feat(auth): endpoint and old PUC menu item to invalidate authorization cache [PPUC-318]

- depends on i18n added to pentaho-commons-gwt

Author: dcleao

assemblies/pentaho-solutions/src/main/resources/pentaho-solutions/system/applicationContext-spring-security-csrf.xml

@@ -56,8 +56,9 @@
           GET /api/system/refresh/reportingDataCache
           GET /api/system/refresh/mondrianSingleSchemaCache
           GET /api/system/refresh/mondrianSchemaCache
+          GET /api/system/refresh/authorizationDecisionCache
          -->
-        <swm:regex-request-matcher pattern="^/api/system/refresh/(globalActions|metadata|systemSettings|reportingDataCache|mondrianSingleSchemaCache|mondrianSchemaCache)\b.*" methods="GET" />
+        <swm:regex-request-matcher pattern="^/api/system/refresh/(globalActions|metadata|systemSettings|reportingDataCache|mondrianSingleSchemaCache|mondrianSchemaCache|authorizationDecisionCache)\b.*" methods="GET" />
 
         <!--
          POST /api/licenseManager/addLicense

extensions/src/main/java/org/pentaho/platform/web/http/api/resources/SystemRefreshResource.java

@@ -16,6 +16,7 @@
 import org.codehaus.enunciate.Facet;
 import org.pentaho.platform.api.engine.ICacheManager;
 import org.pentaho.platform.api.engine.IPentahoSession;
+import org.pentaho.platform.api.engine.security.authorization.caching.IAuthorizationDecisionCache;
 import org.pentaho.platform.engine.core.system.PentahoSessionHolder;
 import org.pentaho.platform.engine.core.system.PentahoSystem;
 import org.pentaho.platform.plugin.action.mondrian.catalog.IMondrianCatalogService;
@@ -155,6 +156,22 @@ public Response purgeReportingDataCache() {
     }
   }
 
+  @GET
+  @Path( "/authorizationDecisionCache" )
+  @Produces( { MediaType.TEXT_PLAIN, MediaType.APPLICATION_JSON } )
+  @Facet ( name = "Unsupported" )
+  public Response flushAuthorizationDecisionCache() {
+    if ( canAdminister() ) {
+      IAuthorizationDecisionCache decisionCache = PentahoSystem.get( IAuthorizationDecisionCache.class );
+      if ( decisionCache != null ) {
+        decisionCache.invalidateAll();
+      }
+      return Response.ok().type( MediaType.TEXT_PLAIN ).build();
+    } else {
+      return Response.status( UNAUTHORIZED ).build();
+    }
+  }
+
   private boolean canAdminister() {
     return SystemUtils.canAdminister();
   }

user-console/src/main/java/org/pentaho/mantle/client/commands/PurgeAuthorizationDecisionCacheCommand.java

@@ -0,0 +1,62 @@
+/*! ******************************************************************************
+ *
+ * Pentaho
+ *
+ * Copyright (C) 2024 by Hitachi Vantara, LLC : http://www.pentaho.com
+ *
+ * Use of this software is governed by the Business Source License included
+ * in the LICENSE.TXT file.
+ *
+ * Change Date: 2029-07-20
+ ******************************************************************************/
+
+
+package org.pentaho.mantle.client.commands;
+
+import com.google.gwt.core.client.GWT;
+import com.google.gwt.http.client.Request;
+import com.google.gwt.http.client.RequestBuilder;
+import com.google.gwt.http.client.RequestCallback;
+import com.google.gwt.http.client.RequestException;
+import com.google.gwt.http.client.Response;
+import com.google.gwt.user.client.Window;
+import org.pentaho.gwt.widgets.client.dialogs.MessageDialogBox;
+import org.pentaho.mantle.client.csrf.CsrfRequestBuilder;
+import org.pentaho.mantle.client.messages.Messages;
+
+public class PurgeAuthorizationDecisionCacheCommand extends AbstractCommand {
+
+  @Override
+  protected void performOperation() {
+    performOperation( true );
+  }
+
+  @Override
+  protected void performOperation( final boolean feedback ) {
+    String url = GWT.getHostPageBaseURL() + "api/system/refresh/authorizationDecisionCache";
+    RequestBuilder requestBuilder = new CsrfRequestBuilder( RequestBuilder.GET, url );
+    requestBuilder.setHeader( "If-Modified-Since", "01 Jan 1970 00:00:00 GMT" );
+    requestBuilder.setHeader( "accept", "text/plain" );
+    try {
+      requestBuilder.sendRequest( null, new RequestCallback() {
+
+        public void onError( Request request, Throwable exception ) {
+          // Do nothing.
+        }
+
+        public void onResponseReceived( Request request, Response response ) {
+          MessageDialogBox dialogBox =
+            new MessageDialogBox(
+              Messages.getString( "info" ),
+              Messages.getString( "authorizationDecisionCacheFlushedSuccessfully" ),
+              false,
+              false,
+              true );
+          dialogBox.center();
+        }
+      } );
+    } catch ( RequestException e ) {
+      Window.alert( e.getMessage() );
+    }
+  }
+}

user-console/src/main/resources/org/pentaho/mantle/public/xul/mantle.xul

@@ -48,6 +48,8 @@
                   command="mantleXulHandler.executeMantleCommand('PurgeMondrianSchemaCacheCommand')"/>
         <menuitem id="purgeReportingDataCacheMenuItem" label="${purgeReportingDataCache}"
                   command="mantleXulHandler.executeMantleCommand('PurgeReportingDataCacheCommand')"/>
+        <menuitem id="purgeAuthorizationDecisionCacheMenuItem" label="${purgeAuthorizationDecisionCache}"
+                  command="mantleXulHandler.executeMantleCommand('PurgeAuthorizationDecisionCacheCommand')"/>
       </menubar>
 
       <!-- Uncomment line below to enable 'PDI Status page' menu item -->