From 327307b7a083604355530a8b46db736d8ddd9c13 Mon Sep 17 00:00:00 2001
From: "k.triantafyllou" <k.triantafyllou@di.uoa.gr>
Date: Tue, 4 Apr 2023 14:10:28 +0300
Subject: [PATCH] Change authorities mapper property in order to check if its
 value exists in scope.

---
 .../security/initiliazers/Configurations.java     | 15 ++++++++++++++-
 .../security/initiliazers/Primitives.java         | 14 ++------------
 src/main/resources/authentication.properties      |  2 +-
 3 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Configurations.java b/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Configurations.java
index 8b439cd..0b79cc1 100644
--- a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Configurations.java
+++ b/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Configurations.java
@@ -2,9 +2,11 @@ package eu.dnetlib.loginservice.security.initiliazers;
 
 import com.sun.org.apache.xpath.internal.operations.Bool;
 import eu.dnetlib.loginservice.properties.Properties;
+import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper;
 import eu.dnetlib.loginservice.utils.ScopeReader;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.RegisteredClient;
+import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
 import org.mitre.openid.connect.config.ServerConfiguration;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
@@ -18,11 +20,22 @@ public class Configurations {
 
     private final Properties properties;
     private final ScopeReader scopeReader;
+    private final OpenAIREAuthoritiesMapper authoritiesMapper;
 
     @Autowired
-    public Configurations(Properties properties, ScopeReader scopeReader) {
+    public Configurations(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper, ScopeReader scopeReader) {
         this.properties = properties;
         this.scopeReader = scopeReader;
+        this.authoritiesMapper = authoritiesMapper;
+    }
+
+    @Bean
+    public OIDCAuthenticationProvider provider() {
+        OIDCAuthenticationProvider provider = new OIDCAuthenticationProvider();
+        if(this.properties.getAuthoritiesMapper() != null && this.scopeReader.getScopes().contains(this.properties.getAuthoritiesMapper())) {
+            provider.setAuthoritiesMapper(this.authoritiesMapper);
+        }
+        return provider;
     }
 
     @Bean
diff --git a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Primitives.java b/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Primitives.java
index 680ad4a..5e3337b 100644
--- a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Primitives.java
+++ b/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Primitives.java
@@ -17,12 +17,11 @@ import org.springframework.security.web.access.expression.DefaultWebSecurityExpr
 public class Primitives {
 
     private final Properties properties;
-    private final OpenAIREAuthoritiesMapper authoritiesMapper;;
 
     @Autowired
-    public Primitives(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper) {
+    public Primitives(Properties properties) {
         this.properties = properties;
-        this.authoritiesMapper = authoritiesMapper;
+
     }
 
     @Bean
@@ -40,15 +39,6 @@ public class Primitives {
         return new PlainAuthRequestUrlBuilder();
     }
 
-    @Bean
-    public OIDCAuthenticationProvider provider() {
-        OIDCAuthenticationProvider provider = new OIDCAuthenticationProvider();
-        if(this.properties.getAuthoritiesMapper() != null) {
-            provider.setAuthoritiesMapper(this.authoritiesMapper);
-        }
-        return provider;
-    }
-
     @Bean
     public StaticSingleIssuerService issuerService() {
         StaticSingleIssuerService issuerService = new StaticSingleIssuerService();
diff --git a/src/main/resources/authentication.properties b/src/main/resources/authentication.properties
index 73e8a2d..a83b189 100644
--- a/src/main/resources/authentication.properties
+++ b/src/main/resources/authentication.properties
@@ -12,7 +12,7 @@ authentication.session=openAIRESession
 authentication.accessToken=AccessToken
 authentication.redirect=http://mpagasas.di.uoa.gr:4600/reload
 
-#authentication.authorities-mapper=edu_person_entitlements
+#authentication.authorities-mapper=eduperson_entitlement
 
 ## API Documentation Properties
 api.title = Login Service