Added helper functions to map groups to client's role and finalyzed JSON export importer also callable via Maven
This commit is contained in:
parent
8d9ab00be6
commit
52c391744b
|
@ -17,6 +17,12 @@ To build the library JAR it is sufficient to type
|
||||||
|
|
||||||
mvn clean package
|
mvn clean package
|
||||||
|
|
||||||
|
### Launch the json import to REALM
|
||||||
|
|
||||||
|
In order to perform the import of an infrastructure JSON export file it's sufficient to type:
|
||||||
|
|
||||||
|
mvn exec:java -Dexec.args="[keycloak-auth-base-url] [keycloak-admin-user] [keycloak-admin-pass] [realm-name] [json-export-path] [[avatar-base-url] [[avatars-target-folder]]]"
|
||||||
|
|
||||||
## Change log
|
## Change log
|
||||||
|
|
||||||
See [Releases](https://code-repo.d4science.org/gCubeSystem/authorization-client/releases).
|
See [Releases](https://code-repo.d4science.org/gCubeSystem/authorization-client/releases).
|
||||||
|
|
|
@ -19,6 +19,7 @@ import org.keycloak.TokenVerifier;
|
||||||
import org.keycloak.admin.client.Keycloak;
|
import org.keycloak.admin.client.Keycloak;
|
||||||
import org.keycloak.admin.client.KeycloakBuilder;
|
import org.keycloak.admin.client.KeycloakBuilder;
|
||||||
import org.keycloak.admin.client.resource.ClientResource;
|
import org.keycloak.admin.client.resource.ClientResource;
|
||||||
|
import org.keycloak.admin.client.resource.GroupResource;
|
||||||
import org.keycloak.admin.client.resource.PolicyResource;
|
import org.keycloak.admin.client.resource.PolicyResource;
|
||||||
import org.keycloak.admin.client.resource.RealmResource;
|
import org.keycloak.admin.client.resource.RealmResource;
|
||||||
import org.keycloak.admin.client.resource.ResourceResource;
|
import org.keycloak.admin.client.resource.ResourceResource;
|
||||||
|
@ -31,6 +32,7 @@ import org.keycloak.jose.jwk.JWK;
|
||||||
import org.keycloak.jose.jwk.JWKParser;
|
import org.keycloak.jose.jwk.JWKParser;
|
||||||
import org.keycloak.representations.JsonWebToken;
|
import org.keycloak.representations.JsonWebToken;
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
|
import org.keycloak.representations.idm.GroupRepresentation;
|
||||||
import org.keycloak.representations.idm.RoleRepresentation;
|
import org.keycloak.representations.idm.RoleRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
||||||
|
@ -83,7 +85,8 @@ public class KeycloakHelper {
|
||||||
.password(password).clientId(encodedClientId).resteasyClient(resteasyClient).build();
|
.password(password).clientId(encodedClientId).resteasyClient(resteasyClient).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
public Keycloak newKeycloak(String realm, String clientId, String clientSecret) throws UnsupportedEncodingException {
|
public Keycloak newKeycloak(String realm, String clientId, String clientSecret)
|
||||||
|
throws UnsupportedEncodingException {
|
||||||
String encodedClientId = URLEncoder.encode(clientId, "UTF-8");
|
String encodedClientId = URLEncoder.encode(clientId, "UTF-8");
|
||||||
return KeycloakBuilder.builder().serverUrl(serverUrl).realm(realm).grantType(OAuth2Constants.CLIENT_CREDENTIALS)
|
return KeycloakBuilder.builder().serverUrl(serverUrl).realm(realm).grantType(OAuth2Constants.CLIENT_CREDENTIALS)
|
||||||
.clientId(encodedClientId).clientSecret(clientSecret)
|
.clientId(encodedClientId).clientSecret(clientSecret)
|
||||||
|
@ -98,26 +101,6 @@ public class KeycloakHelper {
|
||||||
return JWKParser.create(JWKSUtils.getKeyForUse(jsonWebKeySet, JWK.Use.SIG)).toPublicKey();
|
return JWKParser.create(JWKSUtils.getKeyForUse(jsonWebKeySet, JWK.Use.SIG)).toPublicKey();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Realm is too complex to configure it in depth with this helper. Please do it with the Web UI
|
|
||||||
// public RealmResource addRealm(Keycloak keycloak, String realm, String displayName, String displayNameHtml,
|
|
||||||
// boolean enabled) throws KeycloakResourceCreationException {
|
|
||||||
// if (keycloak.realm(realm) != null) {
|
|
||||||
// throw new KeycloakResourceCreationException("Realm already present on server: " + realm, null);
|
|
||||||
// }
|
|
||||||
// RealmRepresentation newRealmRepresentation = new RealmRepresentation();
|
|
||||||
// newRealmRepresentation.setRealm(realm);
|
|
||||||
// newRealmRepresentation.setId(realm);
|
|
||||||
// newRealmRepresentation.setDisplayName(displayName);
|
|
||||||
// newRealmRepresentation.setDisplayNameHtml(displayNameHtml);
|
|
||||||
// newRealmRepresentation.setEnabled(enabled);
|
|
||||||
// try {
|
|
||||||
// keycloak.realms().create(newRealmRepresentation);
|
|
||||||
// return keycloak.realms().realm(realm);
|
|
||||||
// } catch (ClientErrorException e) {
|
|
||||||
// throw new KeycloakResourceCreationException("While creating new realm: " + realm, null);
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
|
|
||||||
public UserResource findUser(RealmResource realmResource, String username) {
|
public UserResource findUser(RealmResource realmResource, String username) {
|
||||||
List<UserRepresentation> results = realmResource.users().search(username);
|
List<UserRepresentation> results = realmResource.users().search(username);
|
||||||
return results.size() > 0 ? realmResource.users().get(results.get(0).getId()) : null;
|
return results.size() > 0 ? realmResource.users().get(results.get(0).getId()) : null;
|
||||||
|
@ -169,7 +152,6 @@ public class KeycloakHelper {
|
||||||
return realm.clients().get(realm.clients().findByClientId(encodedClientId).get(0).getId());
|
return realm.clients().get(realm.clients().findByClientId(encodedClientId).get(0).getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public ClientResource addPublicClient(RealmResource realm, String clientId, String name, String description,
|
public ClientResource addPublicClient(RealmResource realm, String clientId, String name, String description,
|
||||||
String rootUrl, String loginTheme) throws KeycloakResourceCreationException, UnsupportedEncodingException {
|
String rootUrl, String loginTheme) throws KeycloakResourceCreationException, UnsupportedEncodingException {
|
||||||
|
|
||||||
|
@ -223,6 +205,24 @@ public class KeycloakHelper {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public GroupResource findGroupByPath(RealmResource realm, String groupPath) throws UnsupportedEncodingException {
|
||||||
|
GroupRepresentation group = realm.getGroupByPath(groupPath);
|
||||||
|
if (group != null) {
|
||||||
|
return realm.groups().group(group.getId());
|
||||||
|
} else {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void mapGroupToCLientRole(GroupResource group, ClientResource client, String roleName) {
|
||||||
|
mapGroupToCLientRole(group, client, client.roles().get(roleName));
|
||||||
|
}
|
||||||
|
|
||||||
|
public void mapGroupToCLientRole(GroupResource group, ClientResource client, RoleResource role) {
|
||||||
|
group.roles().clientLevel(client.toRepresentation().getId())
|
||||||
|
.add(Collections.singletonList(role.toRepresentation()));
|
||||||
|
}
|
||||||
|
|
||||||
public RoleResource addRole(ClientResource clientResource, boolean clientRole, String id, String name,
|
public RoleResource addRole(ClientResource clientResource, boolean clientRole, String id, String name,
|
||||||
String description, String containerId) {
|
String description, String containerId) {
|
||||||
|
|
||||||
|
|
|
@ -95,6 +95,9 @@ public class ClientsCreatorFromExport {
|
||||||
} else {
|
} else {
|
||||||
configureClientResource(client, roleMap, client.authorization().resources().resources().get(0));
|
configureClientResource(client, roleMap, client.authorization().resources().resources().get(0));
|
||||||
}
|
}
|
||||||
|
// Mapping group (from LDAP mapping) to relatives client's Member role
|
||||||
|
System.out.println("\tMapping '" + realmResource + "' LDAP group to client's 'Member' role");
|
||||||
|
kh.mapGroupToCLientRole(kh.findGroupByPath(realmResource, contextClient), client, roleMap.get(Role.MEMBER));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -280,8 +283,8 @@ public class ClientsCreatorFromExport {
|
||||||
|
|
||||||
Date start = new Date();
|
Date start = new Date();
|
||||||
System.out.println("Start at " + start);
|
System.out.println("Start at " + start);
|
||||||
System.out.println("Deleting clients...");
|
// System.out.println("Deleting clients...");
|
||||||
creator.deleteClients();
|
// creator.deleteClients();
|
||||||
System.out.println("\n\n * * * Creating clients * * *");
|
System.out.println("\n\n * * * Creating clients * * *");
|
||||||
creator.createClients();
|
creator.createClients();
|
||||||
System.out.println("\n\n * * * Mapping users to client's roles * * *");
|
System.out.println("\n\n * * * Mapping users to client's roles * * *");
|
||||||
|
|
|
@ -11,10 +11,9 @@ import java.util.HashSet;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import org.gcube.oidc.keycloak.KeycloakHelper;
|
|
||||||
import org.gcube.oidc.keycloak.KeycloakResourceCreationException;
|
|
||||||
import org.keycloak.admin.client.Keycloak;
|
import org.keycloak.admin.client.Keycloak;
|
||||||
import org.keycloak.admin.client.resource.ClientResource;
|
import org.keycloak.admin.client.resource.ClientResource;
|
||||||
|
import org.keycloak.admin.client.resource.GroupResource;
|
||||||
import org.keycloak.admin.client.resource.PolicyResource;
|
import org.keycloak.admin.client.resource.PolicyResource;
|
||||||
import org.keycloak.admin.client.resource.RealmResource;
|
import org.keycloak.admin.client.resource.RealmResource;
|
||||||
import org.keycloak.admin.client.resource.ResourceResource;
|
import org.keycloak.admin.client.resource.ResourceResource;
|
||||||
|
@ -93,12 +92,11 @@ public class UglyKeycloakHelperTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void main(String[] args) throws Exception {
|
public static void main(String[] args) throws Exception {
|
||||||
KeycloakHelper kh = KeycloakHelper.getInstance("https://nubis2.int.d4science.net/auth");
|
KeycloakHelper kh = KeycloakHelper.getInstance("https://accounts.dev.d4science.org/auth");
|
||||||
Keycloak keycloak = kh.newKeycloakAdmin("admin", "4dm1n");
|
Keycloak keycloak = kh.newKeycloakAdmin("kadmin", "bb67fba2f32d3bd");
|
||||||
RealmResource realmResource = keycloak.realm(realm);
|
RealmResource realmResource = keycloak.realm(realm);
|
||||||
for (int clientNum = 0; clientNum < 10; clientNum++) {
|
GroupResource groupResource = kh.findGroupByPath(realmResource, "gcube/devNext/NextNext");
|
||||||
String clientName = clientPrefix + clientNum;
|
ClientResource clientResource = kh.findClient(realmResource, "/gcube");
|
||||||
kh.removeClient(realmResource, clientName);
|
kh.mapGroupToCLientRole(groupResource, clientResource, "Member");
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue