|
20 | 20 | */ |
21 | 21 | package eu.openanalytics.containerproxy.auth.impl; |
22 | 22 |
|
| 23 | +import java.util.ArrayList; |
23 | 24 | import java.util.Collections; |
24 | 25 | import java.util.HashSet; |
25 | 26 | import java.util.List; |
|
58 | 59 | import eu.openanalytics.containerproxy.auth.IAuthenticationBackend; |
59 | 60 | import eu.openanalytics.containerproxy.util.SessionHelper; |
60 | 61 | import net.minidev.json.JSONArray; |
| 62 | +import net.minidev.json.parser.JSONParser; |
| 63 | +import net.minidev.json.parser.ParseException; |
61 | 64 |
|
62 | 65 | public class OpenIDAuthenticationBackend implements IAuthenticationBackend { |
63 | 66 |
|
@@ -175,18 +178,32 @@ protected GrantedAuthoritiesMapper createAuthoritiesMapper() { |
175 | 178 | .collect(Collectors.joining(lineSep)); |
176 | 179 | log.debug(String.format("Checking for roles in claim '%s'. Available claims in ID token (%d):%s%s", |
177 | 180 | rolesClaimName, idToken.getClaims().size(), lineSep, claims)); |
178 | | - |
179 | | - Object claimValue = idToken.getClaims().get(rolesClaimName); |
180 | | - if (claimValue != null) { |
181 | | - log.debug(String.format("Matching claim found: %s -> %s (%s)", rolesClaimName, claimValue, claimValue.getClass())); |
182 | | - } else { |
183 | | - log.debug("No matching claim found."); |
184 | | - } |
| 181 | + } |
| 182 | + |
| 183 | + Object claimValue = idToken.getClaims().get(rolesClaimName); |
| 184 | + if (claimValue == null) { |
| 185 | + log.debug("No matching claim found."); |
| 186 | + } else { |
| 187 | + log.debug(String.format("Matching claim found: %s -> %s (%s)", rolesClaimName, claimValue, claimValue.getClass())); |
185 | 188 | } |
186 | 189 |
|
| 190 | + // Workaround: in some cases, getClaimAsStringList fails to parse?? |
187 | 191 | List<String> roles = idToken.getClaimAsStringList(rolesClaimName); |
| 192 | + if (roles == null && claimValue instanceof String) { |
| 193 | + List<String> parsedRoles = new ArrayList<>(); |
| 194 | + try { |
| 195 | + Object value = new JSONParser(JSONParser.MODE_PERMISSIVE).parse((String) claimValue); |
| 196 | + if (value instanceof List) { |
| 197 | + List<?> valueList = (List<?>) value; |
| 198 | + valueList.forEach(o -> parsedRoles.add(o.toString())); |
| 199 | + } |
| 200 | + } catch (ParseException e) { |
| 201 | + // Unable to parse JSON |
| 202 | + } |
| 203 | + roles = parsedRoles; |
| 204 | + } |
188 | 205 | if (roles == null) { |
189 | | - if (log.isDebugEnabled()) log.debug("Failed to parse claim value as an array: " + idToken.getClaims().get(rolesClaimName)); |
| 206 | + if (log.isDebugEnabled()) log.debug("Failed to parse claim value as an array: " + claimValue); |
190 | 207 | continue; |
191 | 208 | } |
192 | 209 |
|
|
0 commit comments