inteligr8/auth-activiti-app-ext
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

externalize only groups that the user should belong to

Browse Source
This commit is contained in:
Brian Long
2025-05-05 13:38:50 -04:00
parent 0a10b06cc8
commit d631cc5f12
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pom.xml
View File

@@ -47,7 +47,6 @@
<tomcat-rad.version>10-2.2</tomcat-rad.version> <tomcat-rad.version>10-2.2</tomcat-rad.version>
<aps.tomcat.opts.base>-Dspring.main.allow-circular-references=true \ <aps.tomcat.opts.base>-Dspring.main.allow-circular-references=true \
-Dhibernate.dialect=org.hibernate.dialect.PostgreSQLDialect \ -Dhibernate.dialect=org.hibernate.dialect.PostgreSQLDialect \
-Dauth-ext.oauth.enabled=true \
-Dauth-ext.external.id=keycloak \ -Dauth-ext.external.id=keycloak \
-Dauth-ext.sync.group.translate.patterns=aps-admin \ -Dauth-ext.sync.group.translate.patterns=aps-admin \
-Dauth-ext.sync.group.translate.replacements=Superusers \ -Dauth-ext.sync.group.translate.replacements=Superusers \

5
src/main/java/com/inteligr8/activiti/auth/service/GroupSyncService.java
View File

@@ -182,6 +182,9 @@ public class GroupSyncService {
} else { } else {
String oidcGroup = this.apsGroupNameToOidcGroup(group.getName()); String oidcGroup = this.apsGroupNameToOidcGroup(group.getName());
if (oidcGroups.remove(oidcGroup)) {
this.logger.trace("User already belongs to APS group mapped to by OIDC group: {}: {} => {}", user.getExternalId(), oidcGroup, group.getName());
if (this.externalizeMatchingInternalGroups) { if (this.externalizeMatchingInternalGroups) {
this.logger.warn("Classifying internal APS group as external: {} => {}", group.getName(), this.externalIdmSource); this.logger.warn("Classifying internal APS group as external: {} => {}", group.getName(), this.externalIdmSource);
// register the group as external // register the group as external
@@ -191,8 +194,6 @@ public class GroupSyncService {
// internal role already existed and the user is already a member // internal role already existed and the user is already a member
} }
if (oidcGroups.remove(oidcGroup)) {
this.logger.trace("User already belongs to APS group mapped to by OIDC group: {}: {} => {}", user.getExternalId(), oidcGroup, group.getName());
continue; continue;
} else if (!this.syncInternalGroups) { } else if (!this.syncInternalGroups) {
this.logger.trace("Internal APS group membership sync disabled; not considering removal of user from APS group: {} => {}", user.getExternalId(), group.getName()); this.logger.trace("Internal APS group membership sync disabled; not considering removal of user from APS group: {} => {}", user.getExternalId(), group.getName());