Package io.helidon.security
Class SecurityEnvironment
- java.lang.Object
-
- io.helidon.security.SecurityEnvironment
-
- All Implemented Interfaces:
AbacSupport
public class SecurityEnvironment extends Object implements AbacSupport
Security environment is a set of attributes that are stable for an interaction (usually a request in our case). Environment can be re-used for multiple security request (e.g authentication, authorization). Access to environment is either through methods (for known attributes) or through genericAbacSupport.abacAttribute(String)
methods for any property configured by integration component.The following properties are available (known):
- time: decision time of the current request (e.g. when checking that this is within business hours
- uri: target URI that was requested
- path: path that was requested
- method: method of the request
- transport: transport of the request (e.g. http)
- headers: transport headers of the request (map)
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
SecurityEnvironment.Builder
A fluent API builder forSecurityEnvironment
.-
Nested classes/interfaces inherited from interface io.helidon.security.util.AbacSupport
AbacSupport.BasicAttributes
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description Collection<String>
abacAttributeNames()
A collection of all property names in this container.Object
abacAttributeRaw(String key)
Return the actual property value or null if not present.static SecurityEnvironment.Builder
builder()
Creates a fluent API builder to build new instances of this class with current time.static SecurityEnvironment.Builder
builder(SecurityTime serverTime)
Creates a fluent API builder to build new instances of this class.static SecurityEnvironment
create()
Create a new instance of security environment with all default values.SecurityEnvironment.Builder
derive()
Derive a new environment builder based on this environment.Map<String,List<String>>
headers()
Transport headers that can be used to process the message.String
method()
Verb to execute on the resource.Optional<String>
path()
Path to the resource.URI
targetUri()
Get the URI of the resource requested.ZonedDateTime
time()
Time on the server this environment was created for current request.String
transport()
Return type of transport (such as http, https, jms etc.).-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface io.helidon.security.util.AbacSupport
abacAttribute
-
-
-
-
Method Detail
-
builder
public static SecurityEnvironment.Builder builder(SecurityTime serverTime)
Creates a fluent API builder to build new instances of this class.- Parameters:
serverTime
- Time to use to obtain current time- Returns:
- a builder instance
-
builder
public static SecurityEnvironment.Builder builder()
Creates a fluent API builder to build new instances of this class with current time.- Returns:
- a builder instance
-
create
public static SecurityEnvironment create()
Create a new instance of security environment with all default values.- Returns:
- environment instance
-
abacAttributeRaw
public Object abacAttributeRaw(String key)
Description copied from interface:AbacSupport
Return the actual property value or null if not present. This is the only method that needs to be implemented.- Specified by:
abacAttributeRaw
in interfaceAbacSupport
- Parameters:
key
- key (name) of the property- Returns:
- value of the property or null
-
abacAttributeNames
public Collection<String> abacAttributeNames()
Description copied from interface:AbacSupport
A collection of all property names in this container.- Specified by:
abacAttributeNames
in interfaceAbacSupport
- Returns:
- collection of keys
-
time
public ZonedDateTime time()
Time on the server this environment was created for current request. This should be treated as the "decisive" time of the request for security evaluation. This can be configured - e.g. there can be a time-shift (moving time by a specific amount of seconds to the past or to the future), or an explicit value (e.g. setting the time to 14:00 e.g. for testing purposes).- Returns:
- server time that should be used to make security decisions
- See Also:
Security.serverTime()
-
targetUri
public URI targetUri()
Get the URI of the resource requested. For inbound request, this contains the requested URI by remote client (or as close to the original one as we can get), for outbound requests, this contains the actual URI as configured by client to be called on remote server. TODO if we use service registry, we must have access to the actual endpoint (as signatures may require signing of URI with the real host and port). Either this method MUST return a resolved URI, or we MUST have access to registry and enforce an endpoint (when resolved).- Returns:
- URI being called or URI to be called
-
path
public Optional<String> path()
Path to the resource. For jax-rs, this is relative URI.- Returns:
- Path to the resource
-
method
public String method()
Verb to execute on the resource. For http, this is HTTP method (PUT, GET, DELETE, POST....)- Returns:
- Verb executing on the resource, default is GET
-
transport
public String transport()
Return type of transport (such as http, https, jms etc.). Transport should be case insensitive, yet I recommend using all lower case. For the purpose of this method, http and https are two separate transports!- Returns:
- transport used for this request. Defaults to http.
-
derive
public SecurityEnvironment.Builder derive()
Derive a new environment builder based on this environment.- Returns:
- builder to build a new environment overriding only needed values with a new timestamp
-
headers
public Map<String,List<String>> headers()
Transport headers that can be used to process the message. The headers stand here as a generalization - they cover all metadata sent with each request that is not described elsewhere. For HTTP, this would cover: all HTTP headers (done automatically by integration components), on-demand query parameters (must be explicitly configured and supported by integration component), on-demand form parameters (must be explicitly configured and supported by integration component). For JMS, this would cover: all JMS headers (in string form - byte[] should be base64 encoded). Other protocols must choose a reasonable way to transfer a request/response message into headers and entity.- Returns:
- Header map. If transport protocol does not support headers, map will be empty
-
-