Search in sources :

Example 51 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class HttpAuthProviderBuilderTest method sendInvalidDigestTest.

@Test
public void sendInvalidDigestTest() {
    setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, "digest wrong_header_value");
    AuthenticationResponse response = context.atnClientBuilder().explicitProvider("digest").buildAndGet();
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
    assertThat(response.statusCode().orElse(200), is(401));
}
Also used : AuthenticationResponse(io.helidon.security.AuthenticationResponse) Test(org.junit.jupiter.api.Test)

Example 52 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class HttpAuthProviderBuilderTest method digestTestInvalidUser.

@Test
public void digestTestInvalidUser() {
    setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildDigest(HttpDigest.Qop.AUTH, "wrong", "user"));
    AuthenticationResponse response = context.atnClientBuilder().explicitProvider("digest").buildAndGet();
    assertThat(response.description().orElse(""), is("Invalid username or password"));
    assertThat(response.status().isSuccess(), is(false));
    assertThat(response.statusCode().orElse(200), is(401));
    String authHeader = response.responseHeaders().get(HttpBasicAuthProvider.HEADER_AUTHENTICATION_REQUIRED).get(0);
    assertThat(authHeader, notNullValue());
    assertThat(authHeader.toLowerCase(), startsWith("digest realm=\"mic\""));
    setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildDigest(HttpDigest.Qop.AUTH, "jack", "wrong password"));
    response = context.atnClientBuilder().explicitProvider("digest").buildAndGet();
    assertThat(response.description().orElse(""), is("Invalid username or password"));
    assertThat(response.status().isSuccess(), is(false));
    assertThat(response.statusCode().orElse(200), is(401));
}
Also used : CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) AuthenticationResponse(io.helidon.security.AuthenticationResponse) Test(org.junit.jupiter.api.Test)

Example 53 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class HttpAuthProviderBuilderTest method basicTestJack.

@Test
public void basicTestJack() {
    setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildBasic("jack", "jackIsGreat"));
    AuthenticationResponse response = context.authenticate();
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
    assertThat(response.statusCode().orElse(200), is(200));
    assertThat(context.user().map(sub -> sub.principal().getName()).orElse(null), is("jack"));
    assertThat(context.isUserInRole("admin"), is(true));
    assertThat(context.isUserInRole("user"), is(true));
}
Also used : AuthenticationResponse(io.helidon.security.AuthenticationResponse) Test(org.junit.jupiter.api.Test)

Example 54 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class HttpAuthProviderBuilderTest method digestTestOptional.

@Test
public void digestTestOptional() {
    AuthenticationResponse response = context.atnClientBuilder().explicitProvider("digest_optional").buildAndGet();
    assertThat(response.status().isSuccess(), is(false));
    assertThat(response.status().name(), is(SecurityResponse.SecurityStatus.ABSTAIN.name()));
    assertThat(response.statusCode().orElse(200), is(200));
    assertThat(response.description().orElse(""), is("No authorization header"));
    setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildDigest(HttpDigest.Qop.AUTH, "wrong", "user"));
    response = context.atnClientBuilder().explicitProvider("digest_optional").buildAndGet();
    assertThat(response.status().isSuccess(), is(false));
    assertThat(response.status().name(), is(SecurityResponse.SecurityStatus.ABSTAIN.name()));
    assertThat(response.statusCode().orElse(200), is(200));
    assertThat(response.description().orElse(""), is("Invalid username or password"));
}
Also used : AuthenticationResponse(io.helidon.security.AuthenticationResponse) Test(org.junit.jupiter.api.Test)

Example 55 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class HttpAuthProviderBuilderTest method digestTestNonceTimeout.

@Test
public void digestTestNonceTimeout() {
    Instant in = Instant.now().minus(100, ChronoUnit.DAYS);
    setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildDigest(HttpDigest.Qop.AUTH, "jack", "jackIsGreat", HttpDigestAuthProvider.nonce(in.toEpochMilli(), random, "pwd".toCharArray()), "mic"));
    AuthenticationResponse response = context.atnClientBuilder().explicitProvider("digest").buildAndGet();
    assertThat(response.description().orElse(""), is("Nonce timeout"));
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
    assertThat(response.statusCode().orElse(200), is(401));
}
Also used : Instant(java.time.Instant) AuthenticationResponse(io.helidon.security.AuthenticationResponse) Test(org.junit.jupiter.api.Test)

Aggregations

AuthenticationResponse (io.helidon.security.AuthenticationResponse)60 Test (org.junit.jupiter.api.Test)52 ProviderRequest (io.helidon.security.ProviderRequest)28 SecurityEnvironment (io.helidon.security.SecurityEnvironment)22 SecurityContext (io.helidon.security.SecurityContext)19 EndpointConfig (io.helidon.security.EndpointConfig)15 Subject (io.helidon.security.Subject)15 Principal (io.helidon.security.Principal)12 OutboundSecurityResponse (io.helidon.security.OutboundSecurityResponse)10 SignedJwt (io.helidon.security.jwt.SignedJwt)8 Instant (java.time.Instant)8 Jwt (io.helidon.security.jwt.Jwt)6 Locale (java.util.Locale)6 SecurityResponse (io.helidon.security.SecurityResponse)5 List (java.util.List)5 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)5 Config (io.helidon.config.Config)4 GoogleIdTokenVerifier (com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier)3 Role (io.helidon.security.Role)3 Security (io.helidon.security.Security)3