Prepared for user to roles alignment #22084

3 years ago · 6faeccff39
parent 830974671a
commit 6faeccff39
4 changed files with 39 additions and 10 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 # Changelog for "oidc-keycloak-library"

 ## [v1.0.1-SNAPSHOT]
+- Prepared for user to roles alignment #22084

 ## [v1.0.0]
 - First release (#19143, #19891)
--- a/pom.xml
+++ b/pom.xml
@ -3,34 +3,42 @@
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">

 	<modelVersion>4.0.0</modelVersion>
+
 	<parent>
 		<artifactId>maven-parent</artifactId>
 		<groupId>org.gcube.tools</groupId>
 		<version>1.1.0</version>
 		<relativePath />
 	</parent>
+
 	<groupId>org.gcube.common</groupId>
+
 	<artifactId>oidc-keycloak-library</artifactId>
+
 	<version>1.0.1-SNAPSHOT</version>
+
 	<properties>
 		<keycloak-version>10.0.2</keycloak-version>
 	</properties>
+
 	<dependencyManagement>
 		<dependencies>
 			<dependency>
 				<groupId>org.gcube.distribution</groupId>
 				<artifactId>maven-portal-bom</artifactId>
-				<version>3.6.0</version>
+				<version>3.6.3-SNAPSHOT</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
 		</dependencies>
 	</dependencyManagement>
+
 	<scm>
 		<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection>
 		<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
 		<url>https://code-repo.d4science.org/gCubeSystem/${project.artifactId}</url>
 	</scm>
+
 	<dependencies>
 		<dependency>
 			<groupId>org.slf4j</groupId>
@ -43,7 +51,6 @@
 		<dependency>
 			<groupId>org.gcube.common</groupId>
 			<artifactId>oidc-library</artifactId>
-			<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
 			<scope>compile</scope>
 		</dependency>
 		<dependency>
@ -75,6 +82,7 @@
 			<artifactId>json-simple</artifactId>
 		</dependency>
 	</dependencies>
+
 	<build>
 		<plugins>
 			<plugin>
@ -109,4 +117,5 @@
 			</plugin>
 		</plugins>
 	</build>
+
 </project>
--- a/src/main/java/org/gcube/oidc/keycloak/KeycloakHelper.java
+++ b/src/main/java/org/gcube/oidc/keycloak/KeycloakHelper.java
@ -9,6 +9,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.TreeMap;

 import javax.ws.rs.core.Response;

@ -54,7 +55,8 @@ public class KeycloakHelper {

    protected static Logger logger = LoggerFactory.getLogger(KeycloakHelper.class);

-    private static KeycloakHelper instance;
+    private static Map<String, KeycloakHelper> instances = Collections
+            .synchronizedMap(new TreeMap<String, KeycloakHelper>());

    private String serverUrl;
    private ResteasyClient resteasyClient;
@ -67,10 +69,10 @@ public class KeycloakHelper {
    public static synchronized KeycloakHelper getInstance(String serverUrl)
            throws KeyManagementException, NoSuchAlgorithmException {

-        if (instance == null) {
-            instance = new KeycloakHelper(serverUrl);
+        if (!instances.containsKey(serverUrl)) {
+            instances.put(serverUrl, new KeycloakHelper(serverUrl));
        }
-        return instance;
+        return instances.get(serverUrl);
    }

    public Keycloak newKeycloakAdmin(String username, String password) throws UnsupportedEncodingException {
@ -128,7 +130,8 @@ public class KeycloakHelper {
        // Encoding clientId to be sure blocking chars are not used
        String encodedClientId = URLEncoder.encode(clientId, "UTF-8");
        if (realm.clients().findByClientId(encodedClientId).size() > 0) {
-            throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId, null);
+            throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId,
+                    null);
        }
        ClientRepresentation newClientRepresentation = new ClientRepresentation();
        newClientRepresentation.setClientId(encodedClientId);
@ -159,7 +162,8 @@ public class KeycloakHelper {
        // Encoding clientId to be sure blocking chars are not used
        String encodedClientId = URLEncoder.encode(clientId, "UTF-8");
        if (realm.clients().findByClientId(encodedClientId).size() > 0) {
-            throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId, null);
+            throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId,
+                    null);
        }
        ClientRepresentation newClientRepresentation = new ClientRepresentation();
        newClientRepresentation.setClientId(encodedClientId);
--- a/src/main/java/org/gcube/oidc/keycloak/d4science/ClientsCreatorFromExport.java
+++ b/src/main/java/org/gcube/oidc/keycloak/d4science/ClientsCreatorFromExport.java
@ -15,6 +15,7 @@ import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;

@ -32,6 +33,7 @@ import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.admin.client.resource.ResourceResource;
 import org.keycloak.admin.client.resource.RoleResource;
 import org.keycloak.admin.client.resource.UserResource;
+import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.Logic;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
@ -41,8 +43,9 @@ import org.xml.sax.SAXException;
 public class ClientsCreatorFromExport {

    private static final boolean DELETE_CLIENTS = false;
-    private static final boolean CREATE_CLIENTS = true;
+    private static final boolean CREATE_CLIENTS = false;
    private static final boolean MAP_ROLES = true;
+    private static final boolean DL_AVATARS = false;
    private static final boolean SHOW_STATS = true;

    private KeycloakHelper kh;
@ -181,6 +184,18 @@ public class ClientsCreatorFromExport {
                    System.out.println("\tcontext: " + userContext);
                    ClientResource clientResource = kh.findClient(realmResource, clientId);
                    if (clientResource != null) {
+                        List<RoleRepresentation> oldRoles = userResource.roles().clientLevel(clientResource.toRepresentation().getId()).listAll();
+                        RoleRepresentation memberRole = null;
+                        for (RoleRepresentation roleRepresentation : oldRoles) {
+                            if (roleRepresentation.getName().equals(Role.MEMBER.asString())) {
+                                memberRole = roleRepresentation;
+                            }
+                        }
+                        oldRoles.remove(memberRole);
+                        if (oldRoles.size() > 0) {
+                            System.out.println("\t\tremoving old roles [" + oldRoles + "]");
+                            userResource.roles().clientLevel(clientResource.toRepresentation().getId()).remove(oldRoles);
+                        }
                        // This is no more needed, it is assigned automatically since is member
                        // of the corresponding LDAP group
                        // System.out.println("\t\tmapping default role: " + Role.MEMBER.asString());
@ -308,7 +323,7 @@ public class ClientsCreatorFromExport {
            lap = new Date();
            System.out.println("[lap seconds: " + new Long(lap.getTime() - start.getTime()).floatValue() / 1000 + "]");
        }
-        if (avatarBaseURL != null) {
+        if (DL_AVATARS && avatarBaseURL != null) {
            System.out.println("\n\n * * * Exporting user's avatar * * *");
            creator.saveAvatarsLocally(avatarBaseURL, avatarExportFolder);
        }