Package io.helidon.security
Security
Supports security for web (and possibly other) resources including:- Authentication: authenticate a request
- Authorization: authorize a request to a resource, possibly using ABAC or RBAC.
- Outbound security: propagating security on outbound calls.
- Audit: auditing security operations
Security
and SecurityContext
.
Various security aspects are pluggable, using providers
to extend functionality.
Bootstrapping
You have two way to do things with security - either load it from configuration or create a fully configured instance using a builder. Both approaches should allow the same behavior.
To create security using builder:
Security
.builder()
.build()
Or using configuration:
Security.create(io.helidon.config.Config)
Configuration example (Google login for users and http-signatures for service):
security:
provider-policy:
# Composite policy when using more than one provider
type: "COMPOSITE"
authentication:
# This is a frontend service - only allow google authentication
- name: "google-login"
outbound:
# Propagate the goole token and this service's identity to backend
- name: "google-login"
- name: "http-signatures"
providers:
# Google login button support - authentication and identity propagation provider
- google-login:
client-id: "your-google-application-id"
# Attribute based access control authorization provider
- abac:
# HTTP signatures - authentication and identity propagation provider (for service identity)
- http-signatures:
outbound:
- name: "backend"
hosts: ["localhost"]
signature:
key-id: "frontend"
# password may be encrypted when using secure filter for Helidon config
hmac.secret: "..."
-
Interface Summary Interface Description AuditEvent An audit event to store using an Audit provider.Entity Access to message content (entity).Principal A security principal.SecurityClient<T extends SecurityResponse> Common methods for security clients.SecurityContext Security context to retrieve security information about current user, either injected or obtained fromSecurity.contextBuilder(String)
and to handle programmatic security.SecurityRequest Common methods for all security requests (authentication, authorization, and identity propagation). -
Class Summary Class Description AuditEvent.AuditParam Named parameters of audit event.AuthenticationResponse Response as returned from an authentication provider.AuthenticationResponse.Builder Authentication response builder.AuthorizationResponse Response from an authorization decision.AuthorizationResponse.Builder Builder for custom Authorization responses.ClassToInstanceStore<T> Map of classes to their instances.CompositeProviderSelectionPolicy A provider selection policy that supports composing multiple providers (current Authentication and Outbound) into a single virtual security provider.CompositeProviderSelectionPolicy.Builder Fluent API builder to createCompositeProviderSelectionPolicy
.EndpointConfig Each endpoint can have security configuration either statically declared (e.g.EndpointConfig.Builder A fluent API builder forEndpointConfig
.Grant A concept representing anything that can be granted to a subject.Grant.Builder<T extends Grant.Builder<T>> NamedProvider<T extends SecurityProvider> A wrapper for a named security provider.OutboundSecurityClientBuilder Builder constructing a security client - extends theSecurityRequestBuilder
for convenience.OutboundSecurityResponse Response of outbound security provider.OutboundSecurityResponse.Builder Builder class to build custom identity propagation responses.Principal.Builder A fluent API builder forPrincipal
.ProviderRequest A request sent to security providers.QueryParamMapping Definition of a map to bind a query param to a header.Role A security role used in RBAC (role based access control) schemes.Role.Builder A fluent API builder forRole
.Security This class is used to "bootstrap" security and integrate it with other frameworks; runtime main entry point isSecurityContext
.Security.Builder Builder pattern class for helping createSecurity
in a convenient way.SecurityClientBuilder<T extends SecurityResponse> Builder constructing a security client - extends theSecurityRequestBuilder
for convenience.SecurityContext.Builder Fluent API builder forSecurityContext
.SecurityEnvironment Security environment is a set of attributes that are stable for an interaction (usually a request in our case).SecurityEnvironment.Builder A fluent API builder forSecurityEnvironment
.SecurityLevel Security level stores annotations bound to the specific class and method.SecurityLevel.SecurityLevelBuilder Builder forSecurityLevel
class.SecurityRequestBuilder<T extends SecurityRequestBuilder<T>> Fluent API to build a security request.SecurityResponse Response from security provider (and security Module).SecurityTime Time used in security, configurable.SecurityTime.Builder Fluent API builder forSecurityTime
.Subject A security subject, representing a user or a service.Subject.Builder A fluent API builder forSubject
. -
Enum Summary Enum Description AuditEvent.AuditSeverity Severity ofAuditEvent
.CompositeProviderFlag Flag driving resolution of providers.EndpointConfig.AnnotationScope Scope of annotations used in applications that integrate security.SecurityResponse.SecurityStatus Status of a security operation.SubjectType Type of principal. -
Exception Summary Exception Description SecurityException Runtime exception used as by this module to be able to identify exception caused by it.