bootstrap
This commit is contained in:
Bill Burke
parent
fc92ead9be
commit
13c75c02e1
27 changed files with 172 additions and 407 deletions
|
|
@ -1,13 +1,12 @@
|
||||||
package org.keycloak.example.demo;
|
package org.keycloak.example.demo;
|
||||||
|
|
||||||
import org.jboss.resteasy.jwt.JsonSerialization;
|
import org.jboss.resteasy.jwt.JsonSerialization;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
|
import org.keycloak.services.managers.ApplianceBootstrap;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.services.resources.KeycloakApplication;
|
import org.keycloak.services.resources.KeycloakApplication;
|
||||||
import org.keycloak.services.resources.SaasService;
|
|
||||||
|
|
||||||
import javax.servlet.ServletContext;
|
import javax.servlet.ServletContext;
|
||||||
import javax.ws.rs.core.Context;
|
import javax.ws.rs.core.Context;
|
||||||
|
|
@ -24,27 +23,13 @@ public class DemoApplication extends KeycloakApplication {
|
||||||
super(servletContext);
|
super(servletContext);
|
||||||
KeycloakSession session = factory.createSession();
|
KeycloakSession session = factory.createSession();
|
||||||
session.getTransaction().begin();
|
session.getTransaction().begin();
|
||||||
RealmManager realmManager = new RealmManager(session);
|
ApplianceBootstrap bootstrap = new ApplianceBootstrap();
|
||||||
if (realmManager.defaultRealm() == null) {
|
bootstrap.bootstrap(session);
|
||||||
install(realmManager);
|
install(new RealmManager(session));
|
||||||
}
|
|
||||||
session.getTransaction().commit();
|
session.getTransaction().commit();
|
||||||
}
|
}
|
||||||
|
|
||||||
public void install(RealmManager manager) {
|
public void install(RealmManager manager) {
|
||||||
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
|
|
||||||
defaultRealm.setName(RealmModel.DEFAULT_REALM);
|
|
||||||
defaultRealm.setEnabled(true);
|
|
||||||
defaultRealm.setTokenLifespan(300);
|
|
||||||
defaultRealm.setAccessCodeLifespan(60);
|
|
||||||
defaultRealm.setSslNotRequired(true);
|
|
||||||
defaultRealm.setCookieLoginAllowed(true);
|
|
||||||
defaultRealm.setRegistrationAllowed(true);
|
|
||||||
manager.generateRealmKeys(defaultRealm);
|
|
||||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
|
||||||
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
|
||||||
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
|
|
||||||
|
|
||||||
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
|
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
|
||||||
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
||||||
manager.importRealm(rep, realm);
|
manager.importRealm(rep, realm);
|
||||||
|
|
|
||||||
|
|
@ -1,19 +1,19 @@
|
||||||
package org.keycloak.example.demo;
|
package org.keycloak.example.demo;
|
||||||
|
|
||||||
import org.jboss.resteasy.jwt.JsonSerialization;
|
import org.jboss.resteasy.jwt.JsonSerialization;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
|
import org.keycloak.services.managers.ApplianceBootstrap;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.services.resources.KeycloakApplication;
|
import org.keycloak.services.resources.KeycloakApplication;
|
||||||
import org.keycloak.services.resources.SaasService;
|
|
||||||
|
|
||||||
import javax.servlet.ServletContext;
|
import javax.servlet.ServletContext;
|
||||||
import javax.ws.rs.core.Context;
|
import javax.ws.rs.core.Context;
|
||||||
import java.io.ByteArrayOutputStream;
|
import java.io.ByteArrayOutputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
|
|
@ -24,27 +24,13 @@ public class DemoApplication extends KeycloakApplication {
|
||||||
super(servletContext);
|
super(servletContext);
|
||||||
KeycloakSession session = factory.createSession();
|
KeycloakSession session = factory.createSession();
|
||||||
session.getTransaction().begin();
|
session.getTransaction().begin();
|
||||||
RealmManager realmManager = new RealmManager(session);
|
ApplianceBootstrap bootstrap = new ApplianceBootstrap();
|
||||||
if (realmManager.defaultRealm() == null) {
|
bootstrap.bootstrap(session);
|
||||||
install(realmManager);
|
install(new RealmManager(session));
|
||||||
}
|
|
||||||
session.getTransaction().commit();
|
session.getTransaction().commit();
|
||||||
}
|
}
|
||||||
|
|
||||||
public void install(RealmManager manager) {
|
public void install(RealmManager manager) {
|
||||||
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
|
|
||||||
defaultRealm.setName(RealmModel.DEFAULT_REALM);
|
|
||||||
defaultRealm.setEnabled(true);
|
|
||||||
defaultRealm.setTokenLifespan(300);
|
|
||||||
defaultRealm.setAccessCodeLifespan(60);
|
|
||||||
defaultRealm.setSslNotRequired(true);
|
|
||||||
defaultRealm.setCookieLoginAllowed(true);
|
|
||||||
defaultRealm.setRegistrationAllowed(true);
|
|
||||||
manager.generateRealmKeys(defaultRealm);
|
|
||||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
|
||||||
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
|
||||||
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
|
|
||||||
|
|
||||||
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
|
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
|
||||||
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
||||||
manager.importRealm(rep, realm);
|
manager.importRealm(rep, realm);
|
||||||
|
|
|
||||||
|
|
@ -35,5 +35,6 @@
|
||||||
</build>
|
</build>
|
||||||
<modules>
|
<modules>
|
||||||
<module>as7-eap-demo</module>
|
<module>as7-eap-demo</module>
|
||||||
|
<module>as7-eap-dev</module>
|
||||||
</modules>
|
</modules>
|
||||||
</project>
|
</project>
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,7 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.forms;
|
package org.keycloak.forms;
|
||||||
|
|
||||||
|
import org.keycloak.models.Constants;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -35,7 +36,7 @@ public class RealmBean {
|
||||||
|
|
||||||
public RealmBean(RealmModel realmModel) {
|
public RealmBean(RealmModel realmModel) {
|
||||||
realm = realmModel;
|
realm = realmModel;
|
||||||
saas = RealmModel.DEFAULT_REALM.equals(realmModel.getName());
|
saas = Constants.ADMIN_REALM.equals(realmModel.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getId() {
|
public String getId() {
|
||||||
|
|
|
||||||
14
model/api/src/main/java/org/keycloak/models/Constants.java
Executable file
14
model/api/src/main/java/org/keycloak/models/Constants.java
Executable file
|
|
@ -0,0 +1,14 @@
|
||||||
|
package org.keycloak.models;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
|
* @version $Revision: 1 $
|
||||||
|
*/
|
||||||
|
public interface Constants {
|
||||||
|
String ADMIN_REALM = "Keycloak Adminstration";
|
||||||
|
String ADMIN_CONSOLE_APPLICATION = "Admin Console";
|
||||||
|
String ADMIN_CONSOLE_ADMIN_ROLE = "admin";
|
||||||
|
String APPLICATION_ROLE = "KEYCLOAK_APPLICATION";
|
||||||
|
String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER";
|
||||||
|
String WILDCARD_ROLE = "*";
|
||||||
|
}
|
||||||
|
|
@ -11,7 +11,6 @@ import java.util.Set;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMapperModel {
|
public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMapperModel {
|
||||||
String DEFAULT_REALM = "default";
|
|
||||||
|
|
||||||
String getId();
|
String getId();
|
||||||
|
|
||||||
|
|
@ -97,11 +96,6 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
|
||||||
|
|
||||||
ApplicationModel addApplication(String name);
|
ApplicationModel addApplication(String name);
|
||||||
|
|
||||||
boolean isRealmAdmin(UserModel agent);
|
|
||||||
|
|
||||||
void addRealmAdmin(UserModel agent);
|
|
||||||
|
|
||||||
|
|
||||||
List<RequiredCredentialModel> getRequiredApplicationCredentials();
|
List<RequiredCredentialModel> getRequiredApplicationCredentials();
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -71,6 +71,7 @@ public class ApplicationAdapter implements ApplicationModel {
|
||||||
@Override
|
@Override
|
||||||
public void setName(String name) {
|
public void setName(String name) {
|
||||||
applicationData.setResourceName(name);
|
applicationData.setResourceName(name);
|
||||||
|
updateApplication();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
@ -81,6 +82,7 @@ public class ApplicationAdapter implements ApplicationModel {
|
||||||
@Override
|
@Override
|
||||||
public void setEnabled(boolean enabled) {
|
public void setEnabled(boolean enabled) {
|
||||||
applicationData.setEnabled(enabled);
|
applicationData.setEnabled(enabled);
|
||||||
|
updateApplication();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
@ -91,6 +93,7 @@ public class ApplicationAdapter implements ApplicationModel {
|
||||||
@Override
|
@Override
|
||||||
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
|
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
|
||||||
applicationData.setSurrogateAuthRequired(surrogateAuthRequired);
|
applicationData.setSurrogateAuthRequired(surrogateAuthRequired);
|
||||||
|
updateApplication();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
@ -101,6 +104,7 @@ public class ApplicationAdapter implements ApplicationModel {
|
||||||
@Override
|
@Override
|
||||||
public void setManagementUrl(String url) {
|
public void setManagementUrl(String url) {
|
||||||
applicationData.setManagementUrl(url);
|
applicationData.setManagementUrl(url);
|
||||||
|
updateApplication();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
@ -111,6 +115,7 @@ public class ApplicationAdapter implements ApplicationModel {
|
||||||
@Override
|
@Override
|
||||||
public void setBaseUrl(String url) {
|
public void setBaseUrl(String url) {
|
||||||
applicationData.setBaseUrl(url);
|
applicationData.setBaseUrl(url);
|
||||||
|
updateApplication();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.picketlink.mappings.RealmData;
|
import org.keycloak.models.picketlink.mappings.RealmData;
|
||||||
import org.keycloak.models.picketlink.relationships.RealmAdminRelationship;
|
import org.keycloak.models.picketlink.relationships.RealmAdminRelationship;
|
||||||
|
import org.keycloak.models.picketlink.relationships.RealmListingRelationship;
|
||||||
import org.keycloak.models.utils.KeycloakSessionUtils;
|
import org.keycloak.models.utils.KeycloakSessionUtils;
|
||||||
import org.picketlink.idm.PartitionManager;
|
import org.picketlink.idm.PartitionManager;
|
||||||
import org.picketlink.idm.RelationshipManager;
|
import org.picketlink.idm.RelationshipManager;
|
||||||
|
|
@ -56,18 +57,24 @@ public class PicketlinkKeycloakSession implements KeycloakSession {
|
||||||
newRealm.setId(id);
|
newRealm.setId(id);
|
||||||
newRealm.setRealmName(name);
|
newRealm.setRealmName(name);
|
||||||
partitionManager.add(newRealm);
|
partitionManager.add(newRealm);
|
||||||
|
RealmListingRelationship rel = new RealmListingRelationship();
|
||||||
|
// picketlink beta 6 uses Realm name for lookup! Don't forget!
|
||||||
|
rel.setRealm(newRealm.getName());
|
||||||
|
partitionManager.createRelationshipManager().add(rel);
|
||||||
|
|
||||||
RealmAdapter realm = new RealmAdapter(this, newRealm, partitionManager);
|
RealmAdapter realm = new RealmAdapter(this, newRealm, partitionManager);
|
||||||
return realm;
|
return realm;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<RealmModel> getRealms(UserModel admin) {
|
public List<RealmModel> getRealms(UserModel admin) {
|
||||||
|
// todo ability to assign realm management to a specific admin
|
||||||
|
// currently each admin is allowed to access all realms so just do a big query
|
||||||
RelationshipManager relationshipManager = partitionManager.createRelationshipManager();
|
RelationshipManager relationshipManager = partitionManager.createRelationshipManager();
|
||||||
RelationshipQuery<RealmAdminRelationship> query = relationshipManager.createRelationshipQuery(RealmAdminRelationship.class);
|
RelationshipQuery<RealmListingRelationship> query = relationshipManager.createRelationshipQuery(RealmListingRelationship.class);
|
||||||
query.setParameter(RealmAdminRelationship.ADMIN, ((UserAdapter)admin).getUser());
|
List<RealmListingRelationship> results = query.getResultList();
|
||||||
List<RealmAdminRelationship> results = query.getResultList();
|
|
||||||
List<RealmModel> realmModels = new ArrayList<RealmModel>();
|
List<RealmModel> realmModels = new ArrayList<RealmModel>();
|
||||||
for (RealmAdminRelationship relationship : results) {
|
for (RealmListingRelationship relationship : results) {
|
||||||
String realmName = relationship.getRealm();
|
String realmName = relationship.getRealm();
|
||||||
RealmModel model = getRealm(realmName);
|
RealmModel model = getRealm(realmName);
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
|
|
@ -81,6 +88,7 @@ public class PicketlinkKeycloakSession implements KeycloakSession {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public RealmAdapter getRealm(String id) {
|
public RealmAdapter getRealm(String id) {
|
||||||
|
// picketlink beta 6 uses Realm name for lookup! Don't forget!
|
||||||
RealmData existing = partitionManager.getPartition(RealmData.class, id);
|
RealmData existing = partitionManager.getPartition(RealmData.class, id);
|
||||||
if (existing == null) {
|
if (existing == null) {
|
||||||
return null;
|
return null;
|
||||||
|
|
|
||||||
|
|
@ -753,23 +753,6 @@ public class RealmAdapter implements RealmModel {
|
||||||
return set;
|
return set;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean isRealmAdmin(UserModel agent) {
|
|
||||||
RelationshipQuery<RealmAdminRelationship> query = getRelationshipManager().createRelationshipQuery(RealmAdminRelationship.class);
|
|
||||||
query.setParameter(RealmAdminRelationship.REALM, realm.getName());
|
|
||||||
query.setParameter(RealmAdminRelationship.ADMIN, ((UserAdapter)agent).getUser());
|
|
||||||
List<RealmAdminRelationship> results = query.getResultList();
|
|
||||||
return results.size() > 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void addRealmAdmin(UserModel agent) {
|
|
||||||
RealmAdminRelationship relationship = new RealmAdminRelationship();
|
|
||||||
relationship.setAdmin(((UserAdapter)agent).getUser());
|
|
||||||
relationship.setRealm(realm.getName());
|
|
||||||
getRelationshipManager().add(relationship);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<RoleModel> getDefaultRoles() {
|
public List<RoleModel> getDefaultRoles() {
|
||||||
List<RoleModel> defaultRoleModels = new ArrayList<RoleModel>();
|
List<RoleModel> defaultRoleModels = new ArrayList<RoleModel>();
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,28 @@
|
||||||
|
package org.keycloak.models.picketlink.relationships;
|
||||||
|
|
||||||
|
import org.picketlink.idm.model.AbstractAttributedType;
|
||||||
|
import org.picketlink.idm.model.Attribute;
|
||||||
|
import org.picketlink.idm.model.Relationship;
|
||||||
|
import org.picketlink.idm.model.sample.User;
|
||||||
|
import org.picketlink.idm.query.AttributeParameter;
|
||||||
|
import org.picketlink.idm.query.RelationshipQueryParameter;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Picketlink doesn't allow you to query for all partitions, thus this stupid relationship...
|
||||||
|
*
|
||||||
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
|
* @version $Revision: 1 $
|
||||||
|
*/
|
||||||
|
public class RealmListingRelationship extends AbstractAttributedType implements Relationship {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
public static final AttributeParameter REALM = new AttributeParameter("realm");
|
||||||
|
|
||||||
|
public String getRealm() {
|
||||||
|
return (String)getAttribute("realm").getValue();
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRealm(String realm) {
|
||||||
|
setAttribute(new Attribute<String>("realm", realm));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -2,7 +2,6 @@ package org.keycloak.services.managers;
|
||||||
|
|
||||||
import org.keycloak.models.*;
|
import org.keycloak.models.*;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
import org.keycloak.services.resources.SaasService;
|
|
||||||
|
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
|
|
@ -13,17 +12,14 @@ import java.util.UUID;
|
||||||
public class ApplianceBootstrap {
|
public class ApplianceBootstrap {
|
||||||
|
|
||||||
|
|
||||||
public static final String ADMIN_REALM = "Keycloak Adminstration";
|
|
||||||
public static final String ADMIN_CONSOLE = "Admin Console";
|
|
||||||
|
|
||||||
public void initKeycloakAdminRealm(RealmModel realm) {
|
public void initKeycloakAdminRealm(RealmModel realm) {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void bootstrap(KeycloakSession session) {
|
public void bootstrap(KeycloakSession session) {
|
||||||
RealmManager manager = new RealmManager(session);
|
RealmManager manager = new RealmManager(session);
|
||||||
RealmModel realm = manager.createRealm(ADMIN_REALM, "Keycloak Adminstration");
|
RealmModel realm = manager.createRealm(Constants.ADMIN_REALM, Constants.ADMIN_REALM);
|
||||||
realm.setName("Keycloak Adminstration");
|
realm.setName(Constants.ADMIN_REALM);
|
||||||
realm.setEnabled(true);
|
realm.setEnabled(true);
|
||||||
realm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
realm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||||
realm.addRequiredOAuthClientCredential(CredentialRepresentation.PASSWORD);
|
realm.addRequiredOAuthClientCredential(CredentialRepresentation.PASSWORD);
|
||||||
|
|
@ -36,16 +32,16 @@ public class ApplianceBootstrap {
|
||||||
manager.generateRealmKeys(realm);
|
manager.generateRealmKeys(realm);
|
||||||
initKeycloakAdminRealm(realm);
|
initKeycloakAdminRealm(realm);
|
||||||
|
|
||||||
ApplicationModel adminConsole = realm.addApplication(ADMIN_CONSOLE);
|
ApplicationModel adminConsole = realm.addApplication(Constants.ADMIN_CONSOLE_APPLICATION);
|
||||||
adminConsole.setEnabled(true);
|
adminConsole.setEnabled(true);
|
||||||
UserCredentialModel adminConsolePassword = new UserCredentialModel();
|
UserCredentialModel adminConsolePassword = new UserCredentialModel();
|
||||||
adminConsolePassword.setType(UserCredentialModel.PASSWORD);
|
adminConsolePassword.setType(UserCredentialModel.PASSWORD);
|
||||||
adminConsolePassword.setValue(UUID.randomUUID().toString()); // just a random password as we'll never access it
|
adminConsolePassword.setValue(UUID.randomUUID().toString()); // just a random password as we'll never access it
|
||||||
realm.updateCredential(adminConsole.getApplicationUser(), adminConsolePassword);
|
realm.updateCredential(adminConsole.getApplicationUser(), adminConsolePassword);
|
||||||
|
|
||||||
RoleModel applicationRole = realm.getRole(RealmManager.APPLICATION_ROLE);
|
RoleModel applicationRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||||
realm.grantRole(adminConsole.getApplicationUser(), applicationRole);
|
realm.grantRole(adminConsole.getApplicationUser(), applicationRole);
|
||||||
RoleModel adminRole = adminConsole.addRole("admin");
|
RoleModel adminRole = adminConsole.addRole(Constants.ADMIN_CONSOLE_ADMIN_ROLE);
|
||||||
|
|
||||||
UserModel adminUser = realm.addUser("admin");
|
UserModel adminUser = realm.addUser("admin");
|
||||||
adminUser.setEnabled(true);
|
adminUser.setEnabled(true);
|
||||||
|
|
@ -53,7 +49,7 @@ public class ApplianceBootstrap {
|
||||||
password.setType(UserCredentialModel.PASSWORD);
|
password.setType(UserCredentialModel.PASSWORD);
|
||||||
password.setValue("admin");
|
password.setValue("admin");
|
||||||
realm.updateCredential(adminUser, password);
|
realm.updateCredential(adminUser, password);
|
||||||
adminUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
//adminUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||||
|
|
||||||
adminConsole.grantRole(adminUser, adminRole);
|
adminConsole.grantRole(adminUser, adminRole);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -70,7 +70,7 @@ public class ApplicationManager {
|
||||||
}
|
}
|
||||||
|
|
||||||
public ApplicationModel createApplication(RealmModel realm, ApplicationRepresentation resourceRep) {
|
public ApplicationModel createApplication(RealmModel realm, ApplicationRepresentation resourceRep) {
|
||||||
RoleModel loginRole = realm.getRole(RealmManager.APPLICATION_ROLE);
|
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||||
return createApplication(realm, loginRole, resourceRep);
|
return createApplication(realm, loginRole, resourceRep);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ import org.jboss.resteasy.spi.HttpResponse;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
import org.keycloak.RSATokenVerifier;
|
import org.keycloak.RSATokenVerifier;
|
||||||
import org.keycloak.VerificationException;
|
import org.keycloak.VerificationException;
|
||||||
|
import org.keycloak.models.Constants;
|
||||||
import org.keycloak.representations.SkeletonKeyToken;
|
import org.keycloak.representations.SkeletonKeyToken;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
|
|
@ -33,18 +34,6 @@ public class AuthenticationManager {
|
||||||
public static final String FORM_USERNAME = "username";
|
public static final String FORM_USERNAME = "username";
|
||||||
public static final String KEYCLOAK_IDENTITY_COOKIE = "KEYCLOAK_IDENTITY";
|
public static final String KEYCLOAK_IDENTITY_COOKIE = "KEYCLOAK_IDENTITY";
|
||||||
|
|
||||||
/**
|
|
||||||
* Grabs token from headers, authenticates, authorizes
|
|
||||||
*
|
|
||||||
* @param realm
|
|
||||||
* @param headers
|
|
||||||
* @return
|
|
||||||
*/
|
|
||||||
public boolean isRealmAdmin(RealmModel realm, HttpHeaders headers) {
|
|
||||||
UserModel user = authenticateBearerToken(realm, headers);
|
|
||||||
return realm.isRealmAdmin(user);
|
|
||||||
}
|
|
||||||
|
|
||||||
public SkeletonKeyToken createIdentityToken(RealmModel realm, String username) {
|
public SkeletonKeyToken createIdentityToken(RealmModel realm, String username) {
|
||||||
SkeletonKeyToken token = new SkeletonKeyToken();
|
SkeletonKeyToken token = new SkeletonKeyToken();
|
||||||
token.id(RealmManager.generateId());
|
token.id(RealmManager.generateId());
|
||||||
|
|
@ -211,9 +200,9 @@ public class AuthenticationManager {
|
||||||
Set<String> types = new HashSet<String>();
|
Set<String> types = new HashSet<String>();
|
||||||
|
|
||||||
List<RequiredCredentialModel> requiredCredentials = null;
|
List<RequiredCredentialModel> requiredCredentials = null;
|
||||||
if (realm.hasRole(user, RealmManager.APPLICATION_ROLE)) {
|
if (realm.hasRole(user, Constants.APPLICATION_ROLE)) {
|
||||||
requiredCredentials = realm.getRequiredApplicationCredentials();
|
requiredCredentials = realm.getRequiredApplicationCredentials();
|
||||||
} else if (realm.hasRole(user, RealmManager.IDENTITY_REQUESTER_ROLE)) {
|
} else if (realm.hasRole(user, Constants.IDENTITY_REQUESTER_ROLE)) {
|
||||||
requiredCredentials = realm.getRequiredOAuthClientCredentials();
|
requiredCredentials = realm.getRequiredOAuthClientCredentials();
|
||||||
} else {
|
} else {
|
||||||
requiredCredentials = realm.getRequiredCredentials();
|
requiredCredentials = realm.getRequiredCredentials();
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
package org.keycloak.services.managers;
|
package org.keycloak.services.managers;
|
||||||
|
|
||||||
|
import org.keycloak.models.Constants;
|
||||||
import org.keycloak.models.OAuthClientModel;
|
import org.keycloak.models.OAuthClientModel;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.RoleModel;
|
import org.keycloak.models.RoleModel;
|
||||||
|
|
@ -18,7 +19,7 @@ public class OAuthClientManager {
|
||||||
|
|
||||||
public OAuthClientModel create(String name) {
|
public OAuthClientModel create(String name) {
|
||||||
OAuthClientModel model = realm.addOAuthClient(name);
|
OAuthClientModel model = realm.addOAuthClient(name);
|
||||||
RoleModel role = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
|
RoleModel role = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
|
||||||
realm.grantRole(model.getOAuthAgent(), role);
|
realm.grantRole(model.getOAuthAgent(), role);
|
||||||
return model;
|
return model;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -20,9 +20,6 @@ import java.util.concurrent.atomic.AtomicLong;
|
||||||
public class RealmManager {
|
public class RealmManager {
|
||||||
protected static final Logger logger = Logger.getLogger(RealmManager.class);
|
protected static final Logger logger = Logger.getLogger(RealmManager.class);
|
||||||
private static AtomicLong counter = new AtomicLong(1);
|
private static AtomicLong counter = new AtomicLong(1);
|
||||||
public static final String APPLICATION_ROLE = "KEYCLOAK_APPLICATION";
|
|
||||||
public static final String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER";
|
|
||||||
public static final String WILDCARD_ROLE = "*";
|
|
||||||
|
|
||||||
public static String generateId() {
|
public static String generateId() {
|
||||||
return counter.getAndIncrement() + "-" + System.currentTimeMillis();
|
return counter.getAndIncrement() + "-" + System.currentTimeMillis();
|
||||||
|
|
@ -34,8 +31,8 @@ public class RealmManager {
|
||||||
this.identitySession = identitySession;
|
this.identitySession = identitySession;
|
||||||
}
|
}
|
||||||
|
|
||||||
public RealmModel defaultRealm() {
|
public RealmModel getKeycloakAdminstrationRealm() {
|
||||||
return getRealm(RealmModel.DEFAULT_REALM);
|
return getRealm(Constants.ADMIN_REALM);
|
||||||
}
|
}
|
||||||
|
|
||||||
public RealmModel getRealm(String id) {
|
public RealmModel getRealm(String id) {
|
||||||
|
|
@ -49,9 +46,9 @@ public class RealmManager {
|
||||||
public RealmModel createRealm(String id, String name) {
|
public RealmModel createRealm(String id, String name) {
|
||||||
RealmModel realm = identitySession.createRealm(id, name);
|
RealmModel realm = identitySession.createRealm(id, name);
|
||||||
realm.setName(name);
|
realm.setName(name);
|
||||||
realm.addRole(WILDCARD_ROLE);
|
realm.addRole(Constants.WILDCARD_ROLE);
|
||||||
realm.addRole(APPLICATION_ROLE);
|
realm.addRole(Constants.APPLICATION_ROLE);
|
||||||
realm.addRole(IDENTITY_REQUESTER_ROLE);
|
realm.addRole(Constants.IDENTITY_REQUESTER_ROLE);
|
||||||
return realm;
|
return realm;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -99,7 +96,6 @@ public class RealmManager {
|
||||||
//verifyRealmRepresentation(rep);
|
//verifyRealmRepresentation(rep);
|
||||||
RealmModel realm = createRealm(rep.getRealm());
|
RealmModel realm = createRealm(rep.getRealm());
|
||||||
importRealm(rep, realm);
|
importRealm(rep, realm);
|
||||||
realm.addRealmAdmin(realmCreator);
|
|
||||||
return realm;
|
return realm;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -329,7 +325,7 @@ public class RealmManager {
|
||||||
|
|
||||||
|
|
||||||
protected void createApplications(RealmRepresentation rep, RealmModel realm) {
|
protected void createApplications(RealmRepresentation rep, RealmModel realm) {
|
||||||
RoleModel loginRole = realm.getRole(RealmManager.APPLICATION_ROLE);
|
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||||
ApplicationManager manager = new ApplicationManager(this);
|
ApplicationManager manager = new ApplicationManager(this);
|
||||||
for (ApplicationRepresentation resourceRep : rep.getApplications()) {
|
for (ApplicationRepresentation resourceRep : rep.getApplications()) {
|
||||||
manager.createApplication(realm, loginRole, resourceRep);
|
manager.createApplication(realm, loginRole, resourceRep);
|
||||||
|
|
|
||||||
|
|
@ -3,12 +3,9 @@ package org.keycloak.services.managers;
|
||||||
import org.jboss.resteasy.jose.Base64Url;
|
import org.jboss.resteasy.jose.Base64Url;
|
||||||
import org.jboss.resteasy.jose.jws.JWSBuilder;
|
import org.jboss.resteasy.jose.jws.JWSBuilder;
|
||||||
import org.jboss.resteasy.jwt.JsonSerialization;
|
import org.jboss.resteasy.jwt.JsonSerialization;
|
||||||
|
import org.keycloak.models.*;
|
||||||
import org.keycloak.representations.SkeletonKeyScope;
|
import org.keycloak.representations.SkeletonKeyScope;
|
||||||
import org.keycloak.representations.SkeletonKeyToken;
|
import org.keycloak.representations.SkeletonKeyToken;
|
||||||
import org.keycloak.models.ApplicationModel;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.models.RoleModel;
|
|
||||||
import org.keycloak.models.UserModel;
|
|
||||||
|
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
@ -55,7 +52,7 @@ public class TokenManager {
|
||||||
Set<String> scopeRequest = null;
|
Set<String> scopeRequest = null;
|
||||||
if (scopeMap != null) {
|
if (scopeMap != null) {
|
||||||
scopeRequest.addAll(scopeMap.get("realm"));
|
scopeRequest.addAll(scopeMap.get("realm"));
|
||||||
if (scopeRequest.contains(RealmManager.WILDCARD_ROLE)) scopeRequest = null;
|
if (scopeRequest.contains(Constants.WILDCARD_ROLE)) scopeRequest = null;
|
||||||
}
|
}
|
||||||
for (String role : realmMapping) {
|
for (String role : realmMapping) {
|
||||||
if (
|
if (
|
||||||
|
|
@ -74,7 +71,7 @@ public class TokenManager {
|
||||||
Set<String> scopeRequest = null;
|
Set<String> scopeRequest = null;
|
||||||
if (scopeMap != null) {
|
if (scopeMap != null) {
|
||||||
scopeRequest.addAll(scopeMap.get(resource.getName()));
|
scopeRequest.addAll(scopeMap.get(resource.getName()));
|
||||||
if (scopeRequest.contains(RealmManager.WILDCARD_ROLE)) scopeRequest = null;
|
if (scopeRequest.contains(Constants.WILDCARD_ROLE)) scopeRequest = null;
|
||||||
}
|
}
|
||||||
for (String role : mapping) {
|
for (String role : mapping) {
|
||||||
if (
|
if (
|
||||||
|
|
|
||||||
|
|
@ -6,24 +6,17 @@ import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.HttpResponse;
|
import org.jboss.resteasy.spi.HttpResponse;
|
||||||
import org.jboss.resteasy.spi.NotImplementedYetException;
|
import org.jboss.resteasy.spi.NotImplementedYetException;
|
||||||
import org.keycloak.models.*;
|
import org.keycloak.models.*;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus;
|
import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
import org.keycloak.services.resources.admin.RealmsAdminResource;
|
import org.keycloak.services.resources.admin.RealmsAdminResource;
|
||||||
import org.keycloak.services.resources.flows.Flows;
|
import org.keycloak.services.resources.flows.Flows;
|
||||||
import org.keycloak.services.validation.Validation;
|
|
||||||
|
|
||||||
import javax.ws.rs.*;
|
import javax.ws.rs.*;
|
||||||
import javax.ws.rs.container.ResourceContext;
|
import javax.ws.rs.container.ResourceContext;
|
||||||
import javax.ws.rs.core.*;
|
import javax.ws.rs.core.*;
|
||||||
|
|
||||||
import java.net.URI;
|
|
||||||
import java.util.LinkedList;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
|
|
@ -87,7 +80,7 @@ public class SaasService {
|
||||||
public Response keepalive(final @Context HttpHeaders headers) {
|
public Response keepalive(final @Context HttpHeaders headers) {
|
||||||
logger.debug("keepalive");
|
logger.debug("keepalive");
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel realm = realmManager.defaultRealm();
|
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||||
if (realm == null)
|
if (realm == null)
|
||||||
throw new NotFoundException();
|
throw new NotFoundException();
|
||||||
UserModel user = authManager.authenticateSaasIdentityCookie(realm, uriInfo, headers);
|
UserModel user = authManager.authenticateSaasIdentityCookie(realm, uriInfo, headers);
|
||||||
|
|
@ -104,14 +97,15 @@ public class SaasService {
|
||||||
@NoCache
|
@NoCache
|
||||||
public Response whoAmI(final @Context HttpHeaders headers) {
|
public Response whoAmI(final @Context HttpHeaders headers) {
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel realm = realmManager.defaultRealm();
|
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||||
if (realm == null)
|
if (realm == null)
|
||||||
throw new NotFoundException();
|
throw new NotFoundException();
|
||||||
UserModel user = authManager.authenticateSaasIdentityCookie(realm, uriInfo, headers);
|
UserModel user = authManager.authenticateSaasIdentityCookie(realm, uriInfo, headers);
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
return Response.status(401).build();
|
return Response.status(401).build();
|
||||||
}
|
}
|
||||||
return Response.ok(new WhoAmI(user.getLoginName(), user.getFirstName() + " " + user.getLastName())).build();
|
// keycloak is bootstrapped with an admin user with no first/last name, so use login name as display name
|
||||||
|
return Response.ok(new WhoAmI(user.getLoginName(), user.getLoginName())).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("isLoggedIn.js")
|
@Path("isLoggedIn.js")
|
||||||
|
|
@ -121,7 +115,7 @@ public class SaasService {
|
||||||
public String isLoggedIn(final @Context HttpHeaders headers) {
|
public String isLoggedIn(final @Context HttpHeaders headers) {
|
||||||
logger.debug("WHOAMI Javascript start.");
|
logger.debug("WHOAMI Javascript start.");
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel realm = realmManager.defaultRealm();
|
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||||
if (realm == null) {
|
if (realm == null) {
|
||||||
return "var keycloakCookieLoggedIn = false;";
|
return "var keycloakCookieLoggedIn = false;";
|
||||||
|
|
||||||
|
|
@ -145,16 +139,20 @@ public class SaasService {
|
||||||
@Path("admin/realms")
|
@Path("admin/realms")
|
||||||
public RealmsAdminResource getRealmsAdmin(@Context final HttpHeaders headers) {
|
public RealmsAdminResource getRealmsAdmin(@Context final HttpHeaders headers) {
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel saasRealm = realmManager.defaultRealm();
|
RealmModel saasRealm = getAdminstrationRealm(realmManager);
|
||||||
if (saasRealm == null)
|
if (saasRealm == null)
|
||||||
throw new NotFoundException();
|
throw new NotFoundException();
|
||||||
UserModel admin = authManager.authenticateSaasIdentity(saasRealm, uriInfo, headers);
|
UserModel admin = authManager.authenticateSaasIdentity(saasRealm, uriInfo, headers);
|
||||||
if (admin == null) {
|
if (admin == null) {
|
||||||
throw new NotAuthorizedException("Bearer");
|
throw new NotAuthorizedException("Bearer");
|
||||||
}
|
}
|
||||||
RoleModel creatorRole = saasRealm.getRole(SaasService.REALM_CREATOR_ROLE);
|
ApplicationModel adminConsole = saasRealm.getApplicationNameMap().get(Constants.ADMIN_CONSOLE_APPLICATION);
|
||||||
if (!saasRealm.hasRole(admin, creatorRole)) {
|
if (adminConsole == null) {
|
||||||
logger.warn("not a Realm creator");
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
RoleModel adminRole = adminConsole.getRole(Constants.ADMIN_CONSOLE_ADMIN_ROLE);
|
||||||
|
if (!adminConsole.hasRole(admin, adminRole)) {
|
||||||
|
logger.warn("not a Realm admin");
|
||||||
throw new NotAuthorizedException("Bearer");
|
throw new NotAuthorizedException("Bearer");
|
||||||
}
|
}
|
||||||
RealmsAdminResource adminResource = new RealmsAdminResource(admin);
|
RealmsAdminResource adminResource = new RealmsAdminResource(admin);
|
||||||
|
|
@ -167,29 +165,18 @@ public class SaasService {
|
||||||
@NoCache
|
@NoCache
|
||||||
public Response loginPage() {
|
public Response loginPage() {
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel realm = realmManager.defaultRealm();
|
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||||
authManager.expireSaasIdentityCookie(uriInfo);
|
authManager.expireSaasIdentityCookie(uriInfo);
|
||||||
|
|
||||||
return Flows.forms(realm, request, uriInfo).forwardToLogin();
|
return Flows.forms(realm, request, uriInfo).forwardToLogin();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("registrations")
|
|
||||||
@GET
|
|
||||||
@NoCache
|
|
||||||
public Response registerPage() {
|
|
||||||
RealmManager realmManager = new RealmManager(session);
|
|
||||||
RealmModel realm = realmManager.defaultRealm();
|
|
||||||
authManager.expireSaasIdentityCookie(uriInfo);
|
|
||||||
|
|
||||||
return Flows.forms(realm, request, uriInfo).forwardToRegistration();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Path("logout")
|
@Path("logout")
|
||||||
@GET
|
@GET
|
||||||
@NoCache
|
@NoCache
|
||||||
public Response logout() {
|
public Response logout() {
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel realm = realmManager.defaultRealm();
|
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||||
authManager.expireSaasIdentityCookie(uriInfo);
|
authManager.expireSaasIdentityCookie(uriInfo);
|
||||||
|
|
||||||
return Flows.forms(realm, request, uriInfo).forwardToLogin();
|
return Flows.forms(realm, request, uriInfo).forwardToLogin();
|
||||||
|
|
@ -209,7 +196,7 @@ public class SaasService {
|
||||||
public Response processLogin(final MultivaluedMap<String, String> formData) {
|
public Response processLogin(final MultivaluedMap<String, String> formData) {
|
||||||
logger.info("processLogin start");
|
logger.info("processLogin start");
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel realm = realmManager.defaultRealm();
|
RealmModel realm = getAdminstrationRealm(realmManager);
|
||||||
if (realm == null)
|
if (realm == null)
|
||||||
throw new NotFoundException();
|
throw new NotFoundException();
|
||||||
|
|
||||||
|
|
@ -236,91 +223,7 @@ public class SaasService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("registrations")
|
protected RealmModel getAdminstrationRealm(RealmManager realmManager) {
|
||||||
@POST
|
return realmManager.getKeycloakAdminstrationRealm();
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
|
||||||
public Response register(final UserRepresentation newUser) {
|
|
||||||
RealmManager realmManager = new RealmManager(session);
|
|
||||||
RealmModel defaultRealm = realmManager.defaultRealm();
|
|
||||||
UserModel user = registerMe(defaultRealm, newUser);
|
|
||||||
if (user == null) {
|
|
||||||
return Response.status(400).type("text/plain").entity("Already exists").build();
|
|
||||||
}
|
|
||||||
URI uri = uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(user.getLoginName()).build();
|
|
||||||
return Response.created(uri).build();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("registrations")
|
|
||||||
@POST
|
|
||||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
|
||||||
public Response processRegister(final MultivaluedMap<String, String> formData) {
|
|
||||||
RealmManager realmManager = new RealmManager(session);
|
|
||||||
RealmModel defaultRealm = realmManager.defaultRealm();
|
|
||||||
|
|
||||||
List<String> requiredCredentialTypes = new LinkedList<String>();
|
|
||||||
for (RequiredCredentialModel m : defaultRealm.getRequiredCredentials()) {
|
|
||||||
requiredCredentialTypes.add(m.getType());
|
|
||||||
}
|
|
||||||
|
|
||||||
String error = Validation.validateRegistrationForm(formData, requiredCredentialTypes);
|
|
||||||
if (error != null) {
|
|
||||||
return Flows.forms(defaultRealm, request, uriInfo).setError(error).setFormData(formData)
|
|
||||||
.forwardToRegistration();
|
|
||||||
}
|
|
||||||
|
|
||||||
UserRepresentation newUser = new UserRepresentation();
|
|
||||||
newUser.setUsername(formData.getFirst("username"));
|
|
||||||
newUser.setEmail(formData.getFirst("email"));
|
|
||||||
|
|
||||||
newUser.setFirstName(formData.getFirst("firstName"));
|
|
||||||
newUser.setLastName(formData.getFirst("lastName"));
|
|
||||||
|
|
||||||
if (requiredCredentialTypes.contains(CredentialRepresentation.PASSWORD)) {
|
|
||||||
newUser.credential(CredentialRepresentation.PASSWORD, formData.getFirst("password"));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (requiredCredentialTypes.contains(CredentialRepresentation.TOTP)) {
|
|
||||||
newUser.credential(CredentialRepresentation.TOTP, formData.getFirst("password"));
|
|
||||||
}
|
|
||||||
|
|
||||||
UserModel user = registerMe(defaultRealm, newUser);
|
|
||||||
if (user == null) {
|
|
||||||
return Flows.forms(defaultRealm, request, uriInfo).setError(Messages.USERNAME_EXISTS)
|
|
||||||
.setFormData(formData).forwardToRegistration();
|
|
||||||
|
|
||||||
}
|
|
||||||
NewCookie cookie = authManager.createSaasIdentityCookie(defaultRealm, user, uriInfo);
|
|
||||||
return Response.status(302).location(contextRoot(uriInfo).path(adminPath).build()).cookie(cookie).build();
|
|
||||||
}
|
|
||||||
|
|
||||||
protected UserModel registerMe(RealmModel defaultRealm, UserRepresentation newUser) {
|
|
||||||
if (!defaultRealm.isEnabled()) {
|
|
||||||
throw new ForbiddenException();
|
|
||||||
}
|
|
||||||
if (!defaultRealm.isRegistrationAllowed()) {
|
|
||||||
throw new ForbiddenException();
|
|
||||||
}
|
|
||||||
UserModel user = defaultRealm.getUser(newUser.getUsername());
|
|
||||||
if (user != null) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
user = defaultRealm.addUser(newUser.getUsername());
|
|
||||||
user.setFirstName(newUser.getFirstName());
|
|
||||||
user.setLastName(newUser.getLastName());
|
|
||||||
user.setEmail(newUser.getEmail());
|
|
||||||
for (CredentialRepresentation cred : newUser.getCredentials()) {
|
|
||||||
UserCredentialModel credModel = new UserCredentialModel();
|
|
||||||
credModel.setType(cred.getType());
|
|
||||||
credModel.setValue(cred.getValue());
|
|
||||||
defaultRealm.updateCredential(user, credModel);
|
|
||||||
}
|
|
||||||
|
|
||||||
for (RoleModel role : defaultRealm.getDefaultRoles()) {
|
|
||||||
defaultRealm.grantRole(user, role);
|
|
||||||
}
|
|
||||||
|
|
||||||
return user;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,6 @@ import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
import org.keycloak.services.managers.AccessCodeEntry;
|
import org.keycloak.services.managers.AccessCodeEntry;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus;
|
import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
|
||||||
import org.keycloak.services.managers.ResourceAdminManager;
|
import org.keycloak.services.managers.ResourceAdminManager;
|
||||||
import org.keycloak.services.managers.TokenManager;
|
import org.keycloak.services.managers.TokenManager;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
|
|
@ -176,6 +175,7 @@ public class TokenService {
|
||||||
public Response processLogin(@QueryParam("client_id") final String clientId, @QueryParam("scope") final String scopeParam,
|
public Response processLogin(@QueryParam("client_id") final String clientId, @QueryParam("scope") final String scopeParam,
|
||||||
@QueryParam("state") final String state, @QueryParam("redirect_uri") final String redirect,
|
@QueryParam("state") final String state, @QueryParam("redirect_uri") final String redirect,
|
||||||
final MultivaluedMap<String, String> formData) {
|
final MultivaluedMap<String, String> formData) {
|
||||||
|
logger.info("TokenService.processLogin");
|
||||||
OAuthFlows oauth = Flows.oauth(realm, request, uriInfo, authManager, tokenManager);
|
OAuthFlows oauth = Flows.oauth(realm, request, uriInfo, authManager, tokenManager);
|
||||||
|
|
||||||
if (!realm.isEnabled()) {
|
if (!realm.isEnabled()) {
|
||||||
|
|
@ -451,8 +451,8 @@ public class TokenService {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
RoleModel resourceRole = realm.getRole(RealmManager.APPLICATION_ROLE);
|
RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||||
RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
|
RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
|
||||||
boolean isResource = realm.hasRole(client, resourceRole);
|
boolean isResource = realm.hasRole(client, resourceRole);
|
||||||
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
|
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
|
||||||
oauth.forwardToSecurityFailure("Login requester not allowed to request login.");
|
oauth.forwardToSecurityFailure("Login requester not allowed to request login.");
|
||||||
|
|
|
||||||
|
|
@ -78,9 +78,6 @@ public class RealmsAdminResource {
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel realm = realmManager.getRealm(id);
|
RealmModel realm = realmManager.getRealm(id);
|
||||||
if (realm == null) throw new NotFoundException();
|
if (realm == null) throw new NotFoundException();
|
||||||
if (!realm.isRealmAdmin(admin)) {
|
|
||||||
throw new ForbiddenException();
|
|
||||||
}
|
|
||||||
|
|
||||||
RealmAdminResource adminResource = new RealmAdminResource(admin, realm);
|
RealmAdminResource adminResource = new RealmAdminResource(admin, realm);
|
||||||
resourceContext.initResource(adminResource);
|
resourceContext.initResource(adminResource);
|
||||||
|
|
|
||||||
|
|
@ -26,9 +26,9 @@ import java.util.Set;
|
||||||
|
|
||||||
import org.jboss.resteasy.logging.Logger;
|
import org.jboss.resteasy.logging.Logger;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
|
import org.keycloak.models.Constants;
|
||||||
import org.keycloak.services.managers.AccessCodeEntry;
|
import org.keycloak.services.managers.AccessCodeEntry;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
|
||||||
import org.keycloak.services.managers.TokenManager;
|
import org.keycloak.services.managers.TokenManager;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.RoleModel;
|
import org.keycloak.models.RoleModel;
|
||||||
|
|
@ -81,8 +81,8 @@ public class OAuthFlows {
|
||||||
}
|
}
|
||||||
|
|
||||||
public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) {
|
public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) {
|
||||||
RoleModel resourceRole = realm.getRole(RealmManager.APPLICATION_ROLE);
|
RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||||
RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
|
RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
|
||||||
boolean isResource = realm.hasRole(client, resourceRole);
|
boolean isResource = realm.hasRole(client, resourceRole);
|
||||||
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
|
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
|
||||||
return forwardToSecurityFailure("Login requester not allowed to request login.");
|
return forwardToSecurityFailure("Login requester not allowed to request login.");
|
||||||
|
|
|
||||||
|
|
@ -1,17 +1,15 @@
|
||||||
package org.keycloak.test;
|
package org.keycloak.test;
|
||||||
|
|
||||||
import org.junit.After;
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Before;
|
|
||||||
import org.junit.FixMethodOrder;
|
import org.junit.FixMethodOrder;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.junit.runners.MethodSorters;
|
import org.junit.runners.MethodSorters;
|
||||||
import org.keycloak.models.*;
|
import org.keycloak.models.*;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
|
import org.keycloak.services.managers.ApplianceBootstrap;
|
||||||
import org.keycloak.services.managers.OAuthClientManager;
|
import org.keycloak.services.managers.OAuthClientManager;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.models.UserModel.RequiredAction;
|
import org.keycloak.models.UserModel.RequiredAction;
|
||||||
import org.keycloak.services.resources.KeycloakApplication;
|
|
||||||
import org.keycloak.test.common.AbstractKeycloakTest;
|
import org.keycloak.test.common.AbstractKeycloakTest;
|
||||||
import org.keycloak.test.common.SessionFactoryTestContext;
|
import org.keycloak.test.common.SessionFactoryTestContext;
|
||||||
|
|
||||||
|
|
@ -35,7 +33,7 @@ public class AdapterTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void installTest() throws Exception {
|
public void installTest() throws Exception {
|
||||||
new InstallationManager().install(getRealmManager());
|
new ApplianceBootstrap().bootstrap(identitySession);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -78,6 +76,48 @@ public class AdapterTest extends AbstractKeycloakTest {
|
||||||
Assert.assertEquals("foo", realmModel.getDefaultRoles().get(0).getName());
|
Assert.assertEquals("foo", realmModel.getDefaultRoles().get(0).getName());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testRealmListing() throws Exception {
|
||||||
|
realmModel = getRealmManager().createRealm("JUGGLER");
|
||||||
|
realmModel.setAccessCodeLifespan(100);
|
||||||
|
realmModel.setAccessCodeLifespanUserAction(600);
|
