Module io.helidon.security.integration.jersey
Package io.helidon.security.integration.jersey

Class SecurityFeature.Builder

    • Method Detail

      • authorizeAnnotatedOnly

        public SecurityFeature.Builder authorizeAnnotatedOnly​(boolean authzOnly)
        Whether to authorize only annotated methods (with Authorized annotation) or all. When using usePrematchingAuthorization(boolean) this method is ignored.
        Parameters:
        authzOnly - if set to true, authorization will be performed on annotated methods only, defaults to false
        Returns:
        updated builder instance

      • authenticateAnnotatedOnly

        public SecurityFeature.Builder authenticateAnnotatedOnly​(boolean authnOnly)
        Whether to authorize only annotated methods (with Authenticated annotation or all. When using usePrematchingAuthentication(boolean) this method is ignored. By default only annotated methods (annotation may be also on Application class or resource class) are authenticated.
        Parameters:
        authnOnly - if set to false, authentication will be performed for all requests, defaults to true
        Returns:
        updated builder instance

      • addQueryParamHandler

        public SecurityFeature.Builder addQueryParamHandler​(QueryParamHandler handler)
        Add a new handler to extract query parameter and store it in security request header.
        Parameters:
        handler - handler to extract data
        Returns:
        updated builder instance

      • addQueryParamHandlers

        public SecurityFeature.Builder addQueryParamHandlers​(Iterable<QueryParamHandler> handlers)
        Add handlers to extract query parameters and store them in security request header.
        Parameters:
        handlers - handlers to extract data
        Returns:
        updated builder instance

      • usePrematchingAuthentication

        public SecurityFeature.Builder usePrematchingAuthentication​(boolean usePrematching)
        Configure whether pre-matching or post-matching filter is used to authenticate requests. Defaults to post-matching, as we have access to information about resource class and method that is invoked, allowing us to use annotations defined on these. When switched to prematching, the security is an on/off switch - all resources are protected the same way.
        Parameters:
        usePrematching - whether to use pre-matching filter instead of post-matching
        Returns:
        updated builder instance

      • usePrematchingAuthorization

        public SecurityFeature.Builder usePrematchingAuthorization​(boolean usePrematching)
        Configure whether pre-matching or post-matching filter is used to authorize requests. Defaults to post-matching, as we have access to information about resource class and method that is invoked, allowing us to use annotations defined on these. When switched to prematching, the security is an on/off switch - all resources are protected the same way. When set to true, authentication will be prematching as well.
        Parameters:
        usePrematching - whether to use pre-matching filter instead of post-matching
        Returns:
        updated builder instance

      • debug

        public SecurityFeature.Builder debug()
        Set debugging on. Will return description from response in entity.
        Returns:
        updated builder instance

      • useAbortWith

        public SecurityFeature.Builder useAbortWith​(boolean useAbortWith)
        When set to true (which is the default behavior, the security filter would use ContainerRequest.abortWith(javax.ws.rs.core.Response) to abort request and configure a security response.

        When set to false, the security filter would throw an WebApplicationException instead. Such an exception can be handled by a custom error handler.

        Parameters:
        useAbortWith - set to false to use exceptions, by default uses abortWith on request
        Returns:
        updated builder instance

      • config

        public SecurityFeature.Builder config​(Config config)
        Update this builder from configuration. Expects: Example: 
          security:
    jersey:
      defaults:
      # If set to true, only annotated (@Authenticated) resources will be authorized
      # By default, every request is sent to authorization provider
      authorize-annotated-only: false
      # query parameters will be extracted from request
      # and sent to authentication and authorization providers
      # as headers. These will NOT be available to application
      # as headers.
      query-params:
        - name: "basicAuth"
          header: "Authorization"
        Parameters:
        config - configuration set to key "jersey" (see example above)
        Returns:
        updated builder instance