net.devh.boot.grpc.server.security.check

Interface AccessPredicate

All Superinterfaces:

Predicate<Authentication>

public interface AccessPredicate
extends Predicate<Authentication>

Predicate that can be used to check whether the given Authentication has access to the protected service/method. This interface assumes, that the user is authenticated before the method is called.

Method Summary

Modifier and Type	Method and Description
default AccessPredicate	and(Predicate<? super Authentication> other)
static AccessPredicate	authenticated() All authenticated users can access the protected instance including anonymous users.
static AccessPredicate	denyAll() Nobody can access the protected instance.
static AccessPredicate	fullyAuthenticated() All authenticated users can access the protected instance excluding anonymous users.
static AccessPredicate	hasAllAuthorities(Collection<GrantedAuthority> roles) Only those who have any of the given GrantedAuthority can access the protected instance.
static AccessPredicate	hasAllAuthorities(GrantedAuthority... roles) Only those who have all of the given GrantedAuthority can access the protected instance.
static AccessPredicate	hasAllRoles(Collection<String> roles) Only those who have all of the given roles can access the protected instance.
static AccessPredicate	hasAllRoles(String... roles) Only those who have all of the given roles can access the protected instance.
static AccessPredicate	hasAnyAuthority(Collection<GrantedAuthority> roles) Only those who have any of the given GrantedAuthority can access the protected instance.
static AccessPredicate	hasAnyAuthority(GrantedAuthority... roles) Only those who have any of the given GrantedAuthority can access the protected instance.
static AccessPredicate	hasAnyRole(Collection<String> roles) Only those who have any of the given roles can access the protected instance.
static AccessPredicate	hasAnyRole(String... roles) Only those who have any of the given roles can access the protected instance.
static AccessPredicate	hasAuthority(GrantedAuthority role) Only those who have the given GrantedAuthority can access the protected instance.
static AccessPredicate	hasRole(String role) Only those who have the given role can access the protected instance.
default AccessPredicate	negate()
default AccessPredicate	or(Predicate<? super Authentication> other)
static AccessPredicate	permitAll() Special constant that symbolizes that everybody (including unauthenticated users) can access the instance (no protection).

Methods inherited from interface java.util.function.Predicate

isEqual, test

Method Detail

negate

default AccessPredicate negate()

Specified by:

negate in interface Predicate<Authentication>

and

default AccessPredicate and(Predicate<? super Authentication> other)

Specified by:

and in interface Predicate<Authentication>

or

default AccessPredicate or(Predicate<? super Authentication> other)

Specified by:

or in interface Predicate<Authentication>

permitAll

static AccessPredicate permitAll()

Special constant that symbolizes that everybody (including unauthenticated users) can access the instance (no protection).

Note: This is a special constant, that does not allow execution and mutation. It's sole purpose is to avoid ambiguity for null values. It should only be used in == comparisons.

Returns:

A special constant that symbolizes public access.

authenticated

static AccessPredicate authenticated()

All authenticated users can access the protected instance including anonymous users.

Note: The negation of this call is denyAll() and NOT all unauthenticated.

Returns:

A newly created AccessPredicate that always returns true.

fullyAuthenticated

static AccessPredicate fullyAuthenticated()

All authenticated users can access the protected instance excluding anonymous users.

Returns:

A newly created AccessPredicate that checks whether the user is explicitly authenticated.

denyAll

static AccessPredicate denyAll()

Nobody can access the protected instance.

Note: The negation of this call is authenticated() and NOT permitAll().

Returns:

A newly created AccessPredicate that always returns false.

hasRole

static AccessPredicate hasRole(String role)

Only those who have the given role can access the protected instance.

Parameters:

role - The role to check for.

Returns:

A newly created AccessPredicate that only returns true, if the name of the GrantedAuthoritys matches the given role name.

hasAuthority

static AccessPredicate hasAuthority(GrantedAuthority role)

Only those who have the given GrantedAuthority can access the protected instance.

Parameters:

role - The role to check for.

Returns:

A newly created AccessPredicate that only returns true, if the GrantedAuthoritys matches the given role.

hasAnyRole

static AccessPredicate hasAnyRole(String... roles)

Only those who have any of the given roles can access the protected instance.

Parameters:

roles - The roles to check for.

Returns:

A newly created AccessPredicate that only returns true, if the name of the GrantedAuthoritys matches any of the given role names.

hasAnyRole

static AccessPredicate hasAnyRole(Collection<String> roles)

Only those who have any of the given roles can access the protected instance.

Parameters:

roles - The roles to check for.

Returns:

A newly created AccessPredicate that only returns true, if the name of the GrantedAuthoritys matches any of the given role names.

hasAnyAuthority

static AccessPredicate hasAnyAuthority(GrantedAuthority... roles)

Only those who have any of the given GrantedAuthority can access the protected instance.

Parameters:

roles - The roles to check for.

Returns:

A newly created AccessPredicate that only returns true, if the GrantedAuthoritys matches any of the given roles.

hasAnyAuthority

static AccessPredicate hasAnyAuthority(Collection<GrantedAuthority> roles)

Only those who have any of the given GrantedAuthority can access the protected instance.

Parameters:

roles - The roles to check for.

Returns:

A newly created AccessPredicate that only returns true, if the GrantedAuthoritys matches any of the given roles.

hasAllRoles

static AccessPredicate hasAllRoles(String... roles)

Only those who have all of the given roles can access the protected instance.

Parameters:

roles - The roles to check for.

Returns:

A newly created AccessPredicate that only returns true, if the name of the GrantedAuthoritys matches all of the given role names.

hasAllRoles

static AccessPredicate hasAllRoles(Collection<String> roles)

Only those who have all of the given roles can access the protected instance.

Parameters:

roles - The roles to check for.

Returns:

A newly created AccessPredicate that only returns true, if the name of the GrantedAuthoritys matches all of the given role names.

hasAllAuthorities

static AccessPredicate hasAllAuthorities(GrantedAuthority... roles)

Only those who have all of the given GrantedAuthority can access the protected instance.

Parameters:

roles - The roles to check for.

Returns:

A newly created AccessPredicate that only returns true, if the GrantedAuthoritys matches all of the given roles.

hasAllAuthorities

static AccessPredicate hasAllAuthorities(Collection<GrantedAuthority> roles)

Only those who have any of the given GrantedAuthority can access the protected instance.

Parameters:

roles - The roles to check for.

Returns:

A newly created AccessPredicate that only returns true, if the GrantedAuthoritys matches all of the given roles.