libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #1406 from patriot1burke/master

Browse source 
refactor registration and console pages
This commit is contained in:
Bill Burke 2015-06-19 18:06:12 -04:00
commit 114b687c5c
17 changed files with 1813 additions and 1858 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml
View file

@ -9,7 +9,7 @@
<delete tableName="USER_SESSION"/>
<addColumn tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" type="VARCHAR(36)">
<constraints nullable="false"/>
<constraints nullable="true"/>
</column>
</addColumn>
<!-- OAUTH_GRANT,

18
forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
View file

@ -273,15 +273,6 @@ module.config([ '$routeProvider', function($routeProvider) {
},
controller : 'RealmDefaultRolesCtrl'
})
.when('/realms/:realm/required-credentials', {
templateUrl : resourceUrl + '/partials/realm-credentials.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
}
},
controller : 'RealmRequiredCredentialsCtrl'
})
.when('/realms/:realm/smtp-settings', {
templateUrl : resourceUrl + '/partials/realm-smtp.html',
resolve : {
@ -1063,6 +1054,15 @@ module.config([ '$routeProvider', function($routeProvider) {
},
controller : 'RequiredActionsCtrl'
})
.when('/realms/:realm/authentication/password-policy', {
templateUrl : resourceUrl + '/partials/password-policy.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
}
},
controller : 'RealmPasswordPolicyCtrl'
})
.when('/server-info', {
templateUrl : resourceUrl + '/partials/server-info.html'
})

12
forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
View file

@ -371,8 +371,8 @@ module.controller('RealmCacheCtrl', function($scope, Current, Realm, realm, serv
genericRealmUpdate($scope, Current, Realm, realm, serverInfo, $http, $location, Dialog, Notifications, "/realms/" + realm.realm + "/cache-settings");
});
module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm, $http, $location, Dialog, Notifications, PasswordPolicy) {
console.log('RealmRequiredCredentialsCtrl');
module.controller('RealmPasswordPolicyCtrl', function($scope, Realm, realm, $http, $location, Dialog, Notifications, PasswordPolicy) {
console.log('RealmPasswordPolicyCtrl');
$scope.realm = realm;
@ -395,12 +395,6 @@ module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm,
$scope.policy.splice(index, 1);
}
$scope.userCredentialOptions = {
'multiple' : true,
'simple_tags' : true,
'tags' : ['password', 'totp', 'cert', 'kerberos']
};
$scope.changed = false;
$scope.$watch('realm', function() {
@ -420,7 +414,7 @@ module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm,
$scope.changed = false;
Realm.update($scope.realm, function () {
$location.url("/realms/" + realm.realm + "/required-credentials");
$location.url("/realms/" + realm.realm + "/authentication/password-policy");
Notifications.success("Your changes have been saved to the realm.");
oldCopy = angular.copy($scope.realm);
oldPolicy = angular.copy($scope.policy);

14
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-credentials.html → forms/common-themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html
View file

@ -1,19 +1,9 @@
<div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
<h1>Settings</h1>
<h1>Authentication</h1>
<kc-tabs-realm></kc-tabs-realm>
<kc-tabs-authentication></kc-tabs-authentication>
<form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm">
<fieldset class="border-top">
<legend><span class="text">Realm Credentials Settings</span> <kc-tooltip>Credential types required for every user. Changing this value may require the user to configure any new credentials the next time they log in.</kc-tooltip></legend>
<div class="form-group">
<label class="col-md-2 control-label" for="user" class="control-label two-lines">Required User Credentials</label>
<div class="col-md-6">
<input id="user" type="text" ui-select2="userCredentialOptions" ng-model="realm.requiredCredentials" placeholder="Type a role and enter">
</div>
</div>
</fieldset>
<fieldset class="border-top">
<legend><span class="text">Realm Password Policy</span> <kc-tooltip>Specify required password format. You can also set how many times a password is hashed before it is stored in database. Multiple Regex patterns, separated by comma, can be added.</kc-tooltip></legend>
<table class="table table-striped table-bordered">

1
forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-authentication.html
View file

@ -1,4 +1,5 @@
<ul class="nav nav-tabs">
<li ng-class="{active: path[3] == 'flows'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/authentication/flows">Authenticators</a></li>
<li ng-class="{active: path[3] == 'required-actions'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/authentication/required-actions">Required Actions</a></li>
<li ng-class="{active: path[3] == 'password-policy'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/authentication/password-policy">Password Policy</a></li>
</ul>

1
forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-realm.html Normal file → Executable file
View file

@ -1,7 +1,6 @@
<ul class="nav nav-tabs">
<li ng-class="{active: !path[2]}"><a href="#/realms/{{realm.realm}}">General</a></li>
<li ng-class="{active: path[2] == 'login-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/login-settings">Login</a></li>
<li ng-class="{active: path[2] == 'required-credentials'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
<li ng-class="{active: path[2] == 'keys-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>
<li ng-class="{active: path[2] == 'smtp-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/smtp-settings">Email</a></li>
<li ng-class="{active: path[2] == 'theme-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/theme-settings">Themes</a></li>

186
model/api/src/main/java/org/keycloak/models/ClientSessionModel.java
View file

@ -1,93 +1,93 @@
package org.keycloak.models;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public interface ClientSessionModel {
public String getId();
public RealmModel getRealm();
public ClientModel getClient();
public UserSessionModel getUserSession();
public void setUserSession(UserSessionModel userSession);
public String getRedirectUri();
public void setRedirectUri(String uri);
public int getTimestamp();
public void setTimestamp(int timestamp);
public String getAction();
public void setAction(String action);
public Set<String> getRoles();
public void setRoles(Set<String> roles);
public Set<String> getProtocolMappers();
public void setProtocolMappers(Set<String> protocolMappers);
public Map<String, ExecutionStatus> getExecutionStatus();
public void setExecutionStatus(String authenticator, ExecutionStatus status);
public void clearExecutionStatus();
public UserModel getAuthenticatedUser();
public void setAuthenticatedUser(UserModel user);
/**
* Authentication request type, i.e. OAUTH, SAML 2.0, SAML 1.1, etc.
*
* @return
*/
public String getAuthMethod();
public void setAuthMethod(String method);
public String getNote(String name);
public void setNote(String name, String value);
public void removeNote(String name);
/**
* These are notes you want applied to the UserSessionModel when the client session is attached to it.
*
* @param name
* @param value
*/
public void setUserSessionNote(String name, String value);
/**
* These are notes you want applied to the UserSessionModel when the client session is attached to it.
*
* @return
*/
public Map<String, String> getUserSessionNotes();
public void clearUserSessionNotes();
public static enum Action {
OAUTH_GRANT,
CODE_TO_TOKEN,
VERIFY_EMAIL,
UPDATE_PROFILE,
CONFIGURE_TOTP,
UPDATE_PASSWORD,
RECOVER_PASSWORD,
AUTHENTICATE,
SOCIAL_CALLBACK,
LOGGED_OUT
}
public enum ExecutionStatus {
FAILED,
SUCCESS,
SETUP_REQUIRED,
ATTEMPTED,
SKIPPED,
CHALLENGED
}
}
package org.keycloak.models;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public interface ClientSessionModel {
public String getId();
public RealmModel getRealm();
public ClientModel getClient();
public UserSessionModel getUserSession();
public void setUserSession(UserSessionModel userSession);
public String getRedirectUri();
public void setRedirectUri(String uri);
public int getTimestamp();
public void setTimestamp(int timestamp);
public String getAction();
public void setAction(String action);
public Set<String> getRoles();
public void setRoles(Set<String> roles);
public Set<String> getProtocolMappers();
public void setProtocolMappers(Set<String> protocolMappers);
public Map<String, ExecutionStatus> getExecutionStatus();
public void setExecutionStatus(String authenticator, ExecutionStatus status);
public void clearExecutionStatus();
public UserModel getAuthenticatedUser();
public void setAuthenticatedUser(UserModel user);
/**
* Authentication request type, i.e. OAUTH, SAML 2.0, SAML 1.1, etc.
*
* @return
*/
public String getAuthMethod();
public void setAuthMethod(String method);
public String getNote(String name);
public void setNote(String name, String value);
public void removeNote(String name);
/**
* These are notes you want applied to the UserSessionModel when the client session is attached to it.
*
* @param name
* @param value
*/
public void setUserSessionNote(String name, String value);
/**
* These are notes you want applied to the UserSessionModel when the client session is attached to it.
*
* @return
*/
public Map<String, String> getUserSessionNotes();
public void clearUserSessionNotes();
public static enum Action {
OAUTH_GRANT,
CODE_TO_TOKEN,
VERIFY_EMAIL,
UPDATE_PROFILE,
CONFIGURE_TOTP,
UPDATE_PASSWORD,
RECOVER_PASSWORD,
AUTHENTICATE,
SOCIAL_CALLBACK,
LOGGED_OUT
}
public enum ExecutionStatus {
FAILED,
SUCCESS,
SETUP_REQUIRED,
ATTEMPTED,
SKIPPED,
CHALLENGED
}
}

454
model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/ClientSessionAdapter.java
View file

@ -1,227 +1,227 @@
package org.keycloak.models.sessions.infinispan;
import org.infinispan.Cache;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.sessions.infinispan.entities.ClientSessionEntity;
import org.keycloak.models.sessions.infinispan.entities.SessionEntity;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ClientSessionAdapter implements ClientSessionModel {
private KeycloakSession session;
private InfinispanUserSessionProvider provider;
private Cache<String, SessionEntity> cache;
private RealmModel realm;
private ClientSessionEntity entity;
public ClientSessionAdapter(KeycloakSession session, InfinispanUserSessionProvider provider, Cache<String, SessionEntity> cache, RealmModel realm, ClientSessionEntity entity) {
this.session = session;
this.provider = provider;
this.cache = cache;
this.realm = realm;
this.entity = entity;
}
@Override
public String getId() {
return entity.getId();
}
@Override
public RealmModel getRealm() {
return realm;
}
@Override
public ClientModel getClient() {
return realm.getClientById(entity.getClient());
}
@Override
public UserSessionModel getUserSession() {
return entity.getUserSession() != null ? provider.getUserSession(realm, entity.getUserSession()) : null;
}
@Override
public void setUserSession(UserSessionModel userSession) {
if (userSession == null) {
if (entity.getUserSession() != null) {
provider.dettachSession(getUserSession(), this);
}
entity.setUserSession(null);
} else {
if (entity.getUserSession() != null) {
if (entity.getUserSession().equals(userSession.getId())) {
return;
} else {
provider.dettachSession(userSession, this);
}
} else {
provider.attachSession(userSession, this);
}
entity.setUserSession(userSession.getId());
}
update();
}
@Override
public String getRedirectUri() {
return entity.getRedirectUri();
}
@Override
public void setRedirectUri(String uri) {
entity.setRedirectUri(uri);
update();
}
@Override
public int getTimestamp() {
return entity.getTimestamp();
}
@Override
public void setTimestamp(int timestamp) {
entity.setTimestamp(timestamp);
update();
}
@Override
public String getAction() {
return entity.getAction();
}
@Override
public void setAction(String action) {
entity.setAction(action);
update();
}
@Override
public Set<String> getRoles() {
return entity.getRoles();
}
@Override
public void setRoles(Set<String> roles) {
entity.setRoles(roles);
update();
}
@Override
public Set<String> getProtocolMappers() {
return entity.getProtocolMappers();
}
@Override
public void setProtocolMappers(Set<String> protocolMappers) {
entity.setProtocolMappers(protocolMappers);
update();
}
@Override
public String getAuthMethod() {
return entity.getAuthMethod();
}
@Override
public void setAuthMethod(String authMethod) {
entity.setAuthMethod(authMethod);
update();
}
@Override
public String getNote(String name) {
return entity.getNotes() != null ? entity.getNotes().get(name) : null;
}
@Override
public void setNote(String name, String value) {
if (entity.getNotes() == null) {
entity.setNotes(new HashMap<String, String>());
}
entity.getNotes().put(name, value);
update();
}
@Override
public void removeNote(String name) {
if (entity.getNotes() != null) {
entity.getNotes().remove(name);
update();
}
}
@Override
public void setUserSessionNote(String name, String value) {
if (entity.getUserSessionNotes() == null) {
entity.setUserSessionNotes(new HashMap<String, String>());
}
entity.getNotes().put(name, value);
update();
}
@Override
public Map<String, String> getUserSessionNotes() {
if (entity.getUserSessionNotes() == null) {
return Collections.EMPTY_MAP;
}
HashMap<String, String> copy = new HashMap<>();
copy.putAll(entity.getUserSessionNotes());
return copy;
}
@Override
public void clearUserSessionNotes() {
entity.setUserSessionNotes(new HashMap<String, String>());
update();
}
void update() {
provider.getTx().replace(cache, entity.getId(), entity);
}
@Override
public Map<String, ExecutionStatus> getExecutionStatus() {
return entity.getAuthenticatorStatus();
}
@Override
public void setExecutionStatus(String authenticator, ExecutionStatus status) {
entity.getAuthenticatorStatus().put(authenticator, status);
update();
}
@Override
public void clearExecutionStatus() {
entity.getAuthenticatorStatus().clear();
update();
}
@Override
public UserModel getAuthenticatedUser() {
return session.users().getUserById(entity.getAuthUserId(), realm); }
@Override
public void setAuthenticatedUser(UserModel user) {
entity.setAuthUserId(user.getId());
update();
}
}
package org.keycloak.models.sessions.infinispan;
import org.infinispan.Cache;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.sessions.infinispan.entities.ClientSessionEntity;
import org.keycloak.models.sessions.infinispan.entities.SessionEntity;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ClientSessionAdapter implements ClientSessionModel {
private KeycloakSession session;
private InfinispanUserSessionProvider provider;
private Cache<String, SessionEntity> cache;
private RealmModel realm;
private ClientSessionEntity entity;
public ClientSessionAdapter(KeycloakSession session, InfinispanUserSessionProvider provider, Cache<String, SessionEntity> cache, RealmModel realm, ClientSessionEntity entity) {
this.session = session;
this.provider = provider;
this.cache = cache;
this.realm = realm;
this.entity = entity;
}
@Override
public String getId() {
return entity.getId();
}
@Override
public RealmModel getRealm() {
return realm;
}
@Override
public ClientModel getClient() {
return realm.getClientById(entity.getClient());
}
@Override
public UserSessionModel getUserSession() {
return entity.getUserSession() != null ? provider.getUserSession(realm, entity.getUserSession()) : null;
}
@Override
public void setUserSession(UserSessionModel userSession) {
if (userSession == null) {
if (entity.getUserSession() != null) {
provider.dettachSession(getUserSession(), this);
}
entity.setUserSession(null);
} else {
if (entity.getUserSession() != null) {
if (entity.getUserSession().equals(userSession.getId())) {
return;
} else {
provider.dettachSession(userSession, this);
}
} else {
provider.attachSession(userSession, this);
}
entity.setUserSession(userSession.getId());
}
update();
}
@Override
public String getRedirectUri() {
return entity.getRedirectUri();
}
@Override
public void setRedirectUri(String uri) {
entity.setRedirectUri(uri);
update();
}
@Override
public int getTimestamp() {
return entity.getTimestamp();
}
@Override
public void setTimestamp(int timestamp) {
entity.setTimestamp(timestamp);
update();
}
@Override
public String getAction() {
return entity.getAction();
}
@Override
public void setAction(String action) {
entity.setAction(action);
update();
}
@Override
public Set<String> getRoles() {
return entity.getRoles();
}
@Override
public void setRoles(Set<String> roles) {
entity.setRoles(roles);
update();
}
@Override
public Set<String> getProtocolMappers() {
return entity.getProtocolMappers();
}
@Override
public void setProtocolMappers(Set<String> protocolMappers) {
entity.setProtocolMappers(protocolMappers);
update();
}
@Override
public String getAuthMethod() {
return entity.getAuthMethod();
}
@Override
public void setAuthMethod(String authMethod) {
entity.setAuthMethod(authMethod);
update();
}
@Override
public String getNote(String name) {
return entity.getNotes() != null ? entity.getNotes().get(name) : null;
}
@Override
public void setNote(String name, String value) {
if (entity.getNotes() == null) {
entity.setNotes(new HashMap<String, String>());
}
entity.getNotes().put(name, value);
update();
}
@Override
public void removeNote(String name) {
if (entity.getNotes() != null) {
entity.getNotes().remove(name);
update();
}
}
@Override
public void setUserSessionNote(String name, String value) {
if (entity.getUserSessionNotes() == null) {
entity.setUserSessionNotes(new HashMap<String, String>());
}
entity.getNotes().put(name, value);
update();
}
@Override
public Map<String, String> getUserSessionNotes() {
if (entity.getUserSessionNotes() == null) {
return Collections.EMPTY_MAP;
}
HashMap<String, String> copy = new HashMap<>();
copy.putAll(entity.getUserSessionNotes());
return copy;
}
@Override
public void clearUserSessionNotes() {
entity.setUserSessionNotes(new HashMap<String, String>());
update();
}
void update() {
provider.getTx().replace(cache, entity.getId(), entity);
}
@Override
public Map<String, ExecutionStatus> getExecutionStatus() {
return entity.getAuthenticatorStatus();
}
@Override
public void setExecutionStatus(String authenticator, ExecutionStatus status) {
entity.getAuthenticatorStatus().put(authenticator, status);
update();
}
@Override
public void clearExecutionStatus() {
entity.getAuthenticatorStatus().clear();
update();
}
@Override
public UserModel getAuthenticatedUser() {
return session.users().getUserById(entity.getAuthUserId(), realm); }
@Override
public void setAuthenticatedUser(UserModel user) {
entity.setAuthUserId(user.getId());
update();
}
}

280
model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/ClientSessionEntity.java
View file

@ -1,140 +1,140 @@
package org.keycloak.models.sessions.infinispan.entities;
import org.keycloak.models.ClientSessionModel;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ClientSessionEntity extends SessionEntity {
private String client;
private String userSession;
private String authMethod;
private String redirectUri;
private String state;
private int timestamp;
private String action;
private Set<String> roles;
private Set<String> protocolMappers;
private Map<String, String> notes;
private Map<String, String> userSessionNotes;
private Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus = new HashMap<>();
private String authUserId;
public String getClient() {
return client;
}
public void setClient(String client) {
this.client = client;
}
public String getUserSession() {
return userSession;
}
public void setUserSession(String userSession) {
this.userSession = userSession;
}
public String getAuthMethod() {
return authMethod;
}
public void setAuthMethod(String authMethod) {
this.authMethod = authMethod;
}
public String getRedirectUri() {
return redirectUri;
}
public void setRedirectUri(String redirectUri) {
this.redirectUri = redirectUri;
}
public String getState() {
return state;
}
public void setState(String state) {
this.state = state;
}
public int getTimestamp() {
return timestamp;
}
public void setTimestamp(int timestamp) {
this.timestamp = timestamp;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
public Set<String> getRoles() {
return roles;
}
public void setRoles(Set<String> roles) {
this.roles = roles;
}
public Set<String> getProtocolMappers() {
return protocolMappers;
}
public void setProtocolMappers(Set<String> protocolMappers) {
this.protocolMappers = protocolMappers;
}
public Map<String, String> getNotes() {
return notes;
}
public void setNotes(Map<String, String> notes) {
this.notes = notes;
}
public Map<String, ClientSessionModel.ExecutionStatus> getAuthenticatorStatus() {
return authenticatorStatus;
}
public void setAuthenticatorStatus(Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus) {
this.authenticatorStatus = authenticatorStatus;
}
public String getAuthUserId() {
return authUserId;
}
public void setAuthUserId(String authUserId) {
this.authUserId = authUserId;
}
public Map<String, String> getUserSessionNotes() {
return userSessionNotes;
}
public void setUserSessionNotes(Map<String, String> userSessionNotes) {
this.userSessionNotes = userSessionNotes;
}
}
package org.keycloak.models.sessions.infinispan.entities;
import org.keycloak.models.ClientSessionModel;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ClientSessionEntity extends SessionEntity {
private String client;
private String userSession;
private String authMethod;
private String redirectUri;
private String state;
private int timestamp;
private String action;
private Set<String> roles;
private Set<String> protocolMappers;
private Map<String, String> notes;
private Map<String, String> userSessionNotes;
private Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus = new HashMap<>();
private String authUserId;
public String getClient() {
return client;
}
public void setClient(String client) {
this.client = client;
}
public String getUserSession() {
return userSession;
}
public void setUserSession(String userSession) {
this.userSession = userSession;
}
public String getAuthMethod() {
return authMethod;
}
public void setAuthMethod(String authMethod) {
this.authMethod = authMethod;
}
public String getRedirectUri() {
return redirectUri;
}
public void setRedirectUri(String redirectUri) {
this.redirectUri = redirectUri;
}
public String getState() {
return state;
}
public void setState(String state) {
this.state = state;
}
public int getTimestamp() {
return timestamp;
}
public void setTimestamp(int timestamp) {
this.timestamp = timestamp;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
public Set<String> getRoles() {
return roles;
}
public void setRoles(Set<String> roles) {
this.roles = roles;
}
public Set<String> getProtocolMappers() {
return protocolMappers;
}
public void setProtocolMappers(Set<String> protocolMappers) {
this.protocolMappers = protocolMappers;
}
public Map<String, String> getNotes() {
return notes;
}
public void setNotes(Map<String, String> notes) {
this.notes = notes;
}
public Map<String, ClientSessionModel.ExecutionStatus> getAuthenticatorStatus() {
return authenticatorStatus;
}
public void setAuthenticatorStatus(Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus) {
this.authenticatorStatus = authenticatorStatus;
}
public String getAuthUserId() {
return authUserId;
}
public void setAuthUserId(String authUserId) {
this.authUserId = authUserId;
}
public Map<String, String> getUserSessionNotes() {
return userSessionNotes;
}
public void setUserSessionNotes(Map<String, String> userSessionNotes) {
this.userSessionNotes = userSessionNotes;
}
}

602
model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java
View file

@ -1,301 +1,301 @@
package org.keycloak.models.sessions.jpa;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.sessions.jpa.entities.ClientSessionAuthStatusEntity;
import org.keycloak.models.sessions.jpa.entities.ClientSessionEntity;
import org.keycloak.models.sessions.jpa.entities.ClientSessionNoteEntity;
import org.keycloak.models.sessions.jpa.entities.ClientSessionProtocolMapperEntity;
import org.keycloak.models.sessions.jpa.entities.ClientSessionRoleEntity;
import org.keycloak.models.sessions.jpa.entities.ClientUserSessionNoteEntity;
import org.keycloak.models.sessions.jpa.entities.UserSessionEntity;
import javax.persistence.EntityManager;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ClientSessionAdapter implements ClientSessionModel {
private KeycloakSession session;
private ClientSessionEntity entity;
private EntityManager em;
private RealmModel realm;
public ClientSessionAdapter(KeycloakSession session, EntityManager em, RealmModel realm, ClientSessionEntity entity) {
this.session = session;
this.em = em;
this.realm = realm;
this.entity = entity;
}
@Override
public RealmModel getRealm() {
return session.realms().getRealm(entity.getRealmId());
}
@Override
public void setNote(String name, String value) {
for (ClientSessionNoteEntity attr : entity.getNotes()) {
if (attr.getName().equals(name)) {
attr.setValue(value);
return;
}
}
ClientSessionNoteEntity attr = new ClientSessionNoteEntity();
attr.setName(name);
attr.setValue(value);
attr.setClientSession(entity);
em.persist(attr);
entity.getNotes().add(attr);
}
@Override
public void removeNote(String name) {
Iterator<ClientSessionNoteEntity> it = entity.getNotes().iterator();
while (it.hasNext()) {
ClientSessionNoteEntity attr = it.next();
if (attr.getName().equals(name)) {
it.remove();
em.remove(attr);
}
}
}
@Override
public String getNote(String name) {
for (ClientSessionNoteEntity attr : entity.getNotes()) {
if (attr.getName().equals(name)) {
return attr.getValue();
}
}
return null;
}
@Override
public void setUserSessionNote(String name, String value) {
for (ClientUserSessionNoteEntity attr : entity.getUserSessionNotes()) {
if (attr.getName().equals(name)) {
attr.setValue(value);
return;
}
}
ClientUserSessionNoteEntity attr = new ClientUserSessionNoteEntity();
attr.setName(name);
attr.setValue(value);
attr.setClientSession(entity);
em.persist(attr);
entity.getUserSessionNotes().add(attr);
}
@Override
public Map<String, String> getUserSessionNotes() {
Map<String, String> copy = new HashMap<>();
for (ClientUserSessionNoteEntity attr : entity.getUserSessionNotes()) {
copy.put(attr.getName(), attr.getValue());
}
return copy;
}
@Override
public void clearUserSessionNotes() {
Iterator<ClientUserSessionNoteEntity> it = entity.getUserSessionNotes().iterator();
while (it.hasNext()) {
ClientUserSessionNoteEntity attr = it.next();
it.remove();
em.remove(attr);
}
}
@Override
public String getId() {
return entity.getId();
}
@Override
public ClientModel getClient() {
return realm.getClientById(entity.getClientId());
}
public ClientSessionEntity getEntity() {
return entity;
}
@Override
public void setUserSession(UserSessionModel userSession) {
if (userSession == null) {
if (entity.getSession() != null) {
entity.getSession().getClientSessions().remove(entity);
}
entity.setSession(null);
} else {
UserSessionAdapter adapter = (UserSessionAdapter) userSession;
UserSessionEntity userSessionEntity = adapter.getEntity();
entity.setSession(userSessionEntity);
userSessionEntity.getClientSessions().add(entity);
}
}
@Override
public void setRedirectUri(String uri) {
entity.setRedirectUri(uri);
}
@Override
public void setRoles(Set<String> roles) {
if (roles != null) {
for (String r : roles) {
ClientSessionRoleEntity roleEntity = new ClientSessionRoleEntity();
roleEntity.setClientSession(entity);
roleEntity.setRoleId(r);
em.persist(roleEntity);
entity.getRoles().add(roleEntity);
}
} else {
if (entity.getRoles() != null) {
for (ClientSessionRoleEntity r : entity.getRoles()) {
em.remove(r);
}
entity.getRoles().clear();
}
}
}
@Override
public String getAuthMethod() {
return entity.getAuthMethod();
}
@Override
public void setAuthMethod(String method) {
entity.setAuthMethod(method);
}
@Override
public UserSessionModel getUserSession() {
if (entity.getSession() == null) return null;
return new UserSessionAdapter(session, em, realm, entity.getSession());
}
@Override
public String getRedirectUri() {
return entity.getRedirectUri();
}
@Override
public int getTimestamp() {
return entity.getTimestamp();
}
@Override
public void setTimestamp(int timestamp) {
entity.setTimestamp(timestamp);
}
@Override
public String getAction() {
return entity.getAction();
}
@Override
public void setAction(String action) {
entity.setAction(action);
}
@Override
public Set<String> getRoles() {
Set<String> roles = new HashSet<String>();
if (entity.getRoles() != null) {
for (ClientSessionRoleEntity e : entity.getRoles()) {
roles.add(e.getRoleId());
}
}
return roles;
}
@Override
public Set<String> getProtocolMappers() {
Set<String> protMappers = new HashSet<String>();
if (entity.getProtocolMappers() != null) {
for (ClientSessionProtocolMapperEntity e : entity.getProtocolMappers()) {
protMappers.add(e.getProtocolMapperId());
}
}
return protMappers;
}
@Override
public void setProtocolMappers(Set<String> protocolMappers) {
if (protocolMappers != null) {
for (String pm : protocolMappers) {
ClientSessionProtocolMapperEntity protMapperEntity = new ClientSessionProtocolMapperEntity();
protMapperEntity.setClientSession(entity);
protMapperEntity.setProtocolMapperId(pm);
em.persist(protMapperEntity);
entity.getProtocolMappers().add(protMapperEntity);
}
} else {
if (entity.getProtocolMappers() != null) {
for (ClientSessionProtocolMapperEntity pm : entity.getProtocolMappers()) {
em.remove(pm);
}
entity.getProtocolMappers().clear();
}
}
}
@Override
public Map<String, ExecutionStatus> getExecutionStatus() {
Map<String, ExecutionStatus> result = new HashMap<>();
for (ClientSessionAuthStatusEntity status : entity.getAuthanticatorStatus()) {
result.put(status.getAuthenticator(), status.getStatus());
}
return result;
}
@Override
public void setExecutionStatus(String authenticator, ExecutionStatus status) {
ClientSessionAuthStatusEntity authStatus = new ClientSessionAuthStatusEntity();
authStatus.setAuthenticator(authenticator);
authStatus.setClientSession(entity);
authStatus.setStatus(status);
em.persist(authStatus);
entity.getAuthanticatorStatus().add(authStatus);
em.flush();
}
@Override
public void clearExecutionStatus() {
Iterator<ClientSessionAuthStatusEntity> iterator = entity.getAuthanticatorStatus().iterator();
while (iterator.hasNext()) {
ClientSessionAuthStatusEntity authStatus = iterator.next();
iterator.remove();
em.remove(authStatus);
}
}
@Override
public UserModel getAuthenticatedUser() {
return session.users().getUserById(entity.getUserId(), realm);
}
@Override
public void setAuthenticatedUser(UserModel user) {
entity.setUserId(user.getId());
}
}
package org.keycloak.models.sessions.jpa;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.sessions.jpa.entities.ClientSessionAuthStatusEntity;
import org.keycloak.models.sessions.jpa.entities.ClientSessionEntity;
import org.keycloak.models.sessions.jpa.entities.ClientSessionNoteEntity;
import org.keycloak.models.sessions.jpa.entities.ClientSessionProtocolMapperEntity;
import org.keycloak.models.sessions.jpa.entities.ClientSessionRoleEntity;
import org.keycloak.models.sessions.jpa.entities.ClientUserSessionNoteEntity;
import org.keycloak.models.sessions.jpa.entities.UserSessionEntity;
import javax.persistence.EntityManager;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ClientSessionAdapter implements ClientSessionModel {
private KeycloakSession session;
private ClientSessionEntity entity;
private EntityManager em;
private RealmModel realm;
public ClientSessionAdapter(KeycloakSession session, EntityManager em, RealmModel realm, ClientSessionEntity entity) {
this.session = session;
this.em = em;
this.realm = realm;
this.entity = entity;
}
@Override
public RealmModel getRealm() {
return session.realms().getRealm(entity.getRealmId());
}
@Override
public void setNote(String name, String value) {
for (ClientSessionNoteEntity attr : entity.getNotes()) {
if (attr.getName().equals(name)) {
attr.setValue(value);
return;
}
}
ClientSessionNoteEntity attr = new ClientSessionNoteEntity();
attr.setName(name);
attr.setValue(value);
attr.setClientSession(entity);
em.persist(attr);
entity.getNotes().add(attr);
}
@Override
public void removeNote(String name) {
Iterator<ClientSessionNoteEntity> it = entity.getNotes().iterator();
while (it.hasNext()) {
ClientSessionNoteEntity attr = it.next();
if (attr.getName().equals(name)) {
it.remove();
em.remove(attr);
}
}
}
@Override
public String getNote(String name) {
for (ClientSessionNoteEntity attr : entity.getNotes()) {
if (attr.getName().equals(name)) {
return attr.getValue();
}
}
return null;
}
@Override
public void setUserSessionNote(String name, String value) {
for (ClientUserSessionNoteEntity attr : entity.getUserSessionNotes()) {
if (attr.getName().equals(name)) {
attr.setValue(value);
return;
}
}
ClientUserSessionNoteEntity attr = new ClientUserSessionNoteEntity();
attr.setName(name);
attr.setValue(value);
attr.setClientSession(entity);
em.persist(attr);
entity.getUserSessionNotes().add(attr);
}
@Override
public Map<String, String> getUserSessionNotes() {
Map<String, String> copy = new HashMap<>();
for (ClientUserSessionNoteEntity attr : entity.getUserSessionNotes()) {
copy.put(attr.getName(), attr.getValue());
}
return copy;
}
@Override
public void clearUserSessionNotes() {
Iterator<ClientUserSessionNoteEntity> it = entity.getUserSessionNotes().iterator();
while (it.hasNext()) {
ClientUserSessionNoteEntity attr = it.next();
it.remove();
em.remove(attr);
}
}
@Override
public String getId() {
return entity.getId();
}
@Override
public ClientModel getClient() {
return realm.getClientById(entity.getClientId());
}
public ClientSessionEntity getEntity() {
return entity;
}
@Override
public void setUserSession(UserSessionModel userSession) {
if (userSession == null) {
if (entity.getSession() != null) {
entity.getSession().getClientSessions().remove(entity);
}
entity.setSession(null);
} else {
UserSessionAdapter adapter = (UserSessionAdapter) userSession;
UserSessionEntity userSessionEntity = adapter.getEntity();
entity.setSession(userSessionEntity);
userSessionEntity.getClientSessions().add(entity);
}
}
@Override
public void setRedirectUri(String uri) {
entity.setRedirectUri(uri);
}
@Override
public void setRoles(Set<String> roles) {
if (roles != null) {
for (String r : roles) {
ClientSessionRoleEntity roleEntity = new ClientSessionRoleEntity();
roleEntity.setClientSession(entity);
roleEntity.setRoleId(r);
em.persist(roleEntity);
entity.getRoles().add(roleEntity);
}
} else {
if (entity.getRoles() != null) {
for (ClientSessionRoleEntity r : entity.getRoles()) {
em.remove(r);
}
entity.getRoles().clear();
}
}
}
@Override
public String getAuthMethod() {
return entity.getAuthMethod();
}
@Override
public void setAuthMethod(String method) {
entity.setAuthMethod(method);
}
@Override
public UserSessionModel getUserSession() {
if (entity.getSession() == null) return null;
return new UserSessionAdapter(session, em, realm, entity.getSession());
}
@Override
public String getRedirectUri() {
return entity.getRedirectUri();
}
@Override
public int getTimestamp() {
return entity.getTimestamp();
}
@Override
public void setTimestamp(int timestamp) {
entity.setTimestamp(timestamp);
}
@Override
public String getAction() {
return entity.getAction();
}
@Override
public void setAction(String action) {
entity.setAction(action);
}
@Override
public Set<String> getRoles() {
Set<String> roles = new HashSet<String>();
if (entity.getRoles() != null) {
for (ClientSessionRoleEntity e : entity.getRoles()) {
roles.add(e.getRoleId());
}
}
return roles;
}
@Override
public Set<String> getProtocolMappers() {
Set<String> protMappers = new HashSet<String>();
if (entity.getProtocolMappers() != null) {
for (ClientSessionProtocolMapperEntity e : entity.getProtocolMappers()) {
protMappers.add(e.getProtocolMapperId());
}
}
return protMappers;
}
@Override
public void setProtocolMappers(Set<String> protocolMappers) {
if (protocolMappers != null) {
for (String pm : protocolMappers) {
ClientSessionProtocolMapperEntity protMapperEntity = new ClientSessionProtocolMapperEntity();
protMapperEntity.setClientSession(entity);
protMapperEntity.setProtocolMapperId(pm);
em.persist(protMapperEntity);
entity.getProtocolMappers().add(protMapperEntity);
}
} else {
if (entity.getProtocolMappers() != null) {
for (ClientSessionProtocolMapperEntity pm : entity.getProtocolMappers()) {
em.remove(pm);
}
entity.getProtocolMappers().clear();
}
}
}
@Override
public Map<String, ExecutionStatus> getExecutionStatus() {
Map<String, ExecutionStatus> result = new HashMap<>();
for (ClientSessionAuthStatusEntity status : entity.getAuthanticatorStatus()) {
result.put(status.getAuthenticator(), status.getStatus());
}
return result;
}
@Override
public void setExecutionStatus(String authenticator, ExecutionStatus status) {
ClientSessionAuthStatusEntity authStatus = new ClientSessionAuthStatusEntity();
authStatus.setAuthenticator(authenticator);
authStatus.setClientSession(entity);
authStatus.setStatus(status);
em.persist(authStatus);
entity.getAuthanticatorStatus().add(authStatus);
em.flush();
}
@Override
public void clearExecutionStatus() {
Iterator<ClientSessionAuthStatusEntity> iterator = entity.getAuthanticatorStatus().iterator();
while (iterator.hasNext()) {
ClientSessionAuthStatusEntity authStatus = iterator.next();
iterator.remove();
em.remove(authStatus);
}
}
@Override
public UserModel getAuthenticatedUser() {
return session.users().getUserById(entity.getUserId(), realm);
}
@Override
public void setAuthenticatedUser(UserModel user) {
entity.setUserId(user.getId());
}
}

378
model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/ClientSessionAdapter.java
View file

@ -1,189 +1,189 @@
package org.keycloak.models.sessions.mem;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.sessions.mem.entities.ClientSessionEntity;
import org.keycloak.models.sessions.mem.entities.UserSessionEntity;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ClientSessionAdapter implements ClientSessionModel {
private KeycloakSession session;
private MemUserSessionProvider provider;
private RealmModel realm;
private ClientSessionEntity entity;
public ClientSessionAdapter(KeycloakSession session, MemUserSessionProvider provider, RealmModel realm, ClientSessionEntity entity) {
this.session = session;
this.provider = provider;
this.realm = realm;
this.entity = entity;
}
@Override
public String getId() {
return entity.getId();
}
@Override
public RealmModel getRealm() {
return session.realms().getRealm(entity.getRealmId());
}
public ClientSessionEntity getEntity() {
return entity;
}
@Override
public ClientModel getClient() {
return realm.getClientById(entity.getClientId());
}
@Override
public UserSessionModel getUserSession() {
if (entity.getSession() == null) return null;
return new UserSessionAdapter(session, provider, realm, entity.getSession());
}
@Override
public void setUserSession(UserSessionModel userSession) {
if (userSession == null) {
if (entity.getSession() != null) {
entity.getSession().getClientSessions().remove(entity);
}
entity.setSession(null);
} else {
UserSessionAdapter adapter = (UserSessionAdapter) userSession;
UserSessionEntity userSessionEntity = adapter.getEntity();
entity.setSession(userSessionEntity);
userSessionEntity.getClientSessions().add(entity);
}
}
@Override
public void setRedirectUri(String uri) {
entity.setRedirectUri(uri);
}
@Override
public void setRoles(Set<String> roles) {
entity.setRoles(roles);
}
@Override
public String getRedirectUri() {
return entity.getRedirectUri();
}
@Override
public int getTimestamp() {
return entity.getTimestamp();
}
@Override
public void setTimestamp(int timestamp) {
entity.setTimestamp(timestamp);
}
@Override
public String getAction() {
return entity.getAction();
}
@Override
public void setAction(String action) {
entity.setAction(action);
}
@Override
public Set<String> getRoles() {
return entity.getRoles();
}
@Override
public Set<String> getProtocolMappers() {
return entity.getProtocolMappers();
}
@Override
public void setProtocolMappers(Set<String> protocolMappers) {
entity.setProtocolMappers(protocolMappers);
}
@Override
public String getNote(String name) {
return entity.getNotes().get(name);
}
@Override
public void setNote(String name, String value) {
entity.getNotes().put(name, value);
}
@Override
public void removeNote(String name) {
entity.getNotes().remove(name);
}
@Override
public void setUserSessionNote(String name, String value) {
entity.getUserSessionNotes().put(name, value);
}
@Override
public Map<String, String> getUserSessionNotes() {
return entity.getUserSessionNotes();
}
@Override
public String getAuthMethod() {
return entity.getAuthMethod();
}
@Override
public void setAuthMethod(String method) {
entity.setAuthMethod(method);
}
@Override
public Map<String, ExecutionStatus> getExecutionStatus() {
return entity.getAuthenticatorStatus();
}
@Override
public void setExecutionStatus(String authenticator, ExecutionStatus status) {
entity.getAuthenticatorStatus().put(authenticator, status);
}
@Override
public void clearExecutionStatus() {
entity.getAuthenticatorStatus().clear();
}
@Override
public void clearUserSessionNotes() {
entity.getUserSessionNotes().clear();
}
@Override
public UserModel getAuthenticatedUser() {
return session.users().getUserById(entity.getAuthUserId(), realm); }
@Override
public void setAuthenticatedUser(UserModel user) {
entity.setAuthUserId(user.getId());
}
}
package org.keycloak.models.sessions.mem;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.sessions.mem.entities.ClientSessionEntity;
import org.keycloak.models.sessions.mem.entities.UserSessionEntity;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ClientSessionAdapter implements ClientSessionModel {
private KeycloakSession session;
private MemUserSessionProvider provider;
private RealmModel realm;
private ClientSessionEntity entity;
public ClientSessionAdapter(KeycloakSession session, MemUserSessionProvider provider, RealmModel realm, ClientSessionEntity entity) {
this.session = session;
this.provider = provider;
this.realm = realm;
this.entity = entity;
}
@Override
public String getId() {
return entity.getId();
}
@Override
public RealmModel getRealm() {
return session.realms().getRealm(entity.getRealmId());
}
public ClientSessionEntity getEntity() {
return entity;
}
@Override
public ClientModel getClient() {
return realm.getClientById(entity.getClientId());
}
@Override
public UserSessionModel getUserSession() {
if (entity.getSession() == null) return null;
return new UserSessionAdapter(session, provider, realm, entity.getSession());
}
@Override
public void setUserSession(UserSessionModel userSession) {
if (userSession == null) {
if (entity.getSession() != null) {
entity.getSession().getClientSessions().remove(entity);
}
entity.setSession(null);
} else {
UserSessionAdapter adapter = (UserSessionAdapter) userSession;
UserSessionEntity userSessionEntity = adapter.getEntity();
entity.setSession(userSessionEntity);
userSessionEntity.getClientSessions().add(entity);
}
}
@Override
public void setRedirectUri(String uri) {
entity.setRedirectUri(uri);
}
@Override
public void setRoles(Set<String> roles) {
entity.setRoles(roles);
}
@Override
public String getRedirectUri() {
return entity.getRedirectUri();
}
@Override
public int getTimestamp() {
return entity.getTimestamp();
}
@Override
public void setTimestamp(int timestamp) {
entity.setTimestamp(timestamp);
}
@Override
public String getAction() {
return entity.getAction();
}
@Override
public void setAction(String action) {
entity.setAction(action);
}
@Override
public Set<String> getRoles() {
return entity.getRoles();
}
@Override
public Set<String> getProtocolMappers() {
return entity.getProtocolMappers();
}
@Override
public void setProtocolMappers(Set<String> protocolMappers) {
entity.setProtocolMappers(protocolMappers);
}
@Override
public String getNote(String name) {
return entity.getNotes().get(name);
}
@Override
public void setNote(String name, String value) {
entity.getNotes().put(name, value);
}
@Override
public void removeNote(String name) {
entity.getNotes().remove(name);
}
@Override
public void setUserSessionNote(String name, String value) {
entity.getUserSessionNotes().put(name, value);
}
@Override
public Map<String, String> getUserSessionNotes() {
return entity.getUserSessionNotes();
}
@Override
public String getAuthMethod() {
return entity.getAuthMethod();
}
@Override
public void setAuthMethod(String method) {
entity.setAuthMethod(method);
}
@Override
public Map<String, ExecutionStatus> getExecutionStatus() {
return entity.getAuthenticatorStatus();
}
@Override
public void setExecutionStatus(String authenticator, ExecutionStatus status) {
entity.getAuthenticatorStatus().put(authenticator, status);
}
@Override
public void clearExecutionStatus() {
entity.getAuthenticatorStatus().clear();
}
@Override
public void clearUserSessionNotes() {
entity.getUserSessionNotes().clear();
}
@Override
public UserModel getAuthenticatedUser() {
return session.users().getUserById(entity.getAuthUserId(), realm); }
@Override
public void setAuthenticatedUser(UserModel user) {
entity.setAuthUserId(user.getId());
}
}

304
model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/entities/ClientSessionEntity.java
View file

@ -1,152 +1,152 @@
package org.keycloak.models.sessions.mem.entities;
import org.keycloak.models.ClientSessionModel;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ClientSessionEntity {
private String id;
private String clientId;
private String realmId;
private Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus = new HashMap<>();
private String authUserId;
private UserSessionEntity session;
private String redirectUri;
private String authMethod;
private int timestamp;
private String action;
private Set<String> roles;
private Set<String> protocolMappers;
private Map<String, String> notes = new HashMap<>();
private Map<String, String> userSessionNotes = new HashMap<>();
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String getRealmId() {
return realmId;
}
public void setRealmId(String realmId) {
this.realmId = realmId;
}
public UserSessionEntity getSession() {
return session;
}
public void setSession(UserSessionEntity session) {
this.session = session;
}
public String getRedirectUri() {
return redirectUri;
}
public void setRedirectUri(String redirectUri) {
this.redirectUri = redirectUri;
}
public int getTimestamp() {
return timestamp;
}
public void setTimestamp(int timestamp) {
this.timestamp = timestamp;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
public Set<String> getRoles() {
return roles;
}
public void setRoles(Set<String> roles) {
this.roles = roles;
}
public Set<String> getProtocolMappers() {
return protocolMappers;
}
public void setProtocolMappers(Set<String> protocolMappers) {
this.protocolMappers = protocolMappers;
}
public Map<String, String> getNotes() {
return notes;
}
public String getAuthMethod() {
return authMethod;
}
public void setAuthMethod(String authMethod) {
this.authMethod = authMethod;
}
public String getAuthUserId() {
return authUserId;
}
public void setAuthUserId(String authUserId) {
this.authUserId = authUserId;
}
public Map<String, ClientSessionModel.ExecutionStatus> getAuthenticatorStatus() {
return authenticatorStatus;
}
public void setAuthenticatorStatus(Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus) {
this.authenticatorStatus = authenticatorStatus;
}
public Map<String, String> getUserSessionNotes() {
return userSessionNotes;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (!(o instanceof ClientSessionEntity)) return false;
ClientSessionEntity that = (ClientSessionEntity) o;
if (id != null ? !id.equals(that.id) : that.id != null) return false;
return true;
}
@Override
public int hashCode() {
return id != null ? id.hashCode() : 0;
}
}
package org.keycloak.models.sessions.mem.entities;
import org.keycloak.models.ClientSessionModel;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ClientSessionEntity {
private String id;
private String clientId;
private String realmId;
private Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus = new HashMap<>();
private String authUserId;
private UserSessionEntity session;
private String redirectUri;
private String authMethod;
private int timestamp;
private String action;
private Set<String> roles;
private Set<String> protocolMappers;
private Map<String, String> notes = new HashMap<>();
private Map<String, String> userSessionNotes = new HashMap<>();
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String getRealmId() {
return realmId;
}
public void setRealmId(String realmId) {
this.realmId = realmId;
}
public UserSessionEntity getSession() {
return session;
}
public void setSession(UserSessionEntity session) {
this.session = session;
}
public String getRedirectUri() {
return redirectUri;
}
public void setRedirectUri(String redirectUri) {
this.redirectUri = redirectUri;
}
public int getTimestamp() {
return timestamp;
}
public void setTimestamp(int timestamp) {
this.timestamp = timestamp;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
public Set<String> getRoles() {
return roles;
}
public void setRoles(Set<String> roles) {
this.roles = roles;
}
public Set<String> getProtocolMappers() {
return protocolMappers;
}
public void setProtocolMappers(Set<String> protocolMappers) {
this.protocolMappers = protocolMappers;
}
public Map<String, String> getNotes() {
return notes;
}
public String getAuthMethod() {
return authMethod;
}
public void setAuthMethod(String authMethod) {
this.authMethod = authMethod;
}
public String getAuthUserId() {
return authUserId;
}
public void setAuthUserId(String authUserId) {
this.authUserId = authUserId;
}
public Map<String, ClientSessionModel.ExecutionStatus> getAuthenticatorStatus() {
return authenticatorStatus;
}
public void setAuthenticatorStatus(Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus) {
this.authenticatorStatus = authenticatorStatus;
}
public Map<String, String> getUserSessionNotes() {
return userSessionNotes;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (!(o instanceof ClientSessionEntity)) return false;
ClientSessionEntity that = (ClientSessionEntity) o;
if (id != null ? !id.equals(that.id) : that.id != null) return false;
return true;
}
@Override
public int hashCode() {
return id != null ? id.hashCode() : 0;
}
}

446
model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/ClientSessionAdapter.java
View file

@ -1,223 +1,223 @@
package org.keycloak.models.sessions.mongo;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.sessions.mongo.entities.MongoClientSessionEntity;
import org.keycloak.models.sessions.mongo.entities.MongoUserSessionEntity;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ClientSessionAdapter extends AbstractMongoAdapter<MongoClientSessionEntity> implements ClientSessionModel {
private KeycloakSession session;
private MongoUserSessionProvider provider;
private RealmModel realm;
private MongoClientSessionEntity entity;
public ClientSessionAdapter(KeycloakSession session, MongoUserSessionProvider provider, RealmModel realm, MongoClientSessionEntity entity, MongoStoreInvocationContext invContext) {
super(invContext);
this.session = session;
this.provider = provider;
this.realm = realm;
this.entity = entity;
}
@Override
public String getId() {
return entity.getId();
}
@Override
public RealmModel getRealm() {
return session.realms().getRealm(entity.getRealmId());
}
@Override
public ClientModel getClient() {
return realm.getClientById(entity.getClientId());
}
@Override
public UserSessionModel getUserSession() {
if (entity.getSessionId() == null) return null;
return provider.getUserSession(realm, entity.getSessionId());
}
@Override
public void setUserSession(UserSessionModel userSession) {
if (userSession == null) {
if (entity.getSessionId() != null) {
MongoUserSessionEntity userSessionEntity = provider.getUserSessionEntity(realm, entity.getSessionId());
provider.getMongoStore().pullItemFromList(userSessionEntity, "clientSessions", entity.getSessionId(), invocationContext);
}
entity.setSessionId(null);
} else {
MongoUserSessionEntity userSessionEntity = provider.getUserSessionEntity(realm, userSession.getId());
entity.setSessionId(userSessionEntity.getId());
updateMongoEntity();
provider.getMongoStore().pushItemToList(userSessionEntity, "clientSessions", entity.getId(), true, invocationContext);
}
}
@Override
public void setRedirectUri(String uri) {
entity.setRedirectUri(uri);
updateMongoEntity();
}
@Override
public void setRoles(Set<String> roles) {
if (roles == null) {
entity.setRoles(null);
} else {
List<String> list = new LinkedList<String>();
list.addAll(roles);
entity.setRoles(list);
}
updateMongoEntity();
}
@Override
public String getRedirectUri() {
return entity.getRedirectUri();
}
@Override
public int getTimestamp() {
return entity.getTimestamp();
}
@Override
public void setTimestamp(int timestamp) {
entity.setTimestamp(timestamp);
updateMongoEntity();
}
@Override
public String getAction() {
return entity.getAction();
}
@Override
public void setAction(String action) {
entity.setAction(action);
updateMongoEntity();
}
@Override
public Set<String> getRoles() {
return entity.getRoles() != null ? new HashSet<String>(entity.getRoles()) : null;
}
@Override
public Set<String> getProtocolMappers() {
return entity.getProtocolMappers() != null ? new HashSet<String>(entity.getProtocolMappers()) : null;
}
@Override
public void setProtocolMappers(Set<String> protocolMappers) {
if (protocolMappers == null) {
entity.setProtocolMappers(null);
} else {
List<String> list = new LinkedList<String>();
list.addAll(protocolMappers);
entity.setProtocolMappers(list);
}
updateMongoEntity();
}
@Override
public String getNote(String name) {
return entity.getNotes().get(name);
}
@Override
public void setNote(String name, String value) {
entity.getNotes().put(name, value);
updateMongoEntity();
}
@Override
public void removeNote(String name) {
entity.getNotes().remove(name);
updateMongoEntity();
}
@Override
public void setUserSessionNote(String name, String value) {
entity.getUserSessionNotes().put(name, value);
updateMongoEntity();
}
@Override
public Map<String, String> getUserSessionNotes() {
Map<String, String> copy = new HashMap<>();
copy.putAll(entity.getUserSessionNotes());
return copy;
}
@Override
public Map<String, ExecutionStatus> getExecutionStatus() {
return entity.getAuthenticatorStatus();
}
@Override
public void setExecutionStatus(String authenticator, ExecutionStatus status) {
entity.getAuthenticatorStatus().put(authenticator, status);
updateMongoEntity();
}
@Override
public void clearExecutionStatus() {
entity.getAuthenticatorStatus().clear();
updateMongoEntity();
}
@Override
public void clearUserSessionNotes() {
entity.getUserSessionNotes().clear();
}
@Override
public UserModel getAuthenticatedUser() {
return session.users().getUserById(entity.getAuthUserId(), realm);
}
@Override
public void setAuthenticatedUser(UserModel user) {
entity.setAuthUserId(user.getId());
updateMongoEntity();
}
@Override
public String getAuthMethod() {
return entity.getAuthMethod();
}
@Override
public void setAuthMethod(String method) {
entity.setAuthMethod(method);
updateMongoEntity();
}
@Override
protected MongoClientSessionEntity getMongoEntity() {
return entity;
}
}
package org.keycloak.models.sessions.mongo;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.sessions.mongo.entities.MongoClientSessionEntity;
import org.keycloak.models.sessions.mongo.entities.MongoUserSessionEntity;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ClientSessionAdapter extends AbstractMongoAdapter<MongoClientSessionEntity> implements ClientSessionModel {
private KeycloakSession session;
private MongoUserSessionProvider provider;
private RealmModel realm;
private MongoClientSessionEntity entity;
public ClientSessionAdapter(KeycloakSession session, MongoUserSessionProvider provider, RealmModel realm, MongoClientSessionEntity entity, MongoStoreInvocationContext invContext) {
super(invContext);
this.session = session;
this.provider = provider;
this.realm = realm;
this.entity = entity;
}
@Override
public String getId() {
return entity.getId();
}
@Override
public RealmModel getRealm() {
return session.realms().getRealm(entity.getRealmId());
}
@Override
public ClientModel getClient() {
return realm.getClientById(entity.getClientId());
}
@Override
public UserSessionModel getUserSession() {
if (entity.getSessionId() == null) return null;
return provider.getUserSession(realm, entity.getSessionId());
}
@Override
public void setUserSession(UserSessionModel userSession) {
if (userSession == null) {
if (entity.getSessionId() != null) {
MongoUserSessionEntity userSessionEntity = provider.getUserSessionEntity(realm, entity.getSessionId());
provider.getMongoStore().pullItemFromList(userSessionEntity, "clientSessions", entity.getSessionId(), invocationContext);
}
entity.setSessionId(null);
} else {
MongoUserSessionEntity userSessionEntity = provider.getUserSessionEntity(realm, userSession.getId());
entity.setSessionId(userSessionEntity.getId());
updateMongoEntity();
provider.getMongoStore().pushItemToList(userSessionEntity, "clientSessions", entity.getId(), true, invocationContext);
}
}
@Override
public void setRedirectUri(String uri) {
entity.setRedirectUri(uri);
updateMongoEntity();
}
@Override
public void setRoles(Set<String> roles) {
if (roles == null) {
entity.setRoles(null);
} else {
List<String> list = new LinkedList<String>();
list.addAll(roles);
entity.setRoles(list);
}
updateMongoEntity();
}
@Override
public String getRedirectUri() {
return entity.getRedirectUri();
}
@Override
public int getTimestamp() {
return entity.getTimestamp();
}
@Override
public void setTimestamp(int timestamp) {
entity.setTimestamp(timestamp);
updateMongoEntity();
}
@Override
public String getAction() {
return entity.getAction();
}
@Override
public void setAction(String action) {
entity.setAction(action);
updateMongoEntity();
}
@Override
public Set<String> getRoles() {
return entity.getRoles() != null ? new HashSet<String>(entity.getRoles()) : null;
}
@Override
public Set<String> getProtocolMappers() {
return entity.getProtocolMappers() != null ? new HashSet<String>(entity.getProtocolMappers()) : null;
}
@Override
public void setProtocolMappers(Set<String> protocolMappers) {
if (protocolMappers == null) {
entity.setProtocolMappers(null);
} else {
List<String> list = new LinkedList<String>();
list.addAll(protocolMappers);
entity.setProtocolMappers(list);
}
updateMongoEntity();
}
@Override
public String getNote(String name) {
return entity.getNotes().get(name);
}
@Override
public void setNote(String name, String value) {
entity.getNotes().put(name, value);
updateMongoEntity();
}
@Override
public void removeNote(String name) {
entity.getNotes().remove(name);
updateMongoEntity();
}
@Override
public void setUserSessionNote(String name, String value) {
entity.getUserSessionNotes().put(name, value);
updateMongoEntity();
}
@Override
public Map<String, String> getUserSessionNotes() {
Map<String, String> copy = new HashMap<>();
copy.putAll(entity.getUserSessionNotes());
return copy;
}
@Override
public Map<String, ExecutionStatus> getExecutionStatus() {
return entity.getAuthenticatorStatus();
}
@Override
public void setExecutionStatus(String authenticator, ExecutionStatus status) {
entity.getAuthenticatorStatus().put(authenticator, status);
updateMongoEntity();
}
@Override
public void clearExecutionStatus() {
entity.getAuthenticatorStatus().clear();
updateMongoEntity();
}
@Override
public void clearUserSessionNotes() {
entity.getUserSessionNotes().clear();
}
@Override
public UserModel getAuthenticatedUser() {
return session.users().getUserById(entity.getAuthUserId(), realm);
}
@Override
public void setAuthenticatedUser(UserModel user) {
entity.setAuthUserId(user.getId());
updateMongoEntity();
}
@Override
public String getAuthMethod() {
return entity.getAuthMethod();
}
@Override
public void setAuthMethod(String method) {
entity.setAuthMethod(method);
updateMongoEntity();
}
@Override
protected MongoClientSessionEntity getMongoEntity() {
return entity;
}
}

304
model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/entities/MongoClientSessionEntity.java
View file

@ -1,152 +1,152 @@
package org.keycloak.models.sessions.mongo.entities;
import org.keycloak.connections.mongo.api.MongoCollection;
import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.entities.AbstractIdentifiableEntity;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
@MongoCollection(collectionName = "clientSessions")
public class MongoClientSessionEntity extends AbstractIdentifiableEntity implements MongoIdentifiableEntity {
private String id;
private String clientId;
private String realmId;
private String sessionId;
private String redirectUri;
private String authMethod;
private int timestamp;
private String action;
private List<String> roles;
private List<String> protocolMappers;
private Map<String, String> notes = new HashMap<String, String>();
private Map<String, String> userSessionNotes = new HashMap<String, String>();
private Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus = new HashMap<>();
private String authUserId;
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String getRealmId() {
return realmId;
}
public void setRealmId(String realmId) {
this.realmId = realmId;
}
public String getRedirectUri() {
return redirectUri;
}
public void setRedirectUri(String redirectUri) {
this.redirectUri = redirectUri;
}
public String getAuthMethod() {
return authMethod;
}
public void setAuthMethod(String authMethod) {
this.authMethod = authMethod;
}
public int getTimestamp() {
return timestamp;
}
public void setTimestamp(int timestamp) {
this.timestamp = timestamp;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
public List<String> getRoles() {
return roles;
}
public void setRoles(List<String> roles) {
this.roles = roles;
}
public List<String> getProtocolMappers() {
return protocolMappers;
}
public void setProtocolMappers(List<String> protocolMappers) {
this.protocolMappers = protocolMappers;
}
public Map<String, String> getNotes() {
return notes;
}
public void setNotes(Map<String, String> notes) {
this.notes = notes;
}
public Map<String, String> getUserSessionNotes() {
return userSessionNotes;
}
public void setUserSessionNotes(Map<String, String> userSessionNotes) {
this.userSessionNotes = userSessionNotes;
}
public String getSessionId() {
return sessionId;
}
public void setSessionId(String sessionId) {
this.sessionId = sessionId;
}
public Map<String, ClientSessionModel.ExecutionStatus> getAuthenticatorStatus() {
return authenticatorStatus;
}
public void setAuthenticatorStatus(Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus) {
this.authenticatorStatus = authenticatorStatus;
}
public String getAuthUserId() {
return authUserId;
}
public void setAuthUserId(String authUserId) {
this.authUserId = authUserId;
}
@Override
public void afterRemove(MongoStoreInvocationContext context) {
}
}
package org.keycloak.models.sessions.mongo.entities;
import org.keycloak.connections.mongo.api.MongoCollection;
import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.entities.AbstractIdentifiableEntity;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
@MongoCollection(collectionName = "clientSessions")
public class MongoClientSessionEntity extends AbstractIdentifiableEntity implements MongoIdentifiableEntity {
private String id;
private String clientId;
private String realmId;
private String sessionId;
private String redirectUri;
private String authMethod;
private int timestamp;
private String action;
private List<String> roles;
private List<String> protocolMappers;
private Map<String, String> notes = new HashMap<String, String>();
private Map<String, String> userSessionNotes = new HashMap<String, String>();
private Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus = new HashMap<>();
private String authUserId;
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String getRealmId() {
return realmId;
}
public void setRealmId(String realmId) {
this.realmId = realmId;
}
public String getRedirectUri() {
return redirectUri;
}
public void setRedirectUri(String redirectUri) {
this.redirectUri = redirectUri;
}
public String getAuthMethod() {
return authMethod;
}
public void setAuthMethod(String authMethod) {
this.authMethod = authMethod;
}
public int getTimestamp() {
return timestamp;
}
public void setTimestamp(int timestamp) {
this.timestamp = timestamp;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
public List<String> getRoles() {
return roles;
}
public void setRoles(List<String> roles) {
this.roles = roles;
}
public List<String> getProtocolMappers() {
return protocolMappers;
}
public void setProtocolMappers(List<String> protocolMappers) {
this.protocolMappers = protocolMappers;
}
public Map<String, String> getNotes() {
return notes;
}
public void setNotes(Map<String, String> notes) {
this.notes = notes;
}
public Map<String, String> getUserSessionNotes() {
return userSessionNotes;
}
public void setUserSessionNotes(Map<String, String> userSessionNotes) {
this.userSessionNotes = userSessionNotes;
}
public String getSessionId() {
return sessionId;
}
public void setSessionId(String sessionId) {
this.sessionId = sessionId;
}
public Map<String, ClientSessionModel.ExecutionStatus> getAuthenticatorStatus() {
return authenticatorStatus;
}
public void setAuthenticatorStatus(Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus) {
this.authenticatorStatus = authenticatorStatus;
}
public String getAuthUserId() {
return authUserId;
}
public void setAuthUserId(String authUserId) {
this.authUserId = authUserId;
}
@Override
public void afterRemove(MongoStoreInvocationContext context) {
}
}

9
services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordForm.java
View file

@ -41,15 +41,16 @@ public class UsernamePasswordForm extends AbstractFormAuthenticator implements A
context.forceChallenge(response);
return;
}
if (!validateUser(context, formData)) {
return;
}
if (!validatePassword(context, formData)) {
if (!validateForm(context, formData)) {
return;
}
context.success();
}
protected boolean validateForm(AuthenticatorContext context, MultivaluedMap<String, String> formData) {
return validateUser(context, formData) && validatePassword(context, formData);
}
@Override
public void authenticate(AuthenticatorContext context) {
if (REGISTRATION_FORM_ACTION.equals(context.getAction()) && context.getUser() != null) {

618
services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java
View file

@ -1,310 +1,310 @@
package org.keycloak.protocol.oidc.endpoints;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.ClientConnection;
import org.keycloak.OAuth2Constants;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.constants.AdapterConstants;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.login.LoginFormsProvider;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.DefaultAuthenticationFlows;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.services.ErrorPageException;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.Urls;
import javax.ws.rs.GET;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.util.List;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class AuthorizationEndpoint {
private static final Logger logger = Logger.getLogger(AuthorizationEndpoint.class);
public static final String CODE_AUTH_TYPE = "code";
private enum Action {
REGISTER, CODE
}
@Context
private KeycloakSession session;
@Context
private HttpRequest request;
@Context
private HttpHeaders headers;
@Context
private UriInfo uriInfo;
@Context
private ClientConnection clientConnection;
private final AuthenticationManager authManager;
private final RealmModel realm;
private final EventBuilder event;
private ClientModel client;
private ClientSessionModel clientSession;
private Action action;
private String clientId;
private String redirectUri;
private String redirectUriParam;
private String responseType;
private String state;
private String scope;
private String loginHint;
private String prompt;
private String idpHint;
private String legacyResponseType;
public AuthorizationEndpoint(AuthenticationManager authManager, RealmModel realm, EventBuilder event) {
this.authManager = authManager;
this.realm = realm;
this.event = event;
event.event(EventType.LOGIN);
}
@GET
public Response build() {
MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
clientId = params.getFirst(OIDCLoginProtocol.CLIENT_ID_PARAM);
responseType = params.getFirst(OIDCLoginProtocol.RESPONSE_TYPE_PARAM);
redirectUriParam = params.getFirst(OIDCLoginProtocol.REDIRECT_URI_PARAM);
state = params.getFirst(OIDCLoginProtocol.STATE_PARAM);
scope = params.getFirst(OIDCLoginProtocol.SCOPE_PARAM);
loginHint = params.getFirst(OIDCLoginProtocol.LOGIN_HINT_PARAM);
prompt = params.getFirst(OIDCLoginProtocol.PROMPT_PARAM);
idpHint = params.getFirst(AdapterConstants.KC_IDP_HINT);
checkSsl();
checkRealm();
checkClient();
checkResponseType();
checkRedirectUri();
createClientSession();
switch (action) {
case REGISTER:
return buildRegister();
case CODE:
return buildAuthorizationCodeAuthorizationResponse();
}
throw new RuntimeException("Unknown action " + action);
}
/**
* @deprecated
*/
public AuthorizationEndpoint legacy(String legacyResponseType) {
logger.warnv("Invoking deprecated endpoint {0}", uriInfo.getRequestUri());
this.legacyResponseType = legacyResponseType;
return this;
}
public AuthorizationEndpoint register() {
event.event(EventType.REGISTER);
action = Action.REGISTER;
if (!realm.isRegistrationAllowed()) {
throw new ErrorPageException(session, Messages.REGISTRATION_NOT_ALLOWED);
}
return this;
}
private void checkSsl() {
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
event.error(Errors.SSL_REQUIRED);
throw new ErrorPageException(session, Messages.HTTPS_REQUIRED);
}
}
private void checkRealm() {
if (!realm.isEnabled()) {
event.error(Errors.REALM_DISABLED);
throw new ErrorPageException(session, Messages.REALM_NOT_ENABLED);
}
}
private void checkClient() {
if (clientId == null) {
event.error(Errors.INVALID_REQUEST);
throw new ErrorPageException(session, Messages.MISSING_PARAMETER, OIDCLoginProtocol.CLIENT_ID_PARAM );
}
event.client(clientId);
client = realm.getClientByClientId(clientId);
if (client == null) {
event.error(Errors.CLIENT_NOT_FOUND);
throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND );
}
if (client.isBearerOnly()) {
event.error(Errors.NOT_ALLOWED);
throw new ErrorPageException(session, Messages.BEARER_ONLY );
}
if (client.isDirectGrantsOnly()) {
event.error(Errors.NOT_ALLOWED);
throw new ErrorPageException(session, Messages.DIRECT_GRANTS_ONLY);
}
session.getContext().setClient(client);
}
private void checkResponseType() {
if (responseType == null) {
if (legacyResponseType != null) {
responseType = legacyResponseType;
} else {
event.error(Errors.INVALID_REQUEST);
throw new ErrorPageException(session, Messages.MISSING_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM );
}
}
event.detail(Details.RESPONSE_TYPE, responseType);
if (responseType.equals(OAuth2Constants.CODE)) {
if (action == null) {
action = Action.CODE;
}
} else {
event.error(Errors.INVALID_REQUEST);
throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM );
}
}
private void checkRedirectUri() {
event.detail(Details.REDIRECT_URI, redirectUriParam);
redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, redirectUriParam, realm, client);
if (redirectUri == null) {
event.error(Errors.INVALID_REDIRECT_URI);
throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.REDIRECT_URI_PARAM);
}
}
private void createClientSession() {
clientSession = session.sessions().createClientSession(realm, client);
clientSession.setAuthMethod(OIDCLoginProtocol.LOGIN_PROTOCOL);
clientSession.setRedirectUri(redirectUri);
clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE.name());
clientSession.setNote(ClientSessionCode.ACTION_KEY, KeycloakModelUtils.generateCodeSecret());
clientSession.setNote(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, responseType);
clientSession.setNote(OIDCLoginProtocol.REDIRECT_URI_PARAM, redirectUriParam);
clientSession.setNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
if (state != null) clientSession.setNote(OIDCLoginProtocol.STATE_PARAM, state);
if (scope != null) clientSession.setNote(OIDCLoginProtocol.SCOPE_PARAM, scope);
if (loginHint != null) clientSession.setNote(OIDCLoginProtocol.LOGIN_HINT_PARAM, loginHint);
if (prompt != null) clientSession.setNote(OIDCLoginProtocol.PROMPT_PARAM, prompt);
if (idpHint != null) clientSession.setNote(AdapterConstants.KC_IDP_HINT, idpHint);
}
private Response buildAuthorizationCodeAuthorizationResponse() {
String accessCode = new ClientSessionCode(realm, clientSession).getCode();
if (idpHint != null && !"".equals(idpHint)) {
IdentityProviderModel identityProviderModel = realm.getIdentityProviderByAlias(idpHint);
if (identityProviderModel == null) {
return session.getProvider(LoginFormsProvider.class)
.setError(Messages.IDENTITY_PROVIDER_NOT_FOUND, idpHint)
.createErrorPage();
}
return buildRedirectToIdentityProvider(idpHint, accessCode);
}
return browserAuthentication(accessCode);
}
protected Response browserAuthentication(String accessCode) {
List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
for (IdentityProviderModel identityProvider : identityProviders) {
if (identityProvider.isAuthenticateByDefault()) {
return buildRedirectToIdentityProvider(identityProvider.getAlias(), accessCode);
}
}
clientSession.setNote(Details.AUTH_TYPE, CODE_AUTH_TYPE);
AuthenticationFlowModel flow = realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW);
String flowId = flow.getId();
AuthenticationProcessor processor = new AuthenticationProcessor();
processor.setClientSession(clientSession)
.setFlowId(flowId)
.setConnection(clientConnection)
.setEventBuilder(event)
.setProtector(authManager.getProtector())
.setRealm(realm)
.setSession(session)
.setUriInfo(uriInfo)
.setRequest(request);
Response challenge = null;
try {
challenge = processor.authenticateOnly();
} catch (Exception e) {
return processor.handleBrowserException(e);
}
if (challenge != null && prompt != null && prompt.equals("none")) {
if (processor.isUserSessionCreated()) {
session.sessions().removeUserSession(realm, processor.getUserSession());
}
OIDCLoginProtocol oauth = new OIDCLoginProtocol(session, realm, uriInfo, headers, event);
return oauth.cancelLogin(clientSession);
}
if (challenge == null) {
return processor.finishAuthentication();
} else {
return challenge;
}
}
private Response buildRegister() {
authManager.expireIdentityCookie(realm, uriInfo, clientConnection);
return session.getProvider(LoginFormsProvider.class)
.setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode())
.createRegistration();
}
private Response buildRedirectToIdentityProvider(String providerId, String accessCode) {
logger.debug("Automatically redirect to identity provider: " + providerId);
return Response.temporaryRedirect(
Urls.identityProviderAuthnRequest(this.uriInfo.getBaseUri(), providerId, this.realm.getName(), accessCode))
.build();
}
package org.keycloak.protocol.oidc.endpoints;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.ClientConnection;
import org.keycloak.OAuth2Constants;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.constants.AdapterConstants;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.login.LoginFormsProvider;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.DefaultAuthenticationFlows;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.services.ErrorPageException;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.Urls;
import javax.ws.rs.GET;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.util.List;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class AuthorizationEndpoint {
private static final Logger logger = Logger.getLogger(AuthorizationEndpoint.class);
public static final String CODE_AUTH_TYPE = "code";
private enum Action {
REGISTER, CODE
}
@Context
private KeycloakSession session;
@Context
private HttpRequest request;
@Context
private HttpHeaders headers;
@Context
private UriInfo uriInfo;
@Context
private ClientConnection clientConnection;
private final AuthenticationManager authManager;
private final RealmModel realm;
private final EventBuilder event;
private ClientModel client;
private ClientSessionModel clientSession;
private Action action;
private String clientId;
private String redirectUri;
private String redirectUriParam;
private String responseType;
private String state;
private String scope;
private String loginHint;
private String prompt;
private String idpHint;
private String legacyResponseType;
public AuthorizationEndpoint(AuthenticationManager authManager, RealmModel realm, EventBuilder event) {
this.authManager = authManager;
this.realm = realm;
this.event = event;
event.event(EventType.LOGIN);
}
@GET
public Response build() {
MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
clientId = params.getFirst(OIDCLoginProtocol.CLIENT_ID_PARAM);
responseType = params.getFirst(OIDCLoginProtocol.RESPONSE_TYPE_PARAM);
redirectUriParam = params.getFirst(OIDCLoginProtocol.REDIRECT_URI_PARAM);
state = params.getFirst(OIDCLoginProtocol.STATE_PARAM);
scope = params.getFirst(OIDCLoginProtocol.SCOPE_PARAM);
loginHint = params.getFirst(OIDCLoginProtocol.LOGIN_HINT_PARAM);
prompt = params.getFirst(OIDCLoginProtocol.PROMPT_PARAM);
idpHint = params.getFirst(AdapterConstants.KC_IDP_HINT);
checkSsl();
checkRealm();
checkClient();
checkResponseType();
checkRedirectUri();
createClientSession();
switch (action) {
case REGISTER:
return buildRegister();
case CODE:
return buildAuthorizationCodeAuthorizationResponse();
}
throw new RuntimeException("Unknown action " + action);
}
/**
* @deprecated
*/
public AuthorizationEndpoint legacy(String legacyResponseType) {
logger.warnv("Invoking deprecated endpoint {0}", uriInfo.getRequestUri());
this.legacyResponseType = legacyResponseType;
return this;
}
public AuthorizationEndpoint register() {
event.event(EventType.REGISTER);
action = Action.REGISTER;
if (!realm.isRegistrationAllowed()) {
throw new ErrorPageException(session, Messages.REGISTRATION_NOT_ALLOWED);
}
return this;
}
private void checkSsl() {
if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
event.error(Errors.SSL_REQUIRED);
throw new ErrorPageException(session, Messages.HTTPS_REQUIRED);
}
}
private void checkRealm() {
if (!realm.isEnabled()) {
event.error(Errors.REALM_DISABLED);
throw new ErrorPageException(session, Messages.REALM_NOT_ENABLED);
}
}
private void checkClient() {
if (clientId == null) {
event.error(Errors.INVALID_REQUEST);
throw new ErrorPageException(session, Messages.MISSING_PARAMETER, OIDCLoginProtocol.CLIENT_ID_PARAM );
}
event.client(clientId);
client = realm.getClientByClientId(clientId);
if (client == null) {
event.error(Errors.CLIENT_NOT_FOUND);
throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND );
}
if (client.isBearerOnly()) {
event.error(Errors.NOT_ALLOWED);
throw new ErrorPageException(session, Messages.BEARER_ONLY );
}
if (client.isDirectGrantsOnly()) {
event.error(Errors.NOT_ALLOWED);
throw new ErrorPageException(session, Messages.DIRECT_GRANTS_ONLY);
}
session.getContext().setClient(client);
}
private void checkResponseType() {
if (responseType == null) {
if (legacyResponseType != null) {
responseType = legacyResponseType;
} else {
event.error(Errors.INVALID_REQUEST);
throw new ErrorPageException(session, Messages.MISSING_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM );
}
}
event.detail(Details.RESPONSE_TYPE, responseType);
if (responseType.equals(OAuth2Constants.CODE)) {
if (action == null) {
action = Action.CODE;
}
} else {
event.error(Errors.INVALID_REQUEST);
throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM );
}
}
private void checkRedirectUri() {
event.detail(Details.REDIRECT_URI, redirectUriParam);
redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, redirectUriParam, realm, client);
if (redirectUri == null) {
event.error(Errors.INVALID_REDIRECT_URI);
throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.REDIRECT_URI_PARAM);
}
}
private void createClientSession() {
clientSession = session.sessions().createClientSession(realm, client);
clientSession.setAuthMethod(OIDCLoginProtocol.LOGIN_PROTOCOL);
clientSession.setRedirectUri(redirectUri);
clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE.name());
clientSession.setNote(ClientSessionCode.ACTION_KEY, KeycloakModelUtils.generateCodeSecret());
clientSession.setNote(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, responseType);
clientSession.setNote(OIDCLoginProtocol.REDIRECT_URI_PARAM, redirectUriParam);
clientSession.setNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
if (state != null) clientSession.setNote(OIDCLoginProtocol.STATE_PARAM, state);
if (scope != null) clientSession.setNote(OIDCLoginProtocol.SCOPE_PARAM, scope);
if (loginHint != null) clientSession.setNote(OIDCLoginProtocol.LOGIN_HINT_PARAM, loginHint);
if (prompt != null) clientSession.setNote(OIDCLoginProtocol.PROMPT_PARAM, prompt);
if (idpHint != null) clientSession.setNote(AdapterConstants.KC_IDP_HINT, idpHint);
}
private Response buildAuthorizationCodeAuthorizationResponse() {
String accessCode = new ClientSessionCode(realm, clientSession).getCode();
if (idpHint != null && !"".equals(idpHint)) {
IdentityProviderModel identityProviderModel = realm.getIdentityProviderByAlias(idpHint);
if (identityProviderModel == null) {
return session.getProvider(LoginFormsProvider.class)
.setError(Messages.IDENTITY_PROVIDER_NOT_FOUND, idpHint)
.createErrorPage();
}
return buildRedirectToIdentityProvider(idpHint, accessCode);
}
return browserAuthentication(accessCode);
}
protected Response browserAuthentication(String accessCode) {
List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
for (IdentityProviderModel identityProvider : identityProviders) {
if (identityProvider.isAuthenticateByDefault()) {
return buildRedirectToIdentityProvider(identityProvider.getAlias(), accessCode);
}
}
clientSession.setNote(Details.AUTH_TYPE, CODE_AUTH_TYPE);
AuthenticationFlowModel flow = realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW);
String flowId = flow.getId();
AuthenticationProcessor processor = new AuthenticationProcessor();
processor.setClientSession(clientSession)
.setFlowId(flowId)
.setConnection(clientConnection)
.setEventBuilder(event)
.setProtector(authManager.getProtector())
.setRealm(realm)
.setSession(session)
.setUriInfo(uriInfo)
.setRequest(request);
Response challenge = null;
try {
challenge = processor.authenticateOnly();
} catch (Exception e) {
return processor.handleBrowserException(e);
}
if (challenge != null && prompt != null && prompt.equals("none")) {
if (processor.isUserSessionCreated()) {
session.sessions().removeUserSession(realm, processor.getUserSession());
}
OIDCLoginProtocol oauth = new OIDCLoginProtocol(session, realm, uriInfo, headers, event);
return oauth.cancelLogin(clientSession);
}
if (challenge == null) {
return processor.finishAuthentication();
} else {
return challenge;
}
}
private Response buildRegister() {
authManager.expireIdentityCookie(realm, uriInfo, clientConnection);
return session.getProvider(LoginFormsProvider.class)
.setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode())
.createRegistration();
}
private Response buildRedirectToIdentityProvider(String providerId, String accessCode) {
logger.debug("Automatically redirect to identity provider: " + providerId);
return Response.temporaryRedirect(
Urls.identityProviderAuthnRequest(this.uriInfo.getBaseUri(), providerId, this.realm.getName(), accessCode))
.build();
}
}

42
services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
View file

@ -358,37 +358,24 @@ public class LoginActionsService {
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response processRegister(@QueryParam("code") String code) {
MultivaluedMap<String, String> formData = request.getDecodedFormParameters();
event.event(EventType.REGISTER);
if (!checkSsl()) {
event.error(Errors.SSL_REQUIRED);
return ErrorPage.error(session, Messages.HTTPS_REQUIRED);
Checks checks = new Checks();
if (!checks.check(code, ClientSessionModel.Action.AUTHENTICATE.name())) {
return checks.response;
}
if (!realm.isEnabled()) {
event.error(Errors.REALM_DISABLED);
return ErrorPage.error(session, Messages.REALM_NOT_ENABLED);
}
if (!realm.isRegistrationAllowed()) {
if (!realm.isRegistrationAllowed()) {
event.error(Errors.REGISTRATION_DISABLED);
return ErrorPage.error(session, Messages.REGISTRATION_NOT_ALLOWED);
}
ClientSessionCode clientCode = ClientSessionCode.parse(code, session, realm);
if (clientCode == null) {
event.error(Errors.INVALID_CODE);
return ErrorPage.error(session, Messages.INVALID_CODE);
}
if (!clientCode.isValid(ClientSessionModel.Action.AUTHENTICATE.name())) {
event.error(Errors.INVALID_CODE);
return ErrorPage.error(session, Messages.INVALID_CODE);
}
MultivaluedMap<String, String> formData = request.getDecodedFormParameters();
String username = formData.getFirst(Validation.FIELD_USERNAME);
String email = formData.getFirst(Validation.FIELD_EMAIL);
if (realm.isRegistrationEmailAsUsername()) {
username = email;
formData.putSingle(AuthenticationManager.FORM_USERNAME, username);
}
ClientSessionCode clientCode = checks.clientCode;
ClientSessionModel clientSession = clientCode.getClientSession();
event.client(clientSession.getClient())
.detail(Details.REDIRECT_URI, clientSession.getRedirectUri())
@ -397,23 +384,6 @@ public class LoginActionsService {
.detail(Details.EMAIL, email)
.detail(Details.REGISTER_METHOD, "form");
if (!realm.isEnabled()) {
event.error(Errors.REALM_DISABLED);
return ErrorPage.error(session, Messages.REALM_NOT_ENABLED);
}
ClientModel client = clientSession.getClient();
if (client == null) {
event.error(Errors.CLIENT_NOT_FOUND);
return ErrorPage.error(session, Messages.UNKNOWN_LOGIN_REQUESTER);
}
if (!client.isEnabled()) {
event.error(Errors.CLIENT_DISABLED);
return ErrorPage.error(session, Messages.LOGIN_REQUESTER_NOT_ENABLED);
}
session.getContext().setClient(client);
List<String> requiredCredentialTypes = new LinkedList<>();
boolean passwordRequired = isPasswordRequired();
if (passwordRequired) {