Implements a feature to support the Submodel-based RBAC rules backend for the remaining components (#574)

* Adds dynamic RBAC to SM/CD Rep, SM Reg, and AAS Environment

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Reverts GitHub CI

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Attempts CI fix

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Reverts GitHub CI

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Reverts GitHub CI

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Adds shading plugin

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Adds dependency to parent pom

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Excludes SM dependencies

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Fixes the TargetInfoAdapter Bean in Aas Env

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Adds filtering options in Authorization

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Fixes Keycloak issues

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Reverts BaSyx Realm

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Fixes import issues in SM Registry

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Fixes app.prop of aas env

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Fixes CI

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Fixes AAS and SM Reg tests

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Allows swagger ui api endpoint without auth

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Allows swagger ui api endpoint without auth

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Allows Swagger API without authorization

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Refactors classes

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Addresses review remarks

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

* Addresses review remarks

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

---------

Signed-off-by: Mohammad Ghazanfar Ali Danish <[email protected]>

Author: mdanish98

basyx.aasenvironment/basyx.aasenvironment-feature-authorization/pom.xml

@@ -81,6 +81,10 @@
 		<dependency>
 			<groupId>org.eclipse.digitaltwin.basyx</groupId>
 			<artifactId>basyx.authorization.rules.rbac.backend.inmemory</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.eclipse.digitaltwin.basyx</groupId>
+			<artifactId>basyx.authorization.rules.rbac.backend.submodel</artifactId>
 		</dependency> 
 	</dependencies>
 </project>

basyx.aasenvironment/basyx.aasenvironment-feature-authorization/src/main/java/org/eclipse/digitaltwin/basyx/aasenvironment/feature/authorization/AuthorizedAasEnvironmentConfiguration.java

@@ -27,13 +27,16 @@
 
 import org.eclipse.digitaltwin.basyx.aasenvironment.AasEnvironment;
 import org.eclipse.digitaltwin.basyx.aasenvironment.feature.authorization.rbac.AasEnvironmentTargetPermissionVerifier;
+import org.eclipse.digitaltwin.basyx.aasenvironment.feature.authorization.rbac.backend.submodel.AasEnvironmentTargetInformationAdapter;
 import org.eclipse.digitaltwin.basyx.aasenvironment.preconfiguration.AasEnvironmentPreconfigurationLoader;
 import org.eclipse.digitaltwin.basyx.authorization.CommonAuthorizationProperties;
 import org.eclipse.digitaltwin.basyx.authorization.rbac.RbacPermissionResolver;
 import org.eclipse.digitaltwin.basyx.authorization.rbac.RbacStorage;
 import org.eclipse.digitaltwin.basyx.authorization.rbac.SimpleRbacPermissionResolver;
 import org.eclipse.digitaltwin.basyx.authorization.rbac.RoleProvider;
 import org.eclipse.digitaltwin.basyx.authorization.rbac.TargetPermissionVerifier;
+import org.eclipse.digitaltwin.basyx.authorization.rules.rbac.backend.submodel.TargetInformationAdapter;
+import org.eclipse.digitaltwin.basyx.conceptdescriptionrepository.feature.authorization.rbac.backend.submodel.CDTargetInformationAdapter;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -67,5 +70,12 @@ public RbacPermissionResolver<AasEnvironmentTargetInformation> getAasEnvironment
 	public static AasEnvironmentPreconfigurationLoader getAuthorizedAasEnvironmentPreconfigurationLoader(ResourceLoader resourceLoader, List<String> pathsToLoad) {
 		return new AuthorizedAASEnvironmentPreconfigurationLoader(resourceLoader, pathsToLoad);
 	}
+	
+	@Bean
+	@Primary
+	public TargetInformationAdapter getAasEnvInformationAdapter() {
+
+		return new AasEnvironmentTargetInformationAdapter();
+	}
 
