role mapping
This commit is contained in:
parent
fb2c2c91b7
commit
27fe017b6c
14 changed files with 660 additions and 120 deletions
|
@ -0,0 +1,57 @@
|
||||||
|
package org.keycloak.representations.idm;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
|
* @version $Revision: 1 $
|
||||||
|
*/
|
||||||
|
public class AllRoleMappingsRepresentation {
|
||||||
|
protected String realmId;
|
||||||
|
protected String realmName;
|
||||||
|
protected String username;
|
||||||
|
|
||||||
|
protected List<RoleRepresentation> realmMappings;
|
||||||
|
protected Map<String, ApplicationRoleMappings> applicationMappings;
|
||||||
|
|
||||||
|
public String getRealmId() {
|
||||||
|
return realmId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRealmId(String realmId) {
|
||||||
|
this.realmId = realmId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getRealmName() {
|
||||||
|
return realmName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRealmName(String realmName) {
|
||||||
|
this.realmName = realmName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getUsername() {
|
||||||
|
return username;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setUsername(String username) {
|
||||||
|
this.username = username;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<RoleRepresentation> getRealmMappings() {
|
||||||
|
return realmMappings;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRealmMappings(List<RoleRepresentation> realmMappings) {
|
||||||
|
this.realmMappings = realmMappings;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Map<String,ApplicationRoleMappings> getApplicationMappings() {
|
||||||
|
return applicationMappings;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setApplicationMappings(Map<String, ApplicationRoleMappings> applicationMappings) {
|
||||||
|
this.applicationMappings = applicationMappings;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,47 @@
|
||||||
|
package org.keycloak.representations.idm;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
|
* @version $Revision: 1 $
|
||||||
|
*/
|
||||||
|
public class ApplicationRoleMappings {
|
||||||
|
protected String applicationId;
|
||||||
|
protected String application;
|
||||||
|
protected String username;
|
||||||
|
|
||||||
|
protected List<RoleRepresentation> mappings;
|
||||||
|
|
||||||
|
public String getApplicationId() {
|
||||||
|
return applicationId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setApplicationId(String applicationId) {
|
||||||
|
this.applicationId = applicationId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getApplication() {
|
||||||
|
return application;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setApplication(String application) {
|
||||||
|
this.application = application;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getUsername() {
|
||||||
|
return username;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setUsername(String username) {
|
||||||
|
this.username = username;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<RoleRepresentation> getMappings() {
|
||||||
|
return mappings;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setMappings(List<RoleRepresentation> mappings) {
|
||||||
|
this.mappings = mappings;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,47 @@
|
||||||
|
package org.keycloak.representations.idm;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
|
* @version $Revision: 1 $
|
||||||
|
*/
|
||||||
|
public class RealmRoleMappingsRepresentation {
|
||||||
|
protected String realmId;
|
||||||
|
protected String realm;
|
||||||
|
protected String username;
|
||||||
|
|
||||||
|
protected List<RoleRepresentation> mappings;
|
||||||
|
|
||||||
|
public String getRealmId() {
|
||||||
|
return realmId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRealmId(String realmId) {
|
||||||
|
this.realmId = realmId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getRealm() {
|
||||||
|
return realm;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRealm(String realm) {
|
||||||
|
this.realm = realm;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getUsername() {
|
||||||
|
return username;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setUsername(String username) {
|
||||||
|
this.username = username;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<RoleRepresentation> getMappings() {
|
||||||
|
return mappings;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setMappings(List<RoleRepresentation> mappings) {
|
||||||
|
this.mappings = mappings;
|
||||||
|
}
|
||||||
|
}
|
|
@ -40,17 +40,28 @@ module.config([ '$routeProvider', function($routeProvider) {
|
||||||
},
|
},
|
||||||
controller : 'UserDetailCtrl'
|
controller : 'UserDetailCtrl'
|
||||||
}).when('/realms/:realm/users/:user', {
|
}).when('/realms/:realm/users/:user', {
|
||||||
templateUrl : 'partials/user-detail.html',
|
templateUrl : 'partials/user-detail.html',
|
||||||
resolve : {
|
resolve : {
|
||||||
realm : function(RealmLoader) {
|
realm : function(RealmLoader) {
|
||||||
return RealmLoader();
|
return RealmLoader();
|
||||||
},
|
},
|
||||||
user : function(UserLoader) {
|
user : function(UserLoader) {
|
||||||
return UserLoader();
|
return UserLoader();
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
controller : 'UserDetailCtrl'
|
controller : 'UserDetailCtrl'
|
||||||
}).when('/realms/:realm/users', {
|
}).when('/realms/:realm/users/:user/role-mappings', {
|
||||||
|
templateUrl : 'partials/role-mappings.html',
|
||||||
|
resolve : {
|
||||||
|
realm : function(RealmLoader) {
|
||||||
|
return RealmLoader();
|
||||||
|
},
|
||||||
|
user : function(UserLoader) {
|
||||||
|
return UserLoader();
|
||||||
|
}
|
||||||
|
},
|
||||||
|
controller : 'UserDetailCtrl'
|
||||||
|
}).when('/realms/:realm/users', {
|
||||||
templateUrl : 'partials/user-list.html',
|
templateUrl : 'partials/user-list.html',
|
||||||
resolve : {
|
resolve : {
|
||||||
realm : function(RealmLoader) {
|
realm : function(RealmLoader) {
|
||||||
|
|
|
@ -31,18 +31,4 @@
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<!--
|
</div>
|
||||||
<div class="navbar primary">
|
|
||||||
<div class="navbar-inner" data-ng-controller="RealmDropdownCtrl">
|
|
||||||
<ul class="nav pull-right" data-ng-show="auth.loggedIn">
|
|
||||||
<li class="divider-vertical-left" data-ng-class="path[0] == 'create' && path[1] == 'realm' && 'active'"
|
|
||||||
data-ng-show="auth.loggedIn"><a href="#/create/realm">New Realm</a></li>
|
|
||||||
</ul>
|
|
||||||
<ul class="nav" data-ng-show="showNav()">
|
|
||||||
<li class="divider-vertical-right"><a href="#/realms/{{current.realm.id}}">Realm</a></li>
|
|
||||||
</ul>
|
|
||||||
<select class="nav pull-left" data-ng-show="showNav()" ng-change="changeRealm()" ng-model="current.realm" ng-options="r.realm for r in current.realms">
|
|
||||||
</select>
|
|
||||||
</div>
|
|
||||||
</div> -->
|
|
||||||
</div><!-- End .header -->
|
|
||||||
|
|
|
@ -0,0 +1,85 @@
|
||||||
|
<div id="wrapper" class="container">
|
||||||
|
<div class="row">
|
||||||
|
<div class="bs-sidebar col-md-3 clearfix" data-ng-include data-src="'partials/realm-menu.html'"></div>
|
||||||
|
<div id="content-area" class="col-md-9" role="main">
|
||||||
|
<div class="top-nav">
|
||||||
|
<ul class="rcue-tabs" >
|
||||||
|
<li><a href="#/create/user/{{realm.id}}">New User</a></li>
|
||||||
|
<li><a href="#/realms/{{realm.id}}/users">Query Users</a></li>
|
||||||
|
<li><a href="#">Attributes</a></li>
|
||||||
|
<li><a href="#">Credentials</a></li>
|
||||||
|
<li class="active"><a href="#">Role Mappings</a></li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
<div id="content">
|
||||||
|
<h2 class="pull-left">Role Mappings: <span>{{realm.realm}}</span></h2>
|
||||||
|
<p class="subtitle"></p>
|
||||||
|
<form name="realmForm" novalidate>
|
||||||
|
<fieldset>
|
||||||
|
<legend uncollapsed><span class="text">Realm Roles</span> </legend>
|
||||||
|
<div class="form-group">
|
||||||
|
<div class="controls">
|
||||||
|
<select multiple size=5>
|
||||||
|
<option value="role1">role1</option>
|
||||||
|
<option value="role2">role2</option>
|
||||||
|
<option value="role3">role3</option>
|
||||||
|
<option value="role4">role4</option>
|
||||||
|
</select>
|
||||||
|
<button type="submit">---></button>
|
||||||
|
<button type="submit"><---</button>
|
||||||
|
<select multiple size=5>
|
||||||
|
<option value="role1">role1</option>
|
||||||
|
<option disabled="disabled" value="role2">role2</option>
