Refactor inbound authentication with custom provider and handlers

examples/secured-client-with-basic-auth/secured_client_with_basic_auth.bal

@@ -1,3 +1,4 @@
+import ballerina/auth;
 import ballerina/config;
 import ballerina/http;
 import ballerina/log;
@@ -30,14 +31,14 @@ public function main() {
     }
 }
 
-// Create a basic authentication provider with the relevant configurations.
-http:AuthProvider basicAuthProvider = {
-    scheme: http:BASIC_AUTH,
-    authStoreProvider: http:CONFIG_AUTH_STORE
-};
+// Create a basic authentication handler with the relevant configurations.
+auth:ConfigAuthStoreProvider basicAuthProvider = new;
+http:BasicAuthnHandler basicAuthnHandler = new(basicAuthProvider);
 
 listener http:Listener ep  = new(9090, config = {
-    authProviders: [basicAuthProvider],
+    auth: {
+        authnHandlers: [basicAuthnHandler]
+    },
     secureSocket: {
         keyStore: {
             path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
@@ -48,8 +49,8 @@ listener http:Listener ep  = new(9090, config = {
 
 @http:ServiceConfig {
     basePath: "/hello",
-    authConfig: {
-        authentication: { enabled: true }
+    auth: {
+        enabled: true
     }
 }
 service echo on ep {

examples/secured-client-with-jwt-auth/secured_client_with_jwt_auth.bal

@@ -1,3 +1,4 @@
+import ballerina/auth;
 import ballerina/http;
 import ballerina/log;
 import ballerina/runtime;
@@ -37,22 +38,25 @@ public function main() {
     }
 }
 
-// Create a JWT authentication provider with the relevant configurations.
-http:AuthProvider jwtAuthProvider = {
-    scheme: http:JWT_AUTH,
-    config: {
-        issuer: "ballerina",
-        audience: ["ballerina.io"],
-        certificateAlias: "ballerina",
-        trustStore: {
-            path: "${ballerina.home}/bre/security/ballerinaTruststore.p12",
-            password: "ballerina"
-        }
+// Create a JWT authentication provider with the relevant configuration
+// parameters.
+auth:JWTAuthProvider jwtAuthProvider = new({
+    issuer: "ballerina",
+    audience: ["ballerina.io"],
+    certificateAlias: "ballerina",
+    trustStore: {
+        path: "${ballerina.home}/bre/security/ballerinaTruststore.p12",
+        password: "ballerina"
     }
-};
+});
+
+// Create a JWT authentication handler with the created JWT auth provider
+http:JwtAuthnHandler jwtAuthnHandler = new(jwtAuthProvider);
 
 listener http:Listener ep = new(9090, config = {
-    authProviders: [jwtAuthProvider],
+    auth: {
+        authnHandlers: [jwtAuthnHandler]
+    },
     secureSocket: {
         keyStore: {
             path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
@@ -63,8 +67,8 @@ listener http:Listener ep = new(9090, config = {
 
 @http:ServiceConfig {
     basePath: "/hello",
-    authConfig: {
-        authentication: { enabled: true }
+    auth: {
+        enabled: true
     }
 }
 service echo on ep {

examples/secured-service-with-basic-auth/secured_service_with_basic_auth.bal

@@ -1,17 +1,20 @@
+import ballerina/auth;
 import ballerina/http;
 import ballerina/log;
 
-http:AuthProvider basicAuthProvider = {
-    scheme: http:BASIC_AUTH,
-    authStoreProvider: http:CONFIG_AUTH_STORE
-};
+// Create a Basic authentication handler with the relevant configuration
+// parameters.
+auth:ConfigAuthStoreProvider basicAuthProvider = new;
+http:BasicAuthnHandler basicAuthnHandler = new(basicAuthProvider);
 
 // The endpoint used here is `http:Listener`, which by default tries to
 // authenticate and authorize each request. The developer has the option to
 // override the authentication and authorization at the service level and
 // resource level.
 listener http:Listener ep = new(9090, config = {
-    authProviders: [basicAuthProvider],
+    auth: {
+        authnHandlers: [basicAuthnHandler]
+    },
     // The secure hello world sample uses https.
     secureSocket: {
         keyStore: {
@@ -23,14 +26,13 @@ listener http:Listener ep = new(9090, config = {
 
 @http:ServiceConfig {
     basePath: "/hello",
-    authConfig: {
-        authentication: { enabled: true },
+    auth: {
         scopes: ["scope1"]
     }
 }
 // Auth configuration comprises of two parts - authentication & authorization.
-// Authentication can be enabled by setting the `authentication:{enabled:true}`
-// annotation attribute. 
+// Authentication can be disabled by setting the `enabled: flag` annotation
+// attribute, if needed.
 // Authorization is based on scopes, where a scope maps to one or more groups.
 // For a user to access a resource, the user should be in the same groups as
 // the scope.
@@ -41,15 +43,15 @@ service echo on ep {
     @http:ResourceConfig {
         methods: ["GET"],
         path: "/sayHello",
-        authConfig: {
+        auth: {
             scopes: ["scope2"]
         }
     }
     // The authentication and authorization settings can be overridden at
     // resource level.
-    // The hello resource would inherit the `authentication:{enabled:true}`
-    // flag from the service level, and override the scope defined in the
-    // service level (i.e., scope1) with scope2.
+    // The hello resource would inherit the `enabled: true` flag from the
+    // service level which is set automatically, and override the scope
+    // defined in the service level (i.e., scope1) with scope2.
     resource function hello(http:Caller caller, http:Request req) {
         error? result = caller->respond("Hello, World!!!");
         if (result is error) {

examples/secured-service-with-jwt/secured_service_with_jwt.bal

@@ -1,26 +1,30 @@
+import ballerina/auth;
 import ballerina/http;
 import ballerina/log;
 
 // Create a JWT authentication provider with the relevant configuration
 // parameters. 
-http:AuthProvider jwtAuthProvider = {
-    scheme: http:JWT_AUTH,
-    config: {
-        issuer:"ballerina",
-        audience: ["ballerina.io"],
-        certificateAlias: "ballerina",
-        trustStore: {
-            path: "${ballerina.home}/bre/security/ballerinaTruststore.p12",
-            password: "ballerina"
-        }
+auth:JWTAuthProvider jwtAuthProvider = new({
+    issuer: "ballerina",
+    audience: ["ballerina.io"],
+    certificateAlias: "ballerina",
+    trustStore: {
+        path: "${ballerina.home}/bre/security/ballerinaTruststore.p12",
+        password: "ballerina"
     }
-};
+});
+
+// Create a JWT authentication handler with the created JWT auth provider
+http:JwtAuthnHandler jwtAuthnHandler = new(jwtAuthProvider);
+
 // The endpoint used here is `http:Listener`. The JWT authentication
-// provider is set to this endpoint using the `authProviders` attribute. The
+// handler is set to this endpoint using the `authnHandlers` attribute. The
 // developer has the option to override the authentication and authorization
 // at the service and resource levels.
 listener http:Listener ep = new(9090, config = {
-    authProviders:[jwtAuthProvider],
+    auth: {
+        authnHandlers: [jwtAuthnHandler]
+    },
     // The secure hello world sample uses https.
     secureSocket: {
         keyStore: {
@@ -31,14 +35,10 @@ listener http:Listener ep = new(9090, config = {
 });
 
 @http:ServiceConfig {
-    basePath: "/hello",
-    authConfig: {
-        authentication: { enabled: true }
-    }
+    basePath: "/hello"
 }
 // Auth configuration comprises of two parts - authentication & authorization.
-// Authentication can be enabled by setting the `authentication:{enabled:true}`
-// flag.
+// Authentication can be disabled by setting the `enabled: false` flag, if needed.
 // Authorization is based on scopes, where a scope maps to one or more groups.
 // For a user to access a resource, the user should be in the same groups as
 // the scope.
@@ -48,14 +48,15 @@ service echo on ep {
     @http:ResourceConfig {
         methods: ["GET"],
         path: "/sayHello",
-        authConfig: {
+        auth: {
             scopes: ["hello"]
         }
     }
     // The authentication and authorization settings can be overridden at
     // resource level.
-    // The hello resource would inherit the `authentication:{enabled:true}` flag
-    // from the service level, and define `hello` as the scope for the resource.
+    // The hello resource would inherit the `enabled: true` flag from the
+    // service level which is set automatically, and define `hello` as the
+    // scope for the resource.
     resource function hello(http:Caller caller, http:Request req) {
         error? result = caller->respond("Hello, World!!!");
         if (result is error) {

language-server/modules/langserver-core/src/test/resources/command/source/testgen/module2/services.bal

@@ -1,6 +1,6 @@
+import ballerina/auth;
 import ballerina/http;
 import ballerina/io;
-import ballerina/websub;
 
 service httpService on new http:Listener(9090) {
     resource function sayHello(http:Caller caller, http:Request request) {
@@ -32,32 +32,32 @@ service wssService on securedListener2 {
     }
 }
 
-http:AuthProvider basicAuthProvider = {
-    scheme: http:BASIC_AUTH,
-    authStoreProvider: http:CONFIG_AUTH_STORE
-};
+auth:ConfigAuthStoreProvider basicAuthProvider1 = new;
+auth:ConfigAuthStoreProvider basicAuthProvider2 = new;
 
-http:AuthProvider basicAuthProvider2 = {
-    scheme: http:BASIC_AUTH,
-    authStoreProvider: http:CONFIG_AUTH_STORE
-};
+http:BasicAuthnHandler basicAuthnHandler1 = new(basicAuthProvider1);
+http:BasicAuthnHandler basicAuthnHandler2 = new(basicAuthProvider2);
 
 listener http:Listener securedListener = new(9090, config = {
-    authProviders: [basicAuthProvider],
-    secureSocket: {
-        keyStore: {
-            path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
-            password: "ballerina"
+        auth: {
+            authnHandlers: [basicAuthnHandler1]
+        },
+        secureSocket: {
+            keyStore: {
+                path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
+                password: "ballerina"
+            }
         }
-    }
-});
+    });
 
 listener http:WebSocketListener securedListener2 = new(9090, config = {
-    authProviders: [basicAuthProvider],
-    secureSocket: {
-        keyStore: {
-            path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
-            password: "ballerina"
+        auth: {
+            authnHandlers: [basicAuthnHandler2]
+        },
+        secureSocket: {
+            keyStore: {
+                path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
+                password: "ballerina"
+            }
         }
-    }
-});
+    });

language-server/modules/langserver-core/src/test/resources/command/testGenerationForServicesNegative.json

@@ -2,8 +2,8 @@
     "cases": [
         {
             "arguments": {
-                "node.line": 34,
-                "node.column": 20
+                "node.line": 35,
+                "node.column": 30
             },
             "expected": {
                 "imports": [],

language-server/modules/langserver-core/src/test/resources/completion/annotation/serviceAnnotation3.json

@@ -62,20 +62,20 @@
       "insertTextFormat": "Snippet"
     },
     {
-      "label": "authConfig",
+      "label": "auth",
       "kind": "Field",
       "detail": "Field",
       "sortText": "120",
-      "insertText": "authConfig: ${1:{}} // Values allowed: ballerina/http:ListenerAuthConfig|()",
+      "insertText": "auth: {\n\t${1}\n}",
       "insertTextFormat": "Snippet"
     },
     {
       "label": "Add All Attributes",
       "kind": "Property",
       "detail": "none",
       "sortText": "110",
-      "insertText": "endpoints: [],\nhost: \"\",\nbasePath: \"\",\ncompression: {},\nchunking: \"AUTO\", // Values allowed: AUTO|ALWAYS|NEVER,\ncors: {},\nversioning: {},\nauthConfig: {} // Values allowed: ballerina/http:ListenerAuthConfig|()",
+      "insertText": "endpoints: [],\nhost: \"\",\nbasePath: \"\",\ncompression: {},\nchunking: \"AUTO\", // Values allowed: AUTO|ALWAYS|NEVER,\ncors: {},\nversioning: {},\nauth: {}",
       "insertTextFormat": "Snippet"
     }
   ]
-}
+}