bootstrap
This commit is contained in:
Bill Burke
parent
fc92ead9be
commit
13c75c02e1
27 changed files with 172 additions and 407 deletions
|
|
@ -1,13 +1,12 @@
|
|||
package org.keycloak.example.demo;
|
||||
|
||||
import org.jboss.resteasy.jwt.JsonSerialization;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.services.managers.ApplianceBootstrap;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
import org.keycloak.services.resources.SaasService;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.ws.rs.core.Context;
|
||||
|
|
@ -24,27 +23,13 @@ public class DemoApplication extends KeycloakApplication {
|
|||
super(servletContext);
|
||||
KeycloakSession session = factory.createSession();
|
||||
session.getTransaction().begin();
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
if (realmManager.defaultRealm() == null) {
|
||||
install(realmManager);
|
||||
}
|
||||
ApplianceBootstrap bootstrap = new ApplianceBootstrap();
|
||||
bootstrap.bootstrap(session);
|
||||
install(new RealmManager(session));
|
||||
session.getTransaction().commit();
|
||||
}
|
||||
|
||||
public void install(RealmManager manager) {
|
||||
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setName(RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setEnabled(true);
|
||||
defaultRealm.setTokenLifespan(300);
|
||||
defaultRealm.setAccessCodeLifespan(60);
|
||||
defaultRealm.setSslNotRequired(true);
|
||||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
||||
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
|
||||
|
||||
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
|
||||
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
||||
manager.importRealm(rep, realm);
|
||||
|
|
|
|||
|
|
@ -1,19 +1,19 @@
|
|||
package org.keycloak.example.demo;
|
||||
|
||||
import org.jboss.resteasy.jwt.JsonSerialization;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.services.managers.ApplianceBootstrap;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
import org.keycloak.services.resources.SaasService;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.ws.rs.core.Context;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
|
|
@ -24,27 +24,13 @@ public class DemoApplication extends KeycloakApplication {
|
|||
super(servletContext);
|
||||
KeycloakSession session = factory.createSession();
|
||||
session.getTransaction().begin();
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
if (realmManager.defaultRealm() == null) {
|
||||
install(realmManager);
|
||||
}
|
||||
ApplianceBootstrap bootstrap = new ApplianceBootstrap();
|
||||
bootstrap.bootstrap(session);
|
||||
install(new RealmManager(session));
|
||||
session.getTransaction().commit();
|
||||
}
|
||||
|
||||
public void install(RealmManager manager) {
|
||||
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setName(RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setEnabled(true);
|
||||
defaultRealm.setTokenLifespan(300);
|
||||
defaultRealm.setAccessCodeLifespan(60);
|
||||
defaultRealm.setSslNotRequired(true);
|
||||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
||||
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
|
||||
|
||||
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
|
||||
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
||||
manager.importRealm(rep, realm);
|
||||
|
|
|
|||
|
|
@ -35,5 +35,6 @@
|
|||
</build>
|
||||
<modules>
|
||||
<module>as7-eap-demo</module>
|
||||
<module>as7-eap-dev</module>
|
||||
</modules>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@
|
|||
*/
|
||||
package org.keycloak.forms;
|
||||
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
||||
/**
|
||||
|
|
@ -35,7 +36,7 @@ public class RealmBean {
|
|||
|
||||
public RealmBean(RealmModel realmModel) {
|
||||
realm = realmModel;
|
||||
saas = RealmModel.DEFAULT_REALM.equals(realmModel.getName());
|
||||
saas = Constants.ADMIN_REALM.equals(realmModel.getId());
|
||||
}
|
||||
|
||||
public String getId() {
|
||||
|
|
|
|||
14
model/api/src/main/java/org/keycloak/models/Constants.java
Executable file
14
model/api/src/main/java/org/keycloak/models/Constants.java
Executable file
|
|
@ -0,0 +1,14 @@
|
|||
package org.keycloak.models;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface Constants {
|
||||
String ADMIN_REALM = "Keycloak Adminstration";
|
||||
String ADMIN_CONSOLE_APPLICATION = "Admin Console";
|
||||
String ADMIN_CONSOLE_ADMIN_ROLE = "admin";
|
||||
String APPLICATION_ROLE = "KEYCLOAK_APPLICATION";
|
||||
String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER";
|
||||
String WILDCARD_ROLE = "*";
|
||||
}
|
||||
|
|
@ -11,7 +11,6 @@ import java.util.Set;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMapperModel {
|
||||
String DEFAULT_REALM = "default";
|
||||
|
||||
String getId();
|
||||
|
||||
|
|
@ -97,11 +96,6 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
|
|||
|
||||
ApplicationModel addApplication(String name);
|
||||
|
||||
boolean isRealmAdmin(UserModel agent);
|
||||
|
||||
void addRealmAdmin(UserModel agent);
|
||||
|
||||
|
||||
List<RequiredCredentialModel> getRequiredApplicationCredentials();
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -71,6 +71,7 @@ public class ApplicationAdapter implements ApplicationModel {
|
|||
@Override
|
||||
public void setName(String name) {
|
||||
applicationData.setResourceName(name);
|
||||
updateApplication();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -81,6 +82,7 @@ public class ApplicationAdapter implements ApplicationModel {
|
|||
@Override
|
||||
public void setEnabled(boolean enabled) {
|
||||
applicationData.setEnabled(enabled);
|
||||
updateApplication();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -91,6 +93,7 @@ public class ApplicationAdapter implements ApplicationModel {
|
|||
@Override
|
||||
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
|
||||
applicationData.setSurrogateAuthRequired(surrogateAuthRequired);
|
||||
updateApplication();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -101,6 +104,7 @@ public class ApplicationAdapter implements ApplicationModel {
|
|||
@Override
|
||||
public void setManagementUrl(String url) {
|
||||
applicationData.setManagementUrl(url);
|
||||
updateApplication();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -111,6 +115,7 @@ public class ApplicationAdapter implements ApplicationModel {
|
|||
@Override
|
||||
public void setBaseUrl(String url) {
|
||||
applicationData.setBaseUrl(url);
|
||||
updateApplication();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import org.keycloak.models.RealmModel;
|
|||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.picketlink.mappings.RealmData;
|
||||
import org.keycloak.models.picketlink.relationships.RealmAdminRelationship;
|
||||
import org.keycloak.models.picketlink.relationships.RealmListingRelationship;
|
||||
import org.keycloak.models.utils.KeycloakSessionUtils;
|
||||
import org.picketlink.idm.PartitionManager;
|
||||
import org.picketlink.idm.RelationshipManager;
|
||||
|
|
@ -56,18 +57,24 @@ public class PicketlinkKeycloakSession implements KeycloakSession {
|
|||
newRealm.setId(id);
|
||||
newRealm.setRealmName(name);
|
||||
partitionManager.add(newRealm);
|
||||
RealmListingRelationship rel = new RealmListingRelationship();
|
||||
// picketlink beta 6 uses Realm name for lookup! Don't forget!
