Package energy.eddie.regionconnector.shared.security

Class JwtAuthorizationManager

java.lang.Object

energy.eddie.regionconnector.shared.security.JwtAuthorizationManager

All Implemented Interfaces:

org.springframework.security.authorization.AuthorizationManager<org.springframework.security.web.access.intercept.RequestAuthorizationContext>

public class JwtAuthorizationManager
extends Object
implements org.springframework.security.authorization.AuthorizationManager<org.springframework.security.web.access.intercept.RequestAuthorizationContext>

Field Summary

Fields

Modifier and Type	Field	Description
static final String	BEARER_PREFIX

Constructor Summary

Constructors

Constructor	Description
JwtAuthorizationManager(JwtUtil jwtUtil)	Creates a new AuthorizationManager that enforces authorization by checking the JWT that is supplied with the request.

Method Summary

Modifier and Type	Method	Description
@Nullable org.springframework.security.authorization.AuthorizationResult	authorize(@Nullable Supplier<? extends @Nullable org.springframework.security.core.Authentication> authentication, @Nullable org.springframework.security.web.access.intercept.RequestAuthorizationContext context)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.authorization.AuthorizationManager

verify

Field Details

BEARER_PREFIX

public static final String BEARER_PREFIX

See Also:

• Constant Field Values

Constructor Details

JwtAuthorizationManager

public JwtAuthorizationManager(JwtUtil jwtUtil)

Creates a new AuthorizationManager that enforces authorization by checking the JWT that is supplied with the request. It checks whether the combination of region connector ID and permission ID from the request URL are contained in the JWT. It is therefore only suitable for requests where the permissionId is a path variable permission ids are provided as query parameters of the request. For example, for a request with the URL /region-connectors/es-datadis/permission-request/exampleId/rejected to be allowed, the list of permissions stored in the JWT has to contain the ID exampleId associated with the region connector es-datadis.
The JWT's signature is validated to prevent the acceptance of tampered tokens.

Parameters:

jwtUtil - JwtUtil used to parse and validate the JWTs.

Method Details

authorize

public @Nullable org.springframework.security.authorization.AuthorizationResult authorize(@Nullable Supplier<? extends @Nullable org.springframework.security.core.Authentication> authentication,
 @Nullable org.springframework.security.web.access.intercept.RequestAuthorizationContext context)

Specified by:

authorize in interface org.springframework.security.authorization.AuthorizationManager<org.springframework.security.web.access.intercept.RequestAuthorizationContext>