From e966b4016dd6726d9649db616fa6508177c052e5 Mon Sep 17 00:00:00 2001
From: Jens-Otto Larsen <jens-otto.larsen@nav.no>
Date: Thu, 22 Aug 2024 12:40:07 +0200
Subject: [PATCH] Forby innkommende STS unntatt spesielt annoterte endepunkt

---
 .../jaxrs/AuthenticationFilterDelegate.java    | 18 ++++--------------
 1 file changed, 4 insertions(+), 14 deletions(-)

diff --git a/felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java b/felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java
index 6560b948b..7994ce692 100644
--- a/felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java
+++ b/felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java
@@ -119,6 +119,10 @@ public static void validerTokenSetKontekst(ResourceInfo resourceInfo, ContainerR
         var expiresAt = Optional.ofNullable(JwtUtil.getExpirationTime(claims)).orElseGet(() -> Instant.now().plusSeconds(300));
         var token = new OpenIDToken(configuration.type(), OpenIDToken.OIDC_DEFAULT_TOKEN_TYPE, tokenString, null, expiresAt.toEpochMilli());
 
+        if (OpenIDProvider.STS.equals(configuration.type()) && getAnnotation(resourceInfo, TillatSTS.class).isEmpty()) {
+            throw new ValideringsFeil("Kall med STS til endepunkt som ikke eksplisitt tillater STS");
+        }
+
         // Valider
         var tokenValidator = OidcTokenValidatorConfig.instance().getValidator(token.provider());
         var validateResult = tokenValidator.validate(token.primary());
@@ -131,22 +135,8 @@ public static void validerTokenSetKontekst(ResourceInfo resourceInfo, ContainerR
         } else {
             throw new ValideringsFeil("Ugyldig token");
         }
-        logStsUsage(configuration.type(), resourceInfo, resourceInfo.getResourceMethod().getName());
     }
 
-    private static void logStsUsage(OpenIDProvider type, ResourceInfo resourceInfo, String metodenavn) {
-        if (OpenIDProvider.STS.equals(type)) {
-            var annotertTillatSts = getAnnotation(resourceInfo, TillatSTS.class).isPresent();
-            if (annotertTillatSts) {
-                LOG.info("Innkommende STS - metode {} har annotering TillatSTS", metodenavn);
-            } else {
-                LOG.info("Innkommende STS - metode {} mangler annotering TillatSTS", metodenavn);
-            }
-        }
-    }
-
-
-
     private static class TokenFeil extends RuntimeException {
         TokenFeil(String message) {
             super(message);