114 lines
4.0 KiB
Java
114 lines
4.0 KiB
Java
package eu.dnetlib.uoaauthorizationlibrary.security;
|
|
|
|
import org.apache.log4j.Logger;
|
|
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
|
import org.springframework.security.core.Authentication;
|
|
import org.springframework.security.core.GrantedAuthority;
|
|
import org.springframework.security.core.context.SecurityContextHolder;
|
|
import org.springframework.stereotype.Component;
|
|
|
|
import java.util.ArrayList;
|
|
import java.util.List;
|
|
import java.util.stream.Collectors;
|
|
|
|
@Component(value = "AuthorizationService")
|
|
public class AuthorizationService {
|
|
private final Logger log = Logger.getLogger(this.getClass());
|
|
|
|
public final String PORTAL_ADMIN = "PORTAL_ADMINISTRATOR";
|
|
public final String ANONYMOUS_USER = "ROLE_ANONYMOUS";
|
|
public final String REGISTERED_USER = "REGISTERED_USER";
|
|
|
|
|
|
private String mapType(String type, boolean communityMap) {
|
|
if (type.equals("organization")) {
|
|
type = "institution";
|
|
} else if (type.equals("ri") && communityMap) {
|
|
type = "community";
|
|
}
|
|
return type;
|
|
}
|
|
|
|
/**
|
|
* Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT
|
|
*/
|
|
public String curator(String type) {
|
|
return "CURATOR_" + mapType(type, true).toUpperCase();
|
|
}
|
|
|
|
/**
|
|
* Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT
|
|
*
|
|
* Id = EE, EGI, etc
|
|
*/
|
|
public String manager(String type, String id) {
|
|
return mapType(type, true).toUpperCase() + "_" + id.toUpperCase() + "_MANAGER";
|
|
}
|
|
|
|
/**
|
|
* Type = FUNDER | COMMUNITY | RI | INSTITUTION | PROJECT
|
|
*
|
|
* Id = EE, EGI, etc
|
|
*/
|
|
public String member(String type, String id) {
|
|
return mapType(type, false).toUpperCase() + "_" + id.toUpperCase();
|
|
}
|
|
|
|
public boolean isPortalAdmin() {
|
|
return getRoles().stream().anyMatch(authority -> authority.equalsIgnoreCase(PORTAL_ADMIN));
|
|
}
|
|
|
|
public boolean isCurator(String type) {
|
|
return getRoles().stream().anyMatch(authority -> authority.equalsIgnoreCase(curator(type)));
|
|
}
|
|
|
|
public boolean isManager(String type, String id) {
|
|
return getRoles().stream().anyMatch(authority -> authority.equalsIgnoreCase(manager(type, id)));
|
|
}
|
|
|
|
public boolean isMember(String type, String id) {
|
|
return getRoles().stream().anyMatch(authority -> authority.equalsIgnoreCase(member(type, id)));
|
|
}
|
|
|
|
public List<String> getRoles() {
|
|
Authentication authentication = getAuthentication();
|
|
if (authentication != null && authentication.isAuthenticated()) {
|
|
return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
|
|
}
|
|
return new ArrayList<>();
|
|
}
|
|
|
|
public String getAaiId() {
|
|
Authentication authentication = getAuthentication();
|
|
if (authentication != null && authentication.isAuthenticated()) {
|
|
if(authentication instanceof OpenAIREAuthentication) {
|
|
return ((OpenAIREAuthentication) authentication).getUser().getSub();
|
|
} else {
|
|
return ((OIDCAuthenticationToken) authentication).getUserInfo().getSub();
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
public String getEmail() {
|
|
Authentication authentication = getAuthentication();
|
|
if (authentication != null && authentication.isAuthenticated()) {
|
|
if(authentication instanceof OpenAIREAuthentication) {
|
|
return ((OpenAIREAuthentication) authentication).getUser().getEmail();
|
|
} else {
|
|
return ((OIDCAuthenticationToken) authentication).getUserInfo().getEmail();
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
private Authentication getAuthentication() {
|
|
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
|
if(authentication instanceof OpenAIREAuthentication || authentication instanceof OIDCAuthenticationToken) {
|
|
return authentication;
|
|
} else {
|
|
return null;
|
|
}
|
|
}
|
|
}
|