|
||||
rel.setRealm(newRealm.getName());
|
||||
partitionManager.createRelationshipManager().add(rel);
|
||||
|
||||
RealmAdapter realm = new RealmAdapter(this, newRealm, partitionManager);
|
||||
return realm;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RealmModel> getRealms(UserModel admin) {
|
||||
// todo ability to assign realm management to a specific admin
|
||||
// currently each admin is allowed to access all realms so just do a big query
|
||||
RelationshipManager relationshipManager = partitionManager.createRelationshipManager();
|
||||
RelationshipQuery<RealmAdminRelationship> query = relationshipManager.createRelationshipQuery(RealmAdminRelationship.class);
|
||||
query.setParameter(RealmAdminRelationship.ADMIN, ((UserAdapter)admin).getUser());
|
||||
List<RealmAdminRelationship> results = query.getResultList();
|
||||
RelationshipQuery<RealmListingRelationship> query = relationshipManager.createRelationshipQuery(RealmListingRelationship.class);
|
||||
List<RealmListingRelationship> results = query.getResultList();
|
||||
List<RealmModel> realmModels = new ArrayList<RealmModel>();
|
||||
for (RealmAdminRelationship relationship : results) {
|
||||
for (RealmListingRelationship relationship : results) {
|
||||
String realmName = relationship.getRealm();
|
||||
RealmModel model = getRealm(realmName);
|
||||
if (model == null) {
|
||||
|
|
@ -81,6 +88,7 @@ public class PicketlinkKeycloakSession implements KeycloakSession {
|
|||
|
||||
@Override
|
||||
public RealmAdapter getRealm(String id) {
|
||||
// picketlink beta 6 uses Realm name for lookup! Don't forget!
|
||||
RealmData existing = partitionManager.getPartition(RealmData.class, id);
|
||||
if (existing == null) {
|
||||
return null;
|
||||
|
|
|
|||
|
|
@ -753,23 +753,6 @@ public class RealmAdapter implements RealmModel {
|
|||
return set;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isRealmAdmin(UserModel agent) {
|
||||
RelationshipQuery<RealmAdminRelationship> query = getRelationshipManager().createRelationshipQuery(RealmAdminRelationship.class);
|
||||
query.setParameter(RealmAdminRelationship.REALM, realm.getName());
|
||||
query.setParameter(RealmAdminRelationship.ADMIN, ((UserAdapter)agent).getUser());
|
||||
List<RealmAdminRelationship> results = query.getResultList();
|
||||
return results.size() > 0;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addRealmAdmin(UserModel agent) {
|
||||
RealmAdminRelationship relationship = new RealmAdminRelationship();
|
||||
relationship.setAdmin(((UserAdapter)agent).getUser());
|
||||
relationship.setRealm(realm.getName());
|
||||
getRelationshipManager().add(relationship);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RoleModel> getDefaultRoles() {
|
||||
List<RoleModel> defaultRoleModels = new ArrayList<RoleModel>();
|
||||
|
|
|
|||
|
|
@ -0,0 +1,28 @@
|
|||
package org.keycloak.models.picketlink.relationships;
|
||||
|
||||
import org.picketlink.idm.model.AbstractAttributedType;
|
||||
import org.picketlink.idm.model.Attribute;
|
||||
import org.picketlink.idm.model.Relationship;
|
||||
import org.picketlink.idm.model.sample.User;
|
||||
import org.picketlink.idm.query.AttributeParameter;
|
||||
import org.picketlink.idm.query.RelationshipQueryParameter;
|
||||
|
||||
/**
|
||||
* Picketlink doesn't allow you to query for all partitions, thus this stupid relationship...
|
||||
*
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RealmListingRelationship extends AbstractAttributedType implements Relationship {
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
public static final AttributeParameter REALM = new AttributeParameter("realm");
|
||||
|
||||
public String getRealm() {
|
||||
return (String)getAttribute("realm").getValue();
|
||||
}
|
||||
|
||||
public void setRealm(String realm) {
|
||||
setAttribute(new Attribute<String>("realm", realm));
|
||||
}
|
||||
}
|
||||
|
|
@ -2,7 +2,6 @@ package org.keycloak.services.managers;
|
|||
|
||||
import org.keycloak.models.*;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.services.resources.SaasService;
|
||||
|
||||
import java.util.UUID;
|
||||
|
||||
|
|
@ -13,17 +12,14 @@ import java.util.UUID;
|
|||
public class ApplianceBootstrap {
|
||||
|
||||
|
||||
public static final String ADMIN_REALM = "Keycloak Adminstration";
|
||||
public static final String ADMIN_CONSOLE = "Admin Console";
|
||||
|
||||
public void initKeycloakAdminRealm(RealmModel realm) {
|
||||
|
||||
}
|
||||
|
||||
public void bootstrap(KeycloakSession session) {
|
||||
RealmManager manager = new RealmManager(session);
|
||||
RealmModel realm = manager.createRealm(ADMIN_REALM, "Keycloak Adminstration");
|
||||
realm.setName("Keycloak Adminstration");
|
||||
RealmModel realm = manager.createRealm(Constants.ADMIN_REALM, Constants.ADMIN_REALM);
|
||||
realm.setName(Constants.ADMIN_REALM);
|
||||
realm.setEnabled(true);
|
||||
realm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||
realm.addRequiredOAuthClientCredential(CredentialRepresentation.PASSWORD);
|
||||
|
|
@ -36,16 +32,16 @@ public class ApplianceBootstrap {
|
|||
manager.generateRealmKeys(realm);
|
||||
initKeycloakAdminRealm(realm);
|
||||
|
||||
ApplicationModel adminConsole = realm.addApplication(ADMIN_CONSOLE);
|
||||
ApplicationModel adminConsole = realm.addApplication(Constants.ADMIN_CONSOLE_APPLICATION);
|
||||
adminConsole.setEnabled(true);
|
||||
UserCredentialModel adminConsolePassword = new UserCredentialModel();
|
||||
adminConsolePassword.setType(UserCredentialModel.PASSWORD);
|
||||
adminConsolePassword.setValue(UUID.randomUUID().toString()); // just a random password as we'll never access it
|
||||
realm.updateCredential(adminConsole.getApplicationUser(), adminConsolePassword);
|
||||
|
||||
RoleModel applicationRole = realm.getRole(RealmManager.APPLICATION_ROLE);
|
||||
RoleModel applicationRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||
realm.grantRole(adminConsole.getApplicationUser(), applicationRole);
|
||||
RoleModel adminRole = adminConsole.addRole("admin");
|
||||
RoleModel adminRole = adminConsole.addRole(Constants.ADMIN_CONSOLE_ADMIN_ROLE);
|
||||
|
||||
UserModel adminUser = realm.addUser("admin");
|
||||
adminUser.setEnabled(true);
|
||||
|
|
@ -53,7 +49,7 @@ public class ApplianceBootstrap {
|
|||
password.setType(UserCredentialModel.PASSWORD);
|
||||
password.setValue("admin");
|
||||
realm.updateCredential(adminUser, password);
|
||||
adminUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||
//adminUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||
|
||||
adminConsole.grantRole(adminUser, adminRole);
|
||||
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ public class ApplicationManager {
|
|||
}
|
||||
|
||||
public ApplicationModel createApplication(RealmModel realm, ApplicationRepresentation resourceRep) {
|
||||
RoleModel loginRole = realm.getRole(RealmManager.APPLICATION_ROLE);
|
||||
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||
return createApplication(realm, loginRole, resourceRep);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import org.jboss.resteasy.spi.HttpResponse;
|
|||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.RSATokenVerifier;
|
||||
import org.keycloak.VerificationException;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.representations.SkeletonKeyToken;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
|
@ -33,18 +34,6 @@ public class AuthenticationManager {
|
|||
public static final String FORM_USERNAME = "username";
|
||||
public static final String KEYCLOAK_IDENTITY_COOKIE = "KEYCLOAK_IDENTITY";
|
||||
|
||||
/**
|
||||
* Grabs token from headers, authenticates, authorizes
|
||||
*
|
||||
* @param realm
|
||||
* @param headers
|
||||
* @return
|
||||
*/
|
||||
public boolean isRealmAdmin(RealmModel realm, HttpHeaders headers) {
|
||||
UserModel user = authenticateBearerToken(realm, headers);
|
||||
return realm.isRealmAdmin(user);
|
||||
}
|
||||
|
||||
public SkeletonKeyToken createIdentityToken(RealmModel realm, String username) {
|
||||
SkeletonKeyToken token = new SkeletonKeyToken();
|
||||
token.id(RealmManager.generateId());
|
||||
|
|
@ -211,9 +200,9 @@ public class AuthenticationManager {
|
|||
Set<String> types = new HashSet<String>();
|
||||
|
||||
List<RequiredCredentialModel> requiredCredentials = null;
|
||||
if (realm.hasRole(user, RealmManager.APPLICATION_ROLE)) {
|
||||
if (realm.hasRole(user, Constants.APPLICATION_ROLE)) {
|
||||
requiredCredentials = realm.getRequiredApplicationCredentials();
|
||||
} else if (realm.hasRole(user, RealmManager.IDENTITY_REQUESTER_ROLE)) {
|
||||
} else if (realm.hasRole(user, Constants.IDENTITY_REQUESTER_ROLE)) {
|
||||
requiredCredentials = realm.getRequiredOAuthClientCredentials();
|
||||
} else {
|
||||
requiredCredentials = realm.getRequiredCredentials();
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
package org.keycloak.services.managers;
|
||||
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.OAuthClientModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
|
|
@ -18,7 +19,7 @@ public class OAuthClientManager {
|
|||
|
||||
public OAuthClientModel create(String name) {
|
||||
OAuthClientModel model = realm.addOAuthClient(name);
|
||||
RoleModel role = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
|
||||
