Merge pull request #2125 from oracle-devrel/java-basic-authorizer-apigw-fn-example

java-basic-authorizer-apigw-fn-example added

Author: martatolosa

app-dev/devops-and-containers/functions/java-basic-authorizer-apigw-fn-example/README.md

@@ -0,0 +1,121 @@
+<!--
+Copyright (c) 2025 Oracle and/or its affiliates.
+
+The Universal Permissive License (UPL), Version 1.0
+
+Subject to the condition set forth below, permission is hereby granted to any
+person obtaining a copy of this software, associated documentation and/or data
+(collectively the "Software"), free of charge and under any and all copyright
+rights in the Software, and any and all patent rights owned or freely
+licensable by each licensor hereunder covering either (i) the unmodified
+Software as contributed to or provided by such licensor, or (ii) the Larger
+Works (as defined below), to deal in both
+
+(a) the Software, and
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+one is included with the Software (each a "Larger Work" to which the Software
+is contributed by such licensors),
+
+without restriction, including without limitation the rights to copy, create
+derivative works of, display, perform, and distribute the Software and make,
+use, sell, offer for sale, import, export, have made, and have sold the
+Software and the Larger Work(s), and to sublicense the foregoing rights on
+either these or other terms.
+
+This license is subject to the following condition:
+The above copyright notice and either this complete permission notice or at
+a minimum a reference to the UPL must be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+-->
+
+# API Gateway basic-auth Authorizer Function example
+
+Reviewed: 13.10.2025
+ 
+# When to use this asset?
+ 
+Anyone who wants to implement an API Gateway authorizer Function for HTTP basic-auth
+
+# Author
+<a href="https://github.com/mikarinneoracle">mikarinneoracle</a>
+
+# How to use this asset?
+
+Build and deploy both functions <code>fn-authorizer-auth-basic</code> and <code>fn-authorizer-auth-basic-test</code> under <code>/files</code> to a Function Application in OCI.
+<p>
+Create a config for the <code>basicauthorizerfnjava</code> Function:
+<p>
+<img src="files/authorizer-config.png" width="800" />
+<p>
+Config above contains two comma-separated base64 encoded key-value pairs for basic-auth authentication:
+<pre>
+aGk6aGk=,Zm9vOmJhcg==
+</pre>
+
+<b>aGk6aGk=</b> is <b>hi:hi</b> => username is <b>hi</b>, password <b>hi</b>
+<p>
+<b>aGk6aGk=</b> is <b>foo:bar</b> => username is <b>foo</b>, password <b>bar</b>
+<p>
+(You can modify the config by adding new pairs as you like and remove the existing ones)
+<p>
+After deploying the functions add an API Gateway instance and configure the Functions:
+
+<p>
+<img src="files/authorizer-function.png" width="800" />
+<p>
+
+Settings for the <b><i>Single argument authorizer function</i></b>:
+<p>
+Token location: <b>Header</b>
+<br>
+Token header name: <b>Authentication</b>
+ 
+<p>
+Configure the route for the backend function:
+    
+<p>
+<img src="files/backend-function.png" width="800" />
+<p>
+    
+Configure Route Request Policies Header transformations:
+
+<img src="files/header-transformations.png" width="800" />
+<p>
+
+Settings for the <b><i>Header transformations</i></b>:
+<p>
+Behavior: <b>Overwrite</b>
+<br>
+Header name: <b>username</b>
+<br>
+Values: <b>${request.auth[username]}</b>
+<p>
+    
+Test by accessing the API Gateway url from the browse and after the functions have been loaded you should see a basic-auth authentication request popping up. Enter <code>foo</code> and <code>bar</code> and after accepting the backend function should return:
+
+<pre>
+Username: foo
+</pre>
+
+# Useful Links
+
+- [OCI Functions](https://docs.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm)
+    - Learn how the Functions service lets you create, run, and scale business logic without managing any infrastructure
+- [Oracle](https://www.oracle.com/)
+    - Oracle Website
+
+### License
+
+Copyright (c) 2025 Oracle and/or its affiliates.
+
+Licensed under the Universal Permissive License (UPL), Version 1.0.
+
+See [LICENSE](https://github.com/oracle-devrel/technology-engineering/blob/main/LICENSE) for more details.

app-dev/devops-and-containers/functions/java-basic-authorizer-apigw-fn-example/files/authorizer-config.png

@@ -0,0 +1,7 @@
+schema_version: 20180708
+name: java-hello-world-basic-auth-test
+version: 0.0.1
+runtime: java
+build_image: fnproject/fn-java-fdk-build:jdk17-1.0.207
+run_image: fnproject/fn-java-fdk:jre17-1.0.207
+cmd: com.example.fn.HelloFunction::handleRequest

app-dev/devops-and-containers/functions/java-basic-authorizer-apigw-fn-example/files/authorizer-function.png

@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <fdk.version>1.0.207</fdk.version>
+    </properties>
+    <groupId>com.example.fn</groupId>
+    <artifactId>hello</artifactId>
+    <version>1.0.0</version>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.fnproject.fn</groupId>
+            <artifactId>api</artifactId>
+            <version>${fdk.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fnproject.fn</groupId>
+            <artifactId>testing-core</artifactId>
+            <version>${fdk.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.fnproject.fn</groupId>
+            <artifactId>testing-junit4</artifactId>
+            <version>${fdk.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.12</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.3</version>
+                <configuration>
+                    <source>17</source>
+                    <target>17</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                 <groupId>org.apache.maven.plugins</groupId>
+                 <artifactId>maven-surefire-plugin</artifactId>
+                 <version>2.22.1</version>
+                 <configuration>
+                     <useSystemClassLoader>false</useSystemClassLoader>
+                 </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

app-dev/devops-and-containers/functions/java-basic-authorizer-apigw-fn-example/files/backend-function.png

@@ -0,0 +1,16 @@
+package com.example.fn;
+
+import com.fnproject.fn.api.RuntimeContext;
+import com.fnproject.fn.api.httpgateway.HTTPGatewayContext;
+import com.fnproject.fn.api.InputEvent;
+
+public class HelloFunction {
+
+    public String handleRequest(final HTTPGatewayContext hctx, final InputEvent input) {
+        
+        // Use header transformation in APIGW Route to get username in headers from authorizer
+        // Overwrite	username     ${request.auth[username]}
+        String username = hctx.getHeaders().get("username").orElse("");
+        return "Username: " + username;
+    }
+}

app-dev/devops-and-containers/functions/java-basic-authorizer-apigw-fn-example/files/fn-authorizer-auth-basic-test/func.yaml

@@ -0,0 +1,8 @@
+schema_version: 20180708
+name: basicauthorizerfnjava
+version: 0.0.2
+runtime: java
+build_image: fnproject/fn-java-fdk-build:jdk17-1.0.207
+run_image: fnproject/fn-java-fdk:jre17-1.0.207
+cmd: com.example.fn.HelloFunction::handleRequest
+memory: 1024

app-dev/devops-and-containers/functions/java-basic-authorizer-apigw-fn-example/files/fn-authorizer-auth-basic-test/pom.xml

@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <fdk.version>1.0.207</fdk.version>
+    </properties>
+    <groupId>com.example.fn</groupId>
+    <artifactId>hello</artifactId>
+    <version>1.0.0</version>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.fnproject.fn</groupId>
+            <artifactId>api</artifactId>
+            <version>${fdk.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fnproject.fn</groupId>
+            <artifactId>testing-core</artifactId>
+            <version>${fdk.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.fnproject.fn</groupId>
+            <artifactId>testing-junit4</artifactId>
+            <version>${fdk.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.12</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.3</version>
+                <configuration>
+                    <source>17</source>
+                    <target>17</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                 <groupId>org.apache.maven.plugins</groupId>
+                 <artifactId>maven-surefire-plugin</artifactId>
+                 <version>2.22.1</version>
+                 <configuration>
+                     <useSystemClassLoader>false</useSystemClassLoader>
+                 </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

app-dev/devops-and-containers/functions/java-basic-authorizer-apigw-fn-example/files/fn-authorizer-auth-basic-test/src/main/java/com/example/fn/HelloFunction.java

