You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by an...@apache.org on 2017/05/01 19:42:21 UTC
[2/4] airavata git commit: adding keycloak userstore migrator
adding keycloak userstore migrator
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/ec35622d
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/ec35622d
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/ec35622d
Branch: refs/heads/develop
Commit: ec35622d02a970a31dfe47c4b13312665143167d
Parents: 8327c29
Author: Anuj Bhandar <bh...@gmail.com>
Authored: Sun Apr 23 16:32:54 2017 -0400
Committer: Anuj Bhandar <bh...@gmail.com>
Committed: Mon May 1 15:31:37 2017 -0400
----------------------------------------------------------------------
jssecacerts | Bin 114936 -> 0 bytes
modules/user-profile-migration/pom.xml | 134 -------------------
.../airavata/KeycloakIdentityServerClient.java | 85 +++++-------
.../org/apache/airavata/MigrationManager.java | 27 ++--
.../airavata/Wso2IdentityServerClient.java | 36 ++---
.../utils/InstallCert$SavingTrustManager.class | Bin 1164 -> 0 bytes
.../org/apache/airavata/utils/InstallCert.class | Bin 5947 -> 0 bytes
.../org/apache/airavata/utils/InstallCert.java | 6 +-
.../org/apache/airavata/utils/iamscigaporg.cer | Bin 1411 -> 0 bytes
9 files changed, 76 insertions(+), 212 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/jssecacerts
----------------------------------------------------------------------
diff --git a/jssecacerts b/jssecacerts
deleted file mode 100644
index 8b1b783..0000000
Binary files a/jssecacerts and /dev/null differ
http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/pom.xml
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/pom.xml b/modules/user-profile-migration/pom.xml
deleted file mode 100644
index 2171c8f..0000000
--- a/modules/user-profile-migration/pom.xml
+++ /dev/null
@@ -1,134 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-
-
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <parent>
- <artifactId>airavata</artifactId>
- <groupId>org.apache.airavata</groupId>
- <version>0.17-SNAPSHOT</version>
- <relativePath>../../pom.xml</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
-
- <artifactId>user-profile-migration</artifactId>
-
- <repositories>
- <repository>
- <id>wso2-maven2-repository</id>
- <url>http://dist.wso2.org/maven2</url>
- </repository>
- <repository>
- <id>apache-maven2-repo</id>
- <name>Apache Maven2 Repository</name>
- <url>http://repo1.maven.org/maven2/</url>
- </repository>
- </repositories>
-
- <dependencies>
- <dependency>
- <groupId>org.apache.axis2.wso2</groupId>
- <artifactId>axis2</artifactId>
- <version>1.6.1.wso2v1</version>
- </dependency>
- <dependency>
- <groupId>org.wso2.securevault</groupId>
- <artifactId>org.wso2.securevault</artifactId>
- <version>1.0.0</version>
- </dependency>
- <dependency>
- <groupId>commons-httpclient</groupId>
- <artifactId>commons-httpclient</artifactId>
- <version>3.1</version>
- </dependency>
- <!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient -->
- <dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient</artifactId>
- <version>4.5.3</version>
- </dependency>
-
- <dependency>
- <groupId>org.wso2.carbon</groupId>
- <artifactId>org.wso2.carbon.um.ws.api.stub</artifactId>
- <version>4.0.2</version>
- </dependency>
- <!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
- <dependency>
- <groupId>mysql</groupId>
- <artifactId>mysql-connector-java</artifactId>
- <version>5.1.6</version>
- </dependency>
- <dependency>
- <groupId>org.apache.airavata</groupId>
- <artifactId>user-profile-stubs</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.airavata</groupId>
- <artifactId>airavata-commons</artifactId>
- <version>0.17-SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>org.apache.airavata</groupId>
- <artifactId>airavata-data-models</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- https://mvnrepository.com/artifact/javax.ws.rs/javax.ws.rs-api -->
- <dependency>
- <groupId>javax.ws.rs</groupId>
- <artifactId>javax.ws.rs-api</artifactId>
- <version>2.0.1</version>
- </dependency>
- <!-- https://mvnrepository.com/artifact/org.jboss.resteasy/resteasy-client -->
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-client</artifactId>
- <version>3.1.2.Final</version>
- </dependency>
- <!-- https://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-admin-client</artifactId>
- <version>3.0.0.Final</version>
- </dependency>
- </dependencies>
-
-
- <build>
- <sourceDirectory>src/main/java</sourceDirectory>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-compiler-plugin</artifactId>
- <inherited>true</inherited>
- <version>2.0</version>
- <configuration>
- <source>1.8</source>
- <target>1.8</target>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
-
-</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java
index 940e9db..cd55487 100644
--- a/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java
+++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java
@@ -22,67 +22,56 @@ package org.apache.airavata;
*/
import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
-import java.util.Arrays;
+import javax.ws.rs.core.Response;
+import java.util.ArrayList;
+import java.util.List;
public class KeycloakIdentityServerClient {
- public void setAdminUserName(String adminUserName) {
- adminUserName = adminUserName;
- }
-
- public void setAdminUserPassword(String adminUserPassword) {
- this.adminUserPassword = adminUserPassword;
- }
-
- public void setRealm(String realm) {
- this.realm = realm;
- }
-
- public void setAdminUrl(String adminUrl) {
- this.adminUrl = adminUrl;
- }
-
- private String adminUrl;
- private String realm;
- private String adminUserName;
- private String adminUserPassword;
private Keycloak client;
public KeycloakIdentityServerClient(String adminUrl, String realm, String adminUserName, String adminUserPassword) {
- this.adminUrl = adminUrl;
- this.realm = realm;
- this.adminUserName = adminUserName;
- this.adminUserPassword = adminUserPassword;
this.client = Keycloak.getInstance(
- this.adminUrl,
- this.realm, // the realm to log in to
- this.adminUserName, this.adminUserPassword, // the user
- "security-admin-console");
+ adminUrl,
+ realm, // the realm to log in to
+ adminUserName, adminUserPassword, // the user
+ "admin-cli"); // admin-cli is the client ID used for keycloak admin operations.
}
- boolean createUser(){
+ boolean migrateUserStore(List<UserProfileDAO> userProfiles, String targetRealm, String tempPassword){
- CredentialRepresentation credential = new CredentialRepresentation();
- credential.setType(CredentialRepresentation.PASSWORD);
- credential.setValue("test123");
- UserRepresentation user = new UserRepresentation();
- user.setUsername("testuser");
- user.setFirstName("Test");
- user.setLastName("User");
- user.setCredentials(Arrays.asList(credential));
- this.client.realm(this.realm).users().create(user);
+ for(UserProfileDAO userProfile : userProfiles){
+ UserRepresentation user = new UserRepresentation();
+ user.setUsername(userProfile.getUserName());
+ user.setFirstName(userProfile.getFirstName());
+ user.setLastName(userProfile.getLastName());
+ user.setEmail(userProfile.getEmail());
+ user.setEnabled(true);
+ List<String> requiredActionList = new ArrayList<>();
+ requiredActionList.add("UPDATE_PASSWORD");
+ user.setRequiredActions(requiredActionList);
+ Response httpResponse = this.client.realm(targetRealm).users().create(user);
+ System.out.println(httpResponse.getStatus());
+ if(httpResponse.getStatus() == 201){ //HTTP code for record creation: HTTP 201
+ List<UserRepresentation> retrieveCreatedUserList = this.client.realm(targetRealm).users().search(user.getUsername(),
+ user.getFirstName(),
+ user.getLastName(),
+ user.getEmail(),
+ 0,1);
+ UserResource retirievedUser = this.client.realm(targetRealm).users().get(retrieveCreatedUserList.get(0).getId());
+ CredentialRepresentation credential = new CredentialRepresentation();
+ credential.setType(CredentialRepresentation.PASSWORD);
+ credential.setValue(tempPassword);
+ credential.setTemporary(true);
+ retirievedUser.resetPassword(credential);
+ System.out.println("User profile for user " + userProfile.getUserName() + " successfully migrated");
+ }else{ return false; }
+ }
return true;
}
- public static void main(String[] args){
- KeycloakIdentityServerClient client = new KeycloakIdentityServerClient("https://iam.scigap.org/auth",
- "accord.scigap.org",
- "AccordAdmin",
- "Accord@123");
- client.createUser();
- }
-
-}
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
index 5ce33d1..e9df594 100644
--- a/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
+++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
@@ -38,7 +38,7 @@ public class MigrationManager {
/*Add the credentials for all the tenants from which the profile should be migrated to Airavata DB*/
public void setISLoginCredentials(){
- adminCredentials.add(new Wso2ISLoginCredentialsDAO("prod.seagrid","UserName","Password"));
+ adminCredentials.add(new Wso2ISLoginCredentialsDAO("prod.seagrid","username","password"));
// new credential records here...
}
@@ -54,13 +54,13 @@ public class MigrationManager {
userList = isClient.getUserList("http://wso2.org/claims/givenname", "*", "default");
System.out.println("FirstName\tLastName\tEmail\t\t\tuserName\tCountry\tOrganization\tphone");
String[] claims = {"http://wso2.org/claims/givenname",
- "http://wso2.org/claims/lastname",
- "http://wso2.org/claims/emailaddress",
- "http://wso2.org/claims/country",
- "http://wso2.org/claims/organization",
- "http://wso2.org/claims/mobile",
- "http://wso2.org/claims/telephone",
- "http://wso2.org/claims/streetaddress"};
+ "http://wso2.org/claims/lastname",
+ "http://wso2.org/claims/emailaddress",
+ "http://wso2.org/claims/country",
+ "http://wso2.org/claims/organization",
+ "http://wso2.org/claims/mobile",
+ "http://wso2.org/claims/telephone",
+ "http://wso2.org/claims/streetaddress"};
for (String user : userList) {
UserProfileDAO userProfile = new UserProfileDAO();
ClaimValue[] retrievedClaimValues = isClient.getUserClaimValuesForClaims(user, claims, null);
@@ -124,16 +124,25 @@ public class MigrationManager {
return false;
}
+ private void migrateUserProfilesToKeycloak(List<UserProfileDAO> Wso2ISProfileList){
+ KeycloakIdentityServerClient client = new KeycloakIdentityServerClient("https://iam.scigap.org/auth",
+ "master",
+ "SuperRealmUsername",
+ "MasterRealmPassword");
+ client.migrateUserStore(Wso2ISProfileList,"keycloakTargetRealm","tempPassword");
+ }
+
public static void main(String[] args) {
MigrationManager migrationManager = new MigrationManager();
migrationManager.setISLoginCredentials();
List<UserProfileDAO> userProfileList = migrationManager.getUserProfilesFromWso2IS();
try {
migrationManager.migrateUserProfilesToAiravata(userProfileList);
+ migrationManager.migrateUserProfilesToKeycloak(userProfileList);
} catch (TException e) {
e.printStackTrace();
} catch (ApplicationSettingsException e) {
e.printStackTrace();
}
}
-}
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java
index 3f5cae7..48a6857 100644
--- a/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java
+++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java
@@ -55,7 +55,7 @@ public class Wso2IdentityServerClient {
/**
* Server url of the WSO2 Carbon Server
*/
- private static String SEVER_URL = "URL for Identity server";
+ private static String SEVER_URL = "https://idp.scigap.org:9443/services/";
public static RemoteUserStoreManagerServiceStub getAdminServiceClient(String adminUserName, String adminPassword, String adminService){
@@ -68,22 +68,22 @@ public class Wso2IdentityServerClient {
* because the private key and certificate file are not committed to GitHub,
* which are needed to run the client */
-// String trustStore = System.getProperty("user.dir") + File.separator +
-// "modules" + File.separator + "user-profile-migration" + File.separator +
-// "src" + File.separator + "main" + File.separator +
-// "resources" + File.separator + "wso2carbon.jks";
-// System.out.println("file path : " + trustStore);
-//
-// /**
-// * Call to https://localhost:9443/services/ uses HTTPS protocol.
-// * Therefore we to validate the server certificate or CA chain. The server certificate is looked up in the
-// * trust store.
-// * Following code sets what trust-store to look for and its JKs password.
-// */
-//
-// System.setProperty("javax.net.ssl.trustStore", trustStore );
-//
-// System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
+ String trustStore = System.getProperty("user.dir") + File.separator +
+ "modules" + File.separator + "user-profile-migration" + File.separator +
+ "src" + File.separator + "main" + File.separator +
+ "resources" + File.separator + "wso2carbon.jks";
+ System.out.println("file path : " + trustStore);
+
+ /**
+ * Call to https://localhost:9443/services/ uses HTTPS protocol.
+ * Therefore we to validate the server certificate or CA chain. The server certificate is looked up in the
+ * trust store.
+ * Following code sets what trust-store to look for and its JKs password.
+ */
+
+ System.setProperty("javax.net.ssl.trustStore", trustStore );
+
+ System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
/**
* Axis2 configuration context
@@ -134,4 +134,4 @@ public class Wso2IdentityServerClient {
}
return null;
}
-}
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert$SavingTrustManager.class
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert$SavingTrustManager.class b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert$SavingTrustManager.class
deleted file mode 100644
index 932d67a..0000000
Binary files a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert$SavingTrustManager.class and /dev/null differ
http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.class
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.class b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.class
deleted file mode 100644
index 8489c79..0000000
Binary files a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.class and /dev/null differ
http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java
index 13ca144..0504bae 100644
--- a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java
+++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java
@@ -173,7 +173,8 @@ public class InstallCert {
}
public X509Certificate[] getAcceptedIssuers() {
- throw new UnsupportedOperationException();
+ return new X509Certificate[0];
+ //throw new UnsupportedOperationException();
}
public void checkClientTrusted(X509Certificate[] chain, String authType)
@@ -188,5 +189,4 @@ public class InstallCert {
}
}
-}
-
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/iamscigaporg.cer
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/iamscigaporg.cer b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/iamscigaporg.cer
deleted file mode 100644
index 3491263..0000000
Binary files a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/iamscigaporg.cer and /dev/null differ