1
|
package eu.dnetlib.repo.manager.service.security;
|
2
|
|
3
|
import com.google.gson.JsonArray;
|
4
|
import com.google.gson.JsonElement;
|
5
|
import org.apache.log4j.Logger;
|
6
|
import org.springframework.security.core.GrantedAuthority;
|
7
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
8
|
|
9
|
import java.util.*;
|
10
|
import java.util.regex.Matcher;
|
11
|
import java.util.regex.Pattern;
|
12
|
|
13
|
public class AuthoritiesMapper {
|
14
|
|
15
|
private static final Logger logger = Logger.getLogger(AuthoritiesMapper.class);
|
16
|
|
17
|
private AuthoritiesMapper() {
|
18
|
}
|
19
|
|
20
|
public static Collection<? extends GrantedAuthority> map(JsonArray entitlements) {
|
21
|
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>();
|
22
|
//entitlements.add("urn:geant:openaire.eu:group:datasource.opendoar____$$3469:role=member#aai.openaire.eu");
|
23
|
provideRoles(entitlements, authorities);
|
24
|
entityRoles(entitlements, authorities);
|
25
|
return authorities;
|
26
|
}
|
27
|
|
28
|
private static void entityRoles(JsonArray entitlements, Set<SimpleGrantedAuthority> authorities) {
|
29
|
String regex = "urn:geant:openaire[.]eu:group:([^:]*):?(.*)?:role=member#aai[.]openaire[.]eu";
|
30
|
for (JsonElement obj : entitlements) {
|
31
|
Matcher matcher = Pattern.compile(regex).matcher(obj.getAsString());
|
32
|
if (matcher.find()) {
|
33
|
StringBuilder sb = new StringBuilder();
|
34
|
if (matcher.group(1) != null && matcher.group(1).length() > 0) {
|
35
|
sb.append(matcher.group(1).replace("+-+", "_").replaceAll("[+.]", "_").toUpperCase());
|
36
|
}
|
37
|
if (matcher.group(2).length() > 0) {
|
38
|
sb.append("_");
|
39
|
if (matcher.group(2).equals("admins")) {
|
40
|
sb.append("MANAGER");
|
41
|
} else {
|
42
|
sb.append(matcher.group(2).toUpperCase());
|
43
|
}
|
44
|
}
|
45
|
authorities.add(new SimpleGrantedAuthority(sb.toString()));
|
46
|
}
|
47
|
}
|
48
|
}
|
49
|
|
50
|
// TODO: remove when ROLE_ADMIN and ROLE_PROVIDE_ADMIN are removed from project
|
51
|
private static void provideRoles(JsonArray entitlements, Set<SimpleGrantedAuthority> authorities) {
|
52
|
Map<String, String> userRoles = new HashMap() {{
|
53
|
put("urn:geant:openaire.eu:group:Super+Administrator:role=member#aai.openaire.eu", "ROLE_ADMIN");
|
54
|
put("urn:geant:openaire.eu:group:Content+Provider+Dashboard+Administrator:role=member#aai.openaire.eu", "ROLE_PROVIDE_ADMIN");
|
55
|
}};
|
56
|
Map<String, SimpleGrantedAuthority> userRolesMap = new HashMap<>();
|
57
|
userRoles.forEach((openaireRole, appRole) -> userRolesMap.put(openaireRole, new SimpleGrantedAuthority(appRole)));
|
58
|
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
|
59
|
if (entitlements != null) {
|
60
|
entitlements.forEach(role -> {
|
61
|
SimpleGrantedAuthority authority = userRolesMap.get(role.getAsString());
|
62
|
if (authority != null) {
|
63
|
authorities.add(authority);
|
64
|
}
|
65
|
});
|
66
|
}
|
67
|
}
|
68
|
|
69
|
}
|