• Home
• io.helidon
• helidon-docs
• 4.0.11
• source code
• io_helidon_security_providers_jwt_JwtProvider.adoc

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

config.io_helidon_security_providers_jwt_JwtProvider.adoc Maven / Gradle / Ivy

///////////////////////////////////////////////////////////////////////////////

    Copyright (c) 2023 Oracle and/or its affiliates.

    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at

        http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.

///////////////////////////////////////////////////////////////////////////////

ifndef::rootdir[:rootdir: {docdir}/..]
:description: Configuration of io.helidon.security.providers.jwt.JwtProvider
:keywords: helidon, config, io.helidon.security.providers.jwt.JwtProvider
:basic-table-intro: The table below lists the configuration keys that configure io.helidon.security.providers.jwt.JwtProvider
include::{rootdir}/includes/attributes.adoc[]

= JwtProvider (security.providers.jwt) Configuration

// tag::config[]

JWT authentication provider


Type: link:{javadoc-base-url}/io.helidon.security.providers.jwt/io/helidon/security/providers/jwt/JwtProvider.html[io.helidon.security.providers.jwt.JwtProvider]


[source,text]
.Config key
----
jwt
----


This type provides the following service implementations:

- `io.helidon.security.spi.SecurityProvider`
- `io.helidon.security.spi.AuthenticationProvider`


== Configuration options



.Optional configuration options
[cols="3,3a,2,5a"]

|===
|key |type |default value |description

|`allow-impersonation` |boolean |`false` |Whether to allow impersonation by explicitly overriding
 username from outbound requests using io.helidon.security.EndpointConfig#PROPERTY_OUTBOUND_ID
 property.
 By default this is not allowed and identity can only be propagated.
|`allow-unsigned` |boolean |`false` |Configure support for unsigned JWT.
 If this is set to `true` any JWT that has algorithm
 set to `none` and no `kid` defined will be accepted.
 Note that this has serious security impact - if JWT can be sent
  from a third party, this allows the third party to send ANY JWT
  and it would be accpted as valid.
|`atn-token.handler` |xref:{rootdir}/config/io_helidon_security_util_TokenHandler.adoc[TokenHandler] |{nbsp} |Token handler to extract username from request.
|`atn-token.jwk.resource` |xref:{rootdir}/config/io_helidon_common_configurable_Resource.adoc[Resource] |{nbsp} |JWK resource used to verify JWTs created by other parties.
|`atn-token.jwt-audience` |string |{nbsp} |Audience expected in inbound JWTs.
|`atn-token.verify-signature` |boolean |`true` |Configure whether to verify signatures.
 Signatures verification is enabled by default. You can configure the provider
 not to verify signatures.

 Make sure your service is properly secured on network level and only
 accessible from a secure endpoint that provides the JWTs when signature verification
 is disabled. If signature verification is disabled, this service will accept ANY JWT
|`authenticate` |boolean |`true` |Whether to authenticate requests.
|`optional` |boolean |`false` |Whether authentication is required.
 By default, request will fail if the username cannot be extracted.
 If set to false, request will process and this provider will abstain.
|`principal-type` |SubjectType (USER, SERVICE) |`USER` |Principal type this provider extracts (and also propagates).
|`propagate` |boolean |`true` |Whether to propagate identity.
|`sign-token` |xref:{rootdir}/config/io_helidon_security_providers_common_OutboundConfig.adoc[OutboundConfig] |{nbsp} |Configuration of outbound rules.
|`sign-token.jwk.resource` |xref:{rootdir}/config/io_helidon_common_configurable_Resource.adoc[Resource] |{nbsp} |JWK resource used to sign JWTs created by us.
|`sign-token.jwt-issuer` |string |{nbsp} |Issuer used to create new JWTs.
|`use-jwt-groups` |boolean |`true` |Claim `groups` from JWT will be used to automatically add
  groups to current subject (may be used with jakarta.annotation.security.RolesAllowed annotation).

|===

// end::config[]