use of io.helidon.security.SecurityContext in project helidon by oracle.
the class AtnProviderSyncTest method testFailure.
@Test
public void testFailure() {
Config config = Config.create(ConfigSources.create(Map.of("atn-object.size", String.valueOf(SIZE))));
SecurityContext context = mock(SecurityContext.class);
when(context.user()).thenReturn(Optional.empty());
when(context.service()).thenReturn(Optional.empty());
SecurityEnvironment se = SecurityEnvironment.create();
EndpointConfig ep = EndpointConfig.builder().config("atn-object", config).build();
ProviderRequest request = mock(ProviderRequest.class);
when(request.securityContext()).thenReturn(context);
when(request.env()).thenReturn(se);
when(request.endpointConfig()).thenReturn(ep);
AtnProviderSync provider = new AtnProviderSync();
AuthenticationResponse response = provider.syncAuthenticate(request);
assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
}
use of io.helidon.security.SecurityContext in project helidon by oracle.
the class AtnProviderSyncTest method testConfigSuccess.
@Test
public void testConfigSuccess() {
Config config = Config.create(ConfigSources.create(Map.of("value", VALUE, "size", String.valueOf(SIZE))));
SecurityContext context = mock(SecurityContext.class);
when(context.user()).thenReturn(Optional.empty());
when(context.service()).thenReturn(Optional.empty());
SecurityEnvironment se = SecurityEnvironment.create();
EndpointConfig ep = EndpointConfig.builder().config("atn-object", config).build();
ProviderRequest request = mock(ProviderRequest.class);
when(request.securityContext()).thenReturn(context);
when(request.env()).thenReturn(se);
when(request.endpointConfig()).thenReturn(ep);
testSuccess(request);
}
use of io.helidon.security.SecurityContext in project helidon by oracle.
the class ProgrammaticSecurity method login.
private Subject login() {
SecurityContext securityContext = CONTEXT.get();
securityContext.env(securityContext.env().derive().path("/some/path").header("Authorization", buildBasic("aUser", "aPassword")));
AuthenticationResponse response = securityContext.atnClientBuilder().buildAndGet();
if (response.status().isSuccess()) {
return response.user().orElseThrow(() -> new IllegalStateException("No user authenticated!"));
}
throw new RuntimeException("Failed to authenticate", response.throwable().orElse(null));
}
use of io.helidon.security.SecurityContext in project helidon by oracle.
the class ProgrammaticSecurity method execute.
private void execute() {
SecurityContext context = CONTEXT.get();
// check role
if (!context.isUserInRole("theRole")) {
throw new IllegalStateException("User is not in expected role");
}
context.env(context.env().derive().addAttribute("resourceType", "CustomResourceType"));
// check authorization through provider
AuthorizationResponse response = context.atzClientBuilder().buildAndGet();
if (response.status().isSuccess()) {
// ok, process resource
System.out.println("Resource processed");
} else {
System.out.println("You are not permitted to process resource");
}
}
use of io.helidon.security.SecurityContext in project helidon by oracle.
the class OutboundOverrideExample method startServingService.
static CompletionStage<Void> startServingService(int port) {
Config config = createConfig("serving-service");
Routing routing = Routing.builder().register(WebSecurity.create(config.get("security"))).get("/hello", (req, res) -> {
res.send(req.context().get(SecurityContext.class).flatMap(SecurityContext::user).map(Subject::principal).map(Principal::getName).orElse("Anonymous"));
}).build();
return startServer(routing, port, server -> servingPort = server.port());
}
Aggregations