All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.telicent.smart.caches.configuration.auth.AuthConstants Maven / Gradle / Ivy

The newest version!
/**
 * Copyright (C) Telicent Ltd
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package io.telicent.smart.caches.configuration.auth;

import io.telicent.servlet.auth.jwt.JwtHttpConstants;
import io.telicent.servlet.auth.jwt.verifier.aws.AwsConstants;
import org.apache.commons.lang3.StringUtils;

/**
 * Provides constants related to configuring authentication
 */
public class AuthConstants {

    /**
     * Private constructor prevents instantiation
     */
    private AuthConstants() {
    }

    /**
     * Environment variable that specifies the User Attributes service URL used to obtain attributes for an
     * authenticated user
     */
    public static final String ENV_USER_ATTRIBUTES_URL = "USER_ATTRIBUTES_URL";

    /**
     * Environment variable that specifies the Attributes Hierarchy service URL to obtain attributes hierarchies from,
     * attribute hierarchies are used in evaluating whether user attributes meet the security labels on data
     */
    public static final String ENV_ATTRIBUTE_HIERARCHY_URL = "ATTRIBUTE_HIERARCHY_URL";

    /**
     * Environment variable that specifies the JSON Web Key Set (JWKS) URL to use to obtain the public keys for
     * verifying JSON Web Tokens (JWTs)
     */
    public static final String ENV_JWKS_URL = "JWKS_URL";

    /**
     * Special value used for the {@value #ENV_JWKS_URL} environment variable to indicate that authentication is
     * disabled.
     */
    public static final String AUTH_DISABLED = "disabled";

    /**
     * Special value used for the {@value #ENV_JWKS_URL} environment variable to indicate that authentication is in
     * development mode.  When in this mode the provided bearer tokens are not JSON Web Tokens (JWTs) but instead are
     * simply base64 encoded email addresses.
     *
     * @deprecated Development authentication mode no longer supported
     */
    @Deprecated(forRemoval = false)
    public static final String AUTH_DEVELOPMENT = "development";

    /**
     * Prefix for special values to the {@value #ENV_JWKS_URL} environment variable to indicate that authentication is
     * using AWS ELB where the rest of the value will indicate the AWS region we are deployed in
     */
    public static final String AUTH_PREFIX_AWS = "aws:";

    /**
     * The default set of Authentication header names from which a JWT may be extracted
     */
    public static final String DEFAULT_AUTH_HEADER_NAMES =
            StringUtils.joinWith(",", JwtHttpConstants.HEADER_AUTHORIZATION, AwsConstants.HEADER_DATA);
    /**
     * The default set of Authentication header prefixes used in conjunction with the header names to control how JWTs
     * are extracted from headers
     *
     * @see #DEFAULT_AUTH_HEADER_NAMES
     */
    public static final String DEFAULT_AUTH_HEADER_PREFIXES =
            StringUtils.joinWith(",", JwtHttpConstants.AUTH_SCHEME_BEARER, "");

    /**
     * The default set of JWT claims that will be inspected to find the username
     */
    public static final String DEFAULT_USERNAME_CLAIMS = StringUtils.joinWith(",","email", "username");

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy