From ef859f527df2794fd9bb8ac241755e30df587bbc Mon Sep 17 00:00:00 2001 From: deiflaender Date: Thu, 16 Mar 2023 12:07:09 +0100 Subject: [PATCH 1/2] RED-4515: Removed workarounds that set default tenant if no tenant is available --- .../multitenancy/MultiTenancyMessagingConfiguration.java | 4 +--- .../v1/processor/multitenancy/TenantInterceptor.java | 6 +----- .../integration/service/DossierTesterAndProvider.java | 3 ++- .../server/integration/service/FileTesterAndProvider.java | 3 --- .../peristence/v1/server/integration/tests/AuditTest.java | 7 ------- .../v1/server/integration/tests/DossierTest.java | 3 --- .../v1/server/integration/tests/DownloadTest.java | 2 -- .../tests/performance/EntityPerformanceTest.java | 5 ++--- 8 files changed, 6 insertions(+), 27 deletions(-) diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/multitenancy/MultiTenancyMessagingConfiguration.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/multitenancy/MultiTenancyMessagingConfiguration.java index 269a68c43..a98a96782 100644 --- a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/multitenancy/MultiTenancyMessagingConfiguration.java +++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/multitenancy/MultiTenancyMessagingConfiguration.java @@ -1,6 +1,5 @@ package com.iqser.red.service.persistence.management.v1.processor.multitenancy; -import static com.iqser.red.service.persistence.management.v1.processor.multitenancy.TenantInterceptor.DEFAULT_TENANT; import static com.iqser.red.service.persistence.management.v1.processor.multitenancy.TenantInterceptor.TENANT_HEADER_NAME; import org.springframework.amqp.rabbit.config.AbstractRabbitListenerContainerFactory; @@ -38,8 +37,7 @@ public class MultiTenancyMessagingConfiguration { if (tenant != null) { TenantContext.setTenantId(tenant); } else { - // TODO Remove if multitenancy is fully integrated. - TenantContext.setTenantId(DEFAULT_TENANT); + throw new RuntimeException("No Tenant is set queue message"); } return m; }); diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/multitenancy/TenantInterceptor.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/multitenancy/TenantInterceptor.java index 1115b32eb..b35a7a269 100644 --- a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/multitenancy/TenantInterceptor.java +++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/multitenancy/TenantInterceptor.java @@ -17,11 +17,7 @@ public class TenantInterceptor implements WebRequestInterceptor { @Override public void preHandle(WebRequest request) { - if (request.getHeader(TENANT_HEADER_NAME) != null) { - TenantContext.setTenantId(request.getHeader(TENANT_HEADER_NAME)); - } else { - TenantContext.setTenantId(DEFAULT_TENANT); - } + TenantContext.setTenantId(request.getHeader(TENANT_HEADER_NAME)); } diff --git a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/service/DossierTesterAndProvider.java b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/service/DossierTesterAndProvider.java index 5e897a943..e3f4b3c02 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/service/DossierTesterAndProvider.java +++ b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/service/DossierTesterAndProvider.java @@ -11,7 +11,7 @@ import org.springframework.stereotype.Service; import com.google.common.collect.Sets; import com.iqser.red.service.peristence.v1.server.integration.client.DossierClient; -import com.iqser.red.service.persistence.management.v1.processor.service.UserService; +import com.iqser.red.service.persistence.management.v1.processor.utils.multitenancy.TenantContext; import com.iqser.red.service.persistence.service.v1.api.shared.model.DossierRequest; import com.iqser.red.service.persistence.service.v1.api.shared.model.DossierTemplateModel; import com.iqser.red.service.persistence.service.v1.api.shared.model.dossiertemplate.DownloadFileType; @@ -42,6 +42,7 @@ public class DossierTesterAndProvider { public Dossier provideTestDossier(DossierTemplateModel testTemplate, String dossierName) { + TenantContext.setTenantId("redaction"); return provideTestDossier(testTemplate, dossierName, null); } diff --git a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/service/FileTesterAndProvider.java b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/service/FileTesterAndProvider.java index 3a60e74bb..7b29b3b3d 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/service/FileTesterAndProvider.java +++ b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/service/FileTesterAndProvider.java @@ -16,7 +16,6 @@ import com.iqser.red.service.peristence.v1.server.integration.client.FileClient; import com.iqser.red.service.peristence.v1.server.integration.client.UploadClient; import com.iqser.red.service.persistence.management.v1.processor.service.FileManagementStorageService; import com.iqser.red.service.persistence.management.v1.processor.service.FileStatusService; -import com.iqser.red.service.persistence.management.v1.processor.utils.multitenancy.TenantContext; import com.iqser.red.service.persistence.service.v1.api.shared.model.AnalyzeResult; import