1 |
1 |
package eu.dnetlib.openaire.user.login.authorization;
|
2 |
2 |
|
3 |
3 |
import com.google.gson.JsonElement;
|
4 |
|
import com.google.gson.JsonObject;
|
5 |
4 |
import com.nimbusds.jwt.JWT;
|
6 |
5 |
import com.nimbusds.jwt.JWTClaimsSet;
|
7 |
6 |
import org.apache.log4j.Logger;
|
8 |
7 |
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
|
9 |
|
import org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority;
|
10 |
8 |
import org.mitre.openid.connect.model.UserInfo;
|
11 |
9 |
import org.springframework.context.annotation.ComponentScan;
|
12 |
10 |
import org.springframework.security.core.GrantedAuthority;
|
13 |
11 |
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
14 |
|
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
|
15 |
12 |
import org.springframework.stereotype.Component;
|
16 |
13 |
|
17 |
14 |
import java.text.ParseException;
|
18 |
15 |
import java.util.Collection;
|
19 |
16 |
import java.util.HashSet;
|
|
17 |
import java.util.regex.Matcher;
|
|
18 |
import java.util.regex.Pattern;
|
20 |
19 |
|
21 |
20 |
@ComponentScan
|
22 |
21 |
@Component
|
... | ... | |
25 |
24 |
private static final Logger logger = Logger.getLogger(OpenAIREAuthoritiesMapper.class);
|
26 |
25 |
@Override
|
27 |
26 |
public Collection<? extends GrantedAuthority> mapAuthorities(JWT jwtToken, UserInfo userInfo) {
|
28 |
|
HashSet out = new HashSet();
|
29 |
|
//add the default role for evey logged in user
|
30 |
|
out.add(new SimpleGrantedAuthority("ROLE_USER"));
|
31 |
|
|
|
27 |
HashSet<SimpleGrantedAuthority> out = new HashSet<>();
|
32 |
28 |
logger.info("entitlements" + userInfo.getSource().getAsJsonArray("edu_person_entitlements").size());
|
33 |
|
logger.debug("entitlements" + userInfo.getSource().getAsJsonArray("edu_person_entitlements").size());
|
34 |
|
System.out.printf("entitlements" + userInfo.getSource().getAsJsonArray("edu_person_entitlements").size());
|
35 |
|
|
36 |
29 |
try {
|
37 |
30 |
JWTClaimsSet claims = jwtToken.getJWTClaimsSet();
|
|
31 |
String regex = "urn:geant:openaire[.]eu:group:(\\w+[\\W]*\\w+):?(.*)?:role=member#aai[.]openaire[.]eu";
|
38 |
32 |
for(JsonElement obj: userInfo.getSource().getAsJsonArray("edu_person_entitlements")) {
|
39 |
|
SimpleGrantedAuthority authority = new SimpleGrantedAuthority(obj.getAsString());
|
40 |
|
logger.debug("add user authority " + obj.getAsString());
|
41 |
|
logger.info("add user authority " + obj.getAsString());
|
42 |
|
out.add(authority);
|
|
33 |
Matcher matcher = Pattern.compile(regex).matcher(obj.getAsString());
|
|
34 |
if (matcher.find()) {
|
|
35 |
StringBuilder sb = new StringBuilder();
|
|
36 |
if(matcher.group(1) != null && matcher.group(1).length() > 0) {
|
|
37 |
sb.append(matcher.group(1).replaceAll("[\\W]+", "_").toUpperCase());
|
|
38 |
}
|
|
39 |
if(matcher.group(2).length() > 0) {
|
|
40 |
if(sb.toString().length() > 0) {
|
|
41 |
sb.append("_");
|
|
42 |
}
|
|
43 |
if(matcher.group(2).equals("admins")) {
|
|
44 |
sb.append("MANAGER");
|
|
45 |
} else {
|
|
46 |
sb.append(matcher.group(2).toUpperCase());
|
|
47 |
}
|
|
48 |
}
|
|
49 |
out.add(new SimpleGrantedAuthority
|
|
50 |
(sb.toString()));
|
|
51 |
}
|
43 |
52 |
}
|
44 |
53 |
|
45 |
54 |
} catch (ParseException pe) {
|
... | ... | |
48 |
57 |
|
49 |
58 |
return out;
|
50 |
59 |
}
|
51 |
|
|
52 |
|
/* In case of special roles. Not to be used now
|
53 |
|
private GrantedAuthoritiesMapper userAuthoritiesMapper() {
|
54 |
|
|
55 |
|
return (authorities) -> {
|
56 |
|
Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
|
57 |
|
mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_USER"));
|
58 |
|
System.out.println(mappedAuthorities);
|
59 |
|
|
60 |
|
authorities.forEach(authority -> {
|
61 |
|
if (OidcUserAuthority.class.isInstance(authority)) {
|
62 |
|
OidcUserAuthority oidcUserAuthority = (OidcUserAuthority)authority;
|
63 |
|
|
64 |
|
OidcUserInfo userInfo = oidcUserAuthority.getUserInfo();
|
65 |
|
//System.out.println(userInfo.getClaims().keySet());
|
66 |
|
//System.out.println(userInfo.containsClaim("edu_person_entitlements"));
|
67 |
|
if (userInfo.containsClaim("edu_person_entitlements")){
|
68 |
|
System.out.println(userInfo.getClaimAsStringList("edu_person_entitlements"));
|
69 |
|
for (String entitlement:userInfo.getClaimAsStringList("edu_person_entitlements")) {
|
70 |
|
//System.out.println("en " + entitlement);
|
71 |
|
//mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + entitlement));
|
72 |
|
|
73 |
|
String regex = "urn:geant:openaire.eu:group:(\\w+).(\\w+):role=(\\w+)#aai.openaire.eu";
|
74 |
|
Matcher matcher = Pattern.compile(regex).matcher(entitlement);
|
75 |
|
if (matcher.find()) {
|
76 |
|
mappedAuthorities.add(new SimpleGrantedAuthority
|
77 |
|
(new StringBuilder().append("ROLE_").append(matcher.group(1).toUpperCase()).append(".").append(matcher.group(3).toUpperCase()).toString()));
|
78 |
|
}
|
79 |
|
}
|
80 |
|
}
|
81 |
|
} else if (OAuth2UserAuthority.class.isInstance(authority)) {
|
82 |
|
OAuth2UserAuthority oauth2UserAuthority = (OAuth2UserAuthority)authority;
|
83 |
|
Map<String, Object> userAttributes = oauth2UserAuthority.getAttributes();
|
84 |
|
|
85 |
|
if (userAttributes.containsKey("role")){
|
86 |
|
String roleName = "ROLE_" + (String)userAttributes.get("role");
|
87 |
|
mappedAuthorities.add(new SimpleGrantedAuthority(roleName));
|
88 |
|
}
|
89 |
|
}
|
90 |
|
});
|
91 |
|
|
92 |
|
System.out.println(mappedAuthorities);
|
93 |
|
return mappedAuthorities;
|
94 |
|
};
|
95 |
|
} */
|
96 |
60 |
}
|
[Login Core]: Fix authority mapper