Examples with OutboundConfig io.helidon.security.providers.common.OutboundConfig used on opensource projects

Example 1 with OutboundConfig

use of io.helidon.security.providers.common.OutboundConfig in project helidon by oracle.

the class GoogleTokenProviderTest method initClass.

@BeforeAll
public static void initClass() throws GeneralSecurityException, IOException {
    GoogleIdTokenVerifier verifier = mock(GoogleIdTokenVerifier.class);
    GoogleIdToken.Payload payload = new GoogleIdToken.Payload();
    payload.setEmail(email);
    payload.setEmailVerified(true);
    payload.setSubject(userId);
    payload.set("name", fullName);
    payload.set("locale", Locale.US.toLanguageTag());
    payload.set("family_name", familyName);
    payload.set("given_name", givenName);
    payload.set("picture", pictureUrl);
    GoogleIdToken googleIdToken = mock(GoogleIdToken.class);
    when(googleIdToken.getPayload()).thenReturn(payload);
    when(verifier.verify(TOKEN_VALUE)).thenReturn(googleIdToken);
    when(verifier.verify(googleIdToken)).thenReturn(true);
    BiFunction<JsonFactory, String, GoogleIdToken> parser = (jsonFactory, s) -> googleIdToken;
    provider = GoogleTokenProvider.builder().clientId("clientId").verifier(verifier).tokenParser(parser).outboundConfig(OutboundConfig.builder().addTarget(OutboundTarget.builder("localhost").addHost("localhost").build()).build()).build();
}

Example 2 with OutboundConfig

use of io.helidon.security.providers.common.OutboundConfig in project helidon by oracle.

the class HttpBasicAuthProvider method syncOutbound.

@Override
protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEp) {
    // explicit username in request properties
    Optional<Object> maybeUsername = outboundEp.abacAttribute(EP_PROPERTY_OUTBOUND_USER);
    if (maybeUsername.isPresent()) {
        String username = maybeUsername.get().toString();
        char[] password = passwordFromEndpoint(outboundEp);
        return toBasicAuthOutbound(outboundEnv, HttpBasicOutboundConfig.DEFAULT_TOKEN_HANDLER, username, password);
    }
    var target = outboundConfig.findTargetCustomObject(outboundEnv, HttpBasicOutboundConfig.class, HttpBasicOutboundConfig::create, HttpBasicOutboundConfig::create);
    if (target.isEmpty()) {
        return OutboundSecurityResponse.abstain();
    }
    HttpBasicOutboundConfig outboundConfig = target.get();
    if (outboundConfig.hasExplicitUser()) {
        // use configured user
        return toBasicAuthOutbound(outboundEnv, outboundConfig.tokenHandler(), outboundConfig.explicitUser(), outboundConfig.explicitPassword());
    } else {
        // propagate current user (if possible)
        SecurityContext secContext = providerRequest.securityContext();
        // first try user
        Optional<BasicPrivateCredentials> creds = secContext.user().flatMap(this::credentialsFromSubject);
        if (creds.isEmpty()) {
            // if not present, try service
            creds = secContext.service().flatMap(this::credentialsFromSubject);
        }
        Optional<char[]> overridePassword = outboundEp.abacAttribute(EP_PROPERTY_OUTBOUND_PASSWORD).map(String::valueOf).map(String::toCharArray);
        return creds.map(credentials -> {
            char[] password = overridePassword.orElse(credentials.password);
            return toBasicAuthOutbound(outboundEnv, outboundConfig.tokenHandler(), credentials.username, password);
        }).orElseGet(OutboundSecurityResponse::abstain);
    }
}

Example 3 with OutboundConfig

use of io.helidon.security.providers.common.OutboundConfig in project helidon by oracle.

the class HeaderAtnProvider method syncOutbound.

@Override
protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig) {
    Optional<Subject> toPropagate;
    if (subjectType == SubjectType.USER) {
        toPropagate = providerRequest.securityContext().user();
    } else {
        toPropagate = providerRequest.securityContext().service();
    }
    // find the target
    var target = outboundConfig.findTargetCustomObject(outboundEnv, HeaderAtnOutboundConfig.class, HeaderAtnOutboundConfig::create, HeaderAtnOutboundConfig::create);
    // we have no target, let's fall back to original behavior
    if (target.isEmpty()) {
        if (outboundTokenHandler != null) {
            return toPropagate.map(Subject::principal).map(Principal::id).map(id -> respond(outboundEnv, outboundTokenHandler, id)).orElseGet(OutboundSecurityResponse::abstain);
        }
        return OutboundSecurityResponse.abstain();
    }
    // we found a target
    HeaderAtnOutboundConfig outboundConfig = target.get();
    TokenHandler tokenHandler = outboundConfig.tokenHandler().orElse(defaultOutboundTokenHandler);
    return outboundConfig.explicitUser().or(() -> toPropagate.map(Subject::principal).map(Principal::id)).map(id -> respond(outboundEnv, tokenHandler, id)).orElseGet(OutboundSecurityResponse::abstain);
}