mirror of https://github.com/jacekkow/keycloak-protocol-cas
| commit | author | age | ||
| 0ad1a9 | 1 | /* |
| MP | 2 | * Copyright 2016 Red Hat, Inc. and/or its affiliates |
| 3 | * and other contributors as indicated by the @author tags. | |
| 4 | * | |
| 5 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 6 | * you may not use this file except in compliance with the License. | |
| 7 | * You may obtain a copy of the License at | |
| 8 | * | |
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 10 | * | |
| 11 | * Unless required by applicable law or agreed to in writing, software | |
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, | |
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 14 | * See the License for the specific language governing permissions and | |
| 15 | * limitations under the License. | |
| 16 | */ | |
| 17 | ||
| 18 | package org.keycloak.protocol.cas.mappers; | |
| 19 | ||
| 89e3d7 | 20 | import org.keycloak.models.ProtocolMapperModel; |
| 0ad1a9 | 21 | |
| MP | 22 | import java.util.Map; |
| 23 | import java.util.Set; | |
| 24 | import java.util.stream.Collectors; | |
| 25 | ||
| 26 | /** | |
| 27 | * Base class for mapping of user role mappings to an ID and Access Token claim. | |
| 28 | * | |
| 29 | * @author <a href="mailto:thomas.darimont@gmail.com">Thomas Darimont</a> | |
| 30 | */ | |
| 31 | abstract class AbstractUserRoleMappingMapper extends AbstractCASProtocolMapper { | |
| 32 | ||
| 33 | /** | |
| 34 | * Retrieves all roles of the current user based on direct roles set to the user, its groups and their parent groups. | |
| 35 | * Then it recursively expands all composite roles, and restricts according to the given predicate {@code restriction}. | |
| 36 | * If the current client sessions is restricted (i.e. no client found in active user session has full scope allowed), | |
| 37 | * the final list of roles is also restricted by the client scope. Finally, the list is mapped to the token into | |
| 38 | * a claim. | |
| 39 | */ | |
| 89e3d7 | 40 | protected void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, Set<String> rolesToAdd, |
| MP | 41 | String prefix) { |
| 42 | Set<String> realmRoleNames; | |
| 43 | if (prefix != null && !prefix.isEmpty()) { | |
| 44 | realmRoleNames = rolesToAdd.stream() | |
| 45 | .map(roleName -> prefix + roleName) | |
| 46 | .collect(Collectors.toSet()); | |
| 47 | } else { | |
| 48 | realmRoleNames = rolesToAdd; | |
| 0ad1a9 | 49 | } |
| MP | 50 | |
| 51 | setPlainAttribute(attributes, mappingModel, realmRoleNames); | |
| 52 | } | |
| 53 | } | |
