Revision 59191
Added by Konstantinos Triantafyllou over 3 years ago
OpenAIREAuthoritiesMapper.java | ||
---|---|---|
1 | 1 |
package eu.dnetlib.openaire.user.login.authorization; |
2 | 2 |
|
3 | 3 |
import com.google.gson.JsonElement; |
4 |
import com.google.gson.JsonObject; |
|
5 | 4 |
import com.nimbusds.jwt.JWT; |
6 | 5 |
import com.nimbusds.jwt.JWTClaimsSet; |
7 | 6 |
import org.apache.log4j.Logger; |
8 | 7 |
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper; |
9 |
import org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority; |
|
10 | 8 |
import org.mitre.openid.connect.model.UserInfo; |
11 | 9 |
import org.springframework.context.annotation.ComponentScan; |
12 | 10 |
import org.springframework.security.core.GrantedAuthority; |
13 | 11 |
import org.springframework.security.core.authority.SimpleGrantedAuthority; |
14 |
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper; |
|
15 | 12 |
import org.springframework.stereotype.Component; |
16 | 13 |
|
17 | 14 |
import java.text.ParseException; |
18 | 15 |
import java.util.Collection; |
19 | 16 |
import java.util.HashSet; |
17 |
import java.util.regex.Matcher; |
|
18 |
import java.util.regex.Pattern; |
|
20 | 19 |
|
21 | 20 |
@ComponentScan |
22 | 21 |
@Component |
... | ... | |
25 | 24 |
private static final Logger logger = Logger.getLogger(OpenAIREAuthoritiesMapper.class); |
26 | 25 |
@Override |
27 | 26 |
public Collection<? extends GrantedAuthority> mapAuthorities(JWT jwtToken, UserInfo userInfo) { |
28 |
HashSet out = new HashSet(); |
|
29 |
//add the default role for evey logged in user |
|
30 |
out.add(new SimpleGrantedAuthority("ROLE_USER")); |
|
31 |
|
|
27 |
HashSet<SimpleGrantedAuthority> out = new HashSet<>(); |
|
32 | 28 |
logger.info("entitlements" + userInfo.getSource().getAsJsonArray("edu_person_entitlements").size()); |
33 |
logger.debug("entitlements" + userInfo.getSource().getAsJsonArray("edu_person_entitlements").size()); |
|
34 |
System.out.printf("entitlements" + userInfo.getSource().getAsJsonArray("edu_person_entitlements").size()); |
|
35 |
|
|
36 | 29 |
try { |
37 | 30 |
JWTClaimsSet claims = jwtToken.getJWTClaimsSet(); |
31 |
String regex = "urn:geant:openaire[.]eu:group:(\\w+[\\W]*\\w+):?(.*)?:role=member#aai[.]openaire[.]eu"; |
|
38 | 32 |
for(JsonElement obj: userInfo.getSource().getAsJsonArray("edu_person_entitlements")) { |
39 |
SimpleGrantedAuthority authority = new SimpleGrantedAuthority(obj.getAsString()); |
|
40 |
logger.debug("add user authority " + obj.getAsString()); |
|
41 |
logger.info("add user authority " + obj.getAsString()); |
|
42 |
out.add(authority); |
|
33 |
Matcher matcher = Pattern.compile(regex).matcher(obj.getAsString()); |
|
34 |
if (matcher.find()) { |
|
35 |
StringBuilder sb = new StringBuilder(); |
|
36 |
if(matcher.group(1) != null && matcher.group(1).length() > 0) { |
|
37 |
sb.append(matcher.group(1).replaceAll("[\\W]+", "_").toUpperCase()); |
|
38 |
} |
|
39 |
if(matcher.group(2).length() > 0) { |
|
40 |
if(sb.toString().length() > 0) { |
|
41 |
sb.append("_"); |
|
42 |
} |
|
43 |
if(matcher.group(2).equals("admins")) { |
|
44 |
sb.append("MANAGER"); |
|
45 |
} else { |
|
46 |
sb.append(matcher.group(2).toUpperCase()); |
|
47 |
} |
|
48 |
} |
|
49 |
out.add(new SimpleGrantedAuthority |
|
50 |
(sb.toString())); |
|
51 |
} |
|
43 | 52 |
} |
44 | 53 |
|
45 | 54 |
} catch (ParseException pe) { |
... | ... | |
48 | 57 |
|
49 | 58 |
return out; |
50 | 59 |
} |
51 |
|
|
52 |
/* In case of special roles. Not to be used now |
|
53 |
private GrantedAuthoritiesMapper userAuthoritiesMapper() { |
|
54 |
|
|
55 |
return (authorities) -> { |
|
56 |
Set<GrantedAuthority> mappedAuthorities = new HashSet<>(); |
|
57 |
mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_USER")); |
|
58 |
System.out.println(mappedAuthorities); |
|
59 |
|
|
60 |
authorities.forEach(authority -> { |
|
61 |
if (OidcUserAuthority.class.isInstance(authority)) { |
|
62 |
OidcUserAuthority oidcUserAuthority = (OidcUserAuthority)authority; |
|
63 |
|
|
64 |
OidcUserInfo userInfo = oidcUserAuthority.getUserInfo(); |
|
65 |
//System.out.println(userInfo.getClaims().keySet()); |
|
66 |
//System.out.println(userInfo.containsClaim("edu_person_entitlements")); |
|
67 |
if (userInfo.containsClaim("edu_person_entitlements")){ |
|
68 |
System.out.println(userInfo.getClaimAsStringList("edu_person_entitlements")); |
|
69 |
for (String entitlement:userInfo.getClaimAsStringList("edu_person_entitlements")) { |
|
70 |
//System.out.println("en " + entitlement); |
|
71 |
//mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + entitlement)); |
|
72 |
|
|
73 |
String regex = "urn:geant:openaire.eu:group:(\\w+).(\\w+):role=(\\w+)#aai.openaire.eu"; |
|
74 |
Matcher matcher = Pattern.compile(regex).matcher(entitlement); |
|
75 |
if (matcher.find()) { |
|
76 |
mappedAuthorities.add(new SimpleGrantedAuthority |
|
77 |
(new StringBuilder().append("ROLE_").append(matcher.group(1).toUpperCase()).append(".").append(matcher.group(3).toUpperCase()).toString())); |
|
78 |
} |
|
79 |
} |
|
80 |
} |
|
81 |
} else if (OAuth2UserAuthority.class.isInstance(authority)) { |
|
82 |
OAuth2UserAuthority oauth2UserAuthority = (OAuth2UserAuthority)authority; |
|
83 |
Map<String, Object> userAttributes = oauth2UserAuthority.getAttributes(); |
|
84 |
|
|
85 |
if (userAttributes.containsKey("role")){ |
|
86 |
String roleName = "ROLE_" + (String)userAttributes.get("role"); |
|
87 |
mappedAuthorities.add(new SimpleGrantedAuthority(roleName)); |
|
88 |
} |
|
89 |
} |
|
90 |
}); |
|
91 |
|
|
92 |
System.out.println(mappedAuthorities); |
|
93 |
return mappedAuthorities; |
|
94 |
}; |
|
95 |
} */ |
|
96 | 60 |
} |
Also available in: Unified diff
[Login Core]: Fix authority mapper