merging with lastest ent ibm fix

42ecadaa · Anuj Gupta · 7f8aae03 · 42ecadaa · 42ecadaa · 42ecadaa
Commit 42ecadaa authored Sep 03, 2020 by Anuj Gupta
--- a/Jenkinsfile
+++ b/Jenkinsfile
+pipeline {
+  agent any
+  tools {
+    maven '3.6.3'
+  }
+  stages {
+        stage('Build') {
+      steps {
+        sh 'mvn clean compile'
+      }
+    }
+    stage('Test') {
+      steps {
+        sh 'mvn test'
+      }
+    }
+   }
+ }
\ No newline at end of file
--- a/NOTICE
+++ b/NOTICE
@@ -2,13 +2,6 @@
 Generated by fossa-cli (https://github.com/fossas/fossa-cli).
 This software includes the following software and licenses:

-========================================================================
-Apache-1.1
-========================================================================
-The following software have components provided under the terms of this license:
-
- StAX (from http://stax.codehaus.org/)
-
 ========================================================================
 Apache-2.0
 ========================================================================
@@ -47,6 +40,10 @@ The following software have components provided under the terms of this license:
 - Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
 - HPPC Collections (from http://labs.carrotsearch.com)
 - Hibernate Validator Engine (from )
+- IBM COS Java SDK for Amazon S3 (from https://github.com/ibm/ibm-cos-sdk-java)
+- IBM COS Java SDK for COS KMS (from https://github.com/ibm/ibm-cos-sdk-java)
+- IBM COS SDK For Java (from https://github.com/ibm/ibm-cos-sdk-java)
+- IBM COS SDK for Java - Core (from https://github.com/ibm/ibm-cos-sdk-java)
 - J2ObjC Annotations (from https://github.com/google/j2objc/)
 - JAX-RS 2.1: The Java(TM) API for RESTful Web Services (from )
 - JBoss Logging 3 (from http://www.jboss.org)
@@ -127,7 +124,6 @@ The following software have components provided under the terms of this license:
 - Reactive Object Pool (from https://github.com/reactor/reactor-pool)
 - Reactive Streams Netty driver (from https://github.com/reactor/reactor-netty)
 - Resteasy Multipart Provider (from )
- Simple XML (from http://simple.sourceforge.net)
 - SnakeYAML (from http://www.snakeyaml.org)
 - Spring AOP (from https://github.com/spring-projects/spring-framework)
 - Spring Beans (from https://github.com/spring-projects/spring-framework)
@@ -153,8 +149,6 @@ The following software have components provided under the terms of this license:
 - Spring Transaction (from https://github.com/spring-projects/spring-framework)
 - Spring Web (from https://github.com/spring-projects/spring-framework)
 - Spring Web MVC (from https://github.com/spring-projects/spring-framework)
- StAX (from http://stax.codehaus.org/)
- StAX API (from http://stax.codehaus.org/)
 - T-Digest (from https://github.com/tdunning/t-digest)
 - aggs-matrix-stats (from https://github.com/elastic/elasticsearch)
 - cli (from https://github.com/elastic/elasticsearch)
@@ -162,6 +156,7 @@ The following software have components provided under the terms of this license:
 - elasticsearch-core (from https://github.com/elastic/elasticsearch)
 - fastinfoset (from http://fi.java.net)
 - io.grpc:grpc-context (from https://github.com/grpc/grpc-java)
+- ion-java (from https://github.com/amznlabs/ion-java/)
 - jackson-databind (from http://github.com/FasterXML/jackson)
 - java-cloudant (from https://cloudant.com)
 - java-cloudant (from https://cloudant.com)
@@ -169,7 +164,6 @@ The following software have components provided under the terms of this license:
 - json-patch (from https://github.com/fge/json-patch)
 - lang-mustache (from https://github.com/elastic/elasticsearch)
 - lettuce (from http://github.com/mp911de/lettuce/wiki)
- minio (from https://github.com/minio/minio-java)
 - org.xmlunit:xmlunit-core (from http://www.xmlunit.org/)
 - parent-join (from https://github.com/elastic/elasticsearch)
 - proton-j (from )
@@ -207,7 +201,6 @@ The following software have components provided under the terms of this license:

 - Hamcrest Core (from http://hamcrest.org/)
 - Lucene Common Analyzers (from )
- StAX (from http://stax.codehaus.org/)
 - fastinfoset (from http://fi.java.net)

 ========================================================================
@@ -233,7 +226,6 @@ CC-BY-3.0
 ========================================================================
 The following software have components provided under the terms of this license:

- "Java Concurrency in Practice" book annotations (from http://jcip.net/)
 - FindBugs-jsr305 (from http://findbugs.sourceforge.net/)

 ========================================================================
@@ -345,7 +337,6 @@ The following software have components provided under the terms of this license:
 - Logback Classic Module (from )
 - Logback Core Module (from )
 - Msg Simple (from https://github.com/fge/msg-simple)
- SpotBugs Annotations (from https://spotbugs.github.io/)
 - json-patch (from https://github.com/fge/json-patch)

 ========================================================================
@@ -354,7 +345,6 @@ LGPL-2.1-or-later
 The following software have components provided under the terms of this license:

 - SnakeYAML (from http://www.snakeyaml.org)
- SpotBugs Annotations (from https://spotbugs.github.io/)

 ========================================================================
 LGPL-3.0-only

--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@
 		<version>2.1.9.RELEASE</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
-	
+
 	<groupId>org.opengroup.osdu.ibm</groupId>
 	<artifactId>entitlements</artifactId>
 	<version>0.0.1-SNAPSHOT</version>
@@ -56,10 +56,10 @@
 		<version.keycloak>9.0.0</version.keycloak>
 		<org.jboss.logging.provider>slf4j</org.jboss.logging.provider>
 		<start-class>org.opengroup.osdu.ibm.entitlements.EntitlementsApplication</start-class>
-		<os-core-lib-ibm.version>0.0.18</os-core-lib-ibm.version>
+		<os-core-lib-ibm.version>0.3.6-SNAPSHOT</os-core-lib-ibm.version>
 	</properties>
-	
-	
+
+
 	<licenses>
 		<license>
 			<name>Apache License, Version 2.0</name>
@@ -69,14 +69,14 @@
 	</licenses>

 	<dependencies>
-	
+
 		<!-- IBM core services -->
 		<dependency>
 			<groupId>org.opengroup.osdu</groupId>
 			<artifactId>os-core-lib-ibm</artifactId>
 			<version>${os-core-lib-ibm.version}</version>
 		</dependency>
-		
+
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter</artifactId>
@@ -171,7 +171,7 @@
 			<version>2.5.8</version>
 			<type>pom</type>
 		</dependency>
-		
+
 		<!-- test -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>

--- a/src/main/java/org/opengroup/osdu/core/common/model/entitlements/CreateGroup.java
+++ b/src/main/java/org/opengroup/osdu/core/common/model/entitlements/CreateGroup.java
+// Copyright 2017-2019, Schlumberger
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package org.opengroup.osdu.core.common.model.entitlements;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+// TODO copy from core common, should be removed after update
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class CreateGroup {
+	String name;
+    String description;
+}
\ No newline at end of file
--- a/src/main/java/org/opengroup/osdu/core/common/model/entitlements/GetMembers.java
+++ b/src/main/java/org/opengroup/osdu/core/common/model/entitlements/GetMembers.java
+// Copyright 2017-2019, Schlumberger
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package org.opengroup.osdu.core.common.model.entitlements;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+//TODO copy from core common, should be removed after update
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class GetMembers {
+    // String role; IBM just have MEMBERS
+    String cursor;
+    int limit;
+}
\ No newline at end of file
--- a/src/main/java/org/opengroup/osdu/core/common/model/entitlements/GroupInfo.java
+++ b/src/main/java/org/opengroup/osdu/core/common/model/entitlements/GroupInfo.java
+// Copyright 2017-2019, Schlumberger
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package org.opengroup.osdu.core.common.model.entitlements;
+
+import lombok.Data;
+
+@Data
+public class GroupInfo {
+    String name;
+    String email;
+    String description;
+    String groupEmail;
+    
+    public void setEmail(String email) {
+    	this.email = email;
+    	this.groupEmail = email;
+    }
+    
+    public void setName(String name) {
+    	this.name = name;
+    }
+    
+    public void setDescription(String description) {
+    	this.description = description;
+    }
+}
\ No newline at end of file
--- a/src/main/java/org/opengroup/osdu/ibm/entitlements/di/HeaderFactoryIBM.java
+++ b/src/main/java/org/opengroup/osdu/ibm/entitlements/di/HeaderFactoryIBM.java
-// Copyright 2020 IBM Corp. All Rights Reserved.
+// Copyright 2017-2019, Schlumberger
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,32 +12,32 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-package org.opengroup.osdu.ibm.entitlements.di;
+package org.opengroup.osdu.core.common.model.entitlements;

-import java.util.Collections;
-import java.util.Map;
-import java.util.stream.Collectors;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;

-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
+//TODO copy from core common, should be removed after update
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class MemberInfo {
+    String email;
+    //String role;

-import org.opengroup.osdu.core.common.model.http.DpsHeaders;
-import org.springframework.stereotype.Component;
-import org.springframework.web.context.annotation.RequestScope;
-
-@Component("HeaderFactoryIBM")
-@RequestScope
-public class HeaderFactoryIBM extends DpsHeaders {
-
-    @Inject
-    public HeaderFactoryIBM(HttpServletRequest request) {
+    /*public static MemberInfo Owner(String email) {
+        return MemberInfo.builder().email(email).role(Roles.OWNER).build();
+    }

-        Map<String, String> headers = Collections
-                .list(request.getHeaderNames())
-                .stream()
-                .collect(Collectors.toMap(h -> h, request::getHeader));
+    public static MemberInfo Manager(String email) {
+        return MemberInfo.builder().email(email).role(Roles.MANAGER).build();
+    }*/

-        DpsHeaders dps = DpsHeaders.createFromMap(headers);
-        dps.getHeaders().forEach( (k, v) -> this.put(k,v));
+    public static MemberInfo Member(String email) {
+        //return MemberInfo.builder().email(email).role(Roles.MEMBER).build();
+        return MemberInfo.builder().email(email).build();
    }
-}
+}
\ No newline at end of file
--- a/src/main/java/org/opengroup/osdu/ibm/entitlements/GlobalExceptionMapper.java
+++ b/src/main/java/org/opengroup/osdu/ibm/entitlements/GlobalExceptionMapper.java
@@ -14,11 +14,9 @@

 package org.opengroup.osdu.ibm.entitlements;

-import javax.validation.ValidationException;
-
+import javassist.NotFoundException;
+import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
 import org.opengroup.osdu.core.common.model.http.AppException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpStatus;
@@ -28,14 +26,16 @@ import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;

-import javassist.NotFoundException;
+import javax.inject.Inject;
+import javax.validation.ValidationException;

 @Order(Ordered.HIGHEST_PRECEDENCE)
 @ControllerAdvice
 public class GlobalExceptionMapper extends ResponseEntityExceptionHandler {

-	private final Logger logger = LoggerFactory.getLogger(GlobalExceptionMapper.class);
-	
+    @Inject
+    private JaxRsDpsLog logger;
+
    @ExceptionHandler(AppException.class)
    protected ResponseEntity<Object> handleAppException(AppException e) {
        return this.getErrorResponse(e);
@@ -43,12 +43,8 @@ public class GlobalExceptionMapper extends ResponseEntityExceptionHandler {

    @ExceptionHandler(ValidationException.class)
    protected ResponseEntity<Object> handleValidationException(ValidationException e) {
-        if (e.getMessage().endsWith("Unauthorized"))
-            return this.getErrorResponse(
-                    new AppException(HttpStatus.FORBIDDEN.value(), "Access denied", e.getMessage(), e));
-        else
-            return this.getErrorResponse(
-                    new AppException(HttpStatus.BAD_REQUEST.value(), "Validation error.", e.getMessage(), e));
+        return this.getErrorResponse(
+                new AppException(HttpStatus.BAD_REQUEST.value(), "Validation error.", e.getMessage(), e));
    }

    @ExceptionHandler(NotFoundException.class)
@@ -65,7 +61,6 @@ public class GlobalExceptionMapper extends ResponseEntityExceptionHandler {

    @ExceptionHandler(Exception.class)
    protected ResponseEntity<Object> handleGeneralException(Exception e) {
-    	//e.printStackTrace();
        return this.getErrorResponse(
                new AppException(HttpStatus.INTERNAL_SERVER_ERROR.value(), "Server error.",
                        "An unknown error has occurred.", e));
@@ -78,11 +73,11 @@ public class GlobalExceptionMapper extends ResponseEntityExceptionHandler {
                : e.getError().getMessage();

        if (e.getError().getCode() > 499) {
-            this.logger.error(exceptionMsg, e.getOriginalException());
+            this.logger.error(exceptionMsg, e);
        } else {
-            this.logger.warn(exceptionMsg, e.getOriginalException());
+            this.logger.warning(exceptionMsg, e);
        }

        return new ResponseEntity<Object>(e.getError(), HttpStatus.resolve(e.getError().getCode()));
    }
-}
+}
\ No newline at end of file
--- a/src/main/java/org/opengroup/osdu/ibm/entitlements/api/EntitlementsApi.java
+++ b/src/main/java/org/opengroup/osdu/ibm/entitlements/api/EntitlementsApi.java
@@ -16,8 +16,7 @@ package org.opengroup.osdu.ibm.entitlements.api;

 import javax.annotation.security.RolesAllowed;
 import javax.inject.Inject;
-import javax.validation.Valid;
-import javax.validation.constraints.NotEmpty;
+import javax.ws.rs.NotFoundException;

 import org.opengroup.osdu.core.common.model.entitlements.CreateGroup;
 import org.opengroup.osdu.core.common.model.entitlements.GetMembers;
@@ -26,6 +25,7 @@ import org.opengroup.osdu.core.common.model.entitlements.GroupInfo;
 import org.opengroup.osdu.core.common.model.entitlements.Groups;
 import org.opengroup.osdu.core.common.model.entitlements.MemberInfo;
 import org.opengroup.osdu.core.common.model.entitlements.Members;
+import org.opengroup.osdu.ibm.entitlements.model.EntitlementsRole;
 import org.opengroup.osdu.ibm.entitlements.service.EntitlementsIBM;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -55,37 +55,48 @@ public class EntitlementsApi {
    }
    
    @PostMapping("/groups")
-    @RolesAllowed("ROLE_service.entitlements.admin")
-    public ResponseEntity<GroupInfo> postGroup(@RequestBody @Valid @NotEmpty CreateGroup newGroup) {
+    @RolesAllowed(EntitlementsRole.ROLE_ADMIN)
+    public ResponseEntity<GroupInfo> postGroup(@RequestBody CreateGroup newGroup) {
    	GroupInfo groupInfo = entitlementsIBM.createGroup(newGroup);
-        return new ResponseEntity<GroupInfo>(groupInfo, HttpStatus.CREATED);
+   		return new ResponseEntity<GroupInfo>(groupInfo, HttpStatus.OK);
    }
    
