Package dev.dokimos.server.filter

Record Class Principal

java.lang.Object
java.lang.Record
dev.dokimos.server.filter.Principal
Record Components:
id - stable identifier for the caller (an API key id, or "system" for the default unscoped principal)
role - privilege level granted to the caller
tenantId - tenant the principal belongs to, or null when no tenant applies
public record Principal(String id, Role role, String tenantId) extends Record
Authenticated caller.

  • Constructor Summary

    Constructors
    Constructor
    Description
    Principal(String id, Role role, String tenantId)
    Creates an instance of a Principal record class.

  • Method Summary

    Modifier and Type
    Method
    Description
    static Principal
    anonymous()
    Principal for an unauthenticated reader in an authenticated deployment.
    final boolean
    equals(Object o)
    Indicates whether some other object is "equal to" this one.
    final int
    hashCode()
    Returns a hash code value for this object.
    String
    id()
    Returns the value of the id record component.
    boolean
    isSystem()
    Returns whether this is the system principal.
    Role
    role()
    Returns the value of the role record component.
    static Principal
    system()
    System principal used when no API key authentication is configured, or for reads in an open deployment.
    String
    tenantId()
    Returns the value of the tenantId record component.
    TenantScope
    tenantScope()
    Resolves the TenantScope this principal reads and writes under.
    final String
    toString()
    Returns a string representation of this record class.

    Methods inherited from class java.lang.Object

    getClass, notify, notifyAll, wait, wait, wait

  • Constructor Details

    • Principal

      public Principal(String id, Role role, String tenantId)
      Creates an instance of a Principal record class.
      Parameters:
      id - the value for the id record component
      role - the value for the role record component
      tenantId - the value for the tenantId record component

  • Method Details

    • system

      public static Principal system()
      System principal used when no API key authentication is configured, or for reads in an open deployment. Carries Role.ADMIN and no tenant so existing single-key and no-key deployments behave exactly as before.

    • anonymous

      public static Principal anonymous()
      Principal for an unauthenticated reader in an authenticated deployment. Carries the lowest role so open read endpoints still serve it, while endpoints that require a higher role (such as API key management) reject it.

    • isSystem

      public boolean isSystem()
      Returns whether this is the system principal. The system principal (no-key mode and the legacy single DOKIMOS_API_KEY) is the only principal that maps to an unrestricted tenant scope, so existing single-tenant and no-key deployments keep seeing and stamping every row exactly as before.

      This is identified by the system id rather than tenantId == null, because an anonymous keyless reader also carries a null tenant yet must resolve to shared-only, not unrestricted.

      Returns:
      true when this is the system principal

    • tenantScope

      public TenantScope tenantScope()
      Resolves the TenantScope this principal reads and writes under. The system principal maps to TenantScope.unrestricted() (every row, null stamp); every other principal (a scoped key or an anonymous keyless reader) maps to TenantScope.scoped(String) on its own tenant, which for a null tenant collapses to shared-only.
      Returns:
      the tenant scope for this principal

    • toString

      public final String toString()
      Returns a string representation of this record class. The representation contains the name of the class, followed by the name and value of each of the record components.
      Specified by:
      toString in class Record
      Returns:
      a string representation of this object

    • hashCode

      public final int hashCode()
      Returns a hash code value for this object. The value is derived from the hash code of each of the record components.
      Specified by:
      hashCode in class Record
      Returns:
      a hash code value for this object

    • equals

      public final boolean equals(Object o)
      Indicates whether some other object is "equal to" this one. The objects are equal if the other object is of the same class and if all the record components are equal. All components in this record class are compared with Objects::equals(Object,Object).
      Specified by:
      equals in class Record
      Parameters:
      o - the object with which to compare
      Returns:
      true if this object is the same as the o argument; false otherwise.

    • id

      public String id()
      Returns the value of the id record component.
      Returns:
      the value of the id record component

    • role

      public Role role()
      Returns the value of the role record component.
      Returns:
      the value of the role record component

    • tenantId

      public String tenantId()
      Returns the value of the tenantId record component.
      Returns:
      the value of the tenantId record component