Class IdcsMtRoleMapperRxProvider
- java.lang.Object
-
- io.helidon.security.providers.idcs.mapper.IdcsRoleMapperRxProviderBase
-
- io.helidon.security.providers.idcs.mapper.IdcsMtRoleMapperRxProvider
-
- All Implemented Interfaces:
SecurityProvider,SubjectMappingProvider
public class IdcsMtRoleMapperRxProvider extends IdcsRoleMapperRxProviderBase
SubjectMappingProviderto obtain roles from IDCS server for a user. Supports multi tenancy in IDCS.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classIdcsMtRoleMapperRxProvider.Builder<B extends IdcsMtRoleMapperRxProvider.Builder<B>>Fluent API builder forIdcsMtRoleMapperRxProvider.protected static classIdcsMtRoleMapperRxProvider.DefaultMultitenancyEndpointsDefault implementation of theIdcsMtRoleMapperRxProvider.MultitenancyEndpoints.static classIdcsMtRoleMapperRxProvider.MtCacheKeyCache key for multitenant environments.static interfaceIdcsMtRoleMapperRxProvider.MultitenancyEndpointsMultitenant endpoints for accessing IDCS services.-
Nested classes/interfaces inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperRxProviderBase
IdcsRoleMapperRxProviderBase.AppTokenRx
-
-
Field Summary
Fields Modifier and Type Field Description protected static StringIDCS_APP_HEADERName of the header containing the IDCS app.protected static StringIDCS_TENANT_HEADERName of the header containing the IDCS tenant.-
Fields inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperRxProviderBase
ACCESS_TOKEN_KEY, IDCS_SUBJECT_TYPE_CLIENT, IDCS_SUBJECT_TYPE_USER, PARENT_CONTEXT_CLIENT_PROPERTY, ROLE_APPROLE, ROLE_GROUP
-
-
Constructor Summary
Constructors Modifier Constructor Description protectedIdcsMtRoleMapperRxProvider(IdcsMtRoleMapperRxProvider.Builder<?> builder)Configure instance from any descendant ofIdcsMtRoleMapperRxProvider.Builder.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected Single<List<? extends Grant>>addAdditionalGrants(String idcsTenantId, String idcsAppName, Subject subject, List<Grant> idcsGrants)Extension point to add additional grants to the subject being created.static IdcsMtRoleMapperRxProvider.Builderbuilder()Creates a new builder to build instances of this class.protected Single<List<? extends Grant>>computeGrants(String idcsTenantId, String idcsAppName, Subject subject)Compute grants for the provided MT information.static SecurityProvidercreate(Config config)Creates an instance from configuration.protected Single<Subject>enhance(ProviderRequest request, AuthenticationResponse previousResponse, Subject subject)Enhance the subject with appropriate roles from IDCS.protected Optional<IdcsMtContext>extractIdcsMtContext(Subject subject, ProviderRequest request)Extract IDCS multitenancy context form the the request.protected Single<Optional<String>>getAppToken(String idcsTenantId, RoleMapTracing tracing)Gets token from cache or from server.protected Single<List<? extends Grant>>getGrantsFromServer(String idcsTenantId, String idcsAppName, Subject subject)Get grants from IDCS server.protected IdcsMtRoleMapperRxProvider.MultitenancyEndpointsmultitenancyEndpoints()Get theIdcsMtRoleMapperRxProvider.MultitenancyEndpointsused to get assertion and token endpoints of a multitenant IDCS.-
Methods inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperRxProviderBase
buildSubject, defaultIdcsSubjectType, map, oidcConfig, processRoleRequest
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface io.helidon.security.spi.SecurityProvider
supportedAnnotations, supportedAttributes, supportedConfigKeys, supportedCustomObjects
-
-
-
-
Field Detail
-
IDCS_TENANT_HEADER
protected static final String IDCS_TENANT_HEADER
Name of the header containing the IDCS tenant. This is the default used, can be overridden in builder byIdcsMtRoleMapperRxProvider.Builder.idcsTenantTokenHandler(io.helidon.security.util.TokenHandler)- See Also:
- Constant Field Values
-
IDCS_APP_HEADER
protected static final String IDCS_APP_HEADER
Name of the header containing the IDCS app. This is the default used, can be overriden in builder byIdcsMtRoleMapperRxProvider.Builder.idcsAppNameTokenHandler(io.helidon.security.util.TokenHandler)- See Also:
- Constant Field Values
-
-
Constructor Detail
-
IdcsMtRoleMapperRxProvider
protected IdcsMtRoleMapperRxProvider(IdcsMtRoleMapperRxProvider.Builder<?> builder)
Configure instance from any descendant ofIdcsMtRoleMapperRxProvider.Builder.- Parameters:
builder- containing the required configuration
-
-
Method Detail
-
builder
public static IdcsMtRoleMapperRxProvider.Builder builder()
Creates a new builder to build instances of this class.- Returns:
- a new fluent API builder.
-
create
public static SecurityProvider create(Config config)
Creates an instance from configuration.Expects:
- oidc-config to load an instance of
OidcConfig - cache-config (optional) to load an instance of
EvictableCachefor role caching
- Parameters:
config- configuration of this provider- Returns:
- a new instance configured from config
- oidc-config to load an instance of
-
enhance
protected Single<Subject> enhance(ProviderRequest request, AuthenticationResponse previousResponse, Subject subject)
Enhance the subject with appropriate roles from IDCS.- Specified by:
enhancein classIdcsRoleMapperRxProviderBase- Parameters:
request- provider requestpreviousResponse- authenticated response (never null)subject- subject of the user (never null)- Returns:
- future with enhanced subject
-
computeGrants
protected Single<List<? extends Grant>> computeGrants(String idcsTenantId, String idcsAppName, Subject subject)
Compute grants for the provided MT information.- Parameters:
idcsTenantId- tenant ididcsAppName- app namesubject- subject- Returns:
- future with grants to be added to the subject
-
extractIdcsMtContext
protected Optional<IdcsMtContext> extractIdcsMtContext(Subject subject, ProviderRequest request)
Extract IDCS multitenancy context form the the request.By default, the context is extracted from the headers using token handlers for
tenantandapp.- Parameters:
subject- Subject that is being mappedrequest- ProviderRequest context that is being mapped.- Returns:
- Optional with the context, empty if the context is not present in the request.
-
addAdditionalGrants
protected Single<List<? extends Grant>> addAdditionalGrants(String idcsTenantId, String idcsAppName, Subject subject, List<Grant> idcsGrants)
Extension point to add additional grants to the subject being created.- Parameters:
idcsTenantId- IDCS tenant ididcsAppName- IDCS application namesubject- subject of the user/serviceidcsGrants- Roles already retrieved from IDCS- Returns:
- list with new grants to add to the enhanced subject
-
getGrantsFromServer
protected Single<List<? extends Grant>> getGrantsFromServer(String idcsTenantId, String idcsAppName, Subject subject)
Get grants from IDCS server. The result is cached.- Parameters:
idcsTenantId- ID of the IDCS tenantidcsAppName- Name of IDCS applicationsubject- subject to get grants for- Returns:
- optional list of grants from server
-
getAppToken
protected Single<Optional<String>> getAppToken(String idcsTenantId, RoleMapTracing tracing)
Gets token from cache or from server.- Parameters:
idcsTenantId- id of tenanttracing- Role mapping tracing instance to correctly trace outbound calls- Returns:
- the token to be used to authenticate this service
-
multitenancyEndpoints
protected IdcsMtRoleMapperRxProvider.MultitenancyEndpoints multitenancyEndpoints()
Get theIdcsMtRoleMapperRxProvider.MultitenancyEndpointsused to get assertion and token endpoints of a multitenant IDCS.- Returns:
- endpoints to use by this implementation
-
-