@@ -0,0 +1,93 @@
+package com.example.fn;
+
+import com.fnproject.fn.api.FnConfiguration;
+import com.fnproject.fn.api.Headers;
+import com.fnproject.fn.api.InputEvent;
+
+import com.fnproject.fn.api.RuntimeContext;
+import com.fnproject.fn.api.httpgateway.HTTPGatewayContext;
+
+import java.io.*;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.List;
+import java.util.stream.Collectors;
+
+public class HelloFunction {
+
+    String authConfig = "";
+
+    @FnConfiguration
+    public void setUp(RuntimeContext ctx) throws Exception {
+        authConfig = ctx.getConfigurationByKey("config").orElse(System.getenv().getOrDefault("config", ""));
+    }
+
+    public String handleRequest(final HTTPGatewayContext hctx, final InputEvent input) {
+
+        boolean IS_FOUND = false;
+        String ret = "";
+        String username = "";
+
+        String body = input.consumeBody((InputStream is) -> {
+            try (BufferedReader reader = new BufferedReader(new InputStreamReader(is))) {
+                return reader.lines().collect(Collectors.joining());
+            } catch (IOException e) {
+                throw new RuntimeException(e);
+            }
+        });
+        System.out.println("Body: " + body);
+
+        String[] configTokens = authConfig.split(",");
+        List<String> tokenizedConfig = Arrays.stream(configTokens).map(String::trim).collect(Collectors.toList());
+
+        if(body.length() > 0) {
+            String[] bodyTokens = body.split(",");
+            List<String> tokenizedBody = Arrays.stream(bodyTokens).map(String::trim).collect(Collectors.toList());
+
+            for (String configToken : tokenizedConfig) {
+                for (String token : tokenizedBody) {
+                    if (token.indexOf("Basic ") > -1 && configToken.length() > 0) {
+                        String auth_token = token.substring(token.indexOf("Basic ") + 6, token.indexOf("\"}"));
+                        if (auth_token.equals(configToken)) {
+                            System.out.println("AUTH SUCCESS " + auth_token + " == " + configToken);
+                            byte[] decodedBytes = Base64.getDecoder().decode(auth_token);
+                            String decodedString = new String(decodedBytes);
+                            String[] decodedTokens = decodedString.split(":");
+                            username = decodedTokens[0];
+                            IS_FOUND = true;
+                        } else {
+                            System.out.println("AUTH NO MATCH " + auth_token + " <> " + configToken);
+                        }
+                    }
+                }
+            }
+        }
+
+        // Use header transformation in APIGW Route to get username in headers from this response
+        // in the target function:
+        // Overwrite	username     ${request.auth[username]}
+        if(IS_FOUND) {
+            LocalDateTime dateTime = LocalDateTime.now().plusDays(1);
+            DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss'+00:00'");
+            String expiryDate = dateTime.format(formatter);
+            ret = "{ " +
+                    "\"active\": true," +
+                    "\"principal\": \"myprincipal\"," +
+                    "\"scope\": [\"fnbasicauthtest\"]," +
+                    "\"expiresAt\": \"" + expiryDate + "\"," +
+                    "\"context\": { \"username\": \"" + username + "\" }" +
+                    " }";
+        } else {
+            ret = "{ " +
+                    "\"active\": false," +
+                    "\"wwwAuthenticate\": \"Basic realm=\\\"fnbasicauthtest.io\\\"\"" +
+                    " }";
+        }
+        System.out.println(ret);
+        return ret;
+    }
+}