Package io.helidon.security.abac.spi

Interface AbacValidator<T extends AbacValidatorConfig>

Type Parameters:

T - type of configuration used by this validator. Each validator must have its own AbacValidatorConfig class, so we can uniquely identify the one to call

All Known Implementing Classes:

PolicyValidator, RoleValidator, ScopeValidator, TimeValidator

public interface AbacValidator<T extends AbacValidatorConfig>

Service interface for attribute based access control (ABAC) validator. The validator provides information about itself:

• Annotations it expects - should be meta-annotated with AbacAnnotation, so we can check all are processed even if validator is missing
• Configuration key expected when configured through a file (or other config source)
• Class of configuration of this attribute validator (also the type parameter of this class)

Method Summary

Modifier and Type	Method and Description
T	combine(T parent, T child) Combine two configuration (such as one obtained from annotation and one from config).
java.lang.Class<T>	configClass() Class of the configuration type.
java.lang.String	configKey() Key of a configuration entry that maps to this validator's configuration.
T	fromAnnotations(java.util.List<? extends java.lang.annotation.Annotation> annotations) Load configuration class instance from annotations this validator expects.
T	fromConfig(Config config) Load configuration class instance from Config.
default java.util.Collection<java.lang.Class<? extends java.lang.annotation.Annotation>>	supportedAnnotations() Provide extension annotations supported by this validator (e.g.
void	validate(T config, Errors.Collector collector, ProviderRequest request) Validate that the configuration provided would grant access to the resource.

Method Detail

supportedAnnotations

default java.util.Collection<java.lang.Class<? extends java.lang.annotation.Annotation>> supportedAnnotations()

Provide extension annotations supported by this validator (e.g. RolesAllowed). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected. The annotations will be transformed to configuration by fromAnnotations(List).

Returns:

Collection of annotations this provider expects.

configClass

java.lang.Class<T> configClass()

Class of the configuration type.

Returns:

class of the type

configKey

java.lang.String configKey()

Key of a configuration entry that maps to this validator's configuration.

Returns:

key in a config Config

fromConfig

T fromConfig(Config config)

Load configuration class instance from Config.

Parameters:

config - configuration located on the key this validator expects in configKey()

Returns:

instance of configuration class

fromAnnotations

T fromAnnotations(java.util.List<? extends java.lang.annotation.Annotation> annotations)

Load configuration class instance from annotations this validator expects.

Parameters:

annotations - annotations collected from resource if annotations are supported

Returns:

instance of configuration class

combine

T combine(T parent,
          T child)

Combine two configuration (such as one obtained from annotation and one from config).

Parameters:

parent - The parent configuration (e.g. obtained from annotation)

child - The child configuration (e.g. obtained from explicit object)

Returns:

combined configuration

validate

void validate(T config,
              Errors.Collector collector,
              ProviderRequest request)

Validate that the configuration provided would grant access to the resource. Update collector with errors, if access should be denied using Errors.Collector#fatal(Object, String).

Parameters:

config - configuration of this validator

collector - error collector to gather issues with this request (e.g. "service not in role ABC")

request - ABAC context containing subject(s), object(s) and environment