Skip to content

Commit

Permalink
Merge pull request #285 from navikt/dev
Browse files Browse the repository at this point in the history 
Prodsetting legger til sikkerhetsnivå4 for eksterne brukere
  • Loading branch information
@OdaDahlen
OdaDahlen committed Mar 24, 2023
2 parents 6d52184 + 178b2c9 commit b077df2
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions src/main/java/no/nav/veilarbarena/service/AuthService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ public void sjekkTilgang(Fnr fnr) {
secureLog.info("Skal kalle poao-tilgang hvor hvor userRole = {}, uuid = {}, pid = {}, NavIdent = {}, requestId = {}", userRole, hentInnloggetVeilederUUIDOrElseNull(), hentInnloggetPersonIdent(), hentInnloggetVeilederNavIdent(), requestId);

if (authContextHolder.erEksternBruker()) {
harSikkerhetsNivaa4();
Decision desicion = poaoTilgangClient.evaluatePolicy(new EksternBrukerTilgangTilEksternBrukerPolicyInput(
hentInnloggetPersonIdent(), fnr.get()
)).getOrThrow();
Expand Down Expand Up @@ -142,4 +143,12 @@ public String hentInnloggetVeilederSubject() {
.flatMap(claims -> getStringClaimOrEmpty(claims, "sub"))
.orElse(null);
}

public void harSikkerhetsNivaa4() {
Optional<String> acrClaim = authContextHolder.getIdTokenClaims()
.flatMap(claims -> getStringClaimOrEmpty(claims, "acr"));
if(acrClaim.isEmpty() || !acrClaim.get().equals("Level4")) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN);
}
}
}

0 comments on commit b077df2

Please sign in to comment.