Class HttpSignProvider.Builder
java.lang.Object
io.helidon.security.providers.httpsign.HttpSignProvider.Builder
- All Implemented Interfaces:
- Builder<HttpSignProvider.Builder,,- HttpSignProvider> - Supplier<HttpSignProvider>
- Enclosing class:
- HttpSignProvider
public static final class HttpSignProvider.Builder
extends Object
implements Builder<HttpSignProvider.Builder,HttpSignProvider> 
Fluent API builder for this provider. Call 
build() to create a provider instance.- 
Method SummaryModifier and TypeMethodDescriptionaddAcceptHeader(HttpSignHeader header) Add a header that is validated on inbound requests.addInbound(InboundClientDefinition client) Add inbound configuration.backwardCompatibleEol(Boolean backwardCompatible) Enable support for Helidon versions before 3.0.0 (exclusive).build()Build the instance from this builder.Create a builder from configuration.inboundRequiredHeaders(SignedHeadersConfig inboundRequiredHeaders) Override the default inbound required headers (e.g.optional(boolean optional) Set whether the signature is optional.outbound(OutboundConfig targets) Add outbound targets to this builder.Realm to use for challenging inbound requests that do not have "Authorization" header in case header isHttpSignHeader.AUTHORIZATIONand singatures are not optional.
- 
Method Details- 
buildDescription copied from interface:BuilderBuild the instance from this builder.- Specified by:
- buildin interface- Builder<HttpSignProvider.Builder,- HttpSignProvider> 
- Returns:
- instance of the built type
 
- 
configCreate a builder from configuration.- Parameters:
- config- Config located at http-signatures key
- Returns:
- builder instance configured from config
 
- 
outboundAdd outbound targets to this builder. The targets are used to chose what to do for outbound communication. The targets should haveOutboundTargetDefinitionattached throughOutboundTarget.Builder.customObject(Class, Object)to tell us how to sign the request.The same can be done through configuration: { name = "http-signatures" class = "HttpSignProvider" http-signatures { targets: [ { name = "service2" hosts = ["localhost"] paths = ["/service2/.*"] # This configures theOutboundTargetDefinitionsignature { key-id = "service1" hmac.secret = "${CLEAR=password}" } }] } }- Parameters:
- targets- targets to select correct outbound security
- Returns:
- updated builder instance
 
- 
addInboundAdd inbound configuration. This is used to validate signature and authenticate the party.The same can be done through configuration: { name = "http-signatures" class = "HttpSignProvider" http-signatures { inbound { # This configures theInboundClientDefinitionkeys: [ { key-id = "service1" hmac.secret = "${CLEAR=password}" }] } } }- Parameters:
- client- a single client configuration for inbound communication
- Returns:
- updated builder instance
 
- 
inboundRequiredHeadersOverride the default inbound required headers (e.g. headers that MUST be signed and headers that MUST be signed IF present).Defaults: - get, head, delete methods: date, (request-target), host are mandatory; authorization if present (unless we are
 creating/validating the HttpSignHeader.AUTHORIZATIONourselves
- put, post: same as above, with addition of: content-length, content-type and digest if present
- for other methods: date, (request-target)
 - Parameters:
- inboundRequiredHeaders- headers configuration
- Returns:
- updated builder instance
 
- get, head, delete methods: date, (request-target), host are mandatory; authorization if present (unless we are
 creating/validating the 
- 
addAcceptHeaderAdd a header that is validated on inbound requests. Provider may support more than one header to validate.- Parameters:
- header- header to look for signature
- Returns:
- updated builder instance
 
- 
optionalSet whether the signature is optional. If set to true (default), this provider willSecurityResponse.SecurityStatus.ABSTAINfrom this request if signature is not present. If set to false, this provider willfailif signature is not present.- Parameters:
- optional- true for optional singatures
- Returns:
- updated builder instance
 
- 
realmRealm to use for challenging inbound requests that do not have "Authorization" header in case header isHttpSignHeader.AUTHORIZATIONand singatures are not optional.- Parameters:
- realm- realm to challenge with, defautls to "helidon"
- Returns:
- updated builder instance
 
- 
backwardCompatibleEolEnable support for Helidon versions before 3.0.0 (exclusive).Until version 3.0.0 (exclusive) there was a trailing end of line added to the signed data. To be able to communicate cross versions, we must configure this when talking to older versions of Helidon. Default value is false. In Helidon 2.x, this switch exists as well and the default istrue, to allow communication between versions as needed.- Parameters:
- backwardCompatible- whether to run in backward compatible mode
- Returns:
- updated builder instance
 
 
-