mirror of https://github.com/jacekkow/keycloak-protocol-cas

Matthias Piepkorn
2017-02-05 5ba0b037031c3b1afc89a419d432c5f1d8748aa2
commit | author | age
0ad1a9 1 package org.keycloak.protocol.cas.mappers;
MP 2
3 import org.keycloak.models.*;
4 import org.keycloak.protocol.ProtocolMapperUtils;
5 import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
6 import org.keycloak.provider.ProviderConfigProperty;
7
8 import java.util.*;
9 import java.util.function.Predicate;
10
11 public class UserClientRoleMappingMapper extends AbstractUserRoleMappingMapper {
12
13     public static final String PROVIDER_ID = "cas-usermodel-client-role-mapper";
14
15     private static final List<ProviderConfigProperty> CONFIG_PROPERTIES = new ArrayList<>();
16
17     static {
18
19         ProviderConfigProperty clientId = new ProviderConfigProperty();
20         clientId.setName(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID);
21         clientId.setLabel(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID_LABEL);
22         clientId.setHelpText(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID_HELP_TEXT);
23         clientId.setType(ProviderConfigProperty.CLIENT_LIST_TYPE);
24         CONFIG_PROPERTIES.add(clientId);
25
26         ProviderConfigProperty clientRolePrefix = new ProviderConfigProperty();
27         clientRolePrefix.setName(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX);
28         clientRolePrefix.setLabel(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX_LABEL);
29         clientRolePrefix.setHelpText(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX_HELP_TEXT);
30         clientRolePrefix.setType(ProviderConfigProperty.STRING_TYPE);
31         CONFIG_PROPERTIES.add(clientRolePrefix);
32
33         OIDCAttributeMapperHelper.addTokenClaimNameConfig(CONFIG_PROPERTIES);
34     }
35
36     @Override
37     public List<ProviderConfigProperty> getConfigProperties() {
38         return CONFIG_PROPERTIES;
39     }
40
41     @Override
42     public String getId() {
43         return PROVIDER_ID;
44     }
45
46     @Override
47     public String getDisplayType() {
48         return "User Client Role";
49     }
50
51     @Override
52     public String getDisplayCategory() {
53         return TOKEN_MAPPER_CATEGORY;
54     }
55
56     @Override
57     public String getHelpText() {
58         return "Map a user client role to a token claim.";
59     }
60
61     @Override
62     public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
63         String clientId = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID);
64         String rolePrefix = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX);
65
66         setAttribute(attributes, mappingModel, userSession, getClientRoleFilter(clientId, userSession), rolePrefix);
67     }
68
69     private static Predicate<RoleModel> getClientRoleFilter(String clientId, UserSessionModel userSession) {
70         if (clientId == null) {
71             return RoleModel::isClientRole;
72         }
73
74         RealmModel clientRealm = userSession.getRealm();
75         ClientModel client = clientRealm.getClientByClientId(clientId.trim());
76
77         if (client == null) {
78             return RoleModel::isClientRole;
79         }
80
81         ClientTemplateModel template = client.getClientTemplate();
82         boolean useTemplateScope = template != null && client.useTemplateScope();
83         boolean fullScopeAllowed = (useTemplateScope && template.isFullScopeAllowed()) || client.isFullScopeAllowed();
84
85         Set<RoleModel> clientRoleMappings = client.getRoles();
86         if (fullScopeAllowed) {
87             return clientRoleMappings::contains;
88         }
89
90         Set<RoleModel> scopeMappings = new HashSet<>();
91
92         if (useTemplateScope) {
93             Set<RoleModel> templateScopeMappings = template.getScopeMappings();
94             if (templateScopeMappings != null) {
95                 scopeMappings.addAll(templateScopeMappings);
96             }
97         }
98
99         Set<RoleModel> clientScopeMappings = client.getScopeMappings();
100         if (clientScopeMappings != null) {
101             scopeMappings.addAll(clientScopeMappings);
102         }
103
104         return role -> clientRoleMappings.contains(role) && scopeMappings.contains(role);
105     }
106
107     public static ProtocolMapperModel create(String clientId, String clientRolePrefix,
108                                              String name, String tokenClaimName) {
109         ProtocolMapperModel mapper = CASAttributeMapperHelper.createClaimMapper(name, tokenClaimName,
110                 "String", true, name, PROVIDER_ID);
111         mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID, clientId);
112         mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX, clientRolePrefix);
113         return mapper;
114     }
115 }