Adding user roles

Author: agreenhalgh

SmartcardAuth/src/main/java/com/answerdigital/ers/auth/Cis2User.java

@@ -0,0 +1,25 @@
+package com.answerdigital.ers.auth;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+
+import java.util.Collection;
+import java.util.Map;
+
+public class Cis2User implements OAuth2User {
+
+    @Override
+    public Map<String, Object> getAttributes() {
+        return null;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return null;
+    }
+
+    @Override
+    public String getName() {
+        return null;
+    }
+}

SmartcardAuth/src/main/java/com/answerdigital/ers/auth/WebSecurityConfig.java

@@ -4,8 +4,18 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
+import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.web.SecurityFilterChain;
 
+import java.util.HashSet;
+import java.util.Set;
+
 @Configuration
 @EnableWebSecurity
 public class WebSecurityConfig {
@@ -21,4 +31,30 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 
         return http.build();
     }
+
+    private OAuth2UserService<OAuth2UserRequest, OAuth2User> oidcUserService() {
+        final OAuth2UserService delegate = new DefaultOAuth2UserService();
+
+        return (userRequest) -> {
+            OAuth2User user = delegate.loadUser(userRequest);
+
+            OAuth2AccessToken accessToken = userRequest.getAccessToken();
+            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
+
+
+
+            Object rbac = user.getAttributes().get("nationalrbacaccess");
+
+
+
+            // TODO
+            // 1) Fetch the authority information from the protected resource using accessToken
+            // 2) Map the authority information to one or more GrantedAuthority's and add it to mappedAuthorities
+
+            // 3) Create a copy of oidcUser but use the mappedAuthorities instead
+            user = new DefaultOAuth2User(mappedAuthorities, user.getAttributes(), "name");
+
+            return user;
+        };
+    }
 }