Interface Summary
Interface	Description
AuditEvent	An audit event to store using an Audit provider.
Entity	Access to message content (entity).
SecurityClient<T extends SecurityResponse>	Common methods for security clients.
SecurityContext	Security context to retrieve security information about current user, either injected or obtained from `Security.contextBuilder(String)` and to handle programmatic security.
SecurityRequest	Common methods for all security requests (authentication, authorization, and identity propagation).

Class Summary
Class	Description
AuditEvent.AuditParam	Named parameters of audit event.
AuthenticationResponse	Response as returned from an authentication provider.
AuthenticationResponse.Builder	Authentication response builder.
AuthorizationResponse	Response from an authorization decision.
AuthorizationResponse.Builder	Builder for custom Authorization responses.
ClassToInstanceStore<T>	Map of classes to their instances.
CompositeProviderSelectionPolicy	A provider selection policy that supports composing multiple providers (current Authentication and Outbound) into a single virtual security provider.
CompositeProviderSelectionPolicy.Builder	Fluent API builder to create `CompositeProviderSelectionPolicy`.
EndpointConfig	Each endpoint can have security configuration either statically declared (e.g.
EndpointConfig.Builder	A fluent API builder for `EndpointConfig`.
Grant	A concept representing anything that can be granted to a subject.
Grant.Builder<T extends Grant.Builder>	A fluent API builder for `Grant`.
NamedProvider<T extends SecurityProvider>	A wrapper for a named security provider.
OutboundSecurityClientBuilder	Builder constructing a security client - extends the `SecurityRequestBuilder` for convenience.
OutboundSecurityResponse	Response of outbound security provider.
OutboundSecurityResponse.Builder	Builder class to build custom identity propagation responses.
Principal	A security principal.
Principal.Builder	A fluent API builder for `Principal`.
ProviderRequest	A request sent to security providers.
QueryParamMapping	Definition of a map to bind a query param to a header.
Role	A security role used in RBAC (role based access control) schemes.
Role.Builder	A fluent API builder for `Role`.
Security	This class is used to "bootstrap" security and integrate it with other frameworks; runtime main entry point is `SecurityContext`.
Security.Builder	Builder pattern class for helping create `Security` in a convenient way.
SecurityClientBuilder<T extends SecurityResponse>	Builder constructing a security client - extends the `SecurityRequestBuilder` for convenience.
SecurityContext.Builder	Fluent API builder for `SecurityContext`.
SecurityEnvironment	Security environment is a set of attributes that are stable for an interaction (usually a request in our case).
SecurityEnvironment.Builder	A fluent API builder for `SecurityEnvironment`.
SecurityRequestBuilder<T extends SecurityRequestBuilder>	Fluent API to build a security request.
SecurityResponse	Response from security provider (and security Module).
SecurityTime	Time used in security, configurable.
SecurityTime.Builder	Fluent API builder for `SecurityTime`.
Subject	A security subject, representing a user or a service.
Subject.Builder	A fluent API builder for `Subject`.

Enum Summary
Enum	Description
AuditEvent.AuditSeverity	Severity of `AuditEvent`.
CompositeProviderFlag	Flag driving resolution of providers.
EndpointConfig.AnnotationScope	Scope of annotations used in applications that integrate security.
SecurityResponse.SecurityStatus	Status of a security operation.
SubjectType	Type of principal.

Exception Summary
Exception Description

SecurityException
Runtime exception used as by this module to be able to identify exception caused by it.

Exception Summary
Exception	Description
SecurityException	Runtime exception used as by this module to be able to identify exception caused by it.

Package io.helidon.security Description

Security

Supports security for web (and possibly other) resources including:

Authentication: authenticate a request
Authorization: authorize a request to a resource, possibly using ABAC or RBAC.
Outbound security: propagating security on outbound calls.
Audit: auditing security operations

And security for any resource type when using programmatic approach. Starting point: Security and SecurityContext. Various security aspects are pluggable, using providers to extend functionality.

Bootstrapping

You have two way to do things with security - either load it from configuration or create a fully configured instance using a builder. Both approaches should allow the same behavior.

To create security using builder:
Security.builder() .build()

Or using configuration:
Security.fromConfig(io.helidon.config.Config)

Configuration example (Google login for users and http-signatures for service):


 security:
   provider-policy:
     # Composite policy when using more than one provider
     type: "COMPOSITE"
     authentication:
       # This is a frontend service - only allow google authentication
       - name: "google-login"
     outbound:
       # Propagate the goole token and this service's identity to backend
       - name: "google-login"
       - name: "http-signatures"
   providers:
     # Google login button support - authentication and identity propagation provider
     - google-login:
         client-id: "your-google-application-id"
     # Attribute based access control authorization provider
     - abac:
     # HTTP signatures - authentication and identity propagation provider (for service identity)
     - http-signatures:
         outbound:
         - name: "backend"
           hosts: ["localhost"]
           signature:
             key-id: "frontend"
             # password may be encrypted when using secure filter for Helidon config
             hmac.secret: "..."