Module io.inverno.mod.security.http
Package io.inverno.mod.security.http

Class AccessControlInterceptor<A extends Identity,B extends AccessController,C extends SecurityContext<A,B>,D extends Exchange<C>>

java.lang.Object
io.inverno.mod.security.http.AccessControlInterceptor<A,B,C,D>
Type Parameters:
A - the identity type
B - the access controller type
C - the security context type
D - the exchange type
All Implemented Interfaces:
ExchangeInterceptor<C,D>
public class AccessControlInterceptor<A extends Identity,B extends AccessController,C extends SecurityContext<A,B>,D extends Exchange<C>> extends Object implements ExchangeInterceptor<C,D>

An access control interceptor verifies that the access to a resource is authorized.

This interceptor must be executed after the SecurityInterceptor once the SecurityContext has been created. It is basically used to verify that the requester has access to the resource being intercepted based on the security context and more specifically the authentication, the identity and the access controller.

Since:
1.5
Author:
Jeremy Kuhn

  • Method Details

    • anonymous

      public static <A extends Identity, B extends AccessController, C extends SecurityContext<A, B>, D extends Exchange<C>> AccessControlInterceptor<A,B,C,D> anonymous()

      Returns an access control interceptor that verifies the requester is anonymous (i.e. not authenticated).

      Type Parameters:
      A - the identity type
      B - the access controller type
      C - the security context type
      D - the exchange type
      Returns:
      an access control interceptor

    • authenticated

      public static <A extends Identity, B extends AccessController, C extends SecurityContext<A, B>, D extends Exchange<C>> AccessControlInterceptor<A,B,C,D> authenticated()

      Returns an access control interceptor that verifies the requester is authenticated.

      Type Parameters:
      A - the identity type
      B - the access controller type
      C - the security context type
      D - the exchange type
      Returns:
      an access control interceptor

    • verify

      public static <A extends Identity, B extends AccessController, C extends SecurityContext<A, B>, D extends Exchange<C>> AccessControlInterceptor<A,B,C,D> verify(Function<SecurityContext<A,B>,Mono<Boolean>> accessVerifier)

      Returns an access control interceptor that uses the specified access verifier to verify access.

      The access verifier shall return false to deny the access to the resource resulting in a ForbiddenException being thrown by the interceptor but it can also throw an UnauthorizedException or a ForbiddenException directly to get a different behaviour or provide more details about the error (e.g. a message).

      Type Parameters:
      A - the identity type
      B - the access controller type
      C - the security context type
      D - the exchange type
      Parameters:
      accessVerifier - an access verifier
      Returns:
      an access control interceptor

    • intercept

      public Mono<? extends D> intercept(D exchange)
      Description copied from interface: ExchangeInterceptor

      Intercepts the exchange before the exchange handler is invoked.

      Specified by:
      intercept in interface ExchangeInterceptor<A extends Identity,B extends AccessController>
      Parameters:
      exchange - the server exchange to handle
      Returns:
      a Mono emitting the exchange or an instrumented exchange to continue the exchange handling chain or an empty Mono to stop the exchange handling chain