Module io.quarkus.security.api
Package io.quarkus.security.identity

Interface SecurityIdentity

public interface SecurityIdentity
Interface that represents the current security identity such as a logged-in user or other authenticated subject.

Instances of this class will always be available for injection even if no authentication has taken place. In this case isAnonymous() will return true, and the security identity will generally have no roles.

Implementations should be immutable.

  • Field Details

    • USER_ATTRIBUTE

      static final String USER_ATTRIBUTE
      The attribute name that is used to store the underlying security identity representation.
      See Also:

  • Method Details

    • getPrincipal

      Principal getPrincipal()
      Returns:
      the Principal representing the current security identity.

    • getPrincipal

      default <T extends Principal> T getPrincipal(Class<T> clazz)
      Parameters:
      clazz - Principal subclass
      Returns:
      the Principal subclass representing the current security identity.

    • isAnonymous

      boolean isAnonymous()
      Returns:
      true if this identity is anonymous

    • getRoles

      Set<String> getRoles()
      Returns the set of all roles held by the security identity. These roles must be resolvable in advance for every request.

      Note that roles are returned on a best effort basis. To actually check if a user holds a role hasRole(String) should be used instead. Some API's (e.g. JAX-RS) do not allow for all roles to be returned, so if the underlying identity representation does not support retrieving all the roles this method will not always be reliable. In general all built in Quarkus security extensions should provide this, unless it is documented otherwise.

      This set should either be unmodifiable, or a defensive copy so attempts to change the role set do not modify the underlying identity.

      Returns:
      The set of all roles held by the user

    • hasRole

      boolean hasRole(String role)
      Checks if a security identity has a given role. These roles must be resolvable in advance for every request.
      Returns:
      true if the identity has the specified role.

    • getPermissions

      Set<Permission> getPermissions()
      Returns an unmodifiable set of permissions held by the security identity that have already been resolved and can be represented as Permission.

      Note that this set of permissions is not guaranteed to represent a complete set of permissions held by the identity. For example, a JSON Web Token (JWT) token scope might be represented as a Permission instance, while an unresolved permission that requires an asynchronous or remote permission check can not be.

      Returns:
      The set of resolved permissions that can be represented as Permission

    • getCredential

      <T extends Credential> T getCredential(Class<T> credentialType)
      Gets the security identity credential of the given type, or null if a credential of the given type is not present.
      Type Parameters:
      T - The type of the credential
      Parameters:
      credentialType - The type of the credential
      Returns:
      The credential

    • getCredentials

      Set<Credential> getCredentials()
      Returns a set of all credentials owned by this security identity.
      Returns:
      a set of all credentials

    • getAttribute

      <T> T getAttribute(String name)
      Gets an attribute from the identity.

      These can be arbitrary, and extensions are encouraged to use name spaced attribute names in a similar manner to package names.

      The `quarkus.` namespace is reserved

      The root

      Type Parameters:
      T - The type of the attribute
      Parameters:
      name - The attribute name
      Returns:
      The attribute value

    • getAttributes

      Map<String,Object> getAttributes()
      Returns:
      All the request attributes

    • checkPermission

      io.smallrye.mutiny.Uni<Boolean> checkPermission(Permission permission)
      Checks if a security identity holds a given permission.

      This method is asynchronous, as it may involve calls to a remote resource.

      Parameters:
      permission - The permission
      Returns:
      Uni that will resolve to true if the security identity has the specified permission

    • checkPermissionBlocking

      default boolean checkPermissionBlocking(Permission permission)
      Checks if a security identity holds a given permission.

      This method is a blocking version of checkPermission(Permission)..

      Parameters:
      permission - The permission
      Returns:
      true if the security identity has the specified permission

    • checkPermission

      default io.smallrye.mutiny.Uni<Boolean> checkPermission(String permission)
      Checks if a security identity holds a given permission.

      This method is asynchronous, as it may involve calls to a remote resource.

      Parameters:
      permission - The permission
      Returns:
      Uni that will resolve to true if the security identity has the specified permission

    • checkPermissionBlocking

      default boolean checkPermissionBlocking(String permission)
      Checks if a security identity holds a given permission.

      This method is a blocking version of checkPermission(Permission). By default it will just wait for the CompletionStage to be complete, however it is likely that some implementations will want to provide a more efficient version.

      Parameters:
      permission - The permission
      Returns:
      Uni that will resolve to true if the security identity has the specified permission