org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper Java Examples

The following examples show how to use org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityConfiguration.java    From java-microservices-examples with Apache License 2.0 7 votes vote down vote up
/**
 * Map authorities from "groups" or "roles" claim in ID Token.
 *
 * @return a {@link GrantedAuthoritiesMapper} that maps groups from
 * the IdP to Spring Security Authorities.
 */
@Bean
@SuppressWarnings("unchecked")
public GrantedAuthoritiesMapper userAuthoritiesMapper() {
    return (authorities) -> {
        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();

        authorities.forEach(authority -> {
            OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) authority;
            OidcUserInfo userInfo = oidcUserAuthority.getUserInfo();
            Collection<String> groups = (Collection<String>) userInfo.getClaims().get("groups");
            if (groups == null) {
                groups = (Collection<String>) userInfo.getClaims().get("roles");
            }
            mappedAuthorities.addAll(groups.stream()
                .filter(group -> group.startsWith("ROLE_"))
                .map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
        });

        return mappedAuthorities;
    };
}
 
Example #2
Source File: SecurityConfiguration.java    From java-microservices-examples with Apache License 2.0 6 votes vote down vote up
/**
 * Map authorities from "groups" or "roles" claim in ID Token.
 *
 * @return a {@link GrantedAuthoritiesMapper} that maps groups from
 * the IdP to Spring Security Authorities.
 */
@Bean
@SuppressWarnings("unchecked")
public GrantedAuthoritiesMapper userAuthoritiesMapper() {
    return (authorities) -> {
        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();

        authorities.forEach(authority -> {
            OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) authority;
            OidcUserInfo userInfo = oidcUserAuthority.getUserInfo();
            Collection<String> groups = (Collection<String>) userInfo.getClaims().get("groups");
            if (groups == null) {
                groups = (Collection<String>) userInfo.getClaims().get("roles");
            }
            mappedAuthorities.addAll(groups.stream()
                .filter(group -> group.startsWith("ROLE_"))
                .map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
        });

        return mappedAuthorities;
    };
}
 
Example #3
Source File: SecurityConfiguration.java    From java-microservices-examples with Apache License 2.0 6 votes vote down vote up
/**
 * Map authorities from "groups" or "roles" claim in ID Token.
 *
 * @return a {@link GrantedAuthoritiesMapper} that maps groups from
 * the IdP to Spring Security Authorities.
 */
@Bean
@SuppressWarnings("unchecked")
public GrantedAuthoritiesMapper userAuthoritiesMapper() {
    return (authorities) -> {
        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();

        authorities.forEach(authority -> {
            OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) authority;
            OidcUserInfo userInfo = oidcUserAuthority.getUserInfo();
            Collection<String> groups = (Collection<String>) userInfo.getClaims().get("groups");
            if (groups == null) {
                groups = (Collection<String>) userInfo.getClaims().get("roles");
            }
            mappedAuthorities.addAll(groups.stream()
                .filter(group -> group.startsWith("ROLE_"))
                .map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
        });

        return mappedAuthorities;
    };
}
 
Example #4
Source File: SecurityConfig.java    From oauth2-client with MIT License 5 votes vote down vote up
/**
 * 从user-info-uri 返回结果中抽取权限信息,如角色等,默认为scope
 * Mapping User Authorities
 * https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#oauth2login-advanced-map-authorities
 */
@Deprecated
private GrantedAuthoritiesMapper userAuthoritiesMapper() {
    return (authorities) -> {
        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();

        authorities.forEach(authority -> {
            if (OidcUserAuthority.class.isInstance(authority)) {
                OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) authority;
                OidcIdToken idToken = oidcUserAuthority.getIdToken();
                OidcUserInfo userInfo = oidcUserAuthority.getUserInfo();

                System.out.println(oidcUserAuthority);

                // Map the claims found in idToken and/or userInfo
                // to one or more GrantedAuthority's and add it to mappedAuthorities

            } else if (OAuth2UserAuthority.class.isInstance(authority)) {
                OAuth2UserAuthority oauth2UserAuthority = (OAuth2UserAuthority) authority;

                Map<String, Object> userAttributes = oauth2UserAuthority.getAttributes();
                System.out.println(userAttributes);
                // Map the attributes found in userAttributes
                // to one or more GrantedAuthority's and add it to mappedAuthorities

            } else if (SimpleGrantedAuthority.class.isInstance(authority)) {
                SimpleGrantedAuthority simpleGrantedAuthority = (SimpleGrantedAuthority) authority;

                System.out.println(simpleGrantedAuthority);

