private OutboundSecurityResponse propagate(JwtOutboundTarget outboundTarget, String token) { Map<String, List<String>> headers = new HashMap<>(); outboundTarget.outboundHandler.header(headers, token); return OutboundSecurityResponse.withHeaders(headers); }
private OutboundSecurityResponse propagate(JwtOutboundTarget outboundTarget, String token) { Map<String, List<String>> headers = new HashMap<>(); outboundTarget.outboundHandler.header(headers, token); return OutboundSecurityResponse.withHeaders(headers); }
private static OutboundSecurityResponse toBasicAuthOutbound(UserStore.User user) { String b64 = Base64.getEncoder() .encodeToString((user.login() + ":" + new String(user.password())).getBytes(StandardCharsets.UTF_8)); String basicAuthB64 = "basic " + b64; return OutboundSecurityResponse .withHeaders(CollectionsHelper.mapOf("Authorization", CollectionsHelper.listOf(basicAuthB64))); }
private OutboundSecurityResponse outboundSecurity(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig, TokenCredential token) { if (!token.getIssuer().map(issuer -> issuer.endsWith(".google.com")).orElse(false)) { // not our token :( return OutboundSecurityResponse.abstain(); } Map<String, List<String>> headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); headers.putAll(outboundEnv.headers()); tokenHandler.header(headers, token.token()); return OutboundSecurityResponse.withHeaders(headers); }
@Override protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig) { Optional<Subject> toPropagate; if (subjectType == SubjectType.USER) { toPropagate = providerRequest.securityContext().user(); } else { toPropagate = providerRequest.securityContext().service(); } return toPropagate .map(Subject::principal) .map(Principal::id) .map(id -> { Map<String, List<String>> headers = new HashMap<>(); outboundTokenHandler.header(headers, id); return OutboundSecurityResponse.withHeaders(headers); }) .orElse(OutboundSecurityResponse.abstain()); }
private OutboundSecurityResponse impersonate(JwtOutboundTarget ot, String username) { Map<String, List<String>> headers = new HashMap<>(); Jwk jwk = signKeys.forKeyId(ot.jwkKid) .orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined.")); Jwt.Builder builder = Jwt.builder(); builder.addPayloadClaim("name", username); builder.subject(username) .preferredUsername(username) .issuer(issuer) .algorithm(jwk.algorithm()); ot.update(builder); Jwt jwt = builder.build(); SignedJwt signed = SignedJwt.sign(jwt, jwk); ot.outboundHandler.header(headers, signed.tokenContent()); return OutboundSecurityResponse.withHeaders(headers); }
private OutboundSecurityResponse impersonate(JwtOutboundTarget ot, String username) { Map<String, List<String>> headers = new HashMap<>(); Jwk jwk = signKeys.forKeyId(ot.jwkKid) .orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined.")); Jwt.Builder builder = Jwt.builder(); builder.addPayloadClaim("name", username); builder.subject(username) .preferredUsername(username) .issuer(issuer) .algorithm(jwk.algorithm()); ot.update(builder); Jwt jwt = builder.build(); SignedJwt signed = SignedJwt.sign(jwt, jwk); ot.outboundHandler.header(headers, signed.tokenContent()); return OutboundSecurityResponse.withHeaders(headers); }
private OutboundSecurityResponse propagate(JwtOutboundTarget ot, Subject subject) { Map<String, List<String>> headers = new HashMap<>(); Jwk jwk = signKeys.forKeyId(ot.jwkKid) .orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined.")); Principal principal = subject.principal(); Jwt.Builder builder = Jwt.builder(); principal.abacAttributeNames().forEach(name -> { principal.abacAttribute(name).ifPresent(val -> builder.addPayloadClaim(name, val)); }); OptionalHelper.from(principal.abacAttribute("full_name")) .ifPresentOrElse(name -> builder.addPayloadClaim("name", name), () -> builder.removePayloadClaim("name")); builder.subject(principal.id()) .preferredUsername(principal.getName()) .issuer(issuer) .algorithm(jwk.algorithm()); ot.update(builder); // MP specific if (!principal.abacAttribute("upn").isPresent()) { builder.userPrincipal(principal.getName()); } Security.getRoles(subject) .forEach(builder::addUserGroup); Jwt jwt = builder.build(); SignedJwt signed = SignedJwt.sign(jwt, jwk); ot.outboundHandler.header(headers, signed.tokenContent()); return OutboundSecurityResponse.withHeaders(headers); }
private OutboundSecurityResponse propagate(JwtOutboundTarget ot, Subject subject) { Map<String, List<String>> headers = new HashMap<>(); Jwk jwk = signKeys.forKeyId(ot.jwkKid) .orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined.")); Principal principal = subject.principal(); Jwt.Builder builder = Jwt.builder(); principal.abacAttributeNames().forEach(name -> { principal.abacAttribute(name).ifPresent(val -> builder.addPayloadClaim(name, val)); }); OptionalHelper.from(principal.abacAttribute("full_name")) .ifPresentOrElse(name -> builder.addPayloadClaim("name", name), () -> builder.removePayloadClaim("name")); builder.subject(principal.id()) .preferredUsername(principal.getName()) .issuer(issuer) .algorithm(jwk.algorithm()); ot.update(builder); Jwt jwt = builder.build(); SignedJwt signed = SignedJwt.sign(jwt, jwk); ot.outboundHandler.header(headers, signed.tokenContent()); return OutboundSecurityResponse.withHeaders(headers); }
private OutboundSecurityResponse propagate(JwtOutboundTarget outboundTarget, String token) { Map<String, List<String>> headers = new HashMap<>(); outboundTarget.outboundHandler.header(headers, token); return OutboundSecurityResponse.withHeaders(headers); }
private OutboundSecurityResponse propagate(JwtOutboundTarget outboundTarget, String token) { Map<String, List<String>> headers = new HashMap<>(); outboundTarget.outboundHandler.header(headers, token); return OutboundSecurityResponse.withHeaders(headers); }
@Override protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig) { Optional<Subject> toPropagate; if (subjectType == SubjectType.USER) { toPropagate = providerRequest.getContext().getUser(); } else { toPropagate = providerRequest.getContext().getService(); } return toPropagate .map(Subject::getPrincipal) .map(Principal::getId) .map(id -> { Map<String, List<String>> headers = new HashMap<>(); outboundTokenHandler.setHeader(headers, id); return OutboundSecurityResponse.withHeaders(headers); }) .orElse(OutboundSecurityResponse.abstain()); }
@Override protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig) { Optional<Subject> toPropagate; if (subjectType == SubjectType.USER) { toPropagate = providerRequest.securityContext().user(); } else { toPropagate = providerRequest.securityContext().service(); } return toPropagate .map(Subject::principal) .map(Principal::id) .map(id -> { Map<String, List<String>> headers = new HashMap<>(); outboundTokenHandler.header(headers, id); return OutboundSecurityResponse.withHeaders(headers); }) .orElse(OutboundSecurityResponse.abstain()); }
private OutboundSecurityResponse impersonate(JwtOutboundTarget ot, String username) { Map<String, List<String>> headers = new HashMap<>(); Jwk jwk = signKeys.forKeyId(ot.jwkKid) .orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined.")); Jwt.Builder builder = Jwt.builder(); builder.addPayloadClaim("name", username); builder.subject(username) .preferredUsername(username) .issuer(issuer) .algorithm(jwk.algorithm()); ot.update(builder); Jwt jwt = builder.build(); SignedJwt signed = SignedJwt.sign(jwt, jwk); ot.outboundHandler.header(headers, signed.tokenContent()); return OutboundSecurityResponse.withHeaders(headers); }
private OutboundSecurityResponse impersonate(JwtOutboundTarget ot, String username) { Map<String, List<String>> headers = new HashMap<>(); Jwk jwk = signKeys.forKeyId(ot.jwkKid) .orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined.")); Jwt.Builder builder = Jwt.builder(); builder.addPayloadClaim("name", username); builder.subject(username) .preferredUsername(username) .issuer(issuer) .algorithm(jwk.algorithm()); ot.update(builder); Jwt jwt = builder.build(); SignedJwt signed = SignedJwt.sign(jwt, jwk); ot.outboundHandler.header(headers, signed.tokenContent()); return OutboundSecurityResponse.withHeaders(headers); }
private OutboundSecurityResponse propagate(JwtOutboundTarget ot, Subject subject) { Map<String, List<String>> headers = new HashMap<>(); Jwk jwk = signKeys.forKeyId(ot.jwkKid) .orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined.")); Principal principal = subject.principal(); Jwt.Builder builder = Jwt.builder(); principal.abacAttributeNames().forEach(name -> { principal.abacAttribute(name).ifPresent(val -> builder.addPayloadClaim(name, val)); }); OptionalHelper.from(principal.abacAttribute("full_name")) .ifPresentOrElse(name -> builder.addPayloadClaim("name", name), () -> builder.removePayloadClaim("name")); builder.subject(principal.id()) .preferredUsername(principal.getName()) .issuer(issuer) .algorithm(jwk.algorithm()); ot.update(builder); // MP specific if (!principal.abacAttribute("upn").isPresent()) { builder.userPrincipal(principal.getName()); } Security.getRoles(subject) .forEach(builder::addUserGroup); Jwt jwt = builder.build(); SignedJwt signed = SignedJwt.sign(jwt, jwk); ot.outboundHandler.header(headers, signed.tokenContent()); return OutboundSecurityResponse.withHeaders(headers); }
private OutboundSecurityResponse propagate(JwtOutboundTarget ot, Subject subject) { Map<String, List<String>> headers = new HashMap<>(); Jwk jwk = signKeys.forKeyId(ot.jwkKid) .orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined.")); Principal principal = subject.principal(); Jwt.Builder builder = Jwt.builder(); principal.abacAttributeNames().forEach(name -> { principal.abacAttribute(name).ifPresent(val -> builder.addPayloadClaim(name, val)); }); OptionalHelper.from(principal.abacAttribute("full_name")) .ifPresentOrElse(name -> builder.addPayloadClaim("name", name), () -> builder.removePayloadClaim("name")); builder.subject(principal.id()) .preferredUsername(principal.getName()) .issuer(issuer) .algorithm(jwk.algorithm()); ot.update(builder); Jwt jwt = builder.build(); SignedJwt signed = SignedJwt.sign(jwt, jwk); ot.outboundHandler.header(headers, signed.tokenContent()); return OutboundSecurityResponse.withHeaders(headers); }