Package org.mockserver.authentication.authorization

Class ControlPlaneAuthorizer

java.lang.Object

org.mockserver.authentication.authorization.ControlPlaneAuthorizer

public class ControlPlaneAuthorizer
extends Object

Coarse, hierarchical authorization for the control plane ("RBAC by standards conformance"): maps a verified principal's scopes/groups through a configured value -> role mapping into the set of granted ControlPlaneRoles, then decides whether those granted roles satisfy the role REQUIRED by an operation.

The required role is the coarse read/mutate split: a read requires ControlPlaneRole.READ; any other (mutating) operation requires ControlPlaneRole.MUTATE. Granted roles are hierarchical, so an ADMIN scope satisfies everything and a MUTATE scope also satisfies reads.

Fail-closed by construction: a principal with no scopes, or whose scopes map to no role, is granted no roles and is denied every operation. Authorization therefore requires a verified principal whose scopes/groups are mapped — i.e. control-plane OIDC authentication should be enabled alongside it.

Immutable and side-effect free; the enforcement decision (HTTP 403, audit outcome) is the caller's responsibility.

Constructor Summary

Constructors

Constructor	Description
ControlPlaneAuthorizer(Map<String,ControlPlaneRole> scopeToRole)

Method Summary

Modifier and Type	Method	Description
Set<ControlPlaneRole>	grantedRoles(Set<String> verifiedScopes)	Maps the principal's verified scopes through the configured mapping into the set of granted roles.
boolean	isAuthorized(Set<String> verifiedScopes, boolean isRead)
ControlPlaneRole	requiredRole(boolean isRead)	The coarse role required for an operation: ControlPlaneRole.READ for a read, ControlPlaneRole.MUTATE for everything else (a mutation).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ControlPlaneAuthorizer

public ControlPlaneAuthorizer(Map<String,ControlPlaneRole> scopeToRole)

Parameters:

scopeToRole - mapping from a verified scope/group VALUE to the coarse role it grants; unrecognised roles must already be filtered out by the caller (parsing keeps only read/mutate/admin). May be empty or null (then nothing is ever granted).

Method Details

grantedRoles

public Set<ControlPlaneRole> grantedRoles(Set<String> verifiedScopes)

Maps the principal's verified scopes through the configured mapping into the set of granted roles. Scopes not present in the mapping contribute nothing. Never null.

requiredRole

public ControlPlaneRole requiredRole(boolean isRead)

The coarse role required for an operation: ControlPlaneRole.READ for a read, ControlPlaneRole.MUTATE for everything else (a mutation).

isAuthorized

public boolean isAuthorized(Set<String> verifiedScopes,
 boolean isRead)

Returns:

true if the principal's verifiedScopes grant a role that satisfies the role required by the operation (read vs mutate). Fail-closed: an empty granted set never satisfies anything.