    @GetMapping("/groups/{groupEmail}/members")
-    @RolesAllowed("ROLE_service.entitlements.viewer")
+    @RolesAllowed(EntitlementsRole.ROLE_VIEWER)
    public ResponseEntity<Members> getMembers(
    		@PathVariable("groupEmail") GroupEmail groupEmail,
-    		@RequestBody @Valid @NotEmpty GetMembers getMembers) {
-        Members members = entitlementsIBM.getMembers(groupEmail, getMembers);
-        return new ResponseEntity<Members>(members, HttpStatus.OK);
+    		@RequestBody GetMembers getMembers) {
+    	
+    	return new ResponseEntity<Members>(entitlementsIBM.getMembers(groupEmail, getMembers), HttpStatus.OK);
+
    }
    
    @PostMapping("/groups/{groupEmail}/members")
-    @RolesAllowed("ROLE_service.entitlements.admin")
+    @RolesAllowed(EntitlementsRole.ROLE_ADMIN)
    public ResponseEntity<MemberInfo> postMembers(
    		@PathVariable("groupEmail") GroupEmail groupEmail,
-    		@RequestBody @Valid @NotEmpty MemberInfo memberInfo) {
-    	MemberInfo addedMemberInfo = entitlementsIBM.addMember(groupEmail, memberInfo);
-        return new ResponseEntity<MemberInfo>(addedMemberInfo, HttpStatus.CREATED);
+    		@RequestBody MemberInfo memberInfo) {
+
+    	try {
+    		return new ResponseEntity<MemberInfo>(entitlementsIBM.addMember(groupEmail, memberInfo), HttpStatus.OK);
+    	} catch (NotFoundException e) {
+    		if(entitlementsIBM.createUser(memberInfo)) {
+    			return new ResponseEntity<MemberInfo>(entitlementsIBM.addMember(groupEmail, memberInfo), HttpStatus.OK);
+    		}
+    	}
+		return new ResponseEntity<MemberInfo>(memberInfo,HttpStatus.BAD_REQUEST);
+
    }
    
    @DeleteMapping("/groups/{groupEmail}/members/{memberEmail}")
-    @RolesAllowed("ROLE_service.entitlements.admin")
+    @RolesAllowed(EntitlementsRole.ROLE_ADMIN)
 	public ResponseEntity<Void> deleteMember(
 			@PathVariable("groupEmail") String groupEmail,
    		@PathVariable("memberEmail") String memberEmail) {
+    		
    	entitlementsIBM.deleteMember(groupEmail, memberEmail);
 		return new ResponseEntity<Void>(HttpStatus.NO_CONTENT);
+		
 	}
    
 }
--- a/src/main/java/org/opengroup/osdu/ibm/entitlements/di/TenantInfoProvider.java
+++ b/src/main/java/org/opengroup/osdu/ibm/entitlements/di/TenantInfoProvider.java
@@ -20,7 +20,6 @@ import org.opengroup.osdu.core.common.model.http.DpsHeaders;
 import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
 import org.opengroup.osdu.core.common.provider.interfaces.ITenantFactory;
 import org.springframework.beans.factory.FactoryBean;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Scope;
 import org.springframework.context.annotation.ScopedProxyMode;
 import org.springframework.stereotype.Component;
@@ -33,7 +32,6 @@ public class TenantInfoProvider implements FactoryBean<TenantInfo> {
    private ITenantFactory tenantFactory;

    @Inject
-    @Qualifier("HeaderFactoryIBM")
    private DpsHeaders headers;

    @Override

--- a/src/main/java/org/opengroup/osdu/ibm/entitlements/model/EntitlementsRole.java
+++ b/src/main/java/org/opengroup/osdu/ibm/entitlements/model/EntitlementsRole.java
@@ -15,13 +15,15 @@
 package org.opengroup.osdu.ibm.entitlements.model;

 public class EntitlementsRole {
-	
+
 	private EntitlementsRole() { }

    public static final String PREFIX = "ROLE_";

-    public static final String ADMIN = "service.entitlements.admin";
+    public static final String ADMIN  = "service.entitlements.admin";
+    public static final String VIEWER = "service.entitlements.viewer";

-    public static final String ROLE_ADMIN = PREFIX + ADMIN;
+    public static final String ROLE_ADMIN  = PREFIX + ADMIN;
+    public static final String ROLE_VIEWER = PREFIX + VIEWER;

 }
--- a/src/main/java/org/opengroup/osdu/ibm/entitlements/security/AppKeyValidator.java
+++ b/src/main/java/org/opengroup/osdu/ibm/entitlements/security/AppKeyValidator.java
@@ -17,25 +17,25 @@ package org.opengroup.osdu.ibm.entitlements.security;
 import javax.validation.ConstraintValidator;
 import javax.validation.ConstraintValidatorContext;

-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;

 public class AppKeyValidator implements ConstraintValidator<ValidAppKey, String> {
 	
-	private final Logger logger = LoggerFactory.getLogger(AppKeyValidator.class);
+	@Autowired
+    private JaxRsDpsLog logger;
 	
    @Value("${APP_KEY}")
    private String APP_KEY;

    @Override
    public void initialize(ValidAppKey constraintAnnotation) {
-    	logger.debug("APP_KEY: " + APP_KEY);
+    	logger.info("APP_KEY: " + APP_KEY);
    }

    @Override
    public boolean isValid(String apiKey, ConstraintValidatorContext context) {
-    	logger.debug("isValid: " + apiKey + " = " + APP_KEY);
        return apiKey.equals(APP_KEY);
    }
 }
--- a/src/main/java/org/opengroup/osdu/ibm/entitlements/security/EntitlementsAuthenticationProvider.java
+++ b/src/main/java/org/opengroup/osdu/ibm/entitlements/security/EntitlementsAuthenticationProvider.java
@@ -4,14 +4,11 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;

-import javax.inject.Inject;
-
 import org.keycloak.adapters.springsecurity.account.KeycloakRole;
 import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
-import org.opengroup.osdu.ibm.entitlements.service.EntitlementsIBM;
+import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
 import org.opengroup.osdu.ibm.entitlements.service.KeycloakQuery;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -19,17 +16,18 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;

 public class EntitlementsAuthenticationProvider implements AuthenticationProvider {
-	
-	private final Logger logger = LoggerFactory.getLogger(EntitlementsAuthenticationProvider.class);
-	
+
+	@Autowired
+    private JaxRsDpsLog logger;
+
    private GrantedAuthoritiesMapper grantedAuthoritiesMapper;

    public void setGrantedAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
    }
-	
+
    private KeycloakQuery query;
-    
+
    public void setQuery(KeycloakQuery query) {
 		this.query = query;
 	}
@@ -41,7 +39,15 @@ public class EntitlementsAuthenticationProvider implements AuthenticationProvide
        for (String role : token.getAccount().getRoles()) {
            grantedAuthorities.add(new KeycloakRole(role));
        }
-        
+
+        if (!token.getAccount().getRoles().contains("service.entitlements.viewer")) {
+        	logger.info("User token does not contain required roles, calling keycloak to look for additional roles");
+        	for (String role : query.getRolesForAuth(authentication)) {
+        		logger.info("Adding role {}", role);
+        		grantedAuthorities.add(new KeycloakRole(role));
+        	}
+        }
+
        return new KeycloakAuthenticationToken(token.getAccount(), token.isInteractive(), mapAuthorities(grantedAuthorities));
    }
    private Collection<? extends GrantedAuthority> mapAuthorities(

--- a/src/main/java/org/opengroup/osdu/ibm/entitlements/security/SecurityConfig.java
+++ b/src/main/java/org/opengroup/osdu/ibm/entitlements/security/SecurityConfig.java
@@ -77,5 +77,6 @@ public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {