Merge branch 'develop' into stable

2025-05-05 18:18:53 -04:00
parent 0b032f1f7f d631cc5f12
commit 55619d6b4a
5 changed files with 20 additions and 14 deletions
--- a/README.md
+++ b/README.md
@@ -61,7 +61,7 @@ The following properties provide the core functionality of this extension.  That

 | Property                                       | Default   | Description |
 | ---------------------------------------------- | --------- | ----------- |
-| `auth-ext.sync.externalId`                     | `oauth`   | This will serve as the external ID for users and as the prefix for the external ID of groups created by this extension. |
+| `auth-ext.externalId`                          | `oauth`   | This will serve as the external ID for users and as the prefix for the external ID of groups created by this extension. |
 | `auth-ext.tenant`                              |           | A preselected tenant for all operations in this extension.  Only required if there are multiple tenants. |
 | `auth-ext.sync.user.createMissing`             | `true`    | If the user is authenticated, the user may be created in APS. |
 | `auth-ext.sync.user.requireGroup`              |           | This is only applicable when `createMissing` is `true`.  If this is unset or the OAuth Authorization Server gives the user the specified group/role, then the user record will be created in APS. |
--- a/pom.xml
+++ b/pom.xml
@@ -47,7 +47,6 @@
 		<tomcat-rad.version>10-2.2</tomcat-rad.version>
 		<aps.tomcat.opts.base>-Dspring.main.allow-circular-references=true \
 			-Dhibernate.dialect=org.hibernate.dialect.PostgreSQLDialect \
-			-Dauth-ext.oauth.enabled=true \
 			-Dauth-ext.external.id=keycloak \
 			-Dauth-ext.sync.group.translate.patterns=aps-admin \
 			-Dauth-ext.sync.group.translate.replacements=Superusers \
@@ -92,6 +91,12 @@
 				</exclusion>
 			</exclusions>
 		</dependency>
+		<dependency>
+			<groupId>com.inteligr8.activiti</groupId>
+			<artifactId>multiext-activiti-app-ext</artifactId>
+			<version>1.0.0</version>
+			<scope>runtime</scope>
+		</dependency>
 	</dependencies>
 	
 	<build>
--- a/src/main/java/com/inteligr8/activiti/auth/ActivitiAppAdministratorGroupFixer.java
+++ b/src/main/java/com/inteligr8/activiti/auth/ActivitiAppAdministratorGroupFixer.java
@@ -64,7 +64,7 @@ public class ActivitiAppAdministratorGroupFixer implements DataFixer {
    @Value("${auth-ext.group.admins.name:Superusers}")
    private String adminGroupName;
    
-    @Value("${auth-ext.sync.externalId:oauth}")
+    @Value("${auth-ext.externalId:oauth}")
    protected String externalIdmSource;
    
    @Value("${auth-ext.group.admins.validate:false}")
--- a/src/main/java/com/inteligr8/activiti/auth/service/GroupSyncService.java
+++ b/src/main/java/com/inteligr8/activiti/auth/service/GroupSyncService.java
@@ -56,7 +56,7 @@ public class GroupSyncService {
    @Autowired
    private TenantFinderService tenantFinderService;
    
-    @Value("${auth-ext.sync.externalId:oauth}")
+    @Value("${auth-ext.externalId:oauth}")
    protected String externalIdmSource;

    @Value("${auth-ext.sync.group.createMissing:true}")
@@ -182,6 +182,9 @@ public class GroupSyncService {
            } else {
                String oidcGroup = this.apsGroupNameToOidcGroup(group.getName());

+                if (oidcGroups.remove(oidcGroup)) {
+                    this.logger.trace("User already belongs to APS group mapped to by OIDC group: {}: {} => {}", user.getExternalId(), oidcGroup, group.getName());
+                    
                    if (this.externalizeMatchingInternalGroups) {
                        this.logger.warn("Classifying internal APS group as external: {} => {}", group.getName(), this.externalIdmSource);
                        // register the group as external
@@ -191,8 +194,6 @@ public class GroupSyncService {
                        // internal role already existed and the user is already a member
                    }
                    
-                if (oidcGroups.remove(oidcGroup)) {
-                    this.logger.trace("User already belongs to APS group mapped to by OIDC group: {}: {} => {}", user.getExternalId(), oidcGroup, group.getName());
                    continue;
                } else if (!this.syncInternalGroups) {
                    this.logger.trace("Internal APS group membership sync disabled; not considering removal of user from APS group: {} => {}", user.getExternalId(), group.getName());
--- a/src/main/java/com/inteligr8/activiti/auth/service/UserSyncService.java
+++ b/src/main/java/com/inteligr8/activiti/auth/service/UserSyncService.java
@@ -36,7 +36,7 @@ public class UserSyncService {
    @Autowired
    private TenantFinderService tenantFinderService;
    
-    @Value("${auth-ext.sync.externalId:oauth}")
+    @Value("${auth-ext.externalId:oauth}")
    protected String externalIdmSource;
    
    @Value("${auth-ext.sync.user.createMissing:true}")