Interface SubjectMappingProvider

All Superinterfaces:
SecurityProvider
All Known Implementing Classes:
IdcsMtRoleMapperProvider, IdcsRoleMapperProvider, IdcsRoleMapperProviderBase
Functional Interface:
This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.

@FunctionalInterface public interface SubjectMappingProvider extends SecurityProvider
A provider that maps subject(s) authenticated by an authentication provider to a new subject. This may be replacing the subject, adding roles to the subject etc. Subjects may be a user subject or a service subject.
  • Method Details

    • map

      AuthenticationResponse map(ProviderRequest providerRequest, AuthenticationResponse previousResponse)
      Map grants from authenticated request (e.g. one or both of ProviderRequest.subject() or ProviderRequest.service() returns a non-empty value) to a new authentication response. The provider can change/add/remove grants (such as groups, scopes, permissions) or change the subject to a different one. This method is only invoked after a successful authentication.
      Parameters:
      providerRequest - request to get user and service subjects from
      previousResponse - response from previous authentication or subject mapping provider
      Returns:
      a new authentication response with updated user and/or service subjects