diff --git a/.dev/tenant-user-management-service/README.md b/.dev/tenant-user-management-service/README.md new file mode 100644 index 0000000..d39bdc3 --- /dev/null +++ b/.dev/tenant-user-management-service/README.md @@ -0,0 +1,8 @@ +# Setup +start docker-compose +login to http://localhost:8080 with admin/admin +go to "clients", select "import client" and drag-and-drop manager.json from this folder. +Follow import wizard steps. +Once done. select the manager client, go to tab "SERVICE ACCOUNT ROLES" +Click "assign roles" and assign all roles from "filter by realm roles". + diff --git a/.dev/tenant-user-management-service/docker-compose.yaml b/.dev/tenant-user-management-service/docker-compose.yaml index 20a5aa5..851c2e8 100644 --- a/.dev/tenant-user-management-service/docker-compose.yaml +++ b/.dev/tenant-user-management-service/docker-compose.yaml @@ -6,6 +6,7 @@ services: command: start-dev environment: KEYCLOAK_ADMIN: admin + KEYCLOAK_IMPORT: master.json KEYCLOAK_ADMIN_PASSWORD: admin ports: - 8080:8080 diff --git a/.dev/tenant-user-management-service/manager.json b/.dev/tenant-user-management-service/manager.json new file mode 100644 index 0000000..856ed3d --- /dev/null +++ b/.dev/tenant-user-management-service/manager.json @@ -0,0 +1,99 @@ +{ + "clientId": "manager", + "name": "manager", + "description": "manager", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "oE2DVrV45w0Tr5jBBcoufVxIkFWU69lP", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": true, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "true", + "oauth2.device.authorization.grant.enabled": "true", + "client.secret.creation.time": "1690966874", + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ], + "access": { + "view": true, + "configure": true, + "manage": true + } +} diff --git a/.gitignore b/.gitignore index 1a5cd14..d929786 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,4 @@ build/ gradle.properties gradlew gradlew.bat +.DS_Store diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java index c2518cf..24bc30b 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java @@ -224,7 +224,7 @@ public class TenantManagementService implements TenantProvider { tenantRequest.getDatabaseConnection().getPassword())) { DataSource tenantDataSource = new SingleConnectionDataSource(connection, false); JdbcTemplate jdbcTemplate = new JdbcTemplate(tenantDataSource); - String createStatement = "CREATE SCHEMA \"" + tenantRequest.getDatabaseConnection().getSchema() + "\""; + String createStatement = "CREATE SCHEMA IF NOT EXISTS \"" + tenantRequest.getDatabaseConnection().getSchema() + "\""; String grantStatement = "GRANT USAGE ON SCHEMA \"" + tenantRequest.getDatabaseConnection().getSchema() + "\" TO \"" + tenantRequest.getDatabaseConnection() .getUsername() + "\""; jdbcTemplate.execute(createStatement); diff --git a/src/main/resources/application-dev.yaml b/src/main/resources/application-dev.yaml index 68b0f08..4e6cae2 100644 --- a/src/main/resources/application-dev.yaml +++ b/src/main/resources/application-dev.yaml @@ -5,7 +5,7 @@ server: fforesight: tenant-user-management: server-url: http://localhost:8080 - client-secret: WJ4CIR2t65r55caWFBg4LWhdW2kOMjeC + client-secret: Rf1FbW6qwXNFd8hvNLvObZvASaG2iDZs client-id: manager realm: master kc-role-mapping: