Package energy.eddie.regionconnector.shared.security

Class JwtAuthorizationManager

java.lang.Object

energy.eddie.regionconnector.shared.security.JwtAuthorizationManager

All Implemented Interfaces:

org.springframework.security.authorization.AuthorizationManager<org.springframework.security.web.access.intercept.RequestAuthorizationContext>

public class JwtAuthorizationManager
extends Object
implements org.springframework.security.authorization.AuthorizationManager<org.springframework.security.web.access.intercept.RequestAuthorizationContext>

Field Summary

Fields

Modifier and Type	Field	Description
static final String	BEARER_PREFIX

Constructor Summary

Constructors

Constructor	Description
JwtAuthorizationManager(JwtUtil jwtUtil)	Creates a new AuthorizationManager that enforces authorization by checking the JWT that is supplied with the request.

Method Summary

Modifier and Type	Method	Description
org.springframework.security.authorization.AuthorizationDecision	check(Supplier<org.springframework.security.core.Authentication> authentication, org.springframework.security.web.access.intercept.RequestAuthorizationContext context)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.authorization.AuthorizationManager

authorize, verify

Field Details

BEARER_PREFIX

public static final String BEARER_PREFIX

See Also:

• Constant Field Values

Constructor Details

JwtAuthorizationManager

public JwtAuthorizationManager(JwtUtil jwtUtil)

Creates a new AuthorizationManager that enforces authorization by checking the JWT that is supplied with the request. It checks whether the combination of region connector ID and permission ID from the request URL are contained in the JWT and is therefore only suitable for requests where the permissionId is a path parameter of the request. For example, for a request with the URL /region-connectors/es-datadis/permission-request/exampleId/rejected to be allowed, the list of permissions stored in the JWT has to contain the ID exampleId associated with the region connector es-datadis.
The JWT's signature is validated to prevent the acceptance of tampered tokens.

Parameters:

jwtUtil - JwtUtil used to parse and validate the JWTs.

Method Details

check

public org.springframework.security.authorization.AuthorizationDecision check(Supplier<org.springframework.security.core.Authentication> authentication,
 org.springframework.security.web.access.intercept.RequestAuthorizationContext context)

Specified by:

check in interface org.springframework.security.authorization.AuthorizationManager<org.springframework.security.web.access.intercept.RequestAuthorizationContext>