KEYCLOAK-72 and KEYCLOAK-158

This commit is contained in:
Stian Thorgersen 2013-11-15 11:03:15 +00:00
parent 051017abc8
commit 158d1740b8
11 changed files with 56 additions and 37 deletions

View file

@ -33,6 +33,7 @@ public class RealmRepresentation {
protected Set<String> requiredApplicationCredentials;
protected Set<String> requiredOAuthClientCredentials;
protected List<UserRepresentation> users;
protected List<UserRepresentation> clients;
protected List<UserRoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings;
protected List<SocialMappingRepresentation> socialMappings;
@ -68,6 +69,10 @@ public class RealmRepresentation {
return users;
}
public List<UserRepresentation> getClients() {
return clients;
}
public List<ApplicationRepresentation> getApplications() {
return applications;
}
@ -84,6 +89,10 @@ public class RealmRepresentation {
this.users = users;
}
public void setClients(List<UserRepresentation> clients) {
this.clients = clients;
}
public UserRepresentation user(String username) {
UserRepresentation user = new UserRepresentation();
user.setUsername(username);

View file

@ -26,7 +26,9 @@
{ "type" : "password",
"value" : "password" }
]
},
}
],
"clients" : [
{
"username" : "third-party",
"enabled": true,
@ -50,10 +52,6 @@
{
"username": "bburke@redhat.com",
"roles": ["user"]
},
{
"username": "third-party",
"roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
}
],
"scopeMappings": [

View file

@ -26,7 +26,9 @@
{ "type" : "password",
"value" : "password" }
]
},
}
],
"clients" : [
{
"username" : "third-party",
"enabled": true,
@ -50,10 +52,6 @@
{
"username": "bburke@redhat.com",
"roles": ["user"]
},
{
"username": "third-party",
"roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
}
],
"scopeMappings": [

View file

@ -5,11 +5,12 @@ package org.keycloak.models;
* @version $Revision: 1 $
*/
public interface Constants {
String INTERNAL_ROLE = "KEYCLOAK_";
String ADMIN_REALM = "Keycloak Administration";
String ADMIN_CONSOLE_APPLICATION = "Admin Console";
String ADMIN_CONSOLE_ADMIN_ROLE = "admin";
String APPLICATION_ROLE = "KEYCLOAK_APPLICATION";
String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER";
String APPLICATION_ROLE = INTERNAL_ROLE + "_APPLICATION";
String IDENTITY_REQUESTER_ROLE = INTERNAL_ROLE + "_IDENTITY_REQUESTER";
String WILDCARD_ROLE = "*";
String ACCOUNT_APPLICATION = "Account";

View file

@ -661,7 +661,6 @@ public class RealmAdapter implements RealmModel {
builder.append(attribute).append(" like '%").append(entry.getValue().toLowerCase()).append("%'");
}
String q = builder.toString();
System.out.println(q);
TypedQuery<UserEntity> query = em.createQuery(q, UserEntity.class);
List<UserEntity> results = query.getResultList();
List<UserModel> users = new ArrayList<UserModel>();

View file

@ -224,6 +224,14 @@ public class RealmManager {
}
}
if (rep.getClients() != null) {
for (UserRepresentation clientRep : rep.getClients()) {
UserModel client = createUser(newRealm, clientRep);
newRealm.grantRole(client, newRealm.getRole(Constants.IDENTITY_REQUESTER_ROLE));
userMap.put(client.getLoginName(), client);
}
}
if (rep.getRoles() != null) {
for (RoleRepresentation roleRep : rep.getRoles()) {
createRole(newRealm, roleRep);

View file

@ -1,6 +1,7 @@
package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.models.Constants;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.RoleRepresentation;
@ -39,10 +40,12 @@ public class RoleContainerResource {
List<RoleModel> roleModels = roleContainer.getRoles();
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : roleModels) {
if (!roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
RoleRepresentation role = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
role.setId(roleModel.getId());
roles.add(role);
}
}
return roles;
}
@ -52,7 +55,7 @@ public class RoleContainerResource {
@Produces("application/json")
public RoleRepresentation getRole(final @PathParam("id") String id) {
RoleModel roleModel = roleContainer.getRoleById(id);
if (roleModel == null) {
if (roleModel == null || roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException();
}
RoleRepresentation rep = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
@ -65,7 +68,7 @@ public class RoleContainerResource {
@Consumes("application/json")
public void updateRole(final @PathParam("id") String id, final RoleRepresentation rep) {
RoleModel role = roleContainer.getRoleById(id);
if (role == null) {
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException();
}
role.setName(rep.getName());
@ -76,7 +79,7 @@ public class RoleContainerResource {
@POST
@Consumes("application/json")
public Response createRole(final @Context UriInfo uriInfo, final RoleRepresentation rep) {
if (roleContainer.getRole(rep.getName()) != null) {
if (roleContainer.getRole(rep.getName()) != null || rep.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new InternalServerErrorException(); // todo appropriate status here.
}
RoleModel role = roleContainer.addRole(rep.getName());

View file

@ -3,6 +3,7 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@ -98,7 +99,7 @@ public class UsersResource {
@Produces("application/json")
public UserRepresentation getUser(final @PathParam("username") String username) {
UserModel user = realm.getUser(username);
if (user == null) {
if (user == null || !isUser(user)) {
throw new NotFoundException();
}
return new RealmManager(session).toRepresentation(user);
@ -117,8 +118,10 @@ public class UsersResource {
if (search != null) {
List<UserModel> userModels = manager.searchUsers(search, realm);
for (UserModel user : userModels) {
if (isUser(user)) {
results.add(manager.toRepresentation(user));
}
}
} else {
Map<String, String> attributes = new HashMap<String, String>();
if (last != null) {
@ -142,6 +145,10 @@ public class UsersResource {
return results;
}
private boolean isUser(UserModel user) {
return !realm.hasRole(user, realm.getRole(Constants.IDENTITY_REQUESTER_ROLE)) && !realm.hasRole(user, realm.getRole(Constants.APPLICATION_ROLE));
}
@Path("{username}/role-mappings")
@GET
@Produces("application/json")

View file

@ -23,7 +23,9 @@
{ "type" : "Password",
"value" : "password" }
]
},
}
],
"clients" : [
{
"username" : "third-party",
"enabled": true,
@ -47,10 +49,6 @@
{
"username": "bburke@redhat.com",
"roles": ["user"]
},
{
"username": "third-party",
"roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
}
],
"scopeMappings": [

View file

@ -63,7 +63,7 @@ public class AccessTokenTest {
Assert.assertEquals(200, response.getStatusCode());
Assert.assertTrue(response.getExpiresIn() <= 300 && response.getExpiresIn() >= 250);
Assert.assertTrue(response.getExpiresIn() <= 600 && response.getExpiresIn() >= 550);
Assert.assertEquals("bearer", response.getTokenType());

View file

@ -2,8 +2,8 @@
"id": "test",
"realm": "test",
"enabled": true,
"tokenLifespan": 300,
"accessCodeLifespan": 10,
"tokenLifespan": 600,
"accessCodeLifespan": 600,
"accessCodeLifespanUserAction": 600,
"sslNotRequired": true,
"cookieLoginAllowed": true,
@ -30,7 +30,9 @@
{ "type" : "password",
"value" : "password" }
]
},
}
],
"clients" : [
{
"username" : "third-party",
"enabled": true,
@ -54,10 +56,6 @@
{
"username": "test-user@localhost",
"roles": ["user"]
},
{
"username": "third-party",
"roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
}
],
"scopeMappings": [