KEYCLOAK-72 and KEYCLOAK-158
This commit is contained in:
Stian Thorgersen
parent
051017abc8
commit
158d1740b8
11 changed files with 56 additions and 37 deletions
|
|
@ -33,6 +33,7 @@ public class RealmRepresentation {
|
|||
protected Set<String> requiredApplicationCredentials;
|
||||
protected Set<String> requiredOAuthClientCredentials;
|
||||
protected List<UserRepresentation> users;
|
||||
protected List<UserRepresentation> clients;
|
||||
protected List<UserRoleMappingRepresentation> roleMappings;
|
||||
protected List<ScopeMappingRepresentation> scopeMappings;
|
||||
protected List<SocialMappingRepresentation> socialMappings;
|
||||
|
|
@ -68,6 +69,10 @@ public class RealmRepresentation {
|
|||
return users;
|
||||
}
|
||||
|
||||
public List<UserRepresentation> getClients() {
|
||||
return clients;
|
||||
}
|
||||
|
||||
public List<ApplicationRepresentation> getApplications() {
|
||||
return applications;
|
||||
}
|
||||
|
|
@ -84,6 +89,10 @@ public class RealmRepresentation {
|
|||
this.users = users;
|
||||
}
|
||||
|
||||
public void setClients(List<UserRepresentation> clients) {
|
||||
this.clients = clients;
|
||||
}
|
||||
|
||||
public UserRepresentation user(String username) {
|
||||
UserRepresentation user = new UserRepresentation();
|
||||
user.setUsername(username);
|
||||
|
|
|
|||
|
|
@ -26,7 +26,9 @@
|
|||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
]
|
||||
},
|
||||
}
|
||||
],
|
||||
"clients" : [
|
||||
{
|
||||
"username" : "third-party",
|
||||
"enabled": true,
|
||||
|
|
@ -50,10 +52,6 @@
|
|||
{
|
||||
"username": "bburke@redhat.com",
|
||||
"roles": ["user"]
|
||||
},
|
||||
{
|
||||
"username": "third-party",
|
||||
"roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
|
||||
}
|
||||
],
|
||||
"scopeMappings": [
|
||||
|
|
@ -88,4 +86,4 @@
|
|||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,9 @@
|
|||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
]
|
||||
},
|
||||
}
|
||||
],
|
||||
"clients" : [
|
||||
{
|
||||
"username" : "third-party",
|
||||
"enabled": true,
|
||||
|
|
@ -50,10 +52,6 @@
|
|||
{
|
||||
"username": "bburke@redhat.com",
|
||||
"roles": ["user"]
|
||||
},
|
||||
{
|
||||
"username": "third-party",
|
||||
"roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
|
||||
}
|
||||
],
|
||||
"scopeMappings": [
|
||||
|
|
@ -89,4 +87,4 @@
|
|||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,11 +5,12 @@ package org.keycloak.models;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface Constants {
|
||||
String INTERNAL_ROLE = "KEYCLOAK_";
|
||||
String ADMIN_REALM = "Keycloak Administration";
|
||||
String ADMIN_CONSOLE_APPLICATION = "Admin Console";
|
||||
String ADMIN_CONSOLE_ADMIN_ROLE = "admin";
|
||||
String APPLICATION_ROLE = "KEYCLOAK_APPLICATION";
|
||||
String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER";
|
||||
String APPLICATION_ROLE = INTERNAL_ROLE + "_APPLICATION";
|
||||
String IDENTITY_REQUESTER_ROLE = INTERNAL_ROLE + "_IDENTITY_REQUESTER";
|
||||
String WILDCARD_ROLE = "*";
|
||||
|
||||
String ACCOUNT_APPLICATION = "Account";
|
||||
|
|
|
|||
|
|
@ -661,7 +661,6 @@ public class RealmAdapter implements RealmModel {
|
|||
builder.append(attribute).append(" like '%").append(entry.getValue().toLowerCase()).append("%'");
|
||||
}
|
||||
String q = builder.toString();
|
||||
System.out.println(q);
|
||||
TypedQuery<UserEntity> query = em.createQuery(q, UserEntity.class);
|
||||
List<UserEntity> results = query.getResultList();
|
||||
List<UserModel> users = new ArrayList<UserModel>();
|
||||
|
|
|
|||
|
|
@ -224,6 +224,14 @@ public class RealmManager {
|
|||
}
|
||||
}
|
||||
|
||||
if (rep.getClients() != null) {
|
||||
for (UserRepresentation clientRep : rep.getClients()) {
|
||||
UserModel client = createUser(newRealm, clientRep);
|
||||
newRealm.grantRole(client, newRealm.getRole(Constants.IDENTITY_REQUESTER_ROLE));
|
||||
userMap.put(client.getLoginName(), client);
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getRoles() != null) {
|
||||
for (RoleRepresentation roleRep : rep.getRoles()) {
|
||||
createRole(newRealm, roleRep);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package org.keycloak.services.resources.admin;
|
||||
|
||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.RoleContainerModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
|
|
@ -39,9 +40,11 @@ public class RoleContainerResource {
|
|||
List<RoleModel> roleModels = roleContainer.getRoles();
|
||||
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
|
||||
for (RoleModel roleModel : roleModels) {
|
||||
RoleRepresentation role = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
|
||||
role.setId(roleModel.getId());
|
||||
roles.add(role);
|
||||
if (!roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
|
||||
RoleRepresentation role = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
|
||||
role.setId(roleModel.getId());
|
||||
roles.add(role);
|
||||
}
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
|
|
@ -52,7 +55,7 @@ public class RoleContainerResource {
|
|||
@Produces("application/json")
|
||||
public RoleRepresentation getRole(final @PathParam("id") String id) {
|
||||
RoleModel roleModel = roleContainer.getRoleById(id);
|
||||
if (roleModel == null) {
|
||||
if (roleModel == null || roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
|
||||
throw new NotFoundException();
|
||||
}
|
||||
RoleRepresentation rep = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
|
||||
|
|
@ -65,7 +68,7 @@ public class RoleContainerResource {
|
|||
@Consumes("application/json")
|
||||
public void updateRole(final @PathParam("id") String id, final RoleRepresentation rep) {
|
||||
RoleModel role = roleContainer.getRoleById(id);
|
||||
if (role == null) {
|
||||
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
|
||||
throw new NotFoundException();
|
||||
}
|
||||
role.setName(rep.getName());
|
||||
|
|
@ -76,7 +79,7 @@ public class RoleContainerResource {
|
|||
@POST
|
||||
@Consumes("application/json")
|
||||
public Response createRole(final @Context UriInfo uriInfo, final RoleRepresentation rep) {
|
||||
if (roleContainer.getRole(rep.getName()) != null) {
|
||||
if (roleContainer.getRole(rep.getName()) != null || rep.getName().startsWith(Constants.INTERNAL_ROLE)) {
|
||||
throw new InternalServerErrorException(); // todo appropriate status here.
|
||||
}
|
||||
RoleModel role = roleContainer.addRole(rep.getName());
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package org.keycloak.services.resources.admin;
|
|||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.jboss.resteasy.logging.Logger;
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
|
|
@ -98,7 +99,7 @@ public class UsersResource {
|
|||
@Produces("application/json")
|
||||
public UserRepresentation getUser(final @PathParam("username") String username) {
|
||||
UserModel user = realm.getUser(username);
|
||||
if (user == null) {
|
||||
if (user == null || !isUser(user)) {
|
||||
throw new NotFoundException();
|
||||
}
|
||||
return new RealmManager(session).toRepresentation(user);
|
||||
|
|
@ -117,7 +118,9 @@ public class UsersResource {
|
|||
if (search != null) {
|
||||
List<UserModel> userModels = manager.searchUsers(search, realm);
|
||||
for (UserModel user : userModels) {
|
||||
results.add(manager.toRepresentation(user));
|
||||
if (isUser(user)) {
|
||||
results.add(manager.toRepresentation(user));
|
||||
}
|
||||
}
|
||||
} else {
|
||||
Map<String, String> attributes = new HashMap<String, String>();
|
||||
|
|
@ -142,6 +145,10 @@ public class UsersResource {
|
|||
return results;
|
||||
}
|
||||
|
||||
private boolean isUser(UserModel user) {
|
||||
return !realm.hasRole(user, realm.getRole(Constants.IDENTITY_REQUESTER_ROLE)) && !realm.hasRole(user, realm.getRole(Constants.APPLICATION_ROLE));
|
||||
}
|
||||
|
||||
@Path("{username}/role-mappings")
|
||||
@GET
|
||||
@Produces("application/json")
|
||||
|
|
|
|||
|
|
@ -23,7 +23,9 @@
|
|||
{ "type" : "Password",
|
||||
"value" : "password" }
|
||||
]
|
||||
},
|
||||
}
|
||||
],
|
||||
"clients" : [
|
||||
{
|
||||
"username" : "third-party",
|
||||
"enabled": true,
|
||||
|
|
@ -47,10 +49,6 @@
|
|||
{
|
||||
"username": "bburke@redhat.com",
|
||||
"roles": ["user"]
|
||||
},
|
||||
{
|
||||
"username": "third-party",
|
||||
"roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
|
||||
}
|
||||
],
|
||||
"scopeMappings": [
|
||||
|
|
@ -87,4 +85,4 @@
|
|||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ public class AccessTokenTest {
|
|||
|
||||
Assert.assertEquals(200, response.getStatusCode());
|
||||
|
||||
Assert.assertTrue(response.getExpiresIn() <= 300 && response.getExpiresIn() >= 250);
|
||||
Assert.assertTrue(response.getExpiresIn() <= 600 && response.getExpiresIn() >= 550);
|
||||
|
||||
Assert.assertEquals("bearer", response.getTokenType());
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
"id": "test",
|
||||
"realm": "test",
|
||||
"enabled": true,
|
||||
"tokenLifespan": 300,
|
||||
"accessCodeLifespan": 10,
|
||||
"tokenLifespan": 600,
|
||||
"accessCodeLifespan": 600,
|
||||
"accessCodeLifespanUserAction": 600,
|
||||
"sslNotRequired": true,
|
||||
"cookieLoginAllowed": true,
|
||||
|
|
@ -30,7 +30,9 @@
|
|||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
]
|
||||
},
|
||||
}
|
||||
],
|
||||
"clients" : [
|
||||
{
|
||||
"username" : "third-party",
|
||||
"enabled": true,
|
||||
|
|
@ -54,10 +56,6 @@
|
|||
{
|
||||
"username": "test-user@localhost",
|
||||
"roles": ["user"]
|
||||
},
|
||||
{
|
||||
"username": "third-party",
|
||||
"roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
|
||||
}
|
||||
],
|
||||
"scopeMappings": [
|
||||
|
|
|
|||
Loading…
Reference in a new issue