Package org.trustdeck.service

Class OidcService

java.lang.Object
org.trustdeck.service.OidcService
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean
@Service public class OidcService extends Object implements org.springframework.beans.factory.InitializingBean
This class provides services for managing clients, roles, and groups within a Keycloak realm. It uses the Keycloak Admin Client to interact with the server and offers various operations, such as creating roles, groups, and assigning roles to groups.
Author:
Eric Wündisch, Armin Müller

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected JwtProperties
    jwtProperties
    Configuration properties for JWT (JSON Web Token) authentication.
    protected RoleConfig
    roleConfig
    Configuration for defining the operation-roles required by the application.

  • Constructor Summary

    Constructors
    Constructor
    Description
    OidcService()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    addRolesToUser(List<String> roleNames, String userId)
    Adds the specified roles to a user.
    boolean
    addRoleToUser(String roleName, String userId)
    Adds a single role to a user.
    Boolean
    addUserToGroup(String groupId, String userId)
    Adds a user to a specified group in the Keycloak server.
    Boolean
    addUserToGroups(List<String> groupIds, String userId)
    Adds a user to multiple groups in the Keycloak server.
    void
    afterPropertiesSet()
    Initializes the Keycloak client and sets up the necessary roles and groups.
    void
    assignRoleToGroup(String groupId, org.keycloak.representations.idm.RoleRepresentation roleRepresentation)
    Assigns a specified client role to a group in the Keycloak server.
    org.keycloak.representations.idm.RoleRepresentation
    createClientRole(String roleName)
    Creates a new client role in the Keycloak server.
    org.keycloak.representations.idm.GroupRepresentation
    createParentGroup(String groupName)
    Creates a new parent group in the Keycloak server.
    org.keycloak.representations.idm.GroupRepresentation
    createSubGroup(String parentGroupId, String groupName)
    Creates a new subgroup under a specified parent group in the Keycloak server.
    protected org.keycloak.admin.client.resource.ClientResource
    getClientResource()
    Retrieves the client resource from Keycloak based on the configured client ID.
    org.keycloak.representations.idm.RoleRepresentation
    getClientRoleByName(String roleName)
    Retrieves the representation of a client role by its name.
    List<String>
    getClientRoles()
    Retrieves a list of all client role names for the currently configured Keycloak client.
    Map<String,String>
    getFederationProviderMap()
    Retrieves a map of all configured user storage providers (e.g.
    List<org.keycloak.representations.idm.GroupRepresentation>
    getGroupsByUserId(String userId)
    Retrieves a list of groups that the specified user belongs to.
    protected org.keycloak.admin.client.resource.RealmResource
    getKeycloakRealm()
    Retrieves the Keycloak realm resource based on the configured realm name.
    org.keycloak.representations.idm.GroupRepresentation
    getMainGroupACE()
    Retrieves the main group representation for ACE (domain handling) from the Keycloak server.
    org.keycloak.representations.idm.GroupRepresentation
    getMainGroupKING()
    Retrieves the main group representation for KING (project handling) from the Keycloak server.
    List<org.keycloak.representations.idm.GroupRepresentation>
    getRealmGroups()
    Retrieves a list of all (top-level) groups within the configured Keycloak realm.
    List<org.keycloak.representations.idm.GroupRepresentation>
    getRealmGroupsWithSubGroups()
    This method first fetches all top-level groups and then recursively retrieves all their subgroups to build a complete group hierarchy.
    protected void
    init()
    Initializes the Keycloak client and sets up the necessary groups and roles.
    boolean
    removeClientRole(String roleName)
    Deletes a specified client role from the Keycloak server.
    boolean
    removeClientRole(org.keycloak.representations.idm.RoleRepresentation roleRepresentation)
    Deletes a specified client role from the Keycloak server.
    void
    removeGroupById(String groupId)
    Deletes a group from the Keycloak server using its unique identifier.
    boolean
    removeRoleFromUser(String roleName, String userId)
    Removes a single role from a user.
    boolean
    removeRolesFromUser(List<String> roleNames, String userId)
    Removes the specified roles from a user.
    Boolean
    removeUserFromGroup(String groupId, String userId)
    Removes a user from a specified group in the Keycloak server.
    Boolean
    removeUserFromGroups(List<String> groupIds, String userId)
    Removes a user from multiple groups in the Keycloak server.
    List<org.keycloak.representations.idm.UserRepresentation>
    searchUsers(String query)
    Searches for users based on a search term.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • jwtProperties

      @Autowired protected JwtProperties jwtProperties
      Configuration properties for JWT (JSON Web Token) authentication.

    • roleConfig

      @Autowired protected RoleConfig roleConfig
      Configuration for defining the operation-roles required by the application.

  • Constructor Details

    • OidcService

      public OidcService()

  • Method Details

    • afterPropertiesSet

      public void afterPropertiesSet()
      Initializes the Keycloak client and sets up the necessary roles and groups. Called by the Spring framework after the OidcService-Bean's properties have been set.
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

    • getKeycloakRealm

      protected org.keycloak.admin.client.resource.RealmResource getKeycloakRealm()
      Retrieves the Keycloak realm resource based on the configured realm name. The realm resource is the access point for managing all aspects of a Keycloak realm.
      Returns:
      RealmResource the Keycloak realm resource for the configured realm.

    • getClientResource

      protected org.keycloak.admin.client.resource.ClientResource getClientResource() throws UnexpectedResultSizeException
      Retrieves the client resource from Keycloak based on the configured client ID. If the client UUID is already known, it uses it directly; otherwise, it searches for the client by its ID.
      Returns:
      ClientResource the client resource for the specified client.
      Throws:
      UnexpectedResultSizeException - if the number of clients with the given ID is not exactly one.

    • init

      protected void init()
      Initializes the Keycloak client and sets up the necessary groups and roles. This method ensures that the required roles and groups are present in the Keycloak realm.

    • createClientRole

      public org.keycloak.representations.idm.RoleRepresentation createClientRole(String roleName)
      Creates a new client role in the Keycloak server. This method creates a role with the specified name and assigns it as a client role for the currently configured Keycloak client. If the role is successfully created, it retrieves and returns the created role representation.
      Parameters:
      roleName - the name of the role to be created
      Returns:
      RoleRepresentation the representation of the newly created role, or null if the role could not be created

    • getClientRoles

      public List<String> getClientRoles()
      Retrieves a list of all client role names for the currently configured Keycloak client. This method interacts with the Keycloak Admin API to fetch all roles defined for the client. It returns a list of the names of these roles. Each role is represented using the RoleRepresentation class, and only the role names are extracted and returned.
      Returns:
      List of String containing the names of all roles associated with the configured client, or null if the role is not found or an error occurs.

    • getClientRoleByName

      public org.keycloak.representations.idm.RoleRepresentation getClientRoleByName(String roleName)
      Retrieves the representation of a client role by its name.
      Parameters:
      roleName - the name of the role to be retrieved
      Returns:
      RoleRepresentation containing the details of the specified role, or null if the role is not found or an error occurs.

    • removeClientRole

      public boolean removeClientRole(String roleName)
      Deletes a specified client role from the Keycloak server.
      Parameters:
      roleName - the name of the role to be deleted
      Returns:
      true if the role is successfully deleted, or false if an error occurs.

    • removeClientRole

      public boolean removeClientRole(org.keycloak.representations.idm.RoleRepresentation roleRepresentation)
      Deletes a specified client role from the Keycloak server.
      Parameters:
      roleRepresentation - the RoleRepresentation object representing the role to be deleted
      Returns:
      true if the role is successfully deleted, or false if an error occurs.

    • getRealmGroups

      public List<org.keycloak.representations.idm.GroupRepresentation> getRealmGroups()
      Retrieves a list of all (top-level) groups within the configured Keycloak realm.
      Returns:
      List of GroupRepresentation containing all groups in the current realm.

    • getRealmGroupsWithSubGroups

      public List<org.keycloak.representations.idm.GroupRepresentation> getRealmGroupsWithSubGroups()
      This method first fetches all top-level groups and then recursively retrieves all their subgroups to build a complete group hierarchy.
      Returns:
      A list of all GroupRepresentation objects including top-level groups and all their nested subgroups

    • getMainGroupACE

      public org.keycloak.representations.idm.GroupRepresentation getMainGroupACE()
      Retrieves the main group representation for ACE (domain handling) from the Keycloak server.
      Returns:
      GroupRepresentation of the main group if found, or null if no such group exists.

    • getMainGroupKING

      public org.keycloak.representations.idm.GroupRepresentation getMainGroupKING()
      Retrieves the main group representation for KING (project handling) from the Keycloak server.
      Returns:
      GroupRepresentation of the main group if found, or null if no such group exists.

    • getGroupsByUserId

      public List<org.keycloak.representations.idm.GroupRepresentation> getGroupsByUserId(String userId)
      Retrieves a list of groups that the specified user belongs to.
      Parameters:
      userId - the unique identifier of the user for whom the groups are to be retrieved.
      Returns:
      List of GroupRepresentation containing all groups the user is a member of, or an empty list if the user ID is invalid or the user has no groups.

    • createParentGroup

      public org.keycloak.representations.idm.GroupRepresentation createParentGroup(String groupName)
      Creates a new parent group in the Keycloak server.
      Parameters:
      groupName - the name of the parent group
      Returns:
      GroupRepresentation of the newly created parent group, or null if the creation fails

    • createSubGroup

      public org.keycloak.representations.idm.GroupRepresentation createSubGroup(String parentGroupId, String groupName)
      Creates a new subgroup under a specified parent group in the Keycloak server.
      Parameters:
      parentGroupId - the unique identifier of the parent group under which the new subgroup will be created
      groupName - the name of the new subgroup to be created
      Returns:
      GroupRepresentation of the newly created subgroup, or null if the creation fails

    • removeGroupById

      public void removeGroupById(String groupId)
      Deletes a group from the Keycloak server using its unique identifier.
      Parameters:
      groupId - the unique identifier of the group to be deleted

    • assignRoleToGroup

      public void assignRoleToGroup(String groupId, org.keycloak.representations.idm.RoleRepresentation roleRepresentation)
      Assigns a specified client role to a group in the Keycloak server.
      Parameters:
      groupId - the unique identifier of the group to which the role will be assigned
      roleRepresentation - the RoleRepresentation object representing the role to be assigned

    • addUserToGroup

      public Boolean addUserToGroup(String groupId, String userId)
      Adds a user to a specified group in the Keycloak server.
      Parameters:
      groupId - the unique identifier of the group that the user will join
      userId - the unique identifier of the user to be added to the group
      Returns:
      true if the user is successfully added to the group, or false if an error occurs.

    • addUserToGroups

      public Boolean addUserToGroups(List<String> groupIds, String userId)
      Adds a user to multiple groups in the Keycloak server.
      Parameters:
      groupIds - a list of group IDs representing the groups to which the user will be added
      userId - the unique identifier of the user to be added to the groups
      Returns:
      true if the user is successfully added to all groups, or false if any operation fails.

    • removeUserFromGroup

      public Boolean removeUserFromGroup(String groupId, String userId)
      Removes a user from a specified group in the Keycloak server.
      Parameters:
      groupId - the unique identifier of the group that the user will leave
      userId - the unique identifier of the user to be removed from to the group
      Returns:
      true if the user is successfully removed from the group, or false if an error occurs.

    • removeUserFromGroups

      public Boolean removeUserFromGroups(List<String> groupIds, String userId)
      Removes a user from multiple groups in the Keycloak server.
      Parameters:
      groupIds - a list of group IDs representing the groups from which the user will be removed
      userId - the unique identifier of the user to be removed from the groups
      Returns:
      true if the user is successfully removed from all groups, or false if any operation fails.

    • removeRolesFromUser

      public boolean removeRolesFromUser(List<String> roleNames, String userId)
      Removes the specified roles from a user.
      Parameters:
      roleNames - a list of roles that should be deleted
      userId - the id of the user
      Returns:
      true if removal was successful, false otherwise

    • removeRoleFromUser

      public boolean removeRoleFromUser(String roleName, String userId)
      Removes a single role from a user.
      Parameters:
      roleName - the role that should be deleted
      userId - the id of the user
      Returns:
      true if removal was successful, false otherwise

    • addRolesToUser

      public boolean addRolesToUser(List<String> roleNames, String userId)
      Adds the specified roles to a user.
      Parameters:
      roleNames - a list of roles that should be added
      userId - the id of the user
      Returns:
      true if addition was successful, false otherwise

    • addRoleToUser

      public boolean addRoleToUser(String roleName, String userId)
      Adds a single role to a user.
      Parameters:
      roleName - the role that should be added
      userId - the id of the user
      Returns:
      true if addition was successful, false otherwise

    • getFederationProviderMap

      public Map<String,String> getFederationProviderMap()
      Retrieves a map of all configured user storage providers (e.g. LDAP, Kerberos, etc.) aka federation providers.
      Returns:
      a map that associates the IDs of the federation providers with their names.

    • searchUsers

      public List<org.keycloak.representations.idm.UserRepresentation> searchUsers(String query)
      Searches for users based on a search term.
      Parameters:
      query - The search term used to find users.
      Returns:
      a list of the found users.