Package io.camunda.security.reader
Interface ResourceAccessController
public interface ResourceAccessController
A
ResourceAccessController enhances any get and search with additional ResourceAccessChecks to be applied executing them. However, any implementation of the ResourceAccessController may decide to deny access immediately, and by that, to not execute the
read (i.e., get or search) at all and throw an exception instead.-
Method Summary
Modifier and TypeMethodDescription<T> TdoGet(SecurityContext securityContext, Function<ResourceAccessChecks, T> resourceChecksApplier) Called before doing a get to retrieve a single resource.<T> TdoSearch(SecurityContext securityContext, Function<ResourceAccessChecks, T> resourceChecksApplier) Called before doing a search by query.default booleanisAnonymousAuthentication(CamundaAuthentication authentication) Returns true if the givenauthenticationis anonymousbooleansupports(SecurityContext securityContext) Returns true if the givensecurityContextis supported by thisResourceAccessController*
-
Method Details
-
doGet
<T> T doGet(SecurityContext securityContext, Function<ResourceAccessChecks, T> resourceChecksApplier) Called before doing a get to retrieve a single resource.- Parameters:
securityContext- contains theCamundaAuthenticationand the requiredauthorizationto be checked.resourceChecksApplier- will be used to pass required @ResourceAccessChecksto the actual reader
-
doSearch
<T> T doSearch(SecurityContext securityContext, Function<ResourceAccessChecks, T> resourceChecksApplier) Called before doing a search by query.- Parameters:
securityContext- contains theCamundaAuthenticationand the requiredauthorizationto be checked.resourceChecksApplier- will be used to pass required @ResourceAccessChecksto the actual reader
-
supports
Returns true if the givensecurityContextis supported by thisResourceAccessController* -
isAnonymousAuthentication
Returns true if the givenauthenticationis anonymous. *
-