v1.4.1 pom

README.md

@@ -25,7 +25,8 @@ Notice the use of `PostResources` instead of `PreResources`.  This library needs
 | Keycloak Activiti App Extension | Activiti App    |
 | ------------------------------- | --------------- |
 | v1.0 - v1.2                     | v1.11.x         |
-| v1.3+                           | v1.11.x - v2.3+ |
+| v1.3                            | v1.11.x - v2.x  |
+| v1.4+                           | v24.x+          |
 
 ## Configuration
 
@@ -35,7 +36,7 @@ The library is highly configurable.  You configure it with properties specified
 
 | Property                                       | Default   | Description |
 | ---------------------------------------------- | --------- | ----------- |
-| `keycloak-ext.ais.enabled`                     | `false`   | Enable AIS integration, overriding and extending the OOTB AIS provider. |
+| `keycloak-ext.keycloak.enabled`                | `false`   | Enable Keycloak integration, overriding and extending the OOTB OAuth provider. |
 | `keycloak-ext.ootbSecurityConfig.enabled`      | `true`    | Enable OOTB functionality as if this module were not installed.  This adapter operates at priority `0`.  This means it only works if other adapters are disabled (default). |
 | `keycloak-ext.default.admins.users`            |           | A default set of administrators to add to the administration role on application startup. |
 | `keycloak-ext.clearNewUserDefaultGroups`       | `true`    | When creating a new user, clear any default groups added to that user.  This will not impact existing users. |
@@ -57,8 +58,8 @@ The library is highly configurable.  You configure it with properties specified
 
 | Property                                  | Default         | Description |
 | ----------------------------------------- | --------------- | ----------- |
-| `keycloak-ext.ais.priority`               | `-10`           | The order of configurable adapters to use with the application.  Only the lowest priority enabled adapter will be used.  Values of `1`+ will only load if the OOTB adapter is disabled. |
-| `keycloak-ext.group.admins.validate`      | `false`         | Whether or not to validate the existence and capabilities of an administrators group on appliation startup.  This is only applicable for when one is accidently removed and no one has the rights to create one. |
+| `keycloak-ext.keycloak.priority`          | `-5`            | The order of configurable adapters to use with the application.  Only the lowest priority enabled adapter will be used.  Values of `1`+ will only load if the OOTB adapter is disabled. |
+| `keycloak-ext.group.admins.validate`      | `false`         | Whether or not to validate the existence and capabilities of an administrators group on application startup.  This is only applicable for when one is accidently removed and no one has the rights to create one. |
 | `keycloak-ext.group.admins.name`          | `admins`        | The name of an administrators group to potentially add and default users on application startup. |
 | `keycloak-ext.group.admins.externalId`    | `admins`        | The name of an administrators group to potentially add and default users on application startup. |
 | `keycloak-ext.createMissingUser`          | `true`          | Before authentication, check to make sure the user exists as an APS user; if they don't, create the user. |
@@ -66,9 +67,8 @@ The library is highly configurable.  You configure it with properties specified
 | `keycloak-ext.syncGroupAdd`               | `true`          | If the user belongs to a role but not its corresponding group, add the user to the group. |
 | `keycloak-ext.syncGroupRemove`            | `true`          | If the user belongs to a group but does not have the corresponding role, remove the user from the group. |
 
-### Untested
+### Deprecated
 
-| Property                                  | Default         | Description |
-| ----------------------------------------- | --------------- | ----------- |
-| `keycloak-ext.keycloak.enabled`           | `false`         | Enable Keycloak integration, overriding and extending the OOTB Keycloak provider (*untested*). |
-| `keycloak-ext.keycloak.priority`          | `-5`            | The order of configurable adapters to use with the application.  Only the lowest priority enabled adapter will be used.  Values of `1`+ will only load if the OOTB adapter is disabled. |
+| Property                                       | Since | Description |
+| ---------------------------------------------- | ----- | ----------- |
+| `keycloak-ext.ais.*`                           | v24.x | AIS integration was removed.  The `keycloak-ext.keycloak.*` properties must be used instead. |

pom.xml

@@ -2,11 +2,9 @@
 		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 		xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
-
 	<groupId>com.inteligr8.activiti</groupId>
 	<artifactId>keycloak-activiti-app-ext</artifactId>
-	<version>1.3-SNAPSHOT</version>
-
+	<version>1.4.1</version>
 	<name>Keycloak Authentication &amp; Authorization for APS</name>
 	<description>An Alfresco Process Service App extension providing improved Keycloak/AIS support.</description>
 	<url>https://bitbucket.org/inteligr8/keycloak-activiti-app-ext</url>
@@ -41,9 +39,9 @@
 		<maven.compiler.target>17</maven.compiler.target>
 		<maven.compiler.release>17</maven.compiler.release>
 
-		<aps.version>2.4.4</aps.version>
+		<aps.version>24.3.0</aps.version>
 		<keycloak.version>18.0.2</keycloak.version>
-		<spring-security-oauth2.version>5.8.5</spring-security-oauth2.version>
+		<spring-security-oauth2.version>6.3.2</spring-security-oauth2.version>
 		<slf4j.version>1.7.36</slf4j.version>
 	</properties>
 
@@ -86,6 +84,69 @@
 			</exclusions>
 		</dependency>
 	</dependencies>
+	
+	<profiles>
+		<profile>
+			<id>ossrh-release</id>
+			<properties>
+				<maven.deploy.skip>true</maven.deploy.skip>
+			</properties>
+			<build>
+				<plugins>
+					<plugin>
+						<artifactId>maven-source-plugin</artifactId>
+						<executions>
+							<execution>
+								<id>source</id>
+								<phase>package</phase>
+								<goals><goal>jar-no-fork</goal></goals>
+							</execution>
+						</executions>
+					</plugin>
+					<plugin>
+						<artifactId>maven-javadoc-plugin</artifactId>
+						<executions>
+							<execution>
+								<id>javadoc</id>
+								<phase>package</phase>
+								<goals><goal>jar</goal></goals>
+								<configuration>
+									<show>public</show>
+								</configuration>
+							</execution>
+						</executions>
+					</plugin>
+					<plugin>
+						<artifactId>maven-gpg-plugin</artifactId>
+						<executions>
+							<execution>
+								<id>sign</id>
+								<phase>verify</phase>
+								<goals><goal>sign</goal></goals>
+							</execution>
+						</executions>
+					</plugin>
+					<plugin>
+						<groupId>org.sonatype.plugins</groupId>
+						<artifactId>nexus-staging-maven-plugin</artifactId>
+						<version>1.7.0</version>
+						<configuration>
+							<serverId>ossrh</serverId>
+							<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
+							<autoReleaseAfterClose>true</autoReleaseAfterClose>
+						</configuration>
+						<executions>
+							<execution>
+								<id>ossrh-deploy</id>
+								<phase>deploy</phase>
+								<goals><goal>deploy</goal></goals>
+							</execution>
+						</executions>
+					</plugin>
+				</plugins>
+			</build>
+		</profile>
+	</profiles>
 
 	<repositories>
 		<repository>
@@ -98,15 +159,4 @@
 		</repository>
 	</repositories>
 	
-	<distributionManagement>
-		<repository>
-			<id>inteligr8-releases</id>
-			<url>https://repos.inteligr8.com/nexus/repository/inteligr8-public</url>
-		</repository>
-		<snapshotRepository>
-			<id>inteligr8-snapshots</id>
-			<url>https://repos.inteligr8.com/nexus/repository/inteligr8-snapshots</url>
-		</snapshotRepository>
-	</distributionManagement>
-	
 </project>

src/main/java/com/activiti/extension/conf/KeycloakExtSpringComponentScanner.java

@@ -26,7 +26,6 @@ import org.springframework.context.annotation.FullyQualifiedAnnotationBeanNameGe
 @Configuration
 @ComponentScan(
     basePackages = {
-        "com.inteligr8.activiti.ais",
         "com.inteligr8.activiti.idm",
         "com.inteligr8.activiti.keycloak",
         "com.inteligr8.activiti.security"

src/main/java/com/inteligr8/activiti/ais/IdentityServiceSecurityConfigurationAdapter.java

@@ -1,92 +0,0 @@
-/*
- * This program is free software: you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or (at your
- * option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-package com.inteligr8.activiti.ais;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.stereotype.Component;
-
-import com.activiti.api.msmt.MsmtTenantResolver;
-import com.activiti.conf.MsmtProperties;
-import com.activiti.security.identity.service.authentication.provider.IdentityServiceAuthenticationProvider;
-import com.inteligr8.activiti.security.ActivitiSecurityConfigAdapter;
-import com.inteligr8.activiti.auth.Authenticator;
-import com.inteligr8.activiti.auth.InterceptingAuthenticationProvider;
-
-/**
- * This class/bean injects a custom AIS authentication provider into the
- * security configuration.
- * 
- * @author brian@inteligr8.com
- * @see com.activiti.security.identity.service.authentication.provider.IdentityServiceAuthenticationProvider
- */
-@Component
-public class IdentityServiceSecurityConfigurationAdapter implements ActivitiSecurityConfigAdapter {
-	
-    private final Logger logger = LoggerFactory.getLogger(this.getClass());
-    
-    @Value("${keycloak-ext.ais.enabled:false}")
-    private boolean enabled;
-
-	// this assures execution before the OOTB impl (-10 < 0)
-    @Value("${keycloak-ext.ais.priority:-10}")
-    private int priority;
-    
-    @Autowired
-    protected MsmtProperties msmtProperties;
-
-    @Autowired(required = false) // Only when multi-schema multi-tenant is enabled
-    protected MsmtTenantResolver tenantResolver;
-    
-    @Autowired
-    @Qualifier("keycloak-ext.activiti-app.authenticator")
-    private Authenticator authenticator;
-    
-    protected Authenticator getAuthenticator() {
-		return this.authenticator;
-	}
-    
-    @Override
-    public boolean isEnabled() {
-    	return this.enabled;
-    }
-    
-    @Override
-    public int getPriority() {
-    	return this.priority;
-    }
-	
-	@Override
-	public void configureGlobal(AuthenticationManagerBuilder auth, UserDetailsService userDetailsService) {
-		this.logger.trace("configureGlobal()");
-		
-		this.logger.info("Using AIS authentication extension, featuring creation of missing users and authority synchronization");
-		
-		IdentityServiceAuthenticationProvider provider = new IdentityServiceAuthenticationProvider();
-        if (this.msmtProperties.isMultiSchemaMultiTenantEnabled())
-            provider.setTenantResolver(this.tenantResolver);
-        provider.setUserDetailsService(userDetailsService);
-		provider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
-
-		auth.authenticationProvider(new InterceptingAuthenticationProvider(provider, this.getAuthenticator()));
-	}
-
-}

src/main/java/com/inteligr8/activiti/idm/ActivitiAppAdminMembersFixer.java

@@ -17,7 +17,7 @@ package com.inteligr8.activiti.idm;
 import java.util.Arrays;
 import java.util.List;
 
-import javax.persistence.NonUniqueResultException;
+import jakarta.persistence.NonUniqueResultException;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

src/main/java/com/inteligr8/activiti/keycloak/KeycloakActivitiAppAuthenticator.java

@@ -24,7 +24,7 @@ import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import javax.annotation.OverridingMethodsMustInvokeSuper;
-import javax.persistence.NonUniqueResultException;
+import jakarta.persistence.NonUniqueResultException;
 
 import org.apache.commons.lang3.StringUtils;
 import org.keycloak.representations.AccessToken;
@@ -260,11 +260,13 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
 				}
 			}
 
-			if (group != null && this.syncGroupAdd) {
-				this.logger.trace("Adding user '{}' to group '{}'", user.getExternalId(), group.getName());
-				this.groupService.addUserToGroup(group, userWithGroups);
-			} else {
-				this.logger.debug("User/group membership sync disabled; not adding user to group: {} => {}", user.getExternalId(), group.getName());
+			if (group != null) {
+			    if (this.syncGroupAdd) {
+    				this.logger.trace("Adding user '{}' to group '{}'", user.getExternalId(), group.getName());
+    				this.groupService.addUserToGroup(group, userWithGroups);
+    			} else {
+    				this.logger.debug("User/group membership sync disabled; not adding user to group: {} => {}", user.getExternalId(), group.getName());
+    			}
 			}
 		}
     }