Example 1 with TokenCredential
use of io.quarkus.security.credential.TokenCredential in project quarkus by quarkusio.
the class OidcJsonWebTokenProducer method getTokenCredential.
private JsonWebToken getTokenCredential(Class<? extends TokenCredential> type) {
if (identity.isAnonymous()) {
return new NullJsonWebToken();
}
if (identity.getPrincipal() instanceof OidcJwtCallerPrincipal && ((OidcJwtCallerPrincipal) identity.getPrincipal()).getCredential().getClass() == type) {
return (JsonWebToken) identity.getPrincipal();
}
TokenCredential credential = identity.getCredential(type);
if (credential != null && credential.getToken() != null) {
if (credential instanceof AccessTokenCredential && ((AccessTokenCredential) credential).isOpaque()) {
throw new OIDCException("Opaque access token can not be converted to JsonWebToken");
}
JwtClaims jwtClaims;
try {
jwtClaims = new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(credential.getToken());
} catch (InvalidJwtException e) {
throw new OIDCException(e);
}
jwtClaims.setClaim(Claims.raw_token.name(), credential.getToken());
return new OidcJwtCallerPrincipal(jwtClaims, credential);
}
String tokenType = type == AccessTokenCredential.class ? "access" : "ID";
LOG.tracef("Current identity is not associated with an %s token", tokenType);
return new NullJsonWebToken();
}
Also used :
InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException)
NullJsonWebToken(io.smallrye.jwt.auth.cdi.NullJsonWebToken)
JwtClaims(org.jose4j.jwt.JwtClaims)
JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder)
OIDCException(io.quarkus.oidc.OIDCException)
NullJsonWebToken(io.smallrye.jwt.auth.cdi.NullJsonWebToken)
JsonWebToken(org.eclipse.microprofile.jwt.JsonWebToken)
AccessTokenCredential(io.quarkus.oidc.AccessTokenCredential)
IdTokenCredential(io.quarkus.oidc.IdTokenCredential)
TokenCredential(io.quarkus.security.credential.TokenCredential)
AccessTokenCredential(io.quarkus.oidc.AccessTokenCredential)
Example 2 with TokenCredential
use of io.quarkus.security.credential.TokenCredential in project kogito-apps by kiegroup.
the class UserResourceTest method meTest.
@Test
void meTest() {
UserResource userResourceTest = new UserResource();
String userName = "testName";
String testToken = "testToken";
Set roles = new HashSet<String>();
roles.add("role1");
Principal mockPrincipal = mock(Principal.class);
TokenCredential mockCredential = mock(TokenCredential.class);
SecurityIdentity securityIdentity = mock(SecurityIdentity.class);
userResourceTest.setSecurityIdentity(securityIdentity);
when(mockPrincipal.getName()).thenReturn(userName);
when(securityIdentity.getPrincipal()).thenReturn(mockPrincipal);
when(securityIdentity.getRoles()).thenReturn(roles);
when(securityIdentity.getCredential(TokenCredential.class)).thenReturn(mockCredential);
when(mockCredential.getToken()).thenReturn(testToken);
UserResource.User u = userResourceTest.me();
assertEquals(userName, u.getUserName());
assertEquals(roles, u.getRoles());
assertEquals(testToken, u.getToken());
}
Also used :
SecurityIdentity(io.quarkus.security.identity.SecurityIdentity)
HashSet(java.util.HashSet)
Set(java.util.Set)
TokenCredential(io.quarkus.security.credential.TokenCredential)
Principal(java.security.Principal)
HashSet(java.util.HashSet)
Test(org.junit.jupiter.api.Test)
Example 3 with TokenCredential
use of io.quarkus.security.credential.TokenCredential in project kogito-apps by kiegroup.
the class KogitoRuntimeClientTest method testGetAuthHeader.
@Test
public void testGetAuthHeader() {
tokenCredential = mock(TokenCredential.class);
when(identityMock.getCredential(TokenCredential.class)).thenReturn(tokenCredential);
when(tokenCredential.getToken()).thenReturn(AUTHORIZED_TOKEN);
String token = client.getAuthHeader();
verify(identityMock, times(2)).getCredential(TokenCredential.class);
assertThat(token).isEqualTo("Bearer " + AUTHORIZED_TOKEN);
when(identityMock.getCredential(TokenCredential.class)).thenReturn(null);
token = client.getAuthHeader();
assertThat(token).isEqualTo("");
}
Also used :
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
TokenCredential(io.quarkus.security.credential.TokenCredential)
Test(org.junit.jupiter.api.Test)
Example 4 with TokenCredential
use of io.quarkus.security.credential.TokenCredential in project quarkus by quarkusio.
the class OAuth2AuthMechanism method authenticate.
/**
* Extract the Authorization header and validate the bearer token if it exists. If it does, and is validated, this
* builds the org.jboss.security.SecurityContext authenticated Subject that drives the container APIs as well as
* the authorization layers.
*
* @param context - the http request exchange object
* @param identityProviderManager - the current security context that
* @return one of AUTHENTICATED, NOT_AUTHENTICATED or NOT_ATTEMPTED depending on the header and authentication outcome.
*/
@Override
public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) {
String authHeader = context.request().headers().get("Authorization");
String bearerToken = authHeader != null ? authHeader.substring(7) : null;
if (bearerToken != null) {
// Install the OAuth2 principal as the caller
return identityProviderManager.authenticate(new TokenAuthenticationRequest(new TokenCredential(bearerToken, "bearer")));
}
// No suitable header has been found in this request,
return Uni.createFrom().nullItem();
}
Also used :
TokenAuthenticationRequest(io.quarkus.security.identity.request.TokenAuthenticationRequest)
TokenCredential(io.quarkus.security.credential.TokenCredential)
Example 5 with TokenCredential
use of io.quarkus.security.credential.TokenCredential in project kogito-runtimes by kiegroup.
the class QuarkusDataIndexClientTest method testGetTokenWithSecurityIdentity.
@Test
public void testGetTokenWithSecurityIdentity() {
String token = "testToken";
TokenCredential tokenCredential = new TokenCredential(token, "Bearer");
SecurityIdentity identity = mock(SecurityIdentity.class);
lenient().when(identity.getCredential(TokenCredential.class)).thenReturn(tokenCredential);
QuarkusDataIndexClient testClient = new QuarkusDataIndexClient(null, identity, null);
assertThat(testClient.getAuthHeader("")).isEqualTo("Bearer " + token);
}
Also used :
SecurityIdentity(io.quarkus.security.identity.SecurityIdentity)
TokenCredential(io.quarkus.security.credential.TokenCredential)
Test(org.junit.jupiter.api.Test)
Aggregations
TokenCredential (io.quarkus.security.credential.TokenCredential)6
SecurityIdentity (io.quarkus.security.identity.SecurityIdentity)3
Test (org.junit.jupiter.api.Test)3
AccessTokenCredential (io.quarkus.oidc.AccessTokenCredential)2
IdTokenCredential (io.quarkus.oidc.IdTokenCredential)2
Principal (java.security.Principal)2
OIDCException (io.quarkus.oidc.OIDCException)1
AuthenticationFailedException (io.quarkus.security.AuthenticationFailedException)1
TokenAuthenticationRequest (io.quarkus.security.identity.request.TokenAuthenticationRequest)1
QuarkusSecurityIdentity (io.quarkus.security.runtime.QuarkusSecurityIdentity)1
NullJsonWebToken (io.smallrye.jwt.auth.cdi.NullJsonWebToken)1
Uni (io.smallrye.mutiny.Uni)1
JsonObject (io.vertx.core.json.JsonObject)1
HashSet (java.util.HashSet)1
Set (java.util.Set)1
JsonWebToken (org.eclipse.microprofile.jwt.JsonWebToken)1
JwtClaims (org.jose4j.jwt.JwtClaims)1
InvalidJwtException (org.jose4j.jwt.consumer.InvalidJwtException)1
JwtConsumerBuilder (org.jose4j.jwt.consumer.JwtConsumerBuilder)1
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)1
