From 33c67b3a2b620782f768684c602e214d9f8dc46d Mon Sep 17 00:00:00 2001
From: jasongwq <jasongwq@gmail.com>
Date: Sat, 3 Sep 2022 09:01:26 +0800
Subject: [PATCH] OIDC support groups (#2679)
---
.../web/base/login/OpenIdConnectCredential.java | 17 +++++++++++++----
.../sso/oic/OpenIdConnectAuthenticator.java | 13 ++++++++++---
2 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/src/main/java/org/codelibs/fess/app/web/base/login/OpenIdConnectCredential.java b/src/main/java/org/codelibs/fess/app/web/base/login/OpenIdConnectCredential.java
index 1ac73a30d..d9ade9047 100644
--- a/src/main/java/org/codelibs/fess/app/web/base/login/OpenIdConnectCredential.java
+++ b/src/main/java/org/codelibs/fess/app/web/base/login/OpenIdConnectCredential.java
@@ -18,10 +18,11 @@ package org.codelibs.fess.app.web.base.login;
import static org.codelibs.core.stream.StreamUtil.split;
import static org.codelibs.core.stream.StreamUtil.stream;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.fess.entity.FessUser;
import org.codelibs.fess.helper.SystemHelper;
@@ -46,8 +47,16 @@ public class OpenIdConnectCredential implements LoginCredential, FessCredential
return (String) attributes.get("email");
}
+ public String[] getUserGroups() {
+ String[] userGroups = (String[]) attributes.get("groups");
+ if (userGroups == null) {
+ userGroups = getDefaultGroupsAsArray();
+ }
+ return (userGroups);
+ }
+
public OpenIdUser getUser() {
- return new OpenIdUser(getUserId(), getDefaultGroupsAsArray(), getDefaultRolesAsArray());
+ return new OpenIdUser(getUserId(), getUserGroups(), getDefaultRolesAsArray());
}
protected static String[] getDefaultGroupsAsArray() {
diff --git a/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java b/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java
index 6cd647cb6..1c3cb394e 100644
--- a/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java
+++ b/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java
@@ -16,9 +16,7 @@
package org.codelibs.fess.sso.oic;
import java.io.IOException;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
+import java.util.*;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
@@ -198,6 +196,15 @@ public class OpenIdConnectAuthenticator implements SsoAuthenticator {
case "exp":
attributes.put("exp", jsonParser.getText());
break;
+ case "groups":
+ List<String> list = new ArrayList<String>();
+ while (jsonParser.nextToken() != JsonToken.END_ARRAY) {
+ final String group = jsonParser.getText();
+ list.add(group);
+ logger.debug(group);
+ }
+ attributes.put("groups", list.toArray(new String[list.size()]));
+ break;
}
}
}
--
GitLab