entur · vpaturet · Jul 10, 2025
diff --git a/...t-test/java/no/entur/uttu/ext/entur/export/messaging/EnturPubSubMessagingServiceTest.java b/...t-test/java/no/entur/uttu/ext/entur/export/messaging/EnturPubSubMessagingServiceTest.java
@@ -16,40 +16,46 @@
 
 package no.entur.uttu.ext.entur.export.messaging;
 
+import static org.junit.Assert.*;
+
 import com.google.api.gax.core.CredentialsProvider;
 import com.google.api.gax.core.NoCredentialsProvider;
 import com.google.cloud.spring.pubsub.core.PubSubTemplate;
 import com.google.cloud.spring.pubsub.core.subscriber.PubSubSubscriberTemplate;
 import com.google.pubsub.v1.PubsubMessage;
 import java.nio.charset.StandardCharsets;
 import java.util.List;
+import java.util.Map;
 import no.entur.uttu.UttuIntegrationTest;
+import no.entur.uttu.config.Context;
 import no.entur.uttu.export.messaging.spi.MessagingService;
 import org.entur.pubsub.base.EnturGooglePubSubAdmin;
 import org.junit.After;
 import org.junit.AfterClass;
-import org.junit.Assert;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.rutebanken.helper.organisation.user.UserInfoExtractor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.DynamicPropertyRegistry;
 import org.springframework.test.context.DynamicPropertySource;
+import org.springframework.test.context.bean.override.mockito.MockitoBean;
 import org.testcontainers.containers.PubSubEmulatorContainer;
 import org.testcontainers.junit.jupiter.Testcontainers;
 import org.testcontainers.utility.DockerImageName;
 
 @Testcontainers
-@ActiveProfiles({ "in-memory-blobstore", "entur-pubsub-messaging-service" })
+@ActiveProfiles({ "in-memory-blobstore", "test", "entur-pubsub-messaging-service" })
 public class EnturPubSubMessagingServiceTest extends UttuIntegrationTest {
 
-  public static final String TEST_CODESPACE = "rut";
+  private static final String TEST_CODESPACE = "rut";
+  private static final String TEST_EXPORT_FILE_NAME = "netex.zip";
+  private static final String TEST_USERNAME = "TEST_USERNAME";
 
-  public static final String TEST_EXPORT_FILE_NAME = "netex.zip";
   private static PubSubEmulatorContainer pubsubEmulator;
 
   @Autowired
@@ -67,6 +73,9 @@ public class EnturPubSubMessagingServiceTest extends UttuIntegrationTest {
   @Value("${export.notify.queue.name:FlexibleLinesExportQueue}")
   private String queueName;
 
+  @MockitoBean
+  private UserInfoExtractor userInfoExtractor;
+
   @DynamicPropertySource
   static void emulatorProperties(DynamicPropertyRegistry registry) {
     registry.add(
@@ -97,6 +106,7 @@ public static void tearDown() {
   @Before
   public void setup() {
     enturGooglePubSubAdmin.createSubscriptionIfMissing(queueName);
+    Context.setUserName(TEST_USERNAME);
   }
 
   @After
@@ -120,13 +130,20 @@ public void testNotifyExport() {
     messagingService.notifyExport(TEST_CODESPACE, TEST_EXPORT_FILE_NAME);
 
     List<PubsubMessage> messages = pubSubTemplate.pullAndAck(queueName, 1, false);
-    Assert.assertEquals(1, messages.size());
-    PubsubMessage pubsubMessage = messages.get(0);
-    String codespace = pubsubMessage
-      .getAttributesMap()
-      .get(EnturPubSubMessagingService.HEADER_CHOUETTE_REFERENTIAL);
-    Assert.assertEquals("rb_" + TEST_CODESPACE, codespace);
-    Assert.assertEquals(
+    assertEquals(1, messages.size());
+    PubsubMessage pubsubMessage = messages.getFirst();
+    Map<String, String> headers = pubsubMessage.getAttributesMap();
+
+    String codespace = headers.get(
+      EnturPubSubMessagingService.HEADER_CHOUETTE_REFERENTIAL
+    );
+    assertEquals("rb_" + TEST_CODESPACE, codespace);
+
+    String userName = headers.get(EnturPubSubMessagingService.HEADER_USERNAME);
+    assertNotNull(userName);
+    assertTrue(userName.startsWith(TEST_USERNAME));
+
+    assertEquals(
       TEST_EXPORT_FILE_NAME,
       pubsubMessage.getData().toString(StandardCharsets.UTF_8)
     );

