You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2018/05/10 16:28:52 UTC
[airavata] 01/02: AIRAVATA-2775 Adds getUserRoles method for
fetching Keycloak roles
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch group-based-auth
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 0441cb7fefdedf211db7884debd915cfecbc64d7
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed May 9 10:01:19 2018 -0400
AIRAVATA-2775 Adds getUserRoles method for fetching Keycloak roles
---
.../core/impl/TenantManagementKeycloakImpl.java | 40 +++++++++++++++++++++-
.../admin/services/core/tests/SetupNewGateway.java | 21 ++++++++++++
2 files changed, 60 insertions(+), 1 deletion(-)
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
index 4296bca..fb4fe29 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
@@ -35,7 +35,12 @@ import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.RoleResource;
import org.keycloak.admin.client.resource.UserResource;
-import org.keycloak.representations.idm.*;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.RolesRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -46,6 +51,7 @@ import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import java.util.stream.Collectors;
public class TenantManagementKeycloakImpl implements TenantManagementInterface {
@@ -583,6 +589,38 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
}
}
+ public List<String> getUserRoles(PasswordCredential realmAdminCreds, String tenantId, String username) throws IamAdminServicesException {
+ Keycloak client = null;
+ try{
+ client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
+ List<UserRepresentation> userRepresentationList = client.realm(tenantId).users().search(username,
+ null,
+ null,
+ null,
+ 0, 1);
+ if (userRepresentationList.isEmpty()) {
+ logger.warn("No Keycloak user found for username [" + username + "] in tenant [" + tenantId + "].");
+ return null;
+ }
+ UserResource retrievedUser = client.realm(tenantId).users().get(userRepresentationList.get(0).getId());
+ return retrievedUser.roles().realmLevel().listAll()
+ .stream()
+ .map(roleRepresentation -> roleRepresentation.getName())
+ .collect(Collectors.toList());
+ } catch (ApplicationSettingsException ex) {
+ logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
+ IamAdminServicesException exception = new IamAdminServicesException();
+ exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
+ throw exception;
+ } finally {
+ if (client != null) {
+ logger.debug("getUserRoles: closing client...");
+ client.close();
+ logger.debug("getUserRoles: client closed");
+ }
+ }
+ }
+
private UserProfile convertUserRepresentationToUserProfile(UserRepresentation userRepresentation, String tenantId) {
UserProfile profile = new UserProfile();
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java b/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
index 3b9fae1..611629a 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
@@ -18,6 +18,8 @@ public class SetupNewGateway {
public static void main(String[] args) {
findUser();
+// final PasswordCredential tenantAdminCreds = createTenantAdminCreds("tenant", "admin", "admin-password");
+// getUserRoles(tenantAdminCreds, "username");
}
public static void setUpGateway(){
@@ -114,4 +116,23 @@ public class SetupNewGateway {
e.printStackTrace();
}
}
+
+ public static void getUserRoles(PasswordCredential tenantAdminCreds, String username) {
+ TenantManagementKeycloakImpl keycloakClient = new TenantManagementKeycloakImpl();
+
+ try {
+ List<String> roleNames = keycloakClient.getUserRoles(tenantAdminCreds, tenantAdminCreds.getGatewayId(), username);
+ System.out.println("Roles=" + roleNames);
+ } catch (IamAdminServicesException e) {
+ e.printStackTrace();
+ }
+ }
+
+ private static PasswordCredential createTenantAdminCreds(String tenantId, String username, String password) {
+ PasswordCredential tenantAdminCreds = new PasswordCredential();
+ tenantAdminCreds.setGatewayId(tenantId);
+ tenantAdminCreds.setLoginUserName(username);
+ tenantAdminCreds.setPassword(password);
+ return tenantAdminCreds;
+ }
}
--
To stop receiving notification emails like this one, please contact
machristie@apache.org.