Annotation Interface PolicyVariance
In certain unique scenarios, the out-of-box policy context validation provided
for a
Trackable
entity via TrackablePolicyUtils
may be too restrictive.
In such cases, this annotation can be applied to the persisted-domain entity class in question to skip some of the out-of-box policy context validation for it.
A high degree of caution and care is advised when using this annotation to protect against the risk of opening up security vulnerabilities. The general expectation is for the use of this annotation to be accompanied by custom context validations in any and all controller endpoints which could result in changes to the given entity.
Note that this only affects context-visibility validations for the entity, and does not affect whether other validations such as permission validation apply.
- Since:
- 1.4
- See Also:
-
Required Element Summary
Modifier and TypeRequired ElementDescriptionThe variance type(s) in which the entity's policy context validation should be skipped.
-
Element Details
-
value
PolicyVarianceType[] valueThe variance type(s) in which the entity's policy context validation should be skipped.- Returns:
- the variance type(s) in which respective context mutability validations should be skipped
-