Package io.quarkus.vertx.http.runtime

Interface PolicyMappingConfig

public interface PolicyMappingConfig

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Interface
    Description
    static enum 
    PolicyMappingConfig.AppliesTo
    Specifies additional criteria on paths that should be checked.

  • Method Summary

    Modifier and Type
    Method
    Description
    PolicyMappingConfig.AppliesTo
    appliesTo()
    Whether permission check should be applied on all matching paths, or paths specific for the Jakarta REST resources.
    Optional<String>
    authMechanism()
    Path specific authentication mechanism which must be used to authenticate a user.
    Optional<Boolean>
    enabled()
    Determines whether the entire permission set is enabled, or not.
    Optional<List<String>>
    methods()
    The methods that this permission set applies to.
    Optional<List<String>>
    paths()
    The paths that this permission check applies to.
    String
    policy()
    The HTTP policy that this permission set is linked to.
    boolean
    shared()
    Indicates that this policy always applies to the matched paths in addition to the policy with a winning path.

  • Method Details

    • enabled

      Optional<Boolean> enabled()
      Determines whether the entire permission set is enabled, or not.

      By default, if the permission set is defined, it is enabled.

    • policy

      String policy()
      The HTTP policy that this permission set is linked to.

      There are three built-in policies: permit, deny and authenticated. Role based policies can be defined, and extensions can add their own policies.

    • methods

      Optional<List<String>> methods()
      The methods that this permission set applies to. If this is not set then they apply to all methods.

      Note that if a request matches any path from any permission set, but does not match the constraint due to the method not being listed then the request will be denied.

      Method specific permissions take precedence over matches that do not have any methods set.

      This means that for example if Quarkus is configured to allow GET and POST requests to /admin to and no other permissions are configured PUT requests to /admin will be denied.

    • paths

      Optional<List<String>> paths()
      The paths that this permission check applies to. If the path ends in /* then this is treated as a path prefix, otherwise it is treated as an exact match.

      Matches are done on a length basis, so the most specific path match takes precedence.

      If multiple permission sets match the same path then explicit methods matches take precedence over matches without methods set, otherwise the most restrictive permissions are applied.

    • authMechanism

      Optional<String> authMechanism()
      Path specific authentication mechanism which must be used to authenticate a user. It needs to match HttpCredentialTransport authentication scheme such as 'basic', 'bearer', 'form', etc.

    • shared

      @WithDefault("false") boolean shared()
      Indicates that this policy always applies to the matched paths in addition to the policy with a winning path. Avoid creating more than one shared policy to minimize the performance impact.

    • appliesTo

      @WithDefault("ALL") PolicyMappingConfig.AppliesTo appliesTo()
      Whether permission check should be applied on all matching paths, or paths specific for the Jakarta REST resources.