From 465cec3d7f95e13bd7a107bc553de7cec2df73f4 Mon Sep 17 00:00:00 2001
From: "michael.breu" <michael.breu@uibk.ac.at>
Date: Fri, 22 Jan 2021 12:42:38 +0100
Subject: [PATCH] GitLab Gruppen werden jetzt auch im JWT gespeichert.

---
 ...areAuthenticationSuccessHandlerWithJWTSupport.java | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/main/java/at/ac/uibk/gitsearch/security/oauth2/SavedRequestAwareAuthenticationSuccessHandlerWithJWTSupport.java b/src/main/java/at/ac/uibk/gitsearch/security/oauth2/SavedRequestAwareAuthenticationSuccessHandlerWithJWTSupport.java
index 5debd577b..132173a83 100644
--- a/src/main/java/at/ac/uibk/gitsearch/security/oauth2/SavedRequestAwareAuthenticationSuccessHandlerWithJWTSupport.java
+++ b/src/main/java/at/ac/uibk/gitsearch/security/oauth2/SavedRequestAwareAuthenticationSuccessHandlerWithJWTSupport.java
@@ -2,7 +2,9 @@ package at.ac.uibk.gitsearch.security.oauth2;
 
 import java.io.IOException;
 import java.security.Principal;
+import java.util.ArrayList;
 import java.util.Collection;
+import java.util.List;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.Cookie;
@@ -11,6 +13,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
@@ -41,8 +44,14 @@ public class SavedRequestAwareAuthenticationSuccessHandlerWithJWTSupport extends
 		if (authentication instanceof OAuth2AuthenticationToken) {
 			OAuth2AuthenticationToken oAuthA = (OAuth2AuthenticationToken) authentication;
 			String mail = ((OidcUser) ((OAuth2AuthenticationToken) authentication).getPrincipal()).getEmail();
+			List<String> gitLabGroups = (List<String>) ((OidcUser) ((OAuth2AuthenticationToken) authentication).getPrincipal()).getClaims().get("groups");
 			String idToken = oAuthA.getPrincipal().getAttribute("idToken");
-			authenticationForToken = new SimpleAuthentication(new SimplePrincipal(mail), authentication.getAuthorities());
+			List<GrantedAuthority> roles = new ArrayList<>();
+			roles.addAll(authentication.getAuthorities());
+			for(String gitLabGroup: gitLabGroups) {
+				roles.add(new SimpleGrantedAuthority(gitLabGroup));
+			}
+			authenticationForToken = new SimpleAuthentication(new SimplePrincipal(mail), roles);
 			authenticationForToken.setAuthenticated(authentication.isAuthenticated());
 		}
 		String token = tokenProvider.createToken(authenticationForToken, REQUEST_TOKEN_LIVETIME *1000L); // 200 secs (for Debugging)
-- 
GitLab