|
||||||
|
<option value="role3">role3</option>
|
||||||
|
<option value="role4">role4</option>
|
||||||
|
</select>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</fieldset>
|
||||||
|
<fieldset>
|
||||||
|
<legend collapsed><span class="text">Application Roles</span> </legend>
|
||||||
|
<div class="form-group">
|
||||||
|
<div class="controls">
|
||||||
|
<select multiple size=5>
|
||||||
|
<option value="role1">role1</option>
|
||||||
|
<option value="role2">role2</option>
|
||||||
|
<option value="role3">role3</option>
|
||||||
|
<option value="role4">role4</option>
|
||||||
|
</select>
|
||||||
|
<button type="submit">---></button>
|
||||||
|
<button type="submit"><---</button>
|
||||||
|
<select multiple size=5>
|
||||||
|
<option value="role1">role1</option>
|
||||||
|
<option disabled="disabled" value="role2">role2</option>
|
||||||
|
<option value="role3">role3</option>
|
||||||
|
<option value="role4">role4</option>
|
||||||
|
</select>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</fieldset>
|
||||||
|
|
||||||
|
<div class="form-actions" data-ng-show="createRealm">
|
||||||
|
<button type="submit" data-ng-click="save()" class="primary" data-ng-show="changed">Save
|
||||||
|
</button>
|
||||||
|
<button type="submit" data-ng-click="cancel()" data-ng-click="cancel()"
|
||||||
|
data-ng-show="changed">Cancel
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="form-actions" data-ng-show="!createRealm">
|
||||||
|
<button type="submit" data-ng-click="save()" class="primary" data-ng-show="changed">Save
|
||||||
|
changes
|
||||||
|
</button>
|
||||||
|
<button type="submit" data-ng-click="reset()" data-ng-show="changed">Clear changes
|
||||||
|
</button>
|
||||||
|
<button type="submit" data-ng-click="remove()" class="danger" data-ng-hide="changed">
|
||||||
|
Delete
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div id="container-right-bg"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
|
@ -16,7 +16,7 @@
|
||||||
<li><a href="#/realms/{{realm.id}}/users">Query Users</a></li>
|
<li><a href="#/realms/{{realm.id}}/users">Query Users</a></li>
|
||||||
<li class="active"><a href="#">Attributes</a></li>
|
<li class="active"><a href="#">Attributes</a></li>
|
||||||
<li><a href="#">Credentials</a></li>
|
<li><a href="#">Credentials</a></li>
|
||||||
<li><a href="#">Role Mappings</a></li>
|
<li><a href="#/realms/{{realm.id}}/users/{{user.username}}/role-mappings">Role Mappings</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
<div id="content">
|
<div id="content">
|
||||||
|
|
|
@ -47,7 +47,7 @@ public class TokenManager {
|
||||||
if (scopeParam != null) scopeMap = decodeScope(scopeParam);
|
if (scopeParam != null) scopeMap = decodeScope(scopeParam);
|
||||||
List<RoleModel> realmRolesRequested = code.getRealmRolesRequested();
|
List<RoleModel> realmRolesRequested = code.getRealmRolesRequested();
|
||||||
MultivaluedMap<String, RoleModel> resourceRolesRequested = code.getResourceRolesRequested();
|
MultivaluedMap<String, RoleModel> resourceRolesRequested = code.getResourceRolesRequested();
|
||||||
Set<String> realmMapping = realm.getRoleMappings(user);
|
Set<String> realmMapping = realm.getRoleMappingValues(user);
|
||||||
|
|
||||||
if (realmMapping != null && realmMapping.size() > 0 && (scopeMap == null || scopeMap.containsKey("realm"))) {
|
if (realmMapping != null && realmMapping.size() > 0 && (scopeMap == null || scopeMap.containsKey("realm"))) {
|
||||||
Set<String> scope = realm.getScope(client);
|
Set<String> scope = realm.getScope(client);
|
||||||
|
@ -67,7 +67,7 @@ public class TokenManager {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (ApplicationModel resource : realm.getApplications()) {
|
for (ApplicationModel resource : realm.getApplications()) {
|
||||||
Set<String> mapping = resource.getRoleMappings(user);
|
Set<String> mapping = resource.getRoleMappingValues(user);
|
||||||
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
|
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
|
||||||
Set<String> scope = resource.getScope(client);
|
Set<String> scope = resource.getScope(client);
|
||||||
if (scope.size() > 0) {
|
if (scope.size() > 0) {
|
||||||
|
@ -176,7 +176,7 @@ public class TokenManager {
|
