Class JwtProvider.Builder
java.lang.Object
io.helidon.security.providers.jwt.JwtProvider.Builder
- All Implemented Interfaces:
Builder<JwtProvider.Builder,
,JwtProvider> Supplier<JwtProvider>
- Enclosing class:
- JwtProvider
public static final class JwtProvider.Builder
extends Object
implements Builder<JwtProvider.Builder,JwtProvider>
Fluent API builder for
JwtProvider
.-
Method Summary
Modifier and TypeMethodDescriptionallowImpersonation
(boolean allowImpersonation) Whether to allow impersonation by explicitly overriding username from outbound requests usingEndpointConfig.PROPERTY_OUTBOUND_ID
property.allowUnsigned
(boolean allowUnsigned) Configure support for unsigned JWT.atnTokenHandler
(TokenHandler tokenHandler) Token handler to extract username from request.authenticate
(boolean authenticate) Whether to authenticate requests.build()
Build the instance from this builder.Load this builder from a configuration.void
expectedAudience
(String audience) Audience expected in inbound JWTs.Issuer used to create new JWTs.optional
(boolean optional) Whether authentication is required.outboundConfig
(OutboundConfig config) Configuration of outbound rules.propagate
(boolean propagate) Whether to propagate identity.JWK resource used to sign JWTs created by us.subjectType
(SubjectType subjectType) Principal type this provider extracts (and also propagates).useJwtGroups
(boolean useJwtGroups) Claimgroups
from JWT will be used to automatically add groups to current subject (may be used withRolesAllowed
annotation).JWK resource used to verify JWTs created by other parties.verifySignature
(boolean shouldValidate) Configure whether to verify signatures.
-
Method Details
-
build
Description copied from interface:Builder
Build the instance from this builder.- Specified by:
build
in interfaceBuilder<JwtProvider.Builder,
JwtProvider> - Returns:
- instance of the built type
-
propagate
Whether to propagate identity.- Parameters:
propagate
- whether to propagate identity (true) or not (false)- Returns:
- updated builder instance
-
authenticate
Whether to authenticate requests.- Parameters:
authenticate
- whether to authenticate (true) or not (false)- Returns:
- updated builder instance
-
allowImpersonation
Whether to allow impersonation by explicitly overriding username from outbound requests usingEndpointConfig.PROPERTY_OUTBOUND_ID
property. By default this is not allowed and identity can only be propagated.- Parameters:
allowImpersonation
- set to true to allow impersonation- Returns:
- updated builder instance
-
allowUnsigned
Configure support for unsigned JWT. If this is set totrue
any JWT that has algorithm set tonone
and nokid
defined will be accepted. Note that this has serious security impact - if JWT can be sent from a third party, this allows the third party to send ANY JWT and it would be accpted as valid.- Parameters:
allowUnsigned
- to allow unsigned (insecure) JWT- Returns:
- updated builder insdtance
-
verifySignature
Configure whether to verify signatures. Signatures verification is enabled by default. You can configure the provider not to verify signatures.Make sure your service is properly secured on network level and only accessible from a secure endpoint that provides the JWTs when signature verification is disabled. If signature verification is disabled, this service will accept ANY JWT
- Parameters:
shouldValidate
- set to false to disable validation of JWT signatures- Returns:
- updated builder instance
-
subjectType
Principal type this provider extracts (and also propagates).- Parameters:
subjectType
- type of principal- Returns:
- updated builder instance
-
atnTokenHandler
Token handler to extract username from request.- Parameters:
tokenHandler
- token handler instance- Returns:
- updated builder instance
-
optional
Whether authentication is required. By default, request will fail if the username cannot be extracted. If set to false, request will process and this provider will abstain.- Parameters:
optional
- whether authentication is optional (true) or required (false)- Returns:
- updated builder instance
-
outboundConfig
Configuration of outbound rules.- Parameters:
config
- outbound configuration, each target may contain custom objectJwtProvider.JwtOutboundTarget
to add our configuration.- Returns:
- updated builder instance
-
signJwk
JWK resource used to sign JWTs created by us.- Parameters:
signJwkResource
- resource pointing to a JSON with keys- Returns:
- updated builder instance
-
verifyJwk
JWK resource used to verify JWTs created by other parties.- Parameters:
verifyJwkResource
- resource pointing to a JSON with keys- Returns:
- updated builder instance
-
issuer
Issuer used to create new JWTs.- Parameters:
issuer
- issuer to add to the issuer claim- Returns:
- updated builder instance
-
config
Load this builder from a configuration.- Parameters:
config
- configuration to load from- Returns:
- updated builder instance
-
expectedAudience
Audience expected in inbound JWTs.- Parameters:
audience
- audience string
-
useJwtGroups
Claimgroups
from JWT will be used to automatically add groups to current subject (may be used withRolesAllowed
annotation).- Parameters:
useJwtGroups
- whether to usegroups
claim from JWT to retrieve roles- Returns:
- updated builder instance
-