Examples with AuthorizationResponse io.helidon.security.AuthorizationResponse used on opensource projects

Search in sources :

Example 6 with AuthorizationResponse

use of io.helidon.security.AuthorizationResponse in project helidon by oracle.

the class AbacProvider method syncAuthorize.

@Override
protected AuthorizationResponse syncAuthorize(ProviderRequest providerRequest) {
    // let's find attributes to be validated
    Errors.Collector collector = Errors.collector();
    List<RuntimeAttribute> attributes = new ArrayList<>();
    EndpointConfig epConfig = providerRequest.endpointConfig();
    // list all "Attribute" annotations and make sure we support them
    validateAnnotations(epConfig, collector);
    // list all children of abac config and make sure one of the AbacValidators supports them
    validateConfig(epConfig, collector);
    // list all custom objects and check those that implement AttributeConfig and ...
    validateCustom(epConfig, collector);
    Optional<Config> abacConfig = epConfig.config(CONFIG_KEY);
    for (var validator : validators) {
        // order of preference - explicit class, configuration, annotation
        Class<? extends AbacValidatorConfig> configClass = validator.configClass();
        String configKey = validator.configKey();
        Collection<Class<? extends Annotation>> annotations = validator.supportedAnnotations();
        Optional<? extends AbacValidatorConfig> customObject = epConfig.instance(configClass);
        if (customObject.isPresent()) {
            attributes.add(new RuntimeAttribute(validator, customObject.get()));
        } else {
            // only configure this validator if its config key exists
            // or it has a supported annotation
            abacConfig.flatMap(it -> it.get(configKey).asNode().asOptional()).ifPresentOrElse(attribConfig -> {
                attributes.add(new RuntimeAttribute(validator, validator.fromConfig(attribConfig)));
            }, () -> {
                List<Annotation> annotationConfig = new ArrayList<>();
                for (SecurityLevel securityLevel : epConfig.securityLevels()) {
                    for (Class<? extends Annotation> annotation : annotations) {
                        List<? extends Annotation> list = securityLevel.combineAnnotations(annotation, EndpointConfig.AnnotationScope.values());
                        annotationConfig.addAll(list);
                    }
                }
                if (!annotationConfig.isEmpty()) {
                    attributes.add(new RuntimeAttribute(validator, validator.fromAnnotations(epConfig)));
                }
            });
        }
    }
    for (RuntimeAttribute attribute : attributes) {
        validate(attribute.getValidator(), attribute.getConfig(), collector, providerRequest);
    }
    Errors errors = collector.collect();
    if (errors.isValid()) {
        return AuthorizationResponse.permit();
    }
    return AuthorizationResponse.builder().status(SecurityResponse.SecurityStatus.FAILURE).description(errors.toString()).build();
}
Also used : ProviderRequest(io.helidon.security.ProviderRequest) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) Map(java.util.Map) AuthorizationProvider(io.helidon.security.spi.AuthorizationProvider) LinkedList(java.util.LinkedList) ConfiguredOption(io.helidon.config.metadata.ConfiguredOption) SecurityLevel(io.helidon.security.SecurityLevel) RolesAllowed(jakarta.annotation.security.RolesAllowed) AuthorizationResponse(io.helidon.security.AuthorizationResponse) DenyAll(jakarta.annotation.security.DenyAll) Config(io.helidon.config.Config) Collection(java.util.Collection) Configured(io.helidon.config.metadata.Configured) SecurityProvider(io.helidon.security.spi.SecurityProvider) SynchronousProvider(io.helidon.security.spi.SynchronousProvider) Set(java.util.Set) ServiceLoader(java.util.ServiceLoader) PermitAll(jakarta.annotation.security.PermitAll) HelidonServiceLoader(io.helidon.common.serviceloader.HelidonServiceLoader) Collectors(java.util.stream.Collectors) SecurityResponse(io.helidon.security.SecurityResponse) AbacValidatorService(io.helidon.security.providers.abac.spi.AbacValidatorService) List(java.util.List) EndpointConfig(io.helidon.security.EndpointConfig) Annotation(java.lang.annotation.Annotation) Optional(java.util.Optional) Errors(io.helidon.common.Errors) Collections(java.util.Collections) AbacValidator(io.helidon.security.providers.abac.spi.AbacValidator) Config(io.helidon.config.Config) EndpointConfig(io.helidon.security.EndpointConfig) ArrayList(java.util.ArrayList) Annotation(java.lang.annotation.Annotation) Errors(io.helidon.common.Errors) SecurityLevel(io.helidon.security.SecurityLevel) EndpointConfig(io.helidon.security.EndpointConfig)

Example 7 with AuthorizationResponse

use of io.helidon.security.AuthorizationResponse in project helidon by oracle.

the class AbacProviderTest method testExistingValidatorFail.

@Test
public void testExistingValidatorFail() {
    AbacProvider provider = AbacProvider.builder().addValidator(new Attrib1Validator()).build();
    Attrib1 attrib = Mockito.mock(Attrib1.class);
    when(attrib.value()).thenReturn(false);
    doReturn(Attrib1.class).when(attrib).annotationType();
    SecurityLevel level = SecurityLevel.create("mock").withClassAnnotations(Map.of(Attrib1.class, List.of(attrib))).build();
    EndpointConfig ec = EndpointConfig.builder().securityLevels(List.of(level)).build();
    ProviderRequest request = Mockito.mock(ProviderRequest.class);
    when(request.endpointConfig()).thenReturn(ec);
    AuthorizationResponse response = provider.syncAuthorize(request);
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
    assertThat(response.description(), not(Optional.empty()));
    response.description().ifPresent(desc -> assertThat(desc, containsString("Intentional unit test failure")));
}
Also used : SecurityLevel(io.helidon.security.SecurityLevel) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) AuthorizationResponse(io.helidon.security.AuthorizationResponse) Test(org.junit.jupiter.api.Test)

Example 8 with AuthorizationResponse

use of io.helidon.security.AuthorizationResponse in project helidon by oracle.

the class AbacProviderTest method testExistingValidatorSucceed.

