Configuring groups for user roles
This commit is contained in:
parent
e7c7d1f991
commit
038c78fb04
|
@ -1,8 +0,0 @@
|
|||
package eu.eudat.configurations.keycloak;
|
||||
|
||||
public class KeycloakAuthorities {
|
||||
|
||||
public static final String ADMIN = "admin";
|
||||
public static final String USER = "user";
|
||||
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
package eu.eudat.configurations.keycloak;
|
||||
|
||||
import org.springframework.boot.context.properties.bind.ConstructorBinding;
|
||||
|
||||
public class KeycloakAuthorityProperties {
|
||||
|
||||
private final String groupId, groupTitle;
|
||||
|
||||
@ConstructorBinding
|
||||
public KeycloakAuthorityProperties(String groupId, String groupTitle) {
|
||||
this.groupId = groupId;
|
||||
this.groupTitle = groupTitle;
|
||||
}
|
||||
|
||||
public String getGroupId() {
|
||||
return groupId;
|
||||
}
|
||||
|
||||
public String getGroupTitle() {
|
||||
return groupTitle;
|
||||
}
|
||||
}
|
|
@ -22,35 +22,4 @@ public class KeycloakResourcesConfiguration {
|
|||
return properties;
|
||||
}
|
||||
|
||||
public String getGroupName(String tenantCode, String tenantId) {
|
||||
return properties.getTenantGroupsNamingStrategy()
|
||||
.replace("{tenantCode}", tenantCode)
|
||||
.replace("{tenantId}", tenantId);
|
||||
}
|
||||
|
||||
public String getAuthorityName(String tenantCode, String key) {
|
||||
return properties.getAuthorities().get(key).getNamingStrategy()
|
||||
.replace("{tenantCode}", tenantCode);
|
||||
}
|
||||
|
||||
public boolean hasAuthority(String authority, String tenantCode, String key) {
|
||||
return getAuthorityName(tenantCode, key).equals(authority);
|
||||
}
|
||||
|
||||
public List<String> extractAuthoritiesForTenant(List<String> authorities, String tenantCode) {
|
||||
List<String> extractedAuthorities = new ArrayList<>();
|
||||
List<String> markedForRemoval = new ArrayList<>();
|
||||
authorities.forEach(auth -> {
|
||||
properties.getAuthorities().keySet().forEach(key -> {
|
||||
if (hasAuthority(auth, tenantCode, key)) {
|
||||
extractedAuthorities.add(properties.getAuthorities().get(key).getTitle());
|
||||
markedForRemoval.add(auth);
|
||||
}
|
||||
});
|
||||
});
|
||||
authorities.removeAll(markedForRemoval);
|
||||
authorities.addAll(extractedAuthorities);
|
||||
return extractedAuthorities;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -10,56 +10,15 @@ import java.util.HashMap;
|
|||
@ConditionalOnProperty(prefix = "keycloak-resources", name = "enabled", havingValue = "true")
|
||||
public class KeycloakResourcesProperties {
|
||||
|
||||
private final String tenantGroupsNamingStrategy, guestsGroup, administratorsGroup;
|
||||
|
||||
private final HashMap<String, TenantAuthorityGroupProperties> authorities;
|
||||
private final HashMap<String, KeycloakAuthorityProperties> authorities;
|
||||
|
||||
@ConstructorBinding
|
||||
public KeycloakResourcesProperties(String tenantGroupsNamingStrategy, String guestsGroup, String administratorsGroup, HashMap<String, TenantAuthorityGroupProperties> authorities) {
|
||||
this.tenantGroupsNamingStrategy = tenantGroupsNamingStrategy;
|
||||
this.guestsGroup = guestsGroup;
|
||||
this.administratorsGroup = administratorsGroup;
|
||||
public KeycloakResourcesProperties(HashMap<String, KeycloakAuthorityProperties> authorities) {
|
||||
this.authorities = authorities;
|
||||
}
|
||||
|
||||
public String getTenantGroupsNamingStrategy() {
|
||||
return tenantGroupsNamingStrategy;
|
||||
}
|
||||
|
||||
public String getGuestsGroup() {
|
||||
return guestsGroup;
|
||||
}
|
||||
|
||||
public String getAdministratorsGroup() {
|
||||
return administratorsGroup;
|
||||
}
|
||||
|
||||
public HashMap<String, TenantAuthorityGroupProperties> getAuthorities() {
|
||||
public HashMap<String, KeycloakAuthorityProperties> getAuthorities() {
|
||||
return authorities;
|
||||
}
|
||||
|
||||
public static class TenantAuthorityGroupProperties {
|
||||
|
||||
private final String parent, namingStrategy, title;
|
||||
|
||||
@ConstructorBinding
|
||||
public TenantAuthorityGroupProperties(String parent, String namingStrategy, String title) {
|
||||
this.parent = parent;
|
||||
this.namingStrategy = namingStrategy;
|
||||
this.title = title;
|
||||
}
|
||||
|
||||
public String getParent() {
|
||||
return parent;
|
||||
}
|
||||
|
||||
public String getNamingStrategy() {
|
||||
return namingStrategy;
|
||||
}
|
||||
|
||||
public String getTitle() {
|
||||
return title;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -9,13 +9,10 @@ import java.util.UUID;
|
|||
|
||||
public interface KeycloakService {
|
||||
|
||||
HashMap<String, GroupRepresentation> createTenantGroups(TenantEntity tenant);
|
||||
void addUserToGroup(UUID subjectId, String groupId);
|
||||
void removeUserFromGroup(@NotNull UUID subjectId, String groupId);
|
||||
void addUserToAdministratorsGroup(UUID subjectId);
|
||||
void removeUserFromAdministratorsGroup(@NotNull UUID subjectId);
|
||||
void addUserToTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key);
|
||||
void removeUserFromTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key);
|
||||
void addUserToGroup(UUID subjectId, KeycloakRole role);
|
||||
void removeUserFromGroup(@NotNull UUID subjectId, KeycloakRole role);
|
||||
void assignClientRoleToUser(UUID subjectId, String clientId, KeycloakRole role);
|
||||
void removeClientRoleFromUser(UUID subjectId, String clientId, KeycloakRole role);
|
||||
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
package eu.eudat.service.keycloak;
|
||||
|
||||
import com.google.common.collect.Lists;
|
||||
import eu.eudat.configurations.keycloak.KeycloakAuthorityProperties;
|
||||
import eu.eudat.configurations.keycloak.KeycloakResourcesConfiguration;
|
||||
import eu.eudat.data.TenantEntity;
|
||||
import gr.cite.commons.web.keycloak.api.KeycloakAdminRestApi;
|
||||
import gr.cite.commons.web.keycloak.api.configuration.KeycloakClientConfiguration;
|
||||
import gr.cite.tools.logging.LoggerService;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
|
@ -13,7 +12,10 @@ import org.slf4j.LoggerFactory;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.*;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
|
||||
@Service
|
||||
public class KeycloakServiceImpl implements KeycloakService {
|
||||
|
@ -27,29 +29,11 @@ public class KeycloakServiceImpl implements KeycloakService {
|
|||
public KeycloakServiceImpl(MyKeycloakAdminRestApi api, KeycloakResourcesConfiguration configuration, KeycloakClientConfiguration clientConfiguration) {
|
||||
this.api = api;
|
||||
this.configuration = configuration;
|
||||
//logger.info("Keycloak service initialized. Tenant authorities configured -> {}", configuration.getProperties().getAuthorities().size());
|
||||
this.clientConfiguration = clientConfiguration;
|
||||
}
|
||||
|
||||
@Override
|
||||
public HashMap<String, GroupRepresentation> createTenantGroups(TenantEntity tenant) {
|
||||
HashMap<String, GroupRepresentation> groups = new HashMap<>();
|
||||
|
||||
configuration.getProperties().getAuthorities().keySet().forEach(key -> {
|
||||
GroupRepresentation group = new GroupRepresentation();
|
||||
group.setName(configuration.getGroupName(tenant.getCode(), tenant.getId().toString()));
|
||||
HashMap<String, List<String>> user_attributes = new HashMap<>();
|
||||
user_attributes.put("auth", Lists.newArrayList(configuration.getAuthorityName(tenant.getCode(), key)));
|
||||
group.setAttributes(user_attributes);
|
||||
groups.put(key, api.groups().addGroupWithParent(group, configuration.getProperties().getAuthorities().get(key).getParent()));
|
||||
});
|
||||
|
||||
return groups;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addUserToGroup(@NotNull UUID subjectId, String groupId) {
|
||||
api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getGuestsGroup());
|
||||
api.users().addUserToGroup(subjectId.toString(), groupId);