||||||
|
realmModel.setCookieLoginAllowed(true);
|
||||||
|
realmModel.setEnabled(true);
|
||||||
|
realmModel.setName("JUGGLER");
|
||||||
|
realmModel.setPrivateKeyPem("0234234");
|
||||||
|
realmModel.setPublicKeyPem("0234234");
|
||||||
|
realmModel.setTokenLifespan(1000);
|
||||||
|
realmModel.setAutomaticRegistrationAfterSocialLogin(true);
|
||||||
|
realmModel.addDefaultRole("foo");
|
||||||
|
|
||||||
|
System.out.println(realmModel.getId());
|
||||||
|
realmModel = getRealmManager().getRealm(realmModel.getId());
|
||||||
|
Assert.assertNotNull(realmModel);
|
||||||
|
Assert.assertEquals(realmModel.getAccessCodeLifespan(), 100);
|
||||||
|
Assert.assertEquals(600, realmModel.getAccessCodeLifespanUserAction());
|
||||||
|
Assert.assertEquals(realmModel.getTokenLifespan(), 1000);
|
||||||
|
Assert.assertEquals(realmModel.isEnabled(), true);
|
||||||
|
Assert.assertEquals(realmModel.getName(), "JUGGLER");
|
||||||
|
Assert.assertEquals(realmModel.getPrivateKeyPem(), "0234234");
|
||||||
|
Assert.assertEquals(realmModel.getPublicKeyPem(), "0234234");
|
||||||
|
Assert.assertEquals(realmModel.isAutomaticRegistrationAfterSocialLogin(), true);
|
||||||
|
Assert.assertEquals(1, realmModel.getDefaultRoles().size());
|
||||||
|
Assert.assertEquals("foo", realmModel.getDefaultRoles().get(0).getName());
|
||||||
|
|
||||||
|
String id = realmModel.getId();
|
||||||
|
System.out.println("id: " + id);
|
||||||
|
|
||||||
|
identitySession.getTransaction().commit();
|
||||||
|
identitySession.close();
|
||||||
|
identitySession = factory.createSession();
|
||||||
|
identitySession.getTransaction().begin();
|
||||||
|
realmManager = new RealmManager(identitySession);
|
||||||
|
List<RealmModel> realms = identitySession.getRealms(null);
|
||||||
|
System.out.println("num realms: " + realms.size());
|
||||||
|
Assert.assertEquals(realms.size(), 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void test2RequiredCredential() throws Exception {
|
public void test2RequiredCredential() throws Exception {
|
||||||
test1CreateRealm();
|
test1CreateRealm();
|
||||||
|
|
@ -126,7 +166,7 @@ public class AdapterTest extends AbstractKeycloakTest {
|
||||||
oauth.setBaseUrl("/foo/bar");
|
oauth.setBaseUrl("/foo/bar");
|
||||||
oauth = realmModel.getOAuthClient("oauth-client");
|
oauth = realmModel.getOAuthClient("oauth-client");
|
||||||
Assert.assertEquals("/foo/bar", oauth.getBaseUrl());
|
Assert.assertEquals("/foo/bar", oauth.getBaseUrl());
|
||||||
Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), RealmManager.IDENTITY_REQUESTER_ROLE));
|
Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), Constants.IDENTITY_REQUESTER_ROLE));
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -39,26 +39,9 @@ public class ImportTest extends AbstractKeycloakTest {
|
||||||
@Test
|
@Test
|
||||||
public void install() throws Exception {
|
public void install() throws Exception {
|
||||||
RealmManager manager = getRealmManager();
|
RealmManager manager = getRealmManager();
|
||||||
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
|
|
||||||
defaultRealm.setName(RealmModel.DEFAULT_REALM);
|
|
||||||
defaultRealm.setEnabled(true);
|
|
||||||
defaultRealm.setTokenLifespan(300);
|
|
||||||
defaultRealm.setAccessCodeLifespan(60);
|
|
||||||
defaultRealm.setAccessCodeLifespanUserAction(600);
|
|
||||||
defaultRealm.setSslNotRequired(false);
|
|
||||||
defaultRealm.setCookieLoginAllowed(true);
|
|
||||||
defaultRealm.setRegistrationAllowed(true);
|
|
||||||
defaultRealm.setAutomaticRegistrationAfterSocialLogin(false);
|
|
||||||
manager.generateRealmKeys(defaultRealm);
|
|
||||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
|
||||||
RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
|
||||||
UserModel admin = defaultRealm.addUser("admin");
|
|
||||||
defaultRealm.grantRole(admin, role);
|
|
||||||
|
|
||||||
RealmRepresentation rep = AbstractKeycloakServerTest.loadJson("testrealm.json");
|
RealmRepresentation rep = AbstractKeycloakServerTest.loadJson("testrealm.json");
|
||||||
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
||||||
manager.importRealm(rep, realm);
|
manager.importRealm(rep, realm);
|
||||||
realm.addRealmAdmin(admin);
|
|
||||||
|
|
||||||
Assert.assertTrue(realm.isVerifyEmail());
|
Assert.assertTrue(realm.isVerifyEmail());
|
||||||
|
|
||||||
|
|
@ -81,8 +64,6 @@ public class ImportTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
List<ApplicationModel> resources = realm.getApplications();
|
List<ApplicationModel> resources = realm.getApplications();
|
||||||
Assert.assertEquals(2, resources.size());
|
Assert.assertEquals(2, resources.size());
|
||||||
List<RealmModel> realms = getIdentitySession().getRealms(admin);
|
|
||||||
Assert.assertEquals(1, realms.size());
|
|
||||||
|
|
||||||
// Test scope relationship
|
// Test scope relationship
|
||||||
ApplicationModel application = realm.getApplicationNameMap().get("Application");
|
ApplicationModel application = realm.getApplicationNameMap().get("Application");
|
||||||
|
|
@ -118,26 +99,9 @@ public class ImportTest extends AbstractKeycloakTest {
|
||||||
@Test
|
@Test
|
||||||
public void install2() throws Exception {
|
public void install2() throws Exception {
|
||||||
RealmManager manager = getRealmManager();
|
RealmManager manager = getRealmManager();
|
||||||
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
|
|
||||||
defaultRealm.setName(RealmModel.DEFAULT_REALM);
|
|
||||||
defaultRealm.setEnabled(true);
|
|
||||||
defaultRealm.setTokenLifespan(300);
|
|
||||||
defaultRealm.setAccessCodeLifespan(60);
|
|
||||||
defaultRealm.setAccessCodeLifespanUserAction(600);
|
|
||||||
defaultRealm.setSslNotRequired(false);
|
|
||||||
defaultRealm.setCookieLoginAllowed(true);
|
|
||||||
defaultRealm.setRegistrationAllowed(true);
|
|
||||||
defaultRealm.setAutomaticRegistrationAfterSocialLogin(false);
|
|
||||||
manager.generateRealmKeys(defaultRealm);
|
|
||||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
|
||||||
RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
|
||||||
UserModel admin = defaultRealm.addUser("admin");
|
|
||||||
defaultRealm.grantRole(admin, role);
|
|
||||||
|
|
||||||
RealmRepresentation rep = AbstractKeycloakServerTest.loadJson("testrealm-demo.json");
|
RealmRepresentation rep = AbstractKeycloakServerTest.loadJson("testrealm-demo.json");
|
||||||
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
||||||
manager.importRealm(rep, realm);
|
manager.importRealm(rep, realm);
|
||||||
realm.addRealmAdmin(admin);
|
|
||||||
|
|
||||||
Assert.assertTrue(realm.isAutomaticRegistrationAfterSocialLogin());
|
Assert.assertTrue(realm.isAutomaticRegistrationAfterSocialLogin());
|
||||||
Assert.assertEquals(600, realm.getAccessCodeLifespanUserAction());
|
Assert.assertEquals(600, realm.getAccessCodeLifespanUserAction());
|
||||||
|
|
|
||||||
|
|
@ -1,32 +0,0 @@
|
||||||
package org.keycloak.test;
|
|
||||||
|
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
|
||||||
import org.keycloak.services.managers.RealmManager;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.services.resources.SaasService;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
|
||||||
* @version $Revision: 1 $
|
|
||||||
*/
|
|
||||||
public class InstallationManager {
|
|
||||||
public void install(RealmManager manager) {
|
|
||||||
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
|
|
||||||
defaultRealm.setName(RealmModel.DEFAULT_REALM);
|
|
||||||
defaultRealm.setEnabled(true);
|
|
||||||
defaultRealm.setTokenLifespan(300);
|
|
||||||
defaultRealm.setAccessCodeLifespan(60);
|
|
||||||
defaultRealm.setAccessCodeLifespanUserAction(600);
|
|
||||||
defaultRealm.setSslNotRequired(false);
|
|
||||||
defaultRealm.setCookieLoginAllowed(true);
|
|
||||||
defaultRealm.setRegistrationAllowed(true);
|
|
||||||
manager.generateRealmKeys(defaultRealm);
|
|
||||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
|
||||||
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
|
||||||
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean isInstalled(RealmManager manager) {
|
|
||||||
return manager.defaultRealm() != null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -1,74 +0,0 @@
|
||||||
package org.keycloak.test;
|
|
||||||
|
|
||||||
import org.junit.Assert;
|
|
||||||
import org.junit.BeforeClass;
|
|
||||||
import org.junit.Test;
|
|
||||||
import org.keycloak.representations.AccessTokenResponse;
|
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
|
||||||
import org.keycloak.services.managers.RealmManager;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
|
|
||||||
import javax.ws.rs.NotAuthorizedException;
|
|
||||||
import javax.ws.rs.client.Entity;
|
|
||||||
import javax.ws.rs.client.WebTarget;
|
|
||||||
import javax.ws.rs.core.Form;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
|
||||||
import javax.ws.rs.core.Response;
|
|
||||||
|
|
||||||
import static org.jboss.resteasy.test.TestPortProvider.generateURL;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
|
||||||
* @version $Revision: 1 $
|
|
||||||
*/
|
|
||||||
public class RealmCreationTest extends AbstractKeycloakServerTest {
|
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void before() throws Exception {
|
|
||||||
KeycloakSession session = application.getFactory().createSession();
|
|
||||||
session.getTransaction().begin();
|
|
||||||
RealmManager manager = new RealmManager(session);
|
|
||||||
new InstallationManager().install(manager);
|
|
||||||
session.getTransaction().commit();
|
|
||||||
session.close();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testRegisterLoginAndCreate() throws Exception {
|
|
||||||
UserRepresentation user = new UserRepresentation();
|
|
||||||
user.setUsername("bburke");
|
|
||||||
user.credential(CredentialRepresentation.PASSWORD, "geheim");
|
|
||||||
|
|
||||||
WebTarget target = client.target(generateURL("/"));
|
|
||||||
Response response = target.path("saas/registrations").request().post(Entity.json(user));
|
|
||||||
Assert.assertEquals(201, response.getStatus());
|
|
||||||
response.close();
|
|
||||||
|
|
||||||
|
|
||||||
AccessTokenResponse tokenResponse = null;
|
|
||||||
try {
|
|
||||||
Form form = new Form();
|
|
||||||
form.param(AuthenticationManager.FORM_USERNAME, "bburke");
|
|
||||||
form.param(CredentialRepresentation.PASSWORD, "badpassword");
|
|
||||||
tokenResponse = target.path("realms").path(RealmModel.DEFAULT_REALM).path("tokens/grants/identity-token").request().post(Entity.form(form), AccessTokenResponse.class);
|
|
||||||
Assert.fail();
|
|
||||||
} catch (NotAuthorizedException e) {
|
|
||||||
}
|
|
||||||
Form form = new Form();
|
|
||||||
form.param(AuthenticationManager.FORM_USERNAME, "bburke");
|
|
||||||
form.param(CredentialRepresentation.PASSWORD, "geheim");
|
|
||||||
tokenResponse = target.path("realms").path(RealmModel.DEFAULT_REALM).path("tokens/grants/identity-token").request().post(Entity.form(form), AccessTokenResponse.class);
|
|
||||||
Assert.assertNotNull(tokenResponse);
|
|
||||||
System.out.println(tokenResponse.getToken());
|
|
||||||
//
|
|
||||||
|
|
||||||
RealmRepresentation realm = loadJson("testrealm.json");
|
|
||||||
response = target.path("saas/admin/realms").request().header(HttpHeaders.AUTHORIZATION, "Bearer " + tokenResponse.getToken()).post(Entity.json(realm));
|
|
||||||
Assert.assertEquals(201, response.getStatus());
|
|
||||||
response.close();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
6
services/src/test/java/org/keycloak/test/common/AbstractKeycloakTest.java
Normal file → Executable file
6
services/src/test/java/org/keycloak/test/common/AbstractKeycloakTest.java
Normal file → Executable file
|
|
@ -24,9 +24,9 @@ public abstract class AbstractKeycloakTest {
|
||||||
protected static final SessionFactoryTestContext[] TEST_CONTEXTS;
|
protected static final SessionFactoryTestContext[] TEST_CONTEXTS;
|
||||||
|
|
||||||
private final SessionFactoryTestContext testContext;
|
private final SessionFactoryTestContext testContext;
|
||||||
private KeycloakSessionFactory factory;
|
protected KeycloakSessionFactory factory;
|
||||||
private KeycloakSession identitySession;
|
protected KeycloakSession identitySession;
|
||||||
private RealmManager realmManager;
|
protected RealmManager realmManager;
|
||||||
|
|
||||||
// STATIC METHODS
|
// STATIC METHODS
|
||||||
|
|
||||||
|
|
|
||||||
26
testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java
Normal file → Executable file
26
testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java
Normal file → Executable file
|
|
@ -37,17 +37,12 @@ import org.jboss.resteasy.jwt.JsonSerialization;
|
||||||
import org.jboss.resteasy.logging.Logger;
|
import org.jboss.resteasy.logging.Logger;
|
||||||
import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer;
|
import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer;
|
||||||
import org.jboss.resteasy.spi.ResteasyDeployment;
|
import org.jboss.resteasy.spi.ResteasyDeployment;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.*;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.models.RoleModel;
|
|
||||||
import org.keycloak.models.UserModel;
|
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.services.filters.KeycloakSessionServletFilter;
|
import org.keycloak.services.filters.KeycloakSessionServletFilter;
|
||||||
|
import org.keycloak.services.managers.ApplianceBootstrap;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.resources.KeycloakApplication;
|
import org.keycloak.services.resources.KeycloakApplication;
|
||||||
import org.keycloak.services.resources.SaasService;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
|
|
@ -211,24 +206,11 @@ public class KeycloakServer {
|
||||||
try {
|
try {
|
||||||
RealmManager manager = new RealmManager(session);
|
RealmManager manager = new RealmManager(session);
|
||||||
|
|
||||||
if (manager.getRealm(RealmModel.DEFAULT_REALM) != null) {
|
if (manager.getRealm(Constants.ADMIN_REALM) != null) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
|
new ApplianceBootstrap().bootstrap(session);
|
||||||
defaultRealm.setName(RealmModel.DEFAULT_REALM);
|
|
||||||
defaultRealm.setEnabled(true);
|
|
||||||
defaultRealm.setTokenLifespan(300);
|
|
||||||
defaultRealm.setAccessCodeLifespan(60);
|
|
||||||
defaultRealm.setAccessCodeLifespanUserAction(600);
|
|
||||||
defaultRealm.setSslNotRequired(true);
|
|
||||||
defaultRealm.setCookieLoginAllowed(true);
|
|
||||||
defaultRealm.setRegistrationAllowed(true);
|
|
||||||
manager.generateRealmKeys(defaultRealm);
|
|
||||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
|
||||||
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
|
||||||
defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
|
|
||||||
|
|
||||||
session.getTransaction().commit();
|
session.getTransaction().commit();
|
||||||
} finally {
|
} finally {
|
||||||
session.close();
|
session.close();
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,7 @@ import javax.servlet.Servlet;
|
||||||
|
|
||||||
import org.jboss.resteasy.jwt.JsonSerialization;
|
import org.jboss.resteasy.jwt.JsonSerialization;
|
||||||
import org.junit.rules.ExternalResource;
|
import org.junit.rules.ExternalResource;
|
||||||
|
import org.keycloak.models.Constants;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
|
|
@ -104,10 +105,10 @@ public class KeycloakRule extends ExternalResource {
|
||||||
try {
|
try {
|
||||||
RealmManager manager = new RealmManager(session);
|
RealmManager manager = new RealmManager(session);
|
||||||
|
|
||||||
RealmModel defaultRealm = manager.getRealm(RealmModel.DEFAULT_REALM);
|
RealmModel adminstrationRealm = manager.getRealm(Constants.ADMIN_REALM);
|
||||||
RealmModel appRealm = manager.getRealm("test");
|
RealmModel appRealm = manager.getRealm("test");
|
||||||
|
|
||||||
configurer.config(manager, defaultRealm, appRealm);
|
configurer.config(manager, null, appRealm);
|
||||||
|
|
||||||
session.getTransaction().commit();
|
session.getTransaction().commit();
|
||||||
} finally {
|
} finally {
|
||||||
|
|
@ -117,7 +118,7 @@ public class KeycloakRule extends ExternalResource {
|
||||||
|
|
||||||
public interface KeycloakSetup {
|
public interface KeycloakSetup {
|
||||||
|
|
||||||
void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm);
|
void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue