Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthFilter returnerer 401 ved manglende token. Fjerne ubrukte beans #1340

Merged
merged 2 commits into from
Dec 10, 2023
Merged

AuthFilter returnerer 401 ved manglende token. Fjerne ubrukte beans #1340

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6cc3567
AuthFilter returnerer 401 ved manglende token. Fjerne ubrukte beans
jolarsen Dec 9, 2023
eaa4fde
Merge branch 'master' into feature/auth-filter-less403
jolarsen Dec 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions felles/abac-kontekst/src/main/resources/META-INF/beans.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="https://jakarta.ee/xml/ns/jakartaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd"
version="3.0"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_4_0.xsd"
version="4.0"
bean-discovery-mode="annotated">
</beans>
4 changes: 2 additions & 2 deletions felles/abac/src/main/resources/META-INF/beans.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="https://jakarta.ee/xml/ns/jakartaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd"
version="3.0"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_4_0.xsd"
version="4.0"
bean-discovery-mode="annotated">
</beans>
4 changes: 2 additions & 2 deletions felles/abac/src/test/resources/META-INF/beans.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="https://jakarta.ee/xml/ns/jakartaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd"
version="3.0"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_4_0.xsd"
version="4.0"
bean-discovery-mode="annotated">
</beans>
38 changes: 20 additions & 18 deletions ...auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,10 +70,10 @@ public static void validerSettKontekst(ResourceInfo resourceInfo, ContainerReque
} else if (beskyttetRessurs == null) {
throw new WebApplicationException(metodenavn + " mangler annotering", Response.Status.INTERNAL_SERVER_ERROR);
} else {
var tokenString = getTokenFromHeader(ctx)
.or(() -> getCookie(ctx, cookiePath))
.orElseThrow(() -> new TokenFeil("Mangler token"));
validerToken(tokenString);
var tokenString = getToken(ctx, cookiePath)
.orElseThrow(() -> new ValideringsFeil("Mangler token"));
validerTokenSetKontekst(tokenString);
setUserAndConsumerId(KontekstHolder.getKontekst().getUid());
}
} catch (TekniskException | TokenFeil e) {
throw new WebApplicationException(e, Response.Status.FORBIDDEN);
Expand Down Expand Up @@ -101,31 +101,33 @@ private static void setCallAndConsumerId(ContainerRequestContext request) {
.ifPresent(MDCOperations::putConsumerId);
}

private static void setUserAndConsumerId(String subject) {
Optional.ofNullable(subject).ifPresent(MDCOperations::putUserId);
if (MDCOperations.getConsumerId() == null && subject != null) {
MDCOperations.putConsumerId(subject);
}
}

private static Optional<TokenString> getToken(ContainerRequestContext request, String cookiePath) {
return getTokenFromHeader(request).or(() -> getCookieToken(request, cookiePath));
}

private static Optional<TokenString> getTokenFromHeader(ContainerRequestContext request) {
String headerValue = request.getHeaderString(AUTHORIZATION_HEADER);
return headerValue != null && headerValue.startsWith(OpenIDToken.OIDC_DEFAULT_TOKEN_TYPE)
? Optional.of(new TokenString(headerValue.substring(OpenIDToken.OIDC_DEFAULT_TOKEN_TYPE.length())))
: Optional.empty();
}

private static Optional<TokenString> getCookie(ContainerRequestContext request, String cookiePath) {
if (cookiePath == null || request.getCookies() == null) {
return Optional.empty();
}
return request.getCookies().values().stream()
.filter(c -> c.getValue() != null)
.filter(c -> ID_TOKEN_COOKIE_NAME.equalsIgnoreCase(c.getName()))
.filter(c -> cookiePath.equalsIgnoreCase(c.getPath()))
.findFirst()
.or(() -> request.getCookies().values().stream()
.filter(c -> c.getValue() != null)
.filter(c -> ID_TOKEN_COOKIE_NAME.equalsIgnoreCase(c.getName()))
.findFirst())
private static Optional<TokenString> getCookieToken(ContainerRequestContext request, String cookiePath) {
var idTokenCookie = Optional.ofNullable(request.getCookies()).map(c -> c.get(ID_TOKEN_COOKIE_NAME));
return idTokenCookie.filter(c -> cookiePath != null && cookiePath.equalsIgnoreCase(c.getPath()))
.or(() -> idTokenCookie)
.map(Cookie::getValue)
.map(TokenString::new);
}

public static void validerToken(TokenString tokenString) {
public static void validerTokenSetKontekst(TokenString tokenString) {
// Sett opp OpenIDToken
var claims = JwtUtil.getClaims(tokenString.token());
var configuration = ConfigProvider.getOpenIDConfiguration(JwtUtil.getIssuer(claims))
Expand Down
6 changes: 0 additions & 6 deletions felles/auth-filter/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion ...-filter/src/test/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegateTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ public void teardown() {
try {
AuthenticationFilterDelegate.validerSettKontekst(ri, request);
} catch (WebApplicationException e) {
assertThat(e.getResponse().getStatus()).isEqualTo(403);
assertThat(e.getResponse().getStatus()).isEqualTo(401);
}
}

Expand Down
4 changes: 2 additions & 2 deletions felles/db/src/main/resources/META-INF/beans.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="https://jakarta.ee/xml/ns/jakartaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd"
version="3.0"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_4_0.xsd"
version="4.0"
bean-discovery-mode="annotated">
</beans>
6 changes: 0 additions & 6 deletions felles/klient/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

4 changes: 2 additions & 2 deletions felles/konfig/src/main/resources/META-INF/beans.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="https://jakarta.ee/xml/ns/jakartaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd"
version="3.0"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_4_0.xsd"
version="4.0"
bean-discovery-mode="annotated">
</beans>
4 changes: 0 additions & 4 deletions felles/kontekst/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,6 @@
<packaging>jar</packaging>

<dependencies>
<dependency>
<groupId>jakarta.enterprise</groupId>
<artifactId>jakarta.enterprise.cdi-api</artifactId>
</dependency>
<dependency>
<groupId>no.nav.foreldrepenger.felles</groupId>
<artifactId>felles-konfig</artifactId>
Expand Down
4 changes: 2 additions & 2 deletions felles/log/src/main/resources/META-INF/beans.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="https://jakarta.ee/xml/ns/jakartaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd"
version="3.0"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_4_0.xsd"
version="4.0"
bean-discovery-mode="annotated">
</beans>
5 changes: 3 additions & 2 deletions felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/validator/OidcTokenValidator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,8 +149,9 @@ private OidcTokenValidatorResult validateAzure(JwtClaims claims, String subject)
if (isAzureClientCredentials(claims, subject)) {
var brukSubject = Optional.ofNullable(JwtUtil.getStringClaim(claims, AzureProperty.AZP_NAME)).orElse(subject);
// Ta med bakoverkompatibelt navn ettersom azp_name er ganske langt (tabeller / opprettet_av)
if (brukSubject.lastIndexOf(':') >= 0) {
var appSrvName = "srv" + brukSubject.substring(brukSubject.lastIndexOf(':') + 1);
var sisteKolon = brukSubject.lastIndexOf(':');
if (sisteKolon >= 0) {
var appSrvName = "srv" + brukSubject.substring(sisteKolon + 1);
if (appSrvName.length() > 20) {
appSrvName = appSrvName.substring(0, 19);
}
Expand Down
6 changes: 0 additions & 6 deletions felles/oidc/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions felles/oidc/src/test/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

Empty file removed felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/context/SubjectHandler.java
View file
Open in desktop
Empty file.
31 changes: 10 additions & 21 deletions felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/jaspic/OidcAuthModule.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,9 +107,9 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
return FAILURE; // Vil gi 403
}
} catch (Exception e) {
throw new TekniskException("F-396795", "Klarte ikke å sende respons", e);
throw new TekniskException("F-396795", "Klarte ikke å sende respons", e); // Gir 500
}
return SEND_CONTINUE; // TODO - skal man returnere SEND_FAILURE? SEND_CONTINUE virker mest relevant for redirect to login
return SEND_CONTINUE; // SEND_CONTINUE sørger for svar med 401. (SEND_)FAILURE gir 403
}

if (SUCCESS.equals(authStatus)) {
Expand Down Expand Up @@ -151,7 +151,7 @@ public void setCallAndConsumerId(HttpServletRequest request) {
}
}

protected AuthStatus oidcLogin(Subject clientSubject, HttpServletRequest request) {
protected AuthStatus handleProtectedResource(Subject clientSubject, HttpServletRequest request) {
// Get token
var oidcToken = tokenLocator.getToken(request);
if (oidcToken.isEmpty()) {
Expand All @@ -174,7 +174,7 @@ protected AuthStatus oidcLogin(Subject clientSubject, HttpServletRequest request
return FAILURE;
}

// Dummy - finnes kun pga Jakarta Authentication 3.0 kap 6 LoginModule Bridge Profile. Mulig kan fjernes helt - prøv i neste runde
// Dummy - finnes kun pga Jakarta Authentication 3.0 kap 6 LoginModule Bridge Profile.
LoginContext loginContext = createLoginContext(clientSubject);
try {
loginContext.login();
Expand All @@ -184,8 +184,13 @@ protected AuthStatus oidcLogin(Subject clientSubject, HttpServletRequest request

clientSubject.getPrincipals().add(new BrukerNavnType(sluttbruker.uid(), sluttbruker.identType()));

MDCOperations.putUserId(sluttbruker.uid());
if (MDCOperations.getConsumerId() == null) {
MDCOperations.putConsumerId(sluttbruker.uid());
}

// Handle result
return handleValidatedToken(clientSubject, sluttbruker.uid());
return notifyContainerAboutLogin(clientSubject, sluttbruker.uid());
}

private LoginContext createLoginContext(Subject clientSubject) {
Expand All @@ -207,30 +212,14 @@ public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
}
}

protected AuthStatus handleProtectedResource(Subject clientSubject, HttpServletRequest originalRequest) {
return oidcLogin(clientSubject, originalRequest);
}

protected AuthStatus handleValidatedToken(Subject clientSubject, String username) {
AuthStatus authStatus = notifyContainerAboutLogin(clientSubject, username);

MDCOperations.putUserId(username);
if (MDCOperations.getConsumerId() == null) {
MDCOperations.putConsumerId(username);
}
return authStatus;
}

/**
* Asks the container to register the given username.
* <p>
* <p>
* Note that after this call returned, the authenticated identity will not be
* immediately active. This will only take place (should not errors occur) after
* the {@link ServerAuthContext} or {@link ServerAuthModule} in which this call
* takes place return control back to the runtime.
* <p>
* <p>
* As a convenience this method returns SUCCESS, so this method can be used in
* one fluent return statement from an auth module.
*
Expand Down
6 changes: 0 additions & 6 deletions felles/sikkerhet/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions felles/sikkerhet/src/test/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

4 changes: 2 additions & 2 deletions felles/testutilities/src/main/resources/META-INF/beans.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="https://jakarta.ee/xml/ns/jakartaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd"
version="3.0"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_4_0.xsd"
version="4.0"
bean-discovery-mode="annotated">
</beans>
4 changes: 2 additions & 2 deletions felles/testutilities/src/test/resources/META-INF/beans.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="https://jakarta.ee/xml/ns/jakartaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd"
version="3.0"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_4_0.xsd"
version="4.0"
bean-discovery-mode="annotated">
</beans>
6 changes: 0 additions & 6 deletions felles/util/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions felles/util/src/test/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions integrasjon/arbeidsfordeling-klient/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions integrasjon/dokarkiv-klient/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions integrasjon/dokarkiv-klient/src/test/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions integrasjon/ereg-klient/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions integrasjon/infotrygd-grunnlag-klient/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions integrasjon/infotrygd-grunnlag-klient/src/test/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions integrasjon/oppgave-rest-klient/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions integrasjon/person-klient/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions integrasjon/rest-klient/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions integrasjon/rest-klient/src/test/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions integrasjon/saf-klient/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions integrasjon/spokelse-klient/src/main/resources/META-INF/beans.xml
View file
Open in desktop

This file was deleted.