Merge branch 'RED-10619-fp1' into 'release/1.153.x'

RED-10619: Multiple bugs when creating or editing users

See merge request fforesight/tenant-user-management-service!148

build.gradle.kts

@@ -94,12 +94,12 @@ configurations {
     }
 }
 
-val persistenceServiceVersion = "2.589.1-RED10196.2"
+val persistenceServiceVersion = "2.561.0"
 
 
 dependencies {
     implementation("com.iqser.red.service:persistence-service-internal-api-v1:${persistenceServiceVersion}")
-    implementation("com.knecon.fforesight:database-tenant-commons:0.28.0-RED10196.0")
+    implementation("com.knecon.fforesight:database-tenant-commons:0.24.0")
     implementation("com.knecon.fforesight:keycloak-commons:0.28.0")
     implementation("com.knecon.fforesight:swagger-commons:0.7.0")
     implementation("com.knecon.fforesight:tracing-commons:0.5.0")

src/main/java/com/knecon/fforesight/tenantusermanagement/api/internal/InternalTenantsResource.java

@@ -12,7 +12,6 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.ResponseStatus;
 
 import com.fasterxml.jackson.databind.JsonNode;
-import com.knecon.fforesight.tenantcommons.TenantApplicationType;
 import com.knecon.fforesight.tenantcommons.model.TenantResponse;
 import com.knecon.fforesight.tenantcommons.model.UpdateDetailsRequest;
 import com.knecon.fforesight.tenantusermanagement.model.DeploymentKeyResponse;
@@ -43,13 +42,13 @@ public interface InternalTenantsResource {
 
 
     @GetMapping(value = "/tenants", produces = MediaType.APPLICATION_JSON_VALUE)
-    @Operation(summary = "Gets all existing tenants", description = "None")
+    @Operation(summary = "Gets all existing tenant", description = "None")
     @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
     List<TenantResponse> getTenants();
 
 
     @GetMapping(value = "/tenants/{tenantId}", produces = MediaType.APPLICATION_JSON_VALUE)
-    @Operation(summary = "Get the given tenant", description = "None")
+    @Operation(summary = "Gets all existing tenant", description = "None")
     @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
     TenantResponse getTenant(@PathVariable("tenantId") String tenantId);
 
@@ -71,10 +70,4 @@ public interface InternalTenantsResource {
     @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
     void syncTenant(@PathVariable("tenantId") String tenantId, @RequestBody JsonNode payload);
 
-
-    @GetMapping(value = {"/tenants/{tenantId}/application-type"}, produces = MediaType.APPLICATION_JSON_VALUE)
-    @Operation(summary = "Gets the application type of the given tenant", description = "None")
-    @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
-    TenantApplicationType getTenantApplicationType(@PathVariable("tenantId") String tenantId);
-
 }

src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/GeneralSettingsController.java

@@ -7,12 +7,10 @@ import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.knecon.fforesight.tenantcommons.TenantContext;
 import com.knecon.fforesight.tenantusermanagement.api.external.GeneralSettingsResource;
 import com.knecon.fforesight.tenantusermanagement.api.external.PublicResource;
 import com.knecon.fforesight.tenantusermanagement.model.GeneralConfigurationModel;
 import com.knecon.fforesight.tenantusermanagement.service.GeneralConfigurationService;
-import com.knecon.fforesight.tenantusermanagement.service.TenantManagementService;
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -23,14 +21,13 @@ import lombok.extern.slf4j.Slf4j;
 public class GeneralSettingsController implements GeneralSettingsResource, PublicResource {
 
     private final GeneralConfigurationService generalConfigurationService;
-    private final TenantManagementService tenantManagementService;
 
 
     @Override
     @PreAuthorize("hasAuthority('" + READ_GENERAL_CONFIGURATION + "')")
     public GeneralConfigurationModel getGeneralConfigurations() {
 
-        return generalConfigurationService.getGeneralConfigurations(tenantManagementService.getTenantApplicationType(TenantContext.getTenantId()));
+        return generalConfigurationService.getGeneralConfigurations();
     }
 
 
@@ -38,7 +35,7 @@ public class GeneralSettingsController implements GeneralSettingsResource, Publi
     @PreAuthorize("hasAuthority('" + WRITE_GENERAL_CONFIGURATION + "')")
     public void updateGeneralConfigurations(@RequestBody GeneralConfigurationModel generalConfigurationModel) {
 
-        generalConfigurationService.updateGeneralConfigurations(generalConfigurationModel, tenantManagementService.getTenantApplicationType(TenantContext.getTenantId()));
+        generalConfigurationService.updateGeneralConfigurations(generalConfigurationModel);
     }
 
 }

src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java

@@ -8,6 +8,7 @@ import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagem
 
 import java.util.List;
 import java.util.Set;
+import java.util.function.Predicate;
 import java.util.stream.Collectors;
 
 import org.apache.commons.lang3.StringUtils;
@@ -27,7 +28,7 @@ import com.knecon.fforesight.tenantusermanagement.model.UpdateMyProfileRequest;
 import com.knecon.fforesight.tenantusermanagement.model.UpdateProfileRequest;
 import com.knecon.fforesight.tenantusermanagement.model.User;
 import com.knecon.fforesight.tenantusermanagement.permissions.ApplicationRoles;
-import com.knecon.fforesight.tenantusermanagement.service.TenantApplicationTypeService;
+import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
 import com.knecon.fforesight.tenantusermanagement.service.UserService;
 
 import jakarta.validation.Valid;
@@ -41,7 +42,7 @@ public class UserController implements UserResource, PublicResource {
 
 
     private final UserService userService;
-    private final TenantApplicationTypeService tenantApplicationTypeService;
+    private final TenantUserManagementProperties tenantUserManagementProperties;
 
 
     @Override
@@ -51,7 +52,7 @@ public class UserController implements UserResource, PublicResource {
         if (bypassCache) {
             userService.evictUserCache();
         }
-        var mappedRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
+        var mappedRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
 
         return userService.getAllUsers()
                 .stream()

src/main/java/com/knecon/fforesight/tenantusermanagement/controller/internal/InternalTenantsController.java

@@ -9,7 +9,6 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.server.ResponseStatusException;
 
 import com.fasterxml.jackson.databind.JsonNode;
-import com.knecon.fforesight.tenantcommons.TenantApplicationType;
 import com.knecon.fforesight.tenantcommons.model.TenantResponse;
 import com.knecon.fforesight.tenantcommons.model.UpdateDetailsRequest;
 import com.knecon.fforesight.tenantusermanagement.api.internal.InternalResource;
@@ -80,10 +79,4 @@ public class InternalTenantsController implements InternalTenantsResource, Inter
 
     }
 
-
-    public TenantApplicationType getTenantApplicationType(@PathVariable(TENANT_ID_PARAM)  String tenantId) {
-
-        return tenantManagementService.getTenantApplicationType(tenantId);
-    }
-
 }

src/main/java/com/knecon/fforesight/tenantusermanagement/entity/TenantEntity.java

@@ -3,7 +3,6 @@ package com.knecon.fforesight.tenantusermanagement.entity;
 import java.util.HashMap;
 import java.util.Map;
 
-import com.knecon.fforesight.tenantcommons.TenantApplicationType;
 import com.knecon.fforesight.tenantusermanagement.utils.JSONMapConverter;
 
 import jakarta.persistence.Basic;
@@ -11,8 +10,6 @@ import jakarta.persistence.Column;
 import jakarta.persistence.Convert;
 import jakarta.persistence.Embedded;
 import jakarta.persistence.Entity;
-import jakarta.persistence.EnumType;
-import jakarta.persistence.Enumerated;
 import jakarta.persistence.FetchType;
 import jakarta.persistence.Id;
 import jakarta.persistence.Table;
@@ -56,9 +53,6 @@ public class TenantEntity {
     @Convert(converter = JSONMapConverter.class)
     @Builder.Default
     private Map<String, Object> details = new HashMap<>();
-
     @Column
-    @Enumerated(EnumType.STRING)
-    private TenantApplicationType applicationType;
-
+    private String applicationType;
 }

src/main/java/com/knecon/fforesight/tenantusermanagement/initializer/MigrateOnlyHook.java

@@ -34,7 +34,9 @@ public class MigrateOnlyHook {
     @EventListener(ApplicationReadyEvent.class)
     public void migrate() {
 
-        tenantManagementService.getTenants().forEach(tenant -> keyCloakRoleManagerService.updateRoles(tenant.getTenantId(), tenant.getApplicationType()));
+        tenantManagementService.getTenants().forEach(tenant -> {
+                keyCloakRoleManagerService.updateRoles(tenant.getTenantId());
+        });
 
         // This should only run in post upgrade hook
         if (isMigrateOnly) {

src/main/java/com/knecon/fforesight/tenantusermanagement/model/CreateTenantRequest.java

@@ -3,7 +3,6 @@ package com.knecon.fforesight.tenantusermanagement.model;
 import java.util.ArrayList;
 import java.util.List;
 
-import com.knecon.fforesight.tenantcommons.TenantApplicationType;
 import com.knecon.fforesight.tenantcommons.model.AzureStorageConnection;
 import com.knecon.fforesight.tenantcommons.model.DatabaseConnection;
 import com.knecon.fforesight.tenantcommons.model.S3StorageConnection;
@@ -49,7 +48,4 @@ public class CreateTenantRequest {
     @Schema(description = "Parameter containing a list of users of the tenant.")
     private List<TenantUser> defaultUsers = new ArrayList<>();
 
-    @Schema(description = "Parameter containing the application type of the tenant.")
-    private TenantApplicationType applicationType;
-
 }

src/main/java/com/knecon/fforesight/tenantusermanagement/properties/ApplicationTypeProperties.java

@@ -1,25 +0,0 @@
-package com.knecon.fforesight.tenantusermanagement.properties;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import com.knecon.fforesight.tenantusermanagement.model.KCRoleMapping;
-
-import lombok.Data;
-
-@Data
-public class ApplicationTypeProperties {
-
-    private String applicationClientId;
-    private String applicationName;
-    private Integer tenantAccessTokenLifeSpan = 300;
-    private Integer accessTokenLifeSpan = 1800;
-    private Integer ssoSessionIdleTimeout = 86400;
-    private Integer refreshTokenMaxReuse;
-    private String defaultTheme = "redaction";
-    private List<String> validRedirectUris = new ArrayList<>();
-    private KCRoleMapping kcRoleMapping = new KCRoleMapping();
-    private String loginTheme;
-    private String appPrefix;
-
-}

src/main/java/com/knecon/fforesight/tenantusermanagement/properties/TenantUserManagementProperties.java

@@ -1,13 +1,11 @@
 package com.knecon.fforesight.tenantusermanagement.properties;
 
-import java.util.HashMap;
-import java.util.Locale;
-import java.util.Map;
+import java.util.ArrayList;
+import java.util.List;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
 
-import com.knecon.fforesight.tenantcommons.TenantApplicationType;
-import com.knecon.fforesight.tenantcommons.TenantContext;
+import com.knecon.fforesight.tenantusermanagement.model.KCRoleMapping;
 
 import lombok.Data;
 
@@ -16,17 +14,24 @@ import lombok.Data;
 public class TenantUserManagementProperties {
 
     private String serverUrl;
-    private String realm = "master";
-    private String swaggerClientId = "swagger-ui-client";
+    private String publicServerUrl;
+    private String realm;
+    private String applicationClientId;
+    private String swaggerClientId  ="swagger-ui-client";
     private String swaggerClientSecret;
     private String clientId;
     private String clientSecret;
-    private String publicServerUrl;
     private String basePath = "/";
     private String basePathV2 = "/api";
     private int connectionPoolSize = 10;
-
-    private Map<String, ApplicationTypeProperties> applicationTypes = new HashMap<>();
-
+    private String applicationName;
+    private Integer accessTokenLifeSpan = 1800;
+    private Integer ssoSessionIdleTimeout = 86400;
+    private int refreshTokenMaxReuse;
+    private String defaultTheme = "redaction";
+    private List<String> validRedirectUris = new ArrayList<>();
+    private KCRoleMapping kcRoleMapping = new KCRoleMapping();
+    private String loginTheme;
+    private String appPrefix;
 
 }

src/main/java/com/knecon/fforesight/tenantusermanagement/repository/TenantRepository.java

@@ -2,14 +2,11 @@ package com.knecon.fforesight.tenantusermanagement.repository;
 
 import java.util.Optional;
 
-import org.springframework.cache.annotation.CacheEvict;
-import org.springframework.cache.annotation.Cacheable;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
 
-import com.knecon.fforesight.tenantcommons.TenantApplicationType;
 import com.knecon.fforesight.tenantusermanagement.entity.TenantEntity;
 
 import jakarta.transaction.Transactional;
@@ -19,16 +16,10 @@ public interface TenantRepository extends JpaRepository<TenantEntity, String> {
     @Query("select t from TenantEntity t where t.tenantId = :tenantId")
     Optional<TenantEntity> findByTenantId(@Param("tenantId") String tenantId);
 
-
-    @CacheEvict(value = "tenantApplicationType", key = "#tenantId")
     @Transactional
     @Modifying(clearAutomatically = true, flushAutomatically = true)
     @Query("delete from TenantEntity t where t.id = :tenantId ")
     void deleteByQuery(String tenantId);
 
 
-    @Cacheable(value = "tenantApplicationType", key = "#tenantId")
-    @Query("select t.applicationType from TenantEntity t where t.tenantId = :tenantId")
-    Optional<TenantApplicationType> findApplicationTypeByTenantId(@Param("tenantId") String tenantId);
-
 }

src/main/java/com/knecon/fforesight/tenantusermanagement/service/GeneralConfigurationService.java

@@ -4,10 +4,8 @@ import org.apache.commons.lang3.StringUtils;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.springframework.stereotype.Service;
 
-import com.knecon.fforesight.tenantcommons.TenantApplicationType;
 import com.knecon.fforesight.tenantcommons.TenantContext;
 import com.knecon.fforesight.tenantusermanagement.model.GeneralConfigurationModel;
-import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties;
 import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
 
 import lombok.RequiredArgsConstructor;
@@ -20,30 +18,28 @@ public class GeneralConfigurationService {
 
     private final RealmService realmService;
     private final TenantUserManagementProperties tenantUserManagementProperties;
-    private final TenantApplicationTypeService tenantApplicationTypeService;
 
 
-    public void initGeneralConfiguration(String tenantId, TenantApplicationType tenantApplicationType) {
+    public void initGeneralConfiguration(String tenantId) {
 
         TenantContext.setTenantId(tenantId);
-        var generalConfiguration = getGeneralConfigurations(tenantApplicationType);
-        log.info("Currently Configured Application Name: {}, default name: {}", generalConfiguration.getDisplayName(), tenantApplicationTypeService.getProperties(tenantApplicationType).getApplicationName());
-        updateGeneralConfigurations(getGeneralConfigurations(tenantApplicationType), tenantApplicationType);
+        var generalConfiguration = getGeneralConfigurations();
+        log.info("Currently Configured Application Name: {}, default name: {}", generalConfiguration.getDisplayName(), tenantUserManagementProperties.getApplicationName());
+        updateGeneralConfigurations(getGeneralConfigurations());
         TenantContext.clear();
     }
 
 
-    public GeneralConfigurationModel getGeneralConfigurations(TenantApplicationType tenantApplicationType) {
+    public GeneralConfigurationModel getGeneralConfigurations() {
 
         var realm = realmService.realm(TenantContext.getTenantId()).toRepresentation();
         var auxiliaryName = realm.getDisplayNameHtml();
 
         String computedAuxiliaryName = null;
 
-        ApplicationTypeProperties currentAppTypeProperties = tenantApplicationTypeService.getProperties(tenantApplicationType);
-        if (!currentAppTypeProperties.getApplicationName().equals(auxiliaryName)) {
+        if (!tenantUserManagementProperties.getApplicationName().equals(auxiliaryName)) {
 
-            auxiliaryName = StringUtils.replaceOnce(auxiliaryName, currentAppTypeProperties.getApplicationName(), "");
+            auxiliaryName = StringUtils.replaceOnce(auxiliaryName, tenantUserManagementProperties.getApplicationName(), "");
             auxiliaryName = StringUtils.replaceOnce(auxiliaryName, " (", "");
             auxiliaryName = StringUtils.reverse(StringUtils.replaceOnce(StringUtils.reverse(auxiliaryName), ")", ""));
 
@@ -58,7 +54,7 @@ public class GeneralConfigurationService {
     }
 
 
-    public void updateGeneralConfigurations(GeneralConfigurationModel generalConfigurationModel, TenantApplicationType tenantApplicationType) {
+    public void updateGeneralConfigurations(GeneralConfigurationModel generalConfigurationModel) {
 
         var realm = realmService.realm(TenantContext.getTenantId());
 
@@ -73,14 +69,13 @@ public class GeneralConfigurationService {
         realmRepresentation.setResetPasswordAllowed(generalConfigurationModel.isForgotPasswordFunctionEnabled());
 
         realmRepresentation.setRevokeRefreshToken(true);
-        ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(tenantApplicationType);
-        realmRepresentation.setRefreshTokenMaxReuse(applicationTypeProperties.getRefreshTokenMaxReuse());
+        realmRepresentation.setRefreshTokenMaxReuse(tenantUserManagementProperties.getRefreshTokenMaxReuse());
         realmRepresentation.getAttributes().put("actionTokenGeneratedByUserLifespan.idp-verify-account-via-email", Integer.toString(86400));
 
         if (!StringUtils.isEmpty(generalConfigurationModel.getAuxiliaryName())) {
-            setDisplayName(realmRepresentation, applicationTypeProperties.getApplicationName() + " (" + generalConfigurationModel.getAuxiliaryName() + ")");
+            setDisplayName(realmRepresentation, tenantUserManagementProperties.getApplicationName() + " (" + generalConfigurationModel.getAuxiliaryName() + ")");
         } else {
-            setDisplayName(realmRepresentation, applicationTypeProperties.getApplicationName());
+            setDisplayName(realmRepresentation, tenantUserManagementProperties.getApplicationName());
         }
 
         try {

src/main/java/com/knecon/fforesight/tenantusermanagement/service/KeyCloakRoleManagerService.java

@@ -9,8 +9,6 @@ import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
 import org.springframework.stereotype.Component;
 
-import com.knecon.fforesight.tenantcommons.TenantApplicationType;
-import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties;
 import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
 
 import lombok.RequiredArgsConstructor;
@@ -23,26 +21,24 @@ public class KeyCloakRoleManagerService {
 
     private final RealmService realmService;
     private final TenantUserManagementProperties tenantUserManagementProperties;
-    private final TenantApplicationTypeService tenantApplicationTypeService;
 
 
-    public void updateRoles(String tenantId, TenantApplicationType applicationType) {
+    public void updateRoles(String tenantId) {
 
         var realm = realmService.realm(tenantId);
 
-        ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(applicationType);
         log.info("Running KeyCloak Role Manager, managing client: {} with system client {}",
-                 applicationTypeProperties.getApplicationClientId(),
-                 tenantUserManagementProperties.getClientId());
+                tenantUserManagementProperties.getApplicationClientId(),
+                tenantUserManagementProperties.getClientId());
         var existingRoles = realm.roles().list().stream().map(RoleRepresentation::getName).collect(Collectors.toList());
 
         log.info("Existing KC roles: {}", existingRoles);
 
-        var redactionClientRepresentation = getRedactionClientRepresentation(tenantId, applicationTypeProperties.getApplicationClientId());
+        var redactionClientRepresentation = getRedactionClientRepresentation(tenantId);
         var redactionClient = realm.clients().get(redactionClientRepresentation.getId());
         var clientRoles = redactionClient.roles().list().stream().map(RoleRepresentation::getName).collect(Collectors.toList());
 
-        var allPermissions = applicationTypeProperties.getKcRoleMapping().getPermissions();
+        var allPermissions = tenantUserManagementProperties.getKcRoleMapping().getPermissions();
 
         log.info("Existing KC client roles: {}", clientRoles);
         log.info("Current Application KC client roles: {}", allPermissions);
@@ -69,8 +65,8 @@ public class KeyCloakRoleManagerService {
 
         var allClientRoles = redactionClient.roles().list();
 
-        var allRoles = applicationTypeProperties.getKcRoleMapping().getAllRoles();
-        var rolePermissionMappings = applicationTypeProperties.getKcRoleMapping().getRolePermissionMapping();
+        var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
+        var rolePermissionMappings = tenantUserManagementProperties.getKcRoleMapping().getRolePermissionMapping();
 
         // if an application-role doesn't exist, create it
         for (String applicationRole : allRoles) {
@@ -97,7 +93,7 @@ public class KeyCloakRoleManagerService {
             log.info("Finished application role {}", applicationRole);
         }
 
-        var composites = applicationTypeProperties.getKcRoleMapping().getRoleComposites();
+        var composites = tenantUserManagementProperties.getKcRoleMapping().getRoleComposites();
         for (var key : composites.keySet()) {
             var realmRole = realm.roles().get(key).toRepresentation();
 
@@ -115,8 +111,9 @@ public class KeyCloakRoleManagerService {
     }
 
 
-    private ClientRepresentation getRedactionClientRepresentation(String tenantId, String applicationClientId) {
+    private ClientRepresentation getRedactionClientRepresentation(String tenantId) {
 
+        String applicationClientId = tenantUserManagementProperties.getApplicationClientId();
         var clientRepresentationIterator = realmService.realm(tenantId).clients().findByClientId(applicationClientId).iterator();
 
         if (clientRepresentationIterator.hasNext()) {

src/main/java/com/knecon/fforesight/tenantusermanagement/service/SMTPService.java

@@ -136,7 +136,7 @@ public class SMTPService {
 
             if (isInitialization) {
                 if (StringUtils.isBlank(tenantSMTPConfig.getHost())) {
-                    log.info("Tenant '{}' SMTP configuration has not been yet set.", tenantId);
+                    log.info("Tenant '{}' SMTP configuration has not been set yet.", tenantId);
                     updateSMTPConfiguration(currentGlobalConfig);
                     log.info("Tenant '{}' SMTP configuration set successfully.", tenantId);
                 } else {

src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantApplicationTypeService.java

@@ -1,54 +0,0 @@
-package com.knecon.fforesight.tenantusermanagement.service;
-
-import java.util.Locale;
-
-import org.springframework.http.HttpStatus;
-import org.springframework.stereotype.Service;
-import org.springframework.web.server.ResponseStatusException;
-
-import com.knecon.fforesight.tenantcommons.TenantApplicationType;
-import com.knecon.fforesight.tenantcommons.TenantContext;
-import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties;
-import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
-import com.knecon.fforesight.tenantusermanagement.repository.TenantRepository;
-
-import lombok.AccessLevel;
-import lombok.RequiredArgsConstructor;
-import lombok.experimental.FieldDefaults;
-
-@Service
-@RequiredArgsConstructor
-@FieldDefaults(level = AccessLevel.PRIVATE, makeFinal = true)
-public class TenantApplicationTypeService {
-
-    TenantUserManagementProperties tenantUserManagementProperties;
-    TenantRepository tenantRepository;
-
-
-    public TenantApplicationType getCurrent() {
-
-        return get(TenantContext.getTenantId());
-    }
-
-
-    public TenantApplicationType get(String tenantId) {
-
-        return tenantRepository.findApplicationTypeByTenantId(tenantId)
-                .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Tenant does not exist"));
-    }
-
-
-    public ApplicationTypeProperties getProperties(TenantApplicationType applicationType) {
-
-        return tenantUserManagementProperties.getApplicationTypes()
-                .get(applicationType.name().toLowerCase(Locale.ROOT));
-    }
-
-
-    public ApplicationTypeProperties getCurrentProperties() {
-
-        TenantApplicationType applicationType = get(TenantContext.getTenantId());
-        return getProperties(applicationType);
-    }
-
-}

src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java

@@ -43,7 +43,6 @@ import com.azure.storage.blob.BlobServiceClientBuilder;
 import com.azure.storage.blob.models.BlobItem;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.knecon.fforesight.tenantcommons.EncryptionDecryptionService;
-import com.knecon.fforesight.tenantcommons.TenantApplicationType;
 import com.knecon.fforesight.tenantcommons.TenantContext;
 import com.knecon.fforesight.tenantcommons.TenantProvider;
 import com.knecon.fforesight.tenantcommons.model.AzureStorageConnection;
@@ -67,7 +66,6 @@ import com.knecon.fforesight.tenantusermanagement.model.CreateTenantRequest;
 import com.knecon.fforesight.tenantusermanagement.model.SearchConnectionRequest;
 import com.knecon.fforesight.tenantusermanagement.model.TenantUser;
 import com.knecon.fforesight.tenantusermanagement.model.UpdateTenantRequest;
-import com.knecon.fforesight.tenantusermanagement.properties.ApplicationTypeProperties;
 import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
 import com.knecon.fforesight.tenantusermanagement.repository.TenantRepository;
 import com.knecon.fforesight.tenantusermanagement.utils.JDBCUtils;
@@ -109,18 +107,21 @@ public class TenantManagementService implements TenantProvider {
     private final RabbitTemplate rabbitTemplate;
     private final StorageConfiguration storageConfiguration;
     private final SMTPService smtpService;
-    private final TenantApplicationTypeService tenantApplicationTypeService;
 
     @Value("${fforesight.tenant-exchange.name}")
     private String tenantExchangeName;
 
+    @Value("${FFORESIGHT_TENANT_USER_MANAGEMENT_APPLICATION_NAME:RedactManager}")
+    private String applicationType;
+
+
 
     @SneakyThrows
     public TenantResponse createTenant(CreateTenantRequest tenantRequest) {
 
         // For now we update the master realm theme whenever we create the tenant
-        updateMasterTheme(tenantApplicationTypeService.getProperties(tenantRequest.getApplicationType()).getLoginTheme());
-        updateMasterDisplayName(tenantApplicationTypeService.getProperties(tenantRequest.getApplicationType()).getApplicationName());
+        updateMasterTheme(tenantUserManagementProperties.getLoginTheme());
+        updateMasterDisplayName(tenantUserManagementProperties.getApplicationName());
 
         log.info("Tenants are: {}",
                  tenantRepository.findAll()
@@ -142,7 +143,6 @@ public class TenantManagementService implements TenantProvider {
                         .tenantId(tenantRequest.getTenantId())
                         .displayName(tenantRequest.getDisplayName())
                         .guid(UUID.randomUUID().toString())
-                        .applicationType(tenantRequest.getApplicationType() != null ? tenantRequest.getApplicationType() : TenantApplicationType.RedactManager)
                         .databaseConnection(DatabaseConnectionEntity.builder()
                                                     .driver(databaseConnection.getDriver())
                                                     .host(databaseConnection.getHost())
@@ -160,7 +160,7 @@ public class TenantManagementService implements TenantProvider {
                                                   .password(encryptionService.encrypt(searchConnection.getPassword()))
                                                   .numberOfShards(searchConnection.getNumberOfShards())
                                                   .numberOfReplicas(searchConnection.getNumberOfReplicas())
-                                                  .indexPrefix(buildIndexPrefix(tenantRequest.getTenantId(), tenantRequest.getApplicationType()))
+                                                  .indexPrefix(buildIndexPrefix(tenantRequest.getTenantId()))
                                                   .build());
                 MongoDBConnection mongoDBConnection = tenantRequest.getMongoDBConnection();
                 if (mongoDBConnection != null) {
@@ -210,7 +210,7 @@ public class TenantManagementService implements TenantProvider {
                     log.info("Skipping creation of mongo database for this tenant");
                 }
 
-                propagateTenantToKeyCloak(tenantRequest.getTenantId(), tenantRequest.getApplicationType(), tenantRequest.getDefaultUsers());
+                propagateTenantToKeyCloak(tenantRequest.getTenantId(), tenantRequest.getDefaultUsers());
 
                 log.info("Updated roles for tenant: {}", tenantRequest.getTenantId());
 
@@ -219,6 +219,7 @@ public class TenantManagementService implements TenantProvider {
 
                 log.info("Created default SMTP configuration.");
 
+                tenantEntity.setApplicationType(applicationType);
                 var saved = tenantPersistenceService.save(tenantEntity);
 
                 log.info("Persisted tenant: {}", tenantRequest.getTenantId());
@@ -302,21 +303,21 @@ public class TenantManagementService implements TenantProvider {
         log.info("Deleting mongodb database for tenant: {}", tenant.getTenantId());
         deleteMongoDBDatabase(tenant);
         deleteRealm(tenantId);
-        tenantRepository.deleteByQuery(tenant.getTenantId());
+        tenantRepository.deleteById(tenant.getTenantId());
 
     }
 
 
-    private String buildIndexPrefix(String tenantId, TenantApplicationType applicationType) {
+    private String buildIndexPrefix(String tenantId) {
 
-        return tenantApplicationTypeService.getProperties(applicationType).getAppPrefix() + "_" + tenantId;
+        return tenantUserManagementProperties.getAppPrefix() + "_" + tenantId;
     }
 
 
-    private void propagateTenantToKeyCloak(String tenantId, TenantApplicationType applicationType, List<TenantUser> usersToCreate) throws InterruptedException {
+    private void propagateTenantToKeyCloak(String tenantId, List<TenantUser> usersToCreate) throws InterruptedException {
 
         log.info("Creating or updating realm for tenant: {}", tenantId);
-        createOrUpdateRealm(tenantId, applicationType, usersToCreate);
+        createOrUpdateRealm(tenantId, usersToCreate);
 
         var waitTime = 0;
         boolean realmReady;
@@ -337,8 +338,8 @@ public class TenantManagementService implements TenantProvider {
 
         setPasswordPolicyForRealm(tenantId);
 
-        generalConfigurationService.initGeneralConfiguration(tenantId, applicationType);
-        keyCloakRoleManagerService.updateRoles(tenantId, applicationType);
+        generalConfigurationService.initGeneralConfiguration(tenantId);
+        keyCloakRoleManagerService.updateRoles(tenantId);
     }
 
 
@@ -439,9 +440,9 @@ public class TenantManagementService implements TenantProvider {
     }
 
 
-    public void createOrUpdateRealm(String tenantId, TenantApplicationType applicationType, List<TenantUser> users) {
+    public void createOrUpdateRealm(String tenantId, List<TenantUser> users) {
 
-        if (syncRealmIfExists(tenantId, applicationType, users)) {
+        if (syncRealmIfExists(tenantId, users)) {
             log.info("Updated realm for tenant: {}", tenantId);
             return;
         }
@@ -450,12 +451,12 @@ public class TenantManagementService implements TenantProvider {
         realm.setId(tenantId);
         realm.setRealm(tenantId);
         realm.setEnabled(true);
-        setRealmProperties(realm, applicationType);
+        setRealmProperties(realm);
 
-        var clients = getRealmClients(applicationType);
+        var clients = getRealmClients();
         realm.setClients(clients);
 
-        realm.setRoles(getRealmRoles(applicationType));
+        realm.setRoles(getRealmRoles());
 
         if (users != null) {
             realm.setUsers(users.stream()
@@ -482,19 +483,18 @@ public class TenantManagementService implements TenantProvider {
     }
 
 
-    private boolean syncRealmIfExists(String tenantId, TenantApplicationType applicationType, List<TenantUser> users) {
+    private boolean syncRealmIfExists(String tenantId, List<TenantUser> users) {
 
         try {
             var existingRealm = getRealmResource(tenantId).toRepresentation();
             if (existingRealm != null) {
                 log.info("Updating existing realm: {}", tenantId);
-                ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(applicationType);
-                existingRealm.setLoginTheme(applicationTypeProperties.getDefaultTheme());
-                existingRealm.setEmailTheme(applicationTypeProperties.getDefaultTheme());
-                existingRealm.setAccountTheme(applicationTypeProperties.getDefaultTheme());
-                existingRealm.setAccessTokenLifespan(applicationTypeProperties.getAccessTokenLifeSpan());
-                existingRealm.setSsoSessionIdleTimeout(applicationTypeProperties.getSsoSessionIdleTimeout());
-                var clients = getRealmClients(applicationType);
+                existingRealm.setLoginTheme(tenantUserManagementProperties.getDefaultTheme());
+                existingRealm.setEmailTheme(tenantUserManagementProperties.getDefaultTheme());
+                existingRealm.setAccountTheme(tenantUserManagementProperties.getDefaultTheme());
+                existingRealm.setAccessTokenLifespan(tenantUserManagementProperties.getAccessTokenLifeSpan());
+                existingRealm.setSsoSessionIdleTimeout(tenantUserManagementProperties.getSsoSessionIdleTimeout());
+                var clients = getRealmClients();
                 var relevantClientNames = clients.stream()
                         .map(c -> c.getClientId().toLowerCase(Locale.getDefault()))
                         .collect(Collectors.toSet());
@@ -510,7 +510,7 @@ public class TenantManagementService implements TenantProvider {
                 clients.forEach(c -> getRealmResource(tenantId).clients().create(c));
 
                 existingRealm.setClients(clients);
-                existingRealm.setRoles(getRealmRoles(applicationType));
+                existingRealm.setRoles(getRealmRoles());
 
                 if (users != null) {
 
@@ -555,17 +555,16 @@ public class TenantManagementService implements TenantProvider {
     }
 
 
-    private RolesRepresentation getRealmRoles(TenantApplicationType applicationType) {
+    private RolesRepresentation getRealmRoles() {
 
-        ApplicationTypeProperties applicationTypeProperties = tenantApplicationTypeService.getProperties(applicationType);
-        var allRoles = applicationTypeProperties.getKcRoleMapping().getAllRoles();
+        var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
 
         var roles = new ArrayList<RoleRepresentation>();
         for (String applicationRole : allRoles) {
             var role = new RoleRepresentation();
             role.setComposite(true);
             role.setName(applicationRole);
-            role.setContainerId(applicationTypeProperties.getApplicationClientId());
+            role.setContainerId(tenantUserManagementProperties.getApplicationClientId());
             roles.add(role);
         }
 
@@ -575,18 +574,16 @@ public class TenantManagementService implements TenantProvider {
     }
 
 
-    private List<ClientRepresentation> getRealmClients(TenantApplicationType applicationType) {
-
-        ApplicationTypeProperties appTypeProperties = tenantApplicationTypeService.getProperties(applicationType);
+    private List<ClientRepresentation> getRealmClients() {
 
         var applicationClient = new ClientRepresentation();
         applicationClient.setEnabled(true);
-        applicationClient.setName(appTypeProperties.getApplicationClientId());
-        applicationClient.setClientId(appTypeProperties.getApplicationClientId());
+        applicationClient.setName(tenantUserManagementProperties.getApplicationClientId());
+        applicationClient.setClientId(tenantUserManagementProperties.getApplicationClientId());
         applicationClient.setStandardFlowEnabled(true);
         applicationClient.setImplicitFlowEnabled(true);
         applicationClient.setDirectAccessGrantsEnabled(true);
-        applicationClient.setRedirectUris(appTypeProperties.getValidRedirectUris());
+        applicationClient.setRedirectUris(tenantUserManagementProperties.getValidRedirectUris());
         applicationClient.setWebOrigins(List.of("+"));
         applicationClient.setPublicClient(true);
         setPostLogoutRedirectUriForClient(applicationClient);
@@ -601,7 +598,7 @@ public class TenantManagementService implements TenantProvider {
         swaggerClient.setDirectAccessGrantsEnabled(false);
         swaggerClient.setServiceAccountsEnabled(true);
         swaggerClient.setAuthorizationServicesEnabled(true);
-        swaggerClient.setRedirectUris(appTypeProperties.getValidRedirectUris());
+        swaggerClient.setRedirectUris(tenantUserManagementProperties.getValidRedirectUris());
         swaggerClient.setWebOrigins(List.of("+"));
         setPostLogoutRedirectUriForClient(swaggerClient);
 
@@ -609,16 +606,15 @@ public class TenantManagementService implements TenantProvider {
     }
 
 
-    private void setRealmProperties(RealmRepresentation realm, TenantApplicationType tenantApplicationType) {
+    private void setRealmProperties(RealmRepresentation realm) {
 
-        ApplicationTypeProperties currentAppTypeProperties = tenantApplicationTypeService.getProperties(tenantApplicationType);
-        realm.setLoginTheme(currentAppTypeProperties.getDefaultTheme());
-        realm.setEmailTheme(currentAppTypeProperties.getDefaultTheme());
-        realm.setAccountTheme(currentAppTypeProperties.getDefaultTheme());
-        realm.setAccessTokenLifespan(currentAppTypeProperties.getAccessTokenLifeSpan());
-        realm.setSsoSessionIdleTimeout(currentAppTypeProperties.getSsoSessionIdleTimeout());
+        realm.setLoginTheme(tenantUserManagementProperties.getDefaultTheme());
+        realm.setEmailTheme(tenantUserManagementProperties.getDefaultTheme());
+        realm.setAccountTheme(tenantUserManagementProperties.getDefaultTheme());
+        realm.setAccessTokenLifespan(tenantUserManagementProperties.getAccessTokenLifeSpan());
+        realm.setSsoSessionIdleTimeout(tenantUserManagementProperties.getSsoSessionIdleTimeout());
         realm.setRevokeRefreshToken(true);
-        realm.setRefreshTokenMaxReuse(currentAppTypeProperties.getRefreshTokenMaxReuse());
+        realm.setRefreshTokenMaxReuse(tenantUserManagementProperties.getRefreshTokenMaxReuse());
 
         if (!ObjectUtils.isEmpty(tenantUserManagementProperties.getPublicServerUrl())) {
             Map<String, String> attributes = new HashMap<>();
@@ -799,7 +795,7 @@ public class TenantManagementService implements TenantProvider {
                                                           .build());
             }
 
-            propagateTenantToKeyCloak(tenantId, tenantEntity.getApplicationType(), null);
+            propagateTenantToKeyCloak(tenantId, null);
 
             TenantResponse tenantResponse = convert(tenantRepository.save(tenantEntity));
 
@@ -828,13 +824,6 @@ public class TenantManagementService implements TenantProvider {
     }
 
 
-    @Override
-    public TenantApplicationType getTenantApplicationType(String tenantId) {
-
-        return tenantApplicationTypeService.get(tenantId);
-    }
-
-
     public TenantResponse removePasswords(TenantResponse tenantResponse) {
 
         if (tenantResponse.getDatabaseConnection() != null) {
@@ -864,7 +853,7 @@ public class TenantManagementService implements TenantProvider {
     private TenantResponse convert(TenantEntity entity) {
 
         var authDetails = realmService.getOpenIdConnectDetails(entity.getTenantId());
-        var roleMapping = tenantApplicationTypeService.getProperties(entity.getApplicationType()).getKcRoleMapping();
+        var roleMapping = tenantUserManagementProperties.getKcRoleMapping();
         authDetails.setClientRoles(roleMapping.getPermissions());
         authDetails.setRealmRoles(roleMapping.getAllRoles());
 
@@ -874,7 +863,6 @@ public class TenantManagementService implements TenantProvider {
                 .guid(entity.getGuid())
                 .authDetails(authDetails)
                 .details(entity.getDetails())
-                .applicationType(entity.getApplicationType())
                 .databaseConnection(DatabaseConnection.builder()
                                             .driver(entity.getDatabaseConnection().getDriver())
                                             .host(entity.getDatabaseConnection().getHost())
@@ -969,15 +957,14 @@ public class TenantManagementService implements TenantProvider {
     public void syncTenant(String tenantId, JsonNode payload) {
 
         log.info("Syncing Realm: {}", tenantId);
-        TenantContext.setTenantId(tenantId);
-        TenantApplicationType tenantApplicationType = getTenantApplicationType(tenantId);
-        syncRealmIfExists(tenantId, tenantApplicationType, null);
+        syncRealmIfExists(tenantId, null);
         setPasswordPolicyForRealm(tenantId);
-        generalConfigurationService.initGeneralConfiguration(tenantId, tenantApplicationType);
-        keyCloakRoleManagerService.updateRoles(tenantId, tenantApplicationType);
-
-        propagateTenantToKeyCloak(tenantId, tenantApplicationType, null);
+        generalConfigurationService.initGeneralConfiguration(tenantId);
+        keyCloakRoleManagerService.updateRoles(tenantId);
+        propagateTenantToKeyCloak(tenantId, null);
         log.info("Realm: {} synced", tenantId);
+
+        TenantContext.setTenantId(tenantId);
         rabbitTemplate.convertAndSend(tenantExchangeName, "tenant.sync", new TenantSyncEvent(tenantId, payload));
         TenantContext.clear();
 

src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserListingService.java

@@ -14,6 +14,7 @@ import org.springframework.retry.support.RetryTemplate;
 import org.springframework.stereotype.Service;
 
 import com.knecon.fforesight.tenantusermanagement.model.User;
+import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -25,7 +26,7 @@ public class UserListingService {
 
     private final RealmService realmService;
 
-    private final TenantApplicationTypeService tenantApplicationTypeService;
+    private final TenantUserManagementProperties tenantUserManagementProperties;
     private final RetryTemplate retryTemplate = RetryTemplate.builder().maxAttempts(3).exponentialBackoff(1000, 2, 5000).build();
 
 
@@ -40,7 +41,7 @@ public class UserListingService {
             Map<String, Set<String>> usersByRole = new HashMap<>();
             if (!allUsers.isEmpty()) {
                 var realmRoles = realm.roles().list().stream().map(r -> r.getName().toUpperCase(Locale.ROOT)).collect(Collectors.toSet());
-                var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
+                var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
                 for (var role : allRoles) {
                     if (realmRoles.contains(role)) {
                         List<UserRepresentation> users = realm.roles().get(role).getUserMembers(0, 500);
@@ -70,7 +71,7 @@ public class UserListingService {
             users.add(user);
         }
 
-        var roleComposites = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getRoleComposites();
+        var roleComposites = tenantUserManagementProperties.getKcRoleMapping().getRoleComposites();
         users.forEach(user -> {
             for (var parentRole : roleComposites.keySet()) {
                 if (user.getRoles().contains(parentRole)) {

src/main/java/com/knecon/fforesight/tenantusermanagement/service/UserService.java

@@ -59,7 +59,6 @@ public class UserService {
     private final TenantUserManagementProperties tenantUserManagementProperties;
     private final UserListingService userListingService;
     private final RabbitTemplate rabbitTemplate;
-    private final TenantApplicationTypeService tenantApplicationTypeService;
 
     @Value("${fforesight.user-exchange.name}")
     private String userExchangeName;
@@ -87,7 +86,7 @@ public class UserService {
             throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Email address format is not valid");
         }
 
-        tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().validateRoles(user.getRoles());
+        tenantUserManagementProperties.getKcRoleMapping().validateRoles(user.getRoles());
 
         UserRepresentation userRepresentation = new UserRepresentation();
         userRepresentation.setUsername(username);
@@ -131,10 +130,9 @@ public class UserService {
     }
 
 
-
     public void checkRankOrderForAssigningRole(Set<String> newRoles, Set<String> currentUserRoles) {
 
-        var roleMapping = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping();
+        var roleMapping = tenantUserManagementProperties.getKcRoleMapping();
         var maxRank = currentUserRoles.stream()
                 .map(r -> roleMapping.getRole(r).getRank())
                 .max(Integer::compare)
@@ -158,7 +156,7 @@ public class UserService {
         return userResource.roles().realmLevel().listEffective()
                 .stream()
                 .map(RoleRepresentation::getName)
-                .filter(r -> tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().isValidRole(r))
+                .filter(r -> tenantUserManagementProperties.getKcRoleMapping().isValidRole(r))
                 .collect(Collectors.toSet());
     }
 
@@ -181,7 +179,7 @@ public class UserService {
     @CacheEvict(value = "${commons.keycloak.userCache}", allEntries = true, beforeInvocation = true)
     public User setRoles(String userId, Set<String> newRoles, Set<String> currentUserRoles) {
 
-        var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
+        var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
         newRoles.forEach(role -> {
 
             if (!allRoles.contains(role) || ApplicationRoles.isKneconRole(role)) {
@@ -217,7 +215,7 @@ public class UserService {
     @CacheEvict(value = "${commons.keycloak.userCache}", allEntries = true, beforeInvocation = true)
     public void removeRolesForDeletion(String userId, Set<String> roles) {
 
-        var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
+        var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
         roles.forEach(role -> {
 
             if (!allRoles.contains(role)) {
@@ -238,7 +236,7 @@ public class UserService {
     @CacheEvict(value = "${commons.keycloak.userCache}", allEntries = true, beforeInvocation = true)
     public void validateSufficientRoles(String userId, Set<String> userRoles, Set<String> newRoles, Set<String> currentUserRoles) {
 
-        var roleMapping = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping();
+        var roleMapping = tenantUserManagementProperties.getKcRoleMapping();
 
         int maxCurrentUserRank = currentUserRoles.stream()
                 .map(r -> roleMapping.getRole(r).getRank())
@@ -381,7 +379,7 @@ public class UserService {
                 .realm(TenantContext.getTenantId())
                 .username(username)
                 .password(password)
-                .clientId(tenantApplicationTypeService.getCurrentProperties().getApplicationClientId())
+                .clientId(tenantUserManagementProperties.getApplicationClientId())
                 .grantType(OAuth2Constants.PASSWORD)
                 .resteasyClient(new ResteasyClientBuilderImpl().connectionTTL(2, TimeUnit.SECONDS)
                                         .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
@@ -442,7 +440,7 @@ public class UserService {
         var user = userListingService.convertBasicUser(userRepresentation);
         user.setRoles(getRoles(user.getUserId()));
 
-        var roleComposites = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getRoleComposites();
+        var roleComposites = tenantUserManagementProperties.getKcRoleMapping().getRoleComposites();
         for (var parentRole : roleComposites.keySet()) {
             if (user.getRoles().contains(parentRole)) {
                 user.getRoles().addAll(roleComposites.get(parentRole));
@@ -460,7 +458,7 @@ public class UserService {
             log.warn("User with id=" + id + " contains null role mappings.");
             return new TreeSet<>();
         }
-        var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
+        var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
         return realmMappings.stream()
                 .map(RoleRepresentation::getName)
                 .filter(allRoles::contains)
@@ -567,7 +565,7 @@ public class UserService {
         var currentRoles = getRoles(userId);
 
         if (isActive && currentRoles.isEmpty()) { // add RED_USER role
-            setRoles(userId, tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getDefaultRoles());
+            setRoles(userId, tenantUserManagementProperties.getKcRoleMapping().getDefaultRoles());
         }
 
         var toggledUser = getUserByUsername(userRepresentation.getUsername());
@@ -683,7 +681,7 @@ public class UserService {
             return ValidationResult.INVALID;
         }
 
-        var roleMapping = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping();
+        var roleMapping = tenantUserManagementProperties.getKcRoleMapping();
         var maxRank = currentRoles.stream()
                 .map(r -> roleMapping.getRole(r).getRank())
                 .max(Integer::compare)

src/main/resources/application-clarifynd.yaml

@@ -0,0 +1,128 @@
+fforesight:
+  tenant-user-management:
+    application-client-id: 'fforesight'
+    application-name: 'Clarifynd'
+    client-id: 'manager'
+    accessTokenLifeSpan: 3600
+    ssoSessionIdleTimeout: 86400
+    realm: master
+    default-theme: 'clarifynd'
+    valid-redirect-uris: [ '/search/*', '/bdr-connector/*', '/sdi/*', '/tenant-user-management/*','http://localhost:4200/*', 'http://localhost:4300/*', '/ui/*' ,'/auth/*','/persistence/*', '/audit/*', '/contextual-query/*' ]
+    kc-role-mapping:
+      roles:
+        - name: FF_USER
+          set-by-default: true
+          rank: 100
+          permissions:
+            - 'fforesight-read-general-configuration'
+            - 'fforesight-manage-user-preferences'
+            - 'fforesight-read-users'
+            - 'fforesight-read-all-users'
+            - 'fforesight-update-my-profile'
+            - 'fforesight-get-tenants'
+            - 'fforesight-deployment-info'
+            - 'fforesight-read-smtp-configuration'
+            - 'fforesight-search'
+            - 'fforesight-view-document'
+            - 'fforesight-user-upload-files'
+            - 'fforesight-user-manage-files'
+            - 'fforesight-user-view-files'
+            - 'fforesight-user-manage-analysis'
+            - 'fforesight-user-view-analysis'
+            - 'fforesight-user-view-favourites'
+            - 'fforesight-user-add-to-favourites'
+            - 'fforesight-user-delete-from-favourites'
+            - 'fforesight-user-view-paragraph-tags'
+            - 'fforesight-user-add-to-paragraph-tags'
+            - 'fforesight-user-delete-from-paragraph-tags'
+            - 'fforesight-read-tag'
+            - 'fforesight-write-tag'
+            - 'fforesight-download-file'
+        - name: KNECON_ADMIN
+          set-by-default: false
+          rank: 1000
+          permissions:
+            - "red-read-license"
+            - "red-update-license"
+            - "red-get-similiar-images"
+            - "fforesight-get-tenants"
+            - "fforesight-create-tenant"
+            - "fforesight-update-tenant"
+            - "fforesight-delete-tenant"
+            - "fforesight-read-users"
+            - "fforesight-read-all-users"
+            - "fforesight-write-users"
+            - "fforesight-read-smtp-configuration"
+            - "fforesight-write-smtp-configuration"
+            - "fforesight-read-identity-provider-config"
+            - "fforesight-write-identity-provider-config"
+            - "red-unarchive-dossier"
+        - name: KNECON_SUPPORT
+          set-by-default: false
+          rank: 1000
+          permissions:
+            - "red-read-license"
+            - "red-update-license"
+            - "red-get-similiar-images"
+            - "fforesight-get-tenants"
+            - "fforesight-create-tenant"
+            - "fforesight-update-tenant"
+            - "fforesight-delete-tenant"
+            - "fforesight-read-users"
+            - "fforesight-read-all-users"
+            - "fforesight-write-users"
+            - "fforesight-read-smtp-configuration"
+            - "fforesight-write-smtp-configuration"
+            - "fforesight-read-identity-provider-config"
+            - "fforesight-write-identity-provider-config"
+            - "red-unarchive-dossier"
+        - name: FF_ADMIN
+          set-by-default: true
+          rank: 100
+          permissions:
+            - 'fforesight-read-general-configuration'
+            - 'fforesight-write-general-configuration'
+            - 'fforesight-manage-user-preferences'
+            - 'fforesight-read-users'
+            - 'fforesight-read-all-users'
+            - 'fforesight-write-users'
+            - 'fforesight-update-my-profile'
+            - 'fforesight-update-tenant'
+            - 'fforesight-create-tenant'
+            - 'fforesight-get-tenants'
+            - 'fforesight-deployment-info'
+            - 'fforesight-read-smtp-configuration'
+            - 'fforesight-write-smtp-configuration'
+            - "fforesight-read-identity-provider-config"
+            - "fforesight-write-identity-provider-config"
+            - 'fforesight-search'
+            - 'fforesight-search-audit-log'
+            - 'fforesight-view-document'
+            - 'fforesight-user-upload-files'
+            - 'fforesight-user-manage-files'
+            - 'fforesight-user-view-files'
+            - 'fforesight-user-manage-analysis'
+            - 'fforesight-user-view-analysis'
+            - 'fforesight-user-view-favourites'
+            - 'fforesight-user-add-to-favourites'
+            - 'fforesight-user-view-paragraph-tags'
+            - 'fforesight-user-add-to-paragraph-tags'
+            - 'fforesight-user-delete-from-paragraph-tags'
+            - 'fforesight-user-delete-from-favourites'
+            - 'fforesight-system-upload-files'
+            - 'fforesight-system-manage-files'
+            - 'fforesight-system-view-files'
+            - 'fforesight-system-manage-analysis'
+            - 'fforesight-system-view-analysis'
+            - 'fforesight-download-file'
+            - 'fforesight-sdi-view-task'
+            - 'fforesight-sdi-start-task'
+            - 'fforesight-sdi-stop-task'
+            - 'fforesight-read-tag'
+            - 'fforesight-write-tag'
+            - 'taas-bdr-connector-view-task'
+            - 'taas-bdr-connector-start-task'
+            - 'taas-bdr-connector-stop-task'
+  springdoc:
+    default-tenant: 'fforesight'
+

