Package io.quarkus.vertx.http.runtime

Class PolicyMappingConfig

java.lang.Object

io.quarkus.vertx.http.runtime.PolicyMappingConfig

public class PolicyMappingConfig
extends Object

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	PolicyMappingConfig.AppliesTo	Specifies additional criteria on paths that should be checked.

Field Summary

Fields

Modifier and Type	Field	Description
PolicyMappingConfig.AppliesTo	appliesTo	Whether permission check should be applied on all matching paths, or paths specific for the Jakarta REST resources.
Optional<String>	authMechanism	Path specific authentication mechanism which must be used to authenticate a user.
Optional<Boolean>	enabled	Determines whether the entire permission set is enabled, or not.
Optional<List<String>>	methods	The methods that this permission set applies to.
Optional<List<String>>	paths	The paths that this permission check applies to.
String	policy	The HTTP policy that this permission set is linked to.
boolean	shared	Indicates that this policy always applies to the matched paths in addition to the policy with a winning path.

Constructor Summary

Constructors

Constructor	Description
PolicyMappingConfig()

Method Summary

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

enabled

@ConfigItem
public Optional<Boolean> enabled

Determines whether the entire permission set is enabled, or not. By default, if the permission set is defined, it is enabled.

policy

@ConfigItem
public String policy

The HTTP policy that this permission set is linked to. There are three built-in policies: permit, deny and authenticated. Role based policies can be defined, and extensions can add their own policies.

methods

@ConfigItem
public Optional<List<String>> methods

The methods that this permission set applies to. If this is not set then they apply to all methods. Note that if a request matches any path from any permission set, but does not match the constraint due to the method not being listed then the request will be denied. Method specific permissions take precedence over matches that do not have any methods set. This means that for example if Quarkus is configured to allow GET and POST requests to /admin to and no other permissions are configured PUT requests to /admin will be denied.

paths

@ConfigItem
public Optional<List<String>> paths

The paths that this permission check applies to. If the path ends in /* then this is treated as a path prefix, otherwise it is treated as an exact match. Matches are done on a length basis, so the most specific path match takes precedence. If multiple permission sets match the same path then explicit methods matches take precedence over matches without methods set, otherwise the most restrictive permissions are applied.

authMechanism

@ConfigItem
public Optional<String> authMechanism

Path specific authentication mechanism which must be used to authenticate a user. It needs to match HttpCredentialTransport authentication scheme such as 'basic', 'bearer', 'form', etc.

shared

@ConfigItem(defaultValue="false")
public boolean shared

Indicates that this policy always applies to the matched paths in addition to the policy with a winning path. Avoid creating more than one shared policy to minimize the performance impact.

appliesTo

@ConfigItem(defaultValue="ALL")
public PolicyMappingConfig.AppliesTo appliesTo

Whether permission check should be applied on all matching paths, or paths specific for the Jakarta REST resources.

Constructor Details

PolicyMappingConfig

public PolicyMappingConfig()