Module io.helidon.security.providers.idcs.mapper

Package io.helidon.security.providers.idcs.mapper

Class IdcsRoleMapperProviderBase

java.lang.Object

io.helidon.security.providers.idcs.mapper.IdcsRoleMapperProviderBase

All Implemented Interfaces:

SecurityProvider, SubjectMappingProvider

Direct Known Subclasses:

IdcsMtRoleMapperProvider, IdcsRoleMapperProvider

@Deprecated(forRemoval=true,
            since="2.4.0")
public abstract class IdcsRoleMapperProviderBase
extends Object
implements SubjectMappingProvider

Deprecated, for removal: This API element is subject to removal in a future version.

use IdcsRoleMapperRxProviderBase instead

Common functionality for IDCS role mapping.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
protected static class	IdcsRoleMapperProviderBase.AppToken	Deprecated, for removal: This API element is subject to removal in a future version. A token for app access to IDCS.
static class	IdcsRoleMapperProviderBase.Builder<B extends IdcsRoleMapperProviderBase.Builder<B>>	Deprecated, for removal: This API element is subject to removal in a future version. Fluent API builder for IdcsRoleMapperProviderBase.

Field Summary

Fields

Modifier and Type	Field	Description
protected static final String	ACCESS_TOKEN_KEY	Deprecated, for removal: This API element is subject to removal in a future version. Json key for token to be retrieved from IDCS response when requesting application token.
static final String	IDCS_SUBJECT_TYPE_CLIENT	Deprecated, for removal: This API element is subject to removal in a future version. Client subject type used when requesting roles from IDCS.
static final String	IDCS_SUBJECT_TYPE_USER	Deprecated, for removal: This API element is subject to removal in a future version. User subject type used when requesting roles from IDCS.
protected static final String	PARENT_CONTEXT_CLIENT_PROPERTY	Deprecated, for removal: This API element is subject to removal in a future version. Property sent with JAX-RS requests to override parent span context in outbound calls.
protected static final String	ROLE_APPROLE	Deprecated, for removal: This API element is subject to removal in a future version. Json key for app roles to be retrieved from IDCS response.
protected static final String	ROLE_GROUP	Deprecated, for removal: This API element is subject to removal in a future version. Json key for group roles to be retrieved from IDCS response.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	IdcsRoleMapperProviderBase(IdcsRoleMapperProviderBase.Builder<?> builder)	Deprecated, for removal: This API element is subject to removal in a future version. Configures the needed fields from the provided builder.

Method Summary

Modifier and Type	Method	Description
protected Subject	buildSubject(Subject originalSubject, List<? extends Grant> grants)	Deprecated, for removal: This API element is subject to removal in a future version. Updates original subject with the list of grants.
protected CompletionStage<AuthenticationResponse>	complete(AuthenticationResponse response)	Deprecated, for removal: This API element is subject to removal in a future version. Create a CompletionStage with the provided response as its completion.
protected String	defaultIdcsSubjectType()	Deprecated, for removal: This API element is subject to removal in a future version. Default subject type to use when requesting data from IDCS.
protected abstract Subject	enhance(Subject subject, ProviderRequest request, AuthenticationResponse previousResponse)	Deprecated, for removal: This API element is subject to removal in a future version. Enhance subject with IDCS roles.
CompletionStage<AuthenticationResponse>	map(ProviderRequest authenticatedRequest, AuthenticationResponse previousResponse)	Deprecated, for removal: This API element is subject to removal in a future version. Map grants from authenticated request (e.g.
protected OidcConfig	oidcConfig()	Deprecated, for removal: This API element is subject to removal in a future version. Access to OidcConfig so the field is not duplicated by classes that extend this provider.
protected Optional<List<? extends Grant>>	processServerResponse(Response groupResponse, String subjectName)	Deprecated, for removal: This API element is subject to removal in a future version. Process the server response to retrieve groups and app roles from it.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.helidon.security.spi.SecurityProvider

supportedAnnotations, supportedAttributes, supportedConfigKeys, supportedCustomObjects

Field Details

IDCS_SUBJECT_TYPE_USER

public static final String IDCS_SUBJECT_TYPE_USER

Deprecated, for removal: This API element is subject to removal in a future version.

User subject type used when requesting roles from IDCS. An attempt is made to obtain it from JWT claim sub_type. If not defined, default is used as configured in IdcsRoleMapperProviderBase.Builder.