src/main/resources/application-dev.yaml

@@ -0,0 +1,91 @@
+server:
+  port: 8091
+
+
+fforesight:
+  tenant-user-management:
+    server-url: http://localhost:8080
+    client-secret: p2InUtjQUDSlwsXyEUFuYrSWi1BeZD1P
+    client-id: manager
+    realm: master
+    kc-role-mapping:
+      roles:
+        - name: SUPER_USER
+          set-by-default: true
+          rank: 100
+          permissions:
+            - 'fforesight-read-general-configuration'
+            - 'fforesight-write-general-configuration'
+            - 'fforesight-manage-user-preferences'
+            - 'fforesight-read-users'
+            - 'fforesight-read-all-users'
+            - 'fforesight-write-users'
+            - 'fforesight-update-my-profile'
+            - 'fforesight-create-tenant'
+            - 'fforesight-get-tenants'
+            - 'fforesight-delete-tenant'
+            - 'fforesight-update-tenant'
+            - 'fforesight-deployment-info'
+            - 'fforesight-read-smtp-configuration'
+            - 'fforesight-write-smtp-configuration'
+            - 'fforesight-read-identity-provider-config'
+            - 'fforesight-write-identity-provider-config'
+        - name: KNECON_ADMIN
+          set-by-default: true
+          rank: 1000
+          permissions:
+            - 'fforesight-read-general-configuration'
+            - 'fforesight-write-general-configuration'
+            - 'fforesight-manage-user-preferences'
+            - 'fforesight-read-users'
+            - 'fforesight-read-all-users'
+            - 'fforesight-write-users'
+            - 'fforesight-update-my-profile'
+            - 'fforesight-create-tenant'
+            - 'fforesight-get-tenants'
+            - 'fforesight-update-tenant'
+            - 'fforesight-deployment-info'
+            - 'fforesight-read-smtp-configuration'
+            - 'fforesight-write-smtp-configuration'
+            - 'fforesight-read-identity-provider-config'
+            - 'fforesight-write-identity-provider-config'
+        - name: KNECON_SUPPORT
+          set-by-default: true
+          rank: 1000
+          permissions:
+            - 'fforesight-read-general-configuration'
+            - 'fforesight-write-general-configuration'
+            - 'fforesight-manage-user-preferences'
+            - 'fforesight-read-users'
+            - 'fforesight-read-all-users'
+            - 'fforesight-write-users'
+            - 'fforesight-update-my-profile'
+            - 'fforesight-create-tenant'
+            - 'fforesight-get-tenants'
+            - 'fforesight-update-tenant'
+            - 'fforesight-deployment-info'
+            - 'fforesight-read-smtp-configuration'
+            - 'fforesight-write-smtp-configuration'
+            - 'fforesight-read-identity-provider-config'
+            - 'fforesight-write-identity-provider-config'
+    application-name: "redaction"
+  springdoc:
+    auth-server-url: http://localhost:8080
+
+dev.tenant.storage:
+  mode: 'S3'
+  s3:
+    key: minioadmin
+    secret: minioadmin
+    bucket: redaction
+    endpoint: http://localhost:9000
+
+dev.tenant.db:
+  port: 5432
+  host: localhost
+  database: master
+  schema: public
+  username: fforesight
+  password: fforesight
+
+cors.enabled: true

src/main/resources/application-dev.yml

@@ -1,93 +0,0 @@
-server:
-  port: 8091
-
-
-fforesight:
-  tenant-user-management:
-    server-url: http://localhost:8080
-    client-secret: p2InUtjQUDSlwsXyEUFuYrSWi1BeZD1P
-    client-id: manager
-    realm: master
-    application-types:
-      redactmanager:
-        kc-role-mapping:
-          roles:
-            - name: SUPER_USER
-              set-by-default: true
-              rank: 100
-              permissions:
-                - 'fforesight-read-general-configuration'
-                - 'fforesight-write-general-configuration'
-                - 'fforesight-manage-user-preferences'
-                - 'fforesight-read-users'
-                - 'fforesight-read-all-users'
-                - 'fforesight-write-users'
-                - 'fforesight-update-my-profile'
-                - 'fforesight-create-tenant'
-                - 'fforesight-get-tenants'
-                - 'fforesight-delete-tenant'
-                - 'fforesight-update-tenant'
-                - 'fforesight-deployment-info'
-                - 'fforesight-read-smtp-configuration'
-                - 'fforesight-write-smtp-configuration'
-                - 'fforesight-read-identity-provider-config'
-                - 'fforesight-write-identity-provider-config'
-            - name: KNECON_ADMIN
-              set-by-default: true
-              rank: 1000
-              permissions:
-                - 'fforesight-read-general-configuration'
-                - 'fforesight-write-general-configuration'
-                - 'fforesight-manage-user-preferences'
-                - 'fforesight-read-users'
-                - 'fforesight-read-all-users'
-                - 'fforesight-write-users'
-                - 'fforesight-update-my-profile'
-                - 'fforesight-create-tenant'
-                - 'fforesight-get-tenants'
-                - 'fforesight-update-tenant'
-                - 'fforesight-deployment-info'
-                - 'fforesight-read-smtp-configuration'
-                - 'fforesight-write-smtp-configuration'
-                - 'fforesight-read-identity-provider-config'
-                - 'fforesight-write-identity-provider-config'
-            - name: KNECON_SUPPORT
-              set-by-default: true
-              rank: 1000
-              permissions:
-                - 'fforesight-read-general-configuration'
-                - 'fforesight-write-general-configuration'
-                - 'fforesight-manage-user-preferences'
-                - 'fforesight-read-users'
-                - 'fforesight-read-all-users'
-                - 'fforesight-write-users'
-                - 'fforesight-update-my-profile'
-                - 'fforesight-create-tenant'
-                - 'fforesight-get-tenants'
-                - 'fforesight-update-tenant'
-                - 'fforesight-deployment-info'
-                - 'fforesight-read-smtp-configuration'
-                - 'fforesight-write-smtp-configuration'
-                - 'fforesight-read-identity-provider-config'
-                - 'fforesight-write-identity-provider-config'
-        application-name: "redaction"
-  springdoc:
-    auth-server-url: http://localhost:8080
-
-dev.tenant.storage:
-  mode: 'S3'
-  s3:
-    key: minioadmin
-    secret: minioadmin
-    bucket: redaction
-    endpoint: http://localhost:9000
-
-dev.tenant.db:
-  port: 5432
-  host: localhost
-  database: master
-  schema: public
-  username: fforesight
-  password: fforesight
-
-cors.enabled: true

src/main/resources/application-documine.yaml

@@ -0,0 +1,61 @@
+fforesight:
+  tenant-user-management:
+    application-client-id: 'redaction'
+    application-name: 'Documine'
+    client-id: 'manager'
+    tenant-access-token-life-span: 300
+    realm: master
+    default-theme: 'scm'
+    valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ]
+    kc-role-mapping:
+      unmappedPermissions: [ "red-get-tables", "red-unarchive-dossier", "red-update-license", "fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ]
+      compositeRoles:
+        - name: RED_MANAGER
+          composites:
+            - name: RED_USER
+        - name: RED_ADMIN
+          composites:
+            - name: RED_USER_ADMIN
+
+
+      roles:
+        - name: KNECON_ADMIN
+          set-by-default: false
+          rank: 1000
+          permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ]
+        - name: KNECON_SUPPORT
+          set-by-default: false
+          rank: 1000
+          permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ]
+        - name: RED_USER
+          set-by-default: true
+          rank: 100
+          permissions: [ "red-get-rss", "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type",
+                         "red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file",
+                         "red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file",
+                         "red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request",
+                         "red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config",
+                         "red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis",
+                         "red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-reanalyze-dossier",
+                         "red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval",
+                         "fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ]
+        - name: RED_ADMIN
+          set-by-default: false
+          rank: 800
+          permissions: [ "red-add-dictionary-entry", "red-get-similar-images","red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type",
+                         "red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types",
+                         "red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config",
+                         "red-read-legal-basis", "red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config",
+                         "red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ]
+        - name: RED_MANAGER
+          set-by-default: false
+          rank: 200
+          permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ]
+        - name: RED_USER_ADMIN
+          set-by-default: false
+          rank: 400
+          permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-dossier", "red-read-app-configuration", "fforesight-read-general-configuration",
+                         "red-read-notification", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ]
+
+  springdoc:
+    default-tenant: 'redaction'

src/main/resources/application-migration.yaml

@@ -0,0 +1,54 @@
+server:
+  port: 8091
+
+
+fforesight:
+  tenant-user-management:
+    server-url: http://localhost:8080
+    client-secret: muEZIuVsAr57KsjFi4WpGJuw54RiJE0q
+    client-id: manager
+    realm: master
+  springdoc:
+    auth-server-url: http://localhost:8080
+
+spring:
+  datasource:
+    url: jdbc:postgresql://${PSQL_HOST:localhost}:${PSQL_PORT:25432}/${PSQL_DATABASE:tenantmanager}?ApplicationName=${spring.application.name:}&cachePrepStmts=true&useServerPrepStmts=true&rewriteBatchedStatements=true
+    driverClassName: org.postgresql.Driver
+    username: ${PSQL_USERNAME:tenantmanager}
+    password: ${PSQL_PASSWORD:r3dact3d}
+    platform: org.hibernate.dialect.PostgreSQL95Dialect
+
+cors.enabled: true
+
+
+
+#dev.tenant.db:
+#  port: 15432
+#  host: localhost
+#  database: red-tenant
+#  schema: public
+#  username: tenant
+#  password: r3dact3d
+
+dev.tenant.recreateTenant: true
+
+dev.tenant.db:
+  port: 5432
+  host: syngenta-training-clone.postgres.database.azure.com
+  database: syngenta-training-<YOUR_DB_COPY_NAME>
+  schema: syngentatraining
+  username: db_connection
+  password: <DB_PASSWORD_FROM_WIKI>
+
+dev.tenant.storage:
+  mode: 'S3'
+  s3:
+    key: minioadmin
+    secret: minioadmin
+    bucket: redaction
+    endpoint: http://localhost:9000
+#  mode: 'AZURE'
+  azure:
+    containerName: syngenta-training-<YOUR_BLOB_COPY_NAME>
+    connectionString: <AZURE_BLOB_CONNECTION_STRING_FROM_WIKI>

src/main/resources/application-redaction.yaml

@@ -0,0 +1,63 @@
+fforesight:
+  tenant-user-management:
+    application-client-id: 'redaction'
+    application-name: 'RedactManager'
+    client-id: 'manager'
+    tenant-access-token-life-span: 300
+    realm: master
+    default-theme: 'redaction'
+    valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ]
+    kc-role-mapping:
+      unmappedPermissions: [ "red-get-similiar-images","red-unarchive-dossier", "red-update-license", "red-get-rss","fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ]
+      compositeRoles:
+        - name: RED_MANAGER
+          composites:
+            - name: RED_USER
+        - name: RED_ADMIN
+          composites:
+            - name: RED_USER_ADMIN
+
+
+      roles:
+        - name: RED_USER
+          set-by-default: true
+          rank: 100
+          permissions: [ "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type",
+                         "red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file",
+                         "red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file",
+                         "red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request",
+                         "red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config",
+                         "red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis",
+                         "red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-read-watermark", "red-reanalyze-dossier",
+                         "red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval",
+                         "fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ]
+        - name: RED_ADMIN
+          set-by-default: false
+          rank: 800
+          permissions: [ "red-add-dictionary-entry","red-get-similar-images", "red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type",
+                         "red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types",
+                         "red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config",
+                         "red-read-legal-basis", "red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-read-watermark",
+                         "red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config",
+                         "red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config",
+                         "red-write-watermark", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ]
+        - name: RED_MANAGER
+          set-by-default: false
+          rank: 200
+          permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ]
+        - name: KNECON_ADMIN
+          set-by-default: false
+          rank: 1000
+          permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ]
+        - name: KNECON_SUPPORT
+          set-by-default: false
+          rank: 1000
+          permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ]
+        - name: RED_USER_ADMIN
+          set-by-default: false
+          rank: 400
+          permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-app-configuration", "fforesight-read-general-configuration",
+                         "red-read-notification", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ]
+
+  springdoc:
+    default-tenant: 'redaction'

src/main/resources/application.yml

@@ -101,259 +101,21 @@ spring:
       password: ${REDIS_PASSWORD:}
 fforesight:
   keycloak:
-    ignored-endpoints: [ '/actuator/health', '/actuator/health/**', '/tenant-user-management', '/tenant-user-management/', '/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs','/actuator/prometheus' ]
+    ignored-endpoints: [ '/actuator/health', '/actuator/health/**', '/tenant-user-management', '/tenant-user-management/', '/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs' ]
     enabled: true
   springdoc:
     base-path: '/tenant-user-management'
     auth-server-url: '/auth'
     enabled: true
     default-client-id: 'swagger-ui-client'
-    default-tenant: 'fforesight'
+  tenant-user-management:
+    base-path: '/tenant-user-management'
+    login-theme: 'redaction'
+    app-prefix: 'fforesight'
   tenant-exchange:
     name: 'tenants-exchange'
   user-exchange:
     name: 'users-exchange'
-  tenant-user-management:
-    base-path: '/tenant-user-management'
-    client-id: 'manager'
-    realm: master
-    application-types:
-      redactmanager:
-        application-client-id: 'redaction'
-        application-name: 'RedactManager'
-        login-theme: 'redaction'
-        default-theme: 'redaction'
-        app-prefix: 'redaction'
-        valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ]
-        kc-role-mapping:
-          unmappedPermissions: [ "red-get-similiar-images","red-unarchive-dossier", "red-update-license", "red-get-rss","fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ]
-          compositeRoles:
-            - name: RED_MANAGER
-              composites:
-                - name: RED_USER
-            - name: RED_ADMIN
-              composites:
-                - name: RED_USER_ADMIN
-
-
-          roles:
-            - name: RED_USER
-              set-by-default: true
-              rank: 100
-              permissions: [ "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type",
-                             "red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file",
-                             "red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file",
-                             "red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request",
-                             "red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config",
-                             "red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis",
-                             "red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-read-watermark", "red-reanalyze-dossier",
-                             "red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval",
-                             "fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ]
-            - name: RED_ADMIN
-              set-by-default: false
-              rank: 800
-              permissions: [ "red-add-dictionary-entry","red-get-similar-images", "red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type",
-                             "red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types",
-                             "red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config",
-                             "red-read-legal-basis", "red-get-user-stats","red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-read-watermark",
-                             "red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config",
-                             "red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config",
-                             "red-write-watermark", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ]
-            - name: RED_MANAGER
-              set-by-default: false
-              rank: 200
-              permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ]
-            - name: KNECON_ADMIN
-              set-by-default: false
-              rank: 1000
-              permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ]
-            - name: KNECON_SUPPORT
-              set-by-default: false
-              rank: 1000
-              permissions: [ "red-read-license", "red-get-similar-images","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration","red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ]
-            - name: RED_USER_ADMIN
-              set-by-default: false
-              rank: 400
-              permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-app-configuration", "fforesight-read-general-configuration",
-                             "red-read-notification", "red-get-user-stats", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ]
-      documine:
-        application-client-id: 'redaction'
-        application-name: 'Documine'
-        login-theme: 'scm'
-        default-theme: 'scm'
-        app-prefix: 'documine'
-        valid-redirect-uris: [ '/api/*','/redaction-gateway-v1/*','/tenant-user-management/*','http://localhost:4200/*','/ui/*' ,'/auth/*' ]
-        kc-role-mapping:
-          unmappedPermissions: [ "red-get-tables", "red-unarchive-dossier", "red-update-license", "fforesight-create-tenant", "fforesight-update-tenant", "red-experimental" ]
-          compositeRoles:
-            - name: RED_MANAGER
-              composites:
-                - name: RED_USER
-            - name: RED_ADMIN
-              composites:
-                - name: RED_USER_ADMIN
-
-
-          roles:
-            - name: KNECON_ADMIN
-              set-by-default: false
-              rank: 1000
-              permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-import-files", "red-process-download", "red-read-download-status" ]
-            - name: KNECON_SUPPORT
-              set-by-default: false
-              rank: 1000
-              permissions: [ "red-read-license","red-update-license","fforesight-get-tenants", "fforesight-create-tenant", "fforesight-update-tenant", "fforesight-delete-tenant","fforesight-read-users", "fforesight-read-all-users", "fforesight-write-users","fforesight-read-smtp-configuration", "fforesight-write-smtp-configuration", "fforesight-read-identity-provider-config","fforesight-write-identity-provider-config", "red-unarchive-dossier", "red-use-support-controller", "red-process-download", "red-read-download-status" ]
-            - name: RED_USER
-              set-by-default: true
-              rank: 100
-              permissions: [ "red-get-rss", "red-add-comment", "red-get-similar-images", "red-read-license", "red-read-app-configuration", "red-read-dossier-status", "red-add-dossier-dictionary-entry", "red-add-redaction", "red-add-update-dossier-dictionary-type",
-                             "red-delete-comment", "red-delete-dossier-dictionary-entry", "red-delete-dossier-dictionary-type", "red-delete-file", "red-delete-manual-redaction", "red-download-annotated-file",
-                             "red-download-original-file", "red-download-redacted-file", "red-download-redaction-preview-file", "red-download-report-template", "red-exclude-include-file",
-                             "red-exclude-include-pages", "red-get-report-templates", "fforesight-manage-user-preferences", "red-manage-viewed-pages", "red-process-download", "red-process-manual-redaction-request",
-                             "red-read-colors", "red-read-dictionary-types", "red-read-digital-signature", "red-read-dossier", "red-read-dossier-attributes", "red-read-dossier-attributes-config",
-                             "red-read-dossier-templates", "red-read-download-status", "red-read-file-attributes-config", "red-read-file-status", "fforesight-read-general-configuration", "red-read-legal-basis",
-                             "red-read-manual-redactions", "red-read-notification", "red-read-redaction-log", "red-read-rules", "red-read-data-formats", "fforesight-read-users", "red-read-versions", "red-reanalyze-dossier",
-                             "red-reanalyze-file", "red-request-redaction", "red-rotate-page", "red-search", "red-search-audit-log", "red-set-reviewer", "red-set-status-approved", "red-set-status-under-approval",
-                             "fforesight-update-my-profile", "red-update-notification", "red-upload-file", "red-write-file-attributes", "red-process-texthighlights", "red-get-highlights", "red-convert-highlights", "red-delete-highlights", "red-delete-imported-redactions" ]
-            - name: RED_ADMIN
-              set-by-default: false
-              rank: 800
-              permissions: [ "red-add-dictionary-entry", "red-get-similar-images","red-add-update-dictionary-type", "red-write-dossier-status", "red-read-dossier-status", "red-delete-dictionary-entry", "red-delete-dictionary-type",
-                             "red-delete-report-template", "red-download-report-template", "red-get-report-templates", "fforesight-manage-user-preferences", "red-read-colors", "red-read-dictionary-types",
-                             "red-read-digital-signature", "red-read-dossier-attributes", "red-read-dossier-attributes-config", "red-read-dossier-templates", "red-read-file-attributes-config",
-                             "red-read-legal-basis", "red-read-license-report", "red-read-notification", "red-read-rules", "red-read-data-formats", "fforesight-read-smtp-configuration", "fforesight-read-identity-provider-config", "red-read-versions", "red-reindex", "red-search-audit-log", "red-update-notification", "red-upload-report-template", "red-write-colors", "red-write-digital-signature", "red-write-dossier-attributes-config",
-                             "red-write-dossier-templates", "red-write-file-attributes-config", "fforesight-write-general-configuration", "red-write-legal-basis", "red-write-rules", "red-write-data-formats", "fforesight-write-smtp-configuration", "fforesight-write-identity-provider-config", "red-write-app-configuration", "red-manage-acl-permissions", "fforesight-create-tenant", "fforesight-get-tenants", "fforesight-update-tenant", "fforesight-deployment-info" ]
-            - name: RED_MANAGER
-              set-by-default: false
-              rank: 200
-              permissions: [ "red-add-update-dossier", "red-archived-dossier", "red-delete-dossier", "red-write-dossier-attributes" ]
-            - name: RED_USER_ADMIN
-              set-by-default: false
-              rank: 400
-              permissions: [ "fforesight-manage-user-preferences", "fforesight-read-all-users", "red-read-app-configuration", "fforesight-read-general-configuration",
-                             "red-read-notification", "fforesight-read-users", "fforesight-update-my-profile", "red-update-notification", "fforesight-write-users", "red-read-license" ]
-      clarifynd:
-        application-client-id: 'fforesight'
-        application-name: 'Clarifynd'
-        accessTokenLifeSpan: 3600
-        ssoSessionIdleTimeout: 86400
-        default-theme: 'clarifynd'
-        valid-redirect-uris: [ '/search/*', '/bdr-connector/*', '/sdi/*', '/tenant-user-management/*','http://localhost:4200/*', 'http://localhost:4300/*', '/ui/*' ,'/auth/*','/persistence/*', '/audit/*', '/contextual-query/*' ]
-        kc-role-mapping:
-          roles:
-            - name: FF_USER
-              set-by-default: true
-              rank: 100
-              permissions:
-                - 'fforesight-read-general-configuration'
-                - 'fforesight-manage-user-preferences'
-                - 'fforesight-read-users'
-                - 'fforesight-read-all-users'
-                - 'fforesight-update-my-profile'
-                - 'fforesight-get-tenants'
-                - 'fforesight-deployment-info'
-                - 'fforesight-read-smtp-configuration'
-                - 'fforesight-search'
-                - 'fforesight-view-document'
-                - 'fforesight-user-upload-files'
-                - 'fforesight-user-manage-files'
-                - 'fforesight-user-view-files'
-                - 'fforesight-user-manage-analysis'
-                - 'fforesight-user-view-analysis'
-                - 'fforesight-user-view-favourites'
-                - 'fforesight-user-add-to-favourites'
-                - 'fforesight-user-delete-from-favourites'
-                - 'fforesight-user-view-paragraph-tags'
-                - 'fforesight-user-add-to-paragraph-tags'
-                - 'fforesight-user-delete-from-paragraph-tags'
-                - 'fforesight-read-tag'
-                - 'fforesight-write-tag'
-                - 'fforesight-download-file'
-            - name: KNECON_ADMIN
-              set-by-default: false
-              rank: 1000
-              permissions:
-                - "red-read-license"
-                - "red-update-license"
-                - "red-get-similiar-images"
-                - "fforesight-get-tenants"
-                - "fforesight-create-tenant"
-                - "fforesight-update-tenant"
-                - "fforesight-delete-tenant"
-                - "fforesight-read-users"
-                - "fforesight-read-all-users"
-                - "fforesight-write-users"
-                - "fforesight-read-smtp-configuration"
-                - "fforesight-write-smtp-configuration"
-                - "fforesight-read-identity-provider-config"
-                - "fforesight-write-identity-provider-config"
-                - "red-unarchive-dossier"
-            - name: KNECON_SUPPORT
-              set-by-default: false
-              rank: 1000
-              permissions:
-                - "red-read-license"
-                - "red-update-license"
-                - "red-get-similiar-images"
-                - "fforesight-get-tenants"
-                - "fforesight-create-tenant"
-                - "fforesight-update-tenant"
-                - "fforesight-delete-tenant"
-                - "fforesight-read-users"
-                - "fforesight-read-all-users"
-                - "fforesight-write-users"
-                - "fforesight-read-smtp-configuration"
-                - "fforesight-write-smtp-configuration"
-                - "fforesight-read-identity-provider-config"
-                - "fforesight-write-identity-provider-config"
-                - "red-unarchive-dossier"
-            - name: FF_ADMIN
-              set-by-default: true
-              rank: 100
-              permissions:
-                - 'fforesight-read-general-configuration'
-                - 'fforesight-write-general-configuration'
-                - 'fforesight-manage-user-preferences'
-                - 'fforesight-read-users'
-                - 'fforesight-read-all-users'
-                - 'fforesight-write-users'
-                - 'fforesight-update-my-profile'
-                - 'fforesight-update-tenant'
-                - 'fforesight-create-tenant'
-                - 'fforesight-get-tenants'
-                - 'fforesight-deployment-info'
-                - 'fforesight-read-smtp-configuration'
-                - 'fforesight-write-smtp-configuration'
-                - "fforesight-read-identity-provider-config"
-                - "fforesight-write-identity-provider-config"
-                - 'fforesight-search'
-                - 'fforesight-search-audit-log'
-                - 'fforesight-view-document'
-                - 'fforesight-user-upload-files'
-                - 'fforesight-user-manage-files'
-                - 'fforesight-user-view-files'
-                - 'fforesight-user-manage-analysis'
-                - 'fforesight-user-view-analysis'
-                - 'fforesight-user-view-favourites'
-                - 'fforesight-user-add-to-favourites'
-                - 'fforesight-user-view-paragraph-tags'
-                - 'fforesight-user-add-to-paragraph-tags'
-                - 'fforesight-user-delete-from-paragraph-tags'
-                - 'fforesight-user-delete-from-favourites'
-                - 'fforesight-system-upload-files'
-                - 'fforesight-system-manage-files'
-                - 'fforesight-system-view-files'
-                - 'fforesight-system-manage-analysis'
-                - 'fforesight-system-view-analysis'
-                - 'fforesight-download-file'
-                - 'fforesight-sdi-view-task'
-                - 'fforesight-sdi-start-task'
-                - 'fforesight-sdi-stop-task'
-                - 'fforesight-read-tag'
-                - 'fforesight-write-tag'
-                - 'taas-bdr-connector-view-task'
-                - 'taas-bdr-connector-start-task'
-                - 'taas-bdr-connector-stop-task'
 springdoc:
   swagger-ui:
     path: ${fforesight.springdoc.base-path}/docs/swagger-ui

src/test/java/com/knecon/fforesight/tenantusermanagement/AbstractTenantUserManagementIntegrationTest.java

