in custos-services/custos-integration-services/tenant-management-service/src/main/java/org/apache/custos/tenant/management/interceptors/TenantManagementAuthInterceptorImpl.java [68:396]
public <ReqT> ReqT intercept(String method, Metadata headers, ReqT msg) {
if (method.equals("createTenant")) {
String token = getToken(headers);
if (token == null) {
return msg;
}
Optional<AuthClaim> claim = authorize(headers);
if (claim.isEmpty()) {
return msg;
} else {
return (ReqT) ((Tenant) msg).toBuilder().setParentTenantId(claim.get().getTenantId()).build();
}
} else if (method.equals("getTenant")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
return claim.map(cl -> {
GetTenantRequest tenantRequest = ((GetTenantRequest) msg);
Credentials credentials = getCredentials(cl);
return (ReqT) tenantRequest.toBuilder()
.setTenantId(cl.getTenantId()).setCredentials(credentials).build();
}).orElseThrow(() ->
{
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
});
} else if (method.equals("updateTenant")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
return claim.map(cl -> {
UpdateTenantRequest tenantRequest = ((UpdateTenantRequest) msg);
Credentials credentials = getCredentials(cl);
return (ReqT) tenantRequest.toBuilder()
.setTenantId(cl.getTenantId()).setCredentials(credentials).build();
}).orElseThrow(() -> {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
});
} else if (method.equals("deleteTenant")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
return claim.map(cl -> {
DeleteTenantRequest tenantRequest = ((DeleteTenantRequest) msg);
Credentials credentials = getCredentials(cl);
return (ReqT) tenantRequest.toBuilder()
.setTenantId(cl.getTenantId()).setCredentials(credentials).build();
}).orElseThrow(() -> {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
});
} else if (method.equals("addTenantRoles")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
if (claim.isPresent()) {
AddRolesRequest rolesRequest = ((AddRolesRequest) msg);
String clientId = rolesRequest.getClientId();
if (rolesRequest.getClientId() == null || rolesRequest.getClientId().trim().isEmpty()) {
return (ReqT) rolesRequest.toBuilder().setTenantId(claim.get().getTenantId()).
setClientId(claim.get().getCustosId()).build();
}
CredentialMetadata metadata = getCredentialsFromClientId(clientId);
if (claim.get().isSuperTenant()) {
return (ReqT) rolesRequest.toBuilder().setTenantId(metadata.getOwnerId()).build();
}
boolean validationStatus = validateParentChildTenantRelationShip(claim.get().getTenantId(),
metadata.getOwnerId());
if (validationStatus) {
return (ReqT) rolesRequest.toBuilder().setTenantId(metadata.getOwnerId()).build();
} else {
String error = "Request is not authorized, user not authorized with requested clientId: "
+ clientId;
throw new UnAuthorizedException(error, null);
}
} else {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
}
} else if (method.equals("getTenantRoles")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
if (claim.isPresent()) {
GetRolesRequest rolesRequest = ((GetRolesRequest) msg);
String clientId = rolesRequest.getClientId();
if (rolesRequest.getClientId() == null || rolesRequest.getClientId().trim().isEmpty()) {
return (ReqT) rolesRequest.toBuilder().setTenantId(claim.get().getTenantId()).
setClientId(claim.get().getCustosId()).build();
}
CredentialMetadata metadata = getCredentialsFromClientId(clientId);
if (claim.get().isSuperTenant()) {
return (ReqT) rolesRequest.toBuilder().setTenantId(metadata.getOwnerId()).build();
}
boolean validationStatus = validateParentChildTenantRelationShip(claim.get().getTenantId(),
metadata.getOwnerId());
if (validationStatus) {
return (ReqT) rolesRequest.toBuilder().setTenantId(metadata.getOwnerId()).build();
} else {
String error = "Request is not authorized, user not authorized with requested clientId: " + clientId;
throw new UnAuthorizedException(error, null);
}
} else {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
}
} else if (method.equals("deleteRole")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
if (claim.isPresent()) {
DeleteRoleRequest rolesRequest = ((DeleteRoleRequest) msg);
String clientId = rolesRequest.getClientId();
if (rolesRequest.getClientId() == null || rolesRequest.getClientId().trim().isEmpty()) {
return (ReqT) rolesRequest.toBuilder().setTenantId(claim.get().getTenantId()).
setClientId(claim.get().getCustosId()).build();
}
CredentialMetadata metadata = getCredentialsFromClientId(clientId);
if (claim.get().isSuperTenant()) {
return (ReqT) rolesRequest.toBuilder().setTenantId(metadata.getOwnerId()).build();
}
boolean validationStatus = validateParentChildTenantRelationShip(claim.get().getTenantId(),
metadata.getOwnerId());
if (validationStatus) {
return (ReqT) rolesRequest.toBuilder().setTenantId(metadata.getOwnerId()).build();
} else {
String error = "Request is not authorized, user not authorized with requested clientId: " + clientId;
throw new UnAuthorizedException(error, null);
}
} else {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
}
} else if (method.equals("addProtocolMapper")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
if (claim.isPresent()) {
AddProtocolMapperRequest rolesRequest = ((AddProtocolMapperRequest) msg);
String clientId = rolesRequest.getClientId();
if (rolesRequest.getClientId() == null || rolesRequest.getClientId().trim().isEmpty()) {
return (ReqT) rolesRequest.toBuilder().setTenantId(claim.get().getTenantId()).
setClientId(claim.get().getCustosId()).build();
}
CredentialMetadata metadata = getCredentialsFromClientId(clientId);
if (claim.get().isSuperTenant()) {
return (ReqT) rolesRequest.toBuilder().setTenantId(metadata.getOwnerId()).build();
}
boolean validationStatus = validateParentChildTenantRelationShip(claim.get().getTenantId(),
metadata.getOwnerId());
if (validationStatus) {
return (ReqT) rolesRequest.toBuilder().setTenantId(metadata.getOwnerId()).build();
} else {
String error = "Request is not authorized, user not authorized with requested clientId: "
+ clientId;
throw new UnAuthorizedException(error, null);
}
} else {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
}
} else if (method.equals("configureEventPersistence")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
EventPersistenceRequest rolesRequest = ((EventPersistenceRequest) msg);
return claim.map(cl -> {
return (ReqT) rolesRequest.toBuilder()
.setTenantId(cl.getTenantId()).setPerformedBy(cl.getUsername())
.build();
}).orElseThrow(() -> {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
});
} else if (method.equals("enableMessaging")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
MessageEnablingRequest rolesRequest = ((MessageEnablingRequest) msg);
return claim.map(cl -> {
return (ReqT) rolesRequest.toBuilder()
.setTenantId(cl.getTenantId())
.setClientId(cl.getCustosId())
.build();
}).orElseThrow(() -> {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
});
} else if (method.equals("enableEmail")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
EmailEnablingRequest rolesRequest = ((EmailEnablingRequest) msg);
return claim.map(cl -> {
return (ReqT) rolesRequest.toBuilder()
.setTenantId(cl.getTenantId())
.setClientId(cl.getCustosId())
.build();
}).orElseThrow(() -> {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
});
} else if (method.equals("disableEmail")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
EmailDisablingRequest rolesRequest = ((EmailDisablingRequest) msg);
return claim.map(cl -> {
return (ReqT) rolesRequest.toBuilder()
.setTenantId(cl.getTenantId())
.setClientId(cl.getCustosId())
.build();
}).orElseThrow(() -> {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
});
} else if (method.equals("getEmailTemplates")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
FetchEmailTemplatesRequest rolesRequest = ((FetchEmailTemplatesRequest) msg);
return claim.map(cl -> {
return (ReqT) rolesRequest.toBuilder()
.setTenantId(cl.getTenantId())
.setClientId(cl.getCustosId())
.build();
}).orElseThrow(() -> {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
});
} else if (method.equals("getEmailFriendlyEvents")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
FetchEmailFriendlyEvents rolesRequest = ((FetchEmailFriendlyEvents) msg);
return claim.map(cl -> {
return (ReqT) rolesRequest.toBuilder()
.setTenantId(cl.getTenantId())
.setClientId(cl.getCustosId())
.build();
}).orElseThrow(() -> {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
});
} else if (method.equals("getChildTenants")) {
Optional<AuthClaim> claim = authorizeUsingUserToken(headers);
if (claim.isPresent()) {
GetTenantsRequest tenantsRequest = ((GetTenantsRequest) msg);
String clientId = tenantsRequest.getParentClientId();
if (tenantsRequest.getParentClientId() == null ||
tenantsRequest.getParentClientId().trim().isEmpty()) {
return (ReqT) tenantsRequest.toBuilder().setParentId(claim.get().getTenantId()).build();
}
CredentialMetadata metadata = getCredentialsFromClientId(clientId);
if (claim.get().isSuperTenant()) {
return (ReqT) tenantsRequest.toBuilder().setParentId(metadata.getOwnerId()).build();
}
boolean validationStatus = validateParentChildTenantRelationShip(claim.get().getTenantId(),
metadata.getOwnerId());
if (validationStatus) {
return (ReqT) tenantsRequest.toBuilder().setParentId(metadata.getOwnerId()).build();
} else {
String error = "Request is not authorized, user not authorized with requested clientId: "
+ clientId;
throw new UnAuthorizedException(error, null);
}
} else {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
}
} else if (method.equals("getAllTenantsForUser")) {
validateAuth(headers);
return msg;
} else if (method.equals("getFromCache") || method.equals("getInstitutions")) {
Optional<AuthClaim> claim = validateAuth(headers);
return claim.map(cl -> {
CacheManipulationRequest request = ((CacheManipulationRequest) msg);
return (ReqT) request.toBuilder().setTenantId(cl.getTenantId()).build();
}).orElseThrow(() -> {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
});
} else if (method.equals("addToCache") || method.equals("removeFromCache")) {
Optional<AuthClaim> claim = validateAuth(headers);
Optional<AuthClaim> userClaim = validateUserToken(headers);
CacheManipulationRequest.Builder request = ((CacheManipulationRequest) msg).toBuilder();
if (userClaim.isPresent()) {
request = request.setPerformedBy(userClaim.get().getUsername());
}
if (claim.isPresent()) {
return (ReqT) request.setTenantId(claim.get().getTenantId()).build();
} else {
String error = "Request is not authorized, token not found";
throw new UnAuthorizedException(error, null);
}
}
return msg;
}