Skip to content

Commit

Permalink
Auth Health check process fixed
Browse files Browse the repository at this point in the history
  • Loading branch information
holashchand committed Apr 17, 2024
1 parent 1dca387 commit c702c17
Show file tree
Hide file tree
Showing 10 changed files with 50 additions and 39 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,9 @@

@Configuration
@EnableWebSecurity
@ConditionalOnProperty(name = "authentication.enabled",havingValue = "true",matchIfMissing = false)
@ConditionalOnProperty(name = "authentication.enabled", havingValue = "true", matchIfMissing = false)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Value("${authentication.enabled:true}")
boolean authenticationEnabled;

@Autowired
private OAuth2Configuration oAuth2Configuration;

Expand All @@ -33,29 +30,22 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
HttpSecurity httpConfig = http.csrf().disable();
if (authenticationEnabled) {
Map<String, AuthenticationManager> authenticationManagers = new HashMap<>();
this.oAuth2Configuration.getResources().forEach(issuer -> addManager(authenticationManagers, issuer));
httpConfig
.addFilterBefore(schemaAuthFilter, WebAsyncManagerIntegrationFilter.class)
.authorizeRequests(auth -> auth
.antMatchers("/**/invite", "/health", "/error",
"/_schemas/**", "/**/templates/**", "/**/*.json", "/**/verify",
"/swagger-ui", "/**/search", "/**/attestation/**",
"/api/docs/swagger.json", "/api/docs/*.json", "/plugin/**", "/swagger-ui.html")
.permitAll()
)
.authorizeRequests(auth -> auth
.anyRequest()
.authenticated())
.oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer
.authenticationManagerResolver(new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get)));
} else {
httpConfig.authorizeRequests(auth -> auth
.anyRequest()
.permitAll()
);
}
Map<String, AuthenticationManager> authenticationManagers = new HashMap<>();
this.oAuth2Configuration.getResources().forEach(issuer -> addManager(authenticationManagers, issuer));
httpConfig
.addFilterBefore(schemaAuthFilter, WebAsyncManagerIntegrationFilter.class)
.authorizeRequests(auth -> auth
.antMatchers("/**/invite", "/health", "/error",
"/_schemas/**", "/**/templates/**", "/**/*.json", "/**/verify",
"/swagger-ui", "/**/search", "/**/attestation/**",
"/api/docs/swagger.json", "/api/docs/*.json", "/plugin/**", "/swagger-ui.html")
.permitAll()
)
.authorizeRequests(auth -> auth
.anyRequest()
.authenticated())
.oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer
.authenticationManagerResolver(new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get)));

}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
import org.kie.api.runtime.KieContainer;
import org.kie.api.runtime.StatelessKieSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Service;
import dev.sunbirdrc.registry.identity_providers.pojos.IdentityManager;

Expand All @@ -19,24 +21,26 @@
public class RuleEngineService {
private final KieContainer kieContainer;
private final IdentityManager identityManager;
private final boolean authenticationEnabled;
private static final String PATH = "path";

@Autowired
public RuleEngineService(KieContainer kieContainer, IdentityManager identityManager) {
public RuleEngineService(KieContainer kieContainer,@Nullable IdentityManager identityManager, @Value("${authentication.enabled:true}") boolean authenticationEnabled) {
this.kieContainer = kieContainer;
this.identityManager = identityManager;
this.authenticationEnabled = authenticationEnabled;
}

public void doTransition(List<StateContext> stateContexts) {
StatelessKieSession kieSession = kieContainer.newStatelessKieSession();
kieSession.setGlobal("identityManager", identityManager);
if(authenticationEnabled) kieSession.setGlobal("identityManager", identityManager);
kieSession.setGlobal("ruleEngineService", this);
kieSession.execute(stateContexts);
}

public void doTransition(StateContext stateContext) {
StatelessKieSession kieSession = kieContainer.newStatelessKieSession();
kieSession.setGlobal("identityManager", identityManager);
if(authenticationEnabled) kieSession.setGlobal("identityManager", identityManager);
kieSession.setGlobal("ruleEngineService", this);
kieSession.execute(stateContext);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ public class StateContext {
private JsonPointer pointerFromMetadataNode;
private OwnershipsAttributes ownershipAttribute;
private Boolean loginEnabled;
private boolean authenticationEnabled;

@Builder.Default
private boolean revertSystemFields = false;
Expand Down Expand Up @@ -136,11 +137,19 @@ public boolean revertSystemFieldsChangedEnabled() {
return this.revertSystemFields;
}

public Boolean getLoginEnabled() {
public boolean getLoginEnabled() {
return loginEnabled;
}

public void setLoginEnabled(Boolean loginEnabled) {
this.loginEnabled = loginEnabled;
}

public boolean isAuthenticationEnabled() {
return this.authenticationEnabled;
}

public void setAuthenticationEnabled(Boolean authenticationEnabled) {
this.authenticationEnabled = authenticationEnabled;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ end

rule "Create entity owner for newly added owner fields"
when
stateDefinition:StateContext(isOwnershipProperty() && isOwnerNewlyAdded() && isLoginEnabled());
stateDefinition:StateContext(isAuthenticationEnabled() && isOwnershipProperty() && isOwnerNewlyAdded() && isLoginEnabled());
then
CreateUserRequest createUserRequest = new CreateUserRequest(stateDefinition.getEntityName(),
stateDefinition.getUpdated().get("userId").textValue(), stateDefinition.getUpdated().get("email").textValue(),
Expand All @@ -50,7 +50,7 @@ end

rule "Revert if any modification to ownership details"
when
stateDefinition:StateContext(isOwnershipProperty() && !isOwnerNewlyAdded() && isOwnershipDetailsUpdated());
stateDefinition:StateContext(isAuthenticationEnabled() && isOwnershipProperty() && !isOwnerNewlyAdded() && isOwnershipDetailsUpdated());
then
ruleEngineService.revertOwnershipDetails(stateDefinition);
end
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -469,6 +469,7 @@ public RegistryService registryService() {
// return auditService;
// }

