diff --git a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/RoleService.java b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/RoleService.java index 9758c458588..2bb29cf5ab6 100644 --- a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/RoleService.java +++ b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/RoleService.java @@ -4,11 +4,13 @@ import org.odpi.openmetadata.userinterface.uichassis.springboot.service.ComponentService; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import java.util.Collection; import java.util.Set; import java.util.stream.Collectors; +@Service public class RoleService { @Autowired diff --git a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/SecurityConfig.java b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/SecurityConfig.java index 9ef35bcfee1..b05d727dbeb 100644 --- a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/SecurityConfig.java +++ b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/SecurityConfig.java @@ -83,7 +83,10 @@ public WebMvcConfigurer corsConfigurer() { return new WebMvcConfigurer() { @Override public void addCorsMappings( CorsRegistry registry ) { - registry.addMapping("/**").allowedOrigins(allowedOrigins.toArray(new String[]{})); + registry.addMapping("/**") + .allowedOrigins(allowedOrigins.toArray(new String[]{})) + .allowedMethods("GET","POST","PUT","DELETE") + .allowedHeaders("Authorization","Content-type"); } }; } diff --git a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/service/TokenService.java b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/service/TokenService.java index 33ef95a4a8d..3e40e50ddbd 100644 --- a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/service/TokenService.java +++ b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/service/TokenService.java @@ -2,6 +2,8 @@ /* Copyright Contributors to the ODPi Egeria project. */ package org.odpi.openmetadata.userinterface.uichassis.springboot.auth.service; +import org.odpi.openmetadata.userinterface.uichassis.springboot.auth.RoleService; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.oauth2.jwt.*; @@ -9,11 +11,15 @@ import java.time.Instant; import java.time.temporal.ChronoUnit; +import java.util.Collection; +import java.util.List; import java.util.stream.Collectors; @Service public class TokenService { + @Autowired + RoleService roleService; private final JwtEncoder encoder; public TokenService(JwtEncoder encoder) { @@ -22,14 +28,16 @@ public TokenService(JwtEncoder encoder) { public String generateToken(Authentication authentication) { Instant now = Instant.now(); - String scope = authentication.getAuthorities().stream() + List authotities = authentication.getAuthorities().stream() .map(GrantedAuthority::getAuthority) - .collect(Collectors.joining(" ")); + .collect(Collectors.toList()); + Collection scope = roleService.extractUserAppRoles(authotities); JwtClaimsSet claims = JwtClaimsSet.builder() .issuer("self") .issuedAt(now) .expiresAt(now.plus(1, ChronoUnit.HOURS)) .subject(authentication.getName()) + .claim("visibleComponents", roleService.getVisibleComponents(scope)) .claim("scope", scope) .build(); return this.encoder.encode(JwtEncoderParameters.from(claims)).getTokenValue(); diff --git a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/resources/application.properties b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/resources/application.properties index c8946193820..fb94103c128 100644 --- a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/resources/application.properties +++ b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/resources/application.properties @@ -87,7 +87,7 @@ authentication.mode=token # Below is the default configuration for the two COCO_PHARMA roles we use for demo: role.visibleComponents.COCO_PHARMA_USER=about,asset-catalog,asset-details,asset-details-print,asset-lineage,asset-lineage-print,end-to-end,ultimate-source,ultimate-destination,vertical-lineage,glossary,repository-explorer -role.visibleComponents.COCO_PHARMA_ADMIN=about,type-explorer +role.visibleComponents.COCO_PHARMA_ADMIN=* # omas server connection details omas.server.name=cocoMDS1