Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fence integration release 0004 #145

Merged
merged 2 commits into from
Nov 28, 2023
Merged

Fence integration release 0004 #145

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0ec860b
[ALS-5000] BDC: old version of log4j sitting in a repo (#142)
Gcolon021 Nov 14, 2023
de7076d
[ALS-4926] Use authZ field from fence instead of project_access (#144)
JamesPeck Nov 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pic-sure-auth-services/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.0</version>
<version>3.11.0</version>
<configuration>
<release>11</release>
</configuration>
Expand Down
53 changes: 13 additions & 40 deletions ...main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.node.ObjectNode;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.Header;
import org.apache.http.entity.StringEntity;
import org.apache.http.message.BasicHeader;
Expand Down Expand Up @@ -88,13 +89,6 @@ public class FENCEAuthenticationService {
"\\\\_Consents\\\\" ///old _Consents\Short Study... path no longer used, but still present in examples.
};

//TODO: Remove when RAS is implemented
private static final List<String> openDatasets = Collections.unmodifiableList(
new ArrayList<>() {{
add("tutorial-biolincc_camp");
add("tutorial-biolincc_digitalis");
}});

@PostConstruct
public void initializeFenceService() {
picSureApp = applicationRepo.getUniqueResultByColumn("name", "PICSURE");
Expand Down Expand Up @@ -207,17 +201,12 @@ public Response getFENCEProfile(String callback_url, Map<String, String> authReq

// Update the user's roles (or create them if none exists)
//Set<Role> actual_user_roles = u.getRoles();
Iterator<String> project_access_names = fence_user_profile.get("project_access").fieldNames();
Iterator<String> project_access_names = fence_user_profile.get("authz").fieldNames();
while (project_access_names.hasNext()) {
String access_role_name = project_access_names.next();
createAndUpsertRole(access_role_name, current_user);
}

//add open access roles
for (String access_role_name : openDatasets) {
createAndUpsertRole(access_role_name, current_user);
}

final String idp = extractIdp(current_user);

if (current_user.getRoles() != null && (current_user.getRoles().size() > 0 || openAccessIdpValues.contains(idp))) {
Expand Down Expand Up @@ -248,37 +237,21 @@ public Response getFENCEProfile(String callback_url, Map<String, String> authReq
}

private void createAndUpsertRole(String access_role_name, User current_user) {
// These two special access does not matter. We are not using it.
if (access_role_name.equals("admin") || access_role_name.equals("parent")) {
logger.info("SKIPPING ACCESS ROLE: " + access_role_name);
logger.debug("createAndUpsertRole() starting...");
Map projectMetadata = getFENCEMapping().values().stream()
.filter(map -> access_role_name.equals(
map.get("authZ").toString().replace("\\/", "/"))
).findFirst().orElse(null);

if (projectMetadata == null) {
logger.error("getFENCEProfile() -> createAndUpsertRole could not find study in FENCE mapping SKIPPING: " + access_role_name);
return;
}
//topmed ==> access to all studies (not just topmed)
if (access_role_name.equals("topmed") ) {
Map<String, Map> projects = getFENCEMapping();
for(Map projectMetadata : projects.values()) {
String projectId = (String) projectMetadata.get("study_identifier");
String consentCode = (String) projectMetadata.get("consent_group_code");
String newRoleName = (consentCode != null && consentCode != "") ? "FENCE_"+projectId+"_"+consentCode : "FENCE_"+projectId;

if (upsertRole(current_user, newRoleName, "FENCE role "+newRoleName)) {
logger.info("getFENCEProfile() Updated TOPMED user role. Now it includes `"+newRoleName+"`");
} else {
logger.error("getFENCEProfile() could not add roles to TOPMED user's profile");
}
}
return;
}


String[] parts = access_role_name.split("\\.");
String projectId = (String) projectMetadata.get("study_identifier");
String consentCode = (String) projectMetadata.get("consent_group_code");
String newRoleName = StringUtils.isNotBlank(consentCode) ? "FENCE_"+projectId+"_"+consentCode : "FENCE_"+projectId;

String newRoleName;
if (parts.length > 1) {
newRoleName = "FENCE_"+parts[0]+"_"+parts[parts.length-1];
} else {
newRoleName = "FENCE_"+access_role_name;
}
logger.info("getFENCEProfile() New PSAMA role name:"+newRoleName);

if (upsertRole(current_user, newRoleName, "FENCE role "+newRoleName)) {
Expand Down