java.lang.Object
io.helidon.microprofile.jwt.auth.JwtAuthProvider
All Implemented Interfaces:
AuthenticationProvider, OutboundSecurityProvider, SecurityProvider

public class JwtAuthProvider extends Object implements AuthenticationProvider, OutboundSecurityProvider
Provider that provides JWT authentication.
  • Field Details

    • CONFIG_EXPECTED_ISSUER

      public static final String CONFIG_EXPECTED_ISSUER
      Configuration key for expected issuer of incoming tokens. Used for validation of JWT.
      See Also:
    • CONFIG_EXPECTED_AUDIENCES

      public static final String CONFIG_EXPECTED_AUDIENCES
      Configuration key for expected audiences of incoming tokens. Used for validation of JWT.
      See Also:
  • Method Details

    • builder

      public static JwtAuthProvider.Builder builder()
      A builder for this provider.
      Returns:
      builder to create a new instance
    • create

      public static JwtAuthProvider create(Config config)
      Create provider instance from configuration.
      Parameters:
      config - configuration of this provider
      Returns:
      provider instance
    • supportedAnnotations

      public Collection<Class<? extends Annotation>> supportedAnnotations()
      Description copied from interface: SecurityProvider
      Provide extension annotations supported by this provider (e.g. jakarta.annotation.security.RolesAllowed). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected.
      Specified by:
      supportedAnnotations in interface SecurityProvider
      Returns:
      Collection of annotations this provider expects.
    • authenticate

      public AuthenticationResponse authenticate(ProviderRequest providerRequest)
      Description copied from interface: AuthenticationProvider
      Authenticate a request. This may be just resolving headers (tokens) or full authentication (basic auth). Do not throw exception for normal processing (e.g. invalid credentials; you may throw an exception in case of misconfiguration). This method will be invoked for inbound requests ONLY.

      This method must provide either a Principal or a whole Subject either for a user or for service (or both).

      Specified by:
      authenticate in interface AuthenticationProvider
      Parameters:
      providerRequest - context of this security enforcement/validation
      Returns:
      response that either authenticates the request, fails authentication or abstains from authentication
      See Also:
    • isOutboundSupported

      public boolean isOutboundSupported(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundConfig)
      Description copied from interface: OutboundSecurityProvider
      Check if the path to be executed is supported by this security provider. Defaults to true.
      Specified by:
      isOutboundSupported in interface OutboundSecurityProvider
      Parameters:
      providerRequest - context with environment, subject(s) etc. that was received
      outboundEnv - environment for outbound call
      outboundConfig - outbound endpoint configuration
      Returns:
      true if this identity propagator can generate required headers for the path defined
    • outboundSecurity

      public OutboundSecurityResponse outboundSecurity(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig)
      Description copied from interface: OutboundSecurityProvider
      Creates necessary updates to headers and entity needed for outbound security (e.g. identity propagation, s2s security etc.). This method will be invoked for outbound requests ONLY.
      Specified by:
      outboundSecurity in interface OutboundSecurityProvider
      Parameters:
      providerRequest - context with environment, subject(s) etc. that was received
      outboundEnv - environment for outbound call
      outboundEndpointConfig - outbound endpoint configuration
      Returns:
      response with generated headers and other possible configuration
      See Also: