Class IdcsRoleMapperProvider
java.lang.Object
io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase
io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProvider
- All Implemented Interfaces:
SecurityProvider,SubjectMappingProvider
public class IdcsRoleMapperProvider
extends IdcsRoleMapperProviderBase
implements SubjectMappingProvider
SubjectMappingProvider to obtain roles from IDCS server for a user.
Supports multi tenancy in IDCS.-
Nested Class Summary
Nested ClassesNested classes/interfaces inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase
IdcsRoleMapperProviderBase.AppToken -
Field Summary
Fields inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase
ACCESS_TOKEN_KEY, IDCS_SUBJECT_TYPE_CLIENT, IDCS_SUBJECT_TYPE_USER, PARENT_CONTEXT_CLIENT_PROPERTY, ROLE_APPROLE, ROLE_GROUP -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedIdcsRoleMapperProvider(IdcsRoleMapperProvider.Builder<?> builder) Constructor that accepts anyIdcsRoleMapperProvider.Builderdescendant. -
Method Summary
Modifier and TypeMethodDescriptionaddAdditionalGrants(Subject subject, List<Grant> idcsGrants) Extension point to add additional grants that are not retrieved from IDCS.static IdcsRoleMapperProvider.Builder<?> builder()Creates a new builder to build instances of this class.computeGrants(Subject subject) Compute grants for the provided subject.static SecurityProviderCreates an instance from configuration.protected Subjectenhance(ProviderRequest request, AuthenticationResponse previousResponse, Subject subject) Enhance subject with IDCS roles, reactive.getGrantsFromServer(Subject subject) Retrieves grants from IDCS server.Methods inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase
buildSubject, defaultIdcsSubjectType, map, oidcConfig, processRoleRequestMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface io.helidon.security.spi.SecurityProvider
supportedAnnotations, supportedAttributes, supportedConfigKeys, supportedCustomObjectsMethods inherited from interface io.helidon.security.spi.SubjectMappingProvider
map
-
Constructor Details
-
IdcsRoleMapperProvider
Constructor that accepts anyIdcsRoleMapperProvider.Builderdescendant.- Parameters:
builder- used to configure this instance
-
-
Method Details
-
builder
Creates a new builder to build instances of this class.- Returns:
- a new fluent API builder.
-
create
Creates an instance from configuration.Expects:
- oidc-config to load an instance of
OidcConfig - cache-config (optional) to load an instance of
EvictableCachefor role caching
- Parameters:
config- configuration of this provider- Returns:
- a new instance configured from config
- oidc-config to load an instance of
-
enhance
protected Subject enhance(ProviderRequest request, AuthenticationResponse previousResponse, Subject subject) Description copied from class:IdcsRoleMapperProviderBaseEnhance subject with IDCS roles, reactive.- Specified by:
enhancein classIdcsRoleMapperProviderBase- Parameters:
request- provider requestpreviousResponse- authenticated responsesubject- subject to enhance- Returns:
- future with enhanced subject
-
computeGrants
Compute grants for the provided subject. This implementation gets grants from servergetGrantsFromServer(io.helidon.security.Subject).- Parameters:
subject- to retrieve roles (or in generalgrants)- Returns:
- future with grants to be added to the subject
-
addAdditionalGrants
Extension point to add additional grants that are not retrieved from IDCS.- Parameters:
subject- subject to enhanceidcsGrants- grants obtained from IDCS- Returns:
- grants to add to the subject
-
getGrantsFromServer
Retrieves grants from IDCS server.- Parameters:
subject- to get grants for- Returns:
- optional list of grants to be added
-