Skip to content

Commit 0abe9f5

Browse files
HaaroleanHaarolean
committed
BE: Auth: Implement custom field name for cognito authority extractor
1 parent 3c1fd1f commit 0abe9f5

File tree

1 file changed

+14
-3
lines changed

1 file changed

+14
-3
lines changed

api/src/main/java/io/kafbat/ui/service/rbac/extractor/CognitoAuthorityExtractor.java

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,21 +3,25 @@
33
import static io.kafbat.ui.model.rbac.provider.Provider.Name.COGNITO;
44

55
import com.google.common.collect.Sets;
6+
import io.kafbat.ui.config.auth.OAuthProperties;
67
import io.kafbat.ui.model.rbac.Role;
78
import io.kafbat.ui.model.rbac.provider.Provider;
89
import io.kafbat.ui.service.rbac.AccessControlService;
910
import java.util.Collections;
1011
import java.util.List;
1112
import java.util.Map;
13+
import java.util.Optional;
1214
import java.util.Set;
1315
import java.util.stream.Collectors;
1416
import lombok.extern.slf4j.Slf4j;
1517
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
18+
import org.springframework.util.Assert;
1619
import reactor.core.publisher.Mono;
1720

1821
@Slf4j
1922
public class CognitoAuthorityExtractor implements ProviderAuthorityExtractor {
2023

24+
public static final String ROLES_FIELD_PARAM_NAME = "roles-field";
2125
private static final String COGNITO_GROUPS_ATTRIBUTE_NAME = "cognito:groups";
2226

2327
@Override
@@ -38,7 +42,7 @@ public Mono<Set<String>> extract(AccessControlService acs, Object value, Map<Str
3842
}
3943

4044
var usernameRoles = extractUsernameRoles(acs, principal);
41-
var groupRoles = extractGroupRoles(acs, principal);
45+
var groupRoles = extractGroupRoles(acs, principal, additionalParams);
4246

4347
return Mono.just(Sets.union(usernameRoles, groupRoles));
4448
}
@@ -59,8 +63,15 @@ private Set<String> extractUsernameRoles(AccessControlService acs, DefaultOAuth2
5963
return rolesByUsername;
6064
}
6165

62-
private Set<String> extractGroupRoles(AccessControlService acs, DefaultOAuth2User principal) {
63-
List<String> groups = principal.getAttribute(COGNITO_GROUPS_ATTRIBUTE_NAME);
66+
private Set<String> extractGroupRoles(AccessControlService acs, DefaultOAuth2User principal,
67+
Map<String, Object> additionalParams) {
68+
var provider = (OAuthProperties.OAuth2Provider) additionalParams.get("provider");
69+
Assert.notNull(provider, "provider is null");
70+
71+
var rolesFieldName = Optional.ofNullable(provider.getCustomParams().get(ROLES_FIELD_PARAM_NAME))
72+
.orElse(COGNITO_GROUPS_ATTRIBUTE_NAME);
73+
74+
List<String> groups = principal.getAttribute(rolesFieldName);
6475
if (groups == null) {
6576
log.debug("Cognito groups param is not present");
6677
return Collections.emptySet();

0 commit comments

Comments
 (0)