Package io.helidon.security

Class Security

    • Field Detail

      • HEADER_ORIG_URI

        public static final String HEADER_ORIG_URI
        Integration should add a special header to each request. The value will contain the original URI as was issued - for HTTP this is the relative URI including query parameters.
        See Also:
        Constant Field Values

    • Method Detail

      • create

        public static Security create​(Config config)
        Creates new instance based on configuration values.

        Parameters:
        config - Config instance located on security configuration ("providers" is an expected child)
        Returns:
        new instance.

      • builder

        public static Security.Builder builder​(Config config)
        Creates new instance based on configuration values.

        Parameters:
        config - Config instance located on security configuration ("providers" is an expected child)
        Returns:
        new instance.

      • getRoles

        public static Set<String> getRoles​(Subject subject)
        Get a set of roles the subject has, based on Role. This is the set of roles as assumed by authentication provider. Authorization providers may use a different set of roles (and context used authorization provider to check SecurityContext.isUserInRole(String)).
        Parameters:
        subject - Subject of a user/service
        Returns:
        set of roles the user/service is in

      • serverTime

        public SecurityTime serverTime()
        Time that is decisive for the server. This usually returns accessor to current time in a specified time zone.

        SecurityTime may be configured to a fixed point in time, intended for testing purposes.

        Returns:
        time to access current time for security decisions

      • contextBuilder

        public SecurityContext.Builder contextBuilder​(String id)
        Create a new security context builder to build and instance. This is expected to be invoked for each request/response exchange that may be authenticated, authorized etc. Context holds the security subject... Once your processing is done and you no longer want to keep security context, call SecurityContext.logout() to clear subject and principals.
        Parameters:
        id - to use when logging, auditing etc. (e.g. some kind of tracing id). If none or empty, security instance UUID will be used (at least to map all audit records for a single instance of security component). If defined, security will prefix this id with security instance UUID
        Returns:
        new fluent API builder to create a SecurityContext

      • createContext

        public SecurityContext createContext​(String id)
        Create a new security context with the defined id and all defaults.
        Parameters:
        id - id of this context
        Returns:
        new security context

      • tracer

        public Tracer tracer()
        Returns a tracer that can be used to construct new spans.
        Returns:
        Tracer, may be a no-op tracer if tracing is disabled

      • customAnnotations

        public Collection<Class<? extends Annotation>> customAnnotations()
        Get the complete set of annotations expected by (all) security providers configured. This is to be used for integration with other frameworks that support annotations.
        Returns:
        Collection of annotations expected by configured providers.

      • configFor

        public Config configFor​(String child)
        The configuration of security.

        This method will NOT return security internal configuration:

        • provider-policy
        • providers
        • environment
        Parameters:
        child - the name of the child node to retrieve from config
        Returns:
        a child node of security configuration
        Throws:
        IllegalArgumentException - in case you request child in one of the forbidden trees

      • environmentBuilder

        public SecurityEnvironment.Builder environmentBuilder()
        Security environment builder, to be used to create environment for evaluating security in integration components.
        Returns:
        builder to build SecurityEnvironment

      • enabled

        public boolean enabled()
        Whether security is enabled or disabled. Disabled security behaves as if no security is configured.
        Returns:
        true if security is enabled