use of org.eclipse.che.multiuser.keycloak.server.deploy.KeycloakUserRemoverModule in project che-server by eclipse-che.
the class WsMasterModule method configureMultiUserMode.
private void configureMultiUserMode(Map<String, String> persistenceProperties, String infrastructure) {
if (OpenShiftInfrastructure.NAME.equals(infrastructure) || KubernetesInfrastructure.NAME.equals(infrastructure)) {
install(new ReplicationModule(persistenceProperties));
bind(org.eclipse.che.multiuser.permission.workspace.infra.kubernetes.BrokerServicePermissionFilter.class);
configureJwtProxySecureProvisioner(infrastructure);
} else {
bind(RemoteSubscriptionStorage.class).to(org.eclipse.che.api.core.notification.InmemoryRemoteSubscriptionStorage.class);
bind(WorkspaceLockService.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceLockService.class);
bind(WorkspaceStatusCache.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceStatusCache.class);
}
if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
bind(KubernetesClientConfigFactory.class).to(KubernetesOidcProviderConfigFactory.class);
} else if (OpenShiftInfrastructure.NAME.equals(infrastructure)) {
bind(KubernetesClientConfigFactory.class).to(KeycloakProviderConfigFactory.class);
}
persistenceProperties.put(PersistenceUnitProperties.EXCEPTION_HANDLER_CLASS, "org.eclipse.che.core.db.postgresql.jpa.eclipselink.PostgreSqlExceptionHandler");
bind(DataSource.class).toProvider(org.eclipse.che.core.db.JndiDataSourceProvider.class);
install(new org.eclipse.che.multiuser.api.permission.server.jpa.SystemPermissionsJpaModule());
install(new org.eclipse.che.multiuser.api.permission.server.PermissionsModule());
install(new org.eclipse.che.multiuser.permission.workspace.server.WorkspaceApiPermissionsModule());
install(new org.eclipse.che.multiuser.permission.workspace.server.jpa.MultiuserWorkspaceJpaModule());
install(new MultiUserWorkspaceActivityModule());
install(new org.eclipse.che.multiuser.permission.devfile.server.jpa.MultiuserUserDevfileJpaModule());
install(new org.eclipse.che.multiuser.permission.devfile.server.UserDevfileApiPermissionsModule());
// Permission filters
bind(org.eclipse.che.multiuser.permission.system.SystemServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.system.JvmServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.system.SystemEventsSubscriptionPermissionsCheck.class);
Multibinder<String> binder = Multibinder.newSetBinder(binder(), String.class, Names.named(SYSTEM_DOMAIN_ACTIONS));
binder.addBinding().toInstance(UserServicePermissionsFilter.MANAGE_USERS_ACTION);
bind(org.eclipse.che.multiuser.permission.user.UserProfileServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.user.UserServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.logger.LoggerServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.workspace.activity.ActivityPermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.resource.filters.ResourceServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.resource.filters.FreeResourcesLimitServicePermissionsFilter.class);
install(new ResourceModule());
install(new OrganizationApiModule());
install(new OrganizationJpaModule());
if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
bind(RequestTokenExtractor.class).to(HeaderRequestTokenExtractor.class);
if (KubernetesInfrastructure.NAME.equals(infrastructure)) {
bind(OIDCInfo.class).toProvider(OIDCInfoProvider.class).asEagerSingleton();
bind(SigningKeyResolver.class).to(OIDCSigningKeyResolver.class);
bind(JwtParser.class).toProvider(OIDCJwtParserProvider.class);
bind(JwkProvider.class).toProvider(OIDCJwkProvider.class);
}
bind(TokenValidator.class).to(NotImplementedTokenValidator.class);
bind(ProfileDao.class).to(JpaProfileDao.class);
bind(OAuthAPI.class).to(EmbeddedOAuthAPI.class);
} else {
install(new KeycloakModule());
install(new KeycloakUserRemoverModule());
bind(AdminPermissionInitializer.class).asEagerSingleton();
bind(RequestTokenExtractor.class).to(ChainedTokenExtractor.class);
}
install(new MachineAuthModule());
// User and profile - use profile from keycloak and other stuff is JPA
bind(PasswordEncryptor.class).to(PBKDF2PasswordEncryptor.class);
bind(UserDao.class).to(JpaUserDao.class);
bind(PreferenceDao.class).to(JpaPreferenceDao.class);
bind(PermissionChecker.class).to(PermissionCheckerImpl.class);
bindConstant().annotatedWith(Names.named("che.agents.auth_enabled")).to(true);
install(new InfraProxyModule());
}
use of org.eclipse.che.multiuser.keycloak.server.deploy.KeycloakUserRemoverModule in project devspaces-images by redhat-developer.
the class WsMasterModule method configureMultiUserMode.
private void configureMultiUserMode(Map<String, String> persistenceProperties, String infrastructure) {
if (OpenShiftInfrastructure.NAME.equals(infrastructure) || KubernetesInfrastructure.NAME.equals(infrastructure)) {
install(new ReplicationModule(persistenceProperties));
bind(org.eclipse.che.multiuser.permission.workspace.infra.kubernetes.BrokerServicePermissionFilter.class);
configureJwtProxySecureProvisioner(infrastructure);
} else {
bind(RemoteSubscriptionStorage.class).to(org.eclipse.che.api.core.notification.InmemoryRemoteSubscriptionStorage.class);
bind(WorkspaceLockService.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceLockService.class);
bind(WorkspaceStatusCache.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceStatusCache.class);
}
if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
bind(KubernetesClientConfigFactory.class).to(KubernetesOidcProviderConfigFactory.class);
} else if (OpenShiftInfrastructure.NAME.equals(infrastructure)) {
bind(KubernetesClientConfigFactory.class).to(KeycloakProviderConfigFactory.class);
}
persistenceProperties.put(PersistenceUnitProperties.EXCEPTION_HANDLER_CLASS, "org.eclipse.che.core.db.postgresql.jpa.eclipselink.PostgreSqlExceptionHandler");
bind(DataSource.class).toProvider(org.eclipse.che.core.db.JndiDataSourceProvider.class);
install(new org.eclipse.che.multiuser.api.permission.server.jpa.SystemPermissionsJpaModule());
install(new org.eclipse.che.multiuser.api.permission.server.PermissionsModule());
install(new org.eclipse.che.multiuser.permission.workspace.server.WorkspaceApiPermissionsModule());
install(new org.eclipse.che.multiuser.permission.workspace.server.jpa.MultiuserWorkspaceJpaModule());
install(new MultiUserWorkspaceActivityModule());
install(new org.eclipse.che.multiuser.permission.devfile.server.jpa.MultiuserUserDevfileJpaModule());
install(new org.eclipse.che.multiuser.permission.devfile.server.UserDevfileApiPermissionsModule());
// Permission filters
bind(org.eclipse.che.multiuser.permission.system.SystemServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.system.JvmServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.system.SystemEventsSubscriptionPermissionsCheck.class);
Multibinder<String> binder = Multibinder.newSetBinder(binder(), String.class, Names.named(SYSTEM_DOMAIN_ACTIONS));
binder.addBinding().toInstance(UserServicePermissionsFilter.MANAGE_USERS_ACTION);
bind(org.eclipse.che.multiuser.permission.user.UserProfileServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.user.UserServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.logger.LoggerServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.workspace.activity.ActivityPermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.resource.filters.ResourceServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.resource.filters.FreeResourcesLimitServicePermissionsFilter.class);
install(new ResourceModule());
install(new OrganizationApiModule());
install(new OrganizationJpaModule());
if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
bind(RequestTokenExtractor.class).to(HeaderRequestTokenExtractor.class);
if (KubernetesInfrastructure.NAME.equals(infrastructure)) {
bind(OIDCInfo.class).toProvider(OIDCInfoProvider.class).asEagerSingleton();
bind(SigningKeyResolver.class).to(OIDCSigningKeyResolver.class);
bind(JwtParser.class).toProvider(OIDCJwtParserProvider.class);
bind(JwkProvider.class).toProvider(OIDCJwkProvider.class);
}
bind(TokenValidator.class).to(NotImplementedTokenValidator.class);
bind(ProfileDao.class).to(JpaProfileDao.class);
bind(OAuthAPI.class).to(EmbeddedOAuthAPI.class);
} else {
install(new KeycloakModule());
install(new KeycloakUserRemoverModule());
bind(AdminPermissionInitializer.class).asEagerSingleton();
bind(RequestTokenExtractor.class).to(ChainedTokenExtractor.class);
}
install(new MachineAuthModule());
// User and profile - use profile from keycloak and other stuff is JPA
bind(PasswordEncryptor.class).to(PBKDF2PasswordEncryptor.class);
bind(UserDao.class).to(JpaUserDao.class);
bind(PreferenceDao.class).to(JpaPreferenceDao.class);
bind(PermissionChecker.class).to(PermissionCheckerImpl.class);
bindConstant().annotatedWith(Names.named("che.agents.auth_enabled")).to(true);
install(new InfraProxyModule());
}
Aggregations