Package io.quarkus.vertx.http.runtime.security

Interface HttpSecurityPolicy

All Known Implementing Classes:

AuthenticatedHttpSecurityPolicy, DenySecurityPolicy, PathMatchingHttpSecurityPolicy, PermitSecurityPolicy, RolesAllowedHttpSecurityPolicy

public interface HttpSecurityPolicy

An HTTP Security policy, that controls which requests are allowed to proceed. CDI beans implementing this interface are invoked on every request unless they define name(). The policy with name() can then be referenced in the application.properties path matching rules, or from the AuthorizationPolicy.name() annotation attribute.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	HttpSecurityPolicy.AuthorizationRequestContext	A context object that can be used to run blocking tasks
static class	HttpSecurityPolicy.CheckResult	The results of a permission check
static class	HttpSecurityPolicy.DefaultAuthorizationRequestContext

Method Summary

Modifier and Type	Method	Description
io.smallrye.mutiny.Uni<HttpSecurityPolicy.CheckResult>	checkPermission(io.vertx.ext.web.RoutingContext request, io.smallrye.mutiny.Uni<io.quarkus.security.identity.SecurityIdentity> identity, HttpSecurityPolicy.AuthorizationRequestContext requestContext)
default String	name()	If HTTP Security policy name is not null, then this policy is only called in two cases: - winning path-matching policy references this name in the application.properties - invoked Jakarta REST endpoint references this name in the AuthorizationPolicy.name() annotation attribute

Method Details

checkPermission

io.smallrye.mutiny.Uni<HttpSecurityPolicy.CheckResult> checkPermission(io.vertx.ext.web.RoutingContext request,
 io.smallrye.mutiny.Uni<io.quarkus.security.identity.SecurityIdentity> identity,
 HttpSecurityPolicy.AuthorizationRequestContext requestContext)

name

default String name()

If HTTP Security policy name is not null, then this policy is only called in two cases: - winning path-matching policy references this name in the application.properties - invoked Jakarta REST endpoint references this name in the AuthorizationPolicy.name() annotation attribute

When the name is null, this policy is considered global and is applied on every single request. More details and examples can be found in Quarkus documentation.

Returns:

policy name