From bffca64b91643276edf1833528614f7cad9452ee Mon Sep 17 00:00:00 2001
From: Sonia Zorba <sonia.zorba@inaf.it>
Date: Sat, 28 Nov 2020 10:10:30 +0100
Subject: [PATCH] Refactoring: RAP token passed as parameter
---
.../java/it/inaf/ia2/gms/GmsApplication.java | 66 +++----------------
.../java/it/inaf/ia2/gms/authn/JWTFilter.java | 18 +++--
.../java/it/inaf/ia2/gms/authn/RapClient.java | 17 +++++
.../it/inaf/ia2/gms/authn/RapPrincipal.java | 8 ++-
.../it/inaf/ia2/gms/authn/SecurityConfig.java | 10 +--
.../inaf/ia2/gms/authn/ServletRapClient.java | 27 ++++++++
.../it/inaf/ia2/gms/authn/SessionData.java | 5 --
.../ia2/gms/controller/UsersController.java | 2 +-
.../ia2/gms/manager/GroupStatusManager.java | 8 ++-
.../manager/InvitedRegistrationManager.java | 3 +-
.../ia2/gms/manager/MembershipManager.java | 2 +-
.../ia2/gms/manager/PermissionsManager.java | 8 ++-
.../inaf/ia2/gms/service/SearchService.java | 2 +-
.../inaf/ia2/gms/authn/SessionDataTest.java | 16 ++---
.../InvitedRegistrationManagerTest.java | 2 +-
.../PermissionsManagerIntegrationTest.java | 2 +-
.../manager/UserAwareComponentTestUtil.java | 2 +-
.../NestedGroupsIntegrationTest.java | 2 +-
.../ia2/gms/service/SearchServiceTest.java | 2 +-
19 files changed, 99 insertions(+), 103 deletions(-)
create mode 100644 gms/src/main/java/it/inaf/ia2/gms/authn/RapClient.java
create mode 100644 gms/src/main/java/it/inaf/ia2/gms/authn/ServletRapClient.java
diff --git a/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java b/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
index 367d422..be65afa 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
@@ -2,15 +2,8 @@ package it.inaf.ia2.gms;
import it.inaf.ia2.aa.AuthConfig;
import it.inaf.ia2.aa.ServiceLocator;
-import it.inaf.ia2.aa.data.ServletCodeRequestData;
-import it.inaf.ia2.client.QueryStringBuilder;
-import it.inaf.ia2.client.UriCustomizer;
-import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB;
-import it.inaf.ia2.gms.exception.BadRequestException;
-import it.inaf.ia2.rap.client.RapClient;
-import java.net.URI;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+import it.inaf.ia2.aa.UserManager;
+import it.inaf.ia2.gms.authn.ServletRapClient;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
@@ -32,55 +25,12 @@ public class GmsApplication {
}
@Bean
- public RapClient rapClient(AuthConfig authConfig) {
-
- URI defaultAuthorizationUri = URI.create(authConfig.getRapBaseUri())
- .resolve(authConfig.getUserAuthorizationEndpoint());
-
- URI defaultAccessTokenUri = URI.create(authConfig.getRapBaseUri())
- .resolve(authConfig.getAccessTokenEndpoint());
-
- RapClient rapClient = ServiceLocator.getInstance().getRapClient();
-
- rapClient.setAuthorizationUriCustomizer(new UriCustomizer<HttpServletRequest>() {
-
- @Override
- public URI getBaseUri(HttpServletRequest req) {
- // for a better security we should check for allowed redirects
- String redirect = req.getParameter("redirect");
- if (redirect != null) {
- return URI.create(redirect);
- }
- return defaultAuthorizationUri;
- }
-
- @Override
- public void customizeQueryString(HttpServletRequest req, QueryStringBuilder queryStringBuilder) {
- String clientDb = req.getParameter(CLIENT_DB);
- if (clientDb == null) {
- HttpSession session = req.getSession(false);
- if (session != null) {
- clientDb = (String) session.getAttribute(CLIENT_DB);
- }
- }
- if (clientDb == null) {
- throw new BadRequestException("client_db not set");
- }
- queryStringBuilder.param(CLIENT_DB, clientDb);
- }
- });
-
- rapClient.setAccessTokenUriCustomizer(new UriCustomizer<ServletCodeRequestData>() {
- @Override
- public URI getBaseUri(ServletCodeRequestData req) {
- String redirect = req.getCodeRequest().getParameter("token_uri");
- if (redirect != null) {
- return URI.create(redirect);
- }
- return defaultAccessTokenUri;
- }
- });
+ public UserManager userManager() {
+ return ServiceLocator.getInstance().getUserManager();
+ }
- return rapClient;
+ @Bean
+ public ServletRapClient servletRapClient() {
+ return (ServletRapClient) ServiceLocator.getInstance().getRapClient();
}
}
diff --git a/gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java b/gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java
index f2c047c..92845ce 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java
@@ -1,8 +1,8 @@
package it.inaf.ia2.gms.authn;
+import it.inaf.ia2.aa.UserManager;
import it.inaf.ia2.aa.data.User;
import it.inaf.ia2.gms.persistence.LoggingDAO;
-import it.inaf.ia2.rap.client.RapClient;
import java.io.IOException;
import java.security.Principal;
import java.util.Map;
@@ -19,11 +19,11 @@ import javax.servlet.http.HttpSession;
public class JWTFilter implements Filter {
private final LoggingDAO loggingDAO;
- private final RapClient rapClient;
+ private final UserManager userManager;
- public JWTFilter(LoggingDAO loggingDAO, RapClient rapClient) {
+ public JWTFilter(LoggingDAO loggingDAO, UserManager userManager) {
this.loggingDAO = loggingDAO;
- this.rapClient = rapClient;
+ this.userManager = userManager;
}
@Override
@@ -40,7 +40,6 @@ public class JWTFilter implements Filter {
HttpSession session = request.getSession(false);
User user = (User) session.getAttribute("user_data");
if (user != null) {
- rapClient.setAccessToken(user.getAccessToken());
ServletRequestWithSessionPrincipal wrappedRequest = new ServletRequestWithSessionPrincipal(request, user);
fc.doFilter(wrappedRequest, res);
return;
@@ -53,8 +52,7 @@ public class JWTFilter implements Filter {
String token = authHeader.replace("Bearer", "").trim();
- rapClient.setAccessToken(token);
- Map<String, Object> claims = rapClient.parseIdTokenClaims(token);
+ Map<String, Object> claims = userManager.parseIdTokenClaims(token);
if (claims.get("sub") == null) {
loggingDAO.logAction("Attempt to access WS with invalid token", request);
@@ -62,7 +60,7 @@ public class JWTFilter implements Filter {
return;
}
- ServletRequestWithJWTPrincipal wrappedRequest = new ServletRequestWithJWTPrincipal(request, claims);
+ ServletRequestWithJWTPrincipal wrappedRequest = new ServletRequestWithJWTPrincipal(request, token, claims);
loggingDAO.logAction("WS access from " + wrappedRequest.getUserPrincipal().getName(), request);
fc.doFilter(wrappedRequest, res);
@@ -87,9 +85,9 @@ public class JWTFilter implements Filter {
private final RapPrincipal principal;
- public ServletRequestWithJWTPrincipal(HttpServletRequest request, Map<String, Object> jwtClaims) {
+ public ServletRequestWithJWTPrincipal(HttpServletRequest request, String token, Map<String, Object> jwtClaims) {
super(request);
- this.principal = new RapPrincipal(jwtClaims);
+ this.principal = new RapPrincipal(token, jwtClaims);
}
@Override
diff --git a/gms/src/main/java/it/inaf/ia2/gms/authn/RapClient.java b/gms/src/main/java/it/inaf/ia2/gms/authn/RapClient.java
new file mode 100644
index 0000000..0da0a4f
--- /dev/null
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/RapClient.java
@@ -0,0 +1,17 @@
+package it.inaf.ia2.gms.authn;
+
+import it.inaf.ia2.rap.client.BoundedRapClient;
+import javax.servlet.http.HttpServletRequest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.annotation.RequestScope;
+
+@Component
+@RequestScope
+public class RapClient extends BoundedRapClient<HttpServletRequest> {
+
+ @Autowired
+ public RapClient(ServletRapClient servletRapClient, HttpServletRequest request) {
+ super(servletRapClient, request);
+ }
+}
diff --git a/gms/src/main/java/it/inaf/ia2/gms/authn/RapPrincipal.java b/gms/src/main/java/it/inaf/ia2/gms/authn/RapPrincipal.java
index 174ff2f..3d45ad2 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/RapPrincipal.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/RapPrincipal.java
@@ -5,10 +5,12 @@ import java.util.Map;
public class RapPrincipal implements Principal {
+ private final String token;
private final String sub;
private final String altSub;
- public RapPrincipal(Map<String, Object> jwtClaims) {
+ public RapPrincipal(String token, Map<String, Object> jwtClaims) {
+ this.token = token;
sub = (String) jwtClaims.get("sub");
altSub = (String) jwtClaims.get("alt_sub");
}
@@ -24,4 +26,8 @@ public class RapPrincipal implements Principal {
public String getAlternativeName() {
return altSub;
}
+
+ public String getToken() {
+ return token;
+ }
}
diff --git a/gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java b/gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java
