Search in sources :

Example 26 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class AtnProviderSyncTest method testAnnotationSuccess.

@Test
public void testAnnotationSuccess() {
    AtnProviderSync.AtnAnnot annot = new AtnProviderSync.AtnAnnot() {

        @Override
        public String value() {
            return VALUE;
        }

        @Override
        public int size() {
            return SIZE;
        }

        @Override
        public Class<? extends Annotation> annotationType() {
            return AtnProviderSync.AtnAnnot.class;
        }
    };
    SecurityContext context = mock(SecurityContext.class);
    when(context.user()).thenReturn(Optional.empty());
    when(context.service()).thenReturn(Optional.empty());
    SecurityEnvironment se = SecurityEnvironment.create();
    SecurityLevel level = SecurityLevel.create("mock").withClassAnnotations(Map.of(AtnProviderSync.AtnAnnot.class, List.of(annot))).build();
    EndpointConfig ep = EndpointConfig.builder().securityLevels(List.of(level)).build();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    testSuccess(request);
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) SecurityLevel(io.helidon.security.SecurityLevel) SecurityContext(io.helidon.security.SecurityContext) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 27 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class SecurityFilter method securityForClass.

/**
 * Creates security definition based on the annotations on a class and using a
 * parent as a starting point. Obtains real class before processing to skip
 * proxies.
 *
 * @param theClass class from which to create security definition
 * @param parent base security definition or {@code null}
 * @return security definition for the class
 */
private SecurityDefinition securityForClass(Class<?> theClass, SecurityDefinition parent) {
    Class<?> realClass = getRealClass(theClass);
    Authenticated atn = realClass.getAnnotation(Authenticated.class);
    Authorized atz = realClass.getAnnotation(Authorized.class);
    Audited audited = realClass.getAnnotation(Audited.class);
    // as sometimes we may want to prevent calls to authorization provider unless
    // explicitly invoked by developer
    SecurityDefinition definition = ((null == parent) ? new SecurityDefinition(featureConfig().shouldAuthorizeAnnotatedOnly(), featureConfig().failOnFailureIfOptional()) : parent.copyMe());
    definition.add(atn);
    definition.add(atz);
    definition.add(audited);
    if (!featureConfig().shouldAuthenticateAnnotatedOnly()) {
        definition.requiresAuthentication(true);
    }
    Map<Class<? extends Annotation>, List<Annotation>> customAnnotsMap = new HashMap<>();
    addCustomAnnotations(customAnnotsMap, realClass);
    SecurityLevel securityLevel = SecurityLevel.create(realClass.getName()).withClassAnnotations(customAnnotsMap).build();
    definition.getSecurityLevels().add(securityLevel);
    for (AnnotationAnalyzer analyzer : analyzers) {
        AnnotationAnalyzer.AnalyzerResponse analyzerResponse;
        if (null == parent) {
            analyzerResponse = analyzer.analyze(realClass);
        } else {
            analyzerResponse = analyzer.analyze(realClass, parent.analyzerResponse(analyzer));
        }
        definition.analyzerResponse(analyzer, analyzerResponse);
    }
    return definition;
}
Also used : Authenticated(io.helidon.security.annotations.Authenticated) Authorized(io.helidon.security.annotations.Authorized) HashMap(java.util.HashMap) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) AnnotationAnalyzer(io.helidon.security.providers.common.spi.AnnotationAnalyzer) Annotation(java.lang.annotation.Annotation) Audited(io.helidon.security.annotations.Audited) SecurityLevel(io.helidon.security.SecurityLevel) LinkedList(java.util.LinkedList) List(java.util.List)

Example 28 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class RoleValidatorTest method testDenyAllAndPermitAll.

@Test
void testDenyAllAndPermitAll() {
    RoleValidator validator = RoleValidator.create();
    PermitAll permitAll = mock(PermitAll.class);
    DenyAll denyAll = mock(DenyAll.class);
    SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
    SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
    List<SecurityLevel> securityLevels = new ArrayList<>();
    securityLevels.add(appSecurityLevel);
    securityLevels.add(classSecurityLevel);
    EndpointConfig ep = mock(EndpointConfig.class);
    when(ep.securityLevels()).thenReturn(securityLevels);
    when(classSecurityLevel.filterAnnotations(DenyAll.class, EndpointConfig.AnnotationScope.CLASS)).thenReturn(List.of(denyAll));
    when(classSecurityLevel.filterAnnotations(PermitAll.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(permitAll));
    RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
    Errors.Collector collector = Errors.collector();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("user")).build()));
    when(request.service()).thenReturn(Optional.empty());
    validator.validate(rConfig, collector, request);
    collector.collect().checkValid();
}
Also used : Errors(io.helidon.common.Errors) DenyAll(jakarta.annotation.security.DenyAll) SecurityLevel(io.helidon.security.SecurityLevel) ArrayList(java.util.ArrayList) PermitAll(jakarta.annotation.security.PermitAll) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 29 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class RoleValidatorTest method testRolesAllowedDeny.

@Test
void testRolesAllowedDeny() {
    RoleValidator validator = RoleValidator.create();
    RolesAllowed annot = mock(RolesAllowed.class);
    String[] roleArray = new String[] { "admin" };
    when(annot.value()).thenReturn(roleArray);
    SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
    SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
    List<SecurityLevel> securityLevels = new ArrayList<>();
    securityLevels.add(appSecurityLevel);
    securityLevels.add(classSecurityLevel);
    EndpointConfig ep = mock(EndpointConfig.class);
    when(ep.securityLevels()).thenReturn(securityLevels);
    when(classSecurityLevel.filterAnnotations(RolesAllowed.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(annot));
    RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
    Errors.Collector collector = Errors.collector();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("user")).build()));
    when(request.service()).thenReturn(Optional.empty());
    validator.validate(rConfig, collector, request);
    if (collector.collect().isValid()) {
        fail("User is not in admin role, should have failed");
    }
}
Also used : Errors(io.helidon.common.Errors) RolesAllowed(jakarta.annotation.security.RolesAllowed) SecurityLevel(io.helidon.security.SecurityLevel) ArrayList(java.util.ArrayList) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 30 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class RoleValidatorTest method testAllAccessAnnotationsOnTheSameLevel.

@Test
void testAllAccessAnnotationsOnTheSameLevel() {
    RoleValidator validator = RoleValidator.create();
    PermitAll permitAll = mock(PermitAll.class);
    DenyAll denyAll = mock(DenyAll.class);
    RolesAllowed rolesAllowed = mock(RolesAllowed.class);
    String[] roleArray = new String[] { "admin" };
    when(rolesAllowed.value()).thenReturn(roleArray);
    SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
    SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
    List<SecurityLevel> securityLevels = new ArrayList<>();
    securityLevels.add(appSecurityLevel);
    securityLevels.add(classSecurityLevel);
    EndpointConfig ep = mock(EndpointConfig.class);
    when(ep.securityLevels()).thenReturn(securityLevels);
    when(classSecurityLevel.filterAnnotations(PermitAll.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(permitAll));
    when(classSecurityLevel.filterAnnotations(DenyAll.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(denyAll));
    when(classSecurityLevel.filterAnnotations(RolesAllowed.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(rolesAllowed));
    RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
    Errors.Collector collector = Errors.collector();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("admin")).build()));
    when(request.service()).thenReturn(Optional.empty());
    validator.validate(rConfig, collector, request);
    if (collector.collect().isValid()) {
        fail("DenyAll is set on this method, this should have failed");
    }
}
Also used : ArrayList(java.util.ArrayList) ProviderRequest(io.helidon.security.ProviderRequest) Errors(io.helidon.common.Errors) DenyAll(jakarta.annotation.security.DenyAll) RolesAllowed(jakarta.annotation.security.RolesAllowed) SecurityLevel(io.helidon.security.SecurityLevel) PermitAll(jakarta.annotation.security.PermitAll) EndpointConfig(io.helidon.security.EndpointConfig) Test(org.junit.jupiter.api.Test)

Aggregations

SecurityLevel (io.helidon.security.SecurityLevel)36 EndpointConfig (io.helidon.security.EndpointConfig)30 ArrayList (java.util.ArrayList)26 ProviderRequest (io.helidon.security.ProviderRequest)25 Test (org.junit.jupiter.api.Test)22 Errors (io.helidon.common.Errors)17 Annotation (java.lang.annotation.Annotation)9 RolesAllowed (jakarta.annotation.security.RolesAllowed)8 DenyAll (jakarta.annotation.security.DenyAll)7 PermitAll (jakarta.annotation.security.PermitAll)6 AuthorizationResponse (io.helidon.security.AuthorizationResponse)5 LinkedList (java.util.LinkedList)5 List (java.util.List)5 SecurityEnvironment (io.helidon.security.SecurityEnvironment)3 AbacAnnotation (io.helidon.security.providers.abac.AbacAnnotation)3 Config (io.helidon.config.Config)2 AuthenticationResponse (io.helidon.security.AuthenticationResponse)2 Subject (io.helidon.security.Subject)2 Audited (io.helidon.security.annotations.Audited)2 Authenticated (io.helidon.security.annotations.Authenticated)2