Merge pull request Sunbird-RC#269 from holashchand/auth-healthcheck-fix

Fixed auth health check when auth is disabled and Swagger api
holashchand · Jan 22, 2024 · cdf08c0 · cdf08c0
2 parents 0324f3c + c77ba37
commit cdf08c0
Show file tree

Hide file tree

Showing 10 changed files with 49 additions and 38 deletions.
diff --git a/...ware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java b/...ware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java
@@ -20,12 +20,9 @@
 
 @Configuration
 @EnableWebSecurity
-@ConditionalOnProperty(name = "authentication.enabled",havingValue = "true",matchIfMissing = false)
+@ConditionalOnProperty(name = "authentication.enabled", havingValue = "true", matchIfMissing = false)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Value("${authentication.enabled:true}")
-	boolean authenticationEnabled;
-
 	@Autowired
 	private OAuth2Configuration oAuth2Configuration;
 
@@ -35,29 +32,22 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		HttpSecurity httpConfig = http.csrf().disable();
-		if (authenticationEnabled) {
-			Map<String, AuthenticationManager> authenticationManagers = new HashMap<>();
-			this.oAuth2Configuration.getResources().forEach(issuer -> addManager(authenticationManagers, issuer));
-			httpConfig
-					.addFilterBefore(schemaAuthFilter, WebAsyncManagerIntegrationFilter.class)
-					.authorizeRequests(auth -> auth
-							.antMatchers("/**/invite", "/health", "/error",
-									"/_schemas/**", "/**/templates/**", "/**/*.json", "/**/verify",
-									"/swagger-ui", "/**/search", "/**/attestation/**",
-									"/api/docs/swagger.json", "/api/docs/*.json", "/plugin/**", "/swagger-ui.html")
-							.permitAll()
-					)
-					.authorizeRequests(auth -> auth
-							.anyRequest()
-							.authenticated())
-					.oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer
-							.authenticationManagerResolver(new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get)));
-		} else {
-			httpConfig.authorizeRequests(auth -> auth
-					.anyRequest()
-					.permitAll()
-			);
-		}
+		Map<String, AuthenticationManager> authenticationManagers = new HashMap<>();
+		this.oAuth2Configuration.getResources().forEach(issuer -> addManager(authenticationManagers, issuer));
+		httpConfig
+				.addFilterBefore(schemaAuthFilter, WebAsyncManagerIntegrationFilter.class)
+				.authorizeRequests(auth -> auth
+						.antMatchers("/**/invite", "/health", "/error",
+								"/_schemas/**", "/**/templates/**", "/**/*.json", "/**/verify",
+								"/swagger-ui", "/**/search", "/**/attestation/**",
+								"/api/docs/swagger.json", "/api/docs/*.json", "/plugin/**", "/swagger-ui.html")
+						.permitAll()
+				)
+				.authorizeRequests(auth -> auth
+						.anyRequest()
+						.authenticated())
+				.oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer
+						.authenticationManagerResolver(new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get)));
 
 	}
 

diff --git a/.../registry-middleware/workflow/src/main/java/dev/sunbirdrc/workflow/RuleEngineService.java b/.../registry-middleware/workflow/src/main/java/dev/sunbirdrc/workflow/RuleEngineService.java
@@ -8,6 +8,8 @@
 import org.kie.api.runtime.KieContainer;
 import org.kie.api.runtime.StatelessKieSession;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.lang.Nullable;
 import org.springframework.stereotype.Service;
 import dev.sunbirdrc.registry.identity_providers.pojos.IdentityManager;
 
@@ -19,24 +21,26 @@
 public class RuleEngineService {
     private final KieContainer kieContainer;
     private final IdentityManager identityManager;
+    private final boolean authenticationEnabled;
     private static final String PATH = "path";
 
     @Autowired
-    public RuleEngineService(KieContainer kieContainer, IdentityManager identityManager) {
+    public RuleEngineService(KieContainer kieContainer,@Nullable IdentityManager identityManager, @Value("${authentication.enabled:true}") boolean authenticationEnabled) {
         this.kieContainer = kieContainer;
         this.identityManager = identityManager;
+        this.authenticationEnabled = authenticationEnabled;
     }
 
     public void doTransition(List<StateContext> stateContexts) {
         StatelessKieSession kieSession = kieContainer.newStatelessKieSession();
-        kieSession.setGlobal("identityManager", identityManager);
+        if(authenticationEnabled) kieSession.setGlobal("identityManager", identityManager);
         kieSession.setGlobal("ruleEngineService", this);
         kieSession.execute(stateContexts);
     }
 
