use of io.helidon.security.OutboundSecurityClientBuilder in project helidon by oracle.
the class WebClientSecurity method request.
@Override
public Single<WebClientServiceRequest> request(WebClientServiceRequest request) {
if ("true".equalsIgnoreCase(request.properties().get(OutboundConfig.PROPERTY_DISABLE_OUTBOUND))) {
return Single.just(request);
}
Context requestContext = request.context();
// context either from request or create a new one
Optional<SecurityContext> maybeContext = requestContext.get(SecurityContext.class);
SecurityContext context;
if (null == security) {
if (maybeContext.isEmpty()) {
return Single.just(request);
} else {
context = maybeContext.get();
}
} else {
// we have our own security - we need to use this instance for outbound,
// so we cannot re-use the context
context = createContext(request);
}
Span span = context.tracer().buildSpan("security:outbound").asChildOf(context.tracingSpan()).start();
String explicitProvider = request.properties().get(PROVIDER_NAME);
OutboundSecurityClientBuilder clientBuilder;
try {
SecurityEnvironment.Builder outboundEnv = context.env().derive().clearHeaders();
outboundEnv.method(request.method().name()).path(request.path().toString()).targetUri(request.uri()).headers(request.headers().toMap());
EndpointConfig.Builder outboundEp = context.endpointConfig().derive();
Map<String, String> propMap = request.properties();
for (String name : propMap.keySet()) {
Optional.ofNullable(request.properties().get(name)).ifPresent(property -> outboundEp.addAtribute(name, property));
}
clientBuilder = context.outboundClientBuilder().outboundEnvironment(outboundEnv).outboundEndpointConfig(outboundEp).explicitProvider(explicitProvider);
} catch (Exception e) {
traceError(span, e, null);
throw e;
}
return Single.create(clientBuilder.submit().thenApply(providerResponse -> processResponse(request, span, providerResponse)));
}
use of io.helidon.security.OutboundSecurityClientBuilder in project helidon by oracle.
the class GrpcClientSecurity method applyRequestMetadata.
@Override
public void applyRequestMetadata(RequestInfo requestInfo, Executor appExecutor, MetadataApplier applier) {
OutboundTracing tracing = SecurityTracing.get().outboundTracing();
String explicitProvider = (String) properties.get(PROPERTY_PROVIDER);
try {
MethodDescriptor<?, ?> methodDescriptor = requestInfo.getMethodDescriptor();
String methodName = methodDescriptor.getFullMethodName();
SecurityEnvironment.Builder outboundEnv = context.env().derive().clearHeaders();
outboundEnv.path(methodName).method(methodName).addAttribute(ABAC_ATTRIBUTE_METHOD, methodDescriptor).transport("grpc").build();
EndpointConfig.Builder outboundEp = context.endpointConfig().derive();
properties.forEach(outboundEp::addAtribute);
OutboundSecurityClientBuilder clientBuilder = context.outboundClientBuilder().outboundEnvironment(outboundEnv).tracingSpan(tracing.findParent().orElse(null)).outboundEndpointConfig(outboundEp).explicitProvider(explicitProvider);
OutboundSecurityResponse providerResponse = clientBuilder.buildAndGet();
SecurityResponse.SecurityStatus status = providerResponse.status();
tracing.logStatus(status);
switch(status) {
case FAILURE:
case FAILURE_FINISH:
providerResponse.throwable().ifPresentOrElse(tracing::error, () -> tracing.error(providerResponse.description().orElse("Failed")));
break;
case ABSTAIN:
case SUCCESS:
case SUCCESS_FINISH:
default:
break;
}
Map<String, List<String>> newHeaders = providerResponse.requestHeaders();
Metadata metadata = new Metadata();
for (Map.Entry<String, List<String>> entry : newHeaders.entrySet()) {
Metadata.Key<String> key = Metadata.Key.of(entry.getKey(), Metadata.ASCII_STRING_MARSHALLER);
for (String value : entry.getValue()) {
metadata.put(key, value);
}
}
applier.apply(metadata);
tracing.finish();
} catch (SecurityException e) {
tracing.error(e);
applier.fail(Status.UNAUTHENTICATED.withDescription("Security principal propagation error").withCause(e));
} catch (Exception e) {
tracing.error(e);
applier.fail(Status.UNAUTHENTICATED.withDescription("Unknown error").withCause(e));
}
}
use of io.helidon.security.OutboundSecurityClientBuilder in project helidon by oracle.
the class ClientSecurityFilter method outboundSecurity.
private void outboundSecurity(ClientRequestContext requestContext, SecurityContext securityContext) {
OutboundTracing tracing = SecurityTracing.get().outboundTracing();
Optional<String> explicityProvider = property(requestContext, String.class, ClientSecurity.PROPERTY_PROVIDER);
try {
SecurityEnvironment.Builder outboundEnv = securityContext.env().derive().clearHeaders();
outboundEnv.method(requestContext.getMethod()).path(requestContext.getUri().getPath()).targetUri(requestContext.getUri()).headers(requestContext.getStringHeaders());
EndpointConfig.Builder outboundEp = securityContext.endpointConfig().derive();
for (String name : requestContext.getConfiguration().getPropertyNames()) {
outboundEp.addAtribute(name, requestContext.getConfiguration().getProperty(name));
}
for (String name : requestContext.getPropertyNames()) {
outboundEp.addAtribute(name, requestContext.getProperty(name));
}
OutboundSecurityClientBuilder clientBuilder = securityContext.outboundClientBuilder().outboundEnvironment(outboundEnv).tracingSpan(tracing.findParent().orElse(null)).outboundEndpointConfig(outboundEp);
explicityProvider.ifPresent(clientBuilder::explicitProvider);
OutboundSecurityResponse providerResponse = clientBuilder.buildAndGet();
SecurityResponse.SecurityStatus status = providerResponse.status();
tracing.logStatus(status);
switch(status) {
case FAILURE:
case FAILURE_FINISH:
providerResponse.throwable().ifPresentOrElse(tracing::error, () -> tracing.error(providerResponse.description().orElse("Failed")));
break;
case ABSTAIN:
case SUCCESS:
case SUCCESS_FINISH:
default:
break;
}
Map<String, List<String>> newHeaders = providerResponse.requestHeaders();
LOGGER.finest(() -> "Client filter header(s). SIZE: " + newHeaders.size());
MultivaluedMap<String, Object> hdrs = requestContext.getHeaders();
for (Map.Entry<String, List<String>> entry : newHeaders.entrySet()) {
LOGGER.finest(() -> " + Header: " + entry.getKey() + ": " + entry.getValue());
// replace existing
hdrs.remove(entry.getKey());
for (String value : entry.getValue()) {
hdrs.add(entry.getKey(), value);
}
}
tracing.finish();
} catch (Exception e) {
tracing.error(e);
throw e;
}
}
Aggregations