Module io.quarkus.security.api
Package io.quarkus.security.identity

Interface SecurityIdentity

public interface SecurityIdentity
Interface that represents the currently logged in user.

Instances of this class will always be available for injection even if no user is currently logged in. In this case isAnonymous() will return true, and the user will generally not have any roles (although some implementation may assign roles to anonymous users).

Implementations should be immutable.

  • Field Details

    • USER_ATTRIBUTE

      static final String USER_ATTRIBUTE
      The attribute name that is used to store the underlying user representation.
      See Also:

  • Method Details

    • getPrincipal

      Principal getPrincipal()
      Returns:
      the Principal representing the current user.

    • getPrincipal

      default <T extends Principal> T getPrincipal(Class<T> clazz)
      Parameters:
      clazz - Principal subclass
      Returns:
      the Principal subclass representing the current user.

    • isAnonymous

      boolean isAnonymous()
      Returns:
      true if this identity represents an anonymous (i.e. not logged in) user

    • getRoles

      Set<String> getRoles()
      Returns the set of all roles held by the user. These roles must be resolvable in advance for every request.

      Note that roles are returned on a best effort basis. To actually check if a user holds a role hasRole(String) should be used instead. Some API's (e.g. JAX-RS) do not allow for all roles to be returned, so if the underlying user representation does not support retrieving all the roles this method will not always be reliable. In general all built in Quarkus security extensions should provide this, unless it is documented otherwise.

      This set should either be unmodifiable, or a defensive copy so attempts to change the role set do not modify the underlying identity.

      Returns:
      The set of all roles held by the user

    • hasRole

      boolean hasRole(String role)
      Checks if a user has a given role. These roles must be resolvable in advance for every request.

      If more advanced authorization support is required than can be provided by a simple role based system then checkPermission(Permission) and checkPermissionBlocking(Permission) should be used instead.

      Returns:
      true if the identity has the specified role.

    • getCredential

      <T extends Credential> T getCredential(Class<T> credentialType)
      Gets the users credential of the given type, or null if a credential of the given type is not present.
      Type Parameters:
      T - The type of the credential
      Parameters:
      credentialType - The type of the credential
      Returns:
      The credential

    • getCredentials

      Set<Credential> getCredentials()
      Returns a set of all credentials owned by this user.
      Returns:
      a set of all credentials

    • getAttribute

      <T> T getAttribute(String name)
      Gets an attribute from the identity.

      These can be arbitrary, and extensions are encouraged to use name spaced attribute names in a similar manner to package names.

      The `quarkus.` namespace is reserved

      The root

      Type Parameters:
      T - The type of the attribute
      Parameters:
      name - The attribute name
      Returns:
      The attribute value

    • getAttributes

      Map<String,Object> getAttributes()
      Returns:
      All the request attributes

    • checkPermission

      io.smallrye.mutiny.Uni<Boolean> checkPermission(Permission permission)
      Checks if a user holds a given permissions, and if so will return true.

      This method is asynchronous, as it may involve calls to a remote resource.

      Parameters:
      permission - The permission
      Returns:
      A completion stage that will resolve to true if the user has the specified permission

    • checkPermissionBlocking

      default boolean checkPermissionBlocking(Permission permission)
      Checks if a user holds a given permissions, and if so will return true.

      This method is a blocking version of checkPermission(Permission). By default it will just wait for the CompletionStage to be complete, however it is likely that some implementations will want to provide a more efficient version.

      Parameters:
      permission - The permission
      Returns:
      A completion stage that will resolve to true if the user has the specified permission