Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
1fdd957e9e | ||
|
|
18de1e52f5 | ||
|
|
00ef5f67a1 | ||
|
|
74b289b38c | ||
|
|
100b1c4cc1 | ||
|
|
f96adb2097 | ||
|
|
4e43e4e255 | ||
|
|
7bb15fe456 | ||
|
|
a169fb585c | ||
|
|
af38bb2f29 | ||
|
|
f25253cb3b | ||
|
|
ad7035d7cf |
@ -17,7 +17,6 @@ import com.fasterxml.jackson.databind.JsonNode;
|
||||
import com.knecon.fforesight.tenantcommons.model.TenantResponse;
|
||||
import com.knecon.fforesight.tenantcommons.model.UpdateDetailsRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.DeploymentKeyResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SimpleTenantResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.CreateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.UpdateTenantRequest;
|
||||
|
||||
@ -43,8 +42,7 @@ public interface TenantsResource {
|
||||
@ResponseBody
|
||||
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
||||
@Operation(summary = "Deletes given tenant", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "403", description = "Forbidden access, you dont have rights to delete tenants"), @ApiResponse(responseCode = "405", description = "Operation is not allowed."),
|
||||
@ApiResponse(responseCode = "409", description = "Conflict while deleting tenant.")})
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "204", description = "OK"), @ApiResponse(responseCode = "403", description = "Forbidden access, you dont have rights to delete tenants"), @ApiResponse(responseCode = "405", description = "Operation is not allowed."), @ApiResponse(responseCode = "409", description = "Conflict while deleting tenant.")})
|
||||
@DeleteMapping(value = TENANTS_TENANT_ID_PATH)
|
||||
void deleteTenant(@PathVariable("tenantId") String tenantId);
|
||||
|
||||
@ -73,12 +71,6 @@ public interface TenantsResource {
|
||||
void updateDetails(@PathVariable("tenantId") String tenantId, @RequestBody UpdateDetailsRequest request);
|
||||
|
||||
|
||||
@GetMapping(value = TENANTS_PATH + "/simple", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Gets all existing tenants in a simplified format", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
List<SimpleTenantResponse> getSimpleTenants();
|
||||
|
||||
|
||||
@GetMapping(value = "/deploymentKey" + TENANT_ID_PATH_PARAM, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Returns the deployment key for a tenant", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
|
||||
@ -16,7 +16,6 @@ import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantcommons.model.TenantResponse;
|
||||
import com.knecon.fforesight.tenantcommons.model.UpdateDetailsRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.DeploymentKeyResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SimpleTenantResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.CreateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.UpdateTenantRequest;
|
||||
|
||||
@ -61,12 +60,6 @@ public interface InternalTenantsResource {
|
||||
TenantResponse updateTenant(@PathVariable("tenantId") String tenantId, @RequestBody UpdateTenantRequest tenantRequest);
|
||||
|
||||
|
||||
@GetMapping(value = "/tenants/simple", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Gets all existing tenant in a simplified format", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
List<SimpleTenantResponse> getSimpleTenants();
|
||||
|
||||
|
||||
@GetMapping(value = "/deploymentKey" + TENANT_ID_PATH_PARAM, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@Operation(summary = "Returns the deployment key for a tenant", description = "None")
|
||||
@ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
|
||||
|
||||
@ -7,10 +7,12 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantContext;
|
||||
import com.knecon.fforesight.tenantusermanagement.api.external.GeneralSettingsResource;
|
||||
import com.knecon.fforesight.tenantusermanagement.api.external.PublicResource;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.GeneralConfigurationModel;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.GeneralConfigurationService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.TenantManagementService;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
@ -21,13 +23,14 @@ import lombok.extern.slf4j.Slf4j;
|
||||
public class GeneralSettingsController implements GeneralSettingsResource, PublicResource {
|
||||
|
||||
private final GeneralConfigurationService generalConfigurationService;
|
||||
private final TenantManagementService tenantManagementService;
|
||||
|
||||
|
||||
@Override
|
||||
@PreAuthorize("hasAuthority('" + READ_GENERAL_CONFIGURATION + "')")
|
||||
public GeneralConfigurationModel getGeneralConfigurations() {
|
||||
|
||||
return generalConfigurationService.getGeneralConfigurations();
|
||||
return generalConfigurationService.getGeneralConfigurations(tenantManagementService.getTenantApplicationType(TenantContext.getTenantId()));
|
||||
}
|
||||
|
||||
|
||||
@ -35,7 +38,7 @@ public class GeneralSettingsController implements GeneralSettingsResource, Publi
|
||||
@PreAuthorize("hasAuthority('" + WRITE_GENERAL_CONFIGURATION + "')")
|
||||
public void updateGeneralConfigurations(@RequestBody GeneralConfigurationModel generalConfigurationModel) {
|
||||
|
||||
generalConfigurationService.updateGeneralConfigurations(generalConfigurationModel);
|
||||
generalConfigurationService.updateGeneralConfigurations(generalConfigurationModel, tenantManagementService.getTenantApplicationType(TenantContext.getTenantId()));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -22,7 +22,6 @@ import com.knecon.fforesight.tenantcommons.model.UpdateDetailsRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.api.external.PublicResource;
|
||||
import com.knecon.fforesight.tenantusermanagement.api.external.TenantsResource;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.DeploymentKeyResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SimpleTenantResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.CreateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.UpdateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.DeploymentKeyService;
|
||||
@ -77,12 +76,6 @@ public class TenantsController implements TenantsResource, PublicResource {
|
||||
}
|
||||
|
||||
|
||||
public List<SimpleTenantResponse> getSimpleTenants() {
|
||||
|
||||
return tenantManagementService.getTenants().stream().map(t -> new SimpleTenantResponse(t.getTenantId(), t.getDisplayName(), t.getGuid())).toList();
|
||||
}
|
||||
|
||||
|
||||
@PreAuthorize("hasAuthority('" + UPDATE_TENANT + "')")
|
||||
public TenantResponse updateTenant(String tenantId, @RequestBody UpdateTenantRequest tenantRequest) {
|
||||
|
||||
|
||||
@ -8,7 +8,6 @@ import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagem
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.function.Predicate;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
@ -28,7 +27,7 @@ import com.knecon.fforesight.tenantusermanagement.model.UpdateMyProfileRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.UpdateProfileRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.User;
|
||||
import com.knecon.fforesight.tenantusermanagement.permissions.ApplicationRoles;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.TenantApplicationTypeService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.UserService;
|
||||
|
||||
import jakarta.validation.Valid;
|
||||
@ -42,7 +41,7 @@ public class UserController implements UserResource, PublicResource {
|
||||
|
||||
|
||||
private final UserService userService;
|
||||
private final TenantUserManagementProperties tenantUserManagementProperties;
|
||||
private final TenantApplicationTypeService tenantApplicationTypeService;
|
||||
|
||||
|
||||
@Override
|
||||
@ -52,7 +51,7 @@ public class UserController implements UserResource, PublicResource {
|
||||
if (bypassCache) {
|
||||
userService.evictUserCache();
|
||||
}
|
||||
var mappedRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var mappedRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
|
||||
return userService.getAllUsers()
|
||||
.stream()
|
||||
|
||||
@ -16,7 +16,6 @@ import com.knecon.fforesight.tenantusermanagement.api.internal.InternalResource;
|
||||
import com.knecon.fforesight.tenantusermanagement.api.internal.InternalTenantsResource;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.CreateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.DeploymentKeyResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SimpleTenantResponse;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.UpdateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.DeploymentKeyService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.TenantManagementService;
|
||||
@ -68,12 +67,6 @@ public class InternalTenantsController implements InternalTenantsResource, Inter
|
||||
}
|
||||
|
||||
|
||||
public List<SimpleTenantResponse> getSimpleTenants() {
|
||||
|
||||
return tenantManagementService.getTenants().stream().map(t -> new SimpleTenantResponse(t.getTenantId(), t.getDisplayName(), t.getGuid())).toList();
|
||||
}
|
||||
|
||||
|
||||
public DeploymentKeyResponse getDeploymentKey(@PathVariable(TENANT_ID_PARAM) String tenantId) {
|
||||
|
||||
return new DeploymentKeyResponse(deploymentKeyService.getDeploymentKey(tenantId));
|
||||
|
||||
@ -34,9 +34,7 @@ public class MigrateOnlyHook {
|
||||
@EventListener(ApplicationReadyEvent.class)
|
||||
public void migrate() {
|
||||
|
||||
tenantManagementService.getTenants().forEach(tenant -> {
|
||||
keyCloakRoleManagerService.updateRoles(tenant.getTenantId());
|
||||
});
|
||||
tenantManagementService.getTenants().forEach(tenant -> keyCloakRoleManagerService.updateRoles(tenant.getTenantId(), tenant.getApplicationType()));
|
||||
|
||||
// This should only run in post upgrade hook
|
||||
if (isMigrateOnly) {
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.model;
|
||||
|
||||
import io.swagger.v3.oas.annotations.media.Schema;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
@Data
|
||||
@Builder
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
@Schema(description = "Object containing a simplified version of the tenant data.")
|
||||
public class SimpleTenantResponse {
|
||||
|
||||
@Schema(description = "Parameter containing the ID of the tenant.")
|
||||
private String tenantId;
|
||||
@Schema(description = "Parameter containing the display name of the tenant.")
|
||||
private String displayName;
|
||||
@Schema(description = "Parameter containing the global unique ID of the tenant.")
|
||||
private String guid;
|
||||
|
||||
}
|
||||
@ -0,0 +1,25 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.properties;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import com.knecon.fforesight.tenantusermanagement.model.KCRoleMapping;
|
||||
|
||||
import lombok.Data;
|
||||
|
||||
@Data
|
||||
public class ApplicationTypeProperties {
|
||||
|
||||
private String applicationClientId;
|
||||
private String applicationName;
|
||||
private Integer tenantAccessTokenLifeSpan = 300;
|
||||
private Integer accessTokenLifeSpan = 1800;
|
||||
private Integer ssoSessionIdleTimeout = 86400;
|
||||
private Integer refreshTokenMaxReuse;
|
||||
private String defaultTheme = "redaction";
|
||||
private List<String> validRedirectUris = new ArrayList<>();
|
||||
private KCRoleMapping kcRoleMapping = new KCRoleMapping();
|
||||
private String loginTheme;
|
||||
private String appPrefix;
|
||||
|
||||
}
|
||||
@ -1,11 +1,13 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.properties;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.HashMap;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
|
||||
import com.knecon.fforesight.tenantusermanagement.model.KCRoleMapping;
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantcommons.TenantContext;
|
||||
|
||||
import lombok.Data;
|
||||
|
||||
@ -14,24 +16,17 @@ import lombok.Data;
|
||||
public class TenantUserManagementProperties {
|
||||
|
||||
private String serverUrl;
|
||||
private String publicServerUrl;
|
||||
private String realm;
|
||||
private String applicationClientId;
|
||||
private String swaggerClientId ="swagger-ui-client";
|
||||
private String realm = "master";
|
||||
private String swaggerClientId = "swagger-ui-client";
|
||||
private String swaggerClientSecret;
|
||||
private String clientId;
|
||||
private String clientSecret;
|
||||
private String publicServerUrl;
|
||||
private String basePath = "/";
|
||||
private String basePathV2 = "/api";
|
||||
private int connectionPoolSize = 10;
|
||||
private String applicationName;
|
||||
private Integer accessTokenLifeSpan = 1800;
|
||||
private Integer ssoSessionIdleTimeout = 86400;
|
||||
private int refreshTokenMaxReuse;
|
||||
private String defaultTheme = "redaction";
|
||||
private List<String> validRedirectUris = new ArrayList<>();
|
||||
private KCRoleMapping kcRoleMapping = new KCRoleMapping();
|
||||
private String loginTheme;
|
||||
private String appPrefix;
|
||||
|
||||
private Map<String, ApplicationTypeProperties> applicationTypes = new HashMap<>();
|
||||
|
||||
|
||||
}
|
||||
|
||||
@ -2,6 +2,8 @@ package com.knecon.fforesight.tenantusermanagement.repository;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
import org.springframework.cache.annotation.CacheEvict;
|
||||
import org.springframework.cache.annotation.Cacheable;
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
import org.springframework.data.jpa.repository.Modifying;
|
||||
import org.springframework.data.jpa.repository.Query;
|
||||
@ -18,12 +20,14 @@ public interface TenantRepository extends JpaRepository<TenantEntity, String> {
|
||||
Optional<TenantEntity> findByTenantId(@Param("tenantId") String tenantId);
|
||||
|
||||
|
||||
@CacheEvict(value = "tenantApplicationType", key = "#tenantId")
|
||||
@Transactional
|
||||
@Modifying(clearAutomatically = true, flushAutomatically = true)
|
||||
@Query("delete from TenantEntity t where t.id = :tenantId ")
|
||||
void deleteByQuery(String tenantId);
|
||||
|
||||
|
||||
@Cacheable(value = "tenantApplicationType", key = "#tenantId")
|
||||
@Query("select t.applicationType from TenantEntity t where t.tenantId = :tenantId")
|
||||
Optional<TenantApplicationType> findApplicationTypeByTenantId(@Param("tenantId") String tenantId);
|
||||
|
||||
|
||||
@ -4,8 +4,10 @@ import org.apache.commons.lang3.StringUtils;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantcommons.TenantContext;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.GeneralConfigurationModel;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
@ -18,28 +20,30 @@ public class GeneralConfigurationService {
|
||||
|
||||
private final RealmService realmService;
|
||||
private final TenantUserManagementProperties tenantUserManagementProperties;
|
||||
private final TenantApplicationTypeService tenantApplicationTypeService;
|
||||
|
||||
|
||||
public void initGeneralConfiguration(String tenantId) {
|
||||
public void initGeneralConfiguration(String tenantId, TenantApplicationType tenantApplicationType) {
|
||||
|
||||
TenantContext.setTenantId(tenantId);
|
||||
var generalConfiguration = getGeneralConfigurations();
|
||||
log.info("Currently Configured Application Name: {}, default name: {}", generalConfiguration.getDisplayName(), tenantUserManagementProperties.getApplicationName());
|
||||
updateGeneralConfigurations(getGeneralConfigurations());
|
||||
var generalConfiguration = getGeneralConfigurations(tenantApplicationType);
|
||||
log.info("Currently Configured Application Name: {}, default name: {}", generalConfiguration.getDisplayName(), tenantApplicationTypeService.getProperties(tenantApplicationType).getApplicationName());
|
||||
updateGeneralConfigurations(getGeneralConfigurations(tenantApplicationType), tenantApplicationType);
|
||||
TenantContext.clear();
|
||||
}
|
||||
|
||||
|
||||
public GeneralConfigurationModel getGeneralConfigurations() {
|
||||
public GeneralConfigurationModel getGeneralConfigurations(TenantApplicationType tenantApplicationType) {
|
||||
|
||||
var realm = realmService.realm(TenantContext.getTenantId()).toRepresentation();
|
||||
var auxiliaryName = realm.getDisplayNameHtml();
|
||||
|
||||
String computedAuxiliaryName = null;
|
||||
|
||||
if (!tenantUserManagementProperties.getApplicationName().equals(auxiliaryName)) {
|
||||
ApplicationTypeProperties currentAppTypeProperties = tenantApplicationTypeService.getProperties(tenantApplicationType);
|
||||
if (!currentAppTypeProperties.getApplicationName().equals(auxiliaryName)) {
|
||||
|
||||
auxiliaryName = StringUtils.replaceOnce(auxiliaryName, tenantUserManagementProperties.getApplicationName(), "");
|
||||
auxiliaryName = StringUtils.replaceOnce(auxiliaryName, currentAppTypeProperties.getApplicationName(), "");
|
||||
auxiliaryName = StringUtils.replaceOnce(auxiliaryName, " (", "");
|
||||
auxiliaryName = StringUtils.reverse(StringUtils.replaceOnce(StringUtils.reverse(auxiliaryName), ")", ""));
|
||||
|
||||
@ -54,7 +58,7 @@ public class GeneralConfigurationService {
|
||||
}
|
||||
|
||||
|
||||
public void updateGeneralConfigurations(GeneralConfigurationModel generalConfigurationModel) {
|
||||
public void updateGeneralConfigurations(GeneralConfigurationModel generalConfigurationModel, TenantApplicationType tenantApplicationType) {
|
||||
|
||||
var realm = realmService.realm(TenantContext.getTenantId());
|
||||
|
||||
@ -69,13 +73,14 @@ public class GeneralConfigurationService {
|
||||
realmRepresentation.setResetPasswordAllowed(generalConfigurationModel.isForgotPasswordFunctionEnabled());
|
||||
|
||||
realmRepresentation.setRevokeRefreshToken(true);
|
||||
realmRepresentation.setRefreshTokenMaxReuse(tenantUserManagementProperties.getRefreshTokenMaxReuse());
|
||||
ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(tenantApplicationType);
|
||||
realmRepresentation.setRefreshTokenMaxReuse(applicationTypeProperties.getRefreshTokenMaxReuse());
|
||||
realmRepresentation.getAttributes().put("actionTokenGeneratedByUserLifespan.idp-verify-account-via-email", Integer.toString(86400));
|
||||
|
||||
if (!StringUtils.isEmpty(generalConfigurationModel.getAuxiliaryName())) {
|
||||
setDisplayName(realmRepresentation, tenantUserManagementProperties.getApplicationName() + " (" + generalConfigurationModel.getAuxiliaryName() + ")");
|
||||
setDisplayName(realmRepresentation, applicationTypeProperties.getApplicationName() + " (" + generalConfigurationModel.getAuxiliaryName() + ")");
|
||||
} else {
|
||||
setDisplayName(realmRepresentation, tenantUserManagementProperties.getApplicationName());
|
||||
setDisplayName(realmRepresentation, applicationTypeProperties.getApplicationName());
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
@ -9,6 +9,8 @@ import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
@ -21,24 +23,26 @@ public class KeyCloakRoleManagerService {
|
||||
|
||||
private final RealmService realmService;
|
||||
private final TenantUserManagementProperties tenantUserManagementProperties;
|
||||
private final TenantApplicationTypeService tenantApplicationTypeService;
|
||||
|
||||
|
||||
public void updateRoles(String tenantId) {
|
||||
public void updateRoles(String tenantId, TenantApplicationType applicationType) {
|
||||
|
||||
var realm = realmService.realm(tenantId);
|
||||
|
||||
ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(applicationType);
|
||||
log.info("Running KeyCloak Role Manager, managing client: {} with system client {}",
|
||||
tenantUserManagementProperties.getApplicationClientId(),
|
||||
tenantUserManagementProperties.getClientId());
|
||||
applicationTypeProperties.getApplicationClientId(),
|
||||
tenantUserManagementProperties.getClientId());
|
||||
var existingRoles = realm.roles().list().stream().map(RoleRepresentation::getName).collect(Collectors.toList());
|
||||
|
||||
log.info("Existing KC roles: {}", existingRoles);
|
||||
|
||||
var redactionClientRepresentation = getRedactionClientRepresentation(tenantId);
|
||||
var redactionClientRepresentation = getRedactionClientRepresentation(tenantId, applicationTypeProperties.getApplicationClientId());
|
||||
var redactionClient = realm.clients().get(redactionClientRepresentation.getId());
|
||||
var clientRoles = redactionClient.roles().list().stream().map(RoleRepresentation::getName).collect(Collectors.toList());
|
||||
|
||||
var allPermissions = tenantUserManagementProperties.getKcRoleMapping().getPermissions();
|
||||
var allPermissions = applicationTypeProperties.getKcRoleMapping().getPermissions();
|
||||
|
||||
log.info("Existing KC client roles: {}", clientRoles);
|
||||
log.info("Current Application KC client roles: {}", allPermissions);
|
||||
@ -65,8 +69,8 @@ public class KeyCloakRoleManagerService {
|
||||
|
||||
var allClientRoles = redactionClient.roles().list();
|
||||
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var rolePermissionMappings = tenantUserManagementProperties.getKcRoleMapping().getRolePermissionMapping();
|
||||
var allRoles = applicationTypeProperties.getKcRoleMapping().getAllRoles();
|
||||
var rolePermissionMappings = applicationTypeProperties.getKcRoleMapping().getRolePermissionMapping();
|
||||
|
||||
// if an application-role doesn't exist, create it
|
||||
for (String applicationRole : allRoles) {
|
||||
@ -93,7 +97,7 @@ public class KeyCloakRoleManagerService {
|
||||
log.info("Finished application role {}", applicationRole);
|
||||
}
|
||||
|
||||
var composites = tenantUserManagementProperties.getKcRoleMapping().getRoleComposites();
|
||||
var composites = applicationTypeProperties.getKcRoleMapping().getRoleComposites();
|
||||
for (var key : composites.keySet()) {
|
||||
var realmRole = realm.roles().get(key).toRepresentation();
|
||||
|
||||
@ -111,9 +115,8 @@ public class KeyCloakRoleManagerService {
|
||||
}
|
||||
|
||||
|
||||
private ClientRepresentation getRedactionClientRepresentation(String tenantId) {
|
||||
private ClientRepresentation getRedactionClientRepresentation(String tenantId, String applicationClientId) {
|
||||
|
||||
String applicationClientId = tenantUserManagementProperties.getApplicationClientId();
|
||||
var clientRepresentationIterator = realmService.realm(tenantId).clients().findByClientId(applicationClientId).iterator();
|
||||
|
||||
if (clientRepresentationIterator.hasNext()) {
|
||||
|
||||
@ -0,0 +1,54 @@
|
||||
package com.knecon.fforesight.tenantusermanagement.service;
|
||||
|
||||
import java.util.Locale;
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.web.server.ResponseStatusException;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantcommons.TenantContext;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.repository.TenantRepository;
|
||||
|
||||
import lombok.AccessLevel;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.experimental.FieldDefaults;
|
||||
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
@FieldDefaults(level = AccessLevel.PRIVATE, makeFinal = true)
|
||||
public class TenantApplicationTypeService {
|
||||
|
||||
TenantUserManagementProperties tenantUserManagementProperties;
|
||||
TenantRepository tenantRepository;
|
||||
|
||||
|
||||
public TenantApplicationType getCurrent() {
|
||||
|
||||
return get(TenantContext.getTenantId());
|
||||
}
|
||||
|
||||
|
||||
public TenantApplicationType get(String tenantId) {
|
||||
|
||||
return tenantRepository.findApplicationTypeByTenantId(tenantId)
|
||||
.orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Tenant does not exist"));
|
||||
}
|
||||
|
||||
|
||||
public ApplicationTypeProperties getProperties(TenantApplicationType applicationType) {
|
||||
|
||||
return tenantUserManagementProperties.getApplicationTypes()
|
||||
.get(applicationType.name().toLowerCase(Locale.ROOT));
|
||||
}
|
||||
|
||||
|
||||
public ApplicationTypeProperties getCurrentProperties() {
|
||||
|
||||
TenantApplicationType applicationType = get(TenantContext.getTenantId());
|
||||
return getProperties(applicationType);
|
||||
}
|
||||
|
||||
}
|
||||
@ -67,6 +67,7 @@ import com.knecon.fforesight.tenantusermanagement.model.CreateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.SearchConnectionRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.TenantUser;
|
||||
import com.knecon.fforesight.tenantusermanagement.model.UpdateTenantRequest;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.repository.TenantRepository;
|
||||
import com.knecon.fforesight.tenantusermanagement.utils.JDBCUtils;
|
||||
@ -108,6 +109,7 @@ public class TenantManagementService implements TenantProvider {
|
||||
private final RabbitTemplate rabbitTemplate;
|
||||
private final StorageConfiguration storageConfiguration;
|
||||
private final SMTPService smtpService;
|
||||
private final TenantApplicationTypeService tenantApplicationTypeService;
|
||||
|
||||
@Value("${fforesight.tenant-exchange.name}")
|
||||
private String tenantExchangeName;
|
||||
@ -117,8 +119,8 @@ public class TenantManagementService implements TenantProvider {
|
||||
public TenantResponse createTenant(CreateTenantRequest tenantRequest) {
|
||||
|
||||
// For now we update the master realm theme whenever we create the tenant
|
||||
updateMasterTheme(tenantUserManagementProperties.getLoginTheme());
|
||||
updateMasterDisplayName(tenantUserManagementProperties.getApplicationName());
|
||||
updateMasterTheme(tenantApplicationTypeService.getProperties(tenantRequest.getApplicationType()).getLoginTheme());
|
||||
updateMasterDisplayName(tenantApplicationTypeService.getProperties(tenantRequest.getApplicationType()).getApplicationName());
|
||||
|
||||
log.info("Tenants are: {}",
|
||||
tenantRepository.findAll()
|
||||
@ -158,7 +160,7 @@ public class TenantManagementService implements TenantProvider {
|
||||
.password(encryptionService.encrypt(searchConnection.getPassword()))
|
||||
.numberOfShards(searchConnection.getNumberOfShards())
|
||||
.numberOfReplicas(searchConnection.getNumberOfReplicas())
|
||||
.indexPrefix(buildIndexPrefix(tenantRequest.getTenantId()))
|
||||
.indexPrefix(buildIndexPrefix(tenantRequest.getTenantId(), tenantRequest.getApplicationType()))
|
||||
.build());
|
||||
MongoDBConnection mongoDBConnection = tenantRequest.getMongoDBConnection();
|
||||
if (mongoDBConnection != null) {
|
||||
@ -208,7 +210,7 @@ public class TenantManagementService implements TenantProvider {
|
||||
log.info("Skipping creation of mongo database for this tenant");
|
||||
}
|
||||
|
||||
propagateTenantToKeyCloak(tenantRequest.getTenantId(), tenantRequest.getDefaultUsers());
|
||||
propagateTenantToKeyCloak(tenantRequest.getTenantId(), tenantRequest.getApplicationType(), tenantRequest.getDefaultUsers());
|
||||
|
||||
log.info("Updated roles for tenant: {}", tenantRequest.getTenantId());
|
||||
|
||||
@ -300,21 +302,21 @@ public class TenantManagementService implements TenantProvider {
|
||||
log.info("Deleting mongodb database for tenant: {}", tenant.getTenantId());
|
||||
deleteMongoDBDatabase(tenant);
|
||||
deleteRealm(tenantId);
|
||||
tenantRepository.deleteById(tenant.getTenantId());
|
||||
tenantRepository.deleteByQuery(tenant.getTenantId());
|
||||
|
||||
}
|
||||
|
||||
|
||||
private String buildIndexPrefix(String tenantId) {
|
||||
private String buildIndexPrefix(String tenantId, TenantApplicationType applicationType) {
|
||||
|
||||
return tenantUserManagementProperties.getAppPrefix() + "_" + tenantId;
|
||||
return tenantApplicationTypeService.getProperties(applicationType).getAppPrefix() + "_" + tenantId;
|
||||
}
|
||||
|
||||
|
||||
private void propagateTenantToKeyCloak(String tenantId, List<TenantUser> usersToCreate) throws InterruptedException {
|
||||
private void propagateTenantToKeyCloak(String tenantId, TenantApplicationType applicationType, List<TenantUser> usersToCreate) throws InterruptedException {
|
||||
|
||||
log.info("Creating or updating realm for tenant: {}", tenantId);
|
||||
createOrUpdateRealm(tenantId, usersToCreate);
|
||||
createOrUpdateRealm(tenantId, applicationType, usersToCreate);
|
||||
|
||||
var waitTime = 0;
|
||||
boolean realmReady;
|
||||
@ -335,8 +337,8 @@ public class TenantManagementService implements TenantProvider {
|
||||
|
||||
setPasswordPolicyForRealm(tenantId);
|
||||
|
||||
generalConfigurationService.initGeneralConfiguration(tenantId);
|
||||
keyCloakRoleManagerService.updateRoles(tenantId);
|
||||
generalConfigurationService.initGeneralConfiguration(tenantId, applicationType);
|
||||
keyCloakRoleManagerService.updateRoles(tenantId, applicationType);
|
||||
}
|
||||
|
||||
|
||||
@ -437,9 +439,9 @@ public class TenantManagementService implements TenantProvider {
|
||||
}
|
||||
|
||||
|
||||
public void createOrUpdateRealm(String tenantId, List<TenantUser> users) {
|
||||
public void createOrUpdateRealm(String tenantId, TenantApplicationType applicationType, List<TenantUser> users) {
|
||||
|
||||
if (syncRealmIfExists(tenantId, users)) {
|
||||
if (syncRealmIfExists(tenantId, applicationType, users)) {
|
||||
log.info("Updated realm for tenant: {}", tenantId);
|
||||
return;
|
||||
}
|
||||
@ -448,12 +450,12 @@ public class TenantManagementService implements TenantProvider {
|
||||
realm.setId(tenantId);
|
||||
realm.setRealm(tenantId);
|
||||
realm.setEnabled(true);
|
||||
setRealmProperties(realm);
|
||||
setRealmProperties(realm, applicationType);
|
||||
|
||||
var clients = getRealmClients();
|
||||
var clients = getRealmClients(applicationType);
|
||||
realm.setClients(clients);
|
||||
|
||||
realm.setRoles(getRealmRoles());
|
||||
realm.setRoles(getRealmRoles(applicationType));
|
||||
|
||||
if (users != null) {
|
||||
realm.setUsers(users.stream()
|
||||
@ -480,18 +482,19 @@ public class TenantManagementService implements TenantProvider {
|
||||
}
|
||||
|
||||
|
||||
private boolean syncRealmIfExists(String tenantId, List<TenantUser> users) {
|
||||
private boolean syncRealmIfExists(String tenantId, TenantApplicationType applicationType, List<TenantUser> users) {
|
||||
|
||||
try {
|
||||
var existingRealm = getRealmResource(tenantId).toRepresentation();
|
||||
if (existingRealm != null) {
|
||||
log.info("Updating existing realm: {}", tenantId);
|
||||
existingRealm.setLoginTheme(tenantUserManagementProperties.getDefaultTheme());
|
||||
existingRealm.setEmailTheme(tenantUserManagementProperties.getDefaultTheme());
|
||||
existingRealm.setAccountTheme(tenantUserManagementProperties.getDefaultTheme());
|
||||
existingRealm.setAccessTokenLifespan(tenantUserManagementProperties.getAccessTokenLifeSpan());
|
||||
existingRealm.setSsoSessionIdleTimeout(tenantUserManagementProperties.getSsoSessionIdleTimeout());
|
||||
var clients = getRealmClients();
|
||||
ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(applicationType);
|
||||
existingRealm.setLoginTheme(applicationTypeProperties.getDefaultTheme());
|
||||
existingRealm.setEmailTheme(applicationTypeProperties.getDefaultTheme());
|
||||
existingRealm.setAccountTheme(applicationTypeProperties.getDefaultTheme());
|
||||
existingRealm.setAccessTokenLifespan(applicationTypeProperties.getAccessTokenLifeSpan());
|
||||
existingRealm.setSsoSessionIdleTimeout(applicationTypeProperties.getSsoSessionIdleTimeout());
|
||||
var clients = getRealmClients(applicationType);
|
||||
var relevantClientNames = clients.stream()
|
||||
.map(c -> c.getClientId().toLowerCase(Locale.getDefault()))
|
||||
.collect(Collectors.toSet());
|
||||
@ -507,7 +510,7 @@ public class TenantManagementService implements TenantProvider {
|
||||
clients.forEach(c -> getRealmResource(tenantId).clients().create(c));
|
||||
|
||||
existingRealm.setClients(clients);
|
||||
existingRealm.setRoles(getRealmRoles());
|
||||
existingRealm.setRoles(getRealmRoles(applicationType));
|
||||
|
||||
if (users != null) {
|
||||
|
||||
@ -552,16 +555,17 @@ public class TenantManagementService implements TenantProvider {
|
||||
}
|
||||
|
||||
|
||||
private RolesRepresentation getRealmRoles() {
|
||||
private RolesRepresentation getRealmRoles(TenantApplicationType applicationType) {
|
||||
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(applicationType);
|
||||
var allRoles = applicationTypeProperties.getKcRoleMapping().getAllRoles();
|
||||
|
||||
var roles = new ArrayList<RoleRepresentation>();
|
||||
for (String applicationRole : allRoles) {
|
||||
var role = new RoleRepresentation();
|
||||
role.setComposite(true);
|
||||
role.setName(applicationRole);
|
||||
role.setContainerId(tenantUserManagementProperties.getApplicationClientId());
|
||||
role.setContainerId(applicationTypeProperties.getApplicationClientId());
|
||||
roles.add(role);
|
||||
}
|
||||
|
||||
@ -571,16 +575,18 @@ public class TenantManagementService implements TenantProvider {
|
||||
}
|
||||
|
||||
|
||||
private List<ClientRepresentation> getRealmClients() {
|
||||
private List<ClientRepresentation> getRealmClients(TenantApplicationType applicationType) {
|
||||
|
||||
ApplicationTypeProperties appTypeProperties = tenantApplicationTypeService.getProperties(applicationType);
|
||||
|
||||
var applicationClient = new ClientRepresentation();
|
||||
applicationClient.setEnabled(true);
|
||||
applicationClient.setName(tenantUserManagementProperties.getApplicationClientId());
|
||||
applicationClient.setClientId(tenantUserManagementProperties.getApplicationClientId());
|
||||
applicationClient.setName(appTypeProperties.getApplicationClientId());
|
||||
applicationClient.setClientId(appTypeProperties.getApplicationClientId());
|
||||
applicationClient.setStandardFlowEnabled(true);
|
||||
applicationClient.setImplicitFlowEnabled(true);
|
||||
applicationClient.setDirectAccessGrantsEnabled(true);
|
||||
applicationClient.setRedirectUris(tenantUserManagementProperties.getValidRedirectUris());
|
||||
applicationClient.setRedirectUris(appTypeProperties.getValidRedirectUris());
|
||||
applicationClient.setWebOrigins(List.of("+"));
|
||||
applicationClient.setPublicClient(true);
|
||||
setPostLogoutRedirectUriForClient(applicationClient);
|
||||
@ -595,7 +601,7 @@ public class TenantManagementService implements TenantProvider {
|
||||
swaggerClient.setDirectAccessGrantsEnabled(false);
|
||||
swaggerClient.setServiceAccountsEnabled(true);
|
||||
swaggerClient.setAuthorizationServicesEnabled(true);
|
||||
swaggerClient.setRedirectUris(tenantUserManagementProperties.getValidRedirectUris());
|
||||
swaggerClient.setRedirectUris(appTypeProperties.getValidRedirectUris());
|
||||
swaggerClient.setWebOrigins(List.of("+"));
|
||||
setPostLogoutRedirectUriForClient(swaggerClient);
|
||||
|
||||
@ -603,15 +609,16 @@ public class TenantManagementService implements TenantProvider {
|
||||
}
|
||||
|
||||
|
||||
private void setRealmProperties(RealmRepresentation realm) {
|
||||
private void setRealmProperties(RealmRepresentation realm, TenantApplicationType tenantApplicationType) {
|
||||
|
||||
realm.setLoginTheme(tenantUserManagementProperties.getDefaultTheme());
|
||||
realm.setEmailTheme(tenantUserManagementProperties.getDefaultTheme());
|
||||
realm.setAccountTheme(tenantUserManagementProperties.getDefaultTheme());
|
||||
realm.setAccessTokenLifespan(tenantUserManagementProperties.getAccessTokenLifeSpan());
|
||||
realm.setSsoSessionIdleTimeout(tenantUserManagementProperties.getSsoSessionIdleTimeout());
|
||||
ApplicationTypeProperties currentAppTypeProperties = tenantApplicationTypeService.getProperties(tenantApplicationType);
|
||||
realm.setLoginTheme(currentAppTypeProperties.getDefaultTheme());
|
||||
realm.setEmailTheme(currentAppTypeProperties.getDefaultTheme());
|
||||
realm.setAccountTheme(currentAppTypeProperties.getDefaultTheme());
|
||||
realm.setAccessTokenLifespan(currentAppTypeProperties.getAccessTokenLifeSpan());
|
||||
realm.setSsoSessionIdleTimeout(currentAppTypeProperties.getSsoSessionIdleTimeout());
|
||||
realm.setRevokeRefreshToken(true);
|
||||
realm.setRefreshTokenMaxReuse(tenantUserManagementProperties.getRefreshTokenMaxReuse());
|
||||
realm.setRefreshTokenMaxReuse(currentAppTypeProperties.getRefreshTokenMaxReuse());
|
||||
|
||||
if (!ObjectUtils.isEmpty(tenantUserManagementProperties.getPublicServerUrl())) {
|
||||
Map<String, String> attributes = new HashMap<>();
|
||||
@ -792,7 +799,7 @@ public class TenantManagementService implements TenantProvider {
|
||||
.build());
|
||||
}
|
||||
|
||||
propagateTenantToKeyCloak(tenantId, null);
|
||||
propagateTenantToKeyCloak(tenantId, tenantEntity.getApplicationType(), null);
|
||||
|
||||
TenantResponse tenantResponse = convert(tenantRepository.save(tenantEntity));
|
||||
|
||||
@ -821,10 +828,10 @@ public class TenantManagementService implements TenantProvider {
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public TenantApplicationType getTenantApplicationType(String tenantId) {
|
||||
|
||||
return tenantRepository.findApplicationTypeByTenantId(tenantId)
|
||||
.orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Tenant does not exist"));
|
||||
return tenantApplicationTypeService.get(tenantId);
|
||||
}
|
||||
|
||||
|
||||
@ -857,7 +864,7 @@ public class TenantManagementService implements TenantProvider {
|
||||
private TenantResponse convert(TenantEntity entity) {
|
||||
|
||||
var authDetails = realmService.getOpenIdConnectDetails(entity.getTenantId());
|
||||
var roleMapping = tenantUserManagementProperties.getKcRoleMapping();
|
||||
var roleMapping = tenantApplicationTypeService.getProperties(entity.getApplicationType()).getKcRoleMapping();
|
||||
authDetails.setClientRoles(roleMapping.getPermissions());
|
||||
authDetails.setRealmRoles(roleMapping.getAllRoles());
|
||||
|
||||
@ -962,14 +969,15 @@ public class TenantManagementService implements TenantProvider {
|
||||
public void syncTenant(String tenantId, JsonNode payload) {
|
||||
|
||||
log.info("Syncing Realm: {}", tenantId);
|
||||
syncRealmIfExists(tenantId, null);
|
||||
setPasswordPolicyForRealm(tenantId);
|
||||
generalConfigurationService.initGeneralConfiguration(tenantId);
|
||||
keyCloakRoleManagerService.updateRoles(tenantId);
|
||||
propagateTenantToKeyCloak(tenantId, null);
|
||||
log.info("Realm: {} synced", tenantId);
|
||||
|
||||
TenantContext.setTenantId(tenantId);
|
||||
TenantApplicationType tenantApplicationType = getTenantApplicationType(tenantId);
|
||||
syncRealmIfExists(tenantId, tenantApplicationType, null);
|
||||
setPasswordPolicyForRealm(tenantId);
|
||||
generalConfigurationService.initGeneralConfiguration(tenantId, tenantApplicationType);
|
||||
keyCloakRoleManagerService.updateRoles(tenantId, tenantApplicationType);
|
||||
|
||||
propagateTenantToKeyCloak(tenantId, tenantApplicationType, null);
|
||||
log.info("Realm: {} synced", tenantId);
|
||||
rabbitTemplate.convertAndSend(tenantExchangeName, "tenant.sync", new TenantSyncEvent(tenantId, payload));
|
||||
TenantContext.clear();
|
||||
|
||||
|
||||
@ -14,7 +14,6 @@ import org.springframework.retry.support.RetryTemplate;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import com.knecon.fforesight.tenantusermanagement.model.User;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
@ -26,7 +25,7 @@ public class UserListingService {
|
||||
|
||||
private final RealmService realmService;
|
||||
|
||||
private final TenantUserManagementProperties tenantUserManagementProperties;
|
||||
private final TenantApplicationTypeService tenantApplicationTypeService;
|
||||
private final RetryTemplate retryTemplate = RetryTemplate.builder().maxAttempts(3).exponentialBackoff(1000, 2, 5000).build();
|
||||
|
||||
|
||||
@ -41,7 +40,7 @@ public class UserListingService {
|
||||
Map<String, Set<String>> usersByRole = new HashMap<>();
|
||||
if (!allUsers.isEmpty()) {
|
||||
var realmRoles = realm.roles().list().stream().map(r -> r.getName().toUpperCase(Locale.ROOT)).collect(Collectors.toSet());
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
for (var role : allRoles) {
|
||||
if (realmRoles.contains(role)) {
|
||||
List<UserRepresentation> users = realm.roles().get(role).getUserMembers(0, 500);
|
||||
@ -71,7 +70,7 @@ public class UserListingService {
|
||||
users.add(user);
|
||||
}
|
||||
|
||||
var roleComposites = tenantUserManagementProperties.getKcRoleMapping().getRoleComposites();
|
||||
var roleComposites = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getRoleComposites();
|
||||
users.forEach(user -> {
|
||||
for (var parentRole : roleComposites.keySet()) {
|
||||
if (user.getRoles().contains(parentRole)) {
|
||||
|
||||
@ -59,6 +59,7 @@ public class UserService {
|
||||
private final TenantUserManagementProperties tenantUserManagementProperties;
|
||||
private final UserListingService userListingService;
|
||||
private final RabbitTemplate rabbitTemplate;
|
||||
private final TenantApplicationTypeService tenantApplicationTypeService;
|
||||
|
||||
@Value("${fforesight.user-exchange.name}")
|
||||
private String userExchangeName;
|
||||
@ -86,7 +87,7 @@ public class UserService {
|
||||
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Email address format is not valid");
|
||||
}
|
||||
|
||||
tenantUserManagementProperties.getKcRoleMapping().validateRoles(user.getRoles());
|
||||
tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().validateRoles(user.getRoles());
|
||||
|
||||
UserRepresentation userRepresentation = new UserRepresentation();
|
||||
userRepresentation.setUsername(username);
|
||||
@ -130,9 +131,10 @@ public class UserService {
|
||||
}
|
||||
|
||||
|
||||
|
||||
public void checkRankOrderForAssigningRole(Set<String> newRoles, Set<String> currentUserRoles) {
|
||||
|
||||
var roleMapping = tenantUserManagementProperties.getKcRoleMapping();
|
||||
var roleMapping = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping();
|
||||
var maxRank = currentUserRoles.stream()
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.max(Integer::compare)
|
||||
@ -156,7 +158,7 @@ public class UserService {
|
||||
return userResource.roles().realmLevel().listEffective()
|
||||
.stream()
|
||||
.map(RoleRepresentation::getName)
|
||||
.filter(r -> tenantUserManagementProperties.getKcRoleMapping().isValidRole(r))
|
||||
.filter(r -> tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().isValidRole(r))
|
||||
.collect(Collectors.toSet());
|
||||
}
|
||||
|
||||
@ -179,7 +181,7 @@ public class UserService {
|
||||
@CacheEvict(value = "${commons.keycloak.userCache}", allEntries = true, beforeInvocation = true)
|
||||
public User setRoles(String userId, Set<String> newRoles, Set<String> currentUserRoles) {
|
||||
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
newRoles.forEach(role -> {
|
||||
|
||||
if (!allRoles.contains(role) || ApplicationRoles.isKneconRole(role)) {
|
||||
@ -215,7 +217,7 @@ public class UserService {
|
||||
@CacheEvict(value = "${commons.keycloak.userCache}", allEntries = true, beforeInvocation = true)
|
||||
public void removeRolesForDeletion(String userId, Set<String> roles) {
|
||||
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
roles.forEach(role -> {
|
||||
|
||||
if (!allRoles.contains(role)) {
|
||||
@ -236,34 +238,68 @@ public class UserService {
|
||||
@CacheEvict(value = "${commons.keycloak.userCache}", allEntries = true, beforeInvocation = true)
|
||||
public void validateSufficientRoles(String userId, Set<String> userRoles, Set<String> newRoles, Set<String> currentUserRoles) {
|
||||
|
||||
var roleMapping = tenantUserManagementProperties.getKcRoleMapping();
|
||||
var maxRank = currentUserRoles.stream()
|
||||
var roleMapping = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping();
|
||||
|
||||
int maxCurrentUserRank = currentUserRoles.stream()
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.max(Integer::compare)
|
||||
.orElse(-1);
|
||||
var newRolesRank = newRoles.stream()
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.toList();
|
||||
var maxNewRolesRank = newRolesRank.stream()
|
||||
.max(Integer::compare)
|
||||
.orElse(-1);
|
||||
|
||||
var untouchableRoles = userRoles.stream()
|
||||
Set<String> untouchableRoles = userRoles.stream()
|
||||
.filter(roleMapping::isValidRole)
|
||||
.map(roleMapping::getRole)
|
||||
.filter(r -> r.getRank() > maxRank || ApplicationRoles.isKneconRole(r.getName()))
|
||||
.filter(r -> r.getRank() > maxCurrentUserRank && !ApplicationRoles.isKneconRole(r.getName()))
|
||||
.map(KCRole::getName)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
if (maxNewRolesRank > maxRank) {
|
||||
Set<String> kneconRoles = userRoles.stream()
|
||||
.filter(roleMapping::isValidRole)
|
||||
.map(roleMapping::getRole)
|
||||
.map(KCRole::getName)
|
||||
.filter(ApplicationRoles::isKneconRole)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
int maxNewRolesRank = newRoles.stream()
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.max(Integer::compare)
|
||||
.orElse(-1);
|
||||
|
||||
newRoles.addAll(kneconRoles);
|
||||
|
||||
int maxNewRolesRankIncludingKnecon = newRoles.stream()
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.max(Integer::compare)
|
||||
.orElse(-1);
|
||||
|
||||
ensureNoHigherRankAssigned(maxCurrentUserRank, maxNewRolesRank);
|
||||
ensureUntouchableRolesPreserved(untouchableRoles, newRoles);
|
||||
ensureHighestRankNotRemovedFromSelf(userId, maxCurrentUserRank, maxNewRolesRankIncludingKnecon, roleMapping.getMaxRank());
|
||||
}
|
||||
|
||||
|
||||
private void ensureNoHigherRankAssigned(int maxCurrentUserRank, int maxNewRolesRank) {
|
||||
|
||||
if (maxNewRolesRank > maxCurrentUserRank) {
|
||||
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Cannot assign this role to that user. Insufficient rights");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private void ensureUntouchableRolesPreserved(Set<String> untouchableRoles, Set<String> newRoles) {
|
||||
|
||||
if (!newRoles.containsAll(untouchableRoles)) {
|
||||
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Cannot modify some roles for this user. Insufficient rights");
|
||||
}
|
||||
}
|
||||
|
||||
if (userId.equalsIgnoreCase(KeycloakSecurity.getUserId()) && maxRank.equals(roleMapping.getMaxRank()) && !maxNewRolesRank.equals(maxRank)) {
|
||||
|
||||
private void ensureHighestRankNotRemovedFromSelf(String userId, int maxCurrentUserRank, int maxNewRolesRankIncludingKnecon, int overallMaxRank) {
|
||||
|
||||
boolean isSelf = userId.equalsIgnoreCase(KeycloakSecurity.getUserId());
|
||||
boolean isUserHighestRank = maxCurrentUserRank == overallMaxRank;
|
||||
boolean highestRankRemoved = !Integer.valueOf(maxNewRolesRankIncludingKnecon).equals(maxCurrentUserRank);
|
||||
|
||||
if (isSelf && isUserHighestRank && highestRankRemoved) {
|
||||
throw new ResponseStatusException(HttpStatus.CONFLICT, "Cannot remove highest ranking role from self.");
|
||||
}
|
||||
}
|
||||
@ -345,7 +381,7 @@ public class UserService {
|
||||
.realm(TenantContext.getTenantId())
|
||||
.username(username)
|
||||
.password(password)
|
||||
.clientId(tenantUserManagementProperties.getApplicationClientId())
|
||||
.clientId(tenantApplicationTypeService.getCurrentProperties().getApplicationClientId())
|
||||
.grantType(OAuth2Constants.PASSWORD)
|
||||
.resteasyClient(new ResteasyClientBuilderImpl().connectionTTL(2, TimeUnit.SECONDS)
|
||||
.hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
