Interface PolicyUtils
-
- All Known Subinterfaces:
TrackablePolicyUtils
- All Known Implementing Classes:
DefaultTrackablePolicyUtils
,VendorAwareTrackablePolicyUtils
public interface PolicyUtils
Utility class capable of performing validation of a requested operation based on permissions available to the currentAuthentication
. This is generally subclassed to provide business rule verification on additional context information outside of Spring granted authorities alone.- Author:
- Jeff Fischer
-
-
Field Summary
Fields Modifier and Type Field Description static String
DEFAULT_AUTH_DETAILS_OWNER_ID
Key used when determining if a user owns a particular entity.static org.slf4j.Logger
log
static String
ROLE_ANONYMOUS
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description default String
getAuthDetailsOwnerIdentifier()
default org.springframework.security.core.Authentication
getAuthentication()
Retrieve the current SpringAuthentication
instance associated with the current flow, if any.Map<String,Object>
getAuthenticationAttributes()
Retrieves the attributes on the currentAuthentication
that are useful in making policy determinations.default PolicyResponse
validatePermissions(String[] permissions, ContextInfo contextInfo)
Determine if the current security context (e.g.
-
-
-
Field Detail
-
log
static final org.slf4j.Logger log
-
ROLE_ANONYMOUS
static final String ROLE_ANONYMOUS
- See Also:
- Constant Field Values
-
DEFAULT_AUTH_DETAILS_OWNER_ID
static final String DEFAULT_AUTH_DETAILS_OWNER_ID
Key used when determining if a user owns a particular entity.- See Also:
Owned
, Constant Field Values
-
-
Method Detail
-
getAuthentication
default org.springframework.security.core.Authentication getAuthentication()
Retrieve the current SpringAuthentication
instance associated with the current flow, if any.- Returns:
- The current Spring
Authentication
instance associated with the current flow
-
getAuthenticationAttributes
Map<String,Object> getAuthenticationAttributes()
Retrieves the attributes on the currentAuthentication
that are useful in making policy determinations. This method is expected to return the attributes in a map which is generally achieved by a registeredConverter
bean.- Returns:
- the attributes, if any, on the current
Authentication
-
validatePermissions
default PolicyResponse validatePermissions(@Nullable String[] permissions, @Nullable ContextInfo contextInfo)
Determine if the current security context (e.g.
Authentication
) is valid against the requested permission. If Spring Security is disabled (noAuthentication
available), the response will bePolicyResponse.VALID
.- Parameters:
permissions
- the permissions to check. A single permission in the currentgetAuthentication()
must match to pass the policycontextInfo
- the context containing multitenant application, tenant and catalog information. Not used in the default implementation, though custom implementations may use this for validation purposes.- Returns:
- the result of the validation
-
getAuthDetailsOwnerIdentifier
default String getAuthDetailsOwnerIdentifier()
-
-