adding keycloak userstore migrator
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/ec35622d Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/ec35622d Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/ec35622d Branch: refs/heads/develop Commit: ec35622d02a970a31dfe47c4b13312665143167d Parents: 8327c29 Author: Anuj Bhandar <[email protected]> Authored: Sun Apr 23 16:32:54 2017 -0400 Committer: Anuj Bhandar <[email protected]> Committed: Mon May 1 15:31:37 2017 -0400 ---------------------------------------------------------------------- jssecacerts | Bin 114936 -> 0 bytes modules/user-profile-migration/pom.xml | 134 ------------------- .../airavata/KeycloakIdentityServerClient.java | 85 +++++------- .../org/apache/airavata/MigrationManager.java | 27 ++-- .../airavata/Wso2IdentityServerClient.java | 36 ++--- .../utils/InstallCert$SavingTrustManager.class | Bin 1164 -> 0 bytes .../org/apache/airavata/utils/InstallCert.class | Bin 5947 -> 0 bytes .../org/apache/airavata/utils/InstallCert.java | 6 +- .../org/apache/airavata/utils/iamscigaporg.cer | Bin 1411 -> 0 bytes 9 files changed, 76 insertions(+), 212 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/jssecacerts ---------------------------------------------------------------------- diff --git a/jssecacerts b/jssecacerts deleted file mode 100644 index 8b1b783..0000000 Binary files a/jssecacerts and /dev/null differ http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/pom.xml ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/pom.xml b/modules/user-profile-migration/pom.xml deleted file mode 100644 index 2171c8f..0000000 --- a/modules/user-profile-migration/pom.xml +++ /dev/null @@ -1,134 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> -<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> - <parent> - <artifactId>airavata</artifactId> - <groupId>org.apache.airavata</groupId> - <version>0.17-SNAPSHOT</version> - <relativePath>../../pom.xml</relativePath> - </parent> - - <modelVersion>4.0.0</modelVersion> - - <artifactId>user-profile-migration</artifactId> - - <repositories> - <repository> - <id>wso2-maven2-repository</id> - <url>http://dist.wso2.org/maven2</url> - </repository> - <repository> - <id>apache-maven2-repo</id> - <name>Apache Maven2 Repository</name> - <url>http://repo1.maven.org/maven2/</url> - </repository> - </repositories> - - <dependencies> - <dependency> - <groupId>org.apache.axis2.wso2</groupId> - <artifactId>axis2</artifactId> - <version>1.6.1.wso2v1</version> - </dependency> - <dependency> - <groupId>org.wso2.securevault</groupId> - <artifactId>org.wso2.securevault</artifactId> - <version>1.0.0</version> - </dependency> - <dependency> - <groupId>commons-httpclient</groupId> - <artifactId>commons-httpclient</artifactId> - <version>3.1</version> - </dependency> - <!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient --> - <dependency> - <groupId>org.apache.httpcomponents</groupId> - <artifactId>httpclient</artifactId> - <version>4.5.3</version> - </dependency> - - <dependency> - <groupId>org.wso2.carbon</groupId> - <artifactId>org.wso2.carbon.um.ws.api.stub</artifactId> - <version>4.0.2</version> - </dependency> - <!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java --> - <dependency> - <groupId>mysql</groupId> - <artifactId>mysql-connector-java</artifactId> - <version>5.1.6</version> - </dependency> - <dependency> - <groupId>org.apache.airavata</groupId> - <artifactId>user-profile-stubs</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> - <groupId>org.apache.airavata</groupId> - <artifactId>airavata-commons</artifactId> - <version>0.17-SNAPSHOT</version> - </dependency> - <dependency> - <groupId>org.apache.airavata</groupId> - <artifactId>airavata-data-models</artifactId> - <version>${project.version}</version> - </dependency> - <!-- https://mvnrepository.com/artifact/javax.ws.rs/javax.ws.rs-api --> - <dependency> - <groupId>javax.ws.rs</groupId> - <artifactId>javax.ws.rs-api</artifactId> - <version>2.0.1</version> - </dependency> - <!-- https://mvnrepository.com/artifact/org.jboss.resteasy/resteasy-client --> - <dependency> - <groupId>org.jboss.resteasy</groupId> - <artifactId>resteasy-client</artifactId> - <version>3.1.2.Final</version> - </dependency> - <!-- https://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client --> - <dependency> - <groupId>org.keycloak</groupId> - <artifactId>keycloak-admin-client</artifactId> - <version>3.0.0.Final</version> - </dependency> - </dependencies> - - - <build> - <sourceDirectory>src/main/java</sourceDirectory> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <inherited>true</inherited> - <version>2.0</version> - <configuration> - <source>1.8</source> - <target>1.8</target> - </configuration> - </plugin> - </plugins> - </build> - - -</project> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java index 940e9db..cd55487 100644 --- a/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java +++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java @@ -22,67 +22,56 @@ package