Authorization in Helidon MP

Question

Helidon uses annotations like @RoleValidator.Roles({“my_admins”, “test”}) to do the authorization. I am wondering if there is a way to do authorization differently using configuration settings for paths, for example.

Basically, the question is. Is there a way to use configuration instead of annotation to authorize requests to particular endpoints?

If yes, would it be possible to get the SecurityContext like in a case of annotation? Example with multiple roles for one endpoint would be helpful

I am successfully using annotations but in some cases it is not convenient

Answer 1

You should be able to do what you want using configuration instead of annotations. It would look similar to what our documentation describes here: https://helidon.io/docs/latest/index.html#/se/guides/security-oidc#Restrict-access-to-a-specific-role

You might not even use the annotations given your use case.

You would define the user-to-roles mapping however makes sense for you (Helidon config would work as would some other provider) and then use Helidon config to set up each endpoint's roles-allowed setting as needed.

As you are using Helidon MP, you could for example add something like this to your META-INF/microprofile-config.properties file:

web-server.paths.0.path=/greet
web-server.paths.0.methods=get
web-server.paths.0.roles-allowed=admin,dev
web-server.paths.0.authenticate=true

(These particular settings are drawn from Helidon's MP QuickStart example but you get the idea.)