inteligr8/auth-activiti-app-ext
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'develop' into stable

Browse Source
This commit is contained in:
Brian Long
2025-05-05 18:18:53 -04:00
parent 0b032f1f7f d631cc5f12
commit 55619d6b4a
5 changed files with 20 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -61,7 +61,7 @@ The following properties provide the core functionality of this extension. That
| Property | Default | Description | | Property | Default | Description |
| ---------------------------------------------- | --------- | ----------- | | ---------------------------------------------- | --------- | ----------- |
| `auth-ext.sync.externalId` | `oauth` | This will serve as the external ID for users and as the prefix for the external ID of groups created by this extension. | | `auth-ext.externalId` | `oauth` | This will serve as the external ID for users and as the prefix for the external ID of groups created by this extension. |
| `auth-ext.tenant` | | A preselected tenant for all operations in this extension. Only required if there are multiple tenants. | | `auth-ext.tenant` | | A preselected tenant for all operations in this extension. Only required if there are multiple tenants. |
| `auth-ext.sync.user.createMissing` | `true` | If the user is authenticated, the user may be created in APS. | | `auth-ext.sync.user.createMissing` | `true` | If the user is authenticated, the user may be created in APS. |
| `auth-ext.sync.user.requireGroup` | | This is only applicable when `createMissing` is `true`. If this is unset or the OAuth Authorization Server gives the user the specified group/role, then the user record will be created in APS. | | `auth-ext.sync.user.requireGroup` | | This is only applicable when `createMissing` is `true`. If this is unset or the OAuth Authorization Server gives the user the specified group/role, then the user record will be created in APS. |

7
pom.xml
View File

@@ -47,7 +47,6 @@
<tomcat-rad.version>10-2.2</tomcat-rad.version> <tomcat-rad.version>10-2.2</tomcat-rad.version>
<aps.tomcat.opts.base>-Dspring.main.allow-circular-references=true \ <aps.tomcat.opts.base>-Dspring.main.allow-circular-references=true \
-Dhibernate.dialect=org.hibernate.dialect.PostgreSQLDialect \ -Dhibernate.dialect=org.hibernate.dialect.PostgreSQLDialect \
-Dauth-ext.oauth.enabled=true \
-Dauth-ext.external.id=keycloak \ -Dauth-ext.external.id=keycloak \
-Dauth-ext.sync.group.translate.patterns=aps-admin \ -Dauth-ext.sync.group.translate.patterns=aps-admin \
-Dauth-ext.sync.group.translate.replacements=Superusers \ -Dauth-ext.sync.group.translate.replacements=Superusers \
@@ -92,6 +91,12 @@
</exclusion> </exclusion>
</exclusions> </exclusions>
</dependency> </dependency>
<dependency>
<groupId>com.inteligr8.activiti</groupId>
<artifactId>multiext-activiti-app-ext</artifactId>
<version>1.0.0</version>
<scope>runtime</scope>
</dependency>
</dependencies> </dependencies>
<build> <build>

2
src/main/java/com/inteligr8/activiti/auth/ActivitiAppAdministratorGroupFixer.java
View File

@@ -64,7 +64,7 @@ public class ActivitiAppAdministratorGroupFixer implements DataFixer {
@Value("${auth-ext.group.admins.name:Superusers}") @Value("${auth-ext.group.admins.name:Superusers}")
private String adminGroupName; private String adminGroupName;
@Value("${auth-ext.sync.externalId:oauth}") @Value("${auth-ext.externalId:oauth}")
protected String externalIdmSource; protected String externalIdmSource;
@Value("${auth-ext.group.admins.validate:false}") @Value("${auth-ext.group.admins.validate:false}")

21
src/main/java/com/inteligr8/activiti/auth/service/GroupSyncService.java
View File

@@ -56,7 +56,7 @@ public class GroupSyncService {
@Autowired @Autowired
private TenantFinderService tenantFinderService; private TenantFinderService tenantFinderService;
@Value("${auth-ext.sync.externalId:oauth}") @Value("${auth-ext.externalId:oauth}")
protected String externalIdmSource; protected String externalIdmSource;
@Value("${auth-ext.sync.group.createMissing:true}") @Value("${auth-ext.sync.group.createMissing:true}")
@@ -181,18 +181,19 @@ public class GroupSyncService {
} }
} else { } else {
String oidcGroup = this.apsGroupNameToOidcGroup(group.getName()); String oidcGroup = this.apsGroupNameToOidcGroup(group.getName());
if (this.externalizeMatchingInternalGroups) {
this.logger.warn("Classifying internal APS group as external: {} => {}", group.getName(), this.externalIdmSource);
// register the group as external
group.setExternalId(this.oidcGroupToApsGroupExternalId(oidcGroup));
group.setLastUpdate(new Date());
this.groupService.save(group);
// internal role already existed and the user is already a member
}
if (oidcGroups.remove(oidcGroup)) { if (oidcGroups.remove(oidcGroup)) {
this.logger.trace("User already belongs to APS group mapped to by OIDC group: {}: {} => {}", user.getExternalId(), oidcGroup, group.getName()); this.logger.trace("User already belongs to APS group mapped to by OIDC group: {}: {} => {}", user.getExternalId(), oidcGroup, group.getName());
if (this.externalizeMatchingInternalGroups) {
this.logger.warn("Classifying internal APS group as external: {} => {}", group.getName(), this.externalIdmSource);
// register the group as external
group.setExternalId(this.oidcGroupToApsGroupExternalId(oidcGroup));
group.setLastUpdate(new Date());
this.groupService.save(group);
// internal role already existed and the user is already a member
}
continue; continue;
} else if (!this.syncInternalGroups) { } else if (!this.syncInternalGroups) {
this.logger.trace("Internal APS group membership sync disabled; not considering removal of user from APS group: {} => {}", user.getExternalId(), group.getName()); this.logger.trace("Internal APS group membership sync disabled; not considering removal of user from APS group: {} => {}", user.getExternalId(), group.getName());

2
src/main/java/com/inteligr8/activiti/auth/service/UserSyncService.java
View File

@@ -36,7 +36,7 @@ public class UserSyncService {
@Autowired @Autowired
private TenantFinderService tenantFinderService; private TenantFinderService tenantFinderService;
@Value("${auth-ext.sync.externalId:oauth}") @Value("${auth-ext.externalId:oauth}")
protected String externalIdmSource; protected String externalIdmSource;
@Value("${auth-ext.sync.user.createMissing:true}") @Value("${auth-ext.sync.user.createMissing:true}")