com.sap.cds.feature.xsuaa.XsuaaRequestUserProvider Maven / Gradle / Ivy
/**************************************************************************
* (C) 2019-2020 SAP SE or an SAP affiliate company. All rights reserved. *
**************************************************************************/
package com.sap.cds.feature.xsuaa;
import static com.sap.cds.feature.xsuaa.XsUaaToken.GrantType.CLIENT_CREDENTIALS;
import static com.sap.cds.feature.xsuaa.XsUaaToken.GrantType.CLIENT_X509;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.sap.cds.feature.auth.RequestUserProvider;
import com.sap.cds.feature.config.Properties;
import com.sap.cds.feature.platform.PlatformEnvironment;
import com.sap.cds.feature.platform.ServiceBinding;
import com.sap.cds.services.runtime.RequestUser;
public class XsuaaRequestUserProvider implements RequestUserProvider {
private final static Logger logger = LoggerFactory.getLogger(XsuaaRequestUserProvider.class);
private final static ServiceBinding uaaInstance = PlatformEnvironment.INSTANCE.getServiceBindings().filter(b -> b.getTags().contains("xsuaa")).findFirst().orElseGet(() -> null);
@Override
public RequestUser extract(String authenticatedUserClaim) {
if(authenticatedUserClaim == null) {
return null;
}
XsUaaToken jwt = XsUaaToken.parse(authenticatedUserClaim);
logger.debug("Decoded XSUAA JWT token: {}", jwt.toString());
return new XsUaaRequestUser(jwt);
}
private static class XsUaaRequestUser implements RequestUser {
private final XsUaaToken jwt;
private final List roles;
private final static String UnrestrictedAttribute = "$unrestricted";
private XsUaaRequestUser(XsUaaToken jwt) {
this.jwt = jwt;
// filter the "$XSAPPNAME." prefix
String scopePrefix = (String) uaaInstance.getCredentials().get("xsappname");
roles = jwt.getScopes().stream().map(scope -> {
int pos = scope.indexOf(scopePrefix + ".");
if (pos == 0) {
return scope.substring(scopePrefix.length() + 1);
}
return scope;
}).collect(Collectors.toList());
}
@Override
public String getId() {
return jwt.getId();
}
@Override
public String getName() {
String name = jwt.getName();
if (name != null && Properties.getCds().getSecurity().getXsuaa().isNormalizeUserNames()) {
name = jwt.getName().trim().toLowerCase(Locale.ENGLISH);
}
return name;
}
@Override
public List getRoles() {
return roles; // NOSONAR
}
@Override
public String getTenant() {
return jwt.getTenant();
}
@Override
public boolean isSystemUser() {
return jwt.getGrantType() != null && (
jwt.getGrantType().equals(CLIENT_CREDENTIALS.toString()) || jwt.getGrantType().equals(CLIENT_X509.toString()) );
}
@Override
public List getUserAttribute(String attribute) {
return jwt.getUserAttributes().get(attribute);
}
@Override
public List getSystemAttribute(String attribute) {
return jwt.getSystemAttributes().get(attribute);
}
@Override
public Object getExtensionAttribute(String attribute) {
return jwt.getExtensionAttributes().get(attribute);
}
@Override
public Map getAdditionalAttributes() {
return jwt.getAdditionalAttributes();
}
@Override
public boolean isUnrestrictedUserAttribute(String attribute) {
List attributeValues = jwt.getUserAttributes().get(attribute);
return attributeValues != null && attributeValues.stream().anyMatch(UnrestrictedAttribute::equalsIgnoreCase);
}
}
@Override
public boolean isActiveFeature() {
return Properties.getCds().getSecurity().getXsuaa().isEnabled() && uaaInstance != null;
}
@Override
public String getFeatureName() {
return "XSUAA Token Parser (" + uaaInstance.getServiceInstanceName() + ")";
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy