Skip to content

Commit

Permalink
Add FakedingsConsumer and switch to TokenX authentication
Browse files Browse the repository at this point in the history 
Introduced FakedingsConsumer for generating fake tokens. Replaced TrygdeetatenAzureAdTokenService with TokenXService for authentication. Cleaned up unused dependencies and old configuration references.
  • Loading branch information
@krharum
krharum committed Oct 3, 2024
1 parent f1b3103 commit b57e3ba
Show file tree
Hide file tree
Showing 7 changed files with 94 additions and 32 deletions.
1 change: 0 additions & 1 deletion proxies/yrkesskade-proxy/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ sonarqube {
}

dependencies {
implementation "no.nav.testnav.libs:data-transfer-objects"
implementation "no.nav.testnav.libs:reactive-security"
implementation "no.nav.testnav.libs:security-core"
implementation "no.nav.testnav.libs:vault"
Expand Down
17 changes: 1 addition & 16 deletions proxies/yrkesskade-proxy/config.yml
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,4 @@
---
apiVersion: nais.io/v1
kind: AzureAdApplication
metadata:
name: testnav-yrkesskade-proxy-trygdeetaten
namespace: dolly
labels:
team: dolly
spec:
secretName: azure-trygdeetaten-testnav-yrkesskade-proxy-trygdeetaten
secretKeyPrefix: "AZURE_TRYGDEETATEN"
tenant: trygdeetaten.no
---
apiVersion: "nais.io/v1alpha1"
apiVersion: "nais.io/v1alpha1"
kind: "Application"
metadata:
name: testnav-yrkesskade-proxy
Expand Down Expand Up @@ -70,7 +57,5 @@ spec:
memory: 1025Mi
limits:
memory: 2048Mi
envFrom:
- secret: azure-trygdeetaten-testnav-yrkesskade-proxy-trygdeetaten
ingresses:
- "https://testnav-yrkesskade-proxy.intern.dev.nav.no"
3 changes: 0 additions & 3 deletions proxies/yrkesskade-proxy/settings.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,6 @@ rootProject.name = "yrkesskade-proxy"

includeBuild "../../plugins/java"

includeBuild "../../libs/data-transfer-objects"
includeBuild "../../libs/reactive-core"
includeBuild "../../libs/reactive-proxy"
includeBuild "../../libs/reactive-security"
includeBuild "../../libs/security-core"
includeBuild "../../libs/vault"
Expand Down
21 changes: 9 additions & 12 deletions ...c/main/java/no/nav/testnav/proxies/yrkesskadeproxy/YrkesskadeProxyApplicationStarter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,10 @@

import no.nav.testnav.libs.reactivecore.config.CoreConfig;
import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.libs.reactivesecurity.exchange.tokenx.TokenXService;
import no.nav.testnav.proxies.yrkesskadeproxy.config.Consumers;
import no.nav.testnav.proxies.yrkesskadeproxy.consumer.FakedingsConsumer;
import no.nav.testnav.proxies.yrkesskadeproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.gateway.filter.GatewayFilter;
Expand All @@ -18,7 +17,6 @@
@Import({
CoreConfig.class,
SecurityConfig.class,
SecureOAuth2ServerToServerConfiguration.class
})
@SpringBootApplication
public class YrkesskadeProxyApplicationStarter {
Expand All @@ -29,26 +27,25 @@ public static void main(String[] args) {

@Bean
public RouteLocator customRouteLocator(RouteLocatorBuilder builder,
GatewayFilter trygdeetatenAuthenticationFilter,
GatewayFilter tokenxAuthenticationFilter,
Consumers consumers) {

return builder
.routes()
.route(spec -> spec
.path("/**")
.filters(f -> f.filter(trygdeetatenAuthenticationFilter))
.filters(f -> f.filter(tokenxAuthenticationFilter))
.uri(consumers.getYrkesskade().getUrl()))
.build();
}

@Bean
GatewayFilter trygdeetatenAuthenticationFilter(
TrygdeetatenAzureAdTokenService tokenService,
GatewayFilter tokenxAuthenticationFilter(
TokenXService tokenService,
FakedingsConsumer fakedingsConsumer,
Consumers consumers) {

return AddAuthenticationRequestGatewayFilterFactory
.bearerAuthenticationHeaderFilter(() -> tokenService
.exchange(consumers.getYrkesskade())
.map(AccessToken::getTokenValue));
.bearerIdportenHeaderFilter(fakedingsConsumer, tokenService, consumers.getYrkesskade());
}
}
25 changes: 25 additions & 0 deletions ...roxy/src/main/java/no/nav/testnav/proxies/yrkesskadeproxy/consumer/FakedingsConsumer.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package no.nav.testnav.proxies.yrkesskadeproxy.consumer;

import no.nav.testnav.proxies.yrkesskadeproxy.consumer.command.FakedingsGetCommand;
import org.springframework.stereotype.Service;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

@Service
public class FakedingsConsumer {

private static final String FAKE_TOKENDINGS_URL = "https://fakedings.intern.dev.nav.no";
private final WebClient webClient;

public FakedingsConsumer(WebClient.Builder webClientBuilder) {

this.webClient = webClientBuilder
.baseUrl(FAKE_TOKENDINGS_URL)
.build();
}

public Mono<String> getFakeToken(String ident) {

return new FakedingsGetCommand(webClient, ident).call();
}
}
28 changes: 28 additions & 0 deletions ...ain/java/no/nav/testnav/proxies/yrkesskadeproxy/consumer/command/FakedingsGetCommand.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package no.nav.testnav.proxies.yrkesskadeproxy.consumer.command;

import lombok.RequiredArgsConstructor;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

import java.util.concurrent.Callable;

@RequiredArgsConstructor
public class FakedingsGetCommand implements Callable<Mono<String>> {

private static final String FAKEDINGS_URL = "/fake/idporten";

private final WebClient webClient;
private final String ident;

@Override
public Mono<String> call() {

return webClient.get()
.uri(uriBuilder -> uriBuilder.path(FAKEDINGS_URL)
.queryParam("pid", ident)
.queryParam("acr", "Level4")
.build())
.retrieve()
.bodyToMono(String.class);
}
}
31 changes: 31 additions & 0 deletions .../testnav/proxies/yrkesskadeproxy/filter/AddAuthenticationRequestGatewayFilterFactory.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
package no.nav.testnav.proxies.yrkesskadeproxy.filter;

import lombok.experimental.UtilityClass;
import lombok.extern.slf4j.Slf4j;
import no.nav.testnav.libs.reactivesecurity.exchange.tokenx.TokenXService;
import no.nav.testnav.libs.securitycore.domain.ServerProperties;
import no.nav.testnav.proxies.yrkesskadeproxy.consumer.FakedingsConsumer;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.http.HttpHeaders;

@Slf4j
@UtilityClass
public class AddAuthenticationRequestGatewayFilterFactory {
public static GatewayFilter bearerIdportenHeaderFilter(FakedingsConsumer fakedingsConsumer,
TokenXService tokenXService,
ServerProperties serverProperties) {

return (exchange, chain) -> {
var httpRequest = exchange.getRequest();
var ident = httpRequest.getHeaders().getFirst("ident");
return fakedingsConsumer.getFakeToken(ident)
.flatMap(faketoken -> tokenXService.exchange(serverProperties, faketoken)
.flatMap(tokenX -> {
exchange.mutate()
.request(builder -> builder.header(HttpHeaders.AUTHORIZATION,
"Bearer " + tokenX.getTokenValue()).build());
return chain.filter(exchange);
}));
};
}
}

0 comments on commit b57e3ba

Please sign in to comment.