All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.helidon.security.spi.AuthorizationProvider Maven / Gradle / Ivy

There is a newer version: 4.1.4
Show newest version
/*
 * Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package io.helidon.security.spi;

import java.util.concurrent.CompletionStage;

import io.helidon.security.AuthorizationResponse;
import io.helidon.security.ProviderRequest;
import io.helidon.security.Role;
import io.helidon.security.Security;
import io.helidon.security.Subject;

/**
 * Authorization security provider. Validates the request and decides whether it
 * should continue processing.
 *
 * @see #supportedAnnotations()
 * @see #supportedCustomObjects()
 * @see #supportedConfigKeys()
 */
@FunctionalInterface
public interface AuthorizationProvider extends SecurityProvider {
    /**
     * Authorize a request based on configuration.
     *
     * Authorization cannot be optional. If this method is called, it should always attempt to authorize the current request.
     * This method will be invoked for inbound requests ONLY.
     *
     * @param context context of this security enforcement/validation
     * @return response that either permits, denies or abstains from decision
     * @see AuthorizationResponse#permit()
     */
    CompletionStage authorize(ProviderRequest context);

    /**
     * Return true if current user is in the specified role.
     * Only providers that support role based access should implement this method.
     * For others it checks the subject for the presence of {@link Role} grant of the specified name.
     *
     * This method is defined to conform with one of the most commonly spread authorization concept, as it is required
     * for frameworks such as Servlet and JAX-RS.
     *
     * @param subject current subject
     * @param role    role name
     * @return true if current user is in this role
     */
    default boolean isUserInRole(Subject subject, String role) {
        return Security.getRoles(subject).contains(role);
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy