Package org.apache.juneau.rest.guard

Class RoleBasedRestGuard

java.lang.Object
org.apache.juneau.rest.guard.RestGuard
org.apache.juneau.rest.guard.RoleBasedRestGuard
public class RoleBasedRestGuard extends RestGuard
RestGuard that uses role expressions to determine whether an authenticated user has access to a class or method.

The role expression supports the following constructs:

  • "foo" - Single arguments.
  • "foo,bar,baz" - Multiple OR'ed arguments.
  • "foo | bar | bqz" - Multiple OR'ed arguments, pipe syntax.
  • "foo || bar || bqz" - Multiple OR'ed arguments, Java-OR syntax.
  • "fo*" - Patterns including '*' and '?'.
  • "fo* & *oo" - Multiple AND'ed arguments, ampersand syntax.
  • "fo* && *oo" - Multiple AND'ed arguments, Java-AND syntax.
  • "fo* || (*oo || bar)" - Parenthesis.
Notes:
  • AND operations take precedence over OR operations (as expected).
  • Whitespace is ignored.
  • null or empty expressions always match as false.
See Also:

  • Constructor Details

    • RoleBasedRestGuard

      public RoleBasedRestGuard(Set<String> declaredRoles, String roleExpression) throws ParseException
      Constructor.
      Parameters:
      declaredRoles - List of possible declared roles.
      If null, we find the roles in the expression itself.
      This is only needed if you're using pattern matching in the expression.
      roleExpression - The role expression.
      If null or empty/blanks, the this guard will never pass.
      Throws:
      ParseException - Invalid role expression syntax.

  • Method Details

    • isRequestAllowed

      public boolean isRequestAllowed(RestRequest req)
      Description copied from class: RestGuard
      Returns true if the specified request can pass through this guard.
      Specified by:
      isRequestAllowed in class RestGuard
      Parameters:
      req - The servlet request.
      Returns:
      true if the specified request can pass through this guard.