This is an automated email from the ASF dual-hosted git repository.
mweiler pushed a commit to branch main
in repository
https://gitbox.apache.org/repos/asf/incubator-kie-kogito-runtimes.git
The following commit(s) were added to refs/heads/main by this push:
new 742ef9e367 [incubator-kie-issues#2085] Conflict while running a
secured Spring Boot application with `kogito-addons-springboot-data-index-jpa`
and `kie-addons-springboot-process-svg` (#4052)
742ef9e367 is described below
commit 742ef9e367d0ca55de3d493a746db7f77d0a78a6
Author: Pere Fernández <[email protected]>
AuthorDate: Thu Sep 4 22:22:10 2025 +0200
[incubator-kie-issues#2085] Conflict while running a secured Spring Boot
application with `kogito-addons-springboot-data-index-jpa` and
`kie-addons-springboot-process-svg` (#4052)
---
kogito-bom/pom.xml | 11 +++
springboot/addons/common/common-auth/pom.xml | 65 ++++++++++++
.../springboot}/auth/PrincipalAuthTokenReader.java | 8 +-
.../auth/SpringBootAuthTokenHelper.java} | 22 ++---
.../auth/impl/JwtPrincipalAuthTokenReader.java | 8 +-
.../auth/impl/OIDCPrincipalAuthTokenReader.java | 8 +-
.../auth/SpringBootAuthTokenHelperTest.java | 109 +++++++++++++++++++++
springboot/addons/common/pom.xml | 41 ++++++++
springboot/addons/pom.xml | 1 +
springboot/addons/process-svg/pom.xml | 14 +--
.../svg/dataindex/SpringBootDataIndexClient.java | 12 +--
.../dataindex/SpringBootDataIndexClientTest.java | 50 +++-------
12 files changed, 273 insertions(+), 76 deletions(-)
diff --git a/kogito-bom/pom.xml b/kogito-bom/pom.xml
index 1e9de6895c..2888a60655 100755
--- a/kogito-bom/pom.xml
+++ b/kogito-bom/pom.xml
@@ -1496,6 +1496,17 @@
</dependency>
<!-- Process SVG addon -->
+ <dependency>
+ <groupId>org.kie</groupId>
+ <artifactId>kie-addons-springboot-common-auth</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.kie</groupId>
+ <artifactId>kie-addons-springboot-common-auth</artifactId>
+ <version>${project.version}</version>
+ <classifier>sources</classifier>
+ </dependency>
<dependency>
<groupId>org.kie</groupId>
<artifactId>kie-addons-process-svg</artifactId>
diff --git a/springboot/addons/common/common-auth/pom.xml
b/springboot/addons/common/common-auth/pom.xml
new file mode 100644
index 0000000000..a6082ff546
--- /dev/null
+++ b/springboot/addons/common/common-auth/pom.xml
@@ -0,0 +1,65 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.kie</groupId>
+ <artifactId>kogito-addons-springboot-common-parent</artifactId>
+ <version>999-SNAPSHOT</version>
+ </parent>
+ <artifactId>kie-addons-springboot-common-auth</artifactId>
+ <name>Kie Add-On Common - Spring-Boot Auth</name>
+
+ <properties>
+
<java.module.name>org.kie.addons.springboot.common.auth</java.module.name>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-security</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-oauth2-client</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Test -->
+ <dependency>
+ <groupId>org.junit.jupiter</groupId>
+ <artifactId>junit-jupiter</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-junit-jupiter</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.assertj</groupId>
+ <artifactId>assertj-core</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git
a/springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/auth/PrincipalAuthTokenReader.java
b/springboot/addons/common/common-auth/src/main/java/org/kie/addons/springboot/auth/PrincipalAuthTokenReader.java
similarity index 80%
rename from
springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/auth/PrincipalAuthTokenReader.java
rename to
springboot/addons/common/common-auth/src/main/java/org/kie/addons/springboot/auth/PrincipalAuthTokenReader.java
index 7a24ec72b9..d94a48a896 100644
---
a/springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/auth/PrincipalAuthTokenReader.java
+++
b/springboot/addons/common/common-auth/src/main/java/org/kie/addons/springboot/auth/PrincipalAuthTokenReader.java
@@ -16,11 +16,15 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.kie.kogito.svg.auth;
+package org.kie.addons.springboot.auth;
public interface PrincipalAuthTokenReader<T> {
- boolean acceptsPrincipal(Object principal);
+ Class<T> getPrincipalType();
String readToken(T principal);
+
+ default boolean acceptsPrincipal(Object principal) {
+ return getPrincipalType().isAssignableFrom(principal.getClass());
+ }
}
diff --git
a/springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/auth/SpringBootAuthHelper.java
b/springboot/addons/common/common-auth/src/main/java/org/kie/addons/springboot/auth/SpringBootAuthTokenHelper.java
similarity index 72%
rename from
springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/auth/SpringBootAuthHelper.java
rename to
springboot/addons/common/common-auth/src/main/java/org/kie/addons/springboot/auth/SpringBootAuthTokenHelper.java
index ef73f791d2..90ba2d706c 100644
---
a/springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/auth/SpringBootAuthHelper.java
+++
b/springboot/addons/common/common-auth/src/main/java/org/kie/addons/springboot/auth/SpringBootAuthTokenHelper.java
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.kie.kogito.svg.auth;
+package org.kie.addons.springboot.auth;
import java.util.List;
import java.util.Optional;
@@ -29,28 +29,28 @@ import org.springframework.stereotype.Component;
@Component
@ConditionalOnClass({ SecurityContextHolder.class })
-public class SpringBootAuthHelper {
+@SuppressWarnings({ "unchecked", "rawtypes" })
+public class SpringBootAuthTokenHelper {
- private List<PrincipalAuthTokenReader> authTokenReaders;
+ public static final String BEARER_TOKEN_TEMPLATE = "Bearer %s";
- public SpringBootAuthHelper(@Autowired List<PrincipalAuthTokenReader>
authTokenReaders) {
+ private final List<PrincipalAuthTokenReader> authTokenReaders;
+
+ public SpringBootAuthTokenHelper(@Autowired List<PrincipalAuthTokenReader>
authTokenReaders) {
this.authTokenReaders = authTokenReaders;
}
public Optional<String> getAuthToken() {
- return Optional.ofNullable(getToken());
- }
-
- private String getToken() {
SecurityContext securityContext = SecurityContextHolder.getContext();
if (securityContext == null || securityContext.getAuthentication() ==
null) {
- return null;
+ return Optional.empty();
}
Object principal = securityContext.getAuthentication().getPrincipal();
- return this.authTokenReaders.stream().filter(reader ->
reader.acceptsPrincipal(principal)).findFirst()
- .map(reader -> "Bearer " +
reader.readToken(principal)).orElse(null);
+ return this.authTokenReaders.stream()
+ .filter(reader ->
reader.acceptsPrincipal(principal)).findFirst()
+ .map(reader ->
BEARER_TOKEN_TEMPLATE.formatted(reader.readToken(principal)));
}
}
diff --git
a/springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/auth/impl/JwtPrincipalAuthTokenReader.java
b/springboot/addons/common/common-auth/src/main/java/org/kie/addons/springboot/auth/impl/JwtPrincipalAuthTokenReader.java
similarity index 86%
rename from
springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/auth/impl/JwtPrincipalAuthTokenReader.java
rename to
springboot/addons/common/common-auth/src/main/java/org/kie/addons/springboot/auth/impl/JwtPrincipalAuthTokenReader.java
index dcb91f44a6..15f272e2f6 100644
---
a/springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/auth/impl/JwtPrincipalAuthTokenReader.java
+++
b/springboot/addons/common/common-auth/src/main/java/org/kie/addons/springboot/auth/impl/JwtPrincipalAuthTokenReader.java
@@ -16,9 +16,9 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.kie.kogito.svg.auth.impl;
+package org.kie.addons.springboot.auth.impl;
-import org.kie.kogito.svg.auth.PrincipalAuthTokenReader;
+import org.kie.addons.springboot.auth.PrincipalAuthTokenReader;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.stereotype.Component;
@@ -28,8 +28,8 @@ import org.springframework.stereotype.Component;
public class JwtPrincipalAuthTokenReader implements
PrincipalAuthTokenReader<Jwt> {
@Override
- public boolean acceptsPrincipal(Object principal) {
- return principal instanceof Jwt;
+ public Class<Jwt> getPrincipalType() {
+ return Jwt.class;
}
@Override
diff --git
a/springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/auth/impl/OIDCPrincipalAuthTokenReader.java
b/springboot/addons/common/common-auth/src/main/java/org/kie/addons/springboot/auth/impl/OIDCPrincipalAuthTokenReader.java
