Module io.helidon.security.abac.role

Package io.helidon.security.abac.role

Class RoleValidator

java.lang.Object

io.helidon.security.abac.role.RoleValidator

All Implemented Interfaces:

AbacValidator<RoleValidator.RoleConfig>

public final class RoleValidator
extends Object
implements AbacValidator<RoleValidator.RoleConfig>

Validator capable of validating role attributes of a subject. In default configuration, checks roles of current user's subject. This can be overridden to support user and service, or just a service either on global level (see RoleValidatorService.configKey() and configKey().

This validator supports both RolesAllowed and RoleValidator.Roles annotations.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static @interface	RoleValidator.PermitAll	Mark a type or method as public.
static final class	RoleValidator.RoleConfig	Attribute configuration class for Role validator.
static @interface	RoleValidator.Roles	A definition of "roles allowed" for a specific subject type.
static @interface	RoleValidator.RolesContainer	Repeatable annotation for RoleValidator.Roles.

Method Summary

Modifier and Type	Method	Description
Class<RoleValidator.RoleConfig>	configClass()	Class of the configuration type.
String	configKey()	Key of a configuration entry that maps to this validator's configuration.
static RoleValidator	create()	Create a new instance of role validator.
RoleValidator.RoleConfig	fromAnnotations(EndpointConfig endpointConfig)	Load configuration class instance from annotations this validator expects.
RoleValidator.RoleConfig	fromConfig(Config config)	Load configuration class instance from configuration.
Collection<Class<? extends Annotation>>	supportedAnnotations()	Provide extension annotations supported by this validator (e.g.
void	validate(RoleValidator.RoleConfig config, Errors.Collector collector, ProviderRequest request)	Validate that the configuration provided would grant access to the resource.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.helidon.security.providers.abac.spi.AbacValidator

fromConfig

Method Details

create

public static RoleValidator create()

Create a new instance of role validator.

Returns:

a new instance with default configuration

configClass

public Class<RoleValidator.RoleConfig> configClass()

Description copied from interface: AbacValidator

Class of the configuration type.

Specified by:

configClass in interface AbacValidator<RoleValidator.RoleConfig>

Returns:

class of the type

configKey

public String configKey()

Description copied from interface: AbacValidator

Key of a configuration entry that maps to this validator's configuration.

Specified by:

configKey in interface AbacValidator<RoleValidator.RoleConfig>

Returns:

key in a config Config

fromConfig

public RoleValidator.RoleConfig fromConfig(Config config)

Description copied from interface: AbacValidator

Load configuration class instance from configuration.

API Note: the default method implementation is provided for backward compatibility and will be removed in the next major version

Specified by:

fromConfig in interface AbacValidator<RoleValidator.RoleConfig>

Parameters:

config - configuration located on the key this validator expects in AbacValidator.configKey()

Returns:

instance of configuration class

fromAnnotations

public RoleValidator.RoleConfig fromAnnotations(EndpointConfig endpointConfig)

Description copied from interface: AbacValidator

Load configuration class instance from annotations this validator expects.

Specified by:

fromAnnotations in interface AbacValidator<RoleValidator.RoleConfig>

Parameters:

endpointConfig - endpoint config

Returns:

instance of configuration class

validate

public void validate(RoleValidator.RoleConfig config,
 Errors.Collector collector,
 ProviderRequest request)

Description copied from interface: AbacValidator

Validate that the configuration provided would grant access to the resource. Update collector with errors, if access should be denied using Errors.Collector.fatal(Object, String).

Specified by:

validate in interface AbacValidator<RoleValidator.RoleConfig>

Parameters:

config - configuration of this validator

collector - error collector to gather issues with this request (e.g. "service not in role ABC")

request - ABAC context containing subject(s), object(s) and environment

supportedAnnotations

public Collection<Class<? extends Annotation>> supportedAnnotations()

Description copied from interface: AbacValidator

Provide extension annotations supported by this validator (e.g. RolesAllowed). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected. The annotations will be transformed to configuration by AbacValidator.fromAnnotations(EndpointConfig).

Specified by:

supportedAnnotations in interface AbacValidator<RoleValidator.RoleConfig>

Returns:

Collection of annotations this provider expects.