Search in sources :

Example 1 with EndpointConfig

use of io.helidon.security.EndpointConfig in project helidon by oracle.

the class AtnProvider method syncAuthenticate.

@Override
protected AuthenticationResponse syncAuthenticate(ProviderRequest providerRequest) {
    EndpointConfig endpointConfig = providerRequest.endpointConfig();
    Config atnConfig = endpointConfig.config(CONFIG_KEY).orElse(null);
    Subject user = null;
    Subject service = null;
    List<Auth> list;
    Optional<AtnConfig> optional = providerRequest.endpointConfig().instance(AtnConfig.class);
    if (optional.isPresent()) {
        list = optional.get().auths();
    } else if (atnConfig != null && !atnConfig.isLeaf()) {
        list = atnConfig.asNodeList().map(this::fromConfig).orElse(Collections.emptyList());
    } else {
        list = fromAnnotations(endpointConfig);
    }
    for (Auth authentication : list) {
        if (authentication.type() == SubjectType.USER) {
            user = buildSubject(authentication);
        } else {
            service = buildSubject(authentication);
        }
    }
    return AuthenticationResponse.success(user, service);
}
Also used : Config(io.helidon.config.Config) EndpointConfig(io.helidon.security.EndpointConfig) EndpointConfig(io.helidon.security.EndpointConfig) Subject(io.helidon.security.Subject)

Example 2 with EndpointConfig

use of io.helidon.security.EndpointConfig in project helidon by oracle.

the class AtnProviderSync method getCustomObject.

private AtnObject getCustomObject(EndpointConfig epConfig) {
    // order I choose - this depends on type of security you implement and your choice:
    // 1) custom object in request (as this must be explicitly done by a developer)
    Optional<? extends AtnObject> opt = epConfig.instance(AtnObject.class);
    if (opt.isPresent()) {
        return opt.get();
    }
    // 2) configuration in request
    opt = epConfig.config("atn-object").flatMap(conf -> conf.as(AtnObject::from).asOptional());
    if (opt.isPresent()) {
        return opt.get();
    }
    // 3) annotations on target
    List<AtnAnnot> annots = new ArrayList<>();
    for (SecurityLevel securityLevel : epConfig.securityLevels()) {
        annots.addAll(securityLevel.combineAnnotations(AtnAnnot.class, EndpointConfig.AnnotationScope.values()));
    }
    if (annots.isEmpty()) {
        return null;
    } else {
        return AtnObject.from(annots.get(0));
    }
}
Also used : ProviderRequest(io.helidon.security.ProviderRequest) Config(io.helidon.config.Config) Collection(java.util.Collection) SynchronousProvider(io.helidon.security.spi.SynchronousProvider) Set(java.util.Set) Target(java.lang.annotation.Target) ElementType(java.lang.annotation.ElementType) AuthenticationResponse(io.helidon.security.AuthenticationResponse) Principal(io.helidon.security.Principal) Retention(java.lang.annotation.Retention) ArrayList(java.util.ArrayList) List(java.util.List) AuthenticationProvider(io.helidon.security.spi.AuthenticationProvider) EndpointConfig(io.helidon.security.EndpointConfig) Role(io.helidon.security.Role) Annotation(java.lang.annotation.Annotation) Optional(java.util.Optional) Documented(java.lang.annotation.Documented) Subject(io.helidon.security.Subject) SecurityLevel(io.helidon.security.SecurityLevel) RetentionPolicy(java.lang.annotation.RetentionPolicy) SecurityLevel(io.helidon.security.SecurityLevel) ArrayList(java.util.ArrayList)

Example 3 with EndpointConfig

use of io.helidon.security.EndpointConfig in project helidon by oracle.

the class AtnProviderSyncTest method testFailure.

@Test
public void testFailure() {
    Config config = Config.create(ConfigSources.create(Map.of("atn-object.size", String.valueOf(SIZE))));
    SecurityContext context = mock(SecurityContext.class);
    when(context.user()).thenReturn(Optional.empty());
    when(context.service()).thenReturn(Optional.empty());
    SecurityEnvironment se = SecurityEnvironment.create();
    EndpointConfig ep = EndpointConfig.builder().config("atn-object", config).build();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    AtnProviderSync provider = new AtnProviderSync();
    AuthenticationResponse response = provider.syncAuthenticate(request);
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
}
Also used : Config(io.helidon.config.Config) EndpointConfig(io.helidon.security.EndpointConfig) SecurityEnvironment(io.helidon.security.SecurityEnvironment) SecurityContext(io.helidon.security.SecurityContext) AuthenticationResponse(io.helidon.security.AuthenticationResponse) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 4 with EndpointConfig

use of io.helidon.security.EndpointConfig in project helidon by oracle.

the class AtnProviderSyncTest method testConfigSuccess.

@Test
public void testConfigSuccess() {
    Config config = Config.create(ConfigSources.create(Map.of("value", VALUE, "size", String.valueOf(SIZE))));
    SecurityContext context = mock(SecurityContext.class);
    when(context.user()).thenReturn(Optional.empty());
    when(context.service()).thenReturn(Optional.empty());
    SecurityEnvironment se = SecurityEnvironment.create();
    EndpointConfig ep = EndpointConfig.builder().config("atn-object", config).build();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    testSuccess(request);
}
Also used : Config(io.helidon.config.Config) EndpointConfig(io.helidon.security.EndpointConfig) SecurityEnvironment(io.helidon.security.SecurityEnvironment) SecurityContext(io.helidon.security.SecurityContext) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 5 with EndpointConfig

use of io.helidon.security.EndpointConfig in project helidon by oracle.

the class AtzProviderSyncTest method testPermitted.

@Test
public void testPermitted() {
    SecurityContext context = mock(SecurityContext.class);
    when(context.isAuthenticated()).thenReturn(true);
    SecurityEnvironment se = SecurityEnvironment.builder().path("/private/some/path").build();
    EndpointConfig ep = EndpointConfig.create();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    AtzProviderSync provider = new AtzProviderSync();
    AuthorizationResponse response = provider.syncAuthorize(request);
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) SecurityContext(io.helidon.security.SecurityContext) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) AuthorizationResponse(io.helidon.security.AuthorizationResponse) Test(org.junit.jupiter.api.Test)

Aggregations

EndpointConfig (io.helidon.security.EndpointConfig)64 ProviderRequest (io.helidon.security.ProviderRequest)54 Test (org.junit.jupiter.api.Test)50 SecurityEnvironment (io.helidon.security.SecurityEnvironment)35 SecurityLevel (io.helidon.security.SecurityLevel)30 SecurityContext (io.helidon.security.SecurityContext)28 ArrayList (java.util.ArrayList)26 OutboundSecurityResponse (io.helidon.security.OutboundSecurityResponse)18 Errors (io.helidon.common.Errors)17 AuthenticationResponse (io.helidon.security.AuthenticationResponse)16 Subject (io.helidon.security.Subject)15 Principal (io.helidon.security.Principal)12 List (java.util.List)11 AuthorizationResponse (io.helidon.security.AuthorizationResponse)9 Config (io.helidon.config.Config)8 SignedJwt (io.helidon.security.jwt.SignedJwt)8 RolesAllowed (jakarta.annotation.security.RolesAllowed)8 DenyAll (jakarta.annotation.security.DenyAll)7 Locale (java.util.Locale)7 Jwt (io.helidon.security.jwt.Jwt)6