Search in sources :

Example 1 with AuthorizationProvider

use of io.vertx.ext.auth.authorization.AuthorizationProvider in project vertx-web by vert-x3.

the class AuthorizationHandlerImpl method checkOrFetchAuthorizations.

/**
 * this method checks that the specified authorization match the current content.
 * It doesn't fetch all providers at once in order to do early-out, but rather tries to be smart and fetch authorizations one provider at a time
 *
 * @param ctx the current routing context
 * @param authorizationContext the current authorization context
 * @param providers the providers iterator
 */
private void checkOrFetchAuthorizations(RoutingContext ctx, boolean parseEnded, AuthorizationContext authorizationContext, Iterator<AuthorizationProvider> providers) {
    if (authorization.match(authorizationContext)) {
        // resume the processing of the request
        resume(ctx.request(), parseEnded);
        ctx.next();
        return;
    }
    final User user = ctx.user();
    if (user == null || !providers.hasNext()) {
        // resume as the error handler may allow this request to become valid again
        resume(ctx.request(), parseEnded);
        ctx.fail(FORBIDDEN_CODE, FORBIDDEN_EXCEPTION);
        return;
    }
    // 2) if there is a match, get out right away otherwise repeat 1)
    do {
        AuthorizationProvider provider = providers.next();
        // we haven't fetched authorization from this provider yet
        if (!user.authorizations().getProviderIds().contains(provider.getId())) {
            provider.getAuthorizations(ctx.user(), authorizationResult -> {
                if (authorizationResult.failed()) {
                    LOG.warn("An error occurred getting authorization - providerId: " + provider.getId(), authorizationResult.cause());
                // note that we don't 'record' the fact that we tried to fetch the authorization provider. therefore, it will be re-fetched later-on
                }
                checkOrFetchAuthorizations(ctx, parseEnded, authorizationContext, providers);
            });
            // get out right now as the callback will decide what to do next
            return;
        }
    } while (providers.hasNext());
    // reached the end of the iterator
    // resume as the error handler may allow this request to become valid again, yet mark the request as forbidden
    resume(ctx.request(), parseEnded);
    ctx.fail(FORBIDDEN_CODE, FORBIDDEN_EXCEPTION);
}
Also used : User(io.vertx.ext.auth.User) AuthorizationProvider(io.vertx.ext.auth.authorization.AuthorizationProvider)

Example 2 with AuthorizationProvider

use of io.vertx.ext.auth.authorization.AuthorizationProvider in project vertx-web by vert-x3.

the class AuthHandlerTestBase method testAuthorization.

protected void testAuthorization(String username, boolean fail, Authorization authority) throws Exception {
    if (requiresSession()) {
        router.route().handler(BodyHandler.create());
        SessionStore store = getSessionStore();
        router.route().handler(SessionHandler.create(store));
    }
    AuthenticationProvider authNProvider = PropertyFileAuthentication.create(vertx, "login/loginusers.properties");
    AuthorizationProvider authZProvider = PropertyFileAuthorization.create(vertx, "login/loginusers.properties");
    AuthenticationHandler authNHandler = createAuthHandler(authNProvider);
    router.route().handler(rc -> {
        // we need to be logged in
        if (rc.user() == null) {
            UsernamePasswordCredentials authInfo = new UsernamePasswordCredentials(username, "delicious:sausages");
            authNProvider.authenticate(authInfo, res -> {
                if (res.succeeded()) {
                    rc.setUser(res.result());
                    rc.next();
                } else {
                    rc.fail(res.cause());
                }
            });
        }
    });
    router.route().handler(authNHandler);
    if (authority != null) {
        router.route().handler(AuthorizationHandler.create(authority).addAuthorizationProvider(authZProvider));
    }
    router.route().handler(rc -> rc.response().end());
    testRequest(HttpMethod.GET, "/", fail ? 403 : 200, fail ? "Forbidden" : "OK");
}
Also used : LocalSessionStore(io.vertx.ext.web.sstore.LocalSessionStore) SessionStore(io.vertx.ext.web.sstore.SessionStore) AuthenticationProvider(io.vertx.ext.auth.authentication.AuthenticationProvider) AuthorizationProvider(io.vertx.ext.auth.authorization.AuthorizationProvider) UsernamePasswordCredentials(io.vertx.ext.auth.authentication.UsernamePasswordCredentials)

Aggregations

AuthorizationProvider (io.vertx.ext.auth.authorization.AuthorizationProvider)2 User (io.vertx.ext.auth.User)1 AuthenticationProvider (io.vertx.ext.auth.authentication.AuthenticationProvider)1 UsernamePasswordCredentials (io.vertx.ext.auth.authentication.UsernamePasswordCredentials)1 LocalSessionStore (io.vertx.ext.web.sstore.LocalSessionStore)1 SessionStore (io.vertx.ext.web.sstore.SessionStore)1