Package org.trustdeck.service

Class ProjectOIDCService

java.lang.Object
org.trustdeck.service.ProjectOIDCService
@Service public class ProjectOIDCService extends Object
This class is responsible for handling OIDC (OpenID Connect) related operations for project-level interactions within the application. E.g. for rights and roles management in Keycloak.
Author:
Eric Wündisch and Armin Müller

  • Field Details

    • jwtProperties

      @Autowired protected JwtProperties jwtProperties
      JWT configuration properties, handling token attributes like expiration and signing.

    • roleConfig

      @Autowired protected RoleConfig roleConfig
      Role configuration to manage role-based access control and authorization in the project.

    • cachingService

      @Autowired protected CachingService cachingService
      Caching service to improve performance by caching frequently used OIDC data.

  • Constructor Details

    • ProjectOIDCService

      public ProjectOIDCService()

  • Method Details

    • createProjectGroupsAndRolesAndJoin

      public void createProjectGroupsAndRolesAndJoin(String projectName, String userId)
      Creates a new set of project-related groups and roles, and assigns them to a user.
      Parameters:
      projectName - the name of the project to be created
      userId - the unique identifier of the user to be added to the groups

    • leaveAndDeleteProjectGroupsAndRoles

      public void leaveAndDeleteProjectGroupsAndRoles(String projectName)
      Removes all users from groups containing this project name and deletes the groups. Updates the cache entries for the affected users. Additionally, the role for this projectName is removed from all users and then deleted.
      Parameters:
      projectName - the name of the project that should be purged from Keycloak

    • deleteAllProjectGroups

      public void deleteAllProjectGroups()
      Removes all role-groups from Keycloak except the basic, non-project-specific roles by first removing all users from the group and then removing the group from Keycloak. Initiates a cache update on the removed users. The audit trail user type names are also kept as groups.

    • deleteAllProjectRoles

      public void deleteAllProjectRoles()
      Removes all non-operation roles for all users. Deletes the roles from Keycloak.

    • updateProjectGroups

      public void updateProjectGroups(String oldProjectName, String newProjectName, String userId)
      Updates the name of project-related groups and roles within the Keycloak server.
      Parameters:
      oldProjectName - the name of the project to be updated
      newProjectName - the new name to be assigned to the project-related roles and groups

    • canBeUsedAsProjectGroup

      public Boolean canBeUsedAsProjectGroup(String projectName)
      Checks if a project name can be used as a group name within the Keycloak realm. This method iterates through all role-groups and checks if any sub-group with the specified project name already exists. If a matching group is found, it returns false, indicating that the project name is already in use.
      Parameters:
      projectName - the project name to be checked
      Returns:
      true if the project name is not in use, or false if a group with this name already exists