Commit ed480014 authored by Komal Makkar's avatar Komal Makkar Committed by Hema Vishnu Pola [Microsoft]
Browse files

Azure AuthZ and AuthN changes

parent 19677ab8
......@@ -19,7 +19,6 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.opengroup.osdu</groupId>
<artifactId>notification-azure</artifactId>
<version>1.0.0</version>
<name>notification-azure</name>
......@@ -142,6 +141,11 @@
<version>3.0.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>jwks-rsa</artifactId>
<version>0.11.0</version>
</dependency>
</dependencies>
<build>
......
......@@ -15,23 +15,36 @@
package org.opengroup.osdu.notification.provider.azure.security;
import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import javax.inject.Inject;
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AADAppRoleStatelessAuthenticationFilter appRoleAuthFilter;
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// TODO : Add antMatchers after Swagger changes merge
// TODO : Add the authZ
httpSecurity
.csrf().disable();
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
.and()
.authorizeRequests()
.antMatchers("/",
"/swagger",
"/v2/api-docs",
"/swagger-resources/**",
"/swagger-ui.html",
"/webjars/**").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(appRoleAuthFilter, UsernamePasswordAuthenticationFilter.class);
}
}
......@@ -14,27 +14,31 @@
package org.opengroup.osdu.notification.provider.azure.util;
import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import org.opengroup.osdu.notification.provider.interfaces.IServiceAccountValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;
@Component
@Service
public class AzureServiceAccountValidatorImpl implements IServiceAccountValidator {
@Autowired
AppProperties appProperties;
@Override
public boolean isValidPublisherServiceAccount(String jwt) {
// TODO : Implement the service account verification for PubSub Role
// TODO : Also check the need and means to verify the other Roles.
public boolean isValidPublisherServiceAccount(String token) {
return isValidServiceAccount(token, this.appProperties.getAadClientID());
// Marking it to return true, for the integration tests.
return true;
}
@Override
public boolean isValidServiceAccount(String jwt, String userIdentity, String... audiences) {
// TODO : Implement the service account verification for PubSub Role
// TODO : Also check the need and means to verify the other Roles.
// Marking it to return true, for the integration tests.
return true;
public boolean isValidServiceAccount(String token, String userIdentity, String... audiences) {
// TODO : find out if this will be required to authZ,
// when we are are authZ through Entitlement Service.
//
// Tracking through a issue.
return false;
}
}
// Copyright © Microsoft Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package org.opengroup.osdu.notification.util;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Spy;
import org.mockito.junit.MockitoJUnitRunner;
import org.opengroup.osdu.notification.provider.azure.util.AppProperties;
import org.opengroup.osdu.notification.provider.azure.util.AzureServiceAccountValidatorImpl;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
public class AzureServiceAccountValidatorImplTest {
private static String invalidAADClientID = "testInvalidAADClientID";
private static String invalidJWT = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkdW1teUBkdW1teS5jb20iLCJpc3MiOiJkdW1teUBkdW1teS5jb20iLCJhdWQiOiJkdW1teS5kdW1teS5jb20iLCJpYXQiOjE1NTYxMzcyNzMsImV4cCI6MTU1NjIzMDk3OSwicHJvdmlkZXIiOiJkdW1teS5jb20iLCJjbGllbnQiOiJkdW1teS5jb20iLCJ1c2VyaWQiOiJkdW1teXRlc3Rlci5jb20iLCJlbWFpbCI6ImR1bW15dGVzdGVyLmNvbSIsImF1dGh6IjoiIiwibGFzdG5hbWUiOiJkdW1teSIsImZpcnN0bmFtZSI6ImR1bW15IiwiY291bnRyeSI6IiIsImNvbXBhbnkiOiIiLCJqb2J0aXRsZSI6IiIsInN1YmlkIjoiZHVtbXlpZCIsImlkcCI6ImR1bW15IiwiaGQiOiJkdW1teS5jb20iLCJkZXNpZCI6ImR1bW15aWQiLCJjb250YWN0X2VtYWlsIjoiZHVtbXlAZHVtbXkuY29tIiwianRpIjoiNGEyMWYyYzItZjU5Yy00NWZhLTk0MTAtNDNkNDdhMTg4ODgwIn0.nkiyKtfXXxAlC60iDjXuB2EAGDfZiVglP-CyU1T4etc";
@Mock
private AppProperties appProperties;
@InjectMocks
@Spy
private AzureServiceAccountValidatorImpl sut;
@Before
public void setup() {
when(this.appProperties.getAadClientID()).thenReturn(this.invalidAADClientID);
}
@Test
public void should_returnFalse_isValidServiceAccount() {
// Set Up
boolean expected = false;
// Act
boolean observed = this.sut.isValidPublisherServiceAccount(invalidJWT);
// Assert
Assert.assertEquals(expected, observed);
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment