chore(user): support UserDetails interface instead of User object (#687)

spinnaker · May 20, 2020 · 4c9aa59 · 4c9aa59
1 parent ee97bce
commit 4c9aa59
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 11 deletions.
diff --git a/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluator.java b/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluator.java
@@ -28,7 +28,6 @@
 import com.netflix.spinnaker.kork.exceptions.IntegrationException;
 import com.netflix.spinnaker.kork.telemetry.caffeine.CaffeineStatsCounter;
 import com.netflix.spinnaker.security.AuthenticatedRequest;
-import com.netflix.spinnaker.security.User;
 import java.io.Serializable;
 import java.util.Arrays;
 import java.util.Collections;
@@ -50,6 +49,7 @@
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Component;
 import org.springframework.util.backoff.BackOffExecution;
 import org.springframework.util.backoff.ExponentialBackOff;
@@ -358,8 +358,8 @@ private String getUsername(Authentication authentication) {
         && authentication.isAuthenticated()
         && authentication.getPrincipal() != null) {
       Object principal = authentication.getPrincipal();
-      if (principal instanceof User) {
-        username = ((User) principal).getUsername();
+      if (principal instanceof UserDetails) {
+        username = ((UserDetails) principal).getUsername();
       } else if (StringUtils.isNotEmpty(principal.toString())) {
         username = principal.toString();
       }

diff --git a/...-api/src/test/groovy/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluatorSpec.groovy b/...-api/src/test/groovy/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluatorSpec.groovy
@@ -25,7 +25,6 @@ import com.netflix.spinnaker.fiat.model.resources.ResourceType
 import com.netflix.spinnaker.fiat.model.resources.Role
 import com.netflix.spinnaker.fiat.model.resources.ServiceAccount
 import com.netflix.spinnaker.kork.common.Header
-import com.netflix.spinnaker.security.AuthenticatedRequest
 import org.slf4j.MDC
 import org.springframework.security.core.context.SecurityContextHolder
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken

diff --git a/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/roles/UserRolesProvider.java b/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/roles/UserRolesProvider.java
@@ -30,21 +30,22 @@ default List<Role> loadUnrestrictedRoles() {
   }
 
   /**
-   * Load the roles assigned to the {@link com.netflix.spinnaker.security.User User}.
+   * Load the roles assigned to the {@link com.netflix.spinnaker.fiat.permissions.ExternalUser
+   * user}.
    *
    * @param user to load roles for
-   * @return Roles assigned to the {@link com.netflix.spinnaker.security.User User} with the given
-   *     userEmail.
+   * @return Roles assigned to the {@link com.netflix.spinnaker.fiat.permissions.ExternalUser user}
+   *     with the given id.
    */
   List<Role> loadRoles(ExternalUser user);
 
   /**
-   * Load the roles assigned to each {@link com.netflix.spinnaker.security.User User's} email in
-   * userEmails.
+   * Load the roles assigned to each {@link com.netflix.spinnaker.fiat.permissions.ExternalUser
+   * user's} id in users.
    *
    * @param users to load roles for
-   * @return Map whose keys are the {@link com.netflix.spinnaker.security.User User's} email and
-   *     values are their assigned roles.
+   * @return Map whose keys are the {@link com.netflix.spinnaker.fiat.permissions.ExternalUser
+   *     user's} id and values are their assigned roles.
    */
   Map<String, Collection<Role>> multiLoadRoles(Collection<ExternalUser> users);
 }