index 92e04da..d538231 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java
@@ -1,8 +1,8 @@
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.AuthConfig;
+import it.inaf.ia2.aa.UserManager;
import it.inaf.ia2.gms.persistence.LoggingDAO;
-import it.inaf.ia2.rap.client.RapClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
@@ -46,9 +46,9 @@ public class SecurityConfig {
}
@Bean
- public FilterRegistrationBean clientDbFilter(AuthConfig authConfig, RapClient rapClient) {
+ public FilterRegistrationBean clientDbFilter(AuthConfig authConfig, UserManager userManager) {
FilterRegistrationBean bean = new FilterRegistrationBean();
- bean.setFilter(new ClientDbFilter(authConfig, rapClient));
+ bean.setFilter(new ClientDbFilter(authConfig, userManager));
bean.addUrlPatterns("/*");
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return bean;
@@ -58,9 +58,9 @@ public class SecurityConfig {
* Checks JWT for web services.
*/
@Bean
- public FilterRegistrationBean serviceJWTFilter(LoggingDAO loggingDAO, RapClient rapClient) {
+ public FilterRegistrationBean serviceJWTFilter(LoggingDAO loggingDAO, UserManager userManager) {
FilterRegistrationBean bean = new FilterRegistrationBean();
- bean.setFilter(new JWTFilter(loggingDAO, rapClient));
+ bean.setFilter(new JWTFilter(loggingDAO, userManager));
bean.addUrlPatterns("/*");
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return bean;
diff --git a/gms/src/main/java/it/inaf/ia2/gms/authn/ServletRapClient.java b/gms/src/main/java/it/inaf/ia2/gms/authn/ServletRapClient.java
new file mode 100644
index 0000000..63e299e
--- /dev/null
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/ServletRapClient.java
@@ -0,0 +1,27 @@
+package it.inaf.ia2.gms.authn;
+
+import it.inaf.ia2.aa.data.User;
+import it.inaf.ia2.rap.client.RapClient;
+import java.security.Principal;
+import javax.servlet.http.HttpServletRequest;
+
+public class ServletRapClient extends RapClient<HttpServletRequest> {
+
+ public ServletRapClient(String baseUrl) {
+ super(baseUrl);
+ }
+
+ @Override
+ protected String getAccessToken(HttpServletRequest request) {
+ Principal principal = request.getUserPrincipal();
+ if (principal != null) {
+ if (principal instanceof User) {
+ return ((User) principal).getAccessToken();
+ }
+ if (principal instanceof RapPrincipal) {
+ return ((RapPrincipal) principal).getToken();
+ }
+ }
+ return null;
+ }
+}
diff --git a/gms/src/main/java/it/inaf/ia2/gms/authn/SessionData.java b/gms/src/main/java/it/inaf/ia2/gms/authn/SessionData.java
index 6d4194e..c420466 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/SessionData.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/SessionData.java
@@ -1,7 +1,6 @@
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.data.User;
-import it.inaf.ia2.rap.client.RapClient;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
@@ -20,9 +19,6 @@ public class SessionData {
@Autowired
private HttpServletRequest request;
- @Autowired
- private RapClient rapClient;
-
@PostConstruct
public void init() {
HttpSession session = request.getSession(false);
@@ -33,7 +29,6 @@ public class SessionData {
public void setUser(User user) {
this.user = user;
- rapClient.setAccessToken(user.getAccessToken());
}
public String getUserId() {
diff --git a/gms/src/main/java/it/inaf/ia2/gms/controller/UsersController.java b/gms/src/main/java/it/inaf/ia2/gms/controller/UsersController.java
index 5d96ed4..082a4f3 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/controller/UsersController.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/controller/UsersController.java
@@ -1,6 +1,6 @@
package it.inaf.ia2.gms.controller;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.RapUser;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
diff --git a/gms/src/main/java/it/inaf/ia2/gms/manager/GroupStatusManager.java b/gms/src/main/java/it/inaf/ia2/gms/manager/GroupStatusManager.java
index f3792ca..f66d094 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/manager/GroupStatusManager.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/manager/GroupStatusManager.java
@@ -7,13 +7,14 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.MembershipEntity;
