use of io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity in project gravitee-management-rest-api by gravitee-io.
the class UserServiceImpl method computeUserGroupsFromProfile.
/**
* Calculate the list of groups to associate to a user according to its OIDC profile (ie. UserInfo)
*
* @param userId
* @param mappings
* @param userInfo
* @return
*/
private Set<GroupEntity> computeUserGroupsFromProfile(String userId, List<GroupMappingEntity> mappings, String userInfo) {
if (mappings == null || mappings.isEmpty()) {
return Collections.emptySet();
}
Set<GroupEntity> groups = new HashSet<>();
for (GroupMappingEntity mapping : mappings) {
TemplateEngine templateEngine = TemplateEngine.templateEngine();
templateEngine.getTemplateContext().setVariable(TEMPLATE_ENGINE_PROFILE_ATTRIBUTE, userInfo);
boolean match = templateEngine.getValue(mapping.getCondition(), boolean.class);
trace(userId, match, mapping.getCondition());
// Get groups
if (match) {
for (String groupName : mapping.getGroups()) {
try {
groups.add(groupService.findById(groupName));
} catch (GroupNotFoundException gnfe) {
LOGGER.warn("Unable to map user groups, missing group in repository: {}", groupName);
}
}
}
}
return groups;
}
use of io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResourceTest method mockGroupsMapping.
private void mockGroupsMapping() {
GroupMappingEntity condition1 = new GroupMappingEntity();
condition1.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_5' && #jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
condition1.setGroups(Arrays.asList("Example group", "soft user"));
identityProvider.getGroupMappings().add(condition1);
GroupMappingEntity condition2 = new GroupMappingEntity();
condition2.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_6'}");
condition2.setGroups(Collections.singletonList("Others"));
identityProvider.getGroupMappings().add(condition2);
GroupMappingEntity condition3 = new GroupMappingEntity();
condition3.setCondition("{#jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
condition3.setGroups(Collections.singletonList("Api consumer"));
identityProvider.getGroupMappings().add(condition3);
}
use of io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity in project gravitee-management-rest-api by gravitee-io.
the class UserServiceTest method shouldSpelEvaluationExceptionWhenWrongELGroupsMapping.
@Test(expected = ExpressionEvaluationException.class)
public void shouldSpelEvaluationExceptionWhenWrongELGroupsMapping() throws IOException, TechnicalException {
reset(identityProvider, userRepository);
mockDefaultEnvironment();
GroupMappingEntity condition1 = new GroupMappingEntity();
condition1.setCondition("Some Soup");
condition1.setGroups(Arrays.asList("Example group", "soft user"));
GroupMappingEntity condition2 = new GroupMappingEntity();
condition2.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_6'}");
condition2.setGroups(Collections.singletonList("Others"));
GroupMappingEntity condition3 = new GroupMappingEntity();
condition3.setCondition("{#jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
condition3.setGroups(Collections.singletonList("Api consumer"));
when(identityProvider.getGroupMappings()).thenReturn(Arrays.asList(condition1, condition2, condition3));
String userInfo = IOUtils.toString(read("/oauth2/json/user_info_response_body.json"), Charset.defaultCharset());
userService.createOrUpdateUserFromSocialIdentityProvider(identityProvider, userInfo);
}
use of io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResourceTest method init.
@Before
public void init() {
identityProvider = new SocialIdentityProviderEntity() {
@Override
public String getId() {
return USER_SOURCE_OAUTH2;
}
@Override
public IdentityProviderType getType() {
return IdentityProviderType.OIDC;
}
@Override
public String getAuthorizationEndpoint() {
return null;
}
@Override
public String getTokenEndpoint() {
return "http://localhost:" + wireMockRule.port() + "/token";
}
@Override
public String getUserInfoEndpoint() {
return "http://localhost:" + wireMockRule.port() + "/userinfo";
}
@Override
public List<String> getRequiredUrlParams() {
return null;
}
@Override
public List<String> getOptionalUrlParams() {
return null;
}
@Override
public List<String> getScopes() {
return null;
}
@Override
public String getDisplay() {
return null;
}
@Override
public String getColor() {
return null;
}
@Override
public String getClientSecret() {
return "the_client_secret";
}
private Map<String, String> userProfileMapping = new HashMap<>();
@Override
public Map<String, String> getUserProfileMapping() {
return userProfileMapping;
}
private List<GroupMappingEntity> groupMappings = new ArrayList<>();
@Override
public List<GroupMappingEntity> getGroupMappings() {
return groupMappings;
}
private List<RoleMappingEntity> roleMappings = new ArrayList<>();
@Override
public List<RoleMappingEntity> getRoleMappings() {
return roleMappings;
}
@Override
public boolean isEmailRequired() {
return true;
}
};
when(socialIdentityProviderService.findById(eq(USER_SOURCE_OAUTH2), any())).thenReturn(identityProvider);
cleanEnvironment();
cleanRolesGroupMapping();
reset(userService, groupService, roleService, membershipService);
}
use of io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResourceTest method init.
@Before
public void init() {
identityProvider = new SocialIdentityProviderEntity() {
private Map<String, String> userProfileMapping = new HashMap<>();
private List<GroupMappingEntity> groupMappings = new ArrayList<>();
private List<RoleMappingEntity> roleMappings = new ArrayList<>();
@Override
public String getId() {
return USER_SOURCE_OAUTH2;
}
@Override
public IdentityProviderType getType() {
return IdentityProviderType.OIDC;
}
@Override
public String getAuthorizationEndpoint() {
return null;
}
@Override
public String getTokenEndpoint() {
return "http://localhost:" + wireMockRule.port() + "/token";
}
@Override
public String getUserInfoEndpoint() {
return "http://localhost:" + wireMockRule.port() + "/userinfo";
}
@Override
public List<String> getRequiredUrlParams() {
return null;
}
@Override
public List<String> getOptionalUrlParams() {
return null;
}
@Override
public List<String> getScopes() {
return null;
}
@Override
public String getDisplay() {
return null;
}
@Override
public String getColor() {
return null;
}
@Override
public String getClientSecret() {
return "the_client_secret";
}
@Override
public Map<String, String> getUserProfileMapping() {
return userProfileMapping;
}
@Override
public List<GroupMappingEntity> getGroupMappings() {
return groupMappings;
}
@Override
public List<RoleMappingEntity> getRoleMappings() {
return roleMappings;
}
@Override
public boolean isEmailRequired() {
return true;
}
};
when(socialIdentityProviderService.findById(eq(USER_SOURCE_OAUTH2), any())).thenReturn(identityProvider);
cleanEnvironment();
cleanRolesGroupMapping();
reset(userService, groupService, roleService, membershipService);
}
Aggregations