Examples with SecurityLevel io.helidon.security.SecurityLevel used on opensource projects

Example 1 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class AtnProviderSync method getCustomObject.

private AtnObject getCustomObject(EndpointConfig epConfig) {
    // order I choose - this depends on type of security you implement and your choice:
    // 1) custom object in request (as this must be explicitly done by a developer)
    Optional<? extends AtnObject> opt = epConfig.instance(AtnObject.class);
    if (opt.isPresent()) {
        return opt.get();
    }
    // 2) configuration in request
    opt = epConfig.config("atn-object").flatMap(conf -> conf.as(AtnObject::from).asOptional());
    if (opt.isPresent()) {
        return opt.get();
    }
    // 3) annotations on target
    List<AtnAnnot> annots = new ArrayList<>();
    for (SecurityLevel securityLevel : epConfig.securityLevels()) {
        annots.addAll(securityLevel.combineAnnotations(AtnAnnot.class, EndpointConfig.AnnotationScope.values()));
    }
    if (annots.isEmpty()) {
        return null;
    } else {
        return AtnObject.from(annots.get(0));
    }
}

Example 2 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class JwtAuthProviderTest method mockRequest.

private ProviderRequest mockRequest(String signedToken) {
    ProviderRequest atnRequest = mock(ProviderRequest.class);
    SecurityEnvironment se = SecurityEnvironment.builder().header("Authorization", "bearer " + signedToken).build();
    when(atnRequest.env()).thenReturn(se);
    EndpointConfig ep = mock(EndpointConfig.class);
    SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
    List<SecurityLevel> securityLevels = new ArrayList<>();
    securityLevels.add(appSecurityLevel);
    LoginConfig lc = mock(LoginConfig.class);
    when(lc.authMethod()).thenReturn(JwtAuthAnnotationAnalyzer.LOGIN_CONFIG_METHOD);
    when(lc.realmName()).thenReturn("");
    when(ep.securityLevels()).thenReturn(securityLevels);
    when(appSecurityLevel.filterAnnotations(LoginConfig.class, EndpointConfig.AnnotationScope.CLASS)).thenReturn(List.of(lc));
    when(atnRequest.endpointConfig()).thenReturn(ep);
    return atnRequest;
}

Example 3 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class JwtAuthProviderTest method testWrongToken.

@Test
public void testWrongToken() {
    JwtAuthProvider provider = JwtAuthProvider.create(Config.create().get("security.providers.0.mp-jwt-auth"));
    // now we need to use the same token to invoke authentication
    ProviderRequest atnRequest = mock(ProviderRequest.class);
    SecurityEnvironment se = SecurityEnvironment.builder().header("Authorization", "bearer " + WRONG_TOKEN).build();
    EndpointConfig ec = mock(EndpointConfig.class);
    SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
    SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
    List<SecurityLevel> securityLevels = new ArrayList<>();
    securityLevels.add(appSecurityLevel);
    securityLevels.add(classSecurityLevel);
    when(ec.securityLevels()).thenReturn(securityLevels);
    when(appSecurityLevel.filterAnnotations(LoginConfig.class, EndpointConfig.AnnotationScope.CLASS)).thenReturn(List.of(new LoginConfig() {

        @Override
        public Class<? extends Annotation> annotationType() {
            return LoginConfig.class;
        }

        @Override
        public String authMethod() {
            return JwtAuthAnnotationAnalyzer.LOGIN_CONFIG_METHOD;
        }

        @Override
        public String realmName() {
            return "helidon-realm";
        }
    }));
    when(atnRequest.env()).thenReturn(se);
    when(atnRequest.endpointConfig()).thenReturn(ec);
    AuthenticationResponse authenticationResponse = provider.syncAuthenticate(atnRequest);
    assertThat(authenticationResponse.service(), is(Optional.empty()));
    assertThat(authenticationResponse.user(), is(Optional.empty()));
    assertThat(authenticationResponse.status(), is(SecurityResponse.SecurityStatus.FAILURE));
}

Example 4 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class RoleValidator method fromAnnotations.

@Override
public RoleConfig fromAnnotations(EndpointConfig endpointConfig) {
    RoleConfig.Builder builder = RoleConfig.builder();
    for (SecurityLevel securityLevel : endpointConfig.securityLevels()) {
        for (EndpointConfig.AnnotationScope scope : EndpointConfig.AnnotationScope.values()) {
            // Order of the annotations matters because of annotation handling.
            List<Annotation> annotations = new ArrayList<>();
            for (Class<? extends Annotation> annotation : supportedAnnotations()) {
                annotations.addAll(securityLevel.filterAnnotations(annotation, scope));
            }
            List<String> roles = new ArrayList<>();
            List<String> serviceRoles = new ArrayList<>();
            for (Annotation annotation : annotations) {
                if (annotation instanceof RolesAllowed) {
                    // these are user roles by default
                    roles.addAll(Arrays.asList(((RolesAllowed) annotation).value()));
                    builder.permitAll(false);
                    builder.denyAll(false);
                } else if (annotation instanceof Roles) {
                    // these are configured
                    Roles r = (Roles) annotation;
                    if (r.subjectType() == SubjectType.USER) {
                        roles.addAll(Arrays.asList(r.value()));
                    } else {
                        serviceRoles.addAll(Arrays.asList(r.value()));
                    }
                    builder.permitAll(false);
                    builder.denyAll(false);
                } else if (annotation instanceof PermitAll) {
                    builder.permitAll(true);
                    builder.denyAll(false);
                } else if (annotation instanceof DenyAll) {
                    builder.permitAll(false);
                    builder.denyAll(true);
                }
            }
            if (!roles.isEmpty()) {
                builder.clearRoles().addRoles(roles);
            }
            if (!serviceRoles.isEmpty()) {
                builder.clearServiceRoles().addServiceRoles(serviceRoles);
            }
        }
    }
    return builder.build();
}

Example 5 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class RoleValidatorTest method testDenyAllAndRoles.

@Test
void testDenyAllAndRoles() {
    RoleValidator validator = RoleValidator.create();
    DenyAll denyAll = mock(DenyAll.class);
    RolesAllowed rolesAllowed = mock(RolesAllowed.class);
    String[] roleArray = new String[] { "admin" };
    when(rolesAllowed.value()).thenReturn(roleArray);
    SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
    SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
    List<SecurityLevel> securityLevels = new ArrayList<>();
    securityLevels.add(appSecurityLevel);
    securityLevels.add(classSecurityLevel);
    EndpointConfig ep = mock(EndpointConfig.class);
    when(ep.securityLevels()).thenReturn(securityLevels);
    when(classSecurityLevel.filterAnnotations(DenyAll.class, EndpointConfig.AnnotationScope.CLASS)).thenReturn(List.of(denyAll));
    when(classSecurityLevel.filterAnnotations(RolesAllowed.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(rolesAllowed));
    RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
    Errors.Collector collector = Errors.collector();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("admin")).build()));
    when(request.service()).thenReturn(Optional.empty());
    validator.validate(rConfig, collector, request);
    collector.collect().checkValid();
}