Examples with SecurityLevel io.helidon.security.SecurityLevel used on opensource projects

Search in sources :

Example 26 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class AtnProviderSyncTest method testAnnotationSuccess.

@Test
public void testAnnotationSuccess() {
    AtnProviderSync.AtnAnnot annot = new AtnProviderSync.AtnAnnot() {

        @Override
        public String value() {
            return VALUE;
        }

        @Override
        public int size() {
            return SIZE;
        }

        @Override
        public Class<? extends Annotation> annotationType() {
            return AtnProviderSync.AtnAnnot.class;
        }
    };
    SecurityContext context = mock(SecurityContext.class);
    when(context.user()).thenReturn(Optional.empty());
    when(context.service()).thenReturn(Optional.empty());
    SecurityEnvironment se = SecurityEnvironment.create();
    SecurityLevel level = SecurityLevel.create("mock").withClassAnnotations(Map.of(AtnProviderSync.AtnAnnot.class, List.of(annot))).build();
    EndpointConfig ep = EndpointConfig.builder().securityLevels(List.of(level)).build();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.securityContext()).thenReturn(context);
    when(request.env()).thenReturn(se);
    when(request.endpointConfig()).thenReturn(ep);
    testSuccess(request);
}
Also used : SecurityEnvironment(io.helidon.security.SecurityEnvironment) SecurityLevel(io.helidon.security.SecurityLevel) SecurityContext(io.helidon.security.SecurityContext) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 27 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class SecurityFilter method securityForClass.

/**
 * Creates security definition based on the annotations on a class and using a
 * parent as a starting point. Obtains real class before processing to skip
 * proxies.
 *
 * @param theClass class from which to create security definition
 * @param parent base security definition or {@code null}
 * @return security definition for the class
 */
private SecurityDefinition securityForClass(Class<?> theClass, SecurityDefinition parent) {
    Class<?> realClass = getRealClass(theClass);
    Authenticated atn = realClass.getAnnotation(Authenticated.class);
    Authorized atz = realClass.getAnnotation(Authorized.class);
    Audited audited = realClass.getAnnotation(Audited.class);
    // as sometimes we may want to prevent calls to authorization provider unless
    // explicitly invoked by developer
    SecurityDefinition definition = ((null == parent) ? new SecurityDefinition(featureConfig().shouldAuthorizeAnnotatedOnly(), featureConfig().failOnFailureIfOptional()) : parent.copyMe());
    definition.add(atn);
    definition.add(atz);
    definition.add(audited);
    if (!featureConfig().shouldAuthenticateAnnotatedOnly()) {
        definition.requiresAuthentication(true);
    }
    Map<Class<? extends Annotation>, List<Annotation>> customAnnotsMap = new HashMap<>();
    addCustomAnnotations(customAnnotsMap, realClass);
    SecurityLevel securityLevel = SecurityLevel.create(realClass.getName()).withClassAnnotations(customAnnotsMap).build();
    definition.getSecurityLevels().add(securityLevel);
    for (AnnotationAnalyzer analyzer : analyzers) {
        AnnotationAnalyzer.AnalyzerResponse analyzerResponse;
        if (null == parent) {
            analyzerResponse = analyzer.analyze(realClass);
        } else {
            analyzerResponse = analyzer.analyze(realClass, parent.analyzerResponse(analyzer));
        }
        definition.analyzerResponse(analyzer, analyzerResponse);
    }
    return definition;
}
Also used : Authenticated(io.helidon.security.annotations.Authenticated) Authorized(io.helidon.security.annotations.Authorized) HashMap(java.util.HashMap) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) AnnotationAnalyzer(io.helidon.security.providers.common.spi.AnnotationAnalyzer) Annotation(java.lang.annotation.Annotation) Audited(io.helidon.security.annotations.Audited) SecurityLevel(io.helidon.security.SecurityLevel) LinkedList(java.util.LinkedList) List(java.util.List)

Example 28 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class RoleValidatorTest method testDenyAllAndPermitAll.

@Test
void testDenyAllAndPermitAll() {
    RoleValidator validator = RoleValidator.create();
    PermitAll permitAll = mock(PermitAll.class);
    DenyAll denyAll = mock(DenyAll.class);
    SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
    SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
    List<SecurityLevel> securityLevels = new ArrayList<>();
    securityLevels.add(appSecurityLevel);
    securityLevels.add(classSecurityLevel);
    EndpointConfig ep = mock(EndpointConfig.class);
    when(ep.securityLevels()).thenReturn(securityLevels);
    when(classSecurityLevel.filterAnnotations(DenyAll.class, EndpointConfig.AnnotationScope.CLASS)).thenReturn(List.of(denyAll));
    when(classSecurityLevel.filterAnnotations(PermitAll.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(permitAll));
    RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
    Errors.Collector collector = Errors.collector();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("user")).build()));
    when(request.service()).thenReturn(Optional.empty());
    validator.validate(rConfig, collector, request);
    collector.collect().checkValid();
}
Also used : Errors(io.helidon.common.Errors) DenyAll(jakarta.annotation.security.DenyAll) SecurityLevel(io.helidon.security.SecurityLevel) ArrayList(java.util.ArrayList) PermitAll(jakarta.annotation.security.PermitAll) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 29 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class RoleValidatorTest method testRolesAllowedDeny.

