use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpSignProvider method authorizeHeader.
private AuthenticationResponse authorizeHeader(SecurityEnvironment env) {
List<String> authorization = env.headers().get("Authorization");
AuthenticationResponse response = null;
// attempt to validate each authorization, first one that succeeds will finish processing and return
for (String authorizationValue : authorization) {
if (authorizationValue.toLowerCase().startsWith("signature ")) {
response = signatureHeader(List.of(authorizationValue.substring("singature ".length())), env);
if (response.status().isSuccess()) {
// that was a good header, let's return the response
return response;
}
}
}
// we have reached the end - all headers validated, none fit, fail or abstain
if (optional) {
return AuthenticationResponse.abstain();
}
// challenge
return challenge(env, (null == response) ? "No Signature authorization header" : response.description().orElse("Unknown problem"));
}
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class AtnProviderSyncTest method integrationTest.
@Test
public void integrationTest() {
Security security = Security.builder().addProvider(new AtnProviderSync()).build();
// this part is usually done by container integration component
// in Jersey you have access to security context through annotations
// in Web server you have access to security context through context
SecurityContext context = security.createContext("unit-test");
context.endpointConfig(EndpointConfig.builder().customObject(AtnProviderSync.AtnObject.class, AtnProviderSync.AtnObject.from(VALUE, SIZE)));
AuthenticationResponse response = context.authenticate();
validateResponse(response);
}
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class AtnProviderSyncTest method testAbstain.
@Test
public void testAbstain() {
SecurityContext context = mock(SecurityContext.class);
when(context.user()).thenReturn(Optional.empty());
when(context.service()).thenReturn(Optional.empty());
SecurityEnvironment se = SecurityEnvironment.create();
EndpointConfig ep = EndpointConfig.create();
ProviderRequest request = mock(ProviderRequest.class);
when(request.securityContext()).thenReturn(context);
when(request.env()).thenReturn(se);
when(request.endpointConfig()).thenReturn(ep);
AtnProviderSync provider = new AtnProviderSync();
AuthenticationResponse response = provider.syncAuthenticate(request);
assertThat(response.status(), is(SecurityResponse.SecurityStatus.ABSTAIN));
}
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class AtnProviderSyncTest method testSuccess.
private void testSuccess(ProviderRequest request) {
AtnProviderSync provider = new AtnProviderSync();
AuthenticationResponse response = provider.syncAuthenticate(request);
validateResponse(response);
}
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class SecurityFilterTest method testAtnAbortWith.
@Test
void testAtnAbortWith() {
SecurityFeature feature = SecurityFeature.builder(security).build();
SecurityContext securityContext = security.createContext("testAbortWith");
SecurityFilter sf = new SecurityFilter(feature.featureConfig(), security, serverConfig, securityContext);
ContainerRequest request = mock(ContainerRequest.class);
SecurityFilter.FilterContext filterContext = new SecurityFilter.FilterContext();
filterContext.setJerseyRequest(request);
SecurityDefinition methodSecurity = mock(SecurityDefinition.class);
SecurityClientBuilder<AuthenticationResponse> clientBuilder = mock(SecurityClientBuilder.class);
when(clientBuilder.buildAndGet()).thenReturn(AuthenticationResponse.failed("Unit-test"));
sf.processAuthentication(filterContext, clientBuilder, methodSecurity, tracing.atnTracing());
assertThat(filterContext.isShouldFinish(), is(true));
verify(request).abortWith(argThat(response -> response.getStatus() == 401));
}
Aggregations