mirror of https://github.com/jacekkow/keycloak-protocol-cas

Jacek Kowalski
2023-01-24 b73d96162e93146ebc8d7e76cc3bbc57ea3b399e
commit | author | age
0ad1a9 1 package org.keycloak.protocol.cas.mappers;
MP 2
89e3d7 3 import org.keycloak.models.ClientSessionContext;
MP 4 import org.keycloak.models.KeycloakSession;
0ad1a9 5 import org.keycloak.models.ProtocolMapperModel;
MP 6 import org.keycloak.models.UserSessionModel;
7 import org.keycloak.protocol.ProtocolMapperUtils;
8 import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
9 import org.keycloak.provider.ProviderConfigProperty;
89e3d7 10 import org.keycloak.representations.AccessToken;
MP 11 import org.keycloak.utils.RoleResolveUtil;
0ad1a9 12
MP 13 import java.util.ArrayList;
14 import java.util.List;
15 import java.util.Map;
16
17 public class UserRealmRoleMappingMapper extends AbstractUserRoleMappingMapper {
18     public static final String PROVIDER_ID = "cas-usermodel-realm-role-mapper";
19
20     private static final List<ProviderConfigProperty> CONFIG_PROPERTIES = new ArrayList<>();
21
22     static {
23
24         ProviderConfigProperty realmRolePrefix = new ProviderConfigProperty();
25         realmRolePrefix.setName(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX);
26         realmRolePrefix.setLabel(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX_LABEL);
27         realmRolePrefix.setHelpText(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX_HELP_TEXT);
28         realmRolePrefix.setType(ProviderConfigProperty.STRING_TYPE);
29         CONFIG_PROPERTIES.add(realmRolePrefix);
30
31         OIDCAttributeMapperHelper.addTokenClaimNameConfig(CONFIG_PROPERTIES);
32     }
33
34     @Override
35     public List<ProviderConfigProperty> getConfigProperties() {
36         return CONFIG_PROPERTIES;
37     }
38
39     @Override
40     public String getId() {
41         return PROVIDER_ID;
42     }
43
44     @Override
45     public String getDisplayType() {
46         return "User Realm Role";
47     }
48
49     @Override
50     public String getDisplayCategory() {
51         return TOKEN_MAPPER_CATEGORY;
52     }
53
54     @Override
55     public String getHelpText() {
56         return "Map a user realm role to a token claim.";
57     }
58
59     @Override
89e3d7 60     public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession,
MP 61                              KeycloakSession session, ClientSessionContext clientSessionCtx) {
0ad1a9 62         String rolePrefix = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX);
89e3d7 63
MP 64         AccessToken.Access access = RoleResolveUtil.getResolvedRealmRoles(session, clientSessionCtx, false);
65         if (access == null) {
66             return;
67         }
68
69         setAttribute(attributes, mappingModel, access.getRoles(), rolePrefix);
0ad1a9 70     }
MP 71
72     public static ProtocolMapperModel create(String realmRolePrefix, String name, String tokenClaimName) {
73         ProtocolMapperModel mapper = CASAttributeMapperHelper.createClaimMapper(name, tokenClaimName,
b8d686 74                 "String", PROVIDER_ID);
0ad1a9 75         mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX, realmRolePrefix);
MP 76         return mapper;
77     }
78 }