001/******************************************************************************* 002 * Copyright 2017 The MIT Internet Trust Consortium 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 *******************************************************************************/ 016 017package org.mitre.uma.util; 018 019import java.util.Collection; 020 021import org.mitre.openid.connect.client.OIDCAuthoritiesMapper; 022import org.mitre.openid.connect.model.UserInfo; 023import org.springframework.security.core.GrantedAuthority; 024import org.springframework.security.core.authority.SimpleGrantedAuthority; 025 026import com.google.common.collect.Sets; 027import com.nimbusds.jwt.JWT; 028 029/** 030 * Utility class to map all external logins to the ROLE_EXTERNAL_USER authority 031 * to prevent them from accessing other parts of the server. 032 * 033 * @author jricher 034 * 035 */ 036public class ExternalLoginAuthoritiesMapper implements OIDCAuthoritiesMapper { 037 038 private static final GrantedAuthority ROLE_EXTERNAL_USER = new SimpleGrantedAuthority("ROLE_EXTERNAL_USER"); 039 040 @Override 041 public Collection<? extends GrantedAuthority> mapAuthorities(JWT idToken, UserInfo userInfo) { 042 return Sets.newHashSet(ROLE_EXTERNAL_USER); 043 } 044 045}