java.lang.Object
io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase
io.helidon.security.providers.idcs.mapper.IdcsMtRoleMapperProvider
All Implemented Interfaces:
SecurityProvider, SubjectMappingProvider

public class IdcsMtRoleMapperProvider extends IdcsRoleMapperProviderBase
SubjectMappingProvider to obtain roles from IDCS server for a user. Supports multi tenancy in IDCS.
  • Field Details

  • Constructor Details

  • Method Details

    • builder

      public static IdcsMtRoleMapperProvider.Builder builder()
      Creates a new builder to build instances of this class.
      Returns:
      a new fluent API builder.
    • create

      public static SecurityProvider create(Config config)
      Creates an instance from configuration.

      Expects:

      • oidc-config to load an instance of OidcConfig
      • cache-config (optional) to load an instance of EvictableCache for role caching
      Parameters:
      config - configuration of this provider
      Returns:
      a new instance configured from config
    • enhance

      protected Subject enhance(ProviderRequest request, AuthenticationResponse previousResponse, Subject subject)
      Enhance the subject with appropriate roles from IDCS.
      Specified by:
      enhance in class IdcsRoleMapperProviderBase
      Parameters:
      request - provider request
      previousResponse - authenticated response (never null)
      subject - subject of the user (never null)
      Returns:
      future with enhanced subject
    • computeGrants

      protected List<? extends Grant> computeGrants(String idcsTenantId, String idcsAppName, Subject subject)
      Compute grants for the provided MT information.
      Parameters:
      idcsTenantId - tenant id
      idcsAppName - app name
      subject - subject
      Returns:
      future with grants to be added to the subject
    • extractIdcsMtContext

      protected Optional<IdcsMtContext> extractIdcsMtContext(Subject subject, ProviderRequest request)
      Extract IDCS multitenancy context form the the request.

      By default, the context is extracted from the headers using token handlers for tenant and app.

      Parameters:
      subject - Subject that is being mapped
      request - ProviderRequest context that is being mapped.
      Returns:
      Optional with the context, empty if the context is not present in the request.
    • addAdditionalGrants

      protected List<? extends Grant> addAdditionalGrants(String idcsTenantId, String idcsAppName, Subject subject, List<Grant> idcsGrants)
      Extension point to add additional grants to the subject being created.
      Parameters:
      idcsTenantId - IDCS tenant id
      idcsAppName - IDCS application name
      subject - subject of the user/service
      idcsGrants - Roles already retrieved from IDCS
      Returns:
      list with new grants to add to the enhanced subject
    • getGrantsFromServer

      protected List<? extends Grant> getGrantsFromServer(String idcsTenantId, String idcsAppName, Subject subject)
      Get grants from IDCS server. The result is cached.
      Parameters:
      idcsTenantId - ID of the IDCS tenant
      idcsAppName - Name of IDCS application
      subject - subject to get grants for
      Returns:
      optional list of grants from server
    • getAppToken

      protected Optional<String> getAppToken(String idcsTenantId, RoleMapTracing tracing)
      Gets token from cache or from server.
      Parameters:
      idcsTenantId - id of tenant
      tracing - Role mapping tracing instance to correctly trace outbound calls
      Returns:
      the token to be used to authenticate this service
    • multitenancyEndpoints

      protected IdcsMtRoleMapperProvider.MultitenancyEndpoints multitenancyEndpoints()
      Get the IdcsMtRoleMapperProvider.MultitenancyEndpoints used to get assertion and token endpoints of a multitenant IDCS.
      Returns:
      endpoints to use by this implementation