|
||||
@ -406,7 +442,7 @@ public class UserService {
|
||||
var user = userListingService.convertBasicUser(userRepresentation);
|
||||
user.setRoles(getRoles(user.getUserId()));
|
||||
|
||||
var roleComposites = tenantUserManagementProperties.getKcRoleMapping().getRoleComposites();
|
||||
var roleComposites = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getRoleComposites();
|
||||
for (var parentRole : roleComposites.keySet()) {
|
||||
if (user.getRoles().contains(parentRole)) {
|
||||
user.getRoles().addAll(roleComposites.get(parentRole));
|
||||
@ -424,7 +460,7 @@ public class UserService {
|
||||
log.warn("User with id=" + id + " contains null role mappings.");
|
||||
return new TreeSet<>();
|
||||
}
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
return realmMappings.stream()
|
||||
.map(RoleRepresentation::getName)
|
||||
.filter(allRoles::contains)
|
||||
@ -531,7 +567,7 @@ public class UserService {
|
||||
var currentRoles = getRoles(userId);
|
||||
|
||||
if (isActive && currentRoles.isEmpty()) { // add RED_USER role
|
||||
setRoles(userId, tenantUserManagementProperties.getKcRoleMapping().getDefaultRoles());
|
||||
setRoles(userId, tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getDefaultRoles());
|
||||
}
|
||||
|
||||
var toggledUser = getUserByUsername(userRepresentation.getUsername());
|
||||
@ -647,12 +683,13 @@ public class UserService {
|
||||
return ValidationResult.INVALID;
|
||||
}
|
||||
|
||||
var roleMapping = tenantUserManagementProperties.getKcRoleMapping();
|
||||
var roleMapping = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping();
|
||||
var maxRank = currentRoles.stream()
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.max(Integer::compare)
|
||||
.orElse(-1);
|
||||
var targetRank = userRoles.stream()
|
||||
.filter(ApplicationRoles::isNoKneconRole)
|
||||
.map(r -> roleMapping.getRole(r).getRank())
|
||||
.max(Integer::compare)
|
||||
.orElse(-1);
|
||||
|
||||
@ -1,128 +0,0 @@
|
||||
fforesight:
|
||||
tenant-user-management:
|
||||
application-client-id: 'fforesight'
|
||||
application-name: 'Clarifynd'
|
||||
client-id: 'manager'
|
||||
accessTokenLifeSpan: 3600
|
||||
ssoSessionIdleTimeout: 86400
|
||||
realm: master
|
||||
default-theme: 'clarifynd'
|
||||
valid-redirect-uris: [ '/search/*', '/bdr-connector/*', '/sdi/*', '/tenant-user-management/*','http://localhost:4200/*', 'http://localhost:4300/*', '/ui/*' ,'/auth/*','/persistence/*', '/audit/*', '/contextual-query/*' ]
|
||||
kc-role-mapping:
|
||||
roles:
|
||||
- name: FF_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-search'
|
||||
- 'fforesight-view-document'
|
||||
- 'fforesight-user-upload-files'
|
||||
- 'fforesight-user-manage-files'
|
||||
- 'fforesight-user-view-files'
|
||||
- 'fforesight-user-manage-analysis'
|
||||
- 'fforesight-user-view-analysis'
|
||||
- 'fforesight-user-view-favourites'
|
||||
- 'fforesight-user-add-to-favourites'
|
||||
- 'fforesight-user-delete-from-favourites'
|
||||
- 'fforesight-user-view-paragraph-tags'
|
||||
- 'fforesight-user-add-to-paragraph-tags'
|
||||
- 'fforesight-user-delete-from-paragraph-tags'
|
||||
- 'fforesight-read-tag'
|
||||
- 'fforesight-write-tag'
|
||||
- 'fforesight-download-file'
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions:
|
||||
- "red-read-license"
|
||||
- "red-update-license"
|
||||
- "red-get-similiar-images"
|
||||
- "fforesight-get-tenants"
|
||||
- "fforesight-create-tenant"
|
||||
- "fforesight-update-tenant"
|
||||
- "fforesight-delete-tenant"
|
||||
- "fforesight-read-users"
|
||||
- "fforesight-read-all-users"
|
||||
- "fforesight-write-users"
|
||||
- "fforesight-read-smtp-configuration"
|
||||
- "fforesight-write-smtp-configuration"
|
||||
- "fforesight-read-identity-provider-config"
|
||||
- "fforesight-write-identity-provider-config"
|
||||
- "red-unarchive-dossier"
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions:
|
||||
- "red-read-license"
|
||||
- "red-update-license"
|
||||
- "red-get-similiar-images"
|
||||
- "fforesight-get-tenants"
|
||||
- "fforesight-create-tenant"
|
||||
- "fforesight-update-tenant"
|
||||
- "fforesight-delete-tenant"
|
||||
- "fforesight-read-users"
|
||||
- "fforesight-read-all-users"
|
||||
- "fforesight-write-users"
|
||||
- "fforesight-read-smtp-configuration"
|
||||
- "fforesight-write-smtp-configuration"
|
||||
- "fforesight-read-identity-provider-config"
|
||||
- "fforesight-write-identity-provider-config"
|
||||
- "red-unarchive-dossier"
|
||||
- name: FF_ADMIN
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- "fforesight-read-identity-provider-config"
|
||||
- "fforesight-write-identity-provider-config"
|
||||
- 'fforesight-search'
|
||||
- 'fforesight-search-audit-log'
|
||||
- 'fforesight-view-document'
|
||||
- 'fforesight-user-upload-files'
|
||||
- 'fforesight-user-manage-files'
|
||||
- 'fforesight-user-view-files'
|
||||
- 'fforesight-user-manage-analysis'
|
||||
- 'fforesight-user-view-analysis'
|
||||
- 'fforesight-user-view-favourites'
|
||||
- 'fforesight-user-add-to-favourites'
|
||||
- 'fforesight-user-view-paragraph-tags'
|
||||
- 'fforesight-user-add-to-paragraph-tags'
|
||||
- 'fforesight-user-delete-from-paragraph-tags'
|
||||
- 'fforesight-user-delete-from-favourites'
|
||||
- 'fforesight-system-upload-files'
|
||||
- 'fforesight-system-manage-files'
|
||||
- 'fforesight-system-view-files'
|
||||
- 'fforesight-system-manage-analysis'
|
||||
- 'fforesight-system-view-analysis'
|
||||
- 'fforesight-download-file'
|
||||
- 'fforesight-sdi-view-task'
|
||||
- 'fforesight-sdi-start-task'
|
||||
- 'fforesight-sdi-stop-task'
|
||||
- 'fforesight-read-tag'
|
||||
- 'fforesight-write-tag'
|
||||
- 'taas-bdr-connector-view-task'
|
||||
- 'taas-bdr-connector-start-task'
|
||||
- 'taas-bdr-connector-stop-task'
|
||||
springdoc:
|
||||
default-tenant: 'fforesight'
|
||||
|
||||
@ -1,91 +0,0 @@
|
||||
server:
|
||||
port: 8091
|
||||
|
||||
|
||||
fforesight:
|
||||
tenant-user-management:
|
||||
server-url: http://localhost:8080
|
||||
client-secret: p2InUtjQUDSlwsXyEUFuYrSWi1BeZD1P
|
||||
client-id: manager
|
||||
realm: master
|
||||
kc-role-mapping:
|
||||
roles:
|
||||
- name: SUPER_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-delete-tenant'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
application-name: "redaction"
|
||||
springdoc:
|
||||
auth-server-url: http://localhost:8080
|
||||
|
||||
dev.tenant.storage:
|
||||
mode: 'S3'
|
||||
s3:
|
||||
key: minioadmin
|
||||
secret: minioadmin
|
||||
bucket: redaction
|
||||
endpoint: http://localhost:9000
|
||||
|
||||
dev.tenant.db:
|
||||
port: 5432
|
||||
host: localhost
|
||||
database: master
|
||||
schema: public
|
||||
username: fforesight
|
||||
password: fforesight
|
||||
|
||||
cors.enabled: true
|
||||
93
src/main/resources/application-dev.yml
Normal file
93
src/main/resources/application-dev.yml
Normal file
@ -0,0 +1,93 @@
|
||||
server:
|
||||
port: 8091
|
||||
|
||||
|
||||
fforesight:
|
||||
tenant-user-management:
|
||||
server-url: http://localhost:8080
|
||||
client-secret: p2InUtjQUDSlwsXyEUFuYrSWi1BeZD1P
|
||||
client-id: manager
|
||||
realm: master
|
||||
application-types:
|
||||
redactmanager:
|
||||
kc-role-mapping:
|
||||
roles:
|
||||
- name: SUPER_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-delete-tenant'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
application-name: "redaction"
|
||||
springdoc:
|
||||
auth-server-url: http://localhost:8080
|
||||
|
||||
dev.tenant.storage:
|
||||
mode: 'S3'
|
||||
s3:
|
||||
key: minioadmin
|
||||
secret: minioadmin
|
||||
bucket: redaction
|
||||
endpoint: http://localhost:9000
|
||||
|
||||
dev.tenant.db:
|
||||
port: 5432
|
||||
host: localhost
|
||||
database: master
|
||||
schema: public
|
||||
username: fforesight
|
||||
password: fforesight
|
||||
|
||||
cors.enabled: true
|
||||
@ -1,61 +0,0 @@
|
||||
fforesight:
|
||||
tenant-user-management:
|
||||
application-client-id: 'redaction'
|
||||
application-name: 'Documine'
|
||||
client-id: 'manager'
|
||||
tenant-access-token-life-span: 300
|
||||
realm: master
|
||||
default-theme: 'scm'
|
||||
valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ]
|
||||
kc-role-mapping:
|
||||
unmappedPermissions: [ "red-get-tables", "red-unarchive-dossier", "red-update-license", "fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ]
|
||||
compositeRoles:
|
||||
- name: RED_MANAGER
|
||||
composites:
|
||||
- name: RED_USER
|
||||
- name: RED_ADMIN
|
||||
composites:
|
||||
- name: RED_USER_ADMIN
|
||||
|
||||
|
||||
roles:
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ]
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ]
|
||||
- name: RED_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions: [ "red-get-rss", "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type",
|
||||
"red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file",
|
||||
"red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file",
|
||||
"red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request",
|
||||
"red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config",
|
||||
"red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis",
|
||||
"red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-reanalyze-dossier",
|
||||
"red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval",
|
||||
"fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ]
|
||||
- name: RED_ADMIN
|
||||
set-by-default: false
|
||||
rank: 800
|
||||
permissions: [ "red-add-dictionary-entry", "red-get-similar-images","red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type",
|
||||
"red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types",
|
||||
"red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config",
|
||||
"red-read-legal-basis", "red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config",
|
||||
"red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ]
|
||||
- name: RED_MANAGER
|
||||
set-by-default: false
|
||||
rank: 200
|
||||
permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ]
|
||||
- name: RED_USER_ADMIN
|
||||
set-by-default: false
|
||||
rank: 400
|
||||
permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-dossier", "red-read-app-configuration", "fforesight-read-general-configuration",
|
||||
"red-read-notification", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ]
|
||||
|
||||
springdoc:
|
||||
default-tenant: 'redaction'
|
||||
@ -1,54 +0,0 @@
|
||||
server:
|
||||
port: 8091
|
||||
|
||||
|
||||
fforesight:
|
||||
tenant-user-management:
|
||||
server-url: http://localhost:8080
|
||||
client-secret: muEZIuVsAr57KsjFi4WpGJuw54RiJE0q
|
||||
client-id: manager
|
||||
realm: master
|
||||
springdoc:
|
||||
auth-server-url: http://localhost:8080
|
||||
|
||||
spring:
|
||||
datasource:
|
||||
url: jdbc:postgresql://${PSQL_HOST:localhost}:${PSQL_PORT:25432}/${PSQL_DATABASE:tenantmanager}?ApplicationName=${spring.application.name:}&cachePrepStmts=true&useServerPrepStmts=true&rewriteBatchedStatements=true
|
||||
driverClassName: org.postgresql.Driver
|
||||
username: ${PSQL_USERNAME:tenantmanager}
|
||||
password: ${PSQL_PASSWORD:r3dact3d}
|
||||
platform: org.hibernate.dialect.PostgreSQL95Dialect
|
||||
|
||||
cors.enabled: true
|
||||
|
||||
|
||||
|
||||
#dev.tenant.db:
|
||||
# port: 15432
|
||||
# host: localhost
|
||||
# database: red-tenant
|
||||
# schema: public
|
||||
# username: tenant
|
||||
# password: r3dact3d
|
||||
|
||||
dev.tenant.recreateTenant: true
|
||||
|
||||
dev.tenant.db:
|
||||
port: 5432
|
||||
host: syngenta-training-clone.postgres.database.azure.com
|
||||
database: syngenta-training-<YOUR_DB_COPY_NAME>
|
||||
schema: syngentatraining
|
||||
username: db_connection
|
||||
password: <DB_PASSWORD_FROM_WIKI>
|
||||
|
||||
dev.tenant.storage:
|
||||
mode: 'S3'
|
||||
s3:
|
||||
key: minioadmin
|
||||
secret: minioadmin
|
||||
bucket: redaction
|
||||
endpoint: http://localhost:9000
|
||||
# mode: 'AZURE'
|
||||
azure:
|
||||
containerName: syngenta-training-<YOUR_BLOB_COPY_NAME>
|
||||
connectionString: <AZURE_BLOB_CONNECTION_STRING_FROM_WIKI>
|
||||
@ -1,63 +0,0 @@
|
||||
fforesight:
|
||||
tenant-user-management:
|
||||
