odpi · bogdan-sava · Mar 28, 2023 · Mar 28, 2023 · Mar 28, 2023
@@ -4,11 +4,13 @@
 
 import org.odpi.openmetadata.userinterface.uichassis.springboot.service.ComponentService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 
 import java.util.Collection;
 import java.util.Set;
 import java.util.stream.Collectors;
 
+@Service
 public class RoleService {
 
     @Autowired

@@ -83,7 +83,10 @@ public WebMvcConfigurer corsConfigurer() {
         return new WebMvcConfigurer() {
             @Override
             public void addCorsMappings( CorsRegistry registry ) {
-                registry.addMapping("/**").allowedOrigins(allowedOrigins.toArray(new String[]{}));
+                registry.addMapping("/**")
+                        .allowedOrigins(allowedOrigins.toArray(new String[]{}))
+                        .allowedMethods("GET","POST","PUT","DELETE")
+                        .allowedHeaders("Authorization","Content-type");
             }
         };
     }

@@ -2,18 +2,24 @@
 /* Copyright Contributors to the ODPi Egeria project. */
 package org.odpi.openmetadata.userinterface.uichassis.springboot.auth.service;
 
+import org.odpi.openmetadata.userinterface.uichassis.springboot.auth.RoleService;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.jwt.*;
 import org.springframework.stereotype.Service;
 
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
+import java.util.Collection;
+import java.util.List;
 import java.util.stream.Collectors;
 
 @Service
 public class TokenService {
 
+    @Autowired
+    RoleService roleService;
     private final JwtEncoder encoder;
 
     public TokenService(JwtEncoder encoder) {
@@ -22,14 +28,16 @@ public TokenService(JwtEncoder encoder) {
 
     public String generateToken(Authentication authentication) {
         Instant now = Instant.now();
-        String scope = authentication.getAuthorities().stream()
+        List<String> authotities = authentication.getAuthorities().stream()
                 .map(GrantedAuthority::getAuthority)
-                .collect(Collectors.joining(" "));
+                .collect(Collectors.toList());
+        Collection<String> scope = roleService.extractUserAppRoles(authotities);
         JwtClaimsSet claims = JwtClaimsSet.builder()
                 .issuer("self")
                 .issuedAt(now)
                 .expiresAt(now.plus(1, ChronoUnit.HOURS))
                 .subject(authentication.getName())
+                .claim("visibleComponents", roleService.getVisibleComponents(scope))
                 .claim("scope", scope)
                 .build();
         return this.encoder.encode(JwtEncoderParameters.from(claims)).getTokenValue();

@@ -87,7 +87,7 @@ authentication.mode=token
 # Below is the default configuration for the two COCO_PHARMA roles we use for demo:
 
 role.visibleComponents.COCO_PHARMA_USER=about,asset-catalog,asset-details,asset-details-print,asset-lineage,asset-lineage-print,end-to-end,ultimate-source,ultimate-destination,vertical-lineage,glossary,repository-explorer
-role.visibleComponents.COCO_PHARMA_ADMIN=about,type-explorer
+role.visibleComponents.COCO_PHARMA_ADMIN=*
 
 # omas server connection details
 omas.server.name=cocoMDS1