flipped org/cap inclusion because caps are fewer
This commit is contained in:
@@ -41,10 +41,10 @@ The library is highly configurable. You configure it with properties specified
|
|||||||
|
|
||||||
### For Activiti App Only
|
### For Activiti App Only
|
||||||
|
|
||||||
| Property | Default | Description |
|
| Property | Default | Description |
|
||||||
| ------------------------------------------------ | ------- | ----------- |
|
| ---------------------------------------------- | ------- | ----------- |
|
||||||
| `keycloak-ext.group.organization.regex.patterns` | `.*` | When creating a new group, sync as APS Organization (functional group) when the role matches the specified regular expression. If it doesn't, add as APS Capability (system group). |
|
| `keycloak-ext.group.capability.regex.patterns` | | When creating a new group, sync as an APS Organization, except when the specified pattern matches the role. In those cases, sync as an APS Capability. |
|
||||||
| `keycloak-ext.external.id` | `ais` | When creating a new group or registering an internal group as external, use this ID as a prefix to the external group ID. |
|
| `keycloak-ext.external.id` | `ais` | When creating a new group or registering an internal group as external, use this ID as a prefix to the external group ID. |
|
||||||
|
|
||||||
### Rare
|
### Rare
|
||||||
|
|
||||||
|
|||||||
@@ -62,20 +62,20 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
|
|||||||
@Value("${keycloak-ext.external.id:ais}")
|
@Value("${keycloak-ext.external.id:ais}")
|
||||||
protected String externalIdmSource;
|
protected String externalIdmSource;
|
||||||
|
|
||||||
@Value("${keycloak-ext.group.organization.regex.patterns:.*}")
|
@Value("${keycloak-ext.group.capability.regex.patterns:#{null}}")
|
||||||
protected String regexOrgIncludes;
|
protected String regexCapIncludes;
|
||||||
|
|
||||||
protected final Set<Pattern> orgIncludes = new HashSet<>();
|
protected final Set<Pattern> capIncludes = new HashSet<>();
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@OverridingMethodsMustInvokeSuper
|
@OverridingMethodsMustInvokeSuper
|
||||||
public void afterPropertiesSet() {
|
public void afterPropertiesSet() {
|
||||||
super.afterPropertiesSet();
|
super.afterPropertiesSet();
|
||||||
|
|
||||||
if (this.regexOrgIncludes != null) {
|
if (this.regexCapIncludes != null) {
|
||||||
String[] regexPatternStrs = StringUtils.split(this.regexOrgIncludes, ',');
|
String[] regexPatternStrs = StringUtils.split(this.regexCapIncludes, ',');
|
||||||
for (int i = 0; i < regexPatternStrs.length; i++)
|
for (int i = 0; i < regexPatternStrs.length; i++)
|
||||||
this.orgIncludes.add(Pattern.compile(regexPatternStrs[i]));
|
this.capIncludes.add(Pattern.compile(regexPatternStrs[i]));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -274,16 +274,16 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
|
|||||||
}
|
}
|
||||||
|
|
||||||
private boolean isRoleToBeOrganization(String role) {
|
private boolean isRoleToBeOrganization(String role) {
|
||||||
if (this.orgIncludes.isEmpty())
|
if (this.capIncludes.isEmpty())
|
||||||
return false;
|
return true;
|
||||||
|
|
||||||
for (Pattern regex : this.orgIncludes) {
|
for (Pattern regex : this.capIncludes) {
|
||||||
Matcher matcher = regex.matcher(role);
|
Matcher matcher = regex.matcher(role);
|
||||||
if (matcher.matches())
|
if (matcher.matches())
|
||||||
return true;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user