v1.4.3 pom

Merge branch 'develop' into stable
updated to shade keycloak library (not in APS v24.x+)
2025-04-19 18:19:07 -04:00 · 2025-04-19 18:18:49 -04:00 · 2025-04-19 18:17:34 -04:00 · 2025-02-12 14:35:41 -05:00 · 2025-02-12 14:34:10 -05:00 · 2025-02-12 14:33:58 -05:00
7 changed files with 267 additions and 127 deletions
--- a/README.md
+++ b/README.md
@@ -25,7 +25,8 @@ Notice the use of `PostResources` instead of `PreResources`.  This library needs
 | Keycloak Activiti App Extension | Activiti App    |
 | ------------------------------- | --------------- |
 | v1.0 - v1.2                     | v1.11.x         |
-| v1.3+                           | v1.11.x - v2.3+ |
+| v1.3                            | v1.11.x - v2.x  |
 | v1.4+                           | v24.x+          |
 ## Configuration
@@ -35,7 +36,7 @@ The library is highly configurable.  You configure it with properties specified
 | Property                                       | Default   | Description |
 | ---------------------------------------------- | --------- | ----------- |
-| `keycloak-ext.ais.enabled`                     | `false`   | Enable AIS integration, overriding and extending the OOTB AIS provider. |
+| `keycloak-ext.keycloak.enabled`                | `false`   | Enable Keycloak integration, overriding and extending the OOTB OAuth provider. |
 | `keycloak-ext.ootbSecurityConfig.enabled`      | `true`    | Enable OOTB functionality as if this module were not installed.  This adapter operates at priority `0`.  This means it only works if other adapters are disabled (default). |
 | `keycloak-ext.default.admins.users`            |           | A default set of administrators to add to the administration role on application startup. |
 | `keycloak-ext.clearNewUserDefaultGroups`       | `true`    | When creating a new user, clear any default groups added to that user.  This will not impact existing users. |
@@ -57,8 +58,8 @@ The library is highly configurable.  You configure it with properties specified
 | Property                                  | Default         | Description |
 | ----------------------------------------- | --------------- | ----------- |
-| `keycloak-ext.ais.priority`               | `-10`           | The order of configurable adapters to use with the application.  Only the lowest priority enabled adapter will be used.  Values of `1`+ will only load if the OOTB adapter is disabled. |
+| `keycloak-ext.keycloak.priority`          | `-5`            | The order of configurable adapters to use with the application.  Only the lowest priority enabled adapter will be used.  Values of `1`+ will only load if the OOTB adapter is disabled. |
-| `keycloak-ext.group.admins.validate`      | `false`         | Whether or not to validate the existence and capabilities of an administrators group on appliation startup.  This is only applicable for when one is accidently removed and no one has the rights to create one. |
+| `keycloak-ext.group.admins.validate`      | `false`         | Whether or not to validate the existence and capabilities of an administrators group on application startup.  This is only applicable for when one is accidently removed and no one has the rights to create one. |
 | `keycloak-ext.group.admins.name`          | `admins`        | The name of an administrators group to potentially add and default users on application startup. |
 | `keycloak-ext.group.admins.externalId`    | `admins`        | The name of an administrators group to potentially add and default users on application startup. |
 | `keycloak-ext.createMissingUser`          | `true`          | Before authentication, check to make sure the user exists as an APS user; if they don't, create the user. |
@@ -66,9 +67,8 @@ The library is highly configurable.  You configure it with properties specified
 | `keycloak-ext.syncGroupAdd`               | `true`          | If the user belongs to a role but not its corresponding group, add the user to the group. |
 | `keycloak-ext.syncGroupRemove`            | `true`          | If the user belongs to a group but does not have the corresponding role, remove the user from the group. |
-### Untested
+### Deprecated
-| Property                                  | Default         | Description |
+| Property                                       | Since | Description |
-| ----------------------------------------- | --------------- | ----------- |
+| ---------------------------------------------- | ----- | ----------- |
-| `keycloak-ext.keycloak.enabled`           | `false`         | Enable Keycloak integration, overriding and extending the OOTB Keycloak provider (*untested*). |
+| `keycloak-ext.ais.*`                           | v24.x | AIS integration was removed.  The `keycloak-ext.keycloak.*` properties must be used instead. |
 | `keycloak-ext.keycloak.priority`          | `-5`            | The order of configurable adapters to use with the application.  Only the lowest priority enabled adapter will be used.  Values of `1`+ will only load if the OOTB adapter is disabled. |
--- a/dependency-reduced-pom.xml
+++ b/dependency-reduced-pom.xml
@@ -0,0 +1,178 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.inteligr8.activiti</groupId>
  <artifactId>keycloak-activiti-app-ext</artifactId>
  <name>Keycloak Authentication &amp; Authorization for APS</name>
  <version>1.4-SNAPSHOT</version>
  <description>An Alfresco Process Service App extension providing improved Keycloak/AIS support.</description>
  <url>https://bitbucket.org/inteligr8/keycloak-activiti-app-ext</url>
  <developers>
    <developer>
      <id>brian.long</id>
      <name>Brian Long</name>
      <email>brian@inteligr8.com</email>
      <url>https://twitter.com/brianmlong</url>
    </developer>
  </developers>
  <licenses>
    <license>
      <name>GNU GENERAL PUBLIC LICENSE, Version 3, 29 June 2007</name>
      <url>https://www.gnu.org/licenses/lgpl-3.0.txt</url>
    </license>
  </licenses>
  <scm>
    <connection>scm:git:https://bitbucket.org/inteligr8/keycloak-activiti-app-ext.git</connection>
    <developerConnection>scm:git:git@bitbucket.org:inteligr8/keycloak-activiti-app-ext.git</developerConnection>
    <url>https://bitbucket.org/inteligr8/keycloak-activiti-app-ext</url>
  </scm>
  <organization>
    <name>Inteligr8</name>
    <url>https://www.inteligr8.com</url>
  </organization>
  <build>
    <plugins>
      <plugin>
        <artifactId>maven-shade-plugin</artifactId>
        <version>3.6.0</version>
        <executions>
          <execution>
            <id>shade-jar</id>
            <goals>
              <goal>shade</goal>
            </goals>
            <configuration>
              <shadedArtifactAttached>true</shadedArtifactAttached>
              <relocations>
                <relocation>
                  <pattern />
                  <shadedPattern>shaded.keycloak.</shadedPattern>
                  <excludes>
                    <exclude>com.activiti.conf.*</exclude>
                    <exclude>com.activiti.extension.conf.*</exclude>
                    <exclude>com.inteligr8.activiti.**</exclude>
                    <exclude>META-INF/**/*</exclude>
                  </excludes>
                </relocation>
              </relocations>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  <profiles>
    <profile>
      <id>ossrh-release</id>
      <build>
        <plugins>
          <plugin>
            <artifactId>maven-source-plugin</artifactId>
            <executions>
              <execution>
                <id>source</id>
                <phase>package</phase>
                <goals>
                  <goal>jar-no-fork</goal>
                </goals>
              </execution>
            </executions>
          </plugin>
          <plugin>
            <artifactId>maven-javadoc-plugin</artifactId>
            <executions>
              <execution>
                <id>javadoc</id>
                <phase>package</phase>
                <goals>
                  <goal>jar</goal>
                </goals>
                <configuration>
                  <show>public</show>
                </configuration>
              </execution>
            </executions>
          </plugin>
          <plugin>
            <artifactId>maven-gpg-plugin</artifactId>
            <executions>
              <execution>
                <id>sign</id>
                <phase>verify</phase>
                <goals>
                  <goal>sign</goal>
                </goals>
              </execution>
            </executions>
          </plugin>
          <plugin>
            <groupId>org.sonatype.plugins</groupId>
            <artifactId>nexus-staging-maven-plugin</artifactId>
            <version>1.7.0</version>
            <executions>
              <execution>
                <id>ossrh-deploy</id>
                <phase>deploy</phase>
                <goals>
                  <goal>deploy</goal>
                </goals>
              </execution>
            </executions>
            <configuration>
              <serverId>ossrh</serverId>
              <nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
              <autoReleaseAfterClose>true</autoReleaseAfterClose>
            </configuration>
          </plugin>
        </plugins>
      </build>
      <properties>
        <maven.deploy.skip>true</maven.deploy.skip>
      </properties>
    </profile>
  </profiles>
  <repositories>
    <repository>
      <id>alfresco-private</id>
      <url>https://artifacts.alfresco.com/nexus/content/groups/private</url>
    </repository>
    <repository>
      <id>activiti-releases</id>
      <url>https://artifacts.alfresco.com/nexus/content/repositories/activiti-enterprise-releases</url>
    </repository>
  </repositories>
  <dependencies>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-oauth2-client</artifactId>
      <version>6.3.2</version>
      <scope>provided</scope>
    </dependency>
    <dependency>
      <groupId>com.activiti</groupId>
      <artifactId>activiti-app</artifactId>
      <version>24.3.0</version>
      <classifier>classes</classifier>
      <scope>provided</scope>
      <exclusions>
        <exclusion>
          <artifactId>aspose-transformation</artifactId>
          <groupId>com.activiti</groupId>
        </exclusion>
        <exclusion>
          <artifactId>aoservices</artifactId>
          <groupId>org.alfresco.officeservices</groupId>
        </exclusion>
      </exclusions>
    </dependency>
  </dependencies>
  <properties>
    <maven.compiler.release>17</maven.compiler.release>
    <maven.compiler.source>17</maven.compiler.source>
    <keycloak.version>23.0.7</keycloak.version>
    <maven.compiler.target>17</maven.compiler.target>
    <slf4j.version>1.7.36</slf4j.version>
    <spring-security-oauth2.version>6.3.2</spring-security-oauth2.version>
    <aps.version>24.3.0</aps.version>
  </properties>
 </project>
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.inteligr8.activiti</groupId>
 	<artifactId>keycloak-activiti-app-ext</artifactId>
-	<version>1.3.3</version>
+	<version>1.4.3</version>
 	<name>Keycloak Authentication &amp; Authorization for APS</name>
 	<description>An Alfresco Process Service App extension providing improved Keycloak/AIS support.</description>
 	<url>https://bitbucket.org/inteligr8/keycloak-activiti-app-ext</url>
@@ -39,31 +39,18 @@
 		<maven.compiler.target>17</maven.compiler.target>
 		<maven.compiler.release>17</maven.compiler.release>
-		<aps.version>2.4.4</aps.version>
+		<aps.version>24.3.0</aps.version>
-		<keycloak.version>18.0.2</keycloak.version>
+		<keycloak.version>23.0.7</keycloak.version>
-		<spring-security-oauth2.version>5.8.5</spring-security-oauth2.version>
+		<spring-security-oauth2.version>6.3.2</spring-security-oauth2.version>
 		<slf4j.version>1.7.36</slf4j.version>
 	</properties>
 	<dependencies>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
 			<version>${slf4j.version}</version>
 			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-oauth2-client</artifactId>
 			<version>${spring-security-oauth2.version}</version>
 			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.keycloak</groupId>
 			<artifactId>keycloak-spring-security-adapter</artifactId>
 			<version>${keycloak.version}</version>
 			<scope>provided</scope>
 		</dependency>
 		<!-- Needed for Activiti App Identity Service inheritance/override -->
 		<!-- includes activiti-app-logic for API -->
 		<dependency>
@@ -83,8 +70,74 @@
 				</exclusion>
 			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.keycloak</groupId>
 			<artifactId>keycloak-spring-security-adapter</artifactId>
 			<version>${keycloak.version}</version>
 			<exclusions>
 				<!-- provided by APS -->
 				<exclusion>
 					<groupId>org.slf4j</groupId>
 					<artifactId>slf4j-api</artifactId>
 				</exclusion>
 				<exclusion>
 					<groupId>org.jboss.logging</groupId>
 					<artifactId>jboss-logging</artifactId>
 				</exclusion>
 				<exclusion>
 					<groupId>jakarta.activation</groupId>
 					<artifactId>*</artifactId>
 				</exclusion>
 				<exclusion>
 					<groupId>org.apache.httpcomponents</groupId>
 					<artifactId>*</artifactId>
 				</exclusion>
 				<exclusion>
 					<groupId>com.fasterxml.jackson.core</groupId>
 					<artifactId>*</artifactId>
 				</exclusion>
 				<exclusion>
 					<groupId>org.bouncycastle</groupId>
 					<artifactId>bcprov-jdk18on</artifactId>
 				</exclusion>
 				<exclusion>
 					<groupId>org.bouncycastle</groupId>
 					<artifactId>bcpkix-jdk18on</artifactId>
 				</exclusion>
 			</exclusions>
 		</dependency>
 	</dependencies>
 	<build>
 		<plugins>
 			<plugin>
 				<artifactId>maven-shade-plugin</artifactId>
 				<version>3.6.0</version>
 				<executions>
 					<execution>
 						<id>shade-jar</id>
 						<goals><goal>shade</goal></goals>
 						<configuration>
 							<shadedArtifactAttached>true</shadedArtifactAttached>
 							<relocations>
 								<relocation>
 									<pattern></pattern>
 									<shadedPattern>shaded.keycloak.</shadedPattern>
 									<excludes>
 										<exclude>com.activiti.conf.**</exclude>
 										<exclude>com.activiti.extension.conf.**</exclude>
 										<exclude>com.inteligr8.activiti.**</exclude>
 										<exclude>META-INF/**/*</exclude>
 									</excludes>
 								</relocation>
 							</relocations>
 						</configuration>
 					</execution>
 				</executions>
 			</plugin>
 		</plugins>
 	</build>
 	<profiles>
 		<profile>
 			<id>ossrh-release</id>
@@ -129,7 +182,7 @@
 					<plugin>
 						<groupId>org.sonatype.plugins</groupId>
 						<artifactId>nexus-staging-maven-plugin</artifactId>
-						<version>1.6.13</version>
+						<version>1.7.0</version>
 						<configuration>
 							<serverId>ossrh</serverId>
 							<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
--- a/src/main/java/com/activiti/extension/conf/KeycloakExtSpringComponentScanner.java
+++ b/src/main/java/com/activiti/extension/conf/KeycloakExtSpringComponentScanner.java
@@ -26,7 +26,6 @@ import org.springframework.context.annotation.FullyQualifiedAnnotationBeanNameGe
@Configuration
@ComponentScan(
    basePackages = {
        "com.inteligr8.activiti.ais",
        "com.inteligr8.activiti.idm",
        "com.inteligr8.activiti.keycloak",
        "com.inteligr8.activiti.security"
--- a/src/main/java/com/inteligr8/activiti/ais/IdentityServiceSecurityConfigurationAdapter.java
+++ b/src/main/java/com/inteligr8/activiti/ais/IdentityServiceSecurityConfigurationAdapter.java
@@ -1,92 +0,0 @@
 /*
 * This program is free software: you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or (at your
 * option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 package com.inteligr8.activiti.ais;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.stereotype.Component;
 import com.activiti.api.msmt.MsmtTenantResolver;
 import com.activiti.conf.MsmtProperties;
 import com.activiti.security.identity.service.authentication.provider.IdentityServiceAuthenticationProvider;
 import com.inteligr8.activiti.security.ActivitiSecurityConfigAdapter;
 import com.inteligr8.activiti.auth.Authenticator;
 import com.inteligr8.activiti.auth.InterceptingAuthenticationProvider;
 /**
 * This class/bean injects a custom AIS authentication provider into the
 * security configuration.
 * 
 * @author brian@inteligr8.com
 * @see com.activiti.security.identity.service.authentication.provider.IdentityServiceAuthenticationProvider
 */
@Component
 public class IdentityServiceSecurityConfigurationAdapter implements ActivitiSecurityConfigAdapter {
    private final Logger logger = LoggerFactory.getLogger(this.getClass());
    @Value("${keycloak-ext.ais.enabled:false}")
    private boolean enabled;
 	// this assures execution before the OOTB impl (-10 < 0)
    @Value("${keycloak-ext.ais.priority:-10}")
    private int priority;
    @Autowired
    protected MsmtProperties msmtProperties;
    @Autowired(required = false) // Only when multi-schema multi-tenant is enabled
    protected MsmtTenantResolver tenantResolver;
    @Autowired
    @Qualifier("keycloak-ext.activiti-app.authenticator")
    private Authenticator authenticator;
    protected Authenticator getAuthenticator() {
 		return this.authenticator;
 	}
    @Override
    public boolean isEnabled() {
    	return this.enabled;
    }
    @Override
    public int getPriority() {
    	return this.priority;
    }
 	@Override
 	public void configureGlobal(AuthenticationManagerBuilder auth, UserDetailsService userDetailsService) {
 		this.logger.trace("configureGlobal()");
 		this.logger.info("Using AIS authentication extension, featuring creation of missing users and authority synchronization");
 		IdentityServiceAuthenticationProvider provider = new IdentityServiceAuthenticationProvider();
        if (this.msmtProperties.isMultiSchemaMultiTenantEnabled())
            provider.setTenantResolver(this.tenantResolver);
        provider.setUserDetailsService(userDetailsService);
 		provider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
 		auth.authenticationProvider(new InterceptingAuthenticationProvider(provider, this.getAuthenticator()));
 	}
 }
--- a/src/main/java/com/inteligr8/activiti/idm/ActivitiAppAdminMembersFixer.java
+++ b/src/main/java/com/inteligr8/activiti/idm/ActivitiAppAdminMembersFixer.java
@@ -17,7 +17,7 @@ package com.inteligr8.activiti.idm;
 import java.util.Arrays;
 import java.util.List;
-import javax.persistence.NonUniqueResultException;
+import jakarta.persistence.NonUniqueResultException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
--- a/src/main/java/com/inteligr8/activiti/keycloak/KeycloakActivitiAppAuthenticator.java
+++ b/src/main/java/com/inteligr8/activiti/keycloak/KeycloakActivitiAppAuthenticator.java
@@ -24,7 +24,7 @@ import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import javax.annotation.OverridingMethodsMustInvokeSuper;
-import javax.persistence.NonUniqueResultException;
+import jakarta.persistence.NonUniqueResultException;
 import org.apache.commons.lang3.StringUtils;
 import org.keycloak.representations.AccessToken;
@@ -260,11 +260,13 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
 				}
 			}
-			if (group != null && this.syncGroupAdd) {
+			if (group != null) {
-				this.logger.trace("Adding user '{}' to group '{}'", user.getExternalId(), group.getName());
+			    if (this.syncGroupAdd) {
-				this.groupService.addUserToGroup(group, userWithGroups);
+    				this.logger.trace("Adding user '{}' to group '{}'", user.getExternalId(), group.getName());
-			} else {
+    				this.groupService.addUserToGroup(group, userWithGroups);
-				this.logger.debug("User/group membership sync disabled; not adding user to group: {} => {}", user.getExternalId(), group.getName());
+    			} else {
    				this.logger.debug("User/group membership sync disabled; not adding user to group: {} => {}", user.getExternalId(), group.getName());
    			}
 			}
 		}
    }
Author	SHA1	Message	Date
Brian M. Long	9c7641b858	v1.4.3 pom	2025-04-19 18:19:07 -04:00
Brian M. Long	0e34f589c3	Merge branch 'develop' into stable	2025-04-19 18:18:49 -04:00
Brian M. Long	dcd7e987f1	updated to shade keycloak library (not in APS v24.x+)	2025-04-19 18:17:34 -04:00
Brian M. Long	a73543d2a6	v1.4.1 pom	2025-02-12 14:35:41 -05:00
Brian M. Long	cd472b9269	Merge branch 'develop' into stable	2025-02-12 14:34:10 -05:00
Brian M. Long	e7f2e2ee0c	steps to reduce bean name conflicts	2025-02-12 14:33:58 -05:00
Brian M. Long	bf848b009c	v1.4.0 pom	2024-10-15 15:56:54 -04:00
Brian M. Long	52b86c0de4	Merge branch 'develop' into stable	2024-10-15 15:56:38 -04:00
Brian M. Long	b34093bb85	jakarta upgrade for APS v24.x+; v1.4.x pom	2024-10-15 15:56:03 -04:00