From c702c17c819fba433230cef2dd2f4c479b678b66 Mon Sep 17 00:00:00 2001 From: Holash Chand Date: Wed, 17 Apr 2024 14:40:01 +0530 Subject: [PATCH] Auth Health check process fixed --- .../authorization/SecurityConfig.java | 44 +++++++------------ .../sunbirdrc/workflow/RuleEngineService.java | 10 +++-- .../dev/sunbirdrc/workflow/StateContext.java | 11 ++++- .../resources/workflow/statetransitions.drl | 4 +- .../registry/config/GenericConfiguration.java | 1 + .../registry/config/SchemaFilter.java | 0 .../registry/helper/EntityStateHelper.java | 9 +++- .../src/main/resources/public/swagger-ui.html | 2 +- .../helper/EntityStateHelperTest.java | 4 +- .../registry/helper/RegistryHelperTest.java | 4 +- 10 files changed, 50 insertions(+), 39 deletions(-) delete mode 100644 java/registry/src/main/java/dev/sunbirdrc/registry/config/SchemaFilter.java diff --git a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java index 3a86b5248..f456072fb 100644 --- a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java +++ b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java @@ -18,12 +18,9 @@ @Configuration @EnableWebSecurity -@ConditionalOnProperty(name = "authentication.enabled",havingValue = "true",matchIfMissing = false) +@ConditionalOnProperty(name = "authentication.enabled", havingValue = "true", matchIfMissing = false) public class SecurityConfig extends WebSecurityConfigurerAdapter { - @Value("${authentication.enabled:true}") - boolean authenticationEnabled; - @Autowired private OAuth2Configuration oAuth2Configuration; @@ -33,29 +30,22 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { HttpSecurity httpConfig = http.csrf().disable(); - if (authenticationEnabled) { - Map authenticationManagers = new HashMap<>(); - this.oAuth2Configuration.getResources().forEach(issuer -> addManager(authenticationManagers, issuer)); - httpConfig - .addFilterBefore(schemaAuthFilter, WebAsyncManagerIntegrationFilter.class) - .authorizeRequests(auth -> auth - .antMatchers("/**/invite", "/health", "/error", - "/_schemas/**", "/**/templates/**", "/**/*.json", "/**/verify", - "/swagger-ui", "/**/search", "/**/attestation/**", - "/api/docs/swagger.json", "/api/docs/*.json", "/plugin/**", "/swagger-ui.html") - .permitAll() - ) - .authorizeRequests(auth -> auth - .anyRequest() - .authenticated()) - .oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer - .authenticationManagerResolver(new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get))); - } else { - httpConfig.authorizeRequests(auth -> auth - .anyRequest() - .permitAll() - ); - } + Map authenticationManagers = new HashMap<>(); + this.oAuth2Configuration.getResources().forEach(issuer -> addManager(authenticationManagers, issuer)); + httpConfig + .addFilterBefore(schemaAuthFilter, WebAsyncManagerIntegrationFilter.class) + .authorizeRequests(auth -> auth + .antMatchers("/**/invite", "/health", "/error", + "/_schemas/**", "/**/templates/**", "/**/*.json", "/**/verify", + "/swagger-ui", "/**/search", "/**/attestation/**", + "/api/docs/swagger.json", "/api/docs/*.json", "/plugin/**", "/swagger-ui.html") + .permitAll() + ) + .authorizeRequests(auth -> auth + .anyRequest() + .authenticated()) + .oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer + .authenticationManagerResolver(new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get))); } diff --git a/java/middleware/registry-middleware/workflow/src/main/java/dev/sunbirdrc/workflow/RuleEngineService.java b/java/middleware/registry-middleware/workflow/src/main/java/dev/sunbirdrc/workflow/RuleEngineService.java index 23a1c2e3e..6e9de478c 100644 --- a/java/middleware/registry-middleware/workflow/src/main/java/dev/sunbirdrc/workflow/RuleEngineService.java +++ b/java/middleware/registry-middleware/workflow/src/main/java/dev/sunbirdrc/workflow/RuleEngineService.java @@ -8,6 +8,8 @@ import org.kie.api.runtime.KieContainer; import org.kie.api.runtime.StatelessKieSession; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.lang.Nullable; import org.springframework.stereotype.Service; import dev.sunbirdrc.registry.identity_providers.pojos.IdentityManager; @@ -19,24 +21,26 @@ public class RuleEngineService { private final KieContainer kieContainer; private final IdentityManager identityManager; + private final boolean authenticationEnabled; private static final String PATH = "path"; @Autowired - public RuleEngineService(KieContainer kieContainer, IdentityManager identityManager) { + public RuleEngineService(KieContainer kieContainer,@Nullable IdentityManager identityManager, @Value("${authentication.enabled:true}") boolean authenticationEnabled) { this.kieContainer = kieContainer; this.identityManager = identityManager; + this.authenticationEnabled = authenticationEnabled; } public void doTransition(List stateContexts) { StatelessKieSession kieSession = kieContainer.newStatelessKieSession(); - kieSession.setGlobal("identityManager", identityManager); + if(authenticationEnabled) kieSession.setGlobal("identityManager", identityManager); kieSession.setGlobal("ruleEngineService", this); kieSession.execute(stateContexts); } public void doTransition(StateContext stateContext) { StatelessKieSession kieSession = kieContainer.newStatelessKieSession(); - kieSession.setGlobal("identityManager", identityManager); + if(authenticationEnabled) kieSession.setGlobal("identityManager", identityManager); kieSession.setGlobal("ruleEngineService", this); kieSession.execute(stateContext); } diff --git a/java/middleware/registry-middleware/workflow/src/main/java/dev/sunbirdrc/workflow/StateContext.java b/java/middleware/registry-middleware/workflow/src/main/java/dev/sunbirdrc/workflow/StateContext.java index eed8432d6..c153a02f1 100644 --- a/java/middleware/registry-middleware/workflow/src/main/java/dev/sunbirdrc/workflow/StateContext.java +++ b/java/middleware/registry-middleware/workflow/src/main/java/dev/sunbirdrc/workflow/StateContext.java @@ -36,6 +36,7 @@ public class StateContext { private JsonPointer pointerFromMetadataNode; private OwnershipsAttributes ownershipAttribute; private Boolean loginEnabled; + private boolean authenticationEnabled; @Builder.Default private boolean revertSystemFields = false; @@ -136,11 +137,19 @@ public boolean revertSystemFieldsChangedEnabled() { return this.revertSystemFields; } - public Boolean getLoginEnabled() { + public boolean getLoginEnabled() { return loginEnabled; } public void setLoginEnabled(Boolean loginEnabled) { this.loginEnabled = loginEnabled; } + + public boolean isAuthenticationEnabled() { + return this.authenticationEnabled; + } + + public void setAuthenticationEnabled(Boolean authenticationEnabled) { + this.authenticationEnabled = authenticationEnabled; + } } diff --git a/java/middleware/registry-middleware/workflow/src/main/resources/workflow/statetransitions.drl b/java/middleware/registry-middleware/workflow/src/main/resources/workflow/statetransitions.drl index 98a9237b6..c17cc9361 100644 --- a/java/middleware/registry-middleware/workflow/src/main/resources/workflow/statetransitions.drl +++ b/java/middleware/registry-middleware/workflow/src/main/resources/workflow/statetransitions.drl @@ -39,7 +39,7 @@ end rule "Create entity owner for newly added owner fields" when - stateDefinition:StateContext(isOwnershipProperty() && isOwnerNewlyAdded() && isLoginEnabled()); + stateDefinition:StateContext(isAuthenticationEnabled() && isOwnershipProperty() && isOwnerNewlyAdded() && isLoginEnabled()); then CreateUserRequest createUserRequest = new CreateUserRequest(stateDefinition.getEntityName(), stateDefinition.getUpdated().get("userId").textValue(), stateDefinition.getUpdated().get("email").textValue(), @@ -50,7 +50,7 @@ end rule "Revert if any modification to ownership details" when - stateDefinition:StateContext(isOwnershipProperty() && !isOwnerNewlyAdded() && isOwnershipDetailsUpdated()); + stateDefinition:StateContext(isAuthenticationEnabled() && isOwnershipProperty() && !isOwnerNewlyAdded() && isOwnershipDetailsUpdated()); then ruleEngineService.revertOwnershipDetails(stateDefinition); end diff --git a/java/registry/src/main/java/dev/sunbirdrc/registry/config/GenericConfiguration.java b/java/registry/src/main/java/dev/sunbirdrc/registry/config/GenericConfiguration.java index fb48adcc5..1af013954 100644 --- a/java/registry/src/main/java/dev/sunbirdrc/registry/config/GenericConfiguration.java +++ b/java/registry/src/main/java/dev/sunbirdrc/registry/config/GenericConfiguration.java @@ -469,6 +469,7 @@ public RegistryService registryService() { // return auditService; // } + @ConditionalOnProperty(name = "authentication.enabled", havingValue = "true", matchIfMissing = true) @Bean public IdentityManager identityManager() { ServiceLoader loader = ServiceLoader.load(IdentityProvider.class); diff --git a/java/registry/src/main/java/dev/sunbirdrc/registry/config/SchemaFilter.java b/java/registry/src/main/java/dev/sunbirdrc/registry/config/SchemaFilter.java deleted file mode 100644 index e69de29bb..000000000 diff --git a/java/registry/src/main/java/dev/sunbirdrc/registry/helper/EntityStateHelper.java b/java/registry/src/main/java/dev/sunbirdrc/registry/helper/EntityStateHelper.java index 08b3cdfdd..67f5fc53b 100644 --- a/java/registry/src/main/java/dev/sunbirdrc/registry/helper/EntityStateHelper.java +++ b/java/registry/src/main/java/dev/sunbirdrc/registry/helper/EntityStateHelper.java @@ -52,14 +52,17 @@ public class EntityStateHelper { private Boolean setDefaultPassword; @Value("${identity.default_password}") private String defaultPassword; + private final boolean authenticationEnabled; @Autowired public EntityStateHelper(IDefinitionsManager definitionsManager, RuleEngineService ruleEngineService, - ConditionResolverService conditionResolverService,@Nullable ClaimRequestClient claimRequestClient) { + ConditionResolverService conditionResolverService,@Nullable ClaimRequestClient claimRequestClient, + @Value("${authentication.enabled:true}") boolean authenticationEnabled) { this.definitionsManager = definitionsManager; this.ruleEngineService = ruleEngineService; this.conditionResolverService = conditionResolverService; this.claimRequestClient = claimRequestClient; + this.authenticationEnabled = authenticationEnabled; } JsonNode applyWorkflowTransitions(JsonNode existing, JsonNode updated, List attestationPolicies) throws IOException { @@ -98,6 +101,7 @@ private void addSystemFieldsStateTransition(JsonNode existing, JsonNode modified .metadataNode((ObjectNode) modified) .revertSystemFields(true) .loginEnabled(definitionsManager.getDefinition(entityName).getOsSchemaConfiguration().getEnableLogin()) + .authenticationEnabled(authenticationEnabled) .build(); allContexts.add(stateContext); } @@ -124,6 +128,7 @@ private void addOwnershipStateTransitions(JsonNode existing, String entityName, .metadataNode((ObjectNode) modified.get(entityName)) .ownershipAttribute(ownershipAttribute) .loginEnabled(definitionsManager.getDefinition(entityName).getOsSchemaConfiguration().getEnableLogin()) + .authenticationEnabled(authenticationEnabled) .build(); allContexts.add(stateContext); } @@ -173,6 +178,7 @@ private void addAttestationStateTransitions(JsonNode existing, String entityName .metadataNode(metadataNodePointer.getFirst()) .pointerFromMetadataNode(metadataNodePointer.getSecond()) .loginEnabled(definitionsManager.getDefinition(entityName).getOsSchemaConfiguration().getEnableLogin()) + .authenticationEnabled(authenticationEnabled) .build(); allContexts.add(stateContext); } @@ -198,6 +204,7 @@ JsonNode manageState(AttestationPolicy policy, JsonNode root, String propertyURL .metaData(metaData) .metadataNode(metadataNodePointer.getFirst()) .pointerFromMetadataNode(metadataNodePointer.getSecond()) + .authenticationEnabled(authenticationEnabled) .build(); ruleEngineService.doTransition(stateContext); return root; diff --git a/java/registry/src/main/resources/public/swagger-ui.html b/java/registry/src/main/resources/public/swagger-ui.html index b0c75ddb9..62708fc27 100644 --- a/java/registry/src/main/resources/public/swagger-ui.html +++ b/java/registry/src/main/resources/public/swagger-ui.html @@ -37,7 +37,7 @@ window.onload = function() { // Begin Swagger UI call region const ui = SwaggerUIBundle({ - url: "/api/docs/swagger.json", + url: window.location.pathname.split("/").slice(0, -1).join("/") + "/api/docs/swagger.json", dom_id: '#swagger-ui', deepLinking: true, presets: [ diff --git a/java/registry/src/test/java/dev/sunbirdrc/registry/helper/EntityStateHelperTest.java b/java/registry/src/test/java/dev/sunbirdrc/registry/helper/EntityStateHelperTest.java index b35962812..1ae62bd69 100644 --- a/java/registry/src/test/java/dev/sunbirdrc/registry/helper/EntityStateHelperTest.java +++ b/java/registry/src/test/java/dev/sunbirdrc/registry/helper/EntityStateHelperTest.java @@ -82,8 +82,8 @@ public void initMocks() throws IOException { } private void runTest(JsonNode existing, JsonNode updated, JsonNode expected, List attestationPolicies) throws IOException { - RuleEngineService ruleEngineService = new RuleEngineService(kieContainer, identityManager); - EntityStateHelper entityStateHelper = new EntityStateHelper(definitionsManager, ruleEngineService, conditionResolverService, claimRequestClient); + RuleEngineService ruleEngineService = new RuleEngineService(kieContainer, identityManager, true); + EntityStateHelper entityStateHelper = new EntityStateHelper(definitionsManager, ruleEngineService, conditionResolverService, claimRequestClient, true); ReflectionTestUtils.setField(entityStateHelper, "uuidPropertyName", "osid"); ReflectionTestUtils.setField(entityStateHelper, "setDefaultPassword", false); updated = entityStateHelper.applyWorkflowTransitions(existing, updated, attestationPolicies); diff --git a/java/registry/src/test/java/dev/sunbirdrc/registry/helper/RegistryHelperTest.java b/java/registry/src/test/java/dev/sunbirdrc/registry/helper/RegistryHelperTest.java index 570a542b3..e02c13e9e 100644 --- a/java/registry/src/test/java/dev/sunbirdrc/registry/helper/RegistryHelperTest.java +++ b/java/registry/src/test/java/dev/sunbirdrc/registry/helper/RegistryHelperTest.java @@ -137,8 +137,8 @@ public void initMocks() { registryHelper.setObjectMapper(objectMapper); MockitoAnnotations.initMocks(this); registryHelper.uuidPropertyName = "osid"; - RuleEngineService ruleEngineService = new RuleEngineService(kieContainer, identityManager); - registryHelper.entityStateHelper = new EntityStateHelper(definitionsManager, ruleEngineService, conditionResolverService, claimRequestClient); + RuleEngineService ruleEngineService = new RuleEngineService(kieContainer, identityManager, true); + registryHelper.entityStateHelper = new EntityStateHelper(definitionsManager, ruleEngineService, conditionResolverService, claimRequestClient, true); ReflectionTestUtils.setField(registryHelper.entityStateHelper, "setDefaultPassword", false); registryHelper.setDefinitionsManager(definitionsManager); registryHelper.setNotificationEnabled(true);