Compare commits
24 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
1fdd957e9e | ||
|
|
18de1e52f5 | ||
|
|
00ef5f67a1 | ||
|
|
74b289b38c | ||
|
|
100b1c4cc1 | ||
|
|
f96adb2097 | ||
|
|
4e43e4e255 | ||
|
|
7bb15fe456 | ||
|
|
a169fb585c | ||
|
|
af38bb2f29 | ||
|
|
f25253cb3b | ||
|
|
ad7035d7cf | ||
|
|
dfa4009b84 | ||
|
|
4eefde9ff6 | ||
|
|
45f6386104 | ||
|
|
db495d17b3 | ||
|
|
e0a1df09ab | ||
|
|
93e3315a8a | ||
|
|
5e3d632846 | ||
|
|
6412b50ff9 | ||
|
|
4e4a8d7089 | ||
|
|
e2f84d9bbf | ||
|
|
09a86f0a23 | ||
|
|
8adeb37275 |
@ -94,12 +94,12 @@ configurations {
|
||||
}
|
||||
}
|
||||
|
||||
val persistenceServiceVersion = "2.561.0"
|
||||
val persistenceServiceVersion = "2.589.1-RED10196.2"
|
||||
|
||||
|
||||
dependencies {
|
||||
implementation("com.iqser.red.service:persistence-service-internal-api-v1:${persistenceServiceVersion}")
|
||||
implementation("com.knecon.fforesight:database-tenant-commons:0.24.0")
|
||||
implementation("com.knecon.fforesight:database-tenant-commons:0.28.0-RED10196.0")
|
||||
implementation("com.knecon.fforesight:keycloak-commons:0.28.0")
|
||||
implementation("com.knecon.fforesight:swagger-commons:0.7.0")
|
||||
implementation("com.knecon.fforesight:tracing-commons:0.5.0")
|
||||
|
||||
@ -17,7 +17,6 @@ import com.fasterxml.jackson.databind.JsonNode;
|
||||
import com.knecon.fforesight.tenantcommons.model.TenantResponse;
|
||||
import com.knecon.fforesight.tenantcommons.model.UpdateDetailsRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.DeploymentKeyResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SimpleTenantResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.CreateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.UpdateTenantRequest;
|
||||
|
||||
@ -43,8 +42,7 @@ public interface TenantsResource {
|
||||
@ResponseBody
|
||||
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
||||
@Operation(summary = "Deletes given tenant", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "403", description = "Forbidden access, you dont have rights to delete tenants"), @ApiResponse(responseCode = "405", description = "Operation is not allowed."),
|
||||
@ApiResponse(responseCode = "409", description = "Conflict while deleting tenant.")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "403", description = "Forbidden access, you dont have rights to delete tenants"), @ApiResponse(responseCode = "405", description = "Operation is not allowed."), @ApiResponse(responseCode = "409", description = "Conflict while deleting tenant.")})
|
||||
@DeleteMapping(value = TENANTS_TENANT_ID_PATH)
|
||||
void deleteTenant(@PathVariable("tenantId") String tenantId);
|
||||
|
||||
@ -73,12 +71,6 @@ public interface TenantsResource {
|
||||
void updateDetails(@PathVariable("tenantId") String tenantId, @RequestBody UpdateDetailsRequest request);
|
||||
|
||||
|
||||
@GetMapping(value = TENANTS_PATH + "/simple", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Gets all existing tenants in a simplified format", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
List<SimpleTenantResponse> getSimpleTenants();
|
||||
|
||||
|
||||
@GetMapping(value = "/deploymentKey" + TENANT_ID_PATH_PARAM, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Returns the deployment key for a tenant", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
|
||||
@ -12,10 +12,10 @@ import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.ResponseStatus;
|
||||
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantcommons.model.TenantResponse;
|
||||
import com.knecon.fforesight.tenantcommons.model.UpdateDetailsRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.DeploymentKeyResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SimpleTenantResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.CreateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.UpdateTenantRequest;
|
||||
|
||||
@ -43,13 +43,13 @@ public interface InternalTenantsResource {
|
||||
|
||||
|
||||
@GetMapping(value = "/tenants", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Gets all existing tenant", description = "None")
|
||||
@Operation(summary = "Gets all existing tenants", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
List<TenantResponse> getTenants();
|
||||
|
||||
|
||||
@GetMapping(value = "/tenants/{tenantId}", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Gets all existing tenant", description = "None")
|
||||
@Operation(summary = "Get the given tenant", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
TenantResponse getTenant(@PathVariable("tenantId") String tenantId);
|
||||
|
||||
@ -60,12 +60,6 @@ public interface InternalTenantsResource {
|
||||
TenantResponse updateTenant(@PathVariable("tenantId") String tenantId, @RequestBody UpdateTenantRequest tenantRequest);
|
||||
|
||||
|
||||
@GetMapping(value = "/tenants/simple", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Gets all existing tenant in a simplified format", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
List<SimpleTenantResponse> getSimpleTenants();
|
||||
|
||||
|
||||
@GetMapping(value = "/deploymentKey" + TENANT_ID_PATH_PARAM, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Returns the deployment key for a tenant", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
@ -77,4 +71,10 @@ public interface InternalTenantsResource {
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
void syncTenant(@PathVariable("tenantId") String tenantId, @RequestBody JsonNode payload);
|
||||
|
||||
|
||||
@GetMapping(value = {"/tenants/{tenantId}/application-type"}, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Gets the application type of the given tenant", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
TenantApplicationType getTenantApplicationType(@PathVariable("tenantId") String tenantId);
|
||||
|
||||
}
|
||||
|
||||
@ -7,10 +7,12 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantContext;
|
||||
import com.knecon.fforesight.tenantusermanagement.api.external.GeneralSettingsResource;
|
||||
import com.knecon.fforesight.tenantusermanagement.api.external.PublicResource;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.GeneralConfigurationModel;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.GeneralConfigurationService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.TenantManagementService;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
@ -21,13 +23,14 @@ import lombok.extern.slf4j.Slf4j;
|
||||
public class GeneralSettingsController implements GeneralSettingsResource, PublicResource {
|
||||
|
||||
private final GeneralConfigurationService generalConfigurationService;
|
||||
private final TenantManagementService tenantManagementService;
|
||||
|
||||
|
||||
@Override
|
||||
@PreAuthorize("hasAuthority('" + READ_GENERAL_CONFIGURATION + "')")
|
||||
public GeneralConfigurationModel getGeneralConfigurations() {
|
||||
|
||||
return generalConfigurationService.getGeneralConfigurations();
|
||||
return generalConfigurationService.getGeneralConfigurations(tenantManagementService.getTenantApplicationType(TenantContext.getTenantId()));
|
||||
}
|
||||
|
||||
|
||||
@ -35,7 +38,7 @@ public class GeneralSettingsController implements GeneralSettingsResource, Publi
|
||||
@PreAuthorize("hasAuthority('" + WRITE_GENERAL_CONFIGURATION + "')")
|
||||
public void updateGeneralConfigurations(@RequestBody GeneralConfigurationModel generalConfigurationModel) {
|
||||
|
||||
generalConfigurationService.updateGeneralConfigurations(generalConfigurationModel);
|
||||
generalConfigurationService.updateGeneralConfigurations(generalConfigurationModel, tenantManagementService.getTenantApplicationType(TenantContext.getTenantId()));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -32,11 +32,7 @@ import lombok.extern.slf4j.Slf4j;
|
||||
@RequiredArgsConstructor
|
||||
public class SMTPConfigurationController implements SMTPConfigurationResource, PublicResource {
|
||||
|
||||
private final static String SMTP_PASSWORD_KEY = "FFORESIGHT_SMTP_PASSWORD";
|
||||
private final static String DEFAULT_PASSWORD = "**********";
|
||||
private final RealmService realmService;
|
||||
private final ObjectMapper objectMapper;
|
||||
private final EncryptionDecryptionService encryptionDecryptionService;
|
||||
private final EmailService emailService;
|
||||
private final SMTPService smtpService;
|
||||
|
||||
@ -45,9 +41,7 @@ public class SMTPConfigurationController implements SMTPConfigurationResource, P
|
||||
@PreAuthorize("hasAuthority('" + READ_SMTP_CONFIGURATION + "')")
|
||||
public SMTPConfiguration getCurrentSMTPConfiguration() {
|
||||
|
||||
var realm = realmService.realm(TenantContext.getTenantId()).toRepresentation();
|
||||
SMTPConfiguration smtpConfiguration = objectMapper.convertValue(realm.getSmtpServer(), SMTPConfiguration.class);
|
||||
return smtpService.generateSMTPConfiguration(smtpConfiguration);
|
||||
return smtpService.getSMTPConfiguration();
|
||||
}
|
||||
|
||||
|
||||
@ -59,15 +53,7 @@ public class SMTPConfigurationController implements SMTPConfigurationResource, P
|
||||
throw new BadRequestException("Current license does not allow updating the SMTP configuration!");
|
||||
}
|
||||
|
||||
var realmRepresentation = realmService.realm(TenantContext.getTenantId()).toRepresentation();
|
||||
var propertiesMap = convertSMTPConfigurationModelToMap(smtpConfigurationModel);
|
||||
realmRepresentation.setSmtpServer(propertiesMap);
|
||||
|
||||
if (smtpConfigurationModel.getPassword() != null && !smtpConfigurationModel.getPassword().matches("\\**")) {
|
||||
realmRepresentation.getAttributesOrEmpty().put(SMTP_PASSWORD_KEY, encryptionDecryptionService.encrypt(smtpConfigurationModel.getPassword()));
|
||||
}
|
||||
|
||||
realmService.realm(TenantContext.getTenantId()).update(realmRepresentation);
|
||||
smtpService.updateSMTPConfiguration(smtpConfigurationModel);
|
||||
}
|
||||
|
||||
|
||||
@ -84,10 +70,7 @@ public class SMTPConfigurationController implements SMTPConfigurationResource, P
|
||||
adminEmail = false;
|
||||
}
|
||||
|
||||
updatePassword(smtpConfiguration);
|
||||
smtpConfiguration.setPassword(encryptionDecryptionService.decrypt(smtpConfiguration.getPassword()));
|
||||
|
||||
SMTPResponse.SMTPResponseBuilder smtpResponseBuilder = emailService.send(convertSMTPConfigurationModelToMap(smtpConfiguration),
|
||||
SMTPResponse.SMTPResponseBuilder smtpResponseBuilder = emailService.send(smtpService.convertSMTPConfigToMap(smtpConfiguration),
|
||||
targetEmail,
|
||||
"Redaction Test message",
|
||||
"This is a test message");
|
||||
@ -100,44 +83,9 @@ public class SMTPConfigurationController implements SMTPConfigurationResource, P
|
||||
@Override
|
||||
@PreAuthorize("hasAuthority('" + WRITE_SMTP_CONFIGURATION + "')")
|
||||
public void clearSMTPConfiguration() {
|
||||
// also update in KC
|
||||
var realmRepresentation = realmService.realm(TenantContext.getTenantId()).toRepresentation();
|
||||
realmRepresentation.setSmtpServer(new HashMap<>());
|
||||
realmRepresentation.getAttributesOrEmpty().remove(SMTP_PASSWORD_KEY);
|
||||
realmService.realm(TenantContext.getTenantId()).update(realmRepresentation);
|
||||
|
||||
}
|
||||
smtpService.createDefaultSMTPConfiguration();
|
||||
|
||||
|
||||
private Map<String, String> convertSMTPConfigurationModelToMap(SMTPConfiguration smtpConfigurationModel) {
|
||||
|
||||
Map<String, Object> propertiesMap = objectMapper.convertValue(smtpConfigurationModel, new TypeReference<>() {
|
||||
});
|
||||
Map<String, String> stringPropertiesMap = new HashMap<>();
|
||||
propertiesMap.forEach((key, value) -> {
|
||||
if (value != null) {
|
||||
stringPropertiesMap.put(key, value.toString());
|
||||
} else {
|
||||
stringPropertiesMap.put(key, "");
|
||||
}
|
||||
});
|
||||
return stringPropertiesMap;
|
||||
}
|
||||
|
||||
|
||||
private void updatePassword(SMTPConfiguration smtpConfiguration) {
|
||||
|
||||
if (DEFAULT_PASSWORD.equals(smtpConfiguration.getPassword())) {
|
||||
try {
|
||||
var password = realmService.realm(TenantContext.getTenantId()).toRepresentation().getAttributesOrEmpty()
|
||||
.get(SMTP_PASSWORD_KEY);
|
||||
smtpConfiguration.setPassword(password);
|
||||
} catch (Exception e) {
|
||||
log.info("No current SMTP Config exists", e);
|
||||
}
|
||||
} else {
|
||||
smtpConfiguration.setPassword(encryptionDecryptionService.encrypt(smtpConfiguration.getPassword()));
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -22,7 +22,6 @@ import com.knecon.fforesight.tenantcommons.model.UpdateDetailsRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.api.external.PublicResource;
|
||||
import com.knecon.fforesight.tenantusermanagement.api.external.TenantsResource;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.DeploymentKeyResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SimpleTenantResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.CreateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.UpdateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.DeploymentKeyService;
|
||||
@ -77,12 +76,6 @@ public class TenantsController implements TenantsResource, PublicResource {
|
||||
}
|
||||
|
||||
|
||||
public List<SimpleTenantResponse> getSimpleTenants() {
|
||||
|
||||
return tenantManagementService.getTenants().stream().map(t -> new SimpleTenantResponse(t.getTenantId(), t.getDisplayName(), t.getGuid())).toList();
|
||||
}
|
||||
|
||||
|
||||
@PreAuthorize("hasAuthority('" + UPDATE_TENANT + "')")
|
||||
public TenantResponse updateTenant(String tenantId, @RequestBody UpdateTenantRequest tenantRequest) {
|
||||
|
||||
|
||||
@ -8,7 +8,6 @@ import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagem
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.function.Predicate;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
@ -28,7 +27,7 @@ import com.knecon.fforesight.tenantusermanagement.model.UpdateMyProfileRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.UpdateProfileRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.User;
|
||||
import com.knecon.fforesight.tenantusermanagement.permissions.ApplicationRoles;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.TenantApplicationTypeService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.UserService;
|
||||
|
||||
import jakarta.validation.Valid;
|
||||
@ -42,7 +41,7 @@ public class UserController implements UserResource, PublicResource {
|
||||
|
||||
|
||||
private final UserService userService;
|
||||
private final TenantUserManagementProperties tenantUserManagementProperties;
|
||||
private final TenantApplicationTypeService tenantApplicationTypeService;
|
||||
|
||||
|
||||
@Override
|
||||
@ -52,7 +51,7 @@ public class UserController implements UserResource, PublicResource {
|
||||
if (bypassCache) {
|
||||
userService.evictUserCache();
|
||||
}
|
||||
var mappedRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var mappedRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
|
||||
return userService.getAllUsers()
|
||||
.stream()
|
||||
|
||||
@ -9,13 +9,13 @@ import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.server.ResponseStatusException;
|
||||
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantcommons.model.TenantResponse;
|
||||
import com.knecon.fforesight.tenantcommons.model.UpdateDetailsRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.api.internal.InternalResource;
|
||||
import com.knecon.fforesight.tenantusermanagement.api.internal.InternalTenantsResource;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.DeploymentKeyResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SimpleTenantResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.CreateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.DeploymentKeyResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.UpdateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.DeploymentKeyService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.TenantManagementService;
|
||||
@ -67,12 +67,6 @@ public class InternalTenantsController implements InternalTenantsResource, Inter
|
||||
}
|
||||
|
||||
|
||||
public List<SimpleTenantResponse> getSimpleTenants() {
|
||||
|
||||
return tenantManagementService.getTenants().stream().map(t -> new SimpleTenantResponse(t.getTenantId(), t.getDisplayName(), t.getGuid())).toList();
|
||||
}
|
||||
|
||||
|
||||
public DeploymentKeyResponse getDeploymentKey(@PathVariable(TENANT_ID_PARAM) String tenantId) {
|
||||
|
||||
return new DeploymentKeyResponse(deploymentKeyService.getDeploymentKey(tenantId));
|
||||
@ -86,4 +80,10 @@ public class InternalTenantsController implements InternalTenantsResource, Inter
|
||||
|
||||
}
|
||||
|
||||
|
||||
public TenantApplicationType getTenantApplicationType(@PathVariable(TENANT_ID_PARAM) String tenantId) {
|
||||
|
||||
return tenantManagementService.getTenantApplicationType(tenantId);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -0,0 +1,60 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.entity;
|
||||
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.persistence.Table;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
@Entity
|
||||
@Data
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
@Table(name = "global_smtp_configuration")
|
||||
public class GlobalSMTPConfigurationEntity {
|
||||
|
||||
@Id
|
||||
@Column(nullable = false, updatable = false)
|
||||
private String id = "singleton";
|
||||
|
||||
@Column
|
||||
private Boolean auth;
|
||||
|
||||
@Column
|
||||
private String envelopeFrom;
|
||||
|
||||
@Column
|
||||
private String fromEmail;
|
||||
|
||||
@Column
|
||||
private String fromDisplayName;
|
||||
|
||||
@Column
|
||||
private String host;
|
||||
|
||||
@Column
|
||||
private String password;
|
||||
|
||||
@Column
|
||||
private Integer port;
|
||||
|
||||
@Column
|
||||
private String replyTo;
|
||||
|
||||
@Column
|
||||
private String replyToDisplayName;
|
||||
|
||||
@Column
|
||||
private Boolean ssl;
|
||||
|
||||
@Column
|
||||
private Boolean starttls;
|
||||
|
||||
@Column
|
||||
private String userName;
|
||||
}
|
||||
|
||||
@ -3,6 +3,7 @@ package com.knecon.fforesight.tenantusermanagement.entity;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantusermanagement.utils.JSONMapConverter;
|
||||
|
||||
import jakarta.persistence.Basic;
|
||||
@ -10,6 +11,8 @@ import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Convert;
|
||||
import jakarta.persistence.Embedded;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.EnumType;
|
||||
import jakarta.persistence.Enumerated;
|
||||
import jakarta.persistence.FetchType;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.persistence.Table;
|
||||
@ -53,4 +56,9 @@ public class TenantEntity {
|
||||
@Convert(converter = JSONMapConverter.class)
|
||||
@Builder.Default
|
||||
private Map<String, Object> details = new HashMap<>();
|
||||
|
||||
@Column
|
||||
@Enumerated(EnumType.STRING)
|
||||
private TenantApplicationType applicationType;
|
||||
|
||||
}
|
||||
|
||||
@ -34,9 +34,7 @@ public class MigrateOnlyHook {
|
||||
@EventListener(ApplicationReadyEvent.class)
|
||||
public void migrate() {
|
||||
|
||||
tenantManagementService.getTenants().forEach(tenant -> {
|
||||
keyCloakRoleManagerService.updateRoles(tenant.getTenantId());
|
||||
});
|
||||
tenantManagementService.getTenants().forEach(tenant -> keyCloakRoleManagerService.updateRoles(tenant.getTenantId(), tenant.getApplicationType()));
|
||||
|
||||
// This should only run in post upgrade hook
|
||||
if (isMigrateOnly) {
|
||||
|
||||
@ -3,6 +3,7 @@ package com.knecon.fforesight.tenantusermanagement.model;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantcommons.model.AzureStorageConnection;
|
||||
import com.knecon.fforesight.tenantcommons.model.DatabaseConnection;
|
||||
import com.knecon.fforesight.tenantcommons.model.S3StorageConnection;
|
||||
@ -48,4 +49,7 @@ public class CreateTenantRequest {
|
||||
@Schema(description = "Parameter containing a list of users of the tenant.")
|
||||
private List<TenantUser> defaultUsers = new ArrayList<>();
|
||||
|
||||
@Schema(description = "Parameter containing the application type of the tenant.")
|
||||
private TenantApplicationType applicationType;
|
||||
|
||||
}
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.model;
|
||||
|
||||
import io.swagger.v3.oas.annotations.media.Schema;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
@Data
|
||||
@Builder
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
@Schema(description = "Object containing a simplified version of the tenant data.")
|
||||
public class SimpleTenantResponse {
|
||||
|
||||
@Schema(description = "Parameter containing the ID of the tenant.")
|
||||
private String tenantId;
|
||||
@Schema(description = "Parameter containing the display name of the tenant.")
|
||||
private String displayName;
|
||||
@Schema(description = "Parameter containing the global unique ID of the tenant.")
