use of io.helidon.security.ProviderRequest in project helidon by oracle.
the class GoogleTokenProviderTest method testInboundVerificationException.
@Test
public void testInboundVerificationException() throws ExecutionException, InterruptedException, GeneralSecurityException, IOException {
GoogleIdTokenVerifier verifier = mock(GoogleIdTokenVerifier.class);
when(verifier.verify(TOKEN_VALUE)).thenThrow(new IOException("Failed to verify token"));
GoogleTokenProvider provider = GoogleTokenProvider.builder().clientId("clientId").verifier(verifier).build();
ProviderRequest inboundRequest = createInboundRequest("Authorization", "bearer " + TOKEN_VALUE);
AuthenticationResponse response = provider.authenticate(inboundRequest).toCompletableFuture().get();
assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
assertThat(response.statusCode().orElse(200), is(401));
assertThat(response.responseHeaders().get("WWW-Authenticate"), notNullValue());
}
use of io.helidon.security.ProviderRequest in project helidon by oracle.
the class GoogleTokenProviderTest method testInboundIncorrectToken.
@Test
public void testInboundIncorrectToken() throws ExecutionException, InterruptedException {
ProviderRequest inboundRequest = createInboundRequest("Authorization", "tearer " + TOKEN_VALUE);
AuthenticationResponse response = provider.authenticate(inboundRequest).toCompletableFuture().get();
assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
assertThat(response.statusCode().orElse(200), is(400));
assertThat(response.responseHeaders().get("WWW-Authenticate"), notNullValue());
}
use of io.helidon.security.ProviderRequest in project helidon by oracle.
the class GoogleTokenProviderTest method testOutbound.
@Test
public void testOutbound() {
ProviderRequest outboundRequest = buildOutboundRequest();
SecurityEnvironment outboundEnv = SecurityEnvironment.builder().targetUri(URI.create("http://localhost:8080/path")).method("GET").build();
EndpointConfig outboundEp = EndpointConfig.create();
assertThat("Outbound should be supported", provider.isOutboundSupported(outboundRequest, outboundEnv, outboundEp), is(true));
OutboundSecurityResponse response = provider.syncOutbound(outboundRequest, outboundEnv, outboundEp);
List<String> authorization = response.requestHeaders().get("Authorization");
assertThat(authorization, notNullValue());
assertThat(authorization.size(), is(1));
String header = authorization.get(0);
assertThat(header.toLowerCase(), startsWith("bearer "));
assertThat(header, endsWith(TOKEN_VALUE));
}
use of io.helidon.security.ProviderRequest in project helidon by oracle.
the class HeaderAtnProvider method syncOutbound.
@Override
protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig) {
Optional<Subject> toPropagate;
if (subjectType == SubjectType.USER) {
toPropagate = providerRequest.securityContext().user();
} else {
toPropagate = providerRequest.securityContext().service();
}
// find the target
var target = outboundConfig.findTargetCustomObject(outboundEnv, HeaderAtnOutboundConfig.class, HeaderAtnOutboundConfig::create, HeaderAtnOutboundConfig::create);
// we have no target, let's fall back to original behavior
if (target.isEmpty()) {
if (outboundTokenHandler != null) {
return toPropagate.map(Subject::principal).map(Principal::id).map(id -> respond(outboundEnv, outboundTokenHandler, id)).orElseGet(OutboundSecurityResponse::abstain);
}
return OutboundSecurityResponse.abstain();
}
// we found a target
HeaderAtnOutboundConfig outboundConfig = target.get();
TokenHandler tokenHandler = outboundConfig.tokenHandler().orElse(defaultOutboundTokenHandler);
return outboundConfig.explicitUser().or(() -> toPropagate.map(Subject::principal).map(Principal::id)).map(id -> respond(outboundEnv, tokenHandler, id)).orElseGet(OutboundSecurityResponse::abstain);
}
use of io.helidon.security.ProviderRequest in project helidon by oracle.
the class HeaderAtnProviderTest method testServiceExtraction.
@Test
public void testServiceExtraction() {
HeaderAtnProvider provider = getServiceProvider();
String username = "service";
SecurityEnvironment env = SecurityEnvironment.builder().header("Authorization", "bearer " + username).build();
ProviderRequest request = mock(ProviderRequest.class);
when(request.env()).thenReturn(env);
AuthenticationResponse response = provider.syncAuthenticate(request);
assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
assertThat(response.user(), is(Optional.empty()));
assertThat(response.service(), is(not(Optional.empty())));
response.service().map(Subject::principal).map(Principal::getName).ifPresent(name -> assertThat(name, is(username)));
}
Aggregations