Fixed getRoles refs #22754
This commit is contained in:
parent
464515262f
commit
6c9dd41851
|
|
@ -1,12 +1,15 @@
|
|||
package org.gcube.common.authorization.utils.secret;
|
||||
|
||||
import java.net.URLDecoder;
|
||||
import java.net.URLEncoder;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Base64;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
|
@ -19,6 +22,7 @@ import org.gcube.common.authorization.utils.user.KeycloakUser;
|
|||
import org.gcube.common.authorization.utils.user.User;
|
||||
import org.gcube.common.keycloak.KeycloakClientFactory;
|
||||
import org.gcube.common.keycloak.model.AccessToken;
|
||||
import org.gcube.common.keycloak.model.AccessToken.Access;
|
||||
import org.gcube.common.keycloak.model.ModelUtils;
|
||||
import org.gcube.common.keycloak.model.RefreshToken;
|
||||
import org.gcube.common.keycloak.model.TokenResponse;
|
||||
|
|
@ -44,6 +48,10 @@ public class JWTSecret extends Secret {
|
|||
protected AccessToken accessToken;
|
||||
protected TokenResponse tokenResponse;
|
||||
protected RenewalProvider renewalProvider;
|
||||
protected Set<String> roles;
|
||||
protected ClientInfo clientInfo;
|
||||
protected Caller caller;
|
||||
protected String context;
|
||||
|
||||
public JWTSecret(String token) {
|
||||
super(10, token);
|
||||
|
|
@ -105,37 +113,58 @@ public class JWTSecret extends Secret {
|
|||
}
|
||||
return accessToken;
|
||||
}
|
||||
|
||||
protected Set<String> getRoles() throws Exception{
|
||||
if(roles == null) {
|
||||
Map<String,Access> accesses = getAccessToken().getResourceAccess();
|
||||
String context = getContext();
|
||||
Access access = accesses.get(URLEncoder.encode(context, StandardCharsets.UTF_8.toString()));
|
||||
if(access != null) {
|
||||
roles = access.getRoles();
|
||||
}else {
|
||||
roles = new HashSet<>();
|
||||
}
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ClientInfo getClientInfo() throws Exception {
|
||||
getAccessToken();
|
||||
List<String> roles = new ArrayList<>(accessToken.getRealmAccess().getRoles());
|
||||
ClientInfo clientInfo = new UserInfo(accessToken.getPreferredUsername(), roles, accessToken.getEmail(), accessToken.getGivenName(), accessToken.getFamilyName());
|
||||
if(clientInfo==null) {
|
||||
getAccessToken();
|
||||
List<String> roles = new ArrayList<>(getRoles());
|
||||
clientInfo = new UserInfo(accessToken.getPreferredUsername(), roles, accessToken.getEmail(), accessToken.getGivenName(), accessToken.getFamilyName());
|
||||
}
|
||||
return clientInfo;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Caller getCaller() throws Exception {
|
||||
Caller caller = new Caller(getClientInfo(), "token");
|
||||
if(caller==null) {
|
||||
caller = new Caller(getClientInfo(), "token");
|
||||
}
|
||||
return caller;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getContext() throws Exception {
|
||||
String context = null;
|
||||
String[] audience = getAccessToken().getAudience();
|
||||
for (String aud : audience) {
|
||||
if (aud != null && aud.compareTo("") != 0) {
|
||||
try {
|
||||
context = URLDecoder.decode(context, StandardCharsets.UTF_8.toString());
|
||||
ScopeBean scopeBean = new ScopeBean(context);
|
||||
return scopeBean.toString();
|
||||
} catch (Exception e) {
|
||||
logger.error("Invalid context name for audience {} in access token. Trying next one if any.", aud, e);
|
||||
if(context==null) {
|
||||
String[] audience = getAccessToken().getAudience();
|
||||
for (String aud : audience) {
|
||||
if (aud != null && aud.compareTo("") != 0) {
|
||||
try {
|
||||
String contextToBeValidated = URLDecoder.decode(aud, StandardCharsets.UTF_8.toString());
|
||||
ScopeBean scopeBean = new ScopeBean(contextToBeValidated);
|
||||
context = scopeBean.toString();
|
||||
return context;
|
||||
} catch (Exception e) {
|
||||
logger.error("Invalid context name for audience {} in access token. Trying next one if any.", aud, e);
|
||||
}
|
||||
}
|
||||
}
|
||||
throw new Exception("Invalid context in access token");
|
||||
}
|
||||
throw new Exception("Invalid context in access token");
|
||||
return context;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -187,6 +216,7 @@ public class JWTSecret extends Secret {
|
|||
ObjectMapper objectMapper = new ObjectMapper();
|
||||
String accessTokenString = objectMapper.writeValueAsString(accessToken);
|
||||
user = objectMapper.readValue(accessTokenString, KeycloakUser.class);
|
||||
user.setRoles(getRoles());
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException();
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue