Compare commits
3 Commits
Author | SHA1 | Date |
---|---|---|
Mauro Mugnaini | 6faeccff39 | |
Mauro Mugnaini | 830974671a | |
Mauro Mugnaini | 6f20e3a1f7 |
|
@ -1,7 +1,9 @@
|
|||
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
# Changelog for "oidc-keycloak-library"
|
||||
|
||||
## [v1.0.1-SNAPSHOT]
|
||||
- Prepared for user to roles alignment #22084
|
||||
|
||||
## [v1.0.0]
|
||||
- First release (#19143, #19891)
|
||||
|
||||
|
||||
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
15
pom.xml
15
pom.xml
|
@ -3,34 +3,42 @@
|
|||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<parent>
|
||||
<artifactId>maven-parent</artifactId>
|
||||
<groupId>org.gcube.tools</groupId>
|
||||
<version>1.1.0</version>
|
||||
<relativePath />
|
||||
</parent>
|
||||
|
||||
<groupId>org.gcube.common</groupId>
|
||||
|
||||
<artifactId>oidc-keycloak-library</artifactId>
|
||||
<version>1.0.0</version>
|
||||
|
||||
<version>1.0.1-SNAPSHOT</version>
|
||||
|
||||
<properties>
|
||||
<keycloak-version>10.0.2</keycloak-version>
|
||||
</properties>
|
||||
|
||||
<dependencyManagement>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.gcube.distribution</groupId>
|
||||
<artifactId>maven-portal-bom</artifactId>
|
||||
<version>3.6.0</version>
|
||||
<version>3.6.3-SNAPSHOT</version>
|
||||
<type>pom</type>
|
||||
<scope>import</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
|
||||
<scm>
|
||||
<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection>
|
||||
<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
|
||||
<url>https://code-repo.d4science.org/gCubeSystem/${project.artifactId}</url>
|
||||
</scm>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
|
@ -43,7 +51,6 @@
|
|||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>oidc-library</artifactId>
|
||||
<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
@ -75,6 +82,7 @@
|
|||
<artifactId>json-simple</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
|
@ -109,4 +117,5 @@
|
|||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
||||
|
|
|
@ -9,6 +9,7 @@ import java.util.Collections;
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.TreeMap;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
|
@ -54,7 +55,8 @@ public class KeycloakHelper {
|
|||
|
||||
protected static Logger logger = LoggerFactory.getLogger(KeycloakHelper.class);
|
||||
|
||||
private static KeycloakHelper instance;
|
||||
private static Map<String, KeycloakHelper> instances = Collections
|
||||
.synchronizedMap(new TreeMap<String, KeycloakHelper>());
|
||||
|
||||
private String serverUrl;
|
||||
private ResteasyClient resteasyClient;
|
||||
|
@ -67,10 +69,10 @@ public class KeycloakHelper {
|
|||
public static synchronized KeycloakHelper getInstance(String serverUrl)
|
||||
throws KeyManagementException, NoSuchAlgorithmException {
|
||||
|
||||
if (instance == null) {
|
||||
instance = new KeycloakHelper(serverUrl);
|
||||
if (!instances.containsKey(serverUrl)) {
|
||||
instances.put(serverUrl, new KeycloakHelper(serverUrl));
|
||||
}
|
||||
return instance;
|
||||
return instances.get(serverUrl);
|
||||
}
|
||||
|
||||
public Keycloak newKeycloakAdmin(String username, String password) throws UnsupportedEncodingException {
|
||||
|
@ -128,7 +130,8 @@ public class KeycloakHelper {
|
|||
// Encoding clientId to be sure blocking chars are not used
|
||||
String encodedClientId = URLEncoder.encode(clientId, "UTF-8");
|
||||
if (realm.clients().findByClientId(encodedClientId).size() > 0) {
|
||||
throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId, null);
|
||||
throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId,
|
||||
null);
|
||||
}
|
||||
ClientRepresentation newClientRepresentation = new ClientRepresentation();
|
||||
newClientRepresentation.setClientId(encodedClientId);
|
||||
|
@ -144,6 +147,7 @@ public class KeycloakHelper {
|
|||
newClientRepresentation.setPublicClient(false);
|
||||
newClientRepresentation.setProtocol("openid-connect");
|
||||
newClientRepresentation.setAuthorizationSettings(new ResourceServerRepresentation());
|
||||
newClientRepresentation.setFullScopeAllowed(Boolean.FALSE);
|
||||
try (Response response = realm.clients().create(newClientRepresentation)) {
|
||||
if (!response.getStatusInfo().equals(Response.Status.CREATED)) {
|
||||
throw new KeycloakResourceCreationException("While creating new client: " + clientId, response);
|
||||
|
@ -158,7 +162,8 @@ public class KeycloakHelper {
|
|||
// Encoding clientId to be sure blocking chars are not used
|
||||
String encodedClientId = URLEncoder.encode(clientId, "UTF-8");
|
||||
if (realm.clients().findByClientId(encodedClientId).size() > 0) {
|
||||
throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId, null);
|
||||
throw new KeycloakResourceCreationException("Client with same clientId already exists: " + encodedClientId,
|
||||
null);
|
||||
}
|
||||
ClientRepresentation newClientRepresentation = new ClientRepresentation();
|
||||
newClientRepresentation.setClientId(encodedClientId);
|
||||
|
|
|
@ -15,6 +15,7 @@ import java.util.Collections;
|
|||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
|
@ -32,6 +33,7 @@ import org.keycloak.admin.client.resource.RealmResource;
|
|||
import org.keycloak.admin.client.resource.ResourceResource;
|
||||
import org.keycloak.admin.client.resource.RoleResource;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
||||
import org.keycloak.representations.idm.authorization.Logic;
|
||||
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
|
||||
|
@ -41,8 +43,9 @@ import org.xml.sax.SAXException;
|
|||
public class ClientsCreatorFromExport {
|
||||
|
||||
private static final boolean DELETE_CLIENTS = false;
|
||||
private static final boolean CREATE_CLIENTS = true;
|
||||
private static final boolean CREATE_CLIENTS = false;
|
||||
private static final boolean MAP_ROLES = true;
|
||||
private static final boolean DL_AVATARS = false;
|
||||
private static final boolean SHOW_STATS = true;
|
||||
|
||||
private KeycloakHelper kh;
|
||||
|
@ -181,6 +184,18 @@ public class ClientsCreatorFromExport {
|
|||
System.out.println("\tcontext: " + userContext);
|
||||
ClientResource clientResource = kh.findClient(realmResource, clientId);
|
||||
if (clientResource != null) {
|
||||
List<RoleRepresentation> oldRoles = userResource.roles().clientLevel(clientResource.toRepresentation().getId()).listAll();
|
||||
RoleRepresentation memberRole = null;
|
||||
for (RoleRepresentation roleRepresentation : oldRoles) {
|
||||
if (roleRepresentation.getName().equals(Role.MEMBER.asString())) {
|
||||
memberRole = roleRepresentation;
|
||||
}
|
||||
}
|
||||
oldRoles.remove(memberRole);
|
||||
if (oldRoles.size() > 0) {
|
||||
System.out.println("\t\tremoving old roles [" + oldRoles + "]");
|
||||
userResource.roles().clientLevel(clientResource.toRepresentation().getId()).remove(oldRoles);
|
||||
}
|
||||
// This is no more needed, it is assigned automatically since is member
|
||||
// of the corresponding LDAP group
|
||||
// System.out.println("\t\tmapping default role: " + Role.MEMBER.asString());
|
||||
|
@ -308,7 +323,7 @@ public class ClientsCreatorFromExport {
|
|||
lap = new Date();
|
||||
System.out.println("[lap seconds: " + new Long(lap.getTime() - start.getTime()).floatValue() / 1000 + "]");
|
||||
}
|
||||
if (avatarBaseURL != null) {
|
||||
if (DL_AVATARS && avatarBaseURL != null) {
|
||||
System.out.println("\n\n * * * Exporting user's avatar * * *");
|
||||
creator.saveAvatarsLocally(avatarBaseURL, avatarExportFolder);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue