
- configuration of this validatorcollector
- error collector to gather issues with this request (e.g. "service not in role ABC")request
- ABAC context containing subject(s), object(s) and environment
-
-