Package io.quarkus.vertx.http.runtime.security

Class MtlsAuthenticationMechanism

java.lang.Object
io.quarkus.vertx.http.runtime.security.MtlsAuthenticationMechanism
All Implemented Interfaces:
HttpAuthenticationMechanism
public final class MtlsAuthenticationMechanism extends Object implements HttpAuthenticationMechanism
The authentication handler responsible for mTLS client authentication.

  • Field Details

    • INCLUSIVE_AUTHENTICATION_PRIORITY

      public static final int INCLUSIVE_AUTHENTICATION_PRIORITY
      See Also:

  • Constructor Details

    • MtlsAuthenticationMechanism

      @Inject MtlsAuthenticationMechanism(boolean inclusiveAuthentication)

    • MtlsAuthenticationMechanism

      public MtlsAuthenticationMechanism(MTLS.Builder.MTLSConfig mtlsConfig)

  • Method Details

    • authenticate

      public io.smallrye.mutiny.Uni<io.quarkus.security.identity.SecurityIdentity> authenticate(io.vertx.ext.web.RoutingContext context, io.quarkus.security.identity.IdentityProviderManager identityProviderManager)
      Specified by:
      authenticate in interface HttpAuthenticationMechanism

    • getChallenge

      public io.smallrye.mutiny.Uni<ChallengeData> getChallenge(io.vertx.ext.web.RoutingContext context)
      Specified by:
      getChallenge in interface HttpAuthenticationMechanism

    • getCredentialTypes

      public Set<Class<? extends io.quarkus.security.identity.request.AuthenticationRequest>> getCredentialTypes()
      Description copied from interface: HttpAuthenticationMechanism
      If this mechanism delegates authentication to the IdentityProviderManager using the IdentityProviderManager.authenticate(AuthenticationRequest) call, then the mechanism must provide supported AuthenticationRequest request types. It allows Quarkus to validate that one or more IdentityProvider providers with matching supported IdentityProvider.getRequestType() request types exist and fail otherwise.
      Specified by:
      getCredentialTypes in interface HttpAuthenticationMechanism
      Returns:
      required credential types

    • getCredentialTransport

      public io.smallrye.mutiny.Uni<HttpCredentialTransport> getCredentialTransport(io.vertx.ext.web.RoutingContext context)
      Description copied from interface: HttpAuthenticationMechanism
      The credential transport, used for finding the best candidate for authenticating and challenging when more than one mechanism is installed.

      This method must be implemented if either HttpAuthenticationMechanism.value() or an HTTP security policy's `auth-mechanism` property has to be set to find a matching HttpAuthenticationMechanism that must secure a specific REST resource method or request path.

      May be Uni with null item if this mechanism cannot interfere with other mechanisms.

      Specified by:
      getCredentialTransport in interface HttpAuthenticationMechanism

    • getPriority

      public int getPriority()
      Description copied from interface: HttpAuthenticationMechanism
      Returns a priority which determines in which order HttpAuthenticationMechanisms handle the authentication and challenge requests when it is not possible to select the best candidate authentication mechanism based on the request credentials or path specific configuration. Multiple mechanisms are sorted in descending order, so the highest priority gets the first chance to send a challenge. The default priority is equal to 1000.
      Specified by:
      getPriority in interface HttpAuthenticationMechanism
      Returns:
      priority

    • getTlsClientAuth

      io.vertx.core.http.ClientAuth getTlsClientAuth()

    • setCertificateToRolesMapper

      void setCertificateToRolesMapper(Function<X509Certificate,Set<String>> certificateToRoles)

    • isCertificateToRolesMapperSet

      boolean isCertificateToRolesMapperSet()

    • getHttpServerTlsConfigName

      Optional<String> getHttpServerTlsConfigName()

    • getInitialTlsConfiguration

      io.quarkus.tls.TlsConfiguration getInitialTlsConfiguration()