broker-core/src/main/java/org/apache/qpid/server/security/auth/AuthIdentityConnectionPropertyEnricher.java - qpid-broker-j - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements. See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * <p>
  * http://www.apache.org/licenses/LICENSE-2.0
  * <p>
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.qpid.server.security.auth;

 import java.security.Principal;
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;

 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import org.apache.qpid.server.model.preferences.GenericPrincipal;
 import org.apache.qpid.server.plugin.ConnectionPropertyEnricher;
 import org.apache.qpid.server.plugin.PluggableService;
 import org.apache.qpid.server.security.QpidPrincipal;
 import org.apache.qpid.server.security.group.GroupPrincipal;
 import org.apache.qpid.server.transport.AMQPConnection;

 @PluggableService
 public class AuthIdentityConnectionPropertyEnricher implements ConnectionPropertyEnricher
 {
     private static final Logger LOG = LoggerFactory.getLogger(AuthIdentityConnectionPropertyEnricher.class);

     @Override
     public Map<String, Object> addConnectionProperties(final AMQPConnection<?> connection,
                                                        final Map<String, Object> existingProperties)
     {
         Map<String,Object> modifiedProperties = new LinkedHashMap<>(existingProperties);

         final Principal principal = connection.getAuthorizedPrincipal();
         if(principal != null)
         {
             GenericPrincipal genericPrincipal = new GenericPrincipal((QpidPrincipal)principal);
             Map<String,String> claims = new LinkedHashMap<>();
             claims.put("sub", genericPrincipal.toExternalForm());
             claims.put("preferred_username", genericPrincipal.getName());
             modifiedProperties.put("authenticated-identity", claims);

         }
         Set<GroupPrincipal> groups = connection.getSubject().getPrincipals(GroupPrincipal.class);
         List<String> groupNames = groups.stream().map(GroupPrincipal::getName).collect(Collectors.toList());
         modifiedProperties.put("groups", groupNames);
         return Collections.unmodifiableMap(modifiedProperties);
     }


     @Override
     public String getType()
     {
         return "AUTH_IDENTITY";
     }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	* <p>
	* http://www.apache.org/licenses/LICENSE-2.0
	* <p>
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.qpid.server.security.auth;

	import java.security.Principal;
	import java.util.Collections;
	import java.util.LinkedHashMap;
	import java.util.List;
	import java.util.Map;
	import java.util.Set;
	import java.util.stream.Collectors;

	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import org.apache.qpid.server.model.preferences.GenericPrincipal;
	import org.apache.qpid.server.plugin.ConnectionPropertyEnricher;
	import org.apache.qpid.server.plugin.PluggableService;
	import org.apache.qpid.server.security.QpidPrincipal;
	import org.apache.qpid.server.security.group.GroupPrincipal;
	import org.apache.qpid.server.transport.AMQPConnection;

	@PluggableService
	public class AuthIdentityConnectionPropertyEnricher implements ConnectionPropertyEnricher
	{
	private static final Logger LOG = LoggerFactory.getLogger(AuthIdentityConnectionPropertyEnricher.class);

	@Override
	public Map<String, Object> addConnectionProperties(final AMQPConnection<?> connection,
	final Map<String, Object> existingProperties)
	{
	Map<String,Object> modifiedProperties = new LinkedHashMap<>(existingProperties);

	final Principal principal = connection.getAuthorizedPrincipal();
	if(principal != null)
	{
	GenericPrincipal genericPrincipal = new GenericPrincipal((QpidPrincipal)principal);
	Map<String,String> claims = new LinkedHashMap<>();
	claims.put("sub", genericPrincipal.toExternalForm());
	claims.put("preferred_username", genericPrincipal.getName());
	modifiedProperties.put("authenticated-identity", claims);

	}
	Set<GroupPrincipal> groups = connection.getSubject().getPrincipals(GroupPrincipal.class);
	List<String> groupNames = groups.stream().map(GroupPrincipal::getName).collect(Collectors.toList());
	modifiedProperties.put("groups", groupNames);
	return Collections.unmodifiableMap(modifiedProperties);
	}


	@Override
	public String getType()
	{
	return "AUTH_IDENTITY";
	}
	}