Interface AuthorizationHandler

All Superinterfaces:

Handler<RoutingContext>

public interface AuthorizationHandler
extends Handler<RoutingContext>

Base interface for authorization handlers that provide authorization support.

AuthorizationHandlerImpl usually requires a AuthenticationHandler to be on the routing chain before it or a custom handler that has previously set a User in the RoutingContext

Author:

Stephane Bastian

Method Summary

Modifier and Type	Method	Description
AuthorizationHandler	addAuthorizationProvider(AuthorizationProvider authorizationProvider)	Adds a provider that shall be used to retrieve the required authorizations for the user to attest.
static AuthorizationHandler	create()	create the handler that will check the attribute based authorization.
static AuthorizationHandler	create(Authorization authorization)	create the handler that will check the specified authorization Note that to check several authorizations, you can specify a sub-interface such as AndAuthorization or OrAuthorization
AuthorizationHandler	variableConsumer(BiConsumer<RoutingContext, AuthorizationContext> handler)	Provide a simple handler to extract needed variables.

Methods inherited from interface Handler

handle

Method Details

create

static AuthorizationHandler create(Authorization authorization)

create the handler that will check the specified authorization Note that to check several authorizations, you can specify a sub-interface such as AndAuthorization or OrAuthorization

Parameters:

authorization - the authorization to attest.

Returns:

fluent self.

create

static AuthorizationHandler create()

create the handler that will check the attribute based authorization. In this mode, the required authorization is computed from the request itself or the metadata of the route. The important keys are:

• X-ABAC-Domain - The domain of the permission, a domain is a the first segment of domain:operation
• X-ABAC-Operation - The operation of the permission, the operation is a the second segment of domain:operation
• X-ABAC-Resource - This is usually is a opaque string to mark the resource to access

When any of these metadata values are missing they are replaced at runtime with their default values:

• X-ABAC-Domain - Always web
• X-ABAC-Operation - The request HTTP HttpMethod from HttpServerRequest.method()
• X-ABAC-Resource - The normalized request path from RoutingContext.normalizedPath()

Returns:

fluent self.

addAuthorizationProvider

AuthorizationHandler addAuthorizationProvider(AuthorizationProvider authorizationProvider)

Adds a provider that shall be used to retrieve the required authorizations for the user to attest. Multiple calls are allowed to retrieve authorizations from many sources.

Parameters:

authorizationProvider - a provider.

Returns:

fluent self.

variableConsumer

AuthorizationHandler variableConsumer(BiConsumer<RoutingContext, AuthorizationContext> handler)

Provide a simple handler to extract needed variables. As it may be useful to allow/deny access based on the value of a request param one can do: (routingCtx, authCtx) -> authCtx.variables().addAll(routingCtx.request().params()) Or for example the remote address: (routingCtx, authCtx) -> authCtx.result.variables().add(VARIABLE_REMOTE_IP, routingCtx.request().connection().remoteAddress())

Parameters:

handler - a bi consumer.

Returns:

fluent self.