Refactor UserAuthoritiesResolver - to run in tenant context (#2756)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -18,11 +18,10 @@ import java.util.Collection;
|
|||||||
public interface UserAuthoritiesResolver {
|
public interface UserAuthoritiesResolver {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* User authorities/roles lookup based on the tenant and the username
|
* User authorities/roles lookup based on the username and the tenant context
|
||||||
*
|
*
|
||||||
* @param tenant The tenant that this user belongs to
|
|
||||||
* @param username The username of the user
|
* @param username The username of the user
|
||||||
* @return a {@link Collection} of authorities/roles for this user
|
* @return a {@link Collection} of authorities/roles for this user
|
||||||
*/
|
*/
|
||||||
Collection<String> getUserAuthorities(String tenant, String username);
|
Collection<String> getUserAuthorities(String username);
|
||||||
}
|
}
|
||||||
@@ -141,7 +141,7 @@ public class TestConfiguration implements AsyncConfigurer {
|
|||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
UserAuthoritiesResolver authoritiesResolver() {
|
UserAuthoritiesResolver authoritiesResolver() {
|
||||||
return (tenant, username) -> Collections.emptyList();
|
return username -> Collections.emptyList();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|||||||
@@ -33,7 +33,7 @@ public class InMemoryUserAuthoritiesResolver implements UserAuthoritiesResolver
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Collection<String> getUserAuthorities(final String tenant, final String username) {
|
public Collection<String> getUserAuthorities(final String username) {
|
||||||
// we can ignore the tenant here (no multi-tenancy by default)
|
// we can ignore the tenant here (no multi-tenancy by default)
|
||||||
final Collection<String> authorities = usernamesToAuthorities.get(username);
|
final Collection<String> authorities = usernamesToAuthorities.get(username);
|
||||||
if (authorities == null) {
|
if (authorities == null) {
|
||||||
|
|||||||
@@ -66,8 +66,7 @@ public class SecurityContextTenantAware implements ContextAware {
|
|||||||
* @param securityContextSerializer Serializer that is used to serialize / deserialize {@link SecurityContext}s.
|
* @param securityContextSerializer Serializer that is used to serialize / deserialize {@link SecurityContext}s.
|
||||||
*/
|
*/
|
||||||
public SecurityContextTenantAware(
|
public SecurityContextTenantAware(
|
||||||
final UserAuthoritiesResolver authoritiesResolver,
|
final UserAuthoritiesResolver authoritiesResolver, @Nullable final SecurityContextSerializer securityContextSerializer) {
|
||||||
@Nullable final SecurityContextSerializer securityContextSerializer) {
|
|
||||||
this(authoritiesResolver, securityContextSerializer, null);
|
this(authoritiesResolver, securityContextSerializer, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -78,8 +77,7 @@ public class SecurityContextTenantAware implements ContextAware {
|
|||||||
* @param securityContextSerializer Serializer that is used to serialize / deserialize {@link SecurityContext}s.
|
* @param securityContextSerializer Serializer that is used to serialize / deserialize {@link SecurityContext}s.
|
||||||
*/
|
*/
|
||||||
public SecurityContextTenantAware(
|
public SecurityContextTenantAware(
|
||||||
final UserAuthoritiesResolver authoritiesResolver,
|
final UserAuthoritiesResolver authoritiesResolver, @Nullable final SecurityContextSerializer securityContextSerializer,
|
||||||
@Nullable final SecurityContextSerializer securityContextSerializer,
|
|
||||||
@Nullable final TenantResolver tenantResolver) {
|
@Nullable final TenantResolver tenantResolver) {
|
||||||
this.authoritiesResolver = authoritiesResolver;
|
this.authoritiesResolver = authoritiesResolver;
|
||||||
this.securityContextSerializer = securityContextSerializer == null ? SecurityContextSerializer.NOP : securityContextSerializer;
|
this.securityContextSerializer = securityContextSerializer == null ? SecurityContextSerializer.NOP : securityContextSerializer;
|
||||||
@@ -125,8 +123,9 @@ public class SecurityContextTenantAware implements ContextAware {
|
|||||||
Objects.requireNonNull(tenant);
|
Objects.requireNonNull(tenant);
|
||||||
Objects.requireNonNull(username);
|
Objects.requireNonNull(username);
|
||||||
|
|
||||||
final List<SimpleGrantedAuthority> authorities = runAsSystem(
|
final List<SimpleGrantedAuthority> authorities = runAsTenant(
|
||||||
() -> authoritiesResolver.getUserAuthorities(tenant, username).stream()
|
tenant,
|
||||||
|
() -> authoritiesResolver.getUserAuthorities(username).stream()
|
||||||
.map(SimpleGrantedAuthority::new)
|
.map(SimpleGrantedAuthority::new)
|
||||||
.toList());
|
.toList());
|
||||||
runInContext(buildUserSecurityContext(tenant, username, authorities), () -> {
|
runInContext(buildUserSecurityContext(tenant, username, authorities), () -> {
|
||||||
@@ -164,16 +163,6 @@ public class SecurityContextTenantAware implements ContextAware {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static <T> T runAsSystem(final Callable<T> callable) {
|
|
||||||
final SecurityContext currentContext = SecurityContextHolder.getContext();
|
|
||||||
SystemSecurityContext.setSystemContext(currentContext);
|
|
||||||
try {
|
|
||||||
return MdcHandler.getInstance().callWithAuthRE(callable);
|
|
||||||
} finally {
|
|
||||||
SecurityContextHolder.setContext(currentContext);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static SecurityContext buildUserSecurityContext(
|
private static SecurityContext buildUserSecurityContext(
|
||||||
final String tenant, final String username, final Collection<? extends GrantedAuthority> authorities) {
|
final String tenant, final String username, final Collection<? extends GrantedAuthority> authorities) {
|
||||||
final SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
|
final SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
|
||||||
|
|||||||
Reference in New Issue
Block a user