Search in sources :

Example 1 with RoleResource

use of org.keycloak.admin.client.resource.RoleResource in project airavata by apache.

the class TenantManagementKeycloakImpl method addRoleToUser.

@Override
public boolean addRoleToUser(PasswordCredential realmAdminCreds, String tenantId, String username, String roleName) throws IamAdminServicesException {
    Keycloak client = null;
    try {
        client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
        List<UserRepresentation> retrieveCreatedUserList = client.realm(tenantId).users().search(username, null, null, null, 0, 1);
        UserResource retrievedUser = client.realm(tenantId).users().get(retrieveCreatedUserList.get(0).getId());
        // Add user to the role
        RoleResource roleResource = client.realm(tenantId).roles().get(roleName);
        retrievedUser.roles().realmLevel().add(Arrays.asList(roleResource.toRepresentation()));
        return true;
    } catch (ApplicationSettingsException ex) {
        logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
        throw exception;
    } finally {
        if (client != null) {
            client.close();
        }
    }
}
Also used : ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) RoleResource(org.keycloak.admin.client.resource.RoleResource) UserResource(org.keycloak.admin.client.resource.UserResource) Keycloak(org.keycloak.admin.client.Keycloak)

Example 2 with RoleResource

use of org.keycloak.admin.client.resource.RoleResource in project airavata by apache.

the class TenantManagementKeycloakImpl method removeRoleFromUser.

@Override
public boolean removeRoleFromUser(PasswordCredential realmAdminCreds, String tenantId, String username, String roleName) throws IamAdminServicesException {
    Keycloak client = null;
    try {
        client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
        List<UserRepresentation> retrieveCreatedUserList = client.realm(tenantId).users().search(username, null, null, null, 0, 1);
        UserResource retrievedUser = client.realm(tenantId).users().get(retrieveCreatedUserList.get(0).getId());
        // Remove role from user
        RoleResource roleResource = client.realm(tenantId).roles().get(roleName);
        retrievedUser.roles().realmLevel().remove(Arrays.asList(roleResource.toRepresentation()));
        return true;
    } catch (ApplicationSettingsException ex) {
        logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
        throw exception;
    } finally {
        if (client != null) {
            client.close();
        }
    }
}
Also used : ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) RoleResource(org.keycloak.admin.client.resource.RoleResource) UserResource(org.keycloak.admin.client.resource.UserResource) Keycloak(org.keycloak.admin.client.Keycloak)

Example 3 with RoleResource

use of org.keycloak.admin.client.resource.RoleResource in project airavata by apache.

the class TenantManagementKeycloakImpl method createTenantAdminAccount.

@Override
public boolean createTenantAdminAccount(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails, String tenantAdminPassword) throws IamAdminServicesException {
    Keycloak client = null;
    try {
        client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), this.superAdminRealmId, isSuperAdminPasswordCreds);
        UserRepresentation user = new UserRepresentation();
        user.setUsername(gatewayDetails.getIdentityServerUserName());
        user.setFirstName(gatewayDetails.getGatewayAdminFirstName());
        user.setLastName(gatewayDetails.getGatewayAdminLastName());
        user.setEmail(gatewayDetails.getGatewayAdminEmail());
        user.setEmailVerified(true);
        user.setEnabled(true);
        Response httpResponse = client.realm(gatewayDetails.getGatewayId()).users().create(user);
        logger.info("Tenant Admin account creation exited with code : " + httpResponse.getStatus() + " : " + httpResponse.getStatusInfo());
        if (httpResponse.getStatus() == 201) {
            // HTTP code for record creation: HTTP 201
            List<UserRepresentation> retrieveCreatedUserList = client.realm(gatewayDetails.getGatewayId()).users().search(user.getUsername(), user.getFirstName(), user.getLastName(), user.getEmail(), 0, 1);
            UserResource retrievedUser = client.realm(gatewayDetails.getGatewayId()).users().get(retrieveCreatedUserList.get(0).getId());
            // Add user to the "admin" role
            RoleResource adminRoleResource = client.realm(gatewayDetails.getGatewayId()).roles().get("admin");
            retrievedUser.roles().realmLevel().add(Arrays.asList(adminRoleResource.toRepresentation()));
            CredentialRepresentation credential = new CredentialRepresentation();
            credential.setType(CredentialRepresentation.PASSWORD);
            credential.setValue(tenantAdminPassword);
            credential.setTemporary(false);
            retrievedUser.resetPassword(credential);
            List<ClientRepresentation> realmClients = client.realm(gatewayDetails.getGatewayId()).clients().findAll();
            String realmManagementClientId = null;
            for (ClientRepresentation realmClient : realmClients) {
                if (realmClient.getClientId().equals("realm-management")) {
                    realmManagementClientId = realmClient.getId();
                }
            }
            retrievedUser.roles().clientLevel(realmManagementClientId).add(retrievedUser.roles().clientLevel(realmManagementClientId).listAvailable());
            return true;
        } else {
            logger.error("Request for Tenant Admin Account Creation failed with HTTP code : " + httpResponse.getStatus());
            logger.error("Reason for Tenant Admin account creation failure : " + httpResponse.getStatusInfo());
            return false;
        }
    } catch (ApplicationSettingsException ex) {
        logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
        throw exception;
    } catch (Exception ex) {
        logger.error("Error creating Realm Admin Account in keycloak server, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error creating Realm Admin Account in keycloak server, reason: " + ex.getMessage());
        throw exception;
    } finally {
        if (client != null) {
            client.close();
        }
    }
}
Also used : ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) UserResource(org.keycloak.admin.client.resource.UserResource) IOException(java.io.IOException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) Response(javax.ws.rs.core.Response) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) RoleResource(org.keycloak.admin.client.resource.RoleResource) Keycloak(org.keycloak.admin.client.Keycloak)

Aggregations

ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)3 IamAdminServicesException (org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException)3 Keycloak (org.keycloak.admin.client.Keycloak)3 RoleResource (org.keycloak.admin.client.resource.RoleResource)3 UserResource (org.keycloak.admin.client.resource.UserResource)3 IOException (java.io.IOException)1 Response (javax.ws.rs.core.Response)1