java.lang.Object
io.helidon.security.abac.role.RoleValidator
- All Implemented Interfaces:
AbacValidator<RoleValidator.RoleConfig>
Validator capable of validating role attributes of a subject.
In default configuration, checks roles of current user's subject. This can be overridden to support user and service, or just
a service either on global level (see
RoleValidatorService.configKey()
and configKey()
.
This validator supports both RolesAllowed
and RoleValidator.Roles
annotations.
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic final class
Attribute configuration class for Role validator.static @interface
A definition of "roles allowed" for a specific subject type.static @interface
Repeatable annotation forRoleValidator.Roles
. -
Method Summary
Modifier and TypeMethodDescriptionClass of the configuration type.Key of a configuration entry that maps to this validator's configuration.static RoleValidator
create()
Create a new instance of role validator.fromAnnotations
(EndpointConfig endpointConfig) Load configuration class instance from annotations this validator expects.fromConfig
(Config config) Load configuration class instance fromConfig
.Collection<Class<? extends Annotation>>
Provide extension annotations supported by this validator (e.g.void
validate
(RoleValidator.RoleConfig config, Errors.Collector collector, ProviderRequest request) Validate that the configuration provided would grant access to the resource.
-
Method Details
-
create
Create a new instance of role validator.- Returns:
- a new instance with default configuration
-
configClass
Description copied from interface:AbacValidator
Class of the configuration type.- Specified by:
configClass
in interfaceAbacValidator<RoleValidator.RoleConfig>
- Returns:
- class of the type
-
configKey
Description copied from interface:AbacValidator
Key of a configuration entry that maps to this validator's configuration.- Specified by:
configKey
in interfaceAbacValidator<RoleValidator.RoleConfig>
- Returns:
- key in a config
Config
-
fromConfig
Description copied from interface:AbacValidator
Load configuration class instance fromConfig
.- Specified by:
fromConfig
in interfaceAbacValidator<RoleValidator.RoleConfig>
- Parameters:
config
- configuration located on the key this validator expects inAbacValidator.configKey()
- Returns:
- instance of configuration class
-
fromAnnotations
Description copied from interface:AbacValidator
Load configuration class instance from annotations this validator expects.- Specified by:
fromAnnotations
in interfaceAbacValidator<RoleValidator.RoleConfig>
- Parameters:
endpointConfig
- endpoint config- Returns:
- instance of configuration class
-
validate
public void validate(RoleValidator.RoleConfig config, Errors.Collector collector, ProviderRequest request) Description copied from interface:AbacValidator
Validate that the configuration provided would grant access to the resource. Update collector with errors, if access should be denied usingErrors.Collector.fatal(Object, String)
.- Specified by:
validate
in interfaceAbacValidator<RoleValidator.RoleConfig>
- Parameters:
config
- configuration of this validatorcollector
- error collector to gather issues with this request (e.g. "service not in role ABC")request
- ABAC context containing subject(s), object(s) and environment
-
supportedAnnotations
Description copied from interface:AbacValidator
Provide extension annotations supported by this validator (e.g.RolesAllowed
). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected. The annotations will be transformed to configuration byAbacValidator.fromAnnotations(EndpointConfig)
.- Specified by:
supportedAnnotations
in interfaceAbacValidator<RoleValidator.RoleConfig>
- Returns:
- Collection of annotations this provider expects.
-