com.iqser.red.service.persistence.service.v1.api.shared.model.FileStatus; import com.iqser.red.service.persistence.service.v1.api.shared.model.dossiertemplate.dossier.Dossier; @@ -92,7 +91,6 @@ public class FileTesterAndProvider { public void markFileAsProcessed(String fileId) { - TenantContext.setTenantId("redaction"); AnalyzeResult result = new AnalyzeResult(); result.setFileId(fileId); result.setNumberOfPages(100); @@ -105,7 +103,6 @@ public class FileTesterAndProvider { result.setAnalysisVersion(1); fileStatusService.setStatusSuccessful(fileId, result); fileStatusService.setStatusProcessed(fileId); - TenantContext.clear(); } } diff --git a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/AuditTest.java b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/AuditTest.java index 42be5e05e..b24ebdbce 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/AuditTest.java +++ b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/AuditTest.java @@ -12,8 +12,6 @@ import com.iqser.red.service.peristence.v1.server.integration.service.UserProvid import com.iqser.red.service.peristence.v1.server.integration.utils.AbstractPersistenceServerServiceTest; import com.iqser.red.service.persistence.management.v1.processor.service.persistence.AuditPersistenceService; import com.iqser.red.service.persistence.management.v1.processor.service.persistence.repository.AuditRepository; -import com.iqser.red.service.persistence.management.v1.processor.utils.multitenancy.TenantContext; -import com.iqser.red.service.persistence.service.v1.api.shared.model.AuditCategory; import com.iqser.red.service.persistence.service.v1.api.shared.model.audit.AuditRequest; import com.iqser.red.service.persistence.service.v1.api.shared.model.audit.AuditSearchRequest; import com.iqser.red.service.persistence.service.v1.api.shared.model.audit.CategoryModel; @@ -36,8 +34,6 @@ public class AuditTest extends AbstractPersistenceServerServiceTest { @Test public void testAudit() { - TenantContext.setTenantId("redaction"); - var userId = userProvider.getUserId(); auditPersistenceService.audit(AuditRequest.builder().category("c1").message("test").userId(userId).objectId("1").details(Map.of("key", "value")).build()); @@ -54,9 +50,6 @@ public class AuditTest extends AbstractPersistenceServerServiceTest { result = auditClient.searchAuditLog(AuditSearchRequest.builder().build()); assertThat(result.getTotalHits()).isGreaterThanOrEqualTo(3); assertThat(auditClient.getAuditCategories()).isNotEmpty(); - - TenantContext.clear(); - } } diff --git a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/DossierTest.java b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/DossierTest.java index fffd09dc2..37211e256 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/DossierTest.java +++ b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/DossierTest.java @@ -23,7 +23,6 @@ import com.iqser.red.service.peristence.v1.server.integration.service.DossierTes import com.iqser.red.service.peristence.v1.server.integration.service.TypeProvider; import com.iqser.red.service.peristence.v1.server.integration.utils.AbstractPersistenceServerServiceTest; import com.iqser.red.service.persistence.management.v1.processor.service.DossierManagementService; -import com.iqser.red.service.persistence.management.v1.processor.utils.multitenancy.TenantContext; import com.iqser.red.service.persistence.service.v1.api.shared.model.DossierRequest; import com.iqser.red.service.persistence.service.v1.api.shared.model.DossierStatusRequest; import com.iqser.red.service.persistence.service.v1.api.shared.model.WatermarkModel; @@ -216,7 +215,6 @@ public class DossierTest extends AbstractPersistenceServerServiceTest { @Test public void testArchiveDossier() { - TenantContext.setTenantId("redaction"); var template = dossierTemplateTesterAndProvider.provideTestTemplate(); @@ -321,7 +319,6 @@ public class DossierTest extends AbstractPersistenceServerServiceTest { // assertThat(dossierInformation.getNumberOfHardDeletedDossiers()).isEqualTo(0); // assertThat(dossierInformation.getNumberOfArchivedDossiers()).isEqualTo(1); - TenantContext.clear(); } diff --git a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/DownloadTest.java b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/DownloadTest.java index 8f726c061..691b2f14a 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/DownloadTest.java +++ b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/DownloadTest.java @@ -84,13 +84,11 @@ public class DownloadTest extends AbstractPersistenceServerServiceTest { .fileIds(List.of(file2.getId())) .build()); - TenantContext.setTenantId("redaction"); downloadMessageReceiver.receive(new DownloadJob(userProvider.getUserId(), downloads.getStorageId())); var reportInfoId = downloads.getStorageId().substring(0, downloads.getStorageId().length() - 3) + "/REPORT_INFO.json"; storageService.storeJSONObject(TenantContext.getTenantId(), reportInfoId, new ArrayList<>()); downloadPreparationService.createDownload(RedactionResultMessage.builder().downloadId(downloads.getStorageId()).build()); - TenantContext.clear(); var statuses = downloadClient.getDownloadStatus(); assertThat(statuses.getDownloadStatus()).isNotEmpty(); diff --git a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/performance/EntityPerformanceTest.java b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/performance/EntityPerformanceTest.java index 0054b7b13..fb006a1f3 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/performance/EntityPerformanceTest.java +++ b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/performance/EntityPerformanceTest.java @@ -1,5 +1,7 @@ package com.iqser.red.service.peristence.v1.server.integration.tests.performance; +import static org.assertj.core.api.Assertions.assertThat; + import java.util.ArrayList; import java.util.List; import java.util.stream.Collectors; @@ -20,7 +22,6 @@ import com.iqser.red.service.persistence.service.v1.api.shared.model.dossiertemp import com.iqser.red.service.persistence.service.v1.api.shared.model.dossiertemplate.type.DictionaryEntryType; import lombok.extern.slf4j.Slf4j; -import static org.assertj.core.api.Assertions.assertThat; @Slf4j public class EntityPerformanceTest extends AbstractPersistenceServerServiceTest { @@ -98,7 +99,6 @@ public class EntityPerformanceTest extends AbstractPersistenceServerServiceTest @Test public void testWritePerformance() { - TenantContext.setTenantId("redaction"); var tenKEntries = generateEntries(10_000); @@ -127,7 +127,6 @@ public class EntityPerformanceTest extends AbstractPersistenceServerServiceTest System.out.println("JPA Time: " + jpaTime + "ms for 10k entries"); System.out.println("JDBC Time: " + jdbcTime + "ms for 10k entries"); - TenantContext.clear(); } } From 71a5f56fd5975e11160719dc8ab315c6633634af Mon Sep 17 00:00:00 2001 From: deiflaender Date: Thu, 16 Mar 2023 13:14:25 +0100 Subject: [PATCH 2/2] RED-4515: Added workaround to keep swagger running without tenant header for now --- .../keycloak/commons/KeycloakSecurity.java | 26 +++++++++++++++++++ .../multitenancy/TenantInterceptor.java | 15 +++++++++-- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/persistence-service-v1/keycloak-commons/src/main/java/com/iqser/red/keycloak/commons/KeycloakSecurity.java b/persistence-service-v1/keycloak-commons/src/main/java/com/iqser/red/keycloak/commons/KeycloakSecurity.java index 2cc8e3f55..c82653400 100644 --- a/persistence-service-v1/keycloak-commons/src/main/java/com/iqser/red/keycloak/commons/KeycloakSecurity.java +++ b/persistence-service-v1/keycloak-commons/src/main/java/com/iqser/red/keycloak/commons/KeycloakSecurity.java @@ -1,5 +1,10 @@ package com.iqser.red.keycloak.commons; +import java.util.Optional; +import java.util.function.Function; + +import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken; +import org.keycloak.representations.AccessToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; @@ -27,4 +32,25 @@ public class KeycloakSecurity { return auth.getName(); } + + public Optional getRealm(){ + return getToken(t -> { + String issuer = t.getIssuer(); + String realm = issuer.substring(issuer.lastIndexOf('/') + 1); + log.info(realm); + return realm; + }); + } + + + public Optional getToken(Function function) { + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + if (!(auth instanceof KeycloakAuthenticationToken)) { + return Optional.empty(); + } + + KeycloakAuthenticationToken keycloakAuth = (KeycloakAuthenticationToken) auth; + return Optional.ofNullable(function.apply(keycloakAuth.getAccount().getKeycloakSecurityContext().getToken())); + } + } diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/multitenancy/TenantInterceptor.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/multitenancy/TenantInterceptor.java index b35a7a269..4072f9c13 100644 --- a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/multitenancy/TenantInterceptor.java +++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/multitenancy/TenantInterceptor.java @@ -5,19 +5,30 @@ import org.springframework.ui.ModelMap; import org.springframework.web.context.request.WebRequest; import org.springframework.web.context.request.WebRequestInterceptor; +import com.iqser.red.keycloak.commons.KeycloakSecurity; import com.iqser.red.service.persistence.management.v1.processor.utils.multitenancy.TenantContext; @Component public class TenantInterceptor implements WebRequestInterceptor { - public static final String DEFAULT_TENANT = "redaction"; public static final String TENANT_HEADER_NAME = "X-TENANT-ID"; @Override public void preHandle(WebRequest request) { - TenantContext.setTenantId(request.getHeader(TENANT_HEADER_NAME)); + if (request.getHeader(TENANT_HEADER_NAME) != null) { + TenantContext.setTenantId(request.getHeader(TENANT_HEADER_NAME)); + } else { + // Workaround to keep swagger working for now until header is sent somehow. + var realm = KeycloakSecurity.getRealm(); + if (realm.isPresent()){ + TenantContext.setTenantId(realm.get()); + } else { + // Can not throw exception here currently because otherwise we can not create tenant. + TenantContext.clear(); + } + } }