Examples with OutboundSecurityResponse io.helidon.security.OutboundSecurityResponse used on opensource projects

Example 6 with OutboundSecurityResponse

use of io.helidon.security.OutboundSecurityResponse in project helidon by oracle.

the class JwtAuthTest method testRsa.

@Test
void testRsa() {
    String username = "user1";
    String userId = "user1-id";
    String email = "user1@example.org";
    String familyName = "Novak";
    String givenName = "Standa";
    String fullName = "Standa Novak";
    Locale locale = Locale.CANADA_FRENCH;
    Principal principal = Principal.builder().name(username).id(userId).addAttribute("email", email).addAttribute("email_verified", true).addAttribute("family_name", familyName).addAttribute("given_name", givenName).addAttribute("full_name", fullName).addAttribute("locale", locale).build();
    Subject subject = Subject.create(principal);
    JwtAuthProvider provider = JwtAuthProvider.create(Config.create().get("security.providers.0.mp-jwt-auth"));
    io.helidon.security.SecurityContext context = Mockito.mock(io.helidon.security.SecurityContext.class);
    when(context.user()).thenReturn(Optional.of(subject));
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    SecurityEnvironment outboundEnv = SecurityEnvironment.builder().path("/rsa").transport("http").targetUri(URI.create("http://localhost:8080/rsa")).build();
    EndpointConfig outboundEp = EndpointConfig.create();
    assertThat(provider.isOutboundSupported(request, outboundEnv, outboundEp), is(true));
    OutboundSecurityResponse response = provider.syncOutbound(request, outboundEnv, outboundEp);
    String signedToken = response.requestHeaders().get("Authorization").get(0);
    // authenticated
    String httpResponse = target.path("/hello").request().header("Authorization", signedToken).get(String.class);
    assertThat(httpResponse, is("Hello user1"));
    httpResponse = target.path("/public").path("/hello").request().header("Authorization", signedToken).get(String.class);
    assertThat(httpResponse, is("Hello user1"));
}

Example 7 with OutboundSecurityResponse

use of io.helidon.security.OutboundSecurityResponse in project helidon by oracle.

the class HeaderAtnProviderTest method testOutbound.

@Test
public void testOutbound() {
    HeaderAtnProvider provider = getFullProvider();
    SecurityEnvironment env = outboundEnv();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.env()).thenReturn(env);
    SecurityContext sc = mock(SecurityContext.class);
    when(sc.user()).thenReturn(Optional.of(Subject.builder().addPrincipal(Principal.create("username")).build()));
    when(sc.service()).thenReturn(Optional.empty());
    when(request.securityContext()).thenReturn(sc);
    SecurityEnvironment outboundEnv = outboundEnv();
    EndpointConfig outboundEp = EndpointConfig.create();
    assertThat("Outbound should be supported", provider.isOutboundSupported(request, outboundEnv, outboundEp), is(true));
    OutboundSecurityResponse response = provider.syncOutbound(request, outboundEnv, outboundEp);
    List<String> custom = response.requestHeaders().get("Custom");
    assertThat(custom, notNullValue());
    assertThat(custom.size(), is(1));
    String token = custom.get(0);
    assertThat(token, is("bearer username"));
}

Example 8 with OutboundSecurityResponse

use of io.helidon.security.OutboundSecurityResponse in project helidon by oracle.

the class HttpBasicAuthProvider method syncOutbound.

@Override
protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEp) {
    // explicit username in request properties
    Optional<Object> maybeUsername = outboundEp.abacAttribute(EP_PROPERTY_OUTBOUND_USER);
    if (maybeUsername.isPresent()) {
        String username = maybeUsername.get().toString();
        char[] password = passwordFromEndpoint(outboundEp);
        return toBasicAuthOutbound(outboundEnv, HttpBasicOutboundConfig.DEFAULT_TOKEN_HANDLER, username, password);
    }
    var target = outboundConfig.findTargetCustomObject(outboundEnv, HttpBasicOutboundConfig.class, HttpBasicOutboundConfig::create, HttpBasicOutboundConfig::create);
    if (target.isEmpty()) {
        return OutboundSecurityResponse.abstain();
    }
    HttpBasicOutboundConfig outboundConfig = target.get();
    if (outboundConfig.hasExplicitUser()) {
        // use configured user
        return toBasicAuthOutbound(outboundEnv, outboundConfig.tokenHandler(), outboundConfig.explicitUser(), outboundConfig.explicitPassword());
    } else {
        // propagate current user (if possible)
        SecurityContext secContext = providerRequest.securityContext();
        // first try user
        Optional<BasicPrivateCredentials> creds = secContext.user().flatMap(this::credentialsFromSubject);
        if (creds.isEmpty()) {
            // if not present, try service
            creds = secContext.service().flatMap(this::credentialsFromSubject);
        }
        Optional<char[]> overridePassword = outboundEp.abacAttribute(EP_PROPERTY_OUTBOUND_PASSWORD).map(String::valueOf).map(String::toCharArray);
        return creds.map(credentials -> {
            char[] password = overridePassword.orElse(credentials.password);
            return toBasicAuthOutbound(outboundEnv, outboundConfig.tokenHandler(), credentials.username, password);
        }).orElseGet(OutboundSecurityResponse::abstain);
    }
}

Example 9 with OutboundSecurityResponse

use of io.helidon.security.OutboundSecurityResponse in project helidon by oracle.

the class HttpSignProviderTest method testOutboundSignatureRsa.

@Test
public void testOutboundSignatureRsa() throws ExecutionException, InterruptedException {
    Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
    // the generated host contains port as well, so we must explicitly define it here
    headers.put("host", List.of("example.org"));
    headers.put("date", List.of("Thu, 08 Jun 2014 18:32:30 GMT"));
    headers.put("authorization", List.of("basic dXNlcm5hbWU6cGFzc3dvcmQ="));
    SecurityContext context = mock(SecurityContext.class);
    when(context.executorService()).thenReturn(ForkJoinPool.commonPool());
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    SecurityEnvironment outboundEnv = SecurityEnvironment.builder().path("/my/resource").targetUri(URI.create("http://example.org/my/resource")).headers(headers).build();
    EndpointConfig outboundEp = EndpointConfig.create();
    boolean outboundSupported = getProvider().isOutboundSupported(request, outboundEnv, outboundEp);
    assertThat("Outbound should be supported", outboundSupported, is(true));
    OutboundSecurityResponse response = getProvider().outboundSecurity(request, outboundEnv, outboundEp).toCompletableFuture().get();
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
    Map<String, List<String>> updatedHeaders = response.requestHeaders();
    assertThat(updatedHeaders, notNullValue());
    // and now the value
    validateSignatureHeader(outboundEnv, updatedHeaders.get("Signature").iterator().next(), "rsa-key-12345", "rsa-sha256", List.of("date", "host", REQUEST_TARGET, "authorization"), "Rm5PjuUdJ927esGQ2gm/6QBEM9IM7J5qSZuP8NV8+GXUf" + "boUV6ST2EYLYniFGt5/3BO/2+vqQdqezdTVPr/JCwqBx+9T9ZynG7YqRj" + "KvXzcmvQOu5vQmCK5x/HR0fXU41Pjq+jywsD0k6KdxF6TWr6tvWRbwFet" + "+YSb0088o/65Xeqghw7s0vShf7jPZsaaIHnvM9SjWgix9VvpdEn4NDvqh" + "ebieVD3Swb1VG5+/7ECQ9VAlX30U5/jQ5hPO3yuvRlg5kkMjJiN7tf/68" + "If/5O2Z4H+7VmW0b1U69/JoOQJA0av1gCX7HVfa/YTCxIK4UFiI6h963q" + "2x7LSkqhdWGA==");
}

Example 10 with OutboundSecurityResponse

use of io.helidon.security.OutboundSecurityResponse in project helidon by oracle.

the class HttpSignProviderTest method testOutboundSignatureHmac.

@Test
public void testOutboundSignatureHmac() throws ExecutionException, InterruptedException {
    Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
    // the generated host contains port as well, so we must explicitly define it here
    headers.put("host", List.of("localhost"));
    headers.put("date", List.of("Thu, 08 Jun 2014 18:32:30 GMT"));
    SecurityContext context = mock(SecurityContext.class);
    when(context.executorService()).thenReturn(ForkJoinPool.commonPool());
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    SecurityEnvironment outboundEnv = SecurityEnvironment.builder().path("/second/someOtherPath").targetUri(URI.create("http://localhost/second/someOtherPath")).headers(headers).build();
    EndpointConfig outboundEp = EndpointConfig.create();
    boolean outboundSupported = getProvider().isOutboundSupported(request, outboundEnv, outboundEp);
    assertThat("Outbound should be supported", outboundSupported, is(true));
    OutboundSecurityResponse response = getProvider().outboundSecurity(request, outboundEnv, outboundEp).toCompletableFuture().get();
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
    Map<String, List<String>> updatedHeaders = response.requestHeaders();
    assertThat(updatedHeaders, notNullValue());
    // and now the value
    validateSignatureHeader(outboundEnv, updatedHeaders.get("Signature").iterator().next(), "myServiceKeyId", "hmac-sha256", List.of("date", REQUEST_TARGET, "host"), "SkeKVi6BoUd2/aUfXyIVIFAKEkKp7sg2KsS1UieB/+E=");
}