From db9007082dbfd1276584571e9490629e8018e028 Mon Sep 17 00:00:00 2001 From: Jens-Otto Larsen <46576810+jolarsen@users.noreply.github.com> Date: Fri, 23 Aug 2024 17:06:53 +0200 Subject: [PATCH] K9 har fortsatt token i header fra frontend/tilbake (#1381) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * K9 har fortsatt token i header fra frontend/tilbake * Forklaring på behov for supplier --- .../jaxrs/AuthenticationFilterDelegate.java | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java b/felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java index 7994ce692..21ae03a92 100644 --- a/felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java +++ b/felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java @@ -4,6 +4,8 @@ import java.lang.reflect.Method; import java.time.Instant; import java.util.Optional; +import java.util.function.Function; +import java.util.function.Supplier; import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.container.ContainerRequestContext; @@ -46,6 +48,12 @@ private AuthenticationFilterDelegate() { } public static void validerSettKontekst(ResourceInfo resourceInfo, ContainerRequestContext ctx) { + validerSettKontekst(resourceInfo, ctx, () -> getTokenFromHeader(ctx)); + } + + // Denne Supplier-varianten finnes kun for at k9tilbake skal kunne lete etter tokens i cookies (i tillegg til header) + public static void validerSettKontekst(ResourceInfo resourceInfo, ContainerRequestContext ctx, + Supplier> tokenfinder) { try { Method method = resourceInfo.getResourceMethod(); var utenAutentiseringRessurs = getAnnotation(resourceInfo, UtenAutentisering.class); @@ -62,7 +70,8 @@ public static void validerSettKontekst(ResourceInfo resourceInfo, ContainerReque KontekstHolder.setKontekst(BasisKontekst.ikkeAutentisertRequest(MDCOperations.getConsumerId())); LOG.trace("{} er whitelisted", metodenavn); } else { - validerTokenSetKontekst(resourceInfo, ctx); + var tokenString = tokenfinder.get().orElseThrow(() -> new ValideringsFeil("Mangler token")); + validerTokenSetKontekst(resourceInfo, tokenString); setUserAndConsumerId(KontekstHolder.getKontekst().getUid()); } } catch (TekniskException | TokenFeil e) { @@ -103,16 +112,15 @@ private static Optional getAnnotation(ResourceInfo res .or(() -> Optional.ofNullable(resourceInfo.getResourceClass().getAnnotation(tClass))); } - private static Optional getTokenFromHeader(ContainerRequestContext request) { - String headerValue = request.getHeaderString(AUTHORIZATION_HEADER); - return headerValue != null && headerValue.startsWith(OpenIDToken.OIDC_DEFAULT_TOKEN_TYPE) - ? Optional.of(new TokenString(headerValue.substring(OpenIDToken.OIDC_DEFAULT_TOKEN_TYPE.length()))) - : Optional.empty(); + public static Optional getTokenFromHeader(ContainerRequestContext request) { + return Optional.ofNullable(request.getHeaderString(AUTHORIZATION_HEADER)) + .filter(headerValue -> headerValue.startsWith(OpenIDToken.OIDC_DEFAULT_TOKEN_TYPE)) + .map(headerValue -> headerValue.substring(OpenIDToken.OIDC_DEFAULT_TOKEN_TYPE.length())) + .map(TokenString::new); } - public static void validerTokenSetKontekst(ResourceInfo resourceInfo, ContainerRequestContext ctx) { + public static void validerTokenSetKontekst(ResourceInfo resourceInfo, TokenString tokenString) { // Sett opp OpenIDToken - var tokenString = getTokenFromHeader(ctx).orElseThrow(() -> new ValideringsFeil("Mangler token")); var claims = JwtUtil.getClaims(tokenString.token()); var configuration = ConfigProvider.getOpenIDConfiguration(JwtUtil.getIssuer(claims)) .orElseThrow(() -> new TokenFeil("Token mangler issuer claim"));