-
Notifications
You must be signed in to change notification settings - Fork 0
/
KeycloakServiceImpl.java
85 lines (76 loc) · 3.13 KB
/
KeycloakServiceImpl.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package org.cardanofoundation.authentication.service.impl;
import jakarta.servlet.http.HttpServletRequest;
import java.time.Instant;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import lombok.RequiredArgsConstructor;
import lombok.extern.log4j.Log4j2;
import org.cardanofoundation.authentication.constant.CommonConstant;
import org.cardanofoundation.authentication.model.enums.EResourceType;
import org.cardanofoundation.authentication.model.request.event.EventModel;
import org.cardanofoundation.authentication.model.response.UserInfoResponse;
import org.cardanofoundation.authentication.provider.JwtProvider;
import org.cardanofoundation.authentication.provider.KeycloakProvider;
import org.cardanofoundation.authentication.provider.RedisProvider;
import org.cardanofoundation.authentication.service.KeycloakService;
import org.keycloak.representations.idm.UserRepresentation;
import org.springframework.stereotype.Service;
@Service
@RequiredArgsConstructor
@Log4j2
public class KeycloakServiceImpl implements KeycloakService {
private final KeycloakProvider keycloakProvider;
private final JwtProvider jwtProvider;
private final RedisProvider redisProvider;
@Override
public Boolean checkExistEmail(String email) {
UserRepresentation user = keycloakProvider.getUser(email);
return !Objects.isNull(user);
}
@Override
public UserInfoResponse infoUser(HttpServletRequest httpServletRequest) {
String accountId = jwtProvider.getAccountIdFromJwtToken(httpServletRequest);
UserRepresentation user = keycloakProvider.getResource().get(accountId).toRepresentation();
return UserInfoResponse.builder().username(user.getUsername())
.lastLogin(Instant.parse(user.firstAttribute(CommonConstant.ATTRIBUTE_LOGIN_TIME))).build();
}
@Override
public Boolean roleMapping(EventModel model) {
log.info("resource type: " + model.getResourceType());
log.info("resource path: " + model.getResourcePath());
String resourceType = model.getResourceType();
String[] resourceArr = model.getResourcePath().split("/");
Set<String> keys = redisProvider.getKeys(resourceArr[1] + "*");
if (Objects.nonNull(keys) && !keys.isEmpty()) {
if (resourceType.equals(EResourceType.REALM_ROLE.name())) {
log.info("role id: " + resourceArr[1]);
Set<String> userPrefixKeys = new HashSet<>();
keys.forEach(key -> {
String val = redisProvider.getValue(key);
if (Objects.nonNull(val)) {
userPrefixKeys.add(val);
}
});
Set<String> userKeys = new HashSet<>();
userPrefixKeys.forEach(
userPrefixKey -> userKeys.addAll(redisProvider.getKeys(userPrefixKey + "*")));
setInValidToken(userKeys);
} else {
log.info("user id: " + resourceArr[1] );
setInValidToken(keys);
}
}
return true;
}
private void setInValidToken(Set<String> keys) {
keys.forEach(key -> {
String val = redisProvider.getValue(key);
if (Objects.nonNull(val)) {
redisProvider.blacklistJwt(val, key);
redisProvider.remove(key);
log.info("black list: " + key);
}
});
}
}