From a311b45d395d50aff76104493e45a33451670753 Mon Sep 17 00:00:00 2001 From: micivray Date: Fri, 9 Oct 2020 16:14:51 +0200 Subject: [PATCH 1/2] feat(grant): enhance user on ExtensionGrant to get dynamic scopes --- .../granter/extensiongrant/ExtensionGrantGranter.java | 7 ++++++- .../extensiongrant/impl/ExtensionGrantManagerImpl.java | 6 +++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-oidc/src/main/java/io/gravitee/am/gateway/handler/oauth2/service/granter/extensiongrant/ExtensionGrantGranter.java b/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-oidc/src/main/java/io/gravitee/am/gateway/handler/oauth2/service/granter/extensiongrant/ExtensionGrantGranter.java index 6eb5b33e124..14630881f00 100644 --- a/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-oidc/src/main/java/io/gravitee/am/gateway/handler/oauth2/service/granter/extensiongrant/ExtensionGrantGranter.java +++ b/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-oidc/src/main/java/io/gravitee/am/gateway/handler/oauth2/service/granter/extensiongrant/ExtensionGrantGranter.java @@ -20,6 +20,7 @@ import io.gravitee.am.extensiongrant.api.ExtensionGrantProvider; import io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManager; import io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderManager; +import io.gravitee.am.gateway.handler.common.user.UserService; import io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException; import io.gravitee.am.gateway.handler.oauth2.exception.UnauthorizedClientException; import io.gravitee.am.gateway.handler.oauth2.service.granter.AbstractTokenGranter; @@ -55,6 +56,7 @@ public class ExtensionGrantGranter extends AbstractTokenGranter { private final ExtensionGrant extensionGrant; private final UserAuthenticationManager userAuthenticationManager; private final IdentityProviderManager identityProviderManager; + private final UserService userService; private Date minDate; public ExtensionGrantGranter(ExtensionGrantProvider extensionGrantProvider, @@ -62,7 +64,8 @@ public ExtensionGrantGranter(ExtensionGrantProvider extensionGrantProvider, UserAuthenticationManager userAuthenticationManager, TokenService tokenService, TokenRequestResolver tokenRequestResolver, - IdentityProviderManager identityProviderManager) { + IdentityProviderManager identityProviderManager, + UserService userService) { super(extensionGrant.getGrantType()); setTokenService(tokenService); setTokenRequestResolver(tokenRequestResolver); @@ -71,6 +74,7 @@ public ExtensionGrantGranter(ExtensionGrantProvider extensionGrantProvider, this.extensionGrant = extensionGrant; this.userAuthenticationManager = userAuthenticationManager; this.identityProviderManager = identityProviderManager; + this.userService = userService; } @Override @@ -124,6 +128,7 @@ protected Maybe resolveResourceOwner(TokenRequest tokenRequest, Client cli user.setRoles(idpUser.getRoles()); return user; }) + .flatMap(user -> userService.enhance(user).toMaybe()) .switchIfEmpty(Maybe.error(new InvalidGrantException("Unknown user: " + endUser.getId()))); } else { User user = new User(); diff --git a/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-oidc/src/main/java/io/gravitee/am/gateway/handler/oauth2/service/granter/extensiongrant/impl/ExtensionGrantManagerImpl.java b/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-oidc/src/main/java/io/gravitee/am/gateway/handler/oauth2/service/granter/extensiongrant/impl/ExtensionGrantManagerImpl.java index 551d18f4b74..b53e3ab9d4b 100644 --- a/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-oidc/src/main/java/io/gravitee/am/gateway/handler/oauth2/service/granter/extensiongrant/impl/ExtensionGrantManagerImpl.java +++ b/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-oidc/src/main/java/io/gravitee/am/gateway/handler/oauth2/service/granter/extensiongrant/impl/ExtensionGrantManagerImpl.java @@ -20,6 +20,7 @@ import io.gravitee.am.common.event.ExtensionGrantEvent; import io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManager; import io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderManager; +import io.gravitee.am.gateway.handler.common.user.UserService; import io.gravitee.am.gateway.handler.oauth2.service.granter.CompositeTokenGranter; import io.gravitee.am.gateway.handler.oauth2.service.granter.TokenGranter; import io.gravitee.am.gateway.handler.oauth2.service.granter.extensiongrant.ExtensionGrantGranter; @@ -81,6 +82,9 @@ public class ExtensionGrantManagerImpl extends AbstractService implements Extens @Autowired private EventManager eventManager; + + @Autowired + private UserService userService; @Override public void afterPropertiesSet() { @@ -163,7 +167,7 @@ private void updateExtensionGrantProvider(ExtensionGrant extensionGrant) { } ExtensionGrantProvider extensionGrantProvider = extensionGrantPluginManager.create(extensionGrant.getType(), extensionGrant.getConfiguration(), authenticationProvider); ExtensionGrantGranter extensionGrantGranter = new ExtensionGrantGranter(extensionGrantProvider, extensionGrant, - userAuthenticationManager, tokenService, tokenRequestResolver, identityProviderManager); + userAuthenticationManager, tokenService, tokenRequestResolver, identityProviderManager, userService); // backward compatibility, set min date to the extension grant granter to choose the good one for the old clients extensionGrantGranter.setMinDate(minDate); ((CompositeTokenGranter) tokenGranter).addTokenGranter(extensionGrant.getId(), extensionGrantGranter); From 31632ba02588c7518ac2c2a4129991f86215cf03 Mon Sep 17 00:00:00 2001 From: micivray Date: Mon, 12 Oct 2020 15:54:00 +0200 Subject: [PATCH 2/2] fix(grant): enhance only user's rolesPermissions --- .../handler/common/user/UserService.java | 7 +++++ .../common/user/impl/UserServiceImpl.java | 28 +++++++++++++++---- .../extensiongrant/ExtensionGrantGranter.java | 2 +- 3 files changed, 31 insertions(+), 6 deletions(-) diff --git a/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-common/src/main/java/io/gravitee/am/gateway/handler/common/user/UserService.java b/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-common/src/main/java/io/gravitee/am/gateway/handler/common/user/UserService.java index fabfac30250..47fe54ce4a5 100644 --- a/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-common/src/main/java/io/gravitee/am/gateway/handler/common/user/UserService.java +++ b/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-common/src/main/java/io/gravitee/am/gateway/handler/common/user/UserService.java @@ -85,4 +85,11 @@ public interface UserService { default Single> findByDomainAndEmail(String domain, String email) { return findByDomainAndEmail(domain, email, true); } + + /** + * Fetch roles information and add roles and permissions to user data + * @param user end user + * @return Enhanced user + */ + Single enhanceRolesPermissions(User user); } diff --git a/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-common/src/main/java/io/gravitee/am/gateway/handler/common/user/impl/UserServiceImpl.java b/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-common/src/main/java/io/gravitee/am/gateway/handler/common/user/impl/UserServiceImpl.java index ef752fec035..d48636e4a9b 100644 --- a/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-common/src/main/java/io/gravitee/am/gateway/handler/common/user/impl/UserServiceImpl.java +++ b/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-common/src/main/java/io/gravitee/am/gateway/handler/common/user/impl/UserServiceImpl.java @@ -22,9 +22,12 @@ import io.gravitee.am.service.RoleService; import io.reactivex.Maybe; import io.reactivex.Single; +import io.reactivex.SingleSource; + import org.springframework.beans.factory.annotation.Autowired; import java.util.ArrayList; +import java.util.Collection; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -97,14 +100,29 @@ public Single enhance(User user) { } // fetch roles information and enhance user data if (!roles.isEmpty()) { - return roleService.findByIdIn(new ArrayList<>(roles)) - .map(roles1 -> { - user.setRolesPermissions(roles1); - return user; - }); + return enhanceRolesPermissions(user, roles); } return Single.just(user); }); } + + @Override + public Single enhanceRolesPermissions(User user) { + return enhanceRolesPermissions(user, user.getRoles()); + } + + /** + * Fetch roles and set them to the user as roles-permissions. + * @param user user to enhance + * @param roleIds identifiers of the roles + * @return user enhanced with roles and permissions + */ + private Single enhanceRolesPermissions(User user, Collection roleIds) { + return roleService.findByIdIn(new ArrayList<>(roleIds)) + .map(roles1 -> { + user.setRolesPermissions(roles1); + return user; + }); + } } diff --git a/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-oidc/src/main/java/io/gravitee/am/gateway/handler/oauth2/service/granter/extensiongrant/ExtensionGrantGranter.java b/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-oidc/src/main/java/io/gravitee/am/gateway/handler/oauth2/service/granter/extensiongrant/ExtensionGrantGranter.java index 14630881f00..e393e936945 100644 --- a/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-oidc/src/main/java/io/gravitee/am/gateway/handler/oauth2/service/granter/extensiongrant/ExtensionGrantGranter.java +++ b/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-oidc/src/main/java/io/gravitee/am/gateway/handler/oauth2/service/granter/extensiongrant/ExtensionGrantGranter.java @@ -128,7 +128,7 @@ protected Maybe resolveResourceOwner(TokenRequest tokenRequest, Client cli user.setRoles(idpUser.getRoles()); return user; }) - .flatMap(user -> userService.enhance(user).toMaybe()) + .flatMap(user -> userService.enhanceRolesPermissions(user).toMaybe()) .switchIfEmpty(Maybe.error(new InvalidGrantException("Unknown user: " + endUser.getId()))); } else { User user = new User();