private void initializeSecurity()

in service/src/main/java/org/apache/fineract/cn/provisioner/internal/service/TenantApplicationService.java [109:150]


  private void initializeSecurity(final TenantEntity tenantEntity,
                                  final ApplicationSignatureSet identityManagerSignatureSet,
                                  final Set<ApplicationNameToUriPair> applicationNameToUriPairs) throws InterruptedException {
    final String tenantIdentifier = tenantEntity.getIdentifier();
    final String identityManagerApplicationName = tenantEntity.getIdentityManagerApplicationName();
    final String identityManagerApplicationUri = tenantEntity.getIdentityManagerApplicationUri();

    //Permittable groups must be posted before resource initialization occurs because resource initialization
    //may request callback from another service. For example, Services X, Y, and Identity.
    // X.initializeResources -> Y.requestCallback at X.address
    // Y.requestCallback -> Identity.requestPermission to call X.address
    // Therefore Identity must know of the permittable group for X.address before X.initializeResources is called.
    final Stream<EventExpectation> eventExpectations = applicationNameToUriPairs.stream().flatMap(x ->
            identityServiceInitializer.postApplicationPermittableGroups(
                    tenantIdentifier,
                    identityManagerApplicationName,
                    identityManagerApplicationUri,
                    x.uri).stream());
    for (final EventExpectation eventExpectation : eventExpectations.collect(Collectors.toList())) {
      if (!eventExpectation.waitForOccurrence(5, TimeUnit.SECONDS)) {
        logger.warn("Expected action in identity didn't complete {}.", eventExpectation);
      }
    }


    applicationNameToUriPairs.forEach(x -> {
      final ApplicationSignatureSet applicationSignatureSet = anubisInitializer.createSignatureSet(tenantIdentifier, x.name, x.uri, identityManagerSignatureSet.getTimestamp(), identityManagerSignatureSet.getIdentityManagerSignature());

      identityServiceInitializer.postApplicationDetails(
              tenantIdentifier,
              identityManagerApplicationName,
              identityManagerApplicationUri,
              x.name,
              x.uri,
              applicationSignatureSet);

      //InitializeResources on the service being added should occur last, for two reasons:
      // 1.) When the initialization event is put on the queue for this app/tenant combo, the app is fully ready for business.
      // 2.) If the app depends on the provisioning of identitypermissions in its initialization, those resources will be there.
      anubisInitializer.initializeResources(tenantIdentifier, x.name, x.uri);
    });
  }