Examples with Authorities org.eclipse.hono.auth.Authorities used on opensource projects

Example 6 with Authorities

use of org.eclipse.hono.auth.Authorities in project hono by eclipse.

the class AddressAuthzHelper method processAddressAuthzCapability.

/**
 * Processes a peer's AMQP <em>open</em> frame by setting a connection property with a map of the authenticated
 * user's authorities as described in
 * <a href="https://github.com/EnMasseProject/enmasse/issues/702">EnMasse issue #702</a>.
 *
 * @param connection The connection to get authorities for.
 */
public static void processAddressAuthzCapability(final ProtonConnection connection) {
    if (LOG.isDebugEnabled()) {
        final Map<Symbol, Object> remoteProperties = connection.getRemoteProperties();
        if (remoteProperties != null) {
            final String props = remoteProperties.entrySet().stream().map(entry -> String.format("[%s: %s]", entry.getKey(), entry.getValue().toString())).collect(Collectors.joining(", "));
            LOG.debug("client connection [container: {}] includes properties: {}", connection.getRemoteContainer(), props);
        }
    }
    final HonoUser clientPrincipal = Constants.getClientPrincipal(connection);
    final Map<String, String[]> permissions = getPermissionsFromAuthorities(clientPrincipal.getAuthorities());
    final Map<Symbol, Object> properties = new HashMap<>();
    final boolean isLegacy = isLegacyClient(connection);
    if (isLegacy) {
        properties.put(PROPERTY_AUTH_IDENTITY, clientPrincipal.getName());
    } else {
        properties.put(PROPERTY_AUTH_IDENTITY, Collections.singletonMap("sub", clientPrincipal.getName()));
    }
    properties.put(PROPERTY_ADDRESS_AUTHZ, permissions);
    connection.setProperties(properties);
    connection.setOfferedCapabilities(new Symbol[] { CAPABILITY_ADDRESS_AUTHZ });
    LOG.debug("transferring {} permissions of client [container: {}, user: {}] in open frame [legacy format: {}]", permissions.size(), connection.getRemoteContainer(), clientPrincipal.getName(), isLegacy);
}

Example 7 with Authorities

use of org.eclipse.hono.auth.Authorities in project hono by eclipse.

the class FileBasedAuthenticationService method getAuthorities.

private Authorities getAuthorities(final JsonObject user) {
    final AuthoritiesImpl result = new AuthoritiesImpl();
    user.getJsonArray(FIELD_AUTHORITIES).forEach(obj -> {
        final String authority = (String) obj;
        final Authorities roleAuthorities = roles.get(authority);
        if (roleAuthorities != null) {
            result.addAll(roleAuthorities);
        }
    });
    return result;
}

Example 8 with Authorities

use of org.eclipse.hono.auth.Authorities in project hono by eclipse.

the class FileBasedAuthenticationService method verify.

private void verify(final String authenticationId, final JsonObject user, final String authorizationId, final Handler<AsyncResult<HonoUser>> authenticationResultHandler) {
    JsonObject effectiveUser = user;
    String effectiveAuthorizationId = authenticationId;
    if (authorizationId != null && !authorizationId.isEmpty() && isAuthorizedToImpersonate(user)) {
        final JsonObject impersonatedUser = users.get(authorizationId);
        if (impersonatedUser != null) {
            effectiveUser = impersonatedUser;
            effectiveAuthorizationId = authorizationId;
            log.debug("granting authorization id specified by client");
        } else {
            log.debug("no user found for authorization id provided by client, granting authentication id instead");
        }
    }
    final Authorities grantedAuthorities = getAuthorities(effectiveUser);
    final String grantedAuthorizationId = effectiveAuthorizationId;
    final Instant tokenExpirationTime = Instant.now().plus(tokenFactory.getTokenLifetime());
    final String token = tokenFactory.createToken(grantedAuthorizationId, grantedAuthorities);
    final HonoUser honoUser = new HonoUser() {

        @Override
        public String getName() {
            return grantedAuthorizationId;
        }

        @Override
        public String getToken() {
            return token;
        }

        @Override
        public Authorities getAuthorities() {
            return grantedAuthorities;
        }

        @Override
        public boolean isExpired() {
            return !Instant.now().isBefore(tokenExpirationTime);
        }

        @Override
        public Instant getExpirationTime() {
            return tokenExpirationTime;
        }
    };
    authenticationResultHandler.handle(Future.succeededFuture(honoUser));
}

Example 9 with Authorities

use of org.eclipse.hono.auth.Authorities in project hono by eclipse.

the class AuthTokenHelperImplTest method testCreateAndExpandToken.

/**
 * Verifies that the helper can create a token for a given set of
 * authorities and can then parse the token again.
 */
@Test
public void testCreateAndExpandToken() {
    final Authorities authorities = new AuthoritiesImpl().addResource("telemetry", "*", Activity.READ, Activity.WRITE).addOperation("registration", "*", "assert");
    final Instant expirationMin = Instant.now().plusSeconds(59);
    final Instant expirationMax = expirationMin.plusSeconds(2);
    final String token = helper.createToken("userA", authorities);
    final Jws<Claims> parsedToken = helper.expand(token);
    assertThat(parsedToken.getBody()).isNotNull();
    assertThat(parsedToken.getBody().getExpiration().toInstant()).isAtLeast(expirationMin);
    assertThat(parsedToken.getBody().getExpiration().toInstant()).isAtMost(expirationMax);
}