Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Direct integration, Keycloak #288

Merged
merged 3 commits into from
Jul 18, 2022
Merged

Direct integration, Keycloak #288

merged 3 commits into from
Jul 18, 2022

Conversation

taba90
Copy link
Contributor

@taba90 taba90 commented Jun 24, 2022

  • Adds Keycloak UserDAO
  • Adds Keycloak UserGroup
  • Adds mapping logic for Roles from keycloak to GeoStore.

@taba90 taba90 requested a review from offtherailz June 24, 2022 11:43
@taba90 taba90 mentioned this pull request Jul 4, 2022
Closed
@ale-cristofori ale-cristofori mentioned this pull request Jul 4, 2022
Closed
4 tasks
@taba90 taba90 force-pushed the keycloak-direct-integration branch from e587648 to 220ba58 Compare July 5, 2022 09:36
@ale-cristofori ale-cristofori mentioned this pull request Jul 5, 2022
Open
@taba90 taba90 force-pushed the keycloak-direct-integration branch 3 times, most recently from cee9c9a to bb73f8d Compare July 12, 2022 07:43
@taba90 taba90 mentioned this pull request Jul 12, 2022
Open
@taba90 taba90 force-pushed the keycloak-direct-integration branch 3 times, most recently from 64134d6 to bf7d80c Compare July 13, 2022 10:30
offtherailz
offtherailz requested changes Jul 14, 2022
View reviewed changes
src/web/app/src/main/resources/geostore-spring-security.xml Outdated
Comment on lines 172 to 175


<!-- Uncomment the following to use Keycloak as a User and Group persistence layer.

<bean id="keycloakUserDAO" class="it.geosolutions.geostore.services.rest.security.keycloak.KeycloakUserDAO">
<constructor-arg ref="keycloakRESTClient"/>
</bean>
<alias name="keycloakUserDAO" alias="userDAO"/>

<bean id="keycloakUserGroupDAO" class="it.geosolutions.geostore.services.rest.security.keycloak.KeycloakUserGroupDAO">
<constructor-arg ref="keycloakRESTClient"/>
</bean>
<alias name="keycloakUserGroupDAO" alias="userGroupDAO"/>

<alias name="externalSecurityDAO" alias="securityDAO"/>

-->


Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replace with

Suggested change
<!-- Uncomment the following to use Keycloak as a User and Group persistence layer.
<bean id="keycloakUserDAO" class="it.geosolutions.geostore.services.rest.security.keycloak.KeycloakUserDAO">
<constructor-arg ref="keycloakRESTClient"/>
</bean>
<alias name="keycloakUserDAO" alias="userDAO"/>
<bean id="keycloakUserGroupDAO" class="it.geosolutions.geostore.services.rest.security.keycloak.KeycloakUserGroupDAO">
<constructor-arg ref="keycloakRESTClient"/>
</bean>
<alias name="keycloakUserGroupDAO" alias="userGroupDAO"/>
<alias name="externalSecurityDAO" alias="securityDAO"/>
-->
<!-- security itegration inclusions -->
<import resource="classpath*:security-integration-${security.integration:default}.xml"/>

and add files for secuirity-integration-default.xml and secuirity-integration-keycloak-direct.xml

src/modules/rest/api/src/main/java/it/geosolutions/geostore/services/rest/IdPLoginRest.java Outdated
@@ -43,14 +45,24 @@ public interface IdPLoginRest {

@GET
@Path("/{provider}/login")
@Secured({"ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS"})
@Secured({"ROLE_USER", "ROLE_ADMIN", "ROLE_GUEST", "ROLE_ANONYMOUS"})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We didn't support this for the moment, so please remove

Suggested change
@Secured({"ROLE_USER", "ROLE_ADMIN", "ROLE_GUEST", "ROLE_ANONYMOUS"})
@Secured({"ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS"})

src/modules/rest/api/src/main/java/it/geosolutions/geostore/services/rest/IdPLoginRest.java Outdated
void login(@PathParam("provider") String provider) throws NotFoundWebEx;

@GET
@Path("/{provider}/callback")
@Secured({"ROLE_USER", "ROLE_ADMIN","ROLE_ANONYMOUS"})
@Secured({"ROLE_USER", "ROLE_ADMIN", "ROLE_GUEST","ROLE_ANONYMOUS"})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
@Secured({"ROLE_USER", "ROLE_ADMIN", "ROLE_GUEST","ROLE_ANONYMOUS"})
@Secured({"ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS"})

src/modules/rest/api/src/main/java/it/geosolutions/geostore/services/rest/IdPLoginRest.java Outdated
Response callback(@PathParam("provider") String provider) throws NotFoundWebEx;

@GET
@Path("/{provider}/tokens")
@Secured({"ROLE_USER", "ROLE_ADMIN", "ROLE_GUEST","ROLE_ANONYMOUS"})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
@Secured({"ROLE_USER", "ROLE_ADMIN", "ROLE_GUEST","ROLE_ANONYMOUS"})
@Secured({"ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS"})

@offtherailz offtherailz mentioned this pull request Jul 14, 2022
Merged
12 tasks
@taba90 taba90 force-pushed the keycloak-direct-integration branch from 7b52eba to d0506ed Compare July 15, 2022 09:18
@taba90 taba90 force-pushed the keycloak-direct-integration branch from d0506ed to 42f5845 Compare July 15, 2022 09:20
@offtherailz offtherailz self-requested a review July 15, 2022 16:57
@offtherailz
Copy link
Member

going to merge next week

@ale-cristofori
Copy link

going to merge next week

@offtherailz, keep me posted when done

@offtherailz offtherailz merged commit 9fe9c30 into geosolutions-it:master Jul 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@offtherailz offtherailz offtherailz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@taba90 @offtherailz @ale-cristofori