Change authorities mapper property in order to check if its value exists in scope.
This commit is contained in:
parent
b2f77d3e2e
commit
327307b7a0
|
@ -2,9 +2,11 @@ package eu.dnetlib.loginservice.security.initiliazers;
|
||||||
|
|
||||||
import com.sun.org.apache.xpath.internal.operations.Bool;
|
import com.sun.org.apache.xpath.internal.operations.Bool;
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
import eu.dnetlib.loginservice.properties.Properties;
|
||||||
|
import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper;
|
||||||
import eu.dnetlib.loginservice.utils.ScopeReader;
|
import eu.dnetlib.loginservice.utils.ScopeReader;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.oauth2.model.RegisteredClient;
|
import org.mitre.oauth2.model.RegisteredClient;
|
||||||
|
import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
|
||||||
import org.mitre.openid.connect.config.ServerConfiguration;
|
import org.mitre.openid.connect.config.ServerConfiguration;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
|
@ -18,11 +20,22 @@ public class Configurations {
|
||||||
|
|
||||||
private final Properties properties;
|
private final Properties properties;
|
||||||
private final ScopeReader scopeReader;
|
private final ScopeReader scopeReader;
|
||||||
|
private final OpenAIREAuthoritiesMapper authoritiesMapper;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
public Configurations(Properties properties, ScopeReader scopeReader) {
|
public Configurations(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper, ScopeReader scopeReader) {
|
||||||
this.properties = properties;
|
this.properties = properties;
|
||||||
this.scopeReader = scopeReader;
|
this.scopeReader = scopeReader;
|
||||||
|
this.authoritiesMapper = authoritiesMapper;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public OIDCAuthenticationProvider provider() {
|
||||||
|
OIDCAuthenticationProvider provider = new OIDCAuthenticationProvider();
|
||||||
|
if(this.properties.getAuthoritiesMapper() != null && this.scopeReader.getScopes().contains(this.properties.getAuthoritiesMapper())) {
|
||||||
|
provider.setAuthoritiesMapper(this.authoritiesMapper);
|
||||||
|
}
|
||||||
|
return provider;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|
|
@ -17,12 +17,11 @@ import org.springframework.security.web.access.expression.DefaultWebSecurityExpr
|
||||||
public class Primitives {
|
public class Primitives {
|
||||||
|
|
||||||
private final Properties properties;
|
private final Properties properties;
|
||||||
private final OpenAIREAuthoritiesMapper authoritiesMapper;;
|
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
public Primitives(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper) {
|
public Primitives(Properties properties) {
|
||||||
this.properties = properties;
|
this.properties = properties;
|
||||||
this.authoritiesMapper = authoritiesMapper;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
@ -40,15 +39,6 @@ public class Primitives {
|
||||||
return new PlainAuthRequestUrlBuilder();
|
return new PlainAuthRequestUrlBuilder();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
|
||||||
public OIDCAuthenticationProvider provider() {
|
|
||||||
OIDCAuthenticationProvider provider = new OIDCAuthenticationProvider();
|
|
||||||
if(this.properties.getAuthoritiesMapper() != null) {
|
|
||||||
provider.setAuthoritiesMapper(this.authoritiesMapper);
|
|
||||||
}
|
|
||||||
return provider;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public StaticSingleIssuerService issuerService() {
|
public StaticSingleIssuerService issuerService() {
|
||||||
StaticSingleIssuerService issuerService = new StaticSingleIssuerService();
|
StaticSingleIssuerService issuerService = new StaticSingleIssuerService();
|
||||||
|
|
|
@ -12,7 +12,7 @@ authentication.session=openAIRESession
|
||||||
authentication.accessToken=AccessToken
|
authentication.accessToken=AccessToken
|
||||||
authentication.redirect=http://mpagasas.di.uoa.gr:4600/reload
|
authentication.redirect=http://mpagasas.di.uoa.gr:4600/reload
|
||||||
|
|
||||||
#authentication.authorities-mapper=edu_person_entitlements
|
#authentication.authorities-mapper=eduperson_entitlement
|
||||||
|
|
||||||
## API Documentation Properties
|
## API Documentation Properties
|
||||||
api.title = Login Service
|
api.title = Login Service
|
||||||
|
|
Loading…
Reference in New Issue