central login timeouts, rememberme framework

This commit is contained in:
Bill Burke 2014-02-22 21:52:29 -05:00
parent 3e88cb3b76
commit 01ddafa83a
13 changed files with 162 additions and 6 deletions

View file

@ -549,6 +549,12 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
$scope.realm.accessTokenLifespan = TimeUnit.convert($scope.realm.accessTokenLifespan, from, to); $scope.realm.accessTokenLifespan = TimeUnit.convert($scope.realm.accessTokenLifespan, from, to);
}); });
$scope.realm.centralLoginLifespanUnit = TimeUnit.autoUnit(realm.accessTokenLifespan);
$scope.realm.centralLoginLifespan = TimeUnit.toUnit(realm.centralLoginLifespan, $scope.realm.centralLoginLifespanUnit);
$scope.$watch('realm.centralLoginLifespanUnit', function(to, from) {
$scope.realm.centralLoginLifespan = TimeUnit.convert($scope.realm.centralLoginLifespan, from, to);
});
$scope.realm.refreshTokenLifespanUnit = TimeUnit.autoUnit(realm.refreshTokenLifespan); $scope.realm.refreshTokenLifespanUnit = TimeUnit.autoUnit(realm.refreshTokenLifespan);
$scope.realm.refreshTokenLifespan = TimeUnit.toUnit(realm.refreshTokenLifespan, $scope.realm.refreshTokenLifespanUnit); $scope.realm.refreshTokenLifespan = TimeUnit.toUnit(realm.refreshTokenLifespan, $scope.realm.refreshTokenLifespanUnit);
$scope.$watch('realm.refreshTokenLifespanUnit', function(to, from) { $scope.$watch('realm.refreshTokenLifespanUnit', function(to, from) {
@ -582,6 +588,7 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
delete realmCopy["accessTokenLifespanUnit"]; delete realmCopy["accessTokenLifespanUnit"];
delete realmCopy["refreshTokenLifespanUnit"]; delete realmCopy["refreshTokenLifespanUnit"];
delete realmCopy["accessCodeLifespanUnit"]; delete realmCopy["accessCodeLifespanUnit"];
delete realmCopy["centralLoginLifespanUnit"];
delete realmCopy["accessCodeLifespanUserActionUnit"]; delete realmCopy["accessCodeLifespanUserActionUnit"];
realmCopy.accessTokenLifespan = TimeUnit.toSeconds($scope.realm.accessTokenLifespan, $scope.realm.accessTokenLifespanUnit) realmCopy.accessTokenLifespan = TimeUnit.toSeconds($scope.realm.accessTokenLifespan, $scope.realm.accessTokenLifespanUnit)

View file

@ -10,6 +10,32 @@
<h2><span>{{realm.realm}}</span> Token Settings</h2> <h2><span>{{realm.realm}}</span> Token Settings</h2>
<form class="form-horizontal" name="realmForm" novalidate> <form class="form-horizontal" name="realmForm" novalidate>
<fieldset class="border-top"> <fieldset class="border-top">
<div class="form-group">
<label class="col-sm-2 control-label" for="rememberMe">Remember Me</label>
<div class="col-sm-4">
<input ng-model="realm.rememberMe" name="rememberMe" id="rememberMe" onoffswitch />
</div>
</div>
<div class="form-group input-select">
<label class="col-sm-2 control-label" for="centralLoginLifespan">Central Login lifespan</label>
<div class="col-sm-10">
<div class="row">
<div class="col-sm-2">
<input class="form-control" type="number" required min="1"
max="31536000" data-ng-model="realm.centralLoginLifespan"
id="centralLoginLifespan" name="centralLoginLifespan"/>
</div>
<div class="col-sm-2 select-kc">
<select name="centralLoginLifespanUnit" data-ng-model="realm.centralLoginLifespanUnit" >
<option data-ng-selected="!realm.centralLoginLifespanUnit">Seconds</option>
<option>Minutes</option>
<option>Hours</option>
<option>Days</option>
</select>
</div>
</div>
</div>
</div>
<div class="form-group input-select"> <div class="form-group input-select">
<label class="col-sm-2 control-label" for="accessTokenLifespan">Access token lifespan</label> <label class="col-sm-2 control-label" for="accessTokenLifespan">Access token lifespan</label>
<div class="col-sm-10"> <div class="col-sm-10">
@ -67,7 +93,7 @@
</div> </div>
</div> </div>
<div class="form-group input-select"> <div class="form-group input-select">
<label class="col-sm-2 control-label" for="refreshTokenLifespan">Refresh token lifespan {{realm.refreshTokenLifespan}}</label> <label class="col-sm-2 control-label" for="refreshTokenLifespan">Refresh token lifespan</label>
<div class="col-sm-10"> <div class="col-sm-10">
<div class="row"> <div class="row">
<div class="col-sm-2"> <div class="col-sm-2">

View file

@ -15,11 +15,13 @@ public class RealmRepresentation {
protected String realm; protected String realm;
protected Integer accessTokenLifespan; protected Integer accessTokenLifespan;
protected Integer refreshTokenLifespan; protected Integer refreshTokenLifespan;
protected Integer centralLoginLifespan;
protected Integer accessCodeLifespan; protected Integer accessCodeLifespan;
protected Integer accessCodeLifespanUserAction; protected Integer accessCodeLifespanUserAction;
protected Boolean enabled; protected Boolean enabled;
protected Boolean sslNotRequired; protected Boolean sslNotRequired;
protected Boolean registrationAllowed; protected Boolean registrationAllowed;
protected Boolean rememberMe;
protected Boolean verifyEmail; protected Boolean verifyEmail;
protected Boolean resetPasswordAllowed; protected Boolean resetPasswordAllowed;
protected Boolean social; protected Boolean social;
@ -127,6 +129,14 @@ public class RealmRepresentation {
return refreshTokenLifespan; return refreshTokenLifespan;
} }
public Integer getCentralLoginLifespan() {
return centralLoginLifespan;
}
public void setCentralLoginLifespan(Integer centralLoginLifespan) {
this.centralLoginLifespan = centralLoginLifespan;
}
public void setRefreshTokenLifespan(Integer refreshTokenLifespan) { public void setRefreshTokenLifespan(Integer refreshTokenLifespan) {
this.refreshTokenLifespan = refreshTokenLifespan; this.refreshTokenLifespan = refreshTokenLifespan;
} }
@ -231,6 +241,14 @@ public class RealmRepresentation {
this.registrationAllowed = registrationAllowed; this.registrationAllowed = registrationAllowed;
} }
public Boolean isRememberMe() {
return rememberMe;
}
public void setRememberMe(Boolean rememberMe) {
this.rememberMe = rememberMe;
}
public Boolean isVerifyEmail() { public Boolean isVerifyEmail() {
return verifyEmail; return verifyEmail;
} }

View file

@ -29,6 +29,9 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
boolean isRegistrationAllowed(); boolean isRegistrationAllowed();
void setRegistrationAllowed(boolean registrationAllowed); void setRegistrationAllowed(boolean registrationAllowed);
boolean isRememberMe();
void setRememberMe(boolean rememberMe);
boolean isVerifyEmail(); boolean isVerifyEmail();
@ -38,6 +41,10 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
void setResetPasswordAllowed(boolean resetPasswordAllowed); void setResetPasswordAllowed(boolean resetPasswordAllowed);
int getCentralLoginLifespan();
void setCentralLoginLifespan(int lifespan);
int getAccessTokenLifespan(); int getAccessTokenLifespan();
void setAccessTokenLifespan(int tokenLifespan); void setAccessTokenLifespan(int tokenLifespan);

View file

@ -105,6 +105,17 @@ public class RealmAdapter implements RealmModel {
em.flush(); em.flush();
} }
@Override
public boolean isRememberMe() {
return realm.isRememberMe();
}
@Override
public void setRememberMe(boolean rememberMe) {
realm.setRememberMe(rememberMe);
em.flush();
}
@Override @Override
public boolean isVerifyEmail() { public boolean isVerifyEmail() {
return realm.isVerifyEmail(); return realm.isVerifyEmail();
@ -138,6 +149,17 @@ public class RealmAdapter implements RealmModel {
em.flush(); em.flush();
} }
@Override
public int getCentralLoginLifespan() {
return realm.getCentralLoginLifespan();
}
@Override
public void setCentralLoginLifespan(int lifespan) {
realm.setCentralLoginLifespan(lifespan);
em.flush();
}
@Override @Override
public int getRefreshTokenLifespan() { public int getRefreshTokenLifespan() {
return realm.getRefreshTokenLifespan(); return realm.getRefreshTokenLifespan();

View file

@ -38,11 +38,13 @@ public class RealmEntity {
protected boolean verifyEmail; protected boolean verifyEmail;
protected boolean resetPasswordAllowed; protected boolean resetPasswordAllowed;
protected boolean social; protected boolean social;
protected boolean rememberMe;
@Column(name="updateProfileOnInitSocLogin") @Column(name="updateProfileOnInitSocLogin")
protected boolean updateProfileOnInitialSocialLogin; protected boolean updateProfileOnInitialSocialLogin;
protected String passwordPolicy; protected String passwordPolicy;
protected int centralLoginLifespan;
protected int accessTokenLifespan; protected int accessTokenLifespan;
protected int accessCodeLifespan; protected int accessCodeLifespan;
protected int accessCodeLifespanUserAction; protected int accessCodeLifespanUserAction;
@ -130,6 +132,14 @@ public class RealmEntity {
this.registrationAllowed = registrationAllowed; this.registrationAllowed = registrationAllowed;
} }
public boolean isRememberMe() {
return rememberMe;
}
public void setRememberMe(boolean rememberMe) {
this.rememberMe = rememberMe;
}
public boolean isVerifyEmail() { public boolean isVerifyEmail() {
return verifyEmail; return verifyEmail;
} }
@ -162,6 +172,14 @@ public class RealmEntity {
this.updateProfileOnInitialSocialLogin = updateProfileOnInitialSocialLogin; this.updateProfileOnInitialSocialLogin = updateProfileOnInitialSocialLogin;
} }
public int getCentralLoginLifespan() {
return centralLoginLifespan;
}
public void setCentralLoginLifespan(int centralLoginLifespan) {
this.centralLoginLifespan = centralLoginLifespan;
}
public int getRefreshTokenLifespan() { public int getRefreshTokenLifespan() {
return refreshTokenLifespan; return refreshTokenLifespan;
} }

View file

@ -107,6 +107,18 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
updateRealm(); updateRealm();
} }
@Override
public boolean isRememberMe() {
return realm.isRememberMe();
}
@Override
public void setRememberMe(boolean rememberMe) {
realm.setRememberMe(rememberMe);
updateRealm();
}
@Override @Override
public boolean isVerifyEmail() { public boolean isVerifyEmail() {
return realm.isVerifyEmail(); return realm.isVerifyEmail();
@ -177,6 +189,18 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
updateRealm(); updateRealm();
} }
@Override
public int getCentralLoginLifespan() {
return realm.getCentralLoginLifespan();
}
@Override
public void setCentralLoginLifespan(int lifespan) {
realm.setCentralLoginLifespan(lifespan);
updateRealm();
}
@Override @Override
public int getRefreshTokenLifespan() { public int getRefreshTokenLifespan() {
return realm.getRefreshTokenLifespan(); return realm.getRefreshTokenLifespan();

View file

@ -23,12 +23,14 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
private boolean enabled; private boolean enabled;
private boolean sslNotRequired; private boolean sslNotRequired;
private boolean registrationAllowed; private boolean registrationAllowed;
private boolean rememberMe;
private boolean verifyEmail; private boolean verifyEmail;
private boolean resetPasswordAllowed; private boolean resetPasswordAllowed;
private boolean social; private boolean social;
private boolean updateProfileOnInitialSocialLogin; private boolean updateProfileOnInitialSocialLogin;
private String passwordPolicy; private String passwordPolicy;
private int centralLoginLifespan;
private int accessTokenLifespan; private int accessTokenLifespan;
private int accessCodeLifespan; private int accessCodeLifespan;
private int accessCodeLifespanUserAction; private int accessCodeLifespanUserAction;
@ -86,6 +88,15 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
this.registrationAllowed = registrationAllowed; this.registrationAllowed = registrationAllowed;
} }
@MongoField
public boolean isRememberMe() {
return rememberMe;
}
public void setRememberMe(boolean rememberMe) {
this.rememberMe = rememberMe;
}
@MongoField @MongoField
public boolean isVerifyEmail() { public boolean isVerifyEmail() {
return verifyEmail; return verifyEmail;
@ -131,6 +142,15 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
this.passwordPolicy = passwordPolicy; this.passwordPolicy = passwordPolicy;
} }
@MongoField
public int getCentralLoginLifespan() {
return centralLoginLifespan;
}
public void setCentralLoginLifespan(int centralLoginLifespan) {
this.centralLoginLifespan = centralLoginLifespan;
}
@MongoField @MongoField
public int getAccessTokenLifespan() { public int getAccessTokenLifespan() {
return accessTokenLifespan; return accessTokenLifespan;

View file

@ -46,6 +46,7 @@ public class ApplianceBootstrap {
realm.addRequiredCredential(CredentialRepresentation.PASSWORD); realm.addRequiredCredential(CredentialRepresentation.PASSWORD);
realm.addRequiredOAuthClientCredential(CredentialRepresentation.PASSWORD); realm.addRequiredOAuthClientCredential(CredentialRepresentation.PASSWORD);
realm.addRequiredResourceCredential(CredentialRepresentation.PASSWORD); realm.addRequiredResourceCredential(CredentialRepresentation.PASSWORD);
realm.setCentralLoginLifespan(3000);
realm.setAccessTokenLifespan(60); realm.setAccessTokenLifespan(60);
realm.setRefreshTokenLifespan(3600); realm.setRefreshTokenLifespan(3600);
realm.setAccessCodeLifespan(60); realm.setAccessCodeLifespan(60);

View file

@ -46,13 +46,12 @@ public class AuthenticationManager {
token.issuedNow(); token.issuedNow();
token.subject(user.getId()); token.subject(user.getId());
token.audience(realm.getName()); token.audience(realm.getName());
if (realm.getAccessTokenLifespan() > 0) { if (realm.getCentralLoginLifespan() > 0) {
token.expiration((System.currentTimeMillis() / 1000) + realm.getAccessTokenLifespan()); token.expiration((System.currentTimeMillis() / 1000) + realm.getCentralLoginLifespan());
} }
return token; return token;
} }
public NewCookie createLoginCookie(RealmModel realm, UserModel user, UriInfo uriInfo) { public NewCookie createLoginCookie(RealmModel realm, UserModel user, UriInfo uriInfo) {
String cookieName = KEYCLOAK_IDENTITY_COOKIE; String cookieName = KEYCLOAK_IDENTITY_COOKIE;
String cookiePath = getIdentityCookiePath(realm, uriInfo); String cookiePath = getIdentityCookiePath(realm, uriInfo);
@ -80,7 +79,13 @@ public class AuthenticationManager {
String encoded = encodeToken(realm, identityToken); String encoded = encodeToken(realm, identityToken);
boolean secureOnly = !realm.isSslNotRequired(); boolean secureOnly = !realm.isSslNotRequired();
logger.debug("creatingLoginCookie - name: {0} path: {1}", cookieName, cookiePath); logger.debug("creatingLoginCookie - name: {0} path: {1}", cookieName, cookiePath);
NewCookie cookie = new NewCookie(cookieName, encoded, cookiePath, null, null, NewCookie.DEFAULT_MAX_AGE, secureOnly, true); int maxAge = NewCookie.DEFAULT_MAX_AGE;
/*
if (realm.isRememberMe()) {
maxAge = realm.getCentralLoginLifespan();
}
*/
NewCookie cookie = new NewCookie(cookieName, encoded, cookiePath, null, null, maxAge, secureOnly, true);
return cookie; return cookie;
} }

View file

@ -69,9 +69,11 @@ public class ModelToRepresentation {
rep.setPublicKey(realm.getPublicKeyPem()); rep.setPublicKey(realm.getPublicKeyPem());
rep.setPrivateKey(realm.getPrivateKeyPem()); rep.setPrivateKey(realm.getPrivateKeyPem());
rep.setRegistrationAllowed(realm.isRegistrationAllowed()); rep.setRegistrationAllowed(realm.isRegistrationAllowed());
rep.setRememberMe(realm.isRememberMe());
rep.setVerifyEmail(realm.isVerifyEmail()); rep.setVerifyEmail(realm.isVerifyEmail());
rep.setResetPasswordAllowed(realm.isResetPasswordAllowed()); rep.setResetPasswordAllowed(realm.isResetPasswordAllowed());
rep.setAccessTokenLifespan(realm.getAccessTokenLifespan()); rep.setAccessTokenLifespan(realm.getAccessTokenLifespan());
rep.setCentralLoginLifespan(realm.getCentralLoginLifespan());
rep.setRefreshTokenLifespan(realm.getRefreshTokenLifespan()); rep.setRefreshTokenLifespan(realm.getRefreshTokenLifespan());
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan()); rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction()); rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction());

View file

@ -97,6 +97,7 @@ public class RealmManager {
if (rep.isEnabled() != null) realm.setEnabled(rep.isEnabled()); if (rep.isEnabled() != null) realm.setEnabled(rep.isEnabled());
if (rep.isSocial() != null) realm.setSocial(rep.isSocial()); if (rep.isSocial() != null) realm.setSocial(rep.isSocial());
if (rep.isRegistrationAllowed() != null) realm.setRegistrationAllowed(rep.isRegistrationAllowed()); if (rep.isRegistrationAllowed() != null) realm.setRegistrationAllowed(rep.isRegistrationAllowed());
if (rep.isRememberMe() != null) realm.setRememberMe(rep.isRememberMe());
if (rep.isVerifyEmail() != null) realm.setVerifyEmail(rep.isVerifyEmail()); if (rep.isVerifyEmail() != null) realm.setVerifyEmail(rep.isVerifyEmail());
if (rep.isResetPasswordAllowed() != null) realm.setResetPasswordAllowed(rep.isResetPasswordAllowed()); if (rep.isResetPasswordAllowed() != null) realm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
if (rep.isUpdateProfileOnInitialSocialLogin() != null) if (rep.isUpdateProfileOnInitialSocialLogin() != null)
@ -107,6 +108,7 @@ public class RealmManager {
realm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction()); realm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction());
if (rep.getAccessTokenLifespan() != null) realm.setAccessTokenLifespan(rep.getAccessTokenLifespan()); if (rep.getAccessTokenLifespan() != null) realm.setAccessTokenLifespan(rep.getAccessTokenLifespan());
if (rep.getRefreshTokenLifespan() != null) realm.setRefreshTokenLifespan(rep.getRefreshTokenLifespan()); if (rep.getRefreshTokenLifespan() != null) realm.setRefreshTokenLifespan(rep.getRefreshTokenLifespan());
if (rep.getCentralLoginLifespan() != null) realm.setCentralLoginLifespan(rep.getCentralLoginLifespan());
if (rep.getRequiredCredentials() != null) { if (rep.getRequiredCredentials() != null) {
realm.updateRequiredCredentials(rep.getRequiredCredentials()); realm.updateRequiredCredentials(rep.getRequiredCredentials());
} }
@ -163,7 +165,9 @@ public class RealmManager {
else newRealm.setAccessTokenLifespan(300); else newRealm.setAccessTokenLifespan(300);
if (rep.getRefreshTokenLifespan() != null) newRealm.setRefreshTokenLifespan(rep.getRefreshTokenLifespan()); if (rep.getRefreshTokenLifespan() != null) newRealm.setRefreshTokenLifespan(rep.getRefreshTokenLifespan());
else newRealm.setRefreshTokenLifespan(3600); else newRealm.setRefreshTokenLifespan(36000);
if (rep.getCentralLoginLifespan() != null) newRealm.setCentralLoginLifespan(rep.getCentralLoginLifespan());
else newRealm.setCentralLoginLifespan(300);
if (rep.getAccessCodeLifespan() != null) newRealm.setAccessCodeLifespan(rep.getAccessCodeLifespan()); if (rep.getAccessCodeLifespan() != null) newRealm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
else newRealm.setAccessCodeLifespan(60); else newRealm.setAccessCodeLifespan(60);
@ -174,6 +178,7 @@ public class RealmManager {
if (rep.isSslNotRequired() != null) newRealm.setSslNotRequired(rep.isSslNotRequired()); if (rep.isSslNotRequired() != null) newRealm.setSslNotRequired(rep.isSslNotRequired());
if (rep.isRegistrationAllowed() != null) newRealm.setRegistrationAllowed(rep.isRegistrationAllowed()); if (rep.isRegistrationAllowed() != null) newRealm.setRegistrationAllowed(rep.isRegistrationAllowed());
if (rep.isRememberMe() != null) newRealm.setRememberMe(rep.isRememberMe());
if (rep.isVerifyEmail() != null) newRealm.setVerifyEmail(rep.isVerifyEmail()); if (rep.isVerifyEmail() != null) newRealm.setVerifyEmail(rep.isVerifyEmail());
if (rep.isResetPasswordAllowed() != null) newRealm.setResetPasswordAllowed(rep.isResetPasswordAllowed()); if (rep.isResetPasswordAllowed() != null) newRealm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
if (rep.isUpdateProfileOnInitialSocialLogin() != null) if (rep.isUpdateProfileOnInitialSocialLogin() != null)

View file

@ -57,6 +57,7 @@ public class CompositeRoleTest {
RealmModel realm = manager.createRealm("Test"); RealmModel realm = manager.createRealm("Test");
manager.generateRealmKeys(realm); manager.generateRealmKeys(realm);
realmPublicKey = realm.getPublicKey(); realmPublicKey = realm.getPublicKey();
realm.setCentralLoginLifespan(3000);
realm.setAccessTokenLifespan(10000); realm.setAccessTokenLifespan(10000);
realm.setRefreshTokenLifespan(10000); realm.setRefreshTokenLifespan(10000);
realm.setAccessCodeLifespanUserAction(1000); realm.setAccessCodeLifespanUserAction(1000);