Module io.helidon.security
Package io.helidon.security

Class Security.Builder

java.lang.Object
io.helidon.security.Security.Builder
All Implemented Interfaces:
Builder<Security.Builder,Security>, Supplier<Security>
Enclosing interface:
Security
public static final class Security.Builder extends Object implements Builder<Security.Builder,Security>
Builder pattern class for helping create Security in a convenient way.

  • Method Details

    • providerSelectionPolicy

      public Security.Builder providerSelectionPolicy(Function<ProviderSelectionPolicy.Providers,ProviderSelectionPolicy> pspFunction)
      Set the provider selection policy. The function is used to provider an immutable instance of the ProviderSelectionPolicy.

      Default is FirstProviderSelectionPolicy.

      Alternative built-in policy is: CompositeProviderSelectionPolicy - you can use its CompositeProviderSelectionPolicy.builder() to configure it and then configure this method with CompositeProviderSelectionPolicy.Builder.build().

      You can also use custom policy.

      Parameters:
      pspFunction - function to obtain an instance of the policy. This function will be only called once by security.
      Returns:
      updated builder instance

    • serverTime

      public Security.Builder serverTime(SecurityTime time)
      Server time to use when evaluating security policies that depend on time.
      Parameters:
      time - time instance with possible time shift, explicit timezone or overridden values
      Returns:
      updated builder instance

    • tracer

      public Security.Builder tracer(Tracer tracer)
      Set an open tracing tracer to use for security.
      Parameters:
      tracer - Tracer to use. If null is set, tracing will be disabled.
      Returns:
      updated builder instance

    • tracingEnabled

      public Security.Builder tracingEnabled(boolean tracingEnabled)
      Whether or not tracing should be enabled. If set to false, security tracer will be a no-op tracer.
      Parameters:
      tracingEnabled - true to enable tracing, false to disable
      Returns:
      updated builder instance

    • disableTracing

      public Security.Builder disableTracing()
      Disable open tracing support in this security instance. This will cause method SecurityContext.tracer() to return a no-op tracer.
      Returns:
      updated builder instance

    • addProvider

      public Security.Builder addProvider(SecurityProvider provider)
      Add a provider, works as addProvider(io.helidon.security.spi.SecurityProvider, String), where the name is set to Class.getSimpleName().
      Parameters:
      provider - Provider implementing multiple security provider interfaces
      Returns:
      updated builder instance

    • addProvider

      public Security.Builder addProvider(Supplier<? extends SecurityProvider> providerBuilder)
      Add a provider, works as addProvider(io.helidon.security.spi.SecurityProvider, String), where the name is set to Class.getSimpleName().
      Parameters:
      providerBuilder - Builder of a provider, method build will be immediately called
      Returns:
      updated builder instance

    • addProvider

      public Security.Builder addProvider(SecurityProvider provider, String name)
      Adds a named provider that may implement multiple interfaces. This is a helper method to allow you to invoke a builder method just once. This method will work as a chained call of add<Provider> for each provider interface your instance implements.
      Parameters:
      provider - Provider implementing multiple security provider interfaces
      name - name of the provider, if null, this provider will not be referencable from other scopes
      Returns:
      updated builder instance

    • addProvider

      public Security.Builder addProvider(Supplier<? extends SecurityProvider> providerBuilder, String name)
      Adds a named provider that may implement multiple interfaces. This is a helper method to allow you to invoke a builder method just once. This method will work as a chained call of add<Provider> for each provider interface your instance implements.
      Parameters:
      providerBuilder - Builder of provider implementing multiple security provider interfaces
      name - name of the provider, if null, this provider will not be referencable from other scopes
      Returns:
      updated builder instance

    • authenticationProvider

      public Security.Builder authenticationProvider(AuthenticationProvider provider)
      Set the default authentication provider.
      Parameters:
      provider - Provider instance to use as the default for this runtime.
      Returns:
      updated builder instance

    • authenticationProvider

      public Security.Builder authenticationProvider(Supplier<? extends AuthenticationProvider> builder)
      Set the default authentication provider.
      Parameters:
      builder - Builder of provider to use as the default for this runtime.
      Returns:
      updated builder instance

    • authorizationProvider

      public Security.Builder authorizationProvider(AuthorizationProvider provider)
      Set the default authorization provider.
      Parameters:
      provider - provider instance to use as the default for this runtime.
      Returns:
      updated builder instance

