Commit 3b68d13b authored by Aalekh Jain's avatar Aalekh Jain
Browse files

Refactoring

Using RootAuthorizationService instead of AuthorizationFilterSP
parent 426041b9
......@@ -2,7 +2,7 @@ package org.opengroup.osdu.workflow.provider.azure.service;
import com.microsoft.azure.spring.autoconfigure.aad.UserPrincipal;
import org.opengroup.osdu.workflow.provider.interfaces.IAuthorizationServiceSP;
import org.opengroup.osdu.workflow.provider.interfaces.IRootAuthorizationService;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
......@@ -10,7 +10,7 @@ import org.springframework.stereotype.Component;
import java.util.Map;
@Component
public class AuthorizationServiceSPImpl implements IAuthorizationServiceSP {
public class RootAuthorizationServiceImpl implements IRootAuthorizationService {
enum UserType {
REGULAR_USER,
GUEST_USER,
......@@ -18,7 +18,7 @@ public class AuthorizationServiceSPImpl implements IAuthorizationServiceSP {
}
@Override
public boolean isDomainAdminServiceAccount() {
public boolean isRootUser() {
final Object principal = getUserPrincipal();
if (!(principal instanceof UserPrincipal)) {
......
......@@ -26,7 +26,7 @@ public class WorkflowSystemManagerApi {
* @return Workflow metadata.
*/
@PostMapping
@PreAuthorize("@authorizationFilterSP.hasPermissions()")
@PreAuthorize("@authorizationFilter.hasRootPermission()")
public WorkflowMetadata createSystemWorkflow(@RequestBody final CreateWorkflowRequest request) {
return workflowManagerService.createSystemWorkflow(request);
}
......@@ -36,7 +36,7 @@ public class WorkflowSystemManagerApi {
* @param workflowName Name of the workflow which needs to be deleted.
*/
@DeleteMapping("/{workflow_name}")
@PreAuthorize("@authorizationFilterSP.hasPermissions()")
@PreAuthorize("@authorizationFilter.hasRootPermission()")
@ResponseStatus(HttpStatus.NO_CONTENT)
public void deleteSystemWorkflowById(@PathVariable("workflow_name") final String workflowName) {
workflowManagerService.deleteSystemWorkflow(workflowName);
......
package org.opengroup.osdu.workflow.provider.interfaces;
public interface IAuthorizationServiceSP {
boolean isDomainAdminServiceAccount();
public interface IRootAuthorizationService {
boolean isRootUser();
}
......@@ -24,6 +24,7 @@ import org.opengroup.osdu.core.common.exception.UnauthorizedException;
import org.opengroup.osdu.core.common.model.entitlements.AuthorizationResponse;
import org.opengroup.osdu.core.common.model.http.DpsHeaders;
import org.opengroup.osdu.core.common.provider.interfaces.IAuthorizationService;
import org.opengroup.osdu.workflow.provider.interfaces.IRootAuthorizationService;
import org.springframework.stereotype.Component;
import org.springframework.web.context.annotation.RequestScope;
......@@ -37,6 +38,8 @@ public class AuthorizationFilter {
final DpsHeaders headers;
final IRootAuthorizationService rootAuthorizationService;
/**
* Check the access permission for provided Authorization header and the required roles.
