Add UUID Token AuthenticationProvider

src/main/java/org/cbioportal/security/token/config/DataAccessTokenConfig.java

@@ -1,8 +1,12 @@
 package org.cbioportal.security.token.config;
 
+import org.cbioportal.persistence.SecurityRepository;
+import org.cbioportal.security.UuidBearerTokenAuthenticationFilter;
 import org.cbioportal.security.token.oauth2.OAuth2DataAccessTokenServiceImpl;
 import org.cbioportal.security.token.oauth2.OAuth2TokenAuthenticationProvider;
+import org.cbioportal.security.token.uuid.UuidTokenAuthenticationProvider;
 import org.cbioportal.service.impl.UnauthDataAccessTokenServiceImpl;
+import org.cbioportal.service.impl.UuidDataAccessTokenServiceImpl;
 import org.cbioportal.utils.config.annotation.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -11,6 +15,7 @@
 @ConditionalOnProperty(name = "dat.method", havingValue = {"", "none"}, isNot = true)
 public class DataAccessTokenConfig {
 
+
     // provider
     @Bean("tokenAuthenticationProvider")
     @ConditionalOnProperty(name = "dat.method", havingValue = "oauth2")
@@ -19,11 +24,11 @@ public OAuth2TokenAuthenticationProvider oauth2TokenAuthenticationProvider() {
     }
 
     // TODO - implement uuid and jwt providers
-//    @Bean("tokenAuthenticationProvider")
-//    @ConditionalOnProperty(name = "dat.method", havingValue = "oauth2", isNot = true)
-//    public TokenUserDetailsAuthenticationProvider userDetailsTokenAuthenticationProvider() {
-//        return new TokenUserDetailsAuthenticationProvider(tokenUserDetailsService());
-//    }
+    @Bean("tokenAuthenticationProvider")
+    @ConditionalOnProperty(name = "dat.method", havingValue = "uuid")
+    public UuidTokenAuthenticationProvider uuidTokenAuthenticationProvider(SecurityRepository repository) {
+        return new UuidTokenAuthenticationProvider(repository);
+    }
 
 //    @Bean
 //    @ConditionalOnProperty(name = "dat.method", havingValue = "oauth2", isNot = true)

src/main/java/org/cbioportal/security/token/uuid/UuidTokenAuthenticationProvider.java

@@ -0,0 +1,42 @@
+package org.cbioportal.security.token.uuid;
+
+import org.cbioportal.model.UserAuthorities;
+import org.cbioportal.persistence.SecurityRepository;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+
+import java.util.HashSet;
+import java.util.Objects;
+import java.util.Set;
+
+public class UuidTokenAuthenticationProvider implements AuthenticationProvider {
+    private static final Logger log = LoggerFactory.getLogger(UuidTokenAuthenticationProvider.class);
+
+    private final SecurityRepository securityRepository;
+
+    public UuidTokenAuthenticationProvider(final SecurityRepository securityRepository) {
+        this.securityRepository = securityRepository;
+    }
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        String user = (String) authentication.getPrincipal();
+        UserAuthorities authorities = securityRepository.getPortalUserAuthorities(user);
+        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
+        if (!Objects.isNull(authorities)) {
+            mappedAuthorities.addAll(AuthorityUtils.createAuthorityList(authorities.getAuthorities()));
+        }
+        return new UsernamePasswordAuthenticationToken(user, "does not match unused", mappedAuthorities);
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return authentication.isAssignableFrom(UsernamePasswordAuthenticationToken.class);
+    }
+}