KEYCLOAK-40 Add default role to realm
This commit is contained in:
parent
fa90a8fd6b
commit
0301094fc9
16 changed files with 105 additions and 14 deletions
|
@ -22,6 +22,7 @@ public class RealmRepresentation {
|
||||||
protected String privateKey;
|
protected String privateKey;
|
||||||
protected String publicKey;
|
protected String publicKey;
|
||||||
protected List<RoleRepresentation> roles;
|
protected List<RoleRepresentation> roles;
|
||||||
|
protected String[] defaultRoles;
|
||||||
protected Set<String> requiredCredentials;
|
protected Set<String> requiredCredentials;
|
||||||
protected Set<String> requiredApplicationCredentials;
|
protected Set<String> requiredApplicationCredentials;
|
||||||
protected Set<String> requiredOAuthClientCredentials;
|
protected Set<String> requiredOAuthClientCredentials;
|
||||||
|
@ -183,6 +184,14 @@ public class RealmRepresentation {
|
||||||
this.roles = roles;
|
this.roles = roles;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String[] getDefaultRoles() {
|
||||||
|
return defaultRoles;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setDefaultRoles(String[] defaultRoles) {
|
||||||
|
this.defaultRoles = defaultRoles;
|
||||||
|
}
|
||||||
|
|
||||||
public String getPrivateKey() {
|
public String getPrivateKey() {
|
||||||
return privateKey;
|
return privateKey;
|
||||||
}
|
}
|
||||||
|
|
|
@ -43,6 +43,7 @@ public class DemoApplication extends KeycloakApplication {
|
||||||
manager.generateRealmKeys(defaultRealm);
|
manager.generateRealmKeys(defaultRealm);
|
||||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||||
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
||||||
|
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
|
||||||
|
|
||||||
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
|
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
|
||||||
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
"requiredCredentials": [ "password" ],
|
"requiredCredentials": [ "password" ],
|
||||||
"requiredApplicationCredentials": [ "password" ],
|
"requiredApplicationCredentials": [ "password" ],
|
||||||
"requiredOAuthClientCredentials": [ "password" ],
|
"requiredOAuthClientCredentials": [ "password" ],
|
||||||
|
"defaultRoles": [ "user" ],
|
||||||
"users" : [
|
"users" : [
|
||||||
{
|
{
|
||||||
"username" : "bburke@redhat.com",
|
"username" : "bburke@redhat.com",
|
||||||
|
|
|
@ -2,7 +2,6 @@ package org.keycloak.services.managers;
|
||||||
|
|
||||||
import org.jboss.resteasy.logging.Logger;
|
import org.jboss.resteasy.logging.Logger;
|
||||||
import org.keycloak.representations.idm.*;
|
import org.keycloak.representations.idm.*;
|
||||||
import org.keycloak.representations.idm.ApplicationRepresentation;
|
|
||||||
import org.keycloak.services.models.*;
|
import org.keycloak.services.models.*;
|
||||||
|
|
||||||
import java.security.KeyPair;
|
import java.security.KeyPair;
|
||||||
|
@ -84,6 +83,9 @@ public class RealmManager {
|
||||||
if (rep.getRequiredApplicationCredentials() != null) {
|
if (rep.getRequiredApplicationCredentials() != null) {
|
||||||
realm.updateRequiredApplicationCredentials(rep.getRequiredApplicationCredentials());
|
realm.updateRequiredApplicationCredentials(rep.getRequiredApplicationCredentials());
|
||||||
}
|
}
|
||||||
|
if (rep.getDefaultRoles() != null) {
|
||||||
|
realm.updateDefaultRoles(rep.getDefaultRoles());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
|
public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
|
||||||
|
@ -131,8 +133,6 @@ public class RealmManager {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if (rep.getUsers() != null) {
|
if (rep.getUsers() != null) {
|
||||||
for (UserRepresentation userRep : rep.getUsers()) {
|
for (UserRepresentation userRep : rep.getUsers()) {
|
||||||
UserModel user = createUser(newRealm, userRep);
|
UserModel user = createUser(newRealm, userRep);
|
||||||
|
@ -146,6 +146,12 @@ public class RealmManager {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (rep.getDefaultRoles() != null) {
|
||||||
|
for (String roleString : rep.getDefaultRoles()) {
|
||||||
|
newRealm.addDefaultRole(roleString.trim());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (rep.getApplications() != null) {
|
if (rep.getApplications() != null) {
|
||||||
createResources(rep, newRealm);
|
createResources(rep, newRealm);
|
||||||
}
|
}
|
||||||
|
|
|
@ -79,6 +79,12 @@ public interface RealmModel {
|
||||||
|
|
||||||
List<RoleModel> getRoles();
|
List<RoleModel> getRoles();
|
||||||
|
|
||||||
|
List<RoleModel> getDefaultRoles();
|
||||||
|
|
||||||
|
void addDefaultRole(String name);
|
||||||
|
|
||||||
|
void updateDefaultRoles(String[] defaultRoles);
|
||||||
|
|
||||||
Map<String, ApplicationModel> getResourceNameMap();
|
Map<String, ApplicationModel> getResourceNameMap();
|
||||||
|
|
||||||
List<ApplicationModel> getApplications();
|
List<ApplicationModel> getApplications();
|
||||||
|
|
|
@ -29,6 +29,7 @@ public class RealmEntity {
|
||||||
protected String publicKeyPem;
|
protected String publicKeyPem;
|
||||||
@Column(length = 2048)
|
@Column(length = 2048)
|
||||||
protected String privateKeyPem;
|
protected String privateKeyPem;
|
||||||
|
protected String[] defaultRoles;
|
||||||
|
|
||||||
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
|
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
|
||||||
Collection<RequiredCredentailEntity> requiredCredentials;
|
Collection<RequiredCredentailEntity> requiredCredentials;
|
||||||
|
|
|
@ -40,6 +40,7 @@ import java.security.PrivateKey;
|
||||||
import java.security.PublicKey;
|
import java.security.PublicKey;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.Arrays;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -649,4 +650,48 @@ public class RealmAdapter implements RealmModel {
|
||||||
relationship.setRealm(realm.getName());
|
relationship.setRealm(realm.getName());
|
||||||
getRelationshipManager().add(relationship);
|
getRelationshipManager().add(relationship);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<RoleModel> getDefaultRoles() {
|
||||||
|
List<RoleModel> defaultRoleModels = new ArrayList<RoleModel>();
|
||||||
|
if (realm.getDefaultRoles() != null) {
|
||||||
|
for (String name : realm.getDefaultRoles()) {
|
||||||
|
RoleAdapter role = getRole(name);
|
||||||
|
if (role != null) {
|
||||||
|
defaultRoleModels.add(role);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return defaultRoleModels;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void addDefaultRole(String name) {
|
||||||
|
if (getRole(name) == null) {
|
||||||
|
addRole(name);
|
||||||
|
}
|
||||||
|
|
||||||
|
String[] defaultRoles = realm.getDefaultRoles();
|
||||||
|
if (defaultRoles == null) {
|
||||||
|
defaultRoles = new String[1];
|
||||||
|
} else {
|
||||||
|
defaultRoles = Arrays.copyOf(defaultRoles, defaultRoles.length + 1);
|
||||||
|
}
|
||||||
|
defaultRoles[defaultRoles.length - 1] = name;
|
||||||
|
|
||||||
|
realm.setDefaultRoles(defaultRoles);
|
||||||
|
updateRealm();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void updateDefaultRoles(String[] defaultRoles) {
|
||||||
|
for (String name : defaultRoles) {
|
||||||
|
if (getRole(name) == null) {
|
||||||
|
addRole(name);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
realm.setDefaultRoles(defaultRoles);
|
||||||
|
updateRealm();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,6 +19,7 @@ public class RealmData extends AbstractPartition {
|
||||||
private int accessCodeLifespan;
|
private int accessCodeLifespan;
|
||||||
private String publicKeyPem;
|
private String publicKeyPem;
|
||||||
private String privateKeyPem;
|
private String privateKeyPem;
|
||||||
|
private String[] defaultRoles;
|
||||||
|
|
||||||
public RealmData() {
|
public RealmData() {
|
||||||
super(null);
|
super(null);
|
||||||
|
@ -116,4 +117,13 @@ public class RealmData extends AbstractPartition {
|
||||||
public void setPrivateKeyPem(String privateKeyPem) {
|
public void setPrivateKeyPem(String privateKeyPem) {
|
||||||
this.privateKeyPem = privateKeyPem;
|
this.privateKeyPem = privateKeyPem;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@AttributeProperty
|
||||||
|
public String[] getDefaultRoles() {
|
||||||
|
return defaultRoles;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setDefaultRoles(String[] defaultRoles) {
|
||||||
|
this.defaultRoles = defaultRoles;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,6 +46,8 @@ public class RealmEntity implements Serializable {
|
||||||
@AttributeValue
|
@AttributeValue
|
||||||
@Column(length = 2048)
|
@Column(length = 2048)
|
||||||
private String privateKeyPem;
|
private String privateKeyPem;
|
||||||
|
@AttributeValue
|
||||||
|
private String[] defaultRoles;
|
||||||
|
|
||||||
|
|
||||||
public PartitionTypeEntity getPartitionTypeEntity() {
|
public PartitionTypeEntity getPartitionTypeEntity() {
|
||||||
|
|
|
@ -376,8 +376,11 @@ public class SaasService {
|
||||||
credModel.setValue(cred.getValue());
|
credModel.setValue(cred.getValue());
|
||||||
defaultRealm.updateCredential(user, credModel);
|
defaultRealm.updateCredential(user, credModel);
|
||||||
}
|
}
|
||||||
RoleModel realmCreator = defaultRealm.getRole(REALM_CREATOR_ROLE);
|
|
||||||
defaultRealm.grantRole(user, realmCreator);
|
for (RoleModel role : defaultRealm.getDefaultRoles()) {
|
||||||
|
defaultRealm.grantRole(user, role);
|
||||||
|
}
|
||||||
|
|
||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -147,10 +147,9 @@ public class SocialResource {
|
||||||
user = realm.addUser(provider.getId() + "." + socialUser.getId());
|
user = realm.addUser(provider.getId() + "." + socialUser.getId());
|
||||||
user.setAttribute(provider.getId() + ".id", socialUser.getId());
|
user.setAttribute(provider.getId() + ".id", socialUser.getId());
|
||||||
|
|
||||||
// TODO Grant default roles for realm when available
|
for (RoleModel role : realm.getDefaultRoles()) {
|
||||||
RoleModel defaultRole = realm.getRole("user");
|
realm.grantRole(user, role);
|
||||||
|
}
|
||||||
realm.grantRole(user, defaultRole);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!user.isEnabled()) {
|
if (!user.isEnabled()) {
|
||||||
|
|
|
@ -296,10 +296,9 @@ public class TokenService {
|
||||||
credentials.setValue(formData.getFirst("password"));
|
credentials.setValue(formData.getFirst("password"));
|
||||||
realm.updateCredential(user, credentials);
|
realm.updateCredential(user, credentials);
|
||||||
|
|
||||||
// TODO Grant default roles for realm when available
|
for (RoleModel role : realm.getDefaultRoles()) {
|
||||||
RoleModel defaultRole = realm.getRole("user");
|
realm.grantRole(user, role);
|
||||||
|
}
|
||||||
realm.grantRole(user, defaultRole);
|
|
||||||
|
|
||||||
return processLogin(clientId, scopeParam, state, redirect, formData);
|
return processLogin(clientId, scopeParam, state, redirect, formData);
