• Home
• io.github.microcks
• microcks-app
• 1.5.1-fix-1
• source code
• AuthorizationChecker.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.github.microcks.security.AuthorizationChecker Maven / Gradle / Ivy

/*
 * Licensed to Laurent Broudoux (the "Author") under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. Author licenses this
 * file to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package io.github.microcks.security;

import io.github.microcks.domain.ImportJob;
import io.github.microcks.domain.Service;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.PropertySource;
import org.springframework.context.annotation.PropertySources;
import org.springframework.stereotype.Component;

import java.util.Arrays;

/**
 * A Spring component that holds security checking related utility methods.
 * @author laurent
 */
@Component
@PropertySources({
      @PropertySource("features.properties"),
      @PropertySource(value = "file:/deployments/config/features.properties", ignoreResourceNotFound = true),
      @PropertySource("application.properties"),
})
public class AuthorizationChecker {

   /** The Microcks user role name. */
   public static final String ROLE_USER = "user";
   /** The Microcks manager role name. */
   public static final String ROLE_MANAGER = "manager";
   /** The Microcks admin role name. */
   public static final String ROLE_ADMIN = "admin";

   /** The prefix used for Microcks groups name. */
   private static final String MICROCKS_GROUPS_PREFIX = "/microcks/";

   @Value("${keycloak.enabled}")
   private final Boolean authenticationEnabled = true;

   @Value("${features.feature.repository-tenancy.enabled}")
   private final Boolean authorizationEnabled = false;

   @Value("${features.feature.repository-filter.label-key}")
   private final String filterLabelKey = null;

   /**
    * Check if provided user is having a specific role at the global level.
    * @param userInfo The information representing user to check access for.
    * @param role The role the user should endorse.
    * @return True if authorized, false otherwise.
    */
   public boolean hasRole(UserInfo userInfo, String role) {
      if (authenticationEnabled) {
         return Arrays.stream(userInfo.getRoles()).anyMatch(role::equals);
      }
      return true;
   }

   /**
    * Check if provided user is having a specific role for given service.
    * @param userInfo The information representing user to check access for.
    * @param role The role the user should endorse.
    * @param service The service the user should be authorized with the role.
    * @return True if authorized, false otherwise.
    */
   public boolean hasRoleForService(UserInfo userInfo, String role, Service service) {
      if (authorizationEnabled && service.getMetadata().getLabels() != null) {
         // Build the full rolePath that is checked for group membership.
         String rolePath = MICROCKS_GROUPS_PREFIX + role + "/" + service.getMetadata().getLabels().get(filterLabelKey);
         boolean serviceRole = Arrays.stream(userInfo.getGroups()).anyMatch(rolePath::equals);
         return serviceRole || hasRole(userInfo, role);
      }
      // Default to global role endorsing.
      return hasRole(userInfo, role);
   }

   /**
    * Check if provided user is having a specific role for given import job.
    * @param userInfo The information representing user to check access for.
    * @param role The role the user should endorse.
    * @param job The import job the user should be authorized with the role.
    * @return True if authorized, false otherwise.
    */
   public boolean hasRoleForImportJob(UserInfo userInfo, String role, ImportJob job) {
      if (authorizationEnabled && job.getMetadata().getLabels() != null) {
         // Build the full rolePath that is checked for group membership.
         String rolePath = MICROCKS_GROUPS_PREFIX + role + "/" + job.getMetadata().getLabels().get(filterLabelKey);
         boolean jobRole = Arrays.stream(userInfo.getGroups()).anyMatch(rolePath::equals);
         return jobRole || hasRole(userInfo, role);
      }
      // Default to global role endorsing.
      return hasRole(userInfo, role);
   }
}