Skip to main content

Java GRPC bindings

The Java GRPC bindings are a low level API that allows you to make authorization calls to the Aserto authorization API. The bindings are generated from Aserto authorizer gRPC API definition.

Installation

The maven artifact is not yet published to a public maven repository, you have to build it from source. To do so, clone the java-authorizer repository and run mvn clean install from the root directory. This will create a maven artifact and install it in your local maven repository. To include it just add the following dependency to your pom.xml:

<dependencies>
    <dependency>
        <groupId>com.aserto</groupId>
        <artifactId>java-authorizer</artifactId>
        <version>1.0.0-SNAPSHOT</version>
    </dependency>
</dependencies>

Creating a client

Metadata metadata = new Metadata();
Metadata.Key<String> asertoTenantId = Metadata.Key.of("aserto-tenant-id", Metadata.ASCII_STRING_MARSHALLER);
Metadata.Key<String> authorization = Metadata.Key.of("authorization", Metadata.ASCII_STRING_MARSHALLER);
metadata.put(asertoTenantId, "<Aserto tenant ID>");
metadata.put(authorization, "basic " + "<Aserto API key>"");

ManagedChannel channel = NettyChannelBuilder
        .forAddress(authorizerAddress, authorizerPort)
        .intercept(MetadataUtils.newAttachHeadersInterceptor(metadata))
        .sslContext(GrpcSslContexts.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build())
        .build();

AuthorizerGrpc.AuthorizerBlockingStub authzClient = AuthorizerGrpc.newBlockingStub(channel);

Make authorization calls using the client:

public boolean is() {
    IsRequest.Builder isBuilder = IsRequest.newBuilder();

    IdentityContext.Builder identityContextBuilder =  IdentityContext.newBuilder();
    identityContextBuilder.setIdentity("<email-address>");
    identityContextBuilder.setType(IdentityType.IDENTITY_TYPE_SUB);


    PolicyContext.Builder policyContextBuilder = PolicyContext.newBuilder();
    policyContextBuilder.setPath("todoApp.DELETE.todos.__id");
    policyContextBuilder.addDecisions( "allowed");


    isBuilder.setIdentityContext(identityContextBuilder.build());
    isBuilder.setPolicyContext(policyContextBuilder.build());

    PolicyInstance policy = getPolicy(<policyName>, <policyLabel>);
    isBuilder.setPolicyInstance(policy);

    IsResponse isReponse = authzClient.is(isBuilder.build());
    isReponse.getDecisions(0).getIs();
}

private PolicyInstance getPolicy(String name, String label) {
    PolicyInstance.Builder policyInstance = PolicyInstance.newBuilder();
    policyInstance.setName(name);
    policyInstance.setInstanceLabel(label);

    return policyInstance.build();
}

For a more comprehensive example, see the java-authorizer/examples