From 9468e712dd97c6bd847553bce38b1dbc73278838 Mon Sep 17 00:00:00 2001 From: Enrico Risa Date: Mon, 27 Nov 2023 17:51:33 +0100 Subject: [PATCH 1/3] docs: decision record about Protocol Services refactor --- .../README.md | 34 +++++++++++++++++++ docs/developer/decision-records/README.md | 2 ++ 2 files changed, 36 insertions(+) create mode 100644 docs/developer/decision-records/2023-11-27-refactor-protocol-services/README.md diff --git a/docs/developer/decision-records/2023-11-27-refactor-protocol-services/README.md b/docs/developer/decision-records/2023-11-27-refactor-protocol-services/README.md new file mode 100644 index 00000000000..4eeaa91ddc0 --- /dev/null +++ b/docs/developer/decision-records/2023-11-27-refactor-protocol-services/README.md @@ -0,0 +1,34 @@ +# Protocol Services Refactor + +## Decision + +Decouple the DSP (or other) protocol from the identity service and move the security checks (`IdentityService#verifyJwtToken`) +to the protocol service layer. + +## Rationale + +Implementations of `IdentityService`s may need additional context/request information when verifying the JWT token. At the +DSP (or other protocols) layer we don't have such information. Moving the security checks on the protocol services layer will +allow us to attach contextual information to a specific request (e.g. current policy if any). + +## Approach + +We will remove the usage of `IdentityService` from the `DspRequestHandlerImpl` and change the `serviceCall` field in `DspRequest` + +from: + +```java +BiFunction> serviceCall; +``` +to: +```java +BiFunction> serviceCall; +``` + +This will impact each method of the three protocol service we have now: + +- `CatalogProtocolService` +- `TransferProcessProtocolService` +- `ContractNegotiationProtocolService` + +In each implementation of such services, we'd have to call then the `IdentityService` for verifying the JWT token. \ No newline at end of file diff --git a/docs/developer/decision-records/README.md b/docs/developer/decision-records/README.md index ce1bb6670c2..aa02fb5fc85 100644 --- a/docs/developer/decision-records/README.md +++ b/docs/developer/decision-records/README.md @@ -50,3 +50,5 @@ - [2023-09-07 Policy Monitor](./2023-09-07-policy-monitor) - [2023-10-04 JSON-LD Scopes](./2023-10-04-json-ld-scopes) - [2023-11-09 API Versioning](./2023-11-09-api-versioning) +- [2023-11-09 Protocol Services Refactor](./2023-11-27-refactor-protocol-services) + From af29db00a692d82d0f0cbcbc2bfd46ebfc05c615 Mon Sep 17 00:00:00 2001 From: Enrico Risa Date: Tue, 28 Nov 2023 08:48:11 +0100 Subject: [PATCH 2/3] Update docs/developer/decision-records/2023-11-27-refactor-protocol-services/README.md Co-authored-by: Jim Marino --- .../2023-11-27-refactor-protocol-services/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/developer/decision-records/2023-11-27-refactor-protocol-services/README.md b/docs/developer/decision-records/2023-11-27-refactor-protocol-services/README.md index 4eeaa91ddc0..673a307952e 100644 --- a/docs/developer/decision-records/2023-11-27-refactor-protocol-services/README.md +++ b/docs/developer/decision-records/2023-11-27-refactor-protocol-services/README.md @@ -8,7 +8,7 @@ to the protocol service layer. ## Rationale Implementations of `IdentityService`s may need additional context/request information when verifying the JWT token. At the -DSP (or other protocols) layer we don't have such information. Moving the security checks on the protocol services layer will +DSP (or other protocols) layer we don't have such information. Moving the security checks to the protocol services layer will allow us to attach contextual information to a specific request (e.g. current policy if any). ## Approach From ebbbfa4b4b3661e03fb7ef09239e5822e57877ad Mon Sep 17 00:00:00 2001 From: Enrico Risa Date: Tue, 28 Nov 2023 08:59:16 +0100 Subject: [PATCH 3/3] chore: dependencies file --- DEPENDENCIES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 65a4a1e5727..f0fdcb7c69c 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -81,7 +81,7 @@ maven/mavencentral/com.jcraft/jzlib/1.1.3, BSD-2-Clause, approved, CQ6218 maven/mavencentral/com.lmax/disruptor/3.4.4, Apache-2.0, approved, clearlydefined maven/mavencentral/com.networknt/json-schema-validator/1.0.76, Apache-2.0, approved, CQ22638 maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.28, Apache-2.0, approved, clearlydefined -maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37, Apache-2.0, approved, #11086 +maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37, Apache-2.0, approved, #11701 maven/mavencentral/com.puppycrawl.tools/checkstyle/10.0, LGPL-2.1-or-later, approved, #7936 maven/mavencentral/com.samskivert/jmustache/1.15, BSD-2-Clause, approved, clearlydefined maven/mavencentral/com.squareup.okhttp3/okhttp-dnsoverhttps/4.12.0, Apache-2.0, approved, #11159