Adding keycloak service and dependency
This commit is contained in:
parent
10923d4d48
commit
baaddb6284
|
|
@ -0,0 +1,8 @@
|
||||||
|
package eu.eudat.configurations.keycloak;
|
||||||
|
|
||||||
|
public class KeycloakAuthorities {
|
||||||
|
|
||||||
|
public static final String ADMIN = "admin";
|
||||||
|
public static final String USER = "user";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,56 @@
|
||||||
|
package eu.eudat.configurations.keycloak;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
@EnableConfigurationProperties(KeycloakResourcesProperties.class)
|
||||||
|
public class KeycloakResourcesConfiguration {
|
||||||
|
|
||||||
|
private final KeycloakResourcesProperties properties;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
public KeycloakResourcesConfiguration(KeycloakResourcesProperties properties) {
|
||||||
|
this.properties = properties;
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeycloakResourcesProperties getProperties() {
|
||||||
|
return properties;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getGroupName(String tenantCode, String tenantId) {
|
||||||
|
return properties.getTenantGroupsNamingStrategy()
|
||||||
|
.replace("{tenantCode}", tenantCode)
|
||||||
|
.replace("{tenantId}", tenantId);
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getAuthorityName(String tenantCode, String key) {
|
||||||
|
return properties.getAuthorities().get(key).getNamingStrategy()
|
||||||
|
.replace("{tenantCode}", tenantCode);
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean hasAuthority(String authority, String tenantCode, String key) {
|
||||||
|
return getAuthorityName(tenantCode, key).equals(authority);
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<String> extractAuthoritiesForTenant(List<String> authorities, String tenantCode) {
|
||||||
|
List<String> extractedAuthorities = new ArrayList<>();
|
||||||
|
List<String> markedForRemoval = new ArrayList<>();
|
||||||
|
authorities.forEach(auth -> {
|
||||||
|
properties.getAuthorities().keySet().forEach(key -> {
|
||||||
|
if (hasAuthority(auth, tenantCode, key)) {
|
||||||
|
extractedAuthorities.add(properties.getAuthorities().get(key).getTitle());
|
||||||
|
markedForRemoval.add(auth);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
});
|
||||||
|
authorities.removeAll(markedForRemoval);
|
||||||
|
authorities.addAll(extractedAuthorities);
|
||||||
|
return extractedAuthorities;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,65 @@
|
||||||
|
package eu.eudat.configurations.keycloak;
|
||||||
|
|
||||||
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||||
|
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||||
|
import org.springframework.boot.context.properties.bind.ConstructorBinding;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
|
|
||||||
|
@ConfigurationProperties(prefix = "keycloak-resources")
|
||||||
|
@ConditionalOnProperty(prefix = "keycloak-resources", name = "enabled", havingValue = "true")
|
||||||
|
public class KeycloakResourcesProperties {
|
||||||
|
|
||||||
|
private final String tenantGroupsNamingStrategy, guestsGroup, administratorsGroup;
|
||||||
|
|
||||||
|
private final HashMap<String, TenantAuthorityGroupProperties> authorities;
|
||||||
|
|
||||||
|
@ConstructorBinding
|
||||||
|
public KeycloakResourcesProperties(String tenantGroupsNamingStrategy, String guestsGroup, String administratorsGroup, HashMap<String, TenantAuthorityGroupProperties> authorities) {
|
||||||
|
this.tenantGroupsNamingStrategy = tenantGroupsNamingStrategy;
|
||||||
|
this.guestsGroup = guestsGroup;
|
||||||
|
this.administratorsGroup = administratorsGroup;
|
||||||
|
this.authorities = authorities;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getTenantGroupsNamingStrategy() {
|
||||||
|
return tenantGroupsNamingStrategy;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getGuestsGroup() {
|
||||||
|
return guestsGroup;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getAdministratorsGroup() {
|
||||||
|
return administratorsGroup;
|
||||||
|
}
|
||||||
|
|
||||||
|
public HashMap<String, TenantAuthorityGroupProperties> getAuthorities() {
|
||||||
|
return authorities;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static class TenantAuthorityGroupProperties {
|
||||||
|
|
||||||
|
private final String parent, namingStrategy, title;
|
||||||
|
|
||||||
|
@ConstructorBinding
|
||||||
|
public TenantAuthorityGroupProperties(String parent, String namingStrategy, String title) {
|
||||||
|
this.parent = parent;
|
||||||
|
this.namingStrategy = namingStrategy;
|
||||||
|
this.title = title;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getParent() {
|
||||||
|
return parent;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getNamingStrategy() {
|
||||||
|
return namingStrategy;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getTitle() {
|
||||||
|
return title;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,20 @@
|
||||||
|
package eu.eudat.service.keycloak;
|
||||||
|
|
||||||
|
import eu.eudat.data.TenantEntity;
|
||||||
|
import org.jetbrains.annotations.NotNull;
|
||||||
|
import org.keycloak.representations.idm.GroupRepresentation;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.UUID;
|
||||||
|
|
||||||
|
public interface KeycloakService {
|
||||||
|
|
||||||
|
HashMap<String, GroupRepresentation> createTenantGroups(TenantEntity tenant);
|
||||||
|
void addUserToGroup(UUID subjectId, String groupId);
|
||||||
|
void removeUserFromGroup(@NotNull UUID subjectId, String groupId);
|
||||||
|
void addUserToAdministratorsGroup(UUID subjectId);
|
||||||
|
void removeUserFromAdministratorsGroup(@NotNull UUID subjectId);
|
||||||
|
void addUserToTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key);
|
||||||
|
void removeUserFromTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,92 @@
|
||||||
|
package eu.eudat.service.keycloak;
|
||||||
|
|
||||||
|
import com.google.common.collect.Lists;
|
||||||
|
import eu.eudat.configurations.keycloak.KeycloakResourcesConfiguration;
|
||||||
|
import eu.eudat.data.TenantEntity;
|
||||||
|
import gr.cite.commons.web.keycloak.api.KeycloakAdminRestApi;
|
||||||
|
import gr.cite.tools.logging.LoggerService;
|
||||||
|
import org.jetbrains.annotations.NotNull;
|
||||||
|
import org.keycloak.representations.idm.GroupRepresentation;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.UUID;
|
||||||
|
|
||||||
|
@Service
|
||||||
|
public class KeycloakServiceImpl implements KeycloakService {
|
||||||
|
|
||||||
|
private static final LoggerService logger = new LoggerService(LoggerFactory.getLogger(KeycloakServiceImpl.class));
|
||||||
|
private final KeycloakAdminRestApi api;
|
||||||
|
private final KeycloakResourcesConfiguration configuration;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
public KeycloakServiceImpl(KeycloakAdminRestApi api, KeycloakResourcesConfiguration configuration) {
|
||||||
|
this.api = api;
|
||||||
|
this.configuration = configuration;
|
||||||
|
logger.info("Keycloak service initialized. Tenant authorities configured -> {}", configuration.getProperties().getAuthorities().size());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public HashMap<String, GroupRepresentation> createTenantGroups(TenantEntity tenant) {
|
||||||
|
HashMap<String, GroupRepresentation> groups = new HashMap<>();
|
||||||
|
|
||||||
|
configuration.getProperties().getAuthorities().keySet().forEach(key -> {
|
||||||
|
GroupRepresentation group = new GroupRepresentation();
|
||||||
|
group.setName(configuration.getGroupName(tenant.getCode(), tenant.getId().toString()));
|
||||||
|
HashMap<String, List<String>> user_attributes = new HashMap<>();
|
||||||
|
user_attributes.put("auth", Lists.newArrayList(configuration.getAuthorityName(tenant.getCode(), key)));
|
||||||
|
group.setAttributes(user_attributes);
|
||||||
|
groups.put(key, api.groups().addGroupWithParent(group, configuration.getProperties().getAuthorities().get(key).getParent()));
|
||||||
|
});
|
||||||
|
|
||||||
|
return groups;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void addUserToGroup(@NotNull UUID subjectId, String groupId) {
|
||||||
|
api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getGuestsGroup());
|
||||||
|
api.users().addUserToGroup(subjectId.toString(), groupId);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void removeUserFromGroup(@NotNull UUID subjectId, String groupId) {
|
||||||
|
api.users().removeUserFromGroup(subjectId.toString(), groupId);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void addUserToAdministratorsGroup(@NotNull UUID subjectId) {
|
||||||
|
api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getGuestsGroup());
|
||||||
|
api.users().addUserToGroup(subjectId.toString(), configuration.getProperties().getAdministratorsGroup());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void removeUserFromAdministratorsGroup(@NotNull UUID subjectId) {
|
||||||
|
api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getAdministratorsGroup());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void addUserToTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key) {
|
||||||
|
api.users().removeUserFromGroup(subjectId.toString(), configuration.getProperties().getGuestsGroup());
|
||||||
|
GroupRepresentation group = api.groups().findGroupByPath(getTenantAuthorityParentPath(key) + "/" + configuration.getGroupName(tenant.getCode(), tenant.getId().toString()));
|
||||||
|
addUserToGroup(subjectId, group.getId());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void removeUserFromTenantAuthorityGroup(UUID subjectId, TenantEntity tenant, String key) {
|
||||||
|
GroupRepresentation group = api.groups().findGroupByPath(getTenantAuthorityParentPath(key) + "/" + configuration.getGroupName(tenant.getCode(), tenant.getId().toString()));
|
||||||
|
removeUserFromGroup(subjectId, group.getId());
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<GroupRepresentation> getUserGroups(UUID subjectId) {
|
||||||
|
return api.users().getGroups(subjectId.toString());
|
||||||
|
}
|
||||||
|
|
||||||
|
private String getTenantAuthorityParentPath(String key) {
|
||||||
|
GroupRepresentation parent = api.groups().findGroupById(configuration.getProperties().getAuthorities().get(key).getParent());
|
||||||
|
return parent.getPath();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -7,6 +7,7 @@ spring:
|
||||||
optional:classpath:config/permissions.yml[.yml], optional:classpath:config/permissions-${spring.profiles.active}.yml[.yml], optional:file:../config/permissions-${spring.profiles.active}.yml[.yml],
|
optional:classpath:config/permissions.yml[.yml], optional:classpath:config/permissions-${spring.profiles.active}.yml[.yml], optional:file:../config/permissions-${spring.profiles.active}.yml[.yml],
|
||||||
optional:classpath:config/security.yml[.yml], optional:classpath:config/security-${spring.profiles.active}.yml[.yml], optional:file:../config/security-${spring.profiles.active}.yml[.yml],
|
optional:classpath:config/security.yml[.yml], optional:classpath:config/security-${spring.profiles.active}.yml[.yml], optional:file:../config/security-${spring.profiles.active}.yml[.yml],
|
||||||
optional:classpath:config/server.yml[.yml], optional:classpath:config/server-${spring.profiles.active}.yml[.yml], optional:file:../config/server-${spring.profiles.active}.yml[.yml],
|
optional:classpath:config/server.yml[.yml], optional:classpath:config/server-${spring.profiles.active}.yml[.yml], optional:file:../config/server-${spring.profiles.active}.yml[.yml],
|
||||||
|
optional:classpath:config/keycloak.yml[.yml], optional:classpath:config/keycloak-${spring.profiles.active}.yml[.yml], optional:file:../config/keycloak-${spring.profiles.active}.yml[.yml],
|
||||||
optional:classpath:config/logging.yml[.yml], optional:classpath:config/logging-${spring.profiles.active}.yml[.yml], optional:file:../config/logging-${spring.profiles.active}.yml[.yml],
|
optional:classpath:config/logging.yml[.yml], optional:classpath:config/logging-${spring.profiles.active}.yml[.yml], optional:file:../config/logging-${spring.profiles.active}.yml[.yml],
|
||||||
optional:classpath:config/cache.yml[.yml], optional:classpath:config/cache-${spring.profiles.active}.yml[.yml], optional:file:../config/cache-${spring.profiles.active}.yml[.yml],
|
optional:classpath:config/cache.yml[.yml], optional:classpath:config/cache-${spring.profiles.active}.yml[.yml], optional:file:../config/cache-${spring.profiles.active}.yml[.yml],
|
||||||
optional:classpath:config/actuator.yml[.yml], optional:classpath:config/actuator-${spring.profiles.active}.yml[.yml], optional:file:../config/actuator-${spring.profiles.active}.yml[.yml],
|
optional:classpath:config/actuator.yml[.yml], optional:classpath:config/actuator-${spring.profiles.active}.yml[.yml], optional:file:../config/actuator-${spring.profiles.active}.yml[.yml],
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
keycloak-resources:
|
||||||
|
authorities:
|
||||||
|
user:
|
||||||
|
parent: beba276b-5e9e-42b6-8012-8d2653312818
|
||||||
|
namingStrategy: 'tenantuser:{tenantCode}'
|
||||||
|
title: tenantuser
|
||||||
|
admin:
|
||||||
|
parent: 4432316d-75e3-410d-9934-590b95e76e44
|
||||||
|
namingStrategy: 'tenantadmin:{tenantCode}'
|
||||||
|
title: tenantadmin
|
||||||
|
tenantGroupsNamingStrategy: 'tenant-{tenantCode}'
|
||||||
|
guestsGroup: efa9cea5-0c7f-4c83-afb1-cc4ec9b2f1ee
|
||||||
|
administratorsGroup: 14d8f80a-6f88-4ad4-a42d-3e5023bac7b3
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
keycloak-client:
|
||||||
|
serverUrl: ${KEYCLOAK_API_SERVER_URL}
|
||||||
|
realm: ${KEYCLOAK_API_REALM}
|
||||||
|
username: ${KEYCLOAK_API_USERNAME}
|
||||||
|
password: ${KEYCLOAK_API_PASSWORD}
|
||||||
|
clientId: ${KEYCLOAK_API_CLIENT_ID}
|
||||||
|
clientSecret: ${KEYCLOAK_API_CLIENT_SECRET}
|
||||||
|
|
||||||
|
keycloak-resources:
|
||||||
|
authorities: null
|
||||||
|
tenantGroupsNamingStrategy: null
|
||||||
|
guestsGroup: null
|
||||||
|
administratorsGroup: null
|
||||||
Loading…
Reference in New Issue