*
......@@ -46,17 +49,26 @@ public class AuthorizationFilter {
*/
public boolean hasPermission(String... requiredRoles) {
validateMandatoryHeaders();
if (StringUtils.isEmpty(this.headers.getPartitionId())) {
throw new BadRequestException("data-partition-id header is mandatory");
}
AuthorizationResponse authResponse = authorizationService.authorizeAny(headers, requiredRoles);
headers.put(DpsHeaders.USER_EMAIL, authResponse.getUser());
return true;
}
public boolean hasRootPermission() {
validateMandatoryHeaders();
if (!StringUtils.isEmpty(this.headers.getPartitionId())) {
throw new BadRequestException("data-partition-id header should not be passed");
}
headers.put(DpsHeaders.USER_EMAIL, "RootUser");
return rootAuthorizationService.isRootUser();
}
private void validateMandatoryHeaders() {
if (StringUtils.isEmpty(this.headers.getAuthorization())) {
throw new UnauthorizedException("Authorization header is mandatory");
}
if (StringUtils.isEmpty(this.headers.getPartitionId())) {
throw new BadRequestException("data-partition-id header is mandatory");
}
}
}
package org.opengroup.osdu.workflow.security;
import org.apache.commons.lang3.StringUtils;
import org.opengroup.osdu.core.common.exception.BadRequestException;
import org.opengroup.osdu.core.common.exception.UnauthorizedException;
import org.opengroup.osdu.workflow.provider.interfaces.IAuthorizationServiceSP;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.annotation.RequestScope;
import org.opengroup.osdu.core.common.model.http.DpsHeaders;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@RequiredArgsConstructor
@Component("authorizationFilterSP")
@RequestScope
public class AuthorizationFilterSP {
@Autowired
private IAuthorizationServiceSP authorizationService;
final DpsHeaders headers;
public boolean hasPermissions() {
validateMandatoryHeaders();
headers.put(DpsHeaders.USER_EMAIL, "ServicePrincipalUser");
return authorizationService.isDomainAdminServiceAccount();
}
private void validateMandatoryHeaders() {
if (StringUtils.isEmpty(this.headers.getAuthorization())) {
throw new UnauthorizedException("Authorization header is mandatory");
}
if (!StringUtils.isEmpty(this.headers.getPartitionId())) {
throw new BadRequestException("data-partition-id header should not be passed");
}
}
}
......@@ -14,7 +14,7 @@ import org.opengroup.osdu.workflow.exception.handler.ConflictApiError;
import org.opengroup.osdu.workflow.model.CreateWorkflowRequest;
import org.opengroup.osdu.workflow.model.WorkflowMetadata;
import org.opengroup.osdu.workflow.model.WorkflowRole;
import org.opengroup.osdu.workflow.provider.interfaces.IAuthorizationServiceSP;
import org.opengroup.osdu.workflow.provider.interfaces.IRootAuthorizationService;
import org.opengroup.osdu.workflow.provider.interfaces.IWorkflowManagerService;
import org.opengroup.osdu.workflow.security.AuthorizationFilter;
import org.springframework.beans.factory.annotation.Autowired;
......@@ -105,7 +105,7 @@ class WorkflowManagerMvcTest {
private IAuthorizationService authorizationService;
@MockBean
private IAuthorizationServiceSP authorizationServiceSP;
private IRootAuthorizationService rootAuthorizationService;
@MockBean
private JaxRsDpsLog log;
......
......@@ -12,6 +12,7 @@ import org.opengroup.osdu.workflow.exception.handler.RestExceptionHandler;
import org.opengroup.osdu.workflow.model.UpdateWorkflowRunRequest;
import org.opengroup.osdu.workflow.model.WorkflowRole;
import org.opengroup.osdu.workflow.model.WorkflowRunResponse;
import org.opengroup.osdu.workflow.provider.interfaces.IRootAuthorizationService;
import org.opengroup.osdu.workflow.security.AuthorizationFilter;
import org.opengroup.osdu.workflow.model.TriggerWorkflowRequest;
import org.opengroup.osdu.workflow.provider.interfaces.IWorkflowRunService;
......@@ -106,6 +107,8 @@ class WorkflowRunMvcTest {
@MockBean
private IAuthorizationService authorizationService;
@MockBean
private IRootAuthorizationService rootAuthorizationService;
@MockBean
private RestExceptionHandler restExceptionHandler;
@MockBean
private DpsHeaders dpsHeaders;
......
