diff --git a/src/main/java/org/cbioportal/security/token/config/DataAccessTokenConfig.java b/src/main/java/org/cbioportal/security/token/config/DataAccessTokenConfig.java index d2e579a586c..2744685e8e1 100644 --- a/src/main/java/org/cbioportal/security/token/config/DataAccessTokenConfig.java +++ b/src/main/java/org/cbioportal/security/token/config/DataAccessTokenConfig.java @@ -1,8 +1,12 @@ package org.cbioportal.security.token.config; +import org.cbioportal.persistence.SecurityRepository; +import org.cbioportal.security.UuidBearerTokenAuthenticationFilter; import org.cbioportal.security.token.oauth2.OAuth2DataAccessTokenServiceImpl; import org.cbioportal.security.token.oauth2.OAuth2TokenAuthenticationProvider; +import org.cbioportal.security.token.uuid.UuidTokenAuthenticationProvider; import org.cbioportal.service.impl.UnauthDataAccessTokenServiceImpl; +import org.cbioportal.service.impl.UuidDataAccessTokenServiceImpl; import org.cbioportal.utils.config.annotation.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -11,6 +15,7 @@ @ConditionalOnProperty(name = "dat.method", havingValue = {"", "none"}, isNot = true) public class DataAccessTokenConfig { + // provider @Bean("tokenAuthenticationProvider") @ConditionalOnProperty(name = "dat.method", havingValue = "oauth2") @@ -19,11 +24,11 @@ public OAuth2TokenAuthenticationProvider oauth2TokenAuthenticationProvider() { } // TODO - implement uuid and jwt providers -// @Bean("tokenAuthenticationProvider") -// @ConditionalOnProperty(name = "dat.method", havingValue = "oauth2", isNot = true) -// public TokenUserDetailsAuthenticationProvider userDetailsTokenAuthenticationProvider() { -// return new TokenUserDetailsAuthenticationProvider(tokenUserDetailsService()); -// } + @Bean("tokenAuthenticationProvider") + @ConditionalOnProperty(name = "dat.method", havingValue = "uuid") + public UuidTokenAuthenticationProvider uuidTokenAuthenticationProvider(SecurityRepository repository) { + return new UuidTokenAuthenticationProvider(repository); + } // @Bean // @ConditionalOnProperty(name = "dat.method", havingValue = "oauth2", isNot = true) diff --git a/src/main/java/org/cbioportal/security/token/uuid/UuidTokenAuthenticationProvider.java b/src/main/java/org/cbioportal/security/token/uuid/UuidTokenAuthenticationProvider.java new file mode 100644 index 00000000000..01a923ea22f --- /dev/null +++ b/src/main/java/org/cbioportal/security/token/uuid/UuidTokenAuthenticationProvider.java @@ -0,0 +1,42 @@ +package org.cbioportal.security.token.uuid; + +import org.cbioportal.model.UserAuthorities; +import org.cbioportal.persistence.SecurityRepository; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.AuthorityUtils; + +import java.util.HashSet; +import java.util.Objects; +import java.util.Set; + +public class UuidTokenAuthenticationProvider implements AuthenticationProvider { + private static final Logger log = LoggerFactory.getLogger(UuidTokenAuthenticationProvider.class); + + private final SecurityRepository securityRepository; + + public UuidTokenAuthenticationProvider(final SecurityRepository securityRepository) { + this.securityRepository = securityRepository; + } + + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + String user = (String) authentication.getPrincipal(); + UserAuthorities authorities = securityRepository.getPortalUserAuthorities(user); + Set mappedAuthorities = new HashSet<>(); + if (!Objects.isNull(authorities)) { + mappedAuthorities.addAll(AuthorityUtils.createAuthorityList(authorities.getAuthorities())); + } + return new UsernamePasswordAuthenticationToken(user, "does not match unused", mappedAuthorities); + } + + @Override + public boolean supports(Class authentication) { + return authentication.isAssignableFrom(UsernamePasswordAuthenticationToken.class); + } +}