diff --git a/CHANGELOG.md b/CHANGELOG.md
index daa40cf..02461f2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
# Changelog for "oidc-keycloak-library"
## [v1.0.1-SNAPSHOT]
+- Prepared for user to roles alignment #22084
## [v1.0.0]
- First release (#19143, #19891)
diff --git a/pom.xml b/pom.xml
index bcef7b0..f6b4dfe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,34 +3,42 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
4.0.0
+
maven-parent
org.gcube.tools
1.1.0
+
org.gcube.common
+
oidc-keycloak-library
+
1.0.1-SNAPSHOT
+
10.0.2
+
org.gcube.distribution
maven-portal-bom
- 3.6.0
+ 3.6.3-SNAPSHOT
pom
import
+
scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git
scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git
https://code-repo.d4science.org/gCubeSystem/${project.artifactId}
+
org.slf4j
@@ -43,7 +51,6 @@
org.gcube.common
oidc-library
- [1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)
compile
@@ -75,6 +82,7 @@
json-simple
+
@@ -109,4 +117,5 @@
+
diff --git a/src/main/java/org/gcube/oidc/keycloak/KeycloakHelper.java b/src/main/java/org/gcube/oidc/keycloak/KeycloakHelper.java
index 077a713..9e7cc5e 100644
--- a/src/main/java/org/gcube/oidc/keycloak/KeycloakHelper.java
+++ b/src/main/java/org/gcube/oidc/keycloak/KeycloakHelper.java
@@ -9,6 +9,7 @@ import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.TreeMap;
import javax.ws.rs.core.Response;
@@ -54,7 +55,8 @@ public class KeycloakHelper {
protected static Logger logger = LoggerFactory.getLogger(KeycloakHelper.class);
- private static KeycloakHelper instance;
+ private static Map instances = Collections
+ .synchronizedMap(new TreeMap());
private String serverUrl;
private ResteasyClient resteasyClient;
@@ -67,10 +69,10 @@ public class KeycloakHelper {
public static synchronized KeycloakHelper getInstance(String serverUrl)
throws KeyManagementException, NoSuchAlgorithmException {
- if (instance == null) {
- instance = new KeycloakHelper(serverUrl);
+ if (!instances.containsKey(serverUrl)) {
+ instances.put(serverUrl, new KeycloakHelper(serverUrl));
}
- return instance;
+ return instances.get(serverUrl);
}
public Keycloak newKeycloakAdmin(String username, String password) throws UnsupportedEncodingException {
@@ -128,7 +130,8 @@ public class KeycloakHelper {
// Encoding clientId to be sure blocking chars are not used
String encodedClientId = URLEncoder.encode(clientId, "UTF-8");
if (realm.clients().findByClientId(encodedClientId).size() > 0) {
- throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId, null);
+ throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId,
+ null);
}
ClientRepresentation newClientRepresentation = new ClientRepresentation();
newClientRepresentation.setClientId(encodedClientId);
@@ -159,7 +162,8 @@ public class KeycloakHelper {
// Encoding clientId to be sure blocking chars are not used
String encodedClientId = URLEncoder.encode(clientId, "UTF-8");
if (realm.clients().findByClientId(encodedClientId).size() > 0) {
- throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId, null);
+ throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId,
+ null);
}
ClientRepresentation newClientRepresentation = new ClientRepresentation();
newClientRepresentation.setClientId(encodedClientId);
diff --git a/src/main/java/org/gcube/oidc/keycloak/d4science/ClientsCreatorFromExport.java b/src/main/java/org/gcube/oidc/keycloak/d4science/ClientsCreatorFromExport.java
index 5c82d0b..dc84844 100644
--- a/src/main/java/org/gcube/oidc/keycloak/d4science/ClientsCreatorFromExport.java
+++ b/src/main/java/org/gcube/oidc/keycloak/d4science/ClientsCreatorFromExport.java
@@ -15,6 +15,7 @@ import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -32,6 +33,7 @@ import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.ResourceResource;
import org.keycloak.admin.client.resource.RoleResource;
import org.keycloak.admin.client.resource.UserResource;
+import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
@@ -41,8 +43,9 @@ import org.xml.sax.SAXException;
public class ClientsCreatorFromExport {
private static final boolean DELETE_CLIENTS = false;
- private static final boolean CREATE_CLIENTS = true;
+ private static final boolean CREATE_CLIENTS = false;
private static final boolean MAP_ROLES = true;
+ private static final boolean DL_AVATARS = false;
private static final boolean SHOW_STATS = true;
private KeycloakHelper kh;
@@ -181,6 +184,18 @@ public class ClientsCreatorFromExport {
System.out.println("\tcontext: " + userContext);
ClientResource clientResource = kh.findClient(realmResource, clientId);
if (clientResource != null) {
+ List oldRoles = userResource.roles().clientLevel(clientResource.toRepresentation().getId()).listAll();
+ RoleRepresentation memberRole = null;
+ for (RoleRepresentation roleRepresentation : oldRoles) {
+ if (roleRepresentation.getName().equals(Role.MEMBER.asString())) {
+ memberRole = roleRepresentation;
+ }
+ }
+ oldRoles.remove(memberRole);
+ if (oldRoles.size() > 0) {
+ System.out.println("\t\tremoving old roles [" + oldRoles + "]");
+ userResource.roles().clientLevel(clientResource.toRepresentation().getId()).remove(oldRoles);
+ }
// This is no more needed, it is assigned automatically since is member
// of the corresponding LDAP group
// System.out.println("\t\tmapping default role: " + Role.MEMBER.asString());
@@ -308,7 +323,7 @@ public class ClientsCreatorFromExport {
lap = new Date();
System.out.println("[lap seconds: " + new Long(lap.getTime() - start.getTime()).floatValue() / 1000 + "]");
}
- if (avatarBaseURL != null) {
+ if (DL_AVATARS && avatarBaseURL != null) {
System.out.println("\n\n * * * Exporting user's avatar * * *");
creator.saveAvatarsLocally(avatarBaseURL, avatarExportFolder);
}