fix authorization service

e0725552 · Rustam Lotsmanenko (EPAM) · 7a373a8a · e0725552 · 7a373a8a
Commit e0725552 authored 4 years ago by Rustam Lotsmanenko (EPAM)
--- a/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/AuthorizationService.java
+++ b/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/AuthorizationService.java
@@ -17,7 +17,14 @@

 package org.opengroup.osdu.partition.provider.gcp.security;

-import org.opengroup.osdu.core.common.entitlements.IEntitlementsAndCacheService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.checkerframework.checker.units.qual.A;
+import org.opengroup.osdu.core.common.entitlements.IEntitlementsFactory;
+import org.opengroup.osdu.core.common.entitlements.IEntitlementsService;
+import org.opengroup.osdu.core.common.http.HttpResponse;
+import org.opengroup.osdu.core.common.model.entitlements.EntitlementsException;
+import org.opengroup.osdu.core.common.model.entitlements.Groups;
 import org.opengroup.osdu.core.common.model.http.AppException;
 import org.opengroup.osdu.core.common.model.http.DpsHeaders;
 import org.opengroup.osdu.partition.provider.interfaces.IAuthorizationService;
@@ -26,33 +33,31 @@ import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.annotation.RequestScope;

+@Slf4j
 @Component
 @RequestScope
+@RequiredArgsConstructor
 public class AuthorizationService implements IAuthorizationService {

-  private static final String PARTITION_ADMIN_ROLE = "service.partition.admin";
-
-  @Autowired
-  private IEntitlementsAndCacheService entitlementsAndCacheService;
-
-  @Autowired
-  private DpsHeaders headers;
-
-  @Override
-  public boolean isDomainAdminServiceAccount() {
-    try {
-      return hasRole(PARTITION_ADMIN_ROLE);
-    } catch (AppException e) {
-      throw e;
-    } catch (Exception e) {
-      throw new AppException(HttpStatus.INTERNAL_SERVER_ERROR.value(), "Authentication Failure",
-          e.getMessage(), e);
-    }
-  }
-
-  private boolean hasRole(String requiredRole) {
-    String user = this.entitlementsAndCacheService.authorize(headers, requiredRole);
-    this.headers.put(DpsHeaders.USER_EMAIL, user);
-    return true;
-  }
+	private static final String ERROR_REASON = "Access denied";
+	private static final String ERROR_MSG = "The user is not authorized to perform this action";
+
+	private static final String PARTITION_ADMIN_ROLE = "service.partition.admin";
+
+	private final DpsHeaders headers;
+
+    private final org.opengroup.osdu.core.common.provider.interfaces.IAuthorizationService authorizationService;
+
+	@Override
+	public boolean isDomainAdminServiceAccount() {
+		try {
+			authorizationService.authorizeAny(headers,PARTITION_ADMIN_ROLE);
+		} catch (AppException e) {
+			throw e;
+		} catch (Exception e) {
+			throw new AppException(HttpStatus.INTERNAL_SERVER_ERROR.value(), "Authentication Failure",
+				e.getMessage(), e);
+		}
+		return true;
+	}
 }
--- a/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/EntitlementsAndCacheServiceImpl.java
+++ b/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/EntitlementsAndCacheServiceImpl.java
-/*
-  Copyright 2002-2021 Google LLC
-  Copyright 2002-2021 EPAM Systems, Inc
-
-  Licensed under the Apache License, Version 2.0 (the "License");
-  you may not use this file except in compliance with the License.
-  You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
- */
-
-package org.opengroup.osdu.partition.provider.gcp.security;
-
-import java.util.List;
-import java.util.Set;
-import lombok.RequiredArgsConstructor;
-import org.apache.http.HttpStatus;
-import org.opengroup.osdu.core.common.cache.ICache;
-import org.opengroup.osdu.core.common.entitlements.IEntitlementsAndCacheService;
-import org.opengroup.osdu.core.common.entitlements.IEntitlementsFactory;
-import org.opengroup.osdu.core.common.entitlements.IEntitlementsService;
-import org.opengroup.osdu.core.common.http.HttpResponse;
-import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
-import org.opengroup.osdu.core.common.model.entitlements.EntitlementsException;
-import org.opengroup.osdu.core.common.model.entitlements.Groups;
-import org.opengroup.osdu.core.common.model.http.AppException;
-import org.opengroup.osdu.core.common.model.http.DpsHeaders;
-import org.opengroup.osdu.core.common.model.storage.RecordMetadata;
-import org.opengroup.osdu.core.common.util.Crc32c;
-import org.springframework.stereotype.Service;
-
-@Service
-@RequiredArgsConstructor
-public class EntitlementsAndCacheServiceImpl implements IEntitlementsAndCacheService {
-
-  private static final String ERROR_REASON = "Access denied";
-  private static final String ERROR_MSG = "The user is not authorized to perform this action";
-
-  private final IEntitlementsFactory factory;
-
-  private final ICache<String, Groups> cache;
-
-  private final JaxRsDpsLog logger;
-
-  @Override
-  public String authorize(DpsHeaders headers, String... roles) {
-    Groups groups = this.getGroups(headers);
-    if (groups.any(roles)) {
-      return groups.getDesId();
-    } else {
-      throw new AppException(HttpStatus.SC_UNAUTHORIZED, ERROR_REASON, ERROR_MSG);
-    }
-  }
-
-  @Override
-  public boolean isValidAcl(DpsHeaders headers, Set<String> acls) {
-    return false;
-  }
-
-  @Override
-  public boolean hasOwnerAccess(DpsHeaders headers, String[] ownerList) {
-    return false;
-  }
-
-  @Override
-  public List<RecordMetadata> hasValidAccess(List<RecordMetadata> recordsMetadata,
-      DpsHeaders headers) {
-    return null;
-  }
-
-  protected Groups getGroups(DpsHeaders headers) {
-    String cacheKey = getGroupCacheKey(headers);
-    Groups groups = this.cache.get(cacheKey);
-
-    if (groups == null) {
-      IEntitlementsService service = this.factory.create(headers);
-      try {
-        groups = service.getGroups();
-        this.cache.put(cacheKey, groups);
-        this.logger.info("Entitlements cache miss");
-
-      } catch (EntitlementsException e) {
-        HttpResponse response = e.getHttpResponse();
-        this.logger.error(String.format("Error requesting entitlements service %s", response));
-        throw new AppException(e.getHttpResponse().getResponseCode(), ERROR_REASON, ERROR_MSG, e);
-      }
-    }
-
-    return groups;
-  }
-
-  protected static String getGroupCacheKey(DpsHeaders headers) {
-    String key = String
-        .format("entitlement-groups:%s:%s", headers.getPartitionIdWithFallbackToAccountId(),
-            headers.getAuthorization());
-    return Crc32c.hashToBase64EncodedString(key);
-  }
-}