Package io.quarkus.vertx.http.runtime

Interface PolicyConfig

public interface PolicyConfig

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    permissionClass()
    Permissions granted by this policy will be created with a `java.security.Permission` implementation specified by this configuration property.
    Map<String,List<String>>
    permissions()
    Permissions granted to the `SecurityIdentity` if this policy is applied successfully (the policy allows request to proceed) and the authenticated request has required role.
    Map<String,List<String>>
    roles()
    Add roles granted to the `SecurityIdentity` based on the roles that the `SecurityIdentity` already have.
    List<@WithConverter(io.quarkus.runtime.configuration.TrimmedStringConverter.class) String>
    rolesAllowed()
    The roles that are allowed to access resources protected by this policy.

  • Method Details

    • rolesAllowed

      @WithDefault("**") List<@WithConverter(io.quarkus.runtime.configuration.TrimmedStringConverter.class) String> rolesAllowed()
      The roles that are allowed to access resources protected by this policy. By default, access is allowed to any authenticated user.

    • roles

      @ConfigDocMapKey("role-name") Map<String,List<String>> roles()
      Add roles granted to the `SecurityIdentity` based on the roles that the `SecurityIdentity` already have. For example, the Quarkus OIDC extension can map roles from the verified JWT access token, and you may want to remap them to a deployment specific roles.

    • permissions

      @ConfigDocMapKey("role-name") Map<String,List<String>> permissions()
      Permissions granted to the `SecurityIdentity` if this policy is applied successfully (the policy allows request to proceed) and the authenticated request has required role. For example, you can map permission `perm1` with actions `action1` and `action2` to role `admin` by setting `quarkus.http.auth.policy.role-policy1.permissions.admin=perm1:action1,perm1:action2` configuration property. Granted permissions are used for authorization with the `@PermissionsAllowed` annotation.

    • permissionClass

      @WithDefault("io.quarkus.security.StringPermission") String permissionClass()
      Permissions granted by this policy will be created with a `java.security.Permission` implementation specified by this configuration property. The permission class must declare exactly one constructor that accepts permission name (`String`) or permission name and actions (`String`, `String[]`). Permission class must be registered for reflection if you run your application in a native mode.