version 0.95 - minor refactoring

- better debug info in SimpleLDAPAuthorizer - better code readability in GroupAuthorizer
instaclustr · May 8, 2018 · 0472f07 · 0472f07
1 parent 2cde184
commit 0472f07
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 15 deletions.
diff --git a/build.gradle b/build.gradle
@@ -20,7 +20,7 @@ plugins{
 apply plugin: 'maven-publish'
 
 group 'no.nav.common.security'
-version '0.94'
+version '0.95'
 
 sourceCompatibility = 1.8
 

diff --git a/src/main/kotlin/no/nav/common/security/authorization/GroupAuthorizer.kt b/src/main/kotlin/no/nav/common/security/authorization/GroupAuthorizer.kt
@@ -14,17 +14,14 @@ class GroupAuthorizer : AutoCloseable {
 
     fun authorize(principal: KafkaPrincipal, acls: Set<Acl>, uuid: String): Boolean =
 
-            acls.map {
-                log.debug("ALLOW ACL: $it ($uuid)")
-                it.principal().name
-            }.let { groups ->
+            acls.map { it.principal().name }.let { groups ->
 
                 val ldapConfig = LDAPConfig.getByClasspath()
 
                 val userDN = ldapConfig.toUserDN(principal.name)
                 val userDNBasta = ldapConfig.toUserDNBasta(principal.name)
 
-                val isCached =  groups
+                val cachedUserInGroups =  groups
                         .map { groupName ->
                             if (
                                     LDAPCache.groupAndUserExists(groupName, userDN) ||
@@ -35,16 +32,14 @@ class GroupAuthorizer : AutoCloseable {
                                 Pair(false, groupName)
                         }
                         .filter { pair -> pair.first }
-                        .let { uInGList ->
-                            if (uInGList.isNotEmpty())
-                                log.debug("[[${uInGList.map { it.second }}],${principal.name}] is cached ($uuid)")
-                            uInGList.isNotEmpty()
-                        }
 
-                if (isCached)
+                if (cachedUserInGroups.isNotEmpty()) {
+                    log.debug("[${cachedUserInGroups.map { it.second }},${principal.name}] is cached ($uuid)")
                     true
+                }
                 else
-                    LDAPAuthorization.init().use { ldap -> ldap.isUserMemberOfAny(principal.name, groups, uuid) }
+                    LDAPAuthorization.init()
+                            .use { ldap -> ldap.isUserMemberOfAny(principal.name, groups, uuid) }
                             .let { uInGSet ->
                                 uInGSet.forEach {
                                     LDAPCache.groupAndUserAdd(it.groupName, it.userDN)

diff --git a/src/main/kotlin/no/nav/common/security/authorization/SimpleLDAPAuthorizer.kt b/src/main/kotlin/no/nav/common/security/authorization/SimpleLDAPAuthorizer.kt
@@ -45,12 +45,14 @@ class SimpleLDAPAuthorizer : SimpleAclAuthorizer() {
                 .filter { it.operation() == operation && it.permissionType().toJava() == AclPermissionType.ALLOW }
 
         // switch to kotlin set, making testing easier
-        var acls: Set<Acl> = emptySet()
+        val acls = mutableSetOf<Acl>()
         sacls.foreach { acls += it }
 
+        log.debug("$lOperation has following Allow ACLs for $lResource: ${acls.map { it.principal().name }} ($uuid)")
+
         // nothing to do if empty acl set
         if (acls.isEmpty()) {
-            log.debug("Authorization End - empty ALLOW ACL for [$lResource,$lOperation], is not authorized ($uuid)")
+            log.debug("Authorization End - empty ALLOW ACL for [$lResource,$lOperation], not authorized ($uuid)")
             return false
         }