1
|
package eu.dnetlib.repo.manager.service.security;
|
2
|
|
3
|
import org.apache.log4j.Logger;
|
4
|
import org.springframework.beans.factory.annotation.Value;
|
5
|
import org.springframework.security.core.GrantedAuthority;
|
6
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
7
|
import org.springframework.stereotype.Service;
|
8
|
|
9
|
import java.net.URLEncoder;
|
10
|
import java.util.Collection;
|
11
|
import java.util.Objects;
|
12
|
import java.util.stream.Collectors;
|
13
|
|
14
|
@Service("roleMappingService")
|
15
|
public class AaiRoleMappingService implements RoleMappingService {
|
16
|
|
17
|
private static final Logger logger = Logger.getLogger(AaiRoleMappingService.class);
|
18
|
|
19
|
@Value("${aai.registry.production:true}")
|
20
|
private boolean production;
|
21
|
|
22
|
|
23
|
private String createRepoRoleName(String prefix, String repoId) {
|
24
|
return prefix + "." + repoId.replace(":", "$");
|
25
|
}
|
26
|
|
27
|
@Override
|
28
|
public String getRepoNameWithoutType(String fullName, String prefix) {
|
29
|
if (fullName != null && prefix != null && fullName.startsWith(prefix)) {
|
30
|
return fullName.substring(prefix.length());
|
31
|
}
|
32
|
return null;
|
33
|
}
|
34
|
|
35
|
@Override
|
36
|
public String getRepoIdByRoleId(String roleId) {
|
37
|
if (!roleActive(roleId)) {
|
38
|
return null;
|
39
|
}
|
40
|
return roleId.replaceFirst(".*datasource\\.", "").replace("$", ":");
|
41
|
}
|
42
|
|
43
|
@Override
|
44
|
public Collection<String> getRepoIdsByRoleIds(Collection<String> roleIds) {
|
45
|
return roleIds
|
46
|
.stream()
|
47
|
//.filter(this::roleActive) // implicitly executed in the next statement
|
48
|
.map(this::getRepoIdByRoleId)
|
49
|
.filter(Objects::nonNull)
|
50
|
.collect(Collectors.toList());
|
51
|
}
|
52
|
|
53
|
@Override
|
54
|
public String getRoleIdByRepoId(String repoId) {
|
55
|
String roleId = "";
|
56
|
String prefix = (production ? "" : "beta.") + "datasource";
|
57
|
if (repoId != null) {
|
58
|
roleId = createRepoRoleName(prefix, repoId);
|
59
|
return roleId;
|
60
|
} else {
|
61
|
return null;
|
62
|
}
|
63
|
|
64
|
}
|
65
|
|
66
|
@Override
|
67
|
public Collection<String> getRoleIdsByRepoIds(Collection<String> repoIds) {
|
68
|
return repoIds
|
69
|
.stream()
|
70
|
.map(this::getRoleIdByRepoId)
|
71
|
.filter(Objects::nonNull)
|
72
|
.collect(Collectors.toList());
|
73
|
}
|
74
|
|
75
|
@Override
|
76
|
public String convertAuthorityIdToRepoId(String authorityId) {
|
77
|
String repo = "";
|
78
|
if (authorityId != null && roleActive(authorityId)) {
|
79
|
repo = authorityId
|
80
|
.replaceFirst(".*datasource\\.", "")
|
81
|
.replace("$", ":")
|
82
|
.toLowerCase();
|
83
|
}
|
84
|
return repo;
|
85
|
}
|
86
|
|
87
|
@Override
|
88
|
public String convertAuthorityToRepoId(GrantedAuthority authority) {
|
89
|
return convertAuthorityIdToRepoId(authority.toString());
|
90
|
}
|
91
|
|
92
|
@Override
|
93
|
public String convertRepoIdToAuthorityId(String repoId) {
|
94
|
StringBuilder roleBuilder = new StringBuilder();
|
95
|
String role = "";
|
96
|
if (repoId != null) {
|
97
|
roleBuilder.append(production ? "" : "beta.");
|
98
|
roleBuilder.append("datasource.");
|
99
|
roleBuilder.append(repoId.replace(":", "$"));
|
100
|
role = roleBuilder.toString().replace(".", "_").toUpperCase();
|
101
|
}
|
102
|
return role;
|
103
|
}
|
104
|
|
105
|
@Override
|
106
|
public String convertRepoIdToEncodedAuthorityId(String repoId) {
|
107
|
return URLEncoder.encode(convertRepoIdToAuthorityId(repoId));
|
108
|
}
|
109
|
|
110
|
@Override
|
111
|
public SimpleGrantedAuthority convertRepoIdToAuthority(String repoId) {
|
112
|
String role = convertRepoIdToEncodedAuthorityId(repoId);
|
113
|
return new SimpleGrantedAuthority(role);
|
114
|
}
|
115
|
|
116
|
private boolean roleActive(String roleId) {
|
117
|
return (production && !roleId.toLowerCase().startsWith("beta."))
|
118
|
|| (!production && roleId.toLowerCase().startsWith("beta."));
|
119
|
}
|
120
|
}
|