commit
2059283e99
9 changed files with 132 additions and 107 deletions
|
@ -17,8 +17,6 @@ public class ApplicationRepresentation {
|
|||
protected List<CredentialRepresentation> credentials;
|
||||
protected List<RoleRepresentation> roles;
|
||||
protected String[] defaultRoles;
|
||||
protected List<UserRoleMappingRepresentation> roleMappings;
|
||||
protected List<ScopeMappingRepresentation> scopeMappings;
|
||||
protected List<String> redirectUris;
|
||||
protected List<String> webOrigins;
|
||||
|
||||
|
@ -83,30 +81,6 @@ public class ApplicationRepresentation {
|
|||
return this;
|
||||
}
|
||||
|
||||
public List<UserRoleMappingRepresentation> getRoleMappings() {
|
||||
return roleMappings;
|
||||
}
|
||||
|
||||
public UserRoleMappingRepresentation roleMapping(String username) {
|
||||
UserRoleMappingRepresentation mapping = new UserRoleMappingRepresentation();
|
||||
mapping.setUsername(username);
|
||||
if (roleMappings == null) roleMappings = new ArrayList<UserRoleMappingRepresentation>();
|
||||
roleMappings.add(mapping);
|
||||
return mapping;
|
||||
}
|
||||
|
||||
public List<ScopeMappingRepresentation> getScopeMappings() {
|
||||
return scopeMappings;
|
||||
}
|
||||
|
||||
public ScopeMappingRepresentation scopeMapping(String username) {
|
||||
ScopeMappingRepresentation mapping = new ScopeMappingRepresentation();
|
||||
mapping.setUsername(username);
|
||||
if (scopeMappings == null) scopeMappings = new ArrayList<ScopeMappingRepresentation>();
|
||||
scopeMappings.add(mapping);
|
||||
return mapping;
|
||||
}
|
||||
|
||||
public String getAdminUrl() {
|
||||
return adminUrl;
|
||||
}
|
||||
|
|
|
@ -35,6 +35,8 @@ public class RealmRepresentation {
|
|||
protected List<UserRepresentation> users;
|
||||
protected List<UserRoleMappingRepresentation> roleMappings;
|
||||
protected List<ScopeMappingRepresentation> scopeMappings;
|
||||
protected Map<String, List<UserRoleMappingRepresentation>> applicationRoleMappings;
|
||||
protected Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings;
|
||||
protected List<SocialMappingRepresentation> socialMappings;
|
||||
protected List<ApplicationRepresentation> applications;
|
||||
protected List<OAuthClientRepresentation> oauthClients;
|
||||
|
@ -308,4 +310,20 @@ public class RealmRepresentation {
|
|||
public void setOauthClients(List<OAuthClientRepresentation> oauthClients) {
|
||||
this.oauthClients = oauthClients;
|
||||
}
|
||||
|
||||
public Map<String, List<UserRoleMappingRepresentation>> getApplicationRoleMappings() {
|
||||
return applicationRoleMappings;
|
||||
}
|
||||
|
||||
public void setApplicationRoleMappings(Map<String, List<UserRoleMappingRepresentation>> applicationRoleMappings) {
|
||||
this.applicationRoleMappings = applicationRoleMappings;
|
||||
}
|
||||
|
||||
public Map<String, List<ScopeMappingRepresentation>> getApplicationScopeMappings() {
|
||||
return applicationScopeMappings;
|
||||
}
|
||||
|
||||
public void setApplicationScopeMappings(Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings) {
|
||||
this.applicationScopeMappings = applicationScopeMappings;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,8 +8,9 @@
|
|||
<%
|
||||
String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout")
|
||||
.queryParam("redirect_uri", "http://localhost:8080/customer-portal").build().toString();
|
||||
String acctUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/account").build().toString();
|
||||
%>
|
||||
<p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a></p>
|
||||
<p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
|
||||
User <b><%=request.getUserPrincipal().getName()%></b> made this request.
|
||||
<h2>Customer Listing</h2>
|
||||
<%
|
||||
|
|
|
@ -8,9 +8,10 @@
|
|||
<%
|
||||
String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout")
|
||||
.queryParam("redirect_uri", "http://localhost:8080/product-portal").build().toString();
|
||||
String acctUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/account").build().toString();
|
||||
%>
|
||||
|
||||
<p>Goto: <a href="http://localhost:8080/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a></p>
|
||||
<p>Goto: <a href="http://localhost:8080/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
|
||||
User <b><%=request.getUserPrincipal().getName()%></b> made this request.
|
||||
<h2>Product Listing</h2>
|
||||
<%
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
{
|
||||
"realm": "demo",
|
||||
"enabled": true,
|
||||
"tokenLifespan": 300,
|
||||
"tokenLifespan": 3000,
|
||||
"accessCodeLifespan": 10,
|
||||
"accessCodeLifespanUserAction": 600,
|
||||
"accessCodeLifespanUserAction": 6000,
|
||||
"accountManagement": true,
|
||||
"sslNotRequired": true,
|
||||
"cookieLoginAllowed": true,
|
||||
"registrationAllowed": true,
|
||||
|
@ -94,6 +95,14 @@
|
|||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"applicationRoleMappings": {
|
||||
"Account": [
|
||||
{
|
||||
"username": "bburke@redhat.com",
|
||||
"roles": ["manage-account"]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -90,9 +90,8 @@ public class ApplicationManager {
|
|||
return applicationModel;
|
||||
}
|
||||
|
||||
public void createMappings(RealmModel realm, ApplicationRepresentation resourceRep, ApplicationModel applicationModel) {
|
||||
if (resourceRep.getRoleMappings() != null) {
|
||||
for (UserRoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
|
||||
public void createRoleMappings(RealmModel realm, ApplicationModel applicationModel, List<UserRoleMappingRepresentation> mappings) {
|
||||
for (UserRoleMappingRepresentation mapping : mappings) {
|
||||
UserModel user = realm.getUser(mapping.getUsername());
|
||||
if (user == null) {
|
||||
throw new RuntimeException("User not found");
|
||||
|
@ -106,8 +105,9 @@ public class ApplicationManager {
|
|||
}
|
||||
}
|
||||
}
|
||||
if (resourceRep.getScopeMappings() != null) {
|
||||
for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
|
||||
|
||||
public void createScopeMappings(RealmModel realm, ApplicationModel applicationModel, List<ScopeMappingRepresentation> mappings) {
|
||||
for (ScopeMappingRepresentation mapping : mappings) {
|
||||
UserModel user = realm.getUser(mapping.getUsername());
|
||||
for (String roleString : mapping.getRoles()) {
|
||||
RoleModel role = applicationModel.getRole(roleString.trim());
|
||||
|
@ -118,7 +118,6 @@ public class ApplicationManager {
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public ApplicationModel createApplication(RealmModel realm, ApplicationRepresentation resourceRep) {
|
||||
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||
|
|
|
@ -241,14 +241,12 @@ public class RealmManager {
|
|||
}
|
||||
}
|
||||
|
||||
Map<String, ApplicationModel> appMap = null;
|
||||
if (rep.getApplications() != null) {
|
||||
appMap = createApplications(rep, newRealm);
|
||||
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
|
||||
for (ApplicationModel app : appMap.values()) {
|
||||
userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getOauthClients() != null) {
|
||||
Map<String, OAuthClientModel> oauthMap = createOAuthClients(rep, newRealm);
|
||||
for (OAuthClientModel app : oauthMap.values()) {
|
||||
|
@ -257,18 +255,38 @@ public class RealmManager {
|
|||
|
||||
}
|
||||
|
||||
// Now that all possible users are created (users, apps, and oauth clients), do role mappings and scope mappings
|
||||
if (rep.getAccountManagement() != null && rep.getAccountManagement()) {
|
||||
enableAccountManagement(newRealm);
|
||||
}
|
||||
|
||||
if (rep.getApplications() != null) {
|
||||
// Now that all possible users and applications are created (users, apps, and oauth clients), do role mappings and scope mappings
|
||||
|
||||
Map<String, ApplicationModel> appMap = newRealm.getApplicationNameMap();
|
||||
|
||||
if (rep.getApplicationRoleMappings() != null) {
|
||||
ApplicationManager manager = new ApplicationManager(this);
|
||||
for (ApplicationRepresentation appRep : rep.getApplications()) {
|
||||
ApplicationModel model = appMap.get(appRep.getName());
|
||||
manager.createMappings(newRealm, appRep, model);
|
||||
for (Map.Entry<String, List<UserRoleMappingRepresentation>> entry : rep.getApplicationRoleMappings().entrySet()) {
|
||||
ApplicationModel app = appMap.get(entry.getKey());
|
||||
if (app == null) {
|
||||
throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
|
||||
}
|
||||
manager.createRoleMappings(newRealm, app, entry.getValue());
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getApplicationScopeMappings() != null) {
|
||||
ApplicationManager manager = new ApplicationManager(this);
|
||||
for (Map.Entry<String, List<ScopeMappingRepresentation>> entry : rep.getApplicationScopeMappings().entrySet()) {
|
||||
ApplicationModel app = appMap.get(entry.getKey());
|
||||
if (app == null) {
|
||||
throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
|
||||
}
|
||||
manager.createScopeMappings(newRealm, app, entry.getValue());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (rep.getRoleMappings() != null) {
|
||||
for (UserRoleMappingRepresentation mapping : rep.getRoleMappings()) {
|
||||
UserModel user = userMap.get(mapping.getUsername());
|
||||
|
@ -306,10 +324,6 @@ public class RealmManager {
|
|||
}
|
||||
}
|
||||
|
||||
if (rep.getAccountManagement() != null && rep.getAccountManagement()) {
|
||||
enableAccountManagement(newRealm);
|
||||
}
|
||||
|
||||
if (rep.getSmtpServer() != null) {
|
||||
newRealm.setSmtpConfig(new HashMap(rep.getSmtpServer()));
|
||||
}
|
||||
|
|
|
@ -94,22 +94,6 @@
|
|||
{
|
||||
"name": "user"
|
||||
}
|
||||
],
|
||||
"roleMappings": [
|
||||
{
|
||||
"username": "wburke",
|
||||
"roles": ["user"]
|
||||
},
|
||||
{
|
||||
"username": "admin",
|
||||
"roles": ["admin"]
|
||||
}
|
||||
],
|
||||
"scopeMappings": [
|
||||
{
|
||||
"username": "oauthclient",
|
||||
"roles": ["user"]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -122,8 +106,22 @@
|
|||
{
|
||||
"name": "user"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
],
|
||||
"roleMappings": [
|
||||
"applicationRoleMappings": {
|
||||
"Application": [
|
||||
{
|
||||
"username": "wburke",
|
||||
"roles": ["user"]
|
||||
},
|
||||
{
|
||||
"username": "admin",
|
||||
"roles": ["admin"]
|
||||
}
|
||||
],
|
||||
"OtherApp": [
|
||||
{
|
||||
"username": "wburke",
|
||||
"roles": ["user"]
|
||||
|
@ -133,9 +131,16 @@
|
|||
"roles": ["admin"]
|
||||
}
|
||||
]
|
||||
},
|
||||
"applicationScopeMappings": {
|
||||
"Application": [
|
||||
{
|
||||
"username": "oauthclient",
|
||||
"roles": ["user"]
|
||||
}
|
||||
|
||||
]
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -88,19 +88,23 @@
|
|||
"name": "customer-admin",
|
||||
"description": "Have Customer Admin privileges"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"roleMappings": [
|
||||
"applicationRoleMappings": {
|
||||
"test-app": [
|
||||
{
|
||||
"username": "test-user@localhost",
|
||||
"roles": ["customer-user"]
|
||||
}
|
||||
],
|
||||
"scopeMappings": [
|
||||
]
|
||||
},
|
||||
"applicationScopeMappings": {
|
||||
"test-app": [
|
||||
{
|
||||
"username": "third-party",
|
||||
"roles": ["customer-user"]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
Loading…
Reference in a new issue