Class IdcsMtRoleMapperProvider
- java.lang.Object
-
- io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase
-
- io.helidon.security.providers.idcs.mapper.IdcsMtRoleMapperProvider
-
- All Implemented Interfaces:
SecurityProvider
,SubjectMappingProvider
@Deprecated(forRemoval=true, since="2.4.0") public class IdcsMtRoleMapperProvider extends IdcsRoleMapperProviderBase
Deprecated, for removal: This API element is subject to removal in a future version.useIdcsMtRoleMapperRxProvider
insteadSubjectMappingProvider
to obtain roles from IDCS server for a user. Supports multi tenancy in IDCS.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
IdcsMtRoleMapperProvider.Builder<B extends IdcsMtRoleMapperProvider.Builder<B>>
Deprecated, for removal: This API element is subject to removal in a future version.Fluent API builder forIdcsMtRoleMapperProvider
.protected static class
IdcsMtRoleMapperProvider.DefaultMultitenancyEndpoints
Deprecated, for removal: This API element is subject to removal in a future version.Default implementation of theIdcsMtRoleMapperProvider.MultitenancyEndpoints
.static class
IdcsMtRoleMapperProvider.MtCacheKey
Deprecated, for removal: This API element is subject to removal in a future version.Cache key for multitenant environments.static interface
IdcsMtRoleMapperProvider.MultitenancyEndpoints
Deprecated, for removal: This API element is subject to removal in a future version.Multitenant endpoints for accessing IDCS services.-
Nested classes/interfaces inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase
IdcsRoleMapperProviderBase.AppToken
-
-
Field Summary
Fields Modifier and Type Field Description protected static String
IDCS_APP_HEADER
Deprecated, for removal: This API element is subject to removal in a future version.Name of the header containing the IDCS app.protected static String
IDCS_TENANT_HEADER
Deprecated, for removal: This API element is subject to removal in a future version.Name of the header containing the IDCS tenant.-
Fields inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase
ACCESS_TOKEN_KEY, IDCS_SUBJECT_TYPE_CLIENT, IDCS_SUBJECT_TYPE_USER, PARENT_CONTEXT_CLIENT_PROPERTY, ROLE_APPROLE, ROLE_GROUP
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
IdcsMtRoleMapperProvider(IdcsMtRoleMapperProvider.Builder<?> builder)
Deprecated, for removal: This API element is subject to removal in a future version.Configure instance from any descendant ofIdcsMtRoleMapperProvider.Builder
.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected Optional<List<? extends Grant>>
addAdditionalGrants(String idcsTenantId, String idcsAppName, Subject subject)
Deprecated, for removal: This API element is subject to removal in a future version.Extension point to add additional grants to the subject being created.static IdcsMtRoleMapperProvider.Builder
builder()
Deprecated, for removal: This API element is subject to removal in a future version.Creates a new builder to build instances of this class.static SecurityProvider
create(Config config)
Deprecated, for removal: This API element is subject to removal in a future version.Creates an instance from configuration.protected Subject
enhance(Subject subject, ProviderRequest request, AuthenticationResponse previousResponse)
Deprecated, for removal: This API element is subject to removal in a future version.Enhance the subject with appropriate roles from IDCS.protected Optional<IdcsMtContext>
extractIdcsMtContext(Subject subject, ProviderRequest request)
Deprecated, for removal: This API element is subject to removal in a future version.Extract IDCS multitenancy context form the the request.protected Optional<String>
getAppToken(String idcsTenantId, RoleMapTracing tracing)
Deprecated, for removal: This API element is subject to removal in a future version.Gets token from cache or from server.protected Optional<List<? extends Grant>>
getGrantsFromServer(String idcsTenantId, String idcsAppName, Subject subject)
Deprecated, for removal: This API element is subject to removal in a future version.Get grants from IDCS server.protected IdcsMtRoleMapperProvider.MultitenancyEndpoints
multitenancyEndpoints()
Deprecated, for removal: This API element is subject to removal in a future version.Get theIdcsMtRoleMapperProvider.MultitenancyEndpoints
used to get assertion and token endpoints of a multitenant IDCS.-
Methods inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase
buildSubject, complete, defaultIdcsSubjectType, map, oidcConfig, processServerResponse
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface io.helidon.security.spi.SecurityProvider
