Package io.helidon.security.abac.scope

Class ScopeValidator

java.lang.Object

io.helidon.security.abac.scope.ScopeValidator

All Implemented Interfaces:

AbacValidator<ScopeValidator.ScopesConfig>

public final class ScopeValidator
extends Object
implements AbacValidator<ScopeValidator.ScopesConfig>

ABAC validator for OAuth2 scopes.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	ScopeValidator.Builder A fluent API builder for ScopeValidator.
static interface	ScopeValidator.Scope Scope annotation.
static interface	ScopeValidator.Scopes Repeatable annotation for ScopeValidator.Scope.
static class	ScopeValidator.ScopesConfig Configuration custom class for scope validator.

Field Summary

Fields

Modifier and Type	Field and Description
static String	SCOPE_GRANT_TYPE Use this type when constructing a Grant, so this validator can accept it as a scope.

Method Summary

Modifier and Type	Method and Description
static ScopeValidator.Builder	builder() Create a fluent API builder.
Class<ScopeValidator.ScopesConfig>	configClass() Class of the configuration type.
String	configKey() Key of a configuration entry that maps to this validator's configuration.
static ScopeValidator	create() Create an instance of scope validator with default configuration.
static ScopeValidator	create(Config config) Create a new validator instance from configuration.
ScopeValidator.ScopesConfig	fromAnnotations(EndpointConfig endpointConfig) Load configuration class instance from annotations this validator expects.
ScopeValidator.ScopesConfig	fromConfig(Config config) Load configuration class instance from Config.
Collection<Class<? extends Annotation>>	supportedAnnotations() Provide extension annotations supported by this validator (e.g.
void	validate(ScopeValidator.ScopesConfig config, Errors.Collector collector, ProviderRequest request) Validate that the configuration provided would grant access to the resource.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SCOPE_GRANT_TYPE

public static final String SCOPE_GRANT_TYPE

Use this type when constructing a Grant, so this validator can accept it as a scope.

See Also:

Constant Field Values

Method Detail

builder

public static ScopeValidator.Builder builder()

Create a fluent API builder.

Returns:

a new builder instance

create

public static ScopeValidator create()

Create an instance of scope validator with default configuration.

Returns:

scope validator that uses "AND" operator for required scopes

create

public static ScopeValidator create(Config config)

Create a new validator instance from configuration.

Parameters:

config - configuration on the key of this provider

Returns:

scope validator instance

configClass

public Class<ScopeValidator.ScopesConfig> configClass()

Description copied from interface: AbacValidator

Class of the configuration type.

Specified by:

configClass in interface AbacValidator<ScopeValidator.ScopesConfig>

Returns:

class of the type

supportedAnnotations

public Collection<Class<? extends Annotation>> supportedAnnotations()

Description copied from interface: AbacValidator

Provide extension annotations supported by this validator (e.g. RolesAllowed). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected. The annotations will be transformed to configuration by AbacValidator.fromAnnotations(EndpointConfig).

Specified by:

supportedAnnotations in interface AbacValidator<ScopeValidator.ScopesConfig>

Returns:

Collection of annotations this provider expects.

configKey

public String configKey()

Description copied from interface: AbacValidator

Key of a configuration entry that maps to this validator's configuration.

Specified by:

configKey in interface AbacValidator<ScopeValidator.ScopesConfig>

Returns:

key in a config Config

fromConfig

public ScopeValidator.ScopesConfig fromConfig(Config config)

Description copied from interface: AbacValidator

Load configuration class instance from Config.

Specified by:

fromConfig in interface AbacValidator<ScopeValidator.ScopesConfig>

Parameters:

config - configuration located on the key this validator expects in AbacValidator.configKey()

Returns:

instance of configuration class

fromAnnotations

public ScopeValidator.ScopesConfig fromAnnotations(EndpointConfig endpointConfig)

Description copied from interface: AbacValidator

Load configuration class instance from annotations this validator expects.

Specified by:

fromAnnotations in interface AbacValidator<ScopeValidator.ScopesConfig>

Parameters:

endpointConfig - endpoint config

Returns:

instance of configuration class

validate

public void validate(ScopeValidator.ScopesConfig config,
                     Errors.Collector collector,
                     ProviderRequest request)

Description copied from interface: AbacValidator

Validate that the configuration provided would grant access to the resource. Update collector with errors, if access should be denied using Errors.Collector#fatal(Object, String).

Specified by:

validate in interface AbacValidator<ScopeValidator.ScopesConfig>

Parameters:

config - configuration of this validator

collector - error collector to gather issues with this request (e.g. "service not in role ABC")

request - ABAC context containing subject(s), object(s) and environment