From 3c0740aeb015b934134366e486bf142a097271fd Mon Sep 17 00:00:00 2001 From: JulieHillRoa Date: Mon, 1 Jul 2024 16:39:38 +0200 Subject: [PATCH] Fjerne abac helt fra veilarbarena --- pom.xml | 5 -- .../config/ApplicationConfig.java | 11 --- .../config/EnvironmentProperties.java | 2 - .../nav/veilarbarena/service/AuthService.java | 13 +--- src/main/resources/application.properties | 1 - .../config/ApplicationTestConfig.java | 14 ---- .../nav/veilarbarena/mock/AbacClientMock.java | 30 ------- .../no/nav/veilarbarena/mock/PepMock.java | 78 ------------------- 8 files changed, 2 insertions(+), 152 deletions(-) delete mode 100644 src/test/java/no/nav/veilarbarena/mock/AbacClientMock.java delete mode 100644 src/test/java/no/nav/veilarbarena/mock/PepMock.java diff --git a/pom.xml b/pom.xml index e7577a68..e1dcb3d9 100644 --- a/pom.xml +++ b/pom.xml @@ -217,11 +217,6 @@ types ${common.version} - - com.github.navikt.common-java-modules - abac - ${common.version} - com.github.navikt.common-java-modules sts diff --git a/src/main/java/no/nav/veilarbarena/config/ApplicationConfig.java b/src/main/java/no/nav/veilarbarena/config/ApplicationConfig.java index 86389f73..4d917084 100644 --- a/src/main/java/no/nav/veilarbarena/config/ApplicationConfig.java +++ b/src/main/java/no/nav/veilarbarena/config/ApplicationConfig.java @@ -3,9 +3,6 @@ import com.github.benmanes.caffeine.cache.Cache; import com.github.benmanes.caffeine.cache.Caffeine; import lombok.extern.slf4j.Slf4j; -import no.nav.common.abac.Pep; -import no.nav.common.abac.VeilarbPepFactory; -import no.nav.common.abac.audit.SpringAuditRequestInfoSupplier; import no.nav.common.auth.context.AuthContextHolder; import no.nav.common.auth.context.AuthContextHolderThreadLocal; import no.nav.common.client.aktoroppslag.AktorOppslagClient; @@ -110,14 +107,6 @@ public KafkaConfig.EnvironmentContext kafkaConfigEnvContext() { .setProducerClientProperties(aivenByteProducerProperties(PRODUCER_CLIENT_ID)); } - @Bean - public Pep veilarbPep(EnvironmentProperties properties, Credentials serviceUserCredentials) { - return VeilarbPepFactory.get( - properties.getAbacUrl(), serviceUserCredentials.username, - serviceUserCredentials.password, new SpringAuditRequestInfoSupplier() - ); - } - @Bean public static StsConfig stsConfig(EnvironmentProperties properties, Credentials serviceUserCredentials) { return StsConfig.builder() diff --git a/src/main/java/no/nav/veilarbarena/config/EnvironmentProperties.java b/src/main/java/no/nav/veilarbarena/config/EnvironmentProperties.java index 6b376a9f..4eff6ce4 100644 --- a/src/main/java/no/nav/veilarbarena/config/EnvironmentProperties.java +++ b/src/main/java/no/nav/veilarbarena/config/EnvironmentProperties.java @@ -31,8 +31,6 @@ public class EnvironmentProperties { private String naisStsDiscoveryUrl; - private String abacUrl; - private String dbUrl; private String kafkaBrokersUrl; diff --git a/src/main/java/no/nav/veilarbarena/service/AuthService.java b/src/main/java/no/nav/veilarbarena/service/AuthService.java index 3c272aca..cdf7b9f9 100644 --- a/src/main/java/no/nav/veilarbarena/service/AuthService.java +++ b/src/main/java/no/nav/veilarbarena/service/AuthService.java @@ -3,8 +3,6 @@ import com.nimbusds.jwt.JWTClaimsSet; import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; -import no.nav.common.abac.Pep; -import no.nav.common.abac.domain.request.ActionId; import no.nav.common.auth.context.AuthContextHolder; import no.nav.common.types.identer.Fnr; import no.nav.poao_tilgang.client.*; @@ -28,14 +26,11 @@ public class AuthService { private final AuthContextHolder authContextHolder; - private final Pep veilarbPep; - private final PoaoTilgangClient poaoTilgangClient; @Autowired - public AuthService(AuthContextHolder authContextHolder, Pep veilarbPep, PoaoTilgangClient poaoTilgangClient) { + public AuthService(AuthContextHolder authContextHolder, PoaoTilgangClient poaoTilgangClient) { this.authContextHolder = authContextHolder; - this.veilarbPep = veilarbPep; this.poaoTilgangClient = poaoTilgangClient; } @@ -74,11 +69,7 @@ public void sjekkTilgang(Fnr fnr) { } } else { log.warn("Har systembruker rolle men mangler rolle access_as_application in claims. Dette skal ikke skje."); - String innloggetBrukerToken = authContextHolder.requireIdTokenString(); - if (!veilarbPep.harTilgangTilPerson(innloggetBrukerToken, ActionId.READ, fnr)) { - log.warn("Systembruker tilgang avvist via abac"); - throw new ResponseStatusException(HttpStatus.FORBIDDEN); - } + throw new ResponseStatusException(HttpStatus.FORBIDDEN); } } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index fe0fd80a..44c01463 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -20,7 +20,6 @@ spring.data.jdbc.repositories.enabled=false app.env.naisStsDiscoveryUrl=${SECURITY_TOKEN_SERVICE_DISCOVERY_URL} app.env.openAmDiscoveryUrl=${OPENAM_DISCOVERY_URL} app.env.veilarbloginOpenAmClientId=${VEILARBLOGIN_OPENAM_CLIENT_ID} -app.env.abacUrl=${ABAC_PDP_ENDPOINT_URL} app.env.dbUrl=${VEILARBARENADATASOURCE_URL} app.env.kafkaBrokersUrl=${KAFKA_BROKERS_URL} app.env.soapStsUrl=${SECURITYTOKENSERVICE_URL} diff --git a/src/test/java/no/nav/veilarbarena/config/ApplicationTestConfig.java b/src/test/java/no/nav/veilarbarena/config/ApplicationTestConfig.java index 74dc0475..4d83dd5f 100644 --- a/src/test/java/no/nav/veilarbarena/config/ApplicationTestConfig.java +++ b/src/test/java/no/nav/veilarbarena/config/ApplicationTestConfig.java @@ -1,7 +1,5 @@ package no.nav.veilarbarena.config; -import no.nav.common.abac.AbacClient; -import no.nav.common.abac.Pep; import no.nav.common.auth.context.AuthContextHolder; import no.nav.common.auth.context.AuthContextHolderThreadLocal; import no.nav.common.client.aktoroppslag.AktorOppslagClient; @@ -17,9 +15,7 @@ import no.nav.veilarbarena.client.ords.dto.ArenaOppfolgingsstatusDTO; import no.nav.veilarbarena.client.ytelseskontrakt.YtelseskontraktClient; import no.nav.veilarbarena.client.ytelseskontrakt.YtelseskontraktResponse; -import no.nav.veilarbarena.mock.AbacClientMock; import no.nav.veilarbarena.mock.MetricsClientMock; -import no.nav.veilarbarena.mock.PepMock; import no.nav.veilarbarena.utils.LocalH2Database; import org.apache.kafka.common.serialization.ByteArraySerializer; import org.mockito.Mockito; @@ -67,21 +63,11 @@ public AktorOppslagClient aktorOppslagClient() { return Mockito.mock(AktorOppslagClient.class); } - @Bean - public AbacClient abacClient() { - return new AbacClientMock(); - } - @Bean public LeaderElectionClient leaderElectionClient() { return () -> true; } - @Bean - public Pep veilarbPep(AbacClient abacClient) { - return new PepMock(abacClient); - } - @Bean public MetricsClient metricsClient() { return new MetricsClientMock(); diff --git a/src/test/java/no/nav/veilarbarena/mock/AbacClientMock.java b/src/test/java/no/nav/veilarbarena/mock/AbacClientMock.java deleted file mode 100644 index beb6bcc1..00000000 --- a/src/test/java/no/nav/veilarbarena/mock/AbacClientMock.java +++ /dev/null @@ -1,30 +0,0 @@ -package no.nav.veilarbarena.mock; - -import no.nav.common.abac.AbacClient; -import no.nav.common.abac.domain.request.XacmlRequest; -import no.nav.common.abac.domain.response.Decision; -import no.nav.common.abac.domain.response.Response; -import no.nav.common.abac.domain.response.XacmlResponse; -import no.nav.common.health.HealthCheckResult; - -import java.util.Collections; - -public class AbacClientMock implements AbacClient { - - @Override - public String sendRawRequest(String s) { - return "raw_abac_mock_request"; - } - - @Override - public XacmlResponse sendRequest(XacmlRequest xacmlRequest) { - XacmlResponse xacmlResponse = new XacmlResponse(); - xacmlResponse.withResponse(Collections.singletonList(new Response().withDecision(Decision.Permit))); - return xacmlResponse; - } - - @Override - public HealthCheckResult checkHealth() { - return HealthCheckResult.healthy(); - } -} diff --git a/src/test/java/no/nav/veilarbarena/mock/PepMock.java b/src/test/java/no/nav/veilarbarena/mock/PepMock.java deleted file mode 100644 index f983a8c9..00000000 --- a/src/test/java/no/nav/veilarbarena/mock/PepMock.java +++ /dev/null @@ -1,78 +0,0 @@ -package no.nav.veilarbarena.mock; - -import no.nav.common.abac.AbacClient; -import no.nav.common.abac.Pep; -import no.nav.common.abac.domain.request.ActionId; -import no.nav.common.types.identer.EksternBrukerId; -import no.nav.common.types.identer.EnhetId; -import no.nav.common.types.identer.NavIdent; - -public class PepMock implements Pep { - - private final AbacClient abacClient; - - public PepMock(AbacClient abacClient) { - this.abacClient = abacClient; - } - - @Override - public boolean harVeilederTilgangTilEnhet(NavIdent navIdent, EnhetId enhetId) { - return true; - } - - @Override - public boolean harTilgangTilEnhet(String s, EnhetId enhetId) { - return true; - } - - @Override - public boolean harTilgangTilEnhetMedSperre(String s, EnhetId enhetId) { - return true; - } - - @Override - public boolean harTilgangTilEnhetMedSperre(NavIdent navIdent, EnhetId enhetId) { - return false; - } - - @Override - public boolean harVeilederTilgangTilPerson(NavIdent navIdent, ActionId actionId, EksternBrukerId eksternBrukerId) { - return true; - } - - @Override - public boolean harTilgangTilPerson(String s, ActionId actionId, EksternBrukerId eksternBrukerId) { - return true; - } - - @Override - public boolean harTilgangTilOppfolging(String s) { - return true; - } - - @Override - public boolean harVeilederTilgangTilModia(String s) { - return true; - } - - @Override - public boolean harVeilederTilgangTilKode6(NavIdent navIdent) { - return true; - } - - @Override - public boolean harVeilederTilgangTilKode7(NavIdent navIdent) { - return true; - } - - @Override - public boolean harVeilederTilgangTilEgenAnsatt(NavIdent navIdent) { - return true; - } - - @Override - public AbacClient getAbacClient() { - return abacClient; - } - -}