From 0ec860b69405b4d138c7f187275938cf3800fef3 Mon Sep 17 00:00:00 2001 From: Gcolon021 <34667267+Gcolon021@users.noreply.github.com> Date: Tue, 14 Nov 2023 06:08:00 -0500 Subject: [PATCH 1/2] [ALS-5000] BDC: old version of log4j sitting in a repo (#142) * [ALS-5000] Update maven compiler plugin --- pic-sure-auth-services/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pic-sure-auth-services/pom.xml b/pic-sure-auth-services/pom.xml index 588a6090b..8ac7966cd 100644 --- a/pic-sure-auth-services/pom.xml +++ b/pic-sure-auth-services/pom.xml @@ -225,7 +225,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.8.0 + 3.11.0 11 From de7076dd7f1f358f888b57852b75ea1995ad935d Mon Sep 17 00:00:00 2001 From: James Date: Thu, 16 Nov 2023 11:58:39 -0500 Subject: [PATCH 2/2] [ALS-4926] Use authZ field from fence instead of project_access (#144) * [ALS-4926] Update fence PSAMA to use authz * Replace extra slashes * remove hardcoded open datasets * Use string utils --- .../auth/FENCEAuthenticationService.java | 53 +++++-------------- 1 file changed, 13 insertions(+), 40 deletions(-) diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java index 08f40b08d..c97e9b6aa 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java @@ -18,6 +18,7 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.node.ObjectNode; +import org.apache.commons.lang3.StringUtils; import org.apache.http.Header; import org.apache.http.entity.StringEntity; import org.apache.http.message.BasicHeader; @@ -88,13 +89,6 @@ public class FENCEAuthenticationService { "\\\\_Consents\\\\" ///old _Consents\Short Study... path no longer used, but still present in examples. }; - //TODO: Remove when RAS is implemented - private static final List openDatasets = Collections.unmodifiableList( - new ArrayList<>() {{ - add("tutorial-biolincc_camp"); - add("tutorial-biolincc_digitalis"); - }}); - @PostConstruct public void initializeFenceService() { picSureApp = applicationRepo.getUniqueResultByColumn("name", "PICSURE"); @@ -207,17 +201,12 @@ public Response getFENCEProfile(String callback_url, Map authReq // Update the user's roles (or create them if none exists) //Set actual_user_roles = u.getRoles(); - Iterator project_access_names = fence_user_profile.get("project_access").fieldNames(); + Iterator project_access_names = fence_user_profile.get("authz").fieldNames(); while (project_access_names.hasNext()) { String access_role_name = project_access_names.next(); createAndUpsertRole(access_role_name, current_user); } - //add open access roles - for (String access_role_name : openDatasets) { - createAndUpsertRole(access_role_name, current_user); - } - final String idp = extractIdp(current_user); if (current_user.getRoles() != null && (current_user.getRoles().size() > 0 || openAccessIdpValues.contains(idp))) { @@ -248,37 +237,21 @@ public Response getFENCEProfile(String callback_url, Map authReq } private void createAndUpsertRole(String access_role_name, User current_user) { - // These two special access does not matter. We are not using it. - if (access_role_name.equals("admin") || access_role_name.equals("parent")) { - logger.info("SKIPPING ACCESS ROLE: " + access_role_name); + logger.debug("createAndUpsertRole() starting..."); + Map projectMetadata = getFENCEMapping().values().stream() + .filter(map -> access_role_name.equals( + map.get("authZ").toString().replace("\\/", "/")) + ).findFirst().orElse(null); + + if (projectMetadata == null) { + logger.error("getFENCEProfile() -> createAndUpsertRole could not find study in FENCE mapping SKIPPING: " + access_role_name); return; } - //topmed ==> access to all studies (not just topmed) - if (access_role_name.equals("topmed") ) { - Map projects = getFENCEMapping(); - for(Map projectMetadata : projects.values()) { - String projectId = (String) projectMetadata.get("study_identifier"); - String consentCode = (String) projectMetadata.get("consent_group_code"); - String newRoleName = (consentCode != null && consentCode != "") ? "FENCE_"+projectId+"_"+consentCode : "FENCE_"+projectId; - - if (upsertRole(current_user, newRoleName, "FENCE role "+newRoleName)) { - logger.info("getFENCEProfile() Updated TOPMED user role. Now it includes `"+newRoleName+"`"); - } else { - logger.error("getFENCEProfile() could not add roles to TOPMED user's profile"); - } - } - return; - } - - String[] parts = access_role_name.split("\\."); + String projectId = (String) projectMetadata.get("study_identifier"); + String consentCode = (String) projectMetadata.get("consent_group_code"); + String newRoleName = StringUtils.isNotBlank(consentCode) ? "FENCE_"+projectId+"_"+consentCode : "FENCE_"+projectId; - String newRoleName; - if (parts.length > 1) { - newRoleName = "FENCE_"+parts[0]+"_"+parts[parts.length-1]; - } else { - newRoleName = "FENCE_"+access_role_name; - } logger.info("getFENCEProfile() New PSAMA role name:"+newRoleName); if (upsertRole(current_user, newRoleName, "FENCE role "+newRoleName)) {