Module io.helidon.webserver.grpc.security

Package io.helidon.webserver.grpc.security

Class GrpcSecurityHandler

java.lang.Object

io.helidon.webserver.grpc.security.GrpcSecurityHandler

All Implemented Interfaces:

io.grpc.ServerInterceptor, RuntimeType.Api<GrpcSecurityHandlerConfig>, GrpcMethodDescriptor.Configurer, GrpcServiceDescriptor.Configurer

public final class GrpcSecurityHandler
extends Object
implements io.grpc.ServerInterceptor, GrpcServiceDescriptor.Configurer, GrpcMethodDescriptor.Configurer, RuntimeType.Api<GrpcSecurityHandlerConfig>

Per-service or per-method security rules for gRPC security.

Register GrpcSecurity on gRPC routing to enforce authentication, authorization, and auditing. A handler attached directly to a gRPC service or method descriptor only selects the rules used by GrpcSecurity; by itself it does not enforce security.

Method Summary

Modifier and Type	Method	Description
GrpcSecurityHandler	audit()	Audit a request.
GrpcSecurityHandler	auditEventType(String eventType)	Override audit event type.
GrpcSecurityHandler	auditMessageFormat(String messageFormat)	Override audit message format.
GrpcSecurityHandler	authenticate()	Authenticate a request.
GrpcSecurityHandler	authenticationOptional()	Allow anonymous access when authentication fails.
GrpcSecurityHandler	authenticator(String explicitAuthenticator)	Use a named authenticator.
GrpcSecurityHandler	authorize()	Authorize a request.
GrpcSecurityHandler	authorizer(String explicitAuthorizer)	Use a named authorizer.
static GrpcSecurityHandlerConfig.Builder	builder()	Create a new fluent API builder for security handler.
void	configure(GrpcMethodDescriptor.Rules rules)	Apply extra configuration to a GrpcMethodDescriptor.Rules.
void	configure(GrpcServiceDescriptor.Rules rules)	Apply extra configuration to a GrpcServiceDescriptor.Rules.
static GrpcSecurityHandler	create(Config config)	Create a handler from configuration.
static GrpcSecurityHandler	create(Config config, GrpcSecurityHandler defaults)	Create a handler from configuration and defaults.
static GrpcSecurityHandler	create(Consumer<GrpcSecurityHandlerConfig.Builder> consumer)	Create a new handler, customizing its configuration.
GrpcSecurityHandler	customObject(Object object)	Register a custom object for security request(s).
<ReqT, RespT> io.grpc.ServerCall.Listener<ReqT>	interceptCall(io.grpc.ServerCall<ReqT,RespT> call, io.grpc.Metadata headers, io.grpc.ServerCallHandler<ReqT,RespT> next)
GrpcSecurityHandlerConfig	prototype()	The prototype as it was received when creating this runtime object instance.
GrpcSecurityHandler	rolesAllowed(String... roles)	Require at least one of the specified roles.
GrpcSecurityHandler	skipAudit()	Disable auditing.
GrpcSecurityHandler	skipAuthentication()	Skip authentication.
GrpcSecurityHandler	skipAuthorization()	Skip authorization.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

builder

public static GrpcSecurityHandlerConfig.Builder builder()

Create a new fluent API builder for security handler.

Returns:

a new builder

create

public static GrpcSecurityHandler create(Consumer<GrpcSecurityHandlerConfig.Builder> consumer)

Create a new handler, customizing its configuration.

Parameters:

consumer - configuration consumer

Returns:

configured handler

create

public static GrpcSecurityHandler create(Config config,
 GrpcSecurityHandler defaults)

Create a handler from configuration and defaults.

Parameters:

config - configuration

defaults - defaults

Returns:

configured handler

create

public static GrpcSecurityHandler create(Config config)

Create a handler from configuration.

Parameters:

config - configuration

Returns:

configured handler

prototype

public GrpcSecurityHandlerConfig prototype()

Description copied from interface: RuntimeType.Api

The prototype as it was received when creating this runtime object instance.

Specified by:

prototype in interface RuntimeType.Api<GrpcSecurityHandlerConfig>

Returns:

prototype object used to create this instance

configure

public void configure(GrpcServiceDescriptor.Rules rules)

Description copied from interface: GrpcServiceDescriptor.Configurer

Apply extra configuration to a GrpcServiceDescriptor.Rules.

Specified by:

configure in interface GrpcServiceDescriptor.Configurer

Parameters:

rules - the GrpcServiceDescriptor.Rules to configure

configure

public void configure(GrpcMethodDescriptor.Rules rules)

Description copied from interface: GrpcMethodDescriptor.Configurer

Apply extra configuration to a GrpcMethodDescriptor.Rules.

Specified by:

configure in interface GrpcMethodDescriptor.Configurer

Parameters:

rules - the GrpcMethodDescriptor.Rules to configure

interceptCall

public <ReqT,
RespT>
io.grpc.ServerCall.Listener<ReqT> interceptCall(io.grpc.ServerCall<ReqT,RespT> call,
 io.grpc.Metadata headers,
 io.grpc.ServerCallHandler<ReqT,RespT> next)

Specified by:

interceptCall in interface io.grpc.ServerInterceptor

authenticator

public GrpcSecurityHandler authenticator(String explicitAuthenticator)

Use a named authenticator.

Parameters:

explicitAuthenticator - authenticator name

Returns:

new handler

authorizer

public GrpcSecurityHandler authorizer(String explicitAuthorizer)

Use a named authorizer.

Parameters:

explicitAuthorizer - authorizer name

Returns:

new handler

rolesAllowed

public GrpcSecurityHandler rolesAllowed(String... roles)

Require at least one of the specified roles.

Parameters:

roles - allowed roles

Returns:

new handler

authenticationOptional

public GrpcSecurityHandler authenticationOptional()

Allow anonymous access when authentication fails.

Returns:

new handler

authenticate

public GrpcSecurityHandler authenticate()

Authenticate a request.

Returns:

new handler

skipAuthentication

public GrpcSecurityHandler skipAuthentication()

Skip authentication.

Returns:

new handler

customObject

public GrpcSecurityHandler customObject(Object object)

Register a custom object for security request(s).

Parameters:

object - object expected by a security provider

Returns:

new handler

auditEventType

public GrpcSecurityHandler auditEventType(String eventType)

Override audit event type.

Parameters:

eventType - event type

Returns:

new handler

auditMessageFormat

public GrpcSecurityHandler auditMessageFormat(String messageFormat)

Override audit message format.

Parameters:

messageFormat - message format

Returns:

new handler

authorize

public GrpcSecurityHandler authorize()

Authorize a request.

Returns:

new handler

skipAuthorization

public GrpcSecurityHandler skipAuthorization()

Skip authorization.

Returns:

new handler

audit

public GrpcSecurityHandler audit()

Audit a request.

Returns:

new handler

skipAudit

public GrpcSecurityHandler skipAudit()

Disable auditing.

Returns:

new handler