refactor user whitelist to allow list updates without restarting the IDP

2 files changed, 27 insertions, 2 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
index 4853a5ab6..5d0580464 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
@@ -58,7 +58,7 @@ public class UserRestrictionTask extends AbstractAuthServletTask {
 				
 				
 				//check if user's bPK is whitelisted 
-				if (!whitelist.isUserbPKInWhitelist(pseudonym.getFirst())) {
+				if (!whitelist.isUserbPKInWhitelistDynamic(pseudonym.getFirst())) {
 					Logger.info("User's bPK is not whitelisted. Authentication process stops ...");
 					Logger.trace("User's bPK: " + pseudonym.getFirst());
 					throw new MOAIDException("auth.35", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
index a300739b3..71bd0f3c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
@@ -30,6 +30,7 @@ public class UserWhitelistStore {
 	@Autowired(required=true) AuthConfiguration authConfig;
 	
 	private List<String> whitelist = new ArrayList<String>();
+	private String absWhiteListUrl = null;
 	
 	@PostConstruct
 	private void initialize() {
@@ -38,7 +39,7 @@ public class UserWhitelistStore {
 			Logger.debug("Do not initialize user whitelist. Reason: No configuration path to CSV file.");
 		
 		else {
-			String absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir());
+			absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir());
 			try {			
 				InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
 				String whiteListString = IOUtils.toString(new InputStreamReader(is));
@@ -70,4 +71,28 @@ public class UserWhitelistStore {
 		return whitelist.contains(bPK);
 		
 	}
+	
+	public boolean isUserbPKInWhitelistDynamic(String bPK) {
+		try {
+			if (absWhiteListUrl != null) {
+				InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
+				String whiteListString = IOUtils.toString(new InputStreamReader(is));
+				if (whiteListString != null && whiteListString.contains(bPK)) {
+					Logger.trace("Find user with dynamic whitelist check");
+					return true;
+							
+				} else {
+					Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... ");
+					return isUserbPKInWhitelist(bPK);
+				}
+			
+			}
+		} catch (Exception e) {
+			Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e);
+			
+		}
+		
+		return isUserbPKInWhitelist(bPK);
+	}
+	
 }