Search in sources :

Example 1 with TokenCredential

use of io.quarkus.security.credential.TokenCredential in project quarkus by quarkusio.

the class OidcJsonWebTokenProducer method getTokenCredential.

private JsonWebToken getTokenCredential(Class<? extends TokenCredential> type) {
    if (identity.isAnonymous()) {
        return new NullJsonWebToken();
    }
    if (identity.getPrincipal() instanceof OidcJwtCallerPrincipal && ((OidcJwtCallerPrincipal) identity.getPrincipal()).getCredential().getClass() == type) {
        return (JsonWebToken) identity.getPrincipal();
    }
    TokenCredential credential = identity.getCredential(type);
    if (credential != null && credential.getToken() != null) {
        if (credential instanceof AccessTokenCredential && ((AccessTokenCredential) credential).isOpaque()) {
            throw new OIDCException("Opaque access token can not be converted to JsonWebToken");
        }
        JwtClaims jwtClaims;
        try {
            jwtClaims = new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(credential.getToken());
        } catch (InvalidJwtException e) {
            throw new OIDCException(e);
        }
        jwtClaims.setClaim(Claims.raw_token.name(), credential.getToken());
        return new OidcJwtCallerPrincipal(jwtClaims, credential);
    }
    String tokenType = type == AccessTokenCredential.class ? "access" : "ID";
    LOG.tracef("Current identity is not associated with an %s token", tokenType);
    return new NullJsonWebToken();
}
Also used : InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException) NullJsonWebToken(io.smallrye.jwt.auth.cdi.NullJsonWebToken) JwtClaims(org.jose4j.jwt.JwtClaims) JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder) OIDCException(io.quarkus.oidc.OIDCException) NullJsonWebToken(io.smallrye.jwt.auth.cdi.NullJsonWebToken) JsonWebToken(org.eclipse.microprofile.jwt.JsonWebToken) AccessTokenCredential(io.quarkus.oidc.AccessTokenCredential) IdTokenCredential(io.quarkus.oidc.IdTokenCredential) TokenCredential(io.quarkus.security.credential.TokenCredential) AccessTokenCredential(io.quarkus.oidc.AccessTokenCredential)

Example 2 with TokenCredential

use of io.quarkus.security.credential.TokenCredential in project kogito-apps by kiegroup.

the class UserResourceTest method meTest.

@Test
void meTest() {
    UserResource userResourceTest = new UserResource();
    String userName = "testName";
    String testToken = "testToken";
    Set roles = new HashSet<String>();
    roles.add("role1");
    Principal mockPrincipal = mock(Principal.class);
    TokenCredential mockCredential = mock(TokenCredential.class);
    SecurityIdentity securityIdentity = mock(SecurityIdentity.class);
    userResourceTest.setSecurityIdentity(securityIdentity);
    when(mockPrincipal.getName()).thenReturn(userName);
    when(securityIdentity.getPrincipal()).thenReturn(mockPrincipal);
    when(securityIdentity.getRoles()).thenReturn(roles);
    when(securityIdentity.getCredential(TokenCredential.class)).thenReturn(mockCredential);
    when(mockCredential.getToken()).thenReturn(testToken);
    UserResource.User u = userResourceTest.me();
    assertEquals(userName, u.getUserName());
    assertEquals(roles, u.getRoles());
    assertEquals(testToken, u.getToken());
}
Also used : SecurityIdentity(io.quarkus.security.identity.SecurityIdentity) HashSet(java.util.HashSet) Set(java.util.Set) TokenCredential(io.quarkus.security.credential.TokenCredential) Principal(java.security.Principal) HashSet(java.util.HashSet) Test(org.junit.jupiter.api.Test)

Example 3 with TokenCredential

use of io.quarkus.security.credential.TokenCredential in project kogito-apps by kiegroup.

the class KogitoRuntimeClientTest method testGetAuthHeader.

@Test
public void testGetAuthHeader() {
    tokenCredential = mock(TokenCredential.class);
    when(identityMock.getCredential(TokenCredential.class)).thenReturn(tokenCredential);
    when(tokenCredential.getToken()).thenReturn(AUTHORIZED_TOKEN);
    String token = client.getAuthHeader();
    verify(identityMock, times(2)).getCredential(TokenCredential.class);
    assertThat(token).isEqualTo("Bearer " + AUTHORIZED_TOKEN);
    when(identityMock.getCredential(TokenCredential.class)).thenReturn(null);
    token = client.getAuthHeader();
    assertThat(token).isEqualTo("");
}
Also used : ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) TokenCredential(io.quarkus.security.credential.TokenCredential) Test(org.junit.jupiter.api.Test)

Example 4 with TokenCredential

use of io.quarkus.security.credential.TokenCredential in project quarkus by quarkusio.

the class OAuth2AuthMechanism method authenticate.

/**
 * Extract the Authorization header and validate the bearer token if it exists. If it does, and is validated, this
 * builds the org.jboss.security.SecurityContext authenticated Subject that drives the container APIs as well as
 * the authorization layers.
 *
 * @param context - the http request exchange object
 * @param identityProviderManager - the current security context that
 * @return one of AUTHENTICATED, NOT_AUTHENTICATED or NOT_ATTEMPTED depending on the header and authentication outcome.
 */
@Override
public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) {
    String authHeader = context.request().headers().get("Authorization");
    String bearerToken = authHeader != null ? authHeader.substring(7) : null;
    if (bearerToken != null) {
        // Install the OAuth2 principal as the caller
        return identityProviderManager.authenticate(new TokenAuthenticationRequest(new TokenCredential(bearerToken, "bearer")));
    }
    // No suitable header has been found in this request,
    return Uni.createFrom().nullItem();
}
Also used : TokenAuthenticationRequest(io.quarkus.security.identity.request.TokenAuthenticationRequest) TokenCredential(io.quarkus.security.credential.TokenCredential)

Example 5 with TokenCredential

use of io.quarkus.security.credential.TokenCredential in project kogito-runtimes by kiegroup.

the class QuarkusDataIndexClientTest method testGetTokenWithSecurityIdentity.

@Test
public void testGetTokenWithSecurityIdentity() {
    String token = "testToken";
    TokenCredential tokenCredential = new TokenCredential(token, "Bearer");
    SecurityIdentity identity = mock(SecurityIdentity.class);
    lenient().when(identity.getCredential(TokenCredential.class)).thenReturn(tokenCredential);
    QuarkusDataIndexClient testClient = new QuarkusDataIndexClient(null, identity, null);
    assertThat(testClient.getAuthHeader("")).isEqualTo("Bearer " + token);
}
Also used : SecurityIdentity(io.quarkus.security.identity.SecurityIdentity) TokenCredential(io.quarkus.security.credential.TokenCredential) Test(org.junit.jupiter.api.Test)

Aggregations

TokenCredential (io.quarkus.security.credential.TokenCredential)6 SecurityIdentity (io.quarkus.security.identity.SecurityIdentity)3 Test (org.junit.jupiter.api.Test)3 AccessTokenCredential (io.quarkus.oidc.AccessTokenCredential)2 IdTokenCredential (io.quarkus.oidc.IdTokenCredential)2 Principal (java.security.Principal)2 OIDCException (io.quarkus.oidc.OIDCException)1 AuthenticationFailedException (io.quarkus.security.AuthenticationFailedException)1 TokenAuthenticationRequest (io.quarkus.security.identity.request.TokenAuthenticationRequest)1 QuarkusSecurityIdentity (io.quarkus.security.runtime.QuarkusSecurityIdentity)1 NullJsonWebToken (io.smallrye.jwt.auth.cdi.NullJsonWebToken)1 Uni (io.smallrye.mutiny.Uni)1 JsonObject (io.vertx.core.json.JsonObject)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 JsonWebToken (org.eclipse.microprofile.jwt.JsonWebToken)1 JwtClaims (org.jose4j.jwt.JwtClaims)1 InvalidJwtException (org.jose4j.jwt.consumer.InvalidJwtException)1 JwtConsumerBuilder (org.jose4j.jwt.consumer.JwtConsumerBuilder)1 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)1