diff --git a/src/main/java/de/avatic/lcc/config/SecurityConfig.java b/src/main/java/de/avatic/lcc/config/SecurityConfig.java index eff34dc..18575dd 100644 --- a/src/main/java/de/avatic/lcc/config/SecurityConfig.java +++ b/src/main/java/de/avatic/lcc/config/SecurityConfig.java @@ -74,6 +74,12 @@ public class SecurityConfig { @Value("${lcc.auth.claim.email}") private String emailClaim; + @Value("${lcc.auth.claim.firstname}") + private String firstnameClaim; + + @Value("${lcc.auth.claim.lastname}") + private String lastNameClaim; + @Value("${lcc.auth.claim.ignore.workday}") private boolean ignoreWorkdayClaim; @@ -93,6 +99,7 @@ public class SecurityConfig { .anyRequest().authenticated() ) .oauth2Login(oauth2 -> oauth2 + .defaultSuccessUrl("/", true) ) .oauth2ResourceServer(oauth2 -> oauth2 @@ -272,29 +279,33 @@ public class SecurityConfig { String workdayId = oidcUser.getAttribute(workdayClaim); String email = oidcUser.getAttribute(emailClaim); + String firstName = oidcUser.getAttribute(firstnameClaim); + String lastName = oidcUser.getAttribute(lastNameClaim); + if (identifyBy.equals("email") && email != null && !email.isEmpty()) { log.debug("Fetch user by email {}", email); user = userRepository.getByEmail(email); - } else if (identifyBy.equals("workday") && workdayId != null && !workdayId.isEmpty()) { log.debug("Fetch user by workday id {}", workdayId); user = userRepository.getByWorkdayId(workdayId).orElse(null); } if (user != null) { + user.getGroups().forEach(g -> log.debug("Local group: {}", g)); user.getGroups().forEach(group -> mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + group.getName().toUpperCase()))); userId = user.getId(); + } else { + if (email != null && firstName != null && lastName != null && (ignoreWorkdayClaim || workdayId != null)) { + var isFirstUser = userRepository.count() == 0; + userId = userRepository.update(LccOidcUser.createDatabaseUser(email, firstName, lastName, ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser)); + mappedAuthorities.add(new SimpleGrantedAuthority(isFirstUser ? "ROLE_SERVICE" : "ROLE_NONE")); + } else { + log.debug("Unable to create user {} / {}", email, workdayId); + mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_NONE")); + } } - if (user == null && email != null && (ignoreWorkdayClaim || workdayId != null)) { - var isFirstUser = userRepository.count() == 0; - userId = userRepository.update(LccOidcUser.createDatabaseUser(email, oidcUser.getGivenName(), oidcUser.getFamilyName(), ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser)); - mappedAuthorities.add(new SimpleGrantedAuthority(isFirstUser ? "ROLE_SERVICE" : "ROLE_NONE")); - } else { - log.debug("Unable to create user {} / {}", email, workdayId); - mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_NONE")); - } return new LccOidcUser( @@ -305,8 +316,6 @@ public class SecurityConfig { userId ); }; - - } private String generateRandomWorkdayId() { diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 8477cc5..4db8dab 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -29,6 +29,9 @@ lcc.allowed_oauth_token_cors=* lcc.auth.identify.by=workday lcc.auth.claim.workday=employeeid lcc.auth.claim.email=preferred_username +lcc.auth.claim.firstname=given_name +lcc.auth.claim.lastname=family_name + lcc.auth.claim.ignore.workday=false # Bulk Import