[KEYCLOAK-3154] - Rename Photoz modules and directories to remove UMA identifier

This commit is contained in:
Pedro Igor 2016-06-22 14:33:29 -03:00
parent 905421a292
commit 07824bdc4d
43 changed files with 289 additions and 270 deletions

View file

@ -1,207 +0,0 @@
var module = angular.module('photoz-uma', ['ngRoute', 'ngResource']);
var Identity = {};
angular.element(document).ready(function ($http) {
var keycloakAuth = new Keycloak('keycloak.json');
Identity.loggedIn = false;
keycloakAuth.init({onLoad: 'login-required'}).success(function () {
Identity.loggedIn = true;
Identity.authz = keycloakAuth;
Identity.logout = function () {
Identity.loggedIn = false;
Identity.claim = {};
Identity.authc = null;
window.location = this.authz.authServerUrl + "/realms/photoz-uma/protocol/openid-connect/logout?redirect_uri=http://localhost:8080/photoz-uma-html5-client/index.html";
Identity.authz = null;
};
Identity.claim = {};
Identity.claim.name = Identity.authz.idTokenParsed.name;
Identity.hasRole = function (name) {
if (Identity.authz && Identity.authz.hasRealmRole(name)) {
return true;
}
return false;
};
Identity.isAdmin = function () {
return this.hasRole("admin");
};
Identity.authc = {};
Identity.authc.token = Identity.authz.token;
module.factory('Identity', function () {
return Identity;
});
angular.bootstrap(document, ["photoz-uma"]);
}).error(function () {
window.location.reload();
});
});
module.controller('GlobalCtrl', function ($scope, $http, $route, $location, Album, Identity) {
Album.query(function (albums) {
$scope.albums = albums;
});
$scope.Identity = Identity;
$scope.deleteAlbum = function (album) {
new Album(album).$delete({id: album.id}, function () {
$route.reload();
});
}
});
module.controller('TokenCtrl', function ($scope, Identity) {
$scope.showRpt = function () {
document.getElementById("output").innerHTML = JSON.stringify(jwt_decode(Identity.uma.rpt.rpt), null, ' ');
}
$scope.showAccessToken = function () {
document.getElementById("output").innerHTML = JSON.stringify(jwt_decode(Identity.authc.token), null, ' ');
}
$scope.requestEntitlements = function () {
var request = new XMLHttpRequest();
request.open("GET", "http://localhost:8080/auth/realms/photoz-uma/authz/entitlement/photoz-uma-restful-api", true);
request.setRequestHeader("Authorization", "Bearer " + Identity.authc.token);
request.onreadystatechange = function () {
if (request.readyState == 4 && request.status == 200) {
Identity.uma.rpt = JSON.parse(request.responseText);
}
}
request.send(null);
}
});
module.controller('AlbumCtrl', function ($scope, $http, $routeParams, $location, Album) {
$scope.album = {};
if ($routeParams.id) {
$scope.album = Album.get({id: $routeParams.id});
}
$scope.create = function () {
var newAlbum = new Album($scope.album);
newAlbum.$save({}, function (data) {
$location.path('/');
});
};
});
module.controller('ProfileCtrl', function ($scope, $http, $routeParams, $location, Profile) {
$scope.profile = Profile.get();
});
module.controller('AdminAlbumCtrl', function ($scope, $http, $route, AdminAlbum, Album) {
$scope.albums = {};
$http.get('/photoz-uma-restful-api/admin/album').success(function (data) {
$scope.albums = data;
});
$scope.deleteAlbum = function (album) {
var newAlbum = new Album(album);
newAlbum.$delete({id: album.id}, function () {
$route.reload();
});
}
});
module.factory('Album', ['$resource', function ($resource) {
return $resource('http://localhost:8080/photoz-uma-restful-api/album/:id');
}]);
module.factory('Profile', ['$resource', function ($resource) {
return $resource('http://localhost:8080/photoz-uma-restful-api/profile');
}]);
module.factory('AdminAlbum', ['$resource', function ($resource) {
return $resource('http://localhost:8080/photoz-uma-restful-api/admin/album/:id');
}]);
module.factory('authInterceptor', function ($q, $injector, $timeout, Identity) {
return {
request: function (request) {
document.getElementById("output").innerHTML = '';
if (Identity.uma && Identity.uma.rpt && request.url.indexOf('/authorize') == -1) {
retries = 0;
request.headers.Authorization = 'Bearer ' + Identity.uma.rpt.rpt;
} else {
request.headers.Authorization = 'Bearer ' + Identity.authc.token;
}
return request;
},
responseError: function (rejection) {
if (rejection.status == 403 || rejection.status == 401) {
var retry = (!rejection.config.retry || rejection.config.retry < 1);
if (!retry) {
document.getElementById("output").innerHTML = 'You can not access or perform the requested operation on this resource.';
return $q.reject(rejection);
}
if (rejection.config.url.indexOf('/authorize') == -1 && retry) {
if (rejection.status == 401) {
console.log("Here");
var authenticateHeader = rejection.headers('WWW-Authenticate');
if (authenticateHeader.startsWith('UMA')) {
var params = authenticateHeader.split(',');
for (i = 0; i < params.length; i++) {
var param = params[i].split('=');
if (param[0] == 'ticket') {
var ticket = param[1].substring(1, param[1].length - 1).trim();
var data = JSON.stringify({
ticket: ticket,
rpt: Identity.uma ? Identity.uma.rpt.rpt : ""
});
var $http = $injector.get("$http");
var deferred = $q.defer();
$http.post('http://localhost:8080/auth/realms/photoz-uma/authz/authorize', data, {headers: {"Authorization": "Bearer " + Identity.authc.token}})
.then(function (authzResponse) {
if (authzResponse.data) {
Identity.uma = {};
Identity.uma.rpt = authzResponse.data;
}
deferred.resolve(rejection);
}, function (authzResponse) {
document.getElementById("output").innerHTML = 'You can not access or perform the requested operation on this resource.';
});
var promise = deferred.promise;
return promise.then(function (res) {
if (!res.config.retry) {
res.config.retry = 1;
} else {
res.config.retry++;
}
return $http(res.config).then(function (response) {
return response;
});
});
}
}
}
}
}
}
return $q.reject(rejection);
}
};
});
module.config(function ($httpProvider, $routeProvider) {
$httpProvider.interceptors.push('authInterceptor');
$routeProvider.when('/', {
templateUrl: 'partials/home.html',
controller: 'GlobalCtrl'
}).when('/album/create', {
templateUrl: 'partials/album/create.html',
controller: 'AlbumCtrl',
}).when('/album/:id', {
templateUrl: 'partials/album/detail.html',
controller: 'AlbumCtrl',
}).when('/admin/album', {
templateUrl: 'partials/admin/albums.html',
controller: 'AdminAlbumCtrl',
}).when('/profile', {
templateUrl: 'partials/profile.html',
controller: 'ProfileCtrl',
});
});

View file

@ -4,17 +4,16 @@ This is a simple application based on HTML5+AngularJS+JAX-RS that will introduce
Basically, it is a project containing three modules:
* **photoz-uma-restful-api**, with a simple RESTFul API based on JAX-RS and acting as a regular **client application**.
* **photoz-uma-html5-client**, with a HTML5+AngularJS client that will consume the RESTful API and acting as a **resource server**.
* **photoz-uma-authz-policy**, with a simple project with some rule-based policies using JBoss Drools.
* **photoz-restful-api**, a simple RESTFul API based on JAX-RS and acting as a resource server.
* **photoz-html5-client**, a HTML5+AngularJS client that will consume the RESTful API published by a resource resourcer.
* **photoz-authz-policy**, a simple project with some rule-based policies using JBoss Drools.
For this application, users can be regular users or administrators. Regular users can create/view/delete their albums
and administrators can view the albums for all users.
and administrators can do anything.
In Keycloak, albums are resources that must be protected based on a set of policies that defines who and how can access them.
Beside that, resources belong to a specific resource server, in this case to the *photoz-uma-restful-api*.
In Keycloak, albums are resources that must be protected based on a set of policies that defines who and how can access them.
The resources are also associated with a set of scopes that define a specific access context. In this case, albums have three main scopes:
The resources are also associated with a set of scopes that defines a specific access context. In this case, albums have three main scopes:
* urn:photoz.com:scopes:album:create
* urn:photoz.com:scopes:album:view
@ -26,12 +25,14 @@ The authorization requirements for this example application are based on the fol
* For instance, Alice can create, view and delete her albums.
* Only the owner and administrators can delete albums. Here we are considering policies based on the *urn:photoz.com:scopes:album:delete*
* Only the owner and administrators can delete albums. Here we are considering policies based on the *urn:photoz.com:scopes:album:delete* scope
* For instance, only Alice can delete her album.
* Only administrators can access the Administration API (which basically provides ways to query albums for all users)
* Administrators are only authorized to access resources if the client's ip address is well known
That said, this application will show you how to use the Keycloak to define policies using:
* Role-based Access Control
@ -50,7 +51,7 @@ Considering that your AuthZ Server is up and running, log in to the Keycloak Adm
Now, create a new realm based on the following configuration file:
examples/authz/photoz/photoz-uma-realm.json
examples/authz/photoz/photoz-realm.json
That will import a pre-configured realm with everything you need to run this example. For more details about how to import a realm
into Keycloak, check the Keycloak's reference documentation.
@ -58,37 +59,37 @@ into Keycloak, check the Keycloak's reference documentation.
After importing that file, you'll have a new realm called ``photoz``.
Back to the command-line, build the example application. This step is necessary given that we're using policies based on
JBoss Drools, which require ``photoz-uma-authz-policy`` artifact installed into your local maven repository.
JBoss Drools, which require ``photoz-authz-policy`` artifact installed into your local maven repository.
cd examples/authz/photoz
mvn clean install
Now, let's import another configuration using the Administration Console in order to configure the ``photoz-uma-restful-api`` as a resource server with all resources, scopes, permissions and policies.
Now, let's import another configuration using the Administration Console in order to configure the ``photoz-restful-api`` as a resource server with all resources, scopes, permissions and policies.
Click on ``Authorization`` on the left side menu. Click on the ``Create`` button on the top of the resource server table. This will
open the page that allows you to create a new resource server.
Click on the ``Select file`` button, which means you want to import a resource server configuration. Now select the file that is located at:
examples/authz/photoz/photoz-uma-restful-api/photoz-uma-restful-api-authz-config.json
examples/authz/photoz/photoz-restful-api/photoz-restful-api-authz-config.json
Now click ``Upload`` and a new resource server will be created based on the ``photoz-uma-restful-api`` client application.
Now click ``Upload`` and a new resource server will be created based on the ``photoz-restful-api`` client application.
## Deploy and Run the Example Applications
To deploy the example applications, follow these steps:
cd examples/authz/photoz/photoz-uma-html5-client
cd examples/authz/photoz/photoz-html5-client
mvn wildfly:deploy
And then:
cd examples/authz/photoz/photoz-uma-restful-api
cd examples/authz/photoz/photoz-restful-api
mvn wildfly:deploy
Now, try to access the client application using the following URL:
http://localhost:8080/photoz-uma-html5-client
http://localhost:8080/photoz-html5-client
If everything is correct, you will be redirect to Keycloak login page. You can login to the application with the following credentials:

View file

@ -5,18 +5,18 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-photoz-uma-parent</artifactId>
<artifactId>keycloak-authz-photoz-parent</artifactId>
<version>2.0.0.CR1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>photoz-uma-authz-policy</artifactId>
<artifactId>photoz-authz-policy</artifactId>
<packaging>jar</packaging>
<name>Keycloak Authz: Examples - Photoz UMA Authz Rule-based Policy</name>
<name>Keycloak Authz: Examples - Photoz Authz Rule-based Policy</name>
<description>
Photoz UMA Authz Rule-based Policies using JBoss Drools
Photoz Authz Rule-based Policies using JBoss Drools
</description>
</project>

View file

@ -4,16 +4,16 @@
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-photoz-uma-parent</artifactId>
<artifactId>keycloak-authz-photoz-parent</artifactId>
<version>2.0.0.CR1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>photoz-uma-html5-client</artifactId>
<artifactId>photoz-html5-client</artifactId>
<packaging>war</packaging>
<name>Keycloak Authz: Photoz UMA HTML5 Client</name>
<description>Photoz UMA HTML5 Client</description>
<name>Keycloak Authz: Photoz HTML5 Client</name>
<description>Photoz HTML5 Client</description>
<build>
<finalName>${project.artifactId}</finalName>

View file

@ -4,6 +4,6 @@
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>photoz-uma-html5-client</module-name>
<module-name>photoz-html5-client</module-name>
</web-app>

View file

@ -12,6 +12,9 @@
<script src="lib/jwt-decode.min.js"></script>
<script src="http://localhost:8080/auth/js/keycloak.js"></script>
<script src="http://localhost:8080/auth/js/keycloak-authz.js"></script>
<script src="js/security/keycloak-authorization.js" type="text/javascript"></script>
<script src="js/identity.js" type="text/javascript"></script>
<script src="js/app.js" type="text/javascript"></script>
</head>

View file

@ -0,0 +1,168 @@
var module = angular.module('photoz', ['ngRoute', 'ngResource']);
var resourceServerId = 'photoz-restful-api';
var apiUrl = window.location.origin + '/' + resourceServerId;
angular.element(document).ready(function ($http) {
var keycloak = new Keycloak('keycloak.json');
keycloak.init({onLoad: 'login-required'}).success(function () {
console.log('User is now authenticated.');
module.factory('Identity', function () {
return new Identity(keycloak);
});
angular.bootstrap(document, ["photoz"]);
}).error(function () {
window.location.reload();
});
});
module.config(function ($httpProvider, $routeProvider) {
$httpProvider.interceptors.push('authInterceptor');
$routeProvider.when('/', {
templateUrl: 'partials/home.html',
controller: 'GlobalCtrl'
}).when('/album/create', {
templateUrl: 'partials/album/create.html',
controller: 'AlbumCtrl',
}).when('/album/:id', {
templateUrl: 'partials/album/detail.html',
controller: 'AlbumCtrl',
}).when('/admin/album', {
templateUrl: 'partials/admin/albums.html',
controller: 'AdminAlbumCtrl',
}).when('/profile', {
templateUrl: 'partials/profile.html',
controller: 'ProfileCtrl',
});
});
module.controller('GlobalCtrl', function ($scope, $http, $route, $location, Album, Identity) {
Album.query(function (albums) {
$scope.albums = albums;
});
$scope.Identity = Identity;
$scope.deleteAlbum = function (album) {
new Album(album).$delete({id: album.id}, function () {
$route.reload();
});
}
});
module.controller('TokenCtrl', function ($scope, Identity) {
$scope.showRpt = function () {
document.getElementById("output").innerHTML = JSON.stringify(jwt_decode(Identity.authorization.rpt), null, ' ');
}
$scope.showAccessToken = function () {
document.getElementById("output").innerHTML = JSON.stringify(jwt_decode(Identity.authc.token), null, ' ');
}
$scope.requestEntitlements = function () {
Identity.authorization.entitlement('photoz-restful-api').then(function (rpt) {});
}
});
module.controller('AlbumCtrl', function ($scope, $http, $routeParams, $location, Album) {
$scope.album = {};
if ($routeParams.id) {
$scope.album = Album.get({id: $routeParams.id});
}
$scope.create = function () {
var newAlbum = new Album($scope.album);
newAlbum.$save({}, function (data) {
$location.path('/');
});
};
});
module.controller('ProfileCtrl', function ($scope, $http, $routeParams, $location, Profile) {
$scope.profile = Profile.get();
});
module.controller('AdminAlbumCtrl', function ($scope, $http, $route, AdminAlbum, Album) {
$scope.albums = {};
$http.get(apiUrl + '/admin/album').success(function (data) {
$scope.albums = data;
});
$scope.deleteAlbum = function (album) {
var newAlbum = new Album(album);
newAlbum.$delete({id: album.id}, function () {
$route.reload();
});
}
});
module.factory('Album', ['$resource', function ($resource) {
return $resource(apiUrl + '/album/:id');
}]);
module.factory('Profile', ['$resource', function ($resource) {
return $resource(apiUrl + '/profile');
}]);
module.factory('AdminAlbum', ['$resource', function ($resource) {
return $resource(apiUrl + '/admin/album/:id');
}]);
module.factory('authInterceptor', function ($q, $injector, $timeout, Identity) {
return {
request: function (request) {
document.getElementById("output").innerHTML = '';
if (Identity.authorization && Identity.authorization.rpt && request.url.indexOf('/authorize') == -1) {
retries = 0;
request.headers.Authorization = 'Bearer ' + Identity.authorization.rpt;
} else {
request.headers.Authorization = 'Bearer ' + Identity.authc.token;
}
return request;
},
responseError: function (rejection) {
var status = rejection.status;
if (status == 403 || status == 401) {
var retry = (!rejection.config.retry || rejection.config.retry < 1);
if (!retry) {
document.getElementById("output").innerHTML = 'You can not access or perform the requested operation on this resource.';
return $q.reject(rejection);
}
if (rejection.config.url.indexOf('/authorize') == -1 && retry) {
var deferred = $q.defer();
// here is the authorization logic, which tries to obtain an authorization token from the server in case the resource server
// returns a 403 or 401.
Identity.authorization.authorize(rejection.headers('WWW-Authenticate')).then(function (rpt) {
deferred.resolve(rejection);
}, function () {
document.getElementById("output").innerHTML = 'You can not access or perform the requested operation on this resource.';
}, function () {
document.getElementById("output").innerHTML = 'Unexpected error from server.';
});
var promise = deferred.promise;
return promise.then(function (res) {
if (!res.config.retry) {
res.config.retry = 1;
} else {
res.config.retry++;
}
var $http = $injector.get("$http");
return $http(res.config).then(function (response) {
return response;
});
});
}
}
return $q.reject(rejection);
}
};
});

View file

@ -0,0 +1,60 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
/**
* Creates an Identity object holding the information obtained from the access token issued by Keycloak, after a successful authentication,
* and a few utility methods to manage it.
*/
(function (window, undefined) {
var Identity = function (keycloak) {
this.loggedIn = true;
this.claims = {};
this.claims.name = keycloak.idTokenParsed.name;
this.authc = {};
this.authc.token = keycloak.token;
this.logout = function () {
keycloak.logout();
};
this.hasRole = function (name) {
if (keycloak && keycloak.hasRealmRole(name)) {
return true;
}
return false;
};
this.isAdmin = function () {
return this.hasRole("admin");
};
this.authorization = new KeycloakAuthorization(keycloak);
}
if ( typeof module === "object" && module && typeof module.exports === "object" ) {
module.exports = Identity;
} else {
window.Identity = Identity;
if ( typeof define === "function" && define.amd ) {
define( "identity", [], function () { return Identity; } );
}
}
})( window );

View file

@ -1,9 +1,9 @@
{
"realm": "photoz-uma",
"realm": "photoz",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://localhost:8080/auth",
"ssl-required" : "external",
"resource" : "photoz-uma-html5-client",
"resource" : "photoz-html5-client",
"public-client" : true,
"use-resource-role-mappings": "false",
"scope" : {

View file

@ -1,4 +1,4 @@
<h2><span>Welcome To Photoz, {{Identity.claim.name}}</span> [<a href="" ng-click="Identity.logout()">Sign Out</a>]</h2>
<h2><span>Welcome To Photoz, {{Identity.claims.name}}</span> [<a href="" ng-click="Identity.logout()">Sign Out</a>]</h2>
<div data-ng-show="Identity.isAdmin()"><b>Administration: </b> [<a href="#/admin/album">All Albums</a>]</div>
<hr/>
<br/>

