libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge pull request #113 from patriot1burke/master

Browse source 
realm import changes
This commit is contained in:
Bill Burke 2013-11-27 14:03:45 -08:00
commit 2059283e99
9 changed files with 132 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
View file

@ -17,8 +17,6 @@ public class ApplicationRepresentation {
protected List<CredentialRepresentation> credentials; protected List<CredentialRepresentation> credentials;
protected List<RoleRepresentation> roles; protected List<RoleRepresentation> roles;
protected String[] defaultRoles; protected String[] defaultRoles;
protected List<UserRoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings;
protected List<String> redirectUris; protected List<String> redirectUris;
protected List<String> webOrigins; protected List<String> webOrigins;
@ -83,30 +81,6 @@ public class ApplicationRepresentation {
return this; return this;
} }
public List<UserRoleMappingRepresentation> getRoleMappings() {
return roleMappings;
}
public UserRoleMappingRepresentation roleMapping(String username) {
UserRoleMappingRepresentation mapping = new UserRoleMappingRepresentation();
mapping.setUsername(username);
if (roleMappings == null) roleMappings = new ArrayList<UserRoleMappingRepresentation>();
roleMappings.add(mapping);
return mapping;
}
public List<ScopeMappingRepresentation> getScopeMappings() {
return scopeMappings;
}
public ScopeMappingRepresentation scopeMapping(String username) {
ScopeMappingRepresentation mapping = new ScopeMappingRepresentation();
mapping.setUsername(username);
if (scopeMappings == null) scopeMappings = new ArrayList<ScopeMappingRepresentation>();
scopeMappings.add(mapping);
return mapping;
}
public String getAdminUrl() { public String getAdminUrl() {
return adminUrl; return adminUrl;
} }

18
core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
View file

@ -35,6 +35,8 @@ public class RealmRepresentation {
protected List<UserRepresentation> users; protected List<UserRepresentation> users;
protected List<UserRoleMappingRepresentation> roleMappings; protected List<UserRoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings; protected List<ScopeMappingRepresentation> scopeMappings;
protected Map<String, List<UserRoleMappingRepresentation>> applicationRoleMappings;
protected Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings;
protected List<SocialMappingRepresentation> socialMappings; protected List<SocialMappingRepresentation> socialMappings;
protected List<ApplicationRepresentation> applications; protected List<ApplicationRepresentation> applications;
protected List<OAuthClientRepresentation> oauthClients; protected List<OAuthClientRepresentation> oauthClients;
@ -308,4 +310,20 @@ public class RealmRepresentation {
public void setOauthClients(List<OAuthClientRepresentation> oauthClients) { public void setOauthClients(List<OAuthClientRepresentation> oauthClients) {
this.oauthClients = oauthClients; this.oauthClients = oauthClients;
} }
public Map<String, List<UserRoleMappingRepresentation>> getApplicationRoleMappings() {
return applicationRoleMappings;
}
public void setApplicationRoleMappings(Map<String, List<UserRoleMappingRepresentation>> applicationRoleMappings) {
this.applicationRoleMappings = applicationRoleMappings;
}
public Map<String, List<ScopeMappingRepresentation>> getApplicationScopeMappings() {
return applicationScopeMappings;
}
public void setApplicationScopeMappings(Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings) {
this.applicationScopeMappings = applicationScopeMappings;
}
} }

3
examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp
View file

@ -8,8 +8,9 @@
<% <%
String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout") String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout")
.queryParam("redirect_uri", "http://localhost:8080/customer-portal").build().toString(); .queryParam("redirect_uri", "http://localhost:8080/customer-portal").build().toString();
String acctUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/account").build().toString();
%> %>
<p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a></p> <p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
User <b><%=request.getUserPrincipal().getName()%></b> made this request. User <b><%=request.getUserPrincipal().getName()%></b> made this request.
<h2>Customer Listing</h2> <h2>Customer Listing</h2>
<% <%

3
examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp
View file

@ -8,9 +8,10 @@
<% <%
String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout") String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout")
.queryParam("redirect_uri", "http://localhost:8080/product-portal").build().toString(); .queryParam("redirect_uri", "http://localhost:8080/product-portal").build().toString();
String acctUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/account").build().toString();
%> %>
<p>Goto: <a href="http://localhost:8080/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a></p> <p>Goto: <a href="http://localhost:8080/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
User <b><%=request.getUserPrincipal().getName()%></b> made this request. User <b><%=request.getUserPrincipal().getName()%></b> made this request.
<h2>Product Listing</h2> <h2>Product Listing</h2>
<% <%

13
examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
View file

@ -1,9 +1,10 @@
{ {
"realm": "demo", "realm": "demo",
"enabled": true, "enabled": true,
"tokenLifespan": 300, "tokenLifespan": 3000,
"accessCodeLifespan": 10, "accessCodeLifespan": 10,
"accessCodeLifespanUserAction": 600, "accessCodeLifespanUserAction": 6000,
"accountManagement": true,
"sslNotRequired": true, "sslNotRequired": true,
"cookieLoginAllowed": true, "cookieLoginAllowed": true,
"registrationAllowed": true, "registrationAllowed": true,
@ -94,6 +95,14 @@
} }
] ]
} }
],
"applicationRoleMappings": {
"Account": [
{
"username": "bburke@redhat.com",
"roles": ["manage-account"]
}
] ]
}
} }

11
services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
View file

@ -90,9 +90,8 @@ public class ApplicationManager {
return applicationModel; return applicationModel;
} }
public void createMappings(RealmModel realm, ApplicationRepresentation resourceRep, ApplicationModel applicationModel) { public void createRoleMappings(RealmModel realm, ApplicationModel applicationModel, List<UserRoleMappingRepresentation> mappings) {
if (resourceRep.getRoleMappings() != null) { for (UserRoleMappingRepresentation mapping : mappings) {
for (UserRoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
UserModel user = realm.getUser(mapping.getUsername()); UserModel user = realm.getUser(mapping.getUsername());
if (user == null) { if (user == null) {
throw new RuntimeException("User not found"); throw new RuntimeException("User not found");
@ -106,8 +105,9 @@ public class ApplicationManager {
} }
} }
} }
if (resourceRep.getScopeMappings() != null) {
for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) { public void createScopeMappings(RealmModel realm, ApplicationModel applicationModel, List<ScopeMappingRepresentation> mappings) {
for (ScopeMappingRepresentation mapping : mappings) {
UserModel user = realm.getUser(mapping.getUsername()); UserModel user = realm.getUser(mapping.getUsername());
for (String roleString : mapping.getRoles()) { for (String roleString : mapping.getRoles()) {
RoleModel role = applicationModel.getRole(roleString.trim()); RoleModel role = applicationModel.getRole(roleString.trim());
@ -118,7 +118,6 @@ public class ApplicationManager {
} }
} }
} }
}
public ApplicationModel createApplication(RealmModel realm, ApplicationRepresentation resourceRep) { public ApplicationModel createApplication(RealmModel realm, ApplicationRepresentation resourceRep) {
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE); RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);

38
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -241,14 +241,12 @@ public class RealmManager {
} }
} }
Map<String, ApplicationModel> appMap = null;
if (rep.getApplications() != null) { if (rep.getApplications() != null) {
appMap = createApplications(rep, newRealm); Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
for (ApplicationModel app : appMap.values()) { for (ApplicationModel app : appMap.values()) {
userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser()); userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
} }
} }
if (rep.getOauthClients() != null) { if (rep.getOauthClients() != null) {
Map<String, OAuthClientModel> oauthMap = createOAuthClients(rep, newRealm); Map<String, OAuthClientModel> oauthMap = createOAuthClients(rep, newRealm);
for (OAuthClientModel app : oauthMap.values()) { for (OAuthClientModel app : oauthMap.values()) {
@ -257,18 +255,38 @@ public class RealmManager {
} }
// Now that all possible users are created (users, apps, and oauth clients), do role mappings and scope mappings if (rep.getAccountManagement() != null && rep.getAccountManagement()) {
enableAccountManagement(newRealm);
}
if (rep.getApplications() != null) { // Now that all possible users and applications are created (users, apps, and oauth clients), do role mappings and scope mappings
Map<String, ApplicationModel> appMap = newRealm.getApplicationNameMap();
if (rep.getApplicationRoleMappings() != null) {
ApplicationManager manager = new ApplicationManager(this); ApplicationManager manager = new ApplicationManager(this);
for (ApplicationRepresentation appRep : rep.getApplications()) { for (Map.Entry<String, List<UserRoleMappingRepresentation>> entry : rep.getApplicationRoleMappings().entrySet()) {
ApplicationModel model = appMap.get(appRep.getName()); ApplicationModel app = appMap.get(entry.getKey());
manager.createMappings(newRealm, appRep, model); if (app == null) {
throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
}
manager.createRoleMappings(newRealm, app, entry.getValue());
}
}
if (rep.getApplicationScopeMappings() != null) {
ApplicationManager manager = new ApplicationManager(this);
for (Map.Entry<String, List<ScopeMappingRepresentation>> entry : rep.getApplicationScopeMappings().entrySet()) {
ApplicationModel app = appMap.get(entry.getKey());
if (app == null) {
throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
}
manager.createScopeMappings(newRealm, app, entry.getValue());
} }
} }
if (rep.getRoleMappings() != null) { if (rep.getRoleMappings() != null) {
for (UserRoleMappingRepresentation mapping : rep.getRoleMappings()) { for (UserRoleMappingRepresentation mapping : rep.getRoleMappings()) {
UserModel user = userMap.get(mapping.getUsername()); UserModel user = userMap.get(mapping.getUsername());
@ -306,10 +324,6 @@ public class RealmManager {
} }
} }
if (rep.getAccountManagement() != null && rep.getAccountManagement()) {
enableAccountManagement(newRealm);
}
if (rep.getSmtpServer() != null) { if (rep.getSmtpServer() != null) {
newRealm.setSmtpConfig(new HashMap(rep.getSmtpServer())); newRealm.setSmtpConfig(new HashMap(rep.getSmtpServer()));
} }

41
services/src/test/resources/testrealm.json
View file

@ -94,22 +94,6 @@
{ {
"name": "user" "name": "user"
} }
],
"roleMappings": [
{
"username": "wburke",
"roles": ["user"]
},
{
"username": "admin",
"roles": ["admin"]
}
],
"scopeMappings": [
{
"username": "oauthclient",
"roles": ["user"]
}
] ]
}, },
{ {
@ -122,8 +106,22 @@
{ {
"name": "user" "name": "user"
} }
]
}
], ],
"roleMappings": [ "applicationRoleMappings": {
"Application": [
{
"username": "wburke",
"roles": ["user"]
},
{
"username": "admin",
"roles": ["admin"]
}
],
"OtherApp": [
{ {
"username": "wburke", "username": "wburke",
"roles": ["user"] "roles": ["user"]
@ -133,9 +131,16 @@
"roles": ["admin"] "roles": ["admin"]
} }
] ]
},
"applicationScopeMappings": {
"Application": [
{
"username": "oauthclient",
"roles": ["user"]
} }
] ]
}
} }

12
testsuite/integration/src/test/resources/testrealm.json
View file

@ -88,19 +88,23 @@
"name": "customer-admin", "name": "customer-admin",
"description": "Have Customer Admin privileges" "description": "Have Customer Admin privileges"
} }
]
}
], ],
"roleMappings": [ "applicationRoleMappings": {
"test-app": [
{ {
"username": "test-user@localhost", "username": "test-user@localhost",
"roles": ["customer-user"] "roles": ["customer-user"]
} }
], ]
"scopeMappings": [ },
"applicationScopeMappings": {
"test-app": [
{ {
"username": "third-party", "username": "third-party",
"roles": ["customer-user"] "roles": ["customer-user"]
} }
] ]
} }
]
} }