Module io.helidon.security.providers.idcs.mapper
Package io.helidon.security.providers.idcs.mapper

Class IdcsRoleMapperRxProviderBase

    • Field Detail

      • ROLE_GROUP

        protected static final String ROLE_GROUP
        Json key for group roles to be retrieved from IDCS response.
        See Also:
        Constant Field Values

      • ROLE_APPROLE

        protected static final String ROLE_APPROLE
        Json key for app roles to be retrieved from IDCS response.
        See Also:
        Constant Field Values

      • ACCESS_TOKEN_KEY

        protected static final String ACCESS_TOKEN_KEY
        Json key for token to be retrieved from IDCS response when requesting application token.
        See Also:
        Constant Field Values

      • PARENT_CONTEXT_CLIENT_PROPERTY

        protected static final String PARENT_CONTEXT_CLIENT_PROPERTY
        Property sent with JAX-RS requests to override parent span context in outbound calls. We cannot use the constant declared in ClientTracingFilter, as it is not a required dependency.
        See Also:
        Constant Field Values

    • Constructor Detail

      • IdcsRoleMapperRxProviderBase

        protected IdcsRoleMapperRxProviderBase​(IdcsRoleMapperRxProviderBase.Builder<?> builder)
        Configures the needed fields from the provided builder.
        Parameters:
        builder - builder with oidcConfig and other needed fields.

    • Method Detail

      • map

        public Single<AuthenticationResponse> map​(ProviderRequest authenticatedRequest,
                                          AuthenticationResponse previousResponse)
        Description copied from interface: SubjectMappingProvider
        Map grants from authenticated request (e.g. one or both of ProviderRequest.subject() or ProviderRequest.service() returns a non-empty value) to a new authentication response. The provider can change/add/remove grants (such as groups, scopes, permissions) or change the subject to a different one. This method is only invoked after a successful authentication.
        Specified by:
        map in interface SubjectMappingProvider
        Parameters:
        authenticatedRequest - request to get user and service subjects from
        previousResponse - response from previous authentication or subject mapping provider
        Returns:
        a new authentication response with updated user and/or service subjects

      • enhance

        protected abstract Single<Subject> enhance​(ProviderRequest request,
                                           AuthenticationResponse previousResponse,
                                           Subject subject)
        Enhance subject with IDCS roles, reactive.
        Parameters:
        request - provider request
        previousResponse - authenticated response
        subject - subject to enhance
        Returns:
        future with enhanced subject

      • buildSubject

        protected Subject buildSubject​(Subject originalSubject,
                               List<? extends Grant> grants)
        Updates original subject with the list of grants.
        Parameters:
        originalSubject - as was created by authentication provider
        grants - grants added by this role mapper
        Returns:
        new subject

      • oidcConfig

        protected OidcConfig oidcConfig()
        Access to OidcConfig so the field is not duplicated by classes that extend this provider.
        Returns:
        open ID Connect configuration (also used to configure access to IDCS)

      • defaultIdcsSubjectType

        protected String defaultIdcsSubjectType()
        Default subject type to use when requesting data from IDCS.
        Returns:
        configured default subject type or IDCS_SUBJECT_TYPE_USER