    • authorizationProvider

      public Security.Builder authorizationProvider(Supplier<? extends AuthorizationProvider> builder)
      Set the default authorization provider.
      Parameters:
      builder - Builder of provider to use as the default for this runtime.
      Returns:
      updated builder instance

    • addAuthenticationProvider

      public Security.Builder addAuthenticationProvider(AuthenticationProvider provider)
      Add an authentication provider. If default isn't set yet, sets it as default. Works as addAuthenticationProvider(io.helidon.security.spi.AuthenticationProvider, String) where the name is simple class name.
      Parameters:
      provider - provider instance to add
      Returns:
      updated builder instance

    • addAuthenticationProvider

      public Security.Builder addAuthenticationProvider(Supplier<? extends AuthenticationProvider> builder)
      Add an authentication provider. If default isn't set yet, sets it as default. Works as addAuthenticationProvider(io.helidon.security.spi.AuthenticationProvider, String) where the name is simple class name.
      Parameters:
      builder - builder of provider to add
      Returns:
      updated builder instance

    • addAuthenticationProvider

      public Security.Builder addAuthenticationProvider(AuthenticationProvider provider, String name)
      Add a named authentication provider. Provider can be referenced by name e.g. from configuration.
      Parameters:
      provider - provider instance
      name - name of provider, may be null or empty, but as such will not be rerefencable by name
      Returns:
      updated builder instance

    • addAuthenticationProvider

      public Security.Builder addAuthenticationProvider(Supplier<? extends AuthenticationProvider> builder, String name)
      Add a named authentication provider. Provider can be referenced by name e.g. from configuration.
      Parameters:
      builder - builder of provider instance
      name - name of provider, may be null or empty, but as such will not be rerefencable by name
      Returns:
      updated builder instance

    • addAuthorizationProvider

      public Security.Builder addAuthorizationProvider(AuthorizationProvider provider)
      Add authorization provider. If there is no default yet, it will become the default.
      Parameters:
      provider - provider instance
      Returns:
      updated builder instance

    • addAuthorizationProvider

      public Security.Builder addAuthorizationProvider(Supplier<? extends AuthorizationProvider> builder)
      Add authorization provider. If there is no default yet, it will become the default.
      Parameters:
      builder - builder of provider instance
      Returns:
      updated builder instance

    • addAuthorizationProvider

      public Security.Builder addAuthorizationProvider(AuthorizationProvider provider, String name)
      Add a named authorization provider. Named authorization provider can be referenced, such as from configuration.
      Parameters:
      provider - provider instance
      name - name of provider, may be null or empty, but as such will not be referencable
      Returns:
      updated builder instance

    • addAuthorizationProvider

      public Security.Builder addAuthorizationProvider(Supplier<? extends AuthorizationProvider> builder, String name)
      Add a named authorization provider. Named authorization provider can be referenced, such as from configuration.
      Parameters:
      builder - builder of provider instance
      name - name of provider, may be null or empty, but as such will not be referencable
      Returns:
      updated builder instance

    • addOutboundSecurityProvider

      public Security.Builder addOutboundSecurityProvider(OutboundSecurityProvider provider)
      All configured identity propagation providers are used. The first provider to return true to OutboundSecurityProvider.isOutboundSupported(io.helidon.security.ProviderRequest, io.helidon.security.SecurityEnvironment, io.helidon.security.EndpointConfig) will be called to process current request. Others will be ignored.
      Parameters:
      provider - Provider instance
      Returns:
      updated builder instance

    • addOutboundSecurityProvider

      public Security.Builder addOutboundSecurityProvider(Supplier<? extends OutboundSecurityProvider> builder)
      All configured identity propagation providers are used. The first provider to return true to OutboundSecurityProvider.isOutboundSupported(io.helidon.security.ProviderRequest, io.helidon.security.SecurityEnvironment, io.helidon.security.EndpointConfig) will be called to process current request. Others will be ignored.
      Parameters:
      builder - Builder of provider instance
      Returns:
      updated builder instance

    • addOutboundSecurityProvider

      public Security.Builder addOutboundSecurityProvider(Supplier<? extends OutboundSecurityProvider> build, String name)
      Add a named outbound security provider. Explicit names can be used when using secured client - see integration with Jersey.
      Parameters:
      build - Builder of provider to use
      name - name of the provider for reference from configuration
      Returns:
      updated builder instance.

    • addOutboundSecurityProvider

      public Security.Builder addOutboundSecurityProvider(OutboundSecurityProvider provider, String name)
      Add a named outbound security provider.
      Parameters:
      provider - Provider to use
      name - name of the provider for reference from configuration
      Returns:
      updated builder instance.

