All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.helidon.security.spi.SynchronousProvider Maven / Gradle / Ivy

There is a newer version: 4.1.4
Show newest version
/*
 * Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package io.helidon.security.spi;

import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;

import io.helidon.security.AuthenticationResponse;
import io.helidon.security.AuthorizationResponse;
import io.helidon.security.EndpointConfig;
import io.helidon.security.OutboundSecurityResponse;
import io.helidon.security.ProviderRequest;
import io.helidon.security.SecurityEnvironment;

/**
 * A provider base for synchronous providers.
 * This class doesn't (intentionally) implement any of the interfaces, as we leave it up to you, provider developer
 * to choose which of them suits your needs.
 * Just override the method for your provider and let the magic begin.
 * As java does not allow for multiple inheritance of classes, this is an easy way to implement methods
 * for all SPI interfaces without forcing each provider to handle all types of security.
 */
public abstract class SynchronousProvider implements SecurityProvider {
    /**
     * Authenticate a request.
     * This may be just resolving headers (tokens) or full authentication (basic auth).
     * Do not throw exception for normal processing (e.g. invalid credentials; you may throw an exception in case of
     * misconfiguration).
     *
     * This method will be invoked for inbound requests ONLY.
     *
     * @param providerRequest context of this security enforcement/validation
     * @return AuthenticationResponse, including the subject for successful authentications
     * @see AuthenticationResponse#success(io.helidon.security.Subject)
     */
    public final CompletionStage authenticate(ProviderRequest providerRequest) {
        return CompletableFuture
                .supplyAsync(() -> syncAuthenticate(providerRequest),
                             providerRequest.securityContext().executorService());
    }

    /**
     * Authorize a request based on configuration.
     *
     * Authorization cannot be optional. If this method is called, it should always attempt to authorize the current request.
     * This method will be invoked for inbound requests ONLY.
     *
     * @param providerRequest context of this security enforcement/validation
     * @return response that either permits, denies or abstains from decision
     * @see AuthorizationResponse#permit()
     */
    public final CompletionStage authorize(ProviderRequest providerRequest) {
        return CompletableFuture.supplyAsync(() -> syncAuthorize(providerRequest),
                                             providerRequest.securityContext().executorService());
    }

    /**
     * Creates necessary updates to headers and entity needed for outbound
     * security (e.g. identity propagation, s2s security etc.).
     * This method will be invoked for outbound requests ONLY.
     *
     * @param providerRequest context with environment, subject(s) etc. that was received
     * @param outboundEnv     environment for outbound call
     * @param outboundConfig  outbound endpoint configuration
     * @return response with generated headers and other possible configuration
     * @see OutboundSecurityResponse#builder()
     */
    public final CompletionStage outboundSecurity(ProviderRequest providerRequest,
                                                                            SecurityEnvironment outboundEnv,
                                                                            EndpointConfig outboundConfig) {
        return CompletableFuture.supplyAsync(() -> syncOutbound(providerRequest, outboundEnv, outboundConfig),
                                             providerRequest.securityContext().executorService());
    }

    /**
     * Synchronous authentication.
     *
     * @param providerRequest context with environment, subject(s) etc.
     * @return authentication response
     * @see AuthenticationProvider#authenticate(ProviderRequest)
     */
    protected AuthenticationResponse syncAuthenticate(ProviderRequest providerRequest) {
        throw new UnsupportedOperationException("You must override syncAuthenticate method in your provider implementation "
                                                        + "to act as an AuthenticationProvider");
    }

    /**
     * Synchronous authorization.
     *
     * @param providerRequest context with environment, subject(s) etc.
     * @return authorization response
     * @see AuthorizationProvider#authorize(ProviderRequest)
     */
    protected AuthorizationResponse syncAuthorize(ProviderRequest providerRequest) {
        throw new UnsupportedOperationException("You must override syncAuthorize method in your provider implementation "
                                                        + "to act as an AuthorizationProvider");
    }

    /**
     * Synchronous outbound security.
     *
     * @param providerRequest        context with environment, subject(s) etc.
     * @param outboundEnv            environment of this outbound call
     * @param outboundEndpointConfig endpoint config for outbound call
     * @return outbound response
     * @see OutboundSecurityProvider#outboundSecurity(ProviderRequest, SecurityEnvironment, EndpointConfig)
     * @see OutboundSecurityProvider#isOutboundSupported(ProviderRequest, SecurityEnvironment, EndpointConfig)
     */
    protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest,
                                                    SecurityEnvironment outboundEnv,
                                                    EndpointConfig outboundEndpointConfig) {
        throw new UnsupportedOperationException("You must override syncOutbound method in your provider implementation "
                                                        + "to act as an OutboundProvider");
    }

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy