Extracting subject id from user credentials for role mapping on Keycloak Api

This commit is contained in:
Thomas Georgios Giannos 2023-12-12 16:17:08 +02:00
parent a94473be49
commit b46c4e19e2
2 changed files with 12 additions and 6 deletions

View File

@ -10,6 +10,7 @@ import eu.eudat.commons.enums.IsActive;
import eu.eudat.commons.scope.user.UserScope; import eu.eudat.commons.scope.user.UserScope;
import eu.eudat.commons.types.user.AdditionalInfoEntity; import eu.eudat.commons.types.user.AdditionalInfoEntity;
import eu.eudat.convention.ConventionService; import eu.eudat.convention.ConventionService;
import eu.eudat.data.UserCredentialEntity;
import eu.eudat.data.UserEntity; import eu.eudat.data.UserEntity;
import eu.eudat.data.UserRoleEntity; import eu.eudat.data.UserRoleEntity;
import eu.eudat.errorcode.ErrorThesaurusProperties; import eu.eudat.errorcode.ErrorThesaurusProperties;
@ -23,6 +24,7 @@ import eu.eudat.model.deleter.UserRoleDeleter;
import eu.eudat.model.persist.UserAdditionalInfoPersist; import eu.eudat.model.persist.UserAdditionalInfoPersist;
import eu.eudat.model.persist.UserPersist; import eu.eudat.model.persist.UserPersist;
import eu.eudat.model.persist.UserRolePatchPersist; import eu.eudat.model.persist.UserRolePatchPersist;
import eu.eudat.query.UserCredentialQuery;
import eu.eudat.query.UserQuery; import eu.eudat.query.UserQuery;
import eu.eudat.query.UserRoleQuery; import eu.eudat.query.UserRoleQuery;
import eu.eudat.service.keycloak.KeycloakRole; import eu.eudat.service.keycloak.KeycloakRole;
@ -206,6 +208,9 @@ public class UserServiceImpl implements UserService {
if (data == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), User.class.getSimpleName()}, LocaleContextHolder.getLocale())); if (data == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), User.class.getSimpleName()}, LocaleContextHolder.getLocale()));
if (!this.conventionService.hashValue(data.getUpdatedAt()).equals(model.getHash())) throw new MyValidationException(this.errors.getHashConflict().getCode(), this.errors.getHashConflict().getMessage()); if (!this.conventionService.hashValue(data.getUpdatedAt()).equals(model.getHash())) throw new MyValidationException(this.errors.getHashConflict().getCode(), this.errors.getHashConflict().getMessage());
List<UserCredentialEntity> userCredentials = this.queryFactory.query(UserCredentialQuery.class).userIds(data.getId()).collect();
boolean credentialsExist = !userCredentials.isEmpty();
List<UserRoleEntity> existingItems = this.queryFactory.query(UserRoleQuery.class).userIds(data.getId()).collect(); List<UserRoleEntity> existingItems = this.queryFactory.query(UserRoleQuery.class).userIds(data.getId()).collect();
List<UUID> foundIds = new ArrayList<>(); List<UUID> foundIds = new ArrayList<>();
for (String roleName : model.getRoles().stream().filter(x-> x != null && !x.isBlank()).distinct().toList()) { for (String roleName : model.getRoles().stream().filter(x-> x != null && !x.isBlank()).distinct().toList()) {
@ -217,7 +222,9 @@ public class UserServiceImpl implements UserService {
item.setRole(roleName); item.setRole(roleName);
item.setCreatedAt(Instant.now()); item.setCreatedAt(Instant.now());
this.entityManager.persist(item); this.entityManager.persist(item);
this.keycloakService.addUserToGroup(data.getId(), KeycloakRole.valueOf(roleName)); if (credentialsExist) {
this.keycloakService.addUserToGroup(UUID.fromString(userCredentials.getFirst().getExternalId()), KeycloakRole.valueOf(roleName));
}
} }
foundIds.add(item.getId()); foundIds.add(item.getId());
} }
@ -225,7 +232,9 @@ public class UserServiceImpl implements UserService {
this.entityManager.flush(); this.entityManager.flush();
List<UserRoleEntity> toDelete = existingItems.stream().filter(x-> foundIds.stream().noneMatch(y-> y.equals(x.getId()))).collect(Collectors.toList()); List<UserRoleEntity> toDelete = existingItems.stream().filter(x-> foundIds.stream().noneMatch(y-> y.equals(x.getId()))).collect(Collectors.toList());
toDelete.forEach(x -> this.keycloakService.removeUserFromGroup(data.getId(), KeycloakRole.valueOf(x.getRole()))); if (credentialsExist) {
toDelete.forEach(x -> this.keycloakService.removeUserFromGroup(UUID.fromString(userCredentials.getFirst().getExternalId()), KeycloakRole.valueOf(x.getRole())));
}
this.deleterFactory.deleter(UserRoleDeleter.class).deleteAndSave(toDelete); this.deleterFactory.deleter(UserRoleDeleter.class).deleteAndSave(toDelete);
this.entityManager.flush(); this.entityManager.flush();

View File

@ -8,6 +8,3 @@ keycloak-client:
keycloak-resources: keycloak-resources:
authorities: null authorities: null
tenantGroupsNamingStrategy: null
guestsGroup: null
administratorsGroup: null