Example 31 with HeaderMap
use of io.undertow.util.HeaderMap in project indy by Commonjava.
the class BasicAuthenticationOAuthTranslator method authenticate.
@Override
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) {
if (!enabled) {
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
logger.debug("BASIC authenticate injector checking for " + AUTHORIZATION_HEADER + " header.");
final HeaderMap headers = exchange.getRequestHeaders();
final Collection<String> vals = headers.remove(AUTHORIZATION_HEADER);
String basicAuth = null;
String bearerAuth = null;
final List<String> resultValues = new ArrayList<>();
if (vals != null) {
for (final String value : vals) {
logger.debug("Found Authorization header: '{}'", value);
if (value.toLowerCase().startsWith(BASIC_AUTH_PREFIX)) {
logger.debug("detected basic auth");
basicAuth = value;
} else if (value.toLowerCase().startsWith(BEARER_AUTH_PREFIX)) {
bearerAuth = value;
resultValues.add(value);
} else {
resultValues.add(value);
}
}
}
if (bearerAuth == null && basicAuth != null) {
final UserPass userPass = UserPass.parse(basicAuth);
logger.debug("Parsed BASIC authorization: {}", userPass);
if (userPass != null) {
final AccessTokenResponse token = lookupToken(userPass);
if (token != null) {
final String encodedToken = token.getToken();
logger.debug("Raw token: {}", encodedToken);
final String value = BEARER_AUTH_PREFIX + " " + encodedToken;
logger.debug("Adding {} value: {}", AUTHORIZATION_HEADER, value);
logger.info("BASIC authentication translated into OAuth 2.0 bearer token. Handing off to Keycloak.");
resultValues.add(value);
KeycloakBearerTokenDebug.debugToken(encodedToken);
exchange.getResponseHeaders().add(new HttpString(INDY_BEARER_TOKEN), encodedToken);
}
}
}
logger.debug("Re-adding {} values: {}", AUTHORIZATION_HEADER, resultValues);
headers.addAll(new HttpString(AUTHORIZATION_HEADER), resultValues);
// The best we can do is lookup the token for the given basic auth fields, and inject it for keycloak to use.
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
Also used :
HeaderMap(io.undertow.util.HeaderMap)
ArrayList(java.util.ArrayList)
UserPass(org.commonjava.indy.subsys.http.util.UserPass)
HttpString(io.undertow.util.HttpString)
AccessTokenResponse(org.keycloak.representations.AccessTokenResponse)
HttpString(io.undertow.util.HttpString)
Aggregations
HeaderMap (io.undertow.util.HeaderMap)31
HttpString (io.undertow.util.HttpString)18
HeaderValues (io.undertow.util.HeaderValues)9
ByteBuffer (java.nio.ByteBuffer)7
PooledByteBuffer (io.undertow.connector.PooledByteBuffer)6
HttpServerExchange (io.undertow.server.HttpServerExchange)6
IOException (java.io.IOException)6
Http2HeadersStreamSinkChannel (io.undertow.protocols.http2.Http2HeadersStreamSinkChannel)3
HttpHandler (io.undertow.server.HttpHandler)3
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
Map (java.util.Map)3
BeforeClass (org.junit.BeforeClass)3
ClientRequest (io.undertow.client.ClientRequest)2
DigestAlgorithm (io.undertow.security.idm.DigestAlgorithm)2
ImmediatePooledByteBuffer (io.undertow.util.ImmediatePooledByteBuffer)2
ParameterLimitException (io.undertow.util.ParameterLimitException)2
InputStream (java.io.InputStream)2
OutputStream (java.io.OutputStream)2
List (java.util.List)2
