Module io.helidon.security.providers.httpsign

Package io.helidon.security.providers.httpsign

Class HttpSignProvider.Builder

java.lang.Object

io.helidon.security.providers.httpsign.HttpSignProvider.Builder

All Implemented Interfaces:

Builder<HttpSignProvider>, Supplier<HttpSignProvider>

Enclosing class:

HttpSignProvider

public static final class HttpSignProvider.Builder
extends Object
implements Builder<HttpSignProvider>

Fluent API builder for this provider. Call build() to create a provider instance.

Method Summary

Modifier and Type	Method	Description
HttpSignProvider.Builder	addAcceptHeader(HttpSignHeader header)	Add a header that is validated on inbound requests.
HttpSignProvider.Builder	addInbound(InboundClientDefinition client)	Add inbound configuration.
HttpSignProvider.Builder	backwardCompatibleEol(Boolean backwardCompatible)	Until version 3.0.0 (exclusive) there is a trailing end of line added to the signed data.
HttpSignProvider	build()	Build the instance from this builder.
HttpSignProvider.Builder	config(Config config)	Create a builder from configuration.
HttpSignProvider.Builder	inboundRequiredHeaders(SignedHeadersConfig inboundRequiredHeaders)	Override the default inbound required headers (e.g.
HttpSignProvider.Builder	optional(boolean optional)	Set whether the signature is optional.
HttpSignProvider.Builder	outbound(OutboundConfig targets)	Add outbound targets to this builder.
HttpSignProvider.Builder	realm(String realm)	Realm to use for challenging inbound requests that do not have "Authorization" header in case header is HttpSignHeader.AUTHORIZATION and singatures are not optional.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.helidon.common.Builder

get

Method Detail

build

public HttpSignProvider build()

Description copied from interface: Builder

Build the instance from this builder.

Specified by:

build in interface Builder<HttpSignProvider>

Returns:

instance of the built type

config

public HttpSignProvider.Builder config(Config config)

Create a builder from configuration.

Parameters:

config - Config located at http-signatures key

Returns:

builder instance configured from config

outbound

public HttpSignProvider.Builder outbound(OutboundConfig targets)

Add outbound targets to this builder. The targets are used to chose what to do for outbound communication. The targets should have OutboundTargetDefinition attached through OutboundTarget.Builder.customObject(Class, Object) to tell us how to sign the request.

The same can be done through configuration:

 {
  name = "http-signatures"
  class = "HttpSignProvider"
  http-signatures {
      targets: [
      {
          name = "service2"
          hosts = ["localhost"]
          paths = ["/service2/.*"]

          # This configures the OutboundTargetDefinition
          signature {
              key-id = "service1"
              hmac.secret = "${CLEAR=password}"
          }
      }]
  }
 }
 

Parameters:

targets - targets to select correct outbound security

Returns:

updated builder instance

addInbound

public HttpSignProvider.Builder addInbound(InboundClientDefinition client)

Add inbound configuration. This is used to validate signature and authenticate the party.

The same can be done through configuration:

 {
  name = "http-signatures"
  class = "HttpSignProvider"
  http-signatures {
      inbound {
          # This configures the InboundClientDefinition
          keys: [
          {
              key-id = "service1"
              hmac.secret = "${CLEAR=password}"
          }]
      }
  }
 }
 

Parameters:

client - a single client configuration for inbound communication

Returns:

updated builder instance

inboundRequiredHeaders

public HttpSignProvider.Builder inboundRequiredHeaders(SignedHeadersConfig inboundRequiredHeaders)

Override the default inbound required headers (e.g. headers that MUST be signed and headers that MUST be signed IF present).

Defaults:

• get, head, delete methods: date, (request-target), host are mandatory; authorization if present (unless we are creating/validating the HttpSignHeader.AUTHORIZATION ourselves
• put, post: same as above, with addition of: content-length, content-type and digest if present
• for other methods: date, (request-target)

Note that this provider DOES NOT validate the "Digest" HTTP header, only the signature.

Parameters:

inboundRequiredHeaders - headers configuration

Returns:

updated builder instance

addAcceptHeader

public HttpSignProvider.Builder addAcceptHeader(HttpSignHeader header)

Add a header that is validated on inbound requests. Provider may support more than one header to validate.

Parameters:

header - header to look for signature

Returns:

updated builder instance

optional

public HttpSignProvider.Builder optional(boolean optional)

Set whether the signature is optional. If set to true (default), this provider will SecurityResponse.SecurityStatus.ABSTAIN from this request if signature is not present. If set to false, this provider will fail if signature is not present.

Parameters:

optional - true for optional singatures

Returns:

updated builder instance

realm

public HttpSignProvider.Builder realm(String realm)

Realm to use for challenging inbound requests that do not have "Authorization" header in case header is HttpSignHeader.AUTHORIZATION and singatures are not optional.

Parameters:

realm - realm to challenge with, defautls to "helidon"

Returns:

updated builder instance

backwardCompatibleEol

public HttpSignProvider.Builder backwardCompatibleEol(Boolean backwardCompatible)

Until version 3.0.0 (exclusive) there is a trailing end of line added to the signed data. To be able to communicate cross versions, we must configure this for newer versions

Parameters:

backwardCompatible - whether to run in backward compatible mode

Returns:

updated builder instance