Example 1 with AuthorizationResponse
use of io.helidon.security.AuthorizationResponse in project helidon by oracle.
the class ProgrammaticSecurity method execute.
private void execute() {
SecurityContext context = CONTEXT.get();
// check role
if (!context.isUserInRole("theRole")) {
throw new IllegalStateException("User is not in expected role");
}
context.env(context.env().derive().addAttribute("resourceType", "CustomResourceType"));
// check authorization through provider
AuthorizationResponse response = context.atzClientBuilder().buildAndGet();
if (response.status().isSuccess()) {
// ok, process resource
System.out.println("Resource processed");
} else {
System.out.println("You are not permitted to process resource");
}
}
Also used :
SecurityContext(io.helidon.security.SecurityContext)
AuthorizationResponse(io.helidon.security.AuthorizationResponse)
Example 2 with AuthorizationResponse
use of io.helidon.security.AuthorizationResponse in project helidon by oracle.
the class AtzProviderSyncTest method testPermitted.
@Test
public void testPermitted() {
SecurityContext context = mock(SecurityContext.class);
when(context.isAuthenticated()).thenReturn(true);
SecurityEnvironment se = SecurityEnvironment.builder().path("/private/some/path").build();
EndpointConfig ep = EndpointConfig.create();
ProviderRequest request = mock(ProviderRequest.class);
when(request.securityContext()).thenReturn(context);
when(request.env()).thenReturn(se);
when(request.endpointConfig()).thenReturn(ep);
AtzProviderSync provider = new AtzProviderSync();
AuthorizationResponse response = provider.syncAuthorize(request);
assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
}
Also used :
SecurityEnvironment(io.helidon.security.SecurityEnvironment)
SecurityContext(io.helidon.security.SecurityContext)
EndpointConfig(io.helidon.security.EndpointConfig)
ProviderRequest(io.helidon.security.ProviderRequest)
AuthorizationResponse(io.helidon.security.AuthorizationResponse)
Test(org.junit.jupiter.api.Test)
Example 3 with AuthorizationResponse
use of io.helidon.security.AuthorizationResponse in project helidon by oracle.
the class AtzProviderSyncTest method testAbstain.
@Test
public void testAbstain() {
SecurityEnvironment se = SecurityEnvironment.create();
EndpointConfig ep = EndpointConfig.create();
ProviderRequest request = mock(ProviderRequest.class);
when(request.env()).thenReturn(se);
when(request.endpointConfig()).thenReturn(ep);
AtzProviderSync provider = new AtzProviderSync();
AuthorizationResponse response = provider.syncAuthorize(request);
assertThat(response.status(), is(SecurityResponse.SecurityStatus.ABSTAIN));
}
Also used :
SecurityEnvironment(io.helidon.security.SecurityEnvironment)
EndpointConfig(io.helidon.security.EndpointConfig)
ProviderRequest(io.helidon.security.ProviderRequest)
AuthorizationResponse(io.helidon.security.AuthorizationResponse)
Test(org.junit.jupiter.api.Test)
Example 4 with AuthorizationResponse
use of io.helidon.security.AuthorizationResponse in project helidon by oracle.
the class AbacExplicitResource method process.
/**
* A resource method to demonstrate explicit authorization.
*
* @param context security context (injected)
* @return "fine, sir" string; or a description of authorization failure
*/
@GET
@Authorized(explicit = true)
@AtnProvider.Authentication(value = "user", roles = { "user_role" }, scopes = { "calendar_read", "calendar_edit" })
@AtnProvider.Authentication(value = "service", type = SubjectType.SERVICE, roles = { "service_role" }, scopes = { "calendar_read", "calendar_edit" })
public Response process(@Context SecurityContext context) {
SomeResource res = new SomeResource("user");
AuthorizationResponse atzResponse = context.authorize(res);
if (atzResponse.isPermitted()) {
// do the update
return Response.ok().entity("fine, sir").build();
} else {
return Response.status(Response.Status.FORBIDDEN).entity(atzResponse.description().orElse("Access not granted")).build();
}
}
Also used :
AuthorizationResponse(io.helidon.security.AuthorizationResponse)
Authorized(io.helidon.security.annotations.Authorized)
GET(jakarta.ws.rs.GET)
Example 5 with AuthorizationResponse
use of io.helidon.security.AuthorizationResponse in project helidon by oracle.
the class SecurityFilterCommon method processAuthorization.
protected void processAuthorization(SecurityFilter.FilterContext context, SecurityClientBuilder<AuthorizationResponse> clientBuilder) {
// now fully synchronous
AuthorizationResponse response = clientBuilder.buildAndGet();
SecurityResponse.SecurityStatus responseStatus = response.status();
switch(responseStatus) {
case SUCCESS:
// everything is fine, we can continue with processing
return;
case FAILURE_FINISH:
context.setTraceSuccess(false);
context.setTraceDescription(response.description().orElse(responseStatus.toString()));
context.setTraceThrowable(response.throwable().orElse(null));
context.setShouldFinish(true);
int status = response.statusCode().orElse(Response.Status.FORBIDDEN.getStatusCode());
abortRequest(context, response, status, Map.of());
return;
case SUCCESS_FINISH:
context.setShouldFinish(true);
status = response.statusCode().orElse(Response.Status.OK.getStatusCode());
abortRequest(context, response, status, Map.of());
return;
case FAILURE:
context.setTraceSuccess(false);
context.setTraceDescription(response.description().orElse(responseStatus.toString()));
context.setTraceThrowable(response.throwable().orElse(null));
context.setShouldFinish(true);
abortRequest(context, response, response.statusCode().orElse(Response.Status.FORBIDDEN.getStatusCode()), Map.of());
return;
case ABSTAIN:
context.setTraceSuccess(false);
context.setTraceDescription(response.description().orElse(responseStatus.toString()));
context.setShouldFinish(true);
abortRequest(context, response, response.statusCode().orElse(Response.Status.FORBIDDEN.getStatusCode()), Map.of());
return;
default:
context.setTraceSuccess(false);
context.setTraceDescription(response.description().orElse("UNKNOWN_RESPONSE: " + responseStatus));
context.setShouldFinish(true);
SecurityException throwable = new SecurityException("Invalid SecurityStatus returned: " + responseStatus);
context.setTraceThrowable(throwable);
throw throwable;
}
}
Also used :
SecurityResponse(io.helidon.security.SecurityResponse)
AuthorizationResponse(io.helidon.security.AuthorizationResponse)
Aggregations
AuthorizationResponse (io.helidon.security.AuthorizationResponse)16
Test (org.junit.jupiter.api.Test)12
EndpointConfig (io.helidon.security.EndpointConfig)9
ProviderRequest (io.helidon.security.ProviderRequest)9
SecurityContext (io.helidon.security.SecurityContext)7
SecurityEnvironment (io.helidon.security.SecurityEnvironment)5
SecurityLevel (io.helidon.security.SecurityLevel)5
SecurityResponse (io.helidon.security.SecurityResponse)4
Security (io.helidon.security.Security)3
AuthenticationResponse (io.helidon.security.AuthenticationResponse)2
RolesAllowed (jakarta.annotation.security.RolesAllowed)2
WebApplicationException (jakarta.ws.rs.WebApplicationException)2
Response (jakarta.ws.rs.core.Response)2
List (java.util.List)2
Set (java.util.Set)2
Collectors (java.util.stream.Collectors)2
ContainerRequest (org.glassfish.jersey.server.ContainerRequest)2
CoreMatchers.is (org.hamcrest.CoreMatchers.is)2
MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)2
Errors (io.helidon.common.Errors)1
