use of io.quarkus.security.identity.request.TokenAuthenticationRequest in project quarkus by quarkusio.
the class TokenRealmUnitTest method testAuthenticator.
@Test
public void testAuthenticator() throws Exception {
KeyPair keyPair = generateKeyPair();
PublicKey pk1 = keyPair.getPublic();
PrivateKey pk1Priv = keyPair.getPrivate();
JWTAuthContextInfo contextInfo = new JWTAuthContextInfo((RSAPublicKey) pk1, "https://server.example.com");
MpJwtValidator jwtValidator = new MpJwtValidator(new DefaultJWTParser(contextInfo), null);
QuarkusIdentityProviderManagerImpl authenticator = QuarkusIdentityProviderManagerImpl.builder().addProvider(new AnonymousIdentityProvider()).setBlockingExecutor(new Executor() {
@Override
public void execute(Runnable command) {
command.run();
}
}).addProvider(jwtValidator).build();
String jwt = TokenUtils.generateTokenString("/Token1.json", pk1Priv, "testTokenRealm");
TokenAuthenticationRequest tokenEvidence = new TokenAuthenticationRequest(new JsonWebTokenCredential(jwt));
SecurityIdentity securityIdentity = authenticator.authenticate(tokenEvidence).await().indefinitely();
Assertions.assertNotNull(securityIdentity);
Assertions.assertEquals("jdoe@example.com", securityIdentity.getPrincipal().getName());
}
use of io.quarkus.security.identity.request.TokenAuthenticationRequest in project quarkus by quarkusio.
the class OAuth2AuthMechanism method authenticate.
/**
* Extract the Authorization header and validate the bearer token if it exists. If it does, and is validated, this
* builds the org.jboss.security.SecurityContext authenticated Subject that drives the container APIs as well as
* the authorization layers.
*
* @param context - the http request exchange object
* @param identityProviderManager - the current security context that
* @return one of AUTHENTICATED, NOT_AUTHENTICATED or NOT_ATTEMPTED depending on the header and authentication outcome.
*/
@Override
public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) {
String authHeader = context.request().headers().get("Authorization");
String bearerToken = authHeader != null ? authHeader.substring(7) : null;
if (bearerToken != null) {
// Install the OAuth2 principal as the caller
return identityProviderManager.authenticate(new TokenAuthenticationRequest(new TokenCredential(bearerToken, "bearer")));
}
// No suitable header has been found in this request,
return Uni.createFrom().nullItem();
}
use of io.quarkus.security.identity.request.TokenAuthenticationRequest in project boardgamefiesta by tomwetjens.
the class EventsAuthFilter method doFilter.
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
var httpServletRequest = (HttpServletRequest) servletRequest;
var httpServletResponse = (HttpServletResponse) servletResponse;
var token = httpServletRequest.getParameter("token");
if (token == null || "".equals(token)) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
try {
var idTokenCredential = new IdTokenCredential(token, routingContext);
var tokenAuthenticationRequest = new TokenAuthenticationRequest(idTokenCredential);
SecurityIdentity securityIdentity = oidcIdentityProvider.authenticate(tokenAuthenticationRequest, function -> Uni.createFrom().item(function.get())).await().indefinitely();
filterChain.doFilter(new AuthenticatedRequest(httpServletRequest, securityIdentity.getPrincipal()), servletResponse);
} catch (CompletionException e) {
if (e.getCause() instanceof AuthenticationFailedException) {
log.debug("Authentication failed", e);
httpServletResponse.sendError(401);
} else {
log.error("Unexpected error during authentication", e);
httpServletResponse.sendError(500);
}
}
}
Aggregations