public IsAuthenticatedResponse isAuthenticated()

in services/src/main/java/org/apache/custos/service/identity/IdentityService.java [149:216]

• 55 lines of code
• 10 McCabe index (conditional complexity)

    public IsAuthenticatedResponse isAuthenticated(AuthToken request) {
        String username = null;
        String tenantId = null;

        for (Claim claim : request.getClaimsList()) {
            switch (claim.getKey()) {
                case "username" -> username = claim.getValue();
                case "tenantId" -> tenantId = claim.getValue();
            }
        }

        LOGGER.debug("Authentication status checking for  " + username);
        LOGGER.debug("Authentication status checking for  " + username + " token " + request.getAccessToken());

        String accessToken = request.getAccessToken();

        boolean isAuthenticated;

        try {
            if (isAuthzCacheEnabled) {
                //check in the cache
                AuthzCachedStatus authzCachedStatus = authzCacheManager.getAuthzCachedStatus(new AuthzCacheIndex(username, tenantId, accessToken));

                String authzDecisionCacheLog = "Authz decision for: ({}, {}) {} cache.";
                switch (authzCachedStatus) {
                    case AUTHORIZED -> {
                        LOGGER.debug(authzDecisionCacheLog, username, accessToken, "is retrieved from");
                        isAuthenticated = true;
                    }
                    case NOT_AUTHORIZED -> {
                        LOGGER.debug(authzDecisionCacheLog, username, accessToken, "is retrieved from");
                        isAuthenticated = false;
                    }
                    case NOT_CACHED -> {
                        LOGGER.debug(authzDecisionCacheLog, username, accessToken, "is not in the");
                        LOGGER.info("Executing is User Authenticated");
                        isAuthenticated = keycloakAuthClient.isUserAuthenticated(username, tenantId, accessToken);
                        // cache the authorization decision
                        long currentTime = System.currentTimeMillis();
                        authzCacheManager.addToAuthzCache(
                                new AuthzCacheIndex(username, tenantId, accessToken),
                                new AuthzCacheEntry(isAuthenticated, currentTime + CACHE_LIFE_TIME, currentTime));
                    }
                    default -> throw new AuthSecurityException("Error in reading from the authorization cache.");
                }

            } else {
                isAuthenticated = keycloakAuthClient.isUserAuthenticated(username, tenantId, tokenService.getKCToken(accessToken));
            }

            if (isAuthenticated) {
                LOGGER.debug("User" + username + "in gateway" + tenantId + "is authenticated");

            } else {
                LOGGER.debug("User" + username + "in gateway" + tenantId + "is not authenticated");
            }

            return IsAuthenticatedResponse
                    .newBuilder()
                    .setAuthenticated(isAuthenticated)
                    .build();

        } catch (Exception ex) {
            String msg = "Error occurred while validating authentication status of  user " + username + " " + ex.getMessage();
            LOGGER.error(msg);
            throw new RuntimeException(msg);
        }
    }