Examples with Security io.helidon.security.Security used on opensource projects

Example 16 with Security

use of io.helidon.security.Security in project helidon by oracle.

the class OutboundSecurityIT method startServers.

// ----- test lifecycle methods -----------------------------------------
@BeforeAll
public static void startServers() throws Exception {
    LogConfig.configureRuntime();
    Config config = Config.create();
    Security security = Security.builder().addProvider(HttpBasicAuthProvider.create(config.get("http-basic-auth"))).build();
    // secured web server's Routing
    Routing webRouting = Routing.builder().register(WebSecurity.create(security).securityDefaults(WebSecurity.authenticate())).get("/test", WebSecurity.rolesAllowed("admin"), OutboundSecurityIT::echoWebRequest).get("/propagate", WebSecurity.rolesAllowed("user"), OutboundSecurityIT::propagateCredentialsWebRequest).get("/override", WebSecurity.rolesAllowed("user"), OutboundSecurityIT::overrideCredentialsWebRequest).build();
    webServer = WebServer.create(webRouting).start().toCompletableFuture().get(10, TimeUnit.SECONDS);
    webServerURL = "http://127.0.0.1:" + webServer.port();
    client = ClientBuilder.newBuilder().build().register(HttpAuthenticationFeature.basicBuilder().build());
    ServiceDescriptor echoService = ServiceDescriptor.builder(new SecuredOutboundEchoService(webServerURL)).intercept(GrpcSecurity.rolesAllowed("admin")).build();
    // Add the EchoService
    GrpcRouting grpcRouting = GrpcRouting.builder().intercept(GrpcSecurity.create(security).securityDefaults(GrpcSecurity.authenticate())).register(echoService).build();
    // Run the server on port 0 so that it picks a free ephemeral port
    GrpcServerConfiguration serverConfig = GrpcServerConfiguration.builder().port(0).build();
    grpcServer = GrpcServer.create(serverConfig, grpcRouting).start().toCompletableFuture().get(10, TimeUnit.SECONDS);
    Channel channel = InProcessChannelBuilder.forName(grpcServer.configuration().name()).build();
    adminEchoStub = EchoServiceGrpc.newBlockingStub(channel).withCallCredentials(adminCreds);
    noCredsEchoStub = EchoServiceGrpc.newBlockingStub(channel);
}

Example 17 with Security

use of io.helidon.security.Security in project helidon by oracle.

the class ServiceAndMethodLevelSecurityIT method startServer.

@BeforeAll
public static void startServer() throws Exception {
    LogConfig.configureRuntime();
    Config config = Config.create();
    Security security = Security.builder().addProvider(HttpBasicAuthProvider.create(config.get("http-basic-auth"))).build();
    ServiceDescriptor echoService = ServiceDescriptor.builder(new EchoService()).intercept(GrpcSecurity.rolesAllowed("admin")).build();
    ServiceDescriptor stringService = ServiceDescriptor.builder(new StringService()).intercept("Upper", GrpcSecurity.rolesAllowed("admin")).intercept("Split", GrpcSecurity.rolesAllowed("admin")).build();
    // Add the EchoService
    GrpcRouting routing = GrpcRouting.builder().intercept(GrpcSecurity.create(security).securityDefaults(GrpcSecurity.authenticate())).register(echoService).register(stringService).build();
    // Run the server on port 0 so that it picks a free ephemeral port
    GrpcServerConfiguration serverConfig = GrpcServerConfiguration.builder().port(0).build();
    grpcServer = GrpcServer.create(serverConfig, routing).start().toCompletableFuture().get(10, TimeUnit.SECONDS);
    Channel channel = InProcessChannelBuilder.forName(grpcServer.configuration().name()).build();
    adminEchoStub = EchoServiceGrpc.newBlockingStub(channel).withCallCredentials(adminCreds);
    userEchoStub = EchoServiceGrpc.newBlockingStub(channel).withCallCredentials(userCreds);
    adminStringStub = StringServiceGrpc.newBlockingStub(channel).withCallCredentials(adminCreds);
    userStringStub = StringServiceGrpc.newBlockingStub(channel).withCallCredentials(userCreds);
    noCredsEchoStub = StringServiceGrpc.newBlockingStub(channel);
}

Example 18 with Security

use of io.helidon.security.Security in project helidon by oracle.

the class ClientSecurityFilter method doFilter.

private void doFilter(ClientRequestContext requestContext) {
    // find the context - if not cannot propagate
    Optional<SecurityContext> securityContext = findContext(requestContext);
    if (securityContext.isPresent()) {
        outboundSecurity(requestContext, securityContext.get());
    } else {
        LOGGER.finest("Security context not available, using empty one. You can define it using " + "property \"" + ClientSecurity.PROPERTY_CONTEXT + "\" on request");
        // use current context, or create a new one if we run outside of Helidon context
        Context context = Contexts.context().orElseGet(() -> Context.builder().id("security-" + CONTEXT_COUNTER.incrementAndGet()).build());
        // create a new security context for current request (not authenticated)
        Optional<SecurityContext> newSecurityContext = context.get(Security.class).map(it -> it.createContext(context.id()));
        if (newSecurityContext.isPresent()) {
            // run in the context we obtained above with the new security context
            // we may still propagate security information (such as when we explicitly configure outbound
            // security in outbound target of a provider
            Contexts.runInContext(context, () -> outboundSecurity(requestContext, newSecurityContext.get()));
        } else {
            // we cannot do anything - security is not available in global or current context, cannot propagate
            LOGGER.finest("Security is not available in global or current context, cannot propagate identity.");
        }
    }
}

Example 19 with Security

use of io.helidon.security.Security in project helidon by oracle.

the class SecurityFeature method configure.

@Override
public boolean configure(FeatureContext context) {
    RuntimeType runtimeType = context.getConfiguration().getRuntimeType();
    // register server
    if (runtimeType != RuntimeType.SERVER) {
        return false;
    }
    context.register(SecurityPreMatchingFilter.class);
    context.register(SecurityFilter.class);
    // allow injection of security context (our, not Jersey)
    context.register(new AbstractBinder() {

        @Override
        protected void configure() {
            bindFactory(SecurityContextRefFactory.class).to(SecurityContext.class).proxy(true).proxyForSameScope(false).in(RequestScoped.class);
            bindFactory(ReferencingFactory.<SecurityContext>referenceFactory()).to(new GenericType<Ref<SecurityContext>>() {
            }).in(RequestScoped.class);
            bind(security).to(Security.class);
            bind(featureConfig).to(FeatureConfig.class);
        }
    });
    return true;
}

Example 20 with Security

use of io.helidon.security.Security in project helidon by oracle.

the class ExtractQueryParamsTest method initClass.

@BeforeAll
public static void initClass() throws Throwable {
    Config config = Config.create();
    Security security = Security.create(config.get("security"));
    SecurityFeature feature = SecurityFeature.builder(security).config(config.get("security.jersey")).build();
    server = Routing.builder().register(JerseySupport.builder().register(BindingTest.MyResource.class).register(TestResource1.class).register(new TestResource2()).register(feature).register(new ExceptionMapper<Exception>() {

        @Override
        public Response toResponse(Exception exception) {
            exception.printStackTrace();
            return Response.serverError().build();
        }
    }).build()).build().createServer();
    CountDownLatch cdl = new CountDownLatch(1);
    AtomicReference<Throwable> th = new AtomicReference<>();
    server.start().whenComplete((webServer, throwable) -> {
        th.set(throwable);
        cdl.countDown();
    });
    cdl.await();
    if (th.get() != null) {
        throw th.get();
    }
    client = ClientBuilder.newClient();
    baseTarget = client.target(UriBuilder.fromUri("http://localhost/").port(server.port()).build());
}