Module io.helidon.security.providers.idcs.mapper

Package io.helidon.security.providers.idcs.mapper

Class IdcsMtRoleMapperProvider

java.lang.Object

io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase

io.helidon.security.providers.idcs.mapper.IdcsMtRoleMapperProvider

All Implemented Interfaces:

SecurityProvider, SubjectMappingProvider

@Deprecated(forRemoval=true,
            since="2.4.0")
public class IdcsMtRoleMapperProvider
extends IdcsRoleMapperProviderBase

Deprecated, for removal: This API element is subject to removal in a future version.

use IdcsMtRoleMapperRxProvider instead

SubjectMappingProvider to obtain roles from IDCS server for a user. Supports multi tenancy in IDCS.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	IdcsMtRoleMapperProvider.Builder<B extends IdcsMtRoleMapperProvider.Builder<B>>	Deprecated, for removal: This API element is subject to removal in a future version. Fluent API builder for IdcsMtRoleMapperProvider.
protected static class	IdcsMtRoleMapperProvider.DefaultMultitenancyEndpoints	Deprecated, for removal: This API element is subject to removal in a future version. Default implementation of the IdcsMtRoleMapperProvider.MultitenancyEndpoints.
static class	IdcsMtRoleMapperProvider.MtCacheKey	Deprecated, for removal: This API element is subject to removal in a future version. Cache key for multitenant environments.
static interface	IdcsMtRoleMapperProvider.MultitenancyEndpoints	Deprecated, for removal: This API element is subject to removal in a future version. Multitenant endpoints for accessing IDCS services.

Nested classes/interfaces inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase

IdcsRoleMapperProviderBase.AppToken

Field Summary

Fields

Modifier and Type	Field	Description
protected static String	IDCS_APP_HEADER	Deprecated, for removal: This API element is subject to removal in a future version. Name of the header containing the IDCS app.
protected static String	IDCS_TENANT_HEADER	Deprecated, for removal: This API element is subject to removal in a future version. Name of the header containing the IDCS tenant.

Fields inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase

ACCESS_TOKEN_KEY, IDCS_SUBJECT_TYPE_CLIENT, IDCS_SUBJECT_TYPE_USER, PARENT_CONTEXT_CLIENT_PROPERTY, ROLE_APPROLE, ROLE_GROUP

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	IdcsMtRoleMapperProvider(IdcsMtRoleMapperProvider.Builder<?> builder)	Deprecated, for removal: This API element is subject to removal in a future version. Configure instance from any descendant of IdcsMtRoleMapperProvider.Builder.

Method Summary

Modifier and Type	Method	Description
protected Optional<List<? extends Grant>>	addAdditionalGrants(String idcsTenantId, String idcsAppName, Subject subject)	Deprecated, for removal: This API element is subject to removal in a future version. Extension point to add additional grants to the subject being created.
static IdcsMtRoleMapperProvider.Builder	builder()	Deprecated, for removal: This API element is subject to removal in a future version. Creates a new builder to build instances of this class.
static SecurityProvider	create(Config config)	Deprecated, for removal: This API element is subject to removal in a future version. Creates an instance from configuration.
protected Subject	enhance(Subject subject, ProviderRequest request, AuthenticationResponse previousResponse)	Deprecated, for removal: This API element is subject to removal in a future version. Enhance the subject with appropriate roles from IDCS.
protected Optional<IdcsMtContext>	extractIdcsMtContext(Subject subject, ProviderRequest request)	Deprecated, for removal: This API element is subject to removal in a future version. Extract IDCS multitenancy context form the the request.
protected Optional<String>	getAppToken(String idcsTenantId, RoleMapTracing tracing)	Deprecated, for removal: This API element is subject to removal in a future version. Gets token from cache or from server.
protected Optional<List<? extends Grant>>	getGrantsFromServer(String idcsTenantId, String idcsAppName, Subject subject)	Deprecated, for removal: This API element is subject to removal in a future version. Get grants from IDCS server.
protected IdcsMtRoleMapperProvider.MultitenancyEndpoints	multitenancyEndpoints()	Deprecated, for removal: This API element is subject to removal in a future version. Get the IdcsMtRoleMapperProvider.MultitenancyEndpoints used to get assertion and token endpoints of a multitenant IDCS.

