This is an automated email from the ASF dual-hosted git repository.
jamesnetherton pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
commit 0d04362a6ec5227659ed49c7a7d4a0b1f198eff0
Author: James Netherton <jamesnether...@gmail.com>
AuthorDate: Tue Jan 4 10:43:57 2022 +0000
Add test coverage for Quarkus SecurityIdentity & Principal in platform-http
routes
Fixes #3353
---
.../pages/reference/extensions/platform-http.adoc | 17 +++++++++++++
.../platform-http/runtime/src/main/doc/usage.adoc | 17 +++++++++++++
integration-tests/platform-http/pom.xml | 4 +++
.../platform/http/it/PlatformHttpRouteBuilder.java | 16 ++++++++++++
.../src/main/resources/application.properties | 7 ++++++
.../component/http/server/it/PlatformHttpTest.java | 29 ++++++++++++++++++++++
6 files changed, 90 insertions(+)
diff --git a/docs/modules/ROOT/pages/reference/extensions/platform-http.adoc
b/docs/modules/ROOT/pages/reference/extensions/platform-http.adoc
index 8940363..5728b3d 100644
--- a/docs/modules/ROOT/pages/reference/extensions/platform-http.adoc
+++ b/docs/modules/ROOT/pages/reference/extensions/platform-http.adoc
@@ -110,6 +110,23 @@
from("platform-http:/upload/multipart?fileNameExtWhitelist=adoc,txt&httpMethodRe
});
----
+=== Securing `platform-http` endpoints
+
+Quarkus provides a variety of security and authentication mechanisms which can
be used to secure `platform-http` endpoints. Refer to the
https://quarkus.io/guides/security[Quarkus Security documentation] for further
details.
+
+Within a route, it is possible to obtain the authenticated user and its
associated `SecurityIdentity` and `Principal`:
+[source,java]
+----
+from("platform-http:/secure")
+ .process(e -> {
+ Message message = e.getMessage();
+ QuarkusHttpUser user =
message.getHeader(VertxPlatformHttpConstants.AUTHENTICATED_USER,
QuarkusHttpUser.class);
+ SecurityIdentity securityIdentity = user.getSecurityIdentity();
+ Principal principal = securityIdentity.getPrincipal();
+ // Do something useful with SecurityIdentity / Principal. E.g check
user roles etc.
+ });
+----
+
Also check the `quarkus.http.body.*` configuration options in
https://quarkus.io/guides/all-config#quarkus-vertx-http_quarkus-vertx-http-eclipse-vert.x-http[Quarkus
documentation], esp. `quarkus.http.body.handle-file-uploads`,
`quarkus.http.body.uploads-directory` and
`quarkus.http.body.delete-uploaded-files-on-end`.
diff --git a/extensions/platform-http/runtime/src/main/doc/usage.adoc
b/extensions/platform-http/runtime/src/main/doc/usage.adoc
index adefef4..32ccad8 100644
--- a/extensions/platform-http/runtime/src/main/doc/usage.adoc
+++ b/extensions/platform-http/runtime/src/main/doc/usage.adoc
@@ -64,5 +64,22 @@
from("platform-http:/upload/multipart?fileNameExtWhitelist=adoc,txt&httpMethodRe
});
----
+=== Securing `platform-http` endpoints
+
+Quarkus provides a variety of security and authentication mechanisms which can
be used to secure `platform-http` endpoints. Refer to the
https://quarkus.io/guides/security[Quarkus Security documentation] for further
details.
+
+Within a route, it is possible to obtain the authenticated user and its
associated `SecurityIdentity` and `Principal`:
+[source,java]
+----
+from("platform-http:/secure")
+ .process(e -> {
+ Message message = e.getMessage();
+ QuarkusHttpUser user =
message.getHeader(VertxPlatformHttpConstants.AUTHENTICATED_USER,
QuarkusHttpUser.class);
+ SecurityIdentity securityIdentity = user.getSecurityIdentity();
+ Principal principal = securityIdentity.getPrincipal();
+ // Do something useful with SecurityIdentity / Principal. E.g check
user roles etc.
+ });
+----
+
Also check the `quarkus.http.body.*` configuration options in
https://quarkus.io/guides/all-config#quarkus-vertx-http_quarkus-vertx-http-eclipse-vert.x-http[Quarkus
documentation], esp. `quarkus.http.body.handle-file-uploads`,
`quarkus.http.body.uploads-directory` and
`quarkus.http.body.delete-uploaded-files-on-end`.
diff --git a/integration-tests/platform-http/pom.xml
b/integration-tests/platform-http/pom.xml
index 250a522..78c89fd 100644
--- a/integration-tests/platform-http/pom.xml
+++ b/integration-tests/platform-http/pom.xml
@@ -47,6 +47,10 @@
<groupId>org.apache.camel.quarkus</groupId>
<artifactId>camel-quarkus-support-webhook</artifactId>
</dependency>
+ <dependency>
+ <groupId>io.quarkus</groupId>
+ <artifactId>quarkus-elytron-security-properties-file</artifactId>
+ </dependency>
<!-- test dependencies -->
<dependency>
diff --git
a/integration-tests/platform-http/src/main/java/org/apache/camel/quarkus/component/platform/http/it/PlatformHttpRouteBuilder.java
b/integration-tests/platform-http/src/main/java/org/apache/camel/quarkus/component/platform/http/it/PlatformHttpRouteBuilder.java
index e83e767..46cdad9 100644
---
a/integration-tests/platform-http/src/main/java/org/apache/camel/quarkus/component/platform/http/it/PlatformHttpRouteBuilder.java
+++
b/integration-tests/platform-http/src/main/java/org/apache/camel/quarkus/component/platform/http/it/PlatformHttpRouteBuilder.java
@@ -17,15 +17,20 @@
package org.apache.camel.quarkus.component.platform.http.it;
import java.io.ByteArrayOutputStream;
+import java.security.Principal;
import java.util.Locale;
import java.util.Map;
import java.util.stream.Collectors;
import javax.activation.DataHandler;
+import io.quarkus.security.identity.SecurityIdentity;
+import io.quarkus.vertx.http.runtime.security.QuarkusHttpUser;
import org.apache.camel.Exchange;
+import org.apache.camel.Message;
import org.apache.camel.attachment.AttachmentMessage;
import org.apache.camel.builder.RouteBuilder;
+import
org.apache.camel.component.platform.http.vertx.VertxPlatformHttpConstants;
import org.apache.camel.component.webhook.WebhookConfiguration;
import org.apache.camel.model.rest.RestBindingMode;
@@ -127,5 +132,16 @@ public class PlatformHttpRouteBuilder extends RouteBuilder
{
from("webhook:webhook-delegate://test")
.transform(body().prepend("Hello "));
+
+ // Basic auth security tests
+ from("platform-http:/platform-http/secure/basic")
+ .process(exchange -> {
+ Message message = exchange.getMessage();
+ QuarkusHttpUser user =
message.getHeader(VertxPlatformHttpConstants.AUTHENTICATED_USER,
+ QuarkusHttpUser.class);
+ SecurityIdentity securityIdentity =
user.getSecurityIdentity();
+ Principal principal = securityIdentity.getPrincipal();
+ message.setBody(principal.getName() + ":" +
securityIdentity.getRoles().iterator().next());
+ });
}
}
diff --git
a/integration-tests/platform-http/src/main/resources/application.properties
b/integration-tests/platform-http/src/main/resources/application.properties
index 9c0846d..3f71fc9 100644
--- a/integration-tests/platform-http/src/main/resources/application.properties
+++ b/integration-tests/platform-http/src/main/resources/application.properties
@@ -21,6 +21,13 @@ quarkus.http.body.uploads-directory=target/uploads
quarkus.http.ssl.certificate.file=server-cert.pem
quarkus.http.ssl.certificate.key-file=server-key.pem
quarkus.http.insecure-requests=disabled
+quarkus.http.auth.basic=true
+quarkus.http.auth.permission.default.paths=/platform-http/secure/basic
+quarkus.http.auth.permission.default.policy=authenticated
+quarkus.security.users.embedded.enabled=true
+quarkus.security.users.embedded.plain-text=true
+quarkus.security.users.embedded.users.camel=p4ssw0rd
+quarkus.security.users.embedded.roles.camel=Admin
# Required by the encoding() test
quarkus.native.add-all-charsets = true
diff --git
a/integration-tests/platform-http/src/test/java/org/apache/camel/quarkus/component/http/server/it/PlatformHttpTest.java
b/integration-tests/platform-http/src/test/java/org/apache/camel/quarkus/component/http/server/it/PlatformHttpTest.java
index dc49ac4..2060398 100644
---
a/integration-tests/platform-http/src/test/java/org/apache/camel/quarkus/component/http/server/it/PlatformHttpTest.java
+++
b/integration-tests/platform-http/src/test/java/org/apache/camel/quarkus/component/http/server/it/PlatformHttpTest.java
@@ -30,6 +30,7 @@ import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.Matchers.notNullValue;
@QuarkusTest
class PlatformHttpTest {
@@ -318,6 +319,34 @@ class PlatformHttpTest {
.body(equalTo("Hello Camel Quarkus Webhook"));
}
+ @Test
+ public void testPathSecuredWithBasicAuth() {
+ // No credentials
+ RestAssured.given()
+ .when()
+ .get("/platform-http/secure/basic")
+ .then()
+ .statusCode(401);
+
+ // Invalid credentials
+ RestAssured.given()
+ .auth()
+ .basic("camel", "s3cr3t")
+ .get("/platform-http/secure/basic")
+ .then()
+ .statusCode(401);
+
+ // Valid credentials
+ RestAssured.given()
+ .auth()
+ .basic("camel", "p4ssw0rd")
+ .get("/platform-http/secure/basic")
+ .then()
+ .statusCode(200)
+ .header("Authorization", notNullValue())
+ .body(equalTo("camel:Admin"));
+ }
+
private static Method[] httpMethods() {
return Method.values();
}
