Package ch.admin.bag.covidcertificate.authorization.impl

Class MockAuthorizationServiceImpl

java.lang.Object

ch.admin.bag.covidcertificate.authorization.impl.MockAuthorizationServiceImpl

All Implemented Interfaces:

AuthorizationService

@Service
@Profile("mock-authorization && !authorization")
public class MockAuthorizationServiceImpl
extends Object
implements AuthorizationService

The mock implementation of AuthorizationService used if the profile AUTHORIZATION_MOCK is active.

Field Summary

Fields inherited from interface ch.admin.bag.covidcertificate.authorization.AuthorizationService

SERVICE_API_GATEWAY, SERVICE_MANAGEMENT, SERVICE_NOTIFICATIONS, SERVICE_REPORT, SERVICE_WEB_UI

Constructor Summary

Constructors

Constructor	Description
MockAuthorizationServiceImpl()

Method Summary

Modifier and Type	Method	Description
Set<String>	getCurrent(String service, List<String> rawRoles)	Returns all permitted functions by given roles at given service.
ServiceData	getDefinition(String service)	Returns the definition of given service.
List<RoleData>	getRoleMapping()	Returns the role mapping.
List<ServiceData.Function>	identifyFunction(String service, String uri, String httpMethod)	Returns a list of ServiceData.Function that match given uri and http method.
boolean	isGranted(Set<String> rawRoles, ServiceData.Function function)	Returns true for given function if the one-of setting contains the role needed for the function to be accessed.
boolean	isUserPermitted(Collection<String> rawRoles)	Returns true if the user based upon his roles is permitted to generally use the application.
Set<String>	mapRawRoles(Collection<String> rawRoles)	Returns a set with the role names as expected by the ServiceData.Function.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

MockAuthorizationServiceImpl

public MockAuthorizationServiceImpl()

Method Details

getCurrent

public Set<String> getCurrent(String service,
 List<String> rawRoles)

Description copied from interface: AuthorizationService

Returns all permitted functions by given roles at given service. This permission is bound to time and may change during time.

Specified by:

getCurrent in interface AuthorizationService

Parameters:

service - the requesting service

rawRoles - the current roles of the user (either from eIAM or from Claim)

Returns:

set of permitted functions

getDefinition

public ServiceData getDefinition(String service)

Description copied from interface: AuthorizationService

Returns the definition of given service.

Specified by:

getDefinition in interface AuthorizationService

Parameters:

service - the requesting service

Returns:

the service's definition

getRoleMapping

public List<RoleData> getRoleMapping()

Description copied from interface: AuthorizationService

Returns the role mapping.

Roles consist of different perspectives. The mapping aligns them:

• claim = role name used in JWT tokens
• eiam = role name used in eIAM
• intern = role name used in this libraries function permissions

Specified by:

getRoleMapping in interface AuthorizationService

Returns:

the mapping for the supported roles

isUserPermitted

public boolean isUserPermitted(Collection<String> rawRoles)

Description copied from interface: AuthorizationService

Returns true if the user based upon his roles is permitted to generally use the application.

Specified by:

isUserPermitted in interface AuthorizationService

Parameters:

rawRoles - the current roles of the user (either from eIAM or from Claim)

Returns:

true if permitted, otherwise false

identifyFunction

public List<ServiceData.Function> identifyFunction(String service,
 String uri,
 String httpMethod)

Description copied from interface: AuthorizationService

Returns a list of ServiceData.Function that match given uri and http method.

A single entry is a trustful identification, more or less than that indicates that the identification is NOT trustworthy.

Specified by:

identifyFunction in interface AuthorizationService

Parameters:

service - identifies the current service

uri - the uri the function has to match

httpMethod - the http method the function has to match

Returns:

List of ServiceData.Function that match given uri and http method

isGranted

public boolean isGranted(Set<String> rawRoles,
 ServiceData.Function function)

Description copied from interface: AuthorizationService

Returns true for given function if the one-of setting contains the role needed for the function to be accessed. If one-of isn't configured false will be returned.

Specified by:

isGranted in interface AuthorizationService

Parameters:

rawRoles - the current roles of the user (either from eIAM or from Claim)

function - the function to check

Returns:

true for given function if the one-of setting contains the role needed for the function to be accessed. If one-of isn't configured false will be returned.

mapRawRoles

public Set<String> mapRawRoles(Collection<String> rawRoles)

Description copied from interface: AuthorizationService

Returns a set with the role names as expected by the ServiceData.Function.

Specified by:

mapRawRoles in interface AuthorizationService

Parameters:

rawRoles - the current roles of the user (either from eIAM or from Claim)

Returns:

set with role names