@ConditionalOnProperty(name = "authentication.enabled", havingValue = "true", matchIfMissing = true)
@Bean
public IdentityManager identityManager() {
ServiceLoader<IdentityProvider> loader = ServiceLoader.load(IdentityProvider.class);
Expand Down
Empty file.
Original file line number Diff line number Diff line change
Expand Up @@ -52,14 +52,17 @@ public class EntityStateHelper {
private Boolean setDefaultPassword;
@Value("${identity.default_password}")
private String defaultPassword;
private final boolean authenticationEnabled;

@Autowired
public EntityStateHelper(IDefinitionsManager definitionsManager, RuleEngineService ruleEngineService,
ConditionResolverService conditionResolverService,@Nullable ClaimRequestClient claimRequestClient) {
ConditionResolverService conditionResolverService,@Nullable ClaimRequestClient claimRequestClient,
@Value("${authentication.enabled:true}") boolean authenticationEnabled) {
this.definitionsManager = definitionsManager;
this.ruleEngineService = ruleEngineService;
this.conditionResolverService = conditionResolverService;
this.claimRequestClient = claimRequestClient;
this.authenticationEnabled = authenticationEnabled;
}

JsonNode applyWorkflowTransitions(JsonNode existing, JsonNode updated, List<AttestationPolicy> attestationPolicies) throws IOException {
Expand Down Expand Up @@ -98,6 +101,7 @@ private void addSystemFieldsStateTransition(JsonNode existing, JsonNode modified
.metadataNode((ObjectNode) modified)
.revertSystemFields(true)
.loginEnabled(definitionsManager.getDefinition(entityName).getOsSchemaConfiguration().getEnableLogin())
.authenticationEnabled(authenticationEnabled)
.build();
allContexts.add(stateContext);
}
Expand All @@ -124,6 +128,7 @@ private void addOwnershipStateTransitions(JsonNode existing, String entityName,
.metadataNode((ObjectNode) modified.get(entityName))
.ownershipAttribute(ownershipAttribute)
.loginEnabled(definitionsManager.getDefinition(entityName).getOsSchemaConfiguration().getEnableLogin())
.authenticationEnabled(authenticationEnabled)
.build();
allContexts.add(stateContext);
}
Expand Down Expand Up @@ -173,6 +178,7 @@ private void addAttestationStateTransitions(JsonNode existing, String entityName
.metadataNode(metadataNodePointer.getFirst())
.pointerFromMetadataNode(metadataNodePointer.getSecond())
.loginEnabled(definitionsManager.getDefinition(entityName).getOsSchemaConfiguration().getEnableLogin())
.authenticationEnabled(authenticationEnabled)
.build();
allContexts.add(stateContext);
}
Expand All @@ -198,6 +204,7 @@ JsonNode manageState(AttestationPolicy policy, JsonNode root, String propertyURL
.metaData(metaData)
.metadataNode(metadataNodePointer.getFirst())
.pointerFromMetadataNode(metadataNodePointer.getSecond())
.authenticationEnabled(authenticationEnabled)
.build();
ruleEngineService.doTransition(stateContext);
return root;
Expand Down
2 changes: 1 addition & 1 deletion java/registry/src/main/resources/public/swagger-ui.html
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
window.onload = function() {
// Begin Swagger UI call region
const ui = SwaggerUIBundle({
url: "/api/docs/swagger.json",
url: window.location.pathname.split("/").slice(0, -1).join("/") + "/api/docs/swagger.json",
dom_id: '#swagger-ui',
deepLinking: true,
presets: [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,8 @@ public void initMocks() throws IOException {
}

private void runTest(JsonNode existing, JsonNode updated, JsonNode expected, List<AttestationPolicy> attestationPolicies) throws IOException {
RuleEngineService ruleEngineService = new RuleEngineService(kieContainer, identityManager);
EntityStateHelper entityStateHelper = new EntityStateHelper(definitionsManager, ruleEngineService, conditionResolverService, claimRequestClient);
RuleEngineService ruleEngineService = new RuleEngineService(kieContainer, identityManager, true);
EntityStateHelper entityStateHelper = new EntityStateHelper(definitionsManager, ruleEngineService, conditionResolverService, claimRequestClient, true);
ReflectionTestUtils.setField(entityStateHelper, "uuidPropertyName", "osid");
ReflectionTestUtils.setField(entityStateHelper, "setDefaultPassword", false);
updated = entityStateHelper.applyWorkflowTransitions(existing, updated, attestationPolicies);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -137,8 +137,8 @@ public void initMocks() {
registryHelper.setObjectMapper(objectMapper);
MockitoAnnotations.initMocks(this);
registryHelper.uuidPropertyName = "osid";
RuleEngineService ruleEngineService = new RuleEngineService(kieContainer, identityManager);
registryHelper.entityStateHelper = new EntityStateHelper(definitionsManager, ruleEngineService, conditionResolverService, claimRequestClient);
RuleEngineService ruleEngineService = new RuleEngineService(kieContainer, identityManager, true);
registryHelper.entityStateHelper = new EntityStateHelper(definitionsManager, ruleEngineService, conditionResolverService, claimRequestClient, true);
ReflectionTestUtils.setField(registryHelper.entityStateHelper, "setDefaultPassword", false);
registryHelper.setDefinitionsManager(definitionsManager);
registryHelper.setNotificationEnabled(true);
Expand Down

0 comments on commit c702c17

Please sign in to comment.