Prepared for user to roles alignment #22084

CHANGELOG.md

@@ -3,6 +3,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 # Changelog for "oidc-keycloak-library"
 
 ## [v1.0.1-SNAPSHOT]
+- Prepared for user to roles alignment #22084
 
 ## [v1.0.0]
 - First release (#19143, #19891)

pom.xml

@@ -3,34 +3,42 @@
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
 
 	<modelVersion>4.0.0</modelVersion>
+
 	<parent>
 		<artifactId>maven-parent</artifactId>
 		<groupId>org.gcube.tools</groupId>
 		<version>1.1.0</version>
 		<relativePath />
 	</parent>
+
 	<groupId>org.gcube.common</groupId>
+
 	<artifactId>oidc-keycloak-library</artifactId>
+
 	<version>1.0.1-SNAPSHOT</version>
+
 	<properties>
 		<keycloak-version>10.0.2</keycloak-version>
 	</properties>
+
 	<dependencyManagement>
 		<dependencies>
 			<dependency>
 				<groupId>org.gcube.distribution</groupId>
 				<artifactId>maven-portal-bom</artifactId>
-				<version>3.6.0</version>
+				<version>3.6.3-SNAPSHOT</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
 		</dependencies>
 	</dependencyManagement>
+
 	<scm>
 		<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection>
 		<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
 		<url>https://code-repo.d4science.org/gCubeSystem/${project.artifactId}</url>
 	</scm>
+
 	<dependencies>
 		<dependency>
 			<groupId>org.slf4j</groupId>
@@ -43,7 +51,6 @@
 		<dependency>
 			<groupId>org.gcube.common</groupId>
 			<artifactId>oidc-library</artifactId>
-			<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
 			<scope>compile</scope>
 		</dependency>
 		<dependency>
@@ -75,6 +82,7 @@
 			<artifactId>json-simple</artifactId>
 		</dependency>
 	</dependencies>
+
 	<build>
 		<plugins>
 			<plugin>
@@ -109,4 +117,5 @@
 			</plugin>
 		</plugins>
 	</build>
+
 </project>

src/main/java/org/gcube/oidc/keycloak/KeycloakHelper.java

@@ -9,6 +9,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.TreeMap;
 
 import javax.ws.rs.core.Response;
 
@@ -54,7 +55,8 @@ public class KeycloakHelper {
 
     protected static Logger logger = LoggerFactory.getLogger(KeycloakHelper.class);
 
-    private static KeycloakHelper instance;
+    private static Map<String, KeycloakHelper> instances = Collections
+            .synchronizedMap(new TreeMap<String, KeycloakHelper>());
 
     private String serverUrl;
     private ResteasyClient resteasyClient;
@@ -67,10 +69,10 @@ public class KeycloakHelper {
     public static synchronized KeycloakHelper getInstance(String serverUrl)
             throws KeyManagementException, NoSuchAlgorithmException {
 
-        if (instance == null) {
+        if (!instances.containsKey(serverUrl)) {
-            instance = new KeycloakHelper(serverUrl);
+            instances.put(serverUrl, new KeycloakHelper(serverUrl));
         }
-        return instance;
+        return instances.get(serverUrl);
     }
 
     public Keycloak newKeycloakAdmin(String username, String password) throws UnsupportedEncodingException {
@@ -128,7 +130,8 @@ public class KeycloakHelper {
         // Encoding clientId to be sure blocking chars are not used
         String encodedClientId = URLEncoder.encode(clientId, "UTF-8");
         if (realm.clients().findByClientId(encodedClientId).size() > 0) {
-            throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId, null);
+            throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId,
+                    null);
         }
         ClientRepresentation newClientRepresentation = new ClientRepresentation();
         newClientRepresentation.setClientId(encodedClientId);
@@ -159,7 +162,8 @@ public class KeycloakHelper {
         // Encoding clientId to be sure blocking chars are not used
         String encodedClientId = URLEncoder.encode(clientId, "UTF-8");
         if (realm.clients().findByClientId(encodedClientId).size() > 0) {
-            throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId, null);
+            throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId,
+                    null);
         }
         ClientRepresentation newClientRepresentation = new ClientRepresentation();
         newClientRepresentation.setClientId(encodedClientId);

src/main/java/org/gcube/oidc/keycloak/d4science/ClientsCreatorFromExport.java

@@ -15,6 +15,7 @@ import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
@@ -32,6 +33,7 @@ import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.admin.client.resource.ResourceResource;
 import org.keycloak.admin.client.resource.RoleResource;
 import org.keycloak.admin.client.resource.UserResource;
+import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.Logic;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
@@ -41,8 +43,9 @@ import org.xml.sax.SAXException;
 public class ClientsCreatorFromExport {
 
     private static final boolean DELETE_CLIENTS = false;
-    private static final boolean CREATE_CLIENTS = true;
+    private static final boolean CREATE_CLIENTS = false;
     private static final boolean MAP_ROLES = true;
+    private static final boolean DL_AVATARS = false;
     private static final boolean SHOW_STATS = true;
 
     private KeycloakHelper kh;
@@ -181,6 +184,18 @@ public class ClientsCreatorFromExport {
                     System.out.println("\tcontext: " + userContext);
                     ClientResource clientResource = kh.findClient(realmResource, clientId);
                     if (clientResource != null) {
+                        List<RoleRepresentation> oldRoles = userResource.roles().clientLevel(clientResource.toRepresentation().getId()).listAll();
+                        RoleRepresentation memberRole = null;
+                        for (RoleRepresentation roleRepresentation : oldRoles) {
+                            if (roleRepresentation.getName().equals(Role.MEMBER.asString())) {
+                                memberRole = roleRepresentation;
+                            }
+                        }
+                        oldRoles.remove(memberRole);
+                        if (oldRoles.size() > 0) {
+                            System.out.println("\t\tremoving old roles [" + oldRoles + "]");
+                            userResource.roles().clientLevel(clientResource.toRepresentation().getId()).remove(oldRoles);
+                        }
                         // This is no more needed, it is assigned automatically since is member
                         // of the corresponding LDAP group
                         // System.out.println("\t\tmapping default role: " + Role.MEMBER.asString());
@@ -308,7 +323,7 @@ public class ClientsCreatorFromExport {
             lap = new Date();
             System.out.println("[lap seconds: " + new Long(lap.getTime() - start.getTime()).floatValue() / 1000 + "]");
         }
-        if (avatarBaseURL != null) {
+        if (DL_AVATARS && avatarBaseURL != null) {
             System.out.println("\n\n * * * Exporting user's avatar * * *");
             creator.saveAvatarsLocally(avatarBaseURL, avatarExportFolder);
         }