import it.inaf.ia2.gms.service.GroupsService;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.RapUser;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -72,8 +73,9 @@ public class GroupStatusManager extends UserAwareComponent {
}
Map<String, String> usersMap = new HashMap<>();
- for (RapUser user : rapClient.getUsers(memberships.stream()
- .map(u -> u.getUserId()).collect(Collectors.toSet()))) {
+ Set<String> ids = memberships.stream().map(u -> u.getUserId()).collect(Collectors.toSet());
+ List<RapUser> usersList = rapClient.getUsers(ids);
+ for (RapUser user : usersList) {
usersMap.put(user.getId(), user.getPrimaryEmailAddress());
}
diff --git a/gms/src/main/java/it/inaf/ia2/gms/manager/InvitedRegistrationManager.java b/gms/src/main/java/it/inaf/ia2/gms/manager/InvitedRegistrationManager.java
index 7c9525d..db85c42 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/manager/InvitedRegistrationManager.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/manager/InvitedRegistrationManager.java
@@ -1,6 +1,5 @@
package it.inaf.ia2.gms.manager;
-import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.exception.BadRequestException;
import it.inaf.ia2.gms.exception.NotFoundException;
import it.inaf.ia2.gms.exception.UnauthorizedException;
@@ -14,7 +13,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.InvitedRegistration;
import it.inaf.ia2.gms.persistence.model.MembershipEntity;
import it.inaf.ia2.gms.service.PermissionsService;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
diff --git a/gms/src/main/java/it/inaf/ia2/gms/manager/MembershipManager.java b/gms/src/main/java/it/inaf/ia2/gms/manager/MembershipManager.java
index 83340a5..9e27198 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/manager/MembershipManager.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/manager/MembershipManager.java
@@ -9,7 +9,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.MembershipEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.service.PermissionUtils;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.RapUser;
import java.util.HashSet;
import java.util.List;
diff --git a/gms/src/main/java/it/inaf/ia2/gms/manager/PermissionsManager.java b/gms/src/main/java/it/inaf/ia2/gms/manager/PermissionsManager.java
index 00a2545..0bdbbb7 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/manager/PermissionsManager.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/manager/PermissionsManager.java
@@ -8,7 +8,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.service.PermissionUtils;
import it.inaf.ia2.gms.service.PermissionsService;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.RapUser;
import java.util.ArrayList;
import java.util.List;
@@ -44,13 +44,15 @@ public class PermissionsManager extends UserAwareComponent {
.map(p -> p.getUserId())
.collect(Collectors.toSet());
- Map<String, RapUser> users = rapClient.getUsers(userIdentifiers).stream()
+ List<RapUser> users = rapClient.getUsers(userIdentifiers);
+
+ Map<String, RapUser> usersMap = users.stream()
.collect(Collectors.toMap(RapUser::getId, Function.identity()));
List<RapUserPermission> result = new ArrayList<>();
for (PermissionEntity p : permissions) {
- RapUser rapUser = users.get(p.getUserId());
+ RapUser rapUser = usersMap.get(p.getUserId());
if (rapUser != null) {
RapUserPermission permission = new RapUserPermission();
permission.setPermission(p.getPermission());
diff --git a/gms/src/main/java/it/inaf/ia2/gms/service/SearchService.java b/gms/src/main/java/it/inaf/ia2/gms/service/SearchService.java
index 8ba7f3c..9cd5d43 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/service/SearchService.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/service/SearchService.java
@@ -13,7 +13,7 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
import it.inaf.ia2.gms.persistence.PermissionsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
diff --git a/gms/src/test/java/it/inaf/ia2/gms/authn/SessionDataTest.java b/gms/src/test/java/it/inaf/ia2/gms/authn/SessionDataTest.java
index 75d4498..3b324cc 100644
--- a/gms/src/test/java/it/inaf/ia2/gms/authn/SessionDataTest.java
+++ b/gms/src/test/java/it/inaf/ia2/gms/authn/SessionDataTest.java
@@ -1,7 +1,7 @@
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.data.User;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import static org.junit.Assert.assertTrue;
@@ -19,7 +19,7 @@ public class SessionDataTest {
@Mock
private HttpServletRequest request;
-
+
@Mock
private RapClient rapClient;
@@ -32,12 +32,12 @@ public class SessionDataTest {
HttpSession session = mock(HttpSession.class);
when(request.getSession(eq(false))).thenReturn(session);
- User user = new User()
- .setUserId("123")
- .setUserLabel("Name Surname")
- .setAccessToken("<access_token>")
- .setRefreshToken("<refresh_token>")
- .setExpiresIn(3600);
+ User user = new User();
+ user.setUserId("123");
+ user.setUserLabel("Name Surname");
+ user.setAccessToken("<access_token>");
+ user.setRefreshToken("<refresh_token>");
+ user.setExpiresIn(3600);
when(session.getAttribute(eq("user_data"))).thenReturn(user);
diff --git a/gms/src/test/java/it/inaf/ia2/gms/manager/InvitedRegistrationManagerTest.java b/gms/src/test/java/it/inaf/ia2/gms/manager/InvitedRegistrationManagerTest.java
index 4ce897a..7c6956e 100644
--- a/gms/src/test/java/it/inaf/ia2/gms/manager/InvitedRegistrationManagerTest.java
+++ b/gms/src/test/java/it/inaf/ia2/gms/manager/InvitedRegistrationManagerTest.java
@@ -9,7 +9,7 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.InvitedRegistration;
import it.inaf.ia2.gms.service.PermissionsService;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.Identity;
import it.inaf.ia2.rap.data.IdentityType;
import it.inaf.ia2.rap.data.RapUser;
diff --git a/gms/src/test/java/it/inaf/ia2/gms/manager/PermissionsManagerIntegrationTest.java b/gms/src/test/java/it/inaf/ia2/gms/manager/PermissionsManagerIntegrationTest.java
index b0b7360..ad13806 100644
--- a/gms/src/test/java/it/inaf/ia2/gms/manager/PermissionsManagerIntegrationTest.java
+++ b/gms/src/test/java/it/inaf/ia2/gms/manager/PermissionsManagerIntegrationTest.java
@@ -9,7 +9,7 @@ import it.inaf.ia2.gms.persistence.PermissionsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.service.PermissionsService;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.RapUser;
import java.util.Collections;
import java.util.List;
diff --git a/gms/src/test/java/it/inaf/ia2/gms/manager/UserAwareComponentTestUtil.java b/gms/src/test/java/it/inaf/ia2/gms/manager/UserAwareComponentTestUtil.java
index 79ebcda..e61703b 100644
--- a/gms/src/test/java/it/inaf/ia2/gms/manager/UserAwareComponentTestUtil.java
+++ b/gms/src/test/java/it/inaf/ia2/gms/manager/UserAwareComponentTestUtil.java
@@ -13,7 +13,7 @@ public class UserAwareComponentTestUtil {
public static void setUser(UserAwareComponent component, String userId) {
Map<String, Object> jwtClaims = new HashMap<>();
jwtClaims.put("sub", userId);
- RapPrincipal principal = new RapPrincipal(jwtClaims);
+ RapPrincipal principal = new RapPrincipal("token", jwtClaims);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getUserPrincipal()).thenReturn(principal);
ReflectionTestUtils.setField(component, "request", request);
diff --git a/gms/src/test/java/it/inaf/ia2/gms/persistence/NestedGroupsIntegrationTest.java b/gms/src/test/java/it/inaf/ia2/gms/persistence/NestedGroupsIntegrationTest.java
index 73d7d99..70896ea 100644
--- a/gms/src/test/java/it/inaf/ia2/gms/persistence/NestedGroupsIntegrationTest.java
+++ b/gms/src/test/java/it/inaf/ia2/gms/persistence/NestedGroupsIntegrationTest.java
@@ -12,7 +12,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.service.GroupsTreeBuilder;
import it.inaf.ia2.gms.service.PermissionsService;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
import java.util.List;
import javax.sql.DataSource;
import static org.junit.Assert.assertEquals;
diff --git a/gms/src/test/java/it/inaf/ia2/gms/service/SearchServiceTest.java b/gms/src/test/java/it/inaf/ia2/gms/service/SearchServiceTest.java
index de6961a..8cd0024 100644
--- a/gms/src/test/java/it/inaf/ia2/gms/service/SearchServiceTest.java
+++ b/gms/src/test/java/it/inaf/ia2/gms/service/SearchServiceTest.java
@@ -11,7 +11,7 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
import it.inaf.ia2.gms.persistence.PermissionsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.Identity;
import it.inaf.ia2.rap.data.IdentityType;
import it.inaf.ia2.rap.data.RapUser;
--
GitLab