Examples with AuthenticationResponse io.helidon.security.AuthenticationResponse used on opensource projects

Example 16 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class HeaderAtnProviderTest method testExtraction.

@Test
public void testExtraction() {
    String username = "username";
    HeaderAtnProvider provider = getFullProvider();
    SecurityEnvironment env = SecurityEnvironment.builder().header("Authorization", "bearer " + username).build();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.env()).thenReturn(env);
    AuthenticationResponse response = provider.syncAuthenticate(request);
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
    assertThat(response.user(), is(not(Optional.empty())));
    assertThat(response.service(), is(Optional.empty()));
    response.user().map(Subject::principal).map(Principal::getName).ifPresent(name -> assertThat(name, is(username)));
}

Example 17 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class JwtProviderTest method testWrongToken.

@Test
public void testWrongToken() {
    JwtProvider provider = JwtProvider.create(providersConfig.get("jwt"));
    // now we need to use the same token to invoke authentication
    ProviderRequest atnRequest = mock(ProviderRequest.class);
    SecurityEnvironment se = SecurityEnvironment.builder().header("Authorization", "bearer " + WRONG_TOKEN).build();
    when(atnRequest.env()).thenReturn(se);
    AuthenticationResponse authenticationResponse = provider.syncAuthenticate(atnRequest);
    assertThat(authenticationResponse.service(), is(Optional.empty()));
    assertThat(authenticationResponse.user(), is(Optional.empty()));
    assertThat(authenticationResponse.status(), is(SecurityResponse.SecurityStatus.FAILURE));
}

Example 18 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class HttpBasicAuthProvider method validateBasicAuth.

private AuthenticationResponse validateBasicAuth(String basicAuthHeader) {
    String b64 = basicAuthHeader.substring(BASIC_PREFIX.length());
    String usernameAndPassword;
    try {
        usernameAndPassword = new String(Base64.getDecoder().decode(b64), StandardCharsets.UTF_8);
    } catch (IllegalArgumentException e) {
        // not a base64 encoded string
        return failOrAbstain("Basic authentication header with invalid content - not base64 encoded");
    }
    Matcher matcher = CREDENTIAL_PATTERN.matcher(usernameAndPassword);
    if (!matcher.matches()) {
        LOGGER.finest(() -> "Basic authentication header with invalid content: " + usernameAndPassword);
        return failOrAbstain("Basic authentication header with invalid content");
    }
    final String username = matcher.group(1);
    final char[] password = matcher.group(2).toCharArray();
    Optional<SecureUserStore.User> foundUser = Optional.empty();
    for (SecureUserStore userStore : userStores) {
        foundUser = userStore.user(username);
        if (foundUser.isPresent()) {
            // find first user from stores
            break;
        }
    }
    return foundUser.map(user -> {
        if (user.isPasswordValid(password)) {
            if (subjectType == SubjectType.USER) {
                return AuthenticationResponse.success(buildSubject(user, password));
            }
            return AuthenticationResponse.successService(buildSubject(user, password));
        } else {
            return invalidUser();
        }
    }).orElseGet(this::invalidUser);
}

Example 19 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class HttpSignProviderTest method testInboundSignatureHmac.

@Test
public void testInboundSignatureHmac() throws InterruptedException, ExecutionException {
    Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
    headers.put("Signature", List.of("keyId=\"myServiceKeyId\",algorithm=\"hmac-sha256\",headers=\"date host (request-target) " + "authorization\"," + "signature=\"0BcQq9TckrtGvlpHiMxNqMq0vW6dPVTGVDUVDrGwZyI=\""));
    headers.put("host", List.of("example.org"));
    headers.put("date", List.of("Thu, 08 Jun 2014 18:32:30 GMT"));
    headers.put("authorization", List.of("basic dXNlcm5hbWU6cGFzc3dvcmQ="));
    HttpSignProvider provider = getProvider();
    SecurityContext context = mock(SecurityContext.class);
    when(context.executorService()).thenReturn(ForkJoinPool.commonPool());
    SecurityEnvironment se = SecurityEnvironment.builder().path("/my/resource").headers(headers).build();
    EndpointConfig ep = EndpointConfig.create();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    AuthenticationResponse atnResponse = provider.authenticate(request).toCompletableFuture().get();
    assertThat(atnResponse.description().orElse("Unknown problem"), atnResponse.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
    atnResponse.service().map(Subject::principal).ifPresentOrElse(principal -> {
        assertThat(principal.getName(), is("aSetOfTrustedServices"));
        assertThat(principal.abacAttribute(HttpSignProvider.ATTRIB_NAME_KEY_ID), is(Optional.of("myServiceKeyId")));
    }, () -> fail("User must be filled"));
}

Example 20 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class HttpAuthProviderBuilderTest method sendDigestNotBasicTest.

@Test
public void sendDigestNotBasicTest() {
    setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildDigest(HttpDigest.Qop.AUTH, "jack", "jackIsGreat"));
    AuthenticationResponse response = context.authenticate();
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
    assertThat(response.statusCode().orElse(200), is(401));
}