manger
diff --git a/‎CHANGELOG.md‎
Lines changed: 14 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎archetypes/helidon/src/main/archetype/common/common.xml‎
Lines changed: 8 additions & 1 deletion b/‎archetypes/helidon/src/main/archetype/common/common.xml‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎archetypes/helidon/src/main/archetype/common/files/application.abac.yaml‎
Lines changed: 34 additions & 34 deletions b/‎archetypes/helidon/src/main/archetype/common/files/application.abac.yaml‎
Lines changed: 34 additions & 34 deletions
diff --git a/‎archetypes/helidon/src/main/archetype/common/observability.xml‎
Lines changed: 15 additions & 13 deletions b/‎archetypes/helidon/src/main/archetype/common/observability.xml‎
Lines changed: 15 additions & 13 deletions
diff --git a/‎archetypes/helidon/src/main/archetype/common/security.xml‎
Lines changed: 31 additions & 35 deletions b/‎archetypes/helidon/src/main/archetype/common/security.xml‎
Lines changed: 31 additions & 35 deletions
diff --git a/‎archetypes/helidon/src/main/archetype/se/common/common-se.xml‎
Lines changed: 7 additions & 4 deletions b/‎archetypes/helidon/src/main/archetype/se/common/common-se.xml‎
Lines changed: 7 additions & 4 deletions
diff --git a/‎archetypes/helidon/src/main/archetype/se/common/files/src/main/resources/application.yaml.mustache‎
Lines changed: 6 additions & 6 deletions b/‎archetypes/helidon/src/main/archetype/se/common/files/src/main/resources/application.yaml.mustache‎
Lines changed: 6 additions & 6 deletions
@@ -11,6 +11,20 @@ For Helidon 2.x releases please see [Helidon 2.x CHANGELOG.md](https://github.co
 
 For Helidon 1.x releases please see [Helidon 1.x CHANGELOG.md](https://github.com/oracle/helidon/blob/helidon-1.x/CHANGELOG.md)
 
+## [4.0.0]
+
+* WebServer no longer falls back to the default routing for additional sockets (in Helidon SE)
+* Introduced `ServerFeature` concept, server feature can access routing builders for all sockets on WebServer
+* SecurityFeature is now a WebServer feature
+* ContextFeature is now a WebServer feature
+* ObserveFeature is now a WebServer feature
+* OpenApiFeature is now a WebServer feature
+* CorsFeature is a new WebServer feature
+* TracingFeature is now an observability feature
+* Features use common config dependency - can still pass `io.helidon.Config` instance to them, only changes in SPI
+* Metrics in SE now require user in `observe` role, or `metrics.permit-all` set to `true`, otherwise 403 is returned
+* OpeanAPI in SE now requires user in `openapi` role, or `openapi.permit-all` set to `true`, otherwise 403 is returned
+
 ## [4.0.0-RC1]
 
 This is the first RC build of Helidon 4.0.0 and is intended as a preview release only. Do not use this release in production. It is suitable only for experimentation. APIs are subject to change. Documentation is incomplete. And some functionality is experimental.
 
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 
-    Copyright (c) 2021, 2022 Oracle and/or its affiliates.
+    Copyright (c) 2021, 2023 Oracle and/or its affiliates.
 
