Package net.devh.boot.grpc.server.security.check

Interface AccessPredicate

All Superinterfaces:
BiPredicate<Authentication,ServerCall<?,?>>
public interface AccessPredicate extends BiPredicate<Authentication,ServerCall<?,?>>
Predicate that can be used to check whether the given Authentication has access to the protected service/method. This interface assumes, that the user is authenticated before the method is called.

  • Method Details

    • test

      boolean test(Authentication authentication, ServerCall<?,?> serverCall)
      Checks whether the given user is authorized to execute the given call.
      Specified by:
      test in interface BiPredicate<Authentication,ServerCall<?,?>>
      Parameters:
      authentication - The authentication to check.
      serverCall - The secure object being called.
      Returns:
      True, if the user has access. False otherwise.

    • negate

      default AccessPredicate negate()
      Specified by:
      negate in interface BiPredicate<Authentication,ServerCall<?,?>>

    • and

      default AccessPredicate and(Predicate<? super Authentication> other)
      Combines this predicate with the given predicate using the AND operator.
      Parameters:
      other - The other predicate to call.
      Returns:
      The combined predicate.

    • and

      default AccessPredicate and(BiPredicate<? super Authentication,? super ServerCall<?,?>> other)
      Specified by:
      and in interface BiPredicate<Authentication,ServerCall<?,?>>

    • or

      default AccessPredicate or(Predicate<? super Authentication> other)
      Combines this predicate with the given predicate using the OR operator.
      Parameters:
      other - The other predicate to call.
      Returns:
      The combined predicate.

    • or

      default AccessPredicate or(BiPredicate<? super Authentication,? super ServerCall<?,?>> other)
      Specified by:
      or in interface BiPredicate<Authentication,ServerCall<?,?>>

    • permitAll

      static AccessPredicate permitAll()
      Special constant that symbolizes that everybody (including unauthenticated users) can access the instance (no protection).

      Note: This is a special constant, that does not allow execution and mutation. It's sole purpose is to avoid ambiguity for null values. It should only be used in == comparisons.

      Returns:
      A special constant that symbolizes public access.

    • authenticated

      static AccessPredicate authenticated()
      All authenticated users can access the protected instance including anonymous users.

      Note: The negation of this call is denyAll() and NOT all unauthenticated.

      Returns:
      A newly created AccessPredicate that always returns true.

    • fullyAuthenticated

      static AccessPredicate fullyAuthenticated()
      All authenticated users can access the protected instance excluding anonymous users.
      Returns:
      A newly created AccessPredicate that checks whether the user is explicitly authenticated.

    • denyAll

      static AccessPredicate denyAll()
      Nobody can access the protected instance.

      Note: The negation of this call is authenticated() and NOT permitAll().

      Returns:
      A newly created AccessPredicate that always returns false.

    • hasRole

      static AccessPredicate hasRole(String role)
      Only those who have the given role can access the protected instance.
      Parameters:
      role - The role to check for.
      Returns:
      A newly created AccessPredicate that only returns true, if the name of the GrantedAuthoritys matches the given role name.

    • hasAuthority

      static AccessPredicate hasAuthority(GrantedAuthority role)
      Only those who have the given GrantedAuthority can access the protected instance.
      Parameters:
      role - The role to check for.
      Returns:
      A newly created AccessPredicate that only returns true, if the GrantedAuthoritys matches the given role.

    • hasAnyRole

      static AccessPredicate hasAnyRole(String... roles)
      Only those who have any of the given roles can access the protected instance.
      Parameters:
      roles - The roles to check for.
      Returns:
      A newly created AccessPredicate that only returns true, if the name of the GrantedAuthoritys matches any of the given role names.

    • hasAnyRole

      static AccessPredicate hasAnyRole(Collection<String> roles)
      Only those who have any of the given roles can access the protected instance.
      Parameters:
      roles - The roles to check for.
      Returns:
      A newly created AccessPredicate that only returns true, if the name of the GrantedAuthoritys matches any of the given role names.

    • hasAnyAuthority

      static AccessPredicate hasAnyAuthority(GrantedAuthority... roles)
      Only those who have any of the given GrantedAuthority can access the protected instance.
      Parameters:
      roles - The roles to check for.
      Returns:
      A newly created AccessPredicate that only returns true, if the GrantedAuthoritys matches any of the given roles.

    • hasAnyAuthority

      static AccessPredicate hasAnyAuthority(Collection<GrantedAuthority> roles)
      Only those who have any of the given GrantedAuthority can access the protected instance.
      Parameters:
      roles - The roles to check for.
      Returns:
      A newly created AccessPredicate that only returns true, if the GrantedAuthoritys matches any of the given roles.

    • hasAllRoles

      static AccessPredicate hasAllRoles(String... roles)
      Only those who have all of the given roles can access the protected instance.
      Parameters:
      roles - The roles to check for.
      Returns:
      A newly created AccessPredicate that only returns true, if the name of the GrantedAuthoritys matches all of the given role names.

    • hasAllRoles

      static AccessPredicate hasAllRoles(Collection<String> roles)
      Only those who have all of the given roles can access the protected instance.
      Parameters:
      roles - The roles to check for.
      Returns:
      A newly created AccessPredicate that only returns true, if the name of the GrantedAuthoritys matches all of the given role names.

    • hasAllAuthorities

      static AccessPredicate hasAllAuthorities(GrantedAuthority... roles)
      Only those who have all of the given GrantedAuthority can access the protected instance.
      Parameters:
      roles - The roles to check for.
      Returns:
      A newly created AccessPredicate that only returns true, if the GrantedAuthoritys matches all of the given roles.

    • hasAllAuthorities

      static AccessPredicate hasAllAuthorities(Collection<GrantedAuthority> roles)
      Only those who have any of the given GrantedAuthority can access the protected instance.
      Parameters:
      roles - The roles to check for.
      Returns:
      A newly created AccessPredicate that only returns true, if the GrantedAuthoritys matches all of the given roles.

    • fromClientAddress

      static AccessPredicate fromClientAddress(Predicate<? super SocketAddress> remoteAddressCheck)
      Checks that the client connected from the given address.
      Parameters:
      remoteAddressCheck - The check to apply to the client address.
      Returns:
      A newly created AccessPredicate that only returns true, if the client address passes the given check.
      See Also:

    • toServerAddress

      static AccessPredicate toServerAddress(Predicate<? super SocketAddress> localAddressCheck)
      Checks that the client connected to the given server address.
      Parameters:
      localAddressCheck - The check to apply to the server address.
      Returns:
      A newly created AccessPredicate that only returns true, if the server address passes the given check.
      See Also: