Examples with OutboundSecurityResponse io.helidon.security.OutboundSecurityResponse used on opensource projects

Example 21 with OutboundSecurityResponse

use of io.helidon.security.OutboundSecurityResponse in project helidon by oracle.

the class GrpcClientSecurity method applyRequestMetadata.

@Override
public void applyRequestMetadata(RequestInfo requestInfo, Executor appExecutor, MetadataApplier applier) {
    OutboundTracing tracing = SecurityTracing.get().outboundTracing();
    String explicitProvider = (String) properties.get(PROPERTY_PROVIDER);
    try {
        MethodDescriptor<?, ?> methodDescriptor = requestInfo.getMethodDescriptor();
        String methodName = methodDescriptor.getFullMethodName();
        SecurityEnvironment.Builder outboundEnv = context.env().derive().clearHeaders();
        outboundEnv.path(methodName).method(methodName).addAttribute(ABAC_ATTRIBUTE_METHOD, methodDescriptor).transport("grpc").build();
        EndpointConfig.Builder outboundEp = context.endpointConfig().derive();
        properties.forEach(outboundEp::addAtribute);
        OutboundSecurityClientBuilder clientBuilder = context.outboundClientBuilder().outboundEnvironment(outboundEnv).tracingSpan(tracing.findParent().orElse(null)).outboundEndpointConfig(outboundEp).explicitProvider(explicitProvider);
        OutboundSecurityResponse providerResponse = clientBuilder.buildAndGet();
        SecurityResponse.SecurityStatus status = providerResponse.status();
        tracing.logStatus(status);
        switch(status) {
            case FAILURE:
            case FAILURE_FINISH:
                providerResponse.throwable().ifPresentOrElse(tracing::error, () -> tracing.error(providerResponse.description().orElse("Failed")));
                break;
            case ABSTAIN:
            case SUCCESS:
            case SUCCESS_FINISH:
            default:
                break;
        }
        Map<String, List<String>> newHeaders = providerResponse.requestHeaders();
        Metadata metadata = new Metadata();
        for (Map.Entry<String, List<String>> entry : newHeaders.entrySet()) {
            Metadata.Key<String> key = Metadata.Key.of(entry.getKey(), Metadata.ASCII_STRING_MARSHALLER);
            for (String value : entry.getValue()) {
                metadata.put(key, value);
            }
        }
        applier.apply(metadata);
        tracing.finish();
    } catch (SecurityException e) {
        tracing.error(e);
        applier.fail(Status.UNAUTHENTICATED.withDescription("Security principal propagation error").withCause(e));
    } catch (Exception e) {
        tracing.error(e);
        applier.fail(Status.UNAUTHENTICATED.withDescription("Unknown error").withCause(e));
    }
}

Example 22 with OutboundSecurityResponse

use of io.helidon.security.OutboundSecurityResponse in project helidon by oracle.

the class ClientSecurityFilter method outboundSecurity.

private void outboundSecurity(ClientRequestContext requestContext, SecurityContext securityContext) {
    OutboundTracing tracing = SecurityTracing.get().outboundTracing();
    Optional<String> explicityProvider = property(requestContext, String.class, ClientSecurity.PROPERTY_PROVIDER);
    try {
        SecurityEnvironment.Builder outboundEnv = securityContext.env().derive().clearHeaders();
        outboundEnv.method(requestContext.getMethod()).path(requestContext.getUri().getPath()).targetUri(requestContext.getUri()).headers(requestContext.getStringHeaders());
        EndpointConfig.Builder outboundEp = securityContext.endpointConfig().derive();
        for (String name : requestContext.getConfiguration().getPropertyNames()) {
            outboundEp.addAtribute(name, requestContext.getConfiguration().getProperty(name));
        }
        for (String name : requestContext.getPropertyNames()) {
            outboundEp.addAtribute(name, requestContext.getProperty(name));
        }
        OutboundSecurityClientBuilder clientBuilder = securityContext.outboundClientBuilder().outboundEnvironment(outboundEnv).tracingSpan(tracing.findParent().orElse(null)).outboundEndpointConfig(outboundEp);
        explicityProvider.ifPresent(clientBuilder::explicitProvider);
        OutboundSecurityResponse providerResponse = clientBuilder.buildAndGet();
        SecurityResponse.SecurityStatus status = providerResponse.status();
        tracing.logStatus(status);
        switch(status) {
            case FAILURE:
            case FAILURE_FINISH:
                providerResponse.throwable().ifPresentOrElse(tracing::error, () -> tracing.error(providerResponse.description().orElse("Failed")));
                break;
            case ABSTAIN:
            case SUCCESS:
            case SUCCESS_FINISH:
            default:
                break;
        }
        Map<String, List<String>> newHeaders = providerResponse.requestHeaders();
        LOGGER.finest(() -> "Client filter header(s). SIZE: " + newHeaders.size());
        MultivaluedMap<String, Object> hdrs = requestContext.getHeaders();
        for (Map.Entry<String, List<String>> entry : newHeaders.entrySet()) {
            LOGGER.finest(() -> "    + Header: " + entry.getKey() + ": " + entry.getValue());
            // replace existing
            hdrs.remove(entry.getKey());
            for (String value : entry.getValue()) {
                hdrs.add(entry.getKey(), value);
            }
        }
        tracing.finish();
    } catch (Exception e) {
        tracing.error(e);
        throw e;
    }
}