supportedAnnotations, supportedAttributes, supportedConfigKeys, supportedCustomObjects
-
-
-
-
Field Detail
-
IDCS_TENANT_HEADER
protected static final String IDCS_TENANT_HEADER
Deprecated, for removal: This API element is subject to removal in a future version.Name of the header containing the IDCS tenant. This is the default used, can be overriden in builder byIdcsMtRoleMapperProvider.Builder.idcsTenantTokenHandler(io.helidon.security.util.TokenHandler)
- See Also:
- Constant Field Values
-
IDCS_APP_HEADER
protected static final String IDCS_APP_HEADER
Deprecated, for removal: This API element is subject to removal in a future version.Name of the header containing the IDCS app. This is the default used, can be overriden in builder byIdcsMtRoleMapperProvider.Builder.idcsAppNameTokenHandler(io.helidon.security.util.TokenHandler)
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
IdcsMtRoleMapperProvider
protected IdcsMtRoleMapperProvider(IdcsMtRoleMapperProvider.Builder<?> builder)
Deprecated, for removal: This API element is subject to removal in a future version.Configure instance from any descendant ofIdcsMtRoleMapperProvider.Builder
.- Parameters:
builder
- containing the required configuration
-
-
Method Detail
-
builder
public static IdcsMtRoleMapperProvider.Builder builder()
Deprecated, for removal: This API element is subject to removal in a future version.Creates a new builder to build instances of this class.- Returns:
- a new fluent API builder.
-
create
public static SecurityProvider create(Config config)
Deprecated, for removal: This API element is subject to removal in a future version.Creates an instance from configuration.Expects:
- oidc-config to load an instance of
OidcConfig
- cache-config (optional) to load an instance of
EvictableCache
for role caching
- Parameters:
config
- configuration of this provider- Returns:
- a new instance configured from config
- oidc-config to load an instance of
-
enhance
protected Subject enhance(Subject subject, ProviderRequest request, AuthenticationResponse previousResponse)
Deprecated, for removal: This API element is subject to removal in a future version.Enhance the subject with appropriate roles from IDCS.- Specified by:
enhance
in classIdcsRoleMapperProviderBase
- Parameters:
subject
- subject of the user (never null)request
- provider requestpreviousResponse
- authenticated response (never null)- Returns:
- enhanced subject
-
extractIdcsMtContext
protected Optional<IdcsMtContext> extractIdcsMtContext(Subject subject, ProviderRequest request)
Deprecated, for removal: This API element is subject to removal in a future version.Extract IDCS multitenancy context form the the request.By default, the context is extracted from the headers using token handlers for
tenant
andapp
.- Parameters:
subject
- Subject that is being mappedrequest
- ProviderRequest context that is being mapped.- Returns:
- Optional with the context, empty if the context is not present in the request.
-
addAdditionalGrants
protected Optional<List<? extends Grant>> addAdditionalGrants(String idcsTenantId, String idcsAppName, Subject subject)
Deprecated, for removal: This API element is subject to removal in a future version.Extension point to add additional grants to the subject being created.- Parameters:
idcsTenantId
- IDCS tenant ididcsAppName
- IDCS application namesubject
- subject of the user/service- Returns:
- list with new grants to add to the enhanced subject
-
getGrantsFromServer
protected Optional<List<? extends Grant>> getGrantsFromServer(String idcsTenantId, String idcsAppName, Subject subject)
Deprecated, for removal: This API element is subject to removal in a future version.Get grants from IDCS server. The result is cached.- Parameters:
idcsTenantId
- ID of the IDCS tenantidcsAppName
- Name of IDCS applicationsubject
- subject to get grants for- Returns:
- optional list of grants from server
-
getAppToken
protected Optional<String> getAppToken(String idcsTenantId, RoleMapTracing tracing)
Deprecated, for removal: This API element is subject to removal in a future version.Gets token from cache or from server.- Parameters:
idcsTenantId
- id of tenanttracing
- Role mapping tracing instance to correctly trace outbound calls- Returns:
- the token to be used to authenticate this service
-
multitenancyEndpoints
protected IdcsMtRoleMapperProvider.MultitenancyEndpoints multitenancyEndpoints()
Deprecated, for removal: This API element is subject to removal in a future version.Get theIdcsMtRoleMapperProvider.MultitenancyEndpoints
used to get assertion and token endpoints of a multitenant IDCS.- Returns:
- endpoints to use by this implementation
-
-