use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HeaderAtnProviderTest method testExtraction.
@Test
public void testExtraction() {
String username = "username";
HeaderAtnProvider provider = getFullProvider();
SecurityEnvironment env = SecurityEnvironment.builder().header("Authorization", "bearer " + username).build();
ProviderRequest request = mock(ProviderRequest.class);
when(request.env()).thenReturn(env);
AuthenticationResponse response = provider.syncAuthenticate(request);
assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
assertThat(response.user(), is(not(Optional.empty())));
assertThat(response.service(), is(Optional.empty()));
response.user().map(Subject::principal).map(Principal::getName).ifPresent(name -> assertThat(name, is(username)));
}
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class JwtProviderTest method testWrongToken.
@Test
public void testWrongToken() {
JwtProvider provider = JwtProvider.create(providersConfig.get("jwt"));
// now we need to use the same token to invoke authentication
ProviderRequest atnRequest = mock(ProviderRequest.class);
SecurityEnvironment se = SecurityEnvironment.builder().header("Authorization", "bearer " + WRONG_TOKEN).build();
when(atnRequest.env()).thenReturn(se);
AuthenticationResponse authenticationResponse = provider.syncAuthenticate(atnRequest);
assertThat(authenticationResponse.service(), is(Optional.empty()));
assertThat(authenticationResponse.user(), is(Optional.empty()));
assertThat(authenticationResponse.status(), is(SecurityResponse.SecurityStatus.FAILURE));
}
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpBasicAuthProvider method validateBasicAuth.
private AuthenticationResponse validateBasicAuth(String basicAuthHeader) {
String b64 = basicAuthHeader.substring(BASIC_PREFIX.length());
String usernameAndPassword;
try {
usernameAndPassword = new String(Base64.getDecoder().decode(b64), StandardCharsets.UTF_8);
} catch (IllegalArgumentException e) {
// not a base64 encoded string
return failOrAbstain("Basic authentication header with invalid content - not base64 encoded");
}
Matcher matcher = CREDENTIAL_PATTERN.matcher(usernameAndPassword);
if (!matcher.matches()) {
LOGGER.finest(() -> "Basic authentication header with invalid content: " + usernameAndPassword);
return failOrAbstain("Basic authentication header with invalid content");
}
final String username = matcher.group(1);
final char[] password = matcher.group(2).toCharArray();
Optional<SecureUserStore.User> foundUser = Optional.empty();
for (SecureUserStore userStore : userStores) {
foundUser = userStore.user(username);
if (foundUser.isPresent()) {
// find first user from stores
break;
}
}
return foundUser.map(user -> {
if (user.isPasswordValid(password)) {
if (subjectType == SubjectType.USER) {
return AuthenticationResponse.success(buildSubject(user, password));
}
return AuthenticationResponse.successService(buildSubject(user, password));
} else {
return invalidUser();
}
}).orElseGet(this::invalidUser);
}
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpSignProviderTest method testInboundSignatureHmac.
@Test
public void testInboundSignatureHmac() throws InterruptedException, ExecutionException {
Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
headers.put("Signature", List.of("keyId=\"myServiceKeyId\",algorithm=\"hmac-sha256\",headers=\"date host (request-target) " + "authorization\"," + "signature=\"0BcQq9TckrtGvlpHiMxNqMq0vW6dPVTGVDUVDrGwZyI=\""));
headers.put("host", List.of("example.org"));
headers.put("date", List.of("Thu, 08 Jun 2014 18:32:30 GMT"));
headers.put("authorization", List.of("basic dXNlcm5hbWU6cGFzc3dvcmQ="));
HttpSignProvider provider = getProvider();
SecurityContext context = mock(SecurityContext.class);
when(context.executorService()).thenReturn(ForkJoinPool.commonPool());
SecurityEnvironment se = SecurityEnvironment.builder().path("/my/resource").headers(headers).build();
EndpointConfig ep = EndpointConfig.create();
ProviderRequest request = mock(ProviderRequest.class);
when(request.securityContext()).thenReturn(context);
when(request.env()).thenReturn(se);
when(request.endpointConfig()).thenReturn(ep);
AuthenticationResponse atnResponse = provider.authenticate(request).toCompletableFuture().get();
assertThat(atnResponse.description().orElse("Unknown problem"), atnResponse.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
atnResponse.service().map(Subject::principal).ifPresentOrElse(principal -> {
assertThat(principal.getName(), is("aSetOfTrustedServices"));
assertThat(principal.abacAttribute(HttpSignProvider.ATTRIB_NAME_KEY_ID), is(Optional.of("myServiceKeyId")));
}, () -> fail("User must be filled"));
}
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpAuthProviderBuilderTest method sendDigestNotBasicTest.
@Test
public void sendDigestNotBasicTest() {
setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildDigest(HttpDigest.Qop.AUTH, "jack", "jackIsGreat"));
AuthenticationResponse response = context.authenticate();
assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
assertThat(response.statusCode().orElse(200), is(401));
}
Aggregations