fixup! Fixed provectus#4312 the issue where audit was not working

moremagic · moremagic · commit 95dc99d92779 · 2023-11-15T11:12:28.000+09:00
diff --git a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/auth/OAuthSecurityConfig.java b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/auth/OAuthSecurityConfig.java
@@ -7,6 +7,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
+import java.util.stream.Collectors;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.log4j.Log4j2;
 import org.jetbrains.annotations.Nullable;
@@ -20,6 +21,7 @@
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
 import org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler;
@@ -69,12 +71,14 @@ public ReactiveOAuth2UserService<OidcUserRequest, OidcUser> customOidcUserServic
         .flatMap(user -> {
           var provider = getProviderByProviderId(request.getClientRegistration().getRegistrationId());
           final var extractor = getExtractor(provider, acs);
-          if (extractor == null) {
-            return Mono.just(user);
+          if (extractor != null) {
+            return extractor.extract(acs, user, Map.of("request", request, "provider", provider))
+                .map(groups -> new RbacOidcUser(user, groups));
+          } else {
+            return Mono.just(new RbacOidcUser(
+                user,
+                user.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet())));
           }
-
-          return extractor.extract(acs, user, Map.of("request", request, "provider", provider))
-              .map(groups -> new RbacOidcUser(user, groups));
         });
   }
 
@@ -85,12 +89,14 @@ public ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> customOauth2User
         .flatMap(user -> {
           var provider = getProviderByProviderId(request.getClientRegistration().getRegistrationId());
           final var extractor = getExtractor(provider, acs);
-          if (extractor == null) {
-            return Mono.just(user);
+          if (extractor != null) {
+            return extractor.extract(acs, user, Map.of("request", request, "provider", provider))
+                .map(groups -> new RbacOAuth2User(user, groups));
+          } else {
+            return Mono.just(new RbacOAuth2User(
+                user,
+                user.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet())));
           }
-
-          return extractor.extract(acs, user, Map.of("request", request, "provider", provider))
-              .map(groups -> new RbacOAuth2User(user, groups));
         });
   }
 
diff --git a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/audit/AuditService.java b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/audit/AuditService.java
@@ -32,7 +32,6 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.stereotype.Service;
 import reactor.core.publisher.Mono;
 import reactor.core.publisher.Signal;
@@ -209,10 +208,6 @@ private static AuthenticatedUser createAuthenticatedUser(SecurityContext context
     var principal = context.getAuthentication().getPrincipal();
     if (principal instanceof RbacUser user) {
       return new AuthenticatedUser(user.name(), user.groups());
-    } else if (principal instanceof OidcUser user) {
-      return new AuthenticatedUser(
-          user.getName(),
-          user.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet()));
     } else if (principal instanceof UserDetails user) {
       return new AuthenticatedUser(
           user.getUsername(),
