MaDgiK-CITE
/
argos
13
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

Extracting subject id from user credentials for role mapping on Keycloak Api

This commit is contained in:
Thomas Georgios Giannos 2023-12-12 16:17:08 +02:00
parent a94473be49
commit b46c4e19e2
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
dmp-backend/core/src/main/java/eu/eudat/service/user/UserServiceImpl.java
View File

@ -10,6 +10,7 @@ import eu.eudat.commons.enums.IsActive;
import eu.eudat.commons.scope.user.UserScope;
import eu.eudat.commons.types.user.AdditionalInfoEntity;
import eu.eudat.convention.ConventionService;
import eu.eudat.data.UserCredentialEntity;
import eu.eudat.data.UserEntity;
import eu.eudat.data.UserRoleEntity;
import eu.eudat.errorcode.ErrorThesaurusProperties;
@ -23,6 +24,7 @@ import eu.eudat.model.deleter.UserRoleDeleter;
import eu.eudat.model.persist.UserAdditionalInfoPersist;
import eu.eudat.model.persist.UserPersist;
import eu.eudat.model.persist.UserRolePatchPersist;
import eu.eudat.query.UserCredentialQuery;
import eu.eudat.query.UserQuery;
import eu.eudat.query.UserRoleQuery;
import eu.eudat.service.keycloak.KeycloakRole;
@ -206,6 +208,9 @@ public class UserServiceImpl implements UserService {
if (data == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), User.class.getSimpleName()}, LocaleContextHolder.getLocale()));
if (!this.conventionService.hashValue(data.getUpdatedAt()).equals(model.getHash())) throw new MyValidationException(this.errors.getHashConflict().getCode(), this.errors.getHashConflict().getMessage());
List<UserCredentialEntity> userCredentials = this.queryFactory.query(UserCredentialQuery.class).userIds(data.getId()).collect();
boolean credentialsExist = !userCredentials.isEmpty();
List<UserRoleEntity> existingItems = this.queryFactory.query(UserRoleQuery.class).userIds(data.getId()).collect();
List<UUID> foundIds = new ArrayList<>();
for (String roleName : model.getRoles().stream().filter(x-> x != null && !x.isBlank()).distinct().toList()) {
@ -217,7 +222,9 @@ public class UserServiceImpl implements UserService {
item.setRole(roleName);
item.setCreatedAt(Instant.now());
this.entityManager.persist(item);
this.keycloakService.addUserToGroup(data.getId(), KeycloakRole.valueOf(roleName));
if (credentialsExist) {
this.keycloakService.addUserToGroup(UUID.fromString(userCredentials.getFirst().getExternalId()), KeycloakRole.valueOf(roleName));
}
}
foundIds.add(item.getId());
}
@ -225,7 +232,9 @@ public class UserServiceImpl implements UserService {
this.entityManager.flush();
List<UserRoleEntity> toDelete = existingItems.stream().filter(x-> foundIds.stream().noneMatch(y-> y.equals(x.getId()))).collect(Collectors.toList());
toDelete.forEach(x -> this.keycloakService.removeUserFromGroup(data.getId(), KeycloakRole.valueOf(x.getRole())));
if (credentialsExist) {
toDelete.forEach(x -> this.keycloakService.removeUserFromGroup(UUID.fromString(userCredentials.getFirst().getExternalId()), KeycloakRole.valueOf(x.getRole())));
}
this.deleterFactory.deleter(UserRoleDeleter.class).deleteAndSave(toDelete);
this.entityManager.flush();

3
dmp-backend/web/src/main/resources/config/keycloak.yml
View File

@ -8,6 +8,3 @@ keycloak-client:
keycloak-resources:
authorities: null
tenantGroupsNamingStrategy: null
guestsGroup: null
administratorsGroup: null