similarity index 86%
rename from
springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/auth/impl/OIDCPrincipalAuthTokenReader.java
rename to
springboot/addons/common/common-auth/src/main/java/org/kie/addons/springboot/auth/impl/OIDCPrincipalAuthTokenReader.java
index 1187f44c60..b40ca0dcba 100644
---
a/springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/auth/impl/OIDCPrincipalAuthTokenReader.java
+++
b/springboot/addons/common/common-auth/src/main/java/org/kie/addons/springboot/auth/impl/OIDCPrincipalAuthTokenReader.java
@@ -16,9 +16,9 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.kie.kogito.svg.auth.impl;
+package org.kie.addons.springboot.auth.impl;
-import org.kie.kogito.svg.auth.PrincipalAuthTokenReader;
+import org.kie.addons.springboot.auth.PrincipalAuthTokenReader;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.stereotype.Component;
@@ -28,8 +28,8 @@ import org.springframework.stereotype.Component;
public class OIDCPrincipalAuthTokenReader implements
PrincipalAuthTokenReader<OidcUser> {
@Override
- public boolean acceptsPrincipal(Object principal) {
- return principal instanceof OidcUser;
+ public Class<OidcUser> getPrincipalType() {
+ return OidcUser.class;
}
@Override
diff --git
a/springboot/addons/common/common-auth/src/test/java/org/kie/addons/springboot/auth/SpringBootAuthTokenHelperTest.java
b/springboot/addons/common/common-auth/src/test/java/org/kie/addons/springboot/auth/SpringBootAuthTokenHelperTest.java
new file mode 100644
index 0000000000..3a5e10c6de
--- /dev/null
+++
b/springboot/addons/common/common-auth/src/test/java/org/kie/addons/springboot/auth/SpringBootAuthTokenHelperTest.java
@@ -0,0 +1,109 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.kie.addons.springboot.auth;
+
+import java.util.List;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.kie.addons.springboot.auth.impl.JwtPrincipalAuthTokenReader;
+import org.kie.addons.springboot.auth.impl.OIDCPrincipalAuthTokenReader;
+import org.mockito.Spy;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.security.oauth2.jwt.Jwt;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static
org.kie.addons.springboot.auth.SpringBootAuthTokenHelper.BEARER_TOKEN_TEMPLATE;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.*;
+
+@ExtendWith(MockitoExtension.class)
+public class SpringBootAuthTokenHelperTest {
+
+ private static final String AUTH_TOKEN = "this is the token";
+
+ @Spy
+ private JwtPrincipalAuthTokenReader jwtPrincipalAuthTokenReader;
+
+ @Spy
+ private OIDCPrincipalAuthTokenReader oidcPrincipalAuthTokenReader;
+
+ private SpringBootAuthTokenHelper springBootAuthTokenHelper;
+
+ @BeforeEach
+ public void setup() {
+ this.springBootAuthTokenHelper = new
SpringBootAuthTokenHelper(List.of(jwtPrincipalAuthTokenReader,
oidcPrincipalAuthTokenReader));
+ }
+
+ @Test
+ public void testReadTokenWithoutSecurityContext() {
+ assertThat(springBootAuthTokenHelper.getAuthToken())
+ .isEmpty();
+
+ verify(jwtPrincipalAuthTokenReader, never()).readToken(any());
+ verify(oidcPrincipalAuthTokenReader, never()).readToken(any());
+ }
+
+ @Test
+ public void testReadJwtToken() {
+ Jwt jwt = mock(Jwt.class);
+
+ when(jwt.getTokenValue()).thenReturn(AUTH_TOKEN);
+
+ initSecurityContext(jwt);
+
+ assertThat(springBootAuthTokenHelper.getAuthToken())
+ .hasValue(BEARER_TOKEN_TEMPLATE.formatted(AUTH_TOKEN));
+
+ verify(jwtPrincipalAuthTokenReader, times(1)).readToken(any());
+ verify(oidcPrincipalAuthTokenReader, never()).readToken(any());
+ }
+
+ @Test
+ public void testReadOidcUser() {
+ OidcIdToken token = mock(OidcIdToken.class);
+ when(token.getTokenValue()).thenReturn(AUTH_TOKEN);
+
+ OidcUser oidcUser = mock(OidcUser.class);
+ when(oidcUser.getIdToken()).thenReturn(token);
+
+ initSecurityContext(oidcUser);
+
+ assertThat(springBootAuthTokenHelper.getAuthToken())
+ .hasValue(BEARER_TOKEN_TEMPLATE.formatted(AUTH_TOKEN));
+
+ verify(jwtPrincipalAuthTokenReader, never()).readToken(any());
+ verify(oidcPrincipalAuthTokenReader, times(1)).readToken(any());
+ }
+
+ private void initSecurityContext(Object principal) {
+ Authentication authentication = mock(Authentication.class);
+
+ when(authentication.getPrincipal()).thenReturn(principal);
+
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ }
+
+}
diff --git a/springboot/addons/common/pom.xml b/springboot/addons/common/pom.xml
new file mode 100644
index 0000000000..65f45fe5d0
--- /dev/null
+++ b/springboot/addons/common/pom.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns="http://maven.apache.org/POM/4.0.0";
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd";>
+ <parent>
+ <artifactId>kogito-addons-springboot-parent</artifactId>
+ <groupId>org.kie</groupId>
+ <version>999-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>kogito-addons-springboot-common-parent</artifactId>
+ <name>Kogito Add-On Spring-Boot Common - Parent</name>
+ <description>Collection of common libraries used by Kie and Kogito
Spring-Boot Add-ons.</description>
+
+ <packaging>pom</packaging>
+
+ <modules>
+ <module>common-auth</module>
+ </modules>
+</project>
\ No newline at end of file
diff --git a/springboot/addons/pom.xml b/springboot/addons/pom.xml
index 9dc176ea13..ebc2345cf5 100644
--- a/springboot/addons/pom.xml
+++ b/springboot/addons/pom.xml
@@ -36,6 +36,7 @@
<packaging>pom</packaging>
<modules>
+ <module>common</module>
<module>events</module>
<module>messaging</module>
<module>monitoring</module>
diff --git a/springboot/addons/process-svg/pom.xml
b/springboot/addons/process-svg/pom.xml
index b2f04a0077..d22e92ba27 100644
--- a/springboot/addons/process-svg/pom.xml
+++ b/springboot/addons/process-svg/pom.xml
@@ -40,6 +40,10 @@
<groupId>org.kie</groupId>
<artifactId>kie-addons-process-svg</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.kie</groupId>
+ <artifactId>kie-addons-springboot-common-auth</artifactId>
+ </dependency>
<dependency>
<groupId>org.kie.kogito</groupId>
<artifactId>kogito-api</artifactId>
@@ -48,16 +52,6 @@
<groupId>org.jbpm</groupId>
<artifactId>jbpm-with-drools-spring-boot-starter</artifactId>
</dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-oauth2-client</artifactId>
- <scope>provided</scope>
- </dependency>
<dependency>
<groupId>jakarta.annotation</groupId>
<artifactId>jakarta.annotation-api</artifactId>
diff --git
a/springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/dataindex/SpringBootDataIndexClient.java
b/springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/dataindex/SpringBootDataIndexClient.java
index 8f165cb170..3d3c8e26a5 100644
---
a/springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/dataindex/SpringBootDataIndexClient.java
+++
b/springboot/addons/process-svg/src/main/java/org/kie/kogito/svg/dataindex/SpringBootDataIndexClient.java
@@ -22,8 +22,8 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
+import org.kie.addons.springboot.auth.SpringBootAuthTokenHelper;
import org.kie.kogito.svg.ProcessSVGException;
-import org.kie.kogito.svg.auth.SpringBootAuthHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -53,18 +53,18 @@ public class SpringBootDataIndexClient implements
DataIndexClient {
private RestTemplate restTemplate;
private ObjectMapper objectMapper;
- private Optional<SpringBootAuthHelper> authHelper;
+ private Optional<SpringBootAuthTokenHelper> authTokenHelper;
@Autowired
public SpringBootDataIndexClient(
@Value("${kogito.dataindex.http.url:http://localhost:8180}";)
String dataIndexHttpURL,
@Autowired(required = false) RestTemplate restTemplate,
@Autowired ObjectMapper objectMapper,
- @Autowired Optional<SpringBootAuthHelper> authHelper) {
+ @Autowired Optional<SpringBootAuthTokenHelper> authTokenHelper) {
this.dataIndexHttpURL = dataIndexHttpURL;
this.restTemplate = restTemplate;
this.objectMapper = objectMapper;
- this.authHelper = authHelper;
+ this.authTokenHelper = authTokenHelper;
}
@PostConstruct
@@ -107,8 +107,8 @@ public class SpringBootDataIndexClient implements
DataIndexClient {
}
protected String getAuthHeader(String authHeader) {
- if (authHelper.isPresent()) {
- return authHelper.get().getAuthToken().orElse(authHeader);
+ if (authTokenHelper.isPresent()) {
+ return authTokenHelper.get().getAuthToken().orElse(authHeader);
}
return authHeader;
