Revision 61064
Added by Konstantinos Triantafyllou almost 3 years ago
AuthoritiesMapper.java | ||
---|---|---|
2 | 2 |
|
3 | 3 |
import com.google.gson.JsonArray; |
4 | 4 |
import com.google.gson.JsonElement; |
5 |
import com.nimbusds.jwt.JWTClaimsSet; |
|
6 |
import eu.dnetlib.openaire.user.login.authorization.OpenAIREAuthoritiesMapper; |
|
7 | 5 |
import org.apache.log4j.Logger; |
8 | 6 |
import org.springframework.security.core.GrantedAuthority; |
9 | 7 |
import org.springframework.security.core.authority.SimpleGrantedAuthority; |
10 | 8 |
|
11 |
import java.text.ParseException; |
|
12 |
import java.util.Collection; |
|
13 |
import java.util.HashSet; |
|
9 |
import java.util.*; |
|
14 | 10 |
import java.util.regex.Matcher; |
15 | 11 |
import java.util.regex.Pattern; |
16 | 12 |
|
... | ... | |
20 | 16 |
|
21 | 17 |
public static Collection<? extends GrantedAuthority> map(JsonArray entitlements) { |
22 | 18 |
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>(); |
23 |
logger.info("entitlements" + entitlements.size()); |
|
24 |
String regex = "urn:geant:openaire[.]eu:group:(\\w+[\\W]*\\w+[-\\w]*):?(.*)?:role=member#aai[.]openaire[.]eu"; |
|
25 |
authorities.add(new SimpleGrantedAuthority("REGISTERED_USER")); |
|
19 |
//entitlements.add("urn:geant:openaire.eu:group:datasource.opendoar____$$3469:role=member#aai.openaire.eu"); |
|
20 |
provideRoles(entitlements, authorities); |
|
21 |
entityRoles(entitlements, authorities); |
|
22 |
return authorities; |
|
23 |
} |
|
24 |
|
|
25 |
private static void entityRoles(JsonArray entitlements, Set<SimpleGrantedAuthority> authorities) { |
|
26 |
String regex = "urn:geant:openaire[.]eu:group:([^:]*):?(.*)?:role=member#aai[.]openaire[.]eu"; |
|
26 | 27 |
for(JsonElement obj: entitlements) { |
27 | 28 |
Matcher matcher = Pattern.compile(regex).matcher(obj.getAsString()); |
28 | 29 |
if (matcher.find()) { |
29 | 30 |
StringBuilder sb = new StringBuilder(); |
30 | 31 |
if(matcher.group(1) != null && matcher.group(1).length() > 0) { |
31 |
sb.append(matcher.group(1).replaceFirst("[\\W]+", "_").toUpperCase());
|
|
32 |
sb.append(matcher.group(1).replace("+-+", "_").replaceAll("[+.]", "_").toUpperCase());
|
|
32 | 33 |
} |
33 | 34 |
if(matcher.group(2).length() > 0) { |
34 |
if(sb.toString().length() > 0) { |
|
35 |
sb.append("_"); |
|
36 |
} |
|
35 |
sb.append("_"); |
|
37 | 36 |
if(matcher.group(2).equals("admins")) { |
38 | 37 |
sb.append("MANAGER"); |
39 | 38 |
} else { |
40 | 39 |
sb.append(matcher.group(2).toUpperCase()); |
41 | 40 |
} |
42 | 41 |
} |
43 |
authorities.add(new SimpleGrantedAuthority |
|
44 |
(sb.toString())); |
|
42 |
authorities.add(new SimpleGrantedAuthority(sb.toString())); |
|
45 | 43 |
} |
46 | 44 |
} |
47 |
return authorities; |
|
48 | 45 |
} |
46 |
|
|
47 |
private static void provideRoles(JsonArray entitlements, Set<SimpleGrantedAuthority> authorities) { |
|
48 |
Map<String, String> userRoles = new HashMap(){{ |
|
49 |
put("urn:geant:openaire.eu:group:Super+Administrator:role=member#aai.openaire.eu", "ROLE_ADMIN"); |
|
50 |
put("urn:geant:openaire.eu:group:Content+Provider+Dashboard+Administrator:role=member#aai.openaire.eu","ROLE_PROVIDE_ADMIN"); |
|
51 |
}}; |
|
52 |
Map<String,SimpleGrantedAuthority> userRolesMap = new HashMap<>(); |
|
53 |
userRoles.forEach((openaireRole, appRole) -> userRolesMap.put(openaireRole, new SimpleGrantedAuthority(appRole))); |
|
54 |
authorities.add(new SimpleGrantedAuthority("ROLE_USER")); |
|
55 |
if(entitlements != null) { |
|
56 |
entitlements.forEach(role -> { |
|
57 |
SimpleGrantedAuthority authority = userRolesMap.get(role.getAsString()); |
|
58 |
if (authority != null) { |
|
59 |
authorities.add(authority); |
|
60 |
} |
|
61 |
}); |
|
62 |
} |
|
63 |
} |
|
49 | 64 |
} |
Also available in: Unified diff
[Login-core]: Revert openAIREUser on cookie. Change authorities mapper to cover provide roles.