2020-09-03 21:40:48 +02:00
|
|
|
package eu.dnetlib.uoaauthorizationlibrary.security;
|
|
|
|
|
2020-12-04 11:00:10 +01:00
|
|
|
import org.apache.log4j.Logger;
|
2021-12-07 10:23:36 +01:00
|
|
|
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
2021-11-23 14:19:50 +01:00
|
|
|
import org.springframework.security.core.Authentication;
|
2020-11-03 13:25:53 +01:00
|
|
|
import org.springframework.security.core.GrantedAuthority;
|
|
|
|
import org.springframework.security.core.context.SecurityContextHolder;
|
2020-09-03 21:40:48 +02:00
|
|
|
import org.springframework.stereotype.Component;
|
|
|
|
|
2020-11-03 13:25:53 +01:00
|
|
|
import java.util.ArrayList;
|
|
|
|
import java.util.List;
|
2021-10-04 09:20:00 +02:00
|
|
|
import java.util.stream.Collectors;
|
2020-11-03 13:25:53 +01:00
|
|
|
|
2020-09-03 21:40:48 +02:00
|
|
|
@Component(value = "AuthorizationService")
|
|
|
|
public class AuthorizationService {
|
2020-12-04 11:00:10 +01:00
|
|
|
private final Logger log = Logger.getLogger(this.getClass());
|
|
|
|
|
2020-09-03 21:40:48 +02:00
|
|
|
public final String PORTAL_ADMIN = "PORTAL_ADMINISTRATOR";
|
2020-12-04 11:00:10 +01:00
|
|
|
public final String ANONYMOUS_USER = "ROLE_ANONYMOUS";
|
2021-01-08 15:51:03 +01:00
|
|
|
public final String REGISTERED_USER = "REGISTERED_USER";
|
|
|
|
|
2020-09-03 21:40:48 +02:00
|
|
|
|
2021-01-27 14:47:55 +01:00
|
|
|
private String mapType(String type, boolean communityMap) {
|
|
|
|
if (type.equals("organization")) {
|
2020-11-03 13:25:53 +01:00
|
|
|
type = "institution";
|
2021-01-27 14:47:55 +01:00
|
|
|
} else if (type.equals("ri") && communityMap) {
|
2020-11-03 13:25:53 +01:00
|
|
|
type = "community";
|
|
|
|
}
|
|
|
|
return type;
|
|
|
|
}
|
|
|
|
|
2020-09-03 21:40:48 +02:00
|
|
|
/**
|
|
|
|
* Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT
|
2021-01-27 14:47:55 +01:00
|
|
|
*/
|
2020-09-03 21:40:48 +02:00
|
|
|
public String curator(String type) {
|
2021-01-27 14:47:55 +01:00
|
|
|
return "CURATOR_" + mapType(type, true).toUpperCase();
|
2020-09-03 21:40:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT
|
2021-12-08 12:46:09 +01:00
|
|
|
*
|
2020-09-03 21:40:48 +02:00
|
|
|
* Id = EE, EGI, etc
|
2021-01-27 14:47:55 +01:00
|
|
|
*/
|
2020-09-03 21:40:48 +02:00
|
|
|
public String manager(String type, String id) {
|
2021-01-27 14:47:55 +01:00
|
|
|
return mapType(type, true).toUpperCase() + "_" + id.toUpperCase() + "_MANAGER";
|
2020-09-03 21:40:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2021-01-27 14:47:55 +01:00
|
|
|
* Type = FUNDER | COMMUNITY | RI | INSTITUTION | PROJECT
|
2021-12-08 12:46:09 +01:00
|
|
|
*
|
2020-09-03 21:40:48 +02:00
|
|
|
* Id = EE, EGI, etc
|
2021-01-27 14:47:55 +01:00
|
|
|
*/
|
2020-09-08 15:08:44 +02:00
|
|
|
public String member(String type, String id) {
|
2021-01-27 14:47:55 +01:00
|
|
|
return mapType(type, false).toUpperCase() + "_" + id.toUpperCase();
|
2020-11-03 13:25:53 +01:00
|
|
|
}
