Revision 61363
Added by Konstantinos Spyrou almost 3 years ago
OpenAIREAuthoritiesMapper.java | ||
---|---|---|
6 | 6 |
import org.apache.log4j.Logger; |
7 | 7 |
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper; |
8 | 8 |
import org.mitre.openid.connect.model.UserInfo; |
9 |
import org.springframework.beans.factory.annotation.Value; |
|
9 | 10 |
import org.springframework.context.annotation.ComponentScan; |
10 | 11 |
import org.springframework.security.core.GrantedAuthority; |
12 |
import org.springframework.security.core.authority.SimpleGrantedAuthority; |
|
11 | 13 |
import org.springframework.stereotype.Component; |
12 | 14 |
|
15 |
import java.util.ArrayList; |
|
13 | 16 |
import java.util.Collection; |
17 |
import java.util.List; |
|
14 | 18 |
|
15 | 19 |
@ComponentScan |
16 | 20 |
@Component |
17 | 21 |
public class OpenAIREAuthoritiesMapper implements OIDCAuthoritiesMapper { |
18 | 22 |
|
19 | 23 |
private static final Logger logger = Logger.getLogger(OpenAIREAuthoritiesMapper.class); |
24 |
|
|
25 |
@Value("${services.repo-manager.adminEmail}") |
|
26 |
String adminEmail; |
|
27 |
|
|
20 | 28 |
@Override |
21 | 29 |
public Collection<? extends GrantedAuthority> mapAuthorities(JWT jwtToken, UserInfo userInfo) { |
22 |
logger.info("entitlements" + userInfo.getSource().getAsJsonArray("edu_person_entitlements").size()); |
|
23 |
JsonArray entitlements = userInfo.getSource().getAsJsonArray("edu_person_entitlements"); |
|
24 |
return AuthoritiesMapper.map(entitlements); |
|
30 |
JsonArray entitlements = null; |
|
31 |
List<GrantedAuthority> authorities = new ArrayList<>(); |
|
32 |
if (userInfo != null && userInfo.getSource() != null) { |
|
33 |
if (userInfo.getSource().getAsJsonArray("edu_person_entitlements") != null) { |
|
34 |
entitlements = userInfo.getSource().getAsJsonArray("edu_person_entitlements"); |
|
35 |
} else if (userInfo.getSource().getAsJsonArray("eduperson_entitlement") != null) { |
|
36 |
entitlements = userInfo.getSource().getAsJsonArray("eduperson_entitlement"); |
|
37 |
} else { |
|
38 |
authorities.add(new SimpleGrantedAuthority("ROLE_USER")); |
|
39 |
logger.error("Could not read user 'edu_person_entitlements' && 'eduperson_entitlement'\nAdding default role 'ROLE_USER' to user: " + userInfo.toString()); |
|
40 |
} |
|
41 |
logger.debug("user info: " + userInfo + "\nentitlements: " + entitlements); |
|
42 |
|
|
43 |
// FIXME: delete this if statement |
|
44 |
if (userInfo.getEmail() != null && userInfo.getEmail().equals(adminEmail)) { |
|
45 |
authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN")); |
|
46 |
} |
|
47 |
|
|
48 |
authorities.addAll(AuthoritiesMapper.map(entitlements)); |
|
49 |
} |
|
50 |
return authorities; |
|
25 | 51 |
} |
26 | 52 |
} |
27 | 53 |
|
Also available in: Unified diff
1. refactoring and changes of rest api