Module io.quarkus.security.api
Package io.quarkus.security

Annotation Type PermissionChecker

@Target(METHOD) @Retention(RUNTIME) public @interface PermissionChecker
Annotation that can be used to annotate a CDI bean method that checks if a matching PermissionsAllowed permission with the value() name can be granted. For example: 
 
 @Path("hello")
 public class HelloResource {

     @PermissionsAllowed("speak")
     @GET
     public String sayHello() {
         return "Hello World!";
     }

     @PermissionChecker("speak")
     public boolean canSpeak(SecurityIdentity identity) {
         return "speaker".equals(identity.getPrincipal().getName());
     }
 }
The permission checker methods can include any of the secured method parameters, matched by name. Consider the following secured method: 
 
 @PermissionsAllowed("update")
 public String updateString(String a, String b, String c, String d) {
     ...
 }
The permission checker that grants access to the updateString method can include any of the updateString method parameters, SecurityIdentity can also be included: 
 
 @PermissionChecker("update")
 public boolean canUpdate(String c, String a, SecurityIdentity identity) {
     ...
 }
The permission checker method parameters are matched with the secured method parameters exactly the same way as the constructor parameters of a custom permission are. Please see PermissionsAllowed.params() for more information. 
 If the PermissionsAllowed annotation lists several permission names and its PermissionsAllowed.inclusive() property is set to `true` then an equal number of permission checker methods must be available.
 Consider the following secured method:
 
 
 @PermissionsAllowed(value={"read:all", "write"}, inclusive=true)
 public String readWriteString(String a) {
     ...
 }
 
 

 For the access to the readWriteString method be granted, two permission checkers,
 one for the `read:all` permission, and another one for the `write` permission, must be available:
 
 
 @PermissionChecker("read:all")
 public boolean canRead(SecurityIdentity identity) {
     ...
 }
 @PermissionChecker("write")
 public boolean canWrite(SecurityIdentity identity) {
     ...
 }
 
 

 Note that a permission checker matches one of the PermissionsAllowed permissions if their String names are equal.

  • Required Element Summary

    Required Elements
    Modifier and Type
    Required Element
    Description
    String
    value
    Specifies a permission this checker grants.

  • Element Details