Skip to content

Commit

Permalink
Merge branch 'master' into feature/pdl-pip-api
Browse files Browse the repository at this point in the history
  • Loading branch information
@mrsladek
mrsladek authored Aug 19, 2024
2 parents 8df43ec + 3994da7 commit 3697832
Show file tree
Hide file tree
Showing 18 changed files with 131 additions and 163 deletions.
18 changes: 9 additions & 9 deletions .editorconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ ij_java_align_multiline_parameters_in_calls = false
ij_java_align_multiline_parenthesized_expression = false
ij_java_align_multiline_records = true
ij_java_align_multiline_resources = true
ij_java_align_multiline_ternary_operation = false
ij_java_align_multiline_ternary_operation = true
ij_java_align_multiline_text_blocks = false
ij_java_align_multiline_throws_list = false
ij_java_align_subsequent_simple_methods = false
Expand Down Expand Up @@ -74,7 +74,7 @@ ij_java_block_brace_style = end_of_line
ij_java_block_comment_at_first_column = true
ij_java_call_parameters_new_line_after_left_paren = false
ij_java_call_parameters_right_paren_on_new_line = false
ij_java_call_parameters_wrap = normal
ij_java_call_parameters_wrap = on_every_item
ij_java_case_statement_on_separate_line = true
ij_java_catch_on_new_line = false
ij_java_class_annotation_wrap = split_into_lines
Expand All @@ -87,7 +87,7 @@ ij_java_do_while_brace_force = always
ij_java_doc_add_blank_line_after_description = true
ij_java_doc_add_blank_line_after_param_comments = false
ij_java_doc_add_blank_line_after_return = false
ij_java_doc_add_p_tag_on_empty_lines = true
ij_java_doc_add_p_tag_on_empty_lines = false
ij_java_doc_align_exception_comments = true
ij_java_doc_align_param_comments = true
ij_java_doc_do_not_wrap_if_one_line = false
Expand Down Expand Up @@ -123,7 +123,7 @@ ij_java_for_statement_wrap = off
ij_java_generate_final_locals = false
ij_java_generate_final_parameters = false
ij_java_if_brace_force = always
ij_java_imports_layout = $*, |, java.**, |, javax.**, |, org.**, |, com.**, |, *, |
ij_java_imports_layout = $*, |, java.**, |, jakarta.**, |, javax.**, |, org.**, |, com.**, |, *, |
ij_java_indent_case_from_switch = true
ij_java_insert_inner_class_imports = false
ij_java_insert_override_annotation = true
Expand All @@ -134,7 +134,7 @@ ij_java_keep_blank_lines_in_declarations = 2
ij_java_keep_control_statement_in_one_line = false
ij_java_keep_first_column_comment = false
ij_java_keep_indents_on_empty_lines = false
ij_java_keep_line_breaks = false
ij_java_keep_line_breaks = true
ij_java_keep_multiple_expressions_in_one_line = false
ij_java_keep_simple_blocks_in_one_line = false
ij_java_keep_simple_classes_in_one_line = false
Expand All @@ -158,13 +158,13 @@ ij_java_modifier_list_wrap = false
ij_java_names_count_to_use_import_on_demand = 9999999
ij_java_new_line_after_lparen_in_record_header = false
ij_java_packages_to_use_import_on_demand = java.awt.*, javax.swing.*
ij_java_parameter_annotation_wrap = off
ij_java_parameter_annotation_wrap = on_every_item
ij_java_parentheses_expression_new_line_after_left_paren = false
ij_java_parentheses_expression_right_paren_on_new_line = false
ij_java_place_assignment_sign_on_next_line = false
ij_java_prefer_longer_names = true
ij_java_prefer_parameters_wrap = false
ij_java_record_components_wrap = normal
ij_java_record_components_wrap = on_every_item
ij_java_repeat_synchronized = true
ij_java_replace_instanceof_and_cast = false
ij_java_replace_null_check = true
Expand Down Expand Up @@ -256,8 +256,8 @@ ij_java_spaces_within_try_parentheses = false
ij_java_spaces_within_while_parentheses = false
ij_java_special_else_if_treatment = true
ij_java_subclass_name_suffix = Impl
ij_java_ternary_operation_signs_on_next_line = false
ij_java_ternary_operation_wrap = off
ij_java_ternary_operation_signs_on_next_line = true
ij_java_ternary_operation_wrap = on_every_item
ij_java_test_name_suffix = Test
ij_java_throws_keyword_wrap = off
ij_java_throws_list_wrap = off
Expand Down
4 changes: 3 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@ Inneholder følgende hovedmoduler
## Felles
* JPA / Database utilities: For å kunne dynamisk oppdage og sette sammen orm-mapping fra flere moduler. For å sette opp lokale transaksjoner uten eksternt JTA bibliotek
* Logging / Logback utilities : For å definere log meldinger på en strukturert måte, med feilmeldingskoder (avhenger av SLF4J + Logback)
* Sikkerhet : OIDC Login moduler. PEP/PDP biblioteker for ABAC tilgangskontroll.
* Auentisering og tokens : Tokenvalidering for innkommende kall + tokenproviders/veksling for utgående kall.
* Tilgangskontroll: PEP/PDP biblioteker for ABAC tilgangskontroll.
* Byggesteiner: En rekke mindre moduler - Json, Xml, etc.