org.apache.airavata; */ import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.UserRepresentation; -import java.util.Arrays; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; public class KeycloakIdentityServerClient { - public void setAdminUserName(String adminUserName) { - adminUserName = adminUserName; - } - - public void setAdminUserPassword(String adminUserPassword) { - this.adminUserPassword = adminUserPassword; - } - - public void setRealm(String realm) { - this.realm = realm; - } - - public void setAdminUrl(String adminUrl) { - this.adminUrl = adminUrl; - } - - private String adminUrl; - private String realm; - private String adminUserName; - private String adminUserPassword; private Keycloak client; public KeycloakIdentityServerClient(String adminUrl, String realm, String adminUserName, String adminUserPassword) { - this.adminUrl = adminUrl; - this.realm = realm; - this.adminUserName = adminUserName; - this.adminUserPassword = adminUserPassword; this.client = Keycloak.getInstance( - this.adminUrl, - this.realm, // the realm to log in to - this.adminUserName, this.adminUserPassword, // the user - "security-admin-console"); + adminUrl, + realm, // the realm to log in to + adminUserName, adminUserPassword, // the user + "admin-cli"); // admin-cli is the client ID used for keycloak admin operations. } - boolean createUser(){ + boolean migrateUserStore(List<UserProfileDAO> userProfiles, String targetRealm, String tempPassword){ - CredentialRepresentation credential = new CredentialRepresentation(); - credential.setType(CredentialRepresentation.PASSWORD); - credential.setValue("test123"); - UserRepresentation user = new UserRepresentation(); - user.setUsername("testuser"); - user.setFirstName("Test"); - user.setLastName("User"); - user.setCredentials(Arrays.asList(credential)); - this.client.realm(this.realm).users().create(user); + for(UserProfileDAO userProfile : userProfiles){ + UserRepresentation user = new UserRepresentation(); + user.setUsername(userProfile.getUserName()); + user.setFirstName(userProfile.getFirstName()); + user.setLastName(userProfile.getLastName()); + user.setEmail(userProfile.getEmail()); + user.setEnabled(true); + List<String> requiredActionList = new ArrayList<>(); + requiredActionList.add("UPDATE_PASSWORD"); + user.setRequiredActions(requiredActionList); + Response httpResponse = this.client.realm(targetRealm).users().create(user); + System.out.println(httpResponse.getStatus()); + if(httpResponse.getStatus() == 201){ //HTTP code for record creation: HTTP 201 + List<UserRepresentation> retrieveCreatedUserList = this.client.realm(targetRealm).users().search(user.getUsername(), + user.getFirstName(), + user.getLastName(), + user.getEmail(), + 0,1); + UserResource retirievedUser = this.client.realm(targetRealm).users().get(retrieveCreatedUserList.get(0).getId()); + CredentialRepresentation credential = new CredentialRepresentation(); + credential.setType(CredentialRepresentation.PASSWORD); + credential.setValue(tempPassword); + credential.setTemporary(true); + retirievedUser.resetPassword(credential); + System.out.println("User profile for user " + userProfile.getUserName() + " successfully migrated"); + }else{ return false; } + } return true; } - public static void main(String[] args){ - KeycloakIdentityServerClient client = new KeycloakIdentityServerClient("https://iam.scigap.org/auth";, - "accord.scigap.org", - "AccordAdmin", - "Accord@123"); - client.createUser(); - } - -} +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java index 5ce33d1..e9df594 100644 --- a/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java +++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java @@ -38,7 +38,7 @@ public class MigrationManager { /*Add the credentials for all the tenants from which the profile should be migrated to Airavata DB*/ public void setISLoginCredentials(){ - adminCredentials.add(new Wso2ISLoginCredentialsDAO("prod.seagrid","UserName","Password")); + adminCredentials.add(new Wso2ISLoginCredentialsDAO("prod.seagrid","username","password")); // new credential records here... } @@ -54,13 +54,13 @@ public class MigrationManager { userList = isClient.getUserList("http://wso2.org/claims/givenname";, "*", "default"); System.out.println("FirstName\tLastName\tEmail\t\t\tuserName\tCountry\tOrganization\tphone"); String[] claims = {"http://wso2.org/claims/givenname";, - "http://wso2.org/claims/lastname";, - "http://wso2.org/claims/emailaddress";, - "http://wso2.org/claims/country";, - "http://wso2.org/claims/organization";, - "http://wso2.org/claims/mobile";, - "http://wso2.org/claims/telephone";, - "http://wso2.org/claims/streetaddress"}; + "http://wso2.org/claims/lastname";, + "http://wso2.org/claims/emailaddress";, + "http://wso2.org/claims/country";, + "http://wso2.org/claims/organization";, + "http://wso2.org/claims/mobile";, + "http://wso2.org/claims/telephone";, + "http://wso2.org/claims/streetaddress"}; for (String user : userList) { UserProfileDAO userProfile = new UserProfileDAO(); ClaimValue[] retrievedClaimValues = isClient.getUserClaimValuesForClaims(user, claims, null); @@ -124,16 +124,25 @@ public class MigrationManager { return false; } + private void migrateUserProfilesToKeycloak(List<UserProfileDAO> Wso2ISProfileList){ + KeycloakIdentityServerClient client = new KeycloakIdentityServerClient("https://iam.scigap.org/auth";, + "master", + "SuperRealmUsername", + "MasterRealmPassword"); + client.migrateUserStore(Wso2ISProfileList,"keycloakTargetRealm","tempPassword"); + } + public static void main(String[] args) { MigrationManager migrationManager = new MigrationManager(); migrationManager.setISLoginCredentials(); List<UserProfileDAO> userProfileList = migrationManager.getUserProfilesFromWso2IS(); try { migrationManager.migrateUserProfilesToAiravata(userProfileList); + migrationManager.migrateUserProfilesToKeycloak(userProfileList); } catch (TException e) { e.printStackTrace(); } catch (ApplicationSettingsException e) { e.printStackTrace(); } } -} +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java index 3f5cae7..48a6857 100644 --- a/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java +++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java @@ -55,7 +55,7 @@ public class Wso2IdentityServerClient { /** * Server url of the WSO2 Carbon Server */ - private static String SEVER_URL = "URL for Identity server"; + private static String SEVER_URL = "https://idp.scigap.org:9443/services/";; public static RemoteUserStoreManagerServiceStub getAdminServiceClient(String adminUserName, String adminPassword, String adminService){ @@ -68,22 +68,22 @@ public class Wso2IdentityServerClient { * because the private key and certificate file are not committed to GitHub, * which are needed to run the client */ -// String trustStore = System.getProperty("user.dir") + File.separator + -// "modules" + File.separator + "user-profile-migration" + File.separator + -// "src" + File.separator + "main" + File.separator + -// "resources" + File.separator + "wso2carbon.jks"; -// System.out.println("file path : " + trustStore); -// -// /** -// * Call to https://localhost:9443/services/ uses HTTPS protocol. -// * Therefore we to validate the server certificate or CA chain. The server certificate is looked up in the -// * trust store. -// * Following code sets what trust-store to look for and its JKs password. -// */ -// -// System.setProperty("javax.net.ssl.trustStore", trustStore ); -// -// System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon"); + String trustStore = System.getProperty("user.dir") + File.separator + + "modules" + File.separator + "user-profile-migration" + File.separator + + "src" + File.separator + "main" + File.separator + + "resources" + File.separator + "wso2carbon.jks"; + System.out.println("file path : " + trustStore); + + /** + * Call to https://localhost:9443/services/ uses HTTPS protocol. + * Therefore we to validate the server certificate or CA chain. The server certificate is looked up in the + * trust store. + * Following code sets what trust-store to look for and its JKs password. + */ + + System.setProperty("javax.net.ssl.trustStore", trustStore ); + + System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon"); /** * Axis2 configuration context @@ -134,4 +134,4 @@ public class Wso2IdentityServerClient { } return null; } -} +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert$SavingTrustManager.class ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert$SavingTrustManager.class b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert$SavingTrustManager.class deleted file mode 100644 index 932d67a..0000000 Binary files a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert$SavingTrustManager.class and /dev/null differ http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.class ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.class b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.class deleted file mode 100644 index 8489c79..0000000 Binary files a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.class and /dev/null differ http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java index 13ca144..0504bae 100644 --- a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java +++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java @@ -173,7 +173,8 @@ public class InstallCert { } public X509Certificate[] getAcceptedIssuers() { - throw new UnsupportedOperationException(); + return new X509Certificate[0]; + //throw new UnsupportedOperationException(); } public void checkClientTrusted(X509Certificate[] chain, String authType) @@ -188,5 +189,4 @@ public class InstallCert { } } -} - +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/ec35622d/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/iamscigaporg.cer ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/iamscigaporg.cer b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/iamscigaporg.cer deleted file mode 100644 index 3491263..0000000 Binary files a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/iamscigaporg.cer and /dev/null differ
