Skip to content

Commit

Permalink
- Introducing the uniqueUsername configuraion parameter in order to …
Browse files Browse the repository at this point in the history 
…allow specifying which clam to be used from the JWT token as username value

 - Introducing the groupNamesUppercase configuraion parameter  in order to force the insertion of roles/groups claims from the JWT token uppercase
  • Loading branch information
@afabiani
afabiani committed Feb 12, 2025
1 parent ef02d4f commit e00bf46
Show file tree
Hide file tree
Showing 3 changed files with 720 additions and 144 deletions.
141 changes: 141 additions & 0 deletions ...main/java/it/geosolutions/geostore/services/rest/security/oauth2/OAuth2Configuration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@

import it.geosolutions.geostore.services.rest.security.IdPConfiguration;
import java.util.Collections;
import java.util.Objects;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.http.HttpEntity;
Expand Down Expand Up @@ -73,8 +74,10 @@ public class OAuth2Configuration extends IdPConfiguration {
private String discoveryUrl;
private boolean enableRedirectEntryPoint = false;
private String principalKey;
private String uniqueUsername;
private String rolesClaim;
private String groupsClaim;
private boolean groupNamesUppercase = false;

// Retry and backoff configurations
private long initialBackoffDelay = 1000; // Default: 1 second
Expand Down Expand Up @@ -521,6 +524,25 @@ public void setPrincipalKey(String principalKey) {
this.principalKey = principalKey;
}

/**
* Whether we would like to use another claim to extract the actual "username" from the token
* claims.
*
* @return the unique username claim key.
*/
public String getUniqueUsername() {
return uniqueUsername;
}

/**
* Set the unique username claim key.
*
* @param uniqueUsername the unique username claim key.
*/
public void setUniqueUsername(String uniqueUsername) {
this.uniqueUsername = uniqueUsername;
}

/**
* The roles claim name.
*
Expand Down Expand Up @@ -553,6 +575,125 @@ public void setGroupsClaim(String groupsClaim) {
this.groupsClaim = groupsClaim;
}

public boolean isGroupNamesUppercase() {
return groupNamesUppercase;
}

public void setGroupNamesUppercase(boolean groupNamesUppercase) {
this.groupNamesUppercase = groupNamesUppercase;
}

@Override
public boolean equals(Object o) {
if (!(o instanceof OAuth2Configuration)) return false;
OAuth2Configuration that = (OAuth2Configuration) o;
return isGlobalLogoutEnabled() == that.isGlobalLogoutEnabled()
&& isEnableRedirectEntryPoint() == that.isEnableRedirectEntryPoint()
&& isGroupNamesUppercase() == that.isGroupNamesUppercase()
&& getInitialBackoffDelay() == that.getInitialBackoffDelay()
&& Double.compare(getBackoffMultiplier(), that.getBackoffMultiplier()) == 0
&& getMaxRetries() == that.getMaxRetries()
&& Objects.equals(getClientId(), that.getClientId())
&& Objects.equals(getClientSecret(), that.getClientSecret())
&& Objects.equals(getAccessTokenUri(), that.getAccessTokenUri())
&& Objects.equals(getAuthorizationUri(), that.getAuthorizationUri())
&& Objects.equals(getCheckTokenEndpointUrl(), that.getCheckTokenEndpointUrl())
&& Objects.equals(getLogoutUri(), that.getLogoutUri())
&& Objects.equals(getRevokeEndpoint(), that.getRevokeEndpoint())
&& Objects.equals(getScopes(), that.getScopes())
&& Objects.equals(getIdTokenUri(), that.getIdTokenUri())
&& Objects.equals(getDiscoveryUrl(), that.getDiscoveryUrl())
&& Objects.equals(getPrincipalKey(), that.getPrincipalKey())
&& Objects.equals(getUniqueUsername(), that.getUniqueUsername())
&& Objects.equals(getRolesClaim(), that.getRolesClaim())
&& Objects.equals(getGroupsClaim(), that.getGroupsClaim());
}

@Override
public int hashCode() {
return Objects.hash(
getClientId(),
getClientSecret(),
getAccessTokenUri(),
getAuthorizationUri(),
getCheckTokenEndpointUrl(),
getLogoutUri(),
getRevokeEndpoint(),
isGlobalLogoutEnabled(),
getScopes(),
getIdTokenUri(),
getDiscoveryUrl(),
isEnableRedirectEntryPoint(),
getPrincipalKey(),
getUniqueUsername(),
getRolesClaim(),
getGroupsClaim(),
isGroupNamesUppercase(),
getInitialBackoffDelay(),
getBackoffMultiplier(),
getMaxRetries());
}

@Override
public String toString() {
return "OAuth2Configuration{"
+ "clientId='"
+ clientId
+ '\''
+ ", clientSecret='"
+ clientSecret
+ '\''
+ ", accessTokenUri='"
+ accessTokenUri
+ '\''
+ ", authorizationUri='"
+ authorizationUri
+ '\''
+ ", checkTokenEndpointUrl='"
+ checkTokenEndpointUrl
+ '\''
+ ", logoutUri='"
+ logoutUri
+ '\''
+ ", revokeEndpoint='"
+ revokeEndpoint
+ '\''
+ ", globalLogoutEnabled="
+ globalLogoutEnabled
+ ", scopes='"
+ scopes
+ '\''
+ ", idTokenUri='"
+ idTokenUri
+ '\''
+ ", discoveryUrl='"
+ discoveryUrl
+ '\''
+ ", enableRedirectEntryPoint="
+ enableRedirectEntryPoint
+ ", principalKey='"
+ principalKey
+ '\''
+ ", uniqueUsername='"
+ uniqueUsername
+ '\''
+ ", rolesClaim='"
+ rolesClaim
+ '\''
+ ", groupsClaim='"
+ groupsClaim
+ '\''
+ ", groupNamesUppercase="
+ groupNamesUppercase
+ ", initialBackoffDelay="
+ initialBackoffDelay
+ ", backoffMultiplier="
+ backoffMultiplier
+ ", maxRetries="
+ maxRetries
+ '}';
}

/** Represents a configurable HTTP endpoint with method and request entity. */
public static class Endpoint {

Expand Down
Loading

0 comments on commit e00bf46

Please sign in to comment.