From 0b95dd49d43023f65b4f5f1eb522d21413634dba Mon Sep 17 00:00:00 2001
From: Alfredo Oliviero <alfredo.oliviero@isti.cnr.it>
Date: Tue, 16 Apr 2024 12:06:50 +0200
Subject: [PATCH] realm access roles

---
 .../org/gcube/common/security/secrets/GCubeJWTObject.java | 8 ++++++++
 .../org/gcube/common/security/secrets/UmaTokenSecret.java | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/gcube/common/security/secrets/GCubeJWTObject.java b/src/main/java/org/gcube/common/security/secrets/GCubeJWTObject.java
index 06a0dc0..e9db5d6 100644
--- a/src/main/java/org/gcube/common/security/secrets/GCubeJWTObject.java
+++ b/src/main/java/org/gcube/common/security/secrets/GCubeJWTObject.java
@@ -23,6 +23,9 @@ public class GCubeJWTObject {
 	@JsonProperty("resource_access")
 	private Map<String, Roles> contextAccess = new HashMap<>();
 
+	@JsonProperty("realm_access")
+	private List<String> realmAccess = new ArrayList<>();
+
 	@JsonProperty("preferred_username")
 	private String username;
 
@@ -56,6 +59,11 @@ public class GCubeJWTObject {
 		return contextAccess.get(this.context) == null ? MINIMAL_ROLES : contextAccess.get(this.context).roles;
 	}
 
+	public List<String> getRealmRoles(){
+		return realmAccess;
+	}
+
+
 	public String getContext() {
 		try {
 			return  URLDecoder.decode(context, StandardCharsets.UTF_8.toString());
diff --git a/src/main/java/org/gcube/common/security/secrets/UmaTokenSecret.java b/src/main/java/org/gcube/common/security/secrets/UmaTokenSecret.java
index c0fd115..a6b1710 100644
--- a/src/main/java/org/gcube/common/security/secrets/UmaTokenSecret.java
+++ b/src/main/java/org/gcube/common/security/secrets/UmaTokenSecret.java
@@ -71,7 +71,7 @@ public class UmaTokenSecret extends Secret {
 				
 				this.accessToken = objectMapper.readValue(decodedAccessPart, AccessToken.class);
 				GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class);
-				owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService(), obj.isApplication());
+				owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getRealmRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService(), obj.isApplication());
 				owner.setClientName(obj.getClientName());
 				owner.setContactOrganisation(obj.getContactOrganisation());
 				owner.setClientName(obj.getClientName());