Security
To add security, such as protecting resource methods with authentication, to a MicroProfile application, add the Helidon security integration dependency to your project.
Maven Coordinates
To enable Security, add the following dependency to your project’s pom.xml
(see Managing Dependencies).
<dependency>
<groupId>io.helidon.microprofile</groupId>
<artifactId>helidon-microprofile-security</artifactId>
</dependency>
Securing a JAX-RS Resource
For JAX-RS resources, declare security by adding annotations to a resource class or method.
Protected resource method:
@GET
@io.helidon.security.annotations.Authenticated
@io.helidon.security.annotations.Authorized
// you can also use io.helidon.security.abac.role.RoleValidator.Roles
@RolesAllowed("admin")
public String adminResource(@Context io.helidon.security.SecurityContext securityContext) {
return "you are " + securityContext.userName();
}
Security in Helidon MicroProfile is built on top of Jersey’s and can be
enabled/disabled using the property security.jersey.enabled=[true|false].
Protecting Helidon endpoints
There are several endpoints provided by Helidon services, such as:
- Health endpoint (
/health) - Metrics endpoint (
/metrics) - OpenAPI endpoint (
/openapi) - Configured static content (can use any path configured)
These endpoints are all implemented using Helidon WebServer and as such can be protected only through Security integration with WebServer.
The following section describes configuration of such protection using
configuration files, in this case using a yaml file, as it provides a tree
structure.
Configuring endpoint protection
The configuration is usually placed under security.web-server (this can be
customized in Helidon SE).
The following shows an example we will explain in detail:
If you need to use a properties file, such as microprofile-config.properties,
you can convert the file by using index based numbers for arrays, such as:
security.providers.0.abac=
security.providers.1.provider-key.optional=false
security.web-server.defaults.authenticate=true
security.web-server.paths.0.path=/metrics/*
security.web-server.paths.0.roles-allowed=admin
security.web-server.paths.3.path=/static/*
security.web-server.paths.3.roles-allowed=user,monitor