Acl

@Target({TYPE,METHOD}) @Retention(RUNTIME) @Documented public @interface Acl

Defines ACL configuration for a resource.

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

static @interface

Acl.Matcher

A principal matcher that can be used in an ACL.

static enum

Acl.Principal

This enum contains principal matchers that don't have any configuration, such as a name, associated with them, for ease of reference in annotations.
Optional Element Summary

Optional Elements

Modifier and Type

Optional Element

Description

Acl.Matcher[]

allow

Principals that are allowed to access this resource.

Acl.Matcher[]

deny

After matching an allow rule, an incoming request that has at least one principal that matches a deny rule will be denied.

int

denyCode

The status code to respond with when access is denied.

Element Details
- allow
  
  Acl.Matcher[] allow
  
  Principals that are allowed to access this resource. An incoming request must have at least one principal associated with it in this list to be allowed.
  
  Default:
  
  {}
- deny
  
  Acl.Matcher[] deny
  
  After matching an allow rule, an incoming request that has at least one principal that matches a deny rule will be denied.
  
  Default:
  
  {}
- denyCode
  
  int denyCode
  
  The status code to respond with when access is denied.
  By default, this will be '403 Forbidden' for HTTP endpoints and 'PERMISSION DENIED (7)' for gRPC endpoints. If set at class-level, it will automatically be inherited by all methods in the class that are not annotated with their own @Acl definition. For HTTP, common used values are between 400 and 599, see exhaustive list at https://www.rfc-editor.org/rfc/rfc9110.html#name-status-codes For gRPC, the status codes values can be consulted at https://grpc.github.io/grpc/core/md_doc_statuscodes.html
  
  Default:
  
  -1