feat: handle event listener from keycloak when edit role

src/main/java/org/cardanofoundation/authentication/controller/UserController.java

@@ -10,6 +10,7 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.constraints.Email;
 import lombok.RequiredArgsConstructor;
+import org.cardanofoundation.authentication.model.request.event.EventModel;
 import org.cardanofoundation.authentication.model.response.UserInfoResponse;
 import org.cardanofoundation.authentication.service.KeycloakService;
 import org.cardanofoundation.explorer.common.exceptions.ErrorResponse;
@@ -62,7 +63,7 @@ public ResponseEntity<Boolean> checkExistEmail(
   }
 
   @PostMapping("/role-mapping")
-  public ResponseEntity<Boolean> roleMapping(@RequestBody String resourcePath) {
-    return ResponseEntity.ok(keycloakService.roleMapping(resourcePath));
+  public ResponseEntity<Boolean> roleMapping(@RequestBody EventModel model) {
+    return ResponseEntity.ok(keycloakService.roleMapping(model));
   }
 }

src/main/java/org/cardanofoundation/authentication/model/enums/EResourceType.java

@@ -0,0 +1,5 @@
+package org.cardanofoundation.authentication.model.enums;
+
+public enum EResourceType {
+  REALM_ROLE_MAPPING, REALM_ROLE
+}

src/main/java/org/cardanofoundation/authentication/model/request/event/EventModel.java

@@ -0,0 +1,13 @@
+package org.cardanofoundation.authentication.model.request.event;
+
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class EventModel {
+
+  private String resourceType;
+
+  private String resourcePath;
+}

src/main/java/org/cardanofoundation/authentication/provider/JwtProvider.java

@@ -49,7 +49,8 @@ public List<String> getRolesFromJwtToken(String token) {
     Map<String, List<String>> realmAccessMap = (Map<String, List<String>>) claims.get(
         "realm_access");
     if (Objects.nonNull(realmAccessMap)) {
-      return realmAccessMap.get("roles");
+      List<String> allRoles = realmAccessMap.get("roles");
+      return allRoles.stream().filter(role -> role.startsWith("ROLE_")).toList();
     }
     return Collections.emptyList();
   }

src/main/java/org/cardanofoundation/authentication/provider/KeycloakProvider.java

@@ -12,8 +12,11 @@
 import org.keycloak.OAuth2Constants;
 import org.keycloak.admin.client.Keycloak;
 import org.keycloak.admin.client.KeycloakBuilder;
+import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.admin.client.resource.RolesResource;
 import org.keycloak.admin.client.resource.UsersResource;
 import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.springframework.stereotype.Component;
 
@@ -82,4 +85,11 @@ public CredentialRepresentation createPasswordCredentials(String password) {
     passwordCredentials.setValue(password);
     return passwordCredentials;
   }
+
+  public String getRoleIdByRoleName(String roleName) {
+    RealmResource realmResource = getInstance().realm(keycloakProperties.getRealm());
+    RolesResource rolesResource = realmResource.roles();
+    RoleRepresentation roleRepresentation = rolesResource.get(roleName).toRepresentation();
+    return roleRepresentation.getId();
+  }
 }

src/main/java/org/cardanofoundation/authentication/service/KeycloakService.java

@@ -1,6 +1,7 @@
 package org.cardanofoundation.authentication.service;
 
 import jakarta.servlet.http.HttpServletRequest;
+import org.cardanofoundation.authentication.model.request.event.EventModel;
 import org.cardanofoundation.authentication.model.response.UserInfoResponse;
 
 public interface KeycloakService {
@@ -24,5 +25,5 @@ public interface KeycloakService {
    * description: log out when assign, un assign role for user
    * @update:
    */
-  Boolean roleMapping(String resourcePath);
+  Boolean roleMapping(EventModel model);
 }

src/main/java/org/cardanofoundation/authentication/service/impl/AuthenticationServiceImpl.java

@@ -102,6 +102,11 @@ public SignInResponse signIn(SignInRequest signInRequest) {
     usersResource.get(user.getId()).update(user);
     redisProvider.setValue(user.getId() + "_" + Instant.now(), response.getToken());
     redisProvider.setValue(user.getId() + "_" + Instant.now(), response.getRefreshToken());
+    List<String> roles = jwtProvider.getRolesFromJwtToken(response.getToken());
+    roles.forEach(role -> {
+      String roleId = keycloakProvider.getRoleIdByRoleName(role);
+      redisProvider.setValue(roleId + "_" + Instant.now(), user.getId());
+    });
     return SignInResponse.builder().token(response.getToken()).address(signInRequest.getAddress())
         .email(signInRequest.getEmail()).tokenType(CommonConstant.TOKEN_TYPE)
         .refreshToken(response.getRefreshToken()).build();

src/main/java/org/cardanofoundation/authentication/service/impl/KeycloakServiceImpl.java

@@ -2,11 +2,14 @@
 
 import jakarta.servlet.http.HttpServletRequest;
 import java.time.Instant;
+import java.util.HashSet;
 import java.util.Objects;
 import java.util.Set;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.log4j.Log4j2;
 import org.cardanofoundation.authentication.constant.CommonConstant;
+import org.cardanofoundation.authentication.model.enums.EResourceType;
+import org.cardanofoundation.authentication.model.request.event.EventModel;
 import org.cardanofoundation.authentication.model.response.UserInfoResponse;
 import org.cardanofoundation.authentication.provider.JwtProvider;
 import org.cardanofoundation.authentication.provider.KeycloakProvider;
@@ -41,16 +44,30 @@ public UserInfoResponse infoUser(HttpServletRequest httpServletRequest) {
   }
 
   @Override
-  public Boolean roleMapping(String resourcePath) {
-    String[] resourceArr = resourcePath.split("/");
+  public Boolean roleMapping(EventModel model) {
+    String resourceType = model.getResourceType();
+    String[] resourceArr = model.getResourcePath().split("/");
     Set<String> keys = redisProvider.getKeys(resourceArr[1] + "*");
     if (Objects.nonNull(keys) && !keys.isEmpty()) {
-      keys.forEach(key -> {
-        String val = redisProvider.getValue(key);
-        redisProvider.blacklistJwt(val, resourceArr[1]);
-        redisProvider.remove(key);
-      });
+      if (resourceType.equals(EResourceType.REALM_ROLE.name())) {
+        Set<String> userPrefixKeys = new HashSet<>();
+        keys.forEach(key -> userPrefixKeys.add(redisProvider.getValue(key)));
+        Set<String> userKeys = new HashSet<>();
+        userPrefixKeys.forEach(
+            userPrefixKey -> userKeys.addAll(redisProvider.getKeys(userPrefixKey + "*")));
+        setInValidToken(userKeys);
+      } else {
+        setInValidToken(keys);
+      }
     }
     return true;
   }
+
+  private void setInValidToken(Set<String> keys) {
+    keys.forEach(key -> {
+      String val = redisProvider.getValue(key);
+      redisProvider.blacklistJwt(val, key);
+      redisProvider.remove(key);
+    });
+  }
 }

src/test/java/org/cardanofoundation/authentication/controller/UserControllerTest.java

@@ -10,6 +10,7 @@
 import com.google.gson.Gson;
 import jakarta.servlet.http.HttpServletRequest;
 import java.time.Instant;
+import org.cardanofoundation.authentication.model.request.event.EventModel;
 import org.cardanofoundation.authentication.model.response.UserInfoResponse;
 import org.cardanofoundation.authentication.provider.JwtProvider;
 import org.cardanofoundation.authentication.provider.KeycloakProvider;
@@ -68,9 +69,12 @@ void whenCallExistEmail() throws Exception {
 
   @Test
   void whenCallRoleMapping() throws Exception {
-    given(keycloakService.roleMapping("resourcePathTest")).willReturn(true);
+    EventModel model = new EventModel();
+    model.setResourcePath("test");
+    model.setResourceType("test");
+    given(keycloakService.roleMapping(model)).willReturn(true);
     mockMvc.perform(post("/api/v1/user/role-mapping")
-            .content("resourcePathTest")
+            .content(asJsonString(model))
             .contentType(MediaType.APPLICATION_JSON))
         .andExpect(status().isOk())
         .andDo(print());