Interface PolicyUtils

All Known Subinterfaces:
TrackablePolicyUtils
All Known Implementing Classes:
DefaultTrackablePolicyUtils, VendorAwareTrackablePolicyUtils

public interface PolicyUtils
Utility class capable of performing validation of a requested operation based on permissions available to the current Authentication. This is generally subclassed to provide business rule verification on additional context information outside of Spring granted authorities alone.
Author:
Jeff Fischer
  • Field Details

    • log

      static final org.slf4j.Logger log
    • ROLE_ANONYMOUS

      static final String ROLE_ANONYMOUS
      See Also:
    • DEFAULT_AUTH_DETAILS_OWNER_ID

      static final String DEFAULT_AUTH_DETAILS_OWNER_ID
      Key used when determining if a user owns a particular entity.
      See Also:
  • Method Details

    • getAuthentication

      default org.springframework.security.core.Authentication getAuthentication()
      Retrieve the current Spring Authentication instance associated with the current flow, if any.
      Returns:
      The current Spring Authentication instance associated with the current flow
    • getAuthenticationAttributes

      Map<String,Object> getAuthenticationAttributes()
      Retrieves the attributes on the current Authentication that are useful in making policy determinations. This method is expected to return the attributes in a map which is generally achieved by a registered Converter bean.
      Returns:
      the attributes, if any, on the current Authentication
    • validatePermissions

      default PolicyResponse validatePermissions(@Nullable String[] permissions, @Nullable ContextInfo contextInfo)

      Determine if the current security context (e.g. Authentication) is valid against the requested permission. If Spring Security is disabled (no Authentication available), the response will be PolicyResponse.VALID.

      Parameters:
      permissions - the permissions to check. A single permission in the current getAuthentication() must match to pass the policy
      contextInfo - the context containing multitenant application, tenant and catalog information. Not used in the default implementation, though custom implementations may use this for validation purposes.
      Returns:
      the result of the validation
    • getAuthDetailsOwnerIdentifier

      default String getAuthDetailsOwnerIdentifier()