Search in sources :

Example 1 with TokenAuthenticationRequest

use of io.quarkus.security.identity.request.TokenAuthenticationRequest in project quarkus by quarkusio.

the class TokenRealmUnitTest method testAuthenticator.

@Test
public void testAuthenticator() throws Exception {
    KeyPair keyPair = generateKeyPair();
    PublicKey pk1 = keyPair.getPublic();
    PrivateKey pk1Priv = keyPair.getPrivate();
    JWTAuthContextInfo contextInfo = new JWTAuthContextInfo((RSAPublicKey) pk1, "https://server.example.com");
    MpJwtValidator jwtValidator = new MpJwtValidator(new DefaultJWTParser(contextInfo), null);
    QuarkusIdentityProviderManagerImpl authenticator = QuarkusIdentityProviderManagerImpl.builder().addProvider(new AnonymousIdentityProvider()).setBlockingExecutor(new Executor() {

        @Override
        public void execute(Runnable command) {
            command.run();
        }
    }).addProvider(jwtValidator).build();
    String jwt = TokenUtils.generateTokenString("/Token1.json", pk1Priv, "testTokenRealm");
    TokenAuthenticationRequest tokenEvidence = new TokenAuthenticationRequest(new JsonWebTokenCredential(jwt));
    SecurityIdentity securityIdentity = authenticator.authenticate(tokenEvidence).await().indefinitely();
    Assertions.assertNotNull(securityIdentity);
    Assertions.assertEquals("jdoe@example.com", securityIdentity.getPrincipal().getName());
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) TokenAuthenticationRequest(io.quarkus.security.identity.request.TokenAuthenticationRequest) PublicKey(java.security.PublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) QuarkusIdentityProviderManagerImpl(io.quarkus.security.runtime.QuarkusIdentityProviderManagerImpl) AnonymousIdentityProvider(io.quarkus.security.runtime.AnonymousIdentityProvider) JsonWebTokenCredential(io.quarkus.smallrye.jwt.runtime.auth.JsonWebTokenCredential) MpJwtValidator(io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator) JWTAuthContextInfo(io.smallrye.jwt.auth.principal.JWTAuthContextInfo) SecurityIdentity(io.quarkus.security.identity.SecurityIdentity) Executor(java.util.concurrent.Executor) DefaultJWTParser(io.smallrye.jwt.auth.principal.DefaultJWTParser) Test(org.junit.jupiter.api.Test)

Example 2 with TokenAuthenticationRequest

use of io.quarkus.security.identity.request.TokenAuthenticationRequest in project quarkus by quarkusio.

the class OAuth2AuthMechanism method authenticate.

/**
 * Extract the Authorization header and validate the bearer token if it exists. If it does, and is validated, this
 * builds the org.jboss.security.SecurityContext authenticated Subject that drives the container APIs as well as
 * the authorization layers.
 *
 * @param context - the http request exchange object
 * @param identityProviderManager - the current security context that
 * @return one of AUTHENTICATED, NOT_AUTHENTICATED or NOT_ATTEMPTED depending on the header and authentication outcome.
 */
@Override
public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) {
    String authHeader = context.request().headers().get("Authorization");
    String bearerToken = authHeader != null ? authHeader.substring(7) : null;
    if (bearerToken != null) {
        // Install the OAuth2 principal as the caller
        return identityProviderManager.authenticate(new TokenAuthenticationRequest(new TokenCredential(bearerToken, "bearer")));
    }
    // No suitable header has been found in this request,
    return Uni.createFrom().nullItem();
}
Also used : TokenAuthenticationRequest(io.quarkus.security.identity.request.TokenAuthenticationRequest) TokenCredential(io.quarkus.security.credential.TokenCredential)

Example 3 with TokenAuthenticationRequest

use of io.quarkus.security.identity.request.TokenAuthenticationRequest in project boardgamefiesta by tomwetjens.

the class EventsAuthFilter method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    var httpServletRequest = (HttpServletRequest) servletRequest;
    var httpServletResponse = (HttpServletResponse) servletResponse;
    var token = httpServletRequest.getParameter("token");
    if (token == null || "".equals(token)) {
        filterChain.doFilter(servletRequest, servletResponse);
        return;
    }
    try {
        var idTokenCredential = new IdTokenCredential(token, routingContext);
        var tokenAuthenticationRequest = new TokenAuthenticationRequest(idTokenCredential);
        SecurityIdentity securityIdentity = oidcIdentityProvider.authenticate(tokenAuthenticationRequest, function -> Uni.createFrom().item(function.get())).await().indefinitely();
        filterChain.doFilter(new AuthenticatedRequest(httpServletRequest, securityIdentity.getPrincipal()), servletResponse);
    } catch (CompletionException e) {
        if (e.getCause() instanceof AuthenticationFailedException) {
            log.debug("Authentication failed", e);
            httpServletResponse.sendError(401);
        } else {
            log.error("Unexpected error during authentication", e);
            httpServletResponse.sendError(500);
        }
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityIdentity(io.quarkus.security.identity.SecurityIdentity) TokenAuthenticationRequest(io.quarkus.security.identity.request.TokenAuthenticationRequest) AuthenticationFailedException(io.quarkus.security.AuthenticationFailedException) CompletionException(java.util.concurrent.CompletionException) HttpServletResponse(javax.servlet.http.HttpServletResponse) IdTokenCredential(io.quarkus.oidc.IdTokenCredential)

Aggregations

TokenAuthenticationRequest (io.quarkus.security.identity.request.TokenAuthenticationRequest)3 SecurityIdentity (io.quarkus.security.identity.SecurityIdentity)2 IdTokenCredential (io.quarkus.oidc.IdTokenCredential)1 AuthenticationFailedException (io.quarkus.security.AuthenticationFailedException)1 TokenCredential (io.quarkus.security.credential.TokenCredential)1 AnonymousIdentityProvider (io.quarkus.security.runtime.AnonymousIdentityProvider)1 QuarkusIdentityProviderManagerImpl (io.quarkus.security.runtime.QuarkusIdentityProviderManagerImpl)1 JsonWebTokenCredential (io.quarkus.smallrye.jwt.runtime.auth.JsonWebTokenCredential)1 MpJwtValidator (io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator)1 DefaultJWTParser (io.smallrye.jwt.auth.principal.DefaultJWTParser)1 JWTAuthContextInfo (io.smallrye.jwt.auth.principal.JWTAuthContextInfo)1 KeyPair (java.security.KeyPair)1 PrivateKey (java.security.PrivateKey)1 PublicKey (java.security.PublicKey)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 CompletionException (java.util.concurrent.CompletionException)1 Executor (java.util.concurrent.Executor)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 Test (org.junit.jupiter.api.Test)1