52 lines
1.6 KiB
Java
52 lines
1.6 KiB
Java
package org.gcube.smartgears.security;
|
|
|
|
import java.util.Collections;
|
|
import java.util.HashSet;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
|
|
import org.gcube.common.keycloak.KeycloakClient;
|
|
import org.gcube.common.keycloak.KeycloakClientFactory;
|
|
import org.gcube.common.keycloak.model.AccessToken.Access;
|
|
import org.gcube.common.keycloak.model.ModelUtils;
|
|
import org.gcube.common.keycloak.model.TokenResponse;
|
|
import org.gcube.common.scope.impl.ScopeBean;
|
|
import org.slf4j.Logger;
|
|
import org.slf4j.LoggerFactory;
|
|
|
|
public class DefaultAuthorizationProvider implements AuthorizationProvider {
|
|
|
|
private static Logger LOG = LoggerFactory.getLogger(DefaultAuthorizationProvider.class);
|
|
|
|
private SimpleCredentials credentials;
|
|
|
|
private KeycloakClient client = KeycloakClientFactory.newInstance();
|
|
|
|
@Override
|
|
public void connect(Credentials credentials) {
|
|
this.credentials = (SimpleCredentials)credentials;
|
|
}
|
|
|
|
@Override
|
|
public Set<String> getAllowedContexts() {
|
|
Set<String> contexts = new HashSet<String>();
|
|
try {
|
|
TokenResponse response = client.queryOIDCToken(credentials.getClientID(), credentials.getSecret());
|
|
Map<String, Access> resourceAccess = ModelUtils.getAccessTokenFrom(response).getResourceAccess();
|
|
for (String context : resourceAccess.keySet()) {
|
|
try {
|
|
ScopeBean scope = new ScopeBean(context.replaceAll("%2F", "/"));
|
|
contexts.add(scope.toString());
|
|
}catch (IllegalArgumentException e) {
|
|
LOG.warn("invalid context found in token: {}", context);
|
|
}
|
|
}
|
|
} catch (Exception e) {
|
|
LOG.error("error getting OIDToken from keycloak",e);
|
|
return Collections.emptySet();
|
|
}
|
|
return contexts;
|
|
}
|
|
|
|
}
|