OpaBundle (sda-commons-server-auth 2.7.0 API)

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- org.sdase.commons.server.opa.OpaBundle<T>

All Implemented Interfaces:

io.dropwizard.ConfiguredBundle<T>
```
public class OpaBundle<T extends io.dropwizard.Configuration>
extends java.lang.Object
implements io.dropwizard.ConfiguredBundle<T>
```
The OPA bundle enables support for the Open Policy Agent (http://openpolicyagent.org).
Note, the OPA bundle is not an alternative for the @AuthBundle it is an addition for authorization. The AuthBundle is still required for validating the JWT *
A new filter is added to the invocation chain of every endpoint invocation. This filter invokes the OPA at the configured URL. Normally, this should be a sidecar of the actual service. The response includes an authorization decision and optional constraints that must be evaluated when querying the database or filtering the result set of the request.
The constraints should be modeled as an Java pojo and documented within this pojo. The OPA policies must be designed that the predefined result structure is returned, such as
```
 {
    "result": {
       "allow": true,
       "constraint1": true,
       "constraint2": [ "v2.1", "v2.2" ]
    }
 }

 
```
The filter evaluates the overall allow decision and adds the constraints to the SecurityContext as OpaJwtPrincipal.
The endpoints for swagger are excluded from the OPA filter.

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`static class`	`OpaBundle.Builder<C extends io.dropwizard.Configuration>`
`static class`	`OpaBundle.DuplicatePropertyException`
`static class`	`OpaBundle.HiddenOriginalPropertyException`
`static interface`	`OpaBundle.OpaBuilder<C extends io.dropwizard.Configuration>`
`static interface`	`OpaBundle.OpaExtensionsBuilder<C extends io.dropwizard.Configuration>`
`static interface`	`OpaBundle.ProviderBuilder`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`static OpaBundle.ProviderBuilder`	`builder()`
`java.util.Map<java.lang.String,OpaInputExtension<?>>`	`getInputExtensions()`
`void`	`initialize(io.dropwizard.setup.Bootstrap<?> bootstrap)`
`void`	`run(T configuration, io.dropwizard.setup.Environment environment)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

builder

public static OpaBundle.ProviderBuilder builder()

getInputExtensions

public java.util.Map<java.lang.String,OpaInputExtension<?>> getInputExtensions()

initialize
```
public void initialize(io.dropwizard.setup.Bootstrap<?> bootstrap)
```
Specified by:

initialize in interface io.dropwizard.ConfiguredBundle<T extends io.dropwizard.Configuration>

run

public void run(T configuration,
                io.dropwizard.setup.Environment environment)

Specified by:: run in interface io.dropwizard.ConfiguredBundle<T extends io.dropwizard.Configuration>

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method