Package com.styra.opa.springboot
Class OPAAuthorizationManager
java.lang.Object
com.styra.opa.springboot.OPAAuthorizationManager
- All Implemented Interfaces:
AuthorizationManager<RequestAuthorizationContext>
@Component
public class OPAAuthorizationManager
extends Object
implements AuthorizationManager<RequestAuthorizationContext>
This class implements
AuthorizationManager which wraps the
OPA Java SDK. Authorization will be done in
check(Supplier, RequestAuthorizationContext) and verify(Supplier, RequestAuthorizationContext) by:
- constructing an input
(map) based on
AuthenticationandRequestAuthorizationContext - sending an HTTP request with the input as the request body to the OPA server
- receiving the output
as an
OPAResponseand using it for authorization
-
Constructor Summary
ConstructorsConstructorDescriptionOPAAuthorizationManager(OPAClient opaClient) OPAAuthorizationManager(OPAClient opaClient, ContextDataProvider contextDataProvider) OPAAuthorizationManager(OPAClient opaClient, String opaPath) OPAAuthorizationManager(OPAClient opaClient, String opaPath, ContextDataProvider contextDataProvider) Instantiates an instance to authorizes requests.OPAAuthorizationManager(String opaPath) OPAAuthorizationManager(String opaPath, ContextDataProvider contextDataProvider) -
Method Summary
Modifier and TypeMethodDescriptioncheck(Supplier<Authentication> authenticationSupplier, RequestAuthorizationContext object) opaRequest(Supplier<Authentication> authenticationSupplier, RequestAuthorizationContext object) This method can be used to directly call OPA without generating anAuthorizationDecision, which can be used to examine the OPA response.voidsetOpaProperties(OPAProperties opaProperties) voidsetReasonKey(String reasonKey) Changes the "preferred" key where the access decision reason should be searched for in theOPAResponse.voidverify(Supplier<Authentication> authenticationSupplier, RequestAuthorizationContext object)
-
Constructor Details
-
OPAAuthorizationManager
public OPAAuthorizationManager() -
OPAAuthorizationManager
-
OPAAuthorizationManager
-
OPAAuthorizationManager
-
OPAAuthorizationManager
-
OPAAuthorizationManager
-
OPAAuthorizationManager
public OPAAuthorizationManager(OPAClient opaClient, String opaPath, ContextDataProvider contextDataProvider) Instantiates an instance to authorizes requests.- Parameters:
opaClient- if null, a defaultOPAClientwill be created usingOPA_URLenvironment variable or default OPA url ("http://localhost:8181").opaPath- if null, the default path defined by the OPA configuration will be used, unless anOPAPathSelectorbean is defined.contextDataProvider- helps providing additional context data ininput.context.data.
-
-
Method Details
-
verify
public void verify(Supplier<Authentication> authenticationSupplier, RequestAuthorizationContext object) - Specified by:
verifyin interfaceAuthorizationManager<RequestAuthorizationContext>
-
check
public AuthorizationDecision check(Supplier<Authentication> authenticationSupplier, RequestAuthorizationContext object) - Specified by:
checkin interfaceAuthorizationManager<RequestAuthorizationContext>
-
opaRequest
public OPAResponse opaRequest(Supplier<Authentication> authenticationSupplier, RequestAuthorizationContext object) This method can be used to directly call OPA without generating anAuthorizationDecision, which can be used to examine the OPA response. You should consider using the OPA Java SDK (which this library depends on) directly rather than using this method, as it should not be needed during normal use. -
setOpaProperties
-
setReasonKey
Changes the "preferred" key where the access decision reason should be searched for in theOPAResponse. A default value of "en" is used. If the selected key is not present in the response, the key which sorts lexicographically first is used instead.
-