use of com.auth0.json.mgmt.Role in project framework by galasa-dev.
the class Authenticate method doGet.
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Gson gson = new Gson();
Principal principal = req.getUserPrincipal();
if (principal == null) {
// TODO check that it was a basic auth principal to prevent JWT reauthenticating
resp.setStatus(401);
// *** Ability to set the realm
resp.addHeader("WWW-Authenticate", "Basic realm=\"Galasa\"");
// NOSONAR //TODO catch this as SQ says
resp.getWriter().write("Requires authentication");
return;
}
if (req.isUserInRole("admin")) {
String jwt;
try {
jwt = createJWT(principal.getName(), "admin", FOUR_HOURS_EXPIRE);
} catch (JWTCreationException e) {
resp.setStatus(500);
// *** Ability to set the realm
resp.addHeader("WWW-Authenticate", "Basic realm=\"Galasa\"");
// NOSONAR //TODO catch this as SQ says
resp.getWriter().write("Token could not be generated");
return;
}
AuthJson auth = new AuthJson();
auth.cps = jwt;
auth.dss = jwt;
auth.ras = jwt;
String json = gson.toJson(auth);
resp.setContentType("application/json");
try {
resp.getWriter().write(json);
} catch (IOException e) {
resp.setStatus(500);
// *** Ability to set the realm
resp.addHeader("WWW-Authenticate", "Basic realm=\"Galasa\"");
// NOSONAR //TODO catch this as SQ says
resp.getWriter().write("Failed to create json");
return;
}
return;
}
if (req.isUserInRole("user")) {
String jwt;
try {
jwt = createJWT(principal.getName(), "user", FOUR_HOURS_EXPIRE);
} catch (JWTCreationException e) {
resp.setStatus(500);
// *** Ability to set the realm
resp.addHeader("WWW-Authenticate", "Basic realm=\"Galasa\"");
// NOSONAR //TODO catch this as SQ says
resp.getWriter().write("Token could not be generated");
return;
}
AuthJson auth = new AuthJson();
auth.cps = jwt;
auth.dss = jwt;
auth.ras = jwt;
String json = gson.toJson(auth);
resp.setContentType("application/json");
try {
resp.getWriter().write(json);
} catch (IOException e) {
resp.setStatus(500);
// *** Ability to set the realm
resp.addHeader("WWW-Authenticate", "Basic realm=\"Galasa\"");
// NOSONAR //TODO catch this as SQ says
resp.getWriter().write("Failed to create json");
return;
}
return;
}
resp.setStatus(401);
// *** Ability to set the realm
resp.addHeader("WWW-Authenticate", "Basic realm=\"Galasa\"");
// NOSONAR
resp.getWriter().write("Does not have the 'user' role");
}
use of com.auth0.json.mgmt.Role in project framework by galasa-dev.
the class Authenticate method createJWT.
public String createJWT(String subject, String role, long expireDuration) throws JWTCreationException {
Algorithm algorithm = Algorithm.HMAC256(this.configurationProperties.get(SECRET_KEY).toString());
long time = System.currentTimeMillis();
Date dateNow = new Date(time);
Date dateExpire = new Date(time + expireDuration);
String token = JWT.create().withIssuer("galasa").withIssuedAt(dateNow).withSubject(subject).withClaim("role", role).withExpiresAt(dateExpire).sign(algorithm);
return token;
}
use of com.auth0.json.mgmt.Role in project SpringBootSample by heowc.
the class JwtUserDetailsService method loadUserByUsername.
@Override
public UserDetails loadUserByUsername(String token) {
DecodedJWT decodedJWT = JwtUtil.tokenToJwt(token);
if (decodedJWT == null) {
throw new BadCredentialsException("Not used Token");
}
String id = decodedJWT.getClaim("id").asString();
String role = decodedJWT.getClaim("role").asString();
return new UserDetailsImpl(id, AuthorityUtils.createAuthorityList(role));
}
use of com.auth0.json.mgmt.Role in project gravitee-api-management by gravitee-io.
the class AbstractAuthenticationResource method connectUser.
protected Response connectUser(String userId, final String state, final HttpServletResponse servletResponse, final String accessToken, final String idToken) {
UserEntity user = userService.connect(userId);
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
final UserDetails userDetails = (UserDetails) authentication.getPrincipal();
// Manage authorities, initialize it with dynamic permissions from the IDP
List<Map<String, String>> authorities = userDetails.getAuthorities().stream().map(authority -> Maps.<String, String>builder().put("authority", authority.getAuthority()).build()).collect(Collectors.toList());
// We must also load permissions from repository for configured environment role
Set<RoleEntity> userRoles = membershipService.getRoles(MembershipReferenceType.ENVIRONMENT, GraviteeContext.getCurrentEnvironment(), MembershipMemberType.USER, userDetails.getId());
if (!userRoles.isEmpty()) {
userRoles.forEach(role -> authorities.add(Maps.<String, String>builder().put("authority", role.getScope().toString() + ':' + role.getName()).build()));
}
// JWT signer
Algorithm algorithm = Algorithm.HMAC256(environment.getProperty("jwt.secret"));
Date issueAt = new Date();
Instant expireAt = issueAt.toInstant().plus(Duration.ofSeconds(environment.getProperty("jwt.expire-after", Integer.class, DEFAULT_JWT_EXPIRE_AFTER)));
final String sign = JWT.create().withIssuer(environment.getProperty("jwt.issuer", DEFAULT_JWT_ISSUER)).withIssuedAt(issueAt).withExpiresAt(Date.from(expireAt)).withSubject(user.getId()).withClaim(JWTHelper.Claims.PERMISSIONS, authorities).withClaim(JWTHelper.Claims.EMAIL, user.getEmail()).withClaim(JWTHelper.Claims.FIRSTNAME, user.getFirstname()).withClaim(JWTHelper.Claims.LASTNAME, user.getLastname()).withJWTId(UUID.randomUUID().toString()).sign(algorithm);
final Token tokenEntity = new Token();
tokenEntity.setTokenType(TokenTypeEnum.BEARER);
tokenEntity.setToken(sign);
if (idToken != null) {
tokenEntity.setAccessToken(accessToken);
tokenEntity.setIdToken(idToken);
}
if (state != null && !state.isEmpty()) {
tokenEntity.setState(state);
}
final Cookie bearerCookie = cookieGenerator.generate("Bearer%20" + sign);
servletResponse.addCookie(bearerCookie);
return Response.ok(tokenEntity).build();
}
use of com.auth0.json.mgmt.Role in project gravitee-api-management by gravitee-io.
the class UserServiceTest method shouldCreateNewUserWithGroupsMappingFromUserInfo.
@Test
public void shouldCreateNewUserWithGroupsMappingFromUserInfo() throws IOException, TechnicalException {
reset(identityProvider, userRepository, groupService, roleService, membershipService);
mockDefaultEnvironment();
mockGroupsMapping();
mockRolesMapping();
User createdUser = mockUser();
when(userRepository.create(any(User.class))).thenReturn(createdUser);
when(identityProvider.getId()).thenReturn("oauth2");
when(userRepository.findBySource("oauth2", "janedoe@example.com", ORGANIZATION)).thenReturn(Optional.empty());
// mock group search and association
when(groupService.findById(GraviteeContext.getCurrentEnvironment(), "Example group")).thenReturn(mockGroupEntity("group_id_1", "Example group"));
when(groupService.findById(GraviteeContext.getCurrentEnvironment(), "soft user")).thenReturn(mockGroupEntity("group_id_2", "soft user"));
when(groupService.findById(GraviteeContext.getCurrentEnvironment(), "Api consumer")).thenReturn(mockGroupEntity("group_id_4", "Api consumer"));
// mock role search
RoleEntity roleOrganizationAdmin = mockRoleEntity(RoleScope.ORGANIZATION, "ADMIN");
RoleEntity roleOrganizationUser = mockRoleEntity(RoleScope.ORGANIZATION, "USER");
RoleEntity roleEnvironmentAdmin = mockRoleEntity(RoleScope.ENVIRONMENT, "ADMIN");
RoleEntity roleApiUser = mockRoleEntity(RoleScope.API, "USER");
RoleEntity roleApplicationAdmin = mockRoleEntity(RoleScope.APPLICATION, "ADMIN");
when(roleService.findByScopeAndName(RoleScope.ORGANIZATION, "ADMIN")).thenReturn(Optional.of(roleOrganizationAdmin));
when(roleService.findByScopeAndName(RoleScope.ORGANIZATION, "USER")).thenReturn(Optional.of(roleOrganizationUser));
when(roleService.findDefaultRoleByScopes(RoleScope.API, RoleScope.APPLICATION)).thenReturn(Arrays.asList(roleApiUser, roleApplicationAdmin));
when(membershipService.updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_1")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"))).thenReturn(Collections.singletonList(mockMemberEntity()));
when(membershipService.updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_2")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"))).thenReturn(Collections.singletonList(mockMemberEntity()));
when(membershipService.updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_4")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"))).thenReturn(Collections.singletonList(mockMemberEntity()));
when(membershipService.updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.ORGANIZATION, "DEFAULT")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.ORGANIZATION, "ADMIN")) && roles.contains(new MembershipService.MembershipRole(RoleScope.ORGANIZATION, "USER"))), eq("oauth2"))).thenReturn(Collections.singletonList(mockMemberEntity()));
String userInfo = IOUtils.toString(read("/oauth2/json/user_info_response_body.json"), Charset.defaultCharset());
userService.createOrUpdateUserFromSocialIdentityProvider(identityProvider, userInfo);
// verify group creations
verify(membershipService, times(1)).updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_1")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"));
verify(membershipService, times(1)).updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_2")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"));
verify(membershipService, times(0)).updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_3")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"));
verify(membershipService, times(1)).updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_4")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"));
verify(membershipService, times(1)).updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.ORGANIZATION, "DEFAULT")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.ORGANIZATION, "ADMIN")) && roles.contains(new MembershipService.MembershipRole(RoleScope.ORGANIZATION, "USER"))), eq("oauth2"));
}
Aggregations