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
@@ -54,6 +54,13 @@
         </templates>
         <model>
             <value key="dot-helidon-schema-version">1.1.0</value>
+            <list key="dependencies">
+                <map>
+                    <value key="groupId">io.helidon.logging</value>
+                    <value key="artifactId">helidon-logging-jul</value>
+                    <value key="scope">runtime</value>
+                </map>
+            </list>
         </model>
     </output>
 </archetype-script>
@@ -1,34 +1,34 @@
-    - abac:
-        # prepares environment
-        # executes attribute validations
-        # validates that attributes were processed
-        # grants/denies access to resource
-        #
-        ####
-        # Combinations:
-        # # Will fail if any attribute is not validated and if any has failed validation
-        # fail-on-unvalidated: true
-        # fail-if-none-validated: true
-        #
-        # # Will fail if there is one or more attributes present and NONE of them is validated or if any has failed validation
-        # # Will NOT fail if there is at least one validated attribute and any number of not validated attributes (and NONE failed)
-        # fail-on-unvalidated: false
-        # fail-if-none-validated: true
-        #
-        # # Will fail if there is any attribute that failed validation
-        # # Will NOT fail if there are no failed validation or if there are NONE validated
-        # fail-on-unvalidated: false
-        # fail-if-none-validated: false
-        ####
-        # fail if an attribute was not validated (e.g. we do not know, whether it is valid or not)
-        # defaults to true
-        fail-on-unvalidated: true
-        # fail if none of the attributes were validated
-        # defaults to true
-        fail-if-none-validated: true
-#        policy-validator:
-#          validators:
-#          - class: "io.helidon.security.abac.policy.DefaultPolicyValidator"
-#          my-custom-policy-engine:
-#            some-key: "some value"
-#            another-key: "another value"
+  - abac:
+    # prepares environment
+    # executes attribute validations
+    # validates that attributes were processed
+    # grants/denies access to resource
+    #
+    ####
+    # Combinations:
+    # # Will fail if any attribute is not validated and if any has failed validation
+    # fail-on-unvalidated: true
+    # fail-if-none-validated: true
+    #
+    # # Will fail if there is one or more attributes present and NONE of them is validated or if any has failed validation
+    # # Will NOT fail if there is at least one validated attribute and any number of not validated attributes (and NONE failed)
+    # fail-on-unvalidated: false
+    # fail-if-none-validated: true
+    #
+    # # Will fail if there is any attribute that failed validation
+    # # Will NOT fail if there are no failed validation or if there are NONE validated
+    # fail-on-unvalidated: false
+    # fail-if-none-validated: false
+    ####
+    # fail if an attribute was not validated (e.g. we do not know, whether it is valid or not)
+    # defaults to true
+    fail-on-unvalidated: true
+    # fail if none of the attributes were validated
+    # defaults to true
+    fail-if-none-validated: true
+#      policy-validator:
+#        validators:
+#        - class: "io.helidon.security.abac.policy.DefaultPolicyValidator"
+#        my-custom-policy-engine:
+#          some-key: "some value"
+#          another-key: "another value"
@@ -255,9 +255,6 @@ curl -H 'Accept: application/json' -X GET http://localhost:8080/metrics
                                 <list key="Main-helidon-imports" if="${flavor} == 'se'">
                                     <value>io.helidon.webserver.observe.ObserveFeature</value>
                                 </list>
-                                <list key="Main-routing-builder" if="${flavor} == 'se'">
-                                    <value>.addFeature(ObserveFeature.create())</value>
-                                </list>
                                 <list key="dependencies">
                                     <map if="${flavor} == 'se'">
                                         <value key="groupId">io.helidon.webserver.observe</value>
@@ -303,6 +300,21 @@ curl -H 'Accept: application/json' -X GET http://localhost:8080/metrics
                             </model>
                         </output>
                     </boolean>
+                    <output>
+                        <model>
+                            <list key="application-yaml-entries">
+                                <value><![CDATA[
+metrics:
+  permit-all: true
+                                ]]></value>
+                            </list><list key="config-test">
+                                <value><![CDATA[
+metrics:
+  permit-all: true
+                                ]]></value>
+                            </list>
+                        </model>
+                    </output>
                 </inputs>
             </boolean>
             <boolean id="health"
@@ -324,16 +336,6 @@ curl -H 'Accept: application/json' -X GET http://localhost:8080/metrics
                                         <value key="artifactId">helidon-microprofile-health</value>
                                     </map>
                                 </list>
-                                <list key="Main-createRouting" if="${flavor} == 'mp'">
-                                    <value template="mustache" order="0"><![CDATA[
-        HealthObserver health = HealthObserver.builder()
-                .addChecks(HealthChecks.healthChecks()) // Adds a convenient set of checks
-{{#Main-healthBuilder}}
-{{.}}
-{{/Main-healthBuilder}}
-                .build();]]>
-                                    </value>
-                                </list>
                                 <list key="MainTest-methods" if="${flavor} == 'mp'">
                                     <value><![CDATA[
     @Test
 
