This is an automated email from the ASF dual-hosted git repository.
djoseph pushed a commit to branch main
in repository
https://gitbox.apache.org/repos/asf/incubator-kie-kogito-runtimes.git
The following commit(s) were added to refs/heads/main by this push:
new 0846f43435 [incubator-kie-issues#2215] Fixed authentication issue when
impersonation allowed and params missing (#4169)
0846f43435 is described below
commit 0846f43435ff2139b8cf29ce3107475ce4c18528
Author: Deepak Joseph <[email protected]>
AuthorDate: Tue Jan 27 13:14:50 2026 +0530
[incubator-kie-issues#2215] Fixed authentication issue when impersonation
allowed and params missing (#4169)
* Fixed authentication when impersonation allowed and params missing
* update
* tests
---
.../auth/impl/IdentityProviderFactoryImpl.java | 6 +-
.../auth/impl/IdentityProviderFactoryImplTest.java | 97 ++++++++++++++++++++++
2 files changed, 101 insertions(+), 2 deletions(-)
diff --git
a/api/kogito-api/src/main/java/org/kie/kogito/auth/impl/IdentityProviderFactoryImpl.java
b/api/kogito-api/src/main/java/org/kie/kogito/auth/impl/IdentityProviderFactoryImpl.java
index ae2e5d3c63..5a8d0faae8 100644
---
a/api/kogito-api/src/main/java/org/kie/kogito/auth/impl/IdentityProviderFactoryImpl.java
+++
b/api/kogito-api/src/main/java/org/kie/kogito/auth/impl/IdentityProviderFactoryImpl.java
@@ -20,6 +20,7 @@
package org.kie.kogito.auth.impl;
import java.util.Collection;
+import java.util.Collections;
import org.kie.kogito.auth.IdentityProvider;
import org.kie.kogito.auth.IdentityProviderFactory;
@@ -42,8 +43,9 @@ public class IdentityProviderFactoryImpl implements
IdentityProviderFactory {
return IdentityProviders.of(user, roles);
}
- Collection<String> identityRoles = identityProvider.getRoles();
- if
(config.getRolesThatAllowImpersonation().stream().anyMatch(identityRoles::contains))
{
+ if (!Collections.disjoint(config.getRolesThatAllowImpersonation(),
identityProvider.getRoles())
+ && user != null && !user.isBlank()
+ && !identityProvider.getName().equals(user)) {
return IdentityProviders.of(user, roles);
}
diff --git
a/api/kogito-api/src/test/java/org/kie/kogito/auth/impl/IdentityProviderFactoryImplTest.java
b/api/kogito-api/src/test/java/org/kie/kogito/auth/impl/IdentityProviderFactoryImplTest.java
index 967d85a478..f41cacad5d 100644
---
a/api/kogito-api/src/test/java/org/kie/kogito/auth/impl/IdentityProviderFactoryImplTest.java
+++
b/api/kogito-api/src/test/java/org/kie/kogito/auth/impl/IdentityProviderFactoryImplTest.java
@@ -67,4 +67,101 @@ public class IdentityProviderFactoryImplTest {
.matches(identityProvider ->
identityProvider.getRoles().containsAll(TEST_ROLES));
}
+ @Test
+ public void testGetOrImpersonateIdentityWithNullUser() {
+ KogitoAuthConfig config = new KogitoAuthConfig(true,
KOGITO_IDENTITY_IMPERSONATOR_ROLES);
+ IdentityProviderFactoryImpl identityProviderFactory = new
IdentityProviderFactoryImpl(
+ IdentityProviders.of(KOGITO_IDENTITY_USER,
KOGITO_IDENTITY_IMPERSONATOR_ROLES), config);
+
+
Assertions.assertThat(identityProviderFactory.getOrImpersonateIdentity(null,
TEST_ROLES))
+ .isNotNull()
+ .hasFieldOrPropertyWithValue("name", KOGITO_IDENTITY_USER)
+ .matches(identityProvider ->
identityProvider.getRoles().containsAll(KOGITO_IDENTITY_IMPERSONATOR_ROLES));
+ }
+
+ @Test
+ public void testGetOrImpersonateIdentityWithBlankUser() {
+ KogitoAuthConfig config = new KogitoAuthConfig(true,
KOGITO_IDENTITY_IMPERSONATOR_ROLES);
+ IdentityProviderFactoryImpl identityProviderFactory = new
IdentityProviderFactoryImpl(
+ IdentityProviders.of(KOGITO_IDENTITY_USER,
KOGITO_IDENTITY_IMPERSONATOR_ROLES), config);
+
+
Assertions.assertThat(identityProviderFactory.getOrImpersonateIdentity(" ",
TEST_ROLES))
+ .isNotNull()
+ .hasFieldOrPropertyWithValue("name", KOGITO_IDENTITY_USER)
+ .matches(identityProvider ->
identityProvider.getRoles().containsAll(KOGITO_IDENTITY_IMPERSONATOR_ROLES));
+ }
+
+ @Test
+ public void testGetOrImpersonateIdentityWithSameUser() {
+ KogitoAuthConfig config = new KogitoAuthConfig(true,
KOGITO_IDENTITY_IMPERSONATOR_ROLES);
+ IdentityProviderFactoryImpl identityProviderFactory = new
IdentityProviderFactoryImpl(
+ IdentityProviders.of(KOGITO_IDENTITY_USER,
KOGITO_IDENTITY_IMPERSONATOR_ROLES), config);
+
+
Assertions.assertThat(identityProviderFactory.getOrImpersonateIdentity(KOGITO_IDENTITY_USER,
TEST_ROLES))
+ .isNotNull()
+ .hasFieldOrPropertyWithValue("name", KOGITO_IDENTITY_USER)
+ .matches(identityProvider ->
identityProvider.getRoles().containsAll(KOGITO_IDENTITY_IMPERSONATOR_ROLES));
+ }
+
+ @Test
+ public void testGetOrImpersonateIdentityWithoutImpersonationRole() {
+ KogitoAuthConfig config = new KogitoAuthConfig(true,
KOGITO_IDENTITY_IMPERSONATOR_ROLES);
+ IdentityProviderFactoryImpl identityProviderFactory = new
IdentityProviderFactoryImpl(
+ IdentityProviders.of(KOGITO_IDENTITY_USER,
KOGITO_IDENTITY_ROLES), config);
+
+
Assertions.assertThat(identityProviderFactory.getOrImpersonateIdentity(TEST_USER,
TEST_ROLES))
+ .isNotNull()
+ .hasFieldOrPropertyWithValue("name", KOGITO_IDENTITY_USER)
+ .matches(identityProvider ->
identityProvider.getRoles().containsAll(KOGITO_IDENTITY_ROLES));
+ }
+
+ @Test
+ public void testGetOrImpersonateIdentityWithNullRoles() {
+ KogitoAuthConfig config = new KogitoAuthConfig(true,
KOGITO_IDENTITY_IMPERSONATOR_ROLES);
+ IdentityProviderFactoryImpl identityProviderFactory = new
IdentityProviderFactoryImpl(
+ IdentityProviders.of(KOGITO_IDENTITY_USER,
KOGITO_IDENTITY_IMPERSONATOR_ROLES), config);
+
+
Assertions.assertThat(identityProviderFactory.getOrImpersonateIdentity(TEST_USER,
null))
+ .isNotNull()
+ .hasFieldOrPropertyWithValue("name", TEST_USER)
+ .matches(identityProvider ->
identityProvider.getRoles().isEmpty());
+ }
+
+ @Test
+ public void testGetOrImpersonateIdentityWithEmptyRoles() {
+ KogitoAuthConfig config = new KogitoAuthConfig(true,
KOGITO_IDENTITY_IMPERSONATOR_ROLES);
+ IdentityProviderFactoryImpl identityProviderFactory = new
IdentityProviderFactoryImpl(
+ IdentityProviders.of(KOGITO_IDENTITY_USER,
KOGITO_IDENTITY_IMPERSONATOR_ROLES), config);
+
+
Assertions.assertThat(identityProviderFactory.getOrImpersonateIdentity(TEST_USER,
List.of()))
+ .isNotNull()
+ .hasFieldOrPropertyWithValue("name", TEST_USER)
+ .matches(identityProvider ->
identityProvider.getRoles().isEmpty());
+ }
+
+ @Test
+ public void testGetOrImpersonateIdentityWithPartialImpersonationRole() {
+ Collection<String> partialRoles = List.of("IT", "task-admin"); //
task-admin is an impersonation role
+ KogitoAuthConfig config = new KogitoAuthConfig(true,
KOGITO_IDENTITY_IMPERSONATOR_ROLES);
+ IdentityProviderFactoryImpl identityProviderFactory = new
IdentityProviderFactoryImpl(
+ IdentityProviders.of(KOGITO_IDENTITY_USER, partialRoles),
config);
+
+
Assertions.assertThat(identityProviderFactory.getOrImpersonateIdentity(TEST_USER,
TEST_ROLES))
+ .isNotNull()
+ .hasFieldOrPropertyWithValue("name", TEST_USER)
+ .matches(identityProvider ->
identityProvider.getRoles().containsAll(TEST_ROLES));
+ }
+
+ @Test
+ public void
testGetOrImpersonateIdentityWithEmptyImpersonationRolesConfig() {
+ KogitoAuthConfig config = new KogitoAuthConfig(true, List.of());
+ IdentityProviderFactoryImpl identityProviderFactory = new
IdentityProviderFactoryImpl(
+ IdentityProviders.of(KOGITO_IDENTITY_USER,
KOGITO_IDENTITY_ROLES), config);
+
+
Assertions.assertThat(identityProviderFactory.getOrImpersonateIdentity(TEST_USER,
TEST_ROLES))
+ .isNotNull()
+ .hasFieldOrPropertyWithValue("name", KOGITO_IDENTITY_USER)
+ .matches(identityProvider ->
identityProvider.getRoles().containsAll(KOGITO_IDENTITY_ROLES));
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
