v1.1.4 pom

pom.xml

@@ -4,7 +4,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.inteligr8.activiti</groupId>
 	<artifactId>keycloak-activiti-app-ext</artifactId>
-	<version>1.1.3</version>
+	<version>1.1.4</version>
 	<name>Keycloak Authentication &amp; Authorization for APS</name>
 
 	<properties>
@@ -87,7 +87,7 @@
 	<distributionManagement>
 		<repository>
 			<id>inteligr8-releases</id>
-			<url>https://repos.inteligr8.com/nexus/repository/inteligr8-private</url>
+			<url>https://repos.inteligr8.com/nexus/repository/inteligr8-public</url>
 		</repository>
 		<snapshotRepository>
 			<id>inteligr8-snapshots</id>

src/main/java/com/inteligr8/activiti/Inteligr8SecurityConfigurationRegistry.java

@@ -67,6 +67,9 @@ public class Inteligr8SecurityConfigurationRegistry implements AlfrescoSecurityC
     @Autowired(required = false)
     private GroupService groupService;
     
+    @Value("${keycloak-ext.tenant:#{null}}")
+    private String tenant;
+    
     @Value("${keycloak-ext.default.admins.users:#{null}}")
     private String adminUserStrs;
     
@@ -107,19 +110,23 @@ public class Inteligr8SecurityConfigurationRegistry implements AlfrescoSecurityC
 		if (this.groupService == null)
 			return;
 		
-		Long tenantId = this.findDefaultTenantId();
+		List<Object[]> tenantObjs = this.tenantService.getAllTenants();
+		for (Object[] tenantObj : tenantObjs) {
+			Long tenantId = (Long)tenantObj[0];
 			if (tenantId != null) {
-			// not first boot
+				Tenant tenant = this.tenantService.getTenant(tenantId);
+				this.logger.trace("Tenant: {} => {}", tenantId, tenant.getName());
 				this.logger.trace("Functional groups: {}", this.toGroupNames(this.groupService.getFunctionalGroups(tenantId)));
 				this.logger.trace("System groups: {}", this.toGroupNames(this.groupService.getSystemGroups(tenantId)));
 			}
 		}
+	}
 	
 	private void validateAdmins() {
 		if (this.groupService == null)
 			return;
 		
-    	Long tenantId = this.findDefaultTenantId();
+    	Long tenantId = this.findTenantId();
 		Group group = this.groupService.getGroupByExternalIdAndTenantId(this.adminGroupExternalId, tenantId);
 		if (group == null) {
 			List<Group> groups = this.groupService.getGroupByNameAndTenantId(this.adminGroupName, tenantId);
@@ -156,23 +163,30 @@ public class Inteligr8SecurityConfigurationRegistry implements AlfrescoSecurityC
 		if (adminUsers.isEmpty())
 			return;
 
-    	Long tenantId = this.findDefaultTenantId();
-		List<Group> groups = this.groupService.getSystemGroupWithName("Administrators", tenantId);
+    	Long tenantId = this.findTenantId();
+    	List<Group> groups;
+		Group group1 = this.groupService.getGroupByExternalIdAndTenantId(this.adminGroupExternalId, tenantId);
+		if (group1 != null) {
+			groups = Arrays.asList(group1);
+		} else {
+			groups = this.groupService.getGroupByNameAndTenantId(this.adminGroupName, tenantId);
+		}
+		this.logger.debug("Found {} admin group(s)", groups.size());
 		
 		for (String email : adminUsers) {
     		User user = this.userService.findUserByEmail(email);
 
-    		this.logger.debug("Adding {} to {}", user.getEmail(), "Administrators");
+    		this.logger.debug("Adding {} to admin group(s)", user.getEmail());
     		for (Group group : groups)
     			this.groupService.addUserToGroup(group, user);
 		}
 	}
     
-    private Long findDefaultTenantId() {
-    	String defaultTenantName = this.licenseService.getDefaultTenantName();
-		this.logger.trace("Default Tenant: {}", defaultTenantName);
+    private Long findTenantId() {
+    	String tenantName = this.tenant == null ? this.licenseService.getDefaultTenantName() : this.tenant;
+		this.logger.trace("Using Tenant: {}", tenantName);
 		
-    	List<Tenant> tenants = this.tenantService.findTenantsByName(defaultTenantName);
+    	List<Tenant> tenants = this.tenantService.findTenantsByName(tenantName);
     	if (tenants == null || tenants.isEmpty()) {
     		this.logger.warn("Default tenant not found");
     		return null;

src/main/java/com/inteligr8/activiti/keycloak/KeycloakActivitiAppAuthenticator.java

@@ -61,6 +61,9 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
     @Autowired
     private GroupService groupService;
     
+    @Value("${keycloak-ext.tenant:#{null}}")
+    private String tenant;
+    
     @Value("${keycloak-ext.external.id:ais}")
     protected String externalIdmSource;
 
@@ -81,7 +84,7 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
      */
     @Override
     public void preAuthenticate(Authentication auth) throws AuthenticationException { 
-    	Long tenantId = this.findDefaultTenantId();
+    	Long tenantId = this.findTenantId();
 		this.logger.trace("Tenant ID: {}", tenantId);
 		
     	User user = this.findUser(auth, tenantId);
@@ -122,20 +125,20 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
      */
     @Override
     public void postAuthenticate(Authentication auth) throws AuthenticationException {
-    	Long tenantId = this.findDefaultTenantId();
+    	Long tenantId = this.findTenantId();
     	User user = this.findUser(auth, tenantId);
 		this.logger.debug("Inspecting user: {} => {}", user.getId(), user.getExternalId());
 		
     	this.syncUserRoles(user, auth, tenantId);
     }
     
-    private Long findDefaultTenantId() {
-    	String defaultTenantName = this.licenseService.getDefaultTenantName();
-		this.logger.trace("Default Tenant: {}", defaultTenantName);
+    private Long findTenantId() {
+    	String tenantName = this.tenant == null ? this.licenseService.getDefaultTenantName() : this.tenant;
+		this.logger.trace("Using Tenant: {}", tenantName);
 		
-    	List<Tenant> tenants = this.tenantService.findTenantsByName(defaultTenantName);
+    	List<Tenant> tenants = this.tenantService.findTenantsByName(tenantName);
     	if (tenants == null || tenants.isEmpty()) {
-    		this.logger.warn("Default tenant not found");
+    		this.logger.warn("Tenant not found: {}", tenantName);
     		return null;
     	}
     	
@@ -193,8 +196,18 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
 			this.logger.trace("Inspecting group: {} => {} ({})", group.getId(), group.getName(), group.getExternalId());
 			
 			if (group.getExternalId() != null && this.removeMapEntriesByValue(roles, this.apsGroupExternalIdToKeycloakRole(group.getExternalId()))) {
+				if (group.getTenantId() == null) {
+					// fix stray groups
+					group.setTenantId(tenantId);
+					group.setLastUpdate(new Date());
+					this.groupService.save(group);
+				}
 				// role already existed and the user is already a member
 			} else if (group.getExternalId() == null && roles.remove(this.apsGroupNameToKeycloakRole(group.getName())) != null) {
+				// register the group as external
+				group.setExternalId(this.keycloakRoleToApsGroupExternalId(this.apsGroupNameToKeycloakRole(group.getName())));
+				group.setLastUpdate(new Date());
+				this.groupService.save(group);
 				// internal role already existed and the user is already a member
 			} else {
 				// at this point, we have a group that the user does not have a corresponding role for