ScopesAllowed (flash-parent 2.1.0-SNAPSHOT API)

@Retention(RUNTIME) @Target(TYPE) public @interface ScopesAllowed

Restricts a handler to callers whose token carries the required OAuth2 scopes. Authentication is implicitly required.

Scopes are resolved from the configured claim paths in OidcConfig.scopeClaimPaths() (default: "scope,scp") and support both standard formats:

scope: space-separated string
scp: string list (or string)


 @Route(method = HttpMethod.GET, path = "/api/orders")
 @ScopesAllowed("orders:read")
 public class ListOrders extends JacksonHandler { ... }

 @Route(method = HttpMethod.POST, path = "/api/orders")
 @ScopesAllowed(value = {"orders:write", "payments:write"}, match = ScopesAllowed.Match.ANY)
 public class CreateOrder extends JacksonHandler { ... }

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

static enum

ScopesAllowed.Match
Required Element Summary

Required Elements

Modifier and Type

Required Element

Description

String[]

value

Required scopes.
Optional Element Summary

Optional Elements

Modifier and Type

Optional Element

Description

ScopesAllowed.Match

match

Matching mode for value().

Element Details
- value
  
  String[] value
  
  Required scopes.
- match
  
  ScopesAllowed.Match match
  
  Matching mode for value().
  
  Default:
  
  ALL