            }
        });

        return mappedAuthorities;
    };
}
 
Example #5
Source File: OAuth2SecurityConfiguration.java    From jhipster-registry with Apache License 2.0 5 votes vote down vote up
@Bean
@SuppressWarnings("unchecked")
public GrantedAuthoritiesMapper userAuthoritiesMapper() {
    return (authorities) -> {
        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();

        authorities.forEach(authority -> {
            OidcUserInfo userInfo = null;
            // Check for OidcUserAuthority because Spring Security 5.2 returns
            // each scope as a GrantedAuthority, which we don't care about.
            if (authority instanceof OidcUserAuthority) {
                OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) authority;
                userInfo = oidcUserAuthority.getUserInfo();
            }
            if (userInfo == null) {
                mappedAuthorities.add(new SimpleGrantedAuthority(AuthoritiesConstants.USER));
            } else {
                Map<String, Object> claims = userInfo.getClaims();
                Collection<String> groups = (Collection<String>) claims.getOrDefault("groups",
                    claims.getOrDefault("roles", new ArrayList<>()));

                mappedAuthorities.addAll(groups.stream()
                    .filter(group -> group.startsWith("ROLE_"))
                    .map(SimpleGrantedAuthority::new)
                    .collect(toList()));
            }
        });

        return mappedAuthorities;
    };
}
 
Example #6
Source File: ReverseProxyIdolSecurityCustomizer.java    From find with MIT License 5 votes vote down vote up
@Autowired
public ReverseProxyIdolSecurityCustomizer(
        final UserService userService,
        final GrantedAuthoritiesMapper grantedAuthoritiesMapper,
        @Value("${find.reverse-proxy.pre-authenticated-roles}") final String preAuthenticatedRoles,
        @Value("${find.reverse-proxy.pre-authenticated-username}") final String preAuthenticatedUsername
) {

    this.userService = userService;
    this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
    this.preAuthenticatedRoles = preAuthenticatedRoles;
    this.preAuthenticatedUsername = preAuthenticatedUsername;
}
 
Example #7
Source File: UserConfiguration.java    From find with MIT License 5 votes vote down vote up
@Bean
public GrantedAuthoritiesMapper grantedAuthoritiesMapper() {
    final Map<String, String> rolesMap = new CaseInsensitiveMap<>();

    rolesMap.put(FindCommunityRole.USER.value(), FindRole.USER.toString());
    rolesMap.put(FindCommunityRole.ADMIN.value(), FindRole.ADMIN.toString());

    if (enableBi) {
        rolesMap.put(FindCommunityRole.BI.value(), FindRole.BI.toString());
    }

    return new OneToOneOrZeroSimpleAuthorityMapper(Collections.unmodifiableMap(rolesMap));
}
 
Example #8
Source File: KeycloakSpringAdapterUtils.java    From smartling-keycloak-extras with Apache License 2.0 5 votes vote down vote up
/**
 * Creates a {@link GrantedAuthority} collection from the given {@link KeycloakSecurityContext}.
 *
 * @param context the current <code>RefreshableKeycloakSecurityContext</code> (required)
 * @param mapper an optional {@link GrantedAuthoritiesMapper} to convert the
 * authorities loaded the given <code>context</code> which will be used in the
 * {@code Authentication} object
 *
 * @return a {@link GrantedAuthority} collection if any; an empty list otherwise
 */
public static Collection<? extends GrantedAuthority> createGrantedAuthorities(RefreshableKeycloakSecurityContext context, GrantedAuthoritiesMapper mapper) {
    Assert.notNull(context, "RefreshableKeycloakSecurityContext cannot be null");
    List<KeycloakRole> grantedAuthorities = new ArrayList<>();

    for (String role : AdapterUtils.getRolesFromSecurityContext(context)) {
        grantedAuthorities.add(new KeycloakRole(role));
    }

    return mapper != null ? mapper.mapAuthorities(grantedAuthorities) : Collections.unmodifiableList(grantedAuthorities);
}
 
Example #9
Source File: FirebaseAuthenticationProvider.java    From zhcet-web with Apache License 2.0 4 votes vote down vote up
@Autowired(required = false)
public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
    this.authoritiesMapper = authoritiesMapper;
}
 
Example #10
Source File: OidcUserManagementAutoConfiguration.java    From hawkbit with Eclipse Public License 1.0 4 votes vote down vote up
JwtAuthoritiesExtractor(final GrantedAuthoritiesMapper authoritiesMapper) {
    super();

    this.authoritiesMapper = authoritiesMapper;
}
 
Example #11
Source File: FederationAuthenticationProvider.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
    this.authoritiesMapper = authoritiesMapper;
}
 
Example #12
Source File: UserDetailsServiceImpl.java    From molgenis with GNU Lesser General Public License v3.0 4 votes vote down vote up
public UserDetailsServiceImpl(
    DataService dataService, GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
  this.dataService = requireNonNull(dataService);
  this.grantedAuthoritiesMapper = requireNonNull(grantedAuthoritiesMapper);
}
 
Example #13
Source File: MolgenisWebAppSecurityConfig.java    From molgenis with GNU Lesser General Public License v3.0 4 votes vote down vote up
@Bean
public GrantedAuthoritiesMapper roleHierarchyAuthoritiesMapper() {
  return new RoleHierarchyAuthoritiesMapper(roleHierarchyBean());
}
 
Example #14
Source File: KeycloakAuthenticationProvider.java    From keycloak with Apache License 2.0 4 votes vote down vote up
public void setGrantedAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
    this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
}
 
Example #15
Source File: DirectAccessGrantAuthenticationProvider.java    From smartling-keycloak-extras with Apache License 2.0 2 votes vote down vote up
/**
 * Set the optional {@link GrantedAuthoritiesMapper} for this {@link AuthenticationProvider}.
 *
 * @param grantedAuthoritiesMapper the <code>GrantedAuthoritiesMapper</code> to use
 */
public void setGrantedAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
    this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
}