From 753828ff25af3924f918c55ef33affe2ec9721be Mon Sep 17 00:00:00 2001 From: Alfredo Oliviero Date: Fri, 16 Feb 2024 12:20:40 +0100 Subject: [PATCH] minimized code to resolve resteasy conflict --- .../IdentityManagerResourceInitializer.java | 3 +- .../java/org/gcube/idm/rest/TestRest.java | 10 +- .../java/org/gcube/idm/rest/UsersRest.java | 31 +----- .../org/gcube/keycloak/KeycloakApiClient.java | 96 +++++++++++++++++-- .../keycloak/KeycloakUserController.java | 78 +++++++++++++++ 5 files changed, 176 insertions(+), 42 deletions(-) create mode 100644 src/main/java/org/gcube/keycloak/KeycloakUserController.java diff --git a/src/main/java/org/gcube/idm/IdentityManagerResourceInitializer.java b/src/main/java/org/gcube/idm/IdentityManagerResourceInitializer.java index 8c977fd..df04bf3 100644 --- a/src/main/java/org/gcube/idm/IdentityManagerResourceInitializer.java +++ b/src/main/java/org/gcube/idm/IdentityManagerResourceInitializer.java @@ -3,7 +3,6 @@ package org.gcube.idm; import javax.ws.rs.ApplicationPath; import org.gcube.idm.rest.TestRest; -import org.gcube.idm.rest.UsersRest; import org.gcube.smartgears.annotations.ManagedBy; import org.glassfish.jersey.server.ResourceConfig; @@ -15,7 +14,7 @@ import org.glassfish.jersey.server.ResourceConfig; // SMARTGEARS // legge i parametri del service da application.yaml -// @ApplicationPath("/") +@ApplicationPath("/") @ManagedBy(IdentityManagerdInitializator.class) public class IdentityManagerResourceInitializer extends ResourceConfig { diff --git a/src/main/java/org/gcube/idm/rest/TestRest.java b/src/main/java/org/gcube/idm/rest/TestRest.java index 52cd995..64455bd 100644 --- a/src/main/java/org/gcube/idm/rest/TestRest.java +++ b/src/main/java/org/gcube/idm/rest/TestRest.java @@ -10,11 +10,11 @@ import com.webcohesion.enunciate.metadata.rs.ResourceGroup; import com.webcohesion.enunciate.metadata.rs.ResourceLabel; @Path("/test") -@ResourceGroup("Comments APIs") -@ResourceLabel("Comments APIs") -// @RequestHeaders ({ -// @RequestHeader( name = "Authorization", description = "Bearer token, see https://dev.d4science.org/how-to-access-resources") -// }) +@ResourceGroup("test") +@ResourceLabel("test") +@RequestHeaders({ + @RequestHeader( name = "Authorization", description = "Bearer token, see https://dev.d4science.org/how-to-access-resources") +}) public class TestRest { @GET diff --git a/src/main/java/org/gcube/idm/rest/UsersRest.java b/src/main/java/org/gcube/idm/rest/UsersRest.java index 5833e4e..ab6f93f 100644 --- a/src/main/java/org/gcube/idm/rest/UsersRest.java +++ b/src/main/java/org/gcube/idm/rest/UsersRest.java @@ -1,36 +1,8 @@ package org.gcube.idm.rest; -import java.util.ArrayList; -import java.util.List; - -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.Response.Status; - import org.gcube.common.authorization.library.policies.Users; -import org.gcube.common.security.Owner; -import org.gcube.common.security.providers.SecretManagerProvider; -import org.gcube.keycloak.KeycloakAPIFactory; -import org.gcube.keycloak.KeycloakApiClient; -import org.gcube.rest.ResponseBean; -import org.gcube.smartgears.ContextProvider; -import org.gcube.smartgears.context.application.ApplicationContext; -import org.gcube.smartgears.security.SimpleCredentials; -import org.gcube.smartgears.security.defaults.DefaultAuthorizationProvider; -import org.gcube.smartgears.utils.InnerMethodName; -import org.jboss.resteasy.spi.NotImplementedYetException; -import org.keycloak.representations.idm.ClientRepresentation; -import org.keycloak.representations.idm.UserRepresentation; import org.slf4j.LoggerFactory; -import com.webcohesion.enunciate.metadata.rs.RequestHeader; -import com.webcohesion.enunciate.metadata.rs.RequestHeaders; -import com.webcohesion.enunciate.metadata.rs.ResourceGroup; -import com.webcohesion.enunciate.metadata.rs.ResourceLabel; - // @Path("2/users") // @ResourceGroup("Users APIs") // @ResourceLabel("Greetings APIs") @@ -40,6 +12,7 @@ import com.webcohesion.enunciate.metadata.rs.ResourceLabel; public class UsersRest { private static final org.slf4j.Logger logger = LoggerFactory.getLogger(Users.class); + /* // @GET // @Path("/get-usernames-by-role") // @Produces({ "application/json;charset=UTF-8", "application/vnd.api+json" }) @@ -70,7 +43,7 @@ public class UsersRest { return Response.status(status).entity(responseBean).build(); } -/* + private static List searchByRole(KeycloackApiClient keycloackApiClient, String roleName) { logger.info("Searching by role: {}", roleName); diff --git a/src/main/java/org/gcube/keycloak/KeycloakApiClient.java b/src/main/java/org/gcube/keycloak/KeycloakApiClient.java index cdfee89..012e223 100644 --- a/src/main/java/org/gcube/keycloak/KeycloakApiClient.java +++ b/src/main/java/org/gcube/keycloak/KeycloakApiClient.java @@ -1,24 +1,108 @@ package org.gcube.keycloak; +import java.util.List; + +import org.gcube.common.authorization.library.policies.Users; +import org.keycloak.OAuth2Constants; import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.KeycloakBuilder; +import org.keycloak.admin.client.resource.ClientResource; +import org.keycloak.admin.client.resource.ClientsResource; +import org.keycloak.admin.client.resource.RealmResource; +import org.keycloak.representations.idm.ClientRepresentation; +import org.slf4j.LoggerFactory; public class KeycloakApiClient { + private static final org.slf4j.Logger logger = LoggerFactory.getLogger(Users.class); + public Keycloak kclient; public String realmName; - public String clientIdContext; + public String encodeContext; public String context; - public static String getClientIdContext(String context){ - return context.replace("/", "%2F"); - } + private String clientId; + + public static String getClientIdContext(String context) { + return context.replace("/", "%2F"); + } + + public RealmResource getRealmKClient() { + return this.kclient.realm(this.realmName); + } + + public static ClientRepresentation getClientReprByName(Keycloak keycloak, String realmName, String clientName) { + ClientsResource clients = keycloak.realm(realmName).clients(); + return getClientReprByName(clients, clientName); + } + + public static ClientRepresentation getClientReprByName(ClientsResource realmClient, String clientName) { + String clientIdContext = getClientIdContext(clientName); + + + // List clients_repr = realmClient.clients().findByClientId(clientIdContext); + + // ClientRepresentation client = null; + // String id = ""; + + // // prende l'utlima della lista + // for (ClientRepresentation client_repr : clients_repr) { + // logger.info("found client =" + client_repr.getClientId()); + // logger.info("found client id=" + client_repr.getId()); + // id = client_repr.getId(); + // return client_repr; + // } + + // Object clientApi = clients_repr.get(id); + + return null; + } + public KeycloakApiClient(Keycloak kclient, String realmName, String context) { - this.clientIdContext = getClientIdContext(context); + this.encodeContext = getClientIdContext(context); this.context = context; this.kclient = kclient; this.realmName = realmName; + + //ClientsResource clients = kclient.realm(realmName).clients().get* //clients.get(context); - + } + + public static KeycloakApiClient getTestClient() { + String testServerUrl = "https://accounts.dev.d4science.org/"; // + "/auth" ??? + String testRealmName = "d4science"; + String testClientId = "id.d4science.org"; + String testClientSecret = "09c26f24-3c65-4039-9fa0-e5cc4f4032cd"; + String testContext = "/gcube/devsec/devVRE"; + + Keycloak keycloak = KeycloakBuilder.builder() + .serverUrl(testServerUrl) + .realm(testRealmName) + .grantType(OAuth2Constants.CLIENT_CREDENTIALS) + .clientId(testClientId) // + .clientSecret(testClientSecret).build(); + + + RealmResource realmclient = keycloak.realm(testRealmName); + ClientsResource clients = realmclient.clients(); + + + + + List ccc = keycloak.realm(testRealmName).clients().findByClientId( getClientIdContext(testContext)); + + + String id = ""; + for (ClientRepresentation client : ccc) { + logger.info("found client ="+client.getClientId()); + logger.info("found client id="+client.getId()); + id =client.getId(); + } + + ClientResource c = keycloak.realm(testRealmName).clients().get(id); + + + return new KeycloakApiClient(keycloak, testRealmName, testContext); } } diff --git a/src/main/java/org/gcube/keycloak/KeycloakUserController.java b/src/main/java/org/gcube/keycloak/KeycloakUserController.java new file mode 100644 index 0000000..bb710e8 --- /dev/null +++ b/src/main/java/org/gcube/keycloak/KeycloakUserController.java @@ -0,0 +1,78 @@ +package org.gcube.keycloak; + +import java.util.List; + +import org.keycloak.admin.client.resource.ClientResource; +import org.keycloak.admin.client.resource.RealmResource; +import org.keycloak.representations.idm.ClientRepresentation; +import org.keycloak.representations.idm.UserRepresentation; + + +/** + * + +/2/users/get-profile // profilo utente corrente + +/2/users/get-all-usernames +/2/users/get-all-fullnames-and-usernames +/2/users/get-usernames-by-role +/2/users/user-exists // https://howtodoinjava.com/devops/search-keycloak-users/ + +// attenzione al risultato. vedere in seguito +/2/users/get-oauth-profile + +// eventualemente in seguito. da approfondire +/2/users/get-custom-attribute +/2/users/get-usernames-by-global-role + +/2/people/profile + * + */ +public class KeycloakUserController { + + // + // get-usernames-by-role + public List getUsersByRole(ClientResource clientApi, String roleName) { + return getUsersByRole(clientApi, roleName, 0, null); + } + + public List getUsersByRole(ClientResource clientApi, String roleName, Integer firstResult, Integer maxResults) { + List users = clientApi.roles().get(roleName).getUserMembers(firstResult, maxResults); + return users; + } + + // users/get-all-usernames + // users/get-all-fullnames-and-usernames + // users/user-exists + public UserRepresentation getUserByUsername(RealmResource realmApi, String username) throws Exception { + List users = realmApi.users().search(username); + if (users.size() == 0){ + return null; + } + if (users.size() > 1){ + throw new Exception("multiple users found for username " + username); + } + return users.get(0); + } + + // questi saranno implementati dalle API + + + // from realm + // public boolean checkUserExistsRealm(RealmResource realmApi, String username) { + // List users = realmApi.users().search(username); + // return users.size() > 0; + // } + + + // public String getEmailByUsername(RealmResource realmApi, String username) throws Exception { + // UserRepresentation user = getUserByUsername(realmApi, username); + // return user.getEmail(); + // } + + + // public String getFullnamelByUsername(RealmResource realmApi, String username) throws Exception { + // UserRepresentation user = getUserByUsername(realmApi, username); + // return user.getFirstName() + user.getLastName(); + // } +}