use of io.helidon.security.integration.common.RoleMapTracing in project helidon by oracle.
the class IdcsMtRoleMapperProvider method getGrantsFromServer.
/**
* Get grants from IDCS server. The result is cached.
*
* @param idcsTenantId ID of the IDCS tenant
* @param idcsAppName Name of IDCS application
* @param subject subject to get grants for
* @return optional list of grants from server
*/
protected Optional<List<? extends Grant>> getGrantsFromServer(String idcsTenantId, String idcsAppName, Subject subject) {
String subjectName = subject.principal().getName();
String subjectType = (String) subject.principal().abacAttribute("sub_type").orElse(defaultIdcsSubjectType());
RoleMapTracing tracing = SecurityTracing.get().roleMapTracing("idcs");
return getAppToken(idcsTenantId, tracing).flatMap(appToken -> {
JsonObjectBuilder requestBuilder = JSON.createObjectBuilder().add("mappingAttributeValue", subjectName).add("subjectType", subjectType).add("appName", idcsAppName).add("includeMemberships", true);
JsonArrayBuilder arrayBuilder = JSON.createArrayBuilder();
arrayBuilder.add("urn:ietf:params:scim:schemas:oracle:idcs:Asserter");
requestBuilder.add("schemas", arrayBuilder);
Invocation.Builder reqBuilder = multitenantEndpoints.assertEndpoint(idcsTenantId).request();
tracing.findParent().ifPresent(spanContext -> reqBuilder.property(PARENT_CONTEXT_CLIENT_PROPERTY, spanContext));
Response groupResponse = reqBuilder.header("Authorization", "Bearer " + appToken).post(Entity.json(requestBuilder.build()));
return processServerResponse(groupResponse, subjectName);
});
}
use of io.helidon.security.integration.common.RoleMapTracing in project helidon by oracle.
the class IdcsMtRoleMapperRxProvider method getGrantsFromServer.
/**
* Get grants from IDCS server. The result is cached.
*
* @param idcsTenantId ID of the IDCS tenant
* @param idcsAppName Name of IDCS application
* @param subject subject to get grants for
* @return optional list of grants from server
*/
protected Single<List<? extends Grant>> getGrantsFromServer(String idcsTenantId, String idcsAppName, Subject subject) {
String subjectName = subject.principal().getName();
String subjectType = (String) subject.principal().abacAttribute("sub_type").orElse(defaultIdcsSubjectType());
RoleMapTracing tracing = SecurityTracing.get().roleMapTracing("idcs");
return Single.create(getAppToken(idcsTenantId, tracing)).flatMapSingle(maybeAppToken -> {
if (maybeAppToken.isEmpty()) {
return Single.error(new SecurityException("Application token not available"));
}
return Single.just(maybeAppToken.get());
}).flatMapSingle(appToken -> {
JsonObjectBuilder requestBuilder = JSON.createObjectBuilder().add("mappingAttributeValue", subjectName).add("subjectType", subjectType).add("appName", idcsAppName).add("includeMemberships", true);
JsonArrayBuilder arrayBuilder = JSON.createArrayBuilder();
arrayBuilder.add("urn:ietf:params:scim:schemas:oracle:idcs:Asserter");
requestBuilder.add("schemas", arrayBuilder);
Context parentContext = Contexts.context().orElseGet(Contexts::globalContext);
Context childContext = Context.builder().parent(parentContext).build();
tracing.findParent().ifPresent(childContext::register);
WebClientRequestBuilder post = oidcConfig().generalWebClient().post().context(childContext).uri(multitenantEndpoints.assertEndpoint(idcsTenantId)).headers(it -> {
it.add(Http.Header.AUTHORIZATION, "Bearer " + appToken);
return it;
});
return processRoleRequest(post, requestBuilder.build(), subjectName);
});
}
use of io.helidon.security.integration.common.RoleMapTracing in project helidon by oracle.
the class IdcsRoleMapperProvider method getGrantsFromServer.
/**
* Retrieves grants from IDCS server.
*
* @param subject to get grants for
* @return optional list of grants to be added
*/
protected Optional<List<? extends Grant>> getGrantsFromServer(Subject subject) {
String subjectName = subject.principal().getName();
String subjectType = (String) subject.principal().abacAttribute("sub_type").orElse(defaultIdcsSubjectType());
RoleMapTracing tracing = SecurityTracing.get().roleMapTracing("idcs");
return appToken.getToken(tracing).flatMap(appToken -> {
JsonObjectBuilder requestBuilder = JSON.createObjectBuilder().add("mappingAttributeValue", subjectName).add("subjectType", subjectType).add("includeMemberships", true);
JsonArrayBuilder arrayBuilder = JSON.createArrayBuilder();
arrayBuilder.add("urn:ietf:params:scim:schemas:oracle:idcs:Asserter");
requestBuilder.add("schemas", arrayBuilder);
try {
Invocation.Builder reqBuilder = assertEndpoint.request();
tracing.findParent().ifPresent(spanContext -> reqBuilder.property(PARENT_CONTEXT_CLIENT_PROPERTY, spanContext));
Response groupResponse = reqBuilder.header("Authorization", "Bearer " + appToken).post(Entity.json(requestBuilder.build()));
return processServerResponse(groupResponse, subjectName);
} catch (Exception e) {
tracing.error(e);
throw e;
} finally {
tracing.finish();
}
});
}
use of io.helidon.security.integration.common.RoleMapTracing in project helidon by oracle.
the class IdcsRoleMapperRxProvider method getGrantsFromServer.
/**
* Retrieves grants from IDCS server.
*
* @param subject to get grants for
* @return optional list of grants to be added
*/
protected Single<List<? extends Grant>> getGrantsFromServer(Subject subject) {
String subjectName = subject.principal().getName();
String subjectType = (String) subject.principal().abacAttribute("sub_type").orElse(defaultIdcsSubjectType());
RoleMapTracing tracing = SecurityTracing.get().roleMapTracing("idcs");
return Single.create(appToken.getToken(tracing)).flatMapSingle(maybeAppToken -> {
if (maybeAppToken.isEmpty()) {
return Single.error(new SecurityException("Application token not available"));
}
String appToken = maybeAppToken.get();
JsonObjectBuilder requestBuilder = JSON.createObjectBuilder().add("mappingAttributeValue", subjectName).add("subjectType", subjectType).add("includeMemberships", true);
JsonArrayBuilder arrayBuilder = JSON.createArrayBuilder();
arrayBuilder.add("urn:ietf:params:scim:schemas:oracle:idcs:Asserter");
requestBuilder.add("schemas", arrayBuilder);
// use current span context as a parent for client outbound
// using a custom child context, so we do not replace the parent in the current context
Context parentContext = Contexts.context().orElseGet(Contexts::globalContext);
Context childContext = Context.builder().parent(parentContext).build();
tracing.findParent().ifPresent(childContext::register);
WebClientRequestBuilder request = oidcConfig().generalWebClient().post().uri(asserterUri).context(childContext).headers(it -> {
it.add(Http.Header.AUTHORIZATION, "Bearer " + appToken);
return it;
});
return processRoleRequest(request, requestBuilder.build(), subjectName);
}).peek(ignored -> tracing.finish()).onError(tracing::error);
}
Aggregations