Search in sources :

Example 11 with IamAdminServicesException

use of org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException in project airavata by apache.

the class TenantManagementKeycloakImpl method removeRoleFromUser.

@Override
public boolean removeRoleFromUser(PasswordCredential realmAdminCreds, String tenantId, String username, String roleName) throws IamAdminServicesException {
    Keycloak client = null;
    try {
        client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
        List<UserRepresentation> retrieveCreatedUserList = client.realm(tenantId).users().search(username, null, null, null, 0, 1);
        UserResource retrievedUser = client.realm(tenantId).users().get(retrieveCreatedUserList.get(0).getId());
        // Remove role from user
        RoleResource roleResource = client.realm(tenantId).roles().get(roleName);
        retrievedUser.roles().realmLevel().remove(Arrays.asList(roleResource.toRepresentation()));
        return true;
    } catch (ApplicationSettingsException ex) {
        logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
        throw exception;
    } finally {
        if (client != null) {
            client.close();
        }
    }
}
Also used : ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) RoleResource(org.keycloak.admin.client.resource.RoleResource) UserResource(org.keycloak.admin.client.resource.UserResource) Keycloak(org.keycloak.admin.client.Keycloak)

Example 12 with IamAdminServicesException

use of org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException in project airavata by apache.

the class TenantManagementKeycloakImpl method configureClient.

@Override
public Gateway configureClient(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException {
    Keycloak client = null;
    try {
        client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), this.superAdminRealmId, isSuperAdminPasswordCreds);
        ClientRepresentation pgaClient = new ClientRepresentation();
        pgaClient.setName("pga");
        pgaClient.setClientId("pga");
        pgaClient.setProtocol("openid-connect");
        pgaClient.setStandardFlowEnabled(true);
        pgaClient.setEnabled(true);
        pgaClient.setAuthorizationServicesEnabled(true);
        pgaClient.setDirectAccessGrantsEnabled(true);
        pgaClient.setServiceAccountsEnabled(true);
        pgaClient.setFullScopeAllowed(true);
        pgaClient.setClientAuthenticatorType("client-secret");
        List<String> redirectUris = new ArrayList<>();
        if (gatewayDetails.getGatewayURL() != null) {
            String gatewayURL = gatewayDetails.getGatewayURL();
            // Remove trailing slash from gatewayURL
            if (gatewayURL.endsWith("/")) {
                gatewayURL = gatewayURL.substring(0, gatewayURL.length() - 1);
            }
            // Add redirect URL after login
            redirectUris.add(gatewayURL + "/callback-url");
            // Add redirect URL after logout
            redirectUris.add(gatewayURL);
        } else {
            logger.error("Request for Realm Client Creation failed, callback URL not present");
            IamAdminServicesException ex = new IamAdminServicesException();
            ex.setMessage("Gateway Url field in GatewayProfile cannot be empty, Realm Client creation failed");
            throw ex;
        }
        pgaClient.setRedirectUris(redirectUris);
        pgaClient.setPublicClient(false);
        Response httpResponse = client.realms().realm(gatewayDetails.getGatewayId()).clients().create(pgaClient);
        logger.info("Tenant Client configuration exited with code : " + httpResponse.getStatus() + " : " + httpResponse.getStatusInfo());
        if (httpResponse.getStatus() == 201) {
            String ClientUUID = client.realms().realm(gatewayDetails.getGatewayId()).clients().findByClientId(pgaClient.getClientId()).get(0).getId();
            CredentialRepresentation clientSecret = client.realms().realm(gatewayDetails.getGatewayId()).clients().get(ClientUUID).getSecret();
            gatewayDetails.setOauthClientId(pgaClient.getClientId());
            gatewayDetails.setOauthClientSecret(clientSecret.getValue());
            return gatewayDetails;
        } else {
            logger.error("Request for Realm Client Creation failed with HTTP code : " + httpResponse.getStatus());
            logger.error("Reason for Realm Client Creation failure : " + httpResponse.getStatusInfo());
            return null;
        }
    } catch (ApplicationSettingsException ex) {
        logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
        throw exception;
    } finally {
        if (client != null) {
            client.close();
        }
    }
}
Also used : Response(javax.ws.rs.core.Response) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) ArrayList(java.util.ArrayList) Keycloak(org.keycloak.admin.client.Keycloak)

Example 13 with IamAdminServicesException

use of org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException in project airavata by apache.

the class TenantManagementKeycloakImpl method enableUserAccount.

@Override
public boolean enableUserAccount(PasswordCredential realmAdminCreds, String tenantId, String username) throws IamAdminServicesException {
    Keycloak client = null;
    try {
        client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
        List<UserRepresentation> userResourceList = client.realm(tenantId).users().search(username, 0, 1);
        UserResource userResource = client.realm(tenantId).users().get(userResourceList.get(0).getId());
        UserRepresentation profile = userResource.toRepresentation();
        profile.setEnabled(true);
        // We require that a user verify their email before enabling the account
        profile.setEmailVerified(true);
        userResource.update(profile);
        return true;
    } catch (ApplicationSettingsException ex) {
        logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
        throw exception;
    } finally {
        if (client != null) {
            client.close();
        }
    }
}
Also used : ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) UserResource(org.keycloak.admin.client.resource.UserResource) Keycloak(org.keycloak.admin.client.Keycloak)

Example 14 with IamAdminServicesException

use of org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException in project airavata by apache.

the class TenantManagementKeycloakImpl method createUser.

@Override
public boolean createUser(PasswordCredential realmAdminCreds, String tenantId, String username, String emailAddress, String firstName, String lastName, String newPassword) throws IamAdminServicesException {
    Keycloak client = null;
    try {
        client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
        UserRepresentation user = new UserRepresentation();
        user.setUsername(username);
        user.setFirstName(firstName);
        user.setLastName(lastName);
        user.setEmail(emailAddress);
        user.setEnabled(false);
        Response httpResponse = client.realm(tenantId).users().create(user);
        if (httpResponse.getStatus() == 201) {
            // HTTP code for record creation: HTTP 201
            List<UserRepresentation> retrieveCreatedUserList = client.realm(tenantId).users().search(user.getUsername(), user.getFirstName(), user.getLastName(), user.getEmail(), 0, 1);
            UserResource retrievedUser = client.realm(tenantId).users().get(retrieveCreatedUserList.get(0).getId());
            CredentialRepresentation credential = new CredentialRepresentation();
            credential.setType(CredentialRepresentation.PASSWORD);
            credential.setValue(newPassword);
            credential.setTemporary(false);
            retrievedUser.resetPassword(credential);
        } else {
            logger.error("Request for user Account Creation failed with HTTP code : " + httpResponse.getStatus());
            logger.error("Reason for user account creation failure : " + httpResponse.getStatusInfo());
            return false;
        }
    } catch (ApplicationSettingsException ex) {
        logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
        throw exception;
    } finally {
        if (client != null) {
            client.close();
        }
    }
    return false;
}
Also used : Response(javax.ws.rs.core.Response) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) UserResource(org.keycloak.admin.client.resource.UserResource) Keycloak(org.keycloak.admin.client.Keycloak)

Example 15 with IamAdminServicesException

use of org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException in project airavata by apache.

the class TenantManagementKeycloakImpl method createTenantAdminAccount.

@Override
public boolean createTenantAdminAccount(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails, String tenantAdminPassword) throws IamAdminServicesException {
    Keycloak client = null;
    try {
        client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), this.superAdminRealmId, isSuperAdminPasswordCreds);
        UserRepresentation user = new UserRepresentation();
        user.setUsername(gatewayDetails.getIdentityServerUserName());
        user.setFirstName(gatewayDetails.getGatewayAdminFirstName());
        user.setLastName(gatewayDetails.getGatewayAdminLastName());
        user.setEmail(gatewayDetails.getGatewayAdminEmail());
        user.setEmailVerified(true);
        user.setEnabled(true);
        Response httpResponse = client.realm(gatewayDetails.getGatewayId()).users().create(user);
        logger.info("Tenant Admin account creation exited with code : " + httpResponse.getStatus() + " : " + httpResponse.getStatusInfo());
        if (httpResponse.getStatus() == 201) {
            // HTTP code for record creation: HTTP 201
            List<UserRepresentation> retrieveCreatedUserList = client.realm(gatewayDetails.getGatewayId()).users().search(user.getUsername(), user.getFirstName(), user.getLastName(), user.getEmail(), 0, 1);
            UserResource retrievedUser = client.realm(gatewayDetails.getGatewayId()).users().get(retrieveCreatedUserList.get(0).getId());
            // Add user to the "admin" role
            RoleResource adminRoleResource = client.realm(gatewayDetails.getGatewayId()).roles().get("admin");
            retrievedUser.roles().realmLevel().add(Arrays.asList(adminRoleResource.toRepresentation()));
            CredentialRepresentation credential = new CredentialRepresentation();
            credential.setType(CredentialRepresentation.PASSWORD);
            credential.setValue(tenantAdminPassword);
            credential.setTemporary(false);
            retrievedUser.resetPassword(credential);
            List<ClientRepresentation> realmClients = client.realm(gatewayDetails.getGatewayId()).clients().findAll();
            String realmManagementClientId = null;
            for (ClientRepresentation realmClient : realmClients) {
                if (realmClient.getClientId().equals("realm-management")) {
                    realmManagementClientId = realmClient.getId();
                }
            }
            retrievedUser.roles().clientLevel(realmManagementClientId).add(retrievedUser.roles().clientLevel(realmManagementClientId).listAvailable());
            return true;
        } else {
            logger.error("Request for Tenant Admin Account Creation failed with HTTP code : " + httpResponse.getStatus());
            logger.error("Reason for Tenant Admin account creation failure : " + httpResponse.getStatusInfo());
            return false;
        }
    } catch (ApplicationSettingsException ex) {
        logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
        throw exception;
    } catch (Exception ex) {
        logger.error("Error creating Realm Admin Account in keycloak server, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error creating Realm Admin Account in keycloak server, reason: " + ex.getMessage());
        throw exception;
    } finally {
        if (client != null) {
            client.close();
        }
    }
}
Also used : ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) UserResource(org.keycloak.admin.client.resource.UserResource) IOException(java.io.IOException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) Response(javax.ws.rs.core.Response) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) RoleResource(org.keycloak.admin.client.resource.RoleResource) Keycloak(org.keycloak.admin.client.Keycloak)

Aggregations

IamAdminServicesException (org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException)25 ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)21 PasswordCredential (org.apache.airavata.model.credential.store.PasswordCredential)12 TenantManagementKeycloakImpl (org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl)12 Keycloak (org.keycloak.admin.client.Keycloak)11 SecurityCheck (org.apache.airavata.service.security.interceptor.SecurityCheck)9 TException (org.apache.thrift.TException)8 UserResource (org.keycloak.admin.client.resource.UserResource)8 IOException (java.io.IOException)5 ArrayList (java.util.ArrayList)5 UserProfile (org.apache.airavata.model.user.UserProfile)4 Response (javax.ws.rs.core.Response)3 RoleResource (org.keycloak.admin.client.resource.RoleResource)3 Gateway (org.apache.airavata.model.workspace.Gateway)2 CredentialStoreService (org.apache.airavata.credential.store.cpi.CredentialStoreService)1 CredentialStoreException (org.apache.airavata.credential.store.exception.CredentialStoreException)1 AuthorizationException (org.apache.airavata.model.error.AuthorizationException)1 RegistryServiceException (org.apache.airavata.registry.api.exception.RegistryServiceException)1 UserProfileServiceException (org.apache.airavata.service.profile.user.cpi.exception.UserProfileServiceException)1 TBinaryProtocol (org.apache.thrift.protocol.TBinaryProtocol)1