@Test
void testRolesAllowedDeny() {
    RoleValidator validator = RoleValidator.create();
    RolesAllowed annot = mock(RolesAllowed.class);
    String[] roleArray = new String[] { "admin" };
    when(annot.value()).thenReturn(roleArray);
    SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
    SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
    List<SecurityLevel> securityLevels = new ArrayList<>();
    securityLevels.add(appSecurityLevel);
    securityLevels.add(classSecurityLevel);
    EndpointConfig ep = mock(EndpointConfig.class);
    when(ep.securityLevels()).thenReturn(securityLevels);
    when(classSecurityLevel.filterAnnotations(RolesAllowed.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(annot));
    RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
    Errors.Collector collector = Errors.collector();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("user")).build()));
    when(request.service()).thenReturn(Optional.empty());
    validator.validate(rConfig, collector, request);
    if (collector.collect().isValid()) {
        fail("User is not in admin role, should have failed");
    }
}
Also used : Errors(io.helidon.common.Errors) RolesAllowed(jakarta.annotation.security.RolesAllowed) SecurityLevel(io.helidon.security.SecurityLevel) ArrayList(java.util.ArrayList) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Example 30 with SecurityLevel

use of io.helidon.security.SecurityLevel in project helidon by oracle.

the class RoleValidatorTest method testAllAccessAnnotationsOnTheSameLevel.

@Test
void testAllAccessAnnotationsOnTheSameLevel() {
    RoleValidator validator = RoleValidator.create();
    PermitAll permitAll = mock(PermitAll.class);
    DenyAll denyAll = mock(DenyAll.class);
    RolesAllowed rolesAllowed = mock(RolesAllowed.class);
    String[] roleArray = new String[] { "admin" };
    when(rolesAllowed.value()).thenReturn(roleArray);
    SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
    SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
    List<SecurityLevel> securityLevels = new ArrayList<>();
    securityLevels.add(appSecurityLevel);
    securityLevels.add(classSecurityLevel);
    EndpointConfig ep = mock(EndpointConfig.class);
    when(ep.securityLevels()).thenReturn(securityLevels);
    when(classSecurityLevel.filterAnnotations(PermitAll.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(permitAll));
    when(classSecurityLevel.filterAnnotations(DenyAll.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(denyAll));
    when(classSecurityLevel.filterAnnotations(RolesAllowed.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(rolesAllowed));
    RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
    Errors.Collector collector = Errors.collector();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("admin")).build()));
    when(request.service()).thenReturn(Optional.empty());
    validator.validate(rConfig, collector, request);
    if (collector.collect().isValid()) {
        fail("DenyAll is set on this method, this should have failed");
    }
}
Also used : ArrayList(java.util.ArrayList) ProviderRequest(io.helidon.security.ProviderRequest) Errors(io.helidon.common.Errors) DenyAll(jakarta.annotation.security.DenyAll) RolesAllowed(jakarta.annotation.security.RolesAllowed) SecurityLevel(io.helidon.security.SecurityLevel) PermitAll(jakarta.annotation.security.PermitAll) EndpointConfig(io.helidon.security.EndpointConfig) Test(org.junit.jupiter.api.Test)

Aggregations

SecurityLevel (io.helidon.security.SecurityLevel)36 EndpointConfig (io.helidon.security.EndpointConfig)30 ArrayList (java.util.ArrayList)26 ProviderRequest (io.helidon.security.ProviderRequest)25 Test (org.junit.jupiter.api.Test)22 Errors (io.helidon.common.Errors)17 Annotation (java.lang.annotation.Annotation)9 RolesAllowed (jakarta.annotation.security.RolesAllowed)8 DenyAll (jakarta.annotation.security.DenyAll)7 PermitAll (jakarta.annotation.security.PermitAll)6 AuthorizationResponse (io.helidon.security.AuthorizationResponse)5 LinkedList (java.util.LinkedList)5 List (java.util.List)5 SecurityEnvironment (io.helidon.security.SecurityEnvironment)3 AbacAnnotation (io.helidon.security.providers.abac.AbacAnnotation)3 Config (io.helidon.config.Config)2 AuthenticationResponse (io.helidon.security.AuthenticationResponse)2 Subject (io.helidon.security.Subject)2 Audited (io.helidon.security.annotations.Audited)2 Authenticated (io.helidon.security.annotations.Authenticated)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial