Module io.helidon.security.integration.grpc
Package io.helidon.security.integration.grpc

Class GrpcSecurityHandler

    • Method Detail

      • interceptCall

        public <ReqT,​RespT> io.grpc.ServerCall.Listener<ReqT> interceptCall​(io.grpc.ServerCall<ReqT,​RespT> call,
                                                                          io.grpc.Metadata headers,
                                                                          io.grpc.ServerCallHandler<ReqT,​RespT> next)
        Specified by:
        interceptCall in interface io.grpc.ServerInterceptor

      • authenticator

        public GrpcSecurityHandler authenticator​(String explicitAuthenticator)
        Use a named authenticator (as supported by security - if not defined, default authenticator is used). Will enable authentication.
        Parameters:
        explicitAuthenticator - name of authenticator as configured in Security
        Returns:
        new handler instance with configuration of this instance updated with this method

      • authorizer

        public GrpcSecurityHandler authorizer​(String explicitAuthorizer)
        Use a named authorizer (as supported by security - if not defined, default authorizer is used, if none defined, all is permitted). Will enable authorization.
        Parameters:
        explicitAuthorizer - name of authorizer as configured in Security
        Returns:
        new handler instance with configuration of this instance updated with this method

      • rolesAllowed

        public GrpcSecurityHandler rolesAllowed​(String... roles)
        An array of allowed roles for this path - must have a security provider supporting roles (either authentication or authorization provider). This method enables authentication and authorization (you can disable them again by calling skipAuthorization() and skipAuthentication() if needed).
        Parameters:
        roles - if subject is any of these roles, allow access
        Returns:
        new handler instance with configuration of this instance updated with this method

      • authenticationOptional

        public GrpcSecurityHandler authenticationOptional()
        If called, authentication failure will not abort request and will continue as anonymous (authentication is not optional by default). Will enable authentication.
        Returns:
        new handler instance with configuration of this instance updated with this method

      • authenticate

        public GrpcSecurityHandler authenticate()
        If called, request will go through authentication process - (authentication is disabled by default - it may be enabled as a side effect of other methods, such as rolesAllowed(String...).
        Returns:
        new handler instance with configuration of this instance updated with this method

      • skipAuthentication

        public GrpcSecurityHandler skipAuthentication()
        If called, request will NOT go through authentication process. Use this when another method implies authentication (such as rolesAllowed(String...)) and yet it is not desired (e.g. everything is handled by authorization).
        Returns:
        new handler instance with configuration of this instance updated with this method

      • customObject

        public GrpcSecurityHandler customObject​(Object object)
        Register a custom object for security request(s). This creates a hard dependency on a specific security provider, so use with care.
        Parameters:
        object - An object expected by security provider
        Returns:
        new handler instance with configuration of this instance updated with this method

      • auditEventType

        public GrpcSecurityHandler auditEventType​(String eventType)
        Override for event-type, defaults to "grpcRequest".
        Parameters:
        eventType - audit event type to use
        Returns:
        new handler instance with configuration of this instance updated with this method

      • auditMessageFormat

        public GrpcSecurityHandler auditMessageFormat​(String messageFormat)
        Override for audit message format, defaults to "%2$s %1$s %4$s %5$s requested by %3$s".
        Parameters:
        messageFormat - audit message format to use
        Returns:
        new handler instance with configuration of this instance updated with this method

      • authorize

        public GrpcSecurityHandler authorize()
        If called, request will go through authorization process - (authorization is disabled by default - it may be enabled as a side effect of other methods, such as rolesAllowed(String...).
        Returns:
        new handler instance with configuration of this instance updated with this method

      • skipAuthorization

        public GrpcSecurityHandler skipAuthorization()
        Skip authorization for this route. Use this when authorization is implied by another method on this class (e.g. rolesAllowed(String...) and you want to explicitly forbid it.
        Returns:
        new handler instance with configuration of this instance updated with this method

      • audit

        public GrpcSecurityHandler audit()
        Audit this request for any method. Request is audited with event type DEFAULT_AUDIT_EVENT_TYPE.

        By default audit is enabled as follows (based on HTTP methods):

        • GET, HEAD - not audited
        • PUT, POST, DELETE - audited
        • any other method (e.g. custom methods) - audited
        Calling this method will override the default setting and audit any method this handler is registered for.
        Returns:
        new handler instance with configuration of this instance updated with this method

      • skipAudit

        public GrpcSecurityHandler skipAudit()
        Disable auditing of this request. Will override defaults and disable auditing for all methods this handler is registered for.

        By default audit is enabled as follows (based on HTTP methods):

        • GET, HEAD - not audited
        • PUT, POST, DELETE - audited
        • any other method (e.g. custom methods) - audited
        Returns:
        new handler instance with configuration of this instance updated with this method