public abstract class AbstractSecurityRule extends java.lang.Object implements SecurityRule
SecurityRule
class to extend from that provides
helper methods to get the roles from the claims and compare them
to the roles allowed by the rule.DENY_ALL, IS_ANONYMOUS, IS_AUTHENTICATED
Constructor and Description |
---|
AbstractSecurityRule(RolesFinder rolesFinder) |
Modifier and Type | Method and Description |
---|---|
protected org.reactivestreams.Publisher<SecurityRuleResult> |
compareRoles(java.util.List<java.lang.String> requiredRoles,
java.util.Collection<java.lang.String> grantedRoles)
Compares the given roles to determine if the request is allowed by
comparing if any of the granted roles is in the required roles list.
|
protected java.util.List<java.lang.String> |
getRoles(Authentication authentication)
Appends
SecurityRule.IS_ANONYMOUS if not authenticated. |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
check
@Inject public AbstractSecurityRule(RolesFinder rolesFinder)
rolesFinder
- Roles Parserprotected java.util.List<java.lang.String> getRoles(Authentication authentication)
SecurityRule.IS_ANONYMOUS
if not authenticated. If the
claims contain one or more roles, SecurityRule.IS_AUTHENTICATED
is
appended to the list.authentication
- The authentication, or null if none foundprotected org.reactivestreams.Publisher<SecurityRuleResult> compareRoles(java.util.List<java.lang.String> requiredRoles, java.util.Collection<java.lang.String> grantedRoles)
requiredRoles
- The list of roles required to be authorizedgrantedRoles
- The list of roles granted to the userSecurityRuleResult.REJECTED
if none of the granted roles
appears in the required roles list. SecurityRuleResult.ALLOWED
otherwise.