Class IdcsRoleMapperRxProviderBase

    • Field Detail

      • ROLE_GROUP

        protected static final String ROLE_GROUP
        Json key for group roles to be retrieved from IDCS response.
        See Also:
        Constant Field Values

        protected static final String ROLE_APPROLE
        Json key for app roles to be retrieved from IDCS response.
        See Also:
        Constant Field Values

        protected static final String ACCESS_TOKEN_KEY
        Json key for token to be retrieved from IDCS response when requesting application token.
        See Also:
        Constant Field Values

        protected static final String PARENT_CONTEXT_CLIENT_PROPERTY
        Property sent with JAX-RS requests to override parent span context in outbound calls. We cannot use the constant declared in ClientTracingFilter, as it is not a required dependency.
        See Also:
        Constant Field Values
    • Constructor Detail

      • IdcsRoleMapperRxProviderBase

        protected IdcsRoleMapperRxProviderBase​(IdcsRoleMapperRxProviderBase.Builder<?> builder)
        Configures the needed fields from the provided builder.
        builder - builder with oidcConfig and other needed fields.
    • Method Detail

      • map

        public Single<AuthenticationResponse> map​(ProviderRequest authenticatedRequest,
                                                  AuthenticationResponse previousResponse)
        Description copied from interface: SubjectMappingProvider
        Map grants from authenticated request (e.g. one or both of ProviderRequest.subject() or ProviderRequest.service() returns a non-empty value) to a new authentication response. The provider can change/add/remove grants (such as groups, scopes, permissions) or change the subject to a different one. This method is only invoked after a successful authentication.
        Specified by:
        map in interface SubjectMappingProvider
        authenticatedRequest - request to get user and service subjects from
        previousResponse - response from previous authentication or subject mapping provider
        a new authentication response with updated user and/or service subjects
      • enhance

        protected abstract Single<Subject> enhance​(ProviderRequest request,
                                                   AuthenticationResponse previousResponse,
                                                   Subject subject)
        Enhance subject with IDCS roles, reactive.
        request - provider request
        previousResponse - authenticated response
        subject - subject to enhance
        future with enhanced subject
      • buildSubject

        protected Subject buildSubject​(Subject originalSubject,
                                       List<? extends Grant> grants)
        Updates original subject with the list of grants.
        originalSubject - as was created by authentication provider
        grants - grants added by this role mapper
        new subject
      • oidcConfig

        protected OidcConfig oidcConfig()
        Access to OidcConfig so the field is not duplicated by classes that extend this provider.
        open ID Connect configuration (also used to configure access to IDCS)
      • defaultIdcsSubjectType

        protected String defaultIdcsSubjectType()
        Default subject type to use when requesting data from IDCS.
        configured default subject type or IDCS_SUBJECT_TYPE_USER