libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-40 Add default role to realm

Browse source
This commit is contained in:
Stian Thorgersen 2013-08-15 16:19:17 +01:00
parent fa90a8fd6b
commit 0301094fc9
16 changed files with 105 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
View file

@ -22,6 +22,7 @@ public class RealmRepresentation {
protected String privateKey;
protected String publicKey;
protected List<RoleRepresentation> roles;
protected String[] defaultRoles;
protected Set<String> requiredCredentials;
protected Set<String> requiredApplicationCredentials;
protected Set<String> requiredOAuthClientCredentials;
@ -183,6 +184,14 @@ public class RealmRepresentation {
this.roles = roles;
}
public String[] getDefaultRoles() {
return defaultRoles;
}
public void setDefaultRoles(String[] defaultRoles) {
this.defaultRoles = defaultRoles;
}
public String getPrivateKey() {
return privateKey;
}

1
examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
View file

@ -43,6 +43,7 @@ public class DemoApplication extends KeycloakApplication {
manager.generateRealmKeys(defaultRealm);
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
RealmModel realm = manager.createRealm("demo", rep.getRealm());

1
examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
View file

@ -11,6 +11,7 @@
"requiredCredentials": [ "password" ],
"requiredApplicationCredentials": [ "password" ],
"requiredOAuthClientCredentials": [ "password" ],
"defaultRoles": [ "user" ],
"users" : [
{
"username" : "bburke@redhat.com",

12
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -2,7 +2,6 @@ package org.keycloak.services.managers;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.*;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.services.models.*;
import java.security.KeyPair;
@ -84,6 +83,9 @@ public class RealmManager {
if (rep.getRequiredApplicationCredentials() != null) {
realm.updateRequiredApplicationCredentials(rep.getRequiredApplicationCredentials());
}
if (rep.getDefaultRoles() != null) {
realm.updateDefaultRoles(rep.getDefaultRoles());
}
}
public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
@ -131,8 +133,6 @@ public class RealmManager {
}
}
if (rep.getUsers() != null) {
for (UserRepresentation userRep : rep.getUsers()) {
UserModel user = createUser(newRealm, userRep);
@ -146,6 +146,12 @@ public class RealmManager {
}
}
if (rep.getDefaultRoles() != null) {
for (String roleString : rep.getDefaultRoles()) {
newRealm.addDefaultRole(roleString.trim());
}
}
if (rep.getApplications() != null) {
createResources(rep, newRealm);
}

6
services/src/main/java/org/keycloak/services/models/RealmModel.java
View file

@ -78,6 +78,12 @@ public interface RealmModel {
RoleModel addRole(String name);
List<RoleModel> getRoles();
List<RoleModel> getDefaultRoles();
void addDefaultRole(String name);
void updateDefaultRoles(String[] defaultRoles);
Map<String, ApplicationModel> getResourceNameMap();

1
services/src/main/java/org/keycloak/services/models/jpa/entities/RealmEntity.java
View file

@ -29,6 +29,7 @@ public class RealmEntity {
protected String publicKeyPem;
@Column(length = 2048)
protected String privateKeyPem;
protected String[] defaultRoles;
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
Collection<RequiredCredentailEntity> requiredCredentials;

45
services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java
View file

@ -40,6 +40,7 @@ import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@ -649,4 +650,48 @@ public class RealmAdapter implements RealmModel {
relationship.setRealm(realm.getName());
getRelationshipManager().add(relationship);
}
@Override
public List<RoleModel> getDefaultRoles() {
List<RoleModel> defaultRoleModels = new ArrayList<RoleModel>();
if (realm.getDefaultRoles() != null) {
for (String name : realm.getDefaultRoles()) {
RoleAdapter role = getRole(name);
if (role != null) {
defaultRoleModels.add(role);
}
}
}
return defaultRoleModels;
}
@Override
public void addDefaultRole(String name) {
if (getRole(name) == null) {
addRole(name);
}
String[] defaultRoles = realm.getDefaultRoles();
if (defaultRoles == null) {
defaultRoles = new String[1];
} else {
defaultRoles = Arrays.copyOf(defaultRoles, defaultRoles.length + 1);
}
defaultRoles[defaultRoles.length - 1] = name;
realm.setDefaultRoles(defaultRoles);
updateRealm();
}
@Override
public void updateDefaultRoles(String[] defaultRoles) {
for (String name : defaultRoles) {
if (getRole(name) == null) {
addRole(name);
}
}
realm.setDefaultRoles(defaultRoles);
updateRealm();
}
}

10
services/src/main/java/org/keycloak/services/models/picketlink/mappings/RealmData.java
View file

