Search in sources :

Example 1 with ProviderRequest

use of io.helidon.security.ProviderRequest in project helidon by oracle.

the class AtnProviderSyncTest method testFailure.

@Test
public void testFailure() {
    Config config = Config.create(ConfigSources.create(Map.of("atn-object.size", String.valueOf(SIZE))));
    SecurityContext context = mock(SecurityContext.class);
    when(context.user()).thenReturn(Optional.empty());
    when(context.service()).thenReturn(Optional.empty());
    SecurityEnvironment se = SecurityEnvironment.create();
    EndpointConfig ep = EndpointConfig.builder().config("atn-object", config).build();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    AtnProviderSync provider = new AtnProviderSync();
    AuthenticationResponse response = provider.syncAuthenticate(request);
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
}
Also used : Config(io.helidon.config.Config) EndpointConfig(io.helidon.security.EndpointConfig) SecurityEnvironment(io.helidon.security.SecurityEnvironment) SecurityContext(io.helidon.security.SecurityContext) AuthenticationResponse(io.helidon.security.AuthenticationResponse) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 2 with ProviderRequest

use of io.helidon.security.ProviderRequest in project helidon by oracle.

the class AtnProviderSyncTest method testConfigSuccess.

@Test
public void testConfigSuccess() {
    Config config = Config.create(ConfigSources.create(Map.of("value", VALUE, "size", String.valueOf(SIZE))));
    SecurityContext context = mock(SecurityContext.class);
    when(context.user()).thenReturn(Optional.empty());
    when(context.service()).thenReturn(Optional.empty());
    SecurityEnvironment se = SecurityEnvironment.create();
    EndpointConfig ep = EndpointConfig.builder().config("atn-object", config).build();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    testSuccess(request);
}
Also used : Config(io.helidon.config.Config) EndpointConfig(io.helidon.security.EndpointConfig) SecurityEnvironment(io.helidon.security.SecurityEnvironment) SecurityContext(io.helidon.security.SecurityContext) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 3 with ProviderRequest

use of io.helidon.security.ProviderRequest in project helidon by oracle.

the class AtzProviderSyncTest method testPermitted.

@Test
public void testPermitted() {
    SecurityContext context = mock(SecurityContext.class);
    when(context.isAuthenticated()).thenReturn(true);
    SecurityEnvironment se = SecurityEnvironment.builder().path("/private/some/path").build();
    EndpointConfig ep = EndpointConfig.create();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    AtzProviderSync provider = new AtzProviderSync();
    AuthorizationResponse response = provider.syncAuthorize(request);
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) SecurityContext(io.helidon.security.SecurityContext) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) AuthorizationResponse(io.helidon.security.AuthorizationResponse) Test(org.junit.jupiter.api.Test)

Example 4 with ProviderRequest

use of io.helidon.security.ProviderRequest in project helidon by oracle.

the class AtzProviderSyncTest method testAbstain.

@Test
public void testAbstain() {
    SecurityEnvironment se = SecurityEnvironment.create();
    EndpointConfig ep = EndpointConfig.create();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    AtzProviderSync provider = new AtzProviderSync();
    AuthorizationResponse response = provider.syncAuthorize(request);
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.ABSTAIN));
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) AuthorizationResponse(io.helidon.security.AuthorizationResponse) Test(org.junit.jupiter.api.Test)

Example 5 with ProviderRequest

use of io.helidon.security.ProviderRequest in project helidon by oracle.

the class OutboundProviderSyncTest method testSuccess.

@Test
public void testSuccess() {
    String username = "aUser";
    Subject subject = Subject.create(Principal.create(username));
    SecurityContext context = mock(SecurityContext.class);
    when(context.user()).thenReturn(Optional.of(subject));
    when(context.service()).thenReturn(Optional.empty());
    SecurityEnvironment se = SecurityEnvironment.create();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    OutboundProviderSync ops = new OutboundProviderSync();
    OutboundSecurityResponse response = ops.syncOutbound(request, SecurityEnvironment.create(), EndpointConfig.create());
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
    assertThat(response.requestHeaders().get("X-AUTH-USER"), is(List.of(username)));
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) SecurityContext(io.helidon.security.SecurityContext) Subject(io.helidon.security.Subject) ProviderRequest(io.helidon.security.ProviderRequest) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) Test(org.junit.jupiter.api.Test)

Aggregations

ProviderRequest (io.helidon.security.ProviderRequest)80 Test (org.junit.jupiter.api.Test)73 EndpointConfig (io.helidon.security.EndpointConfig)54 SecurityEnvironment (io.helidon.security.SecurityEnvironment)46 SecurityContext (io.helidon.security.SecurityContext)32 AuthenticationResponse (io.helidon.security.AuthenticationResponse)28 Errors (io.helidon.common.Errors)27 SecurityLevel (io.helidon.security.SecurityLevel)24 OutboundSecurityResponse (io.helidon.security.OutboundSecurityResponse)21 Subject (io.helidon.security.Subject)20 ArrayList (java.util.ArrayList)19 Principal (io.helidon.security.Principal)13 AuthorizationResponse (io.helidon.security.AuthorizationResponse)9 SignedJwt (io.helidon.security.jwt.SignedJwt)8 List (java.util.List)8 RolesAllowed (jakarta.annotation.security.RolesAllowed)7 Instant (java.time.Instant)7 Locale (java.util.Locale)7 Config (io.helidon.config.Config)6 Jwt (io.helidon.security.jwt.Jwt)6