uoa-repository-manager-service/src/main/java/eu/dnetlib/repo/manager/config/OpenAireProviderAuthoritiesMapper.java

package eu.dnetlib.repo.manager.config;

import com.nimbusds.jwt.JWT;
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
import org.mitre.openid.connect.model.UserInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

import java.util.*;

public class OpenAireProviderAuthoritiesMapper implements OIDCAuthoritiesMapper {

    private static Logger logger = LoggerFactory.getLogger(OpenAireProviderAuthoritiesMapper.class);

    final private static String ROLE_CLAIMS = "edu_person_entitlements";

    private Map<String,SimpleGrantedAuthority> userRolesMap;

    OpenAireProviderAuthoritiesMapper(Map<String,String> userRoles) {
        userRolesMap = new HashMap<>();
        userRoles.forEach((openaireRole, appRole) -> userRolesMap.put(openaireRole, new SimpleGrantedAuthority(appRole)));
    }

    @Override
    public Collection<? extends GrantedAuthority> mapAuthorities(JWT idToken, UserInfo userInfo) {
        Set<GrantedAuthority> out = new HashSet<>();
        out.add(new SimpleGrantedAuthority("ROLE_USER"));

        if(userInfo.getSource().getAsJsonArray(ROLE_CLAIMS) != null) {
            userInfo.getSource().getAsJsonArray(ROLE_CLAIMS).forEach(role -> {
                SimpleGrantedAuthority authority = userRolesMap.get(role.getAsString());
                if (authority != null) {
                    logger.debug("Role mapped " + role);
                    out.add(authority);
                }
            });
        }
        return out;
    }
}