/** * Performs the calculation of roles based on the userRoles property in the configuration and the * retrieved user object. * * @param principal The principal. * @param securityContextMapper The message info instance. * @param resource the retrieved resource for the principal. * @return A SecurityContextMapper instance containing the authentication context information. */ public void calculateRoles( String principal, SecurityContextMapper securityContextMapper, ResourceResponse resource) { // Set roles from retrieved object: if (resource != null) { final JsonValue userDetail = resource.getContent(); // support reading roles from property in object if (userRoles != null && !userDetail.get(userRoles).isNull()) { if (userDetail.get(userRoles).isString()) { for (String role : userDetail.get(userRoles).asString().split(",")) { securityContextMapper.addRole(role); } } else if (userDetail.get(userRoles).isList()) { for (JsonValue role : userDetail.get(userRoles)) { if (RelationshipUtil.isRelationship(role)) { // Role is specified as a relationship Object JsonPointer roleId = new JsonPointer(role.get(RelationshipUtil.REFERENCE_ID).asString()); securityContextMapper.addRole(roleId.leaf()); } else { // Role is specified as a String securityContextMapper.addRole(role.asString()); } } } else { logger.warn( "Unknown roles type retrieved from user query, expected collection: {} type: {}", userRoles, userDetail.get(userRoles).getObject().getClass()); } } // Roles are now set. // Note: roles can be further augmented with a script if more complex behavior is desired logger.debug( "Used {}object property to update context for {} with userid : {}, roles : {}", userRoles != null ? (userRoles + " ") : "", securityContextMapper.getAuthenticationId(), securityContextMapper.getUserId(), securityContextMapper.getRoles()); } }