Interface ImplicitPrivilegesProvider
RoleDescriptor.IndicesPrivileges that should be implicitly
granted based on a user's application privileges.
Each registered provider is invoked with the resolved ResolvedApplicationPrivileges to consider, and any
returned RoleDescriptor.IndicesPrivileges are merged in as if they had been declared explicitly. A provider is
not invoked when there are no application privileges to consider, so it cannot contribute privileges independent of
them.
Implementations are expected to be side-effect-free and fast; they run on the hot path of role resolution. An exception thrown by a provider propagates out of role building and fails authorization for the affected user.
-
Method Summary
Modifier and TypeMethodDescriptiongetImplicitIndicesPrivileges(Collection<ResolvedApplicationPrivilege> applicationPrivileges) Returns additional index privileges that should be implicitly added to the role based on the given resolved application privileges.
-
Method Details
-
getImplicitIndicesPrivileges
Collection<RoleDescriptor.IndicesPrivileges> getImplicitIndicesPrivileges(Collection<ResolvedApplicationPrivilege> applicationPrivileges) Returns additional index privileges that should be implicitly added to the role based on the given resolved application privileges.Each
ResolvedApplicationPrivilegebundles a resolvedApplicationPrivilege(whosepredicatealready matches every action the grant authorizes — resolved stored-privilege actions as well as raw action patterns written directly underprivileges[]) with the resources it applies to. Providers should test for the action(s) they care about viaprivilege().predicate().test(action)rather than rebuilding a matcher, and read the granted resources fromResolvedApplicationPrivilege.resources().- Parameters:
applicationPrivileges- the resolved application-privilege grants to consider; nevernull- Returns:
- additional index privileges to merge into the role, or an empty collection if none
-