|
||||
private String guid;
|
||||
|
||||
}
|
||||
@ -0,0 +1,25 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.properties;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import com.knecon.fforesight.tenantusermanagement.model.KCRoleMapping;
|
||||
|
||||
import lombok.Data;
|
||||
|
||||
@Data
|
||||
public class ApplicationTypeProperties {
|
||||
|
||||
private String applicationClientId;
|
||||
private String applicationName;
|
||||
private Integer tenantAccessTokenLifeSpan = 300;
|
||||
private Integer accessTokenLifeSpan = 1800;
|
||||
private Integer ssoSessionIdleTimeout = 86400;
|
||||
private Integer refreshTokenMaxReuse;
|
||||
private String defaultTheme = "redaction";
|
||||
private List<String> validRedirectUris = new ArrayList<>();
|
||||
private KCRoleMapping kcRoleMapping = new KCRoleMapping();
|
||||
private String loginTheme;
|
||||
private String appPrefix;
|
||||
|
||||
}
|
||||
@ -1,11 +1,13 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.properties;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.HashMap;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
|
||||
import com.knecon.fforesight.tenantusermanagement.model.KCRoleMapping;
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantcommons.TenantContext;
|
||||
|
||||
import lombok.Data;
|
||||
|
||||
@ -14,24 +16,17 @@ import lombok.Data;
|
||||
public class TenantUserManagementProperties {
|
||||
|
||||
private String serverUrl;
|
||||
private String publicServerUrl;
|
||||
private String realm;
|
||||
private String applicationClientId;
|
||||
private String swaggerClientId ="swagger-ui-client";
|
||||
private String realm = "master";
|
||||
private String swaggerClientId = "swagger-ui-client";
|
||||
private String swaggerClientSecret;
|
||||
private String clientId;
|
||||
private String clientSecret;
|
||||
private String publicServerUrl;
|
||||
private String basePath = "/";
|
||||
private String basePathV2 = "/api";
|
||||
private int connectionPoolSize = 10;
|
||||
private String applicationName;
|
||||
private Integer accessTokenLifeSpan = 1800;
|
||||
private Integer ssoSessionIdleTimeout = 86400;
|
||||
private int refreshTokenMaxReuse;
|
||||
private String defaultTheme = "redaction";
|
||||
private List<String> validRedirectUris = new ArrayList<>();
|
||||
private KCRoleMapping kcRoleMapping = new KCRoleMapping();
|
||||
private String loginTheme;
|
||||
private String appPrefix;
|
||||
|
||||
private Map<String, ApplicationTypeProperties> applicationTypes = new HashMap<>();
|
||||
|
||||
|
||||
}
|
||||
|
||||
@ -0,0 +1,15 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.repository;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
|
||||
import com.knecon.fforesight.tenantusermanagement.entity.GlobalSMTPConfigurationEntity;
|
||||
|
||||
public interface GlobalSMTPConfigurationRepository extends JpaRepository<GlobalSMTPConfigurationEntity, String> {
|
||||
|
||||
default Optional<GlobalSMTPConfigurationEntity> findSingleton() {
|
||||
|
||||
return findById("singleton");
|
||||
}
|
||||
}
|
||||
@ -2,11 +2,14 @@ package com.knecon.fforesight.tenantusermanagement.repository;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
import org.springframework.cache.annotation.CacheEvict;
|
||||
import org.springframework.cache.annotation.Cacheable;
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
import org.springframework.data.jpa.repository.Modifying;
|
||||
import org.springframework.data.jpa.repository.Query;
|
||||
import org.springframework.data.repository.query.Param;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantusermanagement.entity.TenantEntity;
|
||||
|
||||
import jakarta.transaction.Transactional;
|
||||
@ -16,10 +19,16 @@ public interface TenantRepository extends JpaRepository<TenantEntity, String> {
|
||||
@Query("select t from TenantEntity t where t.tenantId = :tenantId")
|
||||
Optional<TenantEntity> findByTenantId(@Param("tenantId") String tenantId);
|
||||
|
||||
|
||||
@CacheEvict(value = "tenantApplicationType", key = "#tenantId")
|
||||
@Transactional
|
||||
@Modifying(clearAutomatically = true, flushAutomatically = true)
|
||||
@Query("delete from TenantEntity t where t.id = :tenantId ")
|
||||
void deleteByQuery(String tenantId);
|
||||
|
||||
|
||||
@Cacheable(value = "tenantApplicationType", key = "#tenantId")
|
||||
@Query("select t.applicationType from TenantEntity t where t.tenantId = :tenantId")
|
||||
Optional<TenantApplicationType> findApplicationTypeByTenantId(@Param("tenantId") String tenantId);
|
||||
|
||||
}
|
||||
|
||||
@ -0,0 +1,52 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.service;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.core.env.Environment;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SMTPConfiguration;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
public class EnvironmentSMTPConfigurationProvider {
|
||||
|
||||
private final Environment environment;
|
||||
|
||||
public static final Integer KEYCLOAK_DEFAULT_PORT = 25;
|
||||
public static final String SMTP_DEFAULT_HOST = "SMTP_DEFAULT_HOST";
|
||||
public static final String SMTP_DEFAULT_PORT = "SMTP_DEFAULT_PORT";
|
||||
public static final String SMTP_DEFAULT_SENDER_EMAIL = "SMTP_DEFAULT_SENDER_EMAIL";
|
||||
public static final String SMTP_DEFAULT_SENDER_NAME = "SMTP_DEFAULT_SENDER_NAME";
|
||||
public static final String SMTP_DEFAULT_REPLY_EMAIL = "SMTP_DEFAULT_REPLY_EMAIL";
|
||||
public static final String SMTP_DEFAULT_REPLY_NAME = "SMTP_DEFAULT_REPLY_NAME";
|
||||
public static final String SMTP_DEFAULT_SENDER_ENVELOPE = "SMTP_DEFAULT_SENDER_ENVELOPE";
|
||||
public static final String SMTP_DEFAULT_SSL = "SMTP_DEFAULT_SSL";
|
||||
public static final String SMTP_DEFAULT_STARTTLS = "SMTP_DEFAULT_STARTTLS";
|
||||
public static final String SMTP_DEFAULT_AUTH = "SMTP_DEFAULT_AUTH";
|
||||
public static final String SMTP_DEFAULT_AUTH_USER = "SMTP_DEFAULT_AUTH_USER";
|
||||
public static final String SMTP_DEFAULT_AUTH_PASSWORD = "SMTP_DEFAULT_AUTH_PASSWORD";
|
||||
|
||||
|
||||
public SMTPConfiguration get() {
|
||||
|
||||
String port = environment.getProperty(SMTP_DEFAULT_PORT, "");
|
||||
return SMTPConfiguration.builder()
|
||||
.id("singleton")
|
||||
.host(environment.getProperty(SMTP_DEFAULT_HOST, ""))
|
||||
.port(StringUtils.isEmpty(port) || !StringUtils.isNumeric(port) ? KEYCLOAK_DEFAULT_PORT : Integer.parseInt(port))
|
||||
.from(environment.getProperty(SMTP_DEFAULT_SENDER_EMAIL, ""))
|
||||
.fromDisplayName(environment.getProperty(SMTP_DEFAULT_SENDER_NAME, ""))
|
||||
.replyTo(environment.getProperty(SMTP_DEFAULT_REPLY_EMAIL, ""))
|
||||
.replyToDisplayName(environment.getProperty(SMTP_DEFAULT_REPLY_NAME, ""))
|
||||
.envelopeFrom(environment.getProperty(SMTP_DEFAULT_SENDER_ENVELOPE, ""))
|
||||
.ssl(Boolean.parseBoolean(environment.getProperty(SMTP_DEFAULT_SSL, "false")))
|
||||
.starttls(Boolean.parseBoolean(environment.getProperty(SMTP_DEFAULT_STARTTLS, "false")))
|
||||
.auth(Boolean.parseBoolean(environment.getProperty(SMTP_DEFAULT_AUTH, "false")))
|
||||
.user(environment.getProperty(SMTP_DEFAULT_AUTH_USER, ""))
|
||||
.password(environment.getProperty(SMTP_DEFAULT_AUTH_PASSWORD, ""))
|
||||
.build();
|
||||
}
|
||||
|
||||
}
|
||||
@ -4,8 +4,10 @@ import org.apache.commons.lang3.StringUtils;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantcommons.TenantContext;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.GeneralConfigurationModel;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
@ -18,28 +20,30 @@ public class GeneralConfigurationService {
|
||||
|
||||
private final RealmService realmService;
|
||||
private final TenantUserManagementProperties tenantUserManagementProperties;
|
||||
private final TenantApplicationTypeService tenantApplicationTypeService;
|
||||
|
||||
|
||||
public void initGeneralConfiguration(String tenantId) {
|
||||
public void initGeneralConfiguration(String tenantId, TenantApplicationType tenantApplicationType) {
|
||||
|
||||
TenantContext.setTenantId(tenantId);
|
||||
var generalConfiguration = getGeneralConfigurations();
|
||||
log.info("Currently Configured Application Name: {}, default name: {}", generalConfiguration.getDisplayName(), tenantUserManagementProperties.getApplicationName());
|
||||
updateGeneralConfigurations(getGeneralConfigurations());
|
||||
var generalConfiguration = getGeneralConfigurations(tenantApplicationType);
|
||||
log.info("Currently Configured Application Name: {}, default name: {}", generalConfiguration.getDisplayName(), tenantApplicationTypeService.getProperties(tenantApplicationType).getApplicationName());
|
||||
updateGeneralConfigurations(getGeneralConfigurations(tenantApplicationType), tenantApplicationType);
|
||||
TenantContext.clear();
|
||||
}
|
||||
|
||||
|
||||
public GeneralConfigurationModel getGeneralConfigurations() {
|
||||
public GeneralConfigurationModel getGeneralConfigurations(TenantApplicationType tenantApplicationType) {
|
||||
|
||||
var realm = realmService.realm(TenantContext.getTenantId()).toRepresentation();
|
||||
var auxiliaryName = realm.getDisplayNameHtml();
|
||||
|
||||
String computedAuxiliaryName = null;
|
||||
|
||||
if (!tenantUserManagementProperties.getApplicationName().equals(auxiliaryName)) {
|
||||
ApplicationTypeProperties currentAppTypeProperties = tenantApplicationTypeService.getProperties(tenantApplicationType);
|
||||
if (!currentAppTypeProperties.getApplicationName().equals(auxiliaryName)) {
|
||||
|
||||
auxiliaryName = StringUtils.replaceOnce(auxiliaryName, tenantUserManagementProperties.getApplicationName(), "");
|
||||
auxiliaryName = StringUtils.replaceOnce(auxiliaryName, currentAppTypeProperties.getApplicationName(), "");
|
||||
auxiliaryName = StringUtils.replaceOnce(auxiliaryName, " (", "");
|
||||
auxiliaryName = StringUtils.reverse(StringUtils.replaceOnce(StringUtils.reverse(auxiliaryName), ")", ""));
|
||||
|
||||
@ -54,7 +58,7 @@ public class GeneralConfigurationService {
|
||||
}
|
||||
|
||||
|
||||
public void updateGeneralConfigurations(GeneralConfigurationModel generalConfigurationModel) {
|
||||
public void updateGeneralConfigurations(GeneralConfigurationModel generalConfigurationModel, TenantApplicationType tenantApplicationType) {
|
||||
|
||||
var realm = realmService.realm(TenantContext.getTenantId());
|
||||
|
||||
@ -69,13 +73,14 @@ public class GeneralConfigurationService {
|
||||
realmRepresentation.setResetPasswordAllowed(generalConfigurationModel.isForgotPasswordFunctionEnabled());
|
||||
|
||||
realmRepresentation.setRevokeRefreshToken(true);
|
||||
realmRepresentation.setRefreshTokenMaxReuse(tenantUserManagementProperties.getRefreshTokenMaxReuse());
|
||||
ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(tenantApplicationType);
|
||||
realmRepresentation.setRefreshTokenMaxReuse(applicationTypeProperties.getRefreshTokenMaxReuse());
|
||||
realmRepresentation.getAttributes().put("actionTokenGeneratedByUserLifespan.idp-verify-account-via-email", Integer.toString(86400));
|
||||
|
||||
if (!StringUtils.isEmpty(generalConfigurationModel.getAuxiliaryName())) {
|
||||
setDisplayName(realmRepresentation, tenantUserManagementProperties.getApplicationName() + " (" + generalConfigurationModel.getAuxiliaryName() + ")");
|
||||
setDisplayName(realmRepresentation, applicationTypeProperties.getApplicationName() + " (" + generalConfigurationModel.getAuxiliaryName() + ")");
|
||||
} else {
|
||||
setDisplayName(realmRepresentation, tenantUserManagementProperties.getApplicationName());
|
||||
setDisplayName(realmRepresentation, applicationTypeProperties.getApplicationName());
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
@ -0,0 +1,37 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.service;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import com.knecon.fforesight.tenantusermanagement.entity.GlobalSMTPConfigurationEntity;
|
||||
import com.knecon.fforesight.tenantusermanagement.repository.GlobalSMTPConfigurationRepository;
|
||||
|
||||
import lombok.AccessLevel;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.experimental.FieldDefaults;
|
||||
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
@FieldDefaults(level = AccessLevel.PRIVATE, makeFinal = true)
|
||||
public class GlobalSMTPConfigurationPersistenceService {
|
||||
|
||||
GlobalSMTPConfigurationRepository smtpConfigurationRepository;
|
||||
|
||||
|
||||
@Transactional(readOnly = true)
|
||||
public Optional<GlobalSMTPConfigurationEntity> get() {
|
||||
|
||||
return smtpConfigurationRepository.findSingleton();
|
||||
}
|
||||
|
||||
|
||||
@Transactional
|
||||
public GlobalSMTPConfigurationEntity createUpdate(GlobalSMTPConfigurationEntity smtpConfiguration) {
|
||||
|
||||
smtpConfiguration.setId("singleton");
|
||||
return smtpConfigurationRepository.save(smtpConfiguration);
|
||||
}
|
||||
|
||||
}
|
||||
@ -9,6 +9,8 @@ import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
@ -21,24 +23,26 @@ public class KeyCloakRoleManagerService {
|
||||
|
||||
private final RealmService realmService;
|
||||
private final TenantUserManagementProperties tenantUserManagementProperties;
|
||||
private final TenantApplicationTypeService tenantApplicationTypeService;
|
||||
|
||||
|
||||
public void updateRoles(String tenantId) {
|
||||
public void updateRoles(String tenantId, TenantApplicationType applicationType) {
|
||||
|
||||
var realm = realmService.realm(tenantId);
|
||||
|
||||
ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(applicationType);
|
||||
log.info("Running KeyCloak Role Manager, managing client: {} with system client {}",
|
||||
tenantUserManagementProperties.getApplicationClientId(),
|
||||
tenantUserManagementProperties.getClientId());
|
||||
applicationTypeProperties.getApplicationClientId(),
|
||||
tenantUserManagementProperties.getClientId());
|
||||
var existingRoles = realm.roles().list().stream().map(RoleRepresentation::getName).collect(Collectors.toList());
|
||||
|
||||
log.info("Existing KC roles: {}", existingRoles);
|
||||
|
||||
var redactionClientRepresentation = getRedactionClientRepresentation(tenantId);
|
||||
var redactionClientRepresentation = getRedactionClientRepresentation(tenantId, applicationTypeProperties.getApplicationClientId());
|
||||
var redactionClient = realm.clients().get(redactionClientRepresentation.getId());
|
||||
var clientRoles = redactionClient.roles().list().stream().map(RoleRepresentation::getName).collect(Collectors.toList());
|
||||
|
||||
var allPermissions = tenantUserManagementProperties.getKcRoleMapping().getPermissions();
|
||||
var allPermissions = applicationTypeProperties.getKcRoleMapping().getPermissions();
|
||||
|
||||
log.info("Existing KC client roles: {}", clientRoles);
|
||||
log.info("Current Application KC client roles: {}", allPermissions);
|
||||
@ -65,8 +69,8 @@ public class KeyCloakRoleManagerService {
|
||||
|
||||
var allClientRoles = redactionClient.roles().list();
|
||||
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var rolePermissionMappings = tenantUserManagementProperties.getKcRoleMapping().getRolePermissionMapping();
|
||||
var allRoles = applicationTypeProperties.getKcRoleMapping().getAllRoles();
|
||||
var rolePermissionMappings = applicationTypeProperties.getKcRoleMapping().getRolePermissionMapping();
|
||||
|
||||
// if an application-role doesn't exist, create it
|
||||
for (String applicationRole : allRoles) {
|
||||
@ -93,7 +97,7 @@ public class KeyCloakRoleManagerService {
|
||||
log.info("Finished application role {}", applicationRole);
|
||||
}
|
||||
|
||||
var composites = tenantUserManagementProperties.getKcRoleMapping().getRoleComposites();
|
||||
var composites = applicationTypeProperties.getKcRoleMapping().getRoleComposites();
|
||||
for (var key : composites.keySet()) {
|
||||
var realmRole = realm.roles().get(key).toRepresentation();
|
||||
|
||||
@ -111,9 +115,8 @@ public class KeyCloakRoleManagerService {
|
||||
}
|
||||
|
||||
|
||||
private ClientRepresentation getRedactionClientRepresentation(String tenantId) {
|
||||
private ClientRepresentation getRedactionClientRepresentation(String tenantId, String applicationClientId) {
|
||||
|
||||
String applicationClientId = tenantUserManagementProperties.getApplicationClientId();
|
||||
var clientRepresentationIterator = realmService.realm(tenantId).clients().findByClientId(applicationClientId).iterator();
|
||||
|
||||
if (clientRepresentationIterator.hasNext()) {
|
||||
|
||||
@ -1,88 +1,258 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.service;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.core.env.Environment;
|
||||
import org.springframework.boot.context.event.ApplicationReadyEvent;
|
||||
import org.springframework.context.event.EventListener;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import com.fasterxml.jackson.core.type.TypeReference;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.license.Feature;
|
||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.license.License;
|
||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.license.RedactionLicenseModel;
|
||||
import com.knecon.fforesight.tenantcommons.EncryptionDecryptionService;
|
||||
import com.knecon.fforesight.tenantcommons.TenantContext;
|
||||
import com.knecon.fforesight.tenantusermanagement.client.LicenseClient;
|
||||
import com.knecon.fforesight.tenantusermanagement.entity.GlobalSMTPConfigurationEntity;
|
||||
import com.knecon.fforesight.tenantusermanagement.entity.TenantEntity;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SMTPConfiguration;
|
||||
import com.knecon.fforesight.tenantusermanagement.repository.TenantRepository;
|
||||
import com.knecon.fforesight.tenantusermanagement.utils.SMTPConfigurationMapper;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
@Slf4j
|
||||
@RequiredArgsConstructor
|
||||
public class SMTPService {
|
||||
|
||||
private final Environment environment;
|
||||
private final GlobalSMTPConfigurationPersistenceService smtpConfigurationPersistenceService;
|
||||
private final EnvironmentSMTPConfigurationProvider environmentSMTPConfigurationProvider;
|
||||
private final LicenseClient licenseClient;
|
||||
public static final String SMTP_DEFAULT_HOST = "SMTP_DEFAULT_HOST";
|
||||
public static final String SMTP_DEFAULT_PORT = "SMTP_DEFAULT_PORT";
|
||||
public static final String SMTP_DEFAULT_SENDER_EMAIL = "SMTP_DEFAULT_SENDER_EMAIL";
|
||||
public static final String SMTP_DEFAULT_SENDER_NAME = "SMTP_DEFAULT_SENDER_NAME";
|
||||
public static final String SMTP_DEFAULT_REPLY_EMAIL = "SMTP_DEFAULT_REPLY_EMAIL";
|
||||
public static final String SMTP_DEFAULT_REPLY_NAME = "SMTP_DEFAULT_REPLY_NAME";
|
||||
public static final String SMTP_DEFAULT_SENDER_ENVELOPE = "SMTP_DEFAULT_SENDER_ENVELOPE";
|
||||
public static final String SMTP_DEFAULT_SSL = "SMTP_DEFAULT_SSL";
