Interface PolicyUtils
- All Known Subinterfaces:
TrackablePolicyUtils
- All Known Implementing Classes:
DefaultTrackablePolicyUtils
,VendorAwareTrackablePolicyUtils
public interface PolicyUtils
Utility class capable of performing validation of a requested operation based on permissions
available to the current
Authentication
. This is generally subclassed to provide business
rule verification on additional context information outside of Spring granted authorities alone.- Author:
- Jeff Fischer
-
Field Summary
-
Method Summary
Modifier and TypeMethodDescriptiondefault String
default org.springframework.security.core.Authentication
Retrieve the current SpringAuthentication
instance associated with the current flow, if any.Retrieves the attributes on the currentAuthentication
that are useful in making policy determinations.default PolicyResponse
validatePermissions
(String[] permissions, ContextInfo contextInfo) Determine if the current security context (e.g.
-
Field Details
-
log
static final org.slf4j.Logger log -
ROLE_ANONYMOUS
- See Also:
-
DEFAULT_AUTH_DETAILS_OWNER_ID
Key used when determining if a user owns a particular entity.- See Also:
-
-
Method Details
-
getAuthentication
default org.springframework.security.core.Authentication getAuthentication()Retrieve the current SpringAuthentication
instance associated with the current flow, if any.- Returns:
- The current Spring
Authentication
instance associated with the current flow
-
getAuthenticationAttributes
Retrieves the attributes on the currentAuthentication
that are useful in making policy determinations. This method is expected to return the attributes in a map which is generally achieved by a registeredConverter
bean.- Returns:
- the attributes, if any, on the current
Authentication
-
validatePermissions
default PolicyResponse validatePermissions(@Nullable String[] permissions, @Nullable ContextInfo contextInfo) Determine if the current security context (e.g.
Authentication
) is valid against the requested permission. If Spring Security is disabled (noAuthentication
available), the response will bePolicyResponse.VALID
.- Parameters:
permissions
- the permissions to check. A single permission in the currentgetAuthentication()
must match to pass the policycontextInfo
- the context containing multitenant application, tenant and catalog information. Not used in the default implementation, though custom implementations may use this for validation purposes.- Returns:
- the result of the validation
-
getAuthDetailsOwnerIdentifier
-