Acl

@Target({TYPE,METHOD}) @Retention(RUNTIME) @Documented public @interface Acl

Defines ACL configuration for a resource.

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

static enum

Acl.DenyStatusCode

static @interface

Acl.Matcher

A principal matcher that can be used in an ACL.

static enum

Acl.Principal

This enum contains principal matchers that don't have any configuration, such as a name, associated with them, for ease of reference in annotations.
Optional Element Summary

Optional Elements

Modifier and Type

Optional Element

Description

Acl.Matcher[]

allow

Principals that are allowed to access this resource.

Acl.Matcher[]

deny

After matching an allow rule, an incoming request that has at least one principal that matches a deny rule will be denied.

Acl.DenyStatusCode

denyCode

The status code to respond with when access is denied.

boolean

inheritDenyCode

If `true`, indicates that the denyCode should be inherited from the parent.

Element Details
- allow
  
  Acl.Matcher[] allow
  
  Principals that are allowed to access this resource. An incoming request must have at least one principal associated with it in this list to be allowed.
  
  Default:
  
  {}
- deny
  
  Acl.Matcher[] deny
  
  After matching an allow rule, an incoming request that has at least one principal that matches a deny rule will be denied.
  
  Default:
  
  {}
- denyCode
  
  Acl.DenyStatusCode denyCode
  
  The status code to respond with when access is denied. By default, this will be 'Forbidden', but alternatives might include 'Authentication required' or 'Not Found'.
  
  Default:
  
  FORBIDDEN
- inheritDenyCode
  
  boolean inheritDenyCode
  
  If `true`, indicates that the denyCode should be inherited from the parent. If set to `true` in the top most parent - like the `Main` class - then it will be equivalent to set denyCode to 'FORBIDDEN'
  
  Returns:
  
  Default:
  
  false