1
|
package eu.dnetlib.openaire.user.login.authorization;
|
2
|
|
3
|
import com.google.gson.JsonElement;
|
4
|
import com.nimbusds.jwt.JWT;
|
5
|
import com.nimbusds.jwt.JWTClaimsSet;
|
6
|
import org.apache.log4j.Logger;
|
7
|
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
|
8
|
import org.mitre.openid.connect.model.UserInfo;
|
9
|
import org.springframework.context.annotation.ComponentScan;
|
10
|
import org.springframework.security.core.GrantedAuthority;
|
11
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
12
|
import org.springframework.stereotype.Component;
|
13
|
|
14
|
import java.text.ParseException;
|
15
|
import java.util.Collection;
|
16
|
import java.util.HashSet;
|
17
|
import java.util.regex.Matcher;
|
18
|
import java.util.regex.Pattern;
|
19
|
|
20
|
@ComponentScan
|
21
|
@Component
|
22
|
public class OpenAIREAuthoritiesMapper implements OIDCAuthoritiesMapper {
|
23
|
|
24
|
private static final Logger logger = Logger.getLogger(OpenAIREAuthoritiesMapper.class);
|
25
|
@Override
|
26
|
public Collection<? extends GrantedAuthority> mapAuthorities(JWT jwtToken, UserInfo userInfo) {
|
27
|
HashSet<SimpleGrantedAuthority> out = new HashSet<>();
|
28
|
logger.info("entitlements" + userInfo.getSource().getAsJsonArray("edu_person_entitlements").size());
|
29
|
try {
|
30
|
JWTClaimsSet claims = jwtToken.getJWTClaimsSet();
|
31
|
String regex = "urn:geant:openaire[.]eu:group:(\\w+[\\W]*\\w+):?(.*)?:role=member#aai[.]openaire[.]eu";
|
32
|
for(JsonElement obj: userInfo.getSource().getAsJsonArray("edu_person_entitlements")) {
|
33
|
Matcher matcher = Pattern.compile(regex).matcher(obj.getAsString());
|
34
|
if (matcher.find()) {
|
35
|
StringBuilder sb = new StringBuilder();
|
36
|
if(matcher.group(1) != null && matcher.group(1).length() > 0) {
|
37
|
sb.append(matcher.group(1).replaceAll("[\\W]+", "_").toUpperCase());
|
38
|
}
|
39
|
if(matcher.group(2).length() > 0) {
|
40
|
if(sb.toString().length() > 0) {
|
41
|
sb.append("_");
|
42
|
}
|
43
|
if(matcher.group(2).equals("admins")) {
|
44
|
sb.append("MANAGER");
|
45
|
} else {
|
46
|
sb.append(matcher.group(2).toUpperCase());
|
47
|
}
|
48
|
}
|
49
|
out.add(new SimpleGrantedAuthority
|
50
|
(sb.toString()));
|
51
|
}
|
52
|
}
|
53
|
|
54
|
} catch (ParseException pe) {
|
55
|
logger.warn("Unable to parse ID Token inside of authorities mapper (huh?)", pe);
|
56
|
}
|
57
|
|
58
|
return out;
|
59
|
}
|
60
|
}
|