View file

@ -1,5 +1,5 @@
{
"realm": "photoz-uma",
"realm": "photoz",
"enabled": true,
"sslRequired": "external",
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
@ -62,12 +62,12 @@
}
},
{
"username": "service-account-photoz-uma-restful-api",
"username": "service-account-photoz-restful-api",
"enabled": true,
"email": "service-account-photoz-uma-restful-api@placeholder.org",
"serviceAccountClientId": "photoz-uma-restful-api",
"email": "service-account-photoz-restful-api@placeholder.org",
"serviceAccountClientId": "photoz-restful-api",
"clientRoles": {
"photoz-uma-restful-api" : ["uma_protection"]
"photoz-restful-api" : ["uma_protection"]
}
}
],
@ -85,25 +85,25 @@
},
"clients": [
{
"clientId": "photoz-uma-html5-client",
"clientId": "photoz-html5-client",
"enabled": true,
"adminUrl": "/photoz-uma-html5-client",
"baseUrl": "/photoz-uma-html5-client",
"adminUrl": "/photoz-html5-client",
"baseUrl": "/photoz-html5-client",
"publicClient": true,
"redirectUris": [
"/photoz-uma-html5-client/*"
"/photoz-html5-client/*"
],
"webOrigins": [
""
]
},
{
"clientId": "photoz-uma-restful-api",
"clientId": "photoz-restful-api",
"enabled": true,
"baseUrl": "/photoz-uma-restful-api",
"baseUrl": "/photoz-restful-api",
"authorizationServicesEnabled" : true,
"redirectUris": [
"/photoz-uma-restful-api/*"
"/photoz-restful-api/*"
],
"secret": "secret"
}

View file

@ -46,7 +46,7 @@
"type": "drools",
"config": {
"mavenArtifactVersion": "2.0.0.CR1-SNAPSHOT",
"mavenArtifactId": "photoz-uma-authz-policy",
"mavenArtifactId": "photoz-authz-policy",
"sessionName": "MainOwnerSession",
"mavenArtifactGroupId": "org.keycloak",
"moduleName": "PhotozAuthzOwnerPolicy",

View file

@ -5,16 +5,16 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-photoz-uma-parent</artifactId>
<artifactId>keycloak-authz-photoz-parent</artifactId>
<version>2.0.0.CR1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>photoz-uma-restful-api</artifactId>
<artifactId>photoz-restful-api</artifactId>
<packaging>war</packaging>
<name>Keycloak Authz: Photoz UMA RESTful API</name>
<description>Photoz UMA RESTful API</description>
<name>Keycloak Authz: Photoz RESTful API</name>
<description>Photoz RESTful API</description>
<dependencies>
<dependency>

View file

@ -1,7 +1,7 @@
{
"realm": "photoz-uma",
"realm": "photoz",
"auth-server-url": "http://localhost:8080/auth",
"resource": "photoz-uma-restful-api",
"resource": "photoz-restful-api",
"credentials": {
"secret": "secret"
}

View file

@ -1,15 +1,14 @@
{
"realm": "photoz-uma",
"realm": "photoz",
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "photoz-uma-restful-api",
"resource": "photoz-restful-api",
"bearer-only" : true,
"credentials": {
"secret": "secret"
},
"policy-enforcer": {
"user-managed-access" : {},
"paths": [
{
"path" : "/album/*",
@ -31,10 +30,6 @@
{
"method": "DELETE",
"scopes" : ["urn:photoz.com:scopes:album:delete"]
},
{
"method": "GET",
"scopes" : ["urn:photoz.com:scopes:album:view"]
}
]
},

View file

@ -4,7 +4,7 @@
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>photoz-uma-restful-api</module-name>
<module-name>photoz-restful-api</module-name>
<security-constraint>
<web-resource-collection>
@ -28,7 +28,7 @@
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>photoz-uma</realm-name>
<realm-name>photoz</realm-name>
</login-config>
<security-role>

View file

@ -10,15 +10,15 @@
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>keycloak-authz-photoz-uma-parent</artifactId>
<artifactId>keycloak-authz-photoz-parent</artifactId>
<packaging>pom</packaging>
<name>Keycloak Authz: PhotoZ UMA Example Application Parent</name>
<name>Keycloak Authz: PhotoZ Example Application Parent</name>
<description>PhotoZ Example Application</description>
<modules>
<module>photoz-uma-restful-api</module>
<module>photoz-uma-html5-client</module>
<module>photoz-uma-authz-policy</module>
<module>photoz-restful-api</module>
<module>photoz-html5-client</module>
<module>photoz-authz-policy</module>
</modules>
</project>

View file

@ -22,7 +22,7 @@
</properties>
<modules>
<module>photoz-uma</module>
<module>photoz</module>
<module>servlet-authz</module>
<module>hello-world</module>
<module>hello-world-authz-service</module>