Change authorities mapper property in order to check if its value exists in scope.

src/main/java/eu/dnetlib/loginservice/security/initiliazers/Configurations.java

@@ -2,9 +2,11 @@ package eu.dnetlib.loginservice.security.initiliazers;
 
 import com.sun.org.apache.xpath.internal.operations.Bool;
 import eu.dnetlib.loginservice.properties.Properties;
+import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper;
 import eu.dnetlib.loginservice.utils.ScopeReader;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.RegisteredClient;
+import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
 import org.mitre.openid.connect.config.ServerConfiguration;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
@@ -18,11 +20,22 @@ public class Configurations {
 
     private final Properties properties;
     private final ScopeReader scopeReader;
+    private final OpenAIREAuthoritiesMapper authoritiesMapper;
 
     @Autowired
-    public Configurations(Properties properties, ScopeReader scopeReader) {
+    public Configurations(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper, ScopeReader scopeReader) {
         this.properties = properties;
         this.scopeReader = scopeReader;
+        this.authoritiesMapper = authoritiesMapper;
+    }
+
+    @Bean
+    public OIDCAuthenticationProvider provider() {
+        OIDCAuthenticationProvider provider = new OIDCAuthenticationProvider();
+        if(this.properties.getAuthoritiesMapper() != null && this.scopeReader.getScopes().contains(this.properties.getAuthoritiesMapper())) {
+            provider.setAuthoritiesMapper(this.authoritiesMapper);
+        }
+        return provider;
     }
 
     @Bean

src/main/java/eu/dnetlib/loginservice/security/initiliazers/Primitives.java

@@ -17,12 +17,11 @@ import org.springframework.security.web.access.expression.DefaultWebSecurityExpr
 public class Primitives {
 
     private final Properties properties;
-    private final OpenAIREAuthoritiesMapper authoritiesMapper;;
 
     @Autowired
-    public Primitives(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper) {
+    public Primitives(Properties properties) {
         this.properties = properties;
-        this.authoritiesMapper = authoritiesMapper;
+
     }
 
     @Bean
@@ -40,15 +39,6 @@ public class Primitives {
         return new PlainAuthRequestUrlBuilder();
     }
 
-    @Bean
-    public OIDCAuthenticationProvider provider() {
-        OIDCAuthenticationProvider provider = new OIDCAuthenticationProvider();
-        if(this.properties.getAuthoritiesMapper() != null) {
-            provider.setAuthoritiesMapper(this.authoritiesMapper);
-        }
-        return provider;
-    }
-
     @Bean
     public StaticSingleIssuerService issuerService() {
         StaticSingleIssuerService issuerService = new StaticSingleIssuerService();

src/main/resources/authentication.properties

@@ -12,7 +12,7 @@ authentication.session=openAIRESession
 authentication.accessToken=AccessToken
 authentication.redirect=http://mpagasas.di.uoa.gr:4600/reload
 
-#authentication.authorities-mapper=edu_person_entitlements
+#authentication.authorities-mapper=eduperson_entitlement
 
 ## API Documentation Properties
 api.title = Login Service