Search in sources :

Example 1 with SecurityContext

use of io.helidon.security.SecurityContext in project helidon by oracle.

the class AtnProviderSyncTest method testFailure.

@Test
public void testFailure() {
    Config config = Config.create(ConfigSources.create(Map.of("atn-object.size", String.valueOf(SIZE))));
    SecurityContext context = mock(SecurityContext.class);
    when(context.user()).thenReturn(Optional.empty());
    when(context.service()).thenReturn(Optional.empty());
    SecurityEnvironment se = SecurityEnvironment.create();
    EndpointConfig ep = EndpointConfig.builder().config("atn-object", config).build();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    AtnProviderSync provider = new AtnProviderSync();
    AuthenticationResponse response = provider.syncAuthenticate(request);
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
}
Also used : Config(io.helidon.config.Config) EndpointConfig(io.helidon.security.EndpointConfig) SecurityEnvironment(io.helidon.security.SecurityEnvironment) SecurityContext(io.helidon.security.SecurityContext) AuthenticationResponse(io.helidon.security.AuthenticationResponse) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 2 with SecurityContext

use of io.helidon.security.SecurityContext in project helidon by oracle.

the class AtnProviderSyncTest method testConfigSuccess.

@Test
public void testConfigSuccess() {
    Config config = Config.create(ConfigSources.create(Map.of("value", VALUE, "size", String.valueOf(SIZE))));
    SecurityContext context = mock(SecurityContext.class);
    when(context.user()).thenReturn(Optional.empty());
    when(context.service()).thenReturn(Optional.empty());
    SecurityEnvironment se = SecurityEnvironment.create();
    EndpointConfig ep = EndpointConfig.builder().config("atn-object", config).build();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    testSuccess(request);
}
Also used : Config(io.helidon.config.Config) EndpointConfig(io.helidon.security.EndpointConfig) SecurityEnvironment(io.helidon.security.SecurityEnvironment) SecurityContext(io.helidon.security.SecurityContext) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 3 with SecurityContext

use of io.helidon.security.SecurityContext in project helidon by oracle.

the class ProgrammaticSecurity method login.

private Subject login() {
    SecurityContext securityContext = CONTEXT.get();
    securityContext.env(securityContext.env().derive().path("/some/path").header("Authorization", buildBasic("aUser", "aPassword")));
    AuthenticationResponse response = securityContext.atnClientBuilder().buildAndGet();
    if (response.status().isSuccess()) {
        return response.user().orElseThrow(() -> new IllegalStateException("No user authenticated!"));
    }
    throw new RuntimeException("Failed to authenticate", response.throwable().orElse(null));
}
Also used : SecurityContext(io.helidon.security.SecurityContext) AuthenticationResponse(io.helidon.security.AuthenticationResponse)

Example 4 with SecurityContext

use of io.helidon.security.SecurityContext in project helidon by oracle.

the class ProgrammaticSecurity method execute.

private void execute() {
    SecurityContext context = CONTEXT.get();
    // check role
    if (!context.isUserInRole("theRole")) {
        throw new IllegalStateException("User is not in expected role");
    }
    context.env(context.env().derive().addAttribute("resourceType", "CustomResourceType"));
    // check authorization through provider
    AuthorizationResponse response = context.atzClientBuilder().buildAndGet();
    if (response.status().isSuccess()) {
        // ok, process resource
        System.out.println("Resource processed");
    } else {
        System.out.println("You are not permitted to process resource");
    }
}
Also used : SecurityContext(io.helidon.security.SecurityContext) AuthorizationResponse(io.helidon.security.AuthorizationResponse)

Example 5 with SecurityContext

use of io.helidon.security.SecurityContext in project helidon by oracle.

the class OutboundOverrideExample method startServingService.

static CompletionStage<Void> startServingService(int port) {
    Config config = createConfig("serving-service");
    Routing routing = Routing.builder().register(WebSecurity.create(config.get("security"))).get("/hello", (req, res) -> {
        res.send(req.context().get(SecurityContext.class).flatMap(SecurityContext::user).map(Subject::principal).map(Principal::getName).orElse("Anonymous"));
    }).build();
    return startServer(routing, port, server -> servingPort = server.port());
}
Also used : OutboundOverrideUtil.startServer(io.helidon.security.examples.outbound.OutboundOverrideUtil.startServer) Config(io.helidon.config.Config) OutboundOverrideUtil.sendError(io.helidon.security.examples.outbound.OutboundOverrideUtil.sendError) SecurityContext(io.helidon.security.SecurityContext) Principal(io.helidon.security.Principal) ServerRequest(io.helidon.webserver.ServerRequest) OutboundOverrideUtil.getSecurityContext(io.helidon.security.examples.outbound.OutboundOverrideUtil.getSecurityContext) CompletionStage(java.util.concurrent.CompletionStage) ServerResponse(io.helidon.webserver.ServerResponse) WebSecurity(io.helidon.security.integration.webserver.WebSecurity) Subject(io.helidon.security.Subject) Routing(io.helidon.webserver.Routing) OutboundOverrideUtil.createConfig(io.helidon.security.examples.outbound.OutboundOverrideUtil.createConfig) OutboundOverrideUtil.webTarget(io.helidon.security.examples.outbound.OutboundOverrideUtil.webTarget) HttpBasicAuthProvider(io.helidon.security.providers.httpauth.HttpBasicAuthProvider) Config(io.helidon.config.Config) OutboundOverrideUtil.createConfig(io.helidon.security.examples.outbound.OutboundOverrideUtil.createConfig) Routing(io.helidon.webserver.Routing) Subject(io.helidon.security.Subject)

Aggregations

SecurityContext (io.helidon.security.SecurityContext)81 Test (org.junit.jupiter.api.Test)47 SecurityEnvironment (io.helidon.security.SecurityEnvironment)38 ProviderRequest (io.helidon.security.ProviderRequest)32 EndpointConfig (io.helidon.security.EndpointConfig)30 Subject (io.helidon.security.Subject)25 AuthenticationResponse (io.helidon.security.AuthenticationResponse)23 Security (io.helidon.security.Security)22 Config (io.helidon.config.Config)21 OutboundSecurityResponse (io.helidon.security.OutboundSecurityResponse)19 Routing (io.helidon.webserver.Routing)17 Principal (io.helidon.security.Principal)16 Optional (java.util.Optional)15 WebSecurity (io.helidon.security.integration.webserver.WebSecurity)14 List (java.util.List)13 AuthorizationResponse (io.helidon.security.AuthorizationResponse)11 Map (java.util.Map)11 MediaType (io.helidon.common.http.MediaType)10 WebServer (io.helidon.webserver.WebServer)10 HashMap (java.util.HashMap)10