@@ -6,9 +6,7 @@ import java.util.List;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.springframework.amqp.rabbit.core.RabbitAdmin;
 import org.springframework.amqp.rabbit.core.RabbitTemplate;
-import org.springframework.amqp.rabbit.listener.RabbitListenerEndpointRegistry;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.amqp.RabbitAutoConfiguration;
@@ -28,7 +26,6 @@ import com.iqser.red.service.persistence.service.v1.api.shared.model.license.Fea
 import com.iqser.red.service.persistence.service.v1.api.shared.model.license.FeatureType;
 import com.iqser.red.service.persistence.service.v1.api.shared.model.license.License;
 import com.iqser.red.service.persistence.service.v1.api.shared.model.license.RedactionLicenseModel;
-import com.knecon.fforesight.tenantcommons.queue.TenantMessagingConfiguration;
 import com.knecon.fforesight.tenantusermanagement.client.LicenseClient;
 import com.knecon.fforesight.tenantusermanagement.feigntestclients.external.TenantsClient;
 import com.knecon.fforesight.tenantusermanagement.feigntestclients.internal.InternalTenantsClient;
@@ -60,12 +57,6 @@ public class AbstractTenantUserManagementIntegrationTest {
     protected TokenService tokenService;
     @MockBean
     protected LicenseClient licenseClient;
-    @MockBean
-    protected RabbitAdmin rabbitAdmin;
-    @MockBean
-    protected RabbitListenerEndpointRegistry rabbitListenerEndpointRegistry;
-    @MockBean
-    protected TenantMessagingConfiguration tenantMessagingConfiguration;
 
 
     @BeforeEach

src/test/java/com/knecon/fforesight/tenantusermanagement/tests/UserTest.java

@@ -29,7 +29,6 @@ import com.knecon.fforesight.tenantusermanagement.model.User;
 import com.knecon.fforesight.tenantusermanagement.permissions.ApplicationRoles;
 import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
 import com.knecon.fforesight.tenantusermanagement.service.RealmService;
-import com.knecon.fforesight.tenantusermanagement.service.TenantApplicationTypeService;
 import com.knecon.fforesight.tenantusermanagement.service.UserService;
 
 import feign.FeignException;
@@ -47,9 +46,6 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
     @Autowired
     private TenantUserManagementProperties tenantUserManagementProperties;
 
-    @Autowired
-    private TenantApplicationTypeService tenantApplicationTypeService;
-
     @Autowired
     private UserService userService;
 
@@ -87,7 +83,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
         assertThat(testUser.getLastName()).isEqualTo("updateTestLastName");
         assertThat(testUser.getFirstName()).isEqualTo("updateTestFirstName");
 
-        Set<String> allButKneconRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles()
+        Set<String> allButKneconRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles()
                 .stream()
                 .filter(ApplicationRoles::isNoKneconRole)
                 .collect(Collectors.toSet());
@@ -305,7 +301,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
         createUserRequest.setFirstName("Test");
         createUserRequest.setLastName("New User");
         createUserRequest.setUsername("TestUserName");
-        createUserRequest.setRoles(tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles());
+        createUserRequest.setRoles(tenantUserManagementProperties.getKcRoleMapping().getAllRoles());
         FeignException e = assertThrows(FeignException.class, () -> userClient.createUser(createUserRequest));
         assertEquals(400, e.status());
 
@@ -316,7 +312,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
     public void testCreateUserWithExistingUser() {
 
         TenantContext.setTenantId(AbstractTenantUserManagementIntegrationTest.TEST_TENANT_ID);
-        Set<String> allButKneconRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles()
+        Set<String> allButKneconRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles()
                 .stream()
                 .filter(ApplicationRoles::isNoKneconRole)
                 .collect(Collectors.toSet());
@@ -386,7 +382,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
         tokenService.setUser("admin@knecon.com", "secret");
 
         // different role sets and subsets
-        var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
+        var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
         Set<String> allButKneconRoles = allRoles.stream()
                 .filter(ApplicationRoles::isNoKneconRole)
                 .collect(Collectors.toSet());
@@ -618,7 +614,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
         tokenService.setUser("admin@knecon.com", "secret");
 
         // different role sets and subsets
-        var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
+        var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
 
         // create several users with different roles for testing
         var createUserRequest = new CreateUserRequest();
@@ -723,7 +719,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
         TenantContext.setTenantId(AbstractTenantUserManagementIntegrationTest.TEST_TENANT_ID);
         tokenService.setUser("admin@knecon.com", "secret");
 
-        var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
+        var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
         Set<String> allButKneconRoles = allRoles.stream()
                 .filter(ApplicationRoles::isNoKneconRole)
                 .collect(Collectors.toSet());
@@ -782,7 +778,7 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
         TenantContext.setTenantId(AbstractTenantUserManagementIntegrationTest.TEST_TENANT_ID);
         tokenService.setUser("admin@knecon.com", "secret");
 
-        var allRoles = tenantApplicationTypeService.getCurrentProperties().getKcRoleMapping().getAllRoles();
+        var allRoles = tenantUserManagementProperties.getKcRoleMapping().getAllRoles();
         Set<String> allButKneconRoles = allRoles.stream()
                 .filter(ApplicationRoles::isNoKneconRole)
                 .collect(Collectors.toSet());

src/test/java/com/knecon/fforesight/tenantusermanagement/utils/TenantSyncUtils.java

@@ -4,8 +4,6 @@ import static org.mockito.Mockito.when;
 
 import java.util.concurrent.TimeUnit;
 
-import org.junit.jupiter.api.Disabled;
-import org.junit.jupiter.api.Test;
 import org.springframework.amqp.rabbit.core.RabbitTemplate;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
@@ -15,21 +13,18 @@ import org.springframework.context.annotation.Import;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
 
-import com.knecon.fforesight.tenantcommons.TenantApplicationType;
 import com.knecon.fforesight.tenantusermanagement.AbstractTenantUserManagementIntegrationTest;
 import com.knecon.fforesight.tenantusermanagement.feigntestclients.external.TenantsClient;
 import com.knecon.fforesight.tenantusermanagement.feigntestclients.internal.InternalTenantsClient;
 import com.knecon.fforesight.tenantusermanagement.TenantUserManagementServiceApplication;
 import com.knecon.fforesight.tenantusermanagement.service.KeyCloakRoleManagerService;
 import com.knecon.fforesight.tenantusermanagement.service.RealmService;
-
 import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
 import org.jboss.resteasy.client.jaxrs.internal.ResteasyClientBuilderImpl;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.keycloak.OAuth2Constants;
 import org.keycloak.admin.client.KeycloakBuilder;
 
-@Disabled
 @ActiveProfiles(profiles = "taas")
 @ExtendWith(SpringExtension.class)
 @EnableFeignClients(basePackageClasses = {TenantsClient.class, InternalTenantsClient.class})
@@ -52,7 +47,8 @@ public class TenantSyncUtils {
     KeyCloakRoleManagerService keyCloakRoleManagerService;
 
 
-    @Test
+    //    @Test
+//    @Disabled
     public void syncTenant() {
 
         var adminClient = KeycloakBuilder.builder()
@@ -62,17 +58,17 @@ public class TenantSyncUtils {
                 .clientSecret(CLIENT_SECRET)
                 .grantType(OAuth2Constants.CLIENT_CREDENTIALS)
                 .resteasyClient(new ResteasyClientBuilderImpl().connectionTTL(2, TimeUnit.SECONDS)
-                                        .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
-                                        .connectionPoolSize(10)
-                                        .disableTrustManager()
-                                        .build())
+                        .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
+                        .connectionPoolSize(10)
+                        .disableTrustManager()
+                        .build())
                 .build();
 
         var realm = adminClient.realm(REALM);
 
         when(realmService.realm(REALM)).thenReturn(realm);
 
-        keyCloakRoleManagerService.updateRoles(REALM, TenantApplicationType.RedactManager);
+        keyCloakRoleManagerService.updateRoles(REALM);
     }
 
 }

src/test/java/com/knecon/fforesight/tenantusermanagement/utils/TestTenantService.java

@@ -11,7 +11,6 @@ import java.util.UUID;
 
 import org.springframework.stereotype.Service;
 
-import com.knecon.fforesight.tenantcommons.TenantApplicationType;
 import com.knecon.fforesight.tenantcommons.model.MongoDBConnection;
 import com.knecon.fforesight.tenantusermanagement.feigntestclients.external.TenantsClient;
 import com.knecon.fforesight.tenantcommons.TenantContext;
@@ -71,7 +70,6 @@ public class TestTenantService {
                                               .password("secret")
                                               .email("admin@knecon.com")
                                               .build()))
-                .applicationType(TenantApplicationType.RedactManager)
                 .databaseConnection(DatabaseConnection.builder()
                                             .driver("postgresql")
                                             .host(SpringPostgreSQLTestContainer.getInstance().getHost())

src/test/java/com/knecon/fforesight/tenantusermanagement/utils/TokenService.java

@@ -9,8 +9,6 @@ import org.springframework.stereotype.Service;
 
 import com.knecon.fforesight.tenantcommons.TenantContext;
 import com.knecon.fforesight.tenantusermanagement.properties.TenantUserManagementProperties;
-import com.knecon.fforesight.tenantusermanagement.service.TenantApplicationTypeService;
-
 import jakarta.ws.rs.BadRequestException;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
@@ -26,8 +24,6 @@ public class TokenService {
 
     @Autowired
     private TenantUserManagementProperties tenantUserManagementProperties;
-    @Autowired
-    private TenantApplicationTypeService tenantApplicationTypeService;
     private String username;
     private String password;
     private String accessToken;
@@ -58,7 +54,7 @@ public class TokenService {
                 .realm(TenantContext.getTenantId())
                 .username(username)
                 .password(password)
-                .clientId(tenantApplicationTypeService.getCurrentProperties().getApplicationClientId())
+                .clientId(tenantUserManagementProperties.getApplicationClientId())
                 .grantType(OAuth2Constants.PASSWORD)
                 .resteasyClient(new ResteasyClientBuilderImpl().connectionTTL(2, TimeUnit.SECONDS)
                         .hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY)

src/test/resources/application.yaml

@@ -0,0 +1,198 @@
+server:
+  port: 28181
+
+persistence-service.url: "http://persistence-service-v1:8090"
+
+management:
+  endpoint:
+    metrics.enabled: ${monitoring.enabled:false}
+    prometheus.enabled: ${monitoring.enabled:false}
+    health.enabled: true
+  endpoints.web.exposure.include: prometheus, health, metrics
+  metrics.export.prometheus.enabled: ${monitoring.enabled:false}
+
+info:
+  description: Tenant User Management Service
+
+
+spring:
+  datasource:
+    url: jdbc:postgresql://${PSQL_HOST:localhost}:${PSQL_PORT:5432}/${PSQL_DATABASE:master}?cachePrepStmts=true&useServerPrepStmts=true&rewriteBatchedStatements=true
+    driverClassName: org.postgresql.Driver
+    username: ${PSQL_USERNAME:fforesight}
+    password: ${PSQL_PASSWORD:fforesight}
+    platform: org.hibernate.dialect.PostgreSQL95Dialect
+    hikari:
+      maximumPoolSize: 10
+      minimum-idle: 2
+      data-source-properties:
+        cachePrepStmts: true
+        prepStmtCacheSize: 1000
+        prepStmtCacheSqlLimit: 2048
+  jackson:
+    serialization:
+      write-dates-as-timestamps: false
+    deserialization:
+      accept-single-value-as-array: true
+  main:
+    allow-bean-definition-overriding: true
+    allow-circular-references: true
+  jpa:
+    open-in-view: true
+    database-platform: org.hibernate.dialect.PostgreSQL95Dialect
+    hibernate:
+      ddl-auto: none
+      naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
+    properties:
+      hibernate:
+        jdbc:
+          batch_size: 1000
+          order_inserts: true
+          order_updates: true
+  cache:
+    type: redis
+  mvc:
+    pathmatch:
+      matching-strategy: ant-path-matcher
+  redis:
+    host: ${REDIS_HOST:localhost}
+    port: ${REDIS_PORT:6379}
+    password: ${REDIS_PASSWORD:}
+
+
+  rabbitmq:
+    host: ${RABBITMQ_HOST:localhost}
+    port: ${RABBITMQ_PORT:5672}
+    username: ${RABBITMQ_USERNAME:user}
+    password: ${RABBITMQ_PASSWORD:rabbitmq}
+    listener:
+      simple:
+        acknowledge-mode: AUTO
+        concurrency: 5
+        retry:
+          enabled: true
+          max-attempts: 3
+          max-interval: 15000
+        prefetch: 1
+
+  liquibase:
+    change-log: classpath:/db/changelog/db.changelog-master.yaml
+    enabled: true
+  application:
+    name: tenant-user-management
+  data:
+    redis:
+      host: ${REDIS_HOST:localhost}
+      port: ${REDIS_PORT:6379}
+      password: ${REDIS_PASSWORD:}
+fforesight:
+  keycloak:
+    ignored-endpoints: [ '/actuator/health', '/tenant-user-management','/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs' ]
+    enabled: true
+  springdoc:
+    base-path: '/tenant-user-management'
+    auth-server-url: '/auth'
+    enabled: true
+    default-client-id: 'swagger-ui-client'
+    default-tenant: 'fforesight'
+  tenant-exchange:
+    name: 'tenants-exchange'
+  user-exchange:
+    name: 'users-exchange'
+  tenant-user-management:
+    base-path: '/tenant-user-management'
+    realm: master
+    server-url: http://localhost:28181
+    client-secret: adminClientSecret
+    client-id: adminClient
+    login-theme: redaction
+    kc-role-mapping:
+      roles:
+        - name: SUPER_USER
+          set-by-default: true
+          rank: 100
+          permissions:
+            - 'fforesight-read-general-configuration'
+            - 'fforesight-write-general-configuration'
+            - 'fforesight-manage-user-preferences'
+            - 'fforesight-read-users'
+            - 'fforesight-read-all-users'
+            - 'fforesight-write-users'
+            - 'fforesight-update-my-profile'
+            - 'fforesight-create-tenant'
+            - 'fforesight-get-tenants'
+            - 'fforesight-update-tenant'
+            - 'fforesight-deployment-info'
+            - 'fforesight-read-smtp-configuration'
+            - 'fforesight-write-smtp-configuration'
+            - 'fforesight-read-identity-provider-config'
+            - 'fforesight-write-identity-provider-config'
+        - name: LESS_SUPER_USER
+          set-by-default: true
+          rank: 10
+          permissions:
+            - 'fforesight-read-general-configuration'
+            - 'fforesight-write-general-configuration'
+            - 'fforesight-manage-user-preferences'
+            - 'fforesight-read-users'
+            - 'fforesight-read-all-users'
+            - 'fforesight-write-users'
+            - 'fforesight-update-my-profile'
+            - 'fforesight-create-tenant'
+            - 'fforesight-get-tenants'
+            - 'fforesight-update-tenant'
+            - 'fforesight-deployment-info'
+            - 'fforesight-read-smtp-configuration'
+            - 'fforesight-write-smtp-configuration'
+            - 'fforesight-read-identity-provider-config'
+            - 'fforesight-write-identity-provider-config'
+        - name: KNECON_ADMIN
+          set-by-default: true
+          rank: 1000
+          permissions:
+            - 'fforesight-read-general-configuration'
+            - 'fforesight-write-general-configuration'
+            - 'fforesight-manage-user-preferences'
+            - 'fforesight-read-users'
+            - 'fforesight-read-all-users'
+            - 'fforesight-write-users'
+            - 'fforesight-update-my-profile'
+            - 'fforesight-create-tenant'
+            - 'fforesight-get-tenants'
+            - 'fforesight-update-tenant'
+            - 'fforesight-deployment-info'
+            - 'fforesight-read-smtp-configuration'
+            - 'fforesight-write-smtp-configuration'
+            - 'fforesight-read-identity-provider-config'
+            - 'fforesight-write-identity-provider-config'
+        - name: KNECON_SUPPORT
+          set-by-default: true
+          rank: 1000
+          permissions:
+            - 'fforesight-read-general-configuration'
+            - 'fforesight-write-general-configuration'
+            - 'fforesight-manage-user-preferences'
+            - 'fforesight-read-users'
+            - 'fforesight-read-all-users'
+            - 'fforesight-write-users'
+            - 'fforesight-update-my-profile'
+            - 'fforesight-create-tenant'
+            - 'fforesight-get-tenants'
+            - 'fforesight-update-tenant'
+            - 'fforesight-deployment-info'
+            - 'fforesight-read-smtp-configuration'
+            - 'fforesight-write-smtp-configuration'
+            - 'fforesight-read-identity-provider-config'
+            - 'fforesight-write-identity-provider-config'
+    access-token-life-span: 86400
+    application-name: tenant-user-management
+    application-client-id: tenant-user-management
+    swagger-client-secret: 'testSecret123!'
+    app-prefix: 'fforesight'
+
+storage:
+  backend: both
+
+cors.enabled: true
+springdoc:
+  packages-to-scan: [ 'com.knecon.fforesight.tenantusermanagement.controller.external' ]

src/test/resources/application.yml

@@ -1,203 +0,0 @@
-server:
-  port: 28181
-
-persistence-service.url: "http://persistence-service-v1:8090"
-
-management:
-  endpoint:
-    metrics.enabled: ${monitoring.enabled:false}
-    prometheus.enabled: ${monitoring.enabled:false}
-    health.enabled: true
-  endpoints.web.exposure.include: prometheus, health, metrics
-  metrics.export.prometheus.enabled: ${monitoring.enabled:false}
-
-info:
-  description: Tenant User Management Service
-
-lifecycle:
-  base-package: com.knecon.fforesight.tenantusermanagement
-
-spring:
-  datasource:
-    url: jdbc:postgresql://${PSQL_HOST:localhost}:${PSQL_PORT:5432}/${PSQL_DATABASE:master}?cachePrepStmts=true&useServerPrepStmts=true&rewriteBatchedStatements=true
-    driverClassName: org.postgresql.Driver
-    username: ${PSQL_USERNAME:fforesight}
-    password: ${PSQL_PASSWORD:fforesight}
-    platform: org.hibernate.dialect.PostgreSQL10Dialect
-    hikari:
-      maximumPoolSize: 10
-      minimum-idle: 2
-      data-source-properties:
-        cachePrepStmts: true
-        prepStmtCacheSize: 1000
-        prepStmtCacheSqlLimit: 2048
-  jackson:
-    serialization:
-      write-dates-as-timestamps: false
-    deserialization:
-      accept-single-value-as-array: true
-  main:
-    allow-bean-definition-overriding: true
-    allow-circular-references: true
-  jpa:
-    open-in-view: true
-    database-platform: org.hibernate.dialect.PostgreSQL10Dialect
-    hibernate:
-      ddl-auto: none
-      naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
-    properties:
-      hibernate:
-        jdbc:
-          batch_size: 1000
-          order_inserts: true
-          order_updates: true
-  cache:
-    type: redis
-  mvc:
-    pathmatch:
-      matching-strategy: ant-path-matcher
-  redis:
-    host: ${REDIS_HOST:localhost}
-    port: ${REDIS_PORT:6379}
-    password: ${REDIS_PASSWORD:}
-
-
-  rabbitmq:
-    host: ${RABBITMQ_HOST:localhost}
-    port: ${RABBITMQ_PORT:5672}
-    username: ${RABBITMQ_USERNAME:user}
-    password: ${RABBITMQ_PASSWORD:rabbitmq}
-    listener:
-      simple:
-        acknowledge-mode: AUTO
-        concurrency: 5
-        retry:
-          enabled: true
-          max-attempts: 3
-          max-interval: 15000
-        prefetch: 1
-
-  liquibase:
-    change-log: classpath:/db/changelog/db.changelog-master.yaml
-    enabled: true
-  application:
-    name: tenant-user-management
-  data:
-    redis:
-      host: ${REDIS_HOST:localhost}
-      port: ${REDIS_PORT:6379}
-      password: ${REDIS_PASSWORD:}
-
-fforesight:
-  keycloak:
-    ignored-endpoints: [ '/actuator/health', '/tenant-user-management','/internal/**','/tenant-user-management/docs/**','/tenant-user-management/docs' ]
-    enabled: true
-  springdoc:
-    base-path: '/tenant-user-management'
-    auth-server-url: '/auth'
-    enabled: true
-    default-client-id: 'swagger-ui-client'
-    default-tenant: 'fforesight'
-  tenant-exchange:
-    name: 'tenants-exchange'
-  user-exchange:
-    name: 'users-exchange'
-  tenant-user-management:
-    base-path: '/tenant-user-management'
-    server-url: http://localhost:28181
-    realm: master
-    client-secret: adminClientSecret
-    client-id: adminClient
-    swagger-client-secret: 'testSecret123!'
-    application-types:
-      redactmanager:
-        login-theme: redaction
-        kc-role-mapping:
-          roles:
-            - name: SUPER_USER
-              set-by-default: true
-              rank: 100
-              permissions:
-                - 'fforesight-read-general-configuration'
-                - 'fforesight-write-general-configuration'
-                - 'fforesight-manage-user-preferences'
-                - 'fforesight-read-users'
-                - 'fforesight-read-all-users'
-                - 'fforesight-write-users'
-                - 'fforesight-update-my-profile'
-                - 'fforesight-create-tenant'
-                - 'fforesight-get-tenants'
-                - 'fforesight-update-tenant'
-                - 'fforesight-deployment-info'
-                - 'fforesight-read-smtp-configuration'
-                - 'fforesight-write-smtp-configuration'
-                - 'fforesight-read-identity-provider-config'
-                - 'fforesight-write-identity-provider-config'
-            - name: LESS_SUPER_USER
-              set-by-default: true
-              rank: 10
-              permissions:
-                - 'fforesight-read-general-configuration'
-                - 'fforesight-write-general-configuration'
-                - 'fforesight-manage-user-preferences'
-                - 'fforesight-read-users'
-                - 'fforesight-read-all-users'
-                - 'fforesight-write-users'
-                - 'fforesight-update-my-profile'
-                - 'fforesight-create-tenant'
-                - 'fforesight-get-tenants'
-                - 'fforesight-update-tenant'
-                - 'fforesight-deployment-info'
-                - 'fforesight-read-smtp-configuration'
-                - 'fforesight-write-smtp-configuration'
-                - 'fforesight-read-identity-provider-config'
-                - 'fforesight-write-identity-provider-config'
-            - name: KNECON_ADMIN
-              set-by-default: true
-              rank: 1000
-              permissions:
-                - 'fforesight-read-general-configuration'
-                - 'fforesight-write-general-configuration'
-                - 'fforesight-manage-user-preferences'
-                - 'fforesight-read-users'
-                - 'fforesight-read-all-users'
-                - 'fforesight-write-users'
-                - 'fforesight-update-my-profile'
-                - 'fforesight-create-tenant'
-                - 'fforesight-get-tenants'
-                - 'fforesight-update-tenant'
-                - 'fforesight-deployment-info'
-                - 'fforesight-read-smtp-configuration'
-                - 'fforesight-write-smtp-configuration'
-                - 'fforesight-read-identity-provider-config'
-                - 'fforesight-write-identity-provider-config'
-            - name: KNECON_SUPPORT
-              set-by-default: true
-              rank: 1000
-              permissions:
-                - 'fforesight-read-general-configuration'
-                - 'fforesight-write-general-configuration'
-                - 'fforesight-manage-user-preferences'
-                - 'fforesight-read-users'
-                - 'fforesight-read-all-users'
-                - 'fforesight-write-users'
-                - 'fforesight-update-my-profile'
-                - 'fforesight-create-tenant'
-                - 'fforesight-get-tenants'
-                - 'fforesight-update-tenant'
-                - 'fforesight-deployment-info'
-                - 'fforesight-read-smtp-configuration'
-                - 'fforesight-write-smtp-configuration'
-                - 'fforesight-read-identity-provider-config'
-                - 'fforesight-write-identity-provider-config'
-        access-token-life-span: 86400
-        application-name: tenant-user-management
-        application-client-id: tenant-user-management
-        app-prefix: 'fforesight'
-
-storage:
-  backend: both
-
-cors.enabled: true
-springdoc:
-  packages-to-scan: [ 'com.knecon.fforesight.tenantusermanagement.controller.external' ]