Package dev.dokimos.server.tenant

Class TenantScopeResolver

java.lang.Object
dev.dokimos.server.tenant.TenantScopeResolver
public final class TenantScopeResolver extends Object
Derives the TenantScope and principal id for the current request from the Principal the auth filter placed on the request attribute.

This is the single seam controllers use, so the principal-to-scope mapping lives in one place. The auth filter sets the principal on every /api/v1/** request that reaches a controller, so a filtered request always carries one. The fallbacks here cover only a path that bypasses the filter, and scope(HttpServletRequest) fails closed there to a restricted, shared-only scope rather than the unrestricted system scope, so an unfiltered request can never read another tenant's rows.

  • Method Summary

    Modifier and Type
    Method
    Description
    static Principal
    principal(jakarta.servlet.http.HttpServletRequest request)
    Resolves the principal behind a request, falling back to the system principal when the auth filter did not set one.
    static String
    principalId(jakarta.servlet.http.HttpServletRequest request)
    Resolves the principal id of the current request, or null when no principal is present.
    static TenantScope
    scope(jakarta.servlet.http.HttpServletRequest request)
    Resolves the tenant scope the current request reads and writes under, using the principal's own scope and failing closed to a shared-only scope when no principal is present.

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • principal

      public static Principal principal(jakarta.servlet.http.HttpServletRequest request)
      Resolves the principal behind a request, falling back to the system principal when the auth filter did not set one.
      Parameters:
      request - the current request
      Returns:
      the resolved principal, never null

    • scope

      public static TenantScope scope(jakarta.servlet.http.HttpServletRequest request)
      Resolves the tenant scope the current request reads and writes under, using the principal's own scope and failing closed to a shared-only scope when no principal is present.
      Parameters:
      request - the current request
      Returns:
      the tenant scope for the request, shared-only when no principal was set

    • principalId

      public static String principalId(jakarta.servlet.http.HttpServletRequest request)
      Resolves the principal id of the current request, or null when no principal is present. Used to stamp created_by fields.
      Parameters:
      request - the current request
      Returns:
      the principal id, or null