Http digest authentication security provider
http-digest-authThis type provides the following service implementations:
-
io.helidon.security.spi.SecurityProvider -
io.helidon.security.spi.AuthenticationProvider
Configuration options
| key | type | default value | description |
|---|---|---|---|
|
Algorithm (MD5) |
|
Digest algorithm to use. Allowed values:
|
|
long |
|
How long will the nonce value be valid. When timed-out, browser will re-request username/password. |
|
boolean |
|
Whether authentication is required. By default, request will fail if the authentication cannot be verified. If set to false, request will process and this provider will abstain. |
|
SubjectType (USER, SERVICE) |
|
Principal type this provider extracts (and also propagates). |
|
Qop (NONE, AUTH) |
|
Only Allowed values:
|
|
string |
|
Set the realm to use when challenging users. |
|
string |
|
The nonce is encrypted using this secret - to make sure the nonce we get back was generated by us and to make sure we can safely time-out nonce values. This secret must be the same for all service instances (or all services that want to share the same authentication). Defaults to a random password - e.g. if deployed to multiple servers, the authentication WILL NOT WORK. You MUST provide your own password to work in a distributed environment with non-sticky load balancing. |
|
|
Set user store to obtain passwords and roles based on logins. |