Search in sources :

Example 21 with OutboundSecurityResponse

use of io.helidon.security.OutboundSecurityResponse in project helidon by oracle.

the class GrpcClientSecurity method applyRequestMetadata.

@Override
public void applyRequestMetadata(RequestInfo requestInfo, Executor appExecutor, MetadataApplier applier) {
    OutboundTracing tracing = SecurityTracing.get().outboundTracing();
    String explicitProvider = (String) properties.get(PROPERTY_PROVIDER);
    try {
        MethodDescriptor<?, ?> methodDescriptor = requestInfo.getMethodDescriptor();
        String methodName = methodDescriptor.getFullMethodName();
        SecurityEnvironment.Builder outboundEnv = context.env().derive().clearHeaders();
        outboundEnv.path(methodName).method(methodName).addAttribute(ABAC_ATTRIBUTE_METHOD, methodDescriptor).transport("grpc").build();
        EndpointConfig.Builder outboundEp = context.endpointConfig().derive();
        properties.forEach(outboundEp::addAtribute);
        OutboundSecurityClientBuilder clientBuilder = context.outboundClientBuilder().outboundEnvironment(outboundEnv).tracingSpan(tracing.findParent().orElse(null)).outboundEndpointConfig(outboundEp).explicitProvider(explicitProvider);
        OutboundSecurityResponse providerResponse = clientBuilder.buildAndGet();
        SecurityResponse.SecurityStatus status = providerResponse.status();
        tracing.logStatus(status);
        switch(status) {
            case FAILURE:
            case FAILURE_FINISH:
                providerResponse.throwable().ifPresentOrElse(tracing::error, () -> tracing.error(providerResponse.description().orElse("Failed")));
                break;
            case ABSTAIN:
            case SUCCESS:
            case SUCCESS_FINISH:
            default:
                break;
        }
        Map<String, List<String>> newHeaders = providerResponse.requestHeaders();
        Metadata metadata = new Metadata();
        for (Map.Entry<String, List<String>> entry : newHeaders.entrySet()) {
            Metadata.Key<String> key = Metadata.Key.of(entry.getKey(), Metadata.ASCII_STRING_MARSHALLER);
            for (String value : entry.getValue()) {
                metadata.put(key, value);
            }
        }
        applier.apply(metadata);
        tracing.finish();
    } catch (SecurityException e) {
        tracing.error(e);
        applier.fail(Status.UNAUTHENTICATED.withDescription("Security principal propagation error").withCause(e));
    } catch (Exception e) {
        tracing.error(e);
        applier.fail(Status.UNAUTHENTICATED.withDescription("Unknown error").withCause(e));
    }
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) Metadata(io.grpc.Metadata) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) OutboundTracing(io.helidon.security.integration.common.OutboundTracing) List(java.util.List) OutboundSecurityClientBuilder(io.helidon.security.OutboundSecurityClientBuilder) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) SecurityResponse(io.helidon.security.SecurityResponse) HashMap(java.util.HashMap) Map(java.util.Map) EndpointConfig(io.helidon.security.EndpointConfig)

Example 22 with OutboundSecurityResponse

use of io.helidon.security.OutboundSecurityResponse in project helidon by oracle.

the class ClientSecurityFilter method outboundSecurity.

private void outboundSecurity(ClientRequestContext requestContext, SecurityContext securityContext) {
    OutboundTracing tracing = SecurityTracing.get().outboundTracing();
    Optional<String> explicityProvider = property(requestContext, String.class, ClientSecurity.PROPERTY_PROVIDER);
    try {
        SecurityEnvironment.Builder outboundEnv = securityContext.env().derive().clearHeaders();
        outboundEnv.method(requestContext.getMethod()).path(requestContext.getUri().getPath()).targetUri(requestContext.getUri()).headers(requestContext.getStringHeaders());
        EndpointConfig.Builder outboundEp = securityContext.endpointConfig().derive();
        for (String name : requestContext.getConfiguration().getPropertyNames()) {
            outboundEp.addAtribute(name, requestContext.getConfiguration().getProperty(name));
        }
        for (String name : requestContext.getPropertyNames()) {
            outboundEp.addAtribute(name, requestContext.getProperty(name));
        }
        OutboundSecurityClientBuilder clientBuilder = securityContext.outboundClientBuilder().outboundEnvironment(outboundEnv).tracingSpan(tracing.findParent().orElse(null)).outboundEndpointConfig(outboundEp);
        explicityProvider.ifPresent(clientBuilder::explicitProvider);
        OutboundSecurityResponse providerResponse = clientBuilder.buildAndGet();
        SecurityResponse.SecurityStatus status = providerResponse.status();
        tracing.logStatus(status);
        switch(status) {
            case FAILURE:
            case FAILURE_FINISH:
                providerResponse.throwable().ifPresentOrElse(tracing::error, () -> tracing.error(providerResponse.description().orElse("Failed")));
                break;
            case ABSTAIN:
            case SUCCESS:
            case SUCCESS_FINISH:
            default:
                break;
        }
        Map<String, List<String>> newHeaders = providerResponse.requestHeaders();
        LOGGER.finest(() -> "Client filter header(s). SIZE: " + newHeaders.size());
        MultivaluedMap<String, Object> hdrs = requestContext.getHeaders();
        for (Map.Entry<String, List<String>> entry : newHeaders.entrySet()) {
            LOGGER.finest(() -> "    + Header: " + entry.getKey() + ": " + entry.getValue());
            // replace existing
            hdrs.remove(entry.getKey());
            for (String value : entry.getValue()) {
                hdrs.add(entry.getKey(), value);
            }
        }
        tracing.finish();
    } catch (Exception e) {
        tracing.error(e);
        throw e;
    }
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) OutboundTracing(io.helidon.security.integration.common.OutboundTracing) List(java.util.List) OutboundSecurityClientBuilder(io.helidon.security.OutboundSecurityClientBuilder) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) SecurityResponse(io.helidon.security.SecurityResponse) MultivaluedMap(jakarta.ws.rs.core.MultivaluedMap) Map(java.util.Map) EndpointConfig(io.helidon.security.EndpointConfig)

Aggregations

OutboundSecurityResponse (io.helidon.security.OutboundSecurityResponse)22 SecurityEnvironment (io.helidon.security.SecurityEnvironment)22 EndpointConfig (io.helidon.security.EndpointConfig)20 ProviderRequest (io.helidon.security.ProviderRequest)20 Test (org.junit.jupiter.api.Test)18 SecurityContext (io.helidon.security.SecurityContext)17 Subject (io.helidon.security.Subject)14 Principal (io.helidon.security.Principal)11 AuthenticationResponse (io.helidon.security.AuthenticationResponse)10 SignedJwt (io.helidon.security.jwt.SignedJwt)8 Locale (java.util.Locale)7 Jwt (io.helidon.security.jwt.Jwt)6 Instant (java.time.Instant)6 List (java.util.List)6 Map (java.util.Map)4 SecurityResponse (io.helidon.security.SecurityResponse)3 HashMap (java.util.HashMap)3 Config (io.helidon.config.Config)2 OutboundSecurityClientBuilder (io.helidon.security.OutboundSecurityClientBuilder)2 SubjectType (io.helidon.security.SubjectType)2