Example 21 with Principal
use of io.helidon.security.Principal in project helidon by oracle.
the class MyProvider method syncAuthenticate.
@Override
protected AuthenticationResponse syncAuthenticate(ProviderRequest providerRequest) {
// get username and password
List<String> headers = providerRequest.env().headers().getOrDefault("authorization", List.of());
if (headers.isEmpty()) {
return AuthenticationResponse.failed("No authorization header");
}
String header = headers.get(0);
if (header.toLowerCase().startsWith("basic ")) {
String base64 = header.substring(6);
String unamePwd = new String(Base64.getDecoder().decode(base64), StandardCharsets.UTF_8);
int index = unamePwd.indexOf(':');
if (index > 0) {
String name = unamePwd.substring(0, index);
String pwd = unamePwd.substring(index + 1);
if ("aUser".equals(name)) {
// authenticate
Principal principal = Principal.create(name);
Role roleGrant = Role.create("theRole");
Subject subject = Subject.builder().principal(principal).addGrant(roleGrant).addPrivateCredential(MyPrivateCreds.class, new MyPrivateCreds(name, pwd.toCharArray())).build();
return AuthenticationResponse.success(subject);
}
}
}
return AuthenticationResponse.failed("User not found");
}Example 22 with Principal
use of io.helidon.security.Principal in project helidon by oracle.
the class JwtAuthProvider method propagate.
private OutboundSecurityResponse propagate(JwtOutboundTarget ot, Subject subject) {
Map<String, List<String>> headers = new HashMap<>();
Jwk jwk = signKeys.forKeyId(ot.jwkKid).orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined."));
Principal principal = subject.principal();
Jwt.Builder builder = Jwt.builder();
principal.abacAttributeNames().forEach(name -> {
principal.abacAttribute(name).ifPresent(val -> builder.addPayloadClaim(name, val));
});
principal.abacAttribute("full_name").ifPresentOrElse(name -> builder.addPayloadClaim("name", name), () -> builder.removePayloadClaim("name"));
builder.subject(principal.id()).preferredUsername(principal.getName()).issuer(issuer).algorithm(jwk.algorithm());
ot.update(builder);
// MP specific
if (!principal.abacAttribute("upn").isPresent()) {
builder.userPrincipal(principal.getName());
}
Security.getRoles(subject).forEach(builder::addUserGroup);
Jwt jwt = builder.build();
SignedJwt signed = SignedJwt.sign(jwt, jwk);
ot.outboundHandler.header(headers, signed.tokenContent());
return OutboundSecurityResponse.withHeaders(headers);
}
Also used :
IdentityHashMap(java.util.IdentityHashMap)
HashMap(java.util.HashMap)
EncryptedJwt(io.helidon.security.jwt.EncryptedJwt)
SignedJwt(io.helidon.security.jwt.SignedJwt)
Jwt(io.helidon.security.jwt.Jwt)
List(java.util.List)
LinkedList(java.util.LinkedList)
JwtException(io.helidon.security.jwt.JwtException)
SignedJwt(io.helidon.security.jwt.SignedJwt)
Principal(io.helidon.security.Principal)
Jwk(io.helidon.security.jwt.jwk.Jwk)
Aggregations
Principal (io.helidon.security.Principal)22
Subject (io.helidon.security.Subject)16
ProviderRequest (io.helidon.security.ProviderRequest)13
AuthenticationResponse (io.helidon.security.AuthenticationResponse)12
EndpointConfig (io.helidon.security.EndpointConfig)12
OutboundSecurityResponse (io.helidon.security.OutboundSecurityResponse)12
SecurityEnvironment (io.helidon.security.SecurityEnvironment)12
SignedJwt (io.helidon.security.jwt.SignedJwt)12
SecurityContext (io.helidon.security.SecurityContext)10
Jwt (io.helidon.security.jwt.Jwt)10
Test (org.junit.jupiter.api.Test)10
Instant (java.time.Instant)7
Locale (java.util.Locale)7
JwtException (io.helidon.security.jwt.JwtException)6
Config (io.helidon.config.Config)5
HashMap (java.util.HashMap)4
List (java.util.List)4
Role (io.helidon.security.Role)3
Jwk (io.helidon.security.jwt.jwk.Jwk)3
OutboundConfig (io.helidon.security.providers.common.OutboundConfig)3