     public void doTransition(StateContext stateContext) {
         StatelessKieSession kieSession = kieContainer.newStatelessKieSession();
-        kieSession.setGlobal("identityManager", identityManager);
+        if(authenticationEnabled) kieSession.setGlobal("identityManager", identityManager);
         kieSession.setGlobal("ruleEngineService", this);
         kieSession.execute(stateContext);
     }

diff --git a/...eware/registry-middleware/workflow/src/main/java/dev/sunbirdrc/workflow/StateContext.java b/...eware/registry-middleware/workflow/src/main/java/dev/sunbirdrc/workflow/StateContext.java
@@ -36,6 +36,7 @@ public class StateContext {
     private JsonPointer pointerFromMetadataNode;
     private OwnershipsAttributes ownershipAttribute;
     private Boolean loginEnabled;
+    private boolean authenticationEnabled;
 
     @Builder.Default
     private boolean revertSystemFields = false;
@@ -143,4 +144,12 @@ public Boolean getLoginEnabled() {
     public void setLoginEnabled(Boolean loginEnabled) {
         this.loginEnabled = loginEnabled;
     }
+
+    public Boolean isAuthenticationEnabled() {
+        return this.authenticationEnabled;
+    }
+
+    public void setAuthenticationEnabled(Boolean authenticationEnabled) {
+        this.authenticationEnabled = authenticationEnabled;
+    }
 }
diff --git a/.../middleware/registry-middleware/workflow/src/main/resources/workflow/statetransitions.drl b/.../middleware/registry-middleware/workflow/src/main/resources/workflow/statetransitions.drl
@@ -39,7 +39,7 @@ end
 
 rule "Create entity owner for newly added owner fields"
     when
-        stateDefinition:StateContext(isOwnershipProperty() && isOwnerNewlyAdded() && isLoginEnabled());
+        stateDefinition:StateContext(isAuthenticationEnabled() && isOwnershipProperty() && isOwnerNewlyAdded() && isLoginEnabled());
     then
         CreateUserRequest createUserRequest = new CreateUserRequest(stateDefinition.getEntityName(),
         stateDefinition.getUpdated().get("userId").textValue(), stateDefinition.getUpdated().get("email").textValue(),
@@ -50,7 +50,7 @@ end
 
 rule "Revert if any modification to ownership details"
     when
-        stateDefinition:StateContext(isOwnershipProperty() && !isOwnerNewlyAdded() && isOwnershipDetailsUpdated());
+        stateDefinition:StateContext(isAuthenticationEnabled() && isOwnershipProperty() && !isOwnerNewlyAdded() && isOwnershipDetailsUpdated());
     then
         ruleEngineService.revertOwnershipDetails(stateDefinition);
 end

diff --git a/java/registry/src/main/java/dev/sunbirdrc/registry/config/GenericConfiguration.java b/java/registry/src/main/java/dev/sunbirdrc/registry/config/GenericConfiguration.java
@@ -469,6 +469,7 @@ public RegistryService registryService() {
 //		return auditService;
 //	}
 
+	@ConditionalOnProperty(name = "authentication.enabled", havingValue = "true", matchIfMissing = true)
 	@Bean
 	public IdentityManager identityManager() {
 		ServiceLoader<IdentityProvider> loader = ServiceLoader.load(IdentityProvider.class);

diff --git a/java/registry/src/main/java/dev/sunbirdrc/registry/config/SchemaFilter.java b/java/registry/src/main/java/dev/sunbirdrc/registry/config/SchemaFilter.java
diff --git a/java/registry/src/main/java/dev/sunbirdrc/registry/helper/EntityStateHelper.java b/java/registry/src/main/java/dev/sunbirdrc/registry/helper/EntityStateHelper.java
@@ -52,14 +52,17 @@ public class EntityStateHelper {
     private Boolean setDefaultPassword;
     @Value("${identity.default_password}")
     private String defaultPassword;
+    private final boolean authenticationEnabled;
 
     @Autowired
     public EntityStateHelper(IDefinitionsManager definitionsManager, RuleEngineService ruleEngineService,
-                             ConditionResolverService conditionResolverService,@Nullable ClaimRequestClient claimRequestClient) {
+                             ConditionResolverService conditionResolverService,@Nullable ClaimRequestClient claimRequestClient,
+                             @Value("${authentication.enabled:true}") boolean authenticationEnabled) {
         this.definitionsManager = definitionsManager;
         this.ruleEngineService = ruleEngineService;
         this.conditionResolverService = conditionResolverService;
         this.claimRequestClient = claimRequestClient;
+        this.authenticationEnabled = authenticationEnabled;
     }
 
     JsonNode applyWorkflowTransitions(JsonNode existing, JsonNode updated, List<AttestationPolicy> attestationPolicies) throws IOException {
@@ -98,6 +101,7 @@ private void addSystemFieldsStateTransition(JsonNode existing, JsonNode modified
                 .metadataNode((ObjectNode) modified)
                 .revertSystemFields(true)
                 .loginEnabled(definitionsManager.getDefinition(entityName).getOsSchemaConfiguration().getEnableLogin())
+                .authenticationEnabled(authenticationEnabled)
                 .build();
         allContexts.add(stateContext);
     }
@@ -124,6 +128,7 @@ private void addOwnershipStateTransitions(JsonNode existing, String entityName,
                     .metadataNode((ObjectNode) modified.get(entityName))
                     .ownershipAttribute(ownershipAttribute)
                     .loginEnabled(definitionsManager.getDefinition(entityName).getOsSchemaConfiguration().getEnableLogin())
+                    .authenticationEnabled(authenticationEnabled)
                     .build();
             allContexts.add(stateContext);
         }
@@ -173,6 +178,7 @@ private void addAttestationStateTransitions(JsonNode existing, String entityName
                         .metadataNode(metadataNodePointer.getFirst())
                         .pointerFromMetadataNode(metadataNodePointer.getSecond())
                         .loginEnabled(definitionsManager.getDefinition(entityName).getOsSchemaConfiguration().getEnableLogin())
+                        .authenticationEnabled(authenticationEnabled)
                         .build();
                 allContexts.add(stateContext);
             }
@@ -198,6 +204,7 @@ JsonNode manageState(AttestationPolicy policy, JsonNode root, String propertyURL
                 .metaData(metaData)
                 .metadataNode(metadataNodePointer.getFirst())
                 .pointerFromMetadataNode(metadataNodePointer.getSecond())
+                .authenticationEnabled(authenticationEnabled)
                 .build();
         ruleEngineService.doTransition(stateContext);
         return root;

diff --git a/java/registry/src/main/resources/public/swagger-ui.html b/java/registry/src/main/resources/public/swagger-ui.html
@@ -37,7 +37,7 @@
     window.onload = function() {
         // Begin Swagger UI call region
         const ui = SwaggerUIBundle({
-            url: "/api/docs/swagger.json",
+            url: window.location.pathname.split("/").slice(0, -1).join("/") + "/api/docs/swagger.json",
             dom_id: '#swagger-ui',
             deepLinking: true,
             presets: [

diff --git a/java/registry/src/test/java/dev/sunbirdrc/registry/helper/EntityStateHelperTest.java b/java/registry/src/test/java/dev/sunbirdrc/registry/helper/EntityStateHelperTest.java
@@ -82,8 +82,8 @@ public void initMocks() throws IOException {
     }
 
     private void runTest(JsonNode existing, JsonNode updated, JsonNode expected, List<AttestationPolicy> attestationPolicies) throws IOException {
-        RuleEngineService ruleEngineService = new RuleEngineService(kieContainer, identityManager);
-        EntityStateHelper entityStateHelper = new EntityStateHelper(definitionsManager, ruleEngineService, conditionResolverService, claimRequestClient);
+        RuleEngineService ruleEngineService = new RuleEngineService(kieContainer, identityManager, true);
+        EntityStateHelper entityStateHelper = new EntityStateHelper(definitionsManager, ruleEngineService, conditionResolverService, claimRequestClient, true);
         ReflectionTestUtils.setField(entityStateHelper, "uuidPropertyName", "osid");
         ReflectionTestUtils.setField(entityStateHelper, "setDefaultPassword", false);
         updated = entityStateHelper.applyWorkflowTransitions(existing, updated, attestationPolicies);

diff --git a/java/registry/src/test/java/dev/sunbirdrc/registry/helper/RegistryHelperTest.java b/java/registry/src/test/java/dev/sunbirdrc/registry/helper/RegistryHelperTest.java
@@ -137,8 +137,8 @@ public void initMocks() {
 		registryHelper.setObjectMapper(objectMapper);
 		MockitoAnnotations.initMocks(this);
 		registryHelper.uuidPropertyName = "osid";
-		RuleEngineService ruleEngineService = new RuleEngineService(kieContainer, identityManager);
-		registryHelper.entityStateHelper = new EntityStateHelper(definitionsManager, ruleEngineService, conditionResolverService, claimRequestClient);
+		RuleEngineService ruleEngineService = new RuleEngineService(kieContainer, identityManager, true);
+		registryHelper.entityStateHelper = new EntityStateHelper(definitionsManager, ruleEngineService, conditionResolverService, claimRequestClient, true);
 		ReflectionTestUtils.setField(registryHelper.entityStateHelper, "setDefaultPassword", false);
 		registryHelper.setDefinitionsManager(definitionsManager);
 		registryHelper.setNotificationEnabled(true);