Package io.quarkus.vertx.http.security

Class MTLS.Builder

java.lang.Object

io.quarkus.vertx.http.security.MTLS.Builder

Enclosing interface:

MTLS

public static final class MTLS.Builder
extends Object

The mutual TLS client authentication mechanism builder.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	MTLS.Builder.MTLSConfig

Constructor Summary

Constructors

Constructor	Description
Builder()

Method Summary

Modifier and Type	Method	Description
MTLS.Builder	authentication(io.vertx.core.http.ClientAuth clientAuthentication)	When the mutual TLS client authentication is configured with this builder, the client authentication is ClientAuth.REQUIRED for all requests by default.
MtlsAuthenticationMechanism	build()
MTLS.Builder	certificateAttribute(String certificateAttribute)	Selects a certificate attribute which values are mapped to the SecurityIdentity roles.
MTLS.Builder	certificateToRolesMapper(Function<X509Certificate,Set<String>> certificateToRolesMapper)	Check the values of different client certificate attributes and map them to the SecurityIdentity roles.
MTLS.Builder	rolesMapping(String certificateAttributeValue, String... roles)	This is a shortcut method for rolesMapping(String, Set.of(roles)).
MTLS.Builder	rolesMapping(String certificateAttributeValue, Set<String> roles)	Adds a certificate attribute value to roles mapping.
MTLS.Builder	tls(String tlsConfigurationName)	Configures the name of the TLS configuration used by the HTTP server for the TLS communication.
MTLS.Builder	tls(String tlsConfigurationName, io.quarkus.tls.TlsConfiguration tlsConfiguration)	Registers a TLS configuration into the registry and configures the TLS configuration used by the HTTP server for the TLS communication.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Builder

public Builder()

Method Details

tls

public MTLS.Builder tls(String tlsConfigurationName)

Configures the name of the TLS configuration used by the HTTP server for the TLS communication. Please note that this method is mutually exclusive with the 'quarkus.http.tls-configuration-name' configuration property.

Parameters:

tlsConfigurationName - the name of the configuration, cannot be <default>

Returns:

Builder

See Also:

• for more information

tls

public MTLS.Builder tls(String tlsConfigurationName,
 io.quarkus.tls.TlsConfiguration tlsConfiguration)

Registers a TLS configuration into the registry and configures the TLS configuration used by the HTTP server for the TLS communication. Please note that this method is mutually exclusive with the 'quarkus.http.tls-configuration-name' configuration property and if the configuration with this name is already registered in the TLS registry, validation will fail.

The passed TLS configuration is not validated, so it's up to the caller to ensure the configuration is correct.

Parameters:

tlsConfigurationName - the name of the configuration, cannot be null, cannot be <default>

tlsConfiguration - the configuration cannot be null

Returns:

Builder

See Also:

• TlsConfigurationRegistry.register(String, TlsConfiguration)
• VertxHttpConfig.tlsConfigurationName()

authentication

public MTLS.Builder authentication(io.vertx.core.http.ClientAuth clientAuthentication)

When the mutual TLS client authentication is configured with this builder, the client authentication is ClientAuth.REQUIRED for all requests by default. If you configure ClientAuth.REQUEST, the client authentication is accepted if presented by a client. Use the ClientAuth.REQUEST option if the client authentication is only required for certain routes and secure these routes with HTTP permissions or standard security annotations.

Parameters:

clientAuthentication - ClientAuth.REQUEST or ClientAuth.REQUIRED

Returns:

Builder

See Also:

• for more information

certificateAttribute

public MTLS.Builder certificateAttribute(String certificateAttribute)

Selects a certificate attribute which values are mapped to the SecurityIdentity roles. This attribute will be used for mappings added with the rolesMapping(String, Set) method. The default attribute value is configured to the default value of the AuthRuntimeConfig.certificateRoleAttribute() configuration property.

Parameters:

certificateAttribute - certificate attribute; see AuthRuntimeConfig.certificateRoleAttribute() for information about supported values

Returns:

CertificateRolesBuilder

rolesMapping

public MTLS.Builder rolesMapping(String certificateAttributeValue,
 String... roles)

This is a shortcut method for rolesMapping(String, Set.of(roles)).

Returns:

Builder

See Also:

• for more information

rolesMapping

public MTLS.Builder rolesMapping(String certificateAttributeValue,
 Set<String> roles)

Adds a certificate attribute value to roles mapping. The certificate attribute itself can be configured with the certificateAttribute method.

Parameters:

certificateAttributeValue - AuthRuntimeConfig.certificateRoleAttribute() values that will be mapped to the SecurityIdentity roles

roles - SecurityIdentity.getRoles()

Returns:

CertificateRolesBuilder

certificateToRolesMapper

public MTLS.Builder certificateToRolesMapper(Function<X509Certificate,Set<String>> certificateToRolesMapper)

Check the values of different client certificate attributes and map them to the SecurityIdentity roles.

Parameters:

certificateToRolesMapper - a client certificate to the SecurityIdentity roles mapper

Returns:

Builder

build

public MtlsAuthenticationMechanism build()

Returns:

MtlsAuthenticationMechanism that can be registered with the HttpSecurity.mTLS(MtlsAuthenticationMechanism) method.