Methods inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase

buildSubject, complete, defaultIdcsSubjectType, map, oidcConfig, processServerResponse

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.helidon.security.spi.SecurityProvider

supportedAnnotations, supportedAttributes, supportedConfigKeys, supportedCustomObjects

Field Detail

IDCS_TENANT_HEADER

protected static final String IDCS_TENANT_HEADER

Deprecated, for removal: This API element is subject to removal in a future version.

Name of the header containing the IDCS tenant. This is the default used, can be overriden in builder by IdcsMtRoleMapperProvider.Builder.idcsTenantTokenHandler(io.helidon.security.util.TokenHandler)

See Also:

Constant Field Values

IDCS_APP_HEADER

protected static final String IDCS_APP_HEADER

Deprecated, for removal: This API element is subject to removal in a future version.

Name of the header containing the IDCS app. This is the default used, can be overriden in builder by IdcsMtRoleMapperProvider.Builder.idcsAppNameTokenHandler(io.helidon.security.util.TokenHandler)

See Also:

Constant Field Values

Constructor Detail

IdcsMtRoleMapperProvider

protected IdcsMtRoleMapperProvider(IdcsMtRoleMapperProvider.Builder<?> builder)

Deprecated, for removal: This API element is subject to removal in a future version.

Configure instance from any descendant of IdcsMtRoleMapperProvider.Builder.

Parameters:

builder - containing the required configuration

Method Detail

builder

public static IdcsMtRoleMapperProvider.Builder builder()

Deprecated, for removal: This API element is subject to removal in a future version.

Creates a new builder to build instances of this class.

Returns:

a new fluent API builder.

create

public static SecurityProvider create(Config config)

Deprecated, for removal: This API element is subject to removal in a future version.

Creates an instance from configuration.

Expects:

• oidc-config to load an instance of OidcConfig
• cache-config (optional) to load an instance of EvictableCache for role caching

Parameters:

config - configuration of this provider

Returns:

a new instance configured from config

enhance

protected Subject enhance(Subject subject,
                          ProviderRequest request,
                          AuthenticationResponse previousResponse)

Deprecated, for removal: This API element is subject to removal in a future version.

Enhance the subject with appropriate roles from IDCS.

Specified by:

enhance in class IdcsRoleMapperProviderBase

Parameters:

subject - subject of the user (never null)

request - provider request

previousResponse - authenticated response (never null)

Returns:

enhanced subject

extractIdcsMtContext

protected Optional<IdcsMtContext> extractIdcsMtContext(Subject subject,
                                                       ProviderRequest request)

Deprecated, for removal: This API element is subject to removal in a future version.

Extract IDCS multitenancy context form the the request.

By default, the context is extracted from the headers using token handlers for tenant and app.

Parameters:

subject - Subject that is being mapped

request - ProviderRequest context that is being mapped.

Returns:

Optional with the context, empty if the context is not present in the request.

addAdditionalGrants

protected Optional<List<? extends Grant>> addAdditionalGrants(String idcsTenantId,
                                                              String idcsAppName,
                                                              Subject subject)

Deprecated, for removal: This API element is subject to removal in a future version.

Extension point to add additional grants to the subject being created.

Parameters:

idcsTenantId - IDCS tenant id

idcsAppName - IDCS application name

subject - subject of the user/service

Returns:

list with new grants to add to the enhanced subject

getGrantsFromServer

protected Optional<List<? extends Grant>> getGrantsFromServer(String idcsTenantId,
                                                              String idcsAppName,
                                                              Subject subject)

Deprecated, for removal: This API element is subject to removal in a future version.

Get grants from IDCS server. The result is cached.

Parameters:

idcsTenantId - ID of the IDCS tenant

idcsAppName - Name of IDCS application

subject - subject to get grants for

Returns:

optional list of grants from server

getAppToken

protected Optional<String> getAppToken(String idcsTenantId,
                                       RoleMapTracing tracing)

Deprecated, for removal: This API element is subject to removal in a future version.

Gets token from cache or from server.

Parameters:

idcsTenantId - id of tenant

tracing - Role mapping tracing instance to correctly trace outbound calls

Returns:

the token to be used to authenticate this service

multitenancyEndpoints

protected IdcsMtRoleMapperProvider.MultitenancyEndpoints multitenancyEndpoints()

Deprecated, for removal: This API element is subject to removal in a future version.

Get the IdcsMtRoleMapperProvider.MultitenancyEndpoints used to get assertion and token endpoints of a multitenant IDCS.

Returns:

endpoints to use by this implementation