diff --git a/MyINPulse-back/src/main/java/enseirb/myinpulse/api/GetUserInfo.java b/MyINPulse-back/src/main/java/enseirb/myinpulse/api/GetUserInfo.java index 7baea8e..694532f 100644 --- a/MyINPulse-back/src/main/java/enseirb/myinpulse/api/GetUserInfo.java +++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/api/GetUserInfo.java @@ -3,13 +3,12 @@ package enseirb.myinpulse.api; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.*; - -import javax.management.relation.RoleNotFoundException; -import java.security.Principal; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; +import java.security.Principal; +import javax.management.relation.RoleNotFoundException; @SpringBootApplication @RestController @@ -26,7 +25,6 @@ public class GetUserInfo { @GetMapping("/unauth/random") public boolean rand(@RequestHeader("Authorization") String token) throws RoleNotFoundException { System.err.println(token); - System.err.println("HELLO"); return Math.random() > 0.5; } diff --git a/MyINPulse-back/src/main/java/enseirb/myinpulse/security/KeycloakJwtRolesConverter.java b/MyINPulse-back/src/main/java/enseirb/myinpulse/security/KeycloakJwtRolesConverter.java index 08c5cab..743b765 100644 --- a/MyINPulse-back/src/main/java/enseirb/myinpulse/security/KeycloakJwtRolesConverter.java +++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/security/KeycloakJwtRolesConverter.java @@ -4,6 +4,8 @@ */ package enseirb.myinpulse.security; +import static java.util.stream.Collectors.toSet; + import org.springframework.core.convert.converter.Converter; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.core.GrantedAuthority; @@ -18,41 +20,35 @@ import java.util.Map; import java.util.stream.Collectors; import java.util.stream.Stream; -import static java.util.stream.Collectors.toSet; - - public class KeycloakJwtRolesConverter implements Converter { - /** - * Prefix used for realm level roles. - */ + /** Prefix used for realm level roles. */ public static final String PREFIX_REALM_ROLE = "ROLE_REALM_"; - /** - * Prefix used in combination with the resource (client) name for resource level roles. - */ + + /** Prefix used in combination with the resource (client) name for resource level roles. */ public static final String PREFIX_RESOURCE_ROLE = "ROLE_"; - /** - * Name of the claim containing the realm level roles - */ + /** Name of the claim containing the realm level roles */ private static final String CLAIM_REALM_ACCESS = "realm_access"; - /** - * Name of the claim containing the resources (clients) the user has access to. - */ + + /** Name of the claim containing the resources (clients) the user has access to. */ private static final String CLAIM_RESOURCE_ACCESS = "resource_access"; - /** - * Name of the claim containing roles. (Applicable to realm and resource level.) - */ + + /** Name of the claim containing roles. (Applicable to realm and resource level.) */ private static final String CLAIM_ROLES = "roles"; @Override public AbstractAuthenticationToken convert(Jwt source) { - return new JwtAuthenticationToken(source, Stream.concat(new JwtGrantedAuthoritiesConverter().convert(source) - .stream(), tokenRolesExtractor(source).stream()) - .collect(toSet())); + return new JwtAuthenticationToken( + source, + Stream.concat( + new JwtGrantedAuthoritiesConverter().convert(source).stream(), + tokenRolesExtractor(source).stream()) + .collect(toSet())); } /** - * Extracts the realm and resource level roles from a JWT token distinguishing between them using prefixes. + * Extracts the realm and resource level roles from a JWT token distinguishing between them + * using prefixes. */ public Collection tokenRolesExtractor(Jwt jwt) { // Collection that will hold the extracted roles @@ -69,33 +65,43 @@ public class KeycloakJwtRolesConverter implements Converter realmRoles = roles.stream() - // Prefix all realm roles with "ROLE_realm_" - .map(role -> new SimpleGrantedAuthority(PREFIX_REALM_ROLE + role)) - .collect(Collectors.toList()); + Collection realmRoles = + roles.stream() + // Prefix all realm roles with "ROLE_realm_" + .map(role -> new SimpleGrantedAuthority(PREFIX_REALM_ROLE + role)) + .collect(Collectors.toList()); grantedAuthorities.addAll(realmRoles); } } // Resource (client) roles - // A user might have access to multiple resources all containing their own roles. Therefore, it is a map of + // A user might have access to multiple resources all containing their own roles. Therefore, + // it is a map of // resource each possibly containing a "roles" property. - Map>> resourceAccess = jwt.getClaim(CLAIM_RESOURCE_ACCESS); + Map>> resourceAccess = + jwt.getClaim(CLAIM_RESOURCE_ACCESS); // Check if resources are assigned if (resourceAccess != null && !resourceAccess.isEmpty()) { // Iterate of all the resources - resourceAccess.forEach((resource, resourceClaims) -> { - // Iterate of the "roles" claim inside the resource claims - resourceClaims.get(CLAIM_ROLES).forEach( - // Add the role to the granted authority prefixed with ROLE_ and the name of the resource - role -> grantedAuthorities.add(new SimpleGrantedAuthority(PREFIX_RESOURCE_ROLE + resource + "_" + role)) - ); - }); + resourceAccess.forEach( + (resource, resourceClaims) -> { + // Iterate of the "roles" claim inside the resource claims + resourceClaims + .get(CLAIM_ROLES) + .forEach( + // Add the role to the granted authority prefixed with ROLE_ + // and the name of the resource + role -> + grantedAuthorities.add( + new SimpleGrantedAuthority( + PREFIX_RESOURCE_ROLE + + resource + + "_" + + role))); + }); } return grantedAuthorities; } - - }