From: Ben Zelleröhr <ben.zelleroehr@telekom.de>
Date: Wed, 30 Jul 2025 13:48:39 +0000 (+0200)
Subject: refactor: org.onap.portalng.preferences.util.IdTokenExchange
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F06%2F141606%2F1;p=portal-ng%2Fpreferences.git

refactor: org.onap.portalng.preferences.util.IdTokenExchange

Issue-ID: PORTALNG-149
Change-Id: I07b487b944f5a0853278aa628ad3531ac0dc7d8b
Signed-off-by: Ben Zelleröhr <ben.zelleroehr@telekom.de>
---

diff --git a/app/build.gradle b/app/build.gradle
index 63a269f..c0279cd 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -36,7 +36,7 @@ configurations {
 repositories {
 	mavenCentral()
 	maven {
-		url "https://plugins.gradle.org/m2/"
+		url = "https://plugins.gradle.org/m2/"
 	}
 }
 
@@ -95,8 +95,6 @@ jacocoTestReport {
 	}
 }
 
-configurations.implementation.setCanBeResolved(true)
-
 // avoid generating X.X.X-plain.jar
 jar {
   enabled = false
diff --git a/app/src/main/java/org/onap/portalng/preferences/controller/PreferencesController.java b/app/src/main/java/org/onap/portalng/preferences/controller/PreferencesController.java
index c15ec4d..5241848 100644
--- a/app/src/main/java/org/onap/portalng/preferences/controller/PreferencesController.java
+++ b/app/src/main/java/org/onap/portalng/preferences/controller/PreferencesController.java
@@ -54,7 +54,6 @@ public class PreferencesController implements PreferencesApi {
           return Mono.error(ex);
         })
         .onErrorReturn(new ResponseEntity<>(HttpStatus.BAD_REQUEST));
-
   }
 
   @Override
diff --git a/app/src/main/java/org/onap/portalng/preferences/util/IdTokenExchange.java b/app/src/main/java/org/onap/portalng/preferences/util/IdTokenExchange.java
index 7349d53..7751374 100644
--- a/app/src/main/java/org/onap/portalng/preferences/util/IdTokenExchange.java
+++ b/app/src/main/java/org/onap/portalng/preferences/util/IdTokenExchange.java
@@ -21,68 +21,31 @@
 
 package org.onap.portalng.preferences.util;
 
-import com.nimbusds.jwt.JWTClaimsSet;
-import com.nimbusds.jwt.JWTParser;
-
-import java.text.ParseException;
-
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 /**
- * Represents a function that handles the <a href="https://jwt.io/introduction">JWT</a> identity token.
- * Use this to check if the incoming requests are authorized to call the given endpoint
+ * Represents a function that handles the
+ * <a href="https://jwt.io/introduction">JWT</a> identity token.
+ * Use this to check if the incoming requests are authorized to call the given
+ * endpoint
  */
 
 public final class IdTokenExchange {
 
-  public static final String X_AUTH_IDENTITY_HEADER = "X-Auth-Identity";
   public static final String JWT_CLAIM_USERID = "sub";
 
-  private IdTokenExchange(){
+  private IdTokenExchange() {
 
   }
-
-  /**
-   * Extract the identity header from the given {@link ServerWebExchange}.
-   * @param exchange the ServerWebExchange that contains information about the incoming request
-   * @return the identity header in the form of <code>Bearer {@literal <Token>}<c/ode>
-   */
-  private static Mono<String> extractIdentityHeader(ServerWebExchange exchange) {
-    return Mono.just(exchange.getRequest().getHeaders().getOrEmpty(X_AUTH_IDENTITY_HEADER))
-        .map(headers -> headers.get(0))
-        .onErrorResume(Exception.class, ex -> Mono.error(ex));
-  }
-
-    /**
-   * Extract the identity token from the given {@link ServerWebExchange}.
-   * @see <a href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">OpenId Connect ID Token</a>
-   * @param exchange the ServerWebExchange that contains information about the incoming request
-   * @return the identity token that contains user roles
-   */
-  private static Mono<String> extractIdToken(ServerWebExchange exchange) {
-    return extractIdentityHeader(exchange)
-        .map(identityHeader -> identityHeader.replace("Bearer ", ""));
-  }
-
   /**
    * Extract the <code>userId</code> from the given {@link ServerWebExchange}
    * @param exchange the ServerWebExchange that contains information about the incoming request
    * @return the id of the user
    */
   public static Mono<String> extractUserId(ServerWebExchange exchange) {
-    return extractIdToken(exchange)
-        .flatMap(idToken -> extractUserClaim(idToken));
-  }
-
-  private static Mono<String> extractUserClaim(String idToken) {
-    JWTClaimsSet jwtClaimSet;
-	try {
-		jwtClaimSet = JWTParser.parse(idToken).getJWTClaimsSet();
-	} catch (ParseException e) {
-		return Mono.error(e);
-	}
-    return Mono.just(String.class.cast(jwtClaimSet.getClaim(JWT_CLAIM_USERID)));
+    return exchange.getPrincipal().cast(JwtAuthenticationToken.class)
+        .map(auth -> auth.getToken().getClaimAsString(JWT_CLAIM_USERID));
   }
 }
-
diff --git a/app/src/test/java/org/onap/portalng/preferences/BaseIntegrationTest.java b/app/src/test/java/org/onap/portalng/preferences/BaseIntegrationTest.java
index 989bc5b..2a6c35a 100644
--- a/app/src/test/java/org/onap/portalng/preferences/BaseIntegrationTest.java
+++ b/app/src/test/java/org/onap/portalng/preferences/BaseIntegrationTest.java
@@ -37,6 +37,7 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.web.server.LocalServerPort;
 import org.springframework.cloud.contract.wiremock.AutoConfigureWireMock;
+import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 
 import java.util.List;
@@ -134,7 +135,7 @@ public abstract class BaseIntegrationTest {
         .auth()
         .preemptive()
         .oauth2(idToken)
-        .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken);
+        .header(HttpHeaders.AUTHORIZATION, "Bearer " + idToken);
   }
 
   /**
@@ -150,6 +151,6 @@ public abstract class BaseIntegrationTest {
         .auth()
         .preemptive()
         .oauth2(idToken)
-        .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken);
+        .header(HttpHeaders.AUTHORIZATION, "Bearer " + idToken);
   }
 }
diff --git a/openapi/src/main/resources/api/api.yml b/openapi/src/main/resources/api/api.yml
index 50a6ea9..580119f 100644
--- a/openapi/src/main/resources/api/api.yml
+++ b/openapi/src/main/resources/api/api.yml
@@ -12,6 +12,8 @@ tags:
 paths:
   /v1/preferences:
     get:
+      security:
+        - bearerAuth: []
       description: Returns user preferences
       summary: Get user preferences
       operationId: getPreferences
@@ -35,6 +37,8 @@ paths:
         '502':
           $ref: '#/components/responses/BadGateway'
     put:
+      security:
+        - bearerAuth: []
       description: Updates user preferences
       summary: Update user preferences
       operationId: updatePreferences
@@ -64,6 +68,8 @@ paths:
         '502':
           $ref: '#/components/responses/BadGateway'
     post:
+      security:
+        - bearerAuth: []
       description: Save user preferences
       summary: Save user preferences
       operationId: savePreferences
@@ -185,3 +191,8 @@ components:
         application/problem+json:
           schema:
             $ref: '#/components/schemas/Problem'
+  securitySchemes:
+    bearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT