Class AuthConfig.Builder

java.lang.Object

com.loomcache.common.config.AuthConfig.Builder

Enclosing class:

AuthConfig

public static final class AuthConfig.Builder
extends Object

Builder for AuthConfig instances.

Constructor Summary

Constructors

Constructor	Description
Builder()

Method Summary

Modifier and Type	Method	Description
AuthConfig.Builder	addAdminRole(String name)	Add an admin role with full permissions.
AuthConfig.Builder	addCertPermission(String cnPattern, String permissionLevel)	Add a certificate CN pattern to permission level mapping.
AuthConfig.Builder	addJaasLoginModule(String className)
AuthConfig.Builder	addJaasLoginModule(String className, AuthConfig.LoginModuleControlFlag controlFlag, Map<String,String> options)
AuthConfig.Builder	addJaasLoginModule(String className, String controlFlag, Map<String,String> options)
AuthConfig.Builder	addJaasRolePrincipalClassName(String className)
AuthConfig.Builder	addRole(String name, String... permissions)	Add a role with its permissions.
AuthConfig.Builder	addRole(String name, Set<String> permissions)	Add a role with its permissions.
AuthConfig.Builder	addRole(String name, Set<String> permissions, Set<AuthConfig.PermissionConfig> permissionConfigs)	Add a role with command permissions and fine-grained scoped permissions.
AuthConfig.Builder	addRole(String name, Set<String> permissions, Set<AuthConfig.PermissionConfig> permissionConfigs, Set<AuthConfig.EndpointConfig> endpoints)	Add a role with command permissions, fine-grained scoped permissions, and endpoints.
AuthConfig.Builder	addRoleEndpoint(String name, String endpoint)	Add a CIDR-bounded endpoint restriction to a role.
AuthConfig.Builder	addRoleEndpoints(String name, Set<String> endpoints)	Add CIDR-bounded endpoint restrictions to a role, creating the role if needed.
AuthConfig.Builder	addRolePermissionConfig(String name, AuthConfig.PermissionConfig permissionConfig)	Add a fine-grained permission config to a role, creating the role if needed.
AuthConfig.Builder	addToken(byte[] token, String username, Set<String> roleNames)
AuthConfig.Builder	addToken(String token, String username, Set<String> roleNames)
AuthConfig.Builder	addTokenHash(String sha256Hex, String username, Set<String> roleNames)
AuthConfig.Builder	addTrustedGatewayAddress(String address)	Add a trusted gateway source address.
AuthConfig	build()	Build the AuthConfig instance.
AuthConfig.Builder	enabled(boolean enabled)	Enable or disable authorization.
AuthConfig.Builder	gatewayTrust(boolean trust)	Set whether to trust gateway-forwarded headers.
AuthConfig.Builder	jaasEnabled(boolean enabled)
AuthConfig.Builder	jaasLoginContextName(String loginContextName)
AuthConfig.Builder	jaasRolePrincipalClassNames(Set<String> classNames)
AuthConfig.Builder	kerberosControlFlag(AuthConfig.LoginModuleControlFlag controlFlag)
AuthConfig.Builder	kerberosControlFlag(String controlFlag)
AuthConfig.Builder	kerberosDebug(boolean debug)
AuthConfig.Builder	kerberosDoNotPrompt(boolean doNotPrompt)
AuthConfig.Builder	kerberosEnabled(boolean enabled)
AuthConfig.Builder	kerberosIsInitiator(boolean isInitiator)
AuthConfig.Builder	kerberosKeyTab(@Nullable String keyTab)
AuthConfig.Builder	kerberosLoginModuleClassName(String className)
AuthConfig.Builder	kerberosOption(String name, String value)
AuthConfig.Builder	kerberosOptions(Map<String,String> options)
AuthConfig.Builder	kerberosPrincipal(@Nullable String principal)
AuthConfig.Builder	kerberosRefreshKrb5Config(boolean refreshKrb5Config)
AuthConfig.Builder	kerberosRenewTgt(boolean renewTgt)
AuthConfig.Builder	kerberosStoreKey(boolean storeKey)
AuthConfig.Builder	kerberosTicketCache(@Nullable String ticketCache)
AuthConfig.Builder	kerberosUseKeyTab(boolean useKeyTab)
AuthConfig.Builder	kerberosUseTicketCache(boolean useTicketCache)
AuthConfig.Builder	ldapAuthIdentity(@Nullable String authIdentity)
AuthConfig.Builder	ldapAuthzIdentity(@Nullable String authzIdentity)
AuthConfig.Builder	ldapControlFlag(AuthConfig.LoginModuleControlFlag controlFlag)
AuthConfig.Builder	ldapControlFlag(String controlFlag)
AuthConfig.Builder	ldapEnabled(boolean enabled)
AuthConfig.Builder	ldapOption(String name, String value)
AuthConfig.Builder	ldapOptions(Map<String,String> options)
AuthConfig.Builder	ldapUserFilter(@Nullable String userFilter)
AuthConfig.Builder	ldapUserProvider(String userProvider)
AuthConfig.Builder	ldapUseSsl(boolean useSsl)
AuthConfig.Builder	rolePrefix(String prefix)	Set the role prefix to strip.
AuthConfig.Builder	roleSeparator(String separator)	Set the separator for multiple roles.
AuthConfig.Builder	rolesHeader(String header)	Set the header name for roles.
AuthConfig.Builder	tokenEnabled(boolean enabled)
AuthConfig.Builder	trustedGatewayAddresses(Set<String> addresses)	Replace the trusted gateway source address allow-list.
AuthConfig.Builder	userHeader(String header)	Set the header name for username.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Builder

public Builder()

Method Details

enabled

public AuthConfig.Builder enabled(boolean enabled)

Enable or disable authorization.

Parameters:

enabled - true to enable authorization

Returns:

this builder

gatewayTrust

public AuthConfig.Builder gatewayTrust(boolean trust)

Set whether to trust gateway-forwarded headers.

Parameters:

trust - true to trust forwarded headers

Returns:

this builder

userHeader

public AuthConfig.Builder userHeader(String header)

Set the header name for username.

Parameters:

header - the header name (must not be null)

Returns:

this builder

rolesHeader

public AuthConfig.Builder rolesHeader(String header)

Set the header name for roles.

Parameters:

header - the header name (must not be null)

Returns:

this builder

rolePrefix

public AuthConfig.Builder rolePrefix(String prefix)

Set the role prefix to strip.

Parameters:

prefix - the prefix (must not be null)

Returns:

this builder

roleSeparator

public AuthConfig.Builder roleSeparator(String separator)

Set the separator for multiple roles.

Parameters:

separator - the separator (must not be null)

Returns:

this builder

trustedGatewayAddresses

public AuthConfig.Builder trustedGatewayAddresses(Set<String> addresses)

Replace the trusted gateway source address allow-list.

Parameters:

addresses - source IP addresses/hostnames that may forward auth headers

Returns:

this builder

addTrustedGatewayAddress

public AuthConfig.Builder addTrustedGatewayAddress(String address)

Add a trusted gateway source address.

Parameters:

address - source IP address/hostname

Returns:

this builder

addRole

public AuthConfig.Builder addRole(String name,
 Set<String> permissions)

Add a role with its permissions.

Parameters:

name - the role name (must not be null)

permissions - the set of permissions (must not be null)

Returns:

this builder

addRole

public AuthConfig.Builder addRole(String name,
 Set<String> permissions,
 Set<AuthConfig.PermissionConfig> permissionConfigs)

Add a role with command permissions and fine-grained scoped permissions.

Parameters:

name - the role name (must not be null)

permissions - command permissions (must not be null)

permissionConfigs - scoped permission configs (must not be null)

Returns:

this builder

addRolePermissionConfig

public AuthConfig.Builder addRolePermissionConfig(String name,
 AuthConfig.PermissionConfig permissionConfig)

Add a fine-grained permission config to a role, creating the role if needed.

Parameters:

name - the role name (must not be null)

permissionConfig - scoped permission config (must not be null)

Returns:

this builder

addRoleEndpoints

public AuthConfig.Builder addRoleEndpoints(String name,
 Set<String> endpoints)

Add CIDR-bounded endpoint restrictions to a role, creating the role if needed. An empty endpoint set leaves the role unbounded.

Parameters:

name - the role name (must not be null)

endpoints - endpoint CIDRs or "*" (must not be null)

Returns:

this builder

addRoleEndpoint

public AuthConfig.Builder addRoleEndpoint(String name,
 String endpoint)

Add a CIDR-bounded endpoint restriction to a role.

Parameters:

name - the role name (must not be null)

endpoint - endpoint CIDR or "*" (must not be null)

Returns:

this builder

addRole

public AuthConfig.Builder addRole(String name,
 Set<String> permissions,
 Set<AuthConfig.PermissionConfig> permissionConfigs,
 Set<AuthConfig.EndpointConfig> endpoints)

Add a role with command permissions, fine-grained scoped permissions, and endpoints.

Parameters:

name - the role name (must not be null)

permissions - command permissions (must not be null)

permissionConfigs - scoped permission configs (must not be null)

endpoints - endpoint CIDRs or "*" (must not be null)

Returns:

this builder

addRole

public AuthConfig.Builder addRole(String name,
 String... permissions)

Add a role with its permissions.

Parameters:

name - the role name (must not be null)

permissions - the permissions (must not be empty)

Returns:

this builder

addAdminRole

public AuthConfig.Builder addAdminRole(String name)

Add an admin role with full permissions.

