Merge branch 'develop' into stable
This commit is contained in:
@@ -67,6 +67,9 @@ public class Inteligr8SecurityConfigurationRegistry implements AlfrescoSecurityC
|
|||||||
@Autowired(required = false)
|
@Autowired(required = false)
|
||||||
private GroupService groupService;
|
private GroupService groupService;
|
||||||
|
|
||||||
|
@Value("${keycloak-ext.tenant:#{null}}")
|
||||||
|
private String tenant;
|
||||||
|
|
||||||
@Value("${keycloak-ext.default.admins.users:#{null}}")
|
@Value("${keycloak-ext.default.admins.users:#{null}}")
|
||||||
private String adminUserStrs;
|
private String adminUserStrs;
|
||||||
|
|
||||||
@@ -107,11 +110,15 @@ public class Inteligr8SecurityConfigurationRegistry implements AlfrescoSecurityC
|
|||||||
if (this.groupService == null)
|
if (this.groupService == null)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
Long tenantId = this.findDefaultTenantId();
|
List<Object[]> tenantObjs = this.tenantService.getAllTenants();
|
||||||
if (tenantId != null) {
|
for (Object[] tenantObj : tenantObjs) {
|
||||||
// not first boot
|
Long tenantId = (Long)tenantObj[0];
|
||||||
this.logger.trace("Functional groups: {}", this.toGroupNames(this.groupService.getFunctionalGroups(tenantId)));
|
if (tenantId != null) {
|
||||||
this.logger.trace("System groups: {}", this.toGroupNames(this.groupService.getSystemGroups(tenantId)));
|
Tenant tenant = this.tenantService.getTenant(tenantId);
|
||||||
|
this.logger.trace("Tenant: {} => {}", tenantId, tenant.getName());
|
||||||
|
this.logger.trace("Functional groups: {}", this.toGroupNames(this.groupService.getFunctionalGroups(tenantId)));
|
||||||
|
this.logger.trace("System groups: {}", this.toGroupNames(this.groupService.getSystemGroups(tenantId)));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -119,7 +126,7 @@ public class Inteligr8SecurityConfigurationRegistry implements AlfrescoSecurityC
|
|||||||
if (this.groupService == null)
|
if (this.groupService == null)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
Long tenantId = this.findDefaultTenantId();
|
Long tenantId = this.findTenantId();
|
||||||
Group group = this.groupService.getGroupByExternalIdAndTenantId(this.adminGroupExternalId, tenantId);
|
Group group = this.groupService.getGroupByExternalIdAndTenantId(this.adminGroupExternalId, tenantId);
|
||||||
if (group == null) {
|
if (group == null) {
|
||||||
List<Group> groups = this.groupService.getGroupByNameAndTenantId(this.adminGroupName, tenantId);
|
List<Group> groups = this.groupService.getGroupByNameAndTenantId(this.adminGroupName, tenantId);
|
||||||
@@ -156,23 +163,30 @@ public class Inteligr8SecurityConfigurationRegistry implements AlfrescoSecurityC
|
|||||||
if (adminUsers.isEmpty())
|
if (adminUsers.isEmpty())
|
||||||
return;
|
return;
|
||||||
|
|
||||||
Long tenantId = this.findDefaultTenantId();
|
Long tenantId = this.findTenantId();
|
||||||
List<Group> groups = this.groupService.getSystemGroupWithName("Administrators", tenantId);
|
List<Group> groups;
|
||||||
|
Group group1 = this.groupService.getGroupByExternalIdAndTenantId(this.adminGroupExternalId, tenantId);
|
||||||
|
if (group1 != null) {
|
||||||
|
groups = Arrays.asList(group1);
|
||||||
|
} else {
|
||||||
|
groups = this.groupService.getGroupByNameAndTenantId(this.adminGroupName, tenantId);
|
||||||
|
}
|
||||||
|
this.logger.debug("Found {} admin group(s)", groups.size());
|
||||||
|
|
||||||
for (String email : adminUsers) {
|
for (String email : adminUsers) {
|
||||||
User user = this.userService.findUserByEmail(email);
|
User user = this.userService.findUserByEmail(email);
|
||||||
|
|
||||||
this.logger.debug("Adding {} to {}", user.getEmail(), "Administrators");
|
this.logger.debug("Adding {} to admin group(s)", user.getEmail());
|
||||||
for (Group group : groups)
|
for (Group group : groups)
|
||||||
this.groupService.addUserToGroup(group, user);
|
this.groupService.addUserToGroup(group, user);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private Long findDefaultTenantId() {
|
private Long findTenantId() {
|
||||||
String defaultTenantName = this.licenseService.getDefaultTenantName();
|
String tenantName = this.tenant == null ? this.licenseService.getDefaultTenantName() : this.tenant;
|
||||||
this.logger.trace("Default Tenant: {}", defaultTenantName);
|
this.logger.trace("Using Tenant: {}", tenantName);
|
||||||
|
|
||||||
List<Tenant> tenants = this.tenantService.findTenantsByName(defaultTenantName);
|
List<Tenant> tenants = this.tenantService.findTenantsByName(tenantName);
|
||||||
if (tenants == null || tenants.isEmpty()) {
|
if (tenants == null || tenants.isEmpty()) {
|
||||||
this.logger.warn("Default tenant not found");
|
this.logger.warn("Default tenant not found");
|
||||||
return null;
|
return null;
|
||||||
|
|||||||
@@ -61,6 +61,9 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
|
|||||||
@Autowired
|
@Autowired
|
||||||
private GroupService groupService;
|
private GroupService groupService;
|
||||||
|
|
||||||
|
@Value("${keycloak-ext.tenant:#{null}}")
|
||||||
|
private String tenant;
|
||||||
|
|
||||||
@Value("${keycloak-ext.external.id:ais}")
|
@Value("${keycloak-ext.external.id:ais}")
|
||||||
protected String externalIdmSource;
|
protected String externalIdmSource;
|
||||||
|
|
||||||
@@ -81,7 +84,7 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public void preAuthenticate(Authentication auth) throws AuthenticationException {
|
public void preAuthenticate(Authentication auth) throws AuthenticationException {
|
||||||
Long tenantId = this.findDefaultTenantId();
|
Long tenantId = this.findTenantId();
|
||||||
this.logger.trace("Tenant ID: {}", tenantId);
|
this.logger.trace("Tenant ID: {}", tenantId);
|
||||||
|
|
||||||
User user = this.findUser(auth, tenantId);
|
User user = this.findUser(auth, tenantId);
|
||||||
@@ -122,20 +125,20 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public void postAuthenticate(Authentication auth) throws AuthenticationException {
|
public void postAuthenticate(Authentication auth) throws AuthenticationException {
|
||||||
Long tenantId = this.findDefaultTenantId();
|
Long tenantId = this.findTenantId();
|
||||||
User user = this.findUser(auth, tenantId);
|
User user = this.findUser(auth, tenantId);
|
||||||
this.logger.debug("Inspecting user: {} => {}", user.getId(), user.getExternalId());
|
this.logger.debug("Inspecting user: {} => {}", user.getId(), user.getExternalId());
|
||||||
|
|
||||||
this.syncUserRoles(user, auth, tenantId);
|
this.syncUserRoles(user, auth, tenantId);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Long findDefaultTenantId() {
|
private Long findTenantId() {
|
||||||
String defaultTenantName = this.licenseService.getDefaultTenantName();
|
String tenantName = this.tenant == null ? this.licenseService.getDefaultTenantName() : this.tenant;
|
||||||
this.logger.trace("Default Tenant: {}", defaultTenantName);
|
this.logger.trace("Using Tenant: {}", tenantName);
|
||||||
|
|
||||||
List<Tenant> tenants = this.tenantService.findTenantsByName(defaultTenantName);
|
List<Tenant> tenants = this.tenantService.findTenantsByName(tenantName);
|
||||||
if (tenants == null || tenants.isEmpty()) {
|
if (tenants == null || tenants.isEmpty()) {
|
||||||
this.logger.warn("Default tenant not found");
|
this.logger.warn("Tenant not found: {}", tenantName);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -193,8 +196,18 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
|
|||||||
this.logger.trace("Inspecting group: {} => {} ({})", group.getId(), group.getName(), group.getExternalId());
|
this.logger.trace("Inspecting group: {} => {} ({})", group.getId(), group.getName(), group.getExternalId());
|
||||||
|
|
||||||
if (group.getExternalId() != null && this.removeMapEntriesByValue(roles, this.apsGroupExternalIdToKeycloakRole(group.getExternalId()))) {
|
if (group.getExternalId() != null && this.removeMapEntriesByValue(roles, this.apsGroupExternalIdToKeycloakRole(group.getExternalId()))) {
|
||||||
|
if (group.getTenantId() == null) {
|
||||||
|
// fix stray groups
|
||||||
|
group.setTenantId(tenantId);
|
||||||
|
group.setLastUpdate(new Date());
|
||||||
|
this.groupService.save(group);
|
||||||
|
}
|
||||||
// role already existed and the user is already a member
|
// role already existed and the user is already a member
|
||||||
} else if (group.getExternalId() == null && roles.remove(this.apsGroupNameToKeycloakRole(group.getName())) != null) {
|
} else if (group.getExternalId() == null && roles.remove(this.apsGroupNameToKeycloakRole(group.getName())) != null) {
|
||||||
|
// register the group as external
|
||||||
|
group.setExternalId(this.keycloakRoleToApsGroupExternalId(this.apsGroupNameToKeycloakRole(group.getName())));
|
||||||
|
group.setLastUpdate(new Date());
|
||||||
|
this.groupService.save(group);
|
||||||
// internal role already existed and the user is already a member
|
// internal role already existed and the user is already a member
|
||||||
} else {
|
} else {
|
||||||
// at this point, we have a group that the user does not have a corresponding role for
|
// at this point, we have a group that the user does not have a corresponding role for
|
||||||
|
|||||||
Reference in New Issue
Block a user