Class IdcsMtRoleMapperProvider

    • Constructor Detail

      • IdcsMtRoleMapperProvider

        protected IdcsMtRoleMapperProvider​(IdcsMtRoleMapperProvider.Builder<?> builder)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Configure instance from any descendant of IdcsMtRoleMapperProvider.Builder.
        Parameters:
        builder - containing the required configuration
    • Method Detail

      • builder

        public static IdcsMtRoleMapperProvider.Builder builder()
        Deprecated, for removal: This API element is subject to removal in a future version.
        Creates a new builder to build instances of this class.
        Returns:
        a new fluent API builder.
      • create

        public static SecurityProvider create​(Config config)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Creates an instance from configuration.

        Expects:

        • oidc-config to load an instance of OidcConfig
        • cache-config (optional) to load an instance of EvictableCache for role caching
        Parameters:
        config - configuration of this provider
        Returns:
        a new instance configured from config
      • enhance

        protected Subject enhance​(Subject subject,
                                  ProviderRequest request,
                                  AuthenticationResponse previousResponse)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Enhance the subject with appropriate roles from IDCS.
        Specified by:
        enhance in class IdcsRoleMapperProviderBase
        Parameters:
        subject - subject of the user (never null)
        request - provider request
        previousResponse - authenticated response (never null)
        Returns:
        enhanced subject
      • extractIdcsMtContext

        protected Optional<IdcsMtContext> extractIdcsMtContext​(Subject subject,
                                                               ProviderRequest request)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Extract IDCS multitenancy context form the the request.

        By default, the context is extracted from the headers using token handlers for tenant and app.

        Parameters:
        subject - Subject that is being mapped
        request - ProviderRequest context that is being mapped.
        Returns:
        Optional with the context, empty if the context is not present in the request.
      • addAdditionalGrants

        protected Optional<List<? extends Grant>> addAdditionalGrants​(String idcsTenantId,
                                                                      String idcsAppName,
                                                                      Subject subject)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Extension point to add additional grants to the subject being created.
        Parameters:
        idcsTenantId - IDCS tenant id
        idcsAppName - IDCS application name
        subject - subject of the user/service
        Returns:
        list with new grants to add to the enhanced subject
      • getGrantsFromServer

        protected Optional<List<? extends Grant>> getGrantsFromServer​(String idcsTenantId,
                                                                      String idcsAppName,
                                                                      Subject subject)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Get grants from IDCS server. The result is cached.
        Parameters:
        idcsTenantId - ID of the IDCS tenant
        idcsAppName - Name of IDCS application
        subject - subject to get grants for
        Returns:
        optional list of grants from server
      • getAppToken

        protected Optional<String> getAppToken​(String idcsTenantId,
                                               RoleMapTracing tracing)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Gets token from cache or from server.
        Parameters:
        idcsTenantId - id of tenant
        tracing - Role mapping tracing instance to correctly trace outbound calls
        Returns:
        the token to be used to authenticate this service