public abstract class AbstractSecurityRule extends Object implements SecurityRule
SecurityRule
class to extend from that provides
helper methods to get the roles from the claims and compare them
to the roles allowed by the rule.DENY_ALL, IS_ANONYMOUS, IS_AUTHENTICATED
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
Modifier and Type | Method and Description |
---|---|
protected SecurityRuleResult |
compareRoles(List<String> requiredRoles,
List<String> grantedRoles)
Compares the given roles to determine if the request is allowed by
comparing if any of the granted roles is in the required roles list.
|
protected List<String> |
getRoles(Map<String,Object> claims)
Appends
SecurityRule.IS_ANONYMOUS if not authenticated. |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
check
protected List<String> getRoles(Map<String,Object> claims)
SecurityRule.IS_ANONYMOUS
if not authenticated. If the
claims contain one or more roles, SecurityRule.IS_AUTHENTICATED
is
appended to the list.claims
- The claims of the token, null if not authenticatedprotected SecurityRuleResult compareRoles(List<String> requiredRoles, List<String> grantedRoles)
requiredRoles
- The list of roles required to be authorizedgrantedRoles
- The list of roles granted to the userSecurityRuleResult.REJECTED
if none of the granted roles
appears in the required roles list. SecurityRuleResult.ALLOWED
otherwise.