Example 1 with Role
use of io.helidon.security.Role in project helidon by oracle.
the class IdcsRoleMapperProviderBase method processServerResponse.
/**
* Process the server response to retrieve groups and app roles from it.
*
* @param groupResponse response from IDCS
* @param subjectName name of the subject
* @return list of grants obtained from the IDCS response
*/
protected Optional<List<? extends Grant>> processServerResponse(Response groupResponse, String subjectName) {
Response.StatusType statusInfo = groupResponse.getStatusInfo();
if (statusInfo.getFamily() == Response.Status.Family.SUCCESSFUL) {
JsonObject jsonObject = groupResponse.readEntity(JsonObject.class);
JsonArray groups = jsonObject.getJsonArray("groups");
JsonArray appRoles = jsonObject.getJsonArray("appRoles");
if ((null == groups) && (null == appRoles)) {
LOGGER.finest(() -> "Neither groups nor app roles found for user " + subjectName);
return Optional.empty();
}
List<Role> result = new LinkedList<>();
for (String type : Arrays.asList(ROLE_GROUP, ROLE_APPROLE)) {
JsonArray types = jsonObject.getJsonArray(type);
if (null != types) {
for (int i = 0; i < types.size(); i++) {
JsonObject typeJson = types.getJsonObject(i);
String name = typeJson.getString("display");
String id = typeJson.getString("value");
String ref = typeJson.getString("$ref");
Role role = Role.builder().name(name).addAttribute("type", type).addAttribute("id", id).addAttribute("ref", ref).build();
result.add(role);
}
}
}
return Optional.of(result);
} else {
if (statusInfo.getStatusCode() == STATUS_NOT_AUTHENTICATED) {
// most likely not allowed to do this
LOGGER.warning("Cannot read groups for user \"" + subjectName + "\". Response code: " + groupResponse.getStatus() + ", make sure your IDCS client has role \"Authenticator Client\" added on the client" + " configuration page" + ", entity: " + groupResponse.readEntity(String.class));
} else {
LOGGER.warning("Cannot read groups for user \"" + subjectName + "\". Response code: " + groupResponse.getStatus() + ", entity: " + groupResponse.readEntity(String.class));
}
return Optional.empty();
}
}
Also used :
Response(jakarta.ws.rs.core.Response)
AuthenticationResponse(io.helidon.security.AuthenticationResponse)
JsonArray(jakarta.json.JsonArray)
Role(io.helidon.security.Role)
JsonObject(jakarta.json.JsonObject)
LinkedList(java.util.LinkedList)
Example 2 with Role
use of io.helidon.security.Role in project helidon by oracle.
the class IdcsRoleMapperRxProviderBase method processServerResponse.
private List<? extends Grant> processServerResponse(JsonObject jsonObject, String subjectName) {
JsonArray groups = jsonObject.getJsonArray("groups");
JsonArray appRoles = jsonObject.getJsonArray("appRoles");
if ((null == groups) && (null == appRoles)) {
LOGGER.finest(() -> "Neither groups nor app roles found for user " + subjectName);
return List.of();
}
List<Role> result = new LinkedList<>();
for (String type : Arrays.asList(ROLE_GROUP, ROLE_APPROLE)) {
JsonArray types = jsonObject.getJsonArray(type);
if (null != types) {
for (int i = 0; i < types.size(); i++) {
JsonObject typeJson = types.getJsonObject(i);
String name = typeJson.getString("display");
String id = typeJson.getString("value");
String ref = typeJson.getString("$ref");
Role role = Role.builder().name(name).addAttribute("type", type).addAttribute("id", id).addAttribute("ref", ref).build();
result.add(role);
}
}
}
return result;
}
Also used :
JsonArray(jakarta.json.JsonArray)
Role(io.helidon.security.Role)
JsonObject(jakarta.json.JsonObject)
LinkedList(java.util.LinkedList)
Example 3 with Role
use of io.helidon.security.Role in project helidon by oracle.
the class IdcsRoleMapperRxProviderTest method testCacheUsed.
@Test
void testCacheUsed() {
ProviderRequest mock = Mockito.mock(ProviderRequest.class);
String username = "test-user";
AuthenticationResponse response = provider.map(mock, AuthenticationResponse.builder().user(Subject.builder().principal(Principal.create(username)).build()).build()).toCompletableFuture().join();
Subject subject = response.user().get();
List<Role> grants = subject.grants(Role.class);
assertThat(grants, iterableWithSize(5));
assertThat(grants, hasItems(Role.create("fixed"), Role.create(username), Role.create("additional-fixed")));
Role counted = findCounted(grants);
Role additionalCounted = findAdditionalCounted(grants);
response = provider.map(mock, AuthenticationResponse.builder().user(Subject.builder().principal(Principal.create(username)).build()).build()).toCompletableFuture().join();
grants = response.user().get().grants(Role.class);
assertThat(grants, iterableWithSize(5));
Role counted2 = findCounted(grants);
assertThat("Expecting the same role, as it should have been cached", counted2, is(counted));
Role additionalCounted2 = findAdditionalCounted(grants);
assertThat("Additional roles should not be cached", additionalCounted2, not(additionalCounted));
}
Also used :
Role(io.helidon.security.Role)
AuthenticationResponse(io.helidon.security.AuthenticationResponse)
Subject(io.helidon.security.Subject)
ProviderRequest(io.helidon.security.ProviderRequest)
Test(org.junit.jupiter.api.Test)
Example 4 with Role
use of io.helidon.security.Role in project helidon by oracle.
the class MyProvider method syncAuthenticate.
@Override
protected AuthenticationResponse syncAuthenticate(ProviderRequest providerRequest) {
// get username and password
List<String> headers = providerRequest.env().headers().getOrDefault("authorization", List.of());
if (headers.isEmpty()) {
return AuthenticationResponse.failed("No authorization header");
}
String header = headers.get(0);
if (header.toLowerCase().startsWith("basic ")) {
String base64 = header.substring(6);
String unamePwd = new String(Base64.getDecoder().decode(base64), StandardCharsets.UTF_8);
int index = unamePwd.indexOf(':');
if (index > 0) {
String name = unamePwd.substring(0, index);
String pwd = unamePwd.substring(index + 1);
if ("aUser".equals(name)) {
// authenticate
Principal principal = Principal.create(name);
Role roleGrant = Role.create("theRole");
Subject subject = Subject.builder().principal(principal).addGrant(roleGrant).addPrivateCredential(MyPrivateCreds.class, new MyPrivateCreds(name, pwd.toCharArray())).build();
return AuthenticationResponse.success(subject);
}
}
}
return AuthenticationResponse.failed("User not found");
}Aggregations
Role (io.helidon.security.Role)4
AuthenticationResponse (io.helidon.security.AuthenticationResponse)2
Subject (io.helidon.security.Subject)2
JsonArray (jakarta.json.JsonArray)2
JsonObject (jakarta.json.JsonObject)2
LinkedList (java.util.LinkedList)2
Principal (io.helidon.security.Principal)1
ProviderRequest (io.helidon.security.ProviderRequest)1
Response (jakarta.ws.rs.core.Response)1
Test (org.junit.jupiter.api.Test)1