|
||||||
}
|
}
|
||||||
|
|
|
@ -75,6 +75,7 @@ public class AdapterTest {
|
||||||
realmModel.setPrivateKeyPem("0234234");
|
realmModel.setPrivateKeyPem("0234234");
|
||||||
realmModel.setPublicKeyPem("0234234");
|
realmModel.setPublicKeyPem("0234234");
|
||||||
realmModel.setTokenLifespan(1000);
|
realmModel.setTokenLifespan(1000);
|
||||||
|
realmModel.addDefaultRole("foo");
|
||||||
|
|
||||||
System.out.println(realmModel.getId());
|
System.out.println(realmModel.getId());
|
||||||
realmModel = adapter.getRealm(realmModel.getId());
|
realmModel = adapter.getRealm(realmModel.getId());
|
||||||
|
@ -85,6 +86,8 @@ public class AdapterTest {
|
||||||
Assert.assertEquals(realmModel.getName(), "JUGGLER");
|
Assert.assertEquals(realmModel.getName(), "JUGGLER");
|
||||||
Assert.assertEquals(realmModel.getPrivateKeyPem(), "0234234");
|
Assert.assertEquals(realmModel.getPrivateKeyPem(), "0234234");
|
||||||
Assert.assertEquals(realmModel.getPublicKeyPem(), "0234234");
|
Assert.assertEquals(realmModel.getPublicKeyPem(), "0234234");
|
||||||
|
Assert.assertEquals(1, realmModel.getDefaultRoles().size());
|
||||||
|
Assert.assertEquals("foo", realmModel.getDefaultRoles().get(0).getName());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -134,7 +137,7 @@ public class AdapterTest {
|
||||||
realmModel.addRole("admin");
|
realmModel.addRole("admin");
|
||||||
realmModel.addRole("user");
|
realmModel.addRole("user");
|
||||||
List<RoleModel> roles = realmModel.getRoles();
|
List<RoleModel> roles = realmModel.getRoles();
|
||||||
Assert.assertEquals(5, roles.size());
|
Assert.assertEquals(6, roles.size());
|
||||||
UserModel user = realmModel.addUser("bburke");
|
UserModel user = realmModel.addUser("bburke");
|
||||||
RoleModel role = realmModel.getRole("user");
|
RoleModel role = realmModel.getRole("user");
|
||||||
realmModel.grantRole(user, role);
|
realmModel.grantRole(user, role);
|
||||||
|
|
|
@ -72,6 +72,10 @@ public class ImportTest {
|
||||||
Assert.assertEquals(1, creds.size());
|
Assert.assertEquals(1, creds.size());
|
||||||
RequiredCredentialModel cred = creds.get(0);
|
RequiredCredentialModel cred = creds.get(0);
|
||||||
Assert.assertEquals("password", cred.getFormLabel());
|
Assert.assertEquals("password", cred.getFormLabel());
|
||||||
|
Assert.assertEquals(2, realm.getDefaultRoles().size());
|
||||||
|
|
||||||
|
Assert.assertNotNull(realm.getRole("foo"));
|
||||||
|
Assert.assertNotNull(realm.getRole("bar"));
|
||||||
|
|
||||||
UserModel user = realm.getUser("loginclient");
|
UserModel user = realm.getUser("loginclient");
|
||||||
Assert.assertNotNull(user);
|
Assert.assertNotNull(user);
|
||||||
|
|
|
@ -24,6 +24,7 @@ public class InstallationManager {
|
||||||
manager.generateRealmKeys(defaultRealm);
|
manager.generateRealmKeys(defaultRealm);
|
||||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||||
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
||||||
|
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isInstalled(RealmManager manager) {
|
public boolean isInstalled(RealmManager manager) {
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
"requiredCredentials": [ "password" ],
|
"requiredCredentials": [ "password" ],
|
||||||
"requiredApplicationCredentials": [ "password" ],
|
"requiredApplicationCredentials": [ "password" ],
|
||||||
"requiredOAuthClientCredentials": [ "password" ],
|
"requiredOAuthClientCredentials": [ "password" ],
|
||||||
|
"defaultRoles": [ "foo", "bar" ],
|
||||||
"users": [
|
"users": [
|
||||||
{
|
{
|
||||||
"username": "wburke",
|
"username": "wburke",
|
||||||
|
|
Loading…
Reference in a new issue