Skip to content
Permalink
Browse files
Merge pull request #3 from myrle-krantz/develop
Fine-tuning based on what I've learned from using this in integration test.
  • Loading branch information
myrle-krantz committed Jun 8, 2017
2 parents 8e02dee + 1f9140b commit 3b9e91003fa657297c8d94cadfc3a4bb5528a11e
Showing 4 changed files with 35 additions and 7 deletions.
@@ -28,7 +28,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.cloud.netflix.feign.EnableFeignClients;
import org.springframework.cloud.netflix.feign.support.SpringMvcContract;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@@ -48,7 +47,7 @@ public Logger logger() {

@Bean
public IdentityManager identityManager(
final @Nonnull Client feignClient,
@SuppressWarnings("SpringJavaAutowiringInspection") final @Nonnull Client feignClient,
final @Qualifier(LibraryConstants.LOGGER_NAME) @Nonnull Logger logger) {
return Feign.builder()
.contract(new SpringMvcContract())
@@ -58,6 +57,6 @@ public IdentityManager identityManager(
.requestInterceptor(new TokenedTargetInterceptor())
.decoder(new GsonDecoder())
.encoder(new GsonEncoder())
.target(IdentityManager.class, "https://identity-v1");
.target(IdentityManager.class, "http://identity-v1/identity/v1");
}
}
@@ -48,8 +48,11 @@ public <T> ApplicationTokenedTargetInterceptor(
@Override
public void apply(final RequestTemplate template) {
UserContextHolder.getUserContext().ifPresent(userContext -> {
final String accessToken = applicationAccessTokenService.getAccessToken(userContext.getUser(),
TenantContextHolder.checkedGetIdentifier(), endpointSetIdentifier);

template.header(ApiConstants.USER_HEADER, userContext.getUser());
template.header(ApiConstants.AUTHORIZATION_HEADER, applicationAccessTokenService.getAccessToken(userContext.getUser(), TenantContextHolder.checkedGetIdentifier(), endpointSetIdentifier));
template.header(ApiConstants.AUTHORIZATION_HEADER, accessToken);
});
}
}
@@ -19,14 +19,19 @@
import io.mifos.anubis.security.AmitAuthenticationException;
import io.mifos.anubis.token.TenantRefreshTokenSerializer;
import io.mifos.anubis.token.TokenSerializationResult;
import io.mifos.core.api.context.AutoGuest;
import io.mifos.core.api.util.NotFoundException;
import io.mifos.core.lang.ApplicationName;
import io.mifos.core.lang.AutoTenantContext;
import io.mifos.core.lang.security.RsaKeyPairFactory;
import io.mifos.identity.api.v1.client.IdentityManager;
import io.mifos.identity.api.v1.domain.Authentication;
import io.mifos.permittedfeignclient.LibraryConstants;
import net.jodah.expiringmap.ExpirationPolicy;
import net.jodah.expiringmap.ExpiringMap;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

import javax.annotation.Nonnull;
@@ -46,6 +51,7 @@ public class ApplicationAccessTokenService {
private final TenantSignatureRepository tenantSignatureRepository;
private final IdentityManager identityManager;
private final TenantRefreshTokenSerializer tenantRefreshTokenSerializer;
private final Logger logger;

private final Map<TokenCacheKey, TokenSerializationResult> refreshTokenCache;
private final Map<TokenCacheKey, Authentication> accessTokenCache;
@@ -55,12 +61,15 @@ public ApplicationAccessTokenService(
final @Nonnull ApplicationName applicationName,
final @Nonnull TenantSignatureRepository tenantSignatureRepository,
final @Nonnull IdentityManager identityManager,
final @Nonnull TenantRefreshTokenSerializer tenantRefreshTokenSerializer) {
final @Nonnull TenantRefreshTokenSerializer tenantRefreshTokenSerializer,
@Qualifier(LibraryConstants.LOGGER_NAME) final @Nonnull Logger logger
) {

this.applicationName = applicationName.toString();
this.tenantSignatureRepository = tenantSignatureRepository;
this.identityManager = identityManager;
this.tenantRefreshTokenSerializer = tenantRefreshTokenSerializer;
this.logger = logger;

this.refreshTokenCache = ExpiringMap.builder()
.maxSize(300)
@@ -90,12 +99,21 @@ public String getAccessToken(final String user, final String tenant, final @Null
private Authentication createAccessToken(final TokenCacheKey tokenCacheKey) {
final String refreshToken = refreshTokenCache.get(tokenCacheKey).getToken();
try (final AutoTenantContext ignored = new AutoTenantContext(tokenCacheKey.getTenant())) {
return identityManager.refresh(refreshToken);
try (final AutoGuest ignored2 = new AutoGuest()) {
logger.debug("Getting access token for {}", tokenCacheKey);
return identityManager.refresh(refreshToken);
}
catch (final Exception e) {
logger.error("Couldn't get access token from identity for {}.", tokenCacheKey, e);
throw new NotFoundException("Couldn't get access token");
}
}
}

private TokenSerializationResult createRefreshToken(final TokenCacheKey tokenCacheKey) {
try (final AutoTenantContext ignored = new AutoTenantContext(tokenCacheKey.getTenant())) {
logger.debug("Creating refresh token for {}", tokenCacheKey);

final Optional<RsaKeyPairFactory.KeyPairHolder> optionalSigningKeyPair
= tenantSignatureRepository.getLatestApplicationSigningKeyPair();

@@ -112,5 +130,9 @@ private TokenSerializationResult createRefreshToken(final TokenCacheKey tokenCac

return tenantRefreshTokenSerializer.build(specification);
}
catch (final Exception e) {
logger.error("Couldn't create refresh token for {}.", tokenCacheKey, e);
throw new NotFoundException("Couldn't create refresh token.");
}
}
}
@@ -27,6 +27,7 @@
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;
import org.slf4j.Logger;

import java.time.LocalDateTime;
import java.util.Optional;
@@ -57,11 +58,14 @@ public void testHappyCase() {
Mockito.when(tenantRefreshTokenSerializerMock.build(Mockito.anyObject()))
.thenReturn(new TokenSerializationResult(BEARER_TOKEN_MOCK, LocalDateTime.now()));

final Logger loggerMock = Mockito.mock(Logger.class);

final ApplicationAccessTokenService testSubject = new ApplicationAccessTokenService(
applicationNameMock,
tenantSignatureRepositoryMock,
identityManagerMock,
tenantRefreshTokenSerializerMock);
tenantRefreshTokenSerializerMock,
loggerMock);

try (final AutoTenantContext ignored1 = new AutoTenantContext(TENANT_NAME)) {
final String accessTokenWithoutCallEndpointSet = testSubject.getAccessToken(USER_NAME, TenantContextHolder.checkedGetIdentifier());

0 comments on commit 3b9e910

Please sign in to comment.