Enum Class IdentityType
- All Implemented Interfaces:
Serializable
,Comparable<IdentityType>
,Constable
One of more possible user identity types. Identity types represent the allowed type of user that
may have access. Different identity types receive different validation treatment. For example,
ADMIN
types represent standard admin requests for accessing data and checks
for visibility and mutability based on multitenant concerns, etc... are enforced.
OWNER
on the other hand represents a standard user that is accessing a
record they own (e.g. a cart, a saved address, or a saved payment method).
Using one or multiple identity types, a common endpoint can be used for multiple users and be protected appropriately based on that user's viewing context.
- Author:
- Jeff Fischer
-
Nested Class Summary
Nested classes/interfaces inherited from class java.lang.Enum
Enum.EnumDesc<E extends Enum<E>>
-
Enum Constant Summary
Enum ConstantDescriptionWhen this IdentityType is used, the authenticated user's ownership is checked in the following ways: IfPolicy.ownerIdentifierParam()
is specified, then ownership will be checked directly against the value of that param. -
Method Summary
Modifier and TypeMethodDescriptionstatic IdentityType
Returns the enum constant of this class with the specified name.static IdentityType[]
values()
Returns an array containing the constants of this enum class, in the order they are declared.
-
Enum Constant Details
-
ADMIN
-
OWNER
When this IdentityType is used, the authenticated user's ownership is checked in the following ways:- If
Policy.ownerIdentifierParam()
is specified, then ownership will be checked directly against the value of that param. This is primarily useful in API endpoint methods where the owner's id is present as a path variable. By specifying this param in that case, an ownership check will be executed immediately before any work is completed by the endpoint. - If
Policy.ownerIdentifierParam()
is not specified, then ownership will be checked against the method's params. In this case,Policy.param()
can be used to identify the method param that implements theOwned
interface. Otherwise, the method's params will be checked in order, looking for anOwned
entity. If an owned entity is found, its owner identifier will be used to verify access against the authenticated user. - If the method's return object is an
Owned
entity, then its owner identifier will be checked against the authenticated user.
- The authenticated user's identifier is gathered via a
parameter
present in theAuthentication.getDetails()
- The OWNER IdentityType is inherited from parent
Policy
annotations. Therefore, if you specify an ownership requirement at the endpoint-level, then it will also be enforced at the repository-level, if the repository includes a Policy annotation. - If
Policy.ownerIdentifierParam()
is not specified, then ownership is only enforced if a param or the response is an owned entity. So if your projection domain implementsOwned
, but the persistent entity does not, then only the endpoint response will be checked for ownership. Checking both the projection & persistent entities is necessary if you are reading then updating the results of the read - i.e. you'd want to check that what you're reading actually belongs to the user before updating it, not just validate the response from the endpoint after the update.
- If
-
ANONYMOUS
-
UNKNOWN
-
-
Method Details
-
values
Returns an array containing the constants of this enum class, in the order they are declared.- Returns:
- an array containing the constants of this enum class, in the order they are declared
-
valueOf
Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)- Parameters:
name
- the name of the enum constant to be returned.- Returns:
- the enum constant with the specified name
- Throws:
IllegalArgumentException
- if this enum class has no constant with the specified nameNullPointerException
- if the argument is null
-