use of io.helidon.security.providers.common.OutboundConfig in project helidon by oracle.
the class GoogleTokenProviderTest method initClass.
@BeforeAll
public static void initClass() throws GeneralSecurityException, IOException {
GoogleIdTokenVerifier verifier = mock(GoogleIdTokenVerifier.class);
GoogleIdToken.Payload payload = new GoogleIdToken.Payload();
payload.setEmail(email);
payload.setEmailVerified(true);
payload.setSubject(userId);
payload.set("name", fullName);
payload.set("locale", Locale.US.toLanguageTag());
payload.set("family_name", familyName);
payload.set("given_name", givenName);
payload.set("picture", pictureUrl);
GoogleIdToken googleIdToken = mock(GoogleIdToken.class);
when(googleIdToken.getPayload()).thenReturn(payload);
when(verifier.verify(TOKEN_VALUE)).thenReturn(googleIdToken);
when(verifier.verify(googleIdToken)).thenReturn(true);
BiFunction<JsonFactory, String, GoogleIdToken> parser = (jsonFactory, s) -> googleIdToken;
provider = GoogleTokenProvider.builder().clientId("clientId").verifier(verifier).tokenParser(parser).outboundConfig(OutboundConfig.builder().addTarget(OutboundTarget.builder("localhost").addHost("localhost").build()).build()).build();
}
use of io.helidon.security.providers.common.OutboundConfig in project helidon by oracle.
the class HttpBasicAuthProvider method syncOutbound.
@Override
protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEp) {
// explicit username in request properties
Optional<Object> maybeUsername = outboundEp.abacAttribute(EP_PROPERTY_OUTBOUND_USER);
if (maybeUsername.isPresent()) {
String username = maybeUsername.get().toString();
char[] password = passwordFromEndpoint(outboundEp);
return toBasicAuthOutbound(outboundEnv, HttpBasicOutboundConfig.DEFAULT_TOKEN_HANDLER, username, password);
}
var target = outboundConfig.findTargetCustomObject(outboundEnv, HttpBasicOutboundConfig.class, HttpBasicOutboundConfig::create, HttpBasicOutboundConfig::create);
if (target.isEmpty()) {
return OutboundSecurityResponse.abstain();
}
HttpBasicOutboundConfig outboundConfig = target.get();
if (outboundConfig.hasExplicitUser()) {
// use configured user
return toBasicAuthOutbound(outboundEnv, outboundConfig.tokenHandler(), outboundConfig.explicitUser(), outboundConfig.explicitPassword());
} else {
// propagate current user (if possible)
SecurityContext secContext = providerRequest.securityContext();
// first try user
Optional<BasicPrivateCredentials> creds = secContext.user().flatMap(this::credentialsFromSubject);
if (creds.isEmpty()) {
// if not present, try service
creds = secContext.service().flatMap(this::credentialsFromSubject);
}
Optional<char[]> overridePassword = outboundEp.abacAttribute(EP_PROPERTY_OUTBOUND_PASSWORD).map(String::valueOf).map(String::toCharArray);
return creds.map(credentials -> {
char[] password = overridePassword.orElse(credentials.password);
return toBasicAuthOutbound(outboundEnv, outboundConfig.tokenHandler(), credentials.username, password);
}).orElseGet(OutboundSecurityResponse::abstain);
}
}
use of io.helidon.security.providers.common.OutboundConfig in project helidon by oracle.
the class HeaderAtnProvider method syncOutbound.
@Override
protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig) {
Optional<Subject> toPropagate;
if (subjectType == SubjectType.USER) {
toPropagate = providerRequest.securityContext().user();
} else {
toPropagate = providerRequest.securityContext().service();
}
// find the target
var target = outboundConfig.findTargetCustomObject(outboundEnv, HeaderAtnOutboundConfig.class, HeaderAtnOutboundConfig::create, HeaderAtnOutboundConfig::create);
// we have no target, let's fall back to original behavior
if (target.isEmpty()) {
if (outboundTokenHandler != null) {
return toPropagate.map(Subject::principal).map(Principal::id).map(id -> respond(outboundEnv, outboundTokenHandler, id)).orElseGet(OutboundSecurityResponse::abstain);
}
return OutboundSecurityResponse.abstain();
}
// we found a target
HeaderAtnOutboundConfig outboundConfig = target.get();
TokenHandler tokenHandler = outboundConfig.tokenHandler().orElse(defaultOutboundTokenHandler);
return outboundConfig.explicitUser().or(() -> toPropagate.map(Subject::principal).map(Principal::id)).map(id -> respond(outboundEnv, tokenHandler, id)).orElseGet(OutboundSecurityResponse::abstain);
}
Aggregations