From f5eefdb5443aa5bc93cc3ed50fb19012d7a2a338 Mon Sep 17 00:00:00 2001 From: "Brian M. Long" Date: Wed, 10 Nov 2021 14:31:39 -0500 Subject: [PATCH] flipped org/cap inclusion because caps are fewer --- README.md | 8 +++---- .../KeycloakActivitiAppAuthenticator.java | 22 +++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 151f1c4..e387cb1 100644 --- a/README.md +++ b/README.md @@ -41,10 +41,10 @@ The library is highly configurable. You configure it with properties specified ### For Activiti App Only -| Property | Default | Description | -| ------------------------------------------------ | ------- | ----------- | -| `keycloak-ext.group.organization.regex.patterns` | `.*` | When creating a new group, sync as APS Organization (functional group) when the role matches the specified regular expression. If it doesn't, add as APS Capability (system group). | -| `keycloak-ext.external.id` | `ais` | When creating a new group or registering an internal group as external, use this ID as a prefix to the external group ID. | +| Property | Default | Description | +| ---------------------------------------------- | ------- | ----------- | +| `keycloak-ext.group.capability.regex.patterns` | | When creating a new group, sync as an APS Organization, except when the specified pattern matches the role. In those cases, sync as an APS Capability. | +| `keycloak-ext.external.id` | `ais` | When creating a new group or registering an internal group as external, use this ID as a prefix to the external group ID. | ### Rare diff --git a/src/main/java/com/inteligr8/activiti/keycloak/KeycloakActivitiAppAuthenticator.java b/src/main/java/com/inteligr8/activiti/keycloak/KeycloakActivitiAppAuthenticator.java index ea8220a..80c5798 100644 --- a/src/main/java/com/inteligr8/activiti/keycloak/KeycloakActivitiAppAuthenticator.java +++ b/src/main/java/com/inteligr8/activiti/keycloak/KeycloakActivitiAppAuthenticator.java @@ -62,20 +62,20 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu @Value("${keycloak-ext.external.id:ais}") protected String externalIdmSource; - @Value("${keycloak-ext.group.organization.regex.patterns:.*}") - protected String regexOrgIncludes; + @Value("${keycloak-ext.group.capability.regex.patterns:#{null}}") + protected String regexCapIncludes; - protected final Set orgIncludes = new HashSet<>(); + protected final Set capIncludes = new HashSet<>(); @Override @OverridingMethodsMustInvokeSuper public void afterPropertiesSet() { super.afterPropertiesSet(); - if (this.regexOrgIncludes != null) { - String[] regexPatternStrs = StringUtils.split(this.regexOrgIncludes, ','); + if (this.regexCapIncludes != null) { + String[] regexPatternStrs = StringUtils.split(this.regexCapIncludes, ','); for (int i = 0; i < regexPatternStrs.length; i++) - this.orgIncludes.add(Pattern.compile(regexPatternStrs[i])); + this.capIncludes.add(Pattern.compile(regexPatternStrs[i])); } } @@ -274,16 +274,16 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu } private boolean isRoleToBeOrganization(String role) { - if (this.orgIncludes.isEmpty()) - return false; + if (this.capIncludes.isEmpty()) + return true; - for (Pattern regex : this.orgIncludes) { + for (Pattern regex : this.capIncludes) { Matcher matcher = regex.matcher(role); if (matcher.matches()) - return true; + return false; } - return false; + return true; } }