Skip to content

Commit

Permalink
Merge pull request #287 from navikt/dev
Browse files Browse the repository at this point in the history 
Prodsette log-statement som skal vekk når vi har bekreftet at det alltid er likt mellom abac og poao-tilgang
  • Loading branch information
@OdaDahlen
OdaDahlen committed Mar 27, 2023
2 parents b077df2 + 8116179 commit b6edf2b
Showing 1 changed file with 3 additions and 12 deletions.
15 changes: 3 additions & 12 deletions src/main/java/no/nav/veilarbarena/service/AuthService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,29 +52,20 @@ public void sjekkTilgang(Fnr fnr) {
Boolean abacDecision = veilarbPep.harTilgangTilPerson(innloggetBrukerToken, ActionId.READ, fnr);

if (unleashService.skalBrukePoaoTilgang() && !erSystembruker()) {
secureLog.info("abacDecision = {}, requestId = {} , userRole = {}", abacDecision, requestId, userRole);
secureLog.info("Skal kalle poao-tilgang hvor hvor userRole = {}, uuid = {}, pid = {}, NavIdent = {}, requestId = {}", userRole, hentInnloggetVeilederUUIDOrElseNull(), hentInnloggetPersonIdent(), hentInnloggetVeilederNavIdent(), requestId);

if (authContextHolder.erEksternBruker()) {
harSikkerhetsNivaa4();
Decision desicion = poaoTilgangClient.evaluatePolicy(new EksternBrukerTilgangTilEksternBrukerPolicyInput(
hentInnloggetPersonIdent(), fnr.get()
)).getOrThrow();

secureLog.info("Decision from EksternBrukerTilgangTilEksternBrukerPolicyInput is: {} hvor userRole = {}, pid = {}, requestId = {} ", desicion.getType(), userRole, hentInnloggetPersonIdent(), requestId);

secureLog.info("abacDecision = {}, EksternBrukerTilgangTilEksternBrukerPolicyInput = {}, hvor userRole = {}, pid = {}, requestId = {} ", abacDecision, desicion.getType(), userRole, hentInnloggetPersonIdent(), requestId);
if (desicion.isDeny()) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN);
}


} else {

Decision desicion = poaoTilgangClient.evaluatePolicy(new NavAnsattTilgangTilEksternBrukerPolicyInput(
hentInnloggetVeilederUUID(), TilgangType.LESE, fnr.get()
)).getOrThrow();
secureLog.info("Decision from NavAnsattTilgangTilEksternBrukerPolicyInput is: {} hvor userRole = {}, uuid = {}, pid = {}, NavIdent = {}, subject = {}, innloggetBrukerToken = {}, requestId = {}", desicion.getType(), userRole, hentInnloggetVeilederUUIDOrElseNull(), hentInnloggetPersonIdent(), hentInnloggetVeilederNavIdent(), hentInnloggetVeilederSubject(), innloggetBrukerToken, requestId);

secureLog.info("abacDecision = {}, NavAnsattTilgangTilEksternBrukerPolicyInput decision = {}, hvor userRole = {}, uuid = {}, pid = {}, NavIdent = {}, subject = {}, innloggetBrukerToken = {}, requestId = {}", desicion.getType(), userRole, hentInnloggetVeilederUUIDOrElseNull(), hentInnloggetPersonIdent(), hentInnloggetVeilederNavIdent(), hentInnloggetVeilederSubject(), innloggetBrukerToken, requestId);
if (desicion.isDeny()) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN);
}
Expand Down Expand Up @@ -147,7 +138,7 @@ public String hentInnloggetVeilederSubject() {
public void harSikkerhetsNivaa4() {
Optional<String> acrClaim = authContextHolder.getIdTokenClaims()
.flatMap(claims -> getStringClaimOrEmpty(claims, "acr"));
if(acrClaim.isEmpty() || !acrClaim.get().equals("Level4")) {
if (acrClaim.isEmpty() || !acrClaim.get().equals("Level4")) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN);
}
}
Expand Down

0 comments on commit b6edf2b

Please sign in to comment.