|
||||
public static final String SMTP_DEFAULT_STARTTLS = "SMTP_DEFAULT_STARTTLS";
|
||||
public static final String SMTP_DEFAULT_AUTH = "SMTP_DEFAULT_AUTH";
|
||||
public static final String SMTP_DEFAULT_AUTH_USER = "SMTP_DEFAULT_AUTH_USER";
|
||||
public static final String SMTP_DEFAULT_AUTH_PASSWORD = "SMTP_DEFAULT_AUTH_PASSWORD";
|
||||
private final RealmService realmService;
|
||||
private final TenantRepository tenantRepository;
|
||||
|
||||
private final EncryptionDecryptionService encryptionDecryptionService;
|
||||
|
||||
private final ObjectMapper objectMapper;
|
||||
|
||||
private final static String SMTP_PASSWORD_KEY = "FFORESIGHT_SMTP_PASSWORD";
|
||||
private final static String DEFAULT_PASSWORD = "**********";
|
||||
public static final String CONFIGURABLE_SMTP_SERVER_FEATURE = "configurableSMTPServer";
|
||||
|
||||
@EventListener(ApplicationReadyEvent.class)
|
||||
public void synchronizeSMTPConfigurations() {
|
||||
|
||||
public SMTPConfiguration generateSMTPConfiguration(SMTPConfiguration smtpConfiguration) {
|
||||
log.info("Starting SMTP configuration synchronization...");
|
||||
|
||||
if (smtpConfiguration.getHost() == null) {
|
||||
// SMTP is not configured, we use default values
|
||||
String port = environment.getProperty(SMTP_DEFAULT_PORT, "1234");
|
||||
return SMTPConfiguration.builder()
|
||||
.host(environment.getProperty(SMTP_DEFAULT_HOST, ""))
|
||||
.port(StringUtils.isEmpty(port) ? null : Integer.parseInt(port))
|
||||
.from(environment.getProperty(SMTP_DEFAULT_SENDER_EMAIL, ""))
|
||||
.fromDisplayName(environment.getProperty(SMTP_DEFAULT_SENDER_NAME, ""))
|
||||
.replyTo(environment.getProperty(SMTP_DEFAULT_REPLY_EMAIL, ""))
|
||||
.replyToDisplayName(environment.getProperty(SMTP_DEFAULT_REPLY_NAME, ""))
|
||||
.envelopeFrom(environment.getProperty(SMTP_DEFAULT_SENDER_ENVELOPE, ""))
|
||||
.ssl(Boolean.parseBoolean(environment.getProperty(SMTP_DEFAULT_SSL, "false")))
|
||||
.starttls(Boolean.parseBoolean(environment.getProperty(SMTP_DEFAULT_STARTTLS, "false")))
|
||||
.auth(Boolean.parseBoolean(environment.getProperty(SMTP_DEFAULT_AUTH, "false")))
|
||||
.user(environment.getProperty(SMTP_DEFAULT_AUTH_USER, ""))
|
||||
.password(environment.getProperty(SMTP_DEFAULT_AUTH_PASSWORD, ""))
|
||||
.build();
|
||||
} else {
|
||||
return smtpConfiguration;
|
||||
try {
|
||||
List<TenantEntity> tenants = tenantRepository.findAll();
|
||||
log.info("Retrieved {} tenants for SMTP synchronization.", tenants.size());
|
||||
|
||||
Optional<GlobalSMTPConfigurationEntity> optionalLatestGlobalConfigEntity = smtpConfigurationPersistenceService.get();
|
||||
|
||||
if (optionalLatestGlobalConfigEntity.isEmpty()) {
|
||||
log.info("Global SMTP configuration was newly added. Initializing all tenant SMTP configurations.");
|
||||
initializeGlobalSmtpConfig(tenants);
|
||||
|
||||
} else {
|
||||
updateGlobalSmtpConfig(optionalLatestGlobalConfigEntity.get(), tenants);
|
||||
}
|
||||
log.info("SMTP configuration synchronization completed successfully.");
|
||||
|
||||
} catch (Exception e) {
|
||||
log.error("Failed to synchronize SMTP configurations: {}", e.getMessage(), e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private void initializeGlobalSmtpConfig(List<TenantEntity> tenants) {
|
||||
|
||||
SMTPConfiguration currentGlobalConfig = environmentSMTPConfigurationProvider.get();
|
||||
|
||||
initializeTenantsSmtpConfig(tenants, currentGlobalConfig);
|
||||
|
||||
currentGlobalConfig.setPassword(encryptionDecryptionService.encrypt(currentGlobalConfig.getPassword()));
|
||||
GlobalSMTPConfigurationEntity updatedGlobalConfig = SMTPConfigurationMapper.toEntity(currentGlobalConfig);
|
||||
smtpConfigurationPersistenceService.createUpdate(updatedGlobalConfig);
|
||||
|
||||
}
|
||||
|
||||
|
||||
private void updateGlobalSmtpConfig(GlobalSMTPConfigurationEntity latestGlobalConfigEntity, List<TenantEntity> tenants) {
|
||||
|
||||
SMTPConfiguration latestGlobalConfig = SMTPConfigurationMapper.toModel(latestGlobalConfigEntity);
|
||||
latestGlobalConfig.setPassword(encryptionDecryptionService.decrypt(latestGlobalConfig.getPassword()));
|
||||
log.info("Existing global SMTP configuration was loaded.");
|
||||
|
||||
// Generate the latest SMTP config from environment variables and compare it to the last/saved global config
|
||||
SMTPConfiguration currentGlobalConfig = environmentSMTPConfigurationProvider.get();
|
||||
if (!currentGlobalConfig.equals(latestGlobalConfig)) {
|
||||
|
||||
log.info("Environment SMTP configuration has changed. Updating global SMTP configuration.");
|
||||
updateTenantsSmtpConfig(tenants, latestGlobalConfig, currentGlobalConfig);
|
||||
|
||||
currentGlobalConfig.setPassword(encryptionDecryptionService.encrypt(currentGlobalConfig.getPassword()));
|
||||
GlobalSMTPConfigurationEntity updatedGlobalConfig = SMTPConfigurationMapper.toEntity(currentGlobalConfig);
|
||||
smtpConfigurationPersistenceService.createUpdate(updatedGlobalConfig);
|
||||
|
||||
} else {
|
||||
log.info("No changes detected in environment SMTP configuration.");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private void initializeTenantsSmtpConfig(List<TenantEntity> tenants, SMTPConfiguration currentGlobalConfig) {
|
||||
|
||||
tenants.forEach(tenant -> processTenantSmtpConfig(tenant, currentGlobalConfig, null, true));
|
||||
}
|
||||
|
||||
|
||||
private void updateTenantsSmtpConfig(List<TenantEntity> tenants, SMTPConfiguration latestGlobalConfig, SMTPConfiguration currentGlobalConfig) {
|
||||
|
||||
tenants.forEach(tenant -> processTenantSmtpConfig(tenant, currentGlobalConfig, latestGlobalConfig, false));
|
||||
}
|
||||
|
||||
|
||||
private void processTenantSmtpConfig(TenantEntity tenant, SMTPConfiguration currentGlobalConfig, SMTPConfiguration latestGlobalConfig, boolean isInitialization) {
|
||||
|
||||
String tenantId = tenant.getTenantId();
|
||||
log.info("Processing SMTP configuration for tenant: {}", tenantId);
|
||||
|
||||
try {
|
||||
TenantContext.setTenantId(tenantId);
|
||||
SMTPConfiguration tenantSMTPConfig = getSMTPConfiguration();
|
||||
tenantSMTPConfig.setId("singleton");
|
||||
updatePassword(tenantSMTPConfig);
|
||||
|
||||
if (!StringUtils.isBlank(tenantSMTPConfig.getPassword())) {
|
||||
tenantSMTPConfig.setPassword(encryptionDecryptionService.decrypt(tenantSMTPConfig.getPassword()));
|
||||
}
|
||||
|
||||
if (isInitialization) {
|
||||
if (StringUtils.isBlank(tenantSMTPConfig.getHost())) {
|
||||
log.info("Tenant '{}' SMTP configuration has not been yet set.", tenantId);
|
||||
updateSMTPConfiguration(currentGlobalConfig);
|
||||
log.info("Tenant '{}' SMTP configuration set successfully.", tenantId);
|
||||
} else {
|
||||
log.info("Tenant '{}' SMTP configuration was already set. No action taken.", tenantId);
|
||||
}
|
||||
} else {
|
||||
if (tenantSMTPConfig.equals(latestGlobalConfig)) {
|
||||
log.info("Tenant '{}' SMTP configuration matches global. Updating to latest environment configuration.", tenantId);
|
||||
updateSMTPConfiguration(currentGlobalConfig);
|
||||
log.info("Tenant '{}' SMTP configuration updated successfully.", tenantId);
|
||||
} else {
|
||||
log.info("Tenant '{}' SMTP configuration differs from global. No action taken.", tenantId);
|
||||
}
|
||||
}
|
||||
|
||||
} catch (Exception e) {
|
||||
log.error("Error processing SMTP configuration for tenant '{}': {}", tenantId, e.getMessage());
|
||||
} finally {
|
||||
TenantContext.clear();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public SMTPConfiguration getSMTPConfiguration() {
|
||||
|
||||
var realm = realmService.realm(TenantContext.getTenantId()).toRepresentation();
|
||||
return objectMapper.convertValue(realm.getSmtpServer(), SMTPConfiguration.class);
|
||||
}
|
||||
|
||||
|
||||
public Map<String, String> convertSMTPConfigToMap(SMTPConfiguration smtpConfiguration) {
|
||||
|
||||
updatePassword(smtpConfiguration);
|
||||
smtpConfiguration.setPassword(encryptionDecryptionService.decrypt(smtpConfiguration.getPassword()));
|
||||
return convertSMTPConfigurationModelToMap(smtpConfiguration);
|
||||
}
|
||||
|
||||
|
||||
public boolean canUpdateSMTPConfig() {
|
||||
|
||||
RedactionLicenseModel licenseModel = licenseClient.getLicense();
|
||||
String activeLicenseId = licenseModel.getActiveLicense();
|
||||
Optional<License> license = licenseModel.getLicenses()
|
||||
|
||||
return licenseModel.getLicenses()
|
||||
.stream()
|
||||
.filter(l -> l.getId().equals(activeLicenseId))
|
||||
.findFirst();
|
||||
if (license.isPresent()) {
|
||||
License activeLicense = license.get();
|
||||
Optional<Feature> optionalConfigurableSMTPFeature = activeLicense.getFeatures()
|
||||
.stream()
|
||||
.filter(feature -> feature.getName().equals(CONFIGURABLE_SMTP_SERVER_FEATURE))
|
||||
.findFirst();
|
||||
if (optionalConfigurableSMTPFeature.isPresent()) {
|
||||
return (Boolean) optionalConfigurableSMTPFeature.get().getValue();
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
.filter(license -> license.getId().equals(activeLicenseId))
|
||||
.flatMap(license -> license.getFeatures()
|
||||
.stream())
|
||||
.filter(feature -> CONFIGURABLE_SMTP_SERVER_FEATURE.equals(feature.getName()))
|
||||
.map(Feature::getValue)
|
||||
.filter(Boolean.class::isInstance)
|
||||
.map(Boolean.class::cast)
|
||||
.findFirst()
|
||||
.orElse(false);
|
||||
}
|
||||
|
||||
|
||||
public void createDefaultSMTPConfiguration() {
|
||||
|
||||
SMTPConfiguration defaultConfig = environmentSMTPConfigurationProvider.get();
|
||||
updateSMTPConfiguration(defaultConfig);
|
||||
}
|
||||
|
||||
|
||||
public void updateSMTPConfiguration(SMTPConfiguration smtpConfigurationModel) {
|
||||
|
||||
String tenantId = TenantContext.getTenantId();
|
||||
var realmRepresentation = realmService.realm(tenantId).toRepresentation();
|
||||
var propertiesMap = convertSMTPConfigurationModelToMap(smtpConfigurationModel);
|
||||
realmRepresentation.setSmtpServer(propertiesMap);
|
||||
|
||||
if (smtpConfigurationModel.getPassword() != null && !smtpConfigurationModel.getPassword().matches("\\**")) {
|
||||
realmRepresentation.getAttributesOrEmpty().put(SMTP_PASSWORD_KEY, encryptionDecryptionService.encrypt(smtpConfigurationModel.getPassword()));
|
||||
}
|
||||
|
||||
realmService.realm(tenantId).update(realmRepresentation);
|
||||
}
|
||||
|
||||
|
||||
public void clearSMTPConfiguration() {
|
||||
|
||||
var realmRepresentation = realmService.realm(TenantContext.getTenantId()).toRepresentation();
|
||||
realmRepresentation.setSmtpServer(new HashMap<>());
|
||||
realmRepresentation.getAttributesOrEmpty().remove(SMTP_PASSWORD_KEY);
|
||||
realmService.realm(TenantContext.getTenantId()).update(realmRepresentation);
|
||||
}
|
||||
|
||||
|
||||
private Map<String, String> convertSMTPConfigurationModelToMap(SMTPConfiguration smtpConfigurationModel) {
|
||||
|
||||
Map<String, Object> propertiesMap = objectMapper.convertValue(smtpConfigurationModel, new TypeReference<>() {
|
||||
});
|
||||
Map<String, String> stringPropertiesMap = new HashMap<>();
|
||||
propertiesMap.forEach((key, value) -> {
|
||||
if (value != null) {
|
||||
stringPropertiesMap.put(key, value.toString());
|
||||
} else {
|
||||
stringPropertiesMap.put(key, "");
|
||||
}
|
||||
});
|
||||
return stringPropertiesMap;
|
||||
}
|
||||
|
||||
|
||||
private void updatePassword(SMTPConfiguration smtpConfiguration) {
|
||||
|
||||
if (DEFAULT_PASSWORD.equals(smtpConfiguration.getPassword())) {
|
||||
try {
|
||||
var password = realmService.realm(TenantContext.getTenantId()).toRepresentation().getAttributesOrEmpty().getOrDefault(SMTP_PASSWORD_KEY, "");
|
||||
smtpConfiguration.setPassword(password);
|
||||
} catch (Exception e) {
|
||||
log.info("No current SMTP Config exists", e);
|
||||
}
|
||||
} else {
|
||||
smtpConfiguration.setPassword(encryptionDecryptionService.encrypt(smtpConfiguration.getPassword()));
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -0,0 +1,54 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.service;
|
||||
|
||||
import java.util.Locale;
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.web.server.ResponseStatusException;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantcommons.TenantContext;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.repository.TenantRepository;
|
||||
|
||||
import lombok.AccessLevel;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.experimental.FieldDefaults;
|
||||
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
@FieldDefaults(level = AccessLevel.PRIVATE, makeFinal = true)
|
||||
public class TenantApplicationTypeService {
|
||||
|
||||
TenantUserManagementProperties tenantUserManagementProperties;
|
||||
TenantRepository tenantRepository;
|
||||
|
||||
|
||||
public TenantApplicationType getCurrent() {
|
||||
|
||||
return get(TenantContext.getTenantId());
|
||||
}
|
||||
|
||||
|
||||
public TenantApplicationType get(String tenantId) {
|
||||
|
||||
return tenantRepository.findApplicationTypeByTenantId(tenantId)
|
||||
.orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Tenant does not exist"));
|
||||
}
|
||||
|
||||
|
||||
public ApplicationTypeProperties getProperties(TenantApplicationType applicationType) {
|
||||
|
||||
return tenantUserManagementProperties.getApplicationTypes()
|
||||
.get(applicationType.name().toLowerCase(Locale.ROOT));
|
||||
}
|
||||
|
||||
|
||||
public ApplicationTypeProperties getCurrentProperties() {
|
||||
|
||||
TenantApplicationType applicationType = get(TenantContext.getTenantId());
|
||||
return getProperties(applicationType);
|
||||
}
|
||||
|
||||
}
|
||||
@ -43,6 +43,7 @@ import com.azure.storage.blob.BlobServiceClientBuilder;
|
||||
import com.azure.storage.blob.models.BlobItem;
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
import com.knecon.fforesight.tenantcommons.EncryptionDecryptionService;
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantcommons.TenantContext;
|
||||
import com.knecon.fforesight.tenantcommons.TenantProvider;
|
||||
import com.knecon.fforesight.tenantcommons.model.AzureStorageConnection;
|
||||
@ -62,10 +63,11 @@ import com.knecon.fforesight.tenantusermanagement.entity.SearchConnectionEntity;
|
||||
import com.knecon.fforesight.tenantusermanagement.entity.TenantEntity;
|
||||
import com.knecon.fforesight.tenantusermanagement.events.TenantCreatedEvent;
|
||||
import com.knecon.fforesight.tenantusermanagement.events.TenantSyncEvent;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SearchConnectionRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.CreateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SearchConnectionRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.TenantUser;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.UpdateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.repository.TenantRepository;
|
||||
import com.knecon.fforesight.tenantusermanagement.utils.JDBCUtils;
|
||||
@ -106,6 +108,8 @@ public class TenantManagementService implements TenantProvider {
|
||||
private final RealmService realmService;
|
||||
private final RabbitTemplate rabbitTemplate;
|
||||
private final StorageConfiguration storageConfiguration;
|
||||
private final SMTPService smtpService;
|
||||
private final TenantApplicationTypeService tenantApplicationTypeService;
|
||||
|
||||
@Value("${fforesight.tenant-exchange.name}")
|
||||
private String tenantExchangeName;
|
||||
@ -115,8 +119,8 @@ public class TenantManagementService implements TenantProvider {
|
||||
public TenantResponse createTenant(CreateTenantRequest tenantRequest) {
|
||||
|
||||
// For now we update the master realm theme whenever we create the tenant
|
||||
updateMasterTheme(tenantUserManagementProperties.getLoginTheme());
|
||||
updateMasterDisplayName(tenantUserManagementProperties.getApplicationName());
|
||||
updateMasterTheme(tenantApplicationTypeService.getProperties(tenantRequest.getApplicationType()).getLoginTheme());
|
||||
updateMasterDisplayName(tenantApplicationTypeService.getProperties(tenantRequest.getApplicationType()).getApplicationName());
|
||||
|
||||
log.info("Tenants are: {}",
|
||||
tenantRepository.findAll()
|
||||
@ -138,6 +142,7 @@ public class TenantManagementService implements TenantProvider {
|
||||
.tenantId(tenantRequest.getTenantId())
|
||||
.displayName(tenantRequest.getDisplayName())
|
||||
.guid(UUID.randomUUID().toString())
|
||||
.applicationType(tenantRequest.getApplicationType() != null ? tenantRequest.getApplicationType() : TenantApplicationType.RedactManager)
|
||||
.databaseConnection(DatabaseConnectionEntity.builder()
|
||||
.driver(databaseConnection.getDriver())
|
||||
.host(databaseConnection.getHost())
|
||||
@ -155,7 +160,7 @@ public class TenantManagementService implements TenantProvider {
|
||||
.password(encryptionService.encrypt(searchConnection.getPassword()))
|
||||
.numberOfShards(searchConnection.getNumberOfShards())
|
||||
.numberOfReplicas(searchConnection.getNumberOfReplicas())
|
||||
.indexPrefix(buildIndexPrefix(tenantRequest.getTenantId()))
|
||||
.indexPrefix(buildIndexPrefix(tenantRequest.getTenantId(), tenantRequest.getApplicationType()))
|
||||
.build());
|
||||
MongoDBConnection mongoDBConnection = tenantRequest.getMongoDBConnection();
|
||||
if (mongoDBConnection != null) {
|
||||
@ -205,15 +210,19 @@ public class TenantManagementService implements TenantProvider {
|
||||
log.info("Skipping creation of mongo database for this tenant");
|
||||
}
|
||||
|
||||
propagateTenantToKeyCloak(tenantRequest.getTenantId(), tenantRequest.getDefaultUsers());
|
||||
propagateTenantToKeyCloak(tenantRequest.getTenantId(), tenantRequest.getApplicationType(), tenantRequest.getDefaultUsers());
|
||||
|
||||
log.info("Updated roles for tenant: {}", tenantRequest.getTenantId());
|
||||
|
||||
TenantContext.setTenantId(tenantEntity.getTenantId());
|
||||
smtpService.createDefaultSMTPConfiguration();
|
||||
|
||||
log.info("Created default SMTP configuration.");
|
||||
|
||||
var saved = tenantPersistenceService.save(tenantEntity);
|
||||
|
||||
log.info("Persisted tenant: {}", tenantRequest.getTenantId());
|
||||
|
||||
TenantContext.setTenantId(tenantEntity.getTenantId());
|
||||
rabbitTemplate.convertAndSend(tenantExchangeName, "tenant.created", new TenantCreatedEvent(tenantEntity.getTenantId()));
|
||||
TenantContext.clear();
|
||||
|
||||
@ -293,21 +302,21 @@ public class TenantManagementService implements TenantProvider {
|
||||
log.info("Deleting mongodb database for tenant: {}", tenant.getTenantId());
|
||||
deleteMongoDBDatabase(tenant);
|
||||
deleteRealm(tenantId);
|
||||
tenantRepository.deleteById(tenant.getTenantId());
|
||||
tenantRepository.deleteByQuery(tenant.getTenantId());
|
||||
|
||||
}
|
||||
|
||||
|
||||
private String buildIndexPrefix(String tenantId) {
|
||||
private String buildIndexPrefix(String tenantId, TenantApplicationType applicationType) {
|
||||
|
||||
return tenantUserManagementProperties.getAppPrefix() + "_" + tenantId;
|
||||
return tenantApplicationTypeService.getProperties(applicationType).getAppPrefix() + "_" + tenantId;
|
||||
}
|
||||
|
||||
|
||||
private void propagateTenantToKeyCloak(String tenantId, List<TenantUser> usersToCreate) throws InterruptedException {
|
||||
private void propagateTenantToKeyCloak(String tenantId, TenantApplicationType applicationType, List<TenantUser> usersToCreate) throws InterruptedException {
|
||||
|
||||
log.info("Creating or updating realm for tenant: {}", tenantId);
|
||||
createOrUpdateRealm(tenantId, usersToCreate);
|
||||
createOrUpdateRealm(tenantId, applicationType, usersToCreate);
|
||||
|
||||
var waitTime = 0;
|
||||
boolean realmReady;
|
||||
@ -328,8 +337,8 @@ public class TenantManagementService implements TenantProvider {
|
||||
|
||||
setPasswordPolicyForRealm(tenantId);
|
||||
|
||||
generalConfigurationService.initGeneralConfiguration(tenantId);
|
||||
keyCloakRoleManagerService.updateRoles(tenantId);
|
||||
generalConfigurationService.initGeneralConfiguration(tenantId, applicationType);
|
||||
keyCloakRoleManagerService.updateRoles(tenantId, applicationType);
|
||||
}
|
||||
|
||||
|
||||
@ -430,9 +439,9 @@ public class TenantManagementService implements TenantProvider {
|
||||
}
|
||||
|
||||
|
||||
public void createOrUpdateRealm(String tenantId, List<TenantUser> users) {
|
||||
public void createOrUpdateRealm(String tenantId, TenantApplicationType applicationType, List<TenantUser> users) {
|
||||
|
||||
if (syncRealmIfExists(tenantId, users)) {
|
||||
if (syncRealmIfExists(tenantId, applicationType, users)) {
|
||||
log.info("Updated realm for tenant: {}", tenantId);
|
||||
return;
|
||||
}
|
||||
@ -441,12 +450,12 @@ public class TenantManagementService implements TenantProvider {
|
||||
realm.setId(tenantId);
|
||||
realm.setRealm(tenantId);
|
||||
realm.setEnabled(true);
|
||||
setRealmProperties(realm);
|
||||
setRealmProperties(realm, applicationType);
|
||||
|
||||
var clients = getRealmClients();
|
||||
var clients = getRealmClients(applicationType);
|
||||
realm.setClients(clients);
|
||||
|
||||
realm.setRoles(getRealmRoles());
|
||||
realm.setRoles(getRealmRoles(applicationType));
|
||||
|
||||
if (users != null) {
|
||||
realm.setUsers(users.stream()
|
||||
@ -473,18 +482,19 @@ public class TenantManagementService implements TenantProvider {
|
||||
}
|
||||
|
||||
|
||||
private boolean syncRealmIfExists(String tenantId, List<TenantUser> users) {
|
||||
private boolean syncRealmIfExists(String tenantId, TenantApplicationType applicationType, List<TenantUser> users) {
|
||||
|
||||
try {
|
||||
var existingRealm = getRealmResource(tenantId).toRepresentation();
|
||||
if (existingRealm != null) {
|
||||
log.info("Updating existing realm: {}", tenantId);
|
||||
existingRealm.setLoginTheme(tenantUserManagementProperties.getDefaultTheme());
|
||||
existingRealm.setEmailTheme(tenantUserManagementProperties.getDefaultTheme());
|
||||
existingRealm.setAccountTheme(tenantUserManagementProperties.getDefaultTheme());
|
||||
existingRealm.setAccessTokenLifespan(tenantUserManagementProperties.getAccessTokenLifeSpan());
|
||||
existingRealm.setSsoSessionIdleTimeout(tenantUserManagementProperties.getSsoSessionIdleTimeout());
|
||||
var clients = getRealmClients();
|
||||
ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(applicationType);
|
||||
existingRealm.setLoginTheme(applicationTypeProperties.getDefaultTheme());
|
||||
existingRealm.setEmailTheme(applicationTypeProperties.getDefaultTheme());
|
||||
existingRealm.setAccountTheme(applicationTypeProperties.getDefaultTheme());
|
||||
existingRealm.setAccessTokenLifespan(applicationTypeProperties.getAccessTokenLifeSpan());
|
||||
existingRealm.setSsoSessionIdleTimeout(applicationTypeProperties.getSsoSessionIdleTimeout());
|
||||
var clients = getRealmClients(applicationType);
|
||||
var relevantClientNames = clients.stream()
|
||||
.map(c -> c.getClientId().toLowerCase(Locale.getDefault()))
|
||||
.collect(Collectors.toSet());
|
||||
@ -500,13 +510,16 @@ public class TenantManagementService implements TenantProvider {
|
||||
clients.forEach(c -> getRealmResource(tenantId).clients().create(c));
|
||||
|
||||
existingRealm.setClients(clients);
|
||||
existingRealm.setRoles(getRealmRoles());
|
||||
existingRealm.setRoles(getRealmRoles(applicationType));
|
||||
|
||||
if (users != null) {
|
||||
|
||||
var userRepresentationlist = users.stream()
|
||||
.map(this::toUserRepresentation)
|
||||
.toList();
|
||||
if (existingRealm.getUsers() == null) {
|
||||
existingRealm.setUsers(new ArrayList<>());
|
||||
}
|
||||
List<UserRepresentation> toUpdate = userRepresentationlist.stream()
|
||||
.filter(existingRealm.getUsers()::contains)
|
||||
.toList();
|
||||
@ -517,11 +530,13 @@ public class TenantManagementService implements TenantProvider {
|
||||
.stream()
|
||||
.findFirst()
|
||||
.ifPresent(userRepresentation -> {
|
||||
getRealmResource(tenantId).users().get(userRepresentation.getId()).update(user);
|
||||
getRealmResource(tenantId).users()
|
||||
.get(userRepresentation.getId()).update(user);
|
||||
}));
|
||||
|
||||
existingRealm.getUsers().addAll(toAdd);
|
||||
} getRealmResource(tenantId).update(existingRealm);
|
||||
}
|
||||
getRealmResource(tenantId).update(existingRealm);
|
||||
return true;
|
||||
}
|
||||
} catch (NotFoundException e) {
|
||||
@ -529,7 +544,8 @@ public class TenantManagementService implements TenantProvider {
|
||||
} catch (Exception e) {
|
||||
log.warn("Failed to update realm: {}", tenantId, e);
|
||||
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Failed to update realm: " + tenantId);
|
||||
} return false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@ -539,16 +555,17 @@ public class TenantManagementService implements TenantProvider {
|
||||
}
|
||||
|
||||
|
||||
private RolesRepresentation getRealmRoles() {
|
||||
private RolesRepresentation getRealmRoles(TenantApplicationType applicationType) {
|
||||
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(applicationType);
|
||||
var allRoles = applicationTypeProperties.getKcRoleMapping().getAllRoles();
|
||||
|
||||
var roles = new ArrayList<RoleRepresentation>();
|
||||
for (String applicationRole : allRoles) {
|
||||
var role = new RoleRepresentation();
|
||||
role.setComposite(true);
|
||||
role.setName(applicationRole);
|
||||
role.setContainerId(tenantUserManagementProperties.getApplicationClientId());
|
||||
role.setContainerId(applicationTypeProperties.getApplicationClientId());
|
||||
roles.add(role);
|
||||
}
|
||||
|
||||
@ -558,16 +575,18 @@ public class TenantManagementService implements TenantProvider {
|
||||
}
|
||||
|
||||
|
||||
private List<ClientRepresentation> getRealmClients() {
|
||||
private List<ClientRepresentation> getRealmClients(TenantApplicationType applicationType) {
|
||||
|
||||
ApplicationTypeProperties appTypeProperties = tenantApplicationTypeService.getProperties(applicationType);
|
||||
|
||||
var applicationClient = new ClientRepresentation();
|
||||
applicationClient.setEnabled(true);
|
||||
applicationClient.setName(tenantUserManagementProperties.getApplicationClientId());
|
||||
applicationClient.setClientId(tenantUserManagementProperties.getApplicationClientId());
|
||||
applicationClient.setName(appTypeProperties.getApplicationClientId());
|
||||
applicationClient.setClientId(appTypeProperties.getApplicationClientId());
|
||||
applicationClient.setStandardFlowEnabled(true);
|
||||
applicationClient.setImplicitFlowEnabled(true);
|
||||
applicationClient.setDirectAccessGrantsEnabled(true);
|
||||
applicationClient.setRedirectUris(tenantUserManagementProperties.getValidRedirectUris());
|
||||
applicationClient.setRedirectUris(appTypeProperties.getValidRedirectUris());
|
||||
applicationClient.setWebOrigins(List.of("+"));
|
||||
applicationClient.setPublicClient(true);
|
||||
setPostLogoutRedirectUriForClient(applicationClient);
|
||||
@ -582,7 +601,7 @@ public class TenantManagementService implements TenantProvider {
|
||||
swaggerClient.setDirectAccessGrantsEnabled(false);
|
||||
swaggerClient.setServiceAccountsEnabled(true);
|
||||
swaggerClient.setAuthorizationServicesEnabled(true);
|
||||
swaggerClient.setRedirectUris(tenantUserManagementProperties.getValidRedirectUris());
|
||||
swaggerClient.setRedirectUris(appTypeProperties.getValidRedirectUris());
|
||||
swaggerClient.setWebOrigins(List.of("+"));
|
||||
setPostLogoutRedirectUriForClient(swaggerClient);
|
||||
|
||||
@ -590,15 +609,16 @@ public class TenantManagementService implements TenantProvider {
|
||||
}
|
||||
|
||||
|
||||
private void setRealmProperties(RealmRepresentation realm) {
|
||||
private void setRealmProperties(RealmRepresentation realm, TenantApplicationType tenantApplicationType) {
|
||||
|
||||
realm.setLoginTheme(tenantUserManagementProperties.getDefaultTheme());
|
||||
realm.setEmailTheme(tenantUserManagementProperties.getDefaultTheme());
|
||||
realm.setAccountTheme(tenantUserManagementProperties.getDefaultTheme());
|
||||
realm.setAccessTokenLifespan(tenantUserManagementProperties.getAccessTokenLifeSpan());
|
||||
realm.setSsoSessionIdleTimeout(tenantUserManagementProperties.getSsoSessionIdleTimeout());
|
||||
ApplicationTypeProperties currentAppTypeProperties = tenantApplicationTypeService.getProperties(tenantApplicationType);
|
||||
realm.setLoginTheme(currentAppTypeProperties.getDefaultTheme());
|
||||
realm.setEmailTheme(currentAppTypeProperties.getDefaultTheme());
|
||||
realm.setAccountTheme(currentAppTypeProperties.getDefaultTheme());
|
||||
realm.setAccessTokenLifespan(currentAppTypeProperties.getAccessTokenLifeSpan());
|
||||
realm.setSsoSessionIdleTimeout(currentAppTypeProperties.getSsoSessionIdleTimeout());
|
||||
realm.setRevokeRefreshToken(true);
|
||||
realm.setRefreshTokenMaxReuse(tenantUserManagementProperties.getRefreshTokenMaxReuse());
|
||||
realm.setRefreshTokenMaxReuse(currentAppTypeProperties.getRefreshTokenMaxReuse());
|
||||
|
||||
if (!ObjectUtils.isEmpty(tenantUserManagementProperties.getPublicServerUrl())) {
|
||||
Map<String, String> attributes = new HashMap<>();
|
||||
@ -779,7 +799,7 @@ public class TenantManagementService implements TenantProvider {
|
||||
.build());
|
||||
}
|
||||
|
||||
propagateTenantToKeyCloak(tenantId, null);
|
||||
propagateTenantToKeyCloak(tenantId, tenantEntity.getApplicationType(), null);
|
||||
|
||||
TenantResponse tenantResponse = convert(tenantRepository.save(tenantEntity));
|
||||
|
||||
@ -808,6 +828,13 @@ public class TenantManagementService implements TenantProvider {
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public TenantApplicationType getTenantApplicationType(String tenantId) {
|
||||
|
||||
return tenantApplicationTypeService.get(tenantId);
|
||||
}
|
||||
|
||||
|
||||
public TenantResponse removePasswords(TenantResponse tenantResponse) {
|
||||
|
||||
if (tenantResponse.getDatabaseConnection() != null) {
|
||||
@ -837,7 +864,7 @@ public class TenantManagementService implements TenantProvider {
|
||||
private TenantResponse convert(TenantEntity entity) {
|
||||
|
||||
var authDetails = realmService.getOpenIdConnectDetails(entity.getTenantId());
|
||||
var roleMapping = tenantUserManagementProperties.getKcRoleMapping();
|
||||
var roleMapping = tenantApplicationTypeService.getProperties(entity.getApplicationType()).getKcRoleMapping();
|
||||
authDetails.setClientRoles(roleMapping.getPermissions());
|
||||
authDetails.setRealmRoles(roleMapping.getAllRoles());
|
||||
|
||||
@ -847,6 +874,7 @@ public class TenantManagementService implements TenantProvider {
|
||||
.guid(entity.getGuid())
|
||||
.authDetails(authDetails)
|
||||
.details(entity.getDetails())
|
||||
.applicationType(entity.getApplicationType())
|
||||
.databaseConnection(DatabaseConnection.builder()
|
||||
.driver(entity.getDatabaseConnection().getDriver())
|
||||
.host(entity.getDatabaseConnection().getHost())
|
||||
@ -941,14 +969,15 @@ public class TenantManagementService implements TenantProvider {
|
||||
public void syncTenant(String tenantId, JsonNode payload) {
|
||||
|
||||
log.info("Syncing Realm: {}", tenantId);
|
||||
syncRealmIfExists(tenantId, null);
|
||||
setPasswordPolicyForRealm(tenantId);
|
||||
generalConfigurationService.initGeneralConfiguration(tenantId);
|
||||
keyCloakRoleManagerService.updateRoles(tenantId);
|
||||
propagateTenantToKeyCloak(tenantId, null);
|
||||
log.info("Realm: {} synced", tenantId);
|
||||
|
||||
TenantContext.setTenantId(tenantId);
|
||||
TenantApplicationType tenantApplicationType = getTenantApplicationType(tenantId);
|
||||
syncRealmIfExists(tenantId, tenantApplicationType, null);
|
||||
setPasswordPolicyForRealm(tenantId);
|
||||
generalConfigurationService.initGeneralConfiguration(tenantId, tenantApplicationType);
|
||||
keyCloakRoleManagerService.updateRoles(tenantId, tenantApplicationType);
|
||||
|
||||
propagateTenantToKeyCloak(tenantId, tenantApplicationType, null);
|
||||
log.info("Realm: {} synced", tenantId);
|
||||
rabbitTemplate.convertAndSend(tenantExchangeName, "tenant.sync", new TenantSyncEvent(tenantId, payload));
|
||||
TenantContext.clear();
|
||||
|
||||
|
||||
@ -14,7 +14,6 @@ import org.springframework.retry.support.RetryTemplate;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import com.knecon.fforesight.tenantusermanagement.model.User;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
@ -26,7 +25,7 @@ public class UserListingService {
|
||||
|
||||
private final RealmService realmService;
|
||||
|
||||
private final TenantUserManagementProperties tenantUserManagementProperties;
|
||||
private final TenantApplicationTypeService tenantApplicationTypeService;
|
||||
private final RetryTemplate retryTemplate = RetryTemplate.builder().maxAttempts(3).exponentialBackoff(1000, 2, 5000).build();
|
||||
|
||||
|
||||
@ -41,7 +40,7 @@ public class UserListingService {
|
||||
Map<String, Set<String>> usersByRole = new HashMap<>();
|
||||
if (!allUsers.isEmpty()) {
|
||||
var realmRoles = realm.roles().list().stream().map(r -> r.getName().toUpperCase(Locale.ROOT)).collect(Collectors.toSet());
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
for (var role : allRoles) {
|
||||
if (realmRoles.contains(role)) {
|
||||
List<UserRepresentation> users = realm.roles().get(role).getUserMembers(0, 500);
|
||||
@ -71,7 +70,7 @@ public class UserListingService {
|
||||
users.add(user);
|
||||
}
|
||||
|
||||
var roleComposites = tenantUserManagementProperties.getKcRoleMapping().getRoleComposites();
|
||||
var roleComposites = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getRoleComposites();
|
||||
users.forEach(user -> {
|
||||
for (var parentRole : roleComposites.keySet()) {
|
||||
if (user.getRoles().contains(parentRole)) {
|
||||
|
||||
@ -59,6 +59,7 @@ public class UserService {
|
||||
private final TenantUserManagementProperties tenantUserManagementProperties;
|
||||
private final UserListingService userListingService;
|
||||
private final RabbitTemplate rabbitTemplate;
|
||||
private final TenantApplicationTypeService tenantApplicationTypeService;
|
||||
|
||||
@Value("${fforesight.user-exchange.name}")
|
||||
private String userExchangeName;
|
||||
@ -86,7 +87,7 @@ public class UserService {
|
||||
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Email address format is not valid");
|
||||
}
|
||||
|
||||
tenantUserManagementProperties.getKcRoleMapping().validateRoles(user.getRoles());
|
||||
tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().validateRoles(user.getRoles());
|
||||
|
||||
UserRepresentation userRepresentation = new UserRepresentation();
|
||||
userRepresentation.setUsername(username);
|
||||
@ -130,9 +131,10 @@ public class UserService {
|
||||
}
|
||||
|
||||
|
||||
|
||||
public void checkRankOrderForAssigningRole(Set<String> newRoles, Set<String> currentUserRoles) {
|
||||
|
||||
var roleMapping = tenantUserManagementProperties.getKcRoleMapping();
|
||||
var roleMapping = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping();
|
||||
var maxRank = currentUserRoles.stream()
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.max(Integer::compare)
|
||||
@ -156,7 +158,7 @@ public class UserService {
|
||||
return userResource.roles().realmLevel().listEffective()
|
||||
.stream()
|
||||
.map(RoleRepresentation::getName)
|
||||
.filter(r -> tenantUserManagementProperties.getKcRoleMapping().isValidRole(r))
|
||||
.filter(r -> tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().isValidRole(r))
|
||||
.collect(Collectors.toSet());
|
||||
}
|
||||
|
||||
@ -179,7 +181,7 @@ public class UserService {
|
||||
@CacheEvict(value = "${commons.keycloak.userCache}", allEntries = true, beforeInvocation = true)
|
||||
public User setRoles(String userId, Set<String> newRoles, Set<String> currentUserRoles) {
|
||||
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
newRoles.forEach(role -> {
|
||||
|
||||
if (!allRoles.contains(role) || ApplicationRoles.isKneconRole(role)) {
|
||||
@ -215,7 +217,7 @@ public class UserService {
|
||||
@CacheEvict(value = "${commons.keycloak.userCache}", allEntries = true, beforeInvocation = true)
|
||||
public void removeRolesForDeletion(String userId, Set<String> roles) {
|
||||
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
roles.forEach(role -> {
|
||||
|
||||
if (!allRoles.contains(role)) {
|
||||
@ -236,34 +238,68 @@ public class UserService {
|
||||
@CacheEvict(value = "${commons.keycloak.userCache}", allEntries = true, beforeInvocation = true)
|
||||
public void validateSufficientRoles(String userId, Set<String> userRoles, Set<String> newRoles, Set<String> currentUserRoles) {
|
||||
|
||||
var roleMapping = tenantUserManagementProperties.getKcRoleMapping();
|
||||
var maxRank = currentUserRoles.stream()
|
||||
var roleMapping = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping();
|
||||
|
||||
int maxCurrentUserRank = currentUserRoles.stream()
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.max(Integer::compare)
|
||||
.orElse(-1);
|
||||
var newRolesRank = newRoles.stream()
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.toList();
|
||||
var maxNewRolesRank = newRolesRank.stream()
|
||||
.max(Integer::compare)
|
||||
.orElse(-1);
|
||||
|
||||
var untouchableRoles = userRoles.stream()
|
||||
Set<String> untouchableRoles = userRoles.stream()
|
||||
.filter(roleMapping::isValidRole)
|
||||
.map(roleMapping::getRole)
|
||||
.filter(r -> r.getRank() > maxRank || ApplicationRoles.isKneconRole(r.getName()))
|
||||
.filter(r -> r.getRank() > maxCurrentUserRank && !ApplicationRoles.isKneconRole(r.getName()))
|
||||
.map(KCRole::getName)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
if (maxNewRolesRank > maxRank) {
|
||||
Set<String> kneconRoles = userRoles.stream()
|
||||
.filter(roleMapping::isValidRole)
|
||||
.map(roleMapping::getRole)
|
||||
.map(KCRole::getName)
|
||||
.filter(ApplicationRoles::isKneconRole)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
int maxNewRolesRank = newRoles.stream()
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.max(Integer::compare)
|
||||
.orElse(-1);
|
||||
|
||||
newRoles.addAll(kneconRoles);
|
||||
|
||||
int maxNewRolesRankIncludingKnecon = newRoles.stream()
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.max(Integer::compare)
|
||||
.orElse(-1);
|
||||
|
||||
ensureNoHigherRankAssigned(maxCurrentUserRank, maxNewRolesRank);
|
||||
ensureUntouchableRolesPreserved(untouchableRoles, newRoles);
|
||||
ensureHighestRankNotRemovedFromSelf(userId, maxCurrentUserRank, maxNewRolesRankIncludingKnecon, roleMapping.getMaxRank());
|
||||
}
|
||||
|
||||
|
||||
private void ensureNoHigherRankAssigned(int maxCurrentUserRank, int maxNewRolesRank) {
|
||||
|
||||
if (maxNewRolesRank > maxCurrentUserRank) {
|
||||
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Cannot assign this role to that user. Insufficient rights");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private void ensureUntouchableRolesPreserved(Set<String> untouchableRoles, Set<String> newRoles) {
|
||||
|
||||
if (!newRoles.containsAll(untouchableRoles)) {
|
||||
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Cannot modify some roles for this user. Insufficient rights");
|
||||
}
|
||||
}
|
||||
|
||||
if (userId.equalsIgnoreCase(KeycloakSecurity.getUserId()) && maxRank.equals(roleMapping.getMaxRank()) && !maxNewRolesRank.equals(maxRank)) {
|
||||
|
||||
private void ensureHighestRankNotRemovedFromSelf(String userId, int maxCurrentUserRank, int maxNewRolesRankIncludingKnecon, int overallMaxRank) {
|
||||
|
||||
boolean isSelf = userId.equalsIgnoreCase(KeycloakSecurity.getUserId());
|
||||
boolean isUserHighestRank = maxCurrentUserRank == overallMaxRank;
|
||||
boolean highestRankRemoved = !Integer.valueOf(maxNewRolesRankIncludingKnecon).equals(maxCurrentUserRank);
|
||||
|
||||
if (isSelf && isUserHighestRank && highestRankRemoved) {
|
||||
throw new ResponseStatusException(HttpStatus.CONFLICT, "Cannot remove highest ranking role from self.");
|
||||
}
|
||||
}
|
||||
@ -345,7 +381,7 @@ public class UserService {
|
||||
.realm(TenantContext.getTenantId())
|
||||
.username(username)
|
||||
.password(password)
|
||||
.clientId(tenantUserManagementProperties.getApplicationClientId())
|
||||
.clientId(tenantApplicationTypeService.getCurrentProperties().getApplicationClientId())
|
||||
.grantType(OAuth2Constants.PASSWORD)
|
||||
.resteasyClient(new ResteasyClientBuilderImpl().connectionTTL(2, TimeUnit.SECONDS)
|
||||
.hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
|
||||
@ -406,7 +442,7 @@ public class UserService {
|
||||
var user = userListingService.convertBasicUser(userRepresentation);
|
||||
user.setRoles(getRoles(user.getUserId()));
|
||||
|
||||
var roleComposites = tenantUserManagementProperties.getKcRoleMapping().getRoleComposites();
|
||||
var roleComposites = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getRoleComposites();
|
||||
for (var parentRole : roleComposites.keySet()) {
|
||||
if (user.getRoles().contains(parentRole)) {
|
||||
user.getRoles().addAll(roleComposites.get(parentRole));
|
||||
@ -424,7 +460,7 @@ public class UserService {
|
||||
log.warn("User with id=" + id + " contains null role mappings.");
|
||||
return new TreeSet<>();
|
||||
}
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
return realmMappings.stream()
|
||||
.map(RoleRepresentation::getName)
|
||||
.filter(allRoles::contains)
|
||||
@ -531,7 +567,7 @@ public class UserService {
|
||||
var currentRoles = getRoles(userId);
|
||||
|
||||
if (isActive && currentRoles.isEmpty()) { // add RED_USER role
|
||||
setRoles(userId, tenantUserManagementProperties.getKcRoleMapping().getDefaultRoles());
|
||||
setRoles(userId, tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getDefaultRoles());
|
||||
}
|
||||
|
||||
var toggledUser = getUserByUsername(userRepresentation.getUsername());
|
||||
@ -647,12 +683,13 @@ public class UserService {
|
||||
return ValidationResult.INVALID;
|
||||
}
|
||||
|
||||
var roleMapping = tenantUserManagementProperties.getKcRoleMapping();
|
||||
var roleMapping = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping();
|
||||
var maxRank = currentRoles.stream()
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.max(Integer::compare)
|
||||
.orElse(-1);
|
||||
var targetRank = userRoles.stream()
|
||||
.filter(ApplicationRoles::isNoKneconRole)
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.max(Integer::compare)
|
||||
.orElse(-1);
|
||||
|
||||
@ -0,0 +1,60 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.utils;
|
||||
|
||||
import com.knecon.fforesight.tenantusermanagement.entity.GlobalSMTPConfigurationEntity;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SMTPConfiguration;
|
||||
|
||||
import lombok.experimental.UtilityClass;
|
||||
|
||||
@UtilityClass
|
||||
public final class SMTPConfigurationMapper {
|
||||
|
||||
public static GlobalSMTPConfigurationEntity toEntity(SMTPConfiguration smtpConfig) {
|
||||
|
||||
if (smtpConfig == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return GlobalSMTPConfigurationEntity.builder()
|
||||
.id("singleton")
|
||||
.auth(smtpConfig.isAuth())
|
||||
.envelopeFrom(smtpConfig.getEnvelopeFrom())
|
||||
.fromEmail(smtpConfig.getFrom())
|
||||
.fromDisplayName(smtpConfig.getFromDisplayName())
|
||||
.host(smtpConfig.getHost())
|
||||
.password(smtpConfig.getPassword())
|
||||
.port(smtpConfig.getPort())
|
||||
.replyTo(smtpConfig.getReplyTo())
|
||||
.replyToDisplayName(smtpConfig.getReplyToDisplayName())
|
||||
.ssl(smtpConfig.isSsl())
|
||||
.starttls(smtpConfig.isStarttls())
|
||||
.userName(smtpConfig.getUser())
|
||||
.build();
|
||||
}
|
||||
|
||||
|
||||
public static SMTPConfiguration toModel(GlobalSMTPConfigurationEntity entity) {
|
||||
|
||||
if (entity == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
SMTPConfiguration smtpConfig = new SMTPConfiguration();
|
||||
smtpConfig.setId(entity.getId());
|
||||
smtpConfig.setAuth(entity.getAuth() != null && entity.getAuth());
|
||||
smtpConfig.setEnvelopeFrom(entity.getEnvelopeFrom());
|
||||
smtpConfig.setFrom(entity.getFromEmail());
|
||||
smtpConfig.setFromDisplayName(entity.getFromDisplayName());
|
||||
smtpConfig.setHost(entity.getHost());
|
||||
smtpConfig.setPassword(entity.getPassword());
|
||||
smtpConfig.setPort(entity.getPort());
|
||||
smtpConfig.setReplyTo(entity.getReplyTo());
|
||||
smtpConfig.setReplyToDisplayName(entity.getReplyToDisplayName());
|
||||
smtpConfig.setSsl(entity.getSsl() != null && entity.getSsl());
|
||||
smtpConfig.setStarttls(entity.getStarttls() != null && entity.getStarttls());
|
||||
smtpConfig.setUser(entity.getUserName());
|
||||
|
||||
return smtpConfig;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -1,128 +0,0 @@
|
||||
fforesight:
|
||||
tenant-user-management:
|
||||
application-client-id: 'fforesight'
|
||||
application-name: 'Clarifynd'
|
||||
client-id: 'manager'
|
||||
accessTokenLifeSpan: 3600
|
||||
ssoSessionIdleTimeout: 86400
|
||||
realm: master
|
||||
default-theme: 'clarifynd'
|
||||
valid-redirect-uris: [ '/search/*', '/bdr-connector/*', '/sdi/*', '/tenant-user-management/*','http://localhost:4200/*', 'http://localhost:4300/*', '/ui/*' ,'/auth/*','/persistence/*', '/audit/*', '/contextual-query/*' ]
|
||||
kc-role-mapping:
|
||||
roles:
|
||||
- name: FF_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-search'
|
||||
- 'fforesight-view-document'
|
||||
- 'fforesight-user-upload-files'
|
||||
- 'fforesight-user-manage-files'
|
||||
- 'fforesight-user-view-files'
|
||||
- 'fforesight-user-manage-analysis'
|
||||
- 'fforesight-user-view-analysis'
|
||||
- 'fforesight-user-view-favourites'
|
||||
- 'fforesight-user-add-to-favourites'
|
||||
- 'fforesight-user-delete-from-favourites'
|
||||
- 'fforesight-user-view-paragraph-tags'
|
||||
- 'fforesight-user-add-to-paragraph-tags'
|
||||
- 'fforesight-user-delete-from-paragraph-tags'
|
||||
- 'fforesight-read-tag'
|
||||
- 'fforesight-write-tag'
|
||||
- 'fforesight-download-file'
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions:
|
||||
- "red-read-license"
|
||||
- "red-update-license"
|
||||
- "red-get-similiar-images"
|
||||
- "fforesight-get-tenants"
|
||||
- "fforesight-create-tenant"
|
||||
- "fforesight-update-tenant"
|
||||
- "fforesight-delete-tenant"
|
||||
- "fforesight-read-users"
|
||||
- "fforesight-read-all-users"
|
||||
- "fforesight-write-users"
|
||||
- "fforesight-read-smtp-configuration"
|
||||
- "fforesight-write-smtp-configuration"
|
||||
- "fforesight-read-identity-provider-config"
|
||||
- "fforesight-write-identity-provider-config"
|
||||
- "red-unarchive-dossier"
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions:
|
||||
- "red-read-license"
|
||||
- "red-update-license"
|
||||
- "red-get-similiar-images"
|
||||
- "fforesight-get-tenants"
|
||||
- "fforesight-create-tenant"
|
||||
- "fforesight-update-tenant"
|
||||
- "fforesight-delete-tenant"
|
||||
- "fforesight-read-users"
|
||||
- "fforesight-read-all-users"
|
||||
- "fforesight-write-users"
|
||||
- "fforesight-read-smtp-configuration"
|
||||
- "fforesight-write-smtp-configuration"
|
||||
- "fforesight-read-identity-provider-config"
|
||||
- "fforesight-write-identity-provider-config"
|
||||
- "red-unarchive-dossier"
|
||||
- name: FF_ADMIN
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- "fforesight-read-identity-provider-config"
|
||||
- "fforesight-write-identity-provider-config"
|
||||
- 'fforesight-search'
|
||||
- 'fforesight-search-audit-log'
|
||||
- 'fforesight-view-document'
|
||||
- 'fforesight-user-upload-files'
|
||||
- 'fforesight-user-manage-files'
|
||||
- 'fforesight-user-view-files'
|
||||
- 'fforesight-user-manage-analysis'
|
||||
- 'fforesight-user-view-analysis'
|
||||
- 'fforesight-user-view-favourites'
|
||||
- 'fforesight-user-add-to-favourites'
|
||||
- 'fforesight-user-view-paragraph-tags'
|
||||
- 'fforesight-user-add-to-paragraph-tags'
|
||||
- 'fforesight-user-delete-from-paragraph-tags'
|
||||
- 'fforesight-user-delete-from-favourites'
|
||||
- 'fforesight-system-upload-files'
|
||||
- 'fforesight-system-manage-files'
|
||||
- 'fforesight-system-view-files'
|
||||
- 'fforesight-system-manage-analysis'
|
||||
- 'fforesight-system-view-analysis'
|
||||
- 'fforesight-download-file'
|
||||
- 'fforesight-sdi-view-task'
|
||||
- 'fforesight-sdi-start-task'
|
||||
- 'fforesight-sdi-stop-task'
|
||||
- 'fforesight-read-tag'
|
||||
- 'fforesight-write-tag'
|
||||
- 'taas-bdr-connector-view-task'
|
||||
- 'taas-bdr-connector-start-task'
|
||||
- 'taas-bdr-connector-stop-task'
|
||||
springdoc:
|
||||
default-tenant: 'fforesight'
|
||||
|
||||
@ -1,91 +0,0 @@
|
||||
server:
|
||||
port: 8091
|
||||
|
||||
|
||||
fforesight:
|
||||
tenant-user-management:
|
||||
server-url: http://localhost:8080
|
||||
client-secret: p2InUtjQUDSlwsXyEUFuYrSWi1BeZD1P
|
||||
client-id: manager
|
||||
realm: master
|
||||
kc-role-mapping:
|
||||
roles:
|
||||
- name: SUPER_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-delete-tenant'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
application-name: "redaction"
|
||||
springdoc:
|
||||
auth-server-url: http://localhost:8080
|
||||
|
||||
dev.tenant.storage:
|
||||
mode: 'S3'
|
||||
s3:
|
||||
key: minioadmin
|
||||
secret: minioadmin
|
||||
bucket: redaction
|
||||
endpoint: http://localhost:9000
|
||||
|
||||
dev.tenant.db:
|
||||
port: 5432
|
||||
host: localhost
|
||||
database: master
|
||||
schema: public
|
||||
username: fforesight
|
||||
password: fforesight
|
||||
|
||||
cors.enabled: true
|
||||
93
src/main/resources/application-dev.yml
Normal file
93
src/main/resources/application-dev.yml
Normal file
@ -0,0 +1,93 @@
|
||||
server:
|
||||
port: 8091
|
||||
|
||||
|
||||
fforesight:
|
||||
tenant-user-management:
|
||||
server-url: http://localhost:8080
|
||||
client-secret: p2InUtjQUDSlwsXyEUFuYrSWi1BeZD1P
|
||||
client-id: manager
|
||||
realm: master
|
||||
application-types:
|
||||
redactmanager:
|
||||
kc-role-mapping:
|
||||
roles:
|
||||
- name: SUPER_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-delete-tenant'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
application-name: "redaction"
|
||||
springdoc:
|
||||
auth-server-url: http://localhost:8080
|
||||
|
||||
dev.tenant.storage:
|
||||
mode: 'S3'
|
||||
s3:
|
||||
key: minioadmin
|
||||
secret: minioadmin
|
||||
bucket: redaction
|
||||
endpoint: http://localhost:9000
|
||||
|
||||
dev.tenant.db:
|
||||
port: 5432
|
||||
host: localhost
|
||||
database: master
|
||||
schema: public
|
||||
username: fforesight
|
||||
password: fforesight
|
||||
|
||||
cors.enabled: true
|
||||
@ -1,61 +0,0 @@
|
||||
fforesight:
|
||||
tenant-user-management:
|
||||
application-client-id: 'redaction'
|
||||
application-name: 'Documine'
|
||||
client-id: 'manager'
|
||||
tenant-access-token-life-span: 300
|
||||
realm: master
|
||||
default-theme: 'scm'
|
||||
valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ]
|
||||
kc-role-mapping:
|
||||
unmappedPermissions: [ "red-get-tables", "red-unarchive-dossier", "red-update-license", "fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ]
|
||||
compositeRoles:
|
||||
- name: RED_MANAGER
|
||||
composites:
|
||||
- name: RED_USER
|
||||
- name: RED_ADMIN
|
||||
composites:
|
||||
- name: RED_USER_ADMIN
|
||||
|
||||
|
||||
roles:
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ]
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ]
|
||||
- name: RED_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions: [ "red-get-rss", "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type",
|
||||
"red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file",
|
||||
"red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file",
|
||||
"red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request",
|
||||
"red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config",
|
||||
"red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis",
|
||||
"red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "fforesight-read-users", "red-read-versions", "red-reanalyze-dossier",
|
||||
"red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval",
|
||||
"fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ]
|
||||
- name: RED_ADMIN
|
||||
set-by-default: false
|
||||
rank: 800
|
||||
permissions: [ "red-add-dictionary-entry", "red-get-similar-images","red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type",
|
||||
"red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types",
|
||||
"red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config",
|
||||
"red-read-legal-basis", "red-read-license-report", "red-read-notification", "red-read-rules", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config",
|
||||
"red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ]
|
||||
- name: RED_MANAGER
|
||||
set-by-default: false
|
||||
rank: 200
|
||||
permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ]
|
||||
- name: RED_USER_ADMIN
|
||||
set-by-default: false
|
||||
rank: 400
|
||||
permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-dossier", "red-read-app-configuration", "fforesight-read-general-configuration",
|
||||
"red-read-notification", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ]
|
||||
|
||||
springdoc:
|
||||
default-tenant: 'redaction'
|
||||
@ -1,54 +0,0 @@
|
||||
server:
|
||||
port: 8091
|
||||
|
||||
|
||||
fforesight:
|
||||
tenant-user-management:
|
||||
server-url: http://localhost:8080
|
||||
client-secret: muEZIuVsAr57KsjFi4WpGJuw54RiJE0q
|
||||
client-id: manager
|
||||
realm: master
|
||||
springdoc:
|
||||
auth-server-url: http://localhost:8080
|
||||
|
||||
spring:
|
||||
datasource:
|
||||
url: jdbc:postgresql://${PSQL_HOST:localhost}:${PSQL_PORT:25432}/${PSQL_DATABASE:tenantmanager}?ApplicationName=${spring.application.name:}&cachePrepStmts=true&useServerPrepStmts=true&rewriteBatchedStatements=true
|
||||
driverClassName: org.postgresql.Driver
|
||||
username: ${PSQL_USERNAME:tenantmanager}
|
||||
password: ${PSQL_PASSWORD:r3dact3d}
|
||||
platform: org.hibernate.dialect.PostgreSQL95Dialect
|
||||
|
||||
cors.enabled: true
|
||||
|
||||
|
||||
|
||||
#dev.tenant.db:
|
||||
# port: 15432
|
||||
# host: localhost
|
||||
# database: red-tenant
|
||||
# schema: public
|
||||
# username: tenant
|
||||
# password: r3dact3d
|
||||
|
||||
dev.tenant.recreateTenant: true
|
||||
|
||||
dev.tenant.db:
|
||||
port: 5432
|
||||
host: syngenta-training-clone.postgres.database.azure.com
|
||||
database: syngenta-training-<YOUR_DB_COPY_NAME>
|
||||
schema: syngentatraining
|
||||
username: db_connection
|
||||
password: <DB_PASSWORD_FROM_WIKI>
|
||||
|
||||
dev.tenant.storage:
|
||||
mode: 'S3'
|
||||
s3:
|
||||
key: minioadmin
|
||||
secret: minioadmin
|
||||
bucket: redaction
|
||||
endpoint: http://localhost:9000
|
||||
# mode: 'AZURE'
|
||||
azure:
|
||||
containerName: syngenta-training-<YOUR_BLOB_COPY_NAME>
|
||||
connectionString: <AZURE_BLOB_CONNECTION_STRING_FROM_WIKI>
|
||||
@ -1,63 +0,0 @@
|
||||
fforesight:
|
||||
tenant-user-management:
|
||||
application-client-id: 'redaction'
|
||||
application-name: 'RedactManager'
|
||||
client-id: 'manager'
|
||||
tenant-access-token-life-span: 300
|
||||
realm: master
|
||||
default-theme: 'redaction'
|
||||
valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ]
|
||||
kc-role-mapping:
|
||||
unmappedPermissions: [ "red-get-similiar-images","red-unarchive-dossier", "red-update-license", "red-get-rss","fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ]
|
||||
compositeRoles:
|
||||
- name: RED_MANAGER
|
||||
composites:
|
||||
- name: RED_USER
|
||||
- name: RED_ADMIN
|
||||
composites:
|
||||
- name: RED_USER_ADMIN
|
||||
|
||||
|
||||
roles:
|
||||
- name: RED_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions: [ "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type",
|
||||
"red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file",
|
||||
"red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file",
|
||||
"red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request",
|
||||
"red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config",
|
||||
"red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis",
|
||||
"red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "fforesight-read-users", "red-read-versions", "red-read-watermark", "red-reanalyze-dossier",
|
||||
"red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval",
|
||||
"fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ]
|
||||
- name: RED_ADMIN
|
||||
set-by-default: false
|
||||
rank: 800
|
||||
permissions: [ "red-add-dictionary-entry","red-get-similar-images", "red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type",
|
||||
"red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types",
|
||||
"red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config",
|
||||
"red-read-legal-basis", "red-read-license-report", "red-read-notification", "red-read-rules", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-read-watermark",
|
||||
"red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config",
|
||||
"red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config",
|
||||
"red-write-watermark", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ]
|
||||
- name: RED_MANAGER
|
||||
set-by-default: false
|
||||
rank: 200
|
||||
permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ]
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ]
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ]
|
||||
- name: RED_USER_ADMIN
|
||||
set-by-default: false
|
||||
rank: 400
|
||||
permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-app-configuration", "fforesight-read-general-configuration",
|
||||
"red-read-notification", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ]
|
||||
|
||||
springdoc:
|
||||
default-tenant: 'redaction'
|
||||
@ -101,21 +101,259 @@ spring:
|
||||
password: ${REDIS_PASSWORD:}
|
||||
fforesight:
|
||||
keycloak:
|
||||
ignored-endpoints: [ '/actuator/health', '/actuator/health/**', '/tenant-user-management', '/tenant-user-management/', '/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs','/tenant-user-management/tenants/simple' ]
|
||||
ignored-endpoints: [ '/actuator/health', '/actuator/health/**', '/tenant-user-management', '/tenant-user-management/', '/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs','/actuator/prometheus' ]
|
||||
enabled: true
|
||||
springdoc:
|
||||
base-path: '/tenant-user-management'
|
||||
auth-server-url: '/auth'
|
||||
enabled: true
|
||||
default-client-id: 'swagger-ui-client'
|
||||
tenant-user-management:
|
||||
base-path: '/tenant-user-management'
|
||||
login-theme: 'redaction'
|
||||
app-prefix: 'fforesight'
|
||||
default-tenant: 'fforesight'
|
||||
tenant-exchange:
|
||||
name: 'tenants-exchange'
|
||||
user-exchange:
|
||||
name: 'users-exchange'
|
||||
tenant-user-management:
|
||||
base-path: '/tenant-user-management'
|
||||
client-id: 'manager'
|
||||
realm: master
|
||||
application-types:
|
||||
redactmanager:
|
||||
application-client-id: 'redaction'
|
||||
application-name: 'RedactManager'
|
||||
login-theme: 'redaction'
|
||||
default-theme: 'redaction'
|
||||
app-prefix: 'redaction'
|
||||
valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ]
|
||||
kc-role-mapping:
|
||||
unmappedPermissions: [ "red-get-similiar-images","red-unarchive-dossier", "red-update-license", "red-get-rss","fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ]
|
||||
compositeRoles:
|
||||
- name: RED_MANAGER
|
||||
composites:
|
||||
- name: RED_USER
|
||||
- name: RED_ADMIN
|
||||
composites:
|
||||
- name: RED_USER_ADMIN
|
||||
|
||||
|
||||
roles:
|
||||
- name: RED_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions: [ "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type",
|
||||
"red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file",
|
||||
"red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file",
|
||||
"red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request",
|
||||
"red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config",
|
||||
"red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis",
|
||||
"red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-read-watermark", "red-reanalyze-dossier",
|
||||
"red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval",
|
||||
"fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ]
|
||||
- name: RED_ADMIN
|
||||
set-by-default: false
|
||||
rank: 800
|
||||
permissions: [ "red-add-dictionary-entry","red-get-similar-images", "red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type",
|
||||
"red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types",
|
||||
"red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config",
|
||||
"red-read-legal-basis", "red-get-user-stats","red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-read-watermark",
|
||||
"red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config",
|
||||
"red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config",
|
||||
"red-write-watermark", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ]
|
||||
- name: RED_MANAGER
|
||||
set-by-default: false
|
||||
rank: 200
|
||||
permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ]
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ]
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ]
|
||||
- name: RED_USER_ADMIN
|
||||
set-by-default: false
|
||||
rank: 400
|
||||
permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-app-configuration", "fforesight-read-general-configuration",
|
||||
"red-read-notification", "red-get-user-stats", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ]
|
||||
documine:
|
||||
application-client-id: 'redaction'
|
||||
application-name: 'Documine'
|
||||
login-theme: 'scm'
|
||||
default-theme: 'scm'
|
||||
app-prefix: 'documine'
|
||||
valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ]
|
||||
kc-role-mapping:
|
||||
unmappedPermissions: [ "red-get-tables", "red-unarchive-dossier", "red-update-license", "fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ]
|
||||
compositeRoles:
|
||||
- name: RED_MANAGER
|
||||
composites:
|
||||
- name: RED_USER
|
||||
- name: RED_ADMIN
|
||||
composites:
|
||||
- name: RED_USER_ADMIN
|
||||
|
||||
|
||||
roles:
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ]
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ]
|
||||
- name: RED_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions: [ "red-get-rss", "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type",
|
||||
"red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file",
|
||||
"red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file",
|
||||
"red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request",
|
||||
"red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config",
|
||||
"red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis",
|
||||
"red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-reanalyze-dossier",
|
||||
"red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval",
|
||||
"fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ]
|
||||
- name: RED_ADMIN
|
||||
set-by-default: false
|
||||
rank: 800
|
||||
permissions: [ "red-add-dictionary-entry", "red-get-similar-images","red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type",
|
||||
"red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types",
|
||||
"red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config",
|
||||
"red-read-legal-basis", "red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config",
|
||||
"red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ]
|
||||
- name: RED_MANAGER
|
||||
set-by-default: false
|
||||
rank: 200
|
||||
permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ]
|
||||
- name: RED_USER_ADMIN
|
||||
set-by-default: false
|
||||
rank: 400
|
||||
permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-app-configuration", "fforesight-read-general-configuration",
|
||||
"red-read-notification", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ]
|
||||
clarifynd:
|
||||
application-client-id: 'fforesight'
|
||||
application-name: 'Clarifynd'
|
||||
accessTokenLifeSpan: 3600
|
||||
ssoSessionIdleTimeout: 86400
|
||||
default-theme: 'clarifynd'
|
||||
valid-redirect-uris: [ '/search/*', '/bdr-connector/*', '/sdi/*', '/tenant-user-management/*','http://localhost:4200/*', 'http://localhost:4300/*', '/ui/*' ,'/auth/*','/persistence/*', '/audit/*', '/contextual-query/*' ]
|
||||
kc-role-mapping:
|
||||
roles:
|
||||
- name: FF_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-search'
|
||||
- 'fforesight-view-document'
|
||||
- 'fforesight-user-upload-files'
|
||||
- 'fforesight-user-manage-files'
|
||||
- 'fforesight-user-view-files'
|
||||
- 'fforesight-user-manage-analysis'
|
||||
- 'fforesight-user-view-analysis'
|
||||
- 'fforesight-user-view-favourites'
|
||||
- 'fforesight-user-add-to-favourites'
|
||||
- 'fforesight-user-delete-from-favourites'
|
||||
- 'fforesight-user-view-paragraph-tags'
|
||||
- 'fforesight-user-add-to-paragraph-tags'
|
||||
- 'fforesight-user-delete-from-paragraph-tags'
|
||||
- 'fforesight-read-tag'
|
||||
- 'fforesight-write-tag'
|
||||
- 'fforesight-download-file'
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions:
|
||||
- "red-read-license"
|
||||
- "red-update-license"
|
||||
- "red-get-similiar-images"
|
||||
- "fforesight-get-tenants"
|
||||
- "fforesight-create-tenant"
|
||||
- "fforesight-update-tenant"
|
||||
- "fforesight-delete-tenant"
|
||||
- "fforesight-read-users"
|
||||
- "fforesight-read-all-users"
|
||||
- "fforesight-write-users"
|
||||
- "fforesight-read-smtp-configuration"
|
||||
- "fforesight-write-smtp-configuration"
|
||||
- "fforesight-read-identity-provider-config"
|
||||
- "fforesight-write-identity-provider-config"
|
||||
- "red-unarchive-dossier"
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions:
|
||||
- "red-read-license"
|
||||
- "red-update-license"
|
||||
- "red-get-similiar-images"
|
||||
- "fforesight-get-tenants"
|
||||
- "fforesight-create-tenant"
|
||||
- "fforesight-update-tenant"
|
||||
- "fforesight-delete-tenant"
|
||||
- "fforesight-read-users"
|
||||
- "fforesight-read-all-users"
|
||||
- "fforesight-write-users"
|
||||
- "fforesight-read-smtp-configuration"
|
||||
- "fforesight-write-smtp-configuration"
|
||||
- "fforesight-read-identity-provider-config"
|
||||
- "fforesight-write-identity-provider-config"
|
||||
- "red-unarchive-dossier"
|
||||
- name: FF_ADMIN
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- "fforesight-read-identity-provider-config"
|
||||
- "fforesight-write-identity-provider-config"
|
||||
- 'fforesight-search'
|
||||
- 'fforesight-search-audit-log'
|
||||
- 'fforesight-view-document'
|
||||
- 'fforesight-user-upload-files'
|
||||
- 'fforesight-user-manage-files'
|
||||
- 'fforesight-user-view-files'
|
||||
- 'fforesight-user-manage-analysis'
|
||||
- 'fforesight-user-view-analysis'
|
||||
- 'fforesight-user-view-favourites'
|
||||
- 'fforesight-user-add-to-favourites'
|
||||
- 'fforesight-user-view-paragraph-tags'
|
||||
- 'fforesight-user-add-to-paragraph-tags'
|
||||
- 'fforesight-user-delete-from-paragraph-tags'
|
||||
- 'fforesight-user-delete-from-favourites'
|
||||
- 'fforesight-system-upload-files'
|
||||
- 'fforesight-system-manage-files'
|
||||
- 'fforesight-system-view-files'
|
||||
- 'fforesight-system-manage-analysis'
|
||||
- 'fforesight-system-view-analysis'
|
||||
- 'fforesight-download-file'
|
||||
- 'fforesight-sdi-view-task'
|
||||
- 'fforesight-sdi-start-task'
|
||||
- 'fforesight-sdi-stop-task'
|
||||
- 'fforesight-read-tag'
|
||||
- 'fforesight-write-tag'
|
||||
- 'taas-bdr-connector-view-task'
|
||||
- 'taas-bdr-connector-start-task'
|
||||
- 'taas-bdr-connector-stop-task'
|
||||
springdoc:
|
||||
swagger-ui:
|
||||
path: ${fforesight.springdoc.base-path}/docs/swagger-ui
|
||||
|
||||
@ -15,3 +15,7 @@ databaseChangeLog:
|
||||
file: db/changelog/master/8-tenant-connection-data-string-length.changelog.yaml
|
||||
- include:
|
||||
file: db/changelog/master/9-add-mongodb-connection-columns.yaml
|
||||
- include:
|
||||
file: db/changelog/master/10-add-application-type-to-tenant.yaml
|
||||
- include:
|
||||
file: db/changelog/master/11-add-global-smtp-config.yaml
|
||||
|
||||
@ -0,0 +1,20 @@
|
||||
databaseChangeLog:
|
||||
- property: # this will be used as a default if no environment variable is present
|
||||
name: FFORESIGHT_TENANT_USER_MANAGEMENT_APPLICATION_NAME
|
||||
value: "RedactManager"
|
||||
- changeSet:
|
||||
id: add-application-type-to-tenant
|
||||
author: maverick
|
||||
changes:
|
||||
- addColumn:
|
||||
columns:
|
||||
- column:
|
||||
name: application_type
|
||||
type: VARCHAR(255)
|
||||
tableName: tenant
|
||||
- update:
|
||||
tableName: tenant
|
||||
columns:
|
||||
- column:
|
||||
name: application_type
|
||||
value: ${FFORESIGHT_TENANT_USER_MANAGEMENT_APPLICATION_NAME}
|
||||
@ -0,0 +1,51 @@
|
||||
databaseChangeLog:
|
||||
- changeSet:
|
||||
id: add-global-smtp-config-table
|
||||
author: dom
|
||||
changes:
|
||||
- createTable:
|
||||
tableName: global_smtp_configuration
|
||||
columns:
|
||||
- column:
|
||||
name: id
|
||||
type: VARCHAR(255)
|
||||
constraints:
|
||||
nullable: false
|
||||
primaryKey: true
|
||||
primaryKeyName: global_smtp_configuration_pkey
|
||||
- column:
|
||||
name: auth
|
||||
type: BOOLEAN
|
||||
- column:
|
||||
name: envelope_from
|
||||
type: VARCHAR(255)
|
||||
- column:
|
||||
name: from_email
|
||||
type: VARCHAR(255)
|
||||
- column:
|
||||
name: from_display_name
|
||||
type: VARCHAR(255)
|
||||
- column:
|
||||
name: host
|
||||
type: VARCHAR(255)
|
||||
- column:
|
||||
name: password
|
||||
type: VARCHAR(255)
|
||||
- column:
|
||||
name: port
|
||||
type: INTEGER
|
||||
- column:
|
||||
name: reply_to
|
||||
type: VARCHAR(255)
|
||||
- column:
|
||||
name: reply_to_display_name
|
||||
type: VARCHAR(255)
|
||||
- column:
|
||||
name: ssl
|
||||
type: BOOLEAN
|
||||
- column:
|
||||
name: starttls
|
||||
type: BOOLEAN
|
||||
- column:
|
||||
name: user_name
|
||||
type: VARCHAR(255)
|
||||
@ -6,7 +6,9 @@ import java.util.List;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.springframework.amqp.rabbit.core.RabbitAdmin;
|
||||
import org.springframework.amqp.rabbit.core.RabbitTemplate;
|
||||
import org.springframework.amqp.rabbit.listener.RabbitListenerEndpointRegistry;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.amqp.RabbitAutoConfiguration;
|
||||
@ -26,6 +28,7 @@ import com.iqser.red.service.persistence.service.v1.api.shared.model.license.Fea
|
||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.license.FeatureType;
|
||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.license.License;
|
||||
import com.iqser.red.service.persistence.service.v1.api.shared.model.license.RedactionLicenseModel;
|
||||
import com.knecon.fforesight.tenantcommons.queue.TenantMessagingConfiguration;
|
||||
import com.knecon.fforesight.tenantusermanagement.client.LicenseClient;
|
||||
import com.knecon.fforesight.tenantusermanagement.feigntestclients.external.TenantsClient;
|
||||
import com.knecon.fforesight.tenantusermanagement.feigntestclients.internal.InternalTenantsClient;
|
||||
@ -57,6 +60,12 @@ public class AbstractTenantUserManagementIntegrationTest {
|
||||
protected TokenService tokenService;
|
||||
@MockBean
|
||||
protected LicenseClient licenseClient;
|
||||
@MockBean
|
||||
protected RabbitAdmin rabbitAdmin;
|
||||
@MockBean
|
||||
protected RabbitListenerEndpointRegistry rabbitListenerEndpointRegistry;
|
||||
@MockBean
|
||||
protected TenantMessagingConfiguration tenantMessagingConfiguration;
|
||||
|
||||
|
||||
@BeforeEach
|
||||
|
||||
@ -1,15 +1,6 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.tests;
|
||||
|
||||
import static com.knecon.fforesight.tenantusermanagement.service.SMTPService.SMTP_DEFAULT_AUTH;
|
||||
import static com.knecon.fforesight.tenantusermanagement.service.SMTPService.SMTP_DEFAULT_HOST;
|
||||
import static com.knecon.fforesight.tenantusermanagement.service.SMTPService.SMTP_DEFAULT_PORT;
|
||||
import static com.knecon.fforesight.tenantusermanagement.service.SMTPService.SMTP_DEFAULT_REPLY_EMAIL;
|
||||
import static com.knecon.fforesight.tenantusermanagement.service.SMTPService.SMTP_DEFAULT_REPLY_NAME;
|
||||
import static com.knecon.fforesight.tenantusermanagement.service.SMTPService.SMTP_DEFAULT_SENDER_EMAIL;
|
||||
import static com.knecon.fforesight.tenantusermanagement.service.SMTPService.SMTP_DEFAULT_SENDER_ENVELOPE;
|
||||
import static com.knecon.fforesight.tenantusermanagement.service.SMTPService.SMTP_DEFAULT_SENDER_NAME;
|
||||
import static com.knecon.fforesight.tenantusermanagement.service.SMTPService.SMTP_DEFAULT_SSL;
|
||||
import static com.knecon.fforesight.tenantusermanagement.service.SMTPService.SMTP_DEFAULT_STARTTLS;
|
||||
import static com.knecon.fforesight.tenantusermanagement.service.EnvironmentSMTPConfigurationProvider.*;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
@ -114,6 +105,10 @@ public class SMTPConfigurationTest extends AbstractTenantUserManagementIntegrati
|
||||
System.setProperty(SMTP_DEFAULT_STARTTLS, "true");
|
||||
System.setProperty(SMTP_DEFAULT_AUTH, "true");
|
||||
|
||||
String newTenant = "NEW_TENANT";
|
||||
testTenantService.createTestTenantWithoutStorageIfNotExist(newTenant);
|
||||
TenantContext.setTenantId(newTenant);
|
||||
|
||||
var currentSMTPConfiguration = smtpConfigurationClient.getCurrentSMTPConfiguration();
|
||||
|
||||
assertThat(currentSMTPConfiguration.getHost()).isEqualTo("smtp.example.com");
|
||||
|
||||
@ -0,0 +1,353 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.tests;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.anyString;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.times;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.mockito.quality.Strictness.LENIENT;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
import org.mockito.ArgumentMatchers;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoSettings;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.knecon.fforesight.tenantcommons.EncryptionDecryptionService;
|
||||
import com.knecon.fforesight.tenantusermanagement.entity.GlobalSMTPConfigurationEntity;
|
||||
import com.knecon.fforesight.tenantusermanagement.entity.TenantEntity;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SMTPConfiguration;
|
||||
import com.knecon.fforesight.tenantusermanagement.repository.TenantRepository;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.EnvironmentSMTPConfigurationProvider;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.GlobalSMTPConfigurationPersistenceService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.RealmService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.SMTPService;
|
||||
|
||||
@MockitoSettings(strictness = LENIENT)
|
||||
@ExtendWith(org.mockito.junit.jupiter.MockitoExtension.class)
|
||||
public class SMTPServiceTest {
|
||||
|
||||
public static final String NEW_SMTP_HOST = "new.smtp.host";
|
||||
public static final int NEW_SMTP_PORT = 465;
|
||||
public static final String NEW_SMTP_USER = "newUser";
|
||||
public static final String NEW_SMTP_PASSWORD = "newPassword";
|
||||
public static final String OLD_SMTP_HOST = "old.smtp.host";
|
||||
public static final int OLD_SMTP_PORT = 587;
|
||||
public static final String OLD_SMTP_USER = "globalUser";
|
||||
public static final String OLD_SMTP_PASSWORD = "oldPassword";
|
||||
public static final String FFORESIGHT_SMTP_PASSWORD = "FFORESIGHT_SMTP_PASSWORD";
|
||||
|
||||
@Mock
|
||||
private GlobalSMTPConfigurationPersistenceService smtpConfigurationPersistenceService;
|
||||
|
||||
@Mock
|
||||
private EnvironmentSMTPConfigurationProvider environmentSMTPConfigurationProvider;
|
||||
|
||||
@Mock
|
||||
private RealmService realmService;
|
||||
|
||||
@Mock
|
||||
private TenantRepository tenantRepository;
|
||||
|
||||
@Mock
|
||||
private EncryptionDecryptionService encryptionDecryptionService;
|
||||
|
||||
@InjectMocks
|
||||
private SMTPService smtpService;
|
||||
|
||||
private SMTPConfiguration oldGlobalConfig;
|
||||
private SMTPConfiguration overriddenConfig;
|
||||
private List<TenantEntity> tenantEntities;
|
||||
private final static String DEFAULT_PASSWORD = "**********";
|
||||
|
||||
|
||||
@BeforeEach
|
||||
public void setUp() {
|
||||
|
||||
smtpService = new SMTPService(smtpConfigurationPersistenceService,
|
||||
environmentSMTPConfigurationProvider,
|
||||
null,
|
||||
realmService,
|
||||
tenantRepository,
|
||||
encryptionDecryptionService,
|
||||
new ObjectMapper());
|
||||
|
||||
oldGlobalConfig = new SMTPConfiguration();
|
||||
oldGlobalConfig.setId("singleton");
|
||||
oldGlobalConfig.setHost(OLD_SMTP_HOST);
|
||||
oldGlobalConfig.setPort(OLD_SMTP_PORT);
|
||||
oldGlobalConfig.setUser(OLD_SMTP_USER);
|
||||
oldGlobalConfig.setPassword(OLD_SMTP_PASSWORD);
|
||||
|
||||
overriddenConfig = new SMTPConfiguration();
|
||||
overriddenConfig.setHost("custom.smtp.host");
|
||||
overriddenConfig.setPort(2525);
|
||||
overriddenConfig.setUser("customUser");
|
||||
overriddenConfig.setPassword("encrypted_customPassword");
|
||||
|
||||
TenantEntity tenant1 = new TenantEntity();
|
||||
tenant1.setTenantId("tenant1");
|
||||
|
||||
TenantEntity tenant2 = new TenantEntity();
|
||||
tenant2.setTenantId("tenant2");
|
||||
|
||||
TenantEntity tenant3 = new TenantEntity();
|
||||
tenant3.setTenantId("tenant3");
|
||||
|
||||
tenantEntities = Arrays.asList(tenant1, tenant2, tenant3);
|
||||
when(tenantRepository.findAll()).thenReturn(tenantEntities);
|
||||
|
||||
GlobalSMTPConfigurationEntity globalEntity = new GlobalSMTPConfigurationEntity();
|
||||
globalEntity.setHost(oldGlobalConfig.getHost());
|
||||
globalEntity.setPort(oldGlobalConfig.getPort());
|
||||
globalEntity.setUserName(oldGlobalConfig.getUser());
|
||||
globalEntity.setPassword(oldGlobalConfig.getPassword());
|
||||
when(smtpConfigurationPersistenceService.get()).thenReturn(Optional.of(globalEntity));
|
||||
|
||||
for (TenantEntity tenant : tenantEntities) {
|
||||
RealmResource tenantRealmResource = mock(RealmResource.class);
|
||||
when(realmService.realm(tenant.getTenantId())).thenReturn(tenantRealmResource);
|
||||
}
|
||||
|
||||
when(encryptionDecryptionService.encrypt(ArgumentMatchers.<String>any())).thenAnswer(invocation -> {
|
||||
String argument = invocation.getArgument(0);
|
||||
return argument != null ? "encrypted_" + argument : null;
|
||||
});
|
||||
|
||||
when(encryptionDecryptionService.decrypt(anyString())).thenAnswer(invocation -> {
|
||||
String encrypted = invocation.getArgument(0);
|
||||
if (encrypted.startsWith("encrypted_")) {
|
||||
return encrypted.substring("encrypted_".length());
|
||||
}
|
||||
return encrypted;
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testSynchronizeSMTPConfigurations() {
|
||||
|
||||
for (TenantEntity tenant : tenantEntities) {
|
||||
RealmResource tenantRealmResource = mock(RealmResource.class);
|
||||
when(realmService.realm(tenant.getTenantId())).thenReturn(tenantRealmResource);
|
||||
// for this test also mock toRepresentation
|
||||
RealmRepresentation realm = getRealmRepresentation(tenant, overriddenConfig, oldGlobalConfig);
|
||||
when(tenantRealmResource.toRepresentation()).thenReturn(realm);
|
||||
}
|
||||
|
||||
SMTPConfiguration newEnvConfig = new SMTPConfiguration();
|
||||
newEnvConfig.setId("singleton");
|
||||
newEnvConfig.setHost(NEW_SMTP_HOST);
|
||||
newEnvConfig.setPort(NEW_SMTP_PORT);
|
||||
newEnvConfig.setUser(NEW_SMTP_USER);
|
||||
newEnvConfig.setPassword(NEW_SMTP_PASSWORD);
|
||||
when(environmentSMTPConfigurationProvider.get()).thenReturn(newEnvConfig);
|
||||
|
||||
smtpService.synchronizeSMTPConfigurations();
|
||||
|
||||
ArgumentCaptor<GlobalSMTPConfigurationEntity> globalConfigCaptor = ArgumentCaptor.forClass(GlobalSMTPConfigurationEntity.class);
|
||||
verify(smtpConfigurationPersistenceService).createUpdate(globalConfigCaptor.capture());
|
||||
|
||||
GlobalSMTPConfigurationEntity updatedGlobalConfig = globalConfigCaptor.getValue();
|
||||
assertEquals(NEW_SMTP_HOST, updatedGlobalConfig.getHost());
|
||||
assertEquals(NEW_SMTP_PORT, updatedGlobalConfig.getPort());
|
||||
assertEquals(NEW_SMTP_USER, updatedGlobalConfig.getUserName());
|
||||
assertEquals("encrypted_" + NEW_SMTP_PASSWORD, updatedGlobalConfig.getPassword());
|
||||
|
||||
// Verify that tenant1 and tenant3 were not updated, and tenant2 was
|
||||
for (TenantEntity tenant : tenantEntities) {
|
||||
RealmResource tenantRealmResource = realmService.realm(tenant.getTenantId());
|
||||
|
||||
if ("tenant1".equals(tenant.getTenantId()) || "tenant3".equals(tenant.getTenantId())) {
|
||||
// Verify that update() was called once for tenant1 and tenant3
|
||||
verify(tenantRealmResource, times(1)).update(any(RealmRepresentation.class));
|
||||
|
||||
ArgumentCaptor<RealmRepresentation> realmCaptor = ArgumentCaptor.forClass(RealmRepresentation.class);
|
||||
verify(tenantRealmResource).update(realmCaptor.capture());
|
||||
|
||||
RealmRepresentation updatedRealm = realmCaptor.getValue();
|
||||
Map<String, String> smtpServer = updatedRealm.getSmtpServer();
|
||||
smtpServer.putAll(updatedRealm.getAttributes());
|
||||
assertEquals(NEW_SMTP_HOST, smtpServer.get("host"));
|
||||
assertEquals(String.valueOf(NEW_SMTP_PORT), smtpServer.get("port"));
|
||||
assertEquals(NEW_SMTP_USER, smtpServer.get("user"));
|
||||
assertEquals("encrypted_" + NEW_SMTP_PASSWORD, smtpServer.get(FFORESIGHT_SMTP_PASSWORD));
|
||||
assertEquals(NEW_SMTP_PASSWORD, smtpServer.get("password"));
|
||||
} else if ("tenant2".equals(tenant.getTenantId())) {
|
||||
// Verify that update() was never called for tenant2
|
||||
verify(tenantRealmResource, never()).update(any(RealmRepresentation.class));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testSynchronizeSMTPConfigurationsWithoutGlobalChanges() {
|
||||
|
||||
SMTPConfiguration newEnvConfig = new SMTPConfiguration();
|
||||
newEnvConfig.setId("singleton");
|
||||
newEnvConfig.setHost(OLD_SMTP_HOST);
|
||||
newEnvConfig.setPort(OLD_SMTP_PORT);
|
||||
newEnvConfig.setUser(OLD_SMTP_USER);
|
||||
newEnvConfig.setPassword(OLD_SMTP_PASSWORD);
|
||||
when(environmentSMTPConfigurationProvider.get()).thenReturn(newEnvConfig);
|
||||
|
||||
smtpService.synchronizeSMTPConfigurations();
|
||||
|
||||
verify(smtpConfigurationPersistenceService, never()).createUpdate(any(GlobalSMTPConfigurationEntity.class));
|
||||
|
||||
// Verify that all tenants are unchanged
|
||||
for (TenantEntity tenant : tenantEntities) {
|
||||
RealmResource tenantRealmResource = realmService.realm(tenant.getTenantId());
|
||||
|
||||
verify(tenantRealmResource, never()).update(any(RealmRepresentation.class));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testInitializeGlobalSMTPConfiguration() {
|
||||
|
||||
|
||||
TenantEntity tenant1 = new TenantEntity();
|
||||
tenant1.setTenantId("tenant1");
|
||||
|
||||
TenantEntity tenant2 = new TenantEntity();
|
||||
tenant2.setTenantId("tenant2");
|
||||
|
||||
List<TenantEntity> tenantEntities = Arrays.asList(tenant1, tenant2);
|
||||
|
||||
when(tenantRepository.findAll()).thenReturn(tenantEntities);
|
||||
|
||||
when(smtpConfigurationPersistenceService.get()).thenReturn(Optional.empty());
|
||||
|
||||
String host = "global.smtp.host";
|
||||
int port = 25;
|
||||
String globalUser = "globalUser";
|
||||
String globalPassword = "globalPassword";
|
||||
|
||||
SMTPConfiguration currentGlobalConfig = new SMTPConfiguration();
|
||||
currentGlobalConfig.setId("singleton");
|
||||
currentGlobalConfig.setHost(host);
|
||||
currentGlobalConfig.setPort(port);
|
||||
currentGlobalConfig.setUser(globalUser);
|
||||
currentGlobalConfig.setPassword(globalPassword);
|
||||
|
||||
when(environmentSMTPConfigurationProvider.get()).thenReturn(currentGlobalConfig);
|
||||
|
||||
// Tenant1: Predefined SMTP configuration
|
||||
RealmResource tenantRealmResource1 = mock(RealmResource.class);
|
||||
when(realmService.realm("tenant1")).thenReturn(tenantRealmResource1);
|
||||
RealmRepresentation realmRepresentation1 = getRealmRepresentationPredefined();
|
||||
|
||||
when(tenantRealmResource1.toRepresentation()).thenReturn(realmRepresentation1);
|
||||
|
||||
// Tenant2: No SMTP configuration
|
||||
RealmResource tenantRealmResource2 = mock(RealmResource.class);
|
||||
when(realmService.realm("tenant2")).thenReturn(tenantRealmResource2);
|
||||
RealmRepresentation realmRepresentation2 = new RealmRepresentation();
|
||||
|
||||
Map<String, String> smtpServer2 = new HashMap<>();
|
||||
smtpServer2.put("host", "");
|
||||
realmRepresentation2.setSmtpServer(smtpServer2);
|
||||
realmRepresentation2.setAttributes(new HashMap<>());
|
||||
|
||||
when(tenantRealmResource2.toRepresentation()).thenReturn(realmRepresentation2);
|
||||
|
||||
smtpService.synchronizeSMTPConfigurations();
|
||||
|
||||
ArgumentCaptor<GlobalSMTPConfigurationEntity> globalConfigCaptor = ArgumentCaptor.forClass(GlobalSMTPConfigurationEntity.class);
|
||||
verify(smtpConfigurationPersistenceService).createUpdate(globalConfigCaptor.capture());
|
||||
|
||||
GlobalSMTPConfigurationEntity updatedGlobalConfig = globalConfigCaptor.getValue();
|
||||
assertEquals(host, updatedGlobalConfig.getHost());
|
||||
assertEquals(port, updatedGlobalConfig.getPort());
|
||||
assertEquals(globalUser, updatedGlobalConfig.getUserName());
|
||||
String encryptedGlobalPassword = "encrypted_" + globalPassword;
|
||||
assertEquals(encryptedGlobalPassword, updatedGlobalConfig.getPassword());
|
||||
|
||||
// Verify that tenant1's SMTP configuration remains unchanged
|
||||
verify(tenantRealmResource1, never()).update(any(RealmRepresentation.class));
|
||||
|
||||
// Verify that tenant2's SMTP configuration is updated
|
||||
ArgumentCaptor<RealmRepresentation> realmCaptor2 = ArgumentCaptor.forClass(RealmRepresentation.class);
|
||||
verify(tenantRealmResource2, times(1)).update(realmCaptor2.capture());
|
||||
|
||||
RealmRepresentation updatedRealm2 = realmCaptor2.getValue();
|
||||
Map<String, String> updatedSmtpServer2 = updatedRealm2.getSmtpServer();
|
||||
|
||||
assertEquals(host, updatedSmtpServer2.get("host"));
|
||||
assertEquals(String.valueOf(port), updatedSmtpServer2.get("port"));
|
||||
assertEquals(globalUser, updatedSmtpServer2.get("user"));
|
||||
assertEquals(globalPassword, updatedSmtpServer2.get("password"));
|
||||
|
||||
Map<String, String> updatedAttributes2 = updatedRealm2.getAttributes();
|
||||
assertEquals(encryptedGlobalPassword, updatedAttributes2.get(FFORESIGHT_SMTP_PASSWORD));
|
||||
}
|
||||
|
||||
|
||||
@NotNull
|
||||
private static RealmRepresentation getRealmRepresentationPredefined() {
|
||||
|
||||
RealmRepresentation realmRepresentation1 = new RealmRepresentation();
|
||||
|
||||
Map<String, String> smtpServer1 = new HashMap<>();
|
||||
smtpServer1.put("host", "predefined.smtp.host");
|
||||
smtpServer1.put("port", "587");
|
||||
smtpServer1.put("user", "user1");
|
||||
smtpServer1.put("password", DEFAULT_PASSWORD);
|
||||
Map<String, String> attributes = new HashMap<>();
|
||||
attributes.put(FFORESIGHT_SMTP_PASSWORD, "encrypted_predefined_pass");
|
||||
|
||||
realmRepresentation1.setSmtpServer(smtpServer1);
|
||||
realmRepresentation1.setAttributes(attributes);
|
||||
return realmRepresentation1;
|
||||
}
|
||||
|
||||
|
||||
@NotNull
|
||||
private static RealmRepresentation getRealmRepresentation(TenantEntity tenant, SMTPConfiguration overriddenConfig, SMTPConfiguration oldGlobalConfig) {
|
||||
|
||||
RealmRepresentation realm = new RealmRepresentation();
|
||||
Map<String, String> smtpMap = new HashMap<>();
|
||||
smtpMap.put("password", DEFAULT_PASSWORD);
|
||||
Map<String, String> attributes = new HashMap<>();
|
||||
|
||||
if ("tenant2".equals(tenant.getTenantId())) {
|
||||
// tenant2 has overridden SMTP config
|
||||
smtpMap.put("host", overriddenConfig.getHost());
|
||||
smtpMap.put("port", String.valueOf(overriddenConfig.getPort()));
|
||||
smtpMap.put("user", overriddenConfig.getUser());
|
||||
attributes.put(FFORESIGHT_SMTP_PASSWORD, overriddenConfig.getPassword());
|
||||
|
||||
} else {
|
||||
// tenant1 and tenant3 have SMTP config matching global
|
||||
smtpMap.put("host", oldGlobalConfig.getHost());
|
||||
smtpMap.put("port", String.valueOf(oldGlobalConfig.getPort()));
|
||||
smtpMap.put("user", oldGlobalConfig.getUser());
|
||||
attributes.put(FFORESIGHT_SMTP_PASSWORD, oldGlobalConfig.getPassword());
|
||||
|
||||
}
|
||||
realm.setSmtpServer(smtpMap);
|
||||
|
||||
realm.setAttributes(attributes);
|
||||
return realm;
|
||||
}
|
||||
|
||||
}
|
||||
@ -17,8 +17,8 @@ public class StartupTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
@Test
|
||||
public void testStartup() {
|
||||
|
||||
var simpleTenants = internalTenantsClient.getSimpleTenants();
|
||||
assertThat(simpleTenants).isNotEmpty();
|
||||
var tenants = internalTenantsClient.getTenants();
|
||||
assertThat(tenants).isNotEmpty();
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -29,8 +29,11 @@ import com.knecon.fforesight.tenantusermanagement.model.User;
|
||||
import com.knecon.fforesight.tenantusermanagement.permissions.ApplicationRoles;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.RealmService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.TenantApplicationTypeService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.UserService;
|
||||
|
||||
import feign.FeignException;
|
||||
import lombok.NonNull;
|
||||
import lombok.SneakyThrows;
|
||||
|
||||
public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
@ -44,6 +47,12 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
@Autowired
|
||||
private TenantUserManagementProperties tenantUserManagementProperties;
|
||||
|
||||
@Autowired
|
||||
private TenantApplicationTypeService tenantApplicationTypeService;
|
||||
|
||||
@Autowired
|
||||
private UserService userService;
|
||||
|
||||
|
||||
@Test
|
||||
public void testUsers() {
|
||||
@ -78,7 +87,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
assertThat(testUser.getLastName()).isEqualTo("updateTestLastName");
|
||||
assertThat(testUser.getFirstName()).isEqualTo("updateTestFirstName");
|
||||
|
||||
Set<String> allButKneconRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles()
|
||||
Set<String> allButKneconRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles()
|
||||
.stream()
|
||||
.filter(ApplicationRoles::isNoKneconRole)
|
||||
.collect(Collectors.toSet());
|
||||
@ -296,7 +305,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
createUserRequest.setFirstName("Test");
|
||||
createUserRequest.setLastName("New User");
|
||||
createUserRequest.setUsername("TestUserName");
|
||||
createUserRequest.setRoles(tenantUserManagementProperties.getKcRoleMapping().getAllRoles());
|
||||
createUserRequest.setRoles(tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles());
|
||||
FeignException e = assertThrows(FeignException.class, () -> userClient.createUser(createUserRequest));
|
||||
assertEquals(400, e.status());
|
||||
|
||||
@ -307,7 +316,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
public void testCreateUserWithExistingUser() {
|
||||
|
||||
TenantContext.setTenantId(AbstractTenantUserManagementIntegrationTest.TEST_TENANT_ID);
|
||||
Set<String> allButKneconRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles()
|
||||
Set<String> allButKneconRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles()
|
||||
.stream()
|
||||
.filter(ApplicationRoles::isNoKneconRole)
|
||||
.collect(Collectors.toSet());
|
||||
@ -377,7 +386,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
|
||||
// different role sets and subsets
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
Set<String> allButKneconRoles = allRoles.stream()
|
||||
.filter(ApplicationRoles::isNoKneconRole)
|
||||
.collect(Collectors.toSet());
|
||||
@ -501,11 +510,11 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
|
||||
// this should still not be possible
|
||||
e = assertThrows(FeignException.class, () -> userClient.setRoles(onlyKneconUser.getUserId(), allRoles));
|
||||
e = assertThrows(FeignException.class, () -> userClient.setRoles(onlyKneconUser.getUserId(), allRoles));
|
||||
assertEquals(404, e.status());
|
||||
|
||||
// and also not this
|
||||
e = assertThrows(FeignException.class, () -> userClient.setRoles(user.getUserId(), allRoles));
|
||||
e = assertThrows(FeignException.class, () -> userClient.setRoles(user.getUserId(), allRoles));
|
||||
assertEquals(400, e.status());
|
||||
|
||||
// we can also poll the user
|
||||
@ -584,12 +593,16 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
addRoles(user4.getUserId(), allButKneconRoles);
|
||||
|
||||
allUsers = userClient.getAllUsers(true);
|
||||
var user4AfterShenanigansOpt = allUsers.stream().filter(u -> u.getUserId().equals(user4.getUserId())).findFirst();
|
||||
var user4AfterShenanigansOpt = allUsers.stream()
|
||||
.filter(u -> u.getUserId().equals(user4.getUserId()))
|
||||
.findFirst();
|
||||
assertTrue(user4AfterShenanigansOpt.isPresent());
|
||||
user4AfterShenanigansOpt.get().setRoles(new HashSet<>());
|
||||
assertEquals(user4AfterShenanigansOpt.get(), user4);
|
||||
|
||||
var stillOnlyKneconUserOpt = allUsers.stream().filter(u -> u.getUserId().equals(onlyKneconUser.getUserId())).findFirst();
|
||||
var stillOnlyKneconUserOpt = allUsers.stream()
|
||||
.filter(u -> u.getUserId().equals(onlyKneconUser.getUserId()))
|
||||
.findFirst();
|
||||
assertTrue(stillOnlyKneconUserOpt.isPresent());
|
||||
stillOnlyKneconUserOpt.get().setRoles(new HashSet<>());
|
||||
assertEquals(stillOnlyKneconUserOpt.get(), onlyKneconUser);
|
||||
@ -605,7 +618,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
|
||||
// different role sets and subsets
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
|
||||
// create several users with different roles for testing
|
||||
var createUserRequest = new CreateUserRequest();
|
||||
@ -704,6 +717,113 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testUpdateProfileForUserWithAllRoles() {
|
||||
|
||||
TenantContext.setTenantId(AbstractTenantUserManagementIntegrationTest.TEST_TENANT_ID);
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
Set<String> allButKneconRoles = allRoles.stream()
|
||||
.filter(ApplicationRoles::isNoKneconRole)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
CreateUserRequest createUserRequest = new CreateUserRequest();
|
||||
createUserRequest.setEmail("all.roles.user@knecon.com");
|
||||
createUserRequest.setUsername("all.roles.user@knecon.com");
|
||||
createUserRequest.setFirstName("All");
|
||||
createUserRequest.setLastName("Roles");
|
||||
|
||||
var allRolesuser = userClient.createUser(createUserRequest);
|
||||
addRoles(allRolesuser.getUserId(), allRoles);
|
||||
assertThat(allRolesuser).isNotNull();
|
||||
|
||||
UpdateProfileRequest updateProfileRequest = UpdateProfileRequest.builder()
|
||||
.email("all.roles.user@knecon.com")
|
||||
.firstName("All")
|
||||
.lastName("NewLastName")
|
||||
.roles(allButKneconRoles)
|
||||
.build();
|
||||
|
||||
var updatedUser = userClient.updateProfile(allRolesuser.getUserId(), updateProfileRequest);
|
||||
|
||||
assertThat(updatedUser).isNotNull();
|
||||
assertThat(updatedUser.getLastName()).isEqualTo("NewLastName");
|
||||
|
||||
tokenService.setUser("test@fforesight.com", "secret");
|
||||
|
||||
updateProfileRequest.setLastName("AnotherNewLastName");
|
||||
updatedUser = userClient.updateProfile(allRolesuser.getUserId(), updateProfileRequest);
|
||||
|
||||
assertThat(updatedUser).isNotNull();
|
||||
assertThat(updatedUser.getLastName()).isEqualTo("AnotherNewLastName");
|
||||
|
||||
createUserRequest.setEmail("less.super.user.1@knecon.com");
|
||||
createUserRequest.setUsername(createUserRequest.getEmail());
|
||||
createUserRequest.setRoles(Set.of("LESS_SUPER_USER"));
|
||||
var lessSuperUser = userClient.createUser(createUserRequest);
|
||||
|
||||
userClient.resetPassword(lessSuperUser.getUserId(), ResetPasswordRequest.builder().password("Secret@secured!23").build());
|
||||
tokenService.setUser("less.super.user.1@knecon.com", "Secret@secured!23");
|
||||
|
||||
FeignException feignException = assertThrows(FeignException.class, () -> userClient.updateProfile(allRolesuser.getUserId(), updateProfileRequest));
|
||||
assertEquals(400, feignException.status());
|
||||
assertTrue(feignException.getMessage().contains("Cannot assign this role to that user. Insufficient rights"));
|
||||
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
userClient.deleteUser(lessSuperUser.getUserId());
|
||||
userClient.deleteUser(allRolesuser.getUserId());
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testDeleteKneconRolesUserAsNormalAdmin() {
|
||||
|
||||
TenantContext.setTenantId(AbstractTenantUserManagementIntegrationTest.TEST_TENANT_ID);
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
Set<String> allButKneconRoles = allRoles.stream()
|
||||
.filter(ApplicationRoles::isNoKneconRole)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
CreateUserRequest createUserRequest = new CreateUserRequest();
|
||||
createUserRequest.setEmail("normalAdmin@knecon.com");
|
||||
createUserRequest.setUsername("normalAdmin@knecon.com");
|
||||
createUserRequest.setFirstName("Mister");
|
||||
createUserRequest.setLastName("Admin");
|
||||
|
||||
var adminUser = userClient.createUser(createUserRequest);
|
||||
addRoles(adminUser.getUserId(), allButKneconRoles);
|
||||
assertThat(adminUser).isNotNull();
|
||||
|
||||
createUserRequest = new CreateUserRequest();
|
||||
createUserRequest.setEmail("kneconAdmin@knecon.com");
|
||||
createUserRequest.setUsername("kneconAdmin@knecon.com");
|
||||
createUserRequest.setFirstName("Knecon");
|
||||
createUserRequest.setLastName("Admin");
|
||||
|
||||
var kneconAdminuser = userClient.createUser(createUserRequest);
|
||||
addRoles(kneconAdminuser.getUserId(), allRoles);
|
||||
assertThat(kneconAdminuser).isNotNull();
|
||||
|
||||
userClient.resetPassword(adminUser.getUserId(), ResetPasswordRequest.builder().password("Secret@secured!23").build());
|
||||
tokenService.setUser("normalAdmin@knecon.com", "Secret@secured!23");
|
||||
|
||||
userClient.deleteUser(kneconAdminuser.getUserId());
|
||||
|
||||
List<User> allUsers = userClient.getAllUsers(true);
|
||||
assertTrue(allUsers.stream()
|
||||
.noneMatch(u -> u.getUserId().equals(kneconAdminuser.getUserId())));
|
||||
List<User> unfilteredUsers = userService.getAllUsers();
|
||||
assertTrue(unfilteredUsers.stream()
|
||||
.anyMatch(u -> u.getUserId().equals(kneconAdminuser.getUserId())));
|
||||
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
userClient.deleteUser(adminUser.getUserId());
|
||||
}
|
||||
|
||||
|
||||
private UsersResource getTenantUsersResource() {
|
||||
|
||||
return realmService.realm(TenantContext.getTenantId()).users();
|
||||
@ -726,7 +846,11 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
|
||||
private void addRoles(String userId, Set<String> roles) {
|
||||
|
||||
getUserResource(userId).roles().realmLevel().add(roles.stream().map(this::getRoleRepresentation).toList());
|
||||
getUserResource(userId).roles()
|
||||
.realmLevel()
|
||||
.add(roles.stream()
|
||||
.map(this::getRoleRepresentation)
|
||||
.toList());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -4,6 +4,8 @@ import static org.mockito.Mockito.when;
|
||||
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.amqp.rabbit.core.RabbitTemplate;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
@ -13,18 +15,21 @@ import org.springframework.context.annotation.Import;
|
||||
import org.springframework.test.context.ActiveProfiles;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantusermanagement.AbstractTenantUserManagementIntegrationTest;
|
||||
import com.knecon.fforesight.tenantusermanagement.feigntestclients.external.TenantsClient;
|
||||
import com.knecon.fforesight.tenantusermanagement.feigntestclients.internal.InternalTenantsClient;
|
||||
import com.knecon.fforesight.tenantusermanagement.TenantUserManagementServiceApplication;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.KeyCloakRoleManagerService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.RealmService;
|
||||
|
||||
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
|
||||
import org.jboss.resteasy.client.jaxrs.internal.ResteasyClientBuilderImpl;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.keycloak.OAuth2Constants;
|
||||
import org.keycloak.admin.client.KeycloakBuilder;
|
||||
|
||||
@Disabled
|
||||
@ActiveProfiles(profiles = "taas")
|
||||
@ExtendWith(SpringExtension.class)
|
||||
@EnableFeignClients(basePackageClasses = {TenantsClient.class, InternalTenantsClient.class})
|
||||
@ -47,8 +52,7 @@ public class TenantSyncUtils {
|
||||
KeyCloakRoleManagerService keyCloakRoleManagerService;
|
||||
|
||||
|
||||
// @Test
|
||||
// @Disabled
|
||||
@Test
|
||||
public void syncTenant() {
|
||||
|
||||
var adminClient = KeycloakBuilder.builder()
|
||||
@ -58,17 +62,17 @@ public class TenantSyncUtils {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.grantType(OAuth2Constants.CLIENT_CREDENTIALS)
|
||||
.resteasyClient(new ResteasyClientBuilderImpl().connectionTTL(2, TimeUnit.SECONDS)
|
||||
.hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
|
||||
.connectionPoolSize(10)
|
||||
.disableTrustManager()
|
||||
.build())
|
||||
.hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
|
||||
.connectionPoolSize(10)
|
||||
.disableTrustManager()
|
||||
.build())
|
||||
.build();
|
||||
|
||||
var realm = adminClient.realm(REALM);
|
||||
|
||||
when(realmService.realm(REALM)).thenReturn(realm);
|
||||
|
||||
keyCloakRoleManagerService.updateRoles(REALM);
|
||||
keyCloakRoleManagerService.updateRoles(REALM, TenantApplicationType.RedactManager);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -11,6 +11,7 @@ import java.util.UUID;
|
||||
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantcommons.model.MongoDBConnection;
|
||||
import com.knecon.fforesight.tenantusermanagement.feigntestclients.external.TenantsClient;
|
||||
import com.knecon.fforesight.tenantcommons.TenantContext;
|
||||
@ -45,13 +46,13 @@ public class TestTenantService {
|
||||
|
||||
} catch (Exception e) {
|
||||
// not found
|
||||
createUser(testTenantId, actualPort, true);
|
||||
createTenant(testTenantId, actualPort, true);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
private void createUser(String testTenantId, int actualPort, boolean withStorage) {
|
||||
private void createTenant(String testTenantId, int actualPort, boolean withStorage) {
|
||||
// not found
|
||||
CreateTenantRequest tenantRequest;
|
||||
var tenantRequestBuilder = CreateTenantRequest.builder()
|
||||
@ -70,6 +71,7 @@ public class TestTenantService {
|
||||
.password("secret")
|
||||
.email("admin@knecon.com")
|
||||
.build()))
|
||||
.applicationType(TenantApplicationType.RedactManager)
|
||||
.databaseConnection(DatabaseConnection.builder()
|
||||
.driver("postgresql")
|
||||
.host(SpringPostgreSQLTestContainer.getInstance().getHost())
|
||||
@ -119,7 +121,7 @@ public class TestTenantService {
|
||||
|
||||
} catch (Exception e) {
|
||||
// not found
|
||||
createUser(testTenantId, 0, false);
|
||||
createTenant(testTenantId, 0, false);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -9,6 +9,8 @@ import org.springframework.stereotype.Service;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantContext;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.TenantApplicationTypeService;
|
||||
|
||||
import jakarta.ws.rs.BadRequestException;
|
||||
import lombok.SneakyThrows;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
@ -24,6 +26,8 @@ public class TokenService {
|
||||
|
||||
@Autowired
|
||||
private TenantUserManagementProperties tenantUserManagementProperties;
|
||||
@Autowired
|
||||
private TenantApplicationTypeService tenantApplicationTypeService;
|
||||
private String username;
|
||||
private String password;
|
||||
private String accessToken;
|
||||
@ -54,7 +58,7 @@ public class TokenService {
|
||||
.realm(TenantContext.getTenantId())
|
||||
.username(username)
|
||||
.password(password)
|
||||
.clientId(tenantUserManagementProperties.getApplicationClientId())
|
||||
.clientId(tenantApplicationTypeService.getCurrentProperties().getApplicationClientId())
|
||||
.grantType(OAuth2Constants.PASSWORD)
|
||||
.resteasyClient(new ResteasyClientBuilderImpl().connectionTTL(2, TimeUnit.SECONDS)
|
||||
.hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
|
||||
|
||||
@ -1,198 +0,0 @@
|
||||
server:
|
||||
port: 28181
|
||||
|
||||
persistence-service.url: "http://persistence-service-v1:8090"
|
||||
|
||||
management:
|
||||
endpoint:
|
||||
metrics.enabled: ${monitoring.enabled:false}
|
||||
prometheus.enabled: ${monitoring.enabled:false}
|
||||
health.enabled: true
|
||||
endpoints.web.exposure.include: prometheus, health, metrics
|
||||
metrics.export.prometheus.enabled: ${monitoring.enabled:false}
|
||||
|
||||
info:
|
||||
description: Tenant User Management Service
|
||||
|
||||
|
||||
spring:
|
||||
datasource:
|
||||
url: jdbc:postgresql://${PSQL_HOST:localhost}:${PSQL_PORT:5432}/${PSQL_DATABASE:master}?cachePrepStmts=true&useServerPrepStmts=true&rewriteBatchedStatements=true
|
||||
driverClassName: org.postgresql.Driver
|
||||
username: ${PSQL_USERNAME:fforesight}
|
||||
password: ${PSQL_PASSWORD:fforesight}
|
||||
platform: org.hibernate.dialect.PostgreSQL95Dialect
|
||||
hikari:
|
||||
maximumPoolSize: 10
|
||||
minimum-idle: 2
|
||||
data-source-properties:
|
||||
cachePrepStmts: true
|
||||
prepStmtCacheSize: 1000
|
||||
prepStmtCacheSqlLimit: 2048
|
||||
jackson:
|
||||
serialization:
|
||||
write-dates-as-timestamps: false
|
||||
deserialization:
|
||||
accept-single-value-as-array: true
|
||||
main:
|
||||
allow-bean-definition-overriding: true
|
||||
allow-circular-references: true
|
||||
jpa:
|
||||
open-in-view: true
|
||||
database-platform: org.hibernate.dialect.PostgreSQL95Dialect
|
||||
hibernate:
|
||||
ddl-auto: none
|
||||
naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
|
||||
properties:
|
||||
hibernate:
|
||||
jdbc:
|
||||
batch_size: 1000
|
||||
order_inserts: true
|
||||
order_updates: true
|
||||
cache:
|
||||
type: redis
|
||||
mvc:
|
||||
pathmatch:
|
||||
matching-strategy: ant-path-matcher
|
||||
redis:
|
||||
host: ${REDIS_HOST:localhost}
|
||||
port: ${REDIS_PORT:6379}
|
||||
password: ${REDIS_PASSWORD:}
|
||||
|
||||
|
||||
rabbitmq:
|
||||
host: ${RABBITMQ_HOST:localhost}
|
||||
port: ${RABBITMQ_PORT:5672}
|
||||
username: ${RABBITMQ_USERNAME:user}
|
||||
password: ${RABBITMQ_PASSWORD:rabbitmq}
|
||||
listener:
|
||||
simple:
|
||||
acknowledge-mode: AUTO
|
||||
concurrency: 5
|
||||
retry:
|
||||
enabled: true
|
||||
max-attempts: 3
|
||||
max-interval: 15000
|
||||
prefetch: 1
|
||||
|
||||
liquibase:
|
||||
change-log: classpath:/db/changelog/db.changelog-master.yaml
|
||||
enabled: true
|
||||
application:
|
||||
name: tenant-user-management
|
||||
data:
|
||||
redis:
|
||||
host: ${REDIS_HOST:localhost}
|
||||
port: ${REDIS_PORT:6379}
|
||||
password: ${REDIS_PASSWORD:}
|
||||
fforesight:
|
||||
keycloak:
|
||||
ignored-endpoints: [ '/actuator/health', '/tenant-user-management','/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs','/tenant-user-management/tenants/simple' ]
|
||||
enabled: true
|
||||
springdoc:
|
||||
base-path: '/tenant-user-management'
|
||||
auth-server-url: '/auth'
|
||||
enabled: true
|
||||
default-client-id: 'swagger-ui-client'
|
||||
default-tenant: 'fforesight'
|
||||
tenant-exchange:
|
||||
name: 'tenants-exchange'
|
||||
user-exchange:
|
||||
name: 'users-exchange'
|
||||
tenant-user-management:
|
||||
base-path: '/tenant-user-management'
|
||||
realm: master
|
||||
server-url: http://localhost:28181
|
||||
client-secret: adminClientSecret
|
||||
client-id: adminClient
|
||||
login-theme: redaction
|
||||
kc-role-mapping:
|
||||
roles:
|
||||
- name: SUPER_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: LESS_SUPER_USER
|
||||
set-by-default: true
|
||||
rank: 10
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
access-token-life-span: 86400
|
||||
application-name: tenant-user-management
|
||||
application-client-id: tenant-user-management
|
||||
swagger-client-secret: 'testSecret123!'
|
||||
app-prefix: 'fforesight'
|
||||
|
||||
storage:
|
||||
backend: both
|
||||
|
||||
cors.enabled: true
|
||||
springdoc:
|
||||
packages-to-scan: [ 'com.knecon.fforesight.tenantusermanagement.controller.external' ]
|
||||
203
src/test/resources/application.yml
Normal file
203
src/test/resources/application.yml
Normal file
@ -0,0 +1,203 @@
|
||||
server:
|
||||
port: 28181
|
||||
|
||||
persistence-service.url: "http://persistence-service-v1:8090"
|
||||
|
||||
management:
|
||||
endpoint:
|
||||
metrics.enabled: ${monitoring.enabled:false}
|
||||
prometheus.enabled: ${monitoring.enabled:false}
|
||||
health.enabled: true
|
||||
endpoints.web.exposure.include: prometheus, health, metrics
|
||||
metrics.export.prometheus.enabled: ${monitoring.enabled:false}
|
||||
|
||||
info:
|
||||
description: Tenant User Management Service
|
||||
|
||||
lifecycle:
|
||||
base-package: com.knecon.fforesight.tenantusermanagement
|
||||
|
||||
spring:
|
||||
datasource:
|
||||
url: jdbc:postgresql://${PSQL_HOST:localhost}:${PSQL_PORT:5432}/${PSQL_DATABASE:master}?cachePrepStmts=true&useServerPrepStmts=true&rewriteBatchedStatements=true
|
||||
driverClassName: org.postgresql.Driver
|
||||
username: ${PSQL_USERNAME:fforesight}
|
||||
password: ${PSQL_PASSWORD:fforesight}
|
||||
platform: org.hibernate.dialect.PostgreSQL10Dialect
|
||||
hikari:
|
||||
maximumPoolSize: 10
|
||||
minimum-idle: 2
|
||||
data-source-properties:
|
||||
cachePrepStmts: true
|
||||
prepStmtCacheSize: 1000
|
||||
prepStmtCacheSqlLimit: 2048
|
||||
jackson:
|
||||
serialization:
|
||||
write-dates-as-timestamps: false
|
||||
deserialization:
|
||||
accept-single-value-as-array: true
|
||||
main:
|
||||
allow-bean-definition-overriding: true
|
||||
allow-circular-references: true
|
||||
jpa:
|
||||
open-in-view: true
|
||||
database-platform: org.hibernate.dialect.PostgreSQL10Dialect
|
||||
hibernate:
|
||||
ddl-auto: none
|
||||
naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
|
||||
properties:
|
||||
hibernate:
|
||||
jdbc:
|
||||
batch_size: 1000
|
||||
order_inserts: true
|
||||
order_updates: true
|
||||
cache:
|
||||
type: redis
|
||||
mvc:
|
||||
pathmatch:
|
||||
matching-strategy: ant-path-matcher
|
||||
redis:
|
||||
host: ${REDIS_HOST:localhost}
|
||||
port: ${REDIS_PORT:6379}
|
||||
password: ${REDIS_PASSWORD:}
|
||||
|
||||
|
||||
rabbitmq:
|
||||
host: ${RABBITMQ_HOST:localhost}
|
||||
port: ${RABBITMQ_PORT:5672}
|
||||
username: ${RABBITMQ_USERNAME:user}
|
||||
password: ${RABBITMQ_PASSWORD:rabbitmq}
|
||||
listener:
|
||||
simple:
|
||||
acknowledge-mode: AUTO
|
||||
concurrency: 5
|
||||
retry:
|
||||
enabled: true
|
||||
max-attempts: 3
|
||||
max-interval: 15000
|
||||
prefetch: 1
|
||||
|
||||
liquibase:
|
||||
change-log: classpath:/db/changelog/db.changelog-master.yaml
|
||||
enabled: true
|
||||
application:
|
||||
name: tenant-user-management
|
||||
data:
|
||||
redis:
|
||||
host: ${REDIS_HOST:localhost}
|
||||
port: ${REDIS_PORT:6379}
|
||||
password: ${REDIS_PASSWORD:}
|
||||
|
||||
fforesight:
|
||||
keycloak:
|
||||
ignored-endpoints: [ '/actuator/health', '/tenant-user-management','/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs' ]
|
||||
enabled: true
|
||||
springdoc:
|
||||
base-path: '/tenant-user-management'
|
||||
auth-server-url: '/auth'
|
||||
enabled: true
|
||||
default-client-id: 'swagger-ui-client'
|
||||
default-tenant: 'fforesight'
|
||||
tenant-exchange:
|
||||
name: 'tenants-exchange'
|
||||
user-exchange:
|
||||
name: 'users-exchange'
|
||||
tenant-user-management:
|
||||
base-path: '/tenant-user-management'
|
||||
server-url: http://localhost:28181
|
||||
realm: master
|
||||
client-secret: adminClientSecret
|
||||
client-id: adminClient
|
||||
swagger-client-secret: 'testSecret123!'
|
||||
application-types:
|
||||
redactmanager:
|
||||
login-theme: redaction
|
||||
kc-role-mapping:
|
||||
roles:
|
||||
- name: SUPER_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: LESS_SUPER_USER
|
||||
set-by-default: true
|
||||
rank: 10
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
access-token-life-span: 86400
|
||||
application-name: tenant-user-management
|
||||
application-client-id: tenant-user-management
|
||||
app-prefix: 'fforesight'
|
||||
|
||||
storage:
|
||||
backend: both
|
||||
|
||||
cors.enabled: true
|
||||
springdoc:
|
||||
packages-to-scan: [ 'com.knecon.fforesight.tenantusermanagement.controller.external' ]
|
||||
Loading…
x
Reference in New Issue
Block a user