Examples with SubjectType io.helidon.security.SubjectType used on opensource projects

Search in sources :

Example 1 with SubjectType

use of io.helidon.security.SubjectType in project helidon by oracle.

the class HttpBasicAuthProvider method validateBasicAuth.

private AuthenticationResponse validateBasicAuth(String basicAuthHeader) {
    String b64 = basicAuthHeader.substring(BASIC_PREFIX.length());
    String usernameAndPassword;
    try {
        usernameAndPassword = new String(Base64.getDecoder().decode(b64), StandardCharsets.UTF_8);
    } catch (IllegalArgumentException e) {
        // not a base64 encoded string
        return failOrAbstain("Basic authentication header with invalid content - not base64 encoded");
    }
    Matcher matcher = CREDENTIAL_PATTERN.matcher(usernameAndPassword);
    if (!matcher.matches()) {
        LOGGER.finest(() -> "Basic authentication header with invalid content: " + usernameAndPassword);
        return failOrAbstain("Basic authentication header with invalid content");
    }
    final String username = matcher.group(1);
    final char[] password = matcher.group(2).toCharArray();
    Optional<SecureUserStore.User> foundUser = Optional.empty();
    for (SecureUserStore userStore : userStores) {
        foundUser = userStore.user(username);
        if (foundUser.isPresent()) {
            // find first user from stores
            break;
        }
    }
    return foundUser.map(user -> {
        if (user.isPasswordValid(password)) {
            if (subjectType == SubjectType.USER) {
                return AuthenticationResponse.success(buildSubject(user, password));
            }
            return AuthenticationResponse.successService(buildSubject(user, password));
        } else {
            return invalidUser();
        }
    }).orElseGet(this::invalidUser);
}
Also used : OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) ProviderRequest(io.helidon.security.ProviderRequest) HashMap(java.util.HashMap) UserStoreService(io.helidon.security.providers.httpauth.spi.UserStoreService) AuthenticationProvider(io.helidon.security.spi.AuthenticationProvider) Matcher(java.util.regex.Matcher) Map(java.util.Map) Subject(io.helidon.security.Subject) LinkedList(java.util.LinkedList) ConfiguredOption(io.helidon.config.metadata.ConfiguredOption) Config(io.helidon.config.Config) SubjectType(io.helidon.security.SubjectType) OutboundSecurityProvider(io.helidon.security.spi.OutboundSecurityProvider) Configured(io.helidon.config.metadata.Configured) SecurityProvider(io.helidon.security.spi.SecurityProvider) SynchronousProvider(io.helidon.security.spi.SynchronousProvider) ServiceLoader(java.util.ServiceLoader) SecurityContext(io.helidon.security.SecurityContext) HelidonServiceLoader(io.helidon.common.serviceloader.HelidonServiceLoader) TokenHandler(io.helidon.security.util.TokenHandler) Logger(java.util.logging.Logger) AuthenticationResponse(io.helidon.security.AuthenticationResponse) OutboundConfig(io.helidon.security.providers.common.OutboundConfig) Principal(io.helidon.security.Principal) StandardCharsets(java.nio.charset.StandardCharsets) SecurityResponse(io.helidon.security.SecurityResponse) Base64(java.util.Base64) List(java.util.List) EndpointConfig(io.helidon.security.EndpointConfig) SecurityEnvironment(io.helidon.security.SecurityEnvironment) OutboundTarget(io.helidon.security.providers.common.OutboundTarget) Role(io.helidon.security.Role) Optional(java.util.Optional) Pattern(java.util.regex.Pattern) Matcher(java.util.regex.Matcher)

Example 2 with SubjectType

use of io.helidon.security.SubjectType in project helidon by oracle.

the class HeaderAtnProvider method syncOutbound.

@Override
protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig) {
    Optional<Subject> toPropagate;
    if (subjectType == SubjectType.USER) {
        toPropagate = providerRequest.securityContext().user();
    } else {
        toPropagate = providerRequest.securityContext().service();
    }
    // find the target
    var target = outboundConfig.findTargetCustomObject(outboundEnv, HeaderAtnOutboundConfig.class, HeaderAtnOutboundConfig::create, HeaderAtnOutboundConfig::create);
    // we have no target, let's fall back to original behavior
    if (target.isEmpty()) {
        if (outboundTokenHandler != null) {
            return toPropagate.map(Subject::principal).map(Principal::id).map(id -> respond(outboundEnv, outboundTokenHandler, id)).orElseGet(OutboundSecurityResponse::abstain);
        }
        return OutboundSecurityResponse.abstain();
    }
    // we found a target
    HeaderAtnOutboundConfig outboundConfig = target.get();
    TokenHandler tokenHandler = outboundConfig.tokenHandler().orElse(defaultOutboundTokenHandler);
    return outboundConfig.explicitUser().or(() -> toPropagate.map(Subject::principal).map(Principal::id)).map(id -> respond(outboundEnv, tokenHandler, id)).orElseGet(OutboundSecurityResponse::abstain);
}
Also used : OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) ProviderRequest(io.helidon.security.ProviderRequest) Config(io.helidon.config.Config) SubjectType(io.helidon.security.SubjectType) OutboundSecurityProvider(io.helidon.security.spi.OutboundSecurityProvider) SynchronousProvider(io.helidon.security.spi.SynchronousProvider) HashMap(java.util.HashMap) TokenHandler(io.helidon.security.util.TokenHandler) AuthenticationResponse(io.helidon.security.AuthenticationResponse) OutboundConfig(io.helidon.security.providers.common.OutboundConfig) Principal(io.helidon.security.Principal) List(java.util.List) AuthenticationProvider(io.helidon.security.spi.AuthenticationProvider) EndpointConfig(io.helidon.security.EndpointConfig) SecurityEnvironment(io.helidon.security.SecurityEnvironment) OutboundTarget(io.helidon.security.providers.common.OutboundTarget) Map(java.util.Map) Optional(java.util.Optional) Subject(io.helidon.security.Subject) TokenHandler(io.helidon.security.util.TokenHandler) Subject(io.helidon.security.Subject) Principal(io.helidon.security.Principal) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse)

Example 3 with SubjectType

use of io.helidon.security.SubjectType in project helidon by oracle.

the class HttpDigestAuthProvider method validateDigestAuth.

private AuthenticationResponse validateDigestAuth(String headerValue, SecurityEnvironment env) {
    DigestToken token;
    try {
        token = DigestToken.fromAuthorizationHeader(headerValue.substring(DIGEST_PREFIX.length()), env.method().toLowerCase());
    } catch (HttpAuthException e) {
        LOGGER.log(Level.FINEST, "Failed to process digest token", e);
        return failOrAbstain(e.getMessage());
    }
    // decrypt
    byte[] bytes;
    try {
        bytes = Base64.getDecoder().decode(token.getNonce());
    } catch (IllegalArgumentException e) {
        LOGGER.log(Level.FINEST, "Failed to base64 decode nonce", e);
        // not base 64
        return failOrAbstain("Nonce must be base64 encoded");
    }
    if (bytes.length < 17) {
        return failOrAbstain("Invalid nonce length");
    }
    byte[] salt = new byte[SALT_LENGTH];
    byte[] aesNonce = new byte[AES_NONCE_LENGTH];
    byte[] encryptedBytes = new byte[bytes.length - SALT_LENGTH - AES_NONCE_LENGTH];
    System.arraycopy(bytes, 0, salt, 0, salt.length);
    System.arraycopy(bytes, SALT_LENGTH, aesNonce, 0, aesNonce.length);
    System.arraycopy(bytes, SALT_LENGTH + AES_NONCE_LENGTH, encryptedBytes, 0, encryptedBytes.length);
    Cipher cipher = HttpAuthUtil.cipher(digestServerSecret, salt, aesNonce, Cipher.DECRYPT_MODE);
    try {
        byte[] timestampBytes = cipher.doFinal(encryptedBytes);
        long nonceTimestamp = HttpAuthUtil.toLong(timestampBytes, 0, timestampBytes.length);
        // validate nonce
        if ((System.currentTimeMillis() - nonceTimestamp) > digestNonceTimeoutMillis) {
            return failOrAbstain("Nonce timeout");
        }
    } catch (Exception e) {
        LOGGER.log(Level.FINEST, "Failed to validate nonce", e);
        return failOrAbstain("Invalid nonce value");
    }
    // validate realm
    if (!realm.equals(token.getRealm())) {
        return failOrAbstain("Invalid realm");
    }
    return userStore.user(token.getUsername()).map(user -> {
        if (token.validateLogin(user)) {
            // yay, correct user and password!!!
            if (subjectType == SubjectType.USER) {
                return AuthenticationResponse.success(buildSubject(user));
            } else {
                return AuthenticationResponse.successService(buildSubject(user));
            }
        } else {
            return failOrAbstain("Invalid username or password");
        }
    }).orElse(failOrAbstain("Invalid username or password"));
}
Also used : Arrays(java.util.Arrays) ProviderRequest(io.helidon.security.ProviderRequest) Random(java.util.Random) Cipher(javax.crypto.Cipher) Level(java.util.logging.Level) SecureRandom(java.security.SecureRandom) AuthenticationProvider(io.helidon.security.spi.AuthenticationProvider) Map(java.util.Map) BigInteger(java.math.BigInteger) Subject(io.helidon.security.Subject) LinkedList(java.util.LinkedList) Config(io.helidon.config.Config) SubjectType(io.helidon.security.SubjectType) SynchronousProvider(io.helidon.security.spi.SynchronousProvider) Logger(java.util.logging.Logger) AuthenticationResponse(io.helidon.security.AuthenticationResponse) Collectors(java.util.stream.Collectors) Principal(io.helidon.security.Principal) Objects(java.util.Objects) TimeUnit(java.util.concurrent.TimeUnit) SecurityResponse(io.helidon.security.SecurityResponse) Base64(java.util.Base64) List(java.util.List) SecurityEnvironment(io.helidon.security.SecurityEnvironment) Role(io.helidon.security.Role) Optional(java.util.Optional) Cipher(javax.crypto.Cipher)

Aggregations

Config (io.helidon.config.Config)3 AuthenticationResponse (io.helidon.security.AuthenticationResponse)3 Principal (io.helidon.security.Principal)3 ProviderRequest (io.helidon.security.ProviderRequest)3 SecurityEnvironment (io.helidon.security.SecurityEnvironment)3 Subject (io.helidon.security.Subject)3 SubjectType (io.helidon.security.SubjectType)3 AuthenticationProvider (io.helidon.security.spi.AuthenticationProvider)3 SynchronousProvider (io.helidon.security.spi.SynchronousProvider)3 List (java.util.List)3 Map (java.util.Map)3 Optional (java.util.Optional)3 EndpointConfig (io.helidon.security.EndpointConfig)2 OutboundSecurityResponse (io.helidon.security.OutboundSecurityResponse)2 Role (io.helidon.security.Role)2 SecurityResponse (io.helidon.security.SecurityResponse)2 OutboundConfig (io.helidon.security.providers.common.OutboundConfig)2 OutboundTarget (io.helidon.security.providers.common.OutboundTarget)2 OutboundSecurityProvider (io.helidon.security.spi.OutboundSecurityProvider)2 TokenHandler (io.helidon.security.util.TokenHandler)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial