Fix duplicate AuthorizationService.java and missing entitlements bean from is-core

72d9453a · Wyatt Nielsen · f5eabe93 · f5eabe93
Commit 72d9453a authored 5 years ago by Wyatt Nielsen
--- a/indexer-core/src/main/java/org/opengroup/osdu/indexer/auth/AuthorizationServiceEntitlements.java
+++ b/indexer-core/src/main/java/org/opengroup/osdu/indexer/auth/AuthorizationServiceEntitlements.java
-// Copyright 2017-2019, Schlumberger
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package org.opengroup.osdu.indexer.auth;
-
-import org.opengroup.osdu.core.common.model.http.DpsHeaders;
-import org.opengroup.osdu.core.common.model.entitlements.EntitlementsException;
-import org.opengroup.osdu.core.common.model.entitlements.GroupInfo;
-import org.opengroup.osdu.core.common.model.entitlements.Groups;
-import org.opengroup.osdu.core.common.model.http.AppException;
-import org.opengroup.osdu.core.common.model.entitlements.AuthorizationResponse;
-import org.opengroup.osdu.core.common.service.http.HttpResponse;
-import org.opengroup.osdu.core.common.service.entitlements.IEntitlementsFactory;
-import org.opengroup.osdu.core.common.service.entitlements.IEntitlementsService;
-import org.opengroup.osdu.core.common.service.logging.JaxRsDpsLog;
-import org.opengroup.osdu.core.common.service.http.HeadersUtil;
-import org.opengroup.osdu.core.common.provider.interfaces.IAuthorizationService;
-import org.springframework.context.annotation.Lazy;
-import org.springframework.stereotype.Service;
-import org.springframework.web.context.annotation.RequestScope;
-
-import javax.inject.Inject;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.stream.Collectors;
-
-@Service
-@RequestScope
-public class AuthorizationServiceEntitlements implements IAuthorizationService {
-
-    private static final String TENANT_GROUP_FORMAT = "@%s";
-
-    @Inject
-    private IEntitlementsFactory factory;
-    @Inject
-    @Lazy
-    private JaxRsDpsLog jaxRsDpsLog;
-
-    @Override
-    public AuthorizationResponse authorizeAny(DpsHeaders headers, String... roles) {
-        AuthorizationResponse authorizationResponse = null;
-        IEntitlementsService service = factory.create(headers);
-        try {
-            authorizationResponse = authorizeAny(headers, service.getGroups(), roles);
-        } catch (EntitlementsException e) {
-            handleEntitlementsException(e, headers);
-        }
-        return authorizationResponse;
-    }
-
-    @Override
-    public AuthorizationResponse authorizeAny(String tenantName, DpsHeaders headers, String... roles) {
-        IEntitlementsService service = factory.create(headers);
-        AuthorizationResponse authorizationResponse = null;
-        try {
-            Groups groups = service.getGroups();
-            List<GroupInfo> allGroups = new ArrayList<>(groups.getGroups());
-            groups.setGroups(groups.getGroups().stream().filter(groupInfo -> groupInfo.getEmail()
-                    .contains(String.format(TENANT_GROUP_FORMAT, tenantName))).collect(Collectors.toList()));
-
-            authorizationResponse = authorizeAny(headers, groups, roles);
-            groups.setGroups(allGroups);
-        } catch (EntitlementsException e) {
-            handleEntitlementsException(e, headers);
-        }
-        return authorizationResponse;
-    }
-
-    private void handleEntitlementsException(EntitlementsException e, DpsHeaders headers) {
-        HttpResponse response = e.getHttpResponse();
-        throw new AppException(response.getResponseCode(), "Access denied", "The user is not authorized to perform this action", HeadersUtil.toLogMsg(headers, null), e);
-    }
-
-    private AuthorizationResponse authorizeAny(DpsHeaders headers, Groups groups, String... roles) {
-        String userEmail = null;
-        List<String> logMessages = new ArrayList<>();
-        Long curTimeStamp = System.currentTimeMillis();
-        Long latency = System.currentTimeMillis() - curTimeStamp;
-
-        logMessages.add(String.format("entitlements-api latency: %s", latency));
-        logMessages.add(String.format("groups: %s", getEmailFromGroups(groups)));
-        if (groups != null) {
-            userEmail = groups.getMemberEmail();
-            if (groups.any(roles)) {
-                return AuthorizationResponse.builder().user(userEmail).groups(groups).build();
-            }
-        }
-        jaxRsDpsLog.info(String.join(" | ", logMessages));
-        jaxRsDpsLog.info(HeadersUtil.toLogMsg(headers, userEmail));
-        throw AppException.createUnauthorized("required search service roles are missing for user");
-    }
-
-    private String getEmailFromGroups(Groups groups) {
-        if (groups == null) return "";
-        return groups.getGroups().stream().map(GroupInfo::getEmail).collect(Collectors.joining(" | "));
-    }
-}