[KEYCLOAK-3154] - Rename Photoz modules and directories to remove UMA identifier
This commit is contained in:
Pedro Igor
parent
905421a292
commit
07824bdc4d
43 changed files with 289 additions and 270 deletions
|
|
@ -1,207 +0,0 @@
|
|||
var module = angular.module('photoz-uma', ['ngRoute', 'ngResource']);
|
||||
|
||||
var Identity = {};
|
||||
|
||||
angular.element(document).ready(function ($http) {
|
||||
var keycloakAuth = new Keycloak('keycloak.json');
|
||||
Identity.loggedIn = false;
|
||||
keycloakAuth.init({onLoad: 'login-required'}).success(function () {
|
||||
Identity.loggedIn = true;
|
||||
Identity.authz = keycloakAuth;
|
||||
Identity.logout = function () {
|
||||
Identity.loggedIn = false;
|
||||
Identity.claim = {};
|
||||
Identity.authc = null;
|
||||
window.location = this.authz.authServerUrl + "/realms/photoz-uma/protocol/openid-connect/logout?redirect_uri=http://localhost:8080/photoz-uma-html5-client/index.html";
|
||||
Identity.authz = null;
|
||||
};
|
||||
Identity.claim = {};
|
||||
Identity.claim.name = Identity.authz.idTokenParsed.name;
|
||||
Identity.hasRole = function (name) {
|
||||
if (Identity.authz && Identity.authz.hasRealmRole(name)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
};
|
||||
Identity.isAdmin = function () {
|
||||
return this.hasRole("admin");
|
||||
};
|
||||
Identity.authc = {};
|
||||
Identity.authc.token = Identity.authz.token;
|
||||
module.factory('Identity', function () {
|
||||
return Identity;
|
||||
});
|
||||
angular.bootstrap(document, ["photoz-uma"]);
|
||||
}).error(function () {
|
||||
window.location.reload();
|
||||
});
|
||||
});
|
||||
module.controller('GlobalCtrl', function ($scope, $http, $route, $location, Album, Identity) {
|
||||
Album.query(function (albums) {
|
||||
$scope.albums = albums;
|
||||
});
|
||||
|
||||
$scope.Identity = Identity;
|
||||
|
||||
$scope.deleteAlbum = function (album) {
|
||||
new Album(album).$delete({id: album.id}, function () {
|
||||
$route.reload();
|
||||
});
|
||||
}
|
||||
});
|
||||
module.controller('TokenCtrl', function ($scope, Identity) {
|
||||
$scope.showRpt = function () {
|
||||
document.getElementById("output").innerHTML = JSON.stringify(jwt_decode(Identity.uma.rpt.rpt), null, ' ');
|
||||
}
|
||||
|
||||
$scope.showAccessToken = function () {
|
||||
document.getElementById("output").innerHTML = JSON.stringify(jwt_decode(Identity.authc.token), null, ' ');
|
||||
}
|
||||
|
||||
$scope.requestEntitlements = function () {
|
||||
var request = new XMLHttpRequest();
|
||||
|
||||
request.open("GET", "http://localhost:8080/auth/realms/photoz-uma/authz/entitlement/photoz-uma-restful-api", true);
|
||||
request.setRequestHeader("Authorization", "Bearer " + Identity.authc.token);
|
||||
request.onreadystatechange = function () {
|
||||
if (request.readyState == 4 && request.status == 200) {
|
||||
Identity.uma.rpt = JSON.parse(request.responseText);
|
||||
}
|
||||
}
|
||||
|
||||
request.send(null);
|
||||
}
|
||||
});
|
||||
module.controller('AlbumCtrl', function ($scope, $http, $routeParams, $location, Album) {
|
||||
$scope.album = {};
|
||||
if ($routeParams.id) {
|
||||
$scope.album = Album.get({id: $routeParams.id});
|
||||
}
|
||||
$scope.create = function () {
|
||||
var newAlbum = new Album($scope.album);
|
||||
newAlbum.$save({}, function (data) {
|
||||
$location.path('/');
|
||||
});
|
||||
};
|
||||
});
|
||||
module.controller('ProfileCtrl', function ($scope, $http, $routeParams, $location, Profile) {
|
||||
$scope.profile = Profile.get();
|
||||
});
|
||||
module.controller('AdminAlbumCtrl', function ($scope, $http, $route, AdminAlbum, Album) {
|
||||
$scope.albums = {};
|
||||
$http.get('/photoz-uma-restful-api/admin/album').success(function (data) {
|
||||
$scope.albums = data;
|
||||
});
|
||||
$scope.deleteAlbum = function (album) {
|
||||
var newAlbum = new Album(album);
|
||||
newAlbum.$delete({id: album.id}, function () {
|
||||
$route.reload();
|
||||
});
|
||||
}
|
||||
});
|
||||
module.factory('Album', ['$resource', function ($resource) {
|
||||
return $resource('http://localhost:8080/photoz-uma-restful-api/album/:id');
|
||||
}]);
|
||||
module.factory('Profile', ['$resource', function ($resource) {
|
||||
return $resource('http://localhost:8080/photoz-uma-restful-api/profile');
|
||||
}]);
|
||||
module.factory('AdminAlbum', ['$resource', function ($resource) {
|
||||
return $resource('http://localhost:8080/photoz-uma-restful-api/admin/album/:id');
|
||||
}]);
|
||||
module.factory('authInterceptor', function ($q, $injector, $timeout, Identity) {
|
||||
return {
|
||||
request: function (request) {
|
||||
document.getElementById("output").innerHTML = '';
|
||||
if (Identity.uma && Identity.uma.rpt && request.url.indexOf('/authorize') == -1) {
|
||||
retries = 0;
|
||||
request.headers.Authorization = 'Bearer ' + Identity.uma.rpt.rpt;
|
||||
} else {
|
||||
request.headers.Authorization = 'Bearer ' + Identity.authc.token;
|
||||
}
|
||||
return request;
|
||||
},
|
||||
responseError: function (rejection) {
|
||||
if (rejection.status == 403 || rejection.status == 401) {
|
||||
var retry = (!rejection.config.retry || rejection.config.retry < 1);
|
||||
|
||||
if (!retry) {
|
||||
document.getElementById("output").innerHTML = 'You can not access or perform the requested operation on this resource.';
|
||||
return $q.reject(rejection);
|
||||
}
|
||||
|
||||
if (rejection.config.url.indexOf('/authorize') == -1 && retry) {
|
||||
if (rejection.status == 401) {
|
||||
console.log("Here");
|
||||
var authenticateHeader = rejection.headers('WWW-Authenticate');
|
||||
|
||||
if (authenticateHeader.startsWith('UMA')) {
|
||||
var params = authenticateHeader.split(',');
|
||||
|
||||
for (i = 0; i < params.length; i++) {
|
||||
var param = params[i].split('=');
|
||||
|
||||
if (param[0] == 'ticket') {
|
||||
var ticket = param[1].substring(1, param[1].length - 1).trim();
|
||||
|
||||
var data = JSON.stringify({
|
||||
ticket: ticket,
|
||||
rpt: Identity.uma ? Identity.uma.rpt.rpt : ""
|
||||
});
|
||||
|
||||
var $http = $injector.get("$http");
|
||||
|
||||
var deferred = $q.defer();
|
||||
|
||||
$http.post('http://localhost:8080/auth/realms/photoz-uma/authz/authorize', data, {headers: {"Authorization": "Bearer " + Identity.authc.token}})
|
||||
.then(function (authzResponse) {
|
||||
if (authzResponse.data) {
|
||||
Identity.uma = {};
|
||||
Identity.uma.rpt = authzResponse.data;
|
||||
}
|
||||
deferred.resolve(rejection);
|
||||
}, function (authzResponse) {
|
||||
document.getElementById("output").innerHTML = 'You can not access or perform the requested operation on this resource.';
|
||||
});
|
||||
|
||||
var promise = deferred.promise;
|
||||
|
||||
return promise.then(function (res) {
|
||||
if (!res.config.retry) {
|
||||
res.config.retry = 1;
|
||||
} else {
|
||||
res.config.retry++;
|
||||
}
|
||||
return $http(res.config).then(function (response) {
|
||||
return response;
|
||||
});
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $q.reject(rejection);
|
||||
}
|
||||
};
|
||||
});
|
||||
module.config(function ($httpProvider, $routeProvider) {
|
||||
$httpProvider.interceptors.push('authInterceptor');
|
||||
$routeProvider.when('/', {
|
||||
templateUrl: 'partials/home.html',
|
||||
controller: 'GlobalCtrl'
|
||||
}).when('/album/create', {
|
||||
templateUrl: 'partials/album/create.html',
|
||||
controller: 'AlbumCtrl',
|
||||
}).when('/album/:id', {
|
||||
templateUrl: 'partials/album/detail.html',
|
||||
controller: 'AlbumCtrl',
|
||||
}).when('/admin/album', {
|
||||
templateUrl: 'partials/admin/albums.html',
|
||||
controller: 'AdminAlbumCtrl',
|
||||
}).when('/profile', {
|
||||
templateUrl: 'partials/profile.html',
|
||||
controller: 'ProfileCtrl',
|
||||
});
|
||||
});
|
||||
|
|
@ -1 +0,0 @@
|
|||
Test
|
||||
|
|
@ -4,17 +4,16 @@ This is a simple application based on HTML5+AngularJS+JAX-RS that will introduce
|
|||
|
||||
Basically, it is a project containing three modules:
|
||||
|
||||
* **photoz-uma-restful-api**, with a simple RESTFul API based on JAX-RS and acting as a regular **client application**.
|
||||
* **photoz-uma-html5-client**, with a HTML5+AngularJS client that will consume the RESTful API and acting as a **resource server**.
|
||||
* **photoz-uma-authz-policy**, with a simple project with some rule-based policies using JBoss Drools.
|
||||
* **photoz-restful-api**, a simple RESTFul API based on JAX-RS and acting as a resource server.
|
||||
* **photoz-html5-client**, a HTML5+AngularJS client that will consume the RESTful API published by a resource resourcer.
|
||||
* **photoz-authz-policy**, a simple project with some rule-based policies using JBoss Drools.
|
||||
|
||||
For this application, users can be regular users or administrators. Regular users can create/view/delete their albums
|
||||
and administrators can view the albums for all users.
|
||||
and administrators can do anything.
|
||||
|
||||
In Keycloak, albums are resources that must be protected based on a set of policies that defines who and how can access them.
|
||||
Beside that, resources belong to a specific resource server, in this case to the *photoz-uma-restful-api*.
|
||||
|
||||
The resources are also associated with a set of scopes that define a specific access context. In this case, albums have three main scopes:
|
||||
The resources are also associated with a set of scopes that defines a specific access context. In this case, albums have three main scopes:
|
||||
|
||||
* urn:photoz.com:scopes:album:create
|
||||
* urn:photoz.com:scopes:album:view
|
||||
|
|
@ -26,12 +25,14 @@ The authorization requirements for this example application are based on the fol
|
|||
|
||||
* For instance, Alice can create, view and delete her albums.
|
||||
|
||||
* Only the owner and administrators can delete albums. Here we are considering policies based on the *urn:photoz.com:scopes:album:delete*
|
||||
* Only the owner and administrators can delete albums. Here we are considering policies based on the *urn:photoz.com:scopes:album:delete* scope
|
||||
|
||||
* For instance, only Alice can delete her album.
|
||||
|
||||
* Only administrators can access the Administration API (which basically provides ways to query albums for all users)
|
||||
|
||||
* Administrators are only authorized to access resources if the client's ip address is well known
|
||||
|
||||
That said, this application will show you how to use the Keycloak to define policies using:
|
||||
|
||||
* Role-based Access Control
|
||||
|
|
@ -50,7 +51,7 @@ Considering that your AuthZ Server is up and running, log in to the Keycloak Adm
|
|||
|
||||
Now, create a new realm based on the following configuration file:
|
||||
|
||||
examples/authz/photoz/photoz-uma-realm.json
|
||||
examples/authz/photoz/photoz-realm.json
|
||||
|
||||
That will import a pre-configured realm with everything you need to run this example. For more details about how to import a realm
|
||||
into Keycloak, check the Keycloak's reference documentation.
|
||||
|
|
@ -58,37 +59,37 @@ into Keycloak, check the Keycloak's reference documentation.
|
|||
After importing that file, you'll have a new realm called ``photoz``.
|
||||
|
||||
Back to the command-line, build the example application. This step is necessary given that we're using policies based on
|
||||
JBoss Drools, which require ``photoz-uma-authz-policy`` artifact installed into your local maven repository.
|
||||
JBoss Drools, which require ``photoz-authz-policy`` artifact installed into your local maven repository.
|
||||
|
||||
cd examples/authz/photoz
|
||||
mvn clean install
|
||||
|
||||
Now, let's import another configuration using the Administration Console in order to configure the ``photoz-uma-restful-api`` as a resource server with all resources, scopes, permissions and policies.
|
||||
Now, let's import another configuration using the Administration Console in order to configure the ``photoz-restful-api`` as a resource server with all resources, scopes, permissions and policies.
|
||||
|
||||
Click on ``Authorization`` on the left side menu. Click on the ``Create`` button on the top of the resource server table. This will
|
||||
open the page that allows you to create a new resource server.
|
||||
|
||||
Click on the ``Select file`` button, which means you want to import a resource server configuration. Now select the file that is located at:
|
||||
|
||||
examples/authz/photoz/photoz-uma-restful-api/photoz-uma-restful-api-authz-config.json
|
||||
examples/authz/photoz/photoz-restful-api/photoz-restful-api-authz-config.json
|
||||
|
||||
Now click ``Upload`` and a new resource server will be created based on the ``photoz-uma-restful-api`` client application.
|
||||
Now click ``Upload`` and a new resource server will be created based on the ``photoz-restful-api`` client application.
|
||||
|
||||
## Deploy and Run the Example Applications
|
||||
|
||||
To deploy the example applications, follow these steps:
|
||||
|
||||
cd examples/authz/photoz/photoz-uma-html5-client
|
||||
cd examples/authz/photoz/photoz-html5-client
|
||||
mvn wildfly:deploy
|
||||
|
||||
And then:
|
||||
|
||||
cd examples/authz/photoz/photoz-uma-restful-api
|
||||
cd examples/authz/photoz/photoz-restful-api
|
||||
mvn wildfly:deploy
|
||||
|
||||
Now, try to access the client application using the following URL:
|
||||
|
||||
http://localhost:8080/photoz-uma-html5-client
|
||||
http://localhost:8080/photoz-html5-client
|
||||
|
||||
If everything is correct, you will be redirect to Keycloak login page. You can login to the application with the following credentials:
|
||||
|
||||
|
|
@ -5,18 +5,18 @@
|
|||
|
||||
<parent>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-authz-photoz-uma-parent</artifactId>
|
||||
<artifactId>keycloak-authz-photoz-parent</artifactId>
|
||||
<version>2.0.0.CR1-SNAPSHOT</version>
|
||||
<relativePath>../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>photoz-uma-authz-policy</artifactId>
|
||||
<artifactId>photoz-authz-policy</artifactId>
|
||||
<packaging>jar</packaging>
|
||||
|
||||
<name>Keycloak Authz: Examples - Photoz UMA Authz Rule-based Policy</name>
|
||||
<name>Keycloak Authz: Examples - Photoz Authz Rule-based Policy</name>
|
||||
|
||||
<description>
|
||||
Photoz UMA Authz Rule-based Policies using JBoss Drools
|
||||
Photoz Authz Rule-based Policies using JBoss Drools
|
||||
</description>
|
||||
|
||||
</project>
|
||||
|
|
@ -4,16 +4,16 @@
|
|||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-authz-photoz-uma-parent</artifactId>
|
||||
<artifactId>keycloak-authz-photoz-parent</artifactId>
|
||||
<version>2.0.0.CR1-SNAPSHOT</version>
|
||||
<relativePath>../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>photoz-uma-html5-client</artifactId>
|
||||
<artifactId>photoz-html5-client</artifactId>
|
||||
<packaging>war</packaging>
|
||||
|
||||
<name>Keycloak Authz: Photoz UMA HTML5 Client</name>
|
||||
<description>Photoz UMA HTML5 Client</description>
|
||||
<name>Keycloak Authz: Photoz HTML5 Client</name>
|
||||
<description>Photoz HTML5 Client</description>
|
||||
|
||||
<build>
|
||||
<finalName>${project.artifactId}</finalName>
|
||||
|
|
@ -4,6 +4,6 @@
|
|||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||
version="3.0">
|
||||
|
||||
<module-name>photoz-uma-html5-client</module-name>
|
||||
<module-name>photoz-html5-client</module-name>
|
||||
|
||||
</web-app>
|
||||
|
|
@ -12,6 +12,9 @@
|
|||
<script src="lib/jwt-decode.min.js"></script>
|
||||
|
||||
<script src="http://localhost:8080/auth/js/keycloak.js"></script>
|
||||
<script src="http://localhost:8080/auth/js/keycloak-authz.js"></script>
|
||||
<script src="js/security/keycloak-authorization.js" type="text/javascript"></script>
|
||||
<script src="js/identity.js" type="text/javascript"></script>
|
||||
<script src="js/app.js" type="text/javascript"></script>
|
||||
</head>
|
||||
|
||||
168
examples/authz/photoz/photoz-html5-client/src/main/webapp/js/app.js
Executable file
168
examples/authz/photoz/photoz-html5-client/src/main/webapp/js/app.js
Executable file
|
|
@ -0,0 +1,168 @@
|
|||
var module = angular.module('photoz', ['ngRoute', 'ngResource']);
|
||||
|
||||
var resourceServerId = 'photoz-restful-api';
|
||||
var apiUrl = window.location.origin + '/' + resourceServerId;
|
||||
|
||||
angular.element(document).ready(function ($http) {
|
||||
var keycloak = new Keycloak('keycloak.json');
|
||||
keycloak.init({onLoad: 'login-required'}).success(function () {
|
||||
console.log('User is now authenticated.');
|
||||
|
||||
module.factory('Identity', function () {
|
||||
return new Identity(keycloak);
|
||||
});
|
||||
|
||||
angular.bootstrap(document, ["photoz"]);
|
||||
}).error(function () {
|
||||
window.location.reload();
|
||||
});
|
||||
});
|
||||
|
||||
module.config(function ($httpProvider, $routeProvider) {
|
||||
$httpProvider.interceptors.push('authInterceptor');
|
||||
$routeProvider.when('/', {
|
||||
templateUrl: 'partials/home.html',
|
||||
controller: 'GlobalCtrl'
|
||||
}).when('/album/create', {
|
||||
templateUrl: 'partials/album/create.html',
|
||||
controller: 'AlbumCtrl',
|
||||
}).when('/album/:id', {
|
||||
templateUrl: 'partials/album/detail.html',
|
||||
controller: 'AlbumCtrl',
|
||||
}).when('/admin/album', {
|
||||
templateUrl: 'partials/admin/albums.html',
|
||||
controller: 'AdminAlbumCtrl',
|
||||
}).when('/profile', {
|
||||
templateUrl: 'partials/profile.html',
|
||||
controller: 'ProfileCtrl',
|
||||
});
|
||||
});
|
||||
|
||||
module.controller('GlobalCtrl', function ($scope, $http, $route, $location, Album, Identity) {
|
||||
Album.query(function (albums) {
|
||||
$scope.albums = albums;
|
||||
});
|
||||
|
||||
$scope.Identity = Identity;
|
||||
|
||||
$scope.deleteAlbum = function (album) {
|
||||
new Album(album).$delete({id: album.id}, function () {
|
||||
$route.reload();
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
module.controller('TokenCtrl', function ($scope, Identity) {
|
||||
$scope.showRpt = function () {
|
||||
document.getElementById("output").innerHTML = JSON.stringify(jwt_decode(Identity.authorization.rpt), null, ' ');
|
||||
}
|
||||
|
||||
$scope.showAccessToken = function () {
|
||||
document.getElementById("output").innerHTML = JSON.stringify(jwt_decode(Identity.authc.token), null, ' ');
|
||||
}
|
||||
|
||||
$scope.requestEntitlements = function () {
|
||||
Identity.authorization.entitlement('photoz-restful-api').then(function (rpt) {});
|
||||
}
|
||||
});
|
||||
|
||||
module.controller('AlbumCtrl', function ($scope, $http, $routeParams, $location, Album) {
|
||||
$scope.album = {};
|
||||
if ($routeParams.id) {
|
||||
$scope.album = Album.get({id: $routeParams.id});
|
||||
}
|
||||
$scope.create = function () {
|
||||
var newAlbum = new Album($scope.album);
|
||||
newAlbum.$save({}, function (data) {
|
||||
$location.path('/');
|
||||
});
|
||||
};
|
||||
});
|
||||
|
||||
module.controller('ProfileCtrl', function ($scope, $http, $routeParams, $location, Profile) {
|
||||
$scope.profile = Profile.get();
|
||||
});
|
||||
|
||||
module.controller('AdminAlbumCtrl', function ($scope, $http, $route, AdminAlbum, Album) {
|
||||
$scope.albums = {};
|
||||
$http.get(apiUrl + '/admin/album').success(function (data) {
|
||||
$scope.albums = data;
|
||||
});
|
||||
$scope.deleteAlbum = function (album) {
|
||||
var newAlbum = new Album(album);
|
||||
newAlbum.$delete({id: album.id}, function () {
|
||||
$route.reload();
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
module.factory('Album', ['$resource', function ($resource) {
|
||||
return $resource(apiUrl + '/album/:id');
|
||||
}]);
|
||||
|
||||
module.factory('Profile', ['$resource', function ($resource) {
|
||||
return $resource(apiUrl + '/profile');
|
||||
}]);
|
||||
|
||||
module.factory('AdminAlbum', ['$resource', function ($resource) {
|
||||
return $resource(apiUrl + '/admin/album/:id');
|
||||
}]);
|
||||
|
||||
module.factory('authInterceptor', function ($q, $injector, $timeout, Identity) {
|
||||
return {
|
||||
request: function (request) {
|
||||
document.getElementById("output").innerHTML = '';
|
||||
if (Identity.authorization && Identity.authorization.rpt && request.url.indexOf('/authorize') == -1) {
|
||||
retries = 0;
|
||||
request.headers.Authorization = 'Bearer ' + Identity.authorization.rpt;
|
||||
} else {
|
||||
request.headers.Authorization = 'Bearer ' + Identity.authc.token;
|
||||
}
|
||||
return request;
|
||||
},
|
||||
responseError: function (rejection) {
|
||||
var status = rejection.status;
|
||||
|
||||
if (status == 403 || status == 401) {
|
||||
var retry = (!rejection.config.retry || rejection.config.retry < 1);
|
||||
|
||||
if (!retry) {
|
||||
document.getElementById("output").innerHTML = 'You can not access or perform the requested operation on this resource.';
|
||||
return $q.reject(rejection);
|
||||
}
|
||||
|
||||
if (rejection.config.url.indexOf('/authorize') == -1 && retry) {
|
||||
var deferred = $q.defer();
|
||||
|
||||
// here is the authorization logic, which tries to obtain an authorization token from the server in case the resource server
|
||||
// returns a 403 or 401.
|
||||
Identity.authorization.authorize(rejection.headers('WWW-Authenticate')).then(function (rpt) {
|
||||
deferred.resolve(rejection);
|
||||
}, function () {
|
||||
document.getElementById("output").innerHTML = 'You can not access or perform the requested operation on this resource.';
|
||||
}, function () {
|
||||
document.getElementById("output").innerHTML = 'Unexpected error from server.';
|
||||
});
|
||||
|
||||
var promise = deferred.promise;
|
||||
|
||||
return promise.then(function (res) {
|
||||
if (!res.config.retry) {
|
||||
res.config.retry = 1;
|
||||
} else {
|
||||
res.config.retry++;
|
||||
}
|
||||
|
||||
var $http = $injector.get("$http");
|
||||
|
||||
return $http(res.config).then(function (response) {
|
||||
return response;
|
||||
});
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
return $q.reject(rejection);
|
||||
}
|
||||
};
|
||||
});
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* Creates an Identity object holding the information obtained from the access token issued by Keycloak, after a successful authentication,
|
||||
* and a few utility methods to manage it.
