Added auth config

Altinn · Jan 22, 2025 · 7d17dbe · 7d17dbe
1 parent e3c1724
commit 7d17dbe
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 1 deletion.
diff --git a/src/Storage/Controllers/SblBridgeController.cs b/src/Storage/Controllers/SblBridgeController.cs
@@ -1,6 +1,8 @@
 using System;
 using System.Threading.Tasks;
 using Altinn.Platform.Storage.Clients;
+using Altinn.Platform.Storage.Helpers;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
@@ -10,6 +12,7 @@ namespace Altinn.Platform.Storage.Controllers
     /// API for use by Correspondence to support legacy solution by routing request to SBL Bridge
     /// </summary>
     [Route("storage/api/v1/sblbridge")]
+    [ApiController]
     public class SblBridgeController : ControllerBase
     {
         /// <summary>
@@ -27,6 +30,7 @@ public SblBridgeController(IPartiesWithInstancesClient partiesWithInstancesClien
         /// </summary>
         /// <param name="partyId">The party id that has become an Altinn 3 Correspondence recipient</param>
         [HttpPost("correspondencerecipient")]
+        [Authorize(Policy = AuthzConstants.POLICY_CORRESPONDENCE_SBLBRIDGE)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
         [Produces("application/json")]

diff --git a/src/Storage/Helpers/AuthzConstants.cs b/src/Storage/Helpers/AuthzConstants.cs
@@ -44,5 +44,10 @@ public static class AuthzConstants
         /// Policy tag for authorizing designer access
         /// </summary>
         public const string POLICY_STUDIO_DESIGNER = "StudioDesignerAccess";
+
+        /// <summary>
+        /// Policy tag for authorizing correspondence calls to SBL bridge
+        /// </summary>
+        public const string POLICY_CORRESPONDENCE_SBLBRIDGE = "CorrespondenceSblBridge";
     }
 }
diff --git a/src/Storage/Program.cs b/src/Storage/Program.cs
@@ -201,7 +201,6 @@ void ConfigureServices(IServiceCollection services, IConfiguration config)
     services.AddSingleton<IPublicSigningKeyProvider, PublicSigningKeyProvider>();
 
     GeneralSettings generalSettings = config.GetSection("GeneralSettings").Get<GeneralSettings>();
-
     services.AddAuthentication(JwtCookieDefaults.AuthenticationScheme)
         .AddJwtCookie(JwtCookieDefaults.AuthenticationScheme, options =>
         {
@@ -231,6 +230,7 @@ void ConfigureServices(IServiceCollection services, IConfiguration config)
         .AddPolicy(AuthzConstants.POLICY_INSTANCE_SIGN, policy => policy.Requirements.Add(new AppAccessRequirement("sign")))
         .AddPolicy(AuthzConstants.POLICY_SCOPE_APPDEPLOY, policy => policy.Requirements.Add(new ScopeAccessRequirement("altinn:appdeploy")))
         .AddPolicy(AuthzConstants.POLICY_STUDIO_DESIGNER, policy => policy.Requirements.Add(new ClaimAccessRequirement("urn:altinn:app", "studio.designer")))
+        .AddPolicy(AuthzConstants.POLICY_CORRESPONDENCE_SBLBRIDGE, policy => policy.Requirements.Add(new ScopeAccessRequirement("altinn:correspondence.sblbridge")))
         .AddPolicy("PlatformAccess", policy => policy.Requirements.Add(new AccessTokenRequirement()));
 
     services.AddSingleton<ClientIpCheckActionFilterAttribute>(container =>