diff --git a/src/ext/java/no/entur/uttu/ext/entur/export/messaging/EnturPubSubMessagingService.java b/src/ext/java/no/entur/uttu/ext/entur/export/messaging/EnturPubSubMessagingService.java
@@ -48,7 +48,10 @@ public void notifyExport(final String codespace, String filename) {
         HEADER_CHOUETTE_REFERENTIAL,
         ExportUtil.getMigratedReferential(codespace)
       );
-      pubSubAttributes.put(HEADER_USERNAME, Context.getUsername() + " (via NPlan)");
+      pubSubAttributes.put(
+        HEADER_USERNAME,
+        Context.getVerifiedUsername() + " (via NPlan)"
+      );
       pubSubAttributes.put(HEADER_CORRELATION_ID, UUID.randomUUID().toString());
       pubSubTemplate.publish(queueName, filename, pubSubAttributes);
 

diff --git a/src/ext/java/no/entur/uttu/ext/entur/security/EnturSecurityConfiguration.java b/src/ext/java/no/entur/uttu/ext/entur/security/EnturSecurityConfiguration.java
@@ -80,18 +80,14 @@ WebClient internalWebClient(
       .build();
   }
 
-  @ConditionalOnProperty(
-    value = "entur.security.role.assignment.extractor",
-    havingValue = "jwt",
-    matchIfMissing = true
-  )
+  @ConditionalOnProperty(value = "uttu.security.user.info.extractor", havingValue = "jwt")
   @Bean
   public UserInfoExtractor jwtUserInfoExtractor() {
     return new JwtUserInfoExtractor();
   }
 
   @ConditionalOnProperty(
-    value = "entur.security.role.assignment.extractor",
+    value = "uttu.security.user.info.extractor",
     havingValue = "baba"
   )
   @Bean

diff --git a/src/main/java/no/entur/uttu/config/Context.java b/src/main/java/no/entur/uttu/config/Context.java
@@ -16,13 +16,11 @@
 package no.entur.uttu.config;
 
 import no.entur.uttu.util.Preconditions;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.jwt.Jwt;
 
 public class Context {
 
   private static ThreadLocal<String> providerPerThread = new ThreadLocal<>();
+  private static ThreadLocal<String> userNamePerThread = new ThreadLocal<>();
 
   public static void setProvider(String providerCode) {
     Preconditions.checkArgument(
@@ -36,24 +34,28 @@ public static String getProvider() {
     return providerPerThread.get();
   }
 
-  public static void clear() {
-    providerPerThread.remove();
-  }
-
-  public static String getUsername() {
-    String user = null;
-    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-    if (
-      auth != null && auth.getPrincipal() != null && auth.getPrincipal() instanceof Jwt
-    ) {
-      user = ((Jwt) auth.getPrincipal()).getClaimAsString("preferred_username");
-    }
-    return (user == null) ? "unknown" : user;
-  }
-
   public static String getVerifiedProviderCode() {
     String providerCode = Context.getProvider();
     Preconditions.checkArgument(providerCode != null, "Provider not set for session");
     return providerCode;
   }
+
+  public static void setUserName(String userName) {
+    Preconditions.checkArgument(
+      userName != null,
+      "Attempt to set userName = null for session"
+    );
+    userNamePerThread.set(userName);
+  }
+
+  public static String getVerifiedUsername() {
+    String userName = userNamePerThread.get();
+    Preconditions.checkArgument(userName != null, "Username not set for session");
+    return user
9E12
Name;
+  }
+
+  public static void clear() {
+    providerPerThread.remove();
+    userNamePerThread.remove();
+  }
 }
diff --git a/src/main/java/no/entur/uttu/export/resource/ExportFileDownloadResource.java b/src/main/java/no/entur/uttu/export/resource/ExportFileDownloadResource.java
@@ -57,30 +57,23 @@
     @PathParam("id") String exportId
   ) {
     Context.setProvider(providerCode);
-    try {
-      Export export = exportRepository.findByNetexIdAndProviderCode(
-        exportId,
-        providerCode
+    Export export = exportRepository.findByNetexIdAndProviderCode(exportId, providerCode);
+    if (export == null) {
+      throw new EntityNotFoundException("No export with id= " + exportId + " found");
+    }
+    if (!StringUtils.hasText(export.getFileName())) {
+      throw new EntityNotFoundException(
+        "Export with id= " + exportId + " does not have a reference to export file"
       );
-      if (export == null) {
-        throw new EntityNotFoundException("No export with id= " + exportId + " found");
-      }
-      if (!StringUtils.hasText(export.getFileName())) {
-        throw new EntityNotFoundException(
-          "Export with id= " + exportId + " does not have a reference to export file"
-        );
-      }
+    }
 
-      InputStream content = blobStoreRepository.getBlob(export.getFileName());
+    InputStream content = blobStoreRepository.getBlob(export.getFileName());
 
-      String fileNameOnly = Paths.get(export.getFileName()).getFileName().toString();
+    String fileNameOnly = Paths.get(export.getFileName()).getFileName().toString();
 
-      return Response
-        .ok(content, MediaType.APPLICATION_OCTET_STREAM)
-        .header("content-disposition", "attachment; filename = " + fileNameOnly)
-        .build();
-    } finally {
-      Context.clear();
-    }
+    return Response
+      .ok(content, MediaType.APPLICATION_OCTET_STREAM)
+      .header("content-disposition", "attachment; filename = " + fileNameOnly)
+      .build();
   }
 }
diff --git a/src/main/java/no/entur/uttu/graphql/resource/LinesGraphQLResource.java b/src/main/java/no/entur/uttu/graphql/resource/LinesGraphQLResource.java
@@ -62,11 +62,7 @@
     Map<String, Object> request
   ) {
     Context.setProvider(providerCode);
-    try {
-      return graphQLResourceHelper.executeStatement(linesGraphQL, request);
-    } finally {
-      Context.clear();
-    }
+    return graphQLResourceHelper.executeStatement(linesGraphQL, request);
   }
 
   @POST
@@ -78,15 +74,11 @@
     String query
   ) {
     Context.setProvider(providerCode);
-    try {
-      return graphQLResourceHelper.getGraphQLResponse(
-        linesGraphQL,
-        "query",
-        query,
-        new HashMap<>()
-      );
-    } finally {
-      Context.clear();
-    }
+    return graphQLResourceHelper.getGraphQLResponse(
+      linesGraphQL,
+      "query",
+      query,
+      new HashMap<>()
+    );
   }
 }
diff --git a/src/main/java/no/entur/uttu/model/IdentifiedEntity.java b/src/main/java/no/entur/uttu/model/IdentifiedEntity.java
@@ -107,7 +107,7 @@ public void setVersion(Long version) {
   @PrePersist
   @PreUpdate
   protected void setMetaData() {
-    String user = Context.getUsername();
+    String user = Context.getVerifiedUsername();
     Instant now = Instant.now();
     this.setChanged(now);
     this.setChangedBy(user);

diff --git a/src/main/java/no/entur/uttu/security/DefaultUserInfoExtractor.java b/src/main/java/no/entur/uttu/security/DefaultUserInfoExtractor.java
@@ -0,0 +1,39 @@
+package no.entur.uttu.security;
+
+import javax.annotation.Nullable;
+import org.rutebanken.helper.organisation.user.UserInfoExtractor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+
+/**
+ * Default UserInfoExtractor that retrieves the username from the standard OIDC claim "preferred_username".
+ * The preferred named is equal to the preferred username.
+ */
+public class DefaultUserInfoExtractor implements UserInfoExtractor {
+
+  private static final String CLAIM_OIDC_PREFERRED_USERNAME = "preferred_username";
+
+  @Nullable
+  @Override
+  public String getPreferredName() {
+    return getPreferredUsername();
+  }
+
+  @Nullable
+  @Override
+  public String getPreferredUsername() {
+    return getClaim(CLAIM_OIDC_PREFERRED_USERNAME);
+  }
+
+  private String getClaim(String claim) {
+    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+    if (auth instanceof JwtAuthenticationToken jwtAuthenticationToken) {
+      Jwt jwt = (Jwt) jwtAuthenticationToken.getPrincipal();
+      return jwt.getClaimAsString(claim);
+    } else {
+      return null;
+    }
+  }
+}
diff --git a/src/main/java/no/entur/uttu/security/UserInfoFilter.java b/src/main/java/no/entur/uttu/security/UserInfoFilter.java
@@ -0,0 +1,38 @@
+package no.entur.uttu.security;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import no.entur.uttu.config.Context;
+import org.rutebanken.helper.organisation.user.UserInfoExtractor;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+/**
+ * Set the username in the session context after successful authentication and
+ * clear the context after the response is sent.
+ */
+public class UserInfoFilter extends OncePerRequestFilter {
+
+  private final UserInfoExtractor userInfoExtractor;
+
+  public UserInfoFilter(UserInfoExtractor userInfoExtractor) {
+    this.userInfoExtractor = userInfoExtractor;
+  }
+
+  @Override
+  protected void doFilterInternal(
+    HttpServletRequest request,
+    HttpServletResponse response,
+    FilterChain filterChain
+  ) throws ServletException, IOException {
+    try {
+      String preferredUsername = userInfoExtractor.getPreferredUsername();
+      Context.setUserName(preferredUsername == null ? "unknown" : preferredUsername);
+      filterChain.doFilter(request, response);
+    } finally {
+      Context.clear();
+    }
+  }
+}