java.lang.Object
io.helidon.security.Security.Builder
- All Implemented Interfaces:
Builder<Security.Builder,
,Security> Supplier<Security>
- Enclosing interface:
- Security
public static final class Security.Builder
extends Object
implements Builder<Security.Builder,Security>
Builder pattern class for helping create
Security
in a convenient way.-
Method Summary
Modifier and TypeMethodDescriptionaddAuditProvider
(AuditProvider provider) Add an audit provider to this security runtime.addAuditProvider
(Supplier<? extends AuditProvider> builder) Add an audit provider to this security runtime.Add an authentication provider.addAuthenticationProvider
(AuthenticationProvider provider, String name) Add a named authentication provider.addAuthenticationProvider
(Supplier<? extends AuthenticationProvider> builder) Add an authentication provider.addAuthenticationProvider
(Supplier<? extends AuthenticationProvider> builder, String name) Add a named authentication provider.Add authorization provider.addAuthorizationProvider
(AuthorizationProvider provider, String name) Add a named authorization provider.addAuthorizationProvider
(Supplier<? extends AuthorizationProvider> builder) Add authorization provider.addAuthorizationProvider
(Supplier<? extends AuthorizationProvider> builder, String name) Add a named authorization provider.<T extends ProviderConfig>
Security.BuilderaddDigest
(String name, DigestProvider<T> digestProvider, T providerConfig) Add a signature/HMAC to security configuration.addDigestProvider
(DigestProvider<?> provider, String name) Add a named digest provider (providing signatures and possibly HMAC).<T extends ProviderConfig>
Security.BuilderaddEncryption
(String name, EncryptionProvider<T> encryptionProvider, T providerConfig) Add an encryption to security configuration.addEncryptionProvider
(EncryptionProvider<?> provider, String name) Add a named encryption provider.All configured identity propagation providers are used.addOutboundSecurityProvider
(OutboundSecurityProvider provider, String name) Add a named outbound security provider.addOutboundSecurityProvider
(Supplier<? extends OutboundSecurityProvider> builder) All configured identity propagation providers are used.addOutboundSecurityProvider
(Supplier<? extends OutboundSecurityProvider> build, String name) Add a named outbound security provider.addProvider
(SecurityProvider provider) Add a provider, works asaddProvider(io.helidon.security.spi.SecurityProvider, String)
, where the name is set toClass.getSimpleName()
.addProvider
(SecurityProvider provider, String name) Adds a named provider that may implement multiple interfaces.addProvider
(Supplier<? extends SecurityProvider> providerBuilder) Add a provider, works asaddProvider(io.helidon.security.spi.SecurityProvider, String)
, where the name is set toClass.getSimpleName()
.addProvider
(Supplier<? extends SecurityProvider> providerBuilder, String name) Adds a named provider that may implement multiple interfaces.<T extends ProviderConfig>
Security.BuilderaddSecret
(String name, SecretsProvider<T> secretProvider, T providerConfig) Add a secret to security configuration.addSecretProvider
(SecretsProvider<?> provider, String name) Add a named secret provider.authenticationProvider
(AuthenticationProvider provider) Set the default authentication provider.authenticationProvider
(Supplier<? extends AuthenticationProvider> builder) Set the default authentication provider.authorizationProvider
(AuthorizationProvider provider) Set the default authorization provider.authorizationProvider
(Supplier<? extends AuthorizationProvider> builder) Set the default authorization provider.build()
Builds configured Security instance.Add config instance to this builder.Disable open tracing support in this security instance.enabled
(boolean enabled) Security can be disabled using configuration, or explicitly.executorService
(Supplier<ExecutorService> supplier) Configure executor service to be used for blocking operations within security.boolean
hasProvider
(String name) Check whether a provider with the name is configured.boolean
noProvider
(Class<? extends SecurityProvider> providerClass) Check whether any provider is configured.providerSelectionPolicy
(Function<ProviderSelectionPolicy.Providers, ProviderSelectionPolicy> pspFunction) Set the provider selection policy.serverTime
(SecurityTime time) Server time to use when evaluating security policies that depend on time.subjectMappingProvider
(SubjectMappingProvider provider) Configure a subject mapping provider that would be used once authentication is processed.Set an open tracing tracer to use for security.tracingEnabled
(boolean tracingEnabled) Whether or not tracing should be enabled.
-
Method Details
-
providerSelectionPolicy
public Security.Builder providerSelectionPolicy(Function<ProviderSelectionPolicy.Providers, ProviderSelectionPolicy> pspFunction) Set the provider selection policy. The function is used to provider an immutable instance of theProviderSelectionPolicy
.Default is
FirstProviderSelectionPolicy
.Alternative built-in policy is:
CompositeProviderSelectionPolicy
- you can use itsCompositeProviderSelectionPolicy.builder()
to configure it and then configure this method withCompositeProviderSelectionPolicy.Builder.build()
.You can also use custom policy.
- Parameters:
pspFunction
- function to obtain an instance of the policy. This function will be only called once by security.- Returns:
- updated builder instance
-
serverTime
Server time to use when evaluating security policies that depend on time.- Parameters:
time
- time instance with possible time shift, explicit timezone or overridden values- Returns:
- updated builder instance
-
tracer
Set an open tracing tracer to use for security.- Parameters:
tracer
- Tracer to use. If null is set, tracing will be disabled.- Returns:
- updated builder instance
-
tracingEnabled
Whether or not tracing should be enabled. If set to false, security tracer will be a no-op tracer.- Parameters:
tracingEnabled
- true to enable tracing, false to disable- Returns:
- updated builder instance
-
disableTracing
Disable open tracing support in this security instance. This will cause methodSecurityContext.tracer()
to return a no-op tracer.- Returns:
- updated builder instance
-
addProvider
Add a provider, works asaddProvider(io.helidon.security.spi.SecurityProvider, String)
, where the name is set toClass.getSimpleName()
.- Parameters:
provider
- Provider implementing multiple security provider interfaces- Returns:
- updated builder instance
-
addProvider
Add a provider, works asaddProvider(io.helidon.security.spi.SecurityProvider, String)
, where the name is set toClass.getSimpleName()
.- Parameters:
providerBuilder
- Builder of a provider, method build will be immediately called- Returns:
- updated builder instance
-
addProvider
Adds a named provider that may implement multiple interfaces. This is a helper method to allow you to invoke a builder method just once. This method will work as a chained call of add<Provider> for each provider interface your instance implements.- Parameters:
provider
- Provider implementing multiple security provider interfacesname
- name of the provider, if null, this provider will not be referencable from other scopes- Returns:
- updated builder instance
-
addProvider
public Security.Builder addProvider(Supplier<? extends SecurityProvider> providerBuilder, String name) Adds a named provider that may implement multiple interfaces. This is a helper method to allow you to invoke a builder method just once. This method will work as a chained call of add<Provider> for each provider interface your instance implements.- Parameters:
providerBuilder
- Builder of provider implementing multiple security provider interfacesname
- name of the provider, if null, this provider will not be referencable from other scopes- Returns:
- updated builder instance
-
authenticationProvider
Set the default authentication provider.- Parameters:
provider
- Provider instance to use as the default for this runtime.- Returns:
- updated builder instance
-
authenticationProvider
Set the default authentication provider.- Parameters:
builder
- Builder of provider to use as the default for this runtime.- Returns:
- updated builder instance
-
authorizationProvider
Set the default authorization provider.- Parameters:
provider
- provider instance to use as the default for this runtime.- Returns:
- updated builder instance
-
authorizationProvider
Set the default authorization provider.- Parameters:
builder
- Builder of provider to use as the default for this runtime.- Returns:
- updated builder instance
-
addAuthenticationProvider
Add an authentication provider. If default isn't set yet, sets it as default. Works asaddAuthenticationProvider(io.helidon.security.spi.AuthenticationProvider, String)
where the name is simple class name.- Parameters:
provider
- provider instance to add- Returns:
- updated builder instance
-
addAuthenticationProvider
public Security.Builder addAuthenticationProvider(Supplier<? extends AuthenticationProvider> builder) Add an authentication provider. If default isn't set yet, sets it as default. Works asaddAuthenticationProvider(io.helidon.security.spi.AuthenticationProvider, String)
where the name is simple class name.- Parameters:
builder
- builder of provider to add- Returns:
- updated builder instance
-
addAuthenticationProvider
Add a named authentication provider. Provider can be referenced by name e.g. from configuration.- Parameters:
provider
- provider instancename
- name of provider, may be null or empty, but as such will not be rerefencable by name- Returns:
- updated builder instance
-
addAuthenticationProvider
public Security.Builder addAuthenticationProvider(Supplier<? extends AuthenticationProvider> builder, String name) Add a named authentication provider. Provider can be referenced by name e.g. from configuration.- Parameters:
builder
- builder of provider instancename
- name of provider, may be null or empty, but as such will not be rerefencable by name- Returns:
- updated builder instance
-
addAuthorizationProvider
Add authorization provider. If there is no default yet, it will become the default.- Parameters:
provider
- provider instance- Returns:
- updated builder instance
-
addAuthorizationProvider
Add authorization provider. If there is no default yet, it will become the default.- Parameters:
builder
- builder of provider instance- Returns:
- updated builder instance
-
addAuthorizationProvider
Add a named authorization provider. Named authorization provider can be referenced, such as from configuration.- Parameters:
provider
- provider instancename
- name of provider, may be null or empty, but as such will not be referencable- Returns:
- updated builder instance
-
addAuthorizationProvider
public Security.Builder addAuthorizationProvider(Supplier<? extends AuthorizationProvider> builder, String name) Add a named authorization provider. Named authorization provider can be referenced, such as from configuration.- Parameters:
builder
- builder of provider instancename
- name of provider, may be null or empty, but as such will not be referencable- Returns:
- updated builder instance
-
addOutboundSecurityProvider
All configured identity propagation providers are used. The first provider to return true toOutboundSecurityProvider.isOutboundSupported(io.helidon.security.ProviderRequest, io.helidon.security.SecurityEnvironment, io.helidon.security.EndpointConfig)
will be called to process current request. Others will be ignored.- Parameters:
provider
- Provider instance- Returns:
- updated builder instance
-
addOutboundSecurityProvider
public Security.Builder addOutboundSecurityProvider(Supplier<? extends OutboundSecurityProvider> builder) All configured identity propagation providers are used. The first provider to return true toOutboundSecurityProvider.isOutboundSupported(io.helidon.security.ProviderRequest, io.helidon.security.SecurityEnvironment, io.helidon.security.EndpointConfig)
will be called to process current request. Others will be ignored.- Parameters:
builder
- Builder of provider instance- Returns:
- updated builder instance
-
addOutboundSecurityProvider
public Security.Builder addOutboundSecurityProvider(Supplier<? extends OutboundSecurityProvider> build, String name) Add a named outbound security provider. Explicit names can be used when using secured client - see integration with Jersey.- Parameters:
build
- Builder of provider to usename
- name of the provider for reference from configuration- Returns:
- updated builder instance.
-
addOutboundSecurityProvider
Add a named outbound security provider.- Parameters:
provider
- Provider to usename
- name of the provider for reference from configuration- Returns:
- updated builder instance.
-
addSecretProvider
Add a named secret provider.- Parameters:
provider
- provider to usename
- name of the provider for reference from configuration- Returns:
- updated builder instance
-
addEncryptionProvider
Add a named encryption provider.- Parameters:
provider
- provider to usename
- name of the provider for reference from configuration- Returns:
- updated builder instance
-
addDigestProvider
Add a named digest provider (providing signatures and possibly HMAC).- Parameters:
provider
- provider to usename
- name of the provider for reference from configuration- Returns:
- updated builder instance
-
addAuditProvider
Add an audit provider to this security runtime. All configured audit providers are used.- Parameters:
provider
- provider instance- Returns:
- updated builder instance
-
subjectMappingProvider
Configure a subject mapping provider that would be used once authentication is processed. Allows you to addGrants
toSubject
or modify it in other ways.- Parameters:
provider
- provider to use for subject mapping- Returns:
- updated builder instance
-
addAuditProvider
Add an audit provider to this security runtime. All configured audit providers are used.- Parameters:
builder
- Builder of provider instance- Returns:
- updated builder instance
-
config
Add config instance to this builder. This may be later use by components initialized as a side-effect of creating an instance of security (such as security providers).- Parameters:
config
- Config instance- Returns:
- this instance
-
enabled
Security can be disabled using configuration, or explicitly. By default, security instance is enabled. Disabled security instance will not perform any checks and allow all requests.- Parameters:
enabled
- set tofalse
to disable security- Returns:
- updated builder instance
-
build
Builds configured Security instance.- Specified by:
build
in interfaceBuilder<Security.Builder,
Security> - Returns:
- built instance.
-
addSecret
public <T extends ProviderConfig> Security.Builder addSecret(String name, SecretsProvider<T> secretProvider, T providerConfig) Add a secret to security configuration.- Type Parameters:
T
- type of the provider specific configuration object- Parameters:
name
- name of the secret configurationsecretProvider
- security provider handling this secretproviderConfig
- security provider configuration for this secret- Returns:
- updated builder instance
- See Also:
-
addEncryption
public <T extends ProviderConfig> Security.Builder addEncryption(String name, EncryptionProvider<T> encryptionProvider, T providerConfig) Add an encryption to security configuration.- Type Parameters:
T
- type of the provider specific configuration object- Parameters:
name
- name of the encryption configurationencryptionProvider
- security provider handling this encryptionproviderConfig
- security provider configuration for this encryption- Returns:
- updated builder instance
- See Also:
-
addDigest
public <T extends ProviderConfig> Security.Builder addDigest(String name, DigestProvider<T> digestProvider, T providerConfig) Add a signature/HMAC to security configuration.- Type Parameters:
T
- type of the provider specific configuration object- Parameters:
name
- name of the digest configurationdigestProvider
- security provider handling this digestproviderConfig
- security provider configuration for this digest- Returns:
- updated builder instance
- See Also:
-
executorService
Configure executor service to be used for blocking operations within security.- Parameters:
supplier
- supplier of an executor service, as asThreadPoolSupplier
- Returns:
- updated builder
-
noProvider
Check whether any provider is configured.- Parameters:
providerClass
- type of provider of interest (can beAuthenticationProvider
and other interfaces implementingSecurityProvider
)- Returns:
true
if no provider is configured,false
if there is at least one provider configured
-
hasProvider
Check whether a provider with the name is configured.- Parameters:
name
- name of a provider- Returns:
- true if such a provider is configured
-