Package com.xebialabs.platform.sso.oidc.policy.impl

Class DefaultClaimsToGrantedAuthoritiesPolicy

java.lang.Object

com.xebialabs.platform.sso.oidc.policy.impl.DefaultClaimsToGrantedAuthoritiesPolicy

All Implemented Interfaces:

ClaimsToGrantedAuthoritiesPolicy

public class DefaultClaimsToGrantedAuthoritiesPolicy
extends Object
implements ClaimsToGrantedAuthoritiesPolicy

Provides default behavior for case when a group claim is bound to granted authorities.

Constructor Summary

Constructors

Constructor	Description
DefaultClaimsToGrantedAuthoritiesPolicy(String rolesClaimName)

Method Summary

Modifier and Type	Method	Description
List<org.springframework.security.core.GrantedAuthority>	claimsToGrantedAuthorities(Map<String,Object> oidcClaims)	Derive the GrantedAuthoritys from the claims provided by the IDP.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DefaultClaimsToGrantedAuthoritiesPolicy

public DefaultClaimsToGrantedAuthoritiesPolicy(String rolesClaimName)

Method Details

claimsToGrantedAuthorities

public List<org.springframework.security.core.GrantedAuthority> claimsToGrantedAuthorities(Map<String,Object> oidcClaims)

Description copied from interface: ClaimsToGrantedAuthoritiesPolicy

Derive the GrantedAuthoritys from the claims provided by the IDP.

It seems there's no real standard claim for groups/roles. In Okta it seems to be named 'groups' in KeyCloak it can be configured and filled with Groups or Roles.

Specified by:

claimsToGrantedAuthorities in interface ClaimsToGrantedAuthoritiesPolicy

Parameters:

oidcClaims - a map with the claims (Values can be strings, integers, ..)

Returns:

the list with GrantedAuthoritys