Example 1 with V1TokenReviewStatus
use of io.kubernetes.client.models.V1TokenReviewStatus in project weblogic-kubernetes-operator by oracle.
the class AuthenticationProxy method check.
/**
* Check if the specified access token can be authenticated
*
* @param principal The user, group or service account.
* @param token The access token that identifies the user.
* @return V1TokenReviewStatus containing either info about the authenticated user or
* an error explaining why the user couldn't be authenticated
*/
public V1TokenReviewStatus check(String principal, String token) {
// Don't expose the token since it's a credential
LOGGER.entering(principal);
V1TokenReview result = null;
try {
boolean allowed = authorizationProxy.check(principal, AuthorizationProxy.Operation.create, AuthorizationProxy.Resource.tokenreviews, null, AuthorizationProxy.Scope.cluster, null);
if (allowed) {
CallBuilderFactory factory = ContainerResolver.getInstance().getContainer().getSPI(CallBuilderFactory.class);
result = factory.create().createTokenReview(prepareTokenReview(token));
} else {
LOGGER.info(MessageKeys.CANNOT_CREATE_TOKEN_REVIEW);
}
} catch (ApiException e) {
LOGGER.severe(MessageKeys.APIEXCEPTION_FROM_TOKEN_REVIEW, e);
LOGGER.exiting(null);
return null;
}
LOGGER.info("Returned TokenReview", result);
V1TokenReviewStatus status = result != null ? result.getStatus() : null;
LOGGER.exiting(status);
return status;
}
Also used :
V1TokenReviewStatus(io.kubernetes.client.models.V1TokenReviewStatus)
V1TokenReview(io.kubernetes.client.models.V1TokenReview)
ApiException(io.kubernetes.client.ApiException)
Example 2 with V1TokenReviewStatus
use of io.kubernetes.client.models.V1TokenReviewStatus in project weblogic-kubernetes-operator by oracle.
the class RestBackendImpl method authenticate.
private V1UserInfo authenticate(String accessToken) {
LOGGER.entering();
V1TokenReviewStatus status = atn.check(principal, accessToken);
if (status == null) {
throw new AssertionError(formatMessage(MessageKeys.NULL_TOKEN_REVIEW_STATUS));
}
String error = status.getError();
if (error != null) {
WebApplicationException e = createWebApplicationException(Status.UNAUTHORIZED, error);
LOGGER.throwing(e);
throw e;
}
if (!status.isAuthenticated()) {
// don't know why the user didn't get authenticated
WebApplicationException e = createWebApplicationException(Status.UNAUTHORIZED, null);
LOGGER.throwing(e);
throw e;
}
userInfo = status.getUser();
if (userInfo == null) {
throw new AssertionError(formatMessage(MessageKeys.NULL_USER_INFO, status));
}
LOGGER.exiting(userInfo);
return userInfo;
}
Also used :
WebApplicationException(javax.ws.rs.WebApplicationException)
V1TokenReviewStatus(io.kubernetes.client.models.V1TokenReviewStatus)
Aggregations
V1TokenReviewStatus (io.kubernetes.client.models.V1TokenReviewStatus)2
ApiException (io.kubernetes.client.ApiException)1
V1TokenReview (io.kubernetes.client.models.V1TokenReview)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
