private Subject buildSubject(Subject originalSubject, List<? extends Grant> grants) { Subject.Builder builder = Subject.builder(); builder.update(originalSubject); grants.forEach(builder::addGrant); return builder.build(); }
/** * Create a new subject for a principal. * If you want to configure additional details ({@link Grant Grants}, public and/or private credentials, additional * {@link Principal Principals}), please use fluent API {@link #builder()}. * * @param principal principal this subject represents * @return a new subject instance with the single principal */ public static Subject create(Principal principal) { return builder().principal(principal).build(); }
/** * Provider has authenticated the request and created a principal for a user. * * @param principal principal of the user * @return AuthenticationResponse with information filled * @see #success(Subject) * @see #successService(Subject) * @see #successService(Principal) */ public static AuthenticationResponse success(Principal principal) { return success(Subject.builder() .principal(principal) .build()); }
/** * Provider has authenticated the request and created a principal for a service (or a client). * * @param principal principal of the service * @return AuthenticationResponse with information filled * @see #successService(Subject) * @see #success(Subject) * @see #success(Principal) */ public static AuthenticationResponse successService(Principal principal) { return successService(Subject.builder() .principal(principal) .build()); }
/** * Will add all principals and credentials from another subject to this subject, will not replace {@link #principals()}. * * @param another the other subject to combine with this subject * @return a new subject that is a combination of this subject and the other subject, this subject is more significant */ public Subject combine(Subject another) { Builder builder = Subject.builder() .addPrincipal(this.principal); // add this subject principals.forEach(builder::addPrincipal); privateCredentials.keys().forEach(key -> builder.addPrivateCredential(key, privateCredentials.getInstance(key))); publicCredentials.keys().forEach(key -> builder.addPublicCredential(key, publicCredentials.getInstance(key))); grants.forEach(builder::addGrant); attributes.abacAttributeNames().forEach(key -> builder.addAttribute(key, attributes.abacAttribute(key))); // add the other subject another.principals.forEach(builder::addPrincipal); another.privateCredentials.keys() .forEach(key -> builder.addPrivateCredential(key, another.privateCredentials.getInstance(key))); another.publicCredentials.keys() .forEach(key -> builder.addPublicCredential(key, another.publicCredentials.getInstance(key))); another.grants.forEach(builder::addGrant); another.attributes.abacAttributeNames().forEach(key -> builder.addAttribute(key, another.attributes.abacAttribute(key))); return builder.build(); }
@Override public void runAs(String role, Runnable runnable) { Subject currentSubject = this.currentSubject; Subject runAsSubject = Subject.builder() .principal(currentSubject.principal()) .addGrant(Role.create(role)) .build(); runAs(runAsSubject, runnable); }
private Subject buildSubject(UserStore.User user) { Subject.Builder builder = Subject.builder() .principal(Principal.builder() .name(user.login()) .build()) .addPrivateCredential(UserStore.User.class, user); user.roles() .forEach(role -> builder.addGrant(Role.create(role))); return builder.build(); }
private Subject buildSubject(UserStore.User user) { Subject.Builder builder = Subject.builder() .principal(Principal.builder() .name(user.login()) .build()) .addPrivateCredential(UserStore.User.class, user); user.roles() .forEach(role -> builder.addGrant(Role.create(role))); return builder.build(); }
private Subject buildSubject(Jwt jwt, SignedJwt signedJwt) { Principal principal = buildPrincipal(jwt); TokenCredential.Builder builder = TokenCredential.builder(); jwt.issueTime().ifPresent(builder::issueTime); jwt.expirationTime().ifPresent(builder::expTime); jwt.issuer().ifPresent(builder::issuer); builder.token(signedJwt.tokenContent()); builder.addToken(Jwt.class, jwt); builder.addToken(SignedJwt.class, signedJwt); Optional<List<String>> scopes = jwt.scopes(); Subject.Builder subjectBuilder = Subject.builder() .principal(principal) .addPublicCredential(TokenCredential.class, builder.build()); scopes.ifPresent(scopeList -> scopeList.forEach(scope -> subjectBuilder.addGrant(Grant.builder() .name(scope) .type("scope") .build()))); return subjectBuilder.build(); }
Subject buildSubject(Jwt jwt, SignedJwt signedJwt) { Principal principal = buildPrincipal(jwt); TokenCredential.Builder builder = TokenCredential.builder(); jwt.issueTime().ifPresent(builder::issueTime); jwt.expirationTime().ifPresent(builder::expTime); jwt.issuer().ifPresent(builder::issuer); builder.token(signedJwt.tokenContent()); builder.addToken(Jwt.class, jwt); builder.addToken(SignedJwt.class, signedJwt); Optional<List<String>> scopes = jwt.scopes(); Subject.Builder subjectBuilder = Subject.builder() .principal(principal) .addPublicCredential(TokenCredential.class, builder.build()); scopes.ifPresent(scopeList -> { scopeList.forEach(scope -> subjectBuilder.addGrant(Grant.builder() .name(scope) .type("scope") .build())); }); return subjectBuilder.build(); }
Subject buildSubject(Jwt jwt, SignedJwt signedJwt) { JsonWebTokenImpl principal = buildPrincipal(jwt, signedJwt); TokenCredential.Builder builder = TokenCredential.builder(); jwt.issueTime().ifPresent(builder::issueTime); jwt.expirationTime().ifPresent(builder::expTime); jwt.issuer().ifPresent(builder::issuer); builder.token(signedJwt.tokenContent()); builder.addToken(JsonWebToken.class, principal); builder.addToken(Jwt.class, jwt); builder.addToken(SignedJwt.class, signedJwt); Subject.Builder subjectBuilder = Subject.builder() .principal(principal) .addPublicCredential(TokenCredential.class, builder.build()); Optional<List<String>> userGroups = jwt.userGroups(); userGroups.ifPresent(groups -> groups.forEach(group -> subjectBuilder.addGrant(Role.create(group)))); Optional<List<String>> scopes = jwt.scopes(); scopes.ifPresent(scopeList -> scopeList.forEach(scope -> subjectBuilder.addGrant(Grant.builder() .name(scope) .type("scope") .build()))); return subjectBuilder.build(); }
private AuthenticationResponse validateSignature(SecurityEnvironment env, HttpSignature httpSignature, InboundClientDefinition clientDefinition) { // validate algorithm Optional<String> validationResult = httpSignature.validate(env, clientDefinition, inboundRequiredHeaders.headers(env.method(), env.headers())); if (validationResult.isPresent()) { return AuthenticationResponse.failed(validationResult.get()); } Principal principal = Principal.builder() .name(clientDefinition.principalName()) .addAttribute(ATTRIB_NAME_KEY_ID, clientDefinition.keyId()) .build(); Subject subject = Subject.builder() .principal(principal) .build(); if (clientDefinition.subjectType() == SubjectType.USER) { return AuthenticationResponse.success(subject); } else { return AuthenticationResponse.successService(subject); } }
Subject ANONYMOUS = Subject.builder() .principal(ANONYMOUS_PRINCIPAL) .addAttribute("anonymous", true)
private Subject buildSubject(String accessToken, GoogleIdToken.Payload payload) { TokenCredential.Builder builder = TokenCredential.builder(); builder.issueTime(toInstant(payload.getIssuedAtTimeSeconds())); builder.expTime(toInstant(payload.getExpirationTimeSeconds())); builder.issuer(payload.getIssuer()); builder.token(accessToken); builder.addToken(GoogleIdToken.Payload.class, payload); String email = payload.getEmail(); String userId = payload.getSubject(); Principal principal = Principal.builder() .id(userId) .name((null == email) ? userId : email) .addAttribute("fullName", payload.get("name")) .addAttribute("emailVerified", payload.getEmailVerified()) .addAttribute("locale", payload.get("locale")) .addAttribute("familyName", payload.get("family_name")) .addAttribute("givenName", payload.get("given_name")) .addAttribute("pictureUrl", payload.get("picture")) .build(); return Subject.builder() .principal(principal) .addPublicCredential(TokenCredential.class, builder.build()) .build(); }
Subject buildSubject(Jwt jwt, SignedJwt signedJwt) { JsonWebTokenImpl principal = buildPrincipal(jwt, signedJwt); TokenCredential.Builder builder = TokenCredential.builder(); jwt.issueTime().ifPresent(builder::issueTime); jwt.expirationTime().ifPresent(builder::expTime); jwt.issuer().ifPresent(builder::issuer); builder.token(signedJwt.tokenContent()); builder.addToken(JsonWebToken.class, principal); builder.addToken(Jwt.class, jwt); builder.addToken(SignedJwt.class, signedJwt); Subject.Builder subjectBuilder = Subject.builder() .principal(principal) .addPublicCredential(TokenCredential.class, builder.build()); Optional<List<String>> userGroups = jwt.userGroups(); userGroups.ifPresent(groups -> groups.forEach(group -> subjectBuilder.addGrant(Role.create(group)))); Optional<List<String>> scopes = jwt.scopes(); scopes.ifPresent(scopeList -> scopeList.forEach(scope -> subjectBuilder.addGrant(Grant.builder() .name(scope) .type("scope") .build()))); return subjectBuilder.build(); }
Subject buildSubject(Jwt jwt, SignedJwt signedJwt) { Principal principal = buildPrincipal(jwt); TokenCredential.Builder builder = TokenCredential.builder(); jwt.issueTime().ifPresent(builder::issueTime); jwt.expirationTime().ifPresent(builder::expTime); jwt.issuer().ifPresent(builder::issuer); builder.token(signedJwt.tokenContent()); builder.addToken(Jwt.class, jwt); builder.addToken(SignedJwt.class, signedJwt); Optional<List<String>> scopes = jwt.scopes(); Subject.Builder subjectBuilder = Subject.builder() .principal(principal) .addPublicCredential(TokenCredential.class, builder.build()); scopes.ifPresent(scopeList -> { scopeList.forEach(scope -> subjectBuilder.addGrant(Grant.builder() .name(scope) .type("scope") .build())); }); return subjectBuilder.build(); }