Module io.helidon.security.providers.idcs.mapper
Package io.helidon.security.providers.idcs.mapper

Class IdcsRoleMapperProviderBase

    • Field Detail

      • IDCS_SUBJECT_TYPE_USER

        public static final String IDCS_SUBJECT_TYPE_USER
        Deprecated, for removal: This API element is subject to removal in a future version.
        User subject type used when requesting roles from IDCS. An attempt is made to obtain it from JWT claim sub_type. If not defined, default is used as configured in IdcsRoleMapperProviderBase.Builder.
        See Also:
        Constant Field Values

      • IDCS_SUBJECT_TYPE_CLIENT

        public static final String IDCS_SUBJECT_TYPE_CLIENT
        Deprecated, for removal: This API element is subject to removal in a future version.
        Client subject type used when requesting roles from IDCS. An attempt is made to obtain it from JWT claim sub_type. If not defined, default is used as configured in IdcsRoleMapperProviderBase.Builder.
        See Also:
        Constant Field Values

      • ROLE_GROUP

        protected static final String ROLE_GROUP
        Deprecated, for removal: This API element is subject to removal in a future version.
        Json key for group roles to be retrieved from IDCS response.
        See Also:
        Constant Field Values

      • ROLE_APPROLE

        protected static final String ROLE_APPROLE
        Deprecated, for removal: This API element is subject to removal in a future version.
        Json key for app roles to be retrieved from IDCS response.
        See Also:
        Constant Field Values

      • ACCESS_TOKEN_KEY

        protected static final String ACCESS_TOKEN_KEY
        Deprecated, for removal: This API element is subject to removal in a future version.
        Json key for token to be retrieved from IDCS response when requesting application token.
        See Also:
        Constant Field Values

      • PARENT_CONTEXT_CLIENT_PROPERTY

        protected static final String PARENT_CONTEXT_CLIENT_PROPERTY
        Deprecated, for removal: This API element is subject to removal in a future version.
        Property sent with JAX-RS requests to override parent span context in outbound calls. We cannot use the constant declared in ClientTracingFilter, as it is not a required dependency.
        See Also:
        Constant Field Values

    • Constructor Detail

      • IdcsRoleMapperProviderBase

        protected IdcsRoleMapperProviderBase​(IdcsRoleMapperProviderBase.Builder<?> builder)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Configures the needed fields from the provided builder.
        Parameters:
        builder - builder with oidcConfig and other needed fields.

    • Method Detail

      • map

        public CompletionStage<AuthenticationResponse> map​(ProviderRequest authenticatedRequest,
                                                   AuthenticationResponse previousResponse)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Description copied from interface: SubjectMappingProvider
        Map grants from authenticated request (e.g. one or both of ProviderRequest.subject() or ProviderRequest.service() returns a non-empty value) to a new authentication response. The provider can change/add/remove grants (such as groups, scopes, permissions) or change the subject to a different one. This method is only invoked after a successful authentication.
        Specified by:
        map in interface SubjectMappingProvider
        Parameters:
        authenticatedRequest - request to get user and service subjects from
        previousResponse - response from previous authentication or subject mapping provider
        Returns:
        a new authentication response with updated user and/or service subjects

      • complete

        protected CompletionStage<AuthenticationResponse> complete​(AuthenticationResponse response)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Create a CompletionStage with the provided response as its completion.
        Parameters:
        response - authentication response to complete with
        Returns:
        stage completed with the response

      • enhance

        protected abstract Subject enhance​(Subject subject,
                                   ProviderRequest request,
                                   AuthenticationResponse previousResponse)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Enhance subject with IDCS roles.
        Parameters:
        subject - subject of the user (never null)
        request - provider request
        previousResponse - authenticated response (never null)
        Returns:
        stage with the new authentication response

      • buildSubject

        protected Subject buildSubject​(Subject originalSubject,
                               List<? extends Grant> grants)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Updates original subject with the list of grants.
        Parameters:
        originalSubject - as was created by authentication provider
        grants - grants added by this role mapper
        Returns:
        new subject

      • processServerResponse

        protected Optional<List<? extends Grant>> processServerResponse​(Response groupResponse,
                                                                String subjectName)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Process the server response to retrieve groups and app roles from it.
        Parameters:
        groupResponse - response from IDCS
        subjectName - name of the subject
        Returns:
        list of grants obtained from the IDCS response

      • oidcConfig

        protected OidcConfig oidcConfig()
        Deprecated, for removal: This API element is subject to removal in a future version.
        Access to OidcConfig so the field is not duplicated by classes that extend this provider.
        Returns:
        open ID Connect configuration (also used to configure access to IDCS)

      • defaultIdcsSubjectType

        protected String defaultIdcsSubjectType()
        Deprecated, for removal: This API element is subject to removal in a future version.
        Default subject type to use when requesting data from IDCS.
        Returns:
        configured default subject type or IDCS_SUBJECT_TYPE_USER