libre.sh/keycloak-scim
1
0
Fork 0
Code Issues 13 Pull requests Releases Packages Activity Actions

(feat) roles support

Browse source
This commit is contained in:
Hugo Renard 2022-03-22 18:32:30 +01:00
parent 1b0281014e
commit f2a59aefa6
Signed by: hougo
GPG key ID: 3A285FD470209C59
2 changed files with 38 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
src/main/java/sh/libre/scim/core/UserAdapter.java
View file

@ -3,10 +3,13 @@ package sh.libre.scim.core;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.stream.Stream;
import com.unboundid.scim2.common.types.Email;
import com.unboundid.scim2.common.types.Meta;
import com.unboundid.scim2.common.types.Role;
import com.unboundid.scim2.common.types.UserResource;
import org.jboss.logging.Logger;
@ -21,6 +24,7 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
private String displayName;
private String email;
private Boolean active;
private String[] roles;
public UserAdapter(KeycloakSession session, String componentId) {
super(session, componentId, "User", Logger.getLogger(UserAdapter.class));
@ -66,6 +70,14 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
}
}
public String[] getRoles() {
return roles;
}
public void setRoles(String[] roles) {
this.roles = roles;
}
@Override
public Class<UserResource> getResourceClass() {
return UserResource.class;
@ -84,6 +96,15 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
}
setEmail(user.getEmail());
setActive(user.isEnabled());
var rolesSet = new HashSet<String>();
user.getGroupsStream().flatMap(g -> g.getRoleMappingsStream())
.filter((r) -> r.getFirstAttribute("scim").equals("true")).map((r) -> r.getName())
.forEach(r -> rolesSet.add(r));
user.getRoleMappingsStream().filter((r) -> r.getFirstAttribute("scim").equals("true"))
.map((r) -> r.getName()).forEach(r -> rolesSet.add(r));
var roles = new String[rolesSet.size()];
rolesSet.toArray(roles);
setRoles(roles);
}
@Override
@ -120,6 +141,13 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
}
user.setMeta(meta);
}
List<Role> roles = new ArrayList<Role>();
for (var r : this.roles) {
var role = new Role();
role.setValue(r);
roles.add(role);
}
user.setRoles(roles);
return user;
}

18
src/main/java/sh/libre/scim/event/ScimEventListenerProvider.java
View file

@ -1,7 +1,6 @@
package sh.libre.scim.event;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.regex.*;
import org.jboss.logging.Logger;
import org.keycloak.events.Event;
@ -13,7 +12,6 @@ import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.GroupRepresentation;
import sh.libre.scim.core.GroupAdapter;
import sh.libre.scim.core.ScimDispatcher;
@ -81,12 +79,16 @@ public class ScimEventListenerProvider implements EventListenerProvider {
}
}
if (event.getResourceType() == ResourceType.GROUP_MEMBERSHIP) {
ObjectMapper obj = new ObjectMapper();
try {
var groupRepresentation = obj.readValue(event.getRepresentation(), GroupRepresentation.class);
var group = getGroup(groupRepresentation.getId());
Pattern pattern = Pattern.compile("users/(.+)/groups/(.+)");
Matcher matcher = pattern.matcher(event.getResourcePath());
if (matcher.find()) {
var userId = matcher.group(1);
var groupId = matcher.group(2);
LOGGER.infof("%s %s from %s", event.getOperationType(), userId, groupId);
var group = getGroup(groupId);
dispatcher.run((client) -> client.replace(GroupAdapter.class, group));
} catch (JsonProcessingException e) {
var user = getUser(userId);
dispatcher.run((client) -> client.replace(UserAdapter.class, user));
}
}
}