libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

Merge pull request #188 from patriot1burke/master

Browse source 
composite representations
This commit is contained in:
Bill Burke 2014-02-03 14:22:41 -08:00
commit 09d88c7065
11 changed files with 236 additions and 111 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
View file

@ -8,7 +8,6 @@ import java.util.List;
* @version $Revision: 1 $
*/
public class ApplicationRepresentation {
protected String self; // link
protected String id;
protected String name;
protected String adminUrl;
@ -16,19 +15,10 @@ public class ApplicationRepresentation {
protected boolean surrogateAuthRequired;
protected boolean enabled;
protected List<CredentialRepresentation> credentials;
protected List<RoleRepresentation> roles;
protected String[] defaultRoles;
protected List<String> redirectUris;
protected List<String> webOrigins;
public String getSelf() {
return self;
}
public void setSelf(String self) {
this.self = self;
}
public String getId() {
return id;
}
@ -61,27 +51,6 @@ public class ApplicationRepresentation {
this.surrogateAuthRequired = surrogateAuthRequired;
}
public List<RoleRepresentation> getRoles() {
return roles;
}
public void setRoles(List<RoleRepresentation> roles) {
this.roles = roles;
}
public ApplicationRepresentation role(RoleRepresentation role) {
if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
this.roles.add(role);
return this;
}
public ApplicationRepresentation role(String role, String description) {
if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
this.roles.add(new RoleRepresentation(role, description));
return this;
}
public String getAdminUrl() {
return adminUrl;
}

18
core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
View file

@ -25,7 +25,7 @@ public class RealmRepresentation {
protected Boolean updateProfileOnInitialSocialLogin;
protected String privateKey;
protected String publicKey;
protected List<RoleRepresentation> roles;
protected RolesRepresentation roles;
protected List<String> defaultRoles;
protected Set<String> requiredCredentials;
protected Set<String> requiredApplicationCredentials;
@ -206,14 +206,6 @@ public class RealmRepresentation {
this.accessCodeLifespanUserAction = accessCodeLifespanUserAction;
}
public List<RoleRepresentation> getRoles() {
return roles;
}
public void setRoles(List<RoleRepresentation> roles) {
this.roles = roles;
}
public List<String> getDefaultRoles() {
return defaultRoles;
}
@ -317,4 +309,12 @@ public class RealmRepresentation {
public void setApplicationScopeMappings(Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings) {
this.applicationScopeMappings = applicationScopeMappings;
}
public RolesRepresentation getRoles() {
return roles;
}
public void setRoles(RolesRepresentation roles) {
this.roles = roles;
}
}

29
core/src/main/java/org/keycloak/representations/idm/RoleRepresentation.java
View file

@ -1,6 +1,7 @@
package org.keycloak.representations.idm;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
@ -12,7 +13,29 @@ public class RoleRepresentation {
protected String name;
protected String description;
protected boolean composite;
protected List<RoleRepresentation> composites;
protected Composites composites;
public static class Composites {
protected Set<String> realm;
protected Map<String, List<String>> application;
public Set<String> getRealm() {
return realm;
}
public void setRealm(Set<String> realm) {
this.realm = realm;
}
public Map<String, List<String>> getApplication() {
return application;
}
public void setApplication(Map<String, List<String>> application) {
this.application = application;
}
}
public RoleRepresentation() {
}
@ -54,11 +77,11 @@ public class RoleRepresentation {
this.composite = composite;
}
public List<RoleRepresentation> getComposites() {
public Composites getComposites() {
return composites;
}
public void setComposites(List<RoleRepresentation> composites) {
public void setComposites(Composites composites) {
this.composites = composites;
}
}

29
core/src/main/java/org/keycloak/representations/idm/RolesRepresentation.java Executable file
View file

@ -0,0 +1,29 @@
package org.keycloak.representations.idm;
import java.util.List;
import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class RolesRepresentation {
protected List<RoleRepresentation> realm;
protected Map<String, List<RoleRepresentation>> application;
public List<RoleRepresentation> getRealm() {
return realm;
}
public void setRealm(List<RoleRepresentation> realm) {
this.realm = realm;
}
public Map<String, List<RoleRepresentation>> getApplication() {
return application;
}
public void setApplication(Map<String, List<RoleRepresentation>> application) {
this.application = application;
}
}

22
examples/demo-template/testrealm.json
View file

@ -26,16 +26,18 @@
]
}
],
"roles": [
{
"name": "user",
"description": "User privileges"
},
{
"name": "admin",
"description": "Administrator privileges"
}
],
"roles" : {
"realm" : [
{
"name": "user",
"description": "User privileges"
},
{
"name": "admin",
"description": "Administrator privileges"
}
]
},
"roleMappings": [
{
"username": "bburke@redhat.com",

7
forms/src/main/java/org/keycloak/forms/UrlBean.java
View file

@ -87,12 +87,7 @@ public class UrlBean {
}
public String getRegistrationUrl() {
if (realm.isSaas()) {
// TODO: saas social registration
return Urls.saasRegisterPage(baseURI).toString();
} else {
return Urls.realmRegisterPage(baseURI, getRealmIdentifier()).toString();
}
return Urls.realmRegisterPage(baseURI, getRealmIdentifier()).toString();
}
public String getLoginUpdatePasswordUrl() {

7
services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
View file

@ -77,13 +77,6 @@ public class ApplicationManager {
realm.grantRole(resourceUser, loginRole);
if (resourceRep.getRoles() != null) {
for (RoleRepresentation roleRep : resourceRep.getRoles()) {
RoleModel role = applicationModel.addRole(roleRep.getName());
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
}
}
if (resourceRep.getDefaultRoles() != null) {
applicationModel.updateDefaultRoles(resourceRep.getDefaultRoles());
}

108
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -234,24 +234,87 @@ public class RealmManager {
}
}
if (rep.getRoles() != null) {
for (RoleRepresentation roleRep : rep.getRoles()) {
if (rep.getApplications() != null) {
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
for (ApplicationModel app : appMap.values()) {
userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
}
}
if (rep.getRoles() != null && rep.getRoles().getRealm() != null) {
for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
createRole(newRealm, roleRep);
}
}
if (rep.getRoles() != null) {
if (rep.getRoles().getRealm() != null) { // realm roles
for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
createRole(newRealm, roleRep);
}
}
if (rep.getRoles().getApplication() != null) {
for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
if (app == null) {
throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
}
for (RoleRepresentation roleRep : entry.getValue()) {
RoleModel role = app.addRole(roleRep.getName());
role.setDescription(roleRep.getDescription());
role.setComposite(roleRep.isComposite());
}
}
}
// now that all roles are created, re-interate and set up composites
if (rep.getRoles().getRealm() != null) { // realm roles
for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
createRole(newRealm, roleRep);
}
}
if (rep.getRoles().getApplication() != null) {
for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
if (app == null) {
throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
}
for (RoleRepresentation roleRep : entry.getValue()) {
RoleModel role = app.addRole(roleRep.getName());
role.setDescription(roleRep.getDescription());
role.setComposite(roleRep.isComposite());
}
}
}
}
if (rep.getDefaultRoles() != null) {
for (String roleString : rep.getDefaultRoles()) {
newRealm.addDefaultRole(roleString.trim());
}
}
if (rep.getApplications() != null) {
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
for (ApplicationModel app : appMap.values()) {
userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
if (rep.getRoles() != null) {
if (rep.getRoles().getRealm() != null) { // realm roles
for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
RoleModel role = newRealm.getRole(roleRep.getName());
addComposites(role, roleRep, newRealm);
}
}
if (rep.getRoles().getApplication() != null) {
for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
if (app == null) {
throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
}
for (RoleRepresentation roleRep : entry.getValue()) {
RoleModel role = app.getRole(roleRep.getName());
addComposites(role, roleRep, newRealm);
}
}
}
}
if (rep.getOauthClients() != null) {
Map<String, OAuthClientModel> oauthMap = createOAuthClients(rep, newRealm);
for (OAuthClientModel app : oauthMap.values()) {
@ -334,11 +397,44 @@ public class RealmManager {
}
}
public void addComposites(RoleModel role, RoleRepresentation roleRep, RealmModel realm) {
if (!roleRep.isComposite() || roleRep.getComposites() == null) return;
if (roleRep.getComposites().getRealm() != null) {
for (String roleStr : roleRep.getComposites().getRealm()) {
RoleModel realmRole = realm.getRole(roleStr);
if (realmRole == null) throw new RuntimeException("Unable to find composite realm role: " + roleStr);
role.addCompositeRole(realmRole);
}
}
if (roleRep.getComposites().getApplication() != null) {
for (Map.Entry<String, List<String>> entry : roleRep.getComposites().getApplication().entrySet()) {
ApplicationModel app = realm.getApplicationByName(entry.getKey());
if (app == null) {
throw new RuntimeException("App doesn't exist in role definitions: " + roleRep.getName());
}
for (String roleStr : entry.getValue()) {
RoleModel appRole = app.getRole(roleStr);
if (appRole == null) throw new RuntimeException("Unable to find composite app role: " + roleStr);
role.addCompositeRole(appRole);
}
}
}
}
public void createRole(RealmModel newRealm, RoleRepresentation roleRep) {
RoleModel role = newRealm.addRole(roleRep.getName());
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
}
public void createRole(RealmModel newRealm, ApplicationModel app, RoleRepresentation roleRep) {
RoleModel role = app.addRole(roleRep.getName());
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
}
public UserModel createUser(RealmModel newRealm, UserRepresentation userRep) {
UserModel user = newRealm.addUser(userRep.getUsername());
user.setEnabled(userRep.isEnabled());

23
services/src/test/resources/testrealm-demo.json
View file

@ -34,16 +34,19 @@
]
}
],
"roles": [
{
"name": "user",
"description": "Have User privileges"
},
{
"name": "admin",
"description": "Have Administrator privileges"
}
],
"roles" : {
"realm" : [
{
"name": "user",
"description": "Have User privileges"
},
{
"name": "admin",
"description": "Have Administrator privileges"
}
]
},
"roleMappings": [
{
"username": "bburke@redhat.com",

39
services/src/test/resources/testrealm.json
View file

@ -58,12 +58,6 @@
"enabled": true
}
],
"roleMappings": [
{
"username": "admin",
"roles": ["admin"]
}
],
"socialMappings": [
{
"username": "mySocialUser",
@ -86,20 +80,30 @@
"applications": [
{
"name": "Application",
"enabled": true,
"roles": [
"enabled": true
},
{
"name": "OtherApp",
"enabled": true
}
],
"roles" : {
"realm" : [
{
"name": "admin"
}
],
"application" : {
"Application" : [
{
"name": "admin"
},
{
"name": "user"
}
]
},
{
"name": "OtherApp",
"enabled": true,
"roles": [
],
"OtherApp" : [
{
"name": "admin"
},
@ -108,7 +112,12 @@
}
]
}
},
"roleMappings": [
{
"username": "admin",
"roles": ["admin"]
}
],
"applicationRoleMappings": {
"Application": [

34
testsuite/integration/src/test/resources/testrealm.json
View file

@ -40,16 +40,6 @@
]
}
],
"roles": [
{
"name": "user",
"description": "Have User privileges"
},
{
"name": "admin",
"description": "Have Administrator privileges"
}
],
"roleMappings": [
{
"username": "test-user@localhost",
@ -77,8 +67,22 @@
"type": "password",
"value": "password"
}
],
"roles": [
]
}
],
"roles" : {
"realm" : [
{
"name": "user",
"description": "Have User privileges"
},
{
"name": "admin",
"description": "Have Administrator privileges"
}
],
"application" : {
"test-app" : [
{
"name": "customer-user",
"description": "Have Customer User privileges"
@ -88,8 +92,10 @@
"description": "Have Customer Admin privileges"
}
]
}
],
}
},
"applicationRoleMappings": {
"test-app": [
{