KEYCLOAK-40 Add default role to realm

This commit is contained in:
Stian Thorgersen 2013-08-15 16:19:17 +01:00
parent fa90a8fd6b
commit 0301094fc9
16 changed files with 105 additions and 14 deletions

View file

@ -22,6 +22,7 @@ public class RealmRepresentation {
protected String privateKey; protected String privateKey;
protected String publicKey; protected String publicKey;
protected List<RoleRepresentation> roles; protected List<RoleRepresentation> roles;
protected String[] defaultRoles;
protected Set<String> requiredCredentials; protected Set<String> requiredCredentials;
protected Set<String> requiredApplicationCredentials; protected Set<String> requiredApplicationCredentials;
protected Set<String> requiredOAuthClientCredentials; protected Set<String> requiredOAuthClientCredentials;
@ -183,6 +184,14 @@ public class RealmRepresentation {
this.roles = roles; this.roles = roles;
} }
public String[] getDefaultRoles() {
return defaultRoles;
}
public void setDefaultRoles(String[] defaultRoles) {
this.defaultRoles = defaultRoles;
}
public String getPrivateKey() { public String getPrivateKey() {
return privateKey; return privateKey;
} }

View file

@ -43,6 +43,7 @@ public class DemoApplication extends KeycloakApplication {
manager.generateRealmKeys(defaultRealm); manager.generateRealmKeys(defaultRealm);
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD); defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE); defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
RealmRepresentation rep = loadJson("META-INF/testrealm.json"); RealmRepresentation rep = loadJson("META-INF/testrealm.json");
RealmModel realm = manager.createRealm("demo", rep.getRealm()); RealmModel realm = manager.createRealm("demo", rep.getRealm());

View file

@ -11,6 +11,7 @@
"requiredCredentials": [ "password" ], "requiredCredentials": [ "password" ],
"requiredApplicationCredentials": [ "password" ], "requiredApplicationCredentials": [ "password" ],
"requiredOAuthClientCredentials": [ "password" ], "requiredOAuthClientCredentials": [ "password" ],
"defaultRoles": [ "user" ],
"users" : [ "users" : [
{ {
"username" : "bburke@redhat.com", "username" : "bburke@redhat.com",

View file

@ -2,7 +2,6 @@ package org.keycloak.services.managers;
import org.jboss.resteasy.logging.Logger; import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.*; import org.keycloak.representations.idm.*;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.services.models.*; import org.keycloak.services.models.*;
import java.security.KeyPair; import java.security.KeyPair;
@ -84,6 +83,9 @@ public class RealmManager {
if (rep.getRequiredApplicationCredentials() != null) { if (rep.getRequiredApplicationCredentials() != null) {
realm.updateRequiredApplicationCredentials(rep.getRequiredApplicationCredentials()); realm.updateRequiredApplicationCredentials(rep.getRequiredApplicationCredentials());
} }
if (rep.getDefaultRoles() != null) {
realm.updateDefaultRoles(rep.getDefaultRoles());
}
} }
public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) { public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
@ -131,8 +133,6 @@ public class RealmManager {
} }
} }
if (rep.getUsers() != null) { if (rep.getUsers() != null) {
for (UserRepresentation userRep : rep.getUsers()) { for (UserRepresentation userRep : rep.getUsers()) {
UserModel user = createUser(newRealm, userRep); UserModel user = createUser(newRealm, userRep);
@ -146,6 +146,12 @@ public class RealmManager {
} }
} }
if (rep.getDefaultRoles() != null) {
for (String roleString : rep.getDefaultRoles()) {
newRealm.addDefaultRole(roleString.trim());
}
}
if (rep.getApplications() != null) { if (rep.getApplications() != null) {
createResources(rep, newRealm); createResources(rep, newRealm);
} }

View file

@ -79,6 +79,12 @@ public interface RealmModel {
List<RoleModel> getRoles(); List<RoleModel> getRoles();
List<RoleModel> getDefaultRoles();
void addDefaultRole(String name);
void updateDefaultRoles(String[] defaultRoles);
Map<String, ApplicationModel> getResourceNameMap(); Map<String, ApplicationModel> getResourceNameMap();
List<ApplicationModel> getApplications(); List<ApplicationModel> getApplications();

View file

@ -29,6 +29,7 @@ public class RealmEntity {
protected String publicKeyPem; protected String publicKeyPem;
@Column(length = 2048) @Column(length = 2048)
protected String privateKeyPem; protected String privateKeyPem;
protected String[] defaultRoles;
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true) @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
Collection<RequiredCredentailEntity> requiredCredentials; Collection<RequiredCredentailEntity> requiredCredentials;

View file

@ -40,6 +40,7 @@ import java.security.PrivateKey;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
@ -649,4 +650,48 @@ public class RealmAdapter implements RealmModel {
relationship.setRealm(realm.getName()); relationship.setRealm(realm.getName());
getRelationshipManager().add(relationship); getRelationshipManager().add(relationship);
} }
@Override
public List<RoleModel> getDefaultRoles() {
List<RoleModel> defaultRoleModels = new ArrayList<RoleModel>();
if (realm.getDefaultRoles() != null) {
for (String name : realm.getDefaultRoles()) {
RoleAdapter role = getRole(name);
if (role != null) {
defaultRoleModels.add(role);
}
}
}
return defaultRoleModels;
}
@Override
public void addDefaultRole(String name) {
if (getRole(name) == null) {
addRole(name);
}
String[] defaultRoles = realm.getDefaultRoles();
if (defaultRoles == null) {
defaultRoles = new String[1];
} else {
defaultRoles = Arrays.copyOf(defaultRoles, defaultRoles.length + 1);
}
defaultRoles[defaultRoles.length - 1] = name;
realm.setDefaultRoles(defaultRoles);
updateRealm();
}
@Override
public void updateDefaultRoles(String[] defaultRoles) {
for (String name : defaultRoles) {
if (getRole(name) == null) {
addRole(name);
}
}
realm.setDefaultRoles(defaultRoles);
updateRealm();
}
} }

View file

@ -19,6 +19,7 @@ public class RealmData extends AbstractPartition {
private int accessCodeLifespan; private int accessCodeLifespan;
private String publicKeyPem; private String publicKeyPem;
private String privateKeyPem; private String privateKeyPem;
private String[] defaultRoles;
public RealmData() { public RealmData() {
super(null); super(null);
@ -116,4 +117,13 @@ public class RealmData extends AbstractPartition {
public void setPrivateKeyPem(String privateKeyPem) { public void setPrivateKeyPem(String privateKeyPem) {
this.privateKeyPem = privateKeyPem; this.privateKeyPem = privateKeyPem;
} }
@AttributeProperty
public String[] getDefaultRoles() {
return defaultRoles;
}
public void setDefaultRoles(String[] defaultRoles) {
this.defaultRoles = defaultRoles;
}
} }

View file

@ -46,6 +46,8 @@ public class RealmEntity implements Serializable {
@AttributeValue @AttributeValue
@Column(length = 2048) @Column(length = 2048)
private String privateKeyPem; private String privateKeyPem;
@AttributeValue
private String[] defaultRoles;
public PartitionTypeEntity getPartitionTypeEntity() { public PartitionTypeEntity getPartitionTypeEntity() {

View file

@ -376,8 +376,11 @@ public class SaasService {
credModel.setValue(cred.getValue()); credModel.setValue(cred.getValue());
defaultRealm.updateCredential(user, credModel); defaultRealm.updateCredential(user, credModel);
} }
RoleModel realmCreator = defaultRealm.getRole(REALM_CREATOR_ROLE);
defaultRealm.grantRole(user, realmCreator); for (RoleModel role : defaultRealm.getDefaultRoles()) {
defaultRealm.grantRole(user, role);
}
return user; return user;
} }

View file

@ -147,10 +147,9 @@ public class SocialResource {
user = realm.addUser(provider.getId() + "." + socialUser.getId()); user = realm.addUser(provider.getId() + "." + socialUser.getId());
user.setAttribute(provider.getId() + ".id", socialUser.getId()); user.setAttribute(provider.getId() + ".id", socialUser.getId());
// TODO Grant default roles for realm when available for (RoleModel role : realm.getDefaultRoles()) {
RoleModel defaultRole = realm.getRole("user"); realm.grantRole(user, role);
}
realm.grantRole(user, defaultRole);
} }
if (!user.isEnabled()) { if (!user.isEnabled()) {

View file

@ -296,10 +296,9 @@ public class TokenService {
credentials.setValue(formData.getFirst("password")); credentials.setValue(formData.getFirst("password"));
realm.updateCredential(user, credentials); realm.updateCredential(user, credentials);
// TODO Grant default roles for realm when available for (RoleModel role : realm.getDefaultRoles()) {
RoleModel defaultRole = realm.getRole("user"); realm.grantRole(user, role);
}
realm.grantRole(user, defaultRole);
return processLogin(clientId, scopeParam, state, redirect, formData); return processLogin(clientId, scopeParam, state, redirect, formData);
} }

View file

@ -75,6 +75,7 @@ public class AdapterTest {
realmModel.setPrivateKeyPem("0234234"); realmModel.setPrivateKeyPem("0234234");
realmModel.setPublicKeyPem("0234234"); realmModel.setPublicKeyPem("0234234");
realmModel.setTokenLifespan(1000); realmModel.setTokenLifespan(1000);
realmModel.addDefaultRole("foo");
System.out.println(realmModel.getId()); System.out.println(realmModel.getId());
realmModel = adapter.getRealm(realmModel.getId()); realmModel = adapter.getRealm(realmModel.getId());
@ -85,6 +86,8 @@ public class AdapterTest {
Assert.assertEquals(realmModel.getName(), "JUGGLER"); Assert.assertEquals(realmModel.getName(), "JUGGLER");
Assert.assertEquals(realmModel.getPrivateKeyPem(), "0234234"); Assert.assertEquals(realmModel.getPrivateKeyPem(), "0234234");
Assert.assertEquals(realmModel.getPublicKeyPem(), "0234234"); Assert.assertEquals(realmModel.getPublicKeyPem(), "0234234");
Assert.assertEquals(1, realmModel.getDefaultRoles().size());
Assert.assertEquals("foo", realmModel.getDefaultRoles().get(0).getName());
} }
@Test @Test
@ -134,7 +137,7 @@ public class AdapterTest {
realmModel.addRole("admin"); realmModel.addRole("admin");
realmModel.addRole("user"); realmModel.addRole("user");
List<RoleModel> roles = realmModel.getRoles(); List<RoleModel> roles = realmModel.getRoles();
Assert.assertEquals(5, roles.size()); Assert.assertEquals(6, roles.size());
UserModel user = realmModel.addUser("bburke"); UserModel user = realmModel.addUser("bburke");
RoleModel role = realmModel.getRole("user"); RoleModel role = realmModel.getRole("user");
realmModel.grantRole(user, role); realmModel.grantRole(user, role);

View file

@ -72,6 +72,10 @@ public class ImportTest {
Assert.assertEquals(1, creds.size()); Assert.assertEquals(1, creds.size());
RequiredCredentialModel cred = creds.get(0); RequiredCredentialModel cred = creds.get(0);
Assert.assertEquals("password", cred.getFormLabel()); Assert.assertEquals("password", cred.getFormLabel());
Assert.assertEquals(2, realm.getDefaultRoles().size());
Assert.assertNotNull(realm.getRole("foo"));
Assert.assertNotNull(realm.getRole("bar"));
UserModel user = realm.getUser("loginclient"); UserModel user = realm.getUser("loginclient");
Assert.assertNotNull(user); Assert.assertNotNull(user);

View file

@ -24,6 +24,7 @@ public class InstallationManager {
manager.generateRealmKeys(defaultRealm); manager.generateRealmKeys(defaultRealm);
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD); defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE); defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
} }
public boolean isInstalled(RealmManager manager) { public boolean isInstalled(RealmManager manager) {

View file

@ -6,6 +6,7 @@
"requiredCredentials": [ "password" ], "requiredCredentials": [ "password" ],
"requiredApplicationCredentials": [ "password" ], "requiredApplicationCredentials": [ "password" ],
"requiredOAuthClientCredentials": [ "password" ], "requiredOAuthClientCredentials": [ "password" ],
"defaultRoles": [ "foo", "bar" ],
"users": [ "users": [
{ {
"username": "wburke", "username": "wburke",