@ -19,6 +19,7 @@ public class RealmData extends AbstractPartition {
private int accessCodeLifespan;
private String publicKeyPem;
private String privateKeyPem;
private String[] defaultRoles;
public RealmData() {
super(null);
@ -116,4 +117,13 @@ public class RealmData extends AbstractPartition {
public void setPrivateKeyPem(String privateKeyPem) {
this.privateKeyPem = privateKeyPem;
}
@AttributeProperty
public String[] getDefaultRoles() {
return defaultRoles;
}
public void setDefaultRoles(String[] defaultRoles) {
this.defaultRoles = defaultRoles;
}
}

2
services/src/main/java/org/keycloak/services/models/picketlink/mappings/RealmEntity.java
View file

@ -46,6 +46,8 @@ public class RealmEntity implements Serializable {
@AttributeValue
@Column(length = 2048)
private String privateKeyPem;
@AttributeValue
private String[] defaultRoles;
public PartitionTypeEntity getPartitionTypeEntity() {

7
services/src/main/java/org/keycloak/services/resources/SaasService.java
View file

@ -376,8 +376,11 @@ public class SaasService {
credModel.setValue(cred.getValue());
defaultRealm.updateCredential(user, credModel);
}
RoleModel realmCreator = defaultRealm.getRole(REALM_CREATOR_ROLE);
defaultRealm.grantRole(user, realmCreator);
for (RoleModel role : defaultRealm.getDefaultRoles()) {
defaultRealm.grantRole(user, role);
}
return user;
}

7
services/src/main/java/org/keycloak/services/resources/SocialResource.java
View file

@ -147,10 +147,9 @@ public class SocialResource {
user = realm.addUser(provider.getId() + "." + socialUser.getId());
user.setAttribute(provider.getId() + ".id", socialUser.getId());
// TODO Grant default roles for realm when available
RoleModel defaultRole = realm.getRole("user");
realm.grantRole(user, defaultRole);
for (RoleModel role : realm.getDefaultRoles()) {
realm.grantRole(user, role);
}
}
if (!user.isEnabled()) {

7
services/src/main/java/org/keycloak/services/resources/TokenService.java
View file

@ -296,10 +296,9 @@ public class TokenService {
credentials.setValue(formData.getFirst("password"));
realm.updateCredential(user, credentials);
// TODO Grant default roles for realm when available
RoleModel defaultRole = realm.getRole("user");
realm.grantRole(user, defaultRole);
for (RoleModel role : realm.getDefaultRoles()) {
realm.grantRole(user, role);
}
return processLogin(clientId, scopeParam, state, redirect, formData);
}

5
services/src/test/java/org/keycloak/test/AdapterTest.java
View file

@ -75,6 +75,7 @@ public class AdapterTest {
realmModel.setPrivateKeyPem("0234234");
realmModel.setPublicKeyPem("0234234");
realmModel.setTokenLifespan(1000);
realmModel.addDefaultRole("foo");
System.out.println(realmModel.getId());
realmModel = adapter.getRealm(realmModel.getId());
@ -85,6 +86,8 @@ public class AdapterTest {
Assert.assertEquals(realmModel.getName(), "JUGGLER");
Assert.assertEquals(realmModel.getPrivateKeyPem(), "0234234");
Assert.assertEquals(realmModel.getPublicKeyPem(), "0234234");
Assert.assertEquals(1, realmModel.getDefaultRoles().size());
Assert.assertEquals("foo", realmModel.getDefaultRoles().get(0).getName());
}
@Test
@ -134,7 +137,7 @@ public class AdapterTest {
realmModel.addRole("admin");
realmModel.addRole("user");
List<RoleModel> roles = realmModel.getRoles();
Assert.assertEquals(5, roles.size());
Assert.assertEquals(6, roles.size());
UserModel user = realmModel.addUser("bburke");
RoleModel role = realmModel.getRole("user");
realmModel.grantRole(user, role);

4
services/src/test/java/org/keycloak/test/ImportTest.java
View file

@ -72,6 +72,10 @@ public class ImportTest {
Assert.assertEquals(1, creds.size());
RequiredCredentialModel cred = creds.get(0);
Assert.assertEquals("password", cred.getFormLabel());
Assert.assertEquals(2, realm.getDefaultRoles().size());
Assert.assertNotNull(realm.getRole("foo"));
Assert.assertNotNull(realm.getRole("bar"));
UserModel user = realm.getUser("loginclient");
Assert.assertNotNull(user);

1
services/src/test/java/org/keycloak/test/InstallationManager.java
View file

@ -24,6 +24,7 @@ public class InstallationManager {
manager.generateRealmKeys(defaultRealm);
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
}
public boolean isInstalled(RealmManager manager) {

1
services/src/test/resources/testrealm.json
View file

@ -6,6 +6,7 @@
"requiredCredentials": [ "password" ],
"requiredApplicationCredentials": [ "password" ],
"requiredOAuthClientCredentials": [ "password" ],
"defaultRoles": [ "foo", "bar" ],
"users": [
{
"username": "wburke",