Package org.trustdeck.service
Class DomainOIDCService
java.lang.Object
org.trustdeck.service.DomainOIDCService
This class is responsible for handling OIDC (OpenID Connect) related operations for domain-level interactions
within the application. E.g. for rights and roles management in Keycloak.
- Author:
- Eric Wündisch and Armin Müller
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected CachingServiceCaching service to improve performance by caching frequently used OIDC data.protected JwtPropertiesJWT configuration properties, handling token attributes like expiration and signing.protected RoleConfigRole configuration to manage role-based access control and authorization in the domain. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncanBeUsedAsDomainGroup(String domainName) Checks if a domain name can be used as a group name within the Keycloak realm.voidcreateDomainGroupsAndRolesAndJoin(String domainName, String userId) Creates a new set of domain-related groups and roles, and assigns them to a user.voidRemoves all non-operation-role-groups from Keycloak by first removing all users from the group and then removing the group from Keycloak.voidRemoves all non-operation roles for all users.voidleaveAndDeleteDomainGroupsAndRoles(String domainName) Removes all users from groups containing this domain name and deletes the groups.voidupdateDomainGroups(String oldDomainName, String newDomainName, String userId) Updates the name of domain-related groups and roles within the Keycloak server.
-
Field Details
-
jwtProperties
JWT configuration properties, handling token attributes like expiration and signing. -
roleConfig
Role configuration to manage role-based access control and authorization in the domain. -
cachingService
Caching service to improve performance by caching frequently used OIDC data.
-
-
Constructor Details
-
DomainOIDCService
public DomainOIDCService()
-
-
Method Details
-
canBeUsedAsDomainGroup
Checks if a domain name can be used as a group name within the Keycloak realm. This method iterates through all operation-groups and checks if any sub-group with the specified domain name already exists. If a matching group is found, it returnsfalse, indicating that the domain name is already in use.- Parameters:
domainName- the domain name to be checked- Returns:
trueif the domain name is not in use, orfalseif a group with this name already exists
-
createDomainGroupsAndRolesAndJoin
Creates a new set of domain-related groups and roles, and assigns them to a user.- Parameters:
domainName- the name of the domain to be createduserId- the unique identifier of the user to be added to the groups
-
leaveAndDeleteDomainGroupsAndRoles
Removes all users from groups containing this domain name and deletes the groups. Updates the cache entries for the affected users. Additionally, the role for this domainName is removed from all users and then deleted.- Parameters:
domainName- the name of the domain that should be purged from Keycloak
-
deleteAllDomainGroups
public void deleteAllDomainGroups()Removes all non-operation-role-groups from Keycloak by first removing all users from the group and then removing the group from Keycloak. Initiates a cache update on the removed users. The audit trail user type names are also kept as groups. -
deleteAllDomainRoles
public void deleteAllDomainRoles()Removes all non-operation roles for all users. Deletes the roles from Keycloak. -
updateDomainGroups
Updates the name of domain-related groups and roles within the Keycloak server.- Parameters:
oldDomainName- the name of the domain to be updatednewDomainName- the new name to be assigned to the domain-related roles and groupsuserId- the ID of the user for which the groups and roles should be updated
-