Module io.helidon.security

Package io.helidon.security.spi

Class SynchronousProvider

java.lang.Object

io.helidon.security.spi.SynchronousProvider

All Implemented Interfaces:

SecurityProvider

Direct Known Subclasses:

AbacProvider, GoogleTokenProvider, HeaderAtnProvider, HttpBasicAuthProvider, HttpDigestAuthProvider, JwtAuthProvider, JwtProvider

public abstract class SynchronousProvider
extends Object
implements SecurityProvider

A provider base for synchronous providers. This class doesn't (intentionally) implement any of the interfaces, as we leave it up to you, provider developer to choose which of them suits your needs. Just override the method for your provider and let the magic begin. As java does not allow for multiple inheritance of classes, this is an easy way to implement methods for all SPI interfaces without forcing each provider to handle all types of security.

Constructor Summary

Constructors

Constructor	Description
SynchronousProvider()

Method Summary

Modifier and Type	Method	Description
final CompletionStage<AuthenticationResponse>	authenticate(ProviderRequest providerRequest)	Authenticate a request.
final CompletionStage<AuthorizationResponse>	authorize(ProviderRequest providerRequest)	Authorize a request based on configuration.
final CompletionStage<OutboundSecurityResponse>	outboundSecurity(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundConfig)	Creates necessary updates to headers and entity needed for outbound security (e.g.
protected AuthenticationResponse	syncAuthenticate(ProviderRequest providerRequest)	Synchronous authentication.
protected AuthorizationResponse	syncAuthorize(ProviderRequest providerRequest)	Synchronous authorization.
protected OutboundSecurityResponse	syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig)	Synchronous outbound security.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.helidon.security.spi.SecurityProvider

supportedAnnotations, supportedAttributes, supportedConfigKeys, supportedCustomObjects

Constructor Details

SynchronousProvider

public SynchronousProvider()

Method Details

authenticate

public final CompletionStage<AuthenticationResponse> authenticate(ProviderRequest providerRequest)

Authenticate a request. This may be just resolving headers (tokens) or full authentication (basic auth). Do not throw exception for normal processing (e.g. invalid credentials; you may throw an exception in case of misconfiguration). This method will be invoked for inbound requests ONLY.

Parameters:

providerRequest - context of this security enforcement/validation

Returns:

AuthenticationResponse, including the subject for successful authentications

See Also:

• AuthenticationResponse.success(io.helidon.security.Subject)

authorize

public final CompletionStage<AuthorizationResponse> authorize(ProviderRequest providerRequest)

Authorize a request based on configuration. Authorization cannot be optional. If this method is called, it should always attempt to authorize the current request. This method will be invoked for inbound requests ONLY.

Parameters:

providerRequest - context of this security enforcement/validation

Returns:

response that either permits, denies or abstains from decision

See Also:

• AuthorizationResponse.permit()

outboundSecurity

public final CompletionStage<OutboundSecurityResponse> outboundSecurity(ProviderRequest providerRequest,
 SecurityEnvironment outboundEnv,
 EndpointConfig outboundConfig)

Creates necessary updates to headers and entity needed for outbound security (e.g. identity propagation, s2s security etc.). This method will be invoked for outbound requests ONLY.

Parameters:

providerRequest - context with environment, subject(s) etc. that was received

outboundEnv - environment for outbound call

outboundConfig - outbound endpoint configuration

Returns:

response with generated headers and other possible configuration

See Also:

• OutboundSecurityResponse.builder()

syncAuthenticate

protected AuthenticationResponse syncAuthenticate(ProviderRequest providerRequest)

Synchronous authentication.

Parameters:

providerRequest - context with environment, subject(s) etc.

Returns:

authentication response

See Also:

• AuthenticationProvider.authenticate(ProviderRequest)

syncAuthorize

protected AuthorizationResponse syncAuthorize(ProviderRequest providerRequest)

Synchronous authorization.

Parameters:

providerRequest - context with environment, subject(s) etc.

Returns:

authorization response

See Also:

• AuthorizationProvider.authorize(ProviderRequest)

syncOutbound

protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest,
 SecurityEnvironment outboundEnv,
 EndpointConfig outboundEndpointConfig)

Synchronous outbound security.

Parameters:

providerRequest - context with environment, subject(s) etc.

outboundEnv - environment of this outbound call

outboundEndpointConfig - endpoint config for outbound call

Returns:

outbound response

See Also:

• OutboundSecurityProvider.outboundSecurity(ProviderRequest, SecurityEnvironment, EndpointConfig)
• OutboundSecurityProvider.isOutboundSupported(ProviderRequest, SecurityEnvironment, EndpointConfig)