Examples with AuthenticationResponse io.helidon.security.AuthenticationResponse used on opensource projects

Example 26 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class HttpAuthProviderBuilderTest method digestTest401.

@Test
public void digestTest401() {
    AuthenticationResponse response = context.atnClientBuilder().explicitProvider("digest").buildAndGet();
    assertThat(response.status().isSuccess(), is(false));
    assertThat(response.statusCode().orElse(200), is(401));
    String authHeader = response.responseHeaders().get(HttpBasicAuthProvider.HEADER_AUTHENTICATION_REQUIRED).get(0);
    assertThat(authHeader, notNullValue());
    assertThat(authHeader.toLowerCase(), startsWith("digest realm=\"mic\""));
    assertThat(authHeader.toLowerCase(), containsString("qop="));
}

Example 27 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class HttpAuthProviderBuilderTest method basicTestFail.

@Test
public void basicTestFail() {
    AuthenticationResponse response = context.atnClientBuilder().buildAndGet();
    assertThat(response.status().isSuccess(), is(false));
    assertThat(response.statusCode().orElse(200), is(401));
    String authHeader = response.responseHeaders().get(HttpBasicAuthProvider.HEADER_AUTHENTICATION_REQUIRED).get(0);
    assertThat(authHeader, notNullValue());
    assertThat(authHeader.toLowerCase(), is("basic realm=\"mic\""));
}

Example 28 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class JwtProviderTest method testEcBothWays.

@Test
public void testEcBothWays() {
    String username = "user1";
    String userId = "user1-id";
    String email = "user1@example.org";
    String familyName = "Novak";
    String givenName = "Standa";
    String fullName = "Standa Novak";
    Locale locale = Locale.CANADA_FRENCH;
    Principal principal = Principal.builder().name(username).id(userId).addAttribute("email", email).addAttribute("email_verified", true).addAttribute("family_name", familyName).addAttribute("given_name", givenName).addAttribute("full_name", fullName).addAttribute("locale", locale).build();
    Subject subject = Subject.create(principal);
    JwtProvider provider = JwtProvider.create(providersConfig.get("jwt"));
    SecurityContext context = Mockito.mock(SecurityContext.class);
    when(context.user()).thenReturn(Optional.of(subject));
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    SecurityEnvironment outboundEnv = SecurityEnvironment.builder().path("/ec").transport("http").targetUri(URI.create("http://localhost:8080/ec")).build();
    EndpointConfig outboundEp = EndpointConfig.create();
    assertThat(provider.isOutboundSupported(request, outboundEnv, outboundEp), is(true));
    OutboundSecurityResponse response = provider.syncOutbound(request, outboundEnv, outboundEp);
    String signedToken = response.requestHeaders().get("Authorization").get(0);
    signedToken = signedToken.substring("bearer ".length());
    // now I want to validate it to prove it was correctly signed
    SignedJwt signedJwt = SignedJwt.parseToken(signedToken);
    signedJwt.verifySignature(verifyKeys).checkValid();
    Jwt jwt = signedJwt.getJwt();
    assertThat(jwt.subject(), is(Optional.of(userId)));
    assertThat(jwt.preferredUsername(), is(Optional.of(username)));
    assertThat(jwt.email(), is(Optional.of(email)));
    assertThat(jwt.emailVerified(), is(Optional.of(true)));
    assertThat(jwt.familyName(), is(Optional.of(familyName)));
    assertThat(jwt.givenName(), is(Optional.of(givenName)));
    assertThat(jwt.fullName(), is(Optional.of(fullName)));
    assertThat(jwt.locale(), is(Optional.of(locale)));
    assertThat(jwt.audience(), is(Optional.of(List.of("audience.application.id"))));
    assertThat(jwt.issuer(), is(Optional.of("jwt.example.com")));
    assertThat(jwt.algorithm(), is(Optional.of(JwkEC.ALG_ES256)));
    Instant instant = jwt.issueTime().get();
    boolean compareResult = Instant.now().minusSeconds(10).compareTo(instant) < 0;
    assertThat("Issue time must not be older than 10 seconds", compareResult, is(true));
    Instant expectedNotBefore = instant.minus(5, ChronoUnit.SECONDS);
    assertThat(jwt.notBefore(), is(Optional.of(expectedNotBefore)));
    Instant expectedExpiry = instant.plus(60 * 60 * 24, ChronoUnit.SECONDS);
    assertThat(jwt.expirationTime(), is(Optional.of(expectedExpiry)));
    // now we need to use the same token to invoke authentication
    ProviderRequest atnRequest = mock(ProviderRequest.class);
    SecurityEnvironment se = SecurityEnvironment.builder().header("Authorization", "bearer " + signedToken).build();
    when(atnRequest.env()).thenReturn(se);
    AuthenticationResponse authenticationResponse = provider.syncAuthenticate(atnRequest);
    authenticationResponse.user().map(Subject::principal).ifPresentOrElse(atnPrincipal -> {
        assertThat(atnPrincipal.id(), is(userId));
        assertThat(atnPrincipal.getName(), is(username));
        assertThat(atnPrincipal.abacAttribute("email"), is(Optional.of(email)));
        assertThat(atnPrincipal.abacAttribute("email_verified"), is(Optional.of(true)));
        assertThat(atnPrincipal.abacAttribute("family_name"), is(Optional.of(familyName)));
        assertThat(atnPrincipal.abacAttribute("given_name"), is(Optional.of(givenName)));
        assertThat(atnPrincipal.abacAttribute("full_name"), is(Optional.of(fullName)));
        assertThat(atnPrincipal.abacAttribute("locale"), is(Optional.of(locale)));
    }, () -> fail("User must be present in response"));
}

Example 29 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class HttpAuthProviderBuilderTest method sendBasicNotDigestTest.

@Test
public void sendBasicNotDigestTest() {
    setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildBasic("jack", "jackIsGreat"));
    AuthenticationResponse response = context.atnClientBuilder().explicitProvider("digest").buildAndGet();
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
    assertThat(response.statusCode().orElse(200), is(401));
}

Example 30 with AuthenticationResponse

use of io.helidon.security.AuthenticationResponse in project helidon by oracle.

the class GoogleTokenProviderTest method testInboundInvalidToken.

@Test
public void testInboundInvalidToken() throws ExecutionException, InterruptedException, GeneralSecurityException, IOException {
    GoogleIdTokenVerifier verifier = mock(GoogleIdTokenVerifier.class);
    when(verifier.verify(TOKEN_VALUE)).thenReturn(null);
    GoogleTokenProvider provider = GoogleTokenProvider.builder().clientId("clientId").verifier(verifier).build();
    ProviderRequest inboundRequest = createInboundRequest("Authorization", "bearer " + TOKEN_VALUE);
    AuthenticationResponse response = provider.authenticate(inboundRequest).toCompletableFuture().get();
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
    assertThat(response.statusCode().orElse(200), is(401));
    assertThat(response.responseHeaders().get("WWW-Authenticate"), notNullValue());
}