final class Authorizer extends NamedLogging with TelemetryTracing
A simple helper that allows services to use authorization claims that have been stored by com.digitalasset.canton.ledger.api.auth.interceptor.AuthorizationInterceptor.
- Alphabetic
- By Inheritance
- Authorizer
- TelemetryTracing
- NamedLogging
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new Authorizer(now: () => Instant, ledgerId: String, participantId: String, userManagementStore: UserManagementStore, ec: ExecutionContext, userRightsCheckIntervalInSeconds: Int, pekkoScheduler: Scheduler, jwtTimestampLeeway: Option[JwtTimestampLeeway] = None, tokenExpiryGracePeriodForStreams: Option[Duration] = None, telemetry: Telemetry, loggerFactory: NamedLoggerFactory)
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def authenticatedUserId(): Try[Option[String]]
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native() @IntrinsicCandidate()
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def equals(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef → Any
- implicit def errorLoggingContext(implicit traceContext: TraceContext): ErrorLoggingContext
- Attributes
- protected
- Definition Classes
- NamedLogging
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @IntrinsicCandidate()
- def hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @IntrinsicCandidate()
- def identityProviderIdFromClaims: Option[IdentityProviderId]
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- def logger: TracedLogger
- Attributes
- protected
- Definition Classes
- NamedLogging
- val loggerFactory: NamedLoggerFactory
- Definition Classes
- Authorizer → NamedLogging
- implicit def namedLoggingContext(implicit traceContext: TraceContext): NamedLoggingContext
- Attributes
- protected
- Definition Classes
- NamedLogging
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def noTracingLogger: Logger
- Attributes
- protected
- Definition Classes
- NamedLogging
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @IntrinsicCandidate()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @IntrinsicCandidate()
- def requireActAndReadClaimsForParties[Req, Res](actAs: Set[String], readAs: Set[String], applicationIdL: Lens[Req, String], call: (Req) => Future[Res]): (Req) => Future[Res]
- def requireAdminClaims[Req, Res](call: (Req) => Future[Res]): (Req) => Future[Res]
- def requireIdpAdminClaims[Req, Res](call: (Req) => Future[Res]): (Req) => Future[Res]
- def requireIdpAdminClaimsAndMatchingRequestIdpId[Req, Res](identityProviderIdL: Lens[Req, String], mustBeParticipantAdmin: Boolean, call: (Req) => Future[Res])(req: Req): Future[Res]
- def requireIdpAdminClaimsAndMatchingRequestIdpId[Req, Res](identityProviderIdL: Lens[Req, String], call: (Req) => Future[Res]): (Req) => Future[Res]
- def requireMatchingRequestIdpId[Req, Res](identityProviderIdL: Lens[Req, String], call: (Req) => Future[Res]): (Req) => Future[Res]
- def requirePublicClaims[Req, Res](call: (Req) => Future[Res]): (Req) => Future[Res]
- def requirePublicClaimsOnStream[Req, Res](call: (Req, StreamObserver[Res]) => Unit): (Req, StreamObserver[Res]) => Unit
- def requireReadClaimsForAllParties[Req, Res](parties: Iterable[String], call: (Req) => Future[Res]): (Req) => Future[Res]
Wraps a single call to verify whether some Claims authorize to read as all parties of the given set.
Wraps a single call to verify whether some Claims authorize to read as all parties of the given set. Authorization is always granted for an empty collection of parties.
- def requireReadClaimsForAllPartiesOnStream[Req, Res](parties: Iterable[String], call: (Req, StreamObserver[Res]) => Unit): (Req, StreamObserver[Res]) => Unit
Wraps a streaming call to verify whether some Claims authorize to read as all parties of the given set.
Wraps a streaming call to verify whether some Claims authorize to read as all parties of the given set. Authorization is always granted for an empty collection of parties.
- def requireReadClaimsForAllPartiesOnStreamWithApplicationId[Req, Res](parties: Iterable[String], applicationIdL: Lens[Req, String], call: (Req, StreamObserver[Res]) => Unit): (Req, StreamObserver[Res]) => Unit
- def requireReadClaimsForTransactionFilterOnStream[Req, Res](filter: Option[Map[String, Filters]], call: (Req, StreamObserver[Res]) => Unit): (Req, StreamObserver[Res]) => Unit
Checks whether the current Claims authorize to read data for all parties mentioned in the given transaction filter
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- val telemetry: Telemetry
- Attributes
- protected
- Definition Classes
- Authorizer → TelemetryTracing
- def toString(): String
- Definition Classes
- AnyRef → Any
- implicit def traceContext: TraceContext
- Attributes
- protected
- Definition Classes
- TelemetryTracing
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])