## Integrasjoner

Expand Down
21 changes: 1 addition & 20 deletions ...auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ResourceInfo;
import jakarta.ws.rs.core.Cookie;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
import no.nav.vedtak.exception.TekniskException;
Expand All @@ -38,18 +37,12 @@ public class AuthenticationFilterDelegate {

private static final Logger LOG = LoggerFactory.getLogger(AuthenticationFilterDelegate.class);

private static final String ID_TOKEN_COOKIE_NAME = "ID_token";
private static final String AUTHORIZATION_HEADER = HttpHeaders.AUTHORIZATION;

private AuthenticationFilterDelegate() {
}


public static void validerSettKontekst(ResourceInfo resourceInfo, ContainerRequestContext ctx) {
validerSettKontekst(resourceInfo, ctx, null);
}

public static void validerSettKontekst(ResourceInfo resourceInfo, ContainerRequestContext ctx, String cookiePath) {
try {
Method method = resourceInfo.getResourceMethod();
var utenAutentiseringRessurs = method.getAnnotation(UtenAutentisering.class);
Expand All @@ -66,7 +59,7 @@ public static void validerSettKontekst(ResourceInfo resourceInfo, ContainerReque
KontekstHolder.setKontekst(BasisKontekst.ikkeAutentisertRequest(MDCOperations.getConsumerId()));
LOG.trace("{} er whitelisted", metodenavn);
} else {
var tokenString = getToken(ctx, cookiePath)
var tokenString = getTokenFromHeader(ctx)
.orElseThrow(() -> new ValideringsFeil("Mangler token"));
validerTokenSetKontekst(tokenString);
setUserAndConsumerId(KontekstHolder.getKontekst().getUid());
Expand Down Expand Up @@ -104,25 +97,13 @@ private static void setUserAndConsumerId(String subject) {
}
}

private static Optional<TokenString> getToken(ContainerRequestContext request, String cookiePath) {
return getTokenFromHeader(request).or(() -> getCookieToken(request, cookiePath));
}

private static Optional<TokenString> getTokenFromHeader(ContainerRequestContext request) {
String headerValue = request.getHeaderString(AUTHORIZATION_HEADER);
return headerValue != null && headerValue.startsWith(OpenIDToken.OIDC_DEFAULT_TOKEN_TYPE)
? Optional.of(new TokenString(headerValue.substring(OpenIDToken.OIDC_DEFAULT_TOKEN_TYPE.length())))
: Optional.empty();
}

private static Optional<TokenString> getCookieToken(ContainerRequestContext request, String cookiePath) {
var idTokenCookie = Optional.ofNullable(request.getCookies()).map(c -> c.get(ID_TOKEN_COOKIE_NAME));
return idTokenCookie.filter(c -> cookiePath != null && cookiePath.equalsIgnoreCase(c.getPath()))
.or(() -> idTokenCookie)
.map(Cookie::getValue)
.map(TokenString::new);
}

public static void validerTokenSetKontekst(TokenString tokenString) {
// Sett opp OpenIDToken
var claims = JwtUtil.getClaims(tokenString.token());
Expand Down
19 changes: 19 additions & 0 deletions felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/TillatSTS.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
package no.nav.vedtak.sikkerhet.jaxrs;

import jakarta.ws.rs.NameBinding;

import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/*
* Brukes i en overgangsfase for å annotere noen få endepunkt som skal tillate innkommende kall med STS
*/
@Inherited
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.TYPE})
@NameBinding
public @interface TillatSTS {
}
2 changes: 1 addition & 1 deletion felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/UtenAutentisering.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
*/
@Inherited
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD})
@Target({ElementType.METHOD, ElementType.TYPE})
@NameBinding
public @interface UtenAutentisering {
}
38 changes: 16 additions & 22 deletions ...-filter/src/test/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegateTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,25 +5,24 @@
import static org.mockito.Mockito.when;

import java.lang.reflect.Method;
import java.util.Map;
import java.util.Arrays;

import jakarta.ws.rs.Path;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ResourceInfo;

import org.jose4j.json.JsonUtil;
import org.jose4j.jwt.NumericDate;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

import jakarta.ws.rs.Path;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ResourceInfo;
import no.nav.vedtak.sikkerhet.kontekst.IdentType;
import no.nav.vedtak.sikkerhet.kontekst.KontekstHolder;
import no.nav.vedtak.sikkerhet.kontekst.SikkerhetContext;
import no.nav.vedtak.sikkerhet.oidc.config.AzureProperty;
import no.nav.vedtak.sikkerhet.oidc.config.OpenIDProvider;
import no.nav.vedtak.sikkerhet.oidc.config.impl.WellKnownConfigurationHelper;
import no.nav.vedtak.sikkerhet.oidc.token.OpenIDToken;
import no.nav.vedtak.sikkerhet.oidc.token.TokenString;
import no.nav.vedtak.sikkerhet.oidc.validator.OidcTokenValidator;
Expand All @@ -32,40 +31,35 @@

class AuthenticationFilterDelegateTest {

private static final String SYSTEMBRUKER_PROP = "systembruker.username";

private final OidcTokenValidator tokenValidator = Mockito.mock(OidcTokenValidator.class);

private final ContainerRequestContext request = Mockito.mock(ContainerRequestContext.class);

public void setupAll() {

System.setProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name(),
OidcTokenGenerator.ISSUER + "/" + WellKnownConfigurationHelper.STANDARD_WELL_KNOWN_PATH);
var wellKnownUrl = OidcTokenGenerator.ISSUER + "/dummy";
System.setProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name(), wellKnownUrl);
System.setProperty(AzureProperty.AZURE_APP_CLIENT_ID.name(), "OIDC");
System.setProperty(AzureProperty.AZURE_APP_CLIENT_SECRET.name(), "dummy");
System.setProperty(AzureProperty.AZURE_OPENID_CONFIG_ISSUER.name(), OidcTokenGenerator.ISSUER);
System.setProperty(AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI.name(), OidcTokenGenerator.ISSUER + "/jwks_uri");
System.setProperty("systembruker.username", "JUnit Test");
System.setProperty(AzureProperty.AZURE_OPENID_CONFIG_TOKEN_ENDPOINT.name(), "dummy");

System.setProperty(SYSTEMBRUKER_PROP, "JUnit Test");

Map<String, String> testData = Map.of("issuer", OidcTokenGenerator.ISSUER, AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI.name(),
OidcTokenGenerator.ISSUER + "/jwks_uri");
WellKnownConfigurationHelper.setWellKnownConfig(OidcTokenGenerator.ISSUER + "/" + WellKnownConfigurationHelper.STANDARD_WELL_KNOWN_PATH,
JsonUtil.toJson(testData));
OidcTokenValidatorConfig.addValidator(OpenIDProvider.AZUREAD, tokenValidator);
}

@BeforeEach
public void setUp() {
WellKnownConfigurationHelper.unsetWellKnownConfig();
setupAll();
}

@AfterEach
public void teardown() {
System.clearProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name());
System.clearProperty(AzureProperty.AZURE_APP_CLIENT_ID.name());
System.clearProperty(AzureProperty.AZURE_OPENID_CONFIG_ISSUER.name());
System.clearProperty(AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI.name());
System.clearProperty("systembruker.username");

Arrays.asList(AzureProperty.values()).forEach(p -> System.clearProperty(p.name()));
System.clearProperty(SYSTEMBRUKER_PROP);
}

@Test
Expand Down
4 changes: 2 additions & 2 deletions felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/AzureProperty.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ public enum AzureProperty {
AZURE_APP_JWK,
AZURE_APP_PRE_AUTHORIZED_APPS,
AZURE_APP_TENANT_ID,
AZURE_APP_WELL_KNOWN_URL,
AZURE_OPENID_CONFIG_ISSUER,
AZURE_OPENID_CONFIG_JWKS_URI,
AZURE_OPENID_CONFIG_TOKEN_ENDPOINT;
AZURE_OPENID_CONFIG_TOKEN_ENDPOINT,
AZURE_APP_WELL_KNOWN_URL;

public static final String NAV_IDENT = "NAVident";
public static final String AZP_NAME = "azp_name";
Expand Down
11 changes: 9 additions & 2 deletions felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/OpenIDConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,15 @@

import java.net.URI;

public record OpenIDConfiguration(OpenIDProvider type, URI issuer, URI jwksUri, URI tokenEndpoint, boolean useProxyForJwks, URI proxy,
String clientId, String clientSecret, boolean skipAudienceValidation) {
public record OpenIDConfiguration(OpenIDProvider type,
URI issuer,
URI jwksUri,
URI tokenEndpoint,
boolean useProxyForJwks,
URI proxy,
String clientId,
String clientSecret,
boolean skipAudienceValidation) {
@Override
public String toString() {
return "OpenIDConfiguration{" + "type=" + type + ", clientId='" + clientId + ", issuer=" + issuer + '}';
Expand Down
1 change: 0 additions & 1 deletion felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/TokenXProperty.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,4 @@ public enum TokenXProperty {
TOKEN_X_ISSUER,
TOKEN_X_JWKS_URI,
TOKEN_X_TOKEN_ENDPOINT;

}
Loading

0 comments on commit 3697832

Please sign in to comment.