CompositeProviderFlag flag = providerConfig.config.flag(); if (!flag.isValid(thisResponse.status())) { switch (thisResponse.status()) { case SUCCESS: case SUCCESS_FINISH: case ABSTAIN: AuthorizationResponse.Builder builder = AuthorizationResponse.builder(); builder.status(SecurityResponse.SecurityStatus.FAILURE); builder.description("Composite flag forbids this response: " + thisResponse.status()); thisResponse.description().map(builder::description); thisResponse.throwable().map(builder::throwable); throw new AsyncAtzException(builder.build()); case FAILURE: thisResponse.status() == SecurityResponse.SecurityStatus.SUCCESS)) { if (prevResponse.status() == SecurityResponse.SecurityStatus.ABSTAIN) { return thisResponse.status().isSuccess() ? thisResponse : prevResponse; if (!thisResponse.status().isSuccess()) { return prevResponse;
/** * Create a new authorization response based on this builder. * * @return response based on this builder */ @Override public AuthorizationResponse build() { return new AuthorizationResponse(this); } }
SecurityResponse.SecurityStatus responseStatus = response.status(); case FAILURE_FINISH: context.setTraceSuccess(false); context.setTraceDescription(response.description().orElse(responseStatus.toString())); context.setTraceThrowable(response.throwable().orElse(null)); context.setShouldFinish(true); int status = response.statusCode().orElse(Response.Status.FORBIDDEN.getStatusCode()); abortRequest(context, response, status, CollectionsHelper.mapOf()); return; case SUCCESS_FINISH: context.setShouldFinish(true); status = response.statusCode().orElse(Response.Status.OK.getStatusCode()); abortRequest(context, response, status, CollectionsHelper.mapOf()); return; case FAILURE: context.setTraceSuccess(false); context.setTraceDescription(response.description().orElse(responseStatus.toString())); context.setTraceThrowable(response.throwable().orElse(null)); context.setShouldFinish(true); abortRequest(context, response, response.statusCode().orElse(Response.Status.FORBIDDEN.getStatusCode()), CollectionsHelper.mapOf()); return; case ABSTAIN: context.setTraceSuccess(false); context.setTraceDescription(response.description().orElse(responseStatus.toString())); context.setShouldFinish(true);
if (response.status().isSuccess()) { .orElse(SecurityContext.ANONYMOUS))) .addParam(AuditEvent.AuditParam .plain("message", response.description().orElse(null))) .addParam(AuditEvent.AuditParam .plain("exception", response.throwable().orElse(null)))); throw new SecurityException(throwable); })) .orElse(CompletableFuture.completedFuture(AuthorizationResponse.permit()));
@Override public CompletionStage<AuthorizationResponse> authorize(ProviderRequest context) { CompletionStage<AuthorizationResponse> previous = CompletableFuture.completedFuture(AuthorizationResponse.abstain()); return ((AsyncAtzException) cause).response; return AuthorizationResponse.builder() .status(SecurityResponse.SecurityStatus.FAILURE) .description("Failed processing: " + throwable.getMessage()) .build(); }).thenApply(atzResponse -> { if (atzResponse.status() == SecurityResponse.SecurityStatus.ABSTAIN) { return AuthorizationResponse.abstain();
/** * Returns true if access to resource was permitted. * * @return true if permitted, false if denied or abstained. */ public boolean isPermitted() { return status().isSuccess(); }
/** * Builds configured Security instance. * * @return built instance. */ @Override public Security build() { if (allProviders.isEmpty()) { LOGGER.warning("Security component is NOT configured with any security providers."); } if (auditProviders.isEmpty()) { DefaultAuditProvider provider = config.as(DefaultAuditProvider::create).get(); addAuditProvider(provider); } if (atnProviders.isEmpty()) { addAuthenticationProvider(context -> CompletableFuture .completedFuture(AuthenticationResponse.success(SecurityContext.ANONYMOUS)), "default"); } if (atzProviders.isEmpty()) { addAuthorizationProvider(context -> CompletableFuture .completedFuture(AuthorizationResponse.permit()), "default"); } return new Security(this); }
switch (response.getStatus()) { case SUCCESS: case FAILURE_FINISH: case SUCCESS_FINISH: int defaultStatus = (response.getStatus() == AuthenticationResponse.SecurityStatus.FAILURE_FINISH) ? Http.Status.FORBIDDEN_403.code() : Http.Status.OK_200.code(); return; default: SecurityException e = new SecurityException("Invalid SecurityStatus returned: " + response.getStatus()); traceError(atzSpan, e); future.completeExceptionally(e);
SecurityResponse.SecurityStatus responseStatus = response.status(); case FAILURE_FINISH: context.setTraceSuccess(false); context.setTraceDescription(response.description().orElse(responseStatus.toString())); context.setTraceThrowable(response.throwable().orElse(null)); context.setShouldFinish(true); int status = response.statusCode().orElse(Response.Status.FORBIDDEN.getStatusCode()); abortRequest(context, response, status, CollectionsHelper.mapOf()); return; case SUCCESS_FINISH: context.setShouldFinish(true); status = response.statusCode().orElse(Response.Status.OK.getStatusCode()); abortRequest(context, response, status, CollectionsHelper.mapOf()); return; case FAILURE: context.setTraceSuccess(false); context.setTraceDescription(response.description().orElse(responseStatus.toString())); context.setTraceThrowable(response.throwable().orElse(null)); context.setShouldFinish(true); abortRequest(context, response, response.statusCode().orElse(Response.Status.FORBIDDEN.getStatusCode()), CollectionsHelper.mapOf()); return; case ABSTAIN: context.setTraceSuccess(false); context.setTraceDescription(response.description().orElse(responseStatus.toString())); context.setShouldFinish(true);
switch (response.status()) { case SUCCESS: case FAILURE_FINISH: case SUCCESS_FINISH: int defaultStatus = (response.status() == AuthenticationResponse.SecurityStatus.FAILURE_FINISH) ? Http.Status.FORBIDDEN_403.code() : Http.Status.OK_200.code(); return; default: SecurityException e = new SecurityException("Invalid SecurityStatus returned: " + response.status()); traceError(atzSpan, e); future.completeExceptionally(e);