use of io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity in project gravitee-management-rest-api by gravitee-io.
the class UserServiceImpl method computeRolesToAddUser.
@Override
public void computeRolesToAddUser(String username, List<RoleMappingEntity> mappings, String userInfo, Set<RoleEntity> rolesToAddToOrganization, Map<String, Set<RoleEntity>> rolesToAddToEnvironments) {
if (mappings == null || mappings.isEmpty()) {
// provide default roles in this case otherwise user will not have roles if the RoleMapping isn't provided and if the
// option to refresh user profile on each connection is enabled
roleService.findDefaultRoleByScopes(RoleScope.ENVIRONMENT, RoleScope.ORGANIZATION).stream().forEach(roleEntity -> {
if (roleEntity.getScope().equals(RoleScope.ENVIRONMENT)) {
Set<RoleEntity> envRoles = rolesToAddToEnvironments.get(GraviteeContext.getCurrentEnvironmentOrDefault());
if (envRoles == null) {
envRoles = new HashSet<>();
rolesToAddToEnvironments.put(GraviteeContext.getCurrentEnvironmentOrDefault(), envRoles);
}
envRoles.add(roleEntity);
} else if (roleEntity.getScope().equals(RoleScope.ORGANIZATION)) {
rolesToAddToOrganization.add(roleEntity);
}
});
} else {
for (RoleMappingEntity mapping : mappings) {
TemplateEngine templateEngine = TemplateEngine.templateEngine();
templateEngine.getTemplateContext().setVariable(TEMPLATE_ENGINE_PROFILE_ATTRIBUTE, userInfo);
boolean match = templateEngine.getValue(mapping.getCondition(), boolean.class);
trace(username, match, mapping.getCondition());
// Get roles
if (match) {
if (mapping.getEnvironments() != null) {
try {
mapping.getEnvironments().forEach((environmentName, environmentRoles) -> {
Set<RoleEntity> envRoles = rolesToAddToEnvironments.computeIfAbsent(environmentName, k -> new HashSet<>());
for (String environmentRoleName : environmentRoles) {
roleService.findByScopeAndName(RoleScope.ENVIRONMENT, environmentRoleName).ifPresent(envRoles::add);
}
});
} catch (RoleNotFoundException rnfe) {
LOGGER.error("Unable to create user, missing role in repository : {}", mapping.getEnvironments());
}
}
if (mapping.getOrganizations() != null) {
try {
mapping.getOrganizations().forEach(org -> roleService.findByScopeAndName(RoleScope.ORGANIZATION, org).ifPresent(rolesToAddToOrganization::add));
} catch (RoleNotFoundException rnfe) {
LOGGER.error("Unable to create user, missing role in repository : {}", mapping.getOrganizations());
}
}
}
}
}
}
use of io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResourceTest method init.
@Before
public void init() {
identityProvider = new SocialIdentityProviderEntity() {
@Override
public String getId() {
return USER_SOURCE_OAUTH2;
}
@Override
public IdentityProviderType getType() {
return IdentityProviderType.OIDC;
}
@Override
public String getAuthorizationEndpoint() {
return null;
}
@Override
public String getTokenEndpoint() {
return "http://localhost:" + wireMockRule.port() + "/token";
}
@Override
public String getUserInfoEndpoint() {
return "http://localhost:" + wireMockRule.port() + "/userinfo";
}
@Override
public List<String> getRequiredUrlParams() {
return null;
}
@Override
public List<String> getOptionalUrlParams() {
return null;
}
@Override
public List<String> getScopes() {
return null;
}
@Override
public String getDisplay() {
return null;
}
@Override
public String getColor() {
return null;
}
@Override
public String getClientSecret() {
return "the_client_secret";
}
private Map<String, String> userProfileMapping = new HashMap<>();
@Override
public Map<String, String> getUserProfileMapping() {
return userProfileMapping;
}
private List<GroupMappingEntity> groupMappings = new ArrayList<>();
@Override
public List<GroupMappingEntity> getGroupMappings() {
return groupMappings;
}
private List<RoleMappingEntity> roleMappings = new ArrayList<>();
@Override
public List<RoleMappingEntity> getRoleMappings() {
return roleMappings;
}
@Override
public boolean isEmailRequired() {
return true;
}
};
when(socialIdentityProviderService.findById(eq(USER_SOURCE_OAUTH2), any())).thenReturn(identityProvider);
cleanEnvironment();
cleanRolesGroupMapping();
reset(userService, groupService, roleService, membershipService);
}
use of io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResourceTest method init.
@Before
public void init() {
identityProvider = new SocialIdentityProviderEntity() {
private Map<String, String> userProfileMapping = new HashMap<>();
private List<GroupMappingEntity> groupMappings = new ArrayList<>();
private List<RoleMappingEntity> roleMappings = new ArrayList<>();
@Override
public String getId() {
return USER_SOURCE_OAUTH2;
}
@Override
public IdentityProviderType getType() {
return IdentityProviderType.OIDC;
}
@Override
public String getAuthorizationEndpoint() {
return null;
}
@Override
public String getTokenEndpoint() {
return "http://localhost:" + wireMockRule.port() + "/token";
}
@Override
public String getUserInfoEndpoint() {
return "http://localhost:" + wireMockRule.port() + "/userinfo";
}
@Override
public List<String> getRequiredUrlParams() {
return null;
}
@Override
public List<String> getOptionalUrlParams() {
return null;
}
@Override
public List<String> getScopes() {
return null;
}
@Override
public String getDisplay() {
return null;
}
@Override
public String getColor() {
return null;
}
@Override
public String getClientSecret() {
return "the_client_secret";
}
@Override
public Map<String, String> getUserProfileMapping() {
return userProfileMapping;
}
@Override
public List<GroupMappingEntity> getGroupMappings() {
return groupMappings;
}
@Override
public List<RoleMappingEntity> getRoleMappings() {
return roleMappings;
}
@Override
public boolean isEmailRequired() {
return true;
}
};
when(socialIdentityProviderService.findById(eq(USER_SOURCE_OAUTH2), any())).thenReturn(identityProvider);
cleanEnvironment();
cleanRolesGroupMapping();
reset(userService, groupService, roleService, membershipService);
}
use of io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResourceTest method mockRolesMapping.
private void mockRolesMapping() {
RoleMappingEntity role1 = new RoleMappingEntity();
role1.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_5' && #jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
role1.setOrganizations(Collections.singletonList("USER"));
identityProvider.getRoleMappings().add(role1);
RoleMappingEntity role2 = new RoleMappingEntity();
role2.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_6'}");
role2.setOrganizations(Collections.singletonList("USER"));
identityProvider.getRoleMappings().add(role2);
RoleMappingEntity role3 = new RoleMappingEntity();
role3.setCondition("{#jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
role3.setOrganizations(Collections.singletonList("USER"));
role3.setEnvironments(Collections.singletonMap("DEFAULT", Collections.singletonList("ADMIN")));
identityProvider.getRoleMappings().add(role3);
}
use of io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity in project gravitee-management-rest-api by gravitee-io.
the class UserServiceTest method getRoleMappingEntities.
private List<RoleMappingEntity> getRoleMappingEntities() {
RoleMappingEntity role1 = new RoleMappingEntity();
role1.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_5' && #jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
role1.setOrganizations(Collections.singletonList("ADMIN"));
RoleMappingEntity role2 = new RoleMappingEntity();
role2.setCondition("{#jsonPath(#profile, '$.identity_provider_id') == 'idp_6'}");
role2.setOrganizations(Collections.singletonList("USER"));
RoleMappingEntity role3 = new RoleMappingEntity();
role3.setCondition("{#jsonPath(#profile, '$.job_id') != 'API_BREAKER'}");
role3.setOrganizations(Collections.singletonList("USER"));
role3.setEnvironments(Collections.singletonMap("DEFAULT", Collections.singletonList("USER")));
final List<RoleMappingEntity> roleMappingList = Arrays.asList(role1, role2, role3);
return roleMappingList;
}
Aggregations