lionsdev/unionflow-server-impl-quarkus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(admin): AdminUserService doit utiliser AdminUserServiceClient et AdminRoleServiceClient

Browse Source 
Le service admin injectait UserServiceClient/RoleServiceClient (propagation du token
utilisateur unionflow) au lieu des clients Admin dédiés (service account lions-user-manager).
Résultat : le token JWT de l'utilisateur mobile était envoyé à LUM → 401 car LUM ne
connaît pas les clés du realm unionflow.

Correctif :
- AdminUserService -> AdminUserServiceClient + AdminRoleServiceClient (service account)
- UserServiceClient + RoleServiceClient remis à OidcTokenPropagationHeadersFactory
  (ces clients non-admin propagent le token utilisateur pour des usages futurs)
This commit is contained in:
dahoud
2026-04-12 15:22:09 +00:00
parent 0b79a2ee68
commit e107d2ecce
3 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/dev/lions/unionflow/server/client/RoleServiceClient.java
View File

@@ -14,7 +14,7 @@ import java.util.List;
*/ */
@Path("/api/roles") @Path("/api/roles")
@RegisterRestClient(configKey = "lions-user-manager-api") @RegisterRestClient(configKey = "lions-user-manager-api")
@RegisterClientHeaders(AdminServiceTokenHeadersFactory.class) @RegisterClientHeaders(OidcTokenPropagationHeadersFactory.class)
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
public interface RoleServiceClient { public interface RoleServiceClient {

2
src/main/java/dev/lions/unionflow/server/client/UserServiceClient.java
View File

@@ -17,7 +17,7 @@ import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
*/ */
@Path("/api/users") @Path("/api/users")
@RegisterRestClient(configKey = "lions-user-manager-api") @RegisterRestClient(configKey = "lions-user-manager-api")
@RegisterClientHeaders(AdminServiceTokenHeadersFactory.class) @RegisterClientHeaders(OidcTokenPropagationHeadersFactory.class)
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
public interface UserServiceClient { public interface UserServiceClient {

7
src/main/java/dev/lions/unionflow/server/service/AdminUserService.java
View File

@@ -1,7 +1,8 @@
package dev.lions.unionflow.server.service; package dev.lions.unionflow.server.service;
import dev.lions.unionflow.server.client.AdminRoleServiceClient;
import dev.lions.unionflow.server.client.AdminUserServiceClient;
import dev.lions.unionflow.server.client.RoleServiceClient; import dev.lions.unionflow.server.client.RoleServiceClient;
import dev.lions.unionflow.server.client.UserServiceClient;
import dev.lions.user.manager.dto.role.RoleDTO; import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.dto.user.UserDTO; import dev.lions.user.manager.dto.user.UserDTO;
import dev.lions.user.manager.dto.user.UserSearchCriteriaDTO; import dev.lions.user.manager.dto.user.UserSearchCriteriaDTO;
@@ -27,11 +28,11 @@ public class AdminUserService {
@Inject @Inject
@RestClient @RestClient
UserServiceClient userServiceClient; AdminUserServiceClient userServiceClient;
@Inject @Inject
@RestClient @RestClient
RoleServiceClient roleServiceClient; AdminRoleServiceClient roleServiceClient;
public UserSearchResultDTO searchUsers(int page, int size, String searchTerm) { public UserSearchResultDTO searchUsers(int page, int size, String searchTerm) {
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder() UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()