|
|
|
|
|
2021-10-04 09:20:00 +02:00
|
|
|
public boolean isPortalAdmin() {
|
|
|
|
return getRoles().stream().anyMatch(authority -> authority.equalsIgnoreCase(PORTAL_ADMIN));
|
|
|
|
}
|
|
|
|
|
|
|
|
public boolean isCurator(String type) {
|
|
|
|
return getRoles().stream().anyMatch(authority -> authority.equalsIgnoreCase(curator(type)));
|
|
|
|
}
|
|
|
|
|
|
|
|
public boolean isManager(String type, String id) {
|
|
|
|
return getRoles().stream().anyMatch(authority -> authority.equalsIgnoreCase(manager(type, id)));
|
|
|
|
}
|
|
|
|
|
|
|
|
public boolean isMember(String type, String id) {
|
|
|
|
return getRoles().stream().anyMatch(authority -> authority.equalsIgnoreCase(member(type, id)));
|
|
|
|
}
|
|
|
|
|
2020-11-03 13:25:53 +01:00
|
|
|
public List<String> getRoles() {
|
2021-12-07 10:23:36 +01:00
|
|
|
Authentication authentication = getAuthentication();
|
2021-11-16 14:37:06 +01:00
|
|
|
if (authentication != null && authentication.isAuthenticated()) {
|
2021-10-04 09:20:00 +02:00
|
|
|
return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
|
2020-11-03 13:25:53 +01:00
|
|
|
}
|
2021-10-04 09:20:00 +02:00
|
|
|
return new ArrayList<>();
|
2020-12-04 11:00:10 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
public String getAaiId() {
|
2021-12-07 10:23:36 +01:00
|
|
|
Authentication authentication = getAuthentication();
|
2021-11-16 14:37:06 +01:00
|
|
|
if (authentication != null && authentication.isAuthenticated()) {
|
2021-12-07 10:23:36 +01:00
|
|
|
if(authentication instanceof OpenAIREAuthentication) {
|
|
|
|
return ((OpenAIREAuthentication) authentication).getUser().getSub();
|
|
|
|
} else {
|
|
|
|
return ((OIDCAuthenticationToken) authentication).getUserInfo().getSub();
|
|
|
|
}
|
2020-12-04 11:00:10 +01:00
|
|
|
}
|
|
|
|
return null;
|
2020-09-03 21:40:48 +02:00
|
|
|
}
|
2021-02-24 20:24:37 +01:00
|
|
|
|
|
|
|
public String getEmail() {
|
2021-12-07 10:23:36 +01:00
|
|
|
Authentication authentication = getAuthentication();
|
2021-11-16 14:37:06 +01:00
|
|
|
if (authentication != null && authentication.isAuthenticated()) {
|
2021-12-07 10:23:36 +01:00
|
|
|
if(authentication instanceof OpenAIREAuthentication) {
|
|
|
|
return ((OpenAIREAuthentication) authentication).getUser().getEmail();
|
|
|
|
} else {
|
|
|
|
return ((OIDCAuthenticationToken) authentication).getUserInfo().getEmail();
|
|
|
|
}
|
2021-02-24 20:24:37 +01:00
|
|
|
}
|
|
|
|
return null;
|
|
|
|
}
|
2021-11-23 14:19:50 +01:00
|
|
|
|
2021-12-07 10:23:36 +01:00
|
|
|
private Authentication getAuthentication() {
|
2021-11-23 14:19:50 +01:00
|
|
|
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
2021-12-07 10:23:36 +01:00
|
|
|
if(authentication instanceof OpenAIREAuthentication || authentication instanceof OIDCAuthenticationToken) {
|
|
|
|
return authentication;
|
2021-11-23 14:19:50 +01:00
|
|
|
} else {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
2020-09-03 21:40:48 +02:00
|
|
|
}
|