D-Net

package eu.dnetlib.repo.manager.config;

import com.nimbusds.jwt.JWT;

import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;

import org.mitre.openid.connect.model.UserInfo;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.authority.SimpleGrantedAuthority;

import java.util.*;

public class OpenAireProviderAuthoritiesMapper implements OIDCAuthoritiesMapper {

    private static Logger logger = LoggerFactory.getLogger(OpenAireProviderAuthoritiesMapper.class);

    final private static String ROLE_CLAIMS = "edu_person_entitlements";

    private Map<String,SimpleGrantedAuthority> userRolesMap;

    OpenAireProviderAuthoritiesMapper(Map<String,String> userRoles) {

        userRolesMap = new HashMap<>();

        userRoles.forEach((openaireRole, appRole) -> userRolesMap.put(openaireRole, new SimpleGrantedAuthority(appRole)));

    }

    @Override

    public Collection<? extends GrantedAuthority> mapAuthorities(JWT idToken, UserInfo userInfo) {

        Set<GrantedAuthority> out = new HashSet<>();

        out.add(new SimpleGrantedAuthority("ROLE_USER"));

        if(userInfo.getSource().getAsJsonArray(ROLE_CLAIMS) != null) {

            userInfo.getSource().getAsJsonArray(ROLE_CLAIMS).forEach(role -> {

                SimpleGrantedAuthority authority = userRolesMap.get(role.getAsString());

                if (authority != null) {

                    logger.debug("Role mapped " + role);

                    out.add(authority);

                }

            });

        }

        return out;

    }

}