Example #1
Source File:    From java-microservices-examples with Apache License 2.0 7 votes vote down vote up
 * Map authorities from "groups" or "roles" claim in ID Token.
 * @return a {@link GrantedAuthoritiesMapper} that maps groups from
 * the IdP to Spring Security Authorities.
public GrantedAuthoritiesMapper userAuthoritiesMapper() {
    return (authorities) -> {
        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();

        authorities.forEach(authority -> {
            OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) authority;
            OidcUserInfo userInfo = oidcUserAuthority.getUserInfo();
            Collection<String> groups = (Collection<String>) userInfo.getClaims().get("groups");
            if (groups == null) {
                groups = (Collection<String>) userInfo.getClaims().get("roles");
                .filter(group -> group.startsWith("ROLE_"))

        return mappedAuthorities;
Example #4
Source File:    From oauth2-client with MIT License 5 votes vote down vote up
 * 从user-info-uri 返回结果中抽取权限信息,如角色等,默认为scope
 * Mapping User Authorities
private GrantedAuthoritiesMapper userAuthoritiesMapper() {
    return (authorities) -> {
        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();

        authorities.forEach(authority -> {
            if (OidcUserAuthority.class.isInstance(authority)) {
                OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) authority;
                OidcIdToken idToken = oidcUserAuthority.getIdToken();
                OidcUserInfo userInfo = oidcUserAuthority.getUserInfo();


                // Map the claims found in idToken and/or userInfo
                // to one or more GrantedAuthority's and add it to mappedAuthorities

            } else if (OAuth2UserAuthority.class.isInstance(authority)) {
                OAuth2UserAuthority oauth2UserAuthority = (OAuth2UserAuthority) authority;

                Map<String, Object> userAttributes = oauth2UserAuthority.getAttributes();
                // Map the attributes found in userAttributes
                // to one or more GrantedAuthority's and add it to mappedAuthorities

            } else if (SimpleGrantedAuthority.class.isInstance(authority)) {
                SimpleGrantedAuthority simpleGrantedAuthority = (SimpleGrantedAuthority) authority;



        return mappedAuthorities;
Example #5
Source File:    From jhipster-registry with Apache License 2.0 5 votes vote down vote up
public GrantedAuthoritiesMapper userAuthoritiesMapper() {
    return (authorities) -> {
        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();

        authorities.forEach(authority -> {
            OidcUserInfo userInfo = null;
            // Check for OidcUserAuthority because Spring Security 5.2 returns
            // each scope as a GrantedAuthority, which we don't care about.
            if (authority instanceof OidcUserAuthority) {
                OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) authority;
                userInfo = oidcUserAuthority.getUserInfo();
            if (userInfo == null) {
                mappedAuthorities.add(new SimpleGrantedAuthority(AuthoritiesConstants.USER));
            } else {
                Map<String, Object> claims = userInfo.getClaims();
                Collection<String> groups = (Collection<String>) claims.getOrDefault("groups",
                    claims.getOrDefault("roles", new ArrayList<>()));

                    .filter(group -> group.startsWith("ROLE_"))

        return mappedAuthorities;
Example #6
Source File:    From find with MIT License 5 votes vote down vote up
public ReverseProxyIdolSecurityCustomizer(
        final UserService userService,
        final GrantedAuthoritiesMapper grantedAuthoritiesMapper,
        @Value("${find.reverse-proxy.pre-authenticated-roles}") final String preAuthenticatedRoles,
        @Value("${find.reverse-proxy.pre-authenticated-username}") final String preAuthenticatedUsername
) {

    this.userService = userService;
    this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
    this.preAuthenticatedRoles = preAuthenticatedRoles;
    this.preAuthenticatedUsername = preAuthenticatedUsername;
Example #7
Source File:    From find with MIT License 5 votes vote down vote up
public GrantedAuthoritiesMapper grantedAuthoritiesMapper() {
    final Map<String, String> rolesMap = new CaseInsensitiveMap<>();

    rolesMap.put(FindCommunityRole.USER.value(), FindRole.USER.toString());
    rolesMap.put(FindCommunityRole.ADMIN.value(), FindRole.ADMIN.toString());

    if (enableBi) {
        rolesMap.put(FindCommunityRole.BI.value(), FindRole.BI.toString());

    return new OneToOneOrZeroSimpleAuthorityMapper(Collections.unmodifiableMap(rolesMap));
Example #8
Source File:    From smartling-keycloak-extras with Apache License 2.0 5 votes vote down vote up
 * Creates a {@link GrantedAuthority} collection from the given {@link KeycloakSecurityContext}.
 * @param context the current <code>RefreshableKeycloakSecurityContext</code> (required)
 * @param mapper an optional {@link GrantedAuthoritiesMapper} to convert the
 * authorities loaded the given <code>context</code> which will be used in the
 * {@code Authentication} object
 * @return a {@link GrantedAuthority} collection if any; an empty list otherwise
public static Collection<? extends GrantedAuthority> createGrantedAuthorities(RefreshableKeycloakSecurityContext context, GrantedAuthoritiesMapper mapper) {
    Assert.notNull(context, "RefreshableKeycloakSecurityContext cannot be null");
    List<KeycloakRole> grantedAuthorities = new ArrayList<>();

    for (String role : AdapterUtils.getRolesFromSecurityContext(context)) {
        grantedAuthorities.add(new KeycloakRole(role));

    return mapper != null ? mapper.mapAuthorities(grantedAuthorities) : Collections.unmodifiableList(grantedAuthorities);
Example #9
Source File:    From zhcet-web with Apache License 2.0 4 votes vote down vote up
@Autowired(required = false)
public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
    this.authoritiesMapper = authoritiesMapper;
Example #10
Source File:    From hawkbit with Eclipse Public License 1.0 4 votes vote down vote up
JwtAuthoritiesExtractor(final GrantedAuthoritiesMapper authoritiesMapper) {

    this.authoritiesMapper = authoritiesMapper;
Example #11
Source File:    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
    this.authoritiesMapper = authoritiesMapper;
Example #12
Source File:    From molgenis with GNU Lesser General Public License v3.0 4 votes vote down vote up
public UserDetailsServiceImpl(
    DataService dataService, GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
  this.dataService = requireNonNull(dataService);
  this.grantedAuthoritiesMapper = requireNonNull(grantedAuthoritiesMapper);
Example #13
Source File:    From molgenis with GNU Lesser General Public License v3.0 4 votes vote down vote up
public GrantedAuthoritiesMapper roleHierarchyAuthoritiesMapper() {
  return new RoleHierarchyAuthoritiesMapper(roleHierarchyBean());
Example #14
Source File:    From keycloak with Apache License 2.0 4 votes vote down vote up
public void setGrantedAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
    this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
Example #15
Source File:    From smartling-keycloak-extras with Apache License 2.0 2 votes vote down vote up
 * Set the optional {@link GrantedAuthoritiesMapper} for this {@link AuthenticationProvider}.
 * @param grantedAuthoritiesMapper the <code>GrantedAuthoritiesMapper</code> to use
public void setGrantedAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
    this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;