Search in sources :

Example 1 with RoleMappingEntity

use of io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity in project gravitee-management-rest-api by gravitee-io.

the class UserServiceImpl method computeRolesToAddUser.

@Override
public void computeRolesToAddUser(String username, List<RoleMappingEntity> mappings, String userInfo, Set<RoleEntity> rolesToAddToOrganization, Map<String, Set<RoleEntity>> rolesToAddToEnvironments) {
    if (mappings == null || mappings.isEmpty()) {
        // provide default roles in this case otherwise user will not have roles if the RoleMapping isn't provided and if the
        // option to refresh user profile on each connection is enabled
        roleService.findDefaultRoleByScopes(RoleScope.ENVIRONMENT, RoleScope.ORGANIZATION).stream().forEach(roleEntity -> {
            if (roleEntity.getScope().equals(RoleScope.ENVIRONMENT)) {
                Set<RoleEntity> envRoles = rolesToAddToEnvironments.get(GraviteeContext.getCurrentEnvironmentOrDefault());
                if (envRoles == null) {
                    envRoles = new HashSet<>();
                    rolesToAddToEnvironments.put(GraviteeContext.getCurrentEnvironmentOrDefault(), envRoles);
                }
                envRoles.add(roleEntity);
            } else if (roleEntity.getScope().equals(RoleScope.ORGANIZATION)) {
                rolesToAddToOrganization.add(roleEntity);
            }
        });
    } else {
        for (RoleMappingEntity mapping : mappings) {
            TemplateEngine templateEngine = TemplateEngine.templateEngine();
            templateEngine.getTemplateContext().setVariable(TEMPLATE_ENGINE_PROFILE_ATTRIBUTE, userInfo);
            boolean match = templateEngine.getValue(mapping.getCondition(), boolean.class);
            trace(username, match, mapping.getCondition());
            // Get roles
            if (match) {
                if (mapping.getEnvironments() != null) {
                    try {
                        mapping.getEnvironments().forEach((environmentName, environmentRoles) -> {
                            Set<RoleEntity> envRoles = rolesToAddToEnvironments.computeIfAbsent(environmentName, k -> new HashSet<>());
                            for (String environmentRoleName : environmentRoles) {
                                roleService.findByScopeAndName(RoleScope.ENVIRONMENT, environmentRoleName).ifPresent(envRoles::add);
                            }
                        });
                    } catch (RoleNotFoundException rnfe) {
                        LOGGER.error("Unable to create user, missing role in repository : {}", mapping.getEnvironments());
                    }
                }
                if (mapping.getOrganizations() != null) {
                    try {
                        mapping.getOrganizations().forEach(org -> roleService.findByScopeAndName(RoleScope.ORGANIZATION, org).ifPresent(rolesToAddToOrganization::add));
                    } catch (RoleNotFoundException rnfe) {
                        LOGGER.error("Unable to create user, missing role in repository : {}", mapping.getOrganizations());
                    }
                }
            }
        }
    }
}
Also used : TemplateEngine(io.gravitee.el.TemplateEngine) RoleMappingEntity(io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity) UuidString(io.gravitee.rest.api.service.common.UuidString)

Example 2 with RoleMappingEntity

use of io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResourceTest method init.

@Before
public void init() {
    identityProvider = new SocialIdentityProviderEntity() {

        @Override
        public String getId() {
            return USER_SOURCE_OAUTH2;
        }

        @Override
        public IdentityProviderType getType() {
            return IdentityProviderType.OIDC;
        }

        @Override
        public String getAuthorizationEndpoint() {
            return null;
        }

        @Override
        public String getTokenEndpoint() {
            return "http://localhost:" + wireMockRule.port() + "/token";
        }

        @Override
        public String getUserInfoEndpoint() {
            return "http://localhost:" + wireMockRule.port() + "/userinfo";
        }

        @Override
        public List<String> getRequiredUrlParams() {
            return null;
        }

        @Override
        public List<String> getOptionalUrlParams() {
            return null;
        }

        @Override
        public List<String> getScopes() {
            return null;
        }

        @Override
        public String getDisplay() {
            return null;
        }

        @Override
        public String getColor() {
            return null;
        }

        @Override
        public String getClientSecret() {
            return "the_client_secret";
        }

        private Map<String, String> userProfileMapping = new HashMap<>();

        @Override
        public Map<String, String> getUserProfileMapping() {
            return userProfileMapping;
        }

        private List<GroupMappingEntity> groupMappings = new ArrayList<>();

        @Override
        public List<GroupMappingEntity> getGroupMappings() {
            return groupMappings;
        }

        private List<RoleMappingEntity> roleMappings = new ArrayList<>();

        @Override
        public List<RoleMappingEntity> getRoleMappings() {
            return roleMappings;
        }

        @Override
        public boolean isEmailRequired() {
            return true;
        }
    };
    when(socialIdentityProviderService.findById(eq(USER_SOURCE_OAUTH2), any())).thenReturn(identityProvider);
    cleanEnvironment();
    cleanRolesGroupMapping();
    reset(userService, groupService, roleService, membershipService);
}
Also used : RoleMappingEntity(io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) GroupMappingEntity(io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity) SocialIdentityProviderEntity(io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity) IdentityProviderType(io.gravitee.rest.api.model.configuration.identity.IdentityProviderType) HashMap(java.util.HashMap) Map(java.util.Map) Before(org.junit.Before)

Example 3 with RoleMappingEntity

use of io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResourceTest method init.

@Before
public void init() {
    identityProvider = new SocialIdentityProviderEntity() {

        private Map<String, String> userProfileMapping = new HashMap<>();

        private List<GroupMappingEntity> groupMappings = new ArrayList<>();

        private List<RoleMappingEntity> roleMappings = new ArrayList<>();

        @Override
        public String getId() {
            return USER_SOURCE_OAUTH2;
        }

        @Override
        public IdentityProviderType getType() {
            return IdentityProviderType.OIDC;
        }

        @Override
        public String getAuthorizationEndpoint() {
            return null;
        }

        @Override
        public String getTokenEndpoint() {
            return "http://localhost:" + wireMockRule.port() + "/token";
        }

        @Override
        public String getUserInfoEndpoint() {
            return "http://localhost:" + wireMockRule.port() + "/userinfo";
        }

        @Override
        public List<String> getRequiredUrlParams() {
            return null;
        }

        @Override
        public List<String> getOptionalUrlParams() {
            return null;
        }

        @Override
        public List<String> getScopes() {
            return null;
        }

        @Override
        public String getDisplay() {
            return null;
        }

        @Override
        public String getColor() {
            return null;
        }

        @Override
        public String getClientSecret() {
            return "the_client_secret";
        }

        @Override
        public Map<String, String> getUserProfileMapping() {
            return userProfileMapping;
        }

        @Override
        public List<GroupMappingEntity> getGroupMappings() {
            return groupMappings;
        }

        @Override
        public List<RoleMappingEntity> getRoleMappings() {
            return roleMappings;
        }

        @Override
        public boolean isEmailRequired() {
            return true;
        }
    };
    when(socialIdentityProviderService.findById(eq(USER_SOURCE_OAUTH2), any())).thenReturn(identityProvider);
    cleanEnvironment();
    cleanRolesGroupMapping();
    reset(userService, groupService, roleService, membershipService);
}
Also used : RoleMappingEntity(io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity) GroupMappingEntity(io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity) SocialIdentityProviderEntity(io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity) IdentityProviderType(io.gravitee.rest.api.model.configuration.identity.IdentityProviderType) Before(org.junit.Before)

Example 4 with RoleMappingEntity

use of io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResourceTest method mockRolesMapping.

private void mockRolesMapping() {
    RoleMappingEntity role1 = new RoleMappingEntity();
    role1.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_5' && #jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
    role1.setOrganizations(Collections.singletonList("USER"));
    identityProvider.getRoleMappings().add(role1);
    RoleMappingEntity role2 = new RoleMappingEntity();
    role2.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_6'}");
    role2.setOrganizations(Collections.singletonList("USER"));
    identityProvider.getRoleMappings().add(role2);
    RoleMappingEntity role3 = new RoleMappingEntity();
    role3.setCondition("{#jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
    role3.setOrganizations(Collections.singletonList("USER"));
    role3.setEnvironments(Collections.singletonMap("DEFAULT", Collections.singletonList("ADMIN")));
    identityProvider.getRoleMappings().add(role3);
}
Also used : RoleMappingEntity(io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity)

Example 5 with RoleMappingEntity

use of io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity in project gravitee-management-rest-api by gravitee-io.

the class UserServiceTest method getRoleMappingEntities.

private List<RoleMappingEntity> getRoleMappingEntities() {
    RoleMappingEntity role1 = new RoleMappingEntity();
    role1.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_5' && #jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
    role1.setOrganizations(Collections.singletonList("ADMIN"));
    RoleMappingEntity role2 = new RoleMappingEntity();
    role2.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_6'}");
    role2.setOrganizations(Collections.singletonList("USER"));
    RoleMappingEntity role3 = new RoleMappingEntity();
    role3.setCondition("{#jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
    role3.setOrganizations(Collections.singletonList("USER"));
    role3.setEnvironments(Collections.singletonMap("DEFAULT", Collections.singletonList("USER")));
    final List<RoleMappingEntity> roleMappingList = Arrays.asList(role1, role2, role3);
    return roleMappingList;
}
Also used : RoleMappingEntity(io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity)

Aggregations

RoleMappingEntity (io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity)5 GroupMappingEntity (io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity)2 IdentityProviderType (io.gravitee.rest.api.model.configuration.identity.IdentityProviderType)2 SocialIdentityProviderEntity (io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity)2 Before (org.junit.Before)2 TemplateEngine (io.gravitee.el.TemplateEngine)1 UuidString (io.gravitee.rest.api.service.common.UuidString)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1