Interface AbacValidator<T extends AbacValidatorConfig>

  • Type Parameters:
    T - type of configuration used by this validator. Each validator must have its own AbacValidatorConfig class, so we can uniquely identify the one to call
    All Known Implementing Classes:
    PolicyValidator, RoleValidator, ScopeValidator, TimeValidator

    public interface AbacValidator<T extends AbacValidatorConfig>
    Service interface for attribute based access control (ABAC) validator. The validator provides information about itself:
    • Annotations it expects - should be meta-annotated with AbacAnnotation, so we can check all are processed even if validator is missing
    • Configuration key expected when configured through a file (or other config source)
    • Class of configuration of this attribute validator (also the type parameter of this class)
    • Method Detail

      • supportedAnnotations

        default Collection<Class<? extends Annotation>> supportedAnnotations()
        Provide extension annotations supported by this validator (e.g. RolesAllowed). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected. The annotations will be transformed to configuration by fromAnnotations(EndpointConfig).
        Returns:
        Collection of annotations this provider expects.
      • configClass

        Class<T> configClass()
        Class of the configuration type.
        Returns:
        class of the type
      • configKey

        String configKey()
        Key of a configuration entry that maps to this validator's configuration.
        Returns:
        key in a config Config
      • fromConfig

        T fromConfig​(Config config)
        Load configuration class instance from Config.
        Parameters:
        config - configuration located on the key this validator expects in configKey()
        Returns:
        instance of configuration class
      • fromAnnotations

        T fromAnnotations​(EndpointConfig endpointConfig)
        Load configuration class instance from annotations this validator expects.
        Parameters:
        endpointConfig - endpoint config
        Returns:
        instance of configuration class
      • validate

        void validate​(T config,
                      Errors.Collector collector,
                      ProviderRequest request)
        Validate that the configuration provided would grant access to the resource. Update collector with errors, if access should be denied using Errors.Collector.fatal(Object, String).
        Parameters:
        config - configuration of this validator
        collector - error collector to gather issues with this request (e.g. "service not in role ABC")
        request - ABAC context containing subject(s), object(s) and environment