flipped org/cap inclusion because caps are fewer

2021-11-10 14:31:39 -05:00
parent 28a6f4d101
commit f5eefdb544
2 changed files with 15 additions and 15 deletions
--- a/README.md
+++ b/README.md
@@ -41,10 +41,10 @@ The library is highly configurable.  You configure it with properties specified

 ### For Activiti App Only

-| Property                                         | Default | Description |
-| ------------------------------------------------ | ------- | ----------- |
-| `keycloak-ext.group.organization.regex.patterns` | `.*`    | When creating a new group, sync as APS Organization (functional group) when the role matches the specified regular expression.  If it doesn't, add as APS Capability (system group). |
-| `keycloak-ext.external.id`                       | `ais`   | When creating a new group or registering an internal group as external, use this ID as a prefix to the external group ID. |
+| Property                                       | Default | Description |
+| ---------------------------------------------- | ------- | ----------- |
+| `keycloak-ext.group.capability.regex.patterns` |         | When creating a new group, sync as an APS Organization, except when the specified pattern matches the role.  In those cases, sync as an APS Capability. |
+| `keycloak-ext.external.id`                     | `ais`   | When creating a new group or registering an internal group as external, use this ID as a prefix to the external group ID. |

 ### Rare

--- a/src/main/java/com/inteligr8/activiti/keycloak/KeycloakActivitiAppAuthenticator.java
+++ b/src/main/java/com/inteligr8/activiti/keycloak/KeycloakActivitiAppAuthenticator.java
@@ -62,20 +62,20 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
    @Value("${keycloak-ext.external.id:ais}")
    protected String externalIdmSource;

-    @Value("${keycloak-ext.group.organization.regex.patterns:.*}")
-    protected String regexOrgIncludes;
+    @Value("${keycloak-ext.group.capability.regex.patterns:#{null}}")
+    protected String regexCapIncludes;

-    protected final Set<Pattern> orgIncludes = new HashSet<>();
+    protected final Set<Pattern> capIncludes = new HashSet<>();
    
    @Override
    @OverridingMethodsMustInvokeSuper
 	public void afterPropertiesSet() {
 		super.afterPropertiesSet();
 		
-    	if (this.regexOrgIncludes != null) {
-    		String[] regexPatternStrs = StringUtils.split(this.regexOrgIncludes, ',');
+    	if (this.regexCapIncludes != null) {
+    		String[] regexPatternStrs = StringUtils.split(this.regexCapIncludes, ',');
    		for (int i = 0; i < regexPatternStrs.length; i++)
-    			this.orgIncludes.add(Pattern.compile(regexPatternStrs[i]));
+    			this.capIncludes.add(Pattern.compile(regexPatternStrs[i]));
    	}
 	}
    
@@ -274,16 +274,16 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
    }
    
    private boolean isRoleToBeOrganization(String role) {
-    	if (this.orgIncludes.isEmpty())
-    		return false;
+    	if (this.capIncludes.isEmpty())
+    		return true;
    	
-		for (Pattern regex : this.orgIncludes) {
+		for (Pattern regex : this.capIncludes) {
 			Matcher matcher = regex.matcher(role);
 			if (matcher.matches())
-				return true;
+				return false;
 		}
 		
-		return false;
+		return true;
    }
    
 }