diff --git a/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluator.java b/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluator.java index 789c28800..bb58e25b6 100644 --- a/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluator.java +++ b/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluator.java @@ -28,7 +28,6 @@ import com.netflix.spinnaker.kork.exceptions.IntegrationException; import com.netflix.spinnaker.kork.telemetry.caffeine.CaffeineStatsCounter; import com.netflix.spinnaker.security.AuthenticatedRequest; -import com.netflix.spinnaker.security.User; import java.io.Serializable; import java.util.Arrays; import java.util.Collections; @@ -50,6 +49,7 @@ import org.springframework.security.access.PermissionEvaluator; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component; import org.springframework.util.backoff.BackOffExecution; import org.springframework.util.backoff.ExponentialBackOff; @@ -358,8 +358,8 @@ private String getUsername(Authentication authentication) { && authentication.isAuthenticated() && authentication.getPrincipal() != null) { Object principal = authentication.getPrincipal(); - if (principal instanceof User) { - username = ((User) principal).getUsername(); + if (principal instanceof UserDetails) { + username = ((UserDetails) principal).getUsername(); } else if (StringUtils.isNotEmpty(principal.toString())) { username = principal.toString(); } diff --git a/fiat-api/src/test/groovy/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluatorSpec.groovy b/fiat-api/src/test/groovy/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluatorSpec.groovy index 0ff692aff..42299ed26 100644 --- a/fiat-api/src/test/groovy/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluatorSpec.groovy +++ b/fiat-api/src/test/groovy/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluatorSpec.groovy @@ -25,7 +25,6 @@ import com.netflix.spinnaker.fiat.model.resources.ResourceType import com.netflix.spinnaker.fiat.model.resources.Role import com.netflix.spinnaker.fiat.model.resources.ServiceAccount import com.netflix.spinnaker.kork.common.Header -import com.netflix.spinnaker.security.AuthenticatedRequest import org.slf4j.MDC import org.springframework.security.core.context.SecurityContextHolder import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken diff --git a/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/roles/UserRolesProvider.java b/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/roles/UserRolesProvider.java index c03c620f9..58347c890 100644 --- a/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/roles/UserRolesProvider.java +++ b/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/roles/UserRolesProvider.java @@ -30,21 +30,22 @@ default List loadUnrestrictedRoles() { } /** - * Load the roles assigned to the {@link com.netflix.spinnaker.security.User User}. + * Load the roles assigned to the {@link com.netflix.spinnaker.fiat.permissions.ExternalUser + * user}. * * @param user to load roles for - * @return Roles assigned to the {@link com.netflix.spinnaker.security.User User} with the given - * userEmail. + * @return Roles assigned to the {@link com.netflix.spinnaker.fiat.permissions.ExternalUser user} + * with the given id. */ List loadRoles(ExternalUser user); /** - * Load the roles assigned to each {@link com.netflix.spinnaker.security.User User's} email in - * userEmails. + * Load the roles assigned to each {@link com.netflix.spinnaker.fiat.permissions.ExternalUser + * user's} id in users. * * @param users to load roles for - * @return Map whose keys are the {@link com.netflix.spinnaker.security.User User's} email and - * values are their assigned roles. + * @return Map whose keys are the {@link com.netflix.spinnaker.fiat.permissions.ExternalUser + * user's} id and values are their assigned roles. */ Map> multiLoadRoles(Collection users); }