Package com.porterhead.rest.user.api

Examples of com.porterhead.rest.user.api.ExternalUser

72
73
74
75
76
77
78
79
80
        String authToken = request.getHeaderValue(HEADER_AUTHORIZATION);
        String requestDateString = request.getHeaderValue(HEADER_DATE);
        String nonce = request.getHeaderValue(HEADER_NONCE);
        AuthorizationRequestContext context = new AuthorizationRequestContext(request.getPath(), request.getMethod(),
                            requestDateString, nonce, authToken);
        ExternalUser externalUser = authorizationService.authorize(context);
        request.setSecurityContext(new SecurityContextImpl(externalUser));
        return request;
    }
View Full Code Here
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
     * @return The request signature was valid and a user is returned or null if the context did not contain the information necessary
     * to load a user
     */
    public ExternalUser authorize(AuthorizationRequestContext context) {

        ExternalUser externalUser = null;
        if (context.getAuthorizationToken() != null && context.getRequestDateString() != null && context.getNonceToken() != null) {
            String userId = null;
            String hashedToken = null;
            String[] token = context.getAuthorizationToken().split(":");
            if (token.length == 2) {
                userId = token[0];
                hashedToken = token[1];
                //make sure date and nonce is valid
                validateRequestDate(context.getRequestDateString());
                validateNonce(context.getNonceToken());

                User user = userRepository.findByUuid(userId);
                if (user != null) {
                    externalUser = new ExternalUser(user);
                    if (!isAuthorized(user, context, hashedToken)) {
                        throw new AuthorizationException("Request rejected due to an authorization failure");
                    }
                }
            }
View Full Code Here
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
        this.userRepository = repository;
    }

    public ExternalUser authorize(AuthorizationRequestContext securityContext) {
        String token = securityContext.getAuthorizationToken();
        ExternalUser externalUser = null;
        if(token == null) {
            return externalUser;
        }
        User user =  userRepository.findBySession(token);
        if(user == null) {
            throw new AuthorizationException("Session token not valid");
        }
        AuthorizationToken authorizationToken = user.getAuthorizationToken();
            if (authorizationToken.getToken().equals(token)) {
                externalUser = new ExternalUser(user);
            }
        return externalUser;
    }
View Full Code Here
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
    }

    private void setUpValidRequest() {
        User user = new User();
        user.setAuthorizationToken(new AuthorizationToken(user));
        final ExternalUser externalUser = new ExternalUser(user);
        String dateString = new DateTime().toString(ISODateTimeFormat.dateTimeNoMillis());
        String hashedToken = new String(Base64.encodeBase64(DigestUtils.sha256(user.getAuthorizationToken().getToken() + ":user/555,POST," + dateString + ",123")));
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_AUTHORIZATION)).thenReturn(externalUser.getId() + ":" + hashedToken);
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_DATE)).thenReturn(dateString);
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_NONCE)).thenReturn("123");
        when(containerRequest.getPath()).thenReturn("user/555");
        when(containerRequest.getMethod()).thenReturn("POST");
        when(userRepository.findByUuid(user.getUuid().toString())).thenReturn(user);
        doAnswer(new Answer() {

            public Object answer(InvocationOnMock invocation) throws Throwable {
                SecurityContext context = (SecurityContext) invocation.getArguments()[0];
                ExternalUser user = (ExternalUser) context.getUserPrincipal();
                assertThat(user.getId(), is(externalUser.getId()));
                return null;
            }
        }).when(containerRequest).setSecurityContext(any(SecurityContext.class));
    }
View Full Code Here
84
85
86
87
88
89
90
91
92
93
94
95
    }

    @Test (expected = AuthorizationException.class)
    public void dateHeaderIsOutOfRange() {
        User user = new User();
        final ExternalUser externalUser = new ExternalUser(user);
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_AUTHORIZATION)).thenReturn(externalUser.getId() + ":123");
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_DATE)).thenReturn(new DateTime().minusMinutes(10).toString(ISODateTimeFormat.dateTimeNoMillis()));
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_NONCE)).thenReturn("123");
        when(applicationConfig.getSessionDateOffsetInMinutes()).thenReturn(5);
        containerRequest = filter.filter(containerRequest);
    }
View Full Code Here
45
46
47
48
49
50
51
52
53
    @Test(expected = InvalidAuthorizationHeaderException.class)
    public void authenticationFailure() {
        User user = new User();
        user.setRole(Role.authenticated);
        ExternalUser externalUser = null;
        SecurityContext context = new SecurityContextImpl(externalUser);
        context.isUserInRole(Role.authenticated.name());
    }
View Full Code Here
60
61
62
63
64
65
66
67
68

    private SecurityContext createSecurityContext(Role role) {
        User user = new User();
        user.setRole(role);
        ExternalUser externalUser = new ExternalUser(user);
        SecurityContext context = new SecurityContextImpl(externalUser);
        return context;
    }
View Full Code Here
36
37
38
39
40
41
42
43
    @Test
    public void authorizeUser() throws Exception {
        String dateString = DateUtil.getCurrentDateAsIso8061String();
        String hashedToken = new String(Base64.encodeBase64(DigestUtils.sha256(USER.getAuthorizationToken().getToken() + ":user/555,POST," + dateString + ",123")));
        ExternalUser user = authorizationService.authorize(getAuthorizationRequest(USER.getUuid().toString() + ":" + hashedToken, "user/555", dateString, "123"));
        assertThat(user.getId(), is(USER.getUuid().toString()));
    }
View Full Code Here
55
56
57
58
59
60
61
62
    }

    @Test
    public void missingNonce() {
        String hashedToken = new String(Base64.encodeBase64(DigestUtils.sha256("INVALID-SESSION-TOKEN:abcdef")));
        ExternalUser user = authorizationService.authorize(getAuthorizationRequest(USER.getUuid().toString() + ":" + hashedToken, "abcdef", null));
        assertThat(user, is(Matchers.<Object>nullValue()));
    }
View Full Code Here
76
77
78
79
80
81
82
83
        authorizationService.authorize(getAuthorizationRequest(USER.getUuid().toString() + ":" + hashedToken, "hash123,123", dateString, "567"));
    }

    @Test
    public void nullSessionToken() {
        ExternalUser user = authorizationService.authorize(getAuthorizationRequest(null,  "abcdef", "123"));
        assertThat(user, is(Matchers.<Object>nullValue()));
    }
View Full Code Here
TOP

Related Classes of com.porterhead.rest.user.api.ExternalUser

  • com.porterhead.rest.authorization.impl.RequestSigningAuthorizationService
  • com.porterhead.rest.authorization.impl.SessionTokenAuthorizationService
  • com.porterhead.rest.authorization.RequestSigningAuthorizationServiceTest
  • com.porterhead.rest.authorization.SecurityContextTest
  • com.porterhead.rest.authorization.SessionTokenAuthorizationServiceTest
  • com.porterhead.rest.filter.SecurityContextFilter
  • com.porterhead.rest.filter.SecurityContextFilterTest
  • com.porterhead.rest.resource.SimpleSecurityFilter
  • com.porterhead.rest.user.BaseServiceTest
  • com.porterhead.rest.user.builder.ExternalUserBuilder
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.