Class HttpSignProvider.Builder
- java.lang.Object
-
- io.helidon.security.providers.httpsign.HttpSignProvider.Builder
-
- All Implemented Interfaces:
Builder<HttpSignProvider>
,Supplier<HttpSignProvider>
- Enclosing class:
- HttpSignProvider
public static final class HttpSignProvider.Builder extends Object implements Builder<HttpSignProvider>
Fluent API builder for this provider. Callbuild()
to create a provider instance.
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description HttpSignProvider.Builder
addAcceptHeader(HttpSignHeader header)
Add a header that is validated on inbound requests.HttpSignProvider.Builder
addInbound(InboundClientDefinition client)
Add inbound configuration.HttpSignProvider
build()
Build the instance from this builder.HttpSignProvider.Builder
config(Config config)
Create a builder from configuration.HttpSignProvider.Builder
inboundRequiredHeaders(SignedHeadersConfig inboundRequiredHeaders)
Override the default inbound required headers (e.g.HttpSignProvider.Builder
optional(boolean optional)
Set whether the signature is optional.HttpSignProvider.Builder
outbound(OutboundConfig targets)
Add outbound targets to this builder.HttpSignProvider.Builder
realm(String realm)
Realm to use for challenging inbound requests that do not have "Authorization" header in case header isHttpSignHeader.AUTHORIZATION
and singatures are not optional.
-
-
-
Method Detail
-
build
public HttpSignProvider build()
Description copied from interface:Builder
Build the instance from this builder.- Specified by:
build
in interfaceBuilder<HttpSignProvider>
- Returns:
- instance of the built type
-
config
public HttpSignProvider.Builder config(Config config)
Create a builder from configuration.- Parameters:
config
- Config located at http-signatures key- Returns:
- builder instance configured from config
-
outbound
public HttpSignProvider.Builder outbound(OutboundConfig targets)
Add outbound targets to this builder. The targets are used to chose what to do for outbound communication. The targets should haveOutboundTargetDefinition
attached throughOutboundTarget.Builder.customObject(Class, Object)
to tell us how to sign the request.The same can be done through configuration:
{ name = "http-signatures" class = "HttpSignProvider" http-signatures { targets: [ { name = "service2" hosts = ["localhost"] paths = ["/service2/.*"] # This configures the
OutboundTargetDefinition
signature { key-id = "service1" hmac.secret = "${CLEAR=password}" } }] } }- Parameters:
targets
- targets to select correct outbound security- Returns:
- updated builder instance
-
addInbound
public HttpSignProvider.Builder addInbound(InboundClientDefinition client)
Add inbound configuration. This is used to validate signature and authenticate the party.The same can be done through configuration:
{ name = "http-signatures" class = "HttpSignProvider" http-signatures { inbound { # This configures the
InboundClientDefinition
keys: [ { key-id = "service1" hmac.secret = "${CLEAR=password}" }] } } }- Parameters:
client
- a single client configuration for inbound communication- Returns:
- updated builder instance
-
inboundRequiredHeaders
public HttpSignProvider.Builder inboundRequiredHeaders(SignedHeadersConfig inboundRequiredHeaders)
Override the default inbound required headers (e.g. headers that MUST be signed and headers that MUST be signed IF present).Defaults:
- get, head, delete methods: date, (request-target), host are mandatory; authorization if present (unless we are
creating/validating the
HttpSignHeader.AUTHORIZATION
ourselves - put, post: same as above, with addition of: content-length, content-type and digest if present
- for other methods: date, (request-target)
- Parameters:
inboundRequiredHeaders
- headers configuration- Returns:
- updated builder instance
- get, head, delete methods: date, (request-target), host are mandatory; authorization if present (unless we are
creating/validating the
-
addAcceptHeader
public HttpSignProvider.Builder addAcceptHeader(HttpSignHeader header)
Add a header that is validated on inbound requests. Provider may support more than one header to validate.- Parameters:
header
- header to look for signature- Returns:
- updated builder instance
-
optional
public HttpSignProvider.Builder optional(boolean optional)
Set whether the signature is optional. If set to true (default), this provider willSecurityResponse.SecurityStatus.ABSTAIN
from this request if signature is not present. If set to false, this provider willfail
if signature is not present.- Parameters:
optional
- true for optional singatures- Returns:
- updated builder instance
-
realm
public HttpSignProvider.Builder realm(String realm)
Realm to use for challenging inbound requests that do not have "Authorization" header in case header isHttpSignHeader.AUTHORIZATION
and singatures are not optional.- Parameters:
realm
- realm to challenge with, defautls to "prime"- Returns:
- updated builder instance
-
-