Examples with AuthorizedSubject org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject used on opensource projects

Search in sources :

Example 1 with AuthorizedSubject

use of org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject in project devspaces-images by redhat-developer.

the class OpenshiftTokenInitializationFilter method extractSubject.

@Override
protected Subject extractSubject(String token, io.fabric8.openshift.api.model.User osu) {
    try {
        ObjectMeta userMeta = osu.getMetadata();
        User user = userManager.getOrCreateUser(getUserId(osu), userMeta.getName());
        return new AuthorizedSubject(new SubjectImpl(user.getName(), user.getId(), token, false), permissionChecker);
    } catch (ServerException | ConflictException e) {
        throw new RuntimeException(e);
    }
}
Also used : ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) User(org.eclipse.che.api.core.model.user.User) AuthorizedSubject(org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject) ServerException(org.eclipse.che.api.core.ServerException) ConflictException(org.eclipse.che.api.core.ConflictException) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl)

Example 2 with AuthorizedSubject

use of org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject in project devspaces-images by redhat-developer.

the class KeycloakEnvironmentInitializationFilter method extractSubject.

@Override
public Subject extractSubject(String token, Jws<Claims> processedToken) throws ServletException {
    Claims claims = processedToken.getBody();
    LOG.debug("JWT = {}", processedToken);
    try {
        String username = claims.get(keycloakSettings.get().get(OIDC_USERNAME_CLAIM_SETTING), String.class);
        if (username == null) {
            // fallback to unique id promised by spec
            // https://openid.net/specs/openid-connect-basic-1_0.html#ClaimStability
            username = claims.getIssuer() + ":" + claims.getSubject();
        }
        if (!userNameReplacementPatterns.isEmpty()) {
            for (Map.Entry<String, String> entry : userNameReplacementPatterns.entrySet()) {
                username = username.replaceAll(entry.getKey(), entry.getValue());
            }
        }
        String id = claims.getSubject();
        String email = retrieveEmail(token, claims, id).orElseThrow(() -> new JwtException("Unable to authenticate user because email address is not set in keycloak profile"));
        User user = userManager.getOrCreateUser(id, email, username);
        return new AuthorizedSubject(new SubjectImpl(user.getName(), user.getId(), token, false), permissionChecker);
    } catch (ServerException | ConflictException e) {
        throw new ServletException("Unable to identify user " + claims.getSubject() + " in Che database", e);
    }
}
Also used : ServletException(jakarta.servlet.ServletException) Claims(io.jsonwebtoken.Claims) User(org.eclipse.che.api.core.model.user.User) AuthorizedSubject(org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject) ServerException(org.eclipse.che.api.core.ServerException) ConflictException(org.eclipse.che.api.core.ConflictException) JwtException(io.jsonwebtoken.JwtException) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) Map(java.util.Map)

Example 3 with AuthorizedSubject

use of org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject in project devspaces-images by redhat-developer.

the class KeycloakEnvironmentInitializationFilterTest method shouldRefreshSubjectWhenTokensNotMatch.

@Test
public void shouldRefreshSubjectWhenTokensNotMatch() throws Exception {
    Subject existingSubject = new SubjectImpl("name", "id1", "token", false);
    UserImpl user = new UserImpl("id2", "test2@test.com", "username2");
    ArgumentCaptor<AuthorizedSubject> captor = ArgumentCaptor.forClass(AuthorizedSubject.class);
    DefaultJws<Claims> claims = createJws();
    Subject expectedSubject = new SubjectImpl(user.getName(), user.getId(), "token2", false);
    // given
    when(tokenExtractor.getToken(any(HttpServletRequest.class))).thenReturn("token2");
    when(jwtParser.parseClaimsJws(anyString())).thenReturn(claims);
    when(session.getAttribute(eq(CHE_SUBJECT_ATTRIBUTE))).thenReturn(existingSubject);
    when(userManager.getOrCreateUser(anyString(), anyString(), anyString())).thenReturn(user);
    EnvironmentContext context = spy(EnvironmentContext.getCurrent());
    EnvironmentContext.setCurrent(context);
    // when
    filter.doFilter(request, response, chain);
    // then
    verify(session).setAttribute(eq(CHE_SUBJECT_ATTRIBUTE), captor.capture());
    verify(context).setSubject(captor.capture());
    assertEquals(expectedSubject.getToken(), captor.getAllValues().get(0).getToken());
    assertEquals(expectedSubject.getToken(), captor.getAllValues().get(1).getToken());
    assertEquals(expectedSubject.getUserId(), captor.getAllValues().get(0).getUserId());
    assertEquals(expectedSubject.getUserId(), captor.getAllValues().get(1).getUserId());
    assertEquals(expectedSubject.getUserName(), captor.getAllValues().get(0).getUserName());
    assertEquals(expectedSubject.getUserName(), captor.getAllValues().get(1).getUserName());
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) EnvironmentContext(org.eclipse.che.commons.env.EnvironmentContext) AuthorizedSubject(org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject) Claims(io.jsonwebtoken.Claims) DefaultClaims(io.jsonwebtoken.impl.DefaultClaims) UserImpl(org.eclipse.che.api.user.server.model.impl.UserImpl) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) AuthorizedSubject(org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject) Subject(org.eclipse.che.commons.subject.Subject) Test(org.testng.annotations.Test)

Example 4 with AuthorizedSubject

use of org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject in project che-server by eclipse-che.

the class OidcTokenInitializationFilter method extractSubject.

@Override
protected Subject extractSubject(String token, Jws<Claims> processedToken) {
    try {
        Claims claims = processedToken.getBody();
        User user = userManager.getOrCreateUser(claims.getSubject(), claims.get(EMAIL_CLAIM, String.class), claims.get(usernameClaim, String.class));
        return new AuthorizedSubject(new SubjectImpl(user.getName(), user.getId(), token, false), permissionChecker);
    } catch (ServerException | ConflictException e) {
        throw new RuntimeException(e);
    }
}
Also used : Claims(io.jsonwebtoken.Claims) User(org.eclipse.che.api.core.model.user.User) AuthorizedSubject(org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject) ServerException(org.eclipse.che.api.core.ServerException) ConflictException(org.eclipse.che.api.core.ConflictException) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl)

Example 5 with AuthorizedSubject

use of org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject in project che-server by eclipse-che.

the class KeycloakEnvironmentInitializationFilter method extractSubject.

@Override
public Subject extractSubject(String token, Jws<Claims> processedToken) throws ServletException {
    Claims claims = processedToken.getBody();
    LOG.debug("JWT = {}", processedToken);
    try {
        String username = claims.get(keycloakSettings.get().get(OIDC_USERNAME_CLAIM_SETTING), String.class);
        if (username == null) {
            // fallback to unique id promised by spec
            // https://openid.net/specs/openid-connect-basic-1_0.html#ClaimStability
            username = claims.getIssuer() + ":" + claims.getSubject();
        }
        if (!userNameReplacementPatterns.isEmpty()) {
            for (Map.Entry<String, String> entry : userNameReplacementPatterns.entrySet()) {
                username = username.replaceAll(entry.getKey(), entry.getValue());
            }
        }
        String id = claims.getSubject();
        String email = retrieveEmail(token, claims, id).orElseThrow(() -> new JwtException("Unable to authenticate user because email address is not set in keycloak profile"));
        User user = userManager.getOrCreateUser(id, email, username);
        return new AuthorizedSubject(new SubjectImpl(user.getName(), user.getId(), token, false), permissionChecker);
    } catch (ServerException | ConflictException e) {
        throw new ServletException("Unable to identify user " + claims.getSubject() + " in Che database", e);
    }
}
Also used : ServletException(jakarta.servlet.ServletException) Claims(io.jsonwebtoken.Claims) User(org.eclipse.che.api.core.model.user.User) AuthorizedSubject(org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject) ServerException(org.eclipse.che.api.core.ServerException) ConflictException(org.eclipse.che.api.core.ConflictException) JwtException(io.jsonwebtoken.JwtException) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) Map(java.util.Map)

Aggregations

SubjectImpl (org.eclipse.che.commons.subject.SubjectImpl)8 AuthorizedSubject (org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject)8 Claims (io.jsonwebtoken.Claims)6 ConflictException (org.eclipse.che.api.core.ConflictException)6 ServerException (org.eclipse.che.api.core.ServerException)6 User (org.eclipse.che.api.core.model.user.User)6 ObjectMeta (io.fabric8.kubernetes.api.model.ObjectMeta)2 JwtException (io.jsonwebtoken.JwtException)2 DefaultClaims (io.jsonwebtoken.impl.DefaultClaims)2 ServletException (jakarta.servlet.ServletException)2 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)2 Map (java.util.Map)2 UserImpl (org.eclipse.che.api.user.server.model.impl.UserImpl)2 EnvironmentContext (org.eclipse.che.commons.env.EnvironmentContext)2 Subject (org.eclipse.che.commons.subject.Subject)2 Test (org.testng.annotations.Test)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial