Commit 8a1a3410 authored by Shrikant Garg's avatar Shrikant Garg Committed by Anuj Gupta
Browse files

ibm fixes for entitlement

parent 849a4ae4
......@@ -20,6 +20,7 @@ The following software have components provided under the terms of this license:
- Apache Groovy (from http://groovy-lang.org)
- Apache HttpAsyncClient (from http://hc.apache.org/httpcomponents-asyncclient)
- Apache HttpClient (from http://hc.apache.org/httpcomponents-client)
- Apache HttpClient Cache (from http://hc.apache.org/httpcomponents-client)
- Apache HttpCore (from http://hc.apache.org/httpcomponents-core-ga)
- Apache HttpCore NIO (from http://hc.apache.org/httpcomponents-core-ga)
- Apache JAMES Mime4j (Assembly) (from )
......
......@@ -56,7 +56,7 @@
<version.keycloak>9.0.0</version.keycloak>
<org.jboss.logging.provider>slf4j</org.jboss.logging.provider>
<start-class>org.opengroup.osdu.ibm.entitlements.EntitlementsApplication</start-class>
<os-core-lib-ibm.version>0.3.6-SNAPSHOT</os-core-lib-ibm.version>
<os-core-lib-ibm.version>0.3.8-SNAPSHOT</os-core-lib-ibm.version>
</properties>
......
......@@ -16,7 +16,6 @@ package org.opengroup.osdu.ibm.entitlements.api;
import javax.annotation.security.RolesAllowed;
import javax.inject.Inject;
import javax.ws.rs.NotFoundException;
import org.opengroup.osdu.core.common.model.entitlements.CreateGroup;
import org.opengroup.osdu.core.common.model.entitlements.GetMembers;
......@@ -25,6 +24,7 @@ import org.opengroup.osdu.core.common.model.entitlements.GroupInfo;
import org.opengroup.osdu.core.common.model.entitlements.Groups;
import org.opengroup.osdu.core.common.model.entitlements.MemberInfo;
import org.opengroup.osdu.core.common.model.entitlements.Members;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.ibm.entitlements.model.EntitlementsRole;
import org.opengroup.osdu.ibm.entitlements.service.EntitlementsIBM;
import org.springframework.http.HttpStatus;
......@@ -35,8 +35,11 @@ import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import com.google.api.client.util.Strings;
@RestController
@Validated
public class EntitlementsApi {
......@@ -65,8 +68,14 @@ public class EntitlementsApi {
@RolesAllowed(EntitlementsRole.ROLE_VIEWER)
public ResponseEntity<Members> getMembers(
@PathVariable("groupEmail") GroupEmail groupEmail,
@RequestBody GetMembers getMembers) {
@RequestParam(required = false) String cursor,
@RequestParam(required = false) String limit,
@RequestParam(required = false) String role) {
if (Strings.isNullOrEmpty(limit)) {
limit = "0";
}
GetMembers getMembers = new GetMembers(cursor, Integer.parseInt(limit));
return new ResponseEntity<Members>(entitlementsIBM.getMembers(groupEmail, getMembers), HttpStatus.OK);
}
......@@ -79,8 +88,8 @@ public class EntitlementsApi {
try {
return new ResponseEntity<MemberInfo>(entitlementsIBM.addMember(groupEmail, memberInfo), HttpStatus.OK);
} catch (NotFoundException e) {
if(entitlementsIBM.createUser(memberInfo)) {
} catch (AppException e) {
if(e.getError().getMessage().equals("User not found.") && entitlementsIBM.createUser(memberInfo)) {
return new ResponseEntity<MemberInfo>(entitlementsIBM.addMember(groupEmail, memberInfo), HttpStatus.OK);
}
}
......
package org.opengroup.osdu.ibm.entitlements.api;
import javax.annotation.security.PermitAll;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HealthCheckApi {
@PermitAll
@GetMapping("/liveness_check")
public ResponseEntity<String> livenessCheck() {
return new ResponseEntity<String>("Entitlement service is alive", HttpStatus.OK);
}
@PermitAll
@GetMapping("/readiness_check")
public ResponseEntity<String> readinessCheck() {
return new ResponseEntity<String>("Entitlement service is ready", HttpStatus.OK);
}
}
......@@ -41,9 +41,9 @@ public class EntitlementsAuthenticationProvider implements AuthenticationProvide
}
if (!token.getAccount().getRoles().contains("service.entitlements.viewer")) {
logger.info("User token does not contain required roles, calling keycloak to look for additional roles");
for (String role : query.getRolesForAuth(authentication)) {
logger.info("Adding role {}", role);
grantedAuthorities.add(new KeycloakRole(role));
}
}
......
......@@ -71,6 +71,8 @@ public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
http
.authorizeRequests()
.antMatchers("/",
"/liveness_check",
"/readiness_check",
"/api-docs",
"/swagger-resources/**",
"/swagger-ui.html",
......
......@@ -103,8 +103,8 @@ public class EntitlementsIBM implements IEntitlementsService {
grpInfo.setDescription(createGroup.getDescription());
return grpInfo;
} catch (BadRequestException e) {
throw new AppException(HttpStatus.SC_BAD_REQUEST, "bad request", "Error calling Keycloak");
}
throw new AppException(HttpStatus.SC_BAD_REQUEST, "bad request", "Error calling Keycloak",e);
}
}
......
......@@ -44,7 +44,6 @@ import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.MappingsRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.opengroup.osdu.core.common.exception.BadRequestException;
import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
import org.opengroup.osdu.core.common.model.entitlements.CreateGroup;
import org.opengroup.osdu.core.common.model.entitlements.GetMembers;
......@@ -281,11 +280,22 @@ public class KeycloakQuery {
getMembers.setCursor("0");
}
if (getMembers.getLimit() == 0 || getMembers.getLimit() < 0) {
getMembers.setLimit(Integer.MAX_VALUE);
}
RoleResource roleResource;
try {
roleResource = realmResource.roles().get(groupEmail.getGroupEmail().split("@")[0]);
//here roleResource is not null and we have to invoke a method on roleResource obj.
//to throw NotFoundException in case role do not exists.
String roleName = roleResource.toRepresentation().getName();
logger.info("Retrieving users assigned with role: "+roleName);
} catch (NotFoundException e) {
throw new AppException(HttpStatus.SC_NOT_FOUND, "Group not found.", "Group not found.",e);
} catch (Exception e) {
throw new NotFoundException("Group not found.");
throw new AppException(HttpStatus.SC_NOT_FOUND, "Group not found.", "Group not found.",e);
}
Set<UserRepresentation> users = roleResource.getRoleUserMembers(Integer.parseInt(getMembers.getCursor()), getMembers.getLimit());
......@@ -325,7 +335,7 @@ public class KeycloakQuery {
}
if (username == null) {
throw new NotFoundException("User not found.");
throw new AppException(HttpStatus.SC_NOT_FOUND, "User not found.", "User not found.");
}
return username;
......@@ -335,7 +345,7 @@ public class KeycloakQuery {
try {
return realmResource.roles().get(groupEmail.split("@")[0]).toRepresentation();
} catch (Exception e) {
throw new NotFoundException("Group not found.");
throw new AppException(HttpStatus.SC_NOT_FOUND, "Group not found.", "Group not found.");
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment