From ac21c6be50070c34dd20abe07e0f95ff33751804 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Jun 2018 11:22:25 +0200 Subject: refactor user whitelist to allow list updates without restarting the IDP --- .../internal/tasks/UserRestrictionTask.java | 2 +- .../id/config/auth/data/UserWhitelistStore.java | 27 +++++++++++++++++++++- 2 files changed, 27 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java index 4853a5ab6..5d0580464 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java @@ -58,7 +58,7 @@ public class UserRestrictionTask extends AbstractAuthServletTask { //check if user's bPK is whitelisted - if (!whitelist.isUserbPKInWhitelist(pseudonym.getFirst())) { + if (!whitelist.isUserbPKInWhitelistDynamic(pseudonym.getFirst())) { Logger.info("User's bPK is not whitelisted. Authentication process stops ..."); Logger.trace("User's bPK: " + pseudonym.getFirst()); throw new MOAIDException("auth.35", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java index a300739b3..71bd0f3c0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java @@ -30,6 +30,7 @@ public class UserWhitelistStore { @Autowired(required=true) AuthConfiguration authConfig; private List whitelist = new ArrayList(); + private String absWhiteListUrl = null; @PostConstruct private void initialize() { @@ -38,7 +39,7 @@ public class UserWhitelistStore { Logger.debug("Do not initialize user whitelist. Reason: No configuration path to CSV file."); else { - String absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir()); + absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir()); try { InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI())); String whiteListString = IOUtils.toString(new InputStreamReader(is)); @@ -70,4 +71,28 @@ public class UserWhitelistStore { return whitelist.contains(bPK); } + + public boolean isUserbPKInWhitelistDynamic(String bPK) { + try { + if (absWhiteListUrl != null) { + InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI())); + String whiteListString = IOUtils.toString(new InputStreamReader(is)); + if (whiteListString != null && whiteListString.contains(bPK)) { + Logger.trace("Find user with dynamic whitelist check"); + return true; + + } else { + Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... "); + return isUserbPKInWhitelist(bPK); + } + + } + } catch (Exception e) { + Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e); + + } + + return isUserbPKInWhitelist(bPK); + } + } -- cgit v1.2.3