Module io.helidon.security.providers.idcs.mapper

Package io.helidon.security.providers.idcs.mapper

Class IdcsMtRoleMapperRxProvider

java.lang.Object

io.helidon.security.providers.idcs.mapper.IdcsRoleMapperRxProviderBase

io.helidon.security.providers.idcs.mapper.IdcsMtRoleMapperRxProvider

All Implemented Interfaces:

SecurityProvider, SubjectMappingProvider

public class IdcsMtRoleMapperRxProvider
extends IdcsRoleMapperRxProviderBase

SubjectMappingProvider to obtain roles from IDCS server for a user. Supports multi tenancy in IDCS.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	IdcsMtRoleMapperRxProvider.Builder<B extends IdcsMtRoleMapperRxProvider.Builder<B>>	Fluent API builder for IdcsMtRoleMapperRxProvider.
protected static class	IdcsMtRoleMapperRxProvider.DefaultMultitenancyEndpoints	Default implementation of the IdcsMtRoleMapperRxProvider.MultitenancyEndpoints.
static class	IdcsMtRoleMapperRxProvider.MtCacheKey	Cache key for multitenant environments.
static interface	IdcsMtRoleMapperRxProvider.MultitenancyEndpoints	Multitenant endpoints for accessing IDCS services.

Nested classes/interfaces inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperRxProviderBase

IdcsRoleMapperRxProviderBase.AppTokenRx

Field Summary

Fields

Modifier and Type	Field	Description
protected static final String	IDCS_APP_HEADER	Name of the header containing the IDCS app.
protected static final String	IDCS_TENANT_HEADER	Name of the header containing the IDCS tenant.

Fields inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperRxProviderBase

ACCESS_TOKEN_KEY, IDCS_SUBJECT_TYPE_CLIENT, IDCS_SUBJECT_TYPE_USER, PARENT_CONTEXT_CLIENT_PROPERTY, ROLE_APPROLE, ROLE_GROUP

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	IdcsMtRoleMapperRxProvider(IdcsMtRoleMapperRxProvider.Builder<?> builder)	Configure instance from any descendant of IdcsMtRoleMapperRxProvider.Builder.

Method Summary

Modifier and Type	Method	Description
protected Single<List<? extends Grant>>	addAdditionalGrants(String idcsTenantId, String idcsAppName, Subject subject, List<Grant> idcsGrants)	Extension point to add additional grants to the subject being created.
static IdcsMtRoleMapperRxProvider.Builder	builder()	Creates a new builder to build instances of this class.
protected Single<List<? extends Grant>>	computeGrants(String idcsTenantId, String idcsAppName, Subject subject)	Compute grants for the provided MT information.
static SecurityProvider	create(Config config)	Creates an instance from configuration.
protected Single<Subject>	enhance(ProviderRequest request, AuthenticationResponse previousResponse, Subject subject)	Enhance the subject with appropriate roles from IDCS.
protected Optional<IdcsMtContext>	extractIdcsMtContext(Subject subject, ProviderRequest request)	Extract IDCS multitenancy context form the the request.
protected Single<Optional<String>>	getAppToken(String idcsTenantId, RoleMapTracing tracing)	Gets token from cache or from server.
protected Single<List<? extends Grant>>	getGrantsFromServer(String idcsTenantId, String idcsAppName, Subject subject)	Get grants from IDCS server.
protected IdcsMtRoleMapperRxProvider.MultitenancyEndpoints	multitenancyEndpoints()	Get the IdcsMtRoleMapperRxProvider.MultitenancyEndpoints used to get assertion and token endpoints of a multitenant IDCS.

Methods inherited from class io.helidon.security.providers.idcs.mapper.IdcsRoleMapperRxProviderBase

buildSubject, defaultIdcsSubjectType, map, oidcConfig, processRoleRequest

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.helidon.security.spi.SecurityProvider

supportedAnnotations, supportedAttributes, supportedConfigKeys, supportedCustomObjects

Field Details

IDCS_TENANT_HEADER

protected static final String IDCS_TENANT_HEADER

Name of the header containing the IDCS tenant. This is the default used, can be overridden in builder by IdcsMtRoleMapperRxProvider.Builder.idcsTenantTokenHandler(io.helidon.security.util.TokenHandler)

See Also:

• Constant Field Values

IDCS_APP_HEADER

protected static final String IDCS_APP_HEADER

Name of the header containing the IDCS app. This is the default used, can be overriden in builder by IdcsMtRoleMapperRxProvider.Builder.idcsAppNameTokenHandler(io.helidon.security.util.TokenHandler)

See Also:

• Constant Field Values

Constructor Details

IdcsMtRoleMapperRxProvider

protected IdcsMtRoleMapperRxProvider(IdcsMtRoleMapperRxProvider.Builder<?> builder)

Configure instance from any descendant of IdcsMtRoleMapperRxProvider.Builder.

Parameters:

builder - containing the required configuration

Method Details

builder

public static IdcsMtRoleMapperRxProvider.Builder builder()

Creates a new builder to build instances of this class.

Returns:

a new fluent API builder.

create

public static SecurityProvider create(Config config)

Creates an instance from configuration.

Expects:

• oidc-config to load an instance of OidcConfig
• cache-config (optional) to load an instance of EvictableCache for role caching

Parameters:

config - configuration of this provider

Returns:

a new instance configured from config

enhance

protected Single<Subject> enhance(ProviderRequest request,
 AuthenticationResponse previousResponse,
 Subject subject)

Enhance the subject with appropriate roles from IDCS.

Specified by:

enhance in class IdcsRoleMapperRxProviderBase

Parameters:

request - provider request

previousResponse - authenticated response (never null)

subject - subject of the user (never null)

Returns:

future with enhanced subject

computeGrants

protected Single<List<? extends Grant>> computeGrants(String idcsTenantId,
 String idcsAppName,
 Subject subject)

Compute grants for the provided MT information.

Parameters:

idcsTenantId - tenant id

idcsAppName - app name

subject - subject

Returns:

future with grants to be added to the subject

extractIdcsMtContext

protected Optional<IdcsMtContext> extractIdcsMtContext(Subject subject,
 ProviderRequest request)

Extract IDCS multitenancy context form the the request.

By default, the context is extracted from the headers using token handlers for tenant and app.

Parameters:

subject - Subject that is being mapped

request - ProviderRequest context that is being mapped.

Returns:

Optional with the context, empty if the context is not present in the request.

addAdditionalGrants

protected Single<List<? extends Grant>> addAdditionalGrants(String idcsTenantId,
 String idcsAppName,
 Subject subject,
 List<Grant> idcsGrants)

Extension point to add additional grants to the subject being created.

Parameters:

idcsTenantId - IDCS tenant id

idcsAppName - IDCS application name

subject - subject of the user/service

idcsGrants - Roles already retrieved from IDCS

Returns:

list with new grants to add to the enhanced subject

getGrantsFromServer

protected Single<List<? extends Grant>> getGrantsFromServer(String idcsTenantId,
 String idcsAppName,
 Subject subject)

Get grants from IDCS server. The result is cached.

Parameters:

idcsTenantId - ID of the IDCS tenant

idcsAppName - Name of IDCS application

subject - subject to get grants for

Returns:

optional list of grants from server

getAppToken

protected Single<Optional<String>> getAppToken(String idcsTenantId,
 RoleMapTracing tracing)

Gets token from cache or from server.

Parameters:

idcsTenantId - id of tenant

tracing - Role mapping tracing instance to correctly trace outbound calls

Returns:

the token to be used to authenticate this service

multitenancyEndpoints

protected IdcsMtRoleMapperRxProvider.MultitenancyEndpoints multitenancyEndpoints()

Get the IdcsMtRoleMapperRxProvider.MultitenancyEndpoints used to get assertion and token endpoints of a multitenant IDCS.

Returns:

endpoints to use by this implementation