Package io.quarkus.vertx.http.runtime

Class AuthRuntimeConfig

java.lang.Object

io.quarkus.vertx.http.runtime.AuthRuntimeConfig

public class AuthRuntimeConfig
extends Object

Authentication mechanism information used for configuring HTTP auth instance for the deployment.

Field Summary

Fields

Modifier and Type	Field	Description
String	certificateRoleAttribute	Client certificate attribute whose values are going to be mapped to the 'SecurityIdentity' roles according to the roles mapping specified in the certificate properties file.
Optional<Path>	certificateRoleProperties	Properties file containing the client certificate attribute value to role mappings.
FormAuthRuntimeConfig	form	Form Auth config
Map<String,PolicyMappingConfig>	permissions	The HTTP permissions
Optional<String>	realm	The authentication realm
Map<String,PolicyConfig>	rolePolicy	The HTTP role based policies
Map<String,List<String>>	rolesMapping	Map the `SecurityIdentity` roles to deployment specific roles and add the matching roles to `SecurityIdentity`.

Constructor Summary

Constructors

Constructor	Description
AuthRuntimeConfig()

Method Summary

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

permissions

@ConfigItem(name="permission")
public Map<String,PolicyMappingConfig> permissions

The HTTP permissions

rolePolicy

@ConfigItem(name="policy")
public Map<String,PolicyConfig> rolePolicy

The HTTP role based policies

rolesMapping

@ConfigItem
@ConfigDocMapKey("role-name")
public Map<String,List<String>> rolesMapping

Map the `SecurityIdentity` roles to deployment specific roles and add the matching roles to `SecurityIdentity`.

For example, if `SecurityIdentity` has a `user` role and the endpoint is secured with a 'UserRole' role, use this property to map the `user` role to the `UserRole` role, and have `SecurityIdentity` to have both `user` and `UserRole` roles.

certificateRoleAttribute

@ConfigItem(defaultValue="CN")
public String certificateRoleAttribute

Client certificate attribute whose values are going to be mapped to the 'SecurityIdentity' roles according to the roles mapping specified in the certificate properties file. The attribute must be either one of the Relative Distinguished Names (RDNs) or Subject Alternative Names (SANs). By default, the Common Name (CN) attribute value is used for roles mapping. Supported values are:

• RDN type - Distinguished Name field. For example 'CN' represents Common Name field. Multivalued RNDs and multiple instances of the same attributes are currently not supported.
• 'SAN_RFC822' - Subject Alternative Name field RFC 822 Name.
• 'SAN_URI' - Subject Alternative Name field Uniform Resource Identifier (URI).
• 'SAN_ANY' - Subject Alternative Name field Other Name. Please note that only simple case of UTF8 identifier mapping is supported. For example, you can map 'other-identifier' to the SecurityIdentity roles. If you use 'openssl' tool, supported Other name definition would look like this: subjectAltName=otherName:1.2.3.4;UTF8:other-identifier

certificateRoleProperties

@ConfigItem
public Optional<Path> certificateRoleProperties

Properties file containing the client certificate attribute value to role mappings. Use it only if the mTLS authentication mechanism is enabled with either `quarkus.http.ssl.client-auth=required` or `quarkus.http.ssl.client-auth=request`.

Properties file is expected to have the `CN_VALUE=role1,role,...,roleN` format and should be encoded using UTF-8.

realm

@ConfigItem
public Optional<String> realm

The authentication realm

form

@ConfigItem
public FormAuthRuntimeConfig form

Form Auth config

Constructor Details

AuthRuntimeConfig

public AuthRuntimeConfig()