Created
October 22, 2021 10:18
-
-
Save msavy/e3732532493e55f22b43a896c103dc79 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/manager/api/rest-impl/pom.xml b/manager/api/rest-impl/pom.xml | |
index f45c365a7..48b23591d 100644 | |
--- a/manager/api/rest-impl/pom.xml | |
+++ b/manager/api/rest-impl/pom.xml | |
@@ -93,6 +93,11 @@ | |
<groupId>com.fasterxml.jackson.dataformat</groupId> | |
<artifactId>jackson-dataformat-xml</artifactId> | |
</dependency> | |
+ <dependency> | |
+ <groupId>com.fasterxml.jackson.jaxrs</groupId> | |
+ <artifactId>jackson-jaxrs-json-provider</artifactId> | |
+ <version>${version.com.fasterxml.jackson}</version> | |
+ </dependency> | |
<dependency> | |
<groupId>javax.enterprise</groupId> | |
<artifactId>cdi-api</artifactId> | |
diff --git a/manager/api/security/pom.xml b/manager/api/security/pom.xml | |
index 4ba21c68a..e3c06cdea 100644 | |
--- a/manager/api/security/pom.xml | |
+++ b/manager/api/security/pom.xml | |
@@ -57,10 +57,10 @@ | |
<artifactId>keycloak-core</artifactId> | |
<scope>provided</scope> | |
</dependency> | |
- <dependency> | |
- <groupId>org.keycloak</groupId> | |
- <artifactId>keycloak-admin-client</artifactId> | |
- <version>${version.org.keycloak}</version> | |
- </dependency> | |
+<!-- <dependency>--> | |
+<!-- <groupId>org.keycloak</groupId>--> | |
+<!-- <artifactId>keycloak-admin-client</artifactId>--> | |
+<!-- <version>${version.org.keycloak}</version>--> | |
+<!-- </dependency>--> | |
</dependencies> | |
</project> | |
diff --git a/manager/api/security/src/main/java/io/apiman/manager/api/security/impl/KeycloakAdminClient.java b/manager/api/security/src/main/java/io/apiman/manager/api/security/impl/KeycloakAdminClient.java | |
index 8845e6c3d..294346b2b 100644 | |
--- a/manager/api/security/src/main/java/io/apiman/manager/api/security/impl/KeycloakAdminClient.java | |
+++ b/manager/api/security/src/main/java/io/apiman/manager/api/security/impl/KeycloakAdminClient.java | |
@@ -1,74 +1,74 @@ | |
-package io.apiman.manager.api.security.impl; | |
- | |
-import io.apiman.manager.api.beans.idm.UserDto; | |
- | |
-import java.util.List; | |
-import java.util.Set; | |
-import java.util.stream.Collectors; | |
- | |
-import org.keycloak.adapters.KeycloakDeployment; | |
-import org.keycloak.admin.client.Keycloak; | |
-import org.keycloak.representations.idm.UserRepresentation; | |
- | |
-/** | |
- * @author Marc Savy {@literal <marc@blackparrotlabs.io>} | |
- */ | |
-public class KeycloakAdminClient { | |
- | |
- public static final String APIMAN_CLIENT = "apiman"; | |
- private final KeycloakDeployment keycloakDeployment; | |
- | |
- public KeycloakAdminClient(KeycloakDeployment keycloakDeployment) { | |
- this.keycloakDeployment = keycloakDeployment; | |
- } | |
- | |
- /** | |
- * Please be careful when using this not to ask for roles that may have a massive number of users. | |
- * <p> | |
- * If that is required, then a paginated approach may be necessary. | |
- * <p> | |
- * Ensure that the APIMAN_CLIENT has 'service accounts enabled' set to true. This allows Apiman to speak to Keycloak | |
- * using the client name + secret to interact with the Keycloak API. | |
- * <p> | |
- * Ignores users who are not enabled. | |
- * | |
- * @param roleName the name of the role. | |
- * @return the user IDs of users for a given role. | |
- */ | |
- public List<UserDto> getUsersForRole(String roleName) { | |
- Keycloak client = getClient(); | |
- Set<UserRepresentation> users = client.realm(keycloakDeployment.getRealm()) | |
- .clients().get(APIMAN_CLIENT) | |
- .roles().get(roleName) | |
- .getRoleUserMembers(); | |
- return users.stream() | |
- .filter(UserRepresentation::isEnabled) | |
- // .filter(UserRepresentation::isEmailVerified) | |
- .map(this::toUserBean) | |
- .collect(Collectors.toList()); | |
- } | |
- | |
- private UserDto toUserBean(UserRepresentation userRepresentation) { | |
- return new UserDto() | |
- .setId(userRepresentation.getId()) | |
- .setUsername(userRepresentation.getUsername()) | |
- .setEmail(userRepresentation.getEmail()) | |
- .setFullName(userRepresentation.getFirstName() + " " + userRepresentation.getLastName()); | |
- } | |
- | |
- private Keycloak getClient() { | |
- String secret = (String) keycloakDeployment.getResourceCredentials().get("secret"); | |
- | |
- if (secret == null) { | |
- throw new IllegalArgumentException("No client secret defined in Keycloak config"); | |
- } | |
- | |
- return Keycloak.getInstance( | |
- keycloakDeployment.getAuthServerBaseUrl(), | |
- keycloakDeployment.getRealm(), | |
- APIMAN_CLIENT, // TODO can I get this from the deployment somehow? | |
- secret, | |
- APIMAN_CLIENT | |
- ); | |
- } | |
-} | |
+// package io.apiman.manager.api.security.impl; | |
+// | |
+// import io.apiman.manager.api.beans.idm.UserDto; | |
+// | |
+// import java.util.List; | |
+// import java.util.Set; | |
+// import java.util.stream.Collectors; | |
+// | |
+// import org.keycloak.adapters.KeycloakDeployment; | |
+// import org.keycloak.admin.client.Keycloak; | |
+// import org.keycloak.representations.idm.UserRepresentation; | |
+// | |
+// /** | |
+// * @author Marc Savy {@literal <marc@blackparrotlabs.io>} | |
+// */ | |
+// public class KeycloakAdminClient { | |
+// | |
+// public static final String APIMAN_CLIENT = "apiman"; | |
+// private final KeycloakDeployment keycloakDeployment; | |
+// | |
+// public KeycloakAdminClient(KeycloakDeployment keycloakDeployment) { | |
+// this.keycloakDeployment = keycloakDeployment; | |
+// } | |
+// | |
+// /** | |
+// * Please be careful when using this not to ask for roles that may have a massive number of users. | |
+// * <p> | |
+// * If that is required, then a paginated approach may be necessary. | |
+// * <p> | |
+// * Ensure that the APIMAN_CLIENT has 'service accounts enabled' set to true. This allows Apiman to speak to Keycloak | |
+// * using the client name + secret to interact with the Keycloak API. | |
+// * <p> | |
+// * Ignores users who are not enabled. | |
+// * | |
+// * @param roleName the name of the role. | |
+// * @return the user IDs of users for a given role. | |
+// */ | |
+// public List<UserDto> getUsersForRole(String roleName) { | |
+// Keycloak client = getClient(); | |
+// Set<UserRepresentation> users = client.realm(keycloakDeployment.getRealm()) | |
+// .clients().get(APIMAN_CLIENT) | |
+// .roles().get(roleName) | |
+// .getRoleUserMembers(); | |
+// return users.stream() | |
+// .filter(UserRepresentation::isEnabled) | |
+// // .filter(UserRepresentation::isEmailVerified) | |
+// .map(this::toUserBean) | |
+// .collect(Collectors.toList()); | |
+// } | |
+// | |
+// private UserDto toUserBean(UserRepresentation userRepresentation) { | |
+// return new UserDto() | |
+// .setId(userRepresentation.getId()) | |
+// .setUsername(userRepresentation.getUsername()) | |
+// .setEmail(userRepresentation.getEmail()) | |
+// .setFullName(userRepresentation.getFirstName() + " " + userRepresentation.getLastName()); | |
+// } | |
+// | |
+// private Keycloak getClient() { | |
+// String secret = (String) keycloakDeployment.getResourceCredentials().get("secret"); | |
+// | |
+// if (secret == null) { | |
+// throw new IllegalArgumentException("No client secret defined in Keycloak config"); | |
+// } | |
+// | |
+// return Keycloak.getInstance( | |
+// keycloakDeployment.getAuthServerBaseUrl(), | |
+// keycloakDeployment.getRealm(), | |
+// APIMAN_CLIENT, // TODO can I get this from the deployment somehow? | |
+// secret, | |
+// APIMAN_CLIENT | |
+// ); | |
+// } | |
+// } | |
diff --git a/manager/api/security/src/main/java/io/apiman/manager/api/security/impl/KeycloakSecurityContext.java b/manager/api/security/src/main/java/io/apiman/manager/api/security/impl/KeycloakSecurityContext.java | |
index 2d6628cef..03393d055 100644 | |
--- a/manager/api/security/src/main/java/io/apiman/manager/api/security/impl/KeycloakSecurityContext.java | |
+++ b/manager/api/security/src/main/java/io/apiman/manager/api/security/impl/KeycloakSecurityContext.java | |
@@ -19,6 +19,7 @@ import io.apiman.common.logging.ApimanLoggerFactory; | |
import io.apiman.common.logging.IApimanLogger; | |
import io.apiman.manager.api.beans.idm.UserDto; | |
+import java.util.Collections; | |
import java.util.List; | |
import java.util.stream.Collectors; | |
import java.util.stream.Stream; | |
@@ -36,7 +37,7 @@ import org.keycloak.adapters.RefreshableKeycloakSecurityContext; | |
@ApplicationScoped @Alternative | |
public class KeycloakSecurityContext extends AbstractSecurityContext { | |
private static final IApimanLogger LOGGER = ApimanLoggerFactory.getLogger(KeycloakSecurityContext.class); | |
- private volatile KeycloakAdminClient keycloakAdminClient; | |
+ // private volatile KeycloakAdminClient keycloakAdminClient; | |
/** | |
* Constructor. | |
@@ -82,9 +83,10 @@ public class KeycloakSecurityContext extends AbstractSecurityContext { | |
@Override | |
public List<UserDto> getRemoteUsersWithRole(String roleName) { | |
- List<UserDto> keycloakUsersWithRole = getKeycloakAdminClient().getUsersForRole(roleName); | |
- LOGGER.debug("Keycloak users for role {0} (using same realm as configured): {2}", roleName, keycloakUsersWithRole); | |
- return keycloakUsersWithRole; | |
+ // List<UserDto> keycloakUsersWithRole = getKeycloakAdminClient().getUsersForRole(roleName); | |
+ // LOGGER.debug("Keycloak users for role {0} (using same realm as configured): {2}", roleName, keycloakUsersWithRole); | |
+ // return keycloakUsersWithRole; | |
+ return Collections.emptyList(); | |
} | |
/** | |
@@ -100,15 +102,15 @@ public class KeycloakSecurityContext extends AbstractSecurityContext { | |
.collect(Collectors.toUnmodifiableList()); | |
} | |
- private KeycloakAdminClient getKeycloakAdminClient() { | |
- if (keycloakAdminClient == null) { | |
- synchronized (this) { | |
- HttpServletRequest request = servletRequest.get(); | |
- RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getAttribute(org.keycloak.KeycloakSecurityContext.class.getName()); | |
- keycloakAdminClient = new KeycloakAdminClient(session.getDeployment()); | |
- return keycloakAdminClient; | |
- } | |
- } | |
- return keycloakAdminClient; | |
- } | |
+ // private KeycloakAdminClient getKeycloakAdminClient() { | |
+ // if (keycloakAdminClient == null) { | |
+ // synchronized (this) { | |
+ // HttpServletRequest request = servletRequest.get(); | |
+ // RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getAttribute(org.keycloak.KeycloakSecurityContext.class.getName()); | |
+ // keycloakAdminClient = new KeycloakAdminClient(session.getDeployment()); | |
+ // return keycloakAdminClient; | |
+ // } | |
+ // } | |
+ // return keycloakAdminClient; | |
+ // } | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment