Module io.helidon.security
Package io.helidon.security

Class SecurityEnvironment

java.lang.Object
io.helidon.security.SecurityEnvironment
All Implemented Interfaces:
AbacSupport
public class SecurityEnvironment extends Object implements AbacSupport
Security environment is a set of attributes that are stable for an interaction (usually a request in our case). Environment can be re-used for multiple security request (e.g authentication, authorization). Access to environment is either through methods (for known attributes) or through generic AbacSupport.abacAttribute(String) methods for any property configured by integration component.

The following properties are available (known):

  • time: decision time of the current request (e.g. when checking that this is within business hours
  • uri: target URI that was requested
  • path: path that was requested
  • method: method of the request
  • transport: transport of the request (e.g. http)
  • headers: transport headers of the request (map)

  • Method Details

    • builder

      public static SecurityEnvironment.Builder builder(SecurityTime serverTime)
      Creates a fluent API builder to build new instances of this class.
      Parameters:
      serverTime - Time to use to obtain current time
      Returns:
      a builder instance

    • builder

      public static SecurityEnvironment.Builder builder()
      Creates a fluent API builder to build new instances of this class with current time.
      Returns:
      a builder instance

    • create

      public static SecurityEnvironment create()
      Create a new instance of security environment with all default values.
      Returns:
      environment instance

    • abacAttributeRaw

      public Object abacAttributeRaw(String key)
      Description copied from interface: AbacSupport
      Return the actual property value or null if not present. This is the only method that needs to be implemented.
      Specified by:
      abacAttributeRaw in interface AbacSupport
      Parameters:
      key - key (name) of the property
      Returns:
      value of the property or null

    • abacAttributeNames

      public Collection<String> abacAttributeNames()
      Description copied from interface: AbacSupport
      A collection of all property names in this container.
      Specified by:
      abacAttributeNames in interface AbacSupport
      Returns:
      collection of keys

    • time

      public ZonedDateTime time()
      Time on the server this environment was created for current request. This should be treated as the "decisive" time of the request for security evaluation.

      This can be configured - e.g. there can be a time-shift (moving time by a specific amount of seconds to the past or to the future), or an explicit value (e.g. setting the time to 14:00 e.g. for testing purposes).

      Returns:
      server time that should be used to make security decisions
      See Also:
      • Security.Builder.serverTime()

    • targetUri

      public URI targetUri()
      Get the URI of the resource requested. For inbound request, this contains the requested URI by remote client (or as close to the original one as we can get), for outbound requests, this contains the actual URI as configured by client to be called on remote server. If we use service registry (such as Eureka), we must have access to the actual endpoint (as signatures may require signing of URI with the real host and port). Either this method MUST return a resolved URI, or we MUST have access to registry and enforce an endpoint (when resolved).
      Returns:
      URI being called or URI to be called

    • path

      public Optional<String> path()
      Path to the resource. For jax-rs, this is relative URI.
      Returns:
      Path to the resource

    • method

      public String method()
      Verb to execute on the resource. For http, this is HTTP method (PUT, GET, DELETE, POST....)
      Returns:
      Verb executing on the resource, default is GET

    • transport

      public String transport()
      Return type of transport (such as http, https, jms etc.). Transport should be case insensitive, yet I recommend using all lower case. For the purpose of this method, http and https are two separate transports!
      Returns:
      transport used for this request. Defaults to http.

    • derive

      public SecurityEnvironment.Builder derive()
      Derive a new environment builder based on this environment.
      Returns:
      builder to build a new environment overriding only needed values with a new timestamp

    • headers

      public Map<String,List<String>> headers()
      Transport headers that can be used to process the message. The headers stand here as a generalization - they cover all metadata sent with each request that is not described elsewhere. For HTTP, this would cover: all HTTP headers (done automatically by integration components), on-demand query parameters (must be explicitly configured and supported by integration component), on-demand form parameters (must be explicitly configured and supported by integration component). For JMS, this would cover: all JMS headers (in string form - byte[] should be base64 encoded). Other protocols must choose a reasonable way to transfer a request/response message into headers and entity.
      Returns:
      Header map. If transport protocol does not support headers, map will be empty

    • queryParams

      public UriQuery queryParams()
      Query parameters obtained from the request. If transport protocol does not support query parameters, instance will be empty.
      Returns:
      query parameter instance, If transport protocol does not support query parameters, instance will be empty.