diff --git a/conf/application-local.yml b/conf/application-local.yml index fdcde4f..1d9babe 100644 --- a/conf/application-local.yml +++ b/conf/application-local.yml @@ -97,6 +97,8 @@ pseudo.secrets: type: TINK_WDEK app-roles: + users: + - isAuthenticated() admins: - kons_schu@ssb.no - kons-skaar@ssb.no diff --git a/src/main/java/no/ssb/dlp/pseudo/service/pseudo/PseudoController.java b/src/main/java/no/ssb/dlp/pseudo/service/pseudo/PseudoController.java index dc9509d..b54c862 100644 --- a/src/main/java/no/ssb/dlp/pseudo/service/pseudo/PseudoController.java +++ b/src/main/java/no/ssb/dlp/pseudo/service/pseudo/PseudoController.java @@ -44,12 +44,10 @@ import java.io.IOException; import java.io.InputStream; import java.lang.reflect.InvocationTargetException; -import java.net.URI; import java.nio.file.Files; import java.nio.file.Path; import java.security.Principal; import java.util.List; -import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicBoolean; import static no.ssb.dlp.pseudo.core.util.Zips.ZipOptions.zipOpts; @@ -57,7 +55,7 @@ @RequiredArgsConstructor @Controller @Slf4j -@Secured(SecurityRule.IS_AUTHENTICATED) +@Secured({PseudoServiceRole.USER, PseudoServiceRole.ADMIN}) @Tag(name = "Pseudo operations") public class PseudoController { diff --git a/src/main/java/no/ssb/dlp/pseudo/service/security/CustomRolesFinder.java b/src/main/java/no/ssb/dlp/pseudo/service/security/CustomRolesFinder.java index d31a166..6f0b3c1 100644 --- a/src/main/java/no/ssb/dlp/pseudo/service/security/CustomRolesFinder.java +++ b/src/main/java/no/ssb/dlp/pseudo/service/security/CustomRolesFinder.java @@ -4,6 +4,7 @@ import io.micronaut.context.annotation.Requirements; import io.micronaut.context.annotation.Requires; import io.micronaut.context.env.Environment; +import io.micronaut.security.rules.SecurityRule; import io.micronaut.security.token.DefaultRolesFinder; import io.micronaut.security.token.RolesFinder; import io.micronaut.security.token.config.TokenConfiguration; @@ -31,9 +32,14 @@ public List resolveRoles(Map attributes) { List roles = new ArrayList<>(); Object username = attributes.get(tokenConfiguration.getNameKey()); - if (rolesConfig.getAdmins().contains(username)) { + if (rolesConfig.getAdmins().contains(SecurityRule.IS_AUTHENTICATED) + ||rolesConfig.getAdmins().contains(username)) { roles.add(PseudoServiceRole.ADMIN); } + if (rolesConfig.getUsers().contains(SecurityRule.IS_AUTHENTICATED) + || rolesConfig.getUsers().contains(username)) { + roles.add(PseudoServiceRole.USER); + } return roles; } diff --git a/src/main/java/no/ssb/dlp/pseudo/service/security/PseudoServiceRole.java b/src/main/java/no/ssb/dlp/pseudo/service/security/PseudoServiceRole.java index b4c9f28..45a9253 100644 --- a/src/main/java/no/ssb/dlp/pseudo/service/security/PseudoServiceRole.java +++ b/src/main/java/no/ssb/dlp/pseudo/service/security/PseudoServiceRole.java @@ -4,4 +4,5 @@ public final class PseudoServiceRole { private PseudoServiceRole() {} public static final String ADMIN = "admin"; + public static final String USER = "user"; } diff --git a/src/main/java/no/ssb/dlp/pseudo/service/security/StaticRolesConfig.java b/src/main/java/no/ssb/dlp/pseudo/service/security/StaticRolesConfig.java index c0b804f..5055952 100644 --- a/src/main/java/no/ssb/dlp/pseudo/service/security/StaticRolesConfig.java +++ b/src/main/java/no/ssb/dlp/pseudo/service/security/StaticRolesConfig.java @@ -11,5 +11,6 @@ @Data public class StaticRolesConfig { @NotBlank + private List users = new ArrayList<>(); private List admins = new ArrayList<>(); }