builder.setToken(ctx.getToken());
public AuthorizationContext createAuthorizationContext(Signer tokenSigner, String userLink) { Claims.Builder cb = new Claims.Builder(); cb.setIssuer(AuthenticationConstants.DEFAULT_ISSUER); cb.setSubject(userLink); cb.setExpirationTime(Instant.MAX.getEpochSecond()); // Generate token for set of claims Claims claims = cb.getResult(); String token; try { token = tokenSigner.sign(claims); } catch (GeneralSecurityException e) { // This function is run first when the host starts, which will fail if this // exception comes up. This is necessary because the host cannot function // without having access to the system user's context. throw new RuntimeException(e); } AuthorizationContext.Builder ab = AuthorizationContext.Builder.create(); ab.setClaims(claims); ab.setToken(token); ab.setPropagateToClient(false); return ab.getResult(); }
ab.setToken(token); op.setBody(ab.getResult()); op.complete();
ab.setToken(token); ab.setPropagateToClient(propagateToClient);
private AuthorizationContext checkAndGetAuthorizationContext(AuthorizationContext ctx, Claims claims, String token, Operation op, OperationProcessingContext context) { ServiceHost host = context.getHost(); if (claims == null) { host.log(Level.INFO, "Request to %s has no claims found with token: %s", op.getUri().getPath(), token); return null; } Long expirationTime = claims.getExpirationTime(); if (expirationTime != null && TimeUnit.SECONDS.toMicros(expirationTime) <= Utils.getSystemNowMicrosUtc()) { host.log(Level.FINE, "Token expired for %s", claims.getSubject()); host.clearAuthorizationContext(null, claims.getSubject()); return null; } if (ctx != null) { return ctx; } AuthorizationContext.Builder b = AuthorizationContext.Builder.create(); b.setClaims(claims); b.setToken(token); ctx = b.getResult(); host.cacheAuthorizationContext(null, token, ctx); return ctx; }
/** * Inject user identity into operation context. * * @param userServicePath user document link * @param properties custom properties in claims * @throws GeneralSecurityException any generic security exception */ public AuthorizationContext assumeIdentity(String userServicePath, Map<String, String> properties) throws GeneralSecurityException { Claims.Builder builder = new Claims.Builder(); builder.setSubject(userServicePath); builder.setProperties(properties); Claims claims = builder.getResult(); String token = getTokenSigner().sign(claims); AuthorizationContext.Builder ab = AuthorizationContext.Builder.create(); ab.setClaims(claims); ab.setToken(token); // Associate resulting authorization context with this thread AuthorizationContext authContext = ab.getResult(); setAuthorizationContext(authContext); return authContext; }
/** * Inject user identity into operation context. * * @param userServicePath user document link * @param properties custom properties in claims * @throws GeneralSecurityException any generic security exception */ public AuthorizationContext assumeIdentity(String userServicePath, Map<String, String> properties) throws GeneralSecurityException { Claims.Builder builder = new Claims.Builder(); builder.setSubject(userServicePath); builder.setProperties(properties); Claims claims = builder.getResult(); String token = getTokenSigner().sign(claims); AuthorizationContext.Builder ab = AuthorizationContext.Builder.create(); ab.setClaims(claims); ab.setToken(token); // Associate resulting authorization context with this thread AuthorizationContext authContext = ab.getResult(); setAuthorizationContext(authContext); return authContext; }
private void handleSetAuthorizationContext(Operation op) { Claims claims = op.getBody(Claims.class); String token; // This signs an unchecked set of claims. // Never do this in production code... try { token = getTokenSigner().sign(claims); } catch (Exception e) { op.fail(e); return; } AuthorizationContext.Builder ab = AuthorizationContext.Builder.create(); ab.setClaims(claims); ab.setToken(token); ab.setPropagateToClient(true); // Associate resulting authorization context with operation. setAuthorizationContext(op, ab.getResult()); op.complete(); }
private void handleSetAuthorizationContext(Operation op) { Claims claims = op.getBody(Claims.class); String token; // This signs an unchecked set of claims. // Never do this in production code... try { token = getTokenSigner().sign(claims); } catch (Exception e) { op.fail(e); return; } AuthorizationContext.Builder ab = AuthorizationContext.Builder.create(); ab.setClaims(claims); ab.setToken(token); ab.setPropagateToClient(true); // Associate resulting authorization context with operation. setAuthorizationContext(op, ab.getResult()); op.complete(); }
AuthorizationContext createAuthorizationContext(String subject, VerificationHost host) throws GeneralSecurityException { Map<String, String> properties = new HashMap<>(); properties.put("hello", "world"); Claims.Builder builder = new Claims.Builder(); builder.setIssuer(AuthenticationConstants.DEFAULT_ISSUER); builder.setSubject(UriUtils.buildUriPath(ServiceUriPaths.CORE_AUTHZ_USERS, subject)); long expirationTimeMicros = Utils.fromNowMicrosUtc(TimeUnit.HOURS.toMicros(1)); builder.setExpirationTime(TimeUnit.MICROSECONDS.toSeconds(expirationTimeMicros)); builder.setProperties(properties); Claims claims = builder.getResult(); AuthorizationContext.Builder ab = AuthorizationContext.Builder.create(); ab.setClaims(claims); ab.setToken(host.getTokenSigner().sign(claims)); return ab.getResult(); }
AuthorizationContext createAuthorizationContext(String subject, VerificationHost host) throws GeneralSecurityException { Map<String, String> properties = new HashMap<>(); properties.put("hello", "world"); Claims.Builder builder = new Claims.Builder(); builder.setIssuer(AuthenticationConstants.DEFAULT_ISSUER); builder.setSubject(UriUtils.buildUriPath(ServiceUriPaths.CORE_AUTHZ_USERS, subject)); long expirationTimeMicros = Utils.fromNowMicrosUtc(TimeUnit.HOURS.toMicros(1)); builder.setExpirationTime(TimeUnit.MICROSECONDS.toSeconds(expirationTimeMicros)); builder.setProperties(properties); Claims claims = builder.getResult(); AuthorizationContext.Builder ab = AuthorizationContext.Builder.create(); ab.setClaims(claims); ab.setToken(host.getTokenSigner().sign(claims)); return ab.getResult(); }
private AuthorizationContext createAuthContext(ServiceHost host, String subject, long expiration) throws Exception { Claims.Builder builder = new Claims.Builder(); builder.setIssuer(AuthenticationConstants.DEFAULT_ISSUER); builder.setSubject(subject); builder.setExpirationTime(expiration); Claims claims = builder.getResult(); String token = host.getTokenSigner().sign(claims); AuthorizationContext.Builder ab = AuthorizationContext.Builder.create(); ab.setClaims(claims); ab.setToken(token); return ab.getResult(); }
private void associateAuthorizationContext(Service service, Operation op, String token) { Claims claims = getClaims(); AuthorizationContext.Builder ab = AuthorizationContext.Builder.create(); ab.setClaims(claims); ab.setToken(token); ab.setPropagateToClient(true); // associate resulting authorization context with operation. service.setAuthorizationContext(op, ab.getResult()); }
private void associateAuthorizationContext(Service service, Operation op, String token) { Claims claims = getClaims(); AuthorizationContext.Builder ab = AuthorizationContext.Builder.create(); ab.setClaims(claims); ab.setToken(token); ab.setPropagateToClient(true); // associate resulting authorization context with operation. service.setAuthorizationContext(op, ab.getResult()); }