Search in sources :

Example 1 with OutboundSecurityClientBuilder

use of io.helidon.security.OutboundSecurityClientBuilder in project helidon by oracle.

the class WebClientSecurity method request.

@Override
public Single<WebClientServiceRequest> request(WebClientServiceRequest request) {
    if ("true".equalsIgnoreCase(request.properties().get(OutboundConfig.PROPERTY_DISABLE_OUTBOUND))) {
        return Single.just(request);
    }
    Context requestContext = request.context();
    // context either from request or create a new one
    Optional<SecurityContext> maybeContext = requestContext.get(SecurityContext.class);
    SecurityContext context;
    if (null == security) {
        if (maybeContext.isEmpty()) {
            return Single.just(request);
        } else {
            context = maybeContext.get();
        }
    } else {
        // we have our own security - we need to use this instance for outbound,
        // so we cannot re-use the context
        context = createContext(request);
    }
    Span span = context.tracer().buildSpan("security:outbound").asChildOf(context.tracingSpan()).start();
    String explicitProvider = request.properties().get(PROVIDER_NAME);
    OutboundSecurityClientBuilder clientBuilder;
    try {
        SecurityEnvironment.Builder outboundEnv = context.env().derive().clearHeaders();
        outboundEnv.method(request.method().name()).path(request.path().toString()).targetUri(request.uri()).headers(request.headers().toMap());
        EndpointConfig.Builder outboundEp = context.endpointConfig().derive();
        Map<String, String> propMap = request.properties();
        for (String name : propMap.keySet()) {
            Optional.ofNullable(request.properties().get(name)).ifPresent(property -> outboundEp.addAtribute(name, property));
        }
        clientBuilder = context.outboundClientBuilder().outboundEnvironment(outboundEnv).outboundEndpointConfig(outboundEp).explicitProvider(explicitProvider);
    } catch (Exception e) {
        traceError(span, e, null);
        throw e;
    }
    return Single.create(clientBuilder.submit().thenApply(providerResponse -> processResponse(request, span, providerResponse)));
}
Also used : Context(io.helidon.common.context.Context) SecurityContext(io.helidon.security.SecurityContext) SpanContext(io.opentracing.SpanContext) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) Security(io.helidon.security.Security) WebClientServiceRequest(io.helidon.webclient.WebClientServiceRequest) WebClientService(io.helidon.webclient.spi.WebClientService) Tracer(io.opentracing.Tracer) Context(io.helidon.common.context.Context) SecurityContext(io.helidon.security.SecurityContext) UUID(java.util.UUID) Logger(java.util.logging.Logger) OutboundSecurityClientBuilder(io.helidon.security.OutboundSecurityClientBuilder) OutboundConfig(io.helidon.security.providers.common.OutboundConfig) WebClientRequestHeaders(io.helidon.webclient.WebClientRequestHeaders) Contexts(io.helidon.common.context.Contexts) Tags(io.opentracing.tag.Tags) SpanContext(io.opentracing.SpanContext) List(java.util.List) EndpointConfig(io.helidon.security.EndpointConfig) SecurityEnvironment(io.helidon.security.SecurityEnvironment) Map(java.util.Map) Optional(java.util.Optional) Single(io.helidon.common.reactive.Single) Span(io.opentracing.Span) SecurityEnvironment(io.helidon.security.SecurityEnvironment) Span(io.opentracing.Span) SecurityContext(io.helidon.security.SecurityContext) OutboundSecurityClientBuilder(io.helidon.security.OutboundSecurityClientBuilder) EndpointConfig(io.helidon.security.EndpointConfig)

Example 2 with OutboundSecurityClientBuilder

use of io.helidon.security.OutboundSecurityClientBuilder in project helidon by oracle.

the class GrpcClientSecurity method applyRequestMetadata.

@Override
public void applyRequestMetadata(RequestInfo requestInfo, Executor appExecutor, MetadataApplier applier) {
    OutboundTracing tracing = SecurityTracing.get().outboundTracing();
    String explicitProvider = (String) properties.get(PROPERTY_PROVIDER);
    try {
        MethodDescriptor<?, ?> methodDescriptor = requestInfo.getMethodDescriptor();
        String methodName = methodDescriptor.getFullMethodName();
        SecurityEnvironment.Builder outboundEnv = context.env().derive().clearHeaders();
        outboundEnv.path(methodName).method(methodName).addAttribute(ABAC_ATTRIBUTE_METHOD, methodDescriptor).transport("grpc").build();
        EndpointConfig.Builder outboundEp = context.endpointConfig().derive();
        properties.forEach(outboundEp::addAtribute);
        OutboundSecurityClientBuilder clientBuilder = context.outboundClientBuilder().outboundEnvironment(outboundEnv).tracingSpan(tracing.findParent().orElse(null)).outboundEndpointConfig(outboundEp).explicitProvider(explicitProvider);
        OutboundSecurityResponse providerResponse = clientBuilder.buildAndGet();
        SecurityResponse.SecurityStatus status = providerResponse.status();
        tracing.logStatus(status);
        switch(status) {
            case FAILURE:
            case FAILURE_FINISH:
                providerResponse.throwable().ifPresentOrElse(tracing::error, () -> tracing.error(providerResponse.description().orElse("Failed")));
                break;
            case ABSTAIN:
            case SUCCESS:
            case SUCCESS_FINISH:
            default:
                break;
        }
        Map<String, List<String>> newHeaders = providerResponse.requestHeaders();
        Metadata metadata = new Metadata();
        for (Map.Entry<String, List<String>> entry : newHeaders.entrySet()) {
            Metadata.Key<String> key = Metadata.Key.of(entry.getKey(), Metadata.ASCII_STRING_MARSHALLER);
            for (String value : entry.getValue()) {
                metadata.put(key, value);
            }
        }
        applier.apply(metadata);
        tracing.finish();
    } catch (SecurityException e) {
        tracing.error(e);
        applier.fail(Status.UNAUTHENTICATED.withDescription("Security principal propagation error").withCause(e));
    } catch (Exception e) {
        tracing.error(e);
        applier.fail(Status.UNAUTHENTICATED.withDescription("Unknown error").withCause(e));
    }
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) Metadata(io.grpc.Metadata) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) OutboundTracing(io.helidon.security.integration.common.OutboundTracing) List(java.util.List) OutboundSecurityClientBuilder(io.helidon.security.OutboundSecurityClientBuilder) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) SecurityResponse(io.helidon.security.SecurityResponse) HashMap(java.util.HashMap) Map(java.util.Map) EndpointConfig(io.helidon.security.EndpointConfig)

Example 3 with OutboundSecurityClientBuilder

use of io.helidon.security.OutboundSecurityClientBuilder in project helidon by oracle.

the class ClientSecurityFilter method outboundSecurity.

private void outboundSecurity(ClientRequestContext requestContext, SecurityContext securityContext) {
    OutboundTracing tracing = SecurityTracing.get().outboundTracing();
    Optional<String> explicityProvider = property(requestContext, String.class, ClientSecurity.PROPERTY_PROVIDER);
    try {
        SecurityEnvironment.Builder outboundEnv = securityContext.env().derive().clearHeaders();
        outboundEnv.method(requestContext.getMethod()).path(requestContext.getUri().getPath()).targetUri(requestContext.getUri()).headers(requestContext.getStringHeaders());
        EndpointConfig.Builder outboundEp = securityContext.endpointConfig().derive();
        for (String name : requestContext.getConfiguration().getPropertyNames()) {
            outboundEp.addAtribute(name, requestContext.getConfiguration().getProperty(name));
        }
        for (String name : requestContext.getPropertyNames()) {
            outboundEp.addAtribute(name, requestContext.getProperty(name));
        }
        OutboundSecurityClientBuilder clientBuilder = securityContext.outboundClientBuilder().outboundEnvironment(outboundEnv).tracingSpan(tracing.findParent().orElse(null)).outboundEndpointConfig(outboundEp);
        explicityProvider.ifPresent(clientBuilder::explicitProvider);
        OutboundSecurityResponse providerResponse = clientBuilder.buildAndGet();
        SecurityResponse.SecurityStatus status = providerResponse.status();
        tracing.logStatus(status);
        switch(status) {
            case FAILURE:
            case FAILURE_FINISH:
                providerResponse.throwable().ifPresentOrElse(tracing::error, () -> tracing.error(providerResponse.description().orElse("Failed")));
                break;
            case ABSTAIN:
            case SUCCESS:
            case SUCCESS_FINISH:
            default:
                break;
        }
        Map<String, List<String>> newHeaders = providerResponse.requestHeaders();
        LOGGER.finest(() -> "Client filter header(s). SIZE: " + newHeaders.size());
        MultivaluedMap<String, Object> hdrs = requestContext.getHeaders();
        for (Map.Entry<String, List<String>> entry : newHeaders.entrySet()) {
            LOGGER.finest(() -> "    + Header: " + entry.getKey() + ": " + entry.getValue());
            // replace existing
            hdrs.remove(entry.getKey());
            for (String value : entry.getValue()) {
                hdrs.add(entry.getKey(), value);
            }
        }
        tracing.finish();
    } catch (Exception e) {
        tracing.error(e);
        throw e;
    }
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) OutboundTracing(io.helidon.security.integration.common.OutboundTracing) List(java.util.List) OutboundSecurityClientBuilder(io.helidon.security.OutboundSecurityClientBuilder) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) SecurityResponse(io.helidon.security.SecurityResponse) MultivaluedMap(jakarta.ws.rs.core.MultivaluedMap) Map(java.util.Map) EndpointConfig(io.helidon.security.EndpointConfig)

Aggregations

EndpointConfig (io.helidon.security.EndpointConfig)3 OutboundSecurityClientBuilder (io.helidon.security.OutboundSecurityClientBuilder)3 OutboundSecurityResponse (io.helidon.security.OutboundSecurityResponse)3 SecurityEnvironment (io.helidon.security.SecurityEnvironment)3 List (java.util.List)3 Map (java.util.Map)3 SecurityResponse (io.helidon.security.SecurityResponse)2 OutboundTracing (io.helidon.security.integration.common.OutboundTracing)2 Metadata (io.grpc.Metadata)1 Context (io.helidon.common.context.Context)1 Contexts (io.helidon.common.context.Contexts)1 Single (io.helidon.common.reactive.Single)1 Security (io.helidon.security.Security)1 SecurityContext (io.helidon.security.SecurityContext)1 OutboundConfig (io.helidon.security.providers.common.OutboundConfig)1 WebClientRequestHeaders (io.helidon.webclient.WebClientRequestHeaders)1 WebClientServiceRequest (io.helidon.webclient.WebClientServiceRequest)1 WebClientService (io.helidon.webclient.spi.WebClientService)1 Span (io.opentracing.Span)1 SpanContext (io.opentracing.SpanContext)1