Package io.stargate.auth.jwt
Class AuthzJwtService
- java.lang.Object
-
- io.stargate.auth.jwt.AuthzJwtService
-
- All Implemented Interfaces:
AuthorizationService
public class AuthzJwtService extends Object implements AuthorizationService
-
-
Constructor Summary
Constructors Constructor Description AuthzJwtService()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidauthorizeDataRead(AuthenticationSubject authenticationSubject, String keyspace, String table, SourceAPI sourceAPI)Authorization for data resource access without keys is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.voidauthorizeDataWrite(AuthenticationSubject authenticationSubject, String keyspace, String table, Scope scope, SourceAPI sourceAPI)Authorization for data resource access without keys is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.voidauthorizeDataWrite(AuthenticationSubject authenticationSubject, String keyspace, String table, List<TypedKeyValue> typedKeyValues, Scope scope, SourceAPI sourceAPI)ResultSetauthorizedDataRead(Callable<ResultSet> action, AuthenticationSubject authenticationSubject, String keyspace, String table, List<TypedKeyValue> typedKeyValues, SourceAPI sourceAPI)Using the provided JWT and the claims it contains will perform pre-authorization where possible, executes the query provided, and then authorizes the response of the query.voidauthorizePermissionManagement(AuthenticationSubject authenticationSubject, String resource, String grantee, Scope scope, SourceAPI sourceAPI)Authorization for permission management is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.voidauthorizePermissionRead(AuthenticationSubject authenticationSubject, String role, SourceAPI sourceAPI)Authorization for permission management is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.voidauthorizeRoleManagement(AuthenticationSubject authenticationSubject, String role, Scope scope, SourceAPI sourceAPI)Authorization for role management is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.voidauthorizeRoleManagement(AuthenticationSubject authenticationSubject, String role, String grantee, Scope scope, SourceAPI sourceAPI)Authorization for role management is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.voidauthorizeRoleRead(AuthenticationSubject authenticationSubject, String role, SourceAPI sourceAPI)Authorization for role management is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.voidauthorizeSchemaRead(AuthenticationSubject authenticationSubject, List<String> keyspaceNames, List<String> tableNames, SourceAPI sourceAPI, ResourceKind resource)Authorization for schema resource access is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.voidauthorizeSchemaWrite(AuthenticationSubject authenticationSubject, String keyspace, String table, Scope scope, SourceAPI sourceAPI, ResourceKind resource)Authorization for schema resource access is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.
-
-
-
Method Detail
-
authorizedDataRead
public ResultSet authorizedDataRead(Callable<ResultSet> action, AuthenticationSubject authenticationSubject, String keyspace, String table, List<TypedKeyValue> typedKeyValues, SourceAPI sourceAPI) throws Exception
Using the provided JWT and the claims it contains will perform pre-authorization where possible, executes the query provided, and then authorizes the response of the query.- Specified by:
authorizedDataReadin interfaceAuthorizationService- Throws:
Exception
-
authorizeDataRead
public void authorizeDataRead(AuthenticationSubject authenticationSubject, String keyspace, String table, SourceAPI sourceAPI) throws UnauthorizedException
Authorization for data resource access without keys is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.- Specified by:
authorizeDataReadin interfaceAuthorizationService- Throws:
UnauthorizedException
-
authorizeDataWrite
public void authorizeDataWrite(AuthenticationSubject authenticationSubject, String keyspace, String table, Scope scope, SourceAPI sourceAPI) throws UnauthorizedException
Authorization for data resource access without keys is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.- Specified by:
authorizeDataWritein interfaceAuthorizationService- Throws:
UnauthorizedException
-
authorizeDataWrite
public void authorizeDataWrite(AuthenticationSubject authenticationSubject, String keyspace, String table, List<TypedKeyValue> typedKeyValues, Scope scope, SourceAPI sourceAPI) throws UnauthorizedException
- Specified by:
authorizeDataWritein interfaceAuthorizationService- Throws:
UnauthorizedException
-
authorizeSchemaRead
public void authorizeSchemaRead(AuthenticationSubject authenticationSubject, List<String> keyspaceNames, List<String> tableNames, SourceAPI sourceAPI, ResourceKind resource) throws UnauthorizedException
Authorization for schema resource access is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.- Specified by:
authorizeSchemaReadin interfaceAuthorizationService- Throws:
UnauthorizedException
-
authorizeSchemaWrite
public void authorizeSchemaWrite(AuthenticationSubject authenticationSubject, String keyspace, String table, Scope scope, SourceAPI sourceAPI, ResourceKind resource) throws UnauthorizedException
Authorization for schema resource access is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.- Specified by:
authorizeSchemaWritein interfaceAuthorizationService- Throws:
UnauthorizedException
-
authorizeRoleManagement
public void authorizeRoleManagement(AuthenticationSubject authenticationSubject, String role, Scope scope, SourceAPI sourceAPI) throws UnauthorizedException
Authorization for role management is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.- Specified by:
authorizeRoleManagementin interfaceAuthorizationService- Throws:
UnauthorizedException
-
authorizeRoleManagement
public void authorizeRoleManagement(AuthenticationSubject authenticationSubject, String role, String grantee, Scope scope, SourceAPI sourceAPI) throws UnauthorizedException
Authorization for role management is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.- Specified by:
authorizeRoleManagementin interfaceAuthorizationService- Throws:
UnauthorizedException
-
authorizeRoleRead
public void authorizeRoleRead(AuthenticationSubject authenticationSubject, String role, SourceAPI sourceAPI) throws UnauthorizedException
Authorization for role management is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.- Specified by:
authorizeRoleReadin interfaceAuthorizationService- Throws:
UnauthorizedException
-
authorizePermissionManagement
public void authorizePermissionManagement(AuthenticationSubject authenticationSubject, String resource, String grantee, Scope scope, SourceAPI sourceAPI) throws UnauthorizedException
Authorization for permission management is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.- Specified by:
authorizePermissionManagementin interfaceAuthorizationService- Throws:
UnauthorizedException
-
authorizePermissionRead
public void authorizePermissionRead(AuthenticationSubject authenticationSubject, String role, SourceAPI sourceAPI) throws UnauthorizedException
Authorization for permission management is not provided by JWTs so all authorization will be deferred to the underlying permissions assigned to the role the JWT maps to.- Specified by:
authorizePermissionReadin interfaceAuthorizationService- Throws:
UnauthorizedException
-
-