fix: handle default claims when no specific role claim

InseeFr · Jan 24, 2025 · bc24a08 · bc24a08
1 parent 48ea945
commit bc24a08
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/...urvey/datacollectionmanagement/configuration/auth/security/GrantedAuthorityConverter.java b/...urvey/datacollectionmanagement/configuration/auth/security/GrantedAuthorityConverter.java
@@ -15,8 +15,10 @@
 @AllArgsConstructor
 public class GrantedAuthorityConverter implements Converter<Jwt, Collection<GrantedAuthority>> {
 
+    public static final String REALM_ACCESS_ROLE = "roles";
+    public static final String REALM_ACCESS = "realm_access";
     private final Map<String, List<SimpleGrantedAuthority>> roles;
-    ApplicationConfig applicationConfig;
+    private ApplicationConfig applicationConfig;
 
     public GrantedAuthorityConverter(ApplicationConfig applicationConfig) {
         this.applicationConfig = applicationConfig;
@@ -30,8 +32,7 @@ public GrantedAuthorityConverter(ApplicationConfig applicationConfig) {
     @SuppressWarnings("unchecked")
     @Override
     public Collection<GrantedAuthority> convert(@NonNull Jwt jwt) {
-        Map<String, Object> claims = jwt.getClaims();
-        List<String> userRoles = (List<String>) claims.get(applicationConfig.getRoleClaim());
+        List<String> userRoles = getUserRoles(jwt);
 
         if(userRoles == null) {
             return new ArrayList<>();
@@ -63,5 +64,16 @@ private void fillGrantedRoles(List<String> configRoles, AuthorityRoleEnum author
             });
         }
     }
+
+    @SuppressWarnings("unchecked")
+    private List<String> getUserRoles(Jwt jwt) {
+        Map<String, Object> claims = jwt.getClaims();
+
+        if(applicationConfig.getRoleClaim().isEmpty()) {
+            Map<String, Object> realmAccess = jwt.getClaim(REALM_ACCESS);
+            return (List<String>) realmAccess.get(REALM_ACCESS_ROLE);
+        }
+        return (List<String>) claims.get(applicationConfig.getRoleClaim());
+    }
 }
 
diff --git a/pom.xml b/pom.xml
@@ -24,7 +24,7 @@
 		<module>platine-management-api</module>
 	</modules>
     <properties>
-		<revision>2.8.2</revision>
+		<revision>2.8.3</revision>
 		<changelist></changelist>
 		<java.version>21</java.version>
 		<maven.compiler.source>21</maven.compiler.source>