Search in sources :

Example 1 with OidcConfig

use of io.helidon.security.providers.oidc.common.OidcConfig in project helidon by oracle.

the class IdcsMtRoleMapperRxProvider method getGrantsFromServer.

/**
 * Get grants from IDCS server. The result is cached.
 *
 * @param idcsTenantId ID of the IDCS tenant
 * @param idcsAppName  Name of IDCS application
 * @param subject      subject to get grants for
 * @return optional list of grants from server
 */
protected Single<List<? extends Grant>> getGrantsFromServer(String idcsTenantId, String idcsAppName, Subject subject) {
    String subjectName = subject.principal().getName();
    String subjectType = (String) subject.principal().abacAttribute("sub_type").orElse(defaultIdcsSubjectType());
    RoleMapTracing tracing = SecurityTracing.get().roleMapTracing("idcs");
    return Single.create(getAppToken(idcsTenantId, tracing)).flatMapSingle(maybeAppToken -> {
        if (maybeAppToken.isEmpty()) {
            return Single.error(new SecurityException("Application token not available"));
        }
        return Single.just(maybeAppToken.get());
    }).flatMapSingle(appToken -> {
        JsonObjectBuilder requestBuilder = JSON.createObjectBuilder().add("mappingAttributeValue", subjectName).add("subjectType", subjectType).add("appName", idcsAppName).add("includeMemberships", true);
        JsonArrayBuilder arrayBuilder = JSON.createArrayBuilder();
        arrayBuilder.add("urn:ietf:params:scim:schemas:oracle:idcs:Asserter");
        requestBuilder.add("schemas", arrayBuilder);
        Context parentContext = Contexts.context().orElseGet(Contexts::globalContext);
        Context childContext = Context.builder().parent(parentContext).build();
        tracing.findParent().ifPresent(childContext::register);
        WebClientRequestBuilder post = oidcConfig().generalWebClient().post().context(childContext).uri(multitenantEndpoints.assertEndpoint(idcsTenantId)).headers(it -> {
            it.add(Http.Header.AUTHORIZATION, "Bearer " + appToken);
            return it;
        });
        return processRoleRequest(post, requestBuilder.build(), subjectName);
    });
}
Also used : ProviderRequest(io.helidon.security.ProviderRequest) WebClient(io.helidon.webclient.WebClient) Context(io.helidon.common.context.Context) JsonBuilderFactory(jakarta.json.JsonBuilderFactory) SecurityException(io.helidon.security.SecurityException) OidcConfig(io.helidon.security.providers.oidc.common.OidcConfig) EvictableCache(io.helidon.security.providers.common.EvictableCache) Single(io.helidon.common.reactive.Single) Grant(io.helidon.security.Grant) Subject(io.helidon.security.Subject) URI(java.net.URI) LinkedList(java.util.LinkedList) Http(io.helidon.common.http.Http) SecurityTracing(io.helidon.security.integration.common.SecurityTracing) Config(io.helidon.config.Config) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) SecurityProvider(io.helidon.security.spi.SecurityProvider) JsonArrayBuilder(jakarta.json.JsonArrayBuilder) TokenHandler(io.helidon.security.util.TokenHandler) Logger(java.util.logging.Logger) AuthenticationResponse(io.helidon.security.AuthenticationResponse) Contexts(io.helidon.common.context.Contexts) Json(jakarta.json.Json) Objects(java.util.Objects) JsonObjectBuilder(jakarta.json.JsonObjectBuilder) List(java.util.List) Optional(java.util.Optional) RoleMapTracing(io.helidon.security.integration.common.RoleMapTracing) Collections(java.util.Collections) WebClientRequestBuilder(io.helidon.webclient.WebClientRequestBuilder) Context(io.helidon.common.context.Context) RoleMapTracing(io.helidon.security.integration.common.RoleMapTracing) SecurityException(io.helidon.security.SecurityException) JsonArrayBuilder(jakarta.json.JsonArrayBuilder) JsonObjectBuilder(jakarta.json.JsonObjectBuilder) Contexts(io.helidon.common.context.Contexts) WebClientRequestBuilder(io.helidon.webclient.WebClientRequestBuilder)

Example 2 with OidcConfig

use of io.helidon.security.providers.oidc.common.OidcConfig in project helidon by oracle.

the class IdcsRoleMapperRxProvider method getGrantsFromServer.

/**
 * Retrieves grants from IDCS server.
 *
 * @param subject to get grants for
 * @return optional list of grants to be added
 */
protected Single<List<? extends Grant>> getGrantsFromServer(Subject subject) {
    String subjectName = subject.principal().getName();
    String subjectType = (String) subject.principal().abacAttribute("sub_type").orElse(defaultIdcsSubjectType());
    RoleMapTracing tracing = SecurityTracing.get().roleMapTracing("idcs");
    return Single.create(appToken.getToken(tracing)).flatMapSingle(maybeAppToken -> {
        if (maybeAppToken.isEmpty()) {
            return Single.error(new SecurityException("Application token not available"));
        }
        String appToken = maybeAppToken.get();
        JsonObjectBuilder requestBuilder = JSON.createObjectBuilder().add("mappingAttributeValue", subjectName).add("subjectType", subjectType).add("includeMemberships", true);
        JsonArrayBuilder arrayBuilder = JSON.createArrayBuilder();
        arrayBuilder.add("urn:ietf:params:scim:schemas:oracle:idcs:Asserter");
        requestBuilder.add("schemas", arrayBuilder);
        // use current span context as a parent for client outbound
        // using a custom child context, so we do not replace the parent in the current context
        Context parentContext = Contexts.context().orElseGet(Contexts::globalContext);
        Context childContext = Context.builder().parent(parentContext).build();
        tracing.findParent().ifPresent(childContext::register);
        WebClientRequestBuilder request = oidcConfig().generalWebClient().post().uri(asserterUri).context(childContext).headers(it -> {
            it.add(Http.Header.AUTHORIZATION, "Bearer " + appToken);
            return it;
        });
        return processRoleRequest(request, requestBuilder.build(), subjectName);
    }).peek(ignored -> tracing.finish()).onError(tracing::error);
}
Also used : Context(io.helidon.common.context.Context) ProviderRequest(io.helidon.security.ProviderRequest) Context(io.helidon.common.context.Context) JsonBuilderFactory(jakarta.json.JsonBuilderFactory) SecurityException(io.helidon.security.SecurityException) OidcConfig(io.helidon.security.providers.oidc.common.OidcConfig) EvictableCache(io.helidon.security.providers.common.EvictableCache) Single(io.helidon.common.reactive.Single) Grant(io.helidon.security.Grant) Subject(io.helidon.security.Subject) URI(java.net.URI) LinkedList(java.util.LinkedList) Http(io.helidon.common.http.Http) SecurityTracing(io.helidon.security.integration.common.SecurityTracing) Config(io.helidon.config.Config) SubjectMappingProvider(io.helidon.security.spi.SubjectMappingProvider) SecurityProvider(io.helidon.security.spi.SecurityProvider) JsonArrayBuilder(jakarta.json.JsonArrayBuilder) AuthenticationResponse(io.helidon.security.AuthenticationResponse) Contexts(io.helidon.common.context.Contexts) Json(jakarta.json.Json) JsonObjectBuilder(jakarta.json.JsonObjectBuilder) List(java.util.List) Optional(java.util.Optional) RoleMapTracing(io.helidon.security.integration.common.RoleMapTracing) Collections(java.util.Collections) WebClientRequestBuilder(io.helidon.webclient.WebClientRequestBuilder) RoleMapTracing(io.helidon.security.integration.common.RoleMapTracing) SecurityException(io.helidon.security.SecurityException) JsonArrayBuilder(jakarta.json.JsonArrayBuilder) JsonObjectBuilder(jakarta.json.JsonObjectBuilder) Contexts(io.helidon.common.context.Contexts) WebClientRequestBuilder(io.helidon.webclient.WebClientRequestBuilder)

Example 3 with OidcConfig

use of io.helidon.security.providers.oidc.common.OidcConfig in project helidon by oracle.

the class IdcsBuilderMain method main.

/**
 * Start the example.
 *
 * @param args ignored
 * @throws IOException if logging configuration fails
 */
public static void main(String[] args) throws IOException {
    // load logging configuration
    LogConfig.configureRuntime();
    Config config = buildConfig();
    OidcConfig oidcConfig = OidcConfig.builder().clientId("clientId.of.your.application").clientSecret("clientSecret.of.your.application").identityUri(URI.create("https://idcs-tenant-id.identity.oracle.com")).frontendUri("http://your.host:your.port").serverType("idcs").build();
    Security security = Security.builder().addProvider(OidcProvider.create(oidcConfig)).addProvider(IdcsRoleMapperProvider.builder().config(config).oidcConfig(oidcConfig)).build();
    Routing.Builder routing = Routing.builder().register(WebSecurity.create(security, config.get("security"))).register(OidcSupport.create(config)).get("/rest/profile", (req, res) -> {
        Optional<SecurityContext> securityContext = req.context().get(SecurityContext.class);
        res.headers().contentType(MediaType.TEXT_PLAIN.withCharset("UTF-8"));
        res.send("Response from builder based service, you are: \n" + securityContext.flatMap(SecurityContext::user).map(Subject::toString).orElse("Security context is null"));
    });
    theServer = IdcsUtil.startIt(routing);
}
Also used : OidcConfig(io.helidon.security.providers.oidc.common.OidcConfig) Config(io.helidon.config.Config) OidcConfig(io.helidon.security.providers.oidc.common.OidcConfig) LogConfig(io.helidon.common.LogConfig) SecurityContext(io.helidon.security.SecurityContext) Routing(io.helidon.webserver.Routing) Security(io.helidon.security.Security) WebSecurity(io.helidon.security.integration.webserver.WebSecurity)

Aggregations

Config (io.helidon.config.Config)3 OidcConfig (io.helidon.security.providers.oidc.common.OidcConfig)3 Context (io.helidon.common.context.Context)2 Contexts (io.helidon.common.context.Contexts)2 Http (io.helidon.common.http.Http)2 Single (io.helidon.common.reactive.Single)2 AuthenticationResponse (io.helidon.security.AuthenticationResponse)2 Grant (io.helidon.security.Grant)2 ProviderRequest (io.helidon.security.ProviderRequest)2 SecurityException (io.helidon.security.SecurityException)2 Subject (io.helidon.security.Subject)2 RoleMapTracing (io.helidon.security.integration.common.RoleMapTracing)2 SecurityTracing (io.helidon.security.integration.common.SecurityTracing)2 EvictableCache (io.helidon.security.providers.common.EvictableCache)2 SecurityProvider (io.helidon.security.spi.SecurityProvider)2 WebClientRequestBuilder (io.helidon.webclient.WebClientRequestBuilder)2 Json (jakarta.json.Json)2 JsonArrayBuilder (jakarta.json.JsonArrayBuilder)2 JsonBuilderFactory (jakarta.json.JsonBuilderFactory)2 JsonObjectBuilder (jakarta.json.JsonObjectBuilder)2