Module io.helidon.security

Package io.helidon.security

package io.helidon.security

Security

Supports security for web (and possibly other) resources including:

• Authentication: authenticate a request
• Authorization: authorize a request to a resource, possibly using ABAC or RBAC.
• Outbound security: propagating security on outbound calls.
• Audit: auditing security operations

And security for any resource type when using programmatic approach. Starting point: Security and SecurityContext. Various security aspects are pluggable, using providers to extend functionality.

Bootstrapping

You have two way to do things with security - either load it from configuration or create a fully configured instance using a builder. Both approaches should allow the same behavior.

To create security using builder:
Security.builder() .build()

Or using configuration:
Security.create(io.helidon.config.Config)

Configuration example (Google login for users and http-signatures for service):

 security:
   provider-policy:
     # Composite policy when using more than one provider
     type: "COMPOSITE"
     authentication:
       # This is a frontend service - only allow google authentication
       - name: "google-login"
     outbound:
       # Propagate the goole token and this service's identity to backend
       - name: "google-login"
       - name: "http-signatures"
   providers:
     # Google login button support - authentication and identity propagation provider
     - google-login:
         client-id: "your-google-application-id"
     # Attribute based access control authorization provider
     - abac:
     # HTTP signatures - authentication and identity propagation provider (for service identity)
     - http-signatures:
         outbound:
         - name: "backend"
           hosts: ["localhost"]
           signature:
             key-id: "frontend"
             # password may be encrypted when using secure filter for Helidon config
             hmac.secret: "..."
 

Related Packages

Module	Package	Description
io.helidon	io.helidon	Startup of Helidon applications.
io.helidon.security.annotations	io.helidon.security.annotations	Annotations for integration with containers supporting them.
io.helidon.security.jwt	io.helidon.security.jwt	JWT (JSON web token) support.
io.helidon.security	io.helidon.security.spi	Security component's SPI.
io.helidon.security.util	io.helidon.security.util	General utilities for security modules.

Class	Description
AuditEvent	An audit event to store using an Audit provider.
AuditEvent.AuditParam	Named parameters of audit event.
AuditEvent.AuditSeverity	Severity of AuditEvent.
AuthenticationResponse	Response as returned from an authentication provider.
AuthenticationResponse.Builder	Authentication response builder.
AuthorizationResponse	Response from an authorization decision.
AuthorizationResponse.Builder	Builder for custom Authorization responses.
ClassToInstanceStore<T>	Map of classes to their instances.
CompositeProviderFlag	Flag driving resolution of providers.
CompositeProviderSelectionPolicy	A provider selection policy that supports composing multiple providers (current Authentication and Outbound) into a single virtual security provider.
CompositeProviderSelectionPolicy.Builder	Fluent API builder to create CompositeProviderSelectionPolicy.
EndpointConfig	Each endpoint can have security configuration either statically declared (e.g.
EndpointConfig.AnnotationScope	Scope of annotations used in applications that integrate security.
EndpointConfig.Builder	A fluent API builder for EndpointConfig.
Grant	A concept representing anything that can be granted to a subject.
Grant.Builder<B extends Grant.Builder<B>>	A fluent API builder for Grant to be extended by other Grant implementations.
NamedProvider<T extends SecurityProvider>	A wrapper for a named security provider.
OutboundSecurityClientBuilder	Builder constructing a security client - extends the SecurityRequestBuilder for convenience.
OutboundSecurityResponse	Response of outbound security provider.
OutboundSecurityResponse.Builder	Builder class to build custom identity propagation responses.
Principal	A security principal.
Principal.Builder	A fluent API builder for Principal.
ProviderRequest	A request sent to security providers.
QueryParamMapping	Definition of a map to bind a query param to a header.
Role	A security role used in RBAC (role based access control) schemes.
Role.Builder	A fluent API builder for Role.
SecretsProviderConfig	Marker interface for configuration of secrets providers.
Security	This class is used to "bootstrap" security and integrate it with other frameworks; runtime main entry point is SecurityContext.
Security.Builder	Builder pattern class for helping create Security in a convenient way.
SecurityClient<T extends SecurityResponse>	Common methods for security clients.
SecurityClientBuilder<T extends SecurityResponse>	Builder constructing a security client - extends the SecurityRequestBuilder for convenience.
SecurityContext	Security context to retrieve security information about current user, either injected or obtained from Security.contextBuilder(String) and to handle programmatic security.
SecurityContext.Builder	Fluent API builder for SecurityContext.
SecurityEnvironment	Security environment is a set of attributes that are stable for an interaction (usually a request in our case).
SecurityEnvironment.Builder	A fluent API builder for SecurityEnvironment.
SecurityException	Runtime exception used as by this module to be able to identify exception caused by it.
SecurityLevel	Security level stores annotations bound to the specific class and method.
SecurityLevel.SecurityLevelBuilder	Builder for SecurityLevel class.
SecurityRequest	Common methods for all security requests (authentication, authorization, and identity propagation).
SecurityRequestBuilder<T extends SecurityRequestBuilder<T>>	Fluent API to build a security request.
SecurityResponse	Response from security provider (and security Module).
SecurityResponse.SecurityStatus	Status of a security operation.
SecurityTime	Time used in security, configurable.
SecurityTime.Builder	Fluent API builder for SecurityTime.
Subject	A security subject, representing a user or a service.
Subject.Builder	A fluent API builder for Subject.
SubjectType	Type of principal.