KEYCLOAK-72 and KEYCLOAK-158

This commit is contained in:
Stian Thorgersen 2013-11-15 11:03:15 +00:00
parent 051017abc8
commit 158d1740b8
11 changed files with 56 additions and 37 deletions

View file

@ -33,6 +33,7 @@ public class RealmRepresentation {
protected Set<String> requiredApplicationCredentials; protected Set<String> requiredApplicationCredentials;
protected Set<String> requiredOAuthClientCredentials; protected Set<String> requiredOAuthClientCredentials;
protected List<UserRepresentation> users; protected List<UserRepresentation> users;
protected List<UserRepresentation> clients;
protected List<UserRoleMappingRepresentation> roleMappings; protected List<UserRoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings; protected List<ScopeMappingRepresentation> scopeMappings;
protected List<SocialMappingRepresentation> socialMappings; protected List<SocialMappingRepresentation> socialMappings;
@ -68,6 +69,10 @@ public class RealmRepresentation {
return users; return users;
} }
public List<UserRepresentation> getClients() {
return clients;
}
public List<ApplicationRepresentation> getApplications() { public List<ApplicationRepresentation> getApplications() {
return applications; return applications;
} }
@ -84,6 +89,10 @@ public class RealmRepresentation {
this.users = users; this.users = users;
} }
public void setClients(List<UserRepresentation> clients) {
this.clients = clients;
}
public UserRepresentation user(String username) { public UserRepresentation user(String username) {
UserRepresentation user = new UserRepresentation(); UserRepresentation user = new UserRepresentation();
user.setUsername(username); user.setUsername(username);

View file

@ -26,7 +26,9 @@
{ "type" : "password", { "type" : "password",
"value" : "password" } "value" : "password" }
] ]
}, }
],
"clients" : [
{ {
"username" : "third-party", "username" : "third-party",
"enabled": true, "enabled": true,
@ -50,10 +52,6 @@
{ {
"username": "bburke@redhat.com", "username": "bburke@redhat.com",
"roles": ["user"] "roles": ["user"]
},
{
"username": "third-party",
"roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
} }
], ],
"scopeMappings": [ "scopeMappings": [

View file

@ -26,7 +26,9 @@
{ "type" : "password", { "type" : "password",
"value" : "password" } "value" : "password" }
] ]
}, }
],
"clients" : [
{ {
"username" : "third-party", "username" : "third-party",
"enabled": true, "enabled": true,
@ -50,10 +52,6 @@
{ {
"username": "bburke@redhat.com", "username": "bburke@redhat.com",
"roles": ["user"] "roles": ["user"]
},
{
"username": "third-party",
"roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
} }
], ],
"scopeMappings": [ "scopeMappings": [

View file

@ -5,11 +5,12 @@ package org.keycloak.models;
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public interface Constants { public interface Constants {
String INTERNAL_ROLE = "KEYCLOAK_";
String ADMIN_REALM = "Keycloak Administration"; String ADMIN_REALM = "Keycloak Administration";
String ADMIN_CONSOLE_APPLICATION = "Admin Console"; String ADMIN_CONSOLE_APPLICATION = "Admin Console";
String ADMIN_CONSOLE_ADMIN_ROLE = "admin"; String ADMIN_CONSOLE_ADMIN_ROLE = "admin";
String APPLICATION_ROLE = "KEYCLOAK_APPLICATION"; String APPLICATION_ROLE = INTERNAL_ROLE + "_APPLICATION";
String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER"; String IDENTITY_REQUESTER_ROLE = INTERNAL_ROLE + "_IDENTITY_REQUESTER";
String WILDCARD_ROLE = "*"; String WILDCARD_ROLE = "*";
String ACCOUNT_APPLICATION = "Account"; String ACCOUNT_APPLICATION = "Account";

View file

@ -661,7 +661,6 @@ public class RealmAdapter implements RealmModel {
builder.append(attribute).append(" like '%").append(entry.getValue().toLowerCase()).append("%'"); builder.append(attribute).append(" like '%").append(entry.getValue().toLowerCase()).append("%'");
} }
String q = builder.toString(); String q = builder.toString();
System.out.println(q);
TypedQuery<UserEntity> query = em.createQuery(q, UserEntity.class); TypedQuery<UserEntity> query = em.createQuery(q, UserEntity.class);
List<UserEntity> results = query.getResultList(); List<UserEntity> results = query.getResultList();
List<UserModel> users = new ArrayList<UserModel>(); List<UserModel> users = new ArrayList<UserModel>();

View file

@ -224,6 +224,14 @@ public class RealmManager {
} }
} }
if (rep.getClients() != null) {
for (UserRepresentation clientRep : rep.getClients()) {
UserModel client = createUser(newRealm, clientRep);
newRealm.grantRole(client, newRealm.getRole(Constants.IDENTITY_REQUESTER_ROLE));
userMap.put(client.getLoginName(), client);
}
}
if (rep.getRoles() != null) { if (rep.getRoles() != null) {
for (RoleRepresentation roleRep : rep.getRoles()) { for (RoleRepresentation roleRep : rep.getRoles()) {
createRole(newRealm, roleRep); createRole(newRealm, roleRep);

View file

@ -1,6 +1,7 @@
package org.keycloak.services.resources.admin; package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.models.Constants;
import org.keycloak.models.RoleContainerModel; import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
@ -39,9 +40,11 @@ public class RoleContainerResource {
List<RoleModel> roleModels = roleContainer.getRoles(); List<RoleModel> roleModels = roleContainer.getRoles();
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>(); List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : roleModels) { for (RoleModel roleModel : roleModels) {
RoleRepresentation role = new RoleRepresentation(roleModel.getName(), roleModel.getDescription()); if (!roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
role.setId(roleModel.getId()); RoleRepresentation role = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
roles.add(role); role.setId(roleModel.getId());
roles.add(role);
}
} }
return roles; return roles;
} }
@ -52,7 +55,7 @@ public class RoleContainerResource {
@Produces("application/json") @Produces("application/json")
public RoleRepresentation getRole(final @PathParam("id") String id) { public RoleRepresentation getRole(final @PathParam("id") String id) {
RoleModel roleModel = roleContainer.getRoleById(id); RoleModel roleModel = roleContainer.getRoleById(id);
if (roleModel == null) { if (roleModel == null || roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException(); throw new NotFoundException();
} }
RoleRepresentation rep = new RoleRepresentation(roleModel.getName(), roleModel.getDescription()); RoleRepresentation rep = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
@ -65,7 +68,7 @@ public class RoleContainerResource {
@Consumes("application/json") @Consumes("application/json")
public void updateRole(final @PathParam("id") String id, final RoleRepresentation rep) { public void updateRole(final @PathParam("id") String id, final RoleRepresentation rep) {
RoleModel role = roleContainer.getRoleById(id); RoleModel role = roleContainer.getRoleById(id);
if (role == null) { if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException(); throw new NotFoundException();
} }
role.setName(rep.getName()); role.setName(rep.getName());
@ -76,7 +79,7 @@ public class RoleContainerResource {
@POST @POST
@Consumes("application/json") @Consumes("application/json")
public Response createRole(final @Context UriInfo uriInfo, final RoleRepresentation rep) { public Response createRole(final @Context UriInfo uriInfo, final RoleRepresentation rep) {
if (roleContainer.getRole(rep.getName()) != null) { if (roleContainer.getRole(rep.getName()) != null || rep.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new InternalServerErrorException(); // todo appropriate status here. throw new InternalServerErrorException(); // todo appropriate status here.
} }
RoleModel role = roleContainer.addRole(rep.getName()); RoleModel role = roleContainer.addRole(rep.getName());

View file

@ -3,6 +3,7 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger; import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.ApplicationModel; import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
@ -98,7 +99,7 @@ public class UsersResource {
@Produces("application/json") @Produces("application/json")
public UserRepresentation getUser(final @PathParam("username") String username) { public UserRepresentation getUser(final @PathParam("username") String username) {
UserModel user = realm.getUser(username); UserModel user = realm.getUser(username);
if (user == null) { if (user == null || !isUser(user)) {
throw new NotFoundException(); throw new NotFoundException();
} }
return new RealmManager(session).toRepresentation(user); return new RealmManager(session).toRepresentation(user);
@ -117,7 +118,9 @@ public class UsersResource {
if (search != null) { if (search != null) {
List<UserModel> userModels = manager.searchUsers(search, realm); List<UserModel> userModels = manager.searchUsers(search, realm);
for (UserModel user : userModels) { for (UserModel user : userModels) {
results.add(manager.toRepresentation(user)); if (isUser(user)) {
results.add(manager.toRepresentation(user));
}
} }
} else { } else {
Map<String, String> attributes = new HashMap<String, String>(); Map<String, String> attributes = new HashMap<String, String>();
@ -142,6 +145,10 @@ public class UsersResource {
return results; return results;
} }
private boolean isUser(UserModel user) {
return !realm.hasRole(user, realm.getRole(Constants.IDENTITY_REQUESTER_ROLE)) && !realm.hasRole(user, realm.getRole(Constants.APPLICATION_ROLE));
}
@Path("{username}/role-mappings") @Path("{username}/role-mappings")
@GET @GET
@Produces("application/json") @Produces("application/json")

View file

@ -23,7 +23,9 @@
{ "type" : "Password", { "type" : "Password",
"value" : "password" } "value" : "password" }
] ]
}, }
],
"clients" : [
{ {
"username" : "third-party", "username" : "third-party",
"enabled": true, "enabled": true,
@ -47,10 +49,6 @@
{ {
"username": "bburke@redhat.com", "username": "bburke@redhat.com",
"roles": ["user"] "roles": ["user"]
},
{
"username": "third-party",
"roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
} }
], ],
"scopeMappings": [ "scopeMappings": [

View file

@ -63,7 +63,7 @@ public class AccessTokenTest {
Assert.assertEquals(200, response.getStatusCode()); Assert.assertEquals(200, response.getStatusCode());
Assert.assertTrue(response.getExpiresIn() <= 300 && response.getExpiresIn() >= 250); Assert.assertTrue(response.getExpiresIn() <= 600 && response.getExpiresIn() >= 550);
Assert.assertEquals("bearer", response.getTokenType()); Assert.assertEquals("bearer", response.getTokenType());

View file

@ -2,8 +2,8 @@
"id": "test", "id": "test",
"realm": "test", "realm": "test",
"enabled": true, "enabled": true,
"tokenLifespan": 300, "tokenLifespan": 600,
"accessCodeLifespan": 10, "accessCodeLifespan": 600,
"accessCodeLifespanUserAction": 600, "accessCodeLifespanUserAction": 600,
"sslNotRequired": true, "sslNotRequired": true,
"cookieLoginAllowed": true, "cookieLoginAllowed": true,
@ -30,7 +30,9 @@
{ "type" : "password", { "type" : "password",
"value" : "password" } "value" : "password" }
] ]
}, }
],
"clients" : [
{ {
"username" : "third-party", "username" : "third-party",
"enabled": true, "enabled": true,
@ -54,10 +56,6 @@
{ {
"username": "test-user@localhost", "username": "test-user@localhost",
"roles": ["user"] "roles": ["user"]
},
{
"username": "third-party",
"roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
} }
], ],
"scopeMappings": [ "scopeMappings": [