Examples with SecurityEnvironment io.helidon.security.SecurityEnvironment used on opensource projects

Example 26 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class JwtProviderTest method testWrongToken.

@Test
public void testWrongToken() {
    JwtProvider provider = JwtProvider.create(providersConfig.get("jwt"));
    // now we need to use the same token to invoke authentication
    ProviderRequest atnRequest = mock(ProviderRequest.class);
    SecurityEnvironment se = SecurityEnvironment.builder().header("Authorization", "bearer " + WRONG_TOKEN).build();
    when(atnRequest.env()).thenReturn(se);
    AuthenticationResponse authenticationResponse = provider.syncAuthenticate(atnRequest);
    assertThat(authenticationResponse.service(), is(Optional.empty()));
    assertThat(authenticationResponse.user(), is(Optional.empty()));
    assertThat(authenticationResponse.status(), is(SecurityResponse.SecurityStatus.FAILURE));
}

Example 27 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class HttpBasicAuthProvider method syncOutbound.

@Override
protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEp) {
    // explicit username in request properties
    Optional<Object> maybeUsername = outboundEp.abacAttribute(EP_PROPERTY_OUTBOUND_USER);
    if (maybeUsername.isPresent()) {
        String username = maybeUsername.get().toString();
        char[] password = passwordFromEndpoint(outboundEp);
        return toBasicAuthOutbound(outboundEnv, HttpBasicOutboundConfig.DEFAULT_TOKEN_HANDLER, username, password);
    }
    var target = outboundConfig.findTargetCustomObject(outboundEnv, HttpBasicOutboundConfig.class, HttpBasicOutboundConfig::create, HttpBasicOutboundConfig::create);
    if (target.isEmpty()) {
        return OutboundSecurityResponse.abstain();
    }
    HttpBasicOutboundConfig outboundConfig = target.get();
    if (outboundConfig.hasExplicitUser()) {
        // use configured user
        return toBasicAuthOutbound(outboundEnv, outboundConfig.tokenHandler(), outboundConfig.explicitUser(), outboundConfig.explicitPassword());
    } else {
        // propagate current user (if possible)
        SecurityContext secContext = providerRequest.securityContext();
        // first try user
        Optional<BasicPrivateCredentials> creds = secContext.user().flatMap(this::credentialsFromSubject);
        if (creds.isEmpty()) {
            // if not present, try service
            creds = secContext.service().flatMap(this::credentialsFromSubject);
        }
        Optional<char[]> overridePassword = outboundEp.abacAttribute(EP_PROPERTY_OUTBOUND_PASSWORD).map(String::valueOf).map(String::toCharArray);
        return creds.map(credentials -> {
            char[] password = overridePassword.orElse(credentials.password);
            return toBasicAuthOutbound(outboundEnv, outboundConfig.tokenHandler(), credentials.username, password);
        }).orElseGet(OutboundSecurityResponse::abstain);
    }
}

Example 28 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class HttpSignProviderTest method testOutboundSignatureRsa.

@Test
public void testOutboundSignatureRsa() throws ExecutionException, InterruptedException {
    Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
    // the generated host contains port as well, so we must explicitly define it here
    headers.put("host", List.of("example.org"));
    headers.put("date", List.of("Thu, 08 Jun 2014 18:32:30 GMT"));
    headers.put("authorization", List.of("basic dXNlcm5hbWU6cGFzc3dvcmQ="));
    SecurityContext context = mock(SecurityContext.class);
    when(context.executorService()).thenReturn(ForkJoinPool.commonPool());
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    SecurityEnvironment outboundEnv = SecurityEnvironment.builder().path("/my/resource").targetUri(URI.create("http://example.org/my/resource")).headers(headers).build();
    EndpointConfig outboundEp = EndpointConfig.create();
    boolean outboundSupported = getProvider().isOutboundSupported(request, outboundEnv, outboundEp);
    assertThat("Outbound should be supported", outboundSupported, is(true));
    OutboundSecurityResponse response = getProvider().outboundSecurity(request, outboundEnv, outboundEp).toCompletableFuture().get();
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
    Map<String, List<String>> updatedHeaders = response.requestHeaders();
    assertThat(updatedHeaders, notNullValue());
    // and now the value
    validateSignatureHeader(outboundEnv, updatedHeaders.get("Signature").iterator().next(), "rsa-key-12345", "rsa-sha256", List.of("date", "host", REQUEST_TARGET, "authorization"), "Rm5PjuUdJ927esGQ2gm/6QBEM9IM7J5qSZuP8NV8+GXUf" + "boUV6ST2EYLYniFGt5/3BO/2+vqQdqezdTVPr/JCwqBx+9T9ZynG7YqRj" + "KvXzcmvQOu5vQmCK5x/HR0fXU41Pjq+jywsD0k6KdxF6TWr6tvWRbwFet" + "+YSb0088o/65Xeqghw7s0vShf7jPZsaaIHnvM9SjWgix9VvpdEn4NDvqh" + "ebieVD3Swb1VG5+/7ECQ9VAlX30U5/jQ5hPO3yuvRlg5kkMjJiN7tf/68" + "If/5O2Z4H+7VmW0b1U69/JoOQJA0av1gCX7HVfa/YTCxIK4UFiI6h963q" + "2x7LSkqhdWGA==");
}

Example 29 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class HttpSignProviderTest method testInboundSignatureHmac.

@Test
public void testInboundSignatureHmac() throws InterruptedException, ExecutionException {
    Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
    headers.put("Signature", List.of("keyId=\"myServiceKeyId\",algorithm=\"hmac-sha256\",headers=\"date host (request-target) " + "authorization\"," + "signature=\"0BcQq9TckrtGvlpHiMxNqMq0vW6dPVTGVDUVDrGwZyI=\""));
    headers.put("host", List.of("example.org"));
    headers.put("date", List.of("Thu, 08 Jun 2014 18:32:30 GMT"));
    headers.put("authorization", List.of("basic dXNlcm5hbWU6cGFzc3dvcmQ="));
    HttpSignProvider provider = getProvider();
    SecurityContext context = mock(SecurityContext.class);
    when(context.executorService()).thenReturn(ForkJoinPool.commonPool());
    SecurityEnvironment se = SecurityEnvironment.builder().path("/my/resource").headers(headers).build();
    EndpointConfig ep = EndpointConfig.create();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    AuthenticationResponse atnResponse = provider.authenticate(request).toCompletableFuture().get();
    assertThat(atnResponse.description().orElse("Unknown problem"), atnResponse.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
    atnResponse.service().map(Subject::principal).ifPresentOrElse(principal -> {
        assertThat(principal.getName(), is("aSetOfTrustedServices"));
        assertThat(principal.abacAttribute(HttpSignProvider.ATTRIB_NAME_KEY_ID), is(Optional.of("myServiceKeyId")));
    }, () -> fail("User must be filled"));
}

Example 30 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class HttpSignProviderTest method testOutboundSignatureHmac.

@Test
public void testOutboundSignatureHmac() throws ExecutionException, InterruptedException {
    Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
    // the generated host contains port as well, so we must explicitly define it here
    headers.put("host", List.of("localhost"));
    headers.put("date", List.of("Thu, 08 Jun 2014 18:32:30 GMT"));
    SecurityContext context = mock(SecurityContext.class);
    when(context.executorService()).thenReturn(ForkJoinPool.commonPool());
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    SecurityEnvironment outboundEnv = SecurityEnvironment.builder().path("/second/someOtherPath").targetUri(URI.create("http://localhost/second/someOtherPath")).headers(headers).build();
    EndpointConfig outboundEp = EndpointConfig.create();
    boolean outboundSupported = getProvider().isOutboundSupported(request, outboundEnv, outboundEp);
    assertThat("Outbound should be supported", outboundSupported, is(true));
    OutboundSecurityResponse response = getProvider().outboundSecurity(request, outboundEnv, outboundEp).toCompletableFuture().get();
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
    Map<String, List<String>> updatedHeaders = response.requestHeaders();
    assertThat(updatedHeaders, notNullValue());
    // and now the value
    validateSignatureHeader(outboundEnv, updatedHeaders.get("Signature").iterator().next(), "myServiceKeyId", "hmac-sha256", List.of("date", REQUEST_TARGET, "host"), "SkeKVi6BoUd2/aUfXyIVIFAKEkKp7sg2KsS1UieB/+E=");
}