@Test
public void testExistingValidatorSucceed() {
    AbacProvider provider = AbacProvider.builder().addValidator(new Attrib1Validator()).build();
    Attrib1 attrib = Mockito.mock(Attrib1.class);
    when(attrib.value()).thenReturn(true);
    doReturn(Attrib1.class).when(attrib).annotationType();
    SecurityLevel level = SecurityLevel.create("mock").withClassAnnotations(Map.of(Attrib1.class, List.of(attrib))).build();
    EndpointConfig ec = EndpointConfig.builder().securityLevels(List.of(level)).build();
    ProviderRequest request = Mockito.mock(ProviderRequest.class);
    when(request.endpointConfig()).thenReturn(ec);
    AuthorizationResponse response = provider.syncAuthorize(request);
    assertThat(response.description().orElse("Attrib1 value is true, so the authorization should succeed"), response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
}
Also used : SecurityLevel(io.helidon.security.SecurityLevel) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) AuthorizationResponse(io.helidon.security.AuthorizationResponse) Test(org.junit.jupiter.api.Test)

Example 9 with AuthorizationResponse

use of io.helidon.security.AuthorizationResponse in project helidon by oracle.

the class AbacProviderTest method testMissingValidator.

@Test
public void testMissingValidator() {
    AbacProvider provider = AbacProvider.create();
    Attrib1 attrib = Mockito.mock(Attrib1.class);
    doReturn(Attrib1.class).when(attrib).annotationType();
    SecurityLevel level = SecurityLevel.create("mock").withClassAnnotations(Map.of(Attrib1.class, List.of(attrib))).build();
    EndpointConfig ec = EndpointConfig.builder().securityLevels(List.of(level)).build();
    ProviderRequest request = Mockito.mock(ProviderRequest.class);
    when(request.endpointConfig()).thenReturn(ec);
    AuthorizationResponse response = provider.syncAuthorize(request);
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
    assertThat(response.description(), not(Optional.empty()));
    response.description().ifPresent(desc -> {
        assertThat(desc, containsString("Attrib1 attribute annotation is not supported"));
    });
}
Also used : SecurityLevel(io.helidon.security.SecurityLevel) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) AuthorizationResponse(io.helidon.security.AuthorizationResponse) Test(org.junit.jupiter.api.Test)

Example 10 with AuthorizationResponse

use of io.helidon.security.AuthorizationResponse in project helidon by oracle.

the class AbacProviderTest method testMissingRoleValidator.

@Test
public void testMissingRoleValidator() {
    AbacProvider provider = AbacProvider.create();
    // this must be implicitly considered an attribute annotation
    RolesAllowed attrib = Mockito.mock(RolesAllowed.class);
    doReturn(RolesAllowed.class).when(attrib).annotationType();
    SecurityLevel level = SecurityLevel.create("mock").withClassAnnotations(Map.of(RolesAllowed.class, List.of(attrib))).build();
    EndpointConfig ec = EndpointConfig.builder().securityLevels(List.of(level)).build();
    ProviderRequest request = Mockito.mock(ProviderRequest.class);
    when(request.endpointConfig()).thenReturn(ec);
    AuthorizationResponse response = provider.syncAuthorize(request);
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
    assertThat(response.description(), not(Optional.empty()));
    response.description().ifPresent(desc -> assertThat(desc, containsString("RolesAllowed attribute annotation is not supported")));
}
Also used : RolesAllowed(jakarta.annotation.security.RolesAllowed) SecurityLevel(io.helidon.security.SecurityLevel) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) AuthorizationResponse(io.helidon.security.AuthorizationResponse) Test(org.junit.jupiter.api.Test)

Aggregations

AuthorizationResponse (io.helidon.security.AuthorizationResponse)16 Test (org.junit.jupiter.api.Test)12 EndpointConfig (io.helidon.security.EndpointConfig)9 ProviderRequest (io.helidon.security.ProviderRequest)9 SecurityContext (io.helidon.security.SecurityContext)7 SecurityEnvironment (io.helidon.security.SecurityEnvironment)5 SecurityLevel (io.helidon.security.SecurityLevel)5 SecurityResponse (io.helidon.security.SecurityResponse)4 Security (io.helidon.security.Security)3 AuthenticationResponse (io.helidon.security.AuthenticationResponse)2 RolesAllowed (jakarta.annotation.security.RolesAllowed)2 WebApplicationException (jakarta.ws.rs.WebApplicationException)2 Response (jakarta.ws.rs.core.Response)2 List (java.util.List)2 Set (java.util.Set)2 Collectors (java.util.stream.Collectors)2 ContainerRequest (org.glassfish.jersey.server.ContainerRequest)2 CoreMatchers.is (org.hamcrest.CoreMatchers.is)2 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)2 Errors (io.helidon.common.Errors)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial