search

helidon-io / helidon

Java libraries for writing microservices
https://helidon.io
Apache License 2.0
3.44k stars 562 forks source link

Support for selection of security providers based on request #2294

Open FWiesner opened 3 years ago

FWiesner commented 3 years ago

Environment Details

Problem Description

When building a multi-tenanted application with Helidon, you get into the situation that the Oauth2/OIDC authorization server per tenancy could be different. You can already have multiple security providers, but as of today there are two issues:

  1. you cannot select the specific security provider to perform security checks from evaluating a path parameter, so you'd have to clone the entrypoint method/rule per security provider
  2. registering and de-registering of providers is not possible at runtime

It would be highly desirable if this could be added to Helidon 2 with support for MP as well as SE.

Note: in our case this also means we would need the same support for the role-based access support that is added for Oracle Identity Cloud Service.

jmntn2000 commented 2 years ago

This is currently possible. Here is how we accomplish it:

.any(req,resp) -> {
     String client = get client id from header hostname etc.

     WebSecurity.secure().authenticator(client).authenticate().accept(req,resp);
}

This of course assumes you have already registered multiple providers using client as the names.

tomas-langer commented 2 years ago

This requires major changes in Security API, which we are preparing for 4.0