application-client-id: 'redaction'
|
||||
application-name: 'RedactManager'
|
||||
client-id: 'manager'
|
||||
tenant-access-token-life-span: 300
|
||||
realm: master
|
||||
default-theme: 'redaction'
|
||||
valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ]
|
||||
kc-role-mapping:
|
||||
unmappedPermissions: [ "red-get-similiar-images","red-unarchive-dossier", "red-update-license", "red-get-rss","fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ]
|
||||
compositeRoles:
|
||||
- name: RED_MANAGER
|
||||
composites:
|
||||
- name: RED_USER
|
||||
- name: RED_ADMIN
|
||||
composites:
|
||||
- name: RED_USER_ADMIN
|
||||
|
||||
|
||||
roles:
|
||||
- name: RED_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions: [ "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type",
|
||||
"red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file",
|
||||
"red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file",
|
||||
"red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request",
|
||||
"red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config",
|
||||
"red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis",
|
||||
"red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-read-watermark", "red-reanalyze-dossier",
|
||||
"red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval",
|
||||
"fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ]
|
||||
- name: RED_ADMIN
|
||||
set-by-default: false
|
||||
rank: 800
|
||||
permissions: [ "red-add-dictionary-entry","red-get-similar-images", "red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type",
|
||||
"red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types",
|
||||
"red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config",
|
||||
"red-read-legal-basis", "red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-read-watermark",
|
||||
"red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config",
|
||||
"red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config",
|
||||
"red-write-watermark", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ]
|
||||
- name: RED_MANAGER
|
||||
set-by-default: false
|
||||
rank: 200
|
||||
permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ]
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ]
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ]
|
||||
- name: RED_USER_ADMIN
|
||||
set-by-default: false
|
||||
rank: 400
|
||||
permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-app-configuration", "fforesight-read-general-configuration",
|
||||
"red-read-notification", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ]
|
||||
|
||||
springdoc:
|
||||
default-tenant: 'redaction'
|
||||
@ -101,21 +101,259 @@ spring:
|
||||
password: ${REDIS_PASSWORD:}
|
||||
fforesight:
|
||||
keycloak:
|
||||
ignored-endpoints: [ '/actuator/health', '/actuator/health/**', '/tenant-user-management', '/tenant-user-management/', '/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs','/tenant-user-management/tenants/simple' ]
|
||||
ignored-endpoints: [ '/actuator/health', '/actuator/health/**', '/tenant-user-management', '/tenant-user-management/', '/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs','/actuator/prometheus' ]
|
||||
enabled: true
|
||||
springdoc:
|
||||
base-path: '/tenant-user-management'
|
||||
auth-server-url: '/auth'
|
||||
enabled: true
|
||||
default-client-id: 'swagger-ui-client'
|
||||
tenant-user-management:
|
||||
base-path: '/tenant-user-management'
|
||||
login-theme: 'redaction'
|
||||
app-prefix: 'fforesight'
|
||||
default-tenant: 'fforesight'
|
||||
tenant-exchange:
|
||||
name: 'tenants-exchange'
|
||||
user-exchange:
|
||||
name: 'users-exchange'
|
||||
tenant-user-management:
|
||||
base-path: '/tenant-user-management'
|
||||
client-id: 'manager'
|
||||
realm: master
|
||||
application-types:
|
||||
redactmanager:
|
||||
application-client-id: 'redaction'
|
||||
application-name: 'RedactManager'
|
||||
login-theme: 'redaction'
|
||||
default-theme: 'redaction'
|
||||
app-prefix: 'redaction'
|
||||
valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ]
|
||||
kc-role-mapping:
|
||||
unmappedPermissions: [ "red-get-similiar-images","red-unarchive-dossier", "red-update-license", "red-get-rss","fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ]
|
||||
compositeRoles:
|
||||
- name: RED_MANAGER
|
||||
composites:
|
||||
- name: RED_USER
|
||||
- name: RED_ADMIN
|
||||
composites:
|
||||
- name: RED_USER_ADMIN
|
||||
|
||||
|
||||
roles:
|
||||
- name: RED_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions: [ "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type",
|
||||
"red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file",
|
||||
"red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file",
|
||||
"red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request",
|
||||
"red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config",
|
||||
"red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis",
|
||||
"red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-read-watermark", "red-reanalyze-dossier",
|
||||
"red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval",
|
||||
"fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ]
|
||||
- name: RED_ADMIN
|
||||
set-by-default: false
|
||||
rank: 800
|
||||
permissions: [ "red-add-dictionary-entry","red-get-similar-images", "red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type",
|
||||
"red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types",
|
||||
"red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config",
|
||||
"red-read-legal-basis", "red-get-user-stats","red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-read-watermark",
|
||||
"red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config",
|
||||
"red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config",
|
||||
"red-write-watermark", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ]
|
||||
- name: RED_MANAGER
|
||||
set-by-default: false
|
||||
rank: 200
|
||||
permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ]
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ]
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ]
|
||||
- name: RED_USER_ADMIN
|
||||
set-by-default: false
|
||||
rank: 400
|
||||
permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-app-configuration", "fforesight-read-general-configuration",
|
||||
"red-read-notification", "red-get-user-stats", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ]
|
||||
documine:
|
||||
application-client-id: 'redaction'
|
||||
application-name: 'Documine'
|
||||
login-theme: 'scm'
|
||||
default-theme: 'scm'
|
||||
app-prefix: 'documine'
|
||||
valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ]
|
||||
kc-role-mapping:
|
||||
unmappedPermissions: [ "red-get-tables", "red-unarchive-dossier", "red-update-license", "fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ]
|
||||
compositeRoles:
|
||||
- name: RED_MANAGER
|
||||
composites:
|
||||
- name: RED_USER
|
||||
- name: RED_ADMIN
|
||||
composites:
|
||||
- name: RED_USER_ADMIN
|
||||
|
||||
|
||||
roles:
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ]
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ]
|
||||
- name: RED_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions: [ "red-get-rss", "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type",
|
||||
"red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file",
|
||||
"red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file",
|
||||
"red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request",
|
||||
"red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config",
|
||||
"red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis",
|
||||
"red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-reanalyze-dossier",
|
||||
"red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval",
|
||||
"fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ]
|
||||
- name: RED_ADMIN
|
||||
set-by-default: false
|
||||
rank: 800
|
||||
permissions: [ "red-add-dictionary-entry", "red-get-similar-images","red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type",
|
||||
"red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types",
|
||||
"red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config",
|
||||
"red-read-legal-basis", "red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config",
|
||||
"red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ]
|
||||
- name: RED_MANAGER
|
||||
set-by-default: false
|
||||
rank: 200
|
||||
permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ]
|
||||
- name: RED_USER_ADMIN
|
||||
set-by-default: false
|
||||
rank: 400
|
||||
permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-app-configuration", "fforesight-read-general-configuration",
|
||||
"red-read-notification", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ]
|
||||
clarifynd:
|
||||
application-client-id: 'fforesight'
|
||||
application-name: 'Clarifynd'
|
||||
accessTokenLifeSpan: 3600
|
||||
ssoSessionIdleTimeout: 86400
|
||||
default-theme: 'clarifynd'
|
||||
valid-redirect-uris: [ '/search/*', '/bdr-connector/*', '/sdi/*', '/tenant-user-management/*','http://localhost:4200/*', 'http://localhost:4300/*', '/ui/*' ,'/auth/*','/persistence/*', '/audit/*', '/contextual-query/*' ]
|
||||
kc-role-mapping:
|
||||
roles:
|
||||
- name: FF_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-search'
|
||||
- 'fforesight-view-document'
|
||||
- 'fforesight-user-upload-files'
|
||||
- 'fforesight-user-manage-files'
|
||||
- 'fforesight-user-view-files'
|
||||
- 'fforesight-user-manage-analysis'
|
||||
- 'fforesight-user-view-analysis'
|
||||
- 'fforesight-user-view-favourites'
|
||||
- 'fforesight-user-add-to-favourites'
|
||||
- 'fforesight-user-delete-from-favourites'
|
||||
- 'fforesight-user-view-paragraph-tags'
|
||||
- 'fforesight-user-add-to-paragraph-tags'
|
||||
- 'fforesight-user-delete-from-paragraph-tags'
|
||||
- 'fforesight-read-tag'
|
||||
- 'fforesight-write-tag'
|
||||
- 'fforesight-download-file'
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions:
|
||||
- "red-read-license"
|
||||
- "red-update-license"
|
||||
- "red-get-similiar-images"
|
||||
- "fforesight-get-tenants"
|
||||
- "fforesight-create-tenant"
|
||||
- "fforesight-update-tenant"
|
||||
- "fforesight-delete-tenant"
|
||||
- "fforesight-read-users"
|
||||
- "fforesight-read-all-users"
|
||||
- "fforesight-write-users"
|
||||
- "fforesight-read-smtp-configuration"
|
||||
- "fforesight-write-smtp-configuration"
|
||||
- "fforesight-read-identity-provider-config"
|
||||
- "fforesight-write-identity-provider-config"
|
||||
- "red-unarchive-dossier"
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: false
|
||||
rank: 1000
|
||||
permissions:
|
||||
- "red-read-license"
|
||||
- "red-update-license"
|
||||
- "red-get-similiar-images"
|
||||
- "fforesight-get-tenants"
|
||||
- "fforesight-create-tenant"
|
||||
- "fforesight-update-tenant"
|
||||
- "fforesight-delete-tenant"
|
||||
- "fforesight-read-users"
|
||||
- "fforesight-read-all-users"
|
||||
- "fforesight-write-users"
|
||||
- "fforesight-read-smtp-configuration"
|
||||
- "fforesight-write-smtp-configuration"
|
||||
- "fforesight-read-identity-provider-config"
|
||||
- "fforesight-write-identity-provider-config"
|
||||
- "red-unarchive-dossier"
|
||||
- name: FF_ADMIN
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- "fforesight-read-identity-provider-config"
|
||||
- "fforesight-write-identity-provider-config"
|
||||
- 'fforesight-search'
|
||||
- 'fforesight-search-audit-log'
|
||||
- 'fforesight-view-document'
|
||||
- 'fforesight-user-upload-files'
|
||||
- 'fforesight-user-manage-files'
|
||||
- 'fforesight-user-view-files'
|
||||
- 'fforesight-user-manage-analysis'
|
||||
- 'fforesight-user-view-analysis'
|
||||
- 'fforesight-user-view-favourites'
|
||||
- 'fforesight-user-add-to-favourites'
|
||||
- 'fforesight-user-view-paragraph-tags'
|
||||
- 'fforesight-user-add-to-paragraph-tags'
|
||||
- 'fforesight-user-delete-from-paragraph-tags'
|
||||
- 'fforesight-user-delete-from-favourites'
|
||||
- 'fforesight-system-upload-files'
|
||||
- 'fforesight-system-manage-files'
|
||||
- 'fforesight-system-view-files'
|
||||
- 'fforesight-system-manage-analysis'
|
||||
- 'fforesight-system-view-analysis'
|
||||
- 'fforesight-download-file'
|
||||
- 'fforesight-sdi-view-task'
|
||||
- 'fforesight-sdi-start-task'
|
||||
- 'fforesight-sdi-stop-task'
|
||||
- 'fforesight-read-tag'
|
||||
- 'fforesight-write-tag'
|
||||
- 'taas-bdr-connector-view-task'
|
||||
- 'taas-bdr-connector-start-task'
|
||||
- 'taas-bdr-connector-stop-task'
|
||||
springdoc:
|
||||
swagger-ui:
|
||||
path: ${fforesight.springdoc.base-path}/docs/swagger-ui
|
||||
|
||||
@ -17,8 +17,8 @@ public class StartupTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
@Test
|
||||
public void testStartup() {
|
||||
|
||||
var simpleTenants = internalTenantsClient.getSimpleTenants();
|
||||
assertThat(simpleTenants).isNotEmpty();
|
||||
var tenants = internalTenantsClient.getTenants();
|
||||
assertThat(tenants).isNotEmpty();
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -29,8 +29,11 @@ import com.knecon.fforesight.tenantusermanagement.model.User;
|
||||
import com.knecon.fforesight.tenantusermanagement.permissions.ApplicationRoles;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.RealmService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.TenantApplicationTypeService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.UserService;
|
||||
|
||||
import feign.FeignException;
|
||||
import lombok.NonNull;
|
||||
import lombok.SneakyThrows;
|
||||
|
||||
public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
@ -44,6 +47,12 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
@Autowired
|
||||
private TenantUserManagementProperties tenantUserManagementProperties;
|
||||
|
||||
@Autowired
|
||||
private TenantApplicationTypeService tenantApplicationTypeService;
|
||||
|
||||
@Autowired
|
||||
private UserService userService;
|
||||
|
||||
|
||||
@Test
|
||||
public void testUsers() {
|
||||
@ -78,7 +87,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
assertThat(testUser.getLastName()).isEqualTo("updateTestLastName");
|
||||
assertThat(testUser.getFirstName()).isEqualTo("updateTestFirstName");
|
||||
|
||||
Set<String> allButKneconRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles()
|
||||
Set<String> allButKneconRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles()
|
||||
.stream()
|
||||
.filter(ApplicationRoles::isNoKneconRole)
|
||||
.collect(Collectors.toSet());
|
||||
@ -296,7 +305,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
createUserRequest.setFirstName("Test");
|
||||
createUserRequest.setLastName("New User");
|
||||
createUserRequest.setUsername("TestUserName");
|
||||
createUserRequest.setRoles(tenantUserManagementProperties.getKcRoleMapping().getAllRoles());
|
||||
createUserRequest.setRoles(tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles());
|
||||
FeignException e = assertThrows(FeignException.class, () -> userClient.createUser(createUserRequest));
|
||||
assertEquals(400, e.status());
|
||||
|
||||
@ -307,7 +316,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
public void testCreateUserWithExistingUser() {
|
||||
|
||||
TenantContext.setTenantId(AbstractTenantUserManagementIntegrationTest.TEST_TENANT_ID);
|
||||
Set<String> allButKneconRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles()
|
||||
Set<String> allButKneconRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles()
|
||||
.stream()
|
||||
.filter(ApplicationRoles::isNoKneconRole)
|
||||
.collect(Collectors.toSet());
|
||||
@ -377,7 +386,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
|
||||
// different role sets and subsets
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
Set<String> allButKneconRoles = allRoles.stream()
|
||||
.filter(ApplicationRoles::isNoKneconRole)
|
||||
.collect(Collectors.toSet());
|
||||
@ -501,11 +510,11 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
|
||||
// this should still not be possible
|
||||
e = assertThrows(FeignException.class, () -> userClient.setRoles(onlyKneconUser.getUserId(), allRoles));
|
||||
e = assertThrows(FeignException.class, () -> userClient.setRoles(onlyKneconUser.getUserId(), allRoles));
|
||||
assertEquals(404, e.status());
|
||||
|
||||
// and also not this
|
||||
e = assertThrows(FeignException.class, () -> userClient.setRoles(user.getUserId(), allRoles));
|
||||
e = assertThrows(FeignException.class, () -> userClient.setRoles(user.getUserId(), allRoles));
|
||||
assertEquals(400, e.status());
|
||||
|
||||
// we can also poll the user
|
||||
@ -584,12 +593,16 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
addRoles(user4.getUserId(), allButKneconRoles);
|
||||
|
||||
allUsers = userClient.getAllUsers(true);
|
||||
var user4AfterShenanigansOpt = allUsers.stream().filter(u -> u.getUserId().equals(user4.getUserId())).findFirst();
|
||||
var user4AfterShenanigansOpt = allUsers.stream()
|
||||
.filter(u -> u.getUserId().equals(user4.getUserId()))
|
||||
.findFirst();
|
||||
assertTrue(user4AfterShenanigansOpt.isPresent());
|
||||
user4AfterShenanigansOpt.get().setRoles(new HashSet<>());
|
||||
assertEquals(user4AfterShenanigansOpt.get(), user4);
|
||||
|
||||
var stillOnlyKneconUserOpt = allUsers.stream().filter(u -> u.getUserId().equals(onlyKneconUser.getUserId())).findFirst();
|
||||
var stillOnlyKneconUserOpt = allUsers.stream()
|
||||
.filter(u -> u.getUserId().equals(onlyKneconUser.getUserId()))
|
||||
.findFirst();
|
||||
assertTrue(stillOnlyKneconUserOpt.isPresent());
|
||||
stillOnlyKneconUserOpt.get().setRoles(new HashSet<>());
|
||||
assertEquals(stillOnlyKneconUserOpt.get(), onlyKneconUser);
|
||||
@ -605,7 +618,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
|
||||
// different role sets and subsets
|
||||
var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
|
||||
// create several users with different roles for testing
|
||||
var createUserRequest = new CreateUserRequest();
|
||||
@ -704,6 +717,113 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testUpdateProfileForUserWithAllRoles() {
|
||||
|
||||
TenantContext.setTenantId(AbstractTenantUserManagementIntegrationTest.TEST_TENANT_ID);
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
Set<String> allButKneconRoles = allRoles.stream()
|
||||
.filter(ApplicationRoles::isNoKneconRole)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
CreateUserRequest createUserRequest = new CreateUserRequest();
|
||||
createUserRequest.setEmail("all.roles.user@knecon.com");
|
||||
createUserRequest.setUsername("all.roles.user@knecon.com");
|
||||
createUserRequest.setFirstName("All");
|
||||
createUserRequest.setLastName("Roles");
|
||||
|
||||
var allRolesuser = userClient.createUser(createUserRequest);
|
||||
addRoles(allRolesuser.getUserId(), allRoles);
|
||||
assertThat(allRolesuser).isNotNull();
|
||||
|
||||
UpdateProfileRequest updateProfileRequest = UpdateProfileRequest.builder()
|
||||
.email("all.roles.user@knecon.com")
|
||||
.firstName("All")
|
||||
.lastName("NewLastName")
|
||||
.roles(allButKneconRoles)
|
||||
.build();
|
||||
|
||||
var updatedUser = userClient.updateProfile(allRolesuser.getUserId(), updateProfileRequest);
|
||||
|
||||
assertThat(updatedUser).isNotNull();
|
||||
assertThat(updatedUser.getLastName()).isEqualTo("NewLastName");
|
||||
|
||||
tokenService.setUser("test@fforesight.com", "secret");
|
||||
|
||||
updateProfileRequest.setLastName("AnotherNewLastName");
|
||||
updatedUser = userClient.updateProfile(allRolesuser.getUserId(), updateProfileRequest);
|
||||
|
||||
assertThat(updatedUser).isNotNull();
|
||||
assertThat(updatedUser.getLastName()).isEqualTo("AnotherNewLastName");
|
||||
|
||||
createUserRequest.setEmail("less.super.user.1@knecon.com");
|
||||
createUserRequest.setUsername(createUserRequest.getEmail());
|
||||
createUserRequest.setRoles(Set.of("LESS_SUPER_USER"));
|
||||
var lessSuperUser = userClient.createUser(createUserRequest);
|
||||
|
||||
userClient.resetPassword(lessSuperUser.getUserId(), ResetPasswordRequest.builder().password("Secret@secured!23").build());
|
||||
tokenService.setUser("less.super.user.1@knecon.com", "Secret@secured!23");
|
||||
|
||||
FeignException feignException = assertThrows(FeignException.class, () -> userClient.updateProfile(allRolesuser.getUserId(), updateProfileRequest));
|
||||
assertEquals(400, feignException.status());
|
||||
assertTrue(feignException.getMessage().contains("Cannot assign this role to that user. Insufficient rights"));
|
||||
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
userClient.deleteUser(lessSuperUser.getUserId());
|
||||
userClient.deleteUser(allRolesuser.getUserId());
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testDeleteKneconRolesUserAsNormalAdmin() {
|
||||
|
||||
TenantContext.setTenantId(AbstractTenantUserManagementIntegrationTest.TEST_TENANT_ID);
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
|
||||
var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
|
||||
Set<String> allButKneconRoles = allRoles.stream()
|
||||
.filter(ApplicationRoles::isNoKneconRole)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
CreateUserRequest createUserRequest = new CreateUserRequest();
|
||||
createUserRequest.setEmail("normalAdmin@knecon.com");
|
||||
createUserRequest.setUsername("normalAdmin@knecon.com");
|
||||
createUserRequest.setFirstName("Mister");
|
||||
createUserRequest.setLastName("Admin");
|
||||
|
||||
var adminUser = userClient.createUser(createUserRequest);
|
||||
addRoles(adminUser.getUserId(), allButKneconRoles);
|
||||
assertThat(adminUser).isNotNull();
|
||||
|
||||
createUserRequest = new CreateUserRequest();
|
||||
createUserRequest.setEmail("kneconAdmin@knecon.com");
|
||||
createUserRequest.setUsername("kneconAdmin@knecon.com");
|
||||
createUserRequest.setFirstName("Knecon");
|
||||
createUserRequest.setLastName("Admin");
|
||||
|
||||
var kneconAdminuser = userClient.createUser(createUserRequest);
|
||||
addRoles(kneconAdminuser.getUserId(), allRoles);
|
||||
assertThat(kneconAdminuser).isNotNull();
|
||||
|
||||
userClient.resetPassword(adminUser.getUserId(), ResetPasswordRequest.builder().password("Secret@secured!23").build());
|
||||
tokenService.setUser("normalAdmin@knecon.com", "Secret@secured!23");
|
||||
|
||||
userClient.deleteUser(kneconAdminuser.getUserId());
|
||||
|
||||
List<User> allUsers = userClient.getAllUsers(true);
|
||||
assertTrue(allUsers.stream()
|
||||
.noneMatch(u -> u.getUserId().equals(kneconAdminuser.getUserId())));
|
||||
List<User> unfilteredUsers = userService.getAllUsers();
|
||||
assertTrue(unfilteredUsers.stream()
|
||||
.anyMatch(u -> u.getUserId().equals(kneconAdminuser.getUserId())));
|
||||
|
||||
tokenService.setUser("admin@knecon.com", "secret");
|
||||
userClient.deleteUser(adminUser.getUserId());
|
||||
}
|
||||
|
||||
|
||||
private UsersResource getTenantUsersResource() {
|
||||
|
||||
return realmService.realm(TenantContext.getTenantId()).users();
|
||||
@ -726,7 +846,11 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
||||
|
||||
private void addRoles(String userId, Set<String> roles) {
|
||||
|
||||
getUserResource(userId).roles().realmLevel().add(roles.stream().map(this::getRoleRepresentation).toList());
|
||||
getUserResource(userId).roles()
|
||||
.realmLevel()
|
||||
.add(roles.stream()
|
||||
.map(this::getRoleRepresentation)
|
||||
.toList());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -4,6 +4,8 @@ import static org.mockito.Mockito.when;
|
||||
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.amqp.rabbit.core.RabbitTemplate;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
@ -13,18 +15,21 @@ import org.springframework.context.annotation.Import;
|
||||
import org.springframework.test.context.ActiveProfiles;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantApplicationType;
|
||||
import com.knecon.fforesight.tenantusermanagement.AbstractTenantUserManagementIntegrationTest;
|
||||
import com.knecon.fforesight.tenantusermanagement.feigntestclients.external.TenantsClient;
|
||||
import com.knecon.fforesight.tenantusermanagement.feigntestclients.internal.InternalTenantsClient;
|
||||
import com.knecon.fforesight.tenantusermanagement.TenantUserManagementServiceApplication;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.KeyCloakRoleManagerService;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.RealmService;
|
||||
|
||||
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
|
||||
import org.jboss.resteasy.client.jaxrs.internal.ResteasyClientBuilderImpl;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.keycloak.OAuth2Constants;
|
||||
import org.keycloak.admin.client.KeycloakBuilder;
|
||||
|
||||
@Disabled
|
||||
@ActiveProfiles(profiles = "taas")
|
||||
@ExtendWith(SpringExtension.class)
|
||||
@EnableFeignClients(basePackageClasses = {TenantsClient.class, InternalTenantsClient.class})
|
||||
@ -47,8 +52,7 @@ public class TenantSyncUtils {
|
||||
KeyCloakRoleManagerService keyCloakRoleManagerService;
|
||||
|
||||
|
||||
// @Test
|
||||
// @Disabled
|
||||
@Test
|
||||
public void syncTenant() {
|
||||
|
||||
var adminClient = KeycloakBuilder.builder()
|
||||
@ -58,17 +62,17 @@ public class TenantSyncUtils {
|
||||
.clientSecret(CLIENT_SECRET)
|
||||
.grantType(OAuth2Constants.CLIENT_CREDENTIALS)
|
||||
.resteasyClient(new ResteasyClientBuilderImpl().connectionTTL(2, TimeUnit.SECONDS)
|
||||
.hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
|
||||
.connectionPoolSize(10)
|
||||
.disableTrustManager()
|
||||
.build())
|
||||
.hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
|
||||
.connectionPoolSize(10)
|
||||
.disableTrustManager()
|
||||
.build())
|
||||
.build();
|
||||
|
||||
var realm = adminClient.realm(REALM);
|
||||
|
||||
when(realmService.realm(REALM)).thenReturn(realm);
|
||||
|
||||
keyCloakRoleManagerService.updateRoles(REALM);
|
||||
keyCloakRoleManagerService.updateRoles(REALM, TenantApplicationType.RedactManager);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -9,6 +9,8 @@ import org.springframework.stereotype.Service;
|
||||
|
||||
import com.knecon.fforesight.tenantcommons.TenantContext;
|
||||
import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
|
||||
import com.knecon.fforesight.tenantusermanagement.service.TenantApplicationTypeService;
|
||||
|
||||
import jakarta.ws.rs.BadRequestException;
|
||||
import lombok.SneakyThrows;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
@ -24,6 +26,8 @@ public class TokenService {
|
||||
|
||||
@Autowired
|
||||
private TenantUserManagementProperties tenantUserManagementProperties;
|
||||
@Autowired
|
||||
private TenantApplicationTypeService tenantApplicationTypeService;
|
||||
private String username;
|
||||
private String password;
|
||||
private String accessToken;
|
||||
@ -54,7 +58,7 @@ public class TokenService {
|
||||
.realm(TenantContext.getTenantId())
|
||||
.username(username)
|
||||
.password(password)
|
||||
.clientId(tenantUserManagementProperties.getApplicationClientId())
|
||||
.clientId(tenantApplicationTypeService.getCurrentProperties().getApplicationClientId())
|
||||
.grantType(OAuth2Constants.PASSWORD)
|
||||
.resteasyClient(new ResteasyClientBuilderImpl().connectionTTL(2, TimeUnit.SECONDS)
|
||||
.hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
|
||||
|
||||
@ -1,198 +0,0 @@
|
||||
server:
|
||||
port: 28181
|
||||
|
||||
persistence-service.url: "http://persistence-service-v1:8090"
|
||||
|
||||
management:
|
||||
endpoint:
|
||||
metrics.enabled: ${monitoring.enabled:false}
|
||||
prometheus.enabled: ${monitoring.enabled:false}
|
||||
health.enabled: true
|
||||
endpoints.web.exposure.include: prometheus, health, metrics
|
||||
metrics.export.prometheus.enabled: ${monitoring.enabled:false}
|
||||
|
||||
info:
|
||||
description: Tenant User Management Service
|
||||
|
||||
|
||||
spring:
|
||||
datasource:
|
||||
url: jdbc:postgresql://${PSQL_HOST:localhost}:${PSQL_PORT:5432}/${PSQL_DATABASE:master}?cachePrepStmts=true&useServerPrepStmts=true&rewriteBatchedStatements=true
|
||||
driverClassName: org.postgresql.Driver
|
||||
username: ${PSQL_USERNAME:fforesight}
|
||||
password: ${PSQL_PASSWORD:fforesight}
|
||||
platform: org.hibernate.dialect.PostgreSQL95Dialect
|
||||
hikari:
|
||||
maximumPoolSize: 10
|
||||
minimum-idle: 2
|
||||
data-source-properties:
|
||||
cachePrepStmts: true
|
||||
prepStmtCacheSize: 1000
|
||||
prepStmtCacheSqlLimit: 2048
|
||||
jackson:
|
||||
serialization:
|
||||
write-dates-as-timestamps: false
|
||||
deserialization:
|
||||
accept-single-value-as-array: true
|
||||
main:
|
||||
allow-bean-definition-overriding: true
|
||||
allow-circular-references: true
|
||||
jpa:
|
||||
open-in-view: true
|
||||
database-platform: org.hibernate.dialect.PostgreSQL95Dialect
|
||||
hibernate:
|
||||
ddl-auto: none
|
||||
naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
|
||||
properties:
|
||||
hibernate:
|
||||
jdbc:
|
||||
batch_size: 1000
|
||||
order_inserts: true
|
||||
order_updates: true
|
||||
cache:
|
||||
type: redis
|
||||
mvc:
|
||||
pathmatch:
|
||||
matching-strategy: ant-path-matcher
|
||||
redis:
|
||||
host: ${REDIS_HOST:localhost}
|
||||
port: ${REDIS_PORT:6379}
|
||||
password: ${REDIS_PASSWORD:}
|
||||
|
||||
|
||||
rabbitmq:
|
||||
host: ${RABBITMQ_HOST:localhost}
|
||||
port: ${RABBITMQ_PORT:5672}
|
||||
username: ${RABBITMQ_USERNAME:user}
|
||||
password: ${RABBITMQ_PASSWORD:rabbitmq}
|
||||
listener:
|
||||
simple:
|
||||
acknowledge-mode: AUTO
|
||||
concurrency: 5
|
||||
retry:
|
||||
enabled: true
|
||||
max-attempts: 3
|
||||
max-interval: 15000
|
||||
prefetch: 1
|
||||
|
||||
liquibase:
|
||||
change-log: classpath:/db/changelog/db.changelog-master.yaml
|
||||
enabled: true
|
||||
application:
|
||||
name: tenant-user-management
|
||||
data:
|
||||
redis:
|
||||
host: ${REDIS_HOST:localhost}
|
||||
port: ${REDIS_PORT:6379}
|
||||
password: ${REDIS_PASSWORD:}
|
||||
fforesight:
|
||||
keycloak:
|
||||
ignored-endpoints: [ '/actuator/health', '/tenant-user-management','/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs','/tenant-user-management/tenants/simple' ]
|
||||
enabled: true
|
||||
springdoc:
|
||||
base-path: '/tenant-user-management'
|
||||
auth-server-url: '/auth'
|
||||
enabled: true
|
||||
default-client-id: 'swagger-ui-client'
|
||||
default-tenant: 'fforesight'
|
||||
tenant-exchange:
|
||||
name: 'tenants-exchange'
|
||||
user-exchange:
|
||||
name: 'users-exchange'
|
||||
tenant-user-management:
|
||||
base-path: '/tenant-user-management'
|
||||
realm: master
|
||||
server-url: http://localhost:28181
|
||||
client-secret: adminClientSecret
|
||||
client-id: adminClient
|
||||
login-theme: redaction
|
||||
kc-role-mapping:
|
||||
roles:
|
||||
- name: SUPER_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: LESS_SUPER_USER
|
||||
set-by-default: true
|
||||
rank: 10
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
access-token-life-span: 86400
|
||||
application-name: tenant-user-management
|
||||
application-client-id: tenant-user-management
|
||||
swagger-client-secret: 'testSecret123!'
|
||||
app-prefix: 'fforesight'
|
||||
|
||||
storage:
|
||||
backend: both
|
||||
|
||||
cors.enabled: true
|
||||
springdoc:
|
||||
packages-to-scan: [ 'com.knecon.fforesight.tenantusermanagement.controller.external' ]
|
||||
203
src/test/resources/application.yml
Normal file
203
src/test/resources/application.yml
Normal file
@ -0,0 +1,203 @@
|
||||
server:
|
||||
port: 28181
|
||||
|
||||
persistence-service.url: "http://persistence-service-v1:8090"
|
||||
|
||||
management:
|
||||
endpoint:
|
||||
metrics.enabled: ${monitoring.enabled:false}
|
||||
prometheus.enabled: ${monitoring.enabled:false}
|
||||
health.enabled: true
|
||||
endpoints.web.exposure.include: prometheus, health, metrics
|
||||
metrics.export.prometheus.enabled: ${monitoring.enabled:false}
|
||||
|
||||
info:
|
||||
description: Tenant User Management Service
|
||||
|
||||
lifecycle:
|
||||
base-package: com.knecon.fforesight.tenantusermanagement
|
||||
|
||||
spring:
|
||||
datasource:
|
||||
url: jdbc:postgresql://${PSQL_HOST:localhost}:${PSQL_PORT:5432}/${PSQL_DATABASE:master}?cachePrepStmts=true&useServerPrepStmts=true&rewriteBatchedStatements=true
|
||||
driverClassName: org.postgresql.Driver
|
||||
username: ${PSQL_USERNAME:fforesight}
|
||||
password: ${PSQL_PASSWORD:fforesight}
|
||||
platform: org.hibernate.dialect.PostgreSQL10Dialect
|
||||
hikari:
|
||||
maximumPoolSize: 10
|
||||
minimum-idle: 2
|
||||
data-source-properties:
|
||||
cachePrepStmts: true
|
||||
prepStmtCacheSize: 1000
|
||||
prepStmtCacheSqlLimit: 2048
|
||||
jackson:
|
||||
serialization:
|
||||
write-dates-as-timestamps: false
|
||||
deserialization:
|
||||
accept-single-value-as-array: true
|
||||
main:
|
||||
allow-bean-definition-overriding: true
|
||||
allow-circular-references: true
|
||||
jpa:
|
||||
open-in-view: true
|
||||
database-platform: org.hibernate.dialect.PostgreSQL10Dialect
|
||||
hibernate:
|
||||
ddl-auto: none
|
||||
naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
|
||||
properties:
|
||||
hibernate:
|
||||
jdbc:
|
||||
batch_size: 1000
|
||||
order_inserts: true
|
||||
order_updates: true
|
||||
cache:
|
||||
type: redis
|
||||
mvc:
|
||||
pathmatch:
|
||||
matching-strategy: ant-path-matcher
|
||||
redis:
|
||||
host: ${REDIS_HOST:localhost}
|
||||
port: ${REDIS_PORT:6379}
|
||||
password: ${REDIS_PASSWORD:}
|
||||
|
||||
|
||||
rabbitmq:
|
||||
host: ${RABBITMQ_HOST:localhost}
|
||||
port: ${RABBITMQ_PORT:5672}
|
||||
username: ${RABBITMQ_USERNAME:user}
|
||||
password: ${RABBITMQ_PASSWORD:rabbitmq}
|
||||
listener:
|
||||
simple:
|
||||
acknowledge-mode: AUTO
|
||||
concurrency: 5
|
||||
retry:
|
||||
enabled: true
|
||||
max-attempts: 3
|
||||
max-interval: 15000
|
||||
prefetch: 1
|
||||
|
||||
liquibase:
|
||||
change-log: classpath:/db/changelog/db.changelog-master.yaml
|
||||
enabled: true
|
||||
application:
|
||||
name: tenant-user-management
|
||||
data:
|
||||
redis:
|
||||
host: ${REDIS_HOST:localhost}
|
||||
port: ${REDIS_PORT:6379}
|
||||
password: ${REDIS_PASSWORD:}
|
||||
|
||||
fforesight:
|
||||
keycloak:
|
||||
ignored-endpoints: [ '/actuator/health', '/tenant-user-management','/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs' ]
|
||||
enabled: true
|
||||
springdoc:
|
||||
base-path: '/tenant-user-management'
|
||||
auth-server-url: '/auth'
|
||||
enabled: true
|
||||
default-client-id: 'swagger-ui-client'
|
||||
default-tenant: 'fforesight'
|
||||
tenant-exchange:
|
||||
name: 'tenants-exchange'
|
||||
user-exchange:
|
||||
name: 'users-exchange'
|
||||
tenant-user-management:
|
||||
base-path: '/tenant-user-management'
|
||||
server-url: http://localhost:28181
|
||||
realm: master
|
||||
client-secret: adminClientSecret
|
||||
client-id: adminClient
|
||||
swagger-client-secret: 'testSecret123!'
|
||||
application-types:
|
||||
redactmanager:
|
||||
login-theme: redaction
|
||||
kc-role-mapping:
|
||||
roles:
|
||||
- name: SUPER_USER
|
||||
set-by-default: true
|
||||
rank: 100
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: LESS_SUPER_USER
|
||||
set-by-default: true
|
||||
rank: 10
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_ADMIN
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
- name: KNECON_SUPPORT
|
||||
set-by-default: true
|
||||
rank: 1000
|
||||
permissions:
|
||||
- 'fforesight-read-general-configuration'
|
||||
- 'fforesight-write-general-configuration'
|
||||
- 'fforesight-manage-user-preferences'
|
||||
- 'fforesight-read-users'
|
||||
- 'fforesight-read-all-users'
|
||||
- 'fforesight-write-users'
|
||||
- 'fforesight-update-my-profile'
|
||||
- 'fforesight-create-tenant'
|
||||
- 'fforesight-get-tenants'
|
||||
- 'fforesight-update-tenant'
|
||||
- 'fforesight-deployment-info'
|
||||
- 'fforesight-read-smtp-configuration'
|
||||
- 'fforesight-write-smtp-configuration'
|
||||
- 'fforesight-read-identity-provider-config'
|
||||
- 'fforesight-write-identity-provider-config'
|
||||
access-token-life-span: 86400
|
||||
application-name: tenant-user-management
|
||||
application-client-id: tenant-user-management
|
||||
app-prefix: 'fforesight'
|
||||
|
||||
storage:
|
||||
backend: both
|
||||
|
||||
cors.enabled: true
|
||||
springdoc:
|
||||
packages-to-scan: [ 'com.knecon.fforesight.tenantusermanagement.controller.external' ]
|
||||
Loading…
x
Reference in New Issue
Block a user