Parameters:

name - the role name (must not be null)

Returns:

this builder

addCertPermission

public AuthConfig.Builder addCertPermission(String cnPattern,
 String permissionLevel)

Add a certificate CN pattern to permission level mapping.

Parameters:

cnPattern - the CN pattern (exact or wildcard like "cluster-*", must not be null)

permissionLevel - the permission level string: "READ_ONLY", "READ_WRITE", or "ADMIN" (must not be null)

Returns:

this builder

Throws:

IllegalArgumentException - if permissionLevel is not a valid level

jaasEnabled

public AuthConfig.Builder jaasEnabled(boolean enabled)

jaasLoginContextName

public AuthConfig.Builder jaasLoginContextName(String loginContextName)

addJaasLoginModule

public AuthConfig.Builder addJaasLoginModule(String className)

addJaasLoginModule

public AuthConfig.Builder addJaasLoginModule(String className,
 String controlFlag,
 Map<String,String> options)

addJaasLoginModule

public AuthConfig.Builder addJaasLoginModule(String className,
 AuthConfig.LoginModuleControlFlag controlFlag,
 Map<String,String> options)

jaasRolePrincipalClassNames

public AuthConfig.Builder jaasRolePrincipalClassNames(Set<String> classNames)

addJaasRolePrincipalClassName

public AuthConfig.Builder addJaasRolePrincipalClassName(String className)

ldapEnabled

public AuthConfig.Builder ldapEnabled(boolean enabled)

ldapUserProvider

public AuthConfig.Builder ldapUserProvider(String userProvider)

ldapAuthIdentity

public AuthConfig.Builder ldapAuthIdentity(@Nullable String authIdentity)

ldapUserFilter

public AuthConfig.Builder ldapUserFilter(@Nullable String userFilter)

ldapAuthzIdentity

public AuthConfig.Builder ldapAuthzIdentity(@Nullable String authzIdentity)

ldapUseSsl

public AuthConfig.Builder ldapUseSsl(boolean useSsl)

ldapControlFlag

public AuthConfig.Builder ldapControlFlag(String controlFlag)

ldapControlFlag

public AuthConfig.Builder ldapControlFlag(AuthConfig.LoginModuleControlFlag controlFlag)

ldapOption

public AuthConfig.Builder ldapOption(String name,
 String value)

ldapOptions

public AuthConfig.Builder ldapOptions(Map<String,String> options)

kerberosEnabled

public AuthConfig.Builder kerberosEnabled(boolean enabled)

kerberosLoginModuleClassName

public AuthConfig.Builder kerberosLoginModuleClassName(String className)

kerberosPrincipal

public AuthConfig.Builder kerberosPrincipal(@Nullable String principal)

kerberosKeyTab

public AuthConfig.Builder kerberosKeyTab(@Nullable String keyTab)

kerberosUseKeyTab

public AuthConfig.Builder kerberosUseKeyTab(boolean useKeyTab)

kerberosStoreKey

public AuthConfig.Builder kerberosStoreKey(boolean storeKey)

kerberosUseTicketCache

public AuthConfig.Builder kerberosUseTicketCache(boolean useTicketCache)

kerberosTicketCache

public AuthConfig.Builder kerberosTicketCache(@Nullable String ticketCache)

kerberosRenewTgt

public AuthConfig.Builder kerberosRenewTgt(boolean renewTgt)

kerberosDoNotPrompt

public AuthConfig.Builder kerberosDoNotPrompt(boolean doNotPrompt)

kerberosIsInitiator

public AuthConfig.Builder kerberosIsInitiator(boolean isInitiator)

kerberosRefreshKrb5Config

public AuthConfig.Builder kerberosRefreshKrb5Config(boolean refreshKrb5Config)

kerberosDebug

public AuthConfig.Builder kerberosDebug(boolean debug)

kerberosControlFlag

public AuthConfig.Builder kerberosControlFlag(String controlFlag)

kerberosControlFlag

public AuthConfig.Builder kerberosControlFlag(AuthConfig.LoginModuleControlFlag controlFlag)

kerberosOption

public AuthConfig.Builder kerberosOption(String name,
 String value)

kerberosOptions

public AuthConfig.Builder kerberosOptions(Map<String,String> options)

tokenEnabled

public AuthConfig.Builder tokenEnabled(boolean enabled)

addToken

public AuthConfig.Builder addToken(String token,
 String username,
 Set<String> roleNames)

addToken

public AuthConfig.Builder addToken(byte[] token,
 String username,
 Set<String> roleNames)

addTokenHash

public AuthConfig.Builder addTokenHash(String sha256Hex,
 String username,
 Set<String> roleNames)

build

public AuthConfig build()

Build the AuthConfig instance.

Returns:

a new AuthConfig

Throws:

IllegalArgumentException - if enabled but no role, certificate, or JAAS mapping is defined