Cloud Security Container Integrations
The following containers are integrated with Helidon Security:
Web server
Integration of reactive web server
Maven Dependency
<dependency>
<groupId>io.helidon.security.integration</groupId>
<artifactId>helidon-security-integration-webserver</artifactId>
</dependency>content_copy
Bootstrapping
There are two steps to configure security with web server:
- Create security instance and register it with server
- Protect routes of web server with various security features
Example using builders
// web server's Routing
Routing.builder()
// This is step 1 - register security instance with web server processing
// security - instance of security either from config or from a builder
// securityDefaults - default enforcement for each route that has a security definition
.register(WebSecurity.create(security).securityDefaults(WebSecurity.authenticate()))
// this is step 2 - protect a route
// protect this route with authentication (from defaults) and role "user"
.get("/service1", WebSecurity.rolesAllowed("user"), (req, res) -> {
processService1Request(req, res);
})
.build();content_copy
Example using configuration
Routing.builder()
// helper method to load both security and web server security from configuration
.register(WebSecurity.create(config))
// continue with web server route configuration
.build();content_copy
Example using configuration - configuration (HOCON)
# This may change in the future - to align with web server configuration, once it is supported
security.web-server {
# Configuration of integration with web server
defaults {
authenticate = true
}
paths: [
{
path = "/service1"
methods = ["get"]
roles-allowed = ["user"]
}
]
}content_copy
Jersey
Integration of Jersey (JAX-RS implementation) both for inbound and outbound security.
Maven Dependency
<dependency>
<groupId>io.helidon.security.integration</groupId>
<artifactId>helidon-security-integration-jersey</artifactId>
</dependency>content_copy
Inbound security
Integrate with Jersey
ResourceConfig resourceConfig = new ResourceConfig()
// register JAX-RS resource
.register(JaxRsResource.class)
// integrate security
.register(new io.helidon.security.jersey.SecurityFeature(security));content_copy
Protecting a resource
The current approach does not have a configuration option. The security must be configured through annotations. Security currently supports @Authenticated and @Authorized. When a resource is annotated with one of these annotations (application class, resource class, or resource method), security will be triggered.
Securing a resource method
// this is sufficient for security to be triggered, see javadoc for further details
@Authenticated
@Path("/{name}")
@GET
@Produces(MediaType.TEXT_PLAIN)
// due to Jersey approach to path matching, we need two methods to match both the "root" and "root" + subpaths
public String getHelloName(@PathParam("name") String name) {
return "Hello " + name + ", your current subject: " + securityContext.getSubject();
}content_copy
Access context
Support in a JAX-RS resource
// inject io.helidon.security.SecurityContext
@Context
private SecurityContext securityContext;content_copy
Outbound security
Call remote target with outbound security
// I expect you have injected the ClientSecurityFeature as shown above
Client client = ClientBuilder.newClient()
// integrate security
.register(new ClientSecurityFeature());
try {
// call the resource, will propagate identity as configured in Security
String response = client.target("http://www.google.com")
.request()
// configure the security context for this request (as client and targets may be re-used)
.property(ClientSecurityFeature.PROPERTY_CONTEXT, securityContext)
.get(String.class);
} finally {
client.close();
}content_copy