|
||||
}
|
||||
|
||||
|
@ -59,32 +43,23 @@ public class KeycloakServiceImpl implements KeycloakService {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void addUserToAdministratorsGroup(@NotNull UUID subjectId) {
|
||||
api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getGuestsGroup());
|
||||
api.users().addUserToGroup(subjectId.toString(), configuration.getProperties().getAdministratorsGroup());
|
||||
public void addUserToGroup(UUID subjectId, KeycloakRole role) {
|
||||
KeycloakAuthorityProperties properties = this.configuration.getProperties().getAuthorities().get(role.name());
|
||||
if (properties != null)
|
||||
addUserToGroup(subjectId, properties.getGroupId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeUserFromAdministratorsGroup(@NotNull UUID subjectId) {
|
||||
api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getAdministratorsGroup());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addUserToTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key) {
|
||||
api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getGuestsGroup());
|
||||
GroupRepresentation group = api.groups().findGroupByPath(getTenantAuthorityParentPath(key) + "/" + configuration.getGroupName(tenant.getCode(), tenant.getId().toString()));
|
||||
addUserToGroup(subjectId, group.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeUserFromTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key) {
|
||||
GroupRepresentation group = api.groups().findGroupByPath(getTenantAuthorityParentPath(key) + "/" + configuration.getGroupName(tenant.getCode(), tenant.getId().toString()));
|
||||
removeUserFromGroup(subjectId, group.getId());
|
||||
public void removeUserFromGroup(@NotNull UUID subjectId, KeycloakRole role) {
|
||||
KeycloakAuthorityProperties properties = this.configuration.getProperties().getAuthorities().get(role.name());
|
||||
if (properties != null)
|
||||
removeUserFromGroup(subjectId, properties.getGroupId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void assignClientRoleToUser(UUID subjectId, String clientId, KeycloakRole role) {
|
||||
if (clientId == null) clientId = clientConfiguration.getProperties().getClientId();
|
||||
if (clientId == null)
|
||||
clientId = clientConfiguration.getProperties().getClientId();
|
||||
UserRepresentation user = api.users().findUserById(subjectId.toString());
|
||||
user.getClientRoles().computeIfAbsent(clientId, k -> Lists.newArrayList());
|
||||
Set<String> clientRoles = new HashSet<>(Set.copyOf(user.getClientRoles().get(clientId)));
|
||||
|
@ -110,9 +85,4 @@ public class KeycloakServiceImpl implements KeycloakService {
|
|||
return api.users().getGroups(subjectId.toString());
|
||||
}
|
||||
|
||||
private String getTenantAuthorityParentPath(String key) {
|
||||
GroupRepresentation parent = api.groups().findGroupById(configuration.getProperties().getAuthorities().get(key).getParent());
|
||||
return parent.getPath();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
keycloak-resources:
|
||||
authorities:
|
||||
user:
|
||||
parent: beba276b-5e9e-42b6-8012-8d2653312818
|
||||
namingStrategy: 'tenantuser:{tenantCode}'
|
||||
title: tenantuser
|
||||
admin:
|
||||
parent: 4432316d-75e3-410d-9934-590b95e76e44
|
||||
namingStrategy: 'tenantadmin:{tenantCode}'
|
||||
title: tenantadmin
|
||||
tenantGroupsNamingStrategy: 'tenant-{tenantCode}'
|
||||
guestsGroup: efa9cea5-0c7f-4c83-afb1-cc4ec9b2f1ee
|
||||
administratorsGroup: 14d8f80a-6f88-4ad4-a42d-3e5023bac7b3
|
||||
User:
|
||||
groupId: a04fd333-f127-449e-8fc2-0626570a3899
|
||||
groupTitle: role-user
|
||||
Admin:
|
||||
groupId: 299f18fe-e271-4625-a4c1-9c3eb313b2ea
|
||||
groupTitle: role-admin
|
||||
Manager:
|
||||
groupId: 1753f7a7-cedb-4ad4-ae5f-96fe9bdabe3e
|
||||
groupTitle: role-manager
|
||||
DatasetTemplateEditor:
|
||||
groupId: 969aa109-9c4d-4f12-ba9b-4a84b2e5a394
|
||||
groupTitle: role-dataset-template-editor
|
Loading…
Reference in New Issue