Package io.quarkus.vertx.http.security

Interface HttpSecurity

All Known Implementing Classes:
HttpSecurityImpl
@Experimental("This API is currently experimental and might get changed") public interface HttpSecurity
A CDI event that facilitates programmatic path-specific authorization setup. The event can be observed with synchronous observer method like in the example below: 
 
 import jakarta.enterprise.event.Observes;

 public class HttpSecurityConfiguration {

     void observe(@Observes HttpSecurity httpSecurity) {
         httpSecurity
                 .path("/admin/*").basic().roles("admin")
                 .path("/user/*").form().roles("user")
                 .path("/public/*").permit();
         // and:
         httpSecurity.path("/root*").authorization()
                 .policy(identity -> "root".equals(identity.getPrincipal().getName()));
     }
 }
If multiple path-patterns matches an incoming request path, the most specific pattern wins. Expected behavior for the programmatic configuration is very much same as for the HTTP permissions specified in the 'application.properties' file. For example following configuration properties: 
 
 quarkus.http.auth.permission.deny1.paths=/forbidden
 quarkus.http.auth.permission.deny1.policy=deny
can be also written as: 
 
 httpSecurity.path("/forbidden").authorization().deny();
Programmatic setup for the management interface is currently not supported. This CDI event is fired when the runtime configuration is ready, therefore you can inject configuration properties like this: 
 
 import jakarta.enterprise.event.Observes;

 import io.quarkus.vertx.http.security.HttpSecurity;
 import org.eclipse.microprofile.config.inject.ConfigProperty;

 public class HttpSecurityConfiguration {

     void configure(@Observes HttpSecurity httpSecurity, @ConfigProperty(name = "admin1-role") String admin1) {
         httpSecurity.rolesMapping("admin", admin1);
     }
 }

  • Method Details

    • mechanism

      HttpSecurity mechanism(HttpAuthenticationMechanism mechanism)
      Registers given HttpAuthenticationMechanism in addition to all other global authentication mechanisms.
      Parameters:
      mechanism - HttpAuthenticationMechanism
      Returns:
      HttpSecurity

    • basic

      HttpSecurity basic()
      Registers the Basic authentication mechanism in addition to all other global authentication mechanisms. This method is a shortcut for mechanism(Basic.create()).
      Returns:
      HttpSecurity

    • basic

      HttpSecurity basic(String authenticationRealm)
      Registers the Basic authentication mechanism in addition to all other global authentication mechanisms. This method is a shortcut for mechanism(Basic.realm(authenticationRealm)).
      Parameters:
      authenticationRealm - see the 'quarkus.http.auth.realm' configuration property
      Returns:
      HttpSecurity

    • mTLS

      HttpSecurity mTLS()
      Registers the mutual TLS client authentication mechanism in addition to all other global authentication mechanisms. This method is a shortcut for mTLS(ClientAuth.REQUIRED), therefore the client authentication is required.
      Returns:
      HttpSecurity
      See Also:

    • mTLS

      HttpSecurity mTLS(String tlsConfigurationName, io.quarkus.tls.TlsConfiguration tlsConfiguration)
      Registers the mutual TLS client authentication mechanism in addition to all other global authentication mechanisms. The TLS configuration is registered against the registry and is used by the HTTP server for the TLS communication. This method is a shortcut for the httpSecurity.mTLS(MTLS.required(tlsConfigurationName, tlsConfiguration)), therefore the client authentication is required.
      Parameters:
      tlsConfigurationName - the name of the configuration, cannot be null, cannot be <default>
      tlsConfiguration - the configuration cannot be null
      Returns:
      HttpSecurity
      See Also:

    • mTLS

      HttpSecurity mTLS(MtlsAuthenticationMechanism mTLSAuthenticationMechanism)
      Registers the mutual TLS client authentication mechanism in addition to all other global authentication mechanisms.
      Parameters:
      mTLSAuthenticationMechanism - MtlsAuthenticationMechanism build with the MTLS API
      Returns:
      HttpSecurity

    • mTLS

      HttpSecurity mTLS(io.vertx.core.http.ClientAuth tlsClientAuth)
      Registers the mutual TLS client authentication mechanism in addition to all other global authentication mechanisms. If you need to define the client certificate attribute value to role mappings, please use the MTLS builder.
      Parameters:
      tlsClientAuth - either ClientAuth.REQUEST or ClientAuth.REQUIRED; for more information, see the VertxHttpBuildTimeConfig.tlsClientAuth() configuration property
      Returns:
      HttpSecurity

    • path

      HttpSecurity.HttpPermission path(String... paths)
      Creates HttpSecurity.HttpPermission in addition to the permissions configured in the 'application.properties' file.
      Parameters:
      paths - path patterns; this is programmatic analogy to the 'quarkus.http.auth.permission."permissions".paths' configuration property, same rules apply
      Returns:
      new HttpSecurity.HttpPermission

    • get

      HttpSecurity.HttpPermission get(String... paths)
      This method is a shortcut for path(path).methods("GET").
      See Also:

    • put

      HttpSecurity.HttpPermission put(String... paths)
      This method is a shortcut for path(path).methods("PUT").
      See Also:

    • post

      HttpSecurity.HttpPermission post(String... paths)
      This method is a shortcut for path(path).methods("POST").
      See Also:

    • delete

      HttpSecurity.HttpPermission delete(String... paths)
      This method is a shortcut for path(path).methods("DELETE").
      See Also:

    • rolesMapping

      HttpSecurity rolesMapping(Map<String,List<String>> roleToRoles)
      Map the `SecurityIdentity` roles to deployment specific roles and add the matching roles to `SecurityIdentity`. Programmatic analogy to the 'quarkus.http.auth.roles-mapping."role-name"' configuration property. If the configuration property is already set, invocation of this method fails as both methods are mutually exclusive.

    • rolesMapping

      HttpSecurity rolesMapping(String sourceRole, List<String> targetRoles)
      See Also:

    • rolesMapping

      HttpSecurity rolesMapping(String sourceRole, String targetRole)
      See Also: