Package org.gcube.service.idm.rest

Class UserAPI

  • @Path("users")
public class UserAPI
extends Object

    The REST API to interact with the keycloak users

    "Member" users can only invoke metods on his own user (/me)

    Users with "idm-service-read" or "idm-service-admin" role can invoke metods on all the users

    Author:
    Alfredo Oliviero (ISTI - CNR)

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  UserAPI.USER_DETAILS
      Returns informations about the user received as parameter (can be also me) Normal member users can use only "me" or his username as parameter Users with "idm-service-read" or "idm-service-admin" role can invoke this method with any username accepted parameters are: profile: returns the profile of the user in the Liferay CMS (only if the user is not a service) email: returns the email of the user from the authentication service user: the user representation from the authentication service if the optional parameter inspect is passed as true, returns additional values: roles_realm: roles in realm for the user from the authentication service roles_clients: roles in clients for the user from the authentication service groups: id of the user from the authentication service username: username of the user from the authentication service name: Fullname of the user from the authentication service attributes: attributes of the user from the authentication service user: full user from the authentication service profile: profile of the user from the Liferay CMS service

    • Constructor Summary

      Constructors 
      Constructor Description
      UserAPI()  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      jakarta.ws.rs.core.Response getCurrentUser()  
      jakarta.ws.rs.core.Response getInrospectioCurrenttUser()  
      jakarta.ws.rs.core.Response getMe​(Boolean inspect)
      Returns infos about the authenticated user owner: the authenticated user profile: the profile of the user in the Liferay CMS (only if the user is not a service) user: the user representation from the authentication service if the optional parameter inspect is passed as true, returns additional values: verify: the result of introspection of the auth token on the authentication service roles: the authenticated user groups: the authenticated user groupRolesRealm: ... groupRolesClients: ...
      jakarta.ws.rs.core.Response getUser​(String username, Boolean inspect)
      Returns informations about the user received as parameter Only users with "idm-service-read" or "idm-service-admin" role can invoke this method profile: the profile of the user in the Liferay CMS (only if the user is not a service) user: the user representation from the authentication service if the optional parameter inspect is passed as true, returns additional values: roles: the authenticated user groups: the authenticated user groupRolesRealm: ... groupRolesClients: ...
      protected Map<String,​Object> getUserData​(String username, Boolean getProfile, Boolean isInspect)  
      jakarta.ws.rs.core.Response getUserParameter​(String username, UserAPI.USER_DETAILS parameter)  
      jakarta.ws.rs.core.Response search​(org.gcube.idm.common.models.IdmUser.USERS_REPR format, Boolean exact, String username, String firstName, String lastName, String email, int firstResult, int maxResults, Boolean enabled)
      Search users in all realm, filtered according to query parameters.

    • Constructor Detail

      • UserAPI

        public UserAPI()

    • Method Detail

      • getMe

        @GET
@Path("/me")
@Produces("application/json")
public jakarta.ws.rs.core.Response getMe​(@QueryParam("inspect") @DefaultValue("false")
                                         Boolean inspect)
        Returns infos about the authenticated user
        • owner: the authenticated user
        • profile: the profile of the user in the Liferay CMS (only if the user is not a service)
        • user: the user representation from the authentication service
        if the optional parameter inspect is passed as true, returns additional values:
        • verify: the result of introspection of the auth token on the authentication service
        • roles: the authenticated user
        • groups: the authenticated user
        • groupRolesRealm: ...
        • groupRolesClients: ...
        Parameters:
        inspect - adds additional inspection values to the result

      • getUser

        @GET
@Path("/{username}")
@Produces("application/json")
public jakarta.ws.rs.core.Response getUser​(@PathParam("username")
                                           String username,
                                           @QueryParam("inspect") @DefaultValue("false")
                                           Boolean inspect)
        Returns informations about the user received as parameter Only users with "idm-service-read" or "idm-service-admin" role can invoke this method
        • profile: the profile of the user in the Liferay CMS (only if the user is not a service)
        • user: the user representation from the authentication service
        if the optional parameter inspect is passed as true, returns additional values:
        • roles: the authenticated user
        • groups: the authenticated user
        • groupRolesRealm: ...
        • groupRolesClients: ...
        Parameters:
        username - the username of the user
        inspect - adds additional inspection values to the result

      • getCurrentUser

        @GET
@Path("/me/owner")
@Produces({"application/json;charset=UTF-8","application/vnd.api+json"})
public jakarta.ws.rs.core.Response getCurrentUser()

      • getInrospectioCurrenttUser

        @GET
@Path("/me/verify")
@Produces({"application/json;charset=UTF-8","application/vnd.api+json"})
public jakarta.ws.rs.core.Response getInrospectioCurrenttUser()

      • getUserParameter

        @GET
@Path("/{username}/{parameter}")
@Produces("application/json")
public jakarta.ws.rs.core.Response getUserParameter​(@PathParam("username")
                                                    String username,
                                                    @PathParam("parameter")
                                                    UserAPI.USER_DETAILS parameter)

      • search

        @GET
@Path("/search")
@Produces("application/json")
public jakarta.ws.rs.core.Response search​(@QueryParam("format") @DefaultValue("username")
                                          org.gcube.idm.common.models.IdmUser.USERS_REPR format,
                                          @QueryParam("exact") @DefaultValue("true")
                                          Boolean exact,
                                          @QueryParam("username")
                                          String username,
                                          @QueryParam("firstName")
                                          String firstName,
                                          @QueryParam("lastName")
                                          String lastName,
                                          @QueryParam("email")
                                          String email,
                                          @QueryParam("first") @DefaultValue("0")
                                          int firstResult,
                                          @QueryParam("max") @DefaultValue("100")
                                          int maxResults,
                                          @QueryParam("enabled") @DefaultValue("true")
                                          Boolean enabled)
        Search users in all realm, filtered according to query parameters.
        Parameters:
        format - response format
        exact - Boolean which defines whether the params 'last', 'first', 'email' and 'username' must match exactly. default true
        username - A String contained in username, or the complete username, if param 'exact' is true
        firstName - A String contained in firstName, or the complete firstName, if param 'exact' is true
        lastName - A String contained in firstName, or the complete firstName, if param 'exact' is true
        firstResult - pagination offset
        maxResults - maximum results size
        enabled - Boolean representing if user is enabled or not
        email - A String contained in email, or the complete email, if param 'exact' is true