All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.camunda.operate.webapp.security.identity.IdentityUserService Maven / Gradle / Ivy

There is a newer version: 8.7.0-alpha2-rc1
Show newest version
/*
 * Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH under
 * one or more contributor license agreements. See the NOTICE file distributed
 * with this work for additional information regarding copyright ownership.
 * Licensed under the Camunda License 1.0. You may not use this file
 * except in compliance with the Camunda License 1.0.
 */
package io.camunda.operate.webapp.security.identity;

import static io.camunda.operate.OperateProfileService.IDENTITY_AUTH_PROFILE;

import io.camunda.identity.sdk.Identity;
import io.camunda.identity.sdk.authentication.AccessToken;
import io.camunda.operate.webapp.rest.dto.UserDto;
import io.camunda.operate.webapp.security.AbstractUserService;
import io.camunda.operate.webapp.security.Permission;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Profile;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.stereotype.Component;

@Component
@Profile(IDENTITY_AUTH_PROFILE)
public class IdentityUserService extends AbstractUserService {

  private final Identity identity;

  private final PermissionConverter permissionConverter;

  @Autowired
  public IdentityUserService(Identity identity, PermissionConverter permissionConverter) {
    this.identity = identity;
    this.permissionConverter = permissionConverter;
  }

  @Override
  public UserDto createUserDtoFrom(final AbstractAuthenticationToken authentication) {
    if (authentication instanceof IdentityAuthentication) {
      return new UserDto()
          .setUserId(((IdentityAuthentication) authentication).getId())
          .setDisplayName(authentication.getName())
          .setCanLogout(true)
          .setPermissions(((IdentityAuthentication) authentication).getPermissions())
          .setTenants(((IdentityAuthentication) authentication).getTenants());
    } else if (authentication instanceof JwtAuthenticationToken) {
      final AccessToken accessToken =
          identity
              .authentication()
              .verifyToken(((Jwt) authentication.getPrincipal()).getTokenValue());
      final List permissions =
          accessToken.getPermissions().stream()
              .map(permissionConverter::convert)
              .collect(Collectors.toList());
      return new UserDto()
          .setUserId(authentication.getName())
          .setDisplayName(authentication.getName())
          .setCanLogout(true)
          .setPermissions(permissions);
    } else {
      return null;
    }
  }

  @Override
  public String getUserToken(final AbstractAuthenticationToken authentication) {
    throw new UnsupportedOperationException(
        "Get token is not supported for Identity authentication");
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy