fix: DwC Auth Token not available (#337)

Author: MatKuhr

cloudplatform/connectivity-dwc/pom.xml

@@ -69,6 +69,10 @@
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>com.auth0</groupId>
+			<artifactId>java-jwt</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>jcl-over-slf4j</artifactId>

cloudplatform/connectivity-dwc/src/main/java/com/sap/cloud/sdk/cloudplatform/DwcHeaderUtils.java

@@ -35,6 +35,10 @@ public class DwcHeaderUtils
      * The name of the header that contains the Deploy with Confidence scopes information.
      */
     public static final String DWC_SUBDOMAIN_HEADER = "dwc-subdomain";
+    /**
+     * The name of the header that contains the Deploy with Confidence JWT token.
+     */
+    public static final String DWC_JWT_HEADER = "dwc-jwt";
 
     /**
      * This method fetches the value of the {@link #DWC_TENANT_HEADER} header or throws an
@@ -85,6 +89,21 @@ public static String getDwcPrincipalIdOrThrow()
         return logonName;
     }
 
+    /**
+     * This method fetches the value of the {@link #DWC_JWT_HEADER} header or throws an
+     * {@link DwcHeaderNotFoundException} if the header was not found.
+     *
+     * @return The value of the {@link #DWC_JWT_HEADER} header.
+     * @throws DwcHeaderNotFoundException
+     *             if the header was not found.
+     * @since 5.6.0
+     */
+    @Nonnull
+    public static String getDwcJwtOrThrow()
+    {
+        return getNonEmptyDwcHeaderValue(DWC_JWT_HEADER);
+    }
+
     @Nonnull
     private static String getNonEmptyDwcHeaderValue( @Nonnull final String key )
         throws DwcHeaderNotFoundException

cloudplatform/connectivity-dwc/src/main/java/com/sap/cloud/sdk/cloudplatform/security/DwcAuthTokenFacade.java

@@ -0,0 +1,46 @@
+package com.sap.cloud.sdk.cloudplatform.security;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import com.auth0.jwt.JWT;
+import com.sap.cloud.sdk.cloudplatform.DwcHeaderUtils;
+import com.sap.cloud.sdk.cloudplatform.security.exception.AuthTokenAccessException;
+import com.sap.cloud.sdk.cloudplatform.thread.ThreadContext;
+import com.sap.cloud.sdk.cloudplatform.thread.ThreadContextAccessor;
+
+import io.vavr.control.Try;
+
+/**
+ * Auth token facade for Deploy with Confidence (DwC) environment.
+ *
+ * @since 5.6.0
+ */
+public class DwcAuthTokenFacade extends DefaultAuthTokenFacade
+{
+    private static final String AUTH_TOKEN = AuthTokenThreadContextListener.PROPERTY_AUTH_TOKEN;
+
+    @Nonnull
+    @Override
+    public Try<AuthToken> tryGetCurrentToken()
+    {
+        @Nullable
+        final ThreadContext currentContext = ThreadContextAccessor.getCurrentContextOrNull();
+        if( currentContext != null && currentContext.containsProperty(AUTH_TOKEN) ) {
+            return currentContext.getPropertyValue(AUTH_TOKEN);
+        }
+        return Try.of(DwcAuthTokenFacade::extractAuthTokenFromDwcHeaders);
+    }
+
+    @Nonnull
+    private static AuthToken extractAuthTokenFromDwcHeaders()
+    {
+        try {
+            final String token = DwcHeaderUtils.getDwcJwtOrThrow();
+            return new AuthToken(JWT.decode(token));
+        }
+        catch( final Exception e ) {
+            throw new AuthTokenAccessException("Failed to extract auth token from DwC headers.", e);
+        }
+    }
+}

cloudplatform/connectivity-dwc/src/main/resources/META-INF/services/com.sap.cloud.sdk.cloudplatform.security.AuthTokenFacade

@@ -0,0 +1 @@
+com.sap.cloud.sdk.cloudplatform.security.DwcAuthTokenFacade

cloudplatform/connectivity-dwc/src/test/java/com/sap/cloud/sdk/cloudplatform/security/DwcAuthTokenFacadeTest.java

@@ -0,0 +1,63 @@
+package com.sap.cloud.sdk.cloudplatform.security;
+
+import static com.sap.cloud.sdk.cloudplatform.DwcHeaderUtils.DWC_JWT_HEADER;
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.util.Map;
+
+import org.junit.jupiter.api.Test;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.google.common.collect.ImmutableMap;
+import com.sap.cloud.sdk.cloudplatform.requestheader.RequestHeaderAccessor;
+import com.sap.cloud.sdk.cloudplatform.requestheader.RequestHeaderContainer;
+import com.sap.cloud.sdk.cloudplatform.security.exception.AuthTokenAccessException;
+import com.sap.cloud.sdk.cloudplatform.thread.ThreadContext;
+import com.sap.cloud.sdk.cloudplatform.thread.ThreadContextAccessor;
+
+import io.vavr.control.Try;
+
+class DwcAuthTokenFacadeTest
+{
+    @Test
+    void testFacadeIsPickedUpAutomatically()
+    {
+        assertThat(AuthTokenAccessor.getAuthTokenFacade()).isInstanceOf(DwcAuthTokenFacade.class);
+    }
+
+    @Test
+    void testSuccessfulAuthTokenRetrieval()
+    {
+        final String token = JWT.create().sign(Algorithm.none());
+
+        final AuthToken expectedToken = new AuthToken(JWT.decode(token));
+        final Map<String, String> headers = ImmutableMap.of(DWC_JWT_HEADER, token);
+
+        RequestHeaderAccessor.executeWithHeaderContainer(headers, () -> {
+            final ThreadContext currentContext = ThreadContextAccessor.getCurrentContext();
+            final AuthToken currentToken = AuthTokenAccessor.getCurrentToken();
+            final Try<AuthToken> maybeTokenFromContext =
+                currentContext.getPropertyValue(AuthTokenThreadContextListener.PROPERTY_AUTH_TOKEN);
+
+            assertThat(currentToken).isEqualTo(expectedToken);
+            assertThat(maybeTokenFromContext).contains(expectedToken);
+        });
+    }
+
+    @Test
+    void testUnsuccessfulAuthTokenRetrieval()
+    {
+        RequestHeaderAccessor.executeWithHeaderContainer(RequestHeaderContainer.EMPTY, () -> {
+            final ThreadContext currentContext = ThreadContextAccessor.getCurrentContext();
+            final Try<AuthToken> authTokenFailure = AuthTokenAccessor.tryGetCurrentToken();
+            final Try<AuthToken> shouldBeFailure =
+                currentContext.getPropertyValue(AuthTokenThreadContextListener.PROPERTY_AUTH_TOKEN);
+
+            assertThat(authTokenFailure.isFailure()).isTrue();
+            assertThat(authTokenFailure.getCause()).isInstanceOf(AuthTokenAccessException.class);
+            assertThat(shouldBeFailure.isFailure()).isTrue();
+            assertThat(authTokenFailure).isSameAs(shouldBeFailure);
+        });
+    }
+}

cloudplatform/security/src/main/resources/META-INF/services/com.sap.cloud.sdk.cloudplatform.security.AuthTokenFacade

@@ -20,4 +20,4 @@
 
 ### 🐛 Fixed Issues
 
-- 
+- Fix an issue where the `AuthTokenAccessor` would not recognise JWT tokens passed in via the `dwc-jwt` header.