boolean

Whether to audit this request - defaults to false, if enabled, request is audited with event type "request".

@return whether to audit

string

Override for event-type, defaults to SecurityHandler#DEFAULT_AUDIT_EVENT_TYPE.

@return audit event type to use

string

Override for audit message format, defaults to SecurityHandler#DEFAULT_AUDIT_MESSAGE_FORMAT.

@return audit message format to use

boolean

If called, request will go through authentication process - defaults to false (even if authorize is true).

@return whether to authenticate or not

boolean

If called, authentication failure will not abort request and will continue as anonymous (defaults to false).

@return whether authn is optional

string

Use a named authenticator (as supported by security - if not defined, default authenticator is used). Will enable authentication.

@return name of authenticator as configured in io.helidon.security.Security

boolean

Enable authorization for this route.

@return whether to authorize

string

Use a named authorizer (as supported by security - if not defined, default authorizer is used, if none defined, all is permitted). Will enable authorization.

@return name of authorizer as configured in io.helidon.security.Security

Method[]

string

string[]

An array of allowed roles for this path - must have a security provider supporting roles (either authentication or authorization provider). This method enables authentication and authorization (you can disable them again by calling SecurityHandler#skipAuthorization() and #authenticationOptional() if needed).

@return if subject is any of these roles, allow access

string[]

string[]

List of sockets this configuration should be applied to. If empty, the configuration is applied to all configured sockets.

@return list of sockets