-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathAuthAwareTokenConverter.kt
42 lines (37 loc) · 1.77 KB
/
AuthAwareTokenConverter.kt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
package uk.gov.justice.hmpps.probationsearch.security
import org.springframework.core.convert.converter.Converter
import org.springframework.security.authentication.AbstractAuthenticationToken
import org.springframework.security.core.GrantedAuthority
import org.springframework.security.core.authority.SimpleGrantedAuthority
import org.springframework.security.oauth2.jwt.Jwt
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
class AuthAwareTokenConverter : Converter<Jwt, AbstractAuthenticationToken> {
private val jwtGrantedAuthoritiesConverter: Converter<Jwt, Collection<GrantedAuthority>> =
JwtGrantedAuthoritiesConverter()
override fun convert(jwt: Jwt): AbstractAuthenticationToken {
return AuthAwareAuthenticationToken(
jwt = jwt,
clientOnly = jwt.subject == jwt.claims["client_id"],
subject = jwt.subject,
deliusUser = "delius" == jwt.claims["auth_source"],
authorities = extractAuthorities(jwt),
)
}
private fun extractAuthorities(jwt: Jwt): Collection<GrantedAuthority> {
val authorities = mutableListOf<GrantedAuthority>().apply { addAll(jwtGrantedAuthoritiesConverter.convert(jwt)!!) }
if (jwt.claims.containsKey("authorities")) {
@Suppress("UNCHECKED_CAST")
val claimAuthorities = (jwt.claims["authorities"] as Collection<String>).toList()
authorities.addAll(claimAuthorities.map(::SimpleGrantedAuthority))
}
return authorities.toSet()
}
}
class AuthAwareAuthenticationToken(
jwt: Jwt,
val clientOnly: Boolean,
val deliusUser: Boolean,
val subject: String,
authorities: Collection<GrantedAuthority>,
) : JwtAuthenticationToken(jwt, authorities)