private EndpointConfig(Builder builder) { this.annotations = Collections.unmodifiableMap(new EnumMap<>(builder.annotations)); this.attributes = BasicAttributes.create(builder.attributes); this.customObjects = new ClassToInstanceStore<>(); this.customObjects.putAll(builder.customObjects); this.configMap = new HashMap<>(builder.configMap); }
/** * Add a token instance (such as JWT instance). May contain more than one instance (e.g. for JWT, we may send both * SignedJwt and Jwt). * Object is registered under the class it provides through {@link Object#getClass()}. * * @param token instance * @return updated builder instance */ public Builder addToken(Object token) { this.tokens.putInstance(token); return this; }
/** * Get public credential for the specified type. * * @param credential credential type's class * @param <T> credential type * @return optional of public credential of the type defined */ public <T> Optional<T> publicCredential(Class<T> credential) { return publicCredentials.getInstance(credential); }
/** * Create a new instance based on explicit instances. * This method creates a MUTABLE instance (contrary to such methods on java collections). * * @param instances instances to add to the new store * @param <T> type of the store * @return new store with instances inserted as when calling {@link #putInstance(Object)} for each of them */ @SafeVarargs public static <T> ClassToInstanceStore<T> create(T... instances) { ClassToInstanceStore<T> result = new ClassToInstanceStore<>(); for (T instance : instances) { result.putInstance(instance); } return result; }
private AnalyzerResponse(Builder builder) { this.registry.putAll(builder.registry); this.parent = builder.parent; this.atnResponse = builder.atnResponse; this.atzResponse = builder.atzResponse; this.authenticator = builder.authenticator; this.authorizer = builder.authorizer; }
/** * Will add all principals and credentials from another subject to this subject, will not replace {@link #principals()}. * * @param another the other subject to combine with this subject * @return a new subject that is a combination of this subject and the other subject, this subject is more significant */ public Subject combine(Subject another) { Builder builder = Subject.builder() .addPrincipal(this.principal); // add this subject principals.forEach(builder::addPrincipal); privateCredentials.keys().forEach(key -> builder.addPrivateCredential(key, privateCredentials.getInstance(key))); publicCredentials.keys().forEach(key -> builder.addPublicCredential(key, publicCredentials.getInstance(key))); grants.forEach(builder::addGrant); attributes.abacAttributeNames().forEach(key -> builder.addAttribute(key, attributes.abacAttribute(key))); // add the other subject another.principals.forEach(builder::addPrincipal); another.privateCredentials.keys() .forEach(key -> builder.addPrivateCredential(key, another.privateCredentials.getInstance(key))); another.publicCredentials.keys() .forEach(key -> builder.addPublicCredential(key, another.publicCredentials.getInstance(key))); another.grants.forEach(builder::addGrant); another.attributes.abacAttributeNames().forEach(key -> builder.addAttribute(key, another.attributes.abacAttribute(key))); return builder.build(); }
.derive() .configMap(configMap) .customObjects(customObjects.orElse(new ClassToInstanceStore<>())) .build());
/** * Get all classes of custom endpoint configuration object registered. * * @return classes that are keys in the custom object store */ public Collection<Class<?>> instanceKeys() { return customObjects.keys(); }
/** * Create a java {@link javax.security.auth.Subject} from this subject. * * @return an instance of Subject */ public javax.security.auth.Subject toJavaSubject() { Set<java.security.Principal> principals = new LinkedHashSet<>(this.principals); for (String key : attributes.abacAttributeNames()) { OptionalHelper.from(attributes.abacAttribute(key)) .stream() .filter(prop -> prop instanceof Principal) .map(Principal.class::cast) .forEach(principals::add); } principals.addAll(grants); Set<Object> pubCredentials = new HashSet<>(publicCredentials.values()); Set<Object> privCredentials = new HashSet<>(privateCredentials.values()); return new javax.security.auth.Subject( true, principals, pubCredentials, privCredentials ); }
/** * Provide custom object map to be sent to security providers. * * @param customObjects Class to its instance map of custom objects * @return Updated builder instance * @see #customObject(Class, Object) */ public Builder customObjects(ClassToInstanceStore<Object> customObjects) { this.customObjects.putAll(customObjects); return this; }
/** * Register a custom object for security request(s). * This creates a hard dependency on a specific security provider, so use with care. * * @param object An object expected by security provider * @return updated builder instance */ Builder customObject(Object object) { OptionalHelper.from(customObjects) .ifPresentOrElse(store -> store.putInstance(object), () -> { ClassToInstanceStore<Object> ctis = new ClassToInstanceStore<>(); ctis.putInstance(object); customObjects = Optional.of(ctis); }); return this; }
.derive() .configMap(configMap) .customObjects(customObjects.orElse(new ClassToInstanceStore<>())) .build());
private Builder customObjects(ClassToInstanceStore<Object> store) { OptionalHelper.from(customObjects) .ifPresentOrElse(myStore -> myStore.putAll(store), () -> { ClassToInstanceStore<Object> ctis = new ClassToInstanceStore<>(); ctis.putAll(store); this.customObjects = Optional.of(ctis); }); return this; }
private TokenCredential(Builder builder) { this.token = builder.token; this.issuer = Optional.ofNullable(builder.issuer); this.issueTime = Optional.ofNullable(builder.issueTime); this.expTime = Optional.ofNullable(builder.expTime); this.tokens.putAll(builder.tokens); }
/** * Add a public credential to this subject to be bound under its class. * * @param instance instance of the credential, the class it will be bound to is obtained through {@link Object#getClass() * instance.getClass()} * @return updated builder instance */ public Builder addPublicCredential(Object instance) { publicCredentials.putInstance(instance); return this; }
/** * Register a custom object for security request(s). * This creates a hard dependency on a specific security provider, so use with care. * * @param object An object expected by security provider * @return updated builder instance */ Builder customObject(Object object) { OptionalHelper.from(customObjects) .ifPresentOrElse(store -> store.putInstance(object), () -> { ClassToInstanceStore<Object> ctis = new ClassToInstanceStore<>(); ctis.putInstance(object); customObjects = Optional.of(ctis); }); return this; }
/** * Get private credential for the specified type. * * @param credential credential type's class * @param <T> credential type * @return optional of private credential of the type defined */ public <T> Optional<T> privateCredential(Class<T> credential) { return privateCredentials.getInstance(credential); }
private SecurityHandler(Builder builder) { // must copy values to be safely immutable this.rolesAllowed = builder.rolesAllowed.flatMap(strings -> { Set<String> newRoles = new HashSet<>(strings); return Optional.of(newRoles); }); // must copy values to be safely immutable this.customObjects = builder.customObjects.flatMap(store -> { ClassToInstanceStore<Object> ctis = new ClassToInstanceStore<>(); ctis.putAll(store); return Optional.of(ctis); }); config = builder.config; explicitAuthenticator = builder.explicitAuthenticator; explicitAuthorizer = builder.explicitAuthorizer; authenticate = builder.authenticate; authenticationOptional = builder.authenticationOptional; audited = builder.audited; auditEventType = builder.auditEventType; auditMessageFormat = builder.auditMessageFormat; authorize = builder.authorize; combined = builder.combined; queryParamHandlers.addAll(builder.queryParamHandlers); config.ifPresent(conf -> conf.asNodeList().get().forEach(node -> configMap.put(node.name(), node))); }
private Subject(Builder builder) { BasicAttributes properties = BasicAttributes.create(builder.properties); this.principal = builder.principal; this.principals.addAll(builder.principals); builder.grants.forEach(grant -> { grants.add(grant); grantsByType.computeIfAbsent(grant.type(), key -> new LinkedList<>()).add(grant); }); properties.put("principal", principal); properties.put("grant", grants); // for each grant type, add grant list grantsByType.forEach(properties::put); this.attributes = properties; this.privateCredentials.putAll(builder.privateCredentials); this.publicCredentials.putAll(builder.publicCredentials); }
/** * Add a private credential to this subject. * Only one instance of a type may be added to a subject. * * @param className class of the credential (e.g. X509 certificate) * @param instance instance of the credential * @return updated builder instance */ public Builder addPrivateCredential(Class<?> className, Object instance) { privateCredentials.putInstance(className, instance); return this; }