In a Spring deployment with principal-based security (Security.Authentication.Mode = principal), you might like to validate the passed principal on server side. For that purpose you can implement the interface org.eclipse.stardust.engine.core.spi.security.PrincipalValidator.
@SPI(status = Status.Stable, useRestriction = UseRestriction.Public)
public interface PrincipalValidator
{
boolean isValid(Principal principal);
}
By default, the principal validator org.eclipse.stardust.engine.core.spi.security.AlwaysValidPrincipalValidator is configured whose validation outcome always returns true, i.e. the principal is valid.
public class AlwaysValidPrincipalValidator implements PrincipalValidator
{
@Override
public boolean isValid(Principal ignored)
{
return true;
}
}
Another principal validator may be specified by setting the server-side property Security.Principal.Validator in your carnot.properties file to the fully qualified class name of the class which should be used as principal validator.