All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.camunda.operate.webapp.security.auth.OperateUserDetailsService Maven / Gradle / Ivy

There is a newer version: 8.7.0-alpha2
Show newest version
/*
 * Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH under
 * one or more contributor license agreements. See the NOTICE file distributed
 * with this work for additional information regarding copyright ownership.
 * Licensed under the Camunda License 1.0. You may not use this file
 * except in compliance with the Camunda License 1.0.
 */
package io.camunda.operate.webapp.security.auth;

import io.camunda.authentication.entity.CamundaUser;
import io.camunda.operate.OperateProfileService;
import io.camunda.operate.conditions.DatabaseInfo;
import io.camunda.operate.entities.UserEntity;
import io.camunda.operate.property.OperateProperties;
import io.camunda.operate.store.UserStore;
import io.camunda.operate.webapp.rest.exception.NotFoundException;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.context.annotation.Profile;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@Profile({
  "!"
      + OperateProfileService.LDAP_AUTH_PROFILE
      + " & !"
      + OperateProfileService.SSO_AUTH_PROFILE
      + " & !"
      + OperateProfileService.IDENTITY_AUTH_PROFILE
      + " & !"
      + OperateProfileService.AUTH_BASIC
})
/*
 * Required as primary for now due to a clashing bean in the always active Identity service classes.
 * In future versions this class will be removed and the Identity service will be used instead.
 */
@Primary
public class OperateUserDetailsService implements UserDetailsService {

  private static final Logger LOGGER = LoggerFactory.getLogger(OperateUserDetailsService.class);
  private static final String READ_ONLY_USER = "view";
  private static final String ACT_USERNAME = "act";
  private static final String ACT_PASSWORD = ACT_USERNAME;
  @Autowired private UserStore userStore;
  @Autowired private OperateProperties operateProperties;

  @Bean
  @Primary
  public PasswordEncoder getPasswordEncoder() {
    return PasswordEncoderFactories.createDelegatingPasswordEncoder();
  }

  public void initializeUsers() {
    if (needsToCreateUser()) {
      final String userId = operateProperties.getUserId();
      if (!userExists(userId)) {
        addUserWith(
            userId,
            operateProperties.getDisplayName(),
            operateProperties.getPassword(),
            operateProperties.getRoles());
      }
      if (!userExists(READ_ONLY_USER)) {
        addUserWith(READ_ONLY_USER, READ_ONLY_USER, READ_ONLY_USER, List.of(Role.USER.name()));
      }
      if (!userExists(ACT_USERNAME)) {
        addUserWith(ACT_USERNAME, ACT_USERNAME, ACT_PASSWORD, List.of(Role.OPERATOR.name()));
      }
    }
  }

  private boolean needsToCreateUser() {
    if (DatabaseInfo.isOpensearch()) {
      return operateProperties.getOpensearch().isCreateSchema();
    } else {
      return operateProperties.getElasticsearch().isCreateSchema();
    }
  }

  private OperateUserDetailsService addUserWith(
      final String userId,
      final String displayName,
      final String password,
      final List roles) {
    LOGGER.info("Create user in {} for userId {}", DatabaseInfo.getCurrent().getCode(), userId);
    final String passwordEncoded = getPasswordEncoder().encode(password);
    final UserEntity userEntity =
        new UserEntity()
            .setId(userId)
            .setUserId(userId)
            .setDisplayName(displayName)
            .setPassword(passwordEncoded)
            .setRoles(roles);
    userStore.save(userEntity);
    return this;
  }

  @Override
  public CamundaUser loadUserByUsername(final String userId) {
    try {
      final UserEntity userEntity = userStore.getById(userId);
      return new CamundaUser(
          userEntity.getDisplayName(),
          userEntity.getUserId(),
          userEntity.getPassword(),
          userEntity.getRoles());
    } catch (final NotFoundException e) {
      throw new UsernameNotFoundException(
          String.format("User with userId '%s' not found.", userId), e);
    }
  }

  private boolean userExists(final String userId) {
    try {
      return userStore.getById(userId) != null;
    } catch (final Exception t) {
      return false;
    }
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy