Allow custom configuration for the StreamingAuthorizationEnforcer ext…

…ension

Signed-off-by: Yannic Klem <yannic.klem@bosch.io>

gateway/service/src/main/java/org/eclipse/ditto/gateway/service/endpoints/routes/sse/ThingsSseRouteBuilder.java

@@ -76,6 +76,8 @@
 import org.eclipse.ditto.things.model.ThingId;
 import org.eclipse.ditto.things.model.signals.events.ThingEvent;
 
+import com.typesafe.config.Config;
+
 import akka.NotUsed;
 import akka.actor.ActorRef;
 import akka.actor.ActorSelection;
@@ -151,9 +153,11 @@ private ThingsSseRouteBuilder(final ActorSystem actorSystem,
         this.streamingConfig = streamingConfig;
         this.queryFilterCriteriaFactory = queryFilterCriteriaFactory;
         this.pubSubMediator = pubSubMediator;
-        final var dittoExtensionsConfig = ScopedConfig.dittoExtension(actorSystem.settings().config());
+        final Config config = actorSystem.settings().config();
+        final var dittoExtensionsConfig = ScopedConfig.dittoExtension(config);
         eventSniffer = SseEventSniffer.get(actorSystem, dittoExtensionsConfig);
-        sseAuthorizationEnforcer = StreamingAuthorizationEnforcer.sse(actorSystem);
+        final var sseConfig = ScopedConfig.getOrEmpty(config, "ditto.gateway.streaming.sse");
+        sseAuthorizationEnforcer = StreamingAuthorizationEnforcer.get(actorSystem, sseConfig);
         sseConnectionSupervisor = SseConnectionSupervisor.get(actorSystem);
     }
 

gateway/service/src/main/java/org/eclipse/ditto/gateway/service/endpoints/routes/websocket/WebSocketRoute.java

@@ -96,6 +96,8 @@
 import org.eclipse.ditto.thingsearch.model.signals.commands.SearchErrorResponse;
 import org.slf4j.Logger;
 
+import com.typesafe.config.Config;
+
 import akka.NotUsed;
 import akka.actor.ActorRef;
 import akka.actor.ActorSystem;
@@ -186,10 +188,12 @@ private WebSocketRoute(final ActorSystem actorSystem,
         this.streamingActor = checkNotNull(streamingActor, "streamingActor");
         this.streamingConfig = streamingConfig;
 
-        final var dittoExtensionsConfig = ScopedConfig.dittoExtension(actorSystem.settings().config());
+        final var config = actorSystem.settings().config();
+        final var dittoExtensionsConfig = ScopedConfig.dittoExtension(config);
         incomingMessageSniffer = IncomingWebSocketEventSniffer.get(actorSystem);
         outgoingMessageSniffer = OutgoingWebSocketEventSniffer.get(actorSystem);
-        authorizationEnforcer = StreamingAuthorizationEnforcer.ws(actorSystem);
+        final var websocketConfig = ScopedConfig.getOrEmpty(config, "ditto.gateway.streaming.websocket");
+        authorizationEnforcer = StreamingAuthorizationEnforcer.get(actorSystem, websocketConfig);
         webSocketSupervisor = WebSocketSupervisor.get(actorSystem);
         webSocketConfigProvider = WebSocketConfigProvider.get(actorSystem, dittoExtensionsConfig);
         signalEnrichmentProvider = null;

gateway/service/src/main/java/org/eclipse/ditto/gateway/service/streaming/StreamingAuthorizationEnforcer.java

@@ -17,7 +17,11 @@
 import java.util.concurrent.CompletionStage;
 
 import org.eclipse.ditto.base.model.headers.DittoHeaders;
+import org.eclipse.ditto.base.service.DittoExtensionIds;
 import org.eclipse.ditto.base.service.DittoExtensionPoint;
+import org.eclipse.ditto.base.service.RootChildActorStarter;
+
+import com.typesafe.config.Config;
 
 import akka.actor.ActorSystem;
 import akka.http.javadsl.server.RequestContext;
@@ -39,20 +43,6 @@ public interface StreamingAuthorizationEnforcer extends DittoExtensionPoint {
      */
     CompletionStage<DittoHeaders> checkAuthorization(RequestContext requestContext, DittoHeaders dittoHeaders);
 
-    /**
-     * Loads the implementation of {@code SseAuthorizationEnforcer} which is configured for the
-     * {@code ActorSystem}.
-     *
-     * @param actorSystem the actorSystem in which the {@code SseAuthorizationEnforcer} should be loaded.
-     * @return the {@code SseAuthorizationEnforcer} implementation.
-     * @throws NullPointerException if {@code actorSystem} is {@code null}.
-     * @since 3.0.0
-     */
-    static StreamingAuthorizationEnforcer sse(final ActorSystem actorSystem) {
-        checkNotNull(actorSystem, "actorSystem");
-        return SseExtensionId.INSTANCE.get(actorSystem);
-    }
-
     /**
      * Loads the implementation of {@code WebSocketAuthorizationEnforcer} which is configured for the
      * {@code ActorSystem}.
@@ -62,34 +52,26 @@ static StreamingAuthorizationEnforcer sse(final ActorSystem actorSystem) {
      * @throws NullPointerException if {@code actorSystem} is {@code null}.
      * @since 3.0.0
      */
-    static StreamingAuthorizationEnforcer ws(final ActorSystem actorSystem) {
+    static StreamingAuthorizationEnforcer get(final ActorSystem actorSystem, final Config config) {
         checkNotNull(actorSystem, "actorSystem");
-        return WsExtensionId.INSTANCE.get(actorSystem);
+        checkNotNull(config, "config");
+        final var extensionIdConfig = ExtensionId.computeConfig(config);
+        return DittoExtensionIds.get(actorSystem)
+                .computeIfAbsent(extensionIdConfig, ExtensionId::new)
+                .get(actorSystem);
     }
 
-    final class WsExtensionId extends DittoExtensionPoint.ExtensionId<StreamingAuthorizationEnforcer> {
+    final class ExtensionId extends DittoExtensionPoint.ExtensionId<StreamingAuthorizationEnforcer> {
 
-        private static final String CONFIG_PATH = "ditto.gateway.streaming.websocket.authorization-enforcer";
-        private static final WsExtensionId INSTANCE = new WsExtensionId(StreamingAuthorizationEnforcer.class);
+        private static final String CONFIG_KEY = "streaming-authorization-enforcer";
+        private static final String CONFIG_PATH = "ditto.extensions." + CONFIG_KEY;
 
-        private WsExtensionId(final Class<StreamingAuthorizationEnforcer> parentClass) {
-            super(parentClass);
+        private ExtensionId(final ExtensionIdConfig<StreamingAuthorizationEnforcer> extensionIdConfig) {
+            super(extensionIdConfig);
         }
 
-        @Override
-        protected String getConfigPath() {
-            return CONFIG_PATH;
-        }
-
-    }
-
-    final class SseExtensionId extends DittoExtensionPoint.ExtensionId<StreamingAuthorizationEnforcer> {
-
-        private static final String CONFIG_PATH = "ditto.gateway.streaming.sse.authorization-enforcer";
-        private static final SseExtensionId INSTANCE = new SseExtensionId(StreamingAuthorizationEnforcer.class);
-
-        private SseExtensionId(final Class<StreamingAuthorizationEnforcer> parentClass) {
-            super(parentClass);
+        static ExtensionIdConfig<StreamingAuthorizationEnforcer> computeConfig(final Config config) {
+            return ExtensionIdConfig.of(StreamingAuthorizationEnforcer.class, config, CONFIG_KEY);
         }
 
         @Override

gateway/service/src/main/resources/gateway.conf

@@ -48,6 +48,7 @@ ditto {
     http-request-actor-props-factory = org.eclipse.ditto.gateway.service.endpoints.actors.DefaultHttpRequestActorPropsFactory
     # The listener for SSE events
     sse-event-sniffer = org.eclipse.ditto.gateway.service.endpoints.routes.sse.NoOpSseEventSniffer
+    streaming-authorization-enforcer = org.eclipse.ditto.gateway.service.streaming.NoOpAuthorizationEnforcer
   }
 
   service-name = "gateway"
@@ -157,8 +158,7 @@ ditto {
         }
 
         # The provider enforcer for WebSocket connections
-        authorization-enforcer = "org.eclipse.ditto.gateway.service.streaming.NoOpAuthorizationEnforcer"
-        authorization-enforcer = ${?GATEWAY_WEBSOCKET_AUTHORIZATION_ENFORCER}
+        streaming-authorization-enforcer = "org.eclipse.ditto.gateway.service.streaming.NoOpAuthorizationEnforcer"
 
         # The supervisor for WebSocket connections
         connection-supervisor = "org.eclipse.ditto.gateway.service.endpoints.routes.websocket.NoOpWebSocketSupervisor"
@@ -189,8 +189,7 @@ ditto {
         }
 
         # The provider enforcer for SSE connections
-        authorization-enforcer = "org.eclipse.ditto.gateway.service.streaming.NoOpAuthorizationEnforcer"
-        authorization-enforcer = ${?GATEWAY_SSE_AUTHORIZATION_ENFORCER}
+        streaming-authorization-enforcer = "org.eclipse.ditto.gateway.service.streaming.NoOpAuthorizationEnforcer"
 
         # The supervisor for SSE connections
         connection-supervisor = "org.eclipse.ditto.gateway.service.endpoints.routes.sse.NoOpSseConnectionSupervisor"

gateway/service/src/test/resources/test.conf

@@ -158,7 +158,7 @@ ditto {
 
     streaming {
       sse {
-        authorization-enforcer = "org.eclipse.ditto.gateway.service.streaming.NoOpAuthorizationEnforcer"
+        streaming-authorization-enforcer = org.eclipse.ditto.gateway.service.streaming.NoOpAuthorizationEnforcer
         connection-supervisor = "org.eclipse.ditto.gateway.service.endpoints.routes.sse.NoOpSseConnectionSupervisor"
       }
       websocket {
@@ -169,10 +169,10 @@ ditto {
         # additionally CommandResponses and Events are dropped if this size is reached
         publisher.backpressure-buffer-size = 200
         # The provider enforcer for WebSocket connections
-        authorization-enforcer = "org.eclipse.ditto.gateway.service.streaming.NoOpAuthorizationEnforcer"
-        connection-supervisor = "org.eclipse.ditto.gateway.service.endpoints.routes.websocket.NoOpWebSocketSupervisor"
-        incoming-event-sniffer = "org.eclipse.ditto.gateway.service.endpoints.routes.websocket.NoOpIncomingWebSocketEventSniffer"
-        outgoing-event-sniffer = "org.eclipse.ditto.gateway.service.endpoints.routes.websocket.NoOpOutgoingWebSocketEventSniffer"
+        streaming-authorization-enforcer = org.eclipse.ditto.gateway.service.streaming.NoOpAuthorizationEnforcer
+        connection-supervisor = org.eclipse.ditto.gateway.service.endpoints.routes.websocket.NoOpWebSocketSupervisor
+        incoming-event-sniffer = org.eclipse.ditto.gateway.service.endpoints.routes.websocket.NoOpIncomingWebSocketEventSniffer
+        outgoing-event-sniffer = org.eclipse.ditto.gateway.service.endpoints.routes.websocket.NoOpOutgoingWebSocketEventSniffer
       }
     }