Search in sources :

Example 1 with JwtPrincipal

use of org.sdase.commons.server.auth.JwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class SecureEndPoint method returnClaims.

@GET
@Produces(APPLICATION_JSON)
public Response returnClaims() {
    JwtPrincipal jwtPrincipal = (JwtPrincipal) securityContext.getUserPrincipal();
    Map<String, Claim> claims = jwtPrincipal.getClaims();
    Map<String, String> claimsAsString = claims.entrySet().stream().collect(toMap(Map.Entry::getKey, e -> e.getValue().asString()));
    return Response.ok(claimsAsString).build();
}
Also used : Context(javax.ws.rs.core.Context) Collectors.toMap(java.util.stream.Collectors.toMap) Produces(javax.ws.rs.Produces) Response(javax.ws.rs.core.Response) PermitAll(javax.annotation.security.PermitAll) GET(javax.ws.rs.GET) Map(java.util.Map) JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal) Path(javax.ws.rs.Path) SecurityContext(javax.ws.rs.core.SecurityContext) APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON) Claim(com.auth0.jwt.interfaces.Claim) JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal) Collectors.toMap(java.util.stream.Collectors.toMap) Map(java.util.Map) Claim(com.auth0.jwt.interfaces.Claim) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 2 with JwtPrincipal

use of org.sdase.commons.server.auth.JwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class JwtAuthFilterTest method shouldAcceptOnAnonymousPayload.

@Test
public void shouldAcceptOnAnonymousPayload() throws AuthenticationException {
    // given
    MultivaluedStringMap headers = new MultivaluedStringMap();
    headers.add(HttpHeaders.AUTHORIZATION, "Bearer MY_JWT");
    when(requestContext.getHeaders()).thenReturn(headers);
    when(authenticator.authenticate(credentialsCaptor.capture())).thenReturn(Optional.of(JwtPrincipal.emptyPrincipal()));
    JwtAuthFilter authFilter = new Builder<JwtPrincipal>().setAcceptAnonymous(true).setAuthenticator(authenticator).buildAuthFilter();
    // when
    authFilter.filter(requestContext);
    // then
    assertThat(credentialsCaptor.getValue()).contains("MY_JWT");
}
Also used : MultivaluedStringMap(org.glassfish.jersey.internal.util.collection.MultivaluedStringMap) JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal) Test(org.junit.Test)

Example 3 with JwtPrincipal

use of org.sdase.commons.server.auth.JwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class OpaAuthFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) {
    Span span = tracer.buildSpan("authorizeUsingOpa").withTag("opa.allow", false).withTag(COMPONENT, "OpaAuthFilter").start();
    try (Scope ignored = tracer.scopeManager().activate(span)) {
        // collect input parameters for Opa request
        UriInfo uriInfo = requestContext.getUriInfo();
        String method = requestContext.getMethod();
        String trace = requestContext.getHeaderString(RequestTracing.TOKEN_HEADER);
        String jwt = null;
        // if security context already exist and if it is a jwt security context,
        // we include the jwt in the request
        SecurityContext securityContext = requestContext.getSecurityContext();
        Map<String, Claim> claims = null;
        if (null != securityContext) {
            JwtPrincipal jwtPrincipal = getJwtPrincipal(requestContext.getSecurityContext());
            if (jwtPrincipal != null) {
                // JWT principal found, this means that JWT has been validated by
                // auth bundle
                // and can be used within this bundle
                jwt = jwtPrincipal.getJwt();
                claims = jwtPrincipal.getClaims();
            }
        }
        JsonNode constraints = null;
        if (!isDisabled && !isExcluded(uriInfo)) {
            // process the actual request to the open policy agent server
            String[] path = uriInfo.getPathSegments().stream().map(PathSegment::getPath).toArray(String[]::new);
            OpaInput opaInput = new OpaInput(jwt, path, method, trace);
            ObjectNode objectNode = om.convertValue(opaInput, ObjectNode.class);
            // append the input extensions to the input object
            inputExtensions.forEach((namespace, extension) -> objectNode.set(namespace, om.valueToTree(extension.createAdditionalInputContent(requestContext))));
            OpaRequest request = OpaRequest.request(objectNode);
            constraints = authorizeWithOpa(request, span);
        }
        OpaJwtPrincipal principal = OpaJwtPrincipal.create(jwt, claims, constraints, om);
        replaceSecurityContext(requestContext, securityContext, principal);
    } finally {
        span.finish();
    }
}
Also used : OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal) OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) JsonNode(com.fasterxml.jackson.databind.JsonNode) Span(io.opentracing.Span) Scope(io.opentracing.Scope) SecurityContext(javax.ws.rs.core.SecurityContext) OpaRequest(org.sdase.commons.server.opa.filter.model.OpaRequest) UriInfo(javax.ws.rs.core.UriInfo) Claim(com.auth0.jwt.interfaces.Claim) OpaInput(org.sdase.commons.server.opa.filter.model.OpaInput)

Example 4 with JwtPrincipal

use of org.sdase.commons.server.auth.JwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class JwtAuthFilterTest method shouldAcceptOnAnonymousEmpty.

@Test
public void shouldAcceptOnAnonymousEmpty() throws AuthenticationException {
    // given
    MultivaluedStringMap headers = new MultivaluedStringMap();
    when(requestContext.getHeaders()).thenReturn(headers);
    when(authenticator.authenticate(credentialsCaptor.capture())).thenReturn(Optional.empty());
    JwtAuthFilter authFilter = new Builder<JwtPrincipal>().setAcceptAnonymous(true).setAuthenticator(authenticator).buildAuthFilter();
    // when
    authFilter.filter(requestContext);
    // then
    assertThat(credentialsCaptor.getValue()).isEmpty();
}
Also used : MultivaluedStringMap(org.glassfish.jersey.internal.util.collection.MultivaluedStringMap) JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal) Test(org.junit.Test)

Example 5 with JwtPrincipal

use of org.sdase.commons.server.auth.JwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class JwtAuthFilterTest method throwsOnDefaultEmpty.

@Test(expected = JwtAuthException.class)
public void throwsOnDefaultEmpty() throws AuthenticationException {
    // given
    MultivaluedStringMap headers = new MultivaluedStringMap();
    when(requestContext.getHeaders()).thenReturn(headers);
    when(authenticator.authenticate(credentialsCaptor.capture())).thenReturn(Optional.empty());
    JwtAuthFilter<JwtPrincipal> authFilter = new Builder<JwtPrincipal>().setAuthenticator(authenticator).buildAuthFilter();
    // when
    authFilter.filter(requestContext);
}
Also used : MultivaluedStringMap(org.glassfish.jersey.internal.util.collection.MultivaluedStringMap) JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal) Builder(org.sdase.commons.server.auth.filter.JwtAuthFilter.Builder) Test(org.junit.Test)

Aggregations

JwtPrincipal (org.sdase.commons.server.auth.JwtPrincipal)5 MultivaluedStringMap (org.glassfish.jersey.internal.util.collection.MultivaluedStringMap)3 Test (org.junit.Test)3 Claim (com.auth0.jwt.interfaces.Claim)2 SecurityContext (javax.ws.rs.core.SecurityContext)2 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)1 Scope (io.opentracing.Scope)1 Span (io.opentracing.Span)1 Map (java.util.Map)1 Collectors.toMap (java.util.stream.Collectors.toMap)1 PermitAll (javax.annotation.security.PermitAll)1 GET (javax.ws.rs.GET)1 Path (javax.ws.rs.Path)1 Produces (javax.ws.rs.Produces)1 Context (javax.ws.rs.core.Context)1 APPLICATION_JSON (javax.ws.rs.core.MediaType.APPLICATION_JSON)1 Response (javax.ws.rs.core.Response)1 UriInfo (javax.ws.rs.core.UriInfo)1 Builder (org.sdase.commons.server.auth.filter.JwtAuthFilter.Builder)1