Package org.forgerock.macaroons
Interface CaveatVerifier
-
- All Known Implementing Classes:
JsonCaveatVerifier
- Functional Interface:
- This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.
@FunctionalInterface public interface CaveatVerifier
Generic interface for methods to verify that a caveat is satisfied.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description booleanisSatisfied(Macaroon.Caveat caveat, Macaroon macaroon)Checks whether the given caveat is satisfied.
-
-
-
Method Detail
-
isSatisfied
boolean isSatisfied(Macaroon.Caveat caveat, Macaroon macaroon)
Checks whether the given caveat is satisfied. Caveat verifiers should be quick to evaluate (ideally constant-time), as a macaroon may have a large number of caveats, as may any discharge macaroons. If caveat verifiers take a long time to run then an attacker may be able to use this as a denial of service attack vector by sending macaroons with a large number of expensive caveats. Where a potentially expensive operation is required, consider making it a 3rd-party caveat to offload the processing to a separate service with a simple discharge macaroon used to prove that it has been satisfied.- Parameters:
caveat- the caveat to verify.macaroon- the macaroon that the caveat is attached to.- Returns:
- true if the caveat is satisfied, otherwise false.
-
-