Compare commits
5 Commits
0dd3de9089
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
|
d19ee7cd25 | ||
|
|
e7df337276 | ||
|
|
21927c5b4f | ||
|
|
88f6dfe499 | ||
|
|
9adefdb8b3 |
@@ -30,17 +30,25 @@ ENV QUARKUS_PROFILE=prod
|
||||
ENV QUARKUS_HTTP_PORT=8080
|
||||
ENV QUARKUS_HTTP_HOST=0.0.0.0
|
||||
|
||||
# Proxy forwarding (SSL termination par l'ingress nginx K8s)
|
||||
ENV QUARKUS_HTTP_PROXY_PROXY_ADDRESS_FORWARDING=true
|
||||
ENV QUARKUS_HTTP_PROXY_ALLOW_X_FORWARDED=true
|
||||
|
||||
# Configuration Keycloak/OIDC (production)
|
||||
ENV QUARKUS_OIDC_AUTH_SERVER_URL=https://security.lions.dev/realms/master
|
||||
ENV QUARKUS_OIDC_AUTH_SERVER_URL=https://security.lions.dev/realms/lions-user-manager
|
||||
ENV QUARKUS_OIDC_CLIENT_ID=lions-user-manager-client
|
||||
ENV KEYCLOAK_CLIENT_SECRET=oGCivOdgbNHroNsHS1MRBZJXX8VpRGk3
|
||||
ENV QUARKUS_OIDC_CREDENTIALS_SECRET=oGCivOdgbNHroNsHS1MRBZJXX8VpRGk3
|
||||
ENV QUARKUS_OIDC_ENABLED=true
|
||||
ENV QUARKUS_OIDC_TLS_VERIFICATION=required
|
||||
ENV QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE=lax
|
||||
ENV OIDC_ENCRYPTION_SECRET=gbztZB3CYpou0vFL2LqOWJQdXnvwVQkhjrHpsZHOJPI=
|
||||
|
||||
# Configuration API Backend
|
||||
ENV LIONS_USER_MANAGER_BACKEND_URL=https://api.lions.dev/lions-user-manager
|
||||
|
||||
# Configuration CORS
|
||||
ENV QUARKUS_HTTP_CORS_ORIGINS=https://user-manager.lions.dev,https://admin.lions.dev
|
||||
ENV QUARKUS_HTTP_CORS_ORIGINS=https://users.lions.dev,https://admin.lions.dev
|
||||
ENV QUARKUS_HTTP_CORS_ALLOW_CREDENTIALS=true
|
||||
|
||||
# Installer curl pour les health checks
|
||||
|
||||
141
README.md
Normal file
141
README.md
Normal file
@@ -0,0 +1,141 @@
|
||||
# lions-user-manager-client-quarkus-primefaces-freya
|
||||
|
||||
> Interface web d'administration — Quarkus + JSF + PrimeFaces Freya
|
||||
|
||||
## Dépôt Git
|
||||
|
||||
`https://git.lions.dev/lionsdev/lions-user-manager-client-quarkus-primefaces-freya`
|
||||
|
||||
---
|
||||
|
||||
## Responsabilités
|
||||
|
||||
- Interface d'administration des utilisateurs et rôles Keycloak
|
||||
- Authentification SSO via OIDC (Keycloak)
|
||||
- Communication avec le backend via MicroProfile REST Client
|
||||
- Dashboard, gestion CRUD, audit, synchronisation, assignation de realms
|
||||
|
||||
---
|
||||
|
||||
## Pages
|
||||
|
||||
| Page | Bean | Description |
|
||||
|------|------|-------------|
|
||||
| `/dashboard.xhtml` | `DashboardBean` | Vue d'ensemble et statistiques |
|
||||
| `/users/list.xhtml` | `UserListBean` | Liste paginée avec filtres et export CSV |
|
||||
| `/users/creation.xhtml` | `UserCreationBean` | Formulaire de création |
|
||||
| `/users/profil.xhtml` | `UserProfilBean` | Édition profil utilisateur |
|
||||
| `/roles/gestion.xhtml` | `RoleGestionBean` | Gestion des rôles par realm |
|
||||
| `/audit/consultation.xhtml` | `AuditConsultationBean` | Consultation des logs d'audit |
|
||||
| `/sync/dashboard.xhtml` | `SyncDashboardBean` | État et pilotage des synchronisations |
|
||||
| `/realms/assignment.xhtml` | `RealmAssignmentBean` | Assignation utilisateurs/realms |
|
||||
|
||||
---
|
||||
|
||||
## Stack
|
||||
|
||||
| Composant | Technologie |
|
||||
|-----------|-------------|
|
||||
| Framework | Quarkus 3.17.8 + Undertow (Servlet) |
|
||||
| UI | PrimeFaces 14.0.5 (Jakarta) |
|
||||
| Thème | Freya Enterprise |
|
||||
| Auth | `quarkus-oidc` (Keycloak) + PKCE |
|
||||
| REST Client | MicroProfile REST Client (`quarkus-rest-client-jackson`) |
|
||||
| Token Propagation | `quarkus-rest-client-oidc-token-propagation` |
|
||||
|
||||
---
|
||||
|
||||
## Développement local
|
||||
|
||||
### Prérequis
|
||||
|
||||
- Java 17+, Maven 3.9+
|
||||
- Keycloak sur `localhost:8180` (realm `lions-user-manager` configuré)
|
||||
- Backend `server-impl` démarré sur `localhost:8081`
|
||||
|
||||
### Démarrage
|
||||
|
||||
```bash
|
||||
mvn quarkus:dev
|
||||
```
|
||||
|
||||
Application disponible sur : `http://localhost:8082`
|
||||
|
||||
### Configuration dev
|
||||
|
||||
Fichier : `src/main/resources/application-dev.properties`
|
||||
|
||||
```properties
|
||||
quarkus.http.port=8082
|
||||
quarkus.oidc.auth-server-url=http://localhost:8180/realms/lions-user-manager
|
||||
lions.user.manager.backend.url=http://localhost:8081
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Configuration production
|
||||
|
||||
Fichier : `src/main/resources/application-prod.properties`
|
||||
|
||||
| Variable | Description |
|
||||
|----------|-------------|
|
||||
| `KEYCLOAK_AUTH_SERVER_URL` | URL du realm Keycloak |
|
||||
| `KEYCLOAK_CLIENT_ID` | Client OIDC (défaut : `lions-user-manager-client`) |
|
||||
| `OIDC_ENCRYPTION_SECRET` | Secret de chiffrement des tokens (32 caractères min) |
|
||||
| `LIONS_USER_MANAGER_BACKEND_URL` | URL de l'API backend |
|
||||
|
||||
---
|
||||
|
||||
## Build
|
||||
|
||||
```bash
|
||||
# Build standard (développement)
|
||||
mvn clean package -DskipTests
|
||||
|
||||
# Build production
|
||||
mvn clean package -P prod -DskipTests
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Déploiement (lionsctl)
|
||||
|
||||
```bash
|
||||
lionsctl pipeline \
|
||||
-u https://git.lions.dev/lionsdev/lions-user-manager-client-quarkus-primefaces-freya \
|
||||
-b main -j 17 -e production -c k1 -p prod
|
||||
```
|
||||
|
||||
**Pipeline** : clone → `mvn package -P prod` → `docker build -f Dockerfile.prod` → push `registry.lions.dev` → `kubectl apply` → health check
|
||||
|
||||
**URL prod** : `https://users.lions.dev`
|
||||
|
||||
---
|
||||
|
||||
## Structure
|
||||
|
||||
```
|
||||
src/main/
|
||||
├── java/dev/lions/user/manager/client/
|
||||
│ ├── bean/ # Beans JSF (@Named, @ViewScoped / @SessionScoped)
|
||||
│ └── client/ # REST Clients (UserRestClient, RoleRestClient, ...)
|
||||
└── resources/
|
||||
├── META-INF/resources/
|
||||
│ ├── templates/
|
||||
│ │ └── components/ # Composants PrimeFaces réutilisables
|
||||
│ ├── dashboard.xhtml
|
||||
│ ├── users/
|
||||
│ ├── roles/
|
||||
│ ├── audit/
|
||||
│ ├── sync/
|
||||
│ └── realms/
|
||||
├── application.properties
|
||||
├── application-dev.properties
|
||||
└── application-prod.properties
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Licence
|
||||
|
||||
Propriétaire — Lions Dev © 2025
|
||||
9
pom.xml
9
pom.xml
@@ -16,6 +16,15 @@
|
||||
<name>Lions User Manager - Client (Quarkus + PrimeFaces Freya)</name>
|
||||
<description>Client web: UI PrimeFaces Freya, Beans JSF, REST Clients</description>
|
||||
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>gitea-lionsdev</id>
|
||||
<url>https://git.lions.dev/api/packages/lionsdev/maven</url>
|
||||
<releases><enabled>true</enabled></releases>
|
||||
<snapshots><enabled>true</enabled></snapshots>
|
||||
</repository>
|
||||
</repositories>
|
||||
|
||||
<dependencies>
|
||||
<!-- Module API pour DTOs -->
|
||||
<dependency>
|
||||
|
||||
@@ -109,11 +109,11 @@
|
||||
<c:choose>
|
||||
<c:when test="#{not empty user.realmRoles and not user.realmRoles.isEmpty()}">
|
||||
<c:forEach var="role" items="#{user.realmRoles}" varStatus="status">
|
||||
<c:if test="#{status.index < 4}">
|
||||
<c:if test="#{status.index lt 4}">
|
||||
<p:tag value="#{role}" severity="info" styleClass="text-xs" />
|
||||
</c:if>
|
||||
</c:forEach>
|
||||
<c:if test="#{user.realmRoles.size() > 4}">
|
||||
<c:if test="#{user.realmRoles.size() gt 4}">
|
||||
<p:tag value="+#{user.realmRoles.size() - 4}" severity="secondary"
|
||||
styleClass="text-xs"
|
||||
title="#{user.realmRoles.size() - 4} rôle(s) supplémentaire(s)" />
|
||||
|
||||
@@ -9,24 +9,28 @@
|
||||
# HTTP Configuration PROD
|
||||
# ============================================
|
||||
quarkus.http.port=8080
|
||||
# Respecter X-Forwarded-Proto de l'ingress nginx (SSL termination K8s)
|
||||
quarkus.http.proxy.proxy-address-forwarding=true
|
||||
quarkus.http.proxy.allow-x-forwarded=true
|
||||
|
||||
# ============================================
|
||||
# OIDC Configuration PROD (Keycloak Production)
|
||||
# ============================================
|
||||
quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager}
|
||||
quarkus.oidc.client-id=${KEYCLOAK_CLIENT_ID:lions-user-manager-client}
|
||||
quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET:oGCivOdgbNHroNsHS1MRBZJXX8VpRGk3}
|
||||
quarkus.oidc.token.issuer=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager}
|
||||
quarkus.oidc.tls.verification=required
|
||||
quarkus.oidc.authentication.cookie-same-site=strict
|
||||
quarkus.oidc.authentication.cookie-same-site=lax
|
||||
quarkus.oidc.authentication.pkce-required=true
|
||||
quarkus.oidc.token-state-manager.encryption-secret=${OIDC_ENCRYPTION_SECRET}
|
||||
quarkus.oidc.token-state-manager.encryption-secret=${OIDC_ENCRYPTION_SECRET:gbztZB3CYpou0vFL2LqOWJQdXnvwVQkhjrHpsZHOJPI=}
|
||||
|
||||
# ============================================
|
||||
# Backend REST Client PROD
|
||||
# ============================================
|
||||
lions.user.manager.backend.url=${LIONS_USER_MANAGER_BACKEND_URL:https://api.users.lions.dev}
|
||||
quarkus.rest-client."lions-user-manager-api".url=${LIONS_USER_MANAGER_BACKEND_URL:https://api.users.lions.dev}
|
||||
quarkus.rest-client."user-api".url=${LIONS_USER_MANAGER_BACKEND_URL:https://api.users.lions.dev}
|
||||
lions.user.manager.backend.url=${LIONS_USER_MANAGER_BACKEND_URL:https://api.lions.dev/lions-user-manager}
|
||||
quarkus.rest-client."lions-user-manager-api".url=${LIONS_USER_MANAGER_BACKEND_URL:https://api.lions.dev/lions-user-manager}
|
||||
quarkus.rest-client."user-api".url=${LIONS_USER_MANAGER_BACKEND_URL:https://api.lions.dev/lions-user-manager}
|
||||
|
||||
# ============================================
|
||||
# Logging PROD (minimal)
|
||||
|
||||
Reference in New Issue
Block a user