 }

basyx.aasenvironment/basyx.aasenvironment-feature-authorization/src/main/java/org/eclipse/digitaltwin/basyx/aasenvironment/feature/authorization/rbac/backend/submodel/AasEnvironmentTargetInformationAdapter.java

@@ -0,0 +1,134 @@
+/*******************************************************************************
+ * Copyright (C) 2025 the Eclipse BaSyx Authors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * SPDX-License-Identifier: MIT
+ ******************************************************************************/
+
+package org.eclipse.digitaltwin.basyx.aasenvironment.feature.authorization.rbac.backend.submodel;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.eclipse.digitaltwin.aas4j.v3.model.Property;
+import org.eclipse.digitaltwin.aas4j.v3.model.SubmodelElement;
+import org.eclipse.digitaltwin.aas4j.v3.model.SubmodelElementCollection;
+import org.eclipse.digitaltwin.aas4j.v3.model.SubmodelElementList;
+import org.eclipse.digitaltwin.aas4j.v3.model.impl.DefaultProperty;
+import org.eclipse.digitaltwin.aas4j.v3.model.impl.DefaultSubmodelElementCollection;
+import org.eclipse.digitaltwin.aas4j.v3.model.impl.DefaultSubmodelElementList;
+import org.eclipse.digitaltwin.basyx.aasenvironment.feature.authorization.AasEnvironmentTargetInformation;
+import org.eclipse.digitaltwin.basyx.aasrepository.feature.authorization.AasTargetInformation;
+import org.eclipse.digitaltwin.basyx.aasrepository.feature.authorization.rbac.backend.submodel.AasTargetInformationAdapter;
+import org.eclipse.digitaltwin.basyx.authorization.rbac.TargetInformation;
+import org.eclipse.digitaltwin.basyx.authorization.rules.rbac.backend.submodel.TargetInformationAdapter;
+import org.eclipse.digitaltwin.basyx.conceptdescriptionrepository.feature.authorization.ConceptDescriptionTargetInformation;
+import org.eclipse.digitaltwin.basyx.conceptdescriptionrepository.feature.authorization.rbac.backend.submodel.CDTargetInformationAdapter;
+import org.eclipse.digitaltwin.basyx.core.exceptions.InvalidTargetInformationException;
+import org.eclipse.digitaltwin.basyx.submodelrepository.feature.authorization.SubmodelTargetInformation;
+import org.eclipse.digitaltwin.basyx.submodelrepository.feature.authorization.rbac.backend.submodel.SubmodelTargetInformationAdapter;
+
+/**
+ * An implementation of the {@link TargetInformationAdapter} to adapt with Aas
+ * {@link TargetInformation}
+ * 
+ * @author danish
+ */
+public class AasEnvironmentTargetInformationAdapter implements TargetInformationAdapter {
+
+	@Override
+	public SubmodelElementCollection adapt(TargetInformation targetInformation) {
+		
+		if (targetInformation instanceof AasTargetInformation)
+			return new AasTargetInformationAdapter().adapt(targetInformation);
+		
+		if (targetInformation instanceof SubmodelTargetInformation)
+			return new SubmodelTargetInformationAdapter().adapt(targetInformation);
+		
+		if (targetInformation instanceof ConceptDescriptionTargetInformation)
+			return new CDTargetInformationAdapter().adapt(targetInformation);
+
+		SubmodelElementCollection targetInformationSMC = new DefaultSubmodelElementCollection.Builder().idShort("targetInformation").build();
+
+		SubmodelElementList aasId = new DefaultSubmodelElementList.Builder().idShort("aasIds").build();
+		SubmodelElementList submodelId = new DefaultSubmodelElementList.Builder().idShort("submodelIds").build();
+		Property typeProperty = new DefaultProperty.Builder().idShort("@type").value("aas-environment").build();
+
+		List<SubmodelElement> aasIds = ((AasEnvironmentTargetInformation) targetInformation).getAasIds().stream().map(this::transform).collect(Collectors.toList());
+		List<SubmodelElement> submodelIds = ((AasEnvironmentTargetInformation) targetInformation).getSubmodelIds().stream().map(this::transform).collect(Collectors.toList());
+		aasId.setValue(aasIds);
+		submodelId.setValue(submodelIds);
+
+		targetInformationSMC.setValue(Arrays.asList(aasId, submodelId, typeProperty));
+
+		return targetInformationSMC;
+	}
+
+	@Override
+	public TargetInformation adapt(SubmodelElementCollection targetInformation) {
+		
+		String targetInformationType = getTargetInformationType(targetInformation);
+		
+		if (targetInformationType.equals("aas"))
+			return new AasTargetInformationAdapter().adapt(targetInformation);
+		
+		if (targetInformationType.equals("submodel"))
+			return new SubmodelTargetInformationAdapter().adapt(targetInformation);
+		
+		if (targetInformationType.equals("concept-description"))
+			return new CDTargetInformationAdapter().adapt(targetInformation);
+		
+		if (!targetInformationType.equals("aas-environment"))
+			throw new InvalidTargetInformationException(
+					"The TargetInformation @type: " + targetInformationType + " is not compatible with "
+							+ getClass().getName() + ".");
+
+		SubmodelElement aasIdSubmodelElement = targetInformation.getValue().stream().filter(sme -> sme.getIdShort().equals("aasIds")).findAny().orElseThrow(
+				() -> new InvalidTargetInformationException("The TargetInformation defined in the SubmodelElementCollection Rule with id: " + targetInformation.getIdShort() + " is not compatible with the " + getClass().getName()));
+		
+		SubmodelElement submodelIdSubmodelElement = targetInformation.getValue().stream().filter(sme -> sme.getIdShort().equals("submodelIds")).findAny().orElseThrow(
+				() -> new InvalidTargetInformationException("The TargetInformation defined in the SubmodelElementCollection Rule with id: " + targetInformation.getIdShort() + " is not compatible with the " + getClass().getName()));
+
+		if (!(aasIdSubmodelElement instanceof SubmodelElementList) || !(submodelIdSubmodelElement instanceof SubmodelElementList))
+			throw new InvalidTargetInformationException("The TargetInformation defined in the SubmodelElementCollection Rule with id: " + targetInformation.getIdShort() + " is not compatible with the " + getClass().getName());
+
+		SubmodelElementList aasIdList = (SubmodelElementList) aasIdSubmodelElement;
+		SubmodelElementList submodelIdList = (SubmodelElementList) submodelIdSubmodelElement;
+
+		List<String> aasIds = aasIdList.getValue().stream().map(Property.class::cast).map(Property::getValue).collect(Collectors.toList());
+		List<String> submodelIds = submodelIdList.getValue().stream().map(Property.class::cast).map(Property::getValue).collect(Collectors.toList());
+
+		return new AasEnvironmentTargetInformation(aasIds, submodelIds);
+	}
+
+	private String getTargetInformationType(SubmodelElementCollection targetInformation) {
+		
+		Property typeProperty = (Property) targetInformation.getValue().stream().filter(sme -> sme.getIdShort().equals("@type")).findAny().orElseThrow(() -> new InvalidTargetInformationException("The TargetInformation defined in the SubmodelElementCollection Rule with id: " + targetInformation.getIdShort() + " does not have @type definition"));
+		
+		return typeProperty.getValue();
+	}
+
+	private Property transform(String aasId) {
+		return new DefaultProperty.Builder().value(aasId).build();
+	}
+
+}

basyx.aasenvironment/basyx.aasenvironment-feature-authorization/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/feature/authorization/AasEnvironmentTargetInformationAdapterTest.java

@@ -0,0 +1,184 @@
+/*******************************************************************************
+ * Copyright (C) 2025 the Eclipse BaSyx Authors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * SPDX-License-Identifier: MIT
+ ******************************************************************************/
+
+package org.eclipse.digitaltwin.basyx.aasenvironment.feature.authorization;
+
+import static org.junit.Assert.*;
+import org.eclipse.digitaltwin.aas4j.v3.model.Property;
+import org.eclipse.digitaltwin.aas4j.v3.model.SubmodelElement;
+import org.eclipse.digitaltwin.aas4j.v3.model.SubmodelElementCollection;
+import org.eclipse.digitaltwin.aas4j.v3.model.SubmodelElementList;
+import org.eclipse.digitaltwin.aas4j.v3.model.impl.DefaultProperty;
+import org.eclipse.digitaltwin.aas4j.v3.model.impl.DefaultSubmodelElementCollection;
+import org.eclipse.digitaltwin.aas4j.v3.model.impl.DefaultSubmodelElementList;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.eclipse.digitaltwin.basyx.aasenvironment.feature.authorization.rbac.backend.submodel.AasEnvironmentTargetInformationAdapter;
+import org.eclipse.digitaltwin.basyx.authorization.rbac.TargetInformation;
+import org.eclipse.digitaltwin.basyx.core.exceptions.InvalidTargetInformationException;
+
+/**
+ * Tests {@link AasEnvironmentTargetInformationAdapter}
+ * 
+ * @author danish
+ */
+public class AasEnvironmentTargetInformationAdapterTest {
+
+	private AasEnvironmentTargetInformationAdapter aasEnvironmentTargetInformationAdapter;
+
+	@Before
+	public void setUp() {
+		aasEnvironmentTargetInformationAdapter = new AasEnvironmentTargetInformationAdapter();
+	}
+
+	@Test
+	public void testAdaptTargetInformationToSubmodelElementCollection() {
+
+		List<String> aasIds = Arrays.asList("aasId1", "aasId2");
+		List<String> submodelIds = Arrays.asList("smId1", "smId2");
+		TargetInformation targetInformation = new AasEnvironmentTargetInformation(aasIds, submodelIds);
+
+		SubmodelElementCollection result = aasEnvironmentTargetInformationAdapter.adapt(targetInformation);
+
+		assertEquals("targetInformation", result.getIdShort());
+
+		List<SubmodelElement> elements = result.getValue();
+		assertEquals(3, elements.size());
+
+		SubmodelElementList aasIdList = (SubmodelElementList) elements.get(0);
+		assertEquals("aasIds", aasIdList.getIdShort());
+		
+		SubmodelElementList submodelIdList = (SubmodelElementList) elements.get(1);
+		assertEquals("submodelIds", submodelIdList.getIdShort());
+		
+		Property typeProperty = (Property) elements.get(2);
+		assertEquals("@type", typeProperty.getIdShort());
+
+		List<String> actualAasIds = aasIdList.getValue().stream().map(Property.class::cast).map(Property::getValue).map(String::valueOf).collect(Collectors.toList());
+		assertEquals(aasIds, actualAasIds);
+		
+		List<String> actualSubmodelIds = submodelIdList.getValue().stream().map(Property.class::cast).map(Property::getValue).map(String::valueOf).collect(Collectors.toList());
+		assertEquals(submodelIds, actualSubmodelIds);
+		
+		String actualType = typeProperty.getValue();
+        assertTrue(actualType.equals("aas-environment")); 
+	}
+
+	@Test
+	public void testAdaptSubmodelElementCollectionToTargetInformation() {
+
+		List<String> expectedAasIds = Arrays.asList("aasId1", "aasId2");
+		List<String> expectedSubmodelIds = Arrays.asList("smId1", "smId2");
+		String type = "aas-environment";
+		
+		List<SubmodelElement> aasIdProperties = expectedAasIds.stream().map(aasId -> new DefaultProperty.Builder().value(aasId).build()).collect(Collectors.toList());
+		List<SubmodelElement> submodelIdProperties = expectedSubmodelIds.stream().map(submodelId -> new DefaultProperty.Builder().value(submodelId).build()).collect(Collectors.toList());
+
+		SubmodelElementList aasIdList = new DefaultSubmodelElementList.Builder().idShort("aasIds").value(aasIdProperties).build();
+		SubmodelElementList submodelIdList = new DefaultSubmodelElementList.Builder().idShort("submodelIds").value(submodelIdProperties).build();
+		SubmodelElement typeProperty = createTypeProperty(type);
+
+		SubmodelElementCollection targetInformationSMC = new DefaultSubmodelElementCollection.Builder().idShort("targetInformation").value(Arrays.asList(aasIdList, submodelIdList, typeProperty)).build();
+		
+		TargetInformation result = aasEnvironmentTargetInformationAdapter.adapt(targetInformationSMC);
+
+		assertTrue(result instanceof AasEnvironmentTargetInformation);
+		assertEquals(expectedAasIds, ((AasEnvironmentTargetInformation) result).getAasIds());
+		assertEquals(expectedSubmodelIds, ((AasEnvironmentTargetInformation) result).getSubmodelIds());
+	}
+
+	@Test
+    public void testAdaptTargetInformationWithEmptyAasIds() {
+    	
+        List<String> aasIds = Collections.emptyList();
+        List<String> submodelIds = Collections.emptyList();
+        
+        TargetInformation targetInformation = new AasEnvironmentTargetInformation(aasIds, submodelIds);
+
+        SubmodelElementCollection result = aasEnvironmentTargetInformationAdapter.adapt(targetInformation);
+
+        assertEquals("targetInformation", result.getIdShort());
+
+        List<SubmodelElement> elements = result.getValue();
+        assertEquals(3, elements.size());
+
+        SubmodelElementList aasIdList = (SubmodelElementList) elements.get(0);
+        assertEquals("aasIds", aasIdList.getIdShort());
+        
+        SubmodelElementList submodelIdList = (SubmodelElementList) elements.get(1);
+        assertEquals("submodelIds", submodelIdList.getIdShort());
+        
+        Property typeProperty = (Property) elements.get(2);
+        assertEquals("@type", typeProperty.getIdShort());
+
+        List<String> actualAasIds = aasIdList.getValue().stream()
+                .map(Property.class::cast)
+                .map(Property::getValue)
+                .map(String::valueOf)
+                .collect(Collectors.toList());
+        assertTrue(actualAasIds.isEmpty());
+        
+        List<String> actualSubmodelIds = submodelIdList.getValue().stream()
+        		.map(Property.class::cast)
+        		.map(Property::getValue)
+        		.map(String::valueOf)
+        		.collect(Collectors.toList());
+        assertTrue(actualSubmodelIds.isEmpty());
+        
+        String actualType = typeProperty.getValue();
+        assertTrue(actualType.equals("aas-environment"));
+    }
+    
+    @Test(expected = InvalidTargetInformationException.class)
+    public void testAdaptSubmodelElementCollectionWithInvalidStructure() {
+    	
+        SubmodelElementCollection targetInformationSMC = new DefaultSubmodelElementCollection.Builder().idShort("targetInformation")
+                .value(Collections.singletonList(new DefaultProperty.Builder().idShort("invalidElement").value("value").build()))
+                .build();
+
+        aasEnvironmentTargetInformationAdapter.adapt(targetInformationSMC);
+    }
+    
+    @Test(expected = InvalidTargetInformationException.class)
+    public void testAdaptSubmodelElementCollectionWithoutAasIds() {
+    	
+        SubmodelElementCollection targetInformationSMC = new DefaultSubmodelElementCollection.Builder().idShort("targetInformation")
+                .value(Collections.emptyList())
+                .build();
+
+        aasEnvironmentTargetInformationAdapter.adapt(targetInformationSMC);
+    }
+    
+    private SubmodelElement createTypeProperty(String type) {
+		return new DefaultProperty.Builder().idShort("@type").value(type).build();
+	}
+
+}