Module io.helidon.security.providers.jwt

Package io.helidon.security.providers.jwt

Class JwtProvider

java.lang.Object

io.helidon.security.spi.SynchronousProvider

io.helidon.security.providers.jwt.JwtProvider

All Implemented Interfaces:

AuthenticationProvider, OutboundSecurityProvider, SecurityProvider

public final class JwtProvider
extends SynchronousProvider
implements AuthenticationProvider, OutboundSecurityProvider

Provider that can process JWT tokens in request headers and assert identity (e.g. create a Principal for a SubjectType.USER or SubjectType.SERVICE. This provider can also propagate identity using JWT token, either by creating a new JWT or by propagating the existing token "as is". Verification and signatures of tokens is done through JWK standard - two separate JWK files are expected (one for verification, one for signatures).

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	JwtProvider.Builder	Fluent API builder for JwtProvider.
static class	JwtProvider.JwtOutboundTarget	A custom object to configure specific handling of outbound calls.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	EP_PROPERTY_OUTBOUND_USER	Deprecated, for removal: This API element is subject to removal in a future version. use EndpointConfig.PROPERTY_OUTBOUND_ID instead, the value will change in 4.x as well

Method Summary

Modifier and Type	Method	Description
static JwtProvider.Builder	builder()	A builder for this provider.
static JwtProvider	create(Config config)	Create provider instance from configuration.
boolean	isOutboundSupported(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundConfig)	Check if the path to be executed is supported by this security provider.
protected AuthenticationResponse	syncAuthenticate(ProviderRequest providerRequest)	Synchronous authentication.
protected OutboundSecurityResponse	syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig)	Synchronous outbound security.

Methods inherited from class io.helidon.security.spi.SynchronousProvider

authenticate, authorize, outboundSecurity, syncAuthorize

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.helidon.security.spi.AuthenticationProvider

authenticate

Methods inherited from interface io.helidon.security.spi.OutboundSecurityProvider

outboundSecurity

Methods inherited from interface io.helidon.security.spi.SecurityProvider

supportedAnnotations, supportedAttributes, supportedConfigKeys, supportedCustomObjects

Field Details

EP_PROPERTY_OUTBOUND_USER

@Deprecated(since="3.2.3",
            forRemoval=true)
public static final String EP_PROPERTY_OUTBOUND_USER

Deprecated, for removal: This API element is subject to removal in a future version.

use EndpointConfig.PROPERTY_OUTBOUND_ID instead, the value will change in 4.x as well

Configure this for outbound requests to override user to use.

See Also:

• Constant Field Values

Method Details

builder

public static JwtProvider.Builder builder()

A builder for this provider.

Returns:

builder to create a new instance

create

public static JwtProvider create(Config config)

Create provider instance from configuration.

Parameters:

config - configuration of this provider

Returns:

provider instance

syncAuthenticate

protected AuthenticationResponse syncAuthenticate(ProviderRequest providerRequest)

Description copied from class: SynchronousProvider

Synchronous authentication.

Overrides:

syncAuthenticate in class SynchronousProvider

Parameters:

providerRequest - context with environment, subject(s) etc.

Returns:

authentication response

See Also:

• AuthenticationProvider.authenticate(ProviderRequest)

isOutboundSupported

public boolean isOutboundSupported(ProviderRequest providerRequest,
 SecurityEnvironment outboundEnv,
 EndpointConfig outboundConfig)

Description copied from interface: OutboundSecurityProvider

Check if the path to be executed is supported by this security provider. Defaults to true.

Specified by:

isOutboundSupported in interface OutboundSecurityProvider

Parameters:

providerRequest - context with environment, subject(s) etc. that was received

outboundEnv - environment for outbound call

outboundConfig - outbound endpoint configuration

Returns:

true if this identity propagator can generate required headers for the path defined

syncOutbound

protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest,
 SecurityEnvironment outboundEnv,
 EndpointConfig outboundEndpointConfig)

Description copied from class: SynchronousProvider

Synchronous outbound security.

Overrides:

syncOutbound in class SynchronousProvider

Parameters:

providerRequest - context with environment, subject(s) etc.

outboundEnv - environment of this outbound call

outboundEndpointConfig - endpoint config for outbound call

Returns:

outbound response

See Also:

• OutboundSecurityProvider.outboundSecurity(ProviderRequest, SecurityEnvironment, EndpointConfig)
• OutboundSecurityProvider.isOutboundSupported(ProviderRequest, SecurityEnvironment, EndpointConfig)