diff --git a/DEPENDENCIES b/DEPENDENCIES index 65a4a1e5727..f0fdcb7c69c 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -81,7 +81,7 @@ maven/mavencentral/com.jcraft/jzlib/1.1.3, BSD-2-Clause, approved, CQ6218 maven/mavencentral/com.lmax/disruptor/3.4.4, Apache-2.0, approved, clearlydefined maven/mavencentral/com.networknt/json-schema-validator/1.0.76, Apache-2.0, approved, CQ22638 maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.28, Apache-2.0, approved, clearlydefined -maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37, Apache-2.0, approved, #11086 +maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37, Apache-2.0, approved, #11701 maven/mavencentral/com.puppycrawl.tools/checkstyle/10.0, LGPL-2.1-or-later, approved, #7936 maven/mavencentral/com.samskivert/jmustache/1.15, BSD-2-Clause, approved, clearlydefined maven/mavencentral/com.squareup.okhttp3/okhttp-dnsoverhttps/4.12.0, Apache-2.0, approved, #11159 diff --git a/docs/developer/decision-records/2023-11-27-refactor-protocol-services/README.md b/docs/developer/decision-records/2023-11-27-refactor-protocol-services/README.md new file mode 100644 index 00000000000..673a307952e --- /dev/null +++ b/docs/developer/decision-records/2023-11-27-refactor-protocol-services/README.md @@ -0,0 +1,34 @@ +# Protocol Services Refactor + +## Decision + +Decouple the DSP (or other) protocol from the identity service and move the security checks (`IdentityService#verifyJwtToken`) +to the protocol service layer. + +## Rationale + +Implementations of `IdentityService`s may need additional context/request information when verifying the JWT token. At the +DSP (or other protocols) layer we don't have such information. Moving the security checks to the protocol services layer will +allow us to attach contextual information to a specific request (e.g. current policy if any). + +## Approach + +We will remove the usage of `IdentityService` from the `DspRequestHandlerImpl` and change the `serviceCall` field in `DspRequest` + +from: + +```java +BiFunction> serviceCall; +``` +to: +```java +BiFunction> serviceCall; +``` + +This will impact each method of the three protocol service we have now: + +- `CatalogProtocolService` +- `TransferProcessProtocolService` +- `ContractNegotiationProtocolService` + +In each implementation of such services, we'd have to call then the `IdentityService` for verifying the JWT token. \ No newline at end of file diff --git a/docs/developer/decision-records/README.md b/docs/developer/decision-records/README.md index ce1bb6670c2..aa02fb5fc85 100644 --- a/docs/developer/decision-records/README.md +++ b/docs/developer/decision-records/README.md @@ -50,3 +50,5 @@ - [2023-09-07 Policy Monitor](./2023-09-07-policy-monitor) - [2023-10-04 JSON-LD Scopes](./2023-10-04-json-ld-scopes) - [2023-11-09 API Versioning](./2023-11-09-api-versioning) +- [2023-11-09 Protocol Services Refactor](./2023-11-27-refactor-protocol-services) +