Search in sources :

Example 1 with OutboundConfig

use of io.helidon.security.providers.common.OutboundConfig in project helidon by oracle.

the class GoogleTokenProviderTest method initClass.

@BeforeAll
public static void initClass() throws GeneralSecurityException, IOException {
    GoogleIdTokenVerifier verifier = mock(GoogleIdTokenVerifier.class);
    GoogleIdToken.Payload payload = new GoogleIdToken.Payload();
    payload.setEmail(email);
    payload.setEmailVerified(true);
    payload.setSubject(userId);
    payload.set("name", fullName);
    payload.set("locale", Locale.US.toLanguageTag());
    payload.set("family_name", familyName);
    payload.set("given_name", givenName);
    payload.set("picture", pictureUrl);
    GoogleIdToken googleIdToken = mock(GoogleIdToken.class);
    when(googleIdToken.getPayload()).thenReturn(payload);
    when(verifier.verify(TOKEN_VALUE)).thenReturn(googleIdToken);
    when(verifier.verify(googleIdToken)).thenReturn(true);
    BiFunction<JsonFactory, String, GoogleIdToken> parser = (jsonFactory, s) -> googleIdToken;
    provider = GoogleTokenProvider.builder().clientId("clientId").verifier(verifier).tokenParser(parser).outboundConfig(OutboundConfig.builder().addTarget(OutboundTarget.builder("localhost").addHost("localhost").build()).build()).build();
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) ProviderRequest(io.helidon.security.ProviderRequest) BiFunction(java.util.function.BiFunction) CoreMatchers.endsWith(org.hamcrest.CoreMatchers.endsWith) CoreMatchers.not(org.hamcrest.CoreMatchers.not) CoreMatchers.startsWith(org.hamcrest.CoreMatchers.startsWith) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) GeneralSecurityException(java.security.GeneralSecurityException) GoogleIdTokenVerifier(com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier) BeforeAll(org.junit.jupiter.api.BeforeAll) Locale(java.util.Locale) Subject(io.helidon.security.Subject) TokenCredential(io.helidon.security.providers.common.TokenCredential) URI(java.net.URI) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) IOException(java.io.IOException) SecurityContext(io.helidon.security.SecurityContext) GlobalTracer(io.opentracing.util.GlobalTracer) GoogleIdToken(com.google.api.client.googleapis.auth.oauth2.GoogleIdToken) Mockito.when(org.mockito.Mockito.when) Instant(java.time.Instant) AuthenticationResponse(io.helidon.security.AuthenticationResponse) OutboundConfig(io.helidon.security.providers.common.OutboundConfig) Principal(io.helidon.security.Principal) ExecutionException(java.util.concurrent.ExecutionException) SecurityResponse(io.helidon.security.SecurityResponse) Test(org.junit.jupiter.api.Test) List(java.util.List) EndpointConfig(io.helidon.security.EndpointConfig) SecurityEnvironment(io.helidon.security.SecurityEnvironment) OutboundTarget(io.helidon.security.providers.common.OutboundTarget) ForkJoinPool(java.util.concurrent.ForkJoinPool) JsonFactory(com.google.api.client.json.JsonFactory) Optional(java.util.Optional) Span(io.opentracing.Span) Mockito.mock(org.mockito.Mockito.mock) GoogleIdTokenVerifier(com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier) JsonFactory(com.google.api.client.json.JsonFactory) GoogleIdToken(com.google.api.client.googleapis.auth.oauth2.GoogleIdToken) BeforeAll(org.junit.jupiter.api.BeforeAll)

Example 2 with OutboundConfig

use of io.helidon.security.providers.common.OutboundConfig in project helidon by oracle.

the class HttpBasicAuthProvider method syncOutbound.

@Override
protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEp) {
    // explicit username in request properties
    Optional<Object> maybeUsername = outboundEp.abacAttribute(EP_PROPERTY_OUTBOUND_USER);
    if (maybeUsername.isPresent()) {
        String username = maybeUsername.get().toString();
        char[] password = passwordFromEndpoint(outboundEp);
        return toBasicAuthOutbound(outboundEnv, HttpBasicOutboundConfig.DEFAULT_TOKEN_HANDLER, username, password);
    }
    var target = outboundConfig.findTargetCustomObject(outboundEnv, HttpBasicOutboundConfig.class, HttpBasicOutboundConfig::create, HttpBasicOutboundConfig::create);
    if (target.isEmpty()) {
        return OutboundSecurityResponse.abstain();
    }
    HttpBasicOutboundConfig outboundConfig = target.get();
    if (outboundConfig.hasExplicitUser()) {
        // use configured user
        return toBasicAuthOutbound(outboundEnv, outboundConfig.tokenHandler(), outboundConfig.explicitUser(), outboundConfig.explicitPassword());
    } else {
        // propagate current user (if possible)
        SecurityContext secContext = providerRequest.securityContext();
        // first try user
        Optional<BasicPrivateCredentials> creds = secContext.user().flatMap(this::credentialsFromSubject);
        if (creds.isEmpty()) {
            // if not present, try service
            creds = secContext.service().flatMap(this::credentialsFromSubject);
        }
        Optional<char[]> overridePassword = outboundEp.abacAttribute(EP_PROPERTY_OUTBOUND_PASSWORD).map(String::valueOf).map(String::toCharArray);
        return creds.map(credentials -> {
            char[] password = overridePassword.orElse(credentials.password);
            return toBasicAuthOutbound(outboundEnv, outboundConfig.tokenHandler(), credentials.username, password);
        }).orElseGet(OutboundSecurityResponse::abstain);
    }
}
Also used : OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) ProviderRequest(io.helidon.security.ProviderRequest) HashMap(java.util.HashMap) UserStoreService(io.helidon.security.providers.httpauth.spi.UserStoreService) AuthenticationProvider(io.helidon.security.spi.AuthenticationProvider) Matcher(java.util.regex.Matcher) Map(java.util.Map) Subject(io.helidon.security.Subject) LinkedList(java.util.LinkedList) ConfiguredOption(io.helidon.config.metadata.ConfiguredOption) Config(io.helidon.config.Config) SubjectType(io.helidon.security.SubjectType) OutboundSecurityProvider(io.helidon.security.spi.OutboundSecurityProvider) Configured(io.helidon.config.metadata.Configured) SecurityProvider(io.helidon.security.spi.SecurityProvider) SynchronousProvider(io.helidon.security.spi.SynchronousProvider) ServiceLoader(java.util.ServiceLoader) SecurityContext(io.helidon.security.SecurityContext) HelidonServiceLoader(io.helidon.common.serviceloader.HelidonServiceLoader) TokenHandler(io.helidon.security.util.TokenHandler) Logger(java.util.logging.Logger) AuthenticationResponse(io.helidon.security.AuthenticationResponse) OutboundConfig(io.helidon.security.providers.common.OutboundConfig) Principal(io.helidon.security.Principal) StandardCharsets(java.nio.charset.StandardCharsets) SecurityResponse(io.helidon.security.SecurityResponse) Base64(java.util.Base64) List(java.util.List) EndpointConfig(io.helidon.security.EndpointConfig) SecurityEnvironment(io.helidon.security.SecurityEnvironment) OutboundTarget(io.helidon.security.providers.common.OutboundTarget) Role(io.helidon.security.Role) Optional(java.util.Optional) Pattern(java.util.regex.Pattern) SecurityContext(io.helidon.security.SecurityContext) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse)

Example 3 with OutboundConfig

use of io.helidon.security.providers.common.OutboundConfig in project helidon by oracle.

the class HeaderAtnProvider method syncOutbound.

@Override
protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig) {
    Optional<Subject> toPropagate;
    if (subjectType == SubjectType.USER) {
        toPropagate = providerRequest.securityContext().user();
    } else {
        toPropagate = providerRequest.securityContext().service();
    }
    // find the target
    var target = outboundConfig.findTargetCustomObject(outboundEnv, HeaderAtnOutboundConfig.class, HeaderAtnOutboundConfig::create, HeaderAtnOutboundConfig::create);
    // we have no target, let's fall back to original behavior
    if (target.isEmpty()) {
        if (outboundTokenHandler != null) {
            return toPropagate.map(Subject::principal).map(Principal::id).map(id -> respond(outboundEnv, outboundTokenHandler, id)).orElseGet(OutboundSecurityResponse::abstain);
        }
        return OutboundSecurityResponse.abstain();
    }
    // we found a target
    HeaderAtnOutboundConfig outboundConfig = target.get();
    TokenHandler tokenHandler = outboundConfig.tokenHandler().orElse(defaultOutboundTokenHandler);
    return outboundConfig.explicitUser().or(() -> toPropagate.map(Subject::principal).map(Principal::id)).map(id -> respond(outboundEnv, tokenHandler, id)).orElseGet(OutboundSecurityResponse::abstain);
}
Also used : OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse) ProviderRequest(io.helidon.security.ProviderRequest) Config(io.helidon.config.Config) SubjectType(io.helidon.security.SubjectType) OutboundSecurityProvider(io.helidon.security.spi.OutboundSecurityProvider) SynchronousProvider(io.helidon.security.spi.SynchronousProvider) HashMap(java.util.HashMap) TokenHandler(io.helidon.security.util.TokenHandler) AuthenticationResponse(io.helidon.security.AuthenticationResponse) OutboundConfig(io.helidon.security.providers.common.OutboundConfig) Principal(io.helidon.security.Principal) List(java.util.List) AuthenticationProvider(io.helidon.security.spi.AuthenticationProvider) EndpointConfig(io.helidon.security.EndpointConfig) SecurityEnvironment(io.helidon.security.SecurityEnvironment) OutboundTarget(io.helidon.security.providers.common.OutboundTarget) Map(java.util.Map) Optional(java.util.Optional) Subject(io.helidon.security.Subject) TokenHandler(io.helidon.security.util.TokenHandler) Subject(io.helidon.security.Subject) Principal(io.helidon.security.Principal) OutboundSecurityResponse(io.helidon.security.OutboundSecurityResponse)

Aggregations

AuthenticationResponse (io.helidon.security.AuthenticationResponse)3 EndpointConfig (io.helidon.security.EndpointConfig)3 OutboundSecurityResponse (io.helidon.security.OutboundSecurityResponse)3 Principal (io.helidon.security.Principal)3 ProviderRequest (io.helidon.security.ProviderRequest)3 SecurityEnvironment (io.helidon.security.SecurityEnvironment)3 Subject (io.helidon.security.Subject)3 OutboundConfig (io.helidon.security.providers.common.OutboundConfig)3 OutboundTarget (io.helidon.security.providers.common.OutboundTarget)3 List (java.util.List)3 Optional (java.util.Optional)3 Config (io.helidon.config.Config)2 SecurityContext (io.helidon.security.SecurityContext)2 SecurityResponse (io.helidon.security.SecurityResponse)2 SubjectType (io.helidon.security.SubjectType)2 AuthenticationProvider (io.helidon.security.spi.AuthenticationProvider)2 OutboundSecurityProvider (io.helidon.security.spi.OutboundSecurityProvider)2 SynchronousProvider (io.helidon.security.spi.SynchronousProvider)2 TokenHandler (io.helidon.security.util.TokenHandler)2 HashMap (java.util.HashMap)2