Extracting subject id from user credentials for role mapping on Keycloak Api

2023-12-12 16:17:08 +02:00 · 2023-12-12 16:17:08 +02:00 · b46c4e19e2
parent a94473be49
commit b46c4e19e2
2 changed files with 12 additions and 6 deletions
--- a/dmp-backend/core/src/main/java/eu/eudat/service/user/UserServiceImpl.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/service/user/UserServiceImpl.java
@ -10,6 +10,7 @@ import eu.eudat.commons.enums.IsActive;
 import eu.eudat.commons.scope.user.UserScope;
 import eu.eudat.commons.types.user.AdditionalInfoEntity;
 import eu.eudat.convention.ConventionService;
 import eu.eudat.data.UserCredentialEntity;
 import eu.eudat.data.UserEntity;
 import eu.eudat.data.UserRoleEntity;
 import eu.eudat.errorcode.ErrorThesaurusProperties;
@ -23,6 +24,7 @@ import eu.eudat.model.deleter.UserRoleDeleter;
 import eu.eudat.model.persist.UserAdditionalInfoPersist;
 import eu.eudat.model.persist.UserPersist;
 import eu.eudat.model.persist.UserRolePatchPersist;
 import eu.eudat.query.UserCredentialQuery;
 import eu.eudat.query.UserQuery;
 import eu.eudat.query.UserRoleQuery;
 import eu.eudat.service.keycloak.KeycloakRole;
@ -206,6 +208,9 @@ public class UserServiceImpl implements UserService {
        if (data == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), User.class.getSimpleName()}, LocaleContextHolder.getLocale()));
        if (!this.conventionService.hashValue(data.getUpdatedAt()).equals(model.getHash())) throw new MyValidationException(this.errors.getHashConflict().getCode(), this.errors.getHashConflict().getMessage());
        List<UserCredentialEntity> userCredentials = this.queryFactory.query(UserCredentialQuery.class).userIds(data.getId()).collect();
        boolean credentialsExist = !userCredentials.isEmpty();
        List<UserRoleEntity> existingItems = this.queryFactory.query(UserRoleQuery.class).userIds(data.getId()).collect();
        List<UUID> foundIds = new ArrayList<>();
        for (String roleName : model.getRoles().stream().filter(x-> x != null && !x.isBlank()).distinct().toList()) {
@ -217,7 +222,9 @@ public class UserServiceImpl implements UserService {
                item.setRole(roleName);
                item.setCreatedAt(Instant.now());
                this.entityManager.persist(item);
-                this.keycloakService.addUserToGroup(data.getId(), KeycloakRole.valueOf(roleName));
+                if (credentialsExist) {
                    this.keycloakService.addUserToGroup(UUID.fromString(userCredentials.getFirst().getExternalId()), KeycloakRole.valueOf(roleName));
                }
            }
            foundIds.add(item.getId());
        }
@ -225,7 +232,9 @@ public class UserServiceImpl implements UserService {
        this.entityManager.flush();
        List<UserRoleEntity> toDelete = existingItems.stream().filter(x-> foundIds.stream().noneMatch(y-> y.equals(x.getId()))).collect(Collectors.toList());
-        toDelete.forEach(x -> this.keycloakService.removeUserFromGroup(data.getId(), KeycloakRole.valueOf(x.getRole())));
+        if (credentialsExist) {
            toDelete.forEach(x -> this.keycloakService.removeUserFromGroup(UUID.fromString(userCredentials.getFirst().getExternalId()), KeycloakRole.valueOf(x.getRole())));
        }
        this.deleterFactory.deleter(UserRoleDeleter.class).deleteAndSave(toDelete);
        this.entityManager.flush();
--- a/dmp-backend/web/src/main/resources/config/keycloak.yml
+++ b/dmp-backend/web/src/main/resources/config/keycloak.yml
@ -7,7 +7,4 @@ keycloak-client:
  clientSecret: ${KEYCLOAK_API_CLIENT_SECRET:}
 keycloak-resources:
-  authorities: null
+  authorities: null
  tenantGroupsNamingStrategy: null
  guestsGroup: null
  administratorsGroup: null