diff --git a/config/psama/psama.env b/config/psama/psama.env index 9994d850..9c519b74 100644 --- a/config/psama/psama.env +++ b/config/psama/psama.env @@ -6,6 +6,7 @@ # after initial login. APPLICATION_CLIENT_SECRET= APPLICATION_CLIENT_SECRET_IS_BASE_64=false +STACK_SPECIFIC_APPLICATION_ID= # Fence IDP Configuration FENCE_IDP_PROVIDER_IS_ENABLED=false diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java index 9dd1b436..db5e0d45 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java @@ -563,13 +563,15 @@ public User createOpenAccessUser(Role openAccessRole) { // Save the user to get a UUID user = save(user); user.setSubject("open_access|" + user.getUuid().toString()); - if (openAccessRole != null) { - user.setRoles(Set.of(openAccessRole)); - } else { - logger.error("createOpenAccessUser() openAccessRole is null"); + + if (user.getRoles() == null) { user.setRoles(new HashSet<>()); } + if (openAccessRole != null) { + user.getRoles().add(openAccessRole); + } + user.setEmail(user.getUuid() + "@open_access.com"); user = save(user); diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authorization/AuthorizationService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authorization/AuthorizationService.java index 940d622c..11db3c1a 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authorization/AuthorizationService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/authorization/AuthorizationService.java @@ -87,7 +87,6 @@ public AuthorizationService(AccessRuleService accessRuleService, @Value("${stric */ public boolean isAuthorized(Application application, Object requestBody, User user) { // create timer - long startTime = System.currentTimeMillis(); String applicationName = application.getName(); String resourceId = "null"; String targetService = "null"; @@ -98,7 +97,6 @@ public boolean isAuthorized(Application application, Object requestBody, User us return true; } - long parseTimeFrame = System.currentTimeMillis(); try { Map requestBodyMap = (Map) requestBody; Map queryMap = (Map) requestBodyMap.get("query"); @@ -122,10 +120,14 @@ public boolean isAuthorized(Application application, Object requestBody, User us logger.debug("isAuthorized() Stack Trace: ", e1); return false; } - logger.info("Parse timeframe {} ms", (System.currentTimeMillis() - parseTimeFrame)); Set accessRules; - String label = user.getConnection().getLabel(); + String label = ""; + if (user.getConnection() != null) { + // Open Access doesn't currently use a connection + label = user.getConnection().getLabel(); + } + if (!this.strictConnections.contains(label)) { Set privileges = user.getPrivilegesByApplication(application); if (privileges == null || privileges.isEmpty()) { @@ -174,7 +176,6 @@ public boolean isAuthorized(Application application, Object requestBody, User us .map(ar -> (ar.getMergedName().isEmpty() ? ar.getName() : ar.getMergedName())) .collect(Collectors.joining(", ")) + "]"); - logger.info("Login time: {}ms", System.currentTimeMillis() - startTime); return result; }