Refactor UserAuthoritiesResolver - to run in tenant context (#2756)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2025-10-14 17:28:57 +03:00
committed by GitHub
parent 04cd9fb30d
commit 6ad20252ba
4 changed files with 9 additions and 21 deletions

View File

@@ -18,11 +18,10 @@ import java.util.Collection;
public interface UserAuthoritiesResolver { public interface UserAuthoritiesResolver {
/** /**
* User authorities/roles lookup based on the tenant and the username * User authorities/roles lookup based on the username and the tenant context
* *
* @param tenant The tenant that this user belongs to
* @param username The username of the user * @param username The username of the user
* @return a {@link Collection} of authorities/roles for this user * @return a {@link Collection} of authorities/roles for this user
*/ */
Collection<String> getUserAuthorities(String tenant, String username); Collection<String> getUserAuthorities(String username);
} }

View File

@@ -141,7 +141,7 @@ public class TestConfiguration implements AsyncConfigurer {
@Bean @Bean
UserAuthoritiesResolver authoritiesResolver() { UserAuthoritiesResolver authoritiesResolver() {
return (tenant, username) -> Collections.emptyList(); return username -> Collections.emptyList();
} }
@Bean @Bean

View File

@@ -33,7 +33,7 @@ public class InMemoryUserAuthoritiesResolver implements UserAuthoritiesResolver
} }
@Override @Override
public Collection<String> getUserAuthorities(final String tenant, final String username) { public Collection<String> getUserAuthorities(final String username) {
// we can ignore the tenant here (no multi-tenancy by default) // we can ignore the tenant here (no multi-tenancy by default)
final Collection<String> authorities = usernamesToAuthorities.get(username); final Collection<String> authorities = usernamesToAuthorities.get(username);
if (authorities == null) { if (authorities == null) {

View File

@@ -66,8 +66,7 @@ public class SecurityContextTenantAware implements ContextAware {
* @param securityContextSerializer Serializer that is used to serialize / deserialize {@link SecurityContext}s. * @param securityContextSerializer Serializer that is used to serialize / deserialize {@link SecurityContext}s.
*/ */
public SecurityContextTenantAware( public SecurityContextTenantAware(
final UserAuthoritiesResolver authoritiesResolver, final UserAuthoritiesResolver authoritiesResolver, @Nullable final SecurityContextSerializer securityContextSerializer) {
@Nullable final SecurityContextSerializer securityContextSerializer) {
this(authoritiesResolver, securityContextSerializer, null); this(authoritiesResolver, securityContextSerializer, null);
} }
@@ -78,8 +77,7 @@ public class SecurityContextTenantAware implements ContextAware {
* @param securityContextSerializer Serializer that is used to serialize / deserialize {@link SecurityContext}s. * @param securityContextSerializer Serializer that is used to serialize / deserialize {@link SecurityContext}s.
*/ */
public SecurityContextTenantAware( public SecurityContextTenantAware(
final UserAuthoritiesResolver authoritiesResolver, final UserAuthoritiesResolver authoritiesResolver, @Nullable final SecurityContextSerializer securityContextSerializer,
@Nullable final SecurityContextSerializer securityContextSerializer,
@Nullable final TenantResolver tenantResolver) { @Nullable final TenantResolver tenantResolver) {
this.authoritiesResolver = authoritiesResolver; this.authoritiesResolver = authoritiesResolver;
this.securityContextSerializer = securityContextSerializer == null ? SecurityContextSerializer.NOP : securityContextSerializer; this.securityContextSerializer = securityContextSerializer == null ? SecurityContextSerializer.NOP : securityContextSerializer;
@@ -125,8 +123,9 @@ public class SecurityContextTenantAware implements ContextAware {
Objects.requireNonNull(tenant); Objects.requireNonNull(tenant);
Objects.requireNonNull(username); Objects.requireNonNull(username);
final List<SimpleGrantedAuthority> authorities = runAsSystem( final List<SimpleGrantedAuthority> authorities = runAsTenant(
() -> authoritiesResolver.getUserAuthorities(tenant, username).stream() tenant,
() -> authoritiesResolver.getUserAuthorities(username).stream()
.map(SimpleGrantedAuthority::new) .map(SimpleGrantedAuthority::new)
.toList()); .toList());
runInContext(buildUserSecurityContext(tenant, username, authorities), () -> { runInContext(buildUserSecurityContext(tenant, username, authorities), () -> {
@@ -164,16 +163,6 @@ public class SecurityContextTenantAware implements ContextAware {
} }
} }
private static <T> T runAsSystem(final Callable<T> callable) {
final SecurityContext currentContext = SecurityContextHolder.getContext();
SystemSecurityContext.setSystemContext(currentContext);
try {
return MdcHandler.getInstance().callWithAuthRE(callable);
} finally {
SecurityContextHolder.setContext(currentContext);
}
}
private static SecurityContext buildUserSecurityContext( private static SecurityContext buildUserSecurityContext(
final String tenant, final String username, final Collection<? extends GrantedAuthority> authorities) { final String tenant, final String username, final Collection<? extends GrantedAuthority> authorities) {
final SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); final SecurityContext securityContext = SecurityContextHolder.createEmptyContext();