Configuring groups for user roles

dmp-backend/core/src/main/java/eu/eudat/configurations/keycloak/KeycloakAuthorities.java

@@ -1,8 +0,0 @@
-package eu.eudat.configurations.keycloak;
-
-public class KeycloakAuthorities {
-
-    public static final String ADMIN = "admin";
-    public static final String USER = "user";
-
-}

dmp-backend/core/src/main/java/eu/eudat/configurations/keycloak/KeycloakAuthorityProperties.java

@@ -0,0 +1,22 @@
+package eu.eudat.configurations.keycloak;
+
+import org.springframework.boot.context.properties.bind.ConstructorBinding;
+
+public class KeycloakAuthorityProperties {
+
+    private final String groupId, groupTitle;
+
+    @ConstructorBinding
+    public KeycloakAuthorityProperties(String groupId, String groupTitle) {
+        this.groupId = groupId;
+        this.groupTitle = groupTitle;
+    }
+
+    public String getGroupId() {
+        return groupId;
+    }
+
+    public String getGroupTitle() {
+        return groupTitle;
+    }
+}

dmp-backend/core/src/main/java/eu/eudat/configurations/keycloak/KeycloakResourcesConfiguration.java

@@ -22,35 +22,4 @@ public class KeycloakResourcesConfiguration {
         return properties;
     }
 
-    public String getGroupName(String tenantCode, String tenantId) {
-        return properties.getTenantGroupsNamingStrategy()
-                .replace("{tenantCode}", tenantCode)
-                .replace("{tenantId}", tenantId);
-    }
-
-    public String getAuthorityName(String tenantCode, String key) {
-        return properties.getAuthorities().get(key).getNamingStrategy()
-                .replace("{tenantCode}", tenantCode);
-    }
-
-    public boolean hasAuthority(String authority, String tenantCode, String key) {
-        return getAuthorityName(tenantCode, key).equals(authority);
-    }
-
-    public List<String> extractAuthoritiesForTenant(List<String> authorities, String tenantCode) {
-        List<String> extractedAuthorities = new ArrayList<>();
-        List<String> markedForRemoval = new ArrayList<>();
-        authorities.forEach(auth -> {
-            properties.getAuthorities().keySet().forEach(key -> {
-                if (hasAuthority(auth, tenantCode, key)) {
-                    extractedAuthorities.add(properties.getAuthorities().get(key).getTitle());
-                    markedForRemoval.add(auth);
-                }
-            });
-        });
-        authorities.removeAll(markedForRemoval);
-        authorities.addAll(extractedAuthorities);
-        return extractedAuthorities;
-    }
-
 }

dmp-backend/core/src/main/java/eu/eudat/configurations/keycloak/KeycloakResourcesProperties.java

@@ -10,56 +10,15 @@ import java.util.HashMap;
 @ConditionalOnProperty(prefix = "keycloak-resources", name = "enabled", havingValue = "true")
 public class KeycloakResourcesProperties {
 
-    private final String tenantGroupsNamingStrategy, guestsGroup, administratorsGroup;
+    private final HashMap<String, KeycloakAuthorityProperties> authorities;
-
-    private final HashMap<String, TenantAuthorityGroupProperties> authorities;
 
     @ConstructorBinding
-    public KeycloakResourcesProperties(String tenantGroupsNamingStrategy, String guestsGroup, String administratorsGroup, HashMap<String, TenantAuthorityGroupProperties> authorities) {
+    public KeycloakResourcesProperties(HashMap<String, KeycloakAuthorityProperties> authorities) {
-        this.tenantGroupsNamingStrategy = tenantGroupsNamingStrategy;
-        this.guestsGroup = guestsGroup;
-        this.administratorsGroup = administratorsGroup;
         this.authorities = authorities;
     }
 
-    public String getTenantGroupsNamingStrategy() {
+    public HashMap<String, KeycloakAuthorityProperties> getAuthorities() {
-        return tenantGroupsNamingStrategy;
-    }
-
-    public String getGuestsGroup() {
-        return guestsGroup;
-    }
-
-    public String getAdministratorsGroup() {
-        return administratorsGroup;
-    }
-
-    public HashMap<String, TenantAuthorityGroupProperties> getAuthorities() {
         return authorities;
     }
 
-    public static class TenantAuthorityGroupProperties {
-
-        private final String parent, namingStrategy, title;
-
-        @ConstructorBinding
-        public TenantAuthorityGroupProperties(String parent, String namingStrategy, String title) {
-            this.parent = parent;
-            this.namingStrategy = namingStrategy;
-            this.title = title;
-        }
-
-        public String getParent() {
-            return parent;
-        }
-
-        public String getNamingStrategy() {
-            return namingStrategy;
-        }
-
-        public String getTitle() {
-            return title;
-        }
-    }
-
 }

dmp-backend/core/src/main/java/eu/eudat/service/keycloak/KeycloakService.java

@@ -9,13 +9,10 @@ import java.util.UUID;
 
 public interface KeycloakService {
 
-    HashMap<String, GroupRepresentation> createTenantGroups(TenantEntity tenant);
     void addUserToGroup(UUID subjectId, String groupId);
     void removeUserFromGroup(@NotNull UUID subjectId, String groupId);
-    void addUserToAdministratorsGroup(UUID subjectId);
+    void addUserToGroup(UUID subjectId, KeycloakRole role);
-    void removeUserFromAdministratorsGroup(@NotNull UUID subjectId);
+    void removeUserFromGroup(@NotNull UUID subjectId, KeycloakRole role);
-    void addUserToTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key);
-    void removeUserFromTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key);
     void assignClientRoleToUser(UUID subjectId, String clientId, KeycloakRole role);
     void removeClientRoleFromUser(UUID subjectId, String clientId, KeycloakRole role);
 

dmp-backend/core/src/main/java/eu/eudat/service/keycloak/KeycloakServiceImpl.java

@@ -1,9 +1,8 @@
 package eu.eudat.service.keycloak;
 
 import com.google.common.collect.Lists;
+import eu.eudat.configurations.keycloak.KeycloakAuthorityProperties;
 import eu.eudat.configurations.keycloak.KeycloakResourcesConfiguration;
-import eu.eudat.data.TenantEntity;
-import gr.cite.commons.web.keycloak.api.KeycloakAdminRestApi;
 import gr.cite.commons.web.keycloak.api.configuration.KeycloakClientConfiguration;
 import gr.cite.tools.logging.LoggerService;
 import org.jetbrains.annotations.NotNull;
@@ -13,7 +12,10 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import java.util.*;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.UUID;
 
 @Service
 public class KeycloakServiceImpl implements KeycloakService {
@@ -27,29 +29,11 @@ public class KeycloakServiceImpl implements KeycloakService {
     public KeycloakServiceImpl(MyKeycloakAdminRestApi api, KeycloakResourcesConfiguration configuration, KeycloakClientConfiguration clientConfiguration) {
         this.api = api;
         this.configuration = configuration;
-        //logger.info("Keycloak service initialized. Tenant authorities configured -> {}", configuration.getProperties().getAuthorities().size());
         this.clientConfiguration = clientConfiguration;
     }
 
-    @Override
-    public HashMap<String, GroupRepresentation> createTenantGroups(TenantEntity tenant) {
-        HashMap<String, GroupRepresentation> groups = new HashMap<>();
-
-        configuration.getProperties().getAuthorities().keySet().forEach(key -> {
-            GroupRepresentation group = new GroupRepresentation();
-            group.setName(configuration.getGroupName(tenant.getCode(), tenant.getId().toString()));
-            HashMap<String, List<String>> user_attributes = new HashMap<>();
-            user_attributes.put("auth", Lists.newArrayList(configuration.getAuthorityName(tenant.getCode(), key)));
-            group.setAttributes(user_attributes);
-            groups.put(key, api.groups().addGroupWithParent(group, configuration.getProperties().getAuthorities().get(key).getParent()));
-        });
-
-        return groups;
-    }
-
     @Override
     public void addUserToGroup(@NotNull UUID subjectId, String groupId) {
-        api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getGuestsGroup());
         api.users().addUserToGroup(subjectId.toString(), groupId);
     }
 
@@ -59,32 +43,23 @@ public class KeycloakServiceImpl implements KeycloakService {
     }
 
     @Override
-    public void addUserToAdministratorsGroup(@NotNull UUID subjectId) {
+    public void addUserToGroup(UUID subjectId, KeycloakRole role) {
-        api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getGuestsGroup());
+        KeycloakAuthorityProperties properties = this.configuration.getProperties().getAuthorities().get(role.name());
-        api.users().addUserToGroup(subjectId.toString(), configuration.getProperties().getAdministratorsGroup());
+        if (properties != null)
+            addUserToGroup(subjectId, properties.getGroupId());
     }
 
     @Override
-    public void removeUserFromAdministratorsGroup(@NotNull UUID subjectId) {
+    public void removeUserFromGroup(@NotNull UUID subjectId, KeycloakRole role) {
-        api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getAdministratorsGroup());
+        KeycloakAuthorityProperties properties = this.configuration.getProperties().getAuthorities().get(role.name());
-    }
+        if (properties != null)
-
+            removeUserFromGroup(subjectId, properties.getGroupId());
-    @Override
-    public void addUserToTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key) {
-        api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getGuestsGroup());
-        GroupRepresentation group = api.groups().findGroupByPath(getTenantAuthorityParentPath(key) + "/" + configuration.getGroupName(tenant.getCode(), tenant.getId().toString()));
-        addUserToGroup(subjectId, group.getId());
-    }
-
-    @Override
-    public void removeUserFromTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key) {
-        GroupRepresentation group = api.groups().findGroupByPath(getTenantAuthorityParentPath(key) + "/" + configuration.getGroupName(tenant.getCode(), tenant.getId().toString()));
-        removeUserFromGroup(subjectId, group.getId());
     }
 
     @Override
     public void assignClientRoleToUser(UUID subjectId, String clientId, KeycloakRole role) {
-        if (clientId == null) clientId = clientConfiguration.getProperties().getClientId();
+        if (clientId == null)
+            clientId = clientConfiguration.getProperties().getClientId();
         UserRepresentation user = api.users().findUserById(subjectId.toString());
         user.getClientRoles().computeIfAbsent(clientId, k -> Lists.newArrayList());
         Set<String> clientRoles = new HashSet<>(Set.copyOf(user.getClientRoles().get(clientId)));
@@ -110,9 +85,4 @@ public class KeycloakServiceImpl implements KeycloakService {
         return api.users().getGroups(subjectId.toString());
     }
 
-    private String getTenantAuthorityParentPath(String key) {
-        GroupRepresentation parent = api.groups().findGroupById(configuration.getProperties().getAuthorities().get(key).getParent());
-        return parent.getPath();
-    }
-
 }

dmp-backend/web/src/main/resources/config/keycloak-devel.yml

@@ -1,13 +1,14 @@
 keycloak-resources:
   authorities:
-    user:
+    User:
-      parent: beba276b-5e9e-42b6-8012-8d2653312818
+      groupId: a04fd333-f127-449e-8fc2-0626570a3899
-      namingStrategy: 'tenantuser:{tenantCode}'
+      groupTitle: role-user
-      title: tenantuser
+    Admin:
-    admin:
+      groupId: 299f18fe-e271-4625-a4c1-9c3eb313b2ea
-      parent: 4432316d-75e3-410d-9934-590b95e76e44
+      groupTitle: role-admin
-      namingStrategy: 'tenantadmin:{tenantCode}'
+    Manager:
-      title: tenantadmin
+      groupId: 1753f7a7-cedb-4ad4-ae5f-96fe9bdabe3e
-  tenantGroupsNamingStrategy: 'tenant-{tenantCode}'
+      groupTitle: role-manager
-  guestsGroup: efa9cea5-0c7f-4c83-afb1-cc4ec9b2f1ee
+    DatasetTemplateEditor:
-  administratorsGroup: 14d8f80a-6f88-4ad4-a42d-3e5023bac7b3
+      groupId: 969aa109-9c4d-4f12-ba9b-4a84b2e5a394
+      groupTitle: role-dataset-template-editor