Project

General

Profile

« Previous | Next » 

Revision 59191

Added by Konstantinos Triantafyllou over 3 years ago

[Login Core]: Fix authority mapper

View differences:

OpenAIREAuthoritiesMapper.java
1 1 
package eu.dnetlib.openaire.user.login.authorization;
2 2 

  		




  3
  3
  
    
import com.google.gson.JsonElement;


  		




  4
  
  
    
import com.google.gson.JsonObject;


  		




  5
  4
  
    
import com.nimbusds.jwt.JWT;


  		




  6
  5
  
    
import com.nimbusds.jwt.JWTClaimsSet;


  		




  7
  6
  
    
import org.apache.log4j.Logger;


  		




  8
  7
  
    
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;


  		




  9
  
  
    
import org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority;


  		




  10
  8
  
    
import org.mitre.openid.connect.model.UserInfo;


  		




  11
  9
  
    
import org.springframework.context.annotation.ComponentScan;


  		




  12
  10
  
    
import org.springframework.security.core.GrantedAuthority;


  		




  13
  11
  
    
import org.springframework.security.core.authority.SimpleGrantedAuthority;


  		




  14
  
  
    
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;


  		




  15
  12
  
    
import org.springframework.stereotype.Component;


  		




  16
  13
  
    

  		




  17
  14
  
    
import java.text.ParseException;


  		




  18
  15
  
    
import java.util.Collection;


  		




  19
  16
  
    
import java.util.HashSet;


  		




  
  17
  
    
import java.util.regex.Matcher;


  		




  
  18
  
    
import java.util.regex.Pattern;


  		




  20
  19
  
    

  		




  21
  20
  
    
@ComponentScan


  		




  22
  21
  
    
@Component


  		




  ......




  25
  24
  
    
    private static final Logger logger = Logger.getLogger(OpenAIREAuthoritiesMapper.class);


  		




  26
  25
  
    
    @Override


  		




  27
  26
  
    
    public Collection<? extends GrantedAuthority> mapAuthorities(JWT jwtToken, UserInfo userInfo) {


  		




  28
  
  
    
        HashSet out = new HashSet();


  		




  29
  
  
    
        //add the default role for evey logged in user


  		




  30
  
  
    
        out.add(new SimpleGrantedAuthority("ROLE_USER"));


  		




  31
  
  
    

  		




  
  27
  
    
        HashSet<SimpleGrantedAuthority> out = new HashSet<>();


  		




  32
  28
  
    
        logger.info("entitlements" + userInfo.getSource().getAsJsonArray("edu_person_entitlements").size());


  		




  33
  
  
    
        logger.debug("entitlements" + userInfo.getSource().getAsJsonArray("edu_person_entitlements").size());


  		




  34
  
  
    
        System.out.printf("entitlements" + userInfo.getSource().getAsJsonArray("edu_person_entitlements").size());


  		




  35
  
  
    

  		




  36
  29
  
    
        try {


  		




  37
  30
  
    
            JWTClaimsSet claims = jwtToken.getJWTClaimsSet();


  		




  
  31
  
    
            String  regex = "urn:geant:openaire[.]eu:group:(\\w+[\\W]*\\w+):?(.*)?:role=member#aai[.]openaire[.]eu";


  		




  38
  32
  
    
            for(JsonElement obj: userInfo.getSource().getAsJsonArray("edu_person_entitlements")) {


  		




  39
  
  
    
                SimpleGrantedAuthority authority = new SimpleGrantedAuthority(obj.getAsString());


  		




  40
  
  
    
                logger.debug("add user authority " + obj.getAsString());


  		




  41
  
  
    
                logger.info("add user authority " + obj.getAsString());


  		




  42
  
  
    
                out.add(authority);


  		




  
  33
  
    
                Matcher matcher = Pattern.compile(regex).matcher(obj.getAsString());


  		




  
  34
  
    
                if (matcher.find()) {


  		




  
  35
  
    
                    StringBuilder sb = new StringBuilder();


  		




  
  36
  
    
                    if(matcher.group(1) != null && matcher.group(1).length() > 0) {


  		




  
  37
  
    
                        sb.append(matcher.group(1).replaceAll("[\\W]+", "_").toUpperCase());


  		




  
  38
  
    
                    }


  		




  
  39
  
    
                    if(matcher.group(2).length() > 0) {


  		




  
  40
  
    
                        if(sb.toString().length() > 0) {


  		




  
  41
  
    
                            sb.append("_");


  		




  
  42
  
    
                        }


  		




  
  43
  
    
                        if(matcher.group(2).equals("admins")) {


  		




  
  44
  
    
                            sb.append("MANAGER");


  		




  
  45
  
    
                        } else  {


  		




  
  46
  
    
                            sb.append(matcher.group(2).toUpperCase());


  		




  
  47
  
    
                        }


  		




  
  48
  
    
                    }


  		




  
  49
  
    
                    out.add(new SimpleGrantedAuthority


  		




  
  50
  
    
                            (sb.toString()));


  		




  
  51
  
    
                }


  		




  43
  52
  
    
            }


  		




  44
  53
  
    

  		




  45
  54
  
    
        } catch (ParseException pe) {


  		




  ......




  48
  57
  
    

  		




  49
  58
  
    
        return out;


  		




  50
  59
  
    
    }


  		




  51
  
  
    

  		




  52
  
  
    
    /*  In case of special roles. Not to be used now


  		




  53
  
  
    
    private GrantedAuthoritiesMapper userAuthoritiesMapper() {


  		




  54
  
  
    

  		




  55
  
  
    
        return (authorities) -> {


  		




  56
  
  
    
            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();


  		




  57
  
  
    
            mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_USER"));


  		




  58
  
  
    
            System.out.println(mappedAuthorities);


  		




  59
  
  
    

  		




  60
  
  
    
            authorities.forEach(authority -> {


  		




  61
  
  
    
                if (OidcUserAuthority.class.isInstance(authority)) {


  		




  62
  
  
    
                    OidcUserAuthority oidcUserAuthority = (OidcUserAuthority)authority;


  		




  63
  
  
    

  		




  64
  
  
    
                    OidcUserInfo userInfo = oidcUserAuthority.getUserInfo();


  		




  65
  
  
    
                    //System.out.println(userInfo.getClaims().keySet());


  		




  66
  
  
    
                    //System.out.println(userInfo.containsClaim("edu_person_entitlements"));


  		




  67
  
  
    
                    if (userInfo.containsClaim("edu_person_entitlements")){


  		




  68
  
  
    
                        System.out.println(userInfo.getClaimAsStringList("edu_person_entitlements"));


  		




  69
  
  
    
                        for (String entitlement:userInfo.getClaimAsStringList("edu_person_entitlements")) {


  		




  70
  
  
    
                            //System.out.println("en " + entitlement);


  		




  71
  
  
    
                            //mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + entitlement));


  		




  72
  
  
    

  		




  73
  
  
    
                            String  regex   = "urn:geant:openaire.eu:group:(\\w+).(\\w+):role=(\\w+)#aai.openaire.eu";


  		




  74
  
  
    
                            Matcher matcher = Pattern.compile(regex).matcher(entitlement);


  		




  75
  
  
    
                            if (matcher.find()) {


  		




  76
  
  
    
                                mappedAuthorities.add(new SimpleGrantedAuthority


  		




  77
  
  
    
                                        (new StringBuilder().append("ROLE_").append(matcher.group(1).toUpperCase()).append(".").append(matcher.group(3).toUpperCase()).toString()));


  		




  78
  
  
    
                            }


  		




  79
  
  
    
                        }


  		




  80
  
  
    
                    }


  		




  81
  
  
    
                } else if (OAuth2UserAuthority.class.isInstance(authority)) {


  		




  82
  
  
    
                    OAuth2UserAuthority oauth2UserAuthority = (OAuth2UserAuthority)authority;


  		




  83
  
  
    
                    Map<String, Object> userAttributes = oauth2UserAuthority.getAttributes();


  		




  84
  
  
    

  		




  85
  
  
    
                    if (userAttributes.containsKey("role")){


  		




  86
  
  
    
                        String roleName = "ROLE_" + (String)userAttributes.get("role");


  		




  87
  
  
    
                        mappedAuthorities.add(new SimpleGrantedAuthority(roleName));


  		




  88
  
  
    
                    }


  		




  89
  
  
    
                }


  		




  90
  
  
    
            });


  		




  91
  
  
    

  		




  92
  
  
    
            System.out.println(mappedAuthorities);


  		




  93
  
  
    
            return mappedAuthorities;


  		




  94
  
  
    
        };


  		




  95
  
  
    
    } */


  		




  96
  60
  
    
}


  		












Also available in:  Unified diff