@@ -63,10 +63,10 @@
         identity-uri: "https://your-tenant-id.identity.oracle.com"]]></value>
                                     </list>
                                     <list key="paths-config-entries">
-                                        <value if="${flavor} == 'se'"><![CDATA[      - path: "/rest/profile"
-        methods: ["get"]
-        authenticate: true
-        roles-allowed: ["my_admins"]]]></value>
+                                        <value if="${flavor} == 'se'"><![CDATA[   - path: "/rest/profile"
+             methods: ["get"]
+             authenticate: true
+             roles-allowed: ["my_admins"]]]></value>
                                     </list>
                                     <list key="dependencies">
                                         <map if="${flavor} == 'mp'">
@@ -85,12 +85,6 @@
                                             <value key="groupId">io.helidon.config</value>
                                             <value key="artifactId">helidon-config-encryption</value>
                                         </map>
-                                        <map if="${flavor} == 'se'">
-                                            <value key="groupId">io.smallrye</value>
-                                            <value key="artifactId">jandex</value>
-                                            <value key="scope">runtime</value>
-                                            <value key="optional">true</value>
-                                        </map>
                                     </list>
                                     <list key="Main-java-imports" if="${flavor} == 'se'">
                                         <value>java.util.Optional</value>
@@ -104,21 +98,23 @@
                                         <value>io.helidon.webserver.security.SecurityFeature</value>
                                         <value>io.helidon.security.providers.oidc.OidcFeature</value>
                                     </list>
-                                    <list key="Main-routing" if="${flavor} == 'se'">
+                                    <list key="Main-main" if="${flavor} == 'se'">
                                         <value><![CDATA[
         Security security = Security.create(config.get("security"));
         // this is needed for proper encryption/decryption of cookies
         Contexts.globalContext().register(security);
-
+]]></value>
+                                    </list>
+                                    <list key="Main-routing" if="${flavor} == 'se'">
+                                        <value><![CDATA[
         if (config.get("security.enabled").asBoolean().orElse(true)) {
             // IDCS requires a web resource for redirects
             routing.addFeature(OidcFeature.create(config));
         }
 ]]></value>
                                     </list>
                                     <list key="Main-routing-builder" if="${flavor} == 'se'">
-                                        <value><![CDATA[                        .addFeature(SecurityFeature.create(security, config.get("security")))
-                        // web server does not (yet) have possibility to configure routes in config files, so explicit...
+                                        <value><![CDATA[// web server does not (yet) have possibility to configure routes in config files, so explicit...
                         .get("/rest/profile", (req, res) -> {
                             Optional<SecurityContext> securityContext = req.context().get(SecurityContext.class);
                             res.headers().contentType(HttpMediaTypes.PLAINTEXT_UTF_8);
@@ -128,18 +124,6 @@
                                     .orElse("Security context is null"));
                         })
                         .get("/loggedout", (req, res) -> res.send("You have been logged out"))]]></value>
-                                    </list>
-                                    <list key="maven-plugins" if="${flavor} == 'se'">
-                                        <value><![CDATA[
-            <plugin>
-                <groupId>io.smallrye</groupId>
-                <artifactId>jandex-maven-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>make-index</id>
-                    </execution>
-                </executions>
-            </plugin>]]></value>
                                     </list>
                                     <list key="modules" if="${flavor} == 'se'">
                                         <value>io.helidon.security.providers.oidc</value>
@@ -232,11 +216,9 @@
                                         </map>
                                     </list>
                                     <list key="paths-config-entries">
-                                        <value><![CDATA[
-    paths:
-      - path: "/rest/profile"
-        methods: ["get"]
-        authenticate: true]]></value>
+                                        <value><![CDATA[   - path: "/rest/profile"
+             methods: ["get"]
+             authenticate: true]]></value>
                                     </list>
                                     <list key="modules">
                                         <value>io.helidon.webserver.context</value>
@@ -314,7 +296,7 @@
                                         </map>
                                     </list>
                                     <list key="paths-config-entries">
-                                        <value order="90"><![CDATA[         roles-allowed: ["user"]]]></value>
+                                        <value order="90" if="!(${security.atn} contains 'oidc')"><![CDATA[         roles-allowed: ["user"]]]></value>
                                     </list>
                                 </model>
                             </output>
@@ -324,6 +306,7 @@
                 <output>
                     <model>
                         <value key="security">true</value>
+                        <value key="features">true</value>
                         <list key="dependencies">
                             <map if="${flavor} == 'mp'">
                                 <value key="groupId">io.helidon.microprofile</value>
@@ -335,14 +318,27 @@
                             </map>
                         </list>
                         <list key="paths-config-entries">
-                            <value if="${flavor} == 'mp'"><![CDATA[       - path: "/simple-greet"
-         methods: ["get"]
-         authenticate: true]]></value>
+                            <value if="${flavor} == 'mp'"><![CDATA[   - path: "/simple-greet"
+             methods: ["get"]
+             authenticate: true]]></value>
                         </list>
                         <list key="config-test" if="${flavor} == 'se'">
                             <value><![CDATA[
 security:
   enabled: false
+]]></value>
+                        </list>
+                        <list key="server-features">
+                            <value template="mustache"><![CDATA[
+    security:
+      defaults:
+        authenticate: true
+      web-server:
+        # protected paths on the web server - do not include paths served by Jersey, as those are protected directly
+        paths:
+        {{#paths-config-entries}}
+        {{.}}
+        {{/paths-config-entries}}
 ]]></value>
                         </list>
                         <list key="modules" if="${flavor} == 'se'">
 
@@ -114,16 +114,19 @@ app:
          // load logging configuration
         LogConfig.configureRuntime();
 
-        {{#Main-main}}
-        {{.}}
-        {{/Main-main}}
-
         // initialize global config from default configuration
         Config config = Config.create();
         Config.global(config);
 
+        {{#Main-main}}
+        {{.}}
+        {{/Main-main}}
+
         WebServer server = WebServer.builder()
                 .config(Config.global().get("server"))
+                {{#Main-server-builder}}
+                {{.}}
+                {{/Main-server-builder}}
                 .routing(Main::routing)
                 .build()
                 .start();
 
@@ -1,6 +1,12 @@
 server:
   port: 8080
   host: 0.0.0.0
+  {{#features}}
+  features:
+    {{#server-features}}
+    {{.}}
+    {{/server-features}}
+  {{/features}}
 
 {{#application-yaml-entries}}
 {{.}}
@@ -16,10 +22,4 @@ security:
 {{#providers-config-entries}}
 {{.}}
 {{/providers-config-entries}}
-  web-server:
-    # protected paths on the web server - do not include paths served by Jersey, as those are protected directly
-    paths:
-{{#paths-config-entries}}
-{{.}}
-{{/paths-config-entries}}
 {{/security}}