private void applyAuthorizationRules(RealmResource realm, User user, UserResource userResource) { Set<String> desiredGroups = createDesiredGroupsSet(user.getSpec().getAuthorization()); List<GroupRepresentation> groups = realm.groups().groups(); Set<String> existingGroups = userResource.groups() .stream() .map(GroupRepresentation::getName) .collect(Collectors.toSet()); log.info("Changing for user {} from {} to {}", user.getMetadata().getName(), existingGroups, desiredGroups); // Remove membership of groups no longer specified Set<String> membershipsToRemove = new HashSet<>(existingGroups); membershipsToRemove.removeAll(desiredGroups); log.debug("Removing groups {} from user {}", membershipsToRemove, user.getMetadata().getName()); for (String group : membershipsToRemove) { getGroupId(groups, group).ifPresent(userResource::leaveGroup); } // Add membership of new groups Set<String> membershipsToAdd = new HashSet<>(desiredGroups); membershipsToAdd.removeAll(existingGroups); log.debug("Adding groups {} to user {}", membershipsToRemove, user.getMetadata().getName()); for (String group : membershipsToAdd) { String groupId = createGroupIfNotExists(realm, group); userResource.joinGroup(groupId); } }