Documentation

Java SDK

The official TigerIdentity SDK for Java. Enterprise-grade access control with Spring Boot integration, reactive support, and full thread safety.

View on Maven CentralGitHub

Installation

Gradle

// build.gradle.kts
dependencies {
    implementation("io.tigeridentity:tiger-java:1.0.0")

    // Optional: Spring Boot starter
    implementation("io.tigeridentity:tiger-spring-boot-starter:1.0.0")
}

Maven

<!-- pom.xml -->
<dependency>
    <groupId>io.tigeridentity</groupId>
    <artifactId>tiger-java</artifactId>
    <version>1.0.0</version>
</dependency>

<!-- Optional: Spring Boot starter -->
<dependency>
    <groupId>io.tigeridentity</groupId>
    <artifactId>tiger-spring-boot-starter</artifactId>
    <version>1.0.0</version>
</dependency>

Requirements: Java 17 or higher. Compatible with Spring Boot 3.x, Quarkus 3.x, and Micronaut 4.x.

Quick Start

Initialize the client and make your first access decision:

import io.tigeridentity.TigerClient;
import io.tigeridentity.TigerClientConfig;
import io.tigeridentity.decision.DecisionResult;
import io.tigeridentity.decision.EvaluateRequest;

import java.util.Map;

public class QuickStart {
    public static void main(String[] args) {
        // Initialize client
        TigerClient client = TigerClient.builder()
            .apiKey("your-api-key")
            .baseUrl("https://api.tigeridentity.com")
            .build();

        // Evaluate access
        DecisionResult result = client.decisions().evaluate(
            EvaluateRequest.builder()
                .principalId("user-123")
                .action("read")
                .resource("document:sensitive-report")
                .context(Map.of(
                    "ip_address", "203.0.113.42",
                    "device_trust", "high"
                ))
                .build()
        );

        if (result.isAllowed()) {
            System.out.println("Access granted: " + result.getReason());
        } else {
            System.out.println("Access denied: " + result.getReason());
        }

        // List principals
        var principals = client.principals().list(
            ListOptions.builder()
                .type(PrincipalType.USER)
                .limit(50)
                .build()
        );

        principals.getItems().forEach(p ->
            System.out.printf("Principal: %s (%s)%n", p.getId(), p.getType())
        );

        client.close();
    }
}

Key Packages

TigerClient

Core client with builder pattern configuration, connection pooling, and automatic resource management.

TigerClient.builder()

decisions

Real-time access decisions with context-aware evaluation and local caching.

client.decisions().evaluate()

principals

Manage identities for users, services, and AI agents with full CRUD operations.

client.principals().get()

policies

Create, update, and simulate access policies with versioning and audit trails.

client.policies().create()

Spring Boot Integration

The Spring Boot starter provides auto-configuration, a custom security filter, and annotation-based access control.

Configuration

# application.yml
tigeridentity:
  api-key: ${TIGERIDENTITY_API_KEY}
  base-url: https://api.tigeridentity.com
  cache:
    enabled: true
    ttl-seconds: 300
  retry:
    max-attempts: 3
    backoff-multiplier: 2.0

Annotation-Based Access Control

import io.tigeridentity.spring.TigerAuthorize;
import org.springframework.web.bind.annotation.*;

@RestController
@RequestMapping("/api/documents")
public class DocumentController {

    @GetMapping("/{id}")
    @TigerAuthorize(action = "read", resource = "document:{id}")
    public Document getDocument(@PathVariable String id) {
        return documentService.findById(id);
    }

    @PostMapping
    @TigerAuthorize(action = "create", resource = "document")
    public Document createDocument(@RequestBody CreateDocumentRequest request) {
        return documentService.create(request);
    }

    @DeleteMapping("/{id}")
    @TigerAuthorize(
        action = "delete",
        resource = "document:{id}",
        context = "sensitivity=high"
    )
    public void deleteDocument(@PathVariable String id) {
        documentService.delete(id);
    }
}

Security Filter

import io.tigeridentity.spring.TigerSecurityConfigurer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http,
                                           TigerSecurityConfigurer tiger) throws Exception {
        http
            .authorizeHttpRequests(auth -> auth
                .requestMatchers("/public/**").permitAll()
                .anyRequest().authenticated()
            )
            .apply(tiger);

        return http.build();
    }
}

Reactive Support

For reactive applications using Spring WebFlux or Project Reactor, use the reactive client:

import io.tigeridentity.reactive.ReactiveTigerClient;
import reactor.core.publisher.Mono;

@Service
public class AccessService {

    private final ReactiveTigerClient client;

    public AccessService(ReactiveTigerClient client) {
        this.client = client;
    }

    public Mono<Boolean> checkAccess(String principalId, String action, String resource) {
        return client.decisions().evaluate(
            EvaluateRequest.builder()
                .principalId(principalId)
                .action(action)
                .resource(resource)
                .build()
        ).map(DecisionResult::isAllowed);
    }

    public Flux<Principal> listAgents() {
        return client.principals().list(
            ListOptions.builder()
                .type(PrincipalType.AI_AGENT)
                .build()
        ).flatMapMany(result -> Flux.fromIterable(result.getItems()));
    }
}

Error Handling

import io.tigeridentity.exception.TigerApiException;
import io.tigeridentity.exception.TigerRateLimitException;
import io.tigeridentity.exception.TigerNotFoundException;

try {
    DecisionResult result = client.decisions().evaluate(request);
} catch (TigerNotFoundException e) {
    System.err.println("Principal not found: " + e.getMessage());
} catch (TigerRateLimitException e) {
    System.err.printf("Rate limited. Retry after: %d ms%n", e.getRetryAfterMs());
    Thread.sleep(e.getRetryAfterMs());
} catch (TigerApiException e) {
    System.err.printf("API error [%s]: %s%n", e.getCode(), e.getMessage());
} catch (Exception e) {
    System.err.println("Unexpected error: " + e.getMessage());
}

Configuration Options

.apiKey(String key)

Set the API key for authentication. Required for all API calls.

.baseUrl(String url)

Override the default API base URL. Useful for development or self-hosted deployments.

.connectTimeout(Duration timeout)

Set connection timeout. Default: 10 seconds.

.readTimeout(Duration timeout)

Set read timeout. Default: 30 seconds for standard calls, 5 seconds for decisions.

.maxRetries(int retries)

Enable automatic retries for transient failures with exponential backoff. Default: 3 retries.

.cache(CacheConfig config)

Configure local decision caching. Supports Caffeine and Redis backends.

.httpClient(HttpClient client)

Provide a custom HTTP client for advanced networking configurations (proxy, mTLS).

Related Documentation

API Reference

Complete REST API documentation

View docs →

Go SDK

Go SDK with full type safety

View docs →

CLI Reference

Command-line interface tools

View docs →

Start building with Java

Get your API key and integrate TigerIdentity into your Java applications in minutes.

Get API KeyView Examples