final case class Claims(claims: Seq[Claim], ledgerId: Option[String] = None, participantId: Option[String] = None, applicationId: Option[String] = None, expiration: Option[Instant] = None) extends ClaimSet with Product with Serializable
Claims define what actions an authenticated user can perform on the Ledger API.
They also optionally specify an expiration epoch time that statically specifies the time on or after which the token will no longer be considered valid by the Ledger API.
Please note that Health and ServerReflection services do NOT require authentication.
The following is a full list of services and the corresponding required claims: +-------------------------------------+----------------------------+------------------------------------------+
Ledger API service | Method | Access with |
|---|
+-------------------------------------+----------------------------+------------------------------------------+
LedgerIdentityService | GetLedgerIdentity | isPublic |
|---|---|---|
CommandSubmissionService | Submit | for submitting party p: canActAs(p) |
CommandCompletionService | CompletionEnd | isPublic |
CommandCompletionService | CompletionStream | for each requested party p: canReadAs(p) |
CommandService | * | for submitting party p: canActAs(p) |
Health | * | N/A (authentication not required) |
LedgerConfigurationService | GetLedgerConfiguration | isPublic |
PackageService | * | isPublic |
PackageManagementService | * | isAdmin |
PartyManagementService | * | isAdmin |
ResetService | * | isAdmin |
ServerReflection | * | N/A (authentication not required) |
TimeService | GetTime | isPublic |
TimeService | SetTime | isAdmin |
TransactionService | LedgerEnd | isPublic |
TransactionService | * | for each requested party p: canReadAs(p) |
+-------------------------------------+----------------------------+------------------------------------------+
- claims
List of Claims describing the authorization this object describes.
- ledgerId
If set, the claims will only be valid on the given ledger identifier.
- participantId
If set, the claims will only be valid on the given participant identifier.
- applicationId
If set, the claims will only be valid on the given application identifier.
- expiration
If set, the claims will cease to be valid at the given time.
- Alphabetic
- By Inheritance
- Claims
- Serializable
- Serializable
- Product
- Equals
- ClaimSet
- AnyRef
- Any
- Hide All
- Show All
- Public
- All
Instance Constructors
-
new
Claims(claims: Seq[Claim], ledgerId: Option[String] = None, participantId: Option[String] = None, applicationId: Option[String] = None, expiration: Option[Instant] = None)
- claims
List of Claims describing the authorization this object describes.
- ledgerId
If set, the claims will only be valid on the given ledger identifier.
- participantId
If set, the claims will only be valid on the given participant identifier.
- applicationId
If set, the claims will only be valid on the given application identifier.
- expiration
If set, the claims will cease to be valid at the given time.
Value Members
-
final
def
!=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
##(): Int
- Definition Classes
- AnyRef → Any
-
final
def
==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- val applicationId: Option[String]
-
final
def
asInstanceOf[T0]: T0
- Definition Classes
- Any
-
def
canActAs(party: String): Either[AuthorizationError, Unit]
Returns true if the set of claims authorizes the user to act as the given party, unless the claims expired
-
def
canReadAs(party: String): Either[AuthorizationError, Unit]
Returns true if the set of claims authorizes the user to read data for the given party, unless the claims expired
- val claims: Seq[Claim]
-
def
clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( ... ) @native()
-
final
def
eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- val expiration: Option[Instant]
-
def
finalize(): Unit
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( classOf[java.lang.Throwable] )
-
final
def
getClass(): Class[_]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
-
def
isAdmin: Either[AuthorizationError, Unit]
Returns true if the set of claims authorizes the user to use admin services, unless the claims expired
-
final
def
isInstanceOf[T0]: Boolean
- Definition Classes
- Any
-
def
isPublic: Either[AuthorizationError, Unit]
Returns true if the set of claims authorizes the user to use public services, unless the claims expired
- val ledgerId: Option[String]
-
final
def
ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
def
notExpired(now: Instant): Either[AuthorizationError, Unit]
Returns false if the expiration timestamp exists and is greater than or equal to the current time
-
final
def
notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
-
final
def
notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- val participantId: Option[String]
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
- Definition Classes
- AnyRef
- def validForApplication(id: String): Either[AuthorizationError, Unit]
- def validForLedger(id: String): Either[AuthorizationError, Unit]
- def validForParticipant(id: String): Either[AuthorizationError, Unit]
-
final
def
wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... ) @native()