Examples with OpaJwtPrincipal org.sdase.commons.server.opa.OpaJwtPrincipal used on opensource projects

Search in sources :

Example 1 with OpaJwtPrincipal

use of org.sdase.commons.server.opa.OpaJwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class OpaJwtPrincipalFactoryTest method shouldSkipOtherTypeOfPrincipal.

@Test
public void shouldSkipOtherTypeOfPrincipal() {
    Principal given = emptyGenericPrincipal();
    when(securityContextMock.getUserPrincipal()).thenReturn(given);
    OpaJwtPrincipal actual = opaJwtPrincipalFactory.provide();
    assertThat(actual).isNull();
}
Also used : OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) Principal(java.security.Principal) OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) Test(org.junit.Test)

Example 2 with OpaJwtPrincipal

use of org.sdase.commons.server.opa.OpaJwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class OpaAuthFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) {
    Span span = tracer.buildSpan("authorizeUsingOpa").withTag("opa.allow", false).withTag(COMPONENT, "OpaAuthFilter").start();
    try (Scope ignored = tracer.scopeManager().activate(span)) {
        // collect input parameters for Opa request
        UriInfo uriInfo = requestContext.getUriInfo();
        String method = requestContext.getMethod();
        String trace = requestContext.getHeaderString(RequestTracing.TOKEN_HEADER);
        String jwt = null;
        // if security context already exist and if it is a jwt security context,
        // we include the jwt in the request
        SecurityContext securityContext = requestContext.getSecurityContext();
        Map<String, Claim> claims = null;
        if (null != securityContext) {
            JwtPrincipal jwtPrincipal = getJwtPrincipal(requestContext.getSecurityContext());
            if (jwtPrincipal != null) {
                // JWT principal found, this means that JWT has been validated by
                // auth bundle
                // and can be used within this bundle
                jwt = jwtPrincipal.getJwt();
                claims = jwtPrincipal.getClaims();
            }
        }
        JsonNode constraints = null;
        if (!isDisabled && !isExcluded(uriInfo)) {
            // process the actual request to the open policy agent server
            String[] path = uriInfo.getPathSegments().stream().map(PathSegment::getPath).toArray(String[]::new);
            OpaInput opaInput = new OpaInput(jwt, path, method, trace);
            ObjectNode objectNode = om.convertValue(opaInput, ObjectNode.class);
            // append the input extensions to the input object
            inputExtensions.forEach((namespace, extension) -> objectNode.set(namespace, om.valueToTree(extension.createAdditionalInputContent(requestContext))));
            OpaRequest request = OpaRequest.request(objectNode);
            constraints = authorizeWithOpa(request, span);
        }
        OpaJwtPrincipal principal = OpaJwtPrincipal.create(jwt, claims, constraints, om);
        replaceSecurityContext(requestContext, securityContext, principal);
    } finally {
        span.finish();
    }
}
Also used : OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal) OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) JsonNode(com.fasterxml.jackson.databind.JsonNode) Span(io.opentracing.Span) Scope(io.opentracing.Scope) SecurityContext(javax.ws.rs.core.SecurityContext) OpaRequest(org.sdase.commons.server.opa.filter.model.OpaRequest) UriInfo(javax.ws.rs.core.UriInfo) Claim(com.auth0.jwt.interfaces.Claim) OpaInput(org.sdase.commons.server.opa.filter.model.OpaInput)

Example 3 with OpaJwtPrincipal

use of org.sdase.commons.server.opa.OpaJwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class Endpoint method postExcluded.

@POST
@Path("excluded/resources")
public Response postExcluded() throws IOException {
    // NOSONAR
    OpaJwtPrincipal principal = (OpaJwtPrincipal) securityContext.getUserPrincipal();
    PrincipalInfo result = new PrincipalInfo().setName(principal.getName()).setJwt(principal.getJwt()).setConstraints(principal.getConstraintsAsEntity(ConstraintModel.class));
    return Response.ok(result, MediaType.APPLICATION_JSON_TYPE).build();
}
Also used : OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 4 with OpaJwtPrincipal

use of org.sdase.commons.server.opa.OpaJwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class Endpoint method get.

@GET
@Path("resources")
public Response get() throws IOException {
    OpaJwtPrincipal principal = (OpaJwtPrincipal) securityContext.getUserPrincipal();
    PrincipalInfo result = new PrincipalInfo().setName(principal.getName()).setJwt(principal.getJwt()).setConstraints(principal.getConstraintsAsEntity(ConstraintModel.class));
    return Response.ok(result, MediaType.APPLICATION_JSON_TYPE).build();
}
Also used : OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Example 5 with OpaJwtPrincipal

use of org.sdase.commons.server.opa.OpaJwtPrincipal in project sda-dropwizard-commons by SDA-SE.

the class Endpoint method post.

@POST
@Path("resources/actions")
public Response post() throws IOException {
    // NOSONAR
    OpaJwtPrincipal principal = (OpaJwtPrincipal) securityContext.getUserPrincipal();
    PrincipalInfo result = new PrincipalInfo().setName(principal.getName()).setJwt(principal.getJwt()).setConstraints(principal.getConstraintsAsEntity(ConstraintModel.class));
    return Response.ok(result, MediaType.APPLICATION_JSON_TYPE).build();
}
Also used : OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Aggregations

OpaJwtPrincipal (org.sdase.commons.server.opa.OpaJwtPrincipal)8 Principal (java.security.Principal)3 Path (javax.ws.rs.Path)3 Test (org.junit.Test)3 POST (javax.ws.rs.POST)2 SecurityContext (javax.ws.rs.core.SecurityContext)2 JwtPrincipal (org.sdase.commons.server.auth.JwtPrincipal)2 Claim (com.auth0.jwt.interfaces.Claim)1 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)1 Scope (io.opentracing.Scope)1 Span (io.opentracing.Span)1 GET (javax.ws.rs.GET)1 UriInfo (javax.ws.rs.core.UriInfo)1 NotImplementedException (org.apache.commons.lang3.NotImplementedException)1 OpaInput (org.sdase.commons.server.opa.filter.model.OpaInput)1 OpaRequest (org.sdase.commons.server.opa.filter.model.OpaRequest)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial