Search in sources :

Example 41 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class OutboundConfigTest method buildEnv.

private SecurityEnvironment buildEnv(String transport, String host) {
    SecurityEnvironment mock = Mockito.mock(SecurityEnvironment.class);
    Mockito.when(mock.transport()).thenReturn(transport);
    Mockito.when(mock.method()).thenReturn("GET");
    Mockito.when(mock.path()).thenReturn(Optional.of(""));
    Mockito.when(mock.targetUri()).thenReturn(URI.create(transport + "://" + host));
    return mock;
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment)

Example 42 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class HeaderAtnProviderTest method testServiceExtraction.

@Test
public void testServiceExtraction() {
    HeaderAtnProvider provider = getServiceProvider();
    String username = "service";
    SecurityEnvironment env = SecurityEnvironment.builder().header("Authorization", "bearer " + username).build();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.env()).thenReturn(env);
    AuthenticationResponse response = provider.syncAuthenticate(request);
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
    assertThat(response.user(), is(Optional.empty()));
    assertThat(response.service(), is(not(Optional.empty())));
    response.service().map(Subject::principal).map(Principal::getName).ifPresent(name -> assertThat(name, is(username)));
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) AuthenticationResponse(io.helidon.security.AuthenticationResponse) Subject(io.helidon.security.Subject) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 43 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class HeaderAtnProviderTest method testServiceOutbound.

@Test
public void testServiceOutbound() {
    HeaderAtnProvider provider = getServiceProvider();
    String username = "service";
    SecurityEnvironment env = outboundEnv();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.env()).thenReturn(env);
    SecurityContext sc = mock(SecurityContext.class);
    when(sc.service()).thenReturn(Optional.of(Subject.builder().addPrincipal(Principal.create(username)).build()));
    when(sc.user()).thenReturn(Optional.empty());
    when(request.securityContext()).thenReturn(sc);
    SecurityEnvironment outboundEnv = outboundEnv();
    EndpointConfig outboundEp = EndpointConfig.create();
    assertThat("Outbound should be supported", provider.isOutboundSupported(request, outboundEnv, outboundEp), is(true));
    OutboundSecurityResponse response = provider.syncOutbound(request, outboundEnv, outboundEp);
    List<String> custom = response.requestHeaders().get("Authorization");
    assertThat(custom, notNullValue());
    assertThat(custom.size(), is(1));
    String token = custom.get(0);
    assertThat(token, is("bearer " + username));
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) SecurityContext(io.helidon.security.SecurityContext) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) Test(org.junit.jupiter.api.Test)

Example 44 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class HeaderAtnProviderTest method testServiceNoHeaderExtraction.

@Test
public void testServiceNoHeaderExtraction() {
    HeaderAtnProvider provider = getServiceProvider();
    SecurityEnvironment env = SecurityEnvironment.create();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.env()).thenReturn(env);
    AuthenticationResponse response = provider.syncAuthenticate(request);
    assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
    assertThat(response.service(), is(Optional.empty()));
    assertThat(response.user(), is(Optional.empty()));
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) AuthenticationResponse(io.helidon.security.AuthenticationResponse) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 45 with SecurityEnvironment

use of io.helidon.security.SecurityEnvironment in project helidon by oracle.

the class HttpSignProviderTest method testInboundSignatureRsa.

@Test
public void testInboundSignatureRsa() throws ExecutionException, InterruptedException {
    Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
    headers.put("Signature", List.of("keyId=\"rsa-key-12345\",algorithm=\"rsa-sha256\",headers=\"date " + "host (request-target) authorization\"," + "signature=\"Rm5PjuUdJ927esGQ2gm/6QBEM9IM7J5qSZuP8NV8+GXUf" + "boUV6ST2EYLYniFGt5/3BO/2+vqQdqezdTVPr/JCwqBx+9T9ZynG7YqRj" + "KvXzcmvQOu5vQmCK5x/HR0fXU41Pjq+jywsD0k6KdxF6TWr6tvWRbwFet" + "+YSb0088o/65Xeqghw7s0vShf7jPZsaaIHnvM9SjWgix9VvpdEn4NDvqh" + "ebieVD3Swb1VG5+/7ECQ9VAlX30U5/jQ5hPO3yuvRlg5kkMjJiN7tf/68" + "If/5O2Z4H+7VmW0b1U69/JoOQJA0av1gCX7HVfa/YTCxIK4UFiI6h963q" + "2x7LSkqhdWGA==\""));
    headers.put("host", List.of("example.org"));
    headers.put("date", List.of("Thu, 08 Jun 2014 18:32:30 GMT"));
    headers.put("authorization", List.of("basic dXNlcm5hbWU6cGFzc3dvcmQ="));
    HttpSignProvider provider = getProvider();
    SecurityContext context = mock(SecurityContext.class);
    when(context.executorService()).thenReturn(ForkJoinPool.commonPool());
    SecurityEnvironment se = SecurityEnvironment.builder().path("/my/resource").headers(headers).build();
    EndpointConfig ep = EndpointConfig.create();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    AuthenticationResponse atnResponse = provider.authenticate(request).toCompletableFuture().get();
    assertThat(atnResponse.description().orElse("Unknown problem"), atnResponse.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
    atnResponse.user().map(Subject::principal).ifPresentOrElse(principal -> {
        assertThat(principal.getName(), is("aUser"));
        assertThat(principal.abacAttribute(HttpSignProvider.ATTRIB_NAME_KEY_ID), is(Optional.of("rsa-key-12345")));
    }, () -> fail("User must be filled"));
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) SecurityContext(io.helidon.security.SecurityContext) List(java.util.List) TreeMap(java.util.TreeMap) AuthenticationResponse(io.helidon.security.AuthenticationResponse) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Aggregations

SecurityEnvironment (io.helidon.security.SecurityEnvironment)63 Test (org.junit.jupiter.api.Test)54 ProviderRequest (io.helidon.security.ProviderRequest)46 EndpointConfig (io.helidon.security.EndpointConfig)35 SecurityContext (io.helidon.security.SecurityContext)35 AuthenticationResponse (io.helidon.security.AuthenticationResponse)22 OutboundSecurityResponse (io.helidon.security.OutboundSecurityResponse)20 Subject (io.helidon.security.Subject)18 List (java.util.List)18 Principal (io.helidon.security.Principal)12 TreeMap (java.util.TreeMap)10 SignedJwt (io.helidon.security.jwt.SignedJwt)8 HashMap (java.util.HashMap)7 Locale (java.util.Locale)7 Jwt (io.helidon.security.jwt.Jwt)6 Instant (java.time.Instant)6 Map (java.util.Map)6 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)6 Context (io.grpc.Context)5 Metadata (io.grpc.Metadata)5