Add new user role for authenticated users. (#71)

* Add new user role for authenticated users. * Accept the isAuthenticated() keyword also for admins
statisticsnorway · Nov 20, 2023 · 0ed0659 · 0ed0659
1 parent acc2d17
commit 0ed0659
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 4 deletions.
diff --git a/conf/application-local.yml b/conf/application-local.yml
@@ -97,6 +97,8 @@ pseudo.secrets:
     type: TINK_WDEK
 
 app-roles:
+  users:
+    - isAuthenticated()
   admins:
     - [email protected]
     - [email protected]

diff --git a/src/main/java/no/ssb/dlp/pseudo/service/pseudo/PseudoController.java b/src/main/java/no/ssb/dlp/pseudo/service/pseudo/PseudoController.java
@@ -44,20 +44,18 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.reflect.InvocationTargetException;
-import java.net.URI;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.Principal;
 import java.util.List;
-import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 import static no.ssb.dlp.pseudo.core.util.Zips.ZipOptions.zipOpts;
 
 @RequiredArgsConstructor
 @Controller
 @Slf4j
-@Secured(SecurityRule.IS_AUTHENTICATED)
+@Secured({PseudoServiceRole.USER, PseudoServiceRole.ADMIN})
 @Tag(name = "Pseudo operations")
 public class PseudoController {
 

diff --git a/src/main/java/no/ssb/dlp/pseudo/service/security/CustomRolesFinder.java b/src/main/java/no/ssb/dlp/pseudo/service/security/CustomRolesFinder.java
@@ -4,6 +4,7 @@
 import io.micronaut.context.annotation.Requirements;
 import io.micronaut.context.annotation.Requires;
 import io.micronaut.context.env.Environment;
+import io.micronaut.security.rules.SecurityRule;
 import io.micronaut.security.token.DefaultRolesFinder;
 import io.micronaut.security.token.RolesFinder;
 import io.micronaut.security.token.config.TokenConfiguration;
@@ -31,9 +32,14 @@ public List<String> resolveRoles(Map<String, Object> attributes) {
         List<String> roles = new ArrayList<>();
 
         Object username = attributes.get(tokenConfiguration.getNameKey());
-        if (rolesConfig.getAdmins().contains(username)) {
+        if (rolesConfig.getAdmins().contains(SecurityRule.IS_AUTHENTICATED)
+                ||rolesConfig.getAdmins().contains(username)) {
             roles.add(PseudoServiceRole.ADMIN);
         }
+        if (rolesConfig.getUsers().contains(SecurityRule.IS_AUTHENTICATED)
+                || rolesConfig.getUsers().contains(username)) {
+            roles.add(PseudoServiceRole.USER);
+        }
 
         return roles;
     }

diff --git a/src/main/java/no/ssb/dlp/pseudo/service/security/PseudoServiceRole.java b/src/main/java/no/ssb/dlp/pseudo/service/security/PseudoServiceRole.java
@@ -4,4 +4,5 @@ public final class PseudoServiceRole {
     private PseudoServiceRole() {}
 
     public static final String ADMIN = "admin";
+    public static final String USER = "user";
 }
diff --git a/src/main/java/no/ssb/dlp/pseudo/service/security/StaticRolesConfig.java b/src/main/java/no/ssb/dlp/pseudo/service/security/StaticRolesConfig.java
@@ -11,5 +11,6 @@
 @Data
 public class StaticRolesConfig {
     @NotBlank
+    private List<String> users = new ArrayList<>();
     private List<String> admins = new ArrayList<>();
 }