SecuritySupports security for web (and possibly other) resources including:
- Authentication: authenticate a request
- Authorization: authorize a request to a resource, possibly using ABAC or RBAC.
- Outbound security: propagating security on outbound calls.
- Audit: auditing security operations
Various security aspects are pluggable, using
to extend functionality.
BootstrappingYou have two way to do things with security - either load it from configuration or create a fully configured instance using a builder. Both approaches should allow the same behavior.
Or using configuration:
Configuration example (Google login for users and http-signatures for service):
# Composite policy when using more than one provider
# This is a frontend service - only allow google authentication
- name: "google-login"
# Propagate the goole token and this service's identity to backend
- name: "google-login"
- name: "http-signatures"
# Google login button support - authentication and identity propagation provider
# Attribute based access control authorization provider
# HTTP signatures - authentication and identity propagation provider (for service identity)
- name: "backend"
# password may be encrypted when using secure filter for Helidon config
ClassDescriptionAn audit event to store using an Audit provider.Named parameters of audit event.Severity of
AuditEvent.Response as returned from an authentication provider.Authentication response builder.Response from an authorization decision.Builder for custom Authorization responses.Map of classes to their instances.Flag driving resolution of providers.A provider selection policy that supports composing multiple providers (current Authentication and Outbound) into a single virtual security provider.Fluent API builder to create
CompositeProviderSelectionPolicy.Each endpoint can have security configuration either statically declared (e.g.Scope of annotations used in applications that integrate security.A fluent API builder for
EndpointConfig.A concept representing anything that can be granted to a subject.A wrapper for a named security provider.Response of outbound security provider.Builder class to build custom identity propagation responses.A security principal.A fluent API builder for
Principal.A request sent to security providers.Definition of a map to bind a query param to a header.A security role used in RBAC (role based access control) schemes.A fluent API builder for
Role.Marker interface for configuration of secrets providers.This class is used to "bootstrap" security and integrate it with other frameworks; runtime main entry point is
SecurityContext.Builder pattern class for helping create
Securityin a convenient way.Common methods for security clients.Security context to retrieve security information about current user, either injected or obtained from
Security.contextBuilder(String)and to handle programmatic security.Fluent API builder for
SecurityContext.Security environment is a set of attributes that are stable for an interaction (usually a request in our case).A fluent API builder for
SecurityEnvironment.Runtime exception used as by this module to be able to identify exception caused by it.Security level stores annotations bound to the specific class and method.Builder for
SecurityLevelclass.Common methods for all security requests (authentication, authorization, and identity propagation).Fluent API to build a security request.Response from security provider (and security Module).Status of a security operation.Time used in security, configurable.Fluent API builder for
SecurityTime.A security subject, representing a user or a service.A fluent API builder for
Subject.Type of principal.