Search in sources :

Example 1 with GroupMappingEntity

use of io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity in project gravitee-management-rest-api by gravitee-io.

the class UserServiceImpl method computeUserGroupsFromProfile.

/**
 * Calculate the list of groups to associate to a user according to its OIDC profile (ie. UserInfo)
 *
 * @param userId
 * @param mappings
 * @param userInfo
 * @return
 */
private Set<GroupEntity> computeUserGroupsFromProfile(String userId, List<GroupMappingEntity> mappings, String userInfo) {
    if (mappings == null || mappings.isEmpty()) {
        return Collections.emptySet();
    }
    Set<GroupEntity> groups = new HashSet<>();
    for (GroupMappingEntity mapping : mappings) {
        TemplateEngine templateEngine = TemplateEngine.templateEngine();
        templateEngine.getTemplateContext().setVariable(TEMPLATE_ENGINE_PROFILE_ATTRIBUTE, userInfo);
        boolean match = templateEngine.getValue(mapping.getCondition(), boolean.class);
        trace(userId, match, mapping.getCondition());
        // Get groups
        if (match) {
            for (String groupName : mapping.getGroups()) {
                try {
                    groups.add(groupService.findById(groupName));
                } catch (GroupNotFoundException gnfe) {
                    LOGGER.warn("Unable to map user groups, missing group in repository: {}", groupName);
                }
            }
        }
    }
    return groups;
}
Also used : TemplateEngine(io.gravitee.el.TemplateEngine) GroupMappingEntity(io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity) UuidString(io.gravitee.rest.api.service.common.UuidString)

Example 2 with GroupMappingEntity

use of io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResourceTest method mockGroupsMapping.

private void mockGroupsMapping() {
    GroupMappingEntity condition1 = new GroupMappingEntity();
    condition1.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_5' && #jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
    condition1.setGroups(Arrays.asList("Example group", "soft user"));
    identityProvider.getGroupMappings().add(condition1);
    GroupMappingEntity condition2 = new GroupMappingEntity();
    condition2.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_6'}");
    condition2.setGroups(Collections.singletonList("Others"));
    identityProvider.getGroupMappings().add(condition2);
    GroupMappingEntity condition3 = new GroupMappingEntity();
    condition3.setCondition("{#jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
    condition3.setGroups(Collections.singletonList("Api consumer"));
    identityProvider.getGroupMappings().add(condition3);
}
Also used : GroupMappingEntity(io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity)

Example 3 with GroupMappingEntity

use of io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity in project gravitee-management-rest-api by gravitee-io.

the class UserServiceTest method shouldSpelEvaluationExceptionWhenWrongELGroupsMapping.

@Test(expected = ExpressionEvaluationException.class)
public void shouldSpelEvaluationExceptionWhenWrongELGroupsMapping() throws IOException, TechnicalException {
    reset(identityProvider, userRepository);
    mockDefaultEnvironment();
    GroupMappingEntity condition1 = new GroupMappingEntity();
    condition1.setCondition("Some Soup");
    condition1.setGroups(Arrays.asList("Example group", "soft user"));
    GroupMappingEntity condition2 = new GroupMappingEntity();
    condition2.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_6'}");
    condition2.setGroups(Collections.singletonList("Others"));
    GroupMappingEntity condition3 = new GroupMappingEntity();
    condition3.setCondition("{#jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
    condition3.setGroups(Collections.singletonList("Api consumer"));
    when(identityProvider.getGroupMappings()).thenReturn(Arrays.asList(condition1, condition2, condition3));
    String userInfo = IOUtils.toString(read("/oauth2/json/user_info_response_body.json"), Charset.defaultCharset());
    userService.createOrUpdateUserFromSocialIdentityProvider(identityProvider, userInfo);
}
Also used : GroupMappingEntity(io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity) Test(org.junit.Test)

Example 4 with GroupMappingEntity

use of io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResourceTest method init.

@Before
public void init() {
    identityProvider = new SocialIdentityProviderEntity() {

        @Override
        public String getId() {
            return USER_SOURCE_OAUTH2;
        }

        @Override
        public IdentityProviderType getType() {
            return IdentityProviderType.OIDC;
        }

        @Override
        public String getAuthorizationEndpoint() {
            return null;
        }

        @Override
        public String getTokenEndpoint() {
            return "http://localhost:" + wireMockRule.port() + "/token";
        }

        @Override
        public String getUserInfoEndpoint() {
            return "http://localhost:" + wireMockRule.port() + "/userinfo";
        }

        @Override
        public List<String> getRequiredUrlParams() {
            return null;
        }

        @Override
        public List<String> getOptionalUrlParams() {
            return null;
        }

        @Override
        public List<String> getScopes() {
            return null;
        }

        @Override
        public String getDisplay() {
            return null;
        }

        @Override
        public String getColor() {
            return null;
        }

        @Override
        public String getClientSecret() {
            return "the_client_secret";
        }

        private Map<String, String> userProfileMapping = new HashMap<>();

        @Override
        public Map<String, String> getUserProfileMapping() {
            return userProfileMapping;
        }

        private List<GroupMappingEntity> groupMappings = new ArrayList<>();

        @Override
        public List<GroupMappingEntity> getGroupMappings() {
            return groupMappings;
        }

        private List<RoleMappingEntity> roleMappings = new ArrayList<>();

        @Override
        public List<RoleMappingEntity> getRoleMappings() {
            return roleMappings;
        }

        @Override
        public boolean isEmailRequired() {
            return true;
        }
    };
    when(socialIdentityProviderService.findById(eq(USER_SOURCE_OAUTH2), any())).thenReturn(identityProvider);
    cleanEnvironment();
    cleanRolesGroupMapping();
    reset(userService, groupService, roleService, membershipService);
}
Also used : RoleMappingEntity(io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) GroupMappingEntity(io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity) SocialIdentityProviderEntity(io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity) IdentityProviderType(io.gravitee.rest.api.model.configuration.identity.IdentityProviderType) HashMap(java.util.HashMap) Map(java.util.Map) Before(org.junit.Before)

Example 5 with GroupMappingEntity

use of io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResourceTest method init.

@Before
public void init() {
    identityProvider = new SocialIdentityProviderEntity() {

        private Map<String, String> userProfileMapping = new HashMap<>();

        private List<GroupMappingEntity> groupMappings = new ArrayList<>();

        private List<RoleMappingEntity> roleMappings = new ArrayList<>();

        @Override
        public String getId() {
            return USER_SOURCE_OAUTH2;
        }

        @Override
        public IdentityProviderType getType() {
            return IdentityProviderType.OIDC;
        }

        @Override
        public String getAuthorizationEndpoint() {
            return null;
        }

        @Override
        public String getTokenEndpoint() {
            return "http://localhost:" + wireMockRule.port() + "/token";
        }

        @Override
        public String getUserInfoEndpoint() {
            return "http://localhost:" + wireMockRule.port() + "/userinfo";
        }

        @Override
        public List<String> getRequiredUrlParams() {
            return null;
        }

        @Override
        public List<String> getOptionalUrlParams() {
            return null;
        }

        @Override
        public List<String> getScopes() {
            return null;
        }

        @Override
        public String getDisplay() {
            return null;
        }

        @Override
        public String getColor() {
            return null;
        }

        @Override
        public String getClientSecret() {
            return "the_client_secret";
        }

        @Override
        public Map<String, String> getUserProfileMapping() {
            return userProfileMapping;
        }

        @Override
        public List<GroupMappingEntity> getGroupMappings() {
            return groupMappings;
        }

        @Override
        public List<RoleMappingEntity> getRoleMappings() {
            return roleMappings;
        }

        @Override
        public boolean isEmailRequired() {
            return true;
        }
    };
    when(socialIdentityProviderService.findById(eq(USER_SOURCE_OAUTH2), any())).thenReturn(identityProvider);
    cleanEnvironment();
    cleanRolesGroupMapping();
    reset(userService, groupService, roleService, membershipService);
}
Also used : RoleMappingEntity(io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity) GroupMappingEntity(io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity) SocialIdentityProviderEntity(io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity) IdentityProviderType(io.gravitee.rest.api.model.configuration.identity.IdentityProviderType) Before(org.junit.Before)

Aggregations

GroupMappingEntity (io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity)7 IdentityProviderType (io.gravitee.rest.api.model.configuration.identity.IdentityProviderType)2 RoleMappingEntity (io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity)2 SocialIdentityProviderEntity (io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity)2 Before (org.junit.Before)2 TemplateEngine (io.gravitee.el.TemplateEngine)1 UuidString (io.gravitee.rest.api.service.common.UuidString)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 Test (org.junit.Test)1