private void processAuthentication(RequestContext context, AuthCredentialsServiceState authState) { if (authState != null) { String authorizationHeaderValue = AuthUtils.createAuthorizationHeader(authState); if (authorizationHeaderValue != null) { context.request.customProperties.put(AUTHORIZATION_HEADER, authorizationHeaderValue); } } }
@Override public boolean handleRequest(Service service, Operation inboundOp) { if (AuthUtil.useAuthConfig(this)) { AuthorizationContext authCtx = inboundOp != null ? inboundOp.getAuthorizationContext() : null; AuthUtils.validateSessionData(this, inboundOp, getGuestAuthorizationContext(), authCtx); } return super.handleRequest(service, inboundOp); }
AuthUtils.validateSessionData(host,null, null, null); AUTH_CTX_FIELD.set(getOp, null); AuthUtils.validateSessionData(host, getOp, null, getOp.getAuthorizationContext()); assertNull(getOp.getAuthorizationContext()); AuthUtils.validateSessionData(host, getOp, null, getOp.getAuthorizationContext()); assertEquals(authCtxSystemUser, getOp.getAuthorizationContext()); AuthUtils.validateSessionData(host, getOp, null, getOp.getAuthorizationContext()); assertEquals(authCtxUser, getOp.getAuthorizationContext()); getOp.addRequestHeader(Operation.REQUEST_AUTH_TOKEN_HEADER, authCtxUser.getToken()); AuthUtils.validateSessionData(host, getOp, null, null); assertEquals(authCtxUser, getOp.getAuthorizationContext()); host.clearAuthorizationContext(s, authCtxUser.getClaims().getSubject()); AuthUtils.cleanupSessionData(getOp); AuthUtils.validateSessionData(host, getOp, null, getOp.getAuthorizationContext()); assertNull(getOp.getAuthorizationContext()); AuthUtils.validateSessionData(host, getOp, authCtxGuestUser, getOp.getAuthorizationContext()); assertEquals(authCtxGuestUser, getOp.getAuthorizationContext());
AuthUtils.cleanupSessionData(op); String location = ManagementUriParts.UI_SERVICE + LOGIN_PATH; location = location.replaceAll("//", "/");
@Override public void doLogout(Operation op) { AuthenticationRequest logout = new AuthenticationRequest(); logout.requestType = AuthenticationRequestType.LOGOUT; service.sendRequest(Operation.createPost(service, BasicAuthenticationService.SELF_LINK) .setBody(logout) .forceRemote() .setCompletion((o, e) -> { if (e != null) { service.getHost().log(Level.SEVERE, "Logout failed: %s", Utils.toString(e)); op.fail(e); return; } // clears auth token and cookie AuthUtils.cleanupSessionData(op); op.complete(); })); }
@Test public void testCleanupSessionData() { // No authentication Operation getOp = Operation.createGet(UriUtils.buildUri("http://localhost/foo/bar")); assertNull(getOp.getRequestHeader(Operation.REQUEST_AUTH_TOKEN_HEADER)); assertNull(getOp.getCookies()); AuthUtils.cleanupSessionData(getOp); assertEquals("", getOp.getResponseHeader(Operation.REQUEST_AUTH_TOKEN_HEADER)); assertAuthCookie(getOp); // Empty authentication getOp.addRequestHeader(Operation.REQUEST_AUTH_TOKEN_HEADER, ""); AuthUtils.cleanupSessionData(getOp); assertEquals("", getOp.getResponseHeader(Operation.REQUEST_AUTH_TOKEN_HEADER)); assertAuthCookie(getOp); // Some authentication getOp.addRequestHeader(Operation.REQUEST_AUTH_TOKEN_HEADER, "token"); AuthUtils.cleanupSessionData(getOp); assertEquals("", getOp.getResponseHeader(Operation.REQUEST_AUTH_TOKEN_HEADER)); assertAuthCookie(getOp); }
@Test public void testCreateAuthorizationHeader() { // No credentials assertNull(AuthUtils.createAuthorizationHeader(null)); // Non-password credentials AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); credentials.type = AuthCredentialsType.PublicKey.toString(); assertNull(AuthUtils.createAuthorizationHeader(credentials)); // Password credentials String email = "test@test.test"; String password = "test"; String expectedHeader = String.format("Basic %s", new String(Base64.getEncoder() .encode(String.format("%s:%s", email, password).getBytes()))); credentials = new AuthCredentialsServiceState(); credentials.type = AuthCredentialsType.Password.toString(); credentials.userEmail = email; credentials.privateKey = password; assertEquals(expectedHeader, AuthUtils.createAuthorizationHeader(credentials)); // Bearer token String token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL"; expectedHeader = String.format("Bearer %s", token); credentials = new AuthCredentialsServiceState(); credentials.type = "Bearer"; credentials.privateKey = token; assertEquals(expectedHeader, AuthUtils.createAuthorizationHeader(credentials)); }
validateSessionData(host, op, guestCtx, context);
logWarning("Failed to retrieve session for current user!"); AuthUtils.cleanupSessionData(get); get.setStatusCode(Operation.STATUS_CODE_UNAUTHORIZED).complete(); } else {
private void prepareRequest(Operation op, KubernetesContext context) { String authorizationHeaderValue = AuthUtils.createAuthorizationHeader(context.credentials); if (authorizationHeaderValue != null) { op.addRequestHeader(Operation.AUTHORIZATION_HEADER, authorizationHeaderValue); } createOrUpdateTargetSsl(context); op.setReferer(host.getPublicUri()); op.forceRemote(); setConnectionTag(context.credentials, op); if (op.getExpirationMicrosUtc() == 0) { long timeout = TimeUnit.SECONDS.toMicros(REQUEST_TIMEOUT_SECONDS); op.setExpiration(ServiceUtils.getExpirationTimeFromNowInMicros(timeout)); } }