use of io.quarkus.security.credential.TokenCredential in project quarkus by quarkusio.
the class OidcJsonWebTokenProducer method getTokenCredential.
private JsonWebToken getTokenCredential(Class<? extends TokenCredential> type) {
if (identity.isAnonymous()) {
return new NullJsonWebToken();
}
if (identity.getPrincipal() instanceof OidcJwtCallerPrincipal && ((OidcJwtCallerPrincipal) identity.getPrincipal()).getCredential().getClass() == type) {
return (JsonWebToken) identity.getPrincipal();
}
TokenCredential credential = identity.getCredential(type);
if (credential != null && credential.getToken() != null) {
if (credential instanceof AccessTokenCredential && ((AccessTokenCredential) credential).isOpaque()) {
throw new OIDCException("Opaque access token can not be converted to JsonWebToken");
}
JwtClaims jwtClaims;
try {
jwtClaims = new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(credential.getToken());
} catch (InvalidJwtException e) {
throw new OIDCException(e);
}
jwtClaims.setClaim(Claims.raw_token.name(), credential.getToken());
return new OidcJwtCallerPrincipal(jwtClaims, credential);
}
String tokenType = type == AccessTokenCredential.class ? "access" : "ID";
LOG.tracef("Current identity is not associated with an %s token", tokenType);
return new NullJsonWebToken();
}
use of io.quarkus.security.credential.TokenCredential in project kogito-apps by kiegroup.
the class UserResourceTest method meTest.
@Test
void meTest() {
UserResource userResourceTest = new UserResource();
String userName = "testName";
String testToken = "testToken";
Set roles = new HashSet<String>();
roles.add("role1");
Principal mockPrincipal = mock(Principal.class);
TokenCredential mockCredential = mock(TokenCredential.class);
SecurityIdentity securityIdentity = mock(SecurityIdentity.class);
userResourceTest.setSecurityIdentity(securityIdentity);
when(mockPrincipal.getName()).thenReturn(userName);
when(securityIdentity.getPrincipal()).thenReturn(mockPrincipal);
when(securityIdentity.getRoles()).thenReturn(roles);
when(securityIdentity.getCredential(TokenCredential.class)).thenReturn(mockCredential);
when(mockCredential.getToken()).thenReturn(testToken);
UserResource.User u = userResourceTest.me();
assertEquals(userName, u.getUserName());
assertEquals(roles, u.getRoles());
assertEquals(testToken, u.getToken());
}
use of io.quarkus.security.credential.TokenCredential in project kogito-apps by kiegroup.
the class KogitoRuntimeClientTest method testGetAuthHeader.
@Test
public void testGetAuthHeader() {
tokenCredential = mock(TokenCredential.class);
when(identityMock.getCredential(TokenCredential.class)).thenReturn(tokenCredential);
when(tokenCredential.getToken()).thenReturn(AUTHORIZED_TOKEN);
String token = client.getAuthHeader();
verify(identityMock, times(2)).getCredential(TokenCredential.class);
assertThat(token).isEqualTo("Bearer " + AUTHORIZED_TOKEN);
when(identityMock.getCredential(TokenCredential.class)).thenReturn(null);
token = client.getAuthHeader();
assertThat(token).isEqualTo("");
}
use of io.quarkus.security.credential.TokenCredential in project quarkus by quarkusio.
the class OAuth2AuthMechanism method authenticate.
/**
* Extract the Authorization header and validate the bearer token if it exists. If it does, and is validated, this
* builds the org.jboss.security.SecurityContext authenticated Subject that drives the container APIs as well as
* the authorization layers.
*
* @param context - the http request exchange object
* @param identityProviderManager - the current security context that
* @return one of AUTHENTICATED, NOT_AUTHENTICATED or NOT_ATTEMPTED depending on the header and authentication outcome.
*/
@Override
public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) {
String authHeader = context.request().headers().get("Authorization");
String bearerToken = authHeader != null ? authHeader.substring(7) : null;
if (bearerToken != null) {
// Install the OAuth2 principal as the caller
return identityProviderManager.authenticate(new TokenAuthenticationRequest(new TokenCredential(bearerToken, "bearer")));
}
// No suitable header has been found in this request,
return Uni.createFrom().nullItem();
}
use of io.quarkus.security.credential.TokenCredential in project kogito-runtimes by kiegroup.
the class QuarkusDataIndexClientTest method testGetTokenWithSecurityIdentity.
@Test
public void testGetTokenWithSecurityIdentity() {
String token = "testToken";
TokenCredential tokenCredential = new TokenCredential(token, "Bearer");
SecurityIdentity identity = mock(SecurityIdentity.class);
lenient().when(identity.getCredential(TokenCredential.class)).thenReturn(tokenCredential);
QuarkusDataIndexClient testClient = new QuarkusDataIndexClient(null, identity, null);
assertThat(testClient.getAuthHeader("")).isEqualTo("Bearer " + token);
}
Aggregations