||||||
token.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan());
|
token.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan());
|
||||||
}
|
}
|
||||||
|
|
||||||
Set<String> realmMapping = realm.getRoleMappings(user);
|
Set<String> realmMapping = realm.getRoleMappingValues(user);
|
||||||
|
|
||||||
if (realmMapping != null && realmMapping.size() > 0) {
|
if (realmMapping != null && realmMapping.size() > 0) {
|
||||||
SkeletonKeyToken.Access access = new SkeletonKeyToken.Access();
|
SkeletonKeyToken.Access access = new SkeletonKeyToken.Access();
|
||||||
|
@ -187,7 +187,7 @@ public class TokenManager {
|
||||||
}
|
}
|
||||||
if (resources != null) {
|
if (resources != null) {
|
||||||
for (ApplicationModel resource : resources) {
|
for (ApplicationModel resource : resources) {
|
||||||
Set<String> mapping = resource.getRoleMappings(user);
|
Set<String> mapping = resource.getRoleMappingValues(user);
|
||||||
if (mapping == null) continue;
|
if (mapping == null) continue;
|
||||||
SkeletonKeyToken.Access access = token.addAccess(resource.getName())
|
SkeletonKeyToken.Access access = token.addAccess(resource.getName())
|
||||||
.verifyCaller(resource.isSurrogateAuthRequired());
|
.verifyCaller(resource.isSurrogateAuthRequired());
|
||||||
|
|
|
@ -36,11 +36,19 @@ public interface ApplicationModel {
|
||||||
|
|
||||||
List<RoleModel> getRoles();
|
List<RoleModel> getRoles();
|
||||||
|
|
||||||
Set<String> getRoleMappings(UserModel user);
|
Set<String> getRoleMappingValues(UserModel user);
|
||||||
|
|
||||||
void addScope(UserModel agent, String roleName);
|
void addScope(UserModel agent, String roleName);
|
||||||
|
|
||||||
void addScope(UserModel agent, RoleModel role);
|
void addScope(UserModel agent, RoleModel role);
|
||||||
|
|
||||||
Set<String> getScope(UserModel agent);
|
Set<String> getScope(UserModel agent);
|
||||||
|
|
||||||
|
List<RoleModel> getRoleMappings(UserModel user);
|
||||||
|
|
||||||
|
void deleteRoleMapping(UserModel user, RoleModel role);
|
||||||
|
|
||||||
|
RoleModel getRoleById(String id);
|
||||||
|
|
||||||
|
void grantRole(UserModel user, RoleModel role);
|
||||||
}
|
}
|
||||||
|
|
|
@ -103,7 +103,7 @@ public interface RealmModel {
|
||||||
|
|
||||||
void grantRole(UserModel user, RoleModel role);
|
void grantRole(UserModel user, RoleModel role);
|
||||||
|
|
||||||
Set<String> getRoleMappings(UserModel user);
|
Set<String> getRoleMappingValues(UserModel user);
|
||||||
|
|
||||||
void addScope(UserModel agent, String roleName);
|
void addScope(UserModel agent, String roleName);
|
||||||
|
|
||||||
|
@ -152,4 +152,8 @@ public interface RealmModel {
|
||||||
public void setAutomaticRegistrationAfterSocialLogin(boolean automaticRegistrationAfterSocialLogin);
|
public void setAutomaticRegistrationAfterSocialLogin(boolean automaticRegistrationAfterSocialLogin);
|
||||||
|
|
||||||
List<UserModel> searchForUserByAttributes(Map<String, String> attributes);
|
List<UserModel> searchForUserByAttributes(Map<String, String> attributes);
|
||||||
|
|
||||||
|
List<RoleModel> getRoleMappings(UserModel user);
|
||||||
|
|
||||||
|
void deleteRoleMapping(UserModel user, RoleModel role);
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,6 +8,7 @@ import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
|
||||||
import org.picketlink.idm.IdentityManager;
|
import org.picketlink.idm.IdentityManager;
|
||||||
import org.picketlink.idm.PartitionManager;
|
import org.picketlink.idm.PartitionManager;
|
||||||
import org.picketlink.idm.RelationshipManager;
|
import org.picketlink.idm.RelationshipManager;
|
||||||
|
import org.picketlink.idm.model.IdentityType;
|
||||||
import org.picketlink.idm.model.sample.Grant;
|
import org.picketlink.idm.model.sample.Grant;
|
||||||
import org.picketlink.idm.model.sample.Role;
|
import org.picketlink.idm.model.sample.Role;
|
||||||
import org.picketlink.idm.model.sample.SampleModel;
|
import org.picketlink.idm.model.sample.SampleModel;
|
||||||
|
@ -109,6 +110,22 @@ public class ApplicationAdapter implements ApplicationModel {
|
||||||
return new RoleAdapter(role, getIdm());
|
return new RoleAdapter(role, getIdm());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public RoleModel getRoleById(String id) {