    • addSecretProvider

      public Security.Builder addSecretProvider(SecretsProvider<?> provider, String name)
      Add a named secret provider.
      Parameters:
      provider - provider to use
      name - name of the provider for reference from configuration
      Returns:
      updated builder instance

    • addEncryptionProvider

      public Security.Builder addEncryptionProvider(EncryptionProvider<?> provider, String name)
      Add a named encryption provider.
      Parameters:
      provider - provider to use
      name - name of the provider for reference from configuration
      Returns:
      updated builder instance

    • addDigestProvider

      public Security.Builder addDigestProvider(DigestProvider<?> provider, String name)
      Add a named digest provider (providing signatures and possibly HMAC).
      Parameters:
      provider - provider to use
      name - name of the provider for reference from configuration
      Returns:
      updated builder instance

    • addAuditProvider

      public Security.Builder addAuditProvider(AuditProvider provider)
      Add an audit provider to this security runtime. All configured audit providers are used.
      Parameters:
      provider - provider instance
      Returns:
      updated builder instance

    • subjectMappingProvider

      public Security.Builder subjectMappingProvider(SubjectMappingProvider provider)
      Configure a subject mapping provider that would be used once authentication is processed. Allows you to add Grants to Subject or modify it in other ways.
      Parameters:
      provider - provider to use for subject mapping
      Returns:
      updated builder instance

    • addAuditProvider

      public Security.Builder addAuditProvider(Supplier<? extends AuditProvider> builder)
      Add an audit provider to this security runtime. All configured audit providers are used.
      Parameters:
      builder - Builder of provider instance
      Returns:
      updated builder instance

    • config

      public Security.Builder config(Config config)
      Add config instance to this builder. This may be later use by components initialized as a side-effect of creating an instance of security (such as security providers).
      Parameters:
      config - Config instance
      Returns:
      this instance

    • enabled

      public Security.Builder enabled(boolean enabled)
      Security can be disabled using configuration, or explicitly. By default, security instance is enabled. Disabled security instance will not perform any checks and allow all requests.
      Parameters:
      enabled - set to false to disable security
      Returns:
      updated builder instance

    • build

      public Security build()
      Builds configured Security instance.
      Specified by:
      build in interface Builder<Security.Builder,Security>
      Returns:
      built instance.

    • addSecret

      public <T extends ProviderConfig> Security.Builder addSecret(String name, SecretsProvider<T> secretProvider, T providerConfig)
      Add a secret to security configuration.
      Type Parameters:
      T - type of the provider specific configuration object
      Parameters:
      name - name of the secret configuration
      secretProvider - security provider handling this secret
      providerConfig - security provider configuration for this secret
      Returns:
      updated builder instance
      See Also:

    • addEncryption

      public <T extends ProviderConfig> Security.Builder addEncryption(String name, EncryptionProvider<T> encryptionProvider, T providerConfig)
      Add an encryption to security configuration.
      Type Parameters:
      T - type of the provider specific configuration object
      Parameters:
      name - name of the encryption configuration
      encryptionProvider - security provider handling this encryption
      providerConfig - security provider configuration for this encryption
      Returns:
      updated builder instance
      See Also:

    • addDigest

      public <T extends ProviderConfig> Security.Builder addDigest(String name, DigestProvider<T> digestProvider, T providerConfig)
      Add a signature/HMAC to security configuration.
      Type Parameters:
      T - type of the provider specific configuration object
      Parameters:
      name - name of the digest configuration
      digestProvider - security provider handling this digest
      providerConfig - security provider configuration for this digest
      Returns:
      updated builder instance
      See Also:

    • executorService

      public Security.Builder executorService(Supplier<ExecutorService> supplier)
      Configure executor service to be used for blocking operations within security.
      Parameters:
      supplier - supplier of an executor service, as as ThreadPoolSupplier
      Returns:
      updated builder

    • noProvider

      public boolean noProvider(Class<? extends SecurityProvider> providerClass)
      Check whether any provider is configured.
      Parameters:
      providerClass - type of provider of interest (can be AuthenticationProvider and other interfaces implementing SecurityProvider)
      Returns:
      true if no provider is configured, false if there is at least one provider configured

    • hasProvider

      public boolean hasProvider(String name)
      Check whether a provider with the name is configured.
      Parameters:
      name - name of a provider
      Returns:
      true if such a provider is configured