Support unauthenticated user in JwtUserInfoExtractor (#356)

Author: vpaturet

calendar-helper/pom.xml

@@ -22,7 +22,7 @@ Inspired by: https://github.com/fabric8io/ipaas-quickstarts/
     <parent>
         <groupId>org.entur.ror.helpers</groupId>
         <artifactId>helper</artifactId>
-        <version>5.17.0-SNAPSHOT</version>
+        <version>5.19.0-SNAPSHOT</version>
         <relativePath>..</relativePath>
     </parent>
 

entur-google-pubsub/pom.xml

@@ -23,7 +23,7 @@ Inspired by: https://github.com/fabric8io/ipaas-quickstarts/
     <parent>
         <groupId>org.entur.ror.helpers</groupId>
         <artifactId>helper</artifactId>
-        <version>5.17.0-SNAPSHOT</version>
+        <version>5.19.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>entur-google-pubsub</artifactId>

hazelcast4-helper/pom.xml

@@ -22,7 +22,7 @@ Inspired by: https://github.com/fabric8io/ipaas-quickstarts/
     <parent>
         <groupId>org.entur.ror.helpers</groupId>
         <artifactId>helper</artifactId>
-        <version>5.17.0-SNAPSHOT</version>
+        <version>5.19.0-SNAPSHOT</version>
         <relativePath>..</relativePath>
     </parent>
 

oauth2/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <artifactId>helper</artifactId>
         <groupId>org.entur.ror.helpers</groupId>
-        <version>5.17.0-SNAPSHOT</version>
+        <version>5.19.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

oauth2/src/main/java/org/entur/oauth2/user/JwtUserInfoExtractor.java

@@ -1,5 +1,6 @@
 package org.entur.oauth2.user;
 
+import javax.annotation.Nullable;
 import org.rutebanken.helper.organisation.user.UserInfoExtractor;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -17,11 +18,13 @@ public class JwtUserInfoExtractor implements UserInfoExtractor {
     "https://ror.entur.io/preferred_username";
 
   @Override
+  @Nullable
   public String getPreferredName() {
     return getClaim(CLAIM_ROR_PREFERRED_NAME);
   }
 
   @Override
+  @Nullable
   public String getPreferredUsername() {
     return getClaim(CLAIM_ROR_PREFERRED_USERNAME);
   }
@@ -30,9 +33,12 @@ private String getClaim(String claim) {
     Authentication auth = SecurityContextHolder
       .getContext()
       .getAuthentication();
-    JwtAuthenticationToken jwtAuthenticationToken =
-      (JwtAuthenticationToken) auth;
-    Jwt jwt = (Jwt) jwtAuthenticationToken.getPrincipal();
-    return jwt.getClaimAsString(claim);
+
+    if (auth instanceof JwtAuthenticationToken jwtAuthenticationToken) {
+      Jwt jwt = (Jwt) jwtAuthenticationToken.getPrincipal();
+      return jwt.getClaimAsString(claim);
+    } else {
+      return null;
+    }
   }
 }

organisation/pom.xml

@@ -22,7 +22,7 @@ Inspired by: https://github.com/fabric8io/ipaas-quickstarts/
     <parent>
         <groupId>org.entur.ror.helpers</groupId>
         <artifactId>helper</artifactId>
-        <version>5.17.0-SNAPSHOT</version>
+        <version>5.19.0-SNAPSHOT</version>
         <relativePath>..</relativePath>
     </parent>
 

organisation/src/main/java/org/rutebanken/helper/organisation/user/UserInfoExtractor.java

@@ -1,10 +1,20 @@
 package org.rutebanken.helper.organisation.user;
 
+import javax.annotation.Nullable;
+
 /**
  * Retrieve user information of the current user.
  */
 public interface UserInfoExtractor {
+  /**
+   * Return the preferred name of the current user, or null if no user is authenticated.
+   */
+  @Nullable
   String getPreferredName();
 
+  /**
+   * Return the preferred username of the current user, or null if no user is authenticated.
+   */
+  @Nullable
   String getPreferredUsername();
 }

permission-store-proxy/pom.xml

@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.entur.ror.helpers</groupId>
         <artifactId>helper</artifactId>
-        <version>5.17.0-SNAPSHOT</version>
+        <version>5.19.0-SNAPSHOT</version>
     </parent>
 
     <properties>
@@ -38,13 +38,13 @@
         <dependency>
             <groupId>org.entur.ror.helpers</groupId>
             <artifactId>organisation</artifactId>
-            <version>5.17.0-SNAPSHOT</version>
+            <version>5.19.0-SNAPSHOT</version>
         </dependency>
 
         <dependency>
             <groupId>org.entur.ror.helpers</groupId>
             <artifactId>oauth2</artifactId>
-            <version>5.17.0-SNAPSHOT</version>
+            <version>5.19.0-SNAPSHOT</version>
         </dependency>
 
         <!--test-->

permission-store-proxy/src/main/java/org/entur/ror/permission/RemoteBabaUserInfoExtractor.java

@@ -3,6 +3,7 @@
 import java.time.Duration;
 import java.util.List;
 import java.util.function.Predicate;
+import javax.annotation.Nullable;
 import org.rutebanken.helper.organisation.user.UserInfoExtractor;
 import org.springframework.http.MediaType;
 import org.springframework.security.access.AccessDeniedException;
@@ -36,13 +37,23 @@ public RemoteBabaUserInfoExtractor(WebClient webClient, String uri) {
   }
 
   @Override
+  @Nullable
   public String getPreferredName() {
-    BabaContactDetails babaContactDetails = getBabaUser().contactDetails;
+    BabaUser babaUser = getBabaUser();
+    if (babaUser == null) {
+      return null;
+    }
+    BabaContactDetails babaContactDetails = babaUser.contactDetails;
     return babaContactDetails.firstName + " " + babaContactDetails.lastName;
   }
 
   @Override
+  @Nullable
   public String getPreferredUsername() {
+    BabaUser babaUser = getBabaUser();
+    if (babaUser == null) {
+      return null;
+    }
     return getBabaUser().username;
   }
 
@@ -53,7 +64,7 @@ private BabaUser getBabaUser() {
     if (
       !(authentication instanceof JwtAuthenticationToken jwtAuthenticationToken)
     ) {
-      throw new AccessDeniedException("Not authenticated with token");
+      return null;
     }
 
     AuthenticatedUser authenticatedUser = AuthenticatedUser.of(

pom.xml

@@ -27,7 +27,7 @@
 
     <groupId>org.entur.ror.helpers</groupId>
     <artifactId>helper</artifactId>
-    <version>5.17.0-SNAPSHOT</version>
+    <version>5.19.0-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <name>entur-helper</name>