}
diff --git
a/springboot/addons/process-svg/src/test/java/org/kie/kogito/svg/dataindex/SpringBootDataIndexClientTest.java
b/springboot/addons/process-svg/src/test/java/org/kie/kogito/svg/dataindex/SpringBootDataIndexClientTest.java
index ac50a77770..642d50a077 100644
---
a/springboot/addons/process-svg/src/test/java/org/kie/kogito/svg/dataindex/SpringBootDataIndexClientTest.java
+++
b/springboot/addons/process-svg/src/test/java/org/kie/kogito/svg/dataindex/SpringBootDataIndexClientTest.java
@@ -24,20 +24,12 @@ import java.util.Optional;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
+import org.kie.addons.springboot.auth.SpringBootAuthTokenHelper;
import org.kie.kogito.svg.ProcessSVGException;
-import org.kie.kogito.svg.auth.SpringBootAuthHelper;
-import org.kie.kogito.svg.auth.impl.JwtPrincipalAuthTokenReader;
-import org.kie.kogito.svg.auth.impl.OIDCPrincipalAuthTokenReader;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.http.HttpEntity;
import org.springframework.http.ResponseEntity;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.core.oidc.OidcIdToken;
-import org.springframework.security.oauth2.core.oidc.user.OidcUser;
-import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestTemplate;
@@ -88,7 +80,7 @@ public class SpringBootDataIndexClientTest {
client = buildClient(Optional.empty());
}
- private SpringBootDataIndexClient
buildClient(Optional<SpringBootAuthHelper> authHelper) {
+ private SpringBootDataIndexClient
buildClient(Optional<SpringBootAuthTokenHelper> authHelper) {
return new SpringBootDataIndexClient("data-indexURL", restTemplate,
objectMapper, authHelper);
}
@@ -126,43 +118,23 @@ public class SpringBootDataIndexClientTest {
}
@Test
- public void testAuthHeaderWithSecurityContextOidcUserPrincipal() {
+ public void testReadAuthHeader() {
String token = "testToken";
- SecurityContext securityContextMock = mock(SecurityContext.class);
- Authentication authenticationMock = mock(Authentication.class);
- OidcUser principalMock = mock(OidcUser.class);
- OidcIdToken tokenMock = mock(OidcIdToken.class);
-
-
when(securityContextMock.getAuthentication()).thenReturn(authenticationMock);
- when(authenticationMock.getPrincipal()).thenReturn(principalMock);
- when(principalMock.getIdToken()).thenReturn(tokenMock);
- when(tokenMock.getTokenValue()).thenReturn(token);
-
- SecurityContextHolder.setContext(securityContextMock);
- client = buildClient(Optional.of(new SpringBootAuthHelper(List.of(new
OIDCPrincipalAuthTokenReader(), new JwtPrincipalAuthTokenReader()))));
- assertThat(client.getAuthHeader("")).isEqualTo("Bearer " + token);
- }
-
- @Test
- public void testAuthHeaderWithSecurityContextJwtPrincipal() {
- String token = "testToken";
- SecurityContext securityContextMock = mock(SecurityContext.class);
- Authentication authenticationMock = mock(Authentication.class);
- Jwt principalMock = mock(Jwt.class);
-
when(securityContextMock.getAuthentication()).thenReturn(authenticationMock);
- when(authenticationMock.getPrincipal()).thenReturn(principalMock);
- when(principalMock.getTokenValue()).thenReturn(token);
+ SpringBootAuthTokenHelper authTokenHelper =
mock(SpringBootAuthTokenHelper.class);
+ when(authTokenHelper.getAuthToken()).thenReturn(Optional.of(token));
- SecurityContextHolder.setContext(securityContextMock);
- client = buildClient(Optional.of(new SpringBootAuthHelper(List.of(new
OIDCPrincipalAuthTokenReader(), new JwtPrincipalAuthTokenReader()))));
- assertThat(client.getAuthHeader("")).isEqualTo("Bearer " + token);
+ client = buildClient(Optional.of(authTokenHelper));
+ assertThat(client.getAuthHeader("")).isEqualTo(token);
}
@Test
public void testAuthHeaderWithoutSecurityContext() {
String authHeader = "Bearer testToken";
- client = buildClient(Optional.of(new SpringBootAuthHelper(List.of(new
OIDCPrincipalAuthTokenReader(), new JwtPrincipalAuthTokenReader()))));
+
+ SpringBootAuthTokenHelper authTokenHelper =
mock(SpringBootAuthTokenHelper.class);
+
+ client = buildClient(Optional.of(authTokenHelper));
assertThat(client.getAuthHeader(authHeader)).isEqualTo(authHeader);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
