Security (security) Configuration

Configuration of security providers, integration and other security options

Type: io.helidon.security.Security

This is a standalone configuration type, prefix from configuration root: security

Configuration options

Table 1. Required configuration options
key	type	default value	description
`providers`	io.helidon.security.spi.SecurityProvider[] (service provider interface) Such as: idcs-role-mapper (IdcsRoleMapperProvider) config-vault (ConfigVaultProvider) jwt (JwtProvider) http-basic-auth (HttpBasicAuthProvider) idcs-role-mapper (IdcsMtRoleMapperProvider) google-login (GoogleTokenProvider) oidc (OidcProvider) http-digest-auth (HttpDigestAuthProvider) header-atn (HeaderAtnProvider) abac (AbacProvider)		Add a provider, works as addProvider(io.helidon.security.spi.SecurityProvider, String), where the name is set to `Class#getSimpleName()`.

Table 2. Optional configuration options
key	type	default value	description
`default-authentication-provider`	string (service provider interface)		ID of the default authentication provider
`default-authorization-provider`	string		ID of the default authorization provider
`enabled`	boolean	`true`	Security can be disabled using configuration, or explicitly. By default, security instance is enabled. Disabled security instance will not perform any checks and allow all requests.
`environment.server-time`	SecurityTime		Server time to use when evaluating security policies that depend on time.
`provider-policy.class-name`	Class		Provider selection policy class name, only used when type is set to CLASS
`provider-policy.type`	ProviderSelectionPolicyType (FIRST, COMPOSITE, CLASS)	`FIRST`	Type of the policy. Allowed values: `FIRST`: Choose first provider from the list by default. Choose provider with the name defined when explicit provider requested. `COMPOSITE`: Can compose multiple providers together to form a single logical provider. `CLASS`: Explicit class for a custom ProviderSelectionPolicyType.
`secrets`	Map<string, string> (documented for specific cases)		Configured secrets
`secrets.*.config`	io.helidon.security.SecretsProviderConfig (service provider interface) Such as: SecretConfig		Configuration specific to the secret provider
`secrets.*.name`	string		Name of the secret, used for lookup
`secrets.*.provider`	string		Name of the secret provider
`tracing.enabled`	boolean	`true`	Whether or not tracing should be enabled. If set to false, security tracer will be a no-op tracer.