......@@ -13,9 +13,9 @@ import org.opengroup.osdu.workflow.exception.WorkflowNotFoundException;
import org.opengroup.osdu.workflow.exception.handler.ConflictApiError;
import org.opengroup.osdu.workflow.model.CreateWorkflowRequest;
import org.opengroup.osdu.workflow.model.WorkflowMetadata;
import org.opengroup.osdu.workflow.provider.interfaces.IAuthorizationServiceSP;
import org.opengroup.osdu.workflow.provider.interfaces.IRootAuthorizationService;
import org.opengroup.osdu.workflow.provider.interfaces.IWorkflowManagerService;
import org.opengroup.osdu.workflow.security.AuthorizationFilterSP;
import org.opengroup.osdu.workflow.security.AuthorizationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
......@@ -48,7 +48,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
*/
@WebMvcTest(WorkflowSystemManagerApi.class)
@AutoConfigureMockMvc
@Import({AuthorizationFilterSP.class, DpsHeaders.class})
@Import({AuthorizationFilter.class, DpsHeaders.class})
class WorkflowSystemManagerMvcTest {
private static final String TEST_AUTH = "Bearer bla";
private static final String CORRELATION_ID = "sample-correlation-id";
......@@ -81,7 +81,7 @@ class WorkflowSystemManagerMvcTest {
private IAuthorizationService authorizationService;
@MockBean
private IAuthorizationServiceSP authorizationServiceSP;
private IRootAuthorizationService rootAuthorizationService;
@MockBean
private JaxRsDpsLog log;
......@@ -98,7 +98,7 @@ class WorkflowSystemManagerMvcTest {
.readValue(WORKFLOW_REQUEST, CreateWorkflowRequest.class);
final WorkflowMetadata metadata = mapper.readValue(WORKFLOW_RESPONSE, WorkflowMetadata.class);
when(workflowManagerService.createSystemWorkflow(eq(request))).thenReturn(metadata);
when(authorizationServiceSP.isDomainAdminServiceAccount())
when(rootAuthorizationService.isRootUser())
.thenReturn(true);
when(dpsHeaders.getAuthorization()).thenReturn(TEST_AUTH);
when(dpsHeaders.getPartitionId()).thenReturn("");
......@@ -112,7 +112,7 @@ class WorkflowSystemManagerMvcTest {
.andExpect(status().isOk())
.andReturn();
verify(workflowManagerService).createSystemWorkflow(eq(request));
verify(authorizationServiceSP).isDomainAdminServiceAccount();
verify(rootAuthorizationService).isRootUser();
verify(dpsHeaders).getAuthorization();
verify(dpsHeaders).getPartitionId();
final WorkflowMetadata responseMetadata =
......@@ -125,7 +125,7 @@ class WorkflowSystemManagerMvcTest {
final CreateWorkflowRequest request = mapper.readValue(WORKFLOW_REQUEST, CreateWorkflowRequest.class);
when(workflowManagerService.createSystemWorkflow(eq(request)))
.thenThrow(new ResourceConflictException(EXISTING_WORKFLOW_ID, "conflict"));
when(authorizationServiceSP.isDomainAdminServiceAccount())
when(rootAuthorizationService.isRootUser())
.thenReturn(true);
when(dpsHeaders.getAuthorization()).thenReturn(TEST_AUTH);
when(dpsHeaders.getPartitionId()).thenReturn("");
......@@ -139,7 +139,7 @@ class WorkflowSystemManagerMvcTest {
.andExpect(status().isConflict())
.andReturn();
verify(workflowManagerService).createSystemWorkflow(eq(request));
when(authorizationServiceSP.isDomainAdminServiceAccount())
when(rootAuthorizationService.isRootUser())
.thenReturn(true);
verify(dpsHeaders).getAuthorization();
verify(dpsHeaders).getPartitionId();
......@@ -151,7 +151,7 @@ class WorkflowSystemManagerMvcTest {
@Test
void testDeleteSystemApiWithSuccess() throws Exception {
doNothing().when(workflowManagerService).deleteSystemWorkflow(eq(WORKFLOW_NAME));
when(authorizationServiceSP.isDomainAdminServiceAccount())
when(rootAuthorizationService.isRootUser())
.thenReturn(true);
when(dpsHeaders.getAuthorization()).thenReturn(TEST_AUTH);
when(dpsHeaders.getCorrelationId()).thenReturn(CORRELATION_ID);
......@@ -163,7 +163,7 @@ class WorkflowSystemManagerMvcTest {
.andExpect(status().is(204))
.andReturn();
verify(workflowManagerService).deleteSystemWorkflow(eq(WORKFLOW_NAME));
verify(authorizationServiceSP).isDomainAdminServiceAccount();
verify(rootAuthorizationService).isRootUser();
verify(dpsHeaders).getAuthorization();
}
......@@ -171,7 +171,7 @@ class WorkflowSystemManagerMvcTest {
void testDeleteSystemApiWithError() throws Exception {
doThrow(new WorkflowNotFoundException("not found")).when(workflowManagerService)
.deleteSystemWorkflow(eq(WORKFLOW_NAME));
when(authorizationServiceSP.isDomainAdminServiceAccount())
when(rootAuthorizationService.isRootUser())
.thenReturn(true);
when(dpsHeaders.getAuthorization()).thenReturn(TEST_AUTH);
when(dpsHeaders.getPartitionId()).thenReturn("");
......@@ -184,7 +184,7 @@ class WorkflowSystemManagerMvcTest {
.andExpect(status().isNotFound())
.andReturn();
verify(workflowManagerService).deleteSystemWorkflow(eq(WORKFLOW_NAME));
verify(authorizationServiceSP).isDomainAdminServiceAccount();
verify(rootAuthorizationService).isRootUser();
verify(dpsHeaders).getAuthorization();
verify(dpsHeaders).getPartitionId();
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment