Fixed provectus#4312 the issue where audit was not working

moremagic · moremagic · commit 3d99f43aef13 · 2023-11-15T11:28:54.000+09:00
diff --git a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/auth/OAuthSecurityConfig.java b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/auth/OAuthSecurityConfig.java
@@ -7,6 +7,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
+import java.util.stream.Collectors;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.log4j.Log4j2;
 import org.jetbrains.annotations.Nullable;
@@ -20,6 +21,7 @@
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
 import org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler;
@@ -69,12 +71,14 @@ public ReactiveOAuth2UserService<OidcUserRequest, OidcUser> customOidcUserServic
         .flatMap(user -> {
           var provider = getProviderByProviderId(request.getClientRegistration().getRegistrationId());
           final var extractor = getExtractor(provider, acs);
-          if (extractor == null) {
-            return Mono.just(user);
+          if (extractor != null) {
+            return extractor.extract(acs, user, Map.of("request", request, "provider", provider))
+                .map(groups -> new RbacOidcUser(user, groups));
+          } else {
+            return Mono.just(new RbacOidcUser(
+                user,
+                user.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet())));
           }
-
-          return extractor.extract(acs, user, Map.of("request", request, "provider", provider))
-              .map(groups -> new RbacOidcUser(user, groups));
         });
   }
 
@@ -85,12 +89,14 @@ public ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> customOauth2User
         .flatMap(user -> {
           var provider = getProviderByProviderId(request.getClientRegistration().getRegistrationId());
           final var extractor = getExtractor(provider, acs);
-          if (extractor == null) {
-            return Mono.just(user);
+          if (extractor != null) {
+            return extractor.extract(acs, user, Map.of("request", request, "provider", provider))
+                .map(groups -> new RbacOAuth2User(user, groups));
+          } else {
+            return Mono.just(new RbacOAuth2User(
+                user,
+                user.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet())));
           }
-
-          return extractor.extract(acs, user, Map.of("request", request, "provider", provider))
-              .map(groups -> new RbacOAuth2User(user, groups));
         });
   }
 
diff --git a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/audit/AuditService.java b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/audit/AuditService.java
@@ -6,6 +6,7 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.provectus.kafka.ui.config.ClustersProperties;
 import com.provectus.kafka.ui.config.auth.AuthenticatedUser;
+import com.provectus.kafka.ui.config.auth.RbacUser;
 import com.provectus.kafka.ui.model.KafkaCluster;
 import com.provectus.kafka.ui.model.rbac.AccessContext;
 import com.provectus.kafka.ui.service.AdminClientService;
@@ -196,18 +197,26 @@ private Mono<AuthenticatedUser> extractUser(Signal<?> sig) {
     Object key = SecurityContext.class;
     if (sig.getContextView().hasKey(key)) {
       return sig.getContextView().<Mono<SecurityContext>>get(key)
-          .map(context -> context.getAuthentication().getPrincipal())
-          .cast(UserDetails.class)
-          .map(user -> {
-            var roles = user.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet());
-            return new AuthenticatedUser(user.getUsername(), roles);
-          })
+          .map(AuditService::createAuthenticatedUser)
           .switchIfEmpty(NO_AUTH_USER);
     } else {
       return NO_AUTH_USER;
     }
   }
 
+  private static AuthenticatedUser createAuthenticatedUser(SecurityContext context) {
+    var principal = context.getAuthentication().getPrincipal();
+    if (principal instanceof RbacUser user) {
+      return new AuthenticatedUser(user.name(), user.groups());
+    } else if (principal instanceof UserDetails user) {
+      return new AuthenticatedUser(
+          user.getUsername(),
+          user.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet()));
+    } else {
+      return null;
+    }
+  }
+
   private void sendAuditRecord(AccessContext ctx, AuthenticatedUser user) {
     sendAuditRecord(ctx, user, null);
   }
