Search in sources :

Example 51 with ProviderRequest

use of io.helidon.security.ProviderRequest in project helidon by oracle.

the class GoogleTokenProviderTest method testInboundVerificationException.

@Test
public void testInboundVerificationException() throws ExecutionException, InterruptedException, GeneralSecurityException, IOException {
    GoogleIdTokenVerifier verifier = mock(GoogleIdTokenVerifier.class);
    when(verifier.verify(TOKEN_VALUE)).thenThrow(new IOException("Failed to verify token"));
    GoogleTokenProvider provider = GoogleTokenProvider.builder().clientId("clientId").verifier(verifier).build();
    ProviderRequest inboundRequest = createInboundRequest("Authorization", "bearer " + TOKEN_VALUE);
    AuthenticationResponse response = provider.authenticate(inboundRequest).toCompletableFuture().get();
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
    assertThat(response.statusCode().orElse(200), is(401));
    assertThat(response.responseHeaders().get("WWW-Authenticate"), notNullValue());
}
Also used : GoogleIdTokenVerifier(com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier) IOException(java.io.IOException) AuthenticationResponse(io.helidon.security.AuthenticationResponse) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 52 with ProviderRequest

use of io.helidon.security.ProviderRequest in project helidon by oracle.

the class GoogleTokenProviderTest method testInboundIncorrectToken.

@Test
public void testInboundIncorrectToken() throws ExecutionException, InterruptedException {
    ProviderRequest inboundRequest = createInboundRequest("Authorization", "tearer " + TOKEN_VALUE);
    AuthenticationResponse response = provider.authenticate(inboundRequest).toCompletableFuture().get();
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
    assertThat(response.statusCode().orElse(200), is(400));
    assertThat(response.responseHeaders().get("WWW-Authenticate"), notNullValue());
}
Also used : AuthenticationResponse(io.helidon.security.AuthenticationResponse) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 53 with ProviderRequest

use of io.helidon.security.ProviderRequest in project helidon by oracle.

the class GoogleTokenProviderTest method testOutbound.

@Test
public void testOutbound() {
    ProviderRequest outboundRequest = buildOutboundRequest();
    SecurityEnvironment outboundEnv = SecurityEnvironment.builder().targetUri(URI.create("http://localhost:8080/path")).method("GET").build();
    EndpointConfig outboundEp = EndpointConfig.create();
    assertThat("Outbound should be supported", provider.isOutboundSupported(outboundRequest, outboundEnv, outboundEp), is(true));
    OutboundSecurityResponse response = provider.syncOutbound(outboundRequest, outboundEnv, outboundEp);
    List<String> authorization = response.requestHeaders().get("Authorization");
    assertThat(authorization, notNullValue());
    assertThat(authorization.size(), is(1));
    String header = authorization.get(0);
    assertThat(header.toLowerCase(), startsWith("bearer "));
    assertThat(header, endsWith(TOKEN_VALUE));
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) Test(org.junit.jupiter.api.Test)

Example 54 with ProviderRequest

use of io.helidon.security.ProviderRequest in project helidon by oracle.

the class HeaderAtnProvider method syncOutbound.

@Override
protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig) {
    Optional<Subject> toPropagate;
    if (subjectType == SubjectType.USER) {
        toPropagate = providerRequest.securityContext().user();
    } else {
        toPropagate = providerRequest.securityContext().service();
    }
    // find the target
    var target = outboundConfig.findTargetCustomObject(outboundEnv, HeaderAtnOutboundConfig.class, HeaderAtnOutboundConfig::create, HeaderAtnOutboundConfig::create);
    // we have no target, let's fall back to original behavior
    if (target.isEmpty()) {
        if (outboundTokenHandler != null) {
            return toPropagate.map(Subject::principal).map(Principal::id).map(id -> respond(outboundEnv, outboundTokenHandler, id)).orElseGet(OutboundSecurityResponse::abstain);
        }
        return OutboundSecurityResponse.abstain();
    }
    // we found a target
    HeaderAtnOutboundConfig outboundConfig = target.get();
    TokenHandler tokenHandler = outboundConfig.tokenHandler().orElse(defaultOutboundTokenHandler);
    return outboundConfig.explicitUser().or(() -> toPropagate.map(Subject::principal).map(Principal::id)).map(id -> respond(outboundEnv, tokenHandler, id)).orElseGet(OutboundSecurityResponse::abstain);
}
Also used : OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) ProviderRequest(io.helidon.security.ProviderRequest) Config(io.helidon.config.Config) SubjectType(io.helidon.security.SubjectType) OutboundSecurityProvider(io.helidon.security.spi.OutboundSecurityProvider) SynchronousProvider(io.helidon.security.spi.SynchronousProvider) HashMap(java.util.HashMap) TokenHandler(io.helidon.security.util.TokenHandler) AuthenticationResponse(io.helidon.security.AuthenticationResponse) OutboundConfig(io.helidon.security.providers.common.OutboundConfig) Principal(io.helidon.security.Principal) List(java.util.List) AuthenticationProvider(io.helidon.security.spi.AuthenticationProvider) EndpointConfig(io.helidon.security.EndpointConfig) SecurityEnvironment(io.helidon.security.SecurityEnvironment) OutboundTarget(io.helidon.security.providers.common.OutboundTarget) Map(java.util.Map) Optional(java.util.Optional) Subject(io.helidon.security.Subject) TokenHandler(io.helidon.security.util.TokenHandler) Subject(io.helidon.security.Subject) Principal(io.helidon.security.Principal) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse)

Example 55 with ProviderRequest

use of io.helidon.security.ProviderRequest in project helidon by oracle.

the class HeaderAtnProviderTest method testServiceExtraction.

@Test
public void testServiceExtraction() {
    HeaderAtnProvider provider = getServiceProvider();
    String username = "service";
    SecurityEnvironment env = SecurityEnvironment.builder().header("Authorization", "bearer " + username).build();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.env()).thenReturn(env);
    AuthenticationResponse response = provider.syncAuthenticate(request);
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
    assertThat(response.user(), is(Optional.empty()));
    assertThat(response.service(), is(not(Optional.empty())));
    response.service().map(Subject::principal).map(Principal::getName).ifPresent(name -> assertThat(name, is(username)));
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) AuthenticationResponse(io.helidon.security.AuthenticationResponse) Subject(io.helidon.security.Subject) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Aggregations

ProviderRequest (io.helidon.security.ProviderRequest)80 Test (org.junit.jupiter.api.Test)73 EndpointConfig (io.helidon.security.EndpointConfig)54 SecurityEnvironment (io.helidon.security.SecurityEnvironment)46 SecurityContext (io.helidon.security.SecurityContext)32 AuthenticationResponse (io.helidon.security.AuthenticationResponse)28 Errors (io.helidon.common.Errors)27 SecurityLevel (io.helidon.security.SecurityLevel)24 OutboundSecurityResponse (io.helidon.security.OutboundSecurityResponse)21 Subject (io.helidon.security.Subject)20 ArrayList (java.util.ArrayList)19 Principal (io.helidon.security.Principal)13 AuthorizationResponse (io.helidon.security.AuthorizationResponse)9 SignedJwt (io.helidon.security.jwt.SignedJwt)8 List (java.util.List)8 RolesAllowed (jakarta.annotation.security.RolesAllowed)7 Instant (java.time.Instant)7 Locale (java.util.Locale)7 Config (io.helidon.config.Config)6 Jwt (io.helidon.security.jwt.Jwt)6