Package io.quarkus.vertx.http.security
Annotation Interface AuthorizationPolicy
Secures endpoint classes and methods with
HttpSecurityPolicy.
Policies selected by this annotation will run right after all path-matching policies.
Consider following example of the HttpSecurityPolicy:
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
public class ExampleAuthorizationPolicy implements HttpSecurityPolicy {
@Override
public Uni<CheckResult> checkPermission(RoutingContext request, Uni<SecurityIdentity> identity,
AuthorizationRequestContext requestContext) {
return isRequestValid(request) ? CheckResult.permit() : CheckResult.deny();
}
private static boolean isRequestValid(RoutingContext event) {
// perform your authorization check
// for example, you can validate headers
var authorizationHeader = event.request().getHeader("Authorization");
// or query params
var crudAction = event.queryParam("action").getFirst();
// replace with your business logic
return authorizationHeader != null && "retrieve".equals(crudAction);
}
@Override
public String name() {
return "example-policy";
}
}
This policy can be bound to Jakarta REST resource in following fashion:
import io.quarkus.vertx.http.security.AuthorizationPolicy;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
@AuthorizationPolicy(name = "example-policy")
@Path("example")
public class ExampleResource {
@GET
public String sayHello() {
return "hello";
}
}
-
Required Element Summary
Required ElementsModifier and TypeRequired ElementDescriptionSpecifies name of theHttpSecurityPolicythat should be applied on the annotation target.
-
Element Details
-
name
String nameSpecifies name of theHttpSecurityPolicythat should be applied on the annotation target.- Returns:
HttpSecurityPolicy.name()
-