Search in sources :

Example 1 with OpaJwtPrincipal

use of org.sdase.commons.server.opa.OpaJwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class OpaJwtPrincipalFactoryTest method shouldSkipOtherTypeOfPrincipal.

@Test
public void shouldSkipOtherTypeOfPrincipal() {
    Principal given = emptyGenericPrincipal();
    when(securityContextMock.getUserPrincipal()).thenReturn(given);
    OpaJwtPrincipal actual = opaJwtPrincipalFactory.provide();
    assertThat(actual).isNull();
}
Also used : OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) Principal(java.security.Principal) OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) Test(org.junit.Test)

Example 2 with OpaJwtPrincipal

use of org.sdase.commons.server.opa.OpaJwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class OpaAuthFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) {
    Span span = tracer.buildSpan("authorizeUsingOpa").withTag("opa.allow", false).withTag(COMPONENT, "OpaAuthFilter").start();
    try (Scope ignored = tracer.scopeManager().activate(span)) {
        // collect input parameters for Opa request
        UriInfo uriInfo = requestContext.getUriInfo();
        String method = requestContext.getMethod();
        String trace = requestContext.getHeaderString(RequestTracing.TOKEN_HEADER);
        String jwt = null;
        // if security context already exist and if it is a jwt security context,
        // we include the jwt in the request
        SecurityContext securityContext = requestContext.getSecurityContext();
        Map<String, Claim> claims = null;
        if (null != securityContext) {
            JwtPrincipal jwtPrincipal = getJwtPrincipal(requestContext.getSecurityContext());
            if (jwtPrincipal != null) {
                // JWT principal found, this means that JWT has been validated by
                // auth bundle
                // and can be used within this bundle
                jwt = jwtPrincipal.getJwt();
                claims = jwtPrincipal.getClaims();
            }
        }
        JsonNode constraints = null;
        if (!isDisabled && !isExcluded(uriInfo)) {
            // process the actual request to the open policy agent server
            String[] path = uriInfo.getPathSegments().stream().map(PathSegment::getPath).toArray(String[]::new);
            OpaInput opaInput = new OpaInput(jwt, path, method, trace);
            ObjectNode objectNode = om.convertValue(opaInput, ObjectNode.class);
            // append the input extensions to the input object
            inputExtensions.forEach((namespace, extension) -> objectNode.set(namespace, om.valueToTree(extension.createAdditionalInputContent(requestContext))));
            OpaRequest request = OpaRequest.request(objectNode);
            constraints = authorizeWithOpa(request, span);
        }
        OpaJwtPrincipal principal = OpaJwtPrincipal.create(jwt, claims, constraints, om);
        replaceSecurityContext(requestContext, securityContext, principal);
    } finally {
        span.finish();
    }
}
Also used : OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal) OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) JsonNode(com.fasterxml.jackson.databind.JsonNode) Span(io.opentracing.Span) Scope(io.opentracing.Scope) SecurityContext(javax.ws.rs.core.SecurityContext) OpaRequest(org.sdase.commons.server.opa.filter.model.OpaRequest) UriInfo(javax.ws.rs.core.UriInfo) Claim(com.auth0.jwt.interfaces.Claim) OpaInput(org.sdase.commons.server.opa.filter.model.OpaInput)

Example 3 with OpaJwtPrincipal

use of org.sdase.commons.server.opa.OpaJwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class Endpoint method postExcluded.

@POST
@Path("excluded/resources")
public Response postExcluded() throws IOException {
    // NOSONAR
    OpaJwtPrincipal principal = (OpaJwtPrincipal) securityContext.getUserPrincipal();
    PrincipalInfo result = new PrincipalInfo().setName(principal.getName()).setJwt(principal.getJwt()).setConstraints(principal.getConstraintsAsEntity(ConstraintModel.class));
    return Response.ok(result, MediaType.APPLICATION_JSON_TYPE).build();
}
Also used : OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 4 with OpaJwtPrincipal

use of org.sdase.commons.server.opa.OpaJwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class Endpoint method get.

@GET
@Path("resources")
public Response get() throws IOException {
    OpaJwtPrincipal principal = (OpaJwtPrincipal) securityContext.getUserPrincipal();
    PrincipalInfo result = new PrincipalInfo().setName(principal.getName()).setJwt(principal.getJwt()).setConstraints(principal.getConstraintsAsEntity(ConstraintModel.class));
    return Response.ok(result, MediaType.APPLICATION_JSON_TYPE).build();
}
Also used : OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Example 5 with OpaJwtPrincipal

use of org.sdase.commons.server.opa.OpaJwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class Endpoint method post.

@POST
@Path("resources/actions")
public Response post() throws IOException {
    // NOSONAR
    OpaJwtPrincipal principal = (OpaJwtPrincipal) securityContext.getUserPrincipal();
    PrincipalInfo result = new PrincipalInfo().setName(principal.getName()).setJwt(principal.getJwt()).setConstraints(principal.getConstraintsAsEntity(ConstraintModel.class));
    return Response.ok(result, MediaType.APPLICATION_JSON_TYPE).build();
}
Also used : OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Aggregations

OpaJwtPrincipal (org.sdase.commons.server.opa.OpaJwtPrincipal)8 Principal (java.security.Principal)3 Path (javax.ws.rs.Path)3 Test (org.junit.Test)3 POST (javax.ws.rs.POST)2 SecurityContext (javax.ws.rs.core.SecurityContext)2 JwtPrincipal (org.sdase.commons.server.auth.JwtPrincipal)2 Claim (com.auth0.jwt.interfaces.Claim)1 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)1 Scope (io.opentracing.Scope)1 Span (io.opentracing.Span)1 GET (javax.ws.rs.GET)1 UriInfo (javax.ws.rs.core.UriInfo)1 NotImplementedException (org.apache.commons.lang3.NotImplementedException)1 OpaInput (org.sdase.commons.server.opa.filter.model.OpaInput)1 OpaRequest (org.sdase.commons.server.opa.filter.model.OpaRequest)1