|
||||
*/
|
||||
(function (window, undefined) {
|
||||
var Identity = function (keycloak) {
|
||||
this.loggedIn = true;
|
||||
|
||||
this.claims = {};
|
||||
this.claims.name = keycloak.idTokenParsed.name;
|
||||
|
||||
this.authc = {};
|
||||
this.authc.token = keycloak.token;
|
||||
|
||||
this.logout = function () {
|
||||
keycloak.logout();
|
||||
};
|
||||
|
||||
this.hasRole = function (name) {
|
||||
if (keycloak && keycloak.hasRealmRole(name)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
};
|
||||
|
||||
this.isAdmin = function () {
|
||||
return this.hasRole("admin");
|
||||
};
|
||||
|
||||
this.authorization = new KeycloakAuthorization(keycloak);
|
||||
}
|
||||
|
||||
if ( typeof module === "object" && module && typeof module.exports === "object" ) {
|
||||
module.exports = Identity;
|
||||
} else {
|
||||
window.Identity = Identity;
|
||||
|
||||
if ( typeof define === "function" && define.amd ) {
|
||||
define( "identity", [], function () { return Identity; } );
|
||||
}
|
||||
}
|
||||
})( window );
|
||||
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"realm": "photoz-uma",
|
||||
"realm": "photoz",
|
||||
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||
"auth-server-url" : "http://localhost:8080/auth",
|
||||
"ssl-required" : "external",
|
||||
"resource" : "photoz-uma-html5-client",
|
||||
"resource" : "photoz-html5-client",
|
||||
"public-client" : true,
|
||||
"use-resource-role-mappings": "false",
|
||||
"scope" : {
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
<h2><span>Welcome To Photoz, {{Identity.claim.name}}</span> [<a href="" ng-click="Identity.logout()">Sign Out</a>]</h2>
|
||||
<h2><span>Welcome To Photoz, {{Identity.claims.name}}</span> [<a href="" ng-click="Identity.logout()">Sign Out</a>]</h2>
|
||||
<div data-ng-show="Identity.isAdmin()"><b>Administration: </b> [<a href="#/admin/album">All Albums</a>]</div>
|
||||
<hr/>
|
||||
<br/>
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"realm": "photoz-uma",
|
||||
"realm": "photoz",
|
||||
"enabled": true,
|
||||
"sslRequired": "external",
|
||||
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
|
||||
|
|
@ -62,12 +62,12 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"username": "service-account-photoz-uma-restful-api",
|
||||
"username": "service-account-photoz-restful-api",
|
||||
"enabled": true,
|
||||
"email": "service-account-photoz-uma-restful-api@placeholder.org",
|
||||
"serviceAccountClientId": "photoz-uma-restful-api",
|
||||
"email": "service-account-photoz-restful-api@placeholder.org",
|
||||
"serviceAccountClientId": "photoz-restful-api",
|
||||
"clientRoles": {
|
||||
"photoz-uma-restful-api" : ["uma_protection"]
|
||||
"photoz-restful-api" : ["uma_protection"]
|
||||
}
|
||||
}
|
||||
],
|
||||
|
|
@ -85,25 +85,25 @@
|
|||
},
|
||||
"clients": [
|
||||
{
|
||||
"clientId": "photoz-uma-html5-client",
|
||||
"clientId": "photoz-html5-client",
|
||||
"enabled": true,
|
||||
"adminUrl": "/photoz-uma-html5-client",
|
||||
"baseUrl": "/photoz-uma-html5-client",
|
||||
"adminUrl": "/photoz-html5-client",
|
||||
"baseUrl": "/photoz-html5-client",
|
||||
"publicClient": true,
|
||||
"redirectUris": [
|
||||
"/photoz-uma-html5-client/*"
|
||||
"/photoz-html5-client/*"
|
||||
],
|
||||
"webOrigins": [
|
||||
""
|
||||
]
|
||||
},
|
||||
{
|
||||
"clientId": "photoz-uma-restful-api",
|
||||
"clientId": "photoz-restful-api",
|
||||
"enabled": true,
|
||||
"baseUrl": "/photoz-uma-restful-api",
|
||||
"baseUrl": "/photoz-restful-api",
|
||||
"authorizationServicesEnabled" : true,
|
||||
"redirectUris": [
|
||||
"/photoz-uma-restful-api/*"
|
||||
"/photoz-restful-api/*"
|
||||
],
|
||||
"secret": "secret"
|
||||
}
|
||||
|
|
@ -46,7 +46,7 @@
|
|||
"type": "drools",
|
||||
"config": {
|
||||
"mavenArtifactVersion": "2.0.0.CR1-SNAPSHOT",
|
||||
"mavenArtifactId": "photoz-uma-authz-policy",
|
||||
"mavenArtifactId": "photoz-authz-policy",
|
||||
"sessionName": "MainOwnerSession",
|
||||
"mavenArtifactGroupId": "org.keycloak",
|
||||
"moduleName": "PhotozAuthzOwnerPolicy",
|
||||
|
|
@ -5,16 +5,16 @@
|
|||
|
||||
<parent>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-authz-photoz-uma-parent</artifactId>
|
||||
<artifactId>keycloak-authz-photoz-parent</artifactId>
|
||||
<version>2.0.0.CR1-SNAPSHOT</version>
|
||||
<relativePath>../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>photoz-uma-restful-api</artifactId>
|
||||
<artifactId>photoz-restful-api</artifactId>
|
||||
<packaging>war</packaging>
|
||||
|
||||
<name>Keycloak Authz: Photoz UMA RESTful API</name>
|
||||
<description>Photoz UMA RESTful API</description>
|
||||
<name>Keycloak Authz: Photoz RESTful API</name>
|
||||
<description>Photoz RESTful API</description>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"realm": "photoz-uma",
|
||||
"realm": "photoz",
|
||||
"auth-server-url": "http://localhost:8080/auth",
|
||||
"resource": "photoz-uma-restful-api",
|
||||
"resource": "photoz-restful-api",
|
||||
"credentials": {
|
||||
"secret": "secret"
|
||||
}
|
||||
|
|
@ -1,15 +1,14 @@
|
|||
{
|
||||
"realm": "photoz-uma",
|
||||
"realm": "photoz",
|
||||
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||
"auth-server-url": "http://localhost:8080/auth",
|
||||
"ssl-required": "external",
|
||||
"resource": "photoz-uma-restful-api",
|
||||
"resource": "photoz-restful-api",
|
||||
"bearer-only" : true,
|
||||
"credentials": {
|
||||
"secret": "secret"
|
||||
},
|
||||
"policy-enforcer": {
|
||||
"user-managed-access" : {},
|
||||
"paths": [
|
||||
{
|
||||
"path" : "/album/*",
|
||||
|
|
@ -31,10 +30,6 @@
|
|||
{
|
||||
"method": "DELETE",
|
||||
"scopes" : ["urn:photoz.com:scopes:album:delete"]
|
||||
},
|
||||
{
|
||||
"method": "GET",
|
||||
"scopes" : ["urn:photoz.com:scopes:album:view"]
|
||||
}
|
||||
]
|
||||
},
|
||||
|
|
@ -4,7 +4,7 @@
|
|||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||
version="3.0">
|
||||
|
||||
<module-name>photoz-uma-restful-api</module-name>
|
||||
<module-name>photoz-restful-api</module-name>
|
||||
|
||||
<security-constraint>
|
||||
<web-resource-collection>
|
||||
|
|
@ -28,7 +28,7 @@
|
|||
|
||||
<login-config>
|
||||
<auth-method>KEYCLOAK</auth-method>
|
||||
<realm-name>photoz-uma</realm-name>
|
||||
<realm-name>photoz</realm-name>
|
||||
</login-config>
|
||||
|
||||
<security-role>
|
||||
|
|
@ -10,15 +10,15 @@
|
|||
<relativePath>../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>keycloak-authz-photoz-uma-parent</artifactId>
|
||||
<artifactId>keycloak-authz-photoz-parent</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
<name>Keycloak Authz: PhotoZ UMA Example Application Parent</name>
|
||||
<name>Keycloak Authz: PhotoZ Example Application Parent</name>
|
||||
<description>PhotoZ Example Application</description>
|
||||
|
||||
<modules>
|
||||
<module>photoz-uma-restful-api</module>
|
||||
<module>photoz-uma-html5-client</module>
|
||||
<module>photoz-uma-authz-policy</module>
|
||||
<module>photoz-restful-api</module>
|
||||
<module>photoz-html5-client</module>
|
||||
<module>photoz-authz-policy</module>
|
||||
</modules>
|
||||
</project>
|
||||
|
|
@ -22,7 +22,7 @@
|
|||
</properties>
|
||||
|
||||
<modules>
|
||||
<module>photoz-uma</module>
|
||||
<module>photoz</module>
|
||||
<module>servlet-authz</module>
|
||||
<module>hello-world</module>
|
||||
<module>hello-world-authz-service</module>
|
||||
|
|
|
|||
Loading…
Reference in a new issue