Example 1 with JwtPrincipal
use of org.sdase.commons.server.auth.JwtPrincipal in project sda-dropwizard-commons by SDA-SE.
the class SecureEndPoint method returnClaims.
@GET
@Produces(APPLICATION_JSON)
public Response returnClaims() {
JwtPrincipal jwtPrincipal = (JwtPrincipal) securityContext.getUserPrincipal();
Map<String, Claim> claims = jwtPrincipal.getClaims();
Map<String, String> claimsAsString = claims.entrySet().stream().collect(toMap(Map.Entry::getKey, e -> e.getValue().asString()));
return Response.ok(claimsAsString).build();
}
Also used :
Context(javax.ws.rs.core.Context)
Collectors.toMap(java.util.stream.Collectors.toMap)
Produces(javax.ws.rs.Produces)
Response(javax.ws.rs.core.Response)
PermitAll(javax.annotation.security.PermitAll)
GET(javax.ws.rs.GET)
Map(java.util.Map)
JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal)
Path(javax.ws.rs.Path)
SecurityContext(javax.ws.rs.core.SecurityContext)
APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON)
Claim(com.auth0.jwt.interfaces.Claim)
JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal)
Collectors.toMap(java.util.stream.Collectors.toMap)
Map(java.util.Map)
Claim(com.auth0.jwt.interfaces.Claim)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 2 with JwtPrincipal
use of org.sdase.commons.server.auth.JwtPrincipal in project sda-dropwizard-commons by SDA-SE.
the class JwtAuthFilterTest method shouldAcceptOnAnonymousPayload.
@Test
public void shouldAcceptOnAnonymousPayload() throws AuthenticationException {
// given
MultivaluedStringMap headers = new MultivaluedStringMap();
headers.add(HttpHeaders.AUTHORIZATION, "Bearer MY_JWT");
when(requestContext.getHeaders()).thenReturn(headers);
when(authenticator.authenticate(credentialsCaptor.capture())).thenReturn(Optional.of(JwtPrincipal.emptyPrincipal()));
JwtAuthFilter authFilter = new Builder<JwtPrincipal>().setAcceptAnonymous(true).setAuthenticator(authenticator).buildAuthFilter();
// when
authFilter.filter(requestContext);
// then
assertThat(credentialsCaptor.getValue()).contains("MY_JWT");
}
Also used :
MultivaluedStringMap(org.glassfish.jersey.internal.util.collection.MultivaluedStringMap)
JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal)
Test(org.junit.Test)
Example 3 with JwtPrincipal
use of org.sdase.commons.server.auth.JwtPrincipal in project sda-dropwizard-commons by SDA-SE.
the class OpaAuthFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext) {
Span span = tracer.buildSpan("authorizeUsingOpa").withTag("opa.allow", false).withTag(COMPONENT, "OpaAuthFilter").start();
try (Scope ignored = tracer.scopeManager().activate(span)) {
// collect input parameters for Opa request
UriInfo uriInfo = requestContext.getUriInfo();
String method = requestContext.getMethod();
String trace = requestContext.getHeaderString(RequestTracing.TOKEN_HEADER);
String jwt = null;
// if security context already exist and if it is a jwt security context,
// we include the jwt in the request
SecurityContext securityContext = requestContext.getSecurityContext();
Map<String, Claim> claims = null;
if (null != securityContext) {
JwtPrincipal jwtPrincipal = getJwtPrincipal(requestContext.getSecurityContext());
if (jwtPrincipal != null) {
// JWT principal found, this means that JWT has been validated by
// auth bundle
// and can be used within this bundle
jwt = jwtPrincipal.getJwt();
claims = jwtPrincipal.getClaims();
}
}
JsonNode constraints = null;
if (!isDisabled && !isExcluded(uriInfo)) {
// process the actual request to the open policy agent server
String[] path = uriInfo.getPathSegments().stream().map(PathSegment::getPath).toArray(String[]::new);
OpaInput opaInput = new OpaInput(jwt, path, method, trace);
ObjectNode objectNode = om.convertValue(opaInput, ObjectNode.class);
// append the input extensions to the input object
inputExtensions.forEach((namespace, extension) -> objectNode.set(namespace, om.valueToTree(extension.createAdditionalInputContent(requestContext))));
OpaRequest request = OpaRequest.request(objectNode);
constraints = authorizeWithOpa(request, span);
}
OpaJwtPrincipal principal = OpaJwtPrincipal.create(jwt, claims, constraints, om);
replaceSecurityContext(requestContext, securityContext, principal);
} finally {
span.finish();
}
}
Also used :
OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal)
ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode)
JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal)
OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
Span(io.opentracing.Span)
Scope(io.opentracing.Scope)
SecurityContext(javax.ws.rs.core.SecurityContext)
OpaRequest(org.sdase.commons.server.opa.filter.model.OpaRequest)
UriInfo(javax.ws.rs.core.UriInfo)
Claim(com.auth0.jwt.interfaces.Claim)
OpaInput(org.sdase.commons.server.opa.filter.model.OpaInput)
Example 4 with JwtPrincipal
use of org.sdase.commons.server.auth.JwtPrincipal in project sda-dropwizard-commons by SDA-SE.
the class JwtAuthFilterTest method shouldAcceptOnAnonymousEmpty.
@Test
public void shouldAcceptOnAnonymousEmpty() throws AuthenticationException {
// given
MultivaluedStringMap headers = new MultivaluedStringMap();
when(requestContext.getHeaders()).thenReturn(headers);
when(authenticator.authenticate(credentialsCaptor.capture())).thenReturn(Optional.empty());
JwtAuthFilter authFilter = new Builder<JwtPrincipal>().setAcceptAnonymous(true).setAuthenticator(authenticator).buildAuthFilter();
// when
authFilter.filter(requestContext);
// then
assertThat(credentialsCaptor.getValue()).isEmpty();
}
Also used :
MultivaluedStringMap(org.glassfish.jersey.internal.util.collection.MultivaluedStringMap)
JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal)
Test(org.junit.Test)
Example 5 with JwtPrincipal
use of org.sdase.commons.server.auth.JwtPrincipal in project sda-dropwizard-commons by SDA-SE.
the class JwtAuthFilterTest method throwsOnDefaultEmpty.
@Test(expected = JwtAuthException.class)
public void throwsOnDefaultEmpty() throws AuthenticationException {
// given
MultivaluedStringMap headers = new MultivaluedStringMap();
when(requestContext.getHeaders()).thenReturn(headers);
when(authenticator.authenticate(credentialsCaptor.capture())).thenReturn(Optional.empty());
JwtAuthFilter<JwtPrincipal> authFilter = new Builder<JwtPrincipal>().setAuthenticator(authenticator).buildAuthFilter();
// when
authFilter.filter(requestContext);
}
Also used :
MultivaluedStringMap(org.glassfish.jersey.internal.util.collection.MultivaluedStringMap)
JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal)
Builder(org.sdase.commons.server.auth.filter.JwtAuthFilter.Builder)
Test(org.junit.Test)
Aggregations
JwtPrincipal (org.sdase.commons.server.auth.JwtPrincipal)5
MultivaluedStringMap (org.glassfish.jersey.internal.util.collection.MultivaluedStringMap)3
Test (org.junit.Test)3
Claim (com.auth0.jwt.interfaces.Claim)2
SecurityContext (javax.ws.rs.core.SecurityContext)2
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)1
Scope (io.opentracing.Scope)1
Span (io.opentracing.Span)1
Map (java.util.Map)1
Collectors.toMap (java.util.stream.Collectors.toMap)1
PermitAll (javax.annotation.security.PermitAll)1
GET (javax.ws.rs.GET)1
Path (javax.ws.rs.Path)1
Produces (javax.ws.rs.Produces)1
Context (javax.ws.rs.core.Context)1
APPLICATION_JSON (javax.ws.rs.core.MediaType.APPLICATION_JSON)1
Response (javax.ws.rs.core.Response)1
UriInfo (javax.ws.rs.core.UriInfo)1
Builder (org.sdase.commons.server.auth.filter.JwtAuthFilter.Builder)1
