Module io.helidon.security.integration.webserver
Package io.helidon.security.integration.webserver

Class SecurityHandler

    • Method Detail

      • authenticator

        public SecurityHandler authenticator​(String explicitAuthenticator)
        Use a named authenticator (as supported by security - if not defined, default authenticator is used). Will enable authentication.
        Parameters:
        explicitAuthenticator - name of authenticator as configured in Security
        Returns:
        new handler instance with configuration of this instance updated with this method

      • authorizer

        public SecurityHandler authorizer​(String explicitAuthorizer)
        Use a named authorizer (as supported by security - if not defined, default authorizer is used, if none defined, all is permitted). Will enable authorization.
        Parameters:
        explicitAuthorizer - name of authorizer as configured in Security
        Returns:
        new handler instance with configuration of this instance updated with this method

      • rolesAllowed

        public SecurityHandler rolesAllowed​(String... roles)
        An array of allowed roles for this path - must have a security provider supporting roles (either authentication or authorization provider). This method enables authentication and authorization (you can disable them again by calling skipAuthorization() and skipAuthentication() if needed).
        Parameters:
        roles - if subject is any of these roles, allow access
        Returns:
        new handler instance with configuration of this instance updated with this method

      • authenticationOptional

        public SecurityHandler authenticationOptional()
        If called, authentication failure will not abort request and will continue as anonymous (authentication is not optional by default). Will enable authentication.
        Returns:
        new handler instance with configuration of this instance updated with this method

      • authenticate

        public SecurityHandler authenticate()
        If called, request will go through authentication process - (authentication is disabled by default - it may be enabled as a side effect of other methods, such as rolesAllowed(String...).
        Returns:
        new handler instance with configuration of this instance updated with this method

      • skipAuthentication

        public SecurityHandler skipAuthentication()
        If called, request will NOT go through authentication process. Use this when another method implies authentication (such as rolesAllowed(String...)) and yet it is not desired (e.g. everything is handled by authorization).
        Returns:
        new handler instance with configuration of this instance updated with this method

      • customObject

        public SecurityHandler customObject​(Object object)
        Register a custom object for security request(s). This creates a hard dependency on a specific security provider, so use with care.
        Parameters:
        object - An object expected by security provider
        Returns:
        new handler instance with configuration of this instance updated with this method

      • auditEventType

        public SecurityHandler auditEventType​(String eventType)
        Override for event-type, defaults to "request".
        Parameters:
        eventType - audit event type to use
        Returns:
        new handler instance with configuration of this instance updated with this method

      • auditMessageFormat

        public SecurityHandler auditMessageFormat​(String messageFormat)
        Override for audit message format, defaults to "%3$s %1$s \"%2$s\" %5$s %6$s requested by %4$s".
        Parameters:
        messageFormat - audit message format to use
        Returns:
        new handler instance with configuration of this instance updated with this method

      • authorize

        public SecurityHandler authorize()
        If called, request will go through authorization process - (authorization is disabled by default - it may be enabled as a side effect of other methods, such as rolesAllowed(String...).
        Returns:
        new handler instance with configuration of this instance updated with this method

      • skipAuthorization

        public SecurityHandler skipAuthorization()
        Skip authorization for this route. Use this when authorization is implied by another method on this class (e.g. rolesAllowed(String...) and you want to explicitly forbid it.
        Returns:
        new handler instance with configuration of this instance updated with this method

      • audit

        public SecurityHandler audit()
        Audit this request for any method. Request is audited with event type DEFAULT_AUDIT_EVENT_TYPE.

        By default audit is enabled as follows (based on HTTP methods):

        • GET, HEAD - not audited
        • PUT, POST, DELETE - audited
        • any other method (e.g. custom methods) - audited
        Calling this method will override the default setting and audit any method this handler is registered for.
        Returns:
        new handler instance with configuration of this instance updated with this method

      • skipAudit

        public SecurityHandler skipAudit()
        Disable auditing of this request. Will override defaults and disable auditing for all methods this handler is registered for.

        By default audit is enabled as follows (based on HTTP methods):

        • GET, HEAD - not audited
        • PUT, POST, DELETE - audited
        • any other method (e.g. custom methods) - audited
        Returns:
        new handler instance with configuration of this instance updated with this method

      • queryParam

        public SecurityHandler queryParam​(String queryParamName,
                                  TokenHandler headerHandler)
        Add a query parameter extraction configuration.
        Parameters:
        queryParamName - name of a query parameter to extract
        headerHandler - handler to extract it and store it in a header field
        Returns:
        new handler instance