diff --git a/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java index dee8ae5c56..8f7d2ab9a9 100755 --- a/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java @@ -17,8 +17,6 @@ public class ApplicationRepresentation { protected List credentials; protected List roles; protected String[] defaultRoles; - protected List roleMappings; - protected List scopeMappings; protected List redirectUris; protected List webOrigins; @@ -83,30 +81,6 @@ public class ApplicationRepresentation { return this; } - public List getRoleMappings() { - return roleMappings; - } - - public UserRoleMappingRepresentation roleMapping(String username) { - UserRoleMappingRepresentation mapping = new UserRoleMappingRepresentation(); - mapping.setUsername(username); - if (roleMappings == null) roleMappings = new ArrayList(); - roleMappings.add(mapping); - return mapping; - } - - public List getScopeMappings() { - return scopeMappings; - } - - public ScopeMappingRepresentation scopeMapping(String username) { - ScopeMappingRepresentation mapping = new ScopeMappingRepresentation(); - mapping.setUsername(username); - if (scopeMappings == null) scopeMappings = new ArrayList(); - scopeMappings.add(mapping); - return mapping; - } - public String getAdminUrl() { return adminUrl; } diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java index 7ae7dd2c70..c668a70463 100755 --- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java @@ -35,6 +35,8 @@ public class RealmRepresentation { protected List users; protected List roleMappings; protected List scopeMappings; + protected Map> applicationRoleMappings; + protected Map> applicationScopeMappings; protected List socialMappings; protected List applications; protected List oauthClients; @@ -308,4 +310,20 @@ public class RealmRepresentation { public void setOauthClients(List oauthClients) { this.oauthClients = oauthClients; } + + public Map> getApplicationRoleMappings() { + return applicationRoleMappings; + } + + public void setApplicationRoleMappings(Map> applicationRoleMappings) { + this.applicationRoleMappings = applicationRoleMappings; + } + + public Map> getApplicationScopeMappings() { + return applicationScopeMappings; + } + + public void setApplicationScopeMappings(Map> applicationScopeMappings) { + this.applicationScopeMappings = applicationScopeMappings; + } } diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp b/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp index 54df669476..7eb5f5830d 100755 --- a/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp +++ b/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp @@ -8,8 +8,9 @@ <% String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout") .queryParam("redirect_uri", "http://localhost:8080/customer-portal").build().toString(); + String acctUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/account").build().toString(); %> -

Goto: products | logout

+

Goto: products | logout | manage acct

User <%=request.getUserPrincipal().getName()%> made this request.

Customer Listing

<% diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp b/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp index bf1ca5ad91..88c6493906 100755 --- a/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp +++ b/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp @@ -8,9 +8,10 @@ <% String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout") .queryParam("redirect_uri", "http://localhost:8080/product-portal").build().toString(); + String acctUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/account").build().toString(); %> -

Goto: customers | logout

+

Goto: customers | logout | manage acct

User <%=request.getUserPrincipal().getName()%> made this request.

Product Listing

<% diff --git a/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json b/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json index 21b5f99f47..893ff391be 100755 --- a/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json +++ b/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json @@ -1,9 +1,10 @@ { "realm": "demo", "enabled": true, - "tokenLifespan": 300, + "tokenLifespan": 3000, "accessCodeLifespan": 10, - "accessCodeLifespanUserAction": 600, + "accessCodeLifespanUserAction": 6000, + "accountManagement": true, "sslNotRequired": true, "cookieLoginAllowed": true, "registrationAllowed": true, @@ -94,6 +95,14 @@ } ] } - ] + ], + "applicationRoleMappings": { + "Account": [ + { + "username": "bburke@redhat.com", + "roles": ["manage-account"] + } + ] + } } diff --git a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java index 80819792b5..e3c3322d4e 100755 --- a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java @@ -90,32 +90,31 @@ public class ApplicationManager { return applicationModel; } - public void createMappings(RealmModel realm, ApplicationRepresentation resourceRep, ApplicationModel applicationModel) { - if (resourceRep.getRoleMappings() != null) { - for (UserRoleMappingRepresentation mapping : resourceRep.getRoleMappings()) { - UserModel user = realm.getUser(mapping.getUsername()); - if (user == null) { - throw new RuntimeException("User not found"); - } - for (String roleString : mapping.getRoles()) { - RoleModel role = applicationModel.getRole(roleString.trim()); - if (role == null) { - role = applicationModel.addRole(roleString.trim()); - } - applicationModel.grantRole(user, role); + public void createRoleMappings(RealmModel realm, ApplicationModel applicationModel, List mappings) { + for (UserRoleMappingRepresentation mapping : mappings) { + UserModel user = realm.getUser(mapping.getUsername()); + if (user == null) { + throw new RuntimeException("User not found"); + } + for (String roleString : mapping.getRoles()) { + RoleModel role = applicationModel.getRole(roleString.trim()); + if (role == null) { + role = applicationModel.addRole(roleString.trim()); } + applicationModel.grantRole(user, role); } } - if (resourceRep.getScopeMappings() != null) { - for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) { - UserModel user = realm.getUser(mapping.getUsername()); - for (String roleString : mapping.getRoles()) { - RoleModel role = applicationModel.getRole(roleString.trim()); - if (role == null) { - role = applicationModel.addRole(roleString.trim()); - } - applicationModel.addScopeMapping(user, role.getName()); + } + + public void createScopeMappings(RealmModel realm, ApplicationModel applicationModel, List mappings) { + for (ScopeMappingRepresentation mapping : mappings) { + UserModel user = realm.getUser(mapping.getUsername()); + for (String roleString : mapping.getRoles()) { + RoleModel role = applicationModel.getRole(roleString.trim()); + if (role == null) { + role = applicationModel.addRole(roleString.trim()); } + applicationModel.addScopeMapping(user, role.getName()); } } } diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index 07bf34aa3c..446e86d66e 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -241,14 +241,12 @@ public class RealmManager { } } - Map appMap = null; if (rep.getApplications() != null) { - appMap = createApplications(rep, newRealm); + Map appMap = createApplications(rep, newRealm); for (ApplicationModel app : appMap.values()) { userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser()); } } - if (rep.getOauthClients() != null) { Map oauthMap = createOAuthClients(rep, newRealm); for (OAuthClientModel app : oauthMap.values()) { @@ -257,17 +255,37 @@ public class RealmManager { } - // Now that all possible users are created (users, apps, and oauth clients), do role mappings and scope mappings + if (rep.getAccountManagement() != null && rep.getAccountManagement()) { + enableAccountManagement(newRealm); + } - if (rep.getApplications() != null) { + // Now that all possible users and applications are created (users, apps, and oauth clients), do role mappings and scope mappings + + Map appMap = newRealm.getApplicationNameMap(); + + if (rep.getApplicationRoleMappings() != null) { ApplicationManager manager = new ApplicationManager(this); - for (ApplicationRepresentation appRep : rep.getApplications()) { - ApplicationModel model = appMap.get(appRep.getName()); - manager.createMappings(newRealm, appRep, model); - + for (Map.Entry> entry : rep.getApplicationRoleMappings().entrySet()) { + ApplicationModel app = appMap.get(entry.getKey()); + if (app == null) { + throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey()); + } + manager.createRoleMappings(newRealm, app, entry.getValue()); } } + if (rep.getApplicationScopeMappings() != null) { + ApplicationManager manager = new ApplicationManager(this); + for (Map.Entry> entry : rep.getApplicationScopeMappings().entrySet()) { + ApplicationModel app = appMap.get(entry.getKey()); + if (app == null) { + throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey()); + } + manager.createScopeMappings(newRealm, app, entry.getValue()); + } + } + + if (rep.getRoleMappings() != null) { for (UserRoleMappingRepresentation mapping : rep.getRoleMappings()) { @@ -306,10 +324,6 @@ public class RealmManager { } } - if (rep.getAccountManagement() != null && rep.getAccountManagement()) { - enableAccountManagement(newRealm); - } - if (rep.getSmtpServer() != null) { newRealm.setSmtpConfig(new HashMap(rep.getSmtpServer())); } diff --git a/services/src/test/resources/testrealm.json b/services/src/test/resources/testrealm.json index d21823af66..4c20b7066f 100755 --- a/services/src/test/resources/testrealm.json +++ b/services/src/test/resources/testrealm.json @@ -94,22 +94,6 @@ { "name": "user" } - ], - "roleMappings": [ - { - "username": "wburke", - "roles": ["user"] - }, - { - "username": "admin", - "roles": ["admin"] - } - ], - "scopeMappings": [ - { - "username": "oauthclient", - "roles": ["user"] - } ] }, { @@ -122,20 +106,41 @@ { "name": "user" } - ], - "roleMappings": [ - { - "username": "wburke", - "roles": ["user"] - }, - { - "username": "admin", - "roles": ["admin"] - } ] } - ] + ], + "applicationRoleMappings": { + "Application": [ + { + "username": "wburke", + "roles": ["user"] + }, + { + "username": "admin", + "roles": ["admin"] + } + ], + "OtherApp": [ + { + "username": "wburke", + "roles": ["user"] + }, + { + "username": "admin", + "roles": ["admin"] + } + ] + }, + "applicationScopeMappings": { + "Application": [ + { + "username": "oauthclient", + "roles": ["user"] + } + ] + + } } \ No newline at end of file diff --git a/testsuite/integration/src/test/resources/testrealm.json b/testsuite/integration/src/test/resources/testrealm.json index 66809f5654..4122174383 100755 --- a/testsuite/integration/src/test/resources/testrealm.json +++ b/testsuite/integration/src/test/resources/testrealm.json @@ -88,19 +88,23 @@ "name": "customer-admin", "description": "Have Customer Admin privileges" } - ], - "roleMappings": [ - { - "username": "test-user@localhost", - "roles": ["customer-user"] - } - ], - "scopeMappings": [ - { - "username": "third-party", - "roles": ["customer-user"] - } ] - } - ] + } + ], + "applicationRoleMappings": { + "test-app": [ + { + "username": "test-user@localhost", + "roles": ["customer-user"] + } + ] + }, + "applicationScopeMappings": { + "test-app": [ + { + "username": "third-party", + "roles": ["customer-user"] + } + ] + } } \ No newline at end of file