(feat) roles support
This commit is contained in:
parent
1b0281014e
commit
f2a59aefa6
GPG key ID:
3A285FD470209C59
2 changed files with 38 additions and 8 deletions
|
|
@ -3,10 +3,13 @@ package sh.libre.scim.core;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.net.URISyntaxException;
|
import java.net.URISyntaxException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.List;
|
||||||
import java.util.stream.Stream;
|
import java.util.stream.Stream;
|
||||||
|
|
||||||
import com.unboundid.scim2.common.types.Email;
|
import com.unboundid.scim2.common.types.Email;
|
||||||
import com.unboundid.scim2.common.types.Meta;
|
import com.unboundid.scim2.common.types.Meta;
|
||||||
|
import com.unboundid.scim2.common.types.Role;
|
||||||
import com.unboundid.scim2.common.types.UserResource;
|
import com.unboundid.scim2.common.types.UserResource;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
|
|
@ -21,6 +24,7 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
|
||||||
private String displayName;
|
private String displayName;
|
||||||
private String email;
|
private String email;
|
||||||
private Boolean active;
|
private Boolean active;
|
||||||
|
private String[] roles;
|
||||||
|
|
||||||
public UserAdapter(KeycloakSession session, String componentId) {
|
public UserAdapter(KeycloakSession session, String componentId) {
|
||||||
super(session, componentId, "User", Logger.getLogger(UserAdapter.class));
|
super(session, componentId, "User", Logger.getLogger(UserAdapter.class));
|
||||||
|
|
@ -66,6 +70,14 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String[] getRoles() {
|
||||||
|
return roles;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRoles(String[] roles) {
|
||||||
|
this.roles = roles;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Class<UserResource> getResourceClass() {
|
public Class<UserResource> getResourceClass() {
|
||||||
return UserResource.class;
|
return UserResource.class;
|
||||||
|
|
@ -84,6 +96,15 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
|
||||||
}
|
}
|
||||||
setEmail(user.getEmail());
|
setEmail(user.getEmail());
|
||||||
setActive(user.isEnabled());
|
setActive(user.isEnabled());
|
||||||
|
var rolesSet = new HashSet<String>();
|
||||||
|
user.getGroupsStream().flatMap(g -> g.getRoleMappingsStream())
|
||||||
|
.filter((r) -> r.getFirstAttribute("scim").equals("true")).map((r) -> r.getName())
|
||||||
|
.forEach(r -> rolesSet.add(r));
|
||||||
|
user.getRoleMappingsStream().filter((r) -> r.getFirstAttribute("scim").equals("true"))
|
||||||
|
.map((r) -> r.getName()).forEach(r -> rolesSet.add(r));
|
||||||
|
var roles = new String[rolesSet.size()];
|
||||||
|
rolesSet.toArray(roles);
|
||||||
|
setRoles(roles);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
@ -120,6 +141,13 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
|
||||||
}
|
}
|
||||||
user.setMeta(meta);
|
user.setMeta(meta);
|
||||||
}
|
}
|
||||||
|
List<Role> roles = new ArrayList<Role>();
|
||||||
|
for (var r : this.roles) {
|
||||||
|
var role = new Role();
|
||||||
|
role.setValue(r);
|
||||||
|
roles.add(role);
|
||||||
|
}
|
||||||
|
user.setRoles(roles);
|
||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
package sh.libre.scim.event;
|
package sh.libre.scim.event;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
import java.util.regex.*;
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.events.Event;
|
import org.keycloak.events.Event;
|
||||||
|
|
@ -13,7 +12,6 @@ import org.keycloak.events.admin.ResourceType;
|
||||||
import org.keycloak.models.GroupModel;
|
import org.keycloak.models.GroupModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.representations.idm.GroupRepresentation;
|
|
||||||
|
|
||||||
import sh.libre.scim.core.GroupAdapter;
|
import sh.libre.scim.core.GroupAdapter;
|
||||||
import sh.libre.scim.core.ScimDispatcher;
|
import sh.libre.scim.core.ScimDispatcher;
|
||||||
|
|
@ -81,12 +79,16 @@ public class ScimEventListenerProvider implements EventListenerProvider {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (event.getResourceType() == ResourceType.GROUP_MEMBERSHIP) {
|
if (event.getResourceType() == ResourceType.GROUP_MEMBERSHIP) {
|
||||||
ObjectMapper obj = new ObjectMapper();
|
Pattern pattern = Pattern.compile("users/(.+)/groups/(.+)");
|
||||||
try {
|
Matcher matcher = pattern.matcher(event.getResourcePath());
|
||||||
var groupRepresentation = obj.readValue(event.getRepresentation(), GroupRepresentation.class);
|
if (matcher.find()) {
|
||||||
var group = getGroup(groupRepresentation.getId());
|
var userId = matcher.group(1);
|
||||||
|
var groupId = matcher.group(2);
|
||||||
|
LOGGER.infof("%s %s from %s", event.getOperationType(), userId, groupId);
|
||||||
|
var group = getGroup(groupId);
|
||||||
dispatcher.run((client) -> client.replace(GroupAdapter.class, group));
|
dispatcher.run((client) -> client.replace(GroupAdapter.class, group));
|
||||||
} catch (JsonProcessingException e) {
|
var user = getUser(userId);
|
||||||
|
dispatcher.run((client) -> client.replace(UserAdapter.class, user));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue