1
|
package eu.dnetlib.repo.manager.service.config;
|
2
|
|
3
|
import com.nimbusds.jwt.JWT;
|
4
|
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
|
5
|
import org.mitre.openid.connect.model.UserInfo;
|
6
|
import org.slf4j.Logger;
|
7
|
import org.slf4j.LoggerFactory;
|
8
|
import org.springframework.security.core.GrantedAuthority;
|
9
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
10
|
|
11
|
import java.util.*;
|
12
|
|
13
|
public class OpenAireProviderAuthoritiesMapper implements OIDCAuthoritiesMapper {
|
14
|
|
15
|
private static Logger logger = LoggerFactory.getLogger(OpenAireProviderAuthoritiesMapper.class);
|
16
|
|
17
|
final private static String ROLE_CLAIMS = "edu_person_entitlements";
|
18
|
|
19
|
private Map<String,SimpleGrantedAuthority> userRolesMap;
|
20
|
|
21
|
OpenAireProviderAuthoritiesMapper(Map<String,String> userRoles) {
|
22
|
userRolesMap = new HashMap<>();
|
23
|
userRoles.forEach((openaireRole, appRole) -> userRolesMap.put(openaireRole, new SimpleGrantedAuthority(appRole)));
|
24
|
}
|
25
|
|
26
|
@Override
|
27
|
public Collection<? extends GrantedAuthority> mapAuthorities(JWT idToken, UserInfo userInfo) {
|
28
|
Set<GrantedAuthority> out = new HashSet<>();
|
29
|
out.add(new SimpleGrantedAuthority("ROLE_USER"));
|
30
|
|
31
|
if(userInfo.getSource().getAsJsonArray(ROLE_CLAIMS) != null) {
|
32
|
userInfo.getSource().getAsJsonArray(ROLE_CLAIMS).forEach(role -> {
|
33
|
SimpleGrantedAuthority authority = userRolesMap.get(role.getAsString());
|
34
|
if (authority != null) {
|
35
|
logger.debug("Role mapped " + role);
|
36
|
out.add(authority);
|
37
|
}
|
38
|
});
|
39
|
}
|
40
|
return out;
|
41
|
}
|
42
|
}
|