diff --git a/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java b/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java
index 51fa301389e420fca34725ac64a2b1827e632866..42f7e4158e24894ebc33b10354c346c5efb3c8eb 100644
--- a/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java
+++ b/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java
@@ -48,7 +48,7 @@ import de.ozgcloud.alfa.common.downloadtoken.DownloadTokenAuthenticationFilter;
@Configuration
@EnableWebSecurity
-@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
+@EnableMethodSecurity(securedEnabled = true)
public class SecurityConfiguration {
@Autowired
diff --git a/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserHelper.java b/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserHelper.java
index 82ab8a80f3e2ce5b9ad86fa268ab764ce5b8d34a..b0414c8fc1f7a12e718c0a8aeec96ebeedd8468b 100644
--- a/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserHelper.java
+++ b/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserHelper.java
@@ -41,13 +41,13 @@ import lombok.NoArgsConstructor;
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public class CurrentUserHelper {
+
static final String ROLE_PREFIX = "ROLE_";
private static final String SUB_CLAIM_KEY = "sub";
- public static final Predicate<String> HAS_ROLE = CurrentUserHelper::hasRole;
-
private static final AuthenticationTrustResolver TRUST_RESOLVER = new AuthenticationTrustResolverImpl();
- private static final Predicate<Authentication> TRUSTED = auth -> !TRUST_RESOLVER.isAnonymous(auth);
+ private static final Predicate<Authentication> IS_TRUSTED = auth -> !TRUST_RESOLVER.isAnonymous(auth);
+ private static final Predicate<String> IS_ROLE_PREFIX_MISSING = role -> !role.startsWith(ROLE_PREFIX);
public static boolean hasRole(String role) {
var auth = getAuthentication();
@@ -55,25 +55,14 @@ public class CurrentUserHelper {
if ((Objects.isNull(auth)) || (Objects.isNull(auth.getPrincipal()))) {
return false;
}
- Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
- return containsRole(authorities, role);
-
+ return containsRole(auth.getAuthorities(), role);
}
public static boolean containsRole(Collection<? extends GrantedAuthority> authorities, String role) {
- String roleToCheck;
-
- if (Objects.nonNull(role) && !role.startsWith(ROLE_PREFIX)) {
- roleToCheck = ROLE_PREFIX + role;
- } else {
- roleToCheck = role;
- }
-
if (Objects.isNull(authorities)) {
return false;
}
-
- return containsRole(roleToCheck, authorities);
+ return containsRole(prepareRoleForCheck(role), authorities);
}
static boolean containsRole(String role, Collection<? extends GrantedAuthority> authorities) {
@@ -84,12 +73,11 @@ public class CurrentUserHelper {
return StringUtils.equalsIgnoreCase(role, authority) || StringUtils.equalsIgnoreCase(prepareRoleForCheck(role), authority);
}
- static String prepareRoleForCheck(String role) {
- if ((Objects.nonNull(role)) && (!role.startsWith(ROLE_PREFIX))) {
- return ROLE_PREFIX + role;
- } else {
- return role;
- }
+ static String prepareRoleForCheck(String roleToCheck) {
+ return Optional.ofNullable(roleToCheck)
+ .filter(IS_ROLE_PREFIX_MISSING)
+ .map(role -> String.format("%s%s", ROLE_PREFIX, role))
+ .orElse(roleToCheck);
}
public static UserId getCurrentUserId() {
@@ -105,6 +93,6 @@ public class CurrentUserHelper {
}
private static Optional<Authentication> findAuthentication() {
- return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication()).filter(TRUSTED);
+ return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication()).filter(IS_TRUSTED);
}
}
diff --git a/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserService.java b/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserService.java
index 8425d6052b7dde99dc4ba6839d4d3dff2ed5989b..2e141e937e27460f22bbd839b021dd9760aaebcf 100644
--- a/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserService.java
+++ b/alfa-service/src/main/java/de/ozgcloud/alfa/common/user/CurrentUserService.java
@@ -25,7 +25,6 @@ package de.ozgcloud.alfa.common.user;
import java.util.Collection;
import java.util.Collections;
-import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
@@ -86,7 +85,7 @@ public class CurrentUserService {
}
public Collection<GrantedAuthority> getAuthorities() {
- return Collections.unmodifiableCollection(new HashSet<GrantedAuthority>(CurrentUserHelper.getAuthentication().getAuthorities()));
+ return Collections.unmodifiableCollection(CurrentUserHelper.getAuthentication().getAuthorities());
}
public UserId getUserId() {
diff --git a/alfa-service/src/test/java/de/ozgcloud/alfa/common/user/CurrentUserHelperTest.java b/alfa-service/src/test/java/de/ozgcloud/alfa/common/user/CurrentUserHelperTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..c3ceac882e23c0f86a8dfb20d11131808060ab4a
--- /dev/null
+++ b/alfa-service/src/test/java/de/ozgcloud/alfa/common/user/CurrentUserHelperTest.java
@@ -0,0 +1,40 @@
+package de.ozgcloud.alfa.common.user;
+
+import static org.assertj.core.api.Assertions.*;
+
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+
+class CurrentUserHelperTest {
+
+ @DisplayName("Prepare role for check")
+ @Nested
+ class TestPrepareRoleForCheck {
+
+ @Test
+ void shouldAddPrefixIfMissing() {
+ var roleWithoutPrefix = UserRole.VERWALTUNG_USER;
+
+ var role = CurrentUserHelper.prepareRoleForCheck(roleWithoutPrefix);
+
+ assertThat(role).isEqualTo(String.format("%s%s", CurrentUserHelper.ROLE_PREFIX, UserRole.VERWALTUNG_USER));
+ }
+
+ @Test
+ void shouldReturnRoleIfPrefixAlreadyExists() {
+ var roleWithPrefix = String.format("ROLE_%s", UserRole.VERWALTUNG_USER);
+
+ var role = CurrentUserHelper.prepareRoleForCheck(roleWithPrefix);
+
+ assertThat(role).isEqualTo(roleWithPrefix);
+ }
+
+ @Test
+ void shouldReturnPassingRoleIfNonNull() {
+ var role = CurrentUserHelper.prepareRoleForCheck(null);
+
+ assertThat(role).isNull();
+ }
+ }
+}
diff --git a/goofy-server/src/main/java/de/ozgcloud/alfa/AlfaServerApplication.java b/goofy-server/src/main/java/de/ozgcloud/alfa/AlfaServerApplication.java
index 38814989905b94b6a5996c4d32a92290e55d0fe6..54525b45e9a5b1363132efdcbad4ae8269df23f7 100644
--- a/goofy-server/src/main/java/de/ozgcloud/alfa/AlfaServerApplication.java
+++ b/goofy-server/src/main/java/de/ozgcloud/alfa/AlfaServerApplication.java
@@ -49,14 +49,14 @@ public class AlfaServerApplication {
}
@Bean
- public FilterRegistrationBean<ForwardedHeaderFilter> forwardedHeaderFilter() {
+ FilterRegistrationBean<ForwardedHeaderFilter> forwardedHeaderFilter() {
FilterRegistrationBean<ForwardedHeaderFilter> bean = new FilterRegistrationBean<>();
bean.setFilter(new ForwardedHeaderFilter());
return bean;
}
@Bean
- public ThreadPoolTaskExecutor threadPoolTaskExecutor() {
+ ThreadPoolTaskExecutor threadPoolTaskExecutor() {
ThreadPoolTaskExecutor executor = new ThreadPoolTaskExecutor();
executor.setThreadNamePrefix("async-");
@@ -65,12 +65,12 @@ public class AlfaServerApplication {
}
@Bean
- public CallScope callScope() {
+ CallScope callScope() {
return new CallScope();
}
@Bean
- public BeanFactoryPostProcessor beanFactoryPostProcessor(CallScope callScope) {
+ BeanFactoryPostProcessor beanFactoryPostProcessor(CallScope callScope) {
return new CallBeanFactoryPostProcessor(callScope);
}
}
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 6112db2b48805bac081c8b5f9d9ea342a469bc85..f964c85ba40a87b1213b64657d304111b991a4a7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
-
+
<groupId>de.itvsh.ozg</groupId>
<artifactId>goofy</artifactId>
<version>1.16.0-SNAPSHOT</version>
@@ -45,7 +45,7 @@
<module>goofy-server</module>
<module>alfa-xdomea</module>
<module>alfa-service</module>
- </modules>
+ </modules>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>