use of io.helidon.security.providers.oidc.common.OidcConfig in project helidon by oracle.
the class IdcsMtRoleMapperRxProvider method getGrantsFromServer.
/**
* Get grants from IDCS server. The result is cached.
*
* @param idcsTenantId ID of the IDCS tenant
* @param idcsAppName Name of IDCS application
* @param subject subject to get grants for
* @return optional list of grants from server
*/
protected Single<List<? extends Grant>> getGrantsFromServer(String idcsTenantId, String idcsAppName, Subject subject) {
String subjectName = subject.principal().getName();
String subjectType = (String) subject.principal().abacAttribute("sub_type").orElse(defaultIdcsSubjectType());
RoleMapTracing tracing = SecurityTracing.get().roleMapTracing("idcs");
return Single.create(getAppToken(idcsTenantId, tracing)).flatMapSingle(maybeAppToken -> {
if (maybeAppToken.isEmpty()) {
return Single.error(new SecurityException("Application token not available"));
}
return Single.just(maybeAppToken.get());
}).flatMapSingle(appToken -> {
JsonObjectBuilder requestBuilder = JSON.createObjectBuilder().add("mappingAttributeValue", subjectName).add("subjectType", subjectType).add("appName", idcsAppName).add("includeMemberships", true);
JsonArrayBuilder arrayBuilder = JSON.createArrayBuilder();
arrayBuilder.add("urn:ietf:params:scim:schemas:oracle:idcs:Asserter");
requestBuilder.add("schemas", arrayBuilder);
Context parentContext = Contexts.context().orElseGet(Contexts::globalContext);
Context childContext = Context.builder().parent(parentContext).build();
tracing.findParent().ifPresent(childContext::register);
WebClientRequestBuilder post = oidcConfig().generalWebClient().post().context(childContext).uri(multitenantEndpoints.assertEndpoint(idcsTenantId)).headers(it -> {
it.add(Http.Header.AUTHORIZATION, "Bearer " + appToken);
return it;
});
return processRoleRequest(post, requestBuilder.build(), subjectName);
});
}
use of io.helidon.security.providers.oidc.common.OidcConfig in project helidon by oracle.
the class IdcsRoleMapperRxProvider method getGrantsFromServer.
/**
* Retrieves grants from IDCS server.
*
* @param subject to get grants for
* @return optional list of grants to be added
*/
protected Single<List<? extends Grant>> getGrantsFromServer(Subject subject) {
String subjectName = subject.principal().getName();
String subjectType = (String) subject.principal().abacAttribute("sub_type").orElse(defaultIdcsSubjectType());
RoleMapTracing tracing = SecurityTracing.get().roleMapTracing("idcs");
return Single.create(appToken.getToken(tracing)).flatMapSingle(maybeAppToken -> {
if (maybeAppToken.isEmpty()) {
return Single.error(new SecurityException("Application token not available"));
}
String appToken = maybeAppToken.get();
JsonObjectBuilder requestBuilder = JSON.createObjectBuilder().add("mappingAttributeValue", subjectName).add("subjectType", subjectType).add("includeMemberships", true);
JsonArrayBuilder arrayBuilder = JSON.createArrayBuilder();
arrayBuilder.add("urn:ietf:params:scim:schemas:oracle:idcs:Asserter");
requestBuilder.add("schemas", arrayBuilder);
// use current span context as a parent for client outbound
// using a custom child context, so we do not replace the parent in the current context
Context parentContext = Contexts.context().orElseGet(Contexts::globalContext);
Context childContext = Context.builder().parent(parentContext).build();
tracing.findParent().ifPresent(childContext::register);
WebClientRequestBuilder request = oidcConfig().generalWebClient().post().uri(asserterUri).context(childContext).headers(it -> {
it.add(Http.Header.AUTHORIZATION, "Bearer " + appToken);
return it;
});
return processRoleRequest(request, requestBuilder.build(), subjectName);
}).peek(ignored -> tracing.finish()).onError(tracing::error);
}
use of io.helidon.security.providers.oidc.common.OidcConfig in project helidon by oracle.
the class IdcsBuilderMain method main.
/**
* Start the example.
*
* @param args ignored
* @throws IOException if logging configuration fails
*/
public static void main(String[] args) throws IOException {
// load logging configuration
LogConfig.configureRuntime();
Config config = buildConfig();
OidcConfig oidcConfig = OidcConfig.builder().clientId("clientId.of.your.application").clientSecret("clientSecret.of.your.application").identityUri(URI.create("https://idcs-tenant-id.identity.oracle.com")).frontendUri("http://your.host:your.port").serverType("idcs").build();
Security security = Security.builder().addProvider(OidcProvider.create(oidcConfig)).addProvider(IdcsRoleMapperProvider.builder().config(config).oidcConfig(oidcConfig)).build();
Routing.Builder routing = Routing.builder().register(WebSecurity.create(security, config.get("security"))).register(OidcSupport.create(config)).get("/rest/profile", (req, res) -> {
Optional<SecurityContext> securityContext = req.context().get(SecurityContext.class);
res.headers().contentType(MediaType.TEXT_PLAIN.withCharset("UTF-8"));
res.send("Response from builder based service, you are: \n" + securityContext.flatMap(SecurityContext::user).map(Subject::toString).orElse("Security context is null"));
});
theServer = IdcsUtil.startIt(routing);
}
Aggregations