RoleModel role = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
|
||||
realm.grantRole(model.getOAuthAgent(), role);
|
||||
return model;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,9 +20,6 @@ import java.util.concurrent.atomic.AtomicLong;
|
|||
public class RealmManager {
|
||||
protected static final Logger logger = Logger.getLogger(RealmManager.class);
|
||||
private static AtomicLong counter = new AtomicLong(1);
|
||||
public static final String APPLICATION_ROLE = "KEYCLOAK_APPLICATION";
|
||||
public static final String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER";
|
||||
public static final String WILDCARD_ROLE = "*";
|
||||
|
||||
public static String generateId() {
|
||||
return counter.getAndIncrement() + "-" + System.currentTimeMillis();
|
||||
|
|
@ -34,8 +31,8 @@ public class RealmManager {
|
|||
this.identitySession = identitySession;
|
||||
}
|
||||
|
||||
public RealmModel defaultRealm() {
|
||||
return getRealm(RealmModel.DEFAULT_REALM);
|
||||
public RealmModel getKeycloakAdminstrationRealm() {
|
||||
return getRealm(Constants.ADMIN_REALM);
|
||||
}
|
||||
|
||||
public RealmModel getRealm(String id) {
|
||||
|
|
@ -49,9 +46,9 @@ public class RealmManager {
|
|||
public RealmModel createRealm(String id, String name) {
|
||||
RealmModel realm = identitySession.createRealm(id, name);
|
||||
realm.setName(name);
|
||||
realm.addRole(WILDCARD_ROLE);
|
||||
realm.addRole(APPLICATION_ROLE);
|
||||
realm.addRole(IDENTITY_REQUESTER_ROLE);
|
||||
realm.addRole(Constants.WILDCARD_ROLE);
|
||||
realm.addRole(Constants.APPLICATION_ROLE);
|
||||
realm.addRole(Constants.IDENTITY_REQUESTER_ROLE);
|
||||
return realm;
|
||||
}
|
||||
|
||||
|
|
@ -99,7 +96,6 @@ public class RealmManager {
|
|||
//verifyRealmRepresentation(rep);
|
||||
RealmModel realm = createRealm(rep.getRealm());
|
||||
importRealm(rep, realm);
|
||||
realm.addRealmAdmin(realmCreator);
|
||||
return realm;
|
||||
}
|
||||
|
||||
|
|
@ -329,7 +325,7 @@ public class RealmManager {
|
|||
|
||||
|
||||
protected void createApplications(RealmRepresentation rep, RealmModel realm) {
|
||||
RoleModel loginRole = realm.getRole(RealmManager.APPLICATION_ROLE);
|
||||
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||
ApplicationManager manager = new ApplicationManager(this);
|
||||
for (ApplicationRepresentation resourceRep : rep.getApplications()) {
|
||||
manager.createApplication(realm, loginRole, resourceRep);
|
||||
|
|
|
|||
|
|
@ -3,12 +3,9 @@ package org.keycloak.services.managers;
|
|||
import org.jboss.resteasy.jose.Base64Url;
|
||||
import org.jboss.resteasy.jose.jws.JWSBuilder;
|
||||
import org.jboss.resteasy.jwt.JsonSerialization;
|
||||
import org.keycloak.models.*;
|
||||
import org.keycloak.representations.SkeletonKeyScope;
|
||||
import org.keycloak.representations.SkeletonKeyToken;
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
||||
import javax.ws.rs.core.MultivaluedMap;
|
||||
import java.io.IOException;
|
||||
|
|
@ -55,7 +52,7 @@ public class TokenManager {
|
|||
Set<String> scopeRequest = null;
|
||||
if (scopeMap != null) {
|
||||
scopeRequest.addAll(scopeMap.get("realm"));
|
||||
if (scopeRequest.contains(RealmManager.WILDCARD_ROLE)) scopeRequest = null;
|
||||
if (scopeRequest.contains(Constants.WILDCARD_ROLE)) scopeRequest = null;
|
||||
}
|
||||
for (String role : realmMapping) {
|
||||
if (
|
||||
|
|
@ -74,7 +71,7 @@ public class TokenManager {
|
|||
Set<String> scopeRequest = null;
|
||||
if (scopeMap != null) {
|
||||
scopeRequest.addAll(scopeMap.get(resource.getName()));
|
||||
if (scopeRequest.contains(RealmManager.WILDCARD_ROLE)) scopeRequest = null;
|
||||
if (scopeRequest.contains(Constants.WILDCARD_ROLE)) scopeRequest = null;
|
||||
}
|
||||
for (String role : mapping) {
|
||||
if (
|
||||
|
|
|
|||
|
|
@ -6,24 +6,17 @@ import org.jboss.resteasy.spi.HttpRequest;
|
|||
import org.jboss.resteasy.spi.HttpResponse;
|
||||
import org.jboss.resteasy.spi.NotImplementedYetException;
|
||||
import org.keycloak.models.*;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.messages.Messages;
|
||||
import org.keycloak.services.resources.admin.RealmsAdminResource;
|
||||
import org.keycloak.services.resources.flows.Flows;
|
||||
import org.keycloak.services.validation.Validation;
|
||||
|
||||
import javax.ws.rs.*;
|
||||
import javax.ws.rs.container.ResourceContext;
|
||||
import javax.ws.rs.core.*;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
|
|
@ -87,7 +80,7 @@ public class SaasService {
|
|||
public Response keepalive(final @Context HttpHeaders headers) {
|
||||
logger.debug("keepalive");
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
RealmModel realm = realmManager.defaultRealm();
|
||||
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||
if (realm == null)
|
||||
throw new NotFoundException();
|
||||
UserModel user = authManager.authenticateSaasIdentityCookie(realm, uriInfo, headers);
|
||||
|
|
@ -104,14 +97,15 @@ public class SaasService {
|
|||
@NoCache
|
||||
public Response whoAmI(final @Context HttpHeaders headers) {
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
RealmModel realm = realmManager.defaultRealm();
|
||||
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||
if (realm == null)
|
||||
throw new NotFoundException();
|
||||
UserModel user = authManager.authenticateSaasIdentityCookie(realm, uriInfo, headers);
|
||||
if (user == null) {
|
||||
return Response.status(401).build();
|
||||
}
|
||||
return Response.ok(new WhoAmI(user.getLoginName(), user.getFirstName() + " " + user.getLastName())).build();
|
||||
// keycloak is bootstrapped with an admin user with no first/last name, so use login name as display name
|
||||
return Response.ok(new WhoAmI(user.getLoginName(), user.getLoginName())).build();
|
||||
}
|
||||
|
||||
@Path("isLoggedIn.js")
|
||||
|
|
@ -121,7 +115,7 @@ public class SaasService {
|
|||
public String isLoggedIn(final @Context HttpHeaders headers) {
|
||||
logger.debug("WHOAMI Javascript start.");
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
RealmModel realm = realmManager.defaultRealm();
|
||||
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||
if (realm == null) {
|
||||
return "var keycloakCookieLoggedIn = false;";
|
||||
|
||||
|
|
@ -145,16 +139,20 @@ public class SaasService {
|
|||
@Path("admin/realms")
|
||||
public RealmsAdminResource getRealmsAdmin(@Context final HttpHeaders headers) {
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
RealmModel saasRealm = realmManager.defaultRealm();
|
||||
RealmModel saasRealm = getAdminstrationRealm(realmManager);
|
||||
if (saasRealm == null)
|
||||
throw new NotFoundException();
|
||||
UserModel admin = authManager.authenticateSaasIdentity(saasRealm, uriInfo, headers);
|
||||
if (admin == null) {
|
||||
throw new NotAuthorizedException("Bearer");
|
||||
}
|
||||
RoleModel creatorRole = saasRealm.getRole(SaasService.REALM_CREATOR_ROLE);
|
||||
if (!saasRealm.hasRole(admin, creatorRole)) {
|
||||
logger.warn("not a Realm creator");
|
||||
ApplicationModel adminConsole = saasRealm.getApplicationNameMap().get(Constants.ADMIN_CONSOLE_APPLICATION);
|
||||
if (adminConsole == null) {
|
||||
throw new NotFoundException();
|
||||
}
|
||||
RoleModel adminRole = adminConsole.getRole(Constants.ADMIN_CONSOLE_ADMIN_ROLE);
|
||||
if (!adminConsole.hasRole(admin, adminRole)) {
|
||||
logger.warn("not a Realm admin");
|
||||
throw new NotAuthorizedException("Bearer");
|
||||
}
|
||||
RealmsAdminResource adminResource = new RealmsAdminResource(admin);
|
||||
|
|
@ -167,29 +165,18 @@ public class SaasService {
|
|||
@NoCache
|
||||
public Response loginPage() {
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
RealmModel realm = realmManager.defaultRealm();
|
||||
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||
authManager.expireSaasIdentityCookie(uriInfo);
|
||||
|
||||
return Flows.forms(realm, request, uriInfo).forwardToLogin();
|
||||
}
|
||||
|
||||
@Path("registrations")
|
||||
@GET
|
||||
@NoCache
|
||||
public Response registerPage() {
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
RealmModel realm = realmManager.defaultRealm();
|
||||
authManager.expireSaasIdentityCookie(uriInfo);
|
||||
|
||||
return Flows.forms(realm, request, uriInfo).forwardToRegistration();
|
||||
}
|
||||
|
||||
@Path("logout")
|
||||
@GET
|
||||
@NoCache
|
||||
public Response logout() {
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
RealmModel realm = realmManager.defaultRealm();
|
||||
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||
authManager.expireSaasIdentityCookie(uriInfo);
|
||||
|
||||
return Flows.forms(realm, request, uriInfo).forwardToLogin();
|
||||
|
|
@ -209,7 +196,7 @@ public class SaasService {
|
|||
public Response processLogin(final MultivaluedMap<String, String> formData) {
|
||||
logger.info("processLogin start");
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
RealmModel realm = realmManager.defaultRealm();
|
||||
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||
if (realm == null)
|
||||
throw new NotFoundException();
|
||||
|
||||
|
|
@ -236,91 +223,7 @@ public class SaasService {
|
|||
}
|
||||
}
|
||||
|
||||
@Path("registrations")
|
||||
@POST
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
public Response register(final UserRepresentation newUser) {
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
RealmModel defaultRealm = realmManager.defaultRealm();
|
||||
UserModel user = registerMe(defaultRealm, newUser);
|
||||
if (user == null) {
|
||||
return Response.status(400).type("text/plain").entity("Already exists").build();
|
||||
}
|
||||
URI uri = uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(user.getLoginName()).build();
|
||||
return Response.created(uri).build();
|
||||
protected RealmModel getAdminstrationRealm(RealmManager realmManager) {
|
||||
return realmManager.getKeycloakAdminstrationRealm();
|
||||
}
|
||||
|
||||
@Path("registrations")
|
||||
@POST
|
||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||
public Response processRegister(final MultivaluedMap<String, String> formData) {
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
RealmModel defaultRealm = realmManager.defaultRealm();
|
||||
|
||||
List<String> requiredCredentialTypes = new LinkedList<String>();
|
||||
for (RequiredCredentialModel m : defaultRealm.getRequiredCredentials()) {
|
||||
requiredCredentialTypes.add(m.getType());
|
||||
}
|
||||
|
||||
String error = Validation.validateRegistrationForm(formData, requiredCredentialTypes);
|
||||
if (error != null) {
|
||||
return Flows.forms(defaultRealm, request, uriInfo).setError(error).setFormData(formData)
|
||||
.forwardToRegistration();
|
||||
}
|
||||
|
||||
UserRepresentation newUser = new UserRepresentation();
|
||||
newUser.setUsername(formData.getFirst("username"));
|
||||
newUser.setEmail(formData.getFirst("email"));
|
||||
|
||||
newUser.setFirstName(formData.getFirst("firstName"));
|
||||
newUser.setLastName(formData.getFirst("lastName"));
|
||||
|
||||
if (requiredCredentialTypes.contains(CredentialRepresentation.PASSWORD)) {
|
||||
newUser.credential(CredentialRepresentation.PASSWORD, formData.getFirst("password"));
|
||||
}
|
||||
|
||||
if (requiredCredentialTypes.contains(CredentialRepresentation.TOTP)) {
|
||||
newUser.credential(CredentialRepresentation.TOTP, formData.getFirst("password"));
|
||||
}
|
||||
|
||||
UserModel user = registerMe(defaultRealm, newUser);
|
||||
if (user == null) {
|
||||
return Flows.forms(defaultRealm, request, uriInfo).setError(Messages.USERNAME_EXISTS)
|
||||
.setFormData(formData).forwardToRegistration();
|
||||
|
||||
}
|
||||
NewCookie cookie = authManager.createSaasIdentityCookie(defaultRealm, user, uriInfo);
|
||||
return Response.status(302).location(contextRoot(uriInfo).path(adminPath).build()).cookie(cookie).build();
|
||||
}
|
||||
|
||||
protected UserModel registerMe(RealmModel defaultRealm, UserRepresentation newUser) {
|
||||
if (!defaultRealm.isEnabled()) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
if (!defaultRealm.isRegistrationAllowed()) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
UserModel user = defaultRealm.getUser(newUser.getUsername());
|
||||
if (user != null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
user = defaultRealm.addUser(newUser.getUsername());
|
||||
user.setFirstName(newUser.getFirstName());
|
||||
user.setLastName(newUser.getLastName());
|
||||
user.setEmail(newUser.getEmail());
|
||||
for (CredentialRepresentation cred : newUser.getCredentials()) {
|
||||
UserCredentialModel credModel = new UserCredentialModel();
|
||||
credModel.setType(cred.getType());
|
||||
credModel.setValue(cred.getValue());
|
||||
defaultRealm.updateCredential(user, credModel);
|
||||
}
|
||||
|
||||
for (RoleModel role : defaultRealm.getDefaultRoles()) {
|
||||
defaultRealm.grantRole(user, role);
|
||||
}
|
||||
|
||||
return user;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ import org.keycloak.representations.idm.CredentialRepresentation;
|
|||
import org.keycloak.services.managers.AccessCodeEntry;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.managers.ResourceAdminManager;
|
||||
import org.keycloak.services.managers.TokenManager;
|
||||
import org.keycloak.services.messages.Messages;
|
||||
|
|
@ -176,6 +175,7 @@ public class TokenService {
|
|||
public Response processLogin(@QueryParam("client_id") final String clientId, @QueryParam("scope") final String scopeParam,
|
||||
@QueryParam("state") final String state, @QueryParam("redirect_uri") final String redirect,
|
||||
final MultivaluedMap<String, String> formData) {
|
||||
logger.info("TokenService.processLogin");
|
||||
OAuthFlows oauth = Flows.oauth(realm, request, uriInfo, authManager, tokenManager);
|
||||
|
||||
if (!realm.isEnabled()) {
|
||||
|
|
@ -451,8 +451,8 @@ public class TokenService {
|
|||
return null;
|
||||
}
|
||||
|
||||
RoleModel resourceRole = realm.getRole(RealmManager.APPLICATION_ROLE);
|
||||
RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
|
||||
RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||
RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
|
||||
boolean isResource = realm.hasRole(client, resourceRole);
|
||||
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
|
||||
oauth.forwardToSecurityFailure("Login requester not allowed to request login.");
|
||||
|
|
|
|||
|
|
@ -78,9 +78,6 @@ public class RealmsAdminResource {
|
|||
RealmManager realmManager = new RealmManager(session);
|
||||
RealmModel realm = realmManager.getRealm(id);
|
||||
if (realm == null) throw new NotFoundException();
|
||||
if (!realm.isRealmAdmin(admin)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
RealmAdminResource adminResource = new RealmAdminResource(admin, realm);
|
||||
resourceContext.initResource(adminResource);
|
||||
|
|
|
|||
|
|
@ -26,9 +26,9 @@ import java.util.Set;
|
|||
|
||||
import org.jboss.resteasy.logging.Logger;
|
||||
import org.jboss.resteasy.spi.HttpRequest;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.services.managers.AccessCodeEntry;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.managers.TokenManager;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
|
|
@ -81,8 +81,8 @@ public class OAuthFlows {
|
|||
}
|
||||
|
||||
public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) {
|
||||
RoleModel resourceRole = realm.getRole(RealmManager.APPLICATION_ROLE);
|
||||
RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
|
||||
RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||
RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
|
||||
boolean isResource = realm.hasRole(client, resourceRole);
|
||||
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
|
||||
return forwardToSecurityFailure("Login requester not allowed to request login.");
|
||||
|
|
|
|||
|
|
@ -1,17 +1,15 @@
|
|||
package org.keycloak.test;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.FixMethodOrder;
|
||||
import org.junit.Test;
|
||||
import org.junit.runners.MethodSorters;
|
||||
import org.keycloak.models.*;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.services.managers.ApplianceBootstrap;
|
||||
import org.keycloak.services.managers.OAuthClientManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.models.UserModel.RequiredAction;
|
||||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
import org.keycloak.test.common.AbstractKeycloakTest;
|
||||
import org.keycloak.test.common.SessionFactoryTestContext;
|
||||
|
||||
|
|
@ -35,7 +33,7 @@ public class AdapterTest extends AbstractKeycloakTest {
|
|||
|
||||
@Test
|
||||
public void installTest() throws Exception {
|
||||
new InstallationManager().install(getRealmManager());
|
||||
new ApplianceBootstrap().bootstrap(identitySession);
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -78,6 +76,48 @@ public class AdapterTest extends AbstractKeycloakTest {
|
|||
Assert.assertEquals("foo", realmModel.getDefaultRoles().get(0).getName());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRealmListing() throws Exception {
|
||||
realmModel = getRealmManager().createRealm("JUGGLER");
|
||||
realmModel.setAccessCodeLifespan(100);
|
||||
realmModel.setAccessCodeLifespanUserAction(600);
|
||||
realmModel.setCookieLoginAllowed(true);
|
||||
realmModel.setEnabled(true);
|
||||
realmModel.setName("JUGGLER");
|
||||
realmModel.setPrivateKeyPem("0234234");
|
||||
realmModel.setPublicKeyPem("0234234");
|
||||
realmModel.setTokenLifespan(1000);
|
||||
realmModel.setAutomaticRegistrationAfterSocialLogin(true);
|
||||
realmModel.addDefaultRole("foo");
|
||||
|
||||
System.out.println(realmModel.getId());
|
||||
realmModel = getRealmManager().getRealm(realmModel.getId());
|
||||
Assert.assertNotNull(realmModel);
|
||||
Assert.assertEquals(realmModel.getAccessCodeLifespan(), 100);
|
||||
Assert.assertEquals(600, realmModel.getAccessCodeLifespanUserAction());
|
||||
Assert.assertEquals(realmModel.getTokenLifespan(), 1000);
|
||||
Assert.assertEquals(realmModel.isEnabled(), true);
|
||||
Assert.assertEquals(realmModel.getName(), "JUGGLER");
|
||||
Assert.assertEquals(realmModel.getPrivateKeyPem(), "0234234");
|
||||
Assert.assertEquals(realmModel.getPublicKeyPem(), "0234234");
|
||||
Assert.assertEquals(realmModel.isAutomaticRegistrationAfterSocialLogin(), true);
|
||||
Assert.assertEquals(1, realmModel.getDefaultRoles().size());
|
||||
Assert.assertEquals("foo", realmModel.getDefaultRoles().get(0).getName());
|
||||
|
||||
String id = realmModel.getId();
|
||||
System.out.println("id: " + id);
|
||||
|
||||
identitySession.getTransaction().commit();
|
||||
identitySession.close();
|
||||
identitySession = factory.createSession();
|
||||
identitySession.getTransaction().begin();
|
||||
realmManager = new RealmManager(identitySession);
|
||||
List<RealmModel> realms = identitySession.getRealms(null);
|
||||
System.out.println("num realms: " + realms.size());
|
||||
Assert.assertEquals(realms.size(), 1);
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void test2RequiredCredential() throws Exception {
|
||||
test1CreateRealm();
|
||||
|
|
@ -126,7 +166,7 @@ public class AdapterTest extends AbstractKeycloakTest {
|
|||
oauth.setBaseUrl("/foo/bar");
|
||||
oauth = realmModel.getOAuthClient("oauth-client");
|
||||
Assert.assertEquals("/foo/bar", oauth.getBaseUrl());
|
||||
Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), RealmManager.IDENTITY_REQUESTER_ROLE));
|
||||
Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), Constants.IDENTITY_REQUESTER_ROLE));
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,26 +39,9 @@ public class ImportTest extends AbstractKeycloakTest {
|
|||
@Test
|
||||
public void install() throws Exception {
|
||||
RealmManager manager = getRealmManager();
|
||||
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setName(RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setEnabled(true);
|
||||
defaultRealm.setTokenLifespan(300);
|
||||
defaultRealm.setAccessCodeLifespan(60);
|
||||
defaultRealm.setAccessCodeLifespanUserAction(600);
|
||||
defaultRealm.setSslNotRequired(false);
|
||||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
defaultRealm.setAutomaticRegistrationAfterSocialLogin(false);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||
RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
||||
UserModel admin = defaultRealm.addUser("admin");
|
||||
defaultRealm.grantRole(admin, role);
|
||||
|
||||
RealmRepresentation rep = AbstractKeycloakServerTest.loadJson("testrealm.json");
|
||||
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
||||
manager.importRealm(rep, realm);
|
||||
realm.addRealmAdmin(admin);
|
||||
|
||||
Assert.assertTrue(realm.isVerifyEmail());
|
||||
|
||||
|
|
@ -81,8 +64,6 @@ public class ImportTest extends AbstractKeycloakTest {
|
|||
|
||||
List<ApplicationModel> resources = realm.getApplications();
|
||||
Assert.assertEquals(2, resources.size());
|
||||
List<RealmModel> realms = getIdentitySession().getRealms(admin);
|
||||
Assert.assertEquals(1, realms.size());
|
||||
|
||||
// Test scope relationship
|
||||
ApplicationModel application = realm.getApplicationNameMap().get("Application");
|
||||
|
|
@ -118,26 +99,9 @@ public class ImportTest extends AbstractKeycloakTest {
|
|||
@Test
|
||||
public void install2() throws Exception {
|
||||
RealmManager manager = getRealmManager();
|
||||
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setName(RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setEnabled(true);
|
||||
defaultRealm.setTokenLifespan(300);
|
||||
defaultRealm.setAccessCodeLifespan(60);
|
||||
defaultRealm.setAccessCodeLifespanUserAction(600);
|
||||
defaultRealm.setSslNotRequired(false);
|
||||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
defaultRealm.setAutomaticRegistrationAfterSocialLogin(false);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||
RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
||||
UserModel admin = defaultRealm.addUser("admin");
|
||||
defaultRealm.grantRole(admin, role);
|
||||
|
||||
RealmRepresentation rep = AbstractKeycloakServerTest.loadJson("testrealm-demo.json");
|
||||
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
||||
manager.importRealm(rep, realm);
|
||||
realm.addRealmAdmin(admin);
|
||||
|
||||
Assert.assertTrue(realm.isAutomaticRegistrationAfterSocialLogin());
|
||||
Assert.assertEquals(600, realm.getAccessCodeLifespanUserAction());
|
||||
|
|
|
|||
|
|
@ -1,32 +0,0 @@
|
|||
package org.keycloak.test;
|
||||
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.services.resources.SaasService;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class InstallationManager {
|
||||
public void install(RealmManager manager) {
|
||||
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setName(RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setEnabled(true);
|
||||
defaultRealm.setTokenLifespan(300);
|
||||
defaultRealm.setAccessCodeLifespan(60);
|
||||
defaultRealm.setAccessCodeLifespanUserAction(600);
|
||||
defaultRealm.setSslNotRequired(false);
|
||||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
||||
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
|
||||
}
|
||||
|
||||
public boolean isInstalled(RealmManager manager) {
|
||||
return manager.defaultRealm() != null;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,74 +0,0 @@
|
|||
package org.keycloak.test;
|
||||
|
||||
import org.junit.Assert;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.representations.AccessTokenResponse;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
||||
import javax.ws.rs.NotAuthorizedException;
|
||||
import javax.ws.rs.client.Entity;
|
||||
import javax.ws.rs.client.WebTarget;
|
||||
import javax.ws.rs.core.Form;
|
||||
import javax.ws.rs.core.HttpHeaders;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
import static org.jboss.resteasy.test.TestPortProvider.generateURL;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RealmCreationTest extends AbstractKeycloakServerTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void before() throws Exception {
|
||||
KeycloakSession session = application.getFactory().createSession();
|
||||
session.getTransaction().begin();
|
||||
RealmManager manager = new RealmManager(session);
|
||||
new InstallationManager().install(manager);
|
||||
session.getTransaction().commit();
|
||||
session.close();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRegisterLoginAndCreate() throws Exception {
|
||||
UserRepresentation user = new UserRepresentation();
|
||||
user.setUsername("bburke");
|
||||
user.credential(CredentialRepresentation.PASSWORD, "geheim");
|
||||
|
||||
WebTarget target = client.target(generateURL("/"));
|
||||
Response response = target.path("saas/registrations").request().post(Entity.json(user));
|
||||
Assert.assertEquals(201, response.getStatus());
|
||||
response.close();
|
||||
|
||||
|
||||
AccessTokenResponse tokenResponse = null;
|
||||
try {
|
||||
Form form = new Form();
|
||||
form.param(AuthenticationManager.FORM_USERNAME, "bburke");
|
||||
form.param(CredentialRepresentation.PASSWORD, "badpassword");
|
||||
tokenResponse = target.path("realms").path(RealmModel.DEFAULT_REALM).path("tokens/grants/identity-token").request().post(Entity.form(form), AccessTokenResponse.class);
|
||||
Assert.fail();
|
||||
} catch (NotAuthorizedException e) {
|
||||
}
|
||||
Form form = new Form();
|
||||
form.param(AuthenticationManager.FORM_USERNAME, "bburke");
|
||||
form.param(CredentialRepresentation.PASSWORD, "geheim");
|
||||
tokenResponse = target.path("realms").path(RealmModel.DEFAULT_REALM).path("tokens/grants/identity-token").request().post(Entity.form(form), AccessTokenResponse.class);
|
||||
Assert.assertNotNull(tokenResponse);
|
||||
System.out.println(tokenResponse.getToken());
|
||||
//
|
||||
|
||||
RealmRepresentation realm = loadJson("testrealm.json");
|
||||
response = target.path("saas/admin/realms").request().header(HttpHeaders.AUTHORIZATION, "Bearer " + tokenResponse.getToken()).post(Entity.json(realm));
|
||||
Assert.assertEquals(201, response.getStatus());
|
||||
response.close();
|
||||
}
|
||||
}
|
||||
6
services/src/test/java/org/keycloak/test/common/AbstractKeycloakTest.java
Normal file → Executable file
6
services/src/test/java/org/keycloak/test/common/AbstractKeycloakTest.java
Normal file → Executable file
|
|
@ -24,9 +24,9 @@ public abstract class AbstractKeycloakTest {
|
|||
protected static final SessionFactoryTestContext[] TEST_CONTEXTS;
|
||||
|
||||
private final SessionFactoryTestContext testContext;
|
||||
private KeycloakSessionFactory factory;
|
||||
private KeycloakSession identitySession;
|
||||
private RealmManager realmManager;
|
||||
protected KeycloakSessionFactory factory;
|
||||
protected KeycloakSession identitySession;
|
||||
protected RealmManager realmManager;
|
||||
|
||||
// STATIC METHODS
|
||||
|
||||
|
|
|
|||
26
testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java
Normal file → Executable file
26
testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java
Normal file → Executable file
|
|
@ -37,17 +37,12 @@ import org.jboss.resteasy.jwt.JsonSerialization;
|
|||
import org.jboss.resteasy.logging.Logger;
|
||||
import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer;
|
||||
import org.jboss.resteasy.spi.ResteasyDeployment;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.models.*;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.services.filters.KeycloakSessionServletFilter;
|
||||
import org.keycloak.services.managers.ApplianceBootstrap;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
import org.keycloak.services.resources.SaasService;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||
|
|
@ -211,24 +206,11 @@ public class KeycloakServer {
|
|||
try {
|
||||
RealmManager manager = new RealmManager(session);
|
||||
|
||||
if (manager.getRealm(RealmModel.DEFAULT_REALM) != null) {
|
||||
if (manager.getRealm(Constants.ADMIN_REALM) != null) {
|
||||
return;
|
||||
}
|
||||
|
||||
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setName(RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setEnabled(true);
|
||||
defaultRealm.setTokenLifespan(300);
|
||||
defaultRealm.setAccessCodeLifespan(60);
|
||||
defaultRealm.setAccessCodeLifespanUserAction(600);
|
||||
defaultRealm.setSslNotRequired(true);
|
||||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
||||
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
|
||||
|
||||
new ApplianceBootstrap().bootstrap(session);
|
||||
session.getTransaction().commit();
|
||||
} finally {
|
||||
session.close();
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import javax.servlet.Servlet;
|
|||
|
||||
import org.jboss.resteasy.jwt.JsonSerialization;
|
||||
import org.junit.rules.ExternalResource;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
|
|
@ -104,10 +105,10 @@ public class KeycloakRule extends ExternalResource {
|
|||
try {
|
||||
RealmManager manager = new RealmManager(session);
|
||||
|
||||
RealmModel defaultRealm = manager.getRealm(RealmModel.DEFAULT_REALM);
|
||||
RealmModel adminstrationRealm = manager.getRealm(Constants.ADMIN_REALM);
|
||||
RealmModel appRealm = manager.getRealm("test");
|
||||
|
||||
configurer.config(manager, defaultRealm, appRealm);
|
||||
configurer.config(manager, null, appRealm);
|
||||
|
||||
session.getTransaction().commit();
|
||||
} finally {
|
||||
|
|
@ -117,7 +118,7 @@ public class KeycloakRule extends ExternalResource {
|
|||
|
||||
public interface KeycloakSetup {
|
||||
|
||||
void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm);
|
||||
void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm);
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue