Package io.quarkus.security.runtime

Class QuarkusPermission<T>

java.lang.Object
java.security.Permission
io.quarkus.security.runtime.QuarkusPermission<T>
All Implemented Interfaces:
Serializable, Guard
public abstract class QuarkusPermission<T> extends Permission
Special type of Permission which is used by Quarkus Security to call CDI bean methods annotated with the PermissionChecker.
See Also:

  • Constructor Details

    • QuarkusPermission

      protected QuarkusPermission(String permissionName)
      Subclasses can declare constructors that accept permission name and/or arguments of a secured method.
      Parameters:
      permissionName - permission name, this matches PermissionChecker.value()
      See Also:
      • for more information about additional Permission arguments

  • Method Details

    • getBeanClass

      protected abstract Class<T> getBeanClass()
      Returns:
      declaring class of the method annotated with the PermissionChecker

    • isBlocking

      protected abstract boolean isBlocking()
      Returns:
      true if isGranted(SecurityIdentity) must be executed on a worker thread

    • isReactive

      protected abstract boolean isReactive()
      Whether user-defined permission checker returns Uni.
      Returns:
      true if isGrantedUni(SecurityIdentity) should be used instead of the isGranted(SecurityIdentity)

    • getBean

      protected final T getBean()
      Returns:
      CDI bean that declares the method annotated with the PermissionChecker

    • isGranted

      protected abstract boolean isGranted(io.quarkus.security.identity.SecurityIdentity securityIdentity)
      Determines whether access to secured resource should be granted in a synchronous manner. Subclasses should override this method unless they need to perform permission check in an asynchronous manner.
      Parameters:
      securityIdentity - SecurityIdentity
      Returns:
      true if access should be granted and false otherwise

    • isGrantedUni

      protected abstract io.smallrye.mutiny.Uni<Boolean> isGrantedUni(io.quarkus.security.identity.SecurityIdentity securityIdentity)
      Determines whether access to secured resource should be granted in an asynchronous manner. Subclasses can override this method, however it is only called when isReactive() returns true.
      Parameters:
      securityIdentity - SecurityIdentity
      Returns:
      Uni with true if access should be granted and Uni with false otherwise

    • isGranted

      final io.smallrye.mutiny.Uni<Boolean> isGranted(io.quarkus.security.identity.SecurityIdentity identity, BlockingSecurityExecutor blockingExecutor)

    • implies

      public final boolean implies(Permission requiredPermission)
      Specified by:
      implies in class Permission
      Throws:
      IllegalStateException - for this permission can only be set to the PermissionsAllowed.permission()

    • getActions

      public final String getActions()
      Specified by:
      getActions in class Permission

    • equals

      public final boolean equals(Object object)
      Specified by:
      equals in class Permission

    • hashCode

      public final int hashCode()
      Specified by:
      hashCode in class Permission

    • accessDenied

      protected static io.smallrye.mutiny.Uni<Boolean> accessDenied()