Module io.helidon.webserver
Package io.helidon.webserver.http

Interface HttpSecurity

All Known Implementing Classes:
SecurityHttpFeature
public interface HttpSecurity
WebServer security.

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    authenticate(ServerRequest request, ServerResponse response, boolean requiredHint)
    Authenticates the current request according to security configuration.
    boolean
    authorize(ServerRequest request, ServerResponse response, String... roleHint)
    Authorize the current request according to security configuration.
    static HttpSecurity
    create()
    Create a default implementation of server security.

  • Method Details

    • create

      static HttpSecurity create()
      Create a default implementation of server security.
      Returns:
      a new server security that is not backed by any configuration or providers.

    • authenticate

      boolean authenticate(ServerRequest request, ServerResponse response, boolean requiredHint) throws UnauthorizedException
      Authenticates the current request according to security configuration. When there is no security implementation present, and required hint is set to false this is a no-op.
      Parameters:
      request - server request to read data for authentication
      response - server response
      requiredHint - whether authentication is expected
      Returns:
      whether you should continue with other tasks in this request, if false is returned, the response was already sent, and you should immediately return without modifying it
      Throws:
      UnauthorizedException - when authentication was expected but could not be resolved

    • authorize

      boolean authorize(ServerRequest request, ServerResponse response, String... roleHint) throws ForbiddenException
      Authorize the current request according to security configuration. When there is no security implementation present and there are no roles defined, this is a no-op; if roles are defined this method throws ForbiddenException by default.
      Parameters:
      request - server request to read data for authorization
      response - server response
      roleHint - the use should have at least one of the roles specified (only used when the security is configured to support roles)
      Returns:
      whether you should continue with other tasks in this request, if false is returned, the response was already sent, and you should immediately return without modifying it
      Throws:
      ForbiddenException - when authorization failed and this request cannot proceed