Example 21 with SecurityLevel
use of io.helidon.security.SecurityLevel in project helidon by oracle.
the class OidcProvider method expectedScopes.
private Set<String> expectedScopes(ProviderRequest request) {
Set<String> result = new HashSet<>();
for (SecurityLevel securityLevel : request.endpointConfig().securityLevels()) {
List<ScopeValidator.Scopes> expectedScopes = securityLevel.combineAnnotations(ScopeValidator.Scopes.class, EndpointConfig.AnnotationScope.values());
expectedScopes.stream().map(ScopeValidator.Scopes::value).map(Arrays::asList).map(List::stream).forEach(stream -> stream.map(ScopeValidator.Scope::value).forEach(result::add));
List<ScopeValidator.Scope> expectedScopeAnnotations = securityLevel.combineAnnotations(ScopeValidator.Scope.class, EndpointConfig.AnnotationScope.values());
expectedScopeAnnotations.stream().map(ScopeValidator.Scope::value).forEach(result::add);
}
return result;
}
Also used :
ScopeValidator(io.helidon.security.abac.scope.ScopeValidator)
SecurityLevel(io.helidon.security.SecurityLevel)
Arrays(java.util.Arrays)
HashSet(java.util.HashSet)
Example 22 with SecurityLevel
use of io.helidon.security.SecurityLevel in project helidon by oracle.
the class AbacProviderTest method testMissingRoleValidator.
@Test
public void testMissingRoleValidator() {
AbacProvider provider = AbacProvider.create();
// this must be implicitly considered an attribute annotation
RolesAllowed attrib = Mockito.mock(RolesAllowed.class);
doReturn(RolesAllowed.class).when(attrib).annotationType();
SecurityLevel level = SecurityLevel.create("mock").withClassAnnotations(Map.of(RolesAllowed.class, List.of(attrib))).build();
EndpointConfig ec = EndpointConfig.builder().securityLevels(List.of(level)).build();
ProviderRequest request = Mockito.mock(ProviderRequest.class);
when(request.endpointConfig()).thenReturn(ec);
AuthorizationResponse response = provider.syncAuthorize(request);
assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
assertThat(response.description(), not(Optional.empty()));
response.description().ifPresent(desc -> assertThat(desc, containsString("RolesAllowed attribute annotation is not supported")));
}
Also used :
RolesAllowed(jakarta.annotation.security.RolesAllowed)
SecurityLevel(io.helidon.security.SecurityLevel)
EndpointConfig(io.helidon.security.EndpointConfig)
ProviderRequest(io.helidon.security.ProviderRequest)
AuthorizationResponse(io.helidon.security.AuthorizationResponse)
Test(org.junit.jupiter.api.Test)
Example 23 with SecurityLevel
use of io.helidon.security.SecurityLevel in project helidon by oracle.
the class Attrib1Validator method fromAnnotations.
@Override
public Attrib1Config fromAnnotations(EndpointConfig endpointConfig) {
for (SecurityLevel securityLevel : endpointConfig.securityLevels()) {
for (EndpointConfig.AnnotationScope value : EndpointConfig.AnnotationScope.values()) {
List<Annotation> annotations = new ArrayList<>();
for (Class<? extends Annotation> annotation : supportedAnnotations()) {
List<? extends Annotation> list = securityLevel.filterAnnotations(annotation, value);
annotations.addAll(list);
}
for (Annotation annotation : annotations) {
if (annotation instanceof Attrib1) {
return new Attrib1Config(((Attrib1) annotation).value());
}
}
}
}
return new Attrib1Config(false);
}
Also used :
SecurityLevel(io.helidon.security.SecurityLevel)
ArrayList(java.util.ArrayList)
EndpointConfig(io.helidon.security.EndpointConfig)
Annotation(java.lang.annotation.Annotation)
Example 24 with SecurityLevel
use of io.helidon.security.SecurityLevel in project helidon by oracle.
the class AbacProvider method validateAnnotations.
private void validateAnnotations(EndpointConfig epConfig, Errors.Collector collector) {
for (SecurityLevel securityLevel : epConfig.securityLevels()) {
int attributeAnnotations = 0;
int unsupported = 0;
List<String> unsupportedClassNames = new LinkedList<>();
Map<Class<? extends Annotation>, List<Annotation>> allAnnotations = securityLevel.allAnnotations();
for (Class<? extends Annotation> type : allAnnotations.keySet()) {
AbacAnnotation abacAnnotation = type.getAnnotation(AbacAnnotation.class);
if (null != abacAnnotation || isSupportedAnnotation(type)) {
attributeAnnotations++;
if (!supportedAnnotations.contains(type)) {
unsupported++;
unsupportedClassNames.add(type.getName());
}
}
}
// evaluate that we can continue
if (unsupported != 0) {
boolean fail = failOnUnvalidated;
if (unsupported == attributeAnnotations && failIfNoneValidated) {
fail = true;
}
if (fail) {
for (String unsupportedClassName : unsupportedClassNames) {
collector.fatal(this, unsupportedClassName + " attribute annotation is not supported.");
}
collector.fatal(this, "Supported annotations: " + supportedAnnotations);
}
}
}
}
Also used :
SecurityLevel(io.helidon.security.SecurityLevel)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
List(java.util.List)
LinkedList(java.util.LinkedList)
Annotation(java.lang.annotation.Annotation)
Example 25 with SecurityLevel
use of io.helidon.security.SecurityLevel in project helidon by oracle.
the class AtnProvider method syncAuthenticate.
@Override
protected AuthenticationResponse syncAuthenticate(ProviderRequest providerRequest) {
List<SecurityLevel> securityLevels = providerRequest.endpointConfig().securityLevels();
ListIterator<SecurityLevel> listIterator = securityLevels.listIterator(securityLevels.size());
Subject user = null;
Subject service = null;
while (listIterator.hasPrevious()) {
SecurityLevel securityLevel = listIterator.previous();
List<Authentications> authenticationAnnots = securityLevel.filterAnnotations(Authentications.class, EndpointConfig.AnnotationScope.METHOD);
List<Authentication> authentications = new LinkedList<>();
authenticationAnnots.forEach(atn -> authentications.addAll(Arrays.asList(atn.value())));
if (!authentications.isEmpty()) {
for (Authentication authentication : authentications) {
if (authentication.type() == SubjectType.USER) {
user = buildSubject(authentication);
} else {
service = buildSubject(authentication);
}
}
break;
}
}
return AuthenticationResponse.success(user, service);
}
Also used :
SecurityLevel(io.helidon.security.SecurityLevel)
Subject(io.helidon.security.Subject)
LinkedList(java.util.LinkedList)
Aggregations
SecurityLevel (io.helidon.security.SecurityLevel)36
EndpointConfig (io.helidon.security.EndpointConfig)30
ArrayList (java.util.ArrayList)26
ProviderRequest (io.helidon.security.ProviderRequest)25
Test (org.junit.jupiter.api.Test)22
Errors (io.helidon.common.Errors)17
Annotation (java.lang.annotation.Annotation)9
RolesAllowed (jakarta.annotation.security.RolesAllowed)8
DenyAll (jakarta.annotation.security.DenyAll)7
PermitAll (jakarta.annotation.security.PermitAll)6
AuthorizationResponse (io.helidon.security.AuthorizationResponse)5
LinkedList (java.util.LinkedList)5
List (java.util.List)5
SecurityEnvironment (io.helidon.security.SecurityEnvironment)3
AbacAnnotation (io.helidon.security.providers.abac.AbacAnnotation)3
Config (io.helidon.config.Config)2
AuthenticationResponse (io.helidon.security.AuthenticationResponse)2
Subject (io.helidon.security.Subject)2
Audited (io.helidon.security.annotations.Audited)2
Authenticated (io.helidon.security.annotations.Authenticated)2
