From bb2c1f4c273dab428446c74f4524354e49d6a6a7 Mon Sep 17 00:00:00 2001
From: "aditya.chandel" <8075870+adityachandelgit@users.noreply.github.com>
Date: Fri, 29 Aug 2025 13:50:09 -0600
Subject: [PATCH] Fix OIDC stomp initialization and notification

---
 .../interceptor/WebSocketAuthInterceptor.java | 41 +++++++++++++++++--
 booklore-ui/src/app/auth-initializer.ts       |  2 +-
 2 files changed, 38 insertions(+), 5 deletions(-)

diff --git a/booklore-api/src/main/java/com/adityachandel/booklore/config/security/interceptor/WebSocketAuthInterceptor.java b/booklore-api/src/main/java/com/adityachandel/booklore/config/security/interceptor/WebSocketAuthInterceptor.java
index c3bdf03e4..73cfc7462 100644
--- a/booklore-api/src/main/java/com/adityachandel/booklore/config/security/interceptor/WebSocketAuthInterceptor.java
+++ b/booklore-api/src/main/java/com/adityachandel/booklore/config/security/interceptor/WebSocketAuthInterceptor.java
@@ -2,6 +2,9 @@ package com.adityachandel.booklore.config.security.interceptor;
 
 import com.adityachandel.booklore.config.security.JwtUtils;
 import com.adityachandel.booklore.config.security.service.DynamicOidcJwtProcessor;
+import com.adityachandel.booklore.mapper.custom.BookLoreUserTransformer;
+import com.adityachandel.booklore.model.dto.settings.OidcProviderDetails;
+import com.adityachandel.booklore.service.appsettings.AppSettingService;
 import com.nimbusds.jwt.JWTClaimsSet;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -29,6 +32,7 @@ public class WebSocketAuthInterceptor implements ChannelInterceptor {
 
     private final JwtUtils jwtUtils;
     private final DynamicOidcJwtProcessor dynamicOidcJwtProcessor;
+    private final AppSettingService appSettingService;
 
     @Override
     public Message<?> preSend(Message<?> message, MessageChannel channel) {
@@ -58,16 +62,45 @@ public class WebSocketAuthInterceptor implements ChannelInterceptor {
     }
 
     private Authentication authenticateToken(String token) {
+        if (token == null || token.trim().isEmpty()) {
+            log.debug("Token is null or empty");
+            return null;
+        }
         try {
             if (jwtUtils.validateToken(token)) {
                 String username = jwtUtils.extractUsername(token);
-                return new UsernamePasswordAuthenticationToken(username, null, Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")));
+                if (username != null && !username.trim().isEmpty()) {
+                    return new UsernamePasswordAuthenticationToken(username, null, null);
+                }
+                log.debug("Username extracted from JWT is null or empty");
             }
+
             JWTClaimsSet claims = dynamicOidcJwtProcessor.getProcessor().process(token, null);
-            if (claims != null) {
-                String username = claims.getSubject();
-                return new UsernamePasswordAuthenticationToken(username, null, Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")));
+            if (claims == null) {
+                log.debug("OIDC token processing returned null claims");
+                return null;
             }
+            OidcProviderDetails providerDetails = appSettingService.getAppSettings().getOidcProviderDetails();
+            if (providerDetails == null) {
+                log.debug("OIDC provider details are null");
+                return null;
+            }
+            if (providerDetails.getClaimMapping() == null) {
+                log.debug("OIDC claim mapping is null");
+                return null;
+            }
+            String usernameClaimKey = providerDetails.getClaimMapping().getUsername();
+            if (usernameClaimKey == null || usernameClaimKey.trim().isEmpty()) {
+                log.debug("Username claim key is null or empty");
+                return null;
+            }
+            String username = claims.getStringClaim(usernameClaimKey);
+            if (username != null && !username.trim().isEmpty()) {
+                return new UsernamePasswordAuthenticationToken(username, null, null);
+            }
+
+            log.warn("Username extracted from OIDC claims is null or empty");
+
         } catch (Exception e) {
             log.debug("Token authentication failed", e);
         }
diff --git a/booklore-ui/src/app/auth-initializer.ts b/booklore-ui/src/app/auth-initializer.ts
index 24e9c3b0a..e3fb80a3c 100644
--- a/booklore-ui/src/app/auth-initializer.ts
+++ b/booklore-ui/src/app/auth-initializer.ts
@@ -61,7 +61,7 @@ export function initializeAuthFactory() {
                   authService.tokenSubject.next(oauthService.getAccessToken());
                   console.log('[OIDC] Valid access token found after tryLogin');
                   oauthService.setupAutomaticSilentRefresh();
-                  websocketInitializer(authService);
+                  websocketInitializer(authService)();
                   authInitService.markAsInitialized();
                   resolve();
                 } else {