Configuring groups for user roles

This commit is contained in:
Thomas Georgios Giannos 2023-12-08 13:27:04 +02:00
parent e7c7d1f991
commit 038c78fb04
7 changed files with 54 additions and 144 deletions

View File

@ -1,8 +0,0 @@
package eu.eudat.configurations.keycloak;
public class KeycloakAuthorities {
public static final String ADMIN = "admin";
public static final String USER = "user";
}

View File

@ -0,0 +1,22 @@
package eu.eudat.configurations.keycloak;
import org.springframework.boot.context.properties.bind.ConstructorBinding;
public class KeycloakAuthorityProperties {
private final String groupId, groupTitle;
@ConstructorBinding
public KeycloakAuthorityProperties(String groupId, String groupTitle) {
this.groupId = groupId;
this.groupTitle = groupTitle;
}
public String getGroupId() {
return groupId;
}
public String getGroupTitle() {
return groupTitle;
}
}

View File

@ -22,35 +22,4 @@ public class KeycloakResourcesConfiguration {
return properties;
}
public String getGroupName(String tenantCode, String tenantId) {
return properties.getTenantGroupsNamingStrategy()
.replace("{tenantCode}", tenantCode)
.replace("{tenantId}", tenantId);
}
public String getAuthorityName(String tenantCode, String key) {
return properties.getAuthorities().get(key).getNamingStrategy()
.replace("{tenantCode}", tenantCode);
}
public boolean hasAuthority(String authority, String tenantCode, String key) {
return getAuthorityName(tenantCode, key).equals(authority);
}
public List<String> extractAuthoritiesForTenant(List<String> authorities, String tenantCode) {
List<String> extractedAuthorities = new ArrayList<>();
List<String> markedForRemoval = new ArrayList<>();
authorities.forEach(auth -> {
properties.getAuthorities().keySet().forEach(key -> {
if (hasAuthority(auth, tenantCode, key)) {
extractedAuthorities.add(properties.getAuthorities().get(key).getTitle());
markedForRemoval.add(auth);
}
});
});
authorities.removeAll(markedForRemoval);
authorities.addAll(extractedAuthorities);
return extractedAuthorities;
}
}

View File

@ -10,56 +10,15 @@ import java.util.HashMap;
@ConditionalOnProperty(prefix = "keycloak-resources", name = "enabled", havingValue = "true")
public class KeycloakResourcesProperties {
private final String tenantGroupsNamingStrategy, guestsGroup, administratorsGroup;
private final HashMap<String, TenantAuthorityGroupProperties> authorities;
private final HashMap<String, KeycloakAuthorityProperties> authorities;
@ConstructorBinding
public KeycloakResourcesProperties(String tenantGroupsNamingStrategy, String guestsGroup, String administratorsGroup, HashMap<String, TenantAuthorityGroupProperties> authorities) {
this.tenantGroupsNamingStrategy = tenantGroupsNamingStrategy;
this.guestsGroup = guestsGroup;
this.administratorsGroup = administratorsGroup;
public KeycloakResourcesProperties(HashMap<String, KeycloakAuthorityProperties> authorities) {
this.authorities = authorities;
}
public String getTenantGroupsNamingStrategy() {
return tenantGroupsNamingStrategy;
}
public String getGuestsGroup() {
return guestsGroup;
}
public String getAdministratorsGroup() {
return administratorsGroup;
}
public HashMap<String, TenantAuthorityGroupProperties> getAuthorities() {
public HashMap<String, KeycloakAuthorityProperties> getAuthorities() {
return authorities;
}
public static class TenantAuthorityGroupProperties {
private final String parent, namingStrategy, title;
@ConstructorBinding
public TenantAuthorityGroupProperties(String parent, String namingStrategy, String title) {
this.parent = parent;
this.namingStrategy = namingStrategy;
this.title = title;
}
public String getParent() {
return parent;
}
public String getNamingStrategy() {
return namingStrategy;
}
public String getTitle() {
return title;
}
}
}

View File

@ -9,13 +9,10 @@ import java.util.UUID;
public interface KeycloakService {
HashMap<String, GroupRepresentation> createTenantGroups(TenantEntity tenant);
void addUserToGroup(UUID subjectId, String groupId);
void removeUserFromGroup(@NotNull UUID subjectId, String groupId);
void addUserToAdministratorsGroup(UUID subjectId);
void removeUserFromAdministratorsGroup(@NotNull UUID subjectId);
void addUserToTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key);
void removeUserFromTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key);
void addUserToGroup(UUID subjectId, KeycloakRole role);
void removeUserFromGroup(@NotNull UUID subjectId, KeycloakRole role);
void assignClientRoleToUser(UUID subjectId, String clientId, KeycloakRole role);
void removeClientRoleFromUser(UUID subjectId, String clientId, KeycloakRole role);

View File

@ -1,9 +1,8 @@
package eu.eudat.service.keycloak;
import com.google.common.collect.Lists;
import eu.eudat.configurations.keycloak.KeycloakAuthorityProperties;
import eu.eudat.configurations.keycloak.KeycloakResourcesConfiguration;
import eu.eudat.data.TenantEntity;
import gr.cite.commons.web.keycloak.api.KeycloakAdminRestApi;
import gr.cite.commons.web.keycloak.api.configuration.KeycloakClientConfiguration;
import gr.cite.tools.logging.LoggerService;
import org.jetbrains.annotations.NotNull;
@ -13,7 +12,10 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.*;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.UUID;
@Service
public class KeycloakServiceImpl implements KeycloakService {
@ -27,29 +29,11 @@ public class KeycloakServiceImpl implements KeycloakService {
public KeycloakServiceImpl(MyKeycloakAdminRestApi api, KeycloakResourcesConfiguration configuration, KeycloakClientConfiguration clientConfiguration) {
this.api = api;
this.configuration = configuration;
//logger.info("Keycloak service initialized. Tenant authorities configured -> {}", configuration.getProperties().getAuthorities().size());
this.clientConfiguration = clientConfiguration;
}
@Override
public HashMap<String, GroupRepresentation> createTenantGroups(TenantEntity tenant) {
HashMap<String, GroupRepresentation> groups = new HashMap<>();
configuration.getProperties().getAuthorities().keySet().forEach(key -> {
GroupRepresentation group = new GroupRepresentation();
group.setName(configuration.getGroupName(tenant.getCode(), tenant.getId().toString()));
HashMap<String, List<String>> user_attributes = new HashMap<>();
user_attributes.put("auth", Lists.newArrayList(configuration.getAuthorityName(tenant.getCode(), key)));
group.setAttributes(user_attributes);
groups.put(key, api.groups().addGroupWithParent(group, configuration.getProperties().getAuthorities().get(key).getParent()));
});
return groups;
}
@Override
public void addUserToGroup(@NotNull UUID subjectId, String groupId) {
api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getGuestsGroup());
api.users().addUserToGroup(subjectId.toString(), groupId);
}
@ -59,32 +43,23 @@ public class KeycloakServiceImpl implements KeycloakService {
}
@Override
public void addUserToAdministratorsGroup(@NotNull UUID subjectId) {
api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getGuestsGroup());
api.users().addUserToGroup(subjectId.toString(), configuration.getProperties().getAdministratorsGroup());
public void addUserToGroup(UUID subjectId, KeycloakRole role) {
KeycloakAuthorityProperties properties = this.configuration.getProperties().getAuthorities().get(role.name());
if (properties != null)
addUserToGroup(subjectId, properties.getGroupId());
}
@Override
public void removeUserFromAdministratorsGroup(@NotNull UUID subjectId) {
api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getAdministratorsGroup());
}
@Override
public void addUserToTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key) {
api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getGuestsGroup());
GroupRepresentation group = api.groups().findGroupByPath(getTenantAuthorityParentPath(key) + "/" + configuration.getGroupName(tenant.getCode(), tenant.getId().toString()));
addUserToGroup(subjectId, group.getId());
}
@Override
public void removeUserFromTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key) {
GroupRepresentation group = api.groups().findGroupByPath(getTenantAuthorityParentPath(key) + "/" + configuration.getGroupName(tenant.getCode(), tenant.getId().toString()));
removeUserFromGroup(subjectId, group.getId());
public void removeUserFromGroup(@NotNull UUID subjectId, KeycloakRole role) {
KeycloakAuthorityProperties properties = this.configuration.getProperties().getAuthorities().get(role.name());
if (properties != null)
removeUserFromGroup(subjectId, properties.getGroupId());
}
@Override
public void assignClientRoleToUser(UUID subjectId, String clientId, KeycloakRole role) {
if (clientId == null) clientId = clientConfiguration.getProperties().getClientId();
if (clientId == null)
clientId = clientConfiguration.getProperties().getClientId();
UserRepresentation user = api.users().findUserById(subjectId.toString());
user.getClientRoles().computeIfAbsent(clientId, k -> Lists.newArrayList());
Set<String> clientRoles = new HashSet<>(Set.copyOf(user.getClientRoles().get(clientId)));
@ -110,9 +85,4 @@ public class KeycloakServiceImpl implements KeycloakService {
return api.users().getGroups(subjectId.toString());
}
private String getTenantAuthorityParentPath(String key) {
GroupRepresentation parent = api.groups().findGroupById(configuration.getProperties().getAuthorities().get(key).getParent());
return parent.getPath();
}
}

View File

@ -1,13 +1,14 @@
keycloak-resources:
authorities:
user:
parent: beba276b-5e9e-42b6-8012-8d2653312818
namingStrategy: 'tenantuser:{tenantCode}'
title: tenantuser
admin:
parent: 4432316d-75e3-410d-9934-590b95e76e44
namingStrategy: 'tenantadmin:{tenantCode}'
title: tenantadmin
tenantGroupsNamingStrategy: 'tenant-{tenantCode}'
guestsGroup: efa9cea5-0c7f-4c83-afb1-cc4ec9b2f1ee
administratorsGroup: 14d8f80a-6f88-4ad4-a42d-3e5023bac7b3
User:
groupId: a04fd333-f127-449e-8fc2-0626570a3899
groupTitle: role-user
Admin:
groupId: 299f18fe-e271-4625-a4c1-9c3eb313b2ea
groupTitle: role-admin
Manager:
groupId: 1753f7a7-cedb-4ad4-ae5f-96fe9bdabe3e
groupTitle: role-manager
DatasetTemplateEditor:
groupId: 969aa109-9c4d-4f12-ba9b-4a84b2e5a394
groupTitle: role-dataset-template-editor