Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor inbound authentication with custom provider and handlers #15056

Merged
merged 56 commits into from
May 3, 2019
Merged

Refactor inbound authentication with custom provider and handlers #15056

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
56 commits
Select commit Hold shift + click to select a range
9472574
Refactor auth package for inbound auth
ldclakmal Apr 9, 2019
08a504f
Rename client auth config
ldclakmal Apr 9, 2019
3eac620
Add support for custom auth handler, provider engagement
ldclakmal Apr 10, 2019
0826822
Fix websub module for auth
ldclakmal Apr 10, 2019
7097904
Fix http unit tests for auth
ldclakmal Apr 10, 2019
75360e1
Refactor auth config records
ldclakmal Apr 10, 2019
0cea25c
Fix auth providers with object similarity
ldclakmal Apr 11, 2019
b90072d
Refactor auth package
ldclakmal Apr 11, 2019
ce3d083
Change custom handler engagement
ldclakmal Apr 11, 2019
6464175
Update language server jsons
ldclakmal Apr 11, 2019
6c0b9b1
Remove empty record from config store
ldclakmal Apr 13, 2019
d6b6401
Fix a bug in accessing authConfig
ldclakmal Apr 14, 2019
7907e9a
Fix bbe related to auth
ldclakmal Apr 14, 2019
c6ccc7e
Fix a bug in ldap authentication
ldclakmal Apr 14, 2019
f4afe69
Fix integration tests related to auth
ldclakmal Apr 14, 2019
d5ac9ff
Fix checkstyles
ldclakmal Apr 14, 2019
a091591
Fix a bug in authn filter engagement
ldclakmal Apr 14, 2019
cdffc88
Fix a bug in bbe related to auth
ldclakmal Apr 14, 2019
5c41093
Improve authn and authz logic
ldclakmal Apr 15, 2019
92ed38a
Fix integration tests related to auth
ldclakmal Apr 15, 2019
5af73b8
Fix a bug in bbe
ldclakmal Apr 15, 2019
078b2ce
Fix lang server test cases
ldclakmal Apr 17, 2019
43938ec
Merge branch 'master' of https://github.com/ballerina-platform/baller…
ldclakmal Apr 17, 2019
09f77b6
Fix lang server test cases
ldclakmal Apr 17, 2019
33c4e47
Update markdown file of auth module
ldclakmal Apr 17, 2019
20b7585
Improve integration tests
ldclakmal Apr 18, 2019
bcdc8fb
Merge branch 'master' of https://github.com/ballerina-platform/baller…
ldclakmal Apr 20, 2019
c602960
Refactor auth unit tests
ldclakmal Apr 25, 2019
c8598bb
Merge branch 'master' of https://github.com/ballerina-platform/baller…
ldclakmal Apr 25, 2019
31e4820
Fix testng of auth integration tests
ldclakmal Apr 25, 2019
81492d7
Refactor code for review suggestions
ldclakmal Apr 25, 2019
15a1659
Refactor integration tests
ldclakmal Apr 25, 2019
ba0b138
Fix a bug
ldclakmal Apr 25, 2019
3997072
Fix checkstyle bug
ldclakmal Apr 25, 2019
5cca333
Add integration test for custom handlers
ldclakmal Apr 25, 2019
6e683f9
Reformat integration tests
ldclakmal Apr 25, 2019
8379b27
Apply suggestions from code review
Apr 29, 2019
462f7d3
Apply suggestions from code review
Apr 29, 2019
9ee5e4e
Reformat code comments
ldclakmal Apr 29, 2019
3d4bc32
Merge branch 'master' of https://github.com/ballerina-platform/baller…
ldclakmal Apr 29, 2019
9dda945
Refactored errors of auth modules
ldclakmal Apr 30, 2019
63aad99
Improve error scenarios of auth filters
ldclakmal Apr 30, 2019
975e854
Fix a bug
ldclakmal Apr 30, 2019
04bed90
Add warn logs for auth disabling
ldclakmal Apr 30, 2019
b10bcc2
Fix unit tests
ldclakmal May 1, 2019
d938ed8
Fix language server tests
ldclakmal May 1, 2019
2372bd5
Fix integration tests
ldclakmal May 2, 2019
39f1042
Add temporary fix for multiple handlers
ldclakmal May 2, 2019
5cf27eb
Address review suggestions
ldclakmal May 2, 2019
6898cb5
Add missing licence headers
ldclakmal May 2, 2019
d6fe111
Fix authn filter error handling for multiple handlers
ldclakmal May 3, 2019
474ce2b
Fix unit tests
ldclakmal May 3, 2019
336328d
Fix lang server tests
ldclakmal May 3, 2019
63dee6d
Fix integration tests
ldclakmal May 3, 2019
00d78aa
Fix checkstyle bug
ldclakmal May 3, 2019
f990ac8
Refactor integration tests
ldclakmal May 3, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 9 additions & 8 deletions examples/secured-client-with-basic-auth/secured_client_with_basic_auth.bal
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import ballerina/auth;
import ballerina/config;
import ballerina/http;
import ballerina/log;
Expand Down Expand Up @@ -30,14 +31,14 @@ public function main() {
}
}

// Create a basic authentication provider with the relevant configurations.
http:AuthProvider basicAuthProvider = {
scheme: http:BASIC_AUTH,
authStoreProvider: http:CONFIG_AUTH_STORE
};
// Create a Basic authentication handler with the relevant configurations.
auth:ConfigAuthStoreProvider basicAuthProvider = new;
http:BasicAuthnHandler basicAuthnHandler = new(basicAuthProvider);

listener http:Listener ep = new(9090, config = {
authProviders: [basicAuthProvider],
auth: {
authnHandlers: [basicAuthnHandler]
},
secureSocket: {
keyStore: {
path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
Expand All @@ -48,8 +49,8 @@ listener http:Listener ep = new(9090, config = {

@http:ServiceConfig {
basePath: "/hello",
authConfig: {
authentication: { enabled: true }
auth: {
enabled: true
}
}
service echo on ep {
Expand Down
31 changes: 17 additions & 14 deletions examples/secured-client-with-jwt-auth/secured_client_with_jwt_auth.bal
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import ballerina/auth;
import ballerina/http;
import ballerina/log;
import ballerina/runtime;
Expand Down Expand Up @@ -38,21 +39,23 @@ public function main() {
}

// Create a JWT authentication provider with the relevant configurations.
http:AuthProvider jwtAuthProvider = {
scheme: http:JWT_AUTH,
config: {
issuer: "ballerina",
audience: ["ballerina.io"],
certificateAlias: "ballerina",
trustStore: {
path: "${ballerina.home}/bre/security/ballerinaTruststore.p12",
password: "ballerina"
}
auth:JWTAuthProvider jwtAuthProvider = new({
issuer: "ballerina",
audience: ["ballerina.io"],
certificateAlias: "ballerina",
trustStore: {
path: "${ballerina.home}/bre/security/ballerinaTruststore.p12",
password: "ballerina"
}
};
});

// Create a JWT authentication handler with the created JWT auth provider.
http:JwtAuthnHandler jwtAuthnHandler = new(jwtAuthProvider);

listener http:Listener ep = new(9090, config = {
authProviders: [jwtAuthProvider],
auth: {
authnHandlers: [jwtAuthnHandler]
},
secureSocket: {
keyStore: {
path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
Expand All @@ -63,8 +66,8 @@ listener http:Listener ep = new(9090, config = {

@http:ServiceConfig {
basePath: "/hello",
authConfig: {
authentication: { enabled: true }
auth: {
enabled: true
}
}
service echo on ep {
Expand Down
43 changes: 22 additions & 21 deletions examples/secured-service-with-basic-auth/secured_service_with_basic_auth.bal
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,19 @@
import ballerina/auth;
import ballerina/http;
import ballerina/log;

http:AuthProvider basicAuthProvider = {
scheme: http:BASIC_AUTH,
authStoreProvider: http:CONFIG_AUTH_STORE
};
// Create a Basic authentication handler with the relevant configurations.
auth:ConfigAuthStoreProvider basicAuthProvider = new;
http:BasicAuthnHandler basicAuthnHandler = new(basicAuthProvider);

// The endpoint used here is `http:Listener`, which by default tries to
// authenticate and authorize each request. The developer has the option to
// override the authentication and authorization at the service level and
// resource level.
// The endpoint used here is the `http:Listener`, which by default tries to
// authenticate and authorize each request. It is optional to override the
// authentication and authorization at the service level and/or resource level.
listener http:Listener ep = new(9090, config = {
authProviders: [basicAuthProvider],
// The secure hello world sample uses https.
auth: {
authnHandlers: [basicAuthnHandler]
},
// The secure hello world sample uses HTTPS.
secureSocket: {
keyStore: {
path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
Expand All @@ -23,15 +24,14 @@ listener http:Listener ep = new(9090, config = {

@http:ServiceConfig {
basePath: "/hello",
authConfig: {
authentication: { enabled: true },
auth: {
scopes: ["scope1"]
}
}
// Auth configuration comprises of two parts - authentication & authorization.
// Authentication can be enabled by setting the `authentication:{enabled:true}`
// annotation attribute.
// Authorization is based on scopes, where a scope maps to one or more groups.
// The Auth configuration comprises of two parts - authentication & authorization.
// Authentication can be disabled by setting the `enabled: false` annotation
// attribute.
// Authorization is based on scopes. A scope maps to one or more groups.
// For a user to access a resource, the user should be in the same groups as
// the scope.
// To specify one or more scopes of a resource, the `scopes` annotation
Expand All @@ -41,15 +41,16 @@ service echo on ep {
@http:ResourceConfig {
methods: ["GET"],
path: "/sayHello",
authConfig: {
auth: {
scopes: ["scope2"]
}
}
// The authentication and authorization settings can be overridden at
// The authentication and authorization settings can be overridden at the
// resource level.
// The hello resource would inherit the `authentication:{enabled:true}`
// flag from the service level, and override the scope defined in the
// service level (i.e., scope1) with scope2.
// The hello resource would inherit the `enabled: true` flag from the
// service level, which is set automatically. The service level scope
// (i.e., scope1) will be overridden by the scope defined in the resource
// level (i.e., scope2).
resource function hello(http:Caller caller, http:Request req) {
error? result = caller->respond("Hello, World!!!");
if (result is error) {
Expand Down
62 changes: 31 additions & 31 deletions examples/secured-service-with-jwt/secured_service_with_jwt.bal
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,27 +1,30 @@
import ballerina/auth;
import ballerina/http;
import ballerina/log;

// Create a JWT authentication provider with the relevant configuration
// parameters.
http:AuthProvider jwtAuthProvider = {
scheme: http:JWT_AUTH,
config: {
issuer:"ballerina",
audience: ["ballerina.io"],
certificateAlias: "ballerina",
trustStore: {
path: "${ballerina.home}/bre/security/ballerinaTruststore.p12",
password: "ballerina"
}
// Create a JWT authentication provider with the relevant configurations.
auth:JWTAuthProvider jwtAuthProvider = new({
issuer: "ballerina",
audience: ["ballerina.io"],
certificateAlias: "ballerina",
trustStore: {
path: "${ballerina.home}/bre/security/ballerinaTruststore.p12",
password: "ballerina"
}
};
// The endpoint used here is `http:Listener`. The JWT authentication
// provider is set to this endpoint using the `authProviders` attribute. The
// developer has the option to override the authentication and authorization
// at the service and resource levels.
});

// Create a JWT authentication handler with the created JWT auth provider.
http:JwtAuthnHandler jwtAuthnHandler = new(jwtAuthProvider);

// The endpoint used here is the `http:Listener`. The JWT authentication
// handler is set to this endpoint using the `authnHandlers` attribute.
// It is optional to override the authentication and authorization at the
// service and resource levels.
listener http:Listener ep = new(9090, config = {
authProviders:[jwtAuthProvider],
// The secure hello world sample uses https.
auth: {
authnHandlers: [jwtAuthnHandler]
},
// The secure hello world sample uses HTTPS.
secureSocket: {
keyStore: {
path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
Expand All @@ -31,15 +34,11 @@ listener http:Listener ep = new(9090, config = {
});

@http:ServiceConfig {
basePath: "/hello",
authConfig: {
authentication: { enabled: true }
}
basePath: "/hello"
}
// Auth configuration comprises of two parts - authentication & authorization.
// Authentication can be enabled by setting the `authentication:{enabled:true}`
// flag.
// Authorization is based on scopes, where a scope maps to one or more groups.
// The Auth configuration comprises of two parts - authentication & authorization.
// Authentication can be disabled by setting the `enabled: false` flag.
// Authorization is based on scopes. A scope maps to one or more groups.
// For a user to access a resource, the user should be in the same groups as
// the scope.
// To specify one or more scope of a resource, the annotation attribute
Expand All @@ -48,14 +47,15 @@ service echo on ep {
@http:ResourceConfig {
methods: ["GET"],
path: "/sayHello",
authConfig: {
auth: {
scopes: ["hello"]
}
}
// The authentication and authorization settings can be overridden at
// resource level.
// The hello resource would inherit the `authentication:{enabled:true}` flag
// from the service level, and define `hello` as the scope for the resource.
// the resource level.
// The hello resource would inherit the `enabled: true` flag from the
// service level, which is set automatically.
// The scope of the resource is defined as "hello".
resource function hello(http:Caller caller, http:Request req) {
error? result = caller->respond("Hello, World!!!");
if (result is error) {
Expand Down
46 changes: 23 additions & 23 deletions ...er/modules/langserver-core/src/test/resources/command/source/testgen/module2/services.bal
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import ballerina/auth;
import ballerina/http;
import ballerina/io;
import ballerina/websub;

service httpService on new http:Listener(9090) {
resource function sayHello(http:Caller caller, http:Request request) {
Expand Down Expand Up @@ -32,32 +32,32 @@ service wssService on securedListener2 {
}
}

http:AuthProvider basicAuthProvider = {
scheme: http:BASIC_AUTH,
authStoreProvider: http:CONFIG_AUTH_STORE
};
auth:ConfigAuthStoreProvider basicAuthProvider1 = new;
auth:ConfigAuthStoreProvider basicAuthProvider2 = new;

http:AuthProvider basicAuthProvider2 = {
scheme: http:BASIC_AUTH,
authStoreProvider: http:CONFIG_AUTH_STORE
};
http:BasicAuthnHandler basicAuthnHandler1 = new(basicAuthProvider1);
http:BasicAuthnHandler basicAuthnHandler2 = new(basicAuthProvider2);

listener http:Listener securedListener = new(9090, config = {
authProviders: [basicAuthProvider],
secureSocket: {
keyStore: {
path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
password: "ballerina"
auth: {
authnHandlers: [basicAuthnHandler1]
},
secureSocket: {
keyStore: {
path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
password: "ballerina"
}
}
}
});
});

listener http:WebSocketListener securedListener2 = new(9090, config = {
authProviders: [basicAuthProvider],
secureSocket: {
keyStore: {
path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
password: "ballerina"
auth: {
authnHandlers: [basicAuthnHandler2]
},
secureSocket: {
keyStore: {
path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
password: "ballerina"
}
}
}
});
});
4 changes: 2 additions & 2 deletions ...modules/langserver-core/src/test/resources/command/testGenerationForServicesNegative.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"cases": [
{
"arguments": {
"node.line": 34,
"node.column": 20
"node.line": 35,
"node.column": 30
},
"expected": {
"imports": [],
Expand Down
8 changes: 4 additions & 4 deletions .../modules/langserver-core/src/test/resources/completion/annotation/serviceAnnotation3.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,20 +62,20 @@
"insertTextFormat": "Snippet"
},
{
"label": "authConfig",
"label": "auth",
"kind": "Field",
"detail": "Field",
"sortText": "120",
"insertText": "authConfig: ${1:{}} // Values allowed: ballerina/http:ListenerAuthConfig|()",
"insertText": "auth: {\n\t${1}\n}",
"insertTextFormat": "Snippet"
},
{
"label": "Add All Attributes",
"kind": "Property",
"detail": "none",
"sortText": "110",
"insertText": "endpoints: [],\nhost: \"\",\nbasePath: \"\",\ncompression: {},\nchunking: \"AUTO\", // Values allowed: AUTO|ALWAYS|NEVER,\ncors: {},\nversioning: {},\nauthConfig: {} // Values allowed: ballerina/http:ListenerAuthConfig|()",
"insertText": "endpoints: [],\nhost: \"\",\nbasePath: \"\",\ncompression: {},\nchunking: \"AUTO\", // Values allowed: AUTO|ALWAYS|NEVER,\ncors: {},\nversioning: {},\nauth: {}",
"insertTextFormat": "Snippet"
}
]
}
}
6 changes: 3 additions & 3 deletions ...es/langserver-core/src/test/resources/completion/function/matchStatementSuggestions4.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,14 @@
"source": "function/source/matchStatementSuggestions4.bal",
"items": [
{
"label":"extractBasicAuthHeaderValue(req)",
"label":"extractAuthorizationHeaderValue(req)",
"kind":"Function",
"detail":"Snippet",
"documentation":{
"left":"Extracts the basic authentication header value from the request.\n"
"left":"Extracts the Authorization header value from the request.\n"
},
"sortText":"120",
"insertText":"extractBasicAuthHeaderValue(req) {\n${1:value} \u003d\u003e {${2}}\n}",
"insertText":"extractAuthorizationHeaderValue(req) {\n${1:value} \u003d\u003e {${2}}\n}",
"insertTextFormat":"Snippet"
},
{
Expand Down
Loading