Package io.quarkus.security.deployment

Class PermissionSecurityChecks.PermissionSecurityChecksBuilder

java.lang.Object
io.quarkus.security.deployment.PermissionSecurityChecks.PermissionSecurityChecksBuilder
Enclosing interface:
PermissionSecurityChecks
public static final class PermissionSecurityChecks.PermissionSecurityChecksBuilder extends Object

  • Constructor Details

  • Method Details

    • foundPermissionsAllowedInstances

      boolean foundPermissionsAllowedInstances()

    • prepareParamConverterGenerator

      PermissionSecurityChecks.PermissionSecurityChecksBuilder prepareParamConverterGenerator(SecurityCheckRecorder recorder, io.quarkus.deployment.annotations.BuildProducer<io.quarkus.deployment.builditem.GeneratedClassBuildItem> generatedClassesProducer, io.quarkus.deployment.annotations.BuildProducer<io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem> reflectiveClassesProducer)

    • build

      PermissionSecurityChecks build()

    • createPermissionPredicates

      PermissionSecurityChecks.PermissionSecurityChecksBuilder createPermissionPredicates()
      Creates predicate for each secured method. Predicates are cached if possible. What we call predicate here is combination of (possibly computed) Permissions joined with logical operators 'AND' or 'OR'.

      For example, combination of following 2 annotation instances: 

       @PermissionsAllowed({"createResource", "createAll"})
 @PermissionsAllowed({"updateResource", "updateAll"})
 public void createOrUpdate() {
      ...
 }
      leads to (pseudocode): (createResource OR createAll) AND (updateResource OR updateAll)
      Returns:
      PermissionSecurityChecksBuilder

    • validatePermissionClasses

      PermissionSecurityChecks.PermissionSecurityChecksBuilder validatePermissionClasses()

    • gatherPermissionsAllowedAnnotations

      PermissionSecurityChecks.PermissionSecurityChecksBuilder gatherPermissionsAllowedAnnotations(Map<org.jboss.jandex.MethodInfo,org.jboss.jandex.AnnotationInstance> alreadyCheckedMethods, Map<org.jboss.jandex.ClassInfo,org.jboss.jandex.AnnotationInstance> alreadyCheckedClasses, List<org.jboss.jandex.AnnotationInstance> additionalClassInstances, Predicate<org.jboss.jandex.MethodInfo> hasAdditionalSecurityAnnotations)

    • isPermissionsAllowedInterceptor

      static boolean isPermissionsAllowedInterceptor(org.jboss.jandex.ClassInfo clazz)

    • getPermissionsAllowedInstances

      static ArrayList<org.jboss.jandex.AnnotationInstance> getPermissionsAllowedInstances(org.jboss.jandex.IndexView index)

    • movePermFromMetaAnnToMetaTarget

      static PermissionsAllowedMetaAnnotationBuildItem movePermFromMetaAnnToMetaTarget(org.jboss.jandex.IndexView index)

    • foundPermissionChecker

      boolean foundPermissionChecker()

    • getPermissionCheckers

      List<org.jboss.jandex.MethodInfo> getPermissionCheckers()

    • generatePermissionCheckers

      void generatePermissionCheckers(io.quarkus.deployment.annotations.BuildProducer<io.quarkus.deployment.builditem.GeneratedClassBuildItem> generatedClassProducer)
      This method for each detected PermissionChecker annotation instance generate following class: 
       
 public final class GeneratedQuarkusPermission extends QuarkusPermission<CheckerBean> {

     private final SomeDto securedMethodParameter1;

     public GeneratedQuarkusPermission(String permissionName, SomeDto securedMethodParameter1) {
         super("io.quarkus.security.runtime.GeneratedQuarkusPermission");
         this.securedMethodParameter1 = securedMethodParameter1;
     }

     &#64;Override
     protected final boolean isGranted(SecurityIdentity securityIdentity) {
         return getBean().hasPermission(securityIdentity, securedMethodParameter1);
     }

     // or same method with Uni depending on the 'hasPermission' return type
     &#64;Override
     protected final Uni<Boolean> isGrantedUni(SecurityIdentity securityIdentity) {
         return getBean().hasPermission(securityIdentity, securedMethodParameter1);
     }

     &#64;Override
     protected final Class<T> getBeanClass() {
         return io.quarkus.security.runtime.GeneratedQuarkusPermission.class;
     }

     &#64;Override
     protected final boolean isBlocking() {
         return false; // true when checker method annotated with &#64;Blocking
     }

     &#64;Override
     protected final boolean isReactive() {
         return false; // true when checker method returns Uni<Boolean>
     }

 }
      The CheckerBean in question can look like this: 
       
 &#64;Singleton
 public class CheckerBean {

     &#64;PermissionChecker("permission-name")
     boolean isGranted(SecurityIdentity securityIdentity, SomeDto someDto) {
         return false;
     }

 }