strazdinsg
commented
3 years ago I see that UserServiceImpl partly already satisfies the need, will refactor and extend it. The general goal is that no other classes should depend on keycloak directly (perhaps except the security config for endpoints)
Currently authorization and authentication is bound to KeyCloak service. It should be refactored - a genic AuthorizationService, interface which can be implemented in different ways: using KeyCloak, custom dummy service, etc. This makes the solution more flexible - we may decide to move away from KeyCloak one day.
This is also something that should be done before adding the organization-wide roles. Therefore the priority.