mirror of https://github.com/jacekkow/keycloak-protocol-cas
view | history | commit | commitdiff
Matthias Piepkorn
2018-06-17 b8d686069c3249e4bd11eb5eef95f5bd51ea58fb
commit | author | age
0ad1a9 1 package org.keycloak.protocol.cas.mappers;
MP 2
3 import org.keycloak.models.*;
4 import org.keycloak.protocol.ProtocolMapperUtils;
b8d686 5 import org.keycloak.protocol.oidc.TokenManager;
0ad1a9 6 import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
MP 7 import org.keycloak.provider.ProviderConfigProperty;
8
9 import java.util.*;
10 import java.util.function.Predicate;
11
12 public class UserClientRoleMappingMapper extends AbstractUserRoleMappingMapper {
13
14     public static final String PROVIDER_ID = "cas-usermodel-client-role-mapper";
15
16     private static final List<ProviderConfigProperty> CONFIG_PROPERTIES = new ArrayList<>();
17
18     static {
19
20         ProviderConfigProperty clientId = new ProviderConfigProperty();
21         clientId.setName(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID);
22         clientId.setLabel(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID_LABEL);
23         clientId.setHelpText(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID_HELP_TEXT);
24         clientId.setType(ProviderConfigProperty.CLIENT_LIST_TYPE);
25         CONFIG_PROPERTIES.add(clientId);
26
27         ProviderConfigProperty clientRolePrefix = new ProviderConfigProperty();
28         clientRolePrefix.setName(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX);
29         clientRolePrefix.setLabel(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX_LABEL);
30         clientRolePrefix.setHelpText(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX_HELP_TEXT);
31         clientRolePrefix.setType(ProviderConfigProperty.STRING_TYPE);
32         CONFIG_PROPERTIES.add(clientRolePrefix);
33
34         OIDCAttributeMapperHelper.addTokenClaimNameConfig(CONFIG_PROPERTIES);
35     }
36
37     @Override
38     public List<ProviderConfigProperty> getConfigProperties() {
39         return CONFIG_PROPERTIES;
40     }
41
42     @Override
43     public String getId() {
44         return PROVIDER_ID;
45     }
46
47     @Override
48     public String getDisplayType() {
49         return "User Client Role";
50     }
51
52     @Override
53     public String getDisplayCategory() {
54         return TOKEN_MAPPER_CATEGORY;
55     }
56
57     @Override
58     public String getHelpText() {
59         return "Map a user client role to a token claim.";
60     }
61
62     @Override
63     public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
64         String clientId = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID);
65         String rolePrefix = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX);
66
67         setAttribute(attributes, mappingModel, userSession, getClientRoleFilter(clientId, userSession), rolePrefix);
68     }
69
70     private static Predicate<RoleModel> getClientRoleFilter(String clientId, UserSessionModel userSession) {
71         if (clientId == null) {
72             return RoleModel::isClientRole;
73         }
74
75         RealmModel clientRealm = userSession.getRealm();
76         ClientModel client = clientRealm.getClientByClientId(clientId.trim());
77
78         if (client == null) {
79             return RoleModel::isClientRole;
80         }
81
b8d686 82         boolean fullScopeAllowed = client.isFullScopeAllowed();
0ad1a9 83         Set<RoleModel> clientRoleMappings = client.getRoles();
MP 84         if (fullScopeAllowed) {
85             return clientRoleMappings::contains;
86         }
87
88         Set<RoleModel> scopeMappings = new HashSet<>();
89
b8d686 90         // CAS protocol does not support scopes, so pass null scopeParam
MP 91         Set<ClientScopeModel> clientScopes = TokenManager.getRequestedClientScopes(null, client);
92         for (ClientScopeModel clientScope : clientScopes) {
93             scopeMappings.addAll(clientScope.getScopeMappings());
0ad1a9 94         }
MP 95
96         return role -> clientRoleMappings.contains(role) && scopeMappings.contains(role);
97     }
98
99     public static ProtocolMapperModel create(String clientId, String clientRolePrefix,
100                                              String name, String tokenClaimName) {
101         ProtocolMapperModel mapper = CASAttributeMapperHelper.createClaimMapper(name, tokenClaimName,
b8d686 102                 "String", PROVIDER_ID);
0ad1a9 103         mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID, clientId);
MP 104         mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX, clientRolePrefix);
105         return mapper;
106     }
107 }