Package io.helidon.security

Class Security

java.lang.Object

io.helidon.security.Security

public final class Security
extends Object

This class is used to "bootstrap" security and integrate it with other frameworks; runtime main entry point is SecurityContext.

It is possible to configure it manually using builder() or use fromConfig(Config) to initialize using configuration support.

Security is constructed from various providers SecurityProvider and a selection policy ProviderSelectionPolicy to choose the right one(s) to secure a request.

See Also:

builder(), fromConfig(Config)

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	Security.Builder	Builder pattern class for helping create Security in a convenient way.

Field Summary

Fields

Modifier and Type	Field	Description
static String	HEADER_ORIG_URI	Integration should add a special header to each request.

Method Summary

Modifier and Type	Method	Description
static Security.Builder	builder()	Creates Security.Builder class.
static Security.Builder	builderFromConfig(Config config)	Creates new instance based on configuration values.
SecurityContext.Builder	contextBuilder(String id)	Create a new security context builder to build and instance.
SecurityContext	createContext(String id)	Create a new security context with the defined id and all defaults.
SecurityEnvironment.Builder	environmentBuilder()	Security environment builder, to be used to create environment for evaluating security in integration components.
static Security	fromConfig(Config config)	Creates new instance based on configuration values.
Collection<Class<? extends Annotation>>	getCustomAnnotations()	Get the complete set of annotations expected by (all) security providers configured.
static Set<String>	getRoles(Subject subject)	Get a set of roles the subject has, based on Role.
SecurityTime	getServerTime()	Time that is decisive for the server.
io.opentracing.Tracer	getTracer()	Returns a tracer that can be used to construct new spans.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

HEADER_ORIG_URI

public static final String HEADER_ORIG_URI

Integration should add a special header to each request. The value will contain the original URI as was issued - for HTTP this is the relative URI including query parameters.

See Also:

Constant Field Values

Method Detail

fromConfig

public static Security fromConfig(Config config)

Creates new instance based on configuration values.

Parameters:

config - Config instance

Returns:

new instance.

builderFromConfig

public static Security.Builder builderFromConfig(Config config)

Creates new instance based on configuration values.

Parameters:

config - Config instance

Returns:

new instance.

builder

public static Security.Builder builder()

Creates Security.Builder class.

Returns:

builder

getRoles

public static Set<String> getRoles(Subject subject)

Get a set of roles the subject has, based on Role. This is the set of roles as assumed by authentication provider. Authorization providers may use a different set of roles (and context used authorization provider to check SecurityContext.isUserInRole(String)).

Parameters:

subject - Subject of a user/service

Returns:

set of roles the user/service is in

getServerTime

public SecurityTime getServerTime()

Time that is decisive for the server. This usually returns accessor to current time in a specified time zone.

SecurityTime may be configured to a fixed point in time, intended for testing purposes.

Returns:

time to access current time for security decisions

contextBuilder

public SecurityContext.Builder contextBuilder(String id)

Create a new security context builder to build and instance. This is expected to be invoked for each request/response exchange that may be authenticated, authorized etc. Context holds the security subject... Once your processing is done and you no longer want to keep security context, call SecurityContext.logout() to clear subject and principals.

Parameters:

id - to use when logging, auditing etc. (e.g. some kind of tracing id). If none or empty, security instance UUID will be used (at least to map all audit records for a single instance of security component). If defined, security will prefix this id with security instance UUID

Returns:

new fluent API builder to create a SecurityContext

createContext

public SecurityContext createContext(String id)

Create a new security context with the defined id and all defaults.

Parameters:

id - id of this context

Returns:

new security context

getTracer

public io.opentracing.Tracer getTracer()

Returns a tracer that can be used to construct new spans.

Returns:

Tracer, may be a no-op tracer if tracing is disabled

getCustomAnnotations

public Collection<Class<? extends Annotation>> getCustomAnnotations()

Get the complete set of annotations expected by (all) security providers configured. This is to be used for integration with other frameworks that support annotations.

Returns:

Collection of annotations expected by configured providers.

environmentBuilder

public SecurityEnvironment.Builder environmentBuilder()

Security environment builder, to be used to create environment for evaluating security in integration components.

Returns:

builder to build SecurityEnvironment