Package com.linkedin.venice.acl

Interface AccessController

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      java.lang.String getPrincipalId​(java.security.cert.X509Certificate clientCert)
      Get principal Id from client certificate.
      boolean hasAccess​(java.security.cert.X509Certificate clientCert, java.lang.String resource, java.lang.String method)
      Check if client has permission to access a particular resource.
      boolean hasAccessToAdminOperation​(java.security.cert.X509Certificate clientCert, java.lang.String operation)
      Check if client has permission to execute a particular admin operation.
      boolean hasAccessToTopic​(java.security.cert.X509Certificate clientCert, java.lang.String resource, java.lang.String method)
      Check if client has permission to access a particular topic resource.
      boolean isAllowlistUsers​(java.security.cert.X509Certificate clientCert, java.lang.String resource, java.lang.String method)
      Check whether the client is the allowlist admin users.

    • Method Detail

      • hasAccess

        boolean hasAccess​(java.security.cert.X509Certificate clientCert,
                  java.lang.String resource,
                  java.lang.String method)
           throws AclException
        Check if client has permission to access a particular resource. This method is invoked by every single request, therefore minimized execution time will result the best latency and throughput.
        Parameters:
        clientCert - the X509Certificate submitted by client
        resource - the resource being requested
        method - the operation (GET, POST, ...) to perform against the resource
        Returns:
        true if client has permission to access, otherwise false.
        Throws:
        AclException

      • hasAccessToTopic

        boolean hasAccessToTopic​(java.security.cert.X509Certificate clientCert,
                         java.lang.String resource,
                         java.lang.String method)
                  throws AclException
        Check if client has permission to access a particular topic resource.
        Parameters:
        clientCert - the X509Certificate submitted by client
        resource - the resource being requested
        method - the operation (Read, Write, ...) to perform against the topic resource
        Returns:
        true if client has permission to access, otherwise false.
        Throws:
        AclException

      • hasAccessToAdminOperation

        boolean hasAccessToAdminOperation​(java.security.cert.X509Certificate clientCert,
                                  java.lang.String operation)
                           throws AclException
        Check if client has permission to execute a particular admin operation.
        Parameters:
        clientCert - the X509Certificate submitted by client
        operation - the operation being performed
        Returns:
        true if client has permission to access, otherwise false.
        Throws:
        AclException

      • isAllowlistUsers

        boolean isAllowlistUsers​(java.security.cert.X509Certificate clientCert,
                         java.lang.String resource,
                         java.lang.String method)
        Check whether the client is the allowlist admin users.
        Parameters:
        clientCert - the X509Certificate submitted by client
        resource - the resource being requested;
        method - the operation (GET, POST, ...) to perform against the resource
        Returns:
        true if the client is admin

      • getPrincipalId

        java.lang.String getPrincipalId​(java.security.cert.X509Certificate clientCert)
        Get principal Id from client certificate.
        Parameters:
        clientCert - the X509Certificate submitted by client
        Returns:
        principal Id. (headless account name, service name, LDAP id or group id)