Package eu.rarogsoftware.rarog.platform.api.security.secrets

Interface HttpClientAuthConfigService

All Superinterfaces:
AuthConfigService<HttpClientAuthConfigService.AuthConfig>
All Known Implementing Classes:
DefaultHttpClientAuthConfigService
public interface HttpClientAuthConfigService extends AuthConfigService<HttpClientAuthConfigService.AuthConfig>
This service enables support for stored credentials when using HttpClient.

Service resolves provided authentication data to valid visitor of type HttpClientAuthConfigService.AuthConfig, which when applied on HttpClient and HttpRequest, adds all necessary credentials to request and client. It removes burden of managing credentials from developers and move it to system.

Authentication string must follow syntax: <method>:<method_data>. Where <method> is one of supported authentication methods for HttpClient and <method_data> are data necessary for this method. Parameters follow syntax <parameter1>=<value1>,<parameter2>=<value2>, unless specified otherwise. Special characters `,=` in parameters can be escaped with backslash character `\`. Double backslash `\\` will be translated to single backslash.

Alternative format for authentication data is parameters map. It supports any kind of data. It is used primary for credentials data, that cannot be stored as authentication string and for internal purposes. Each parameters map have required entry method which is the equivalent of method from authentication string. All other data in map translates to method parameters.

Currently supported auth methods are:

  • client_cert - which gives support for TLS mutual authentication.
  • auth which - gives support for Authentication header.
  • build_in - which resolves to one of other methods for which configuration is embedded into system.
  • vault - which resolves to one of other methods for which configuration is stored in secure vault (if supported).

Authentication method client_cert supports following parameters:

  • cert - which should point to X.509 certificate file (required)
  • privkey - which should point to PKCS8 private key file (required)
  • password_file - which should point to file with password to certificate or private key (optional)
  • password - which should be password to certificate or private key (optional)
  • cert_bytes - certificate passed as byte array (alternative to cert). Supported only in parameters map.
  • privkey_bytes - private key passed as byte array (alternative to privkey). Supported only in parameters map.
Example: `client_cert:cert_file=/ssl/app.crt,privatekey_file=/ssl/key.pem,password=MyPassword`

Authentication method auth do not support parameters syntax in auth string, but expects content of Authorization header as parameter. Example `auth:Token your_token`. For parameters map use value parameter to pass header value.

Authentication method vault do not support parameters syntax in auth string, but expects storage key of credential to retrieve from vault. For parameters map use value parameter to pass storage key.