See Also:

• Constant Field Values

IDCS_SUBJECT_TYPE_CLIENT

public static final String IDCS_SUBJECT_TYPE_CLIENT

Deprecated, for removal: This API element is subject to removal in a future version.

Client subject type used when requesting roles from IDCS. An attempt is made to obtain it from JWT claim sub_type. If not defined, default is used as configured in IdcsRoleMapperProviderBase.Builder.

See Also:

• Constant Field Values

ROLE_GROUP

protected static final String ROLE_GROUP

Deprecated, for removal: This API element is subject to removal in a future version.

Json key for group roles to be retrieved from IDCS response.

See Also:

• Constant Field Values

ROLE_APPROLE

protected static final String ROLE_APPROLE

Deprecated, for removal: This API element is subject to removal in a future version.

Json key for app roles to be retrieved from IDCS response.

See Also:

• Constant Field Values

ACCESS_TOKEN_KEY

protected static final String ACCESS_TOKEN_KEY

Deprecated, for removal: This API element is subject to removal in a future version.

Json key for token to be retrieved from IDCS response when requesting application token.

See Also:

• Constant Field Values

PARENT_CONTEXT_CLIENT_PROPERTY

protected static final String PARENT_CONTEXT_CLIENT_PROPERTY

Deprecated, for removal: This API element is subject to removal in a future version.

Property sent with JAX-RS requests to override parent span context in outbound calls. We cannot use the constant declared in ClientTracingFilter, as it is not a required dependency.

See Also:

• Constant Field Values

Constructor Details

IdcsRoleMapperProviderBase

protected IdcsRoleMapperProviderBase(IdcsRoleMapperProviderBase.Builder<?> builder)

Deprecated, for removal: This API element is subject to removal in a future version.

Configures the needed fields from the provided builder.

Parameters:

builder - builder with oidcConfig and other needed fields.

Method Details

map

public CompletionStage<AuthenticationResponse> map(ProviderRequest authenticatedRequest,
 AuthenticationResponse previousResponse)

Deprecated, for removal: This API element is subject to removal in a future version.

Description copied from interface: SubjectMappingProvider

Map grants from authenticated request (e.g. one or both of ProviderRequest.subject() or ProviderRequest.service() returns a non-empty value) to a new authentication response. The provider can change/add/remove grants (such as groups, scopes, permissions) or change the subject to a different one. This method is only invoked after a successful authentication.

Specified by:

map in interface SubjectMappingProvider

Parameters:

authenticatedRequest - request to get user and service subjects from

previousResponse - response from previous authentication or subject mapping provider

Returns:

a new authentication response with updated user and/or service subjects

complete

protected CompletionStage<AuthenticationResponse> complete(AuthenticationResponse response)

Deprecated, for removal: This API element is subject to removal in a future version.

Create a CompletionStage with the provided response as its completion.

Parameters:

response - authentication response to complete with

Returns:

stage completed with the response

enhance

protected abstract Subject enhance(Subject subject,
 ProviderRequest request,
 AuthenticationResponse previousResponse)

Deprecated, for removal: This API element is subject to removal in a future version.

Enhance subject with IDCS roles.

Parameters:

subject - subject of the user (never null)

request - provider request

previousResponse - authenticated response (never null)

Returns:

stage with the new authentication response

buildSubject

protected Subject buildSubject(Subject originalSubject,
 List<? extends Grant> grants)

Deprecated, for removal: This API element is subject to removal in a future version.

Updates original subject with the list of grants.

Parameters:

originalSubject - as was created by authentication provider

grants - grants added by this role mapper

Returns:

new subject

processServerResponse

protected Optional<List<? extends Grant>> processServerResponse(Response groupResponse,
 String subjectName)

Deprecated, for removal: This API element is subject to removal in a future version.

Process the server response to retrieve groups and app roles from it.

Parameters:

groupResponse - response from IDCS

subjectName - name of the subject

Returns:

list of grants obtained from the IDCS response

oidcConfig

protected OidcConfig oidcConfig()

Deprecated, for removal: This API element is subject to removal in a future version.

Access to OidcConfig so the field is not duplicated by classes that extend this provider.

Returns:

open ID Connect configuration (also used to configure access to IDCS)

defaultIdcsSubjectType

protected String defaultIdcsSubjectType()

Deprecated, for removal: This API element is subject to removal in a future version.

Default subject type to use when requesting data from IDCS.

Returns:

configured default subject type or IDCS_SUBJECT_TYPE_USER