Update - Lions User Manager - Server Implementation (Quarkus)

target/classes/application-dev.properties

@@ -11,11 +11,20 @@ quarkus.http.cors.methods=GET,POST,PUT,DELETE,PATCH,OPTIONS
 quarkus.http.cors.headers=*
 
 # Keycloak OIDC Configuration (DEV)
-quarkus.oidc.auth-server-url=http://localhost:8180/realms/master
-quarkus.oidc.client-id=lions-user-manager
-quarkus.oidc.credentials.secret=dev-secret-change-me
-quarkus.oidc.tls.verification=none
+# Le backend vérifie les tokens JWT envoyés par le client
+# IMPORTANT: Pour un service, Quarkus valide les tokens JWT sans avoir besoin d'un client-id/secret
+# Le backend accepte les tokens émis pour n'importe quel client du realm
+quarkus.oidc.enabled=true
+quarkus.oidc.auth-server-url=http://localhost:8180/realms/lions-user-manager
 quarkus.oidc.application-type=service
+quarkus.oidc.tls.verification=none
+quarkus.oidc.token.issuer=http://localhost:8180/realms/lions-user-manager
+quarkus.oidc.discovery-enabled=true
+# Accepter les tokens avec audience "account" (audience par défaut de Keycloak)
+# Cela permet d'accepter les tokens émis pour le frontend sans configuration Keycloak supplémentaire
+quarkus.oidc.token.audience=account
+# Vérifier le token (obligatoire pour un service)
+quarkus.oidc.verify-access-token=true
 
 # Keycloak Admin Client Configuration (DEV)
 lions.keycloak.server-url=http://localhost:8180
@@ -27,7 +36,7 @@ lions.keycloak.connection-pool-size=5
 lions.keycloak.timeout-seconds=30
 
 # Realms autorisés (DEV)
-lions.keycloak.authorized-realms=btpxpress,master,lions-realm,test-realm
+lions.keycloak.authorized-realms=lions-user-manager,master,btpxpress,test-realm
 
 # Circuit Breaker Configuration (DEV - plus permissif)
 quarkus.smallrye-fault-tolerance.enabled=true
@@ -52,14 +61,17 @@ lions.audit.retention-days=30
 #quarkus.flyway.migrate-at-start=false
 
 # Logging Configuration (DEV)
-quarkus.log.level=DEBUG
+quarkus.log.level=INFO
 quarkus.log.category."dev.lions.user.manager".level=DEBUG
 quarkus.log.category."org.keycloak".level=INFO
 quarkus.log.category."io.quarkus".level=INFO
+# Logging OIDC pour debug
+quarkus.log.category."io.quarkus.oidc".level=DEBUG
+quarkus.log.category."io.quarkus.security".level=DEBUG
 
 quarkus.log.console.enable=true
 quarkus.log.console.format=%d{HH:mm:ss} %-5p [%c{2.}] (%t) %s%e%n
-quarkus.log.console.color=true
+# quarkus.log.console.color est déprécié dans Quarkus 3.x
 
 # File Logging pour Audit (DEV)
 quarkus.log.file.enable=true
@@ -69,14 +81,48 @@ quarkus.log.file.rotation.max-backup-index=3
 
 # OpenAPI/Swagger Configuration (DEV - toujours activé)
 quarkus.swagger-ui.always-include=true
-quarkus.swagger-ui.path=/swagger-ui
 quarkus.swagger-ui.enable=true
+# Le chemin par défaut est /q/swagger-ui (pas besoin de le spécifier)
 
 # Dev Services (activé en DEV)
 quarkus.devservices.enabled=false
 
-# Security Configuration (DEV - plus permissif)
+# Security Configuration (DEV)
+# La sécurité est activée - les rôles sont vérifiés via OIDC/Keycloak
+# Note: KeycloakTestUserConfig configure automatiquement l'utilisateur de test au démarrage
+quarkus.security.auth.enabled=true
 quarkus.security.jaxrs.deny-unannotated-endpoints=false
+quarkus.security.auth.proactive=false
+
+# Configuration OIDC - Extraction des rôles
+# Le backend extrait les rôles depuis realm_access/roles (standard Keycloak)
+# Le scope "roles" de Keycloak crée automatiquement realm_access.roles
+# Syntaxe Quarkus: utiliser un slash pour les chemins imbriqués
+quarkus.oidc.roles.role-claim-path=realm_access/roles
+
+# Définir explicitement le profil pour que DevSecurityContextProducer le détecte
+quarkus.profile=dev
+
+# Logging pour debug du filtre de sécurité
+quarkus.log.category."dev.lions.user.manager.security".level=DEBUG
+
+# Logging OIDC et Security pour debug
+quarkus.log.category."io.quarkus.oidc".level=DEBUG
+quarkus.log.category."io.quarkus.oidc.runtime".level=DEBUG
+quarkus.log.category."io.quarkus.security".level=DEBUG
+quarkus.log.category."io.quarkus.security.runtime".level=DEBUG
 
 # Hot Reload
 quarkus.live-reload.instrumentation=true
+
+# Désactiver le continuous testing qui bloque le démarrage
+quarkus.test.continuous-testing=disabled
+
+# Indexer les dépendances Keycloak pour éviter les warnings
+quarkus.index-dependency.keycloak-admin.group-id=org.keycloak
+quarkus.index-dependency.keycloak-admin.artifact-id=keycloak-admin-client
+quarkus.index-dependency.keycloak-core.group-id=org.keycloak
+quarkus.index-dependency.keycloak-core.artifact-id=keycloak-core
+
+# Jackson - Ignorer les propriétés inconnues pour compatibilité Keycloak
+quarkus.jackson.fail-on-unknown-properties=false

target/classes/application.properties

@@ -71,7 +71,7 @@ quarkus.log.file.rotation.max-backup-index=10
 
 # OpenAPI/Swagger Configuration
 quarkus.swagger-ui.always-include=true
-quarkus.swagger-ui.path=/swagger-ui
+# Le chemin par défaut est /q/swagger-ui (pas besoin de le spécifier)
 mp.openapi.extensions.smallrye.info.title=Lions User Manager API
 mp.openapi.extensions.smallrye.info.version=1.0.0
 mp.openapi.extensions.smallrye.info.description=API de gestion centralisée des utilisateurs Keycloak

target/maven-archiver/pom.properties

@@ -1,3 +0,0 @@
-artifactId=lions-user-manager-server-impl-quarkus
-groupId=dev.lions.user.manager
-version=1.0.0

target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst

@@ -1,10 +1,31 @@
-dev\lions\user\manager\resource\UserResource$ErrorResponse.class
+dev\lions\user\manager\mapper\RoleMapper.class
+dev\lions\user\manager\resource\AuditResource$ErrorResponse.class
+dev\lions\user\manager\resource\SyncResource$SyncUsersResponse.class
 dev\lions\user\manager\service\impl\UserServiceImpl.class
-dev\lions\user\manager\client\KeycloakAdminClient.class
-dev\lions\user\manager\client\KeycloakAdminClientImpl.class
-dev\lions\user\manager\resource\UserResource.class
+dev\lions\user\manager\resource\SyncResource$ErrorResponse.class
+dev\lions\user\manager\service\impl\RoleServiceImpl.class
+dev\lions\user\manager\security\DevSecurityContextProducer$DevSecurityContext$1.class
+dev\lions\user\manager\resource\AuditResource$CountResponse.class
 dev\lions\user\manager\resource\KeycloakHealthCheck.class
-dev\lions\user\manager\resource\UserResource$SessionsRevokedResponse.class
+dev\lions\user\manager\resource\AuditResource.class
+dev\lions\user\manager\resource\SyncResource$SyncRolesResponse.class
 dev\lions\user\manager\mapper\UserMapper.class
-dev\lions\user\manager\resource\HealthResourceEndpoint.class
+dev\lions\user\manager\resource\RoleResource$RoleAssignmentRequest.class
 dev\lions\user\manager\resource\UserResource$PasswordResetRequest.class
+dev\lions\user\manager\security\DevSecurityContextProducer$DevSecurityContext.class
+dev\lions\user\manager\config\KeycloakTestUserConfig.class
+dev\lions\user\manager\service\impl\SyncServiceImpl.class
+dev\lions\user\manager\security\DevSecurityContextProducer.class
+dev\lions\user\manager\resource\UserResource$ErrorResponse.class
+dev\lions\user\manager\service\impl\AuditServiceImpl.class
+dev\lions\user\manager\resource\SyncResource.class
+dev\lions\user\manager\client\KeycloakAdminClient.class
+dev\lions\user\manager\resource\RoleResource.class
+dev\lions\user\manager\config\JacksonConfig.class
+dev\lions\user\manager\resource\SyncResource$HealthCheckResponse.class
+dev\lions\user\manager\client\KeycloakAdminClientImpl.class
+dev\lions\user\manager\resource\RoleResource$ErrorResponse.class
+dev\lions\user\manager\resource\UserResource.class
+dev\lions\user\manager\resource\SyncResource$ExistsCheckResponse.class
+dev\lions\user\manager\resource\UserResource$SessionsRevokedResponse.class
+dev\lions\user\manager\resource\HealthResourceEndpoint.class

target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst

@@ -1,7 +1,17 @@
-C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\resource\KeycloakHealthCheck.java
-C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\service\impl\UserServiceImpl.java
+C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\resource\AuditResource.java
 C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\resource\HealthResourceEndpoint.java
+C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\mapper\RoleMapper.java
+C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\resource\SyncResource.java
 C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\resource\UserResource.java
 C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\client\KeycloakAdminClient.java
 C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\mapper\UserMapper.java
+C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\config\KeycloakTestUserConfig.java
+C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\resource\KeycloakHealthCheck.java
+C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\service\impl\UserServiceImpl.java
+C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\security\DevSecurityContextProducer.java
+C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\service\impl\AuditServiceImpl.java
+C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\service\impl\SyncServiceImpl.java
+C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\resource\RoleResource.java
 C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\client\KeycloakAdminClientImpl.java
+C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\config\JacksonConfig.java
+C:\Users\dadyo\PersonalProjects\lions-workspace\lions-user-manager\lions-user-manager-server-impl-quarkus\src\main\java\dev\lions\user\manager\service\impl\RoleServiceImpl.java