|
||||||
|
IdentityQuery<Role> query = getIdm().createIdentityQuery(Role.class);
|
||||||
|
query.setParameter(IdentityType.ID, id);
|
||||||
|
List<Role> roles = query.getResultList();
|
||||||
|
if (roles.size() == 0) return null;
|
||||||
|
return new RoleAdapter(roles.get(0), getIdm());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void grantRole(UserModel user, RoleModel role) {
|
||||||
|
SampleModel.grantRole(getRelationshipManager(), ((UserAdapter) user).getUser(), ((RoleAdapter) role).getRole());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public RoleAdapter addRole(String name) {
|
public RoleAdapter addRole(String name) {
|
||||||
Role role = new Role(name);
|
Role role = new Role(name);
|
||||||
|
@ -129,7 +146,7 @@ public class ApplicationAdapter implements ApplicationModel {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<String> getRoleMappings(UserModel user) {
|
public Set<String> getRoleMappingValues(UserModel user) {
|
||||||
RelationshipQuery<Grant> query = getRelationshipManager().createRelationshipQuery(Grant.class);
|
RelationshipQuery<Grant> query = getRelationshipManager().createRelationshipQuery(Grant.class);
|
||||||
query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser());
|
query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser());
|
||||||
List<Grant> grants = query.getResultList();
|
List<Grant> grants = query.getResultList();
|
||||||
|
@ -140,6 +157,32 @@ public class ApplicationAdapter implements ApplicationModel {
|
||||||
return set;
|
return set;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<RoleModel> getRoleMappings(UserModel user) {
|
||||||
|
RelationshipQuery<Grant> query = getRelationshipManager().createRelationshipQuery(Grant.class);
|
||||||
|
query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser());
|
||||||
|
List<Grant> grants = query.getResultList();
|
||||||
|
List<RoleModel> set = new ArrayList<RoleModel>();
|
||||||
|
for (Grant grant : grants) {
|
||||||
|
if (grant.getRole().getPartition().getId().equals(resource.getId())) set.add(new RoleAdapter(grant.getRole(), getIdm()));
|
||||||
|
}
|
||||||
|
return set;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void deleteRoleMapping(UserModel user, RoleModel role) {
|
||||||
|
RelationshipQuery<Grant> query = getRelationshipManager().createRelationshipQuery(Grant.class);
|
||||||
|
query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser());
|
||||||
|
query.setParameter(Grant.ROLE, ((RoleAdapter)role).getRole());
|
||||||
|
List<Grant> grants = query.getResultList();
|
||||||
|
for (Grant grant : grants) {
|
||||||
|
getRelationshipManager().remove(grant);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addScope(UserModel agent, String roleName) {
|
public void addScope(UserModel agent, String roleName) {
|
||||||
IdentityManager idm = getIdm();
|
IdentityManager idm = getIdm();
|
||||||
|
|
|
@ -631,7 +631,18 @@ public class RealmAdapter implements RealmModel {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<String> getRoleMappings(UserModel user) {
|
public void deleteRoleMapping(UserModel user, RoleModel role) {
|
||||||
|
RelationshipQuery<Grant> query = getRelationshipManager().createRelationshipQuery(Grant.class);
|
||||||
|
query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser());
|
||||||
|
query.setParameter(Grant.ROLE, ((RoleAdapter)role).getRole());
|
||||||
|
List<Grant> grants = query.getResultList();
|
||||||
|
for (Grant grant : grants) {
|
||||||
|
getRelationshipManager().remove(grant);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Set<String> getRoleMappingValues(UserModel user) {
|
||||||
RelationshipQuery<Grant> query = getRelationshipManager().createRelationshipQuery(Grant.class);
|
RelationshipQuery<Grant> query = getRelationshipManager().createRelationshipQuery(Grant.class);
|
||||||
query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser());
|
query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser());
|
||||||
List<Grant> grants = query.getResultList();
|
List<Grant> grants = query.getResultList();
|
||||||
|
@ -642,6 +653,19 @@ public class RealmAdapter implements RealmModel {
|
||||||
return set;
|
return set;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<RoleModel> getRoleMappings(UserModel user) {
|
||||||
|
RelationshipQuery<Grant> query = getRelationshipManager().createRelationshipQuery(Grant.class);
|
||||||
|
query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser());
|
||||||
|
List<Grant> grants = query.getResultList();
|
||||||
|
List<RoleModel> set = new ArrayList<RoleModel>();
|
||||||
|
for (Grant grant : grants) {
|
||||||
|
if (grant.getRole().getPartition().getId().equals(realm.getId())) set.add(new RoleAdapter(grant.getRole(), getIdm()));
|
||||||
|
}
|
||||||
|
return set;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addScope(UserModel agent, String roleName) {
|
public void addScope(UserModel agent, String roleName) {
|
||||||
IdentityManager idm = getIdm();
|
IdentityManager idm = getIdm();
|
||||||
|
|
|
@ -120,94 +120,13 @@ public class RealmAdminResource {
|
||||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getId()).build()).build();
|
return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getId()).build()).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("users/{username}")
|
|
||||||
@PUT
|
|
||||||
@Consumes("application/json")
|
|
||||||
public void updateUser(final @PathParam("username") String username, final UserRepresentation rep) {
|
|
||||||
UserModel user = realm.getUser(username);
|
|
||||||
if (user == null) {
|
|
||||||
throw new NotFoundException();
|
|
||||||
}
|
|
||||||
user.setEmail(rep.getEmail());
|
|
||||||
user.setFirstName(rep.getFirstName());
|
|
||||||
user.setLastName(rep.getLastName());
|
|
||||||
for (Map.Entry<String, String> attr : rep.getAttributes().entrySet()) {
|
|
||||||
user.setAttribute(attr.getKey(), attr.getValue());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Path("users")
|
@Path("users")
|
||||||
@POST
|
public UsersResource users() {
|
||||||
@Consumes("application/json")
|
UsersResource users = new UsersResource(realm);
|
||||||
public Response createUser(final @Context UriInfo uriInfo, final UserRepresentation rep) {
|
resourceContext.initResource(users);
|
||||||
if (realm.getUser(rep.getUsername()) != null) {
|
return users;
|
||||||
throw new InternalServerErrorException(); // todo appropriate status here.
|
|
||||||
}
|
|
||||||
UserModel user = realm.addUser(rep.getUsername());
|
|
||||||
if (user == null) {
|
|
||||||
throw new NotFoundException();
|
|
||||||
}
|
|
||||||
user.setEmail(rep.getEmail());
|
|
||||||
user.setFirstName(rep.getFirstName());
|
|
||||||
user.setLastName(rep.getLastName());
|
|
||||||
if (rep.getAttributes() != null) {
|
|
||||||
for (Map.Entry<String, String> attr : rep.getAttributes().entrySet()) {
|
|
||||||
user.setAttribute(attr.getKey(), attr.getValue());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(user.getLoginName()).build()).build();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("users/{username}")
|
|
||||||
@GET
|
|
||||||
@NoCache
|
|
||||||
@Produces("application/json")
|
|
||||||
public UserRepresentation getUser(final @PathParam("username") String username) {
|
|
||||||
UserModel user = realm.getUser(username);
|
|
||||||
if (user == null) {
|
|
||||||
throw new NotFoundException();
|
|
||||||
}
|
|
||||||
return new RealmManager(session).toRepresentation(user);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Path("users")
|
|
||||||
@GET
|
|
||||||
@NoCache
|
|
||||||
@Produces("application/json")
|
|
||||||
public List<UserRepresentation> getUsers(@QueryParam("search") String search,
|
|
||||||
@QueryParam("lastName") String last,
|
|
||||||
@QueryParam("firstName") String first,
|
|
||||||
@QueryParam("email") String email,
|
|
||||||
@QueryParam("username") String username) {
|
|
||||||
RealmManager manager = new RealmManager(session);
|
|
||||||
List<UserRepresentation> results = new ArrayList<UserRepresentation>();
|
|
||||||
if (search != null) {
|
|
||||||
List<UserModel> userModels = manager.searchUsers(search, realm);
|
|
||||||
for (UserModel user : userModels) {
|
|
||||||
results.add(manager.toRepresentation(user));
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
Map<String, String> attributes = new HashMap<String, String>();
|
|
||||||
if (last != null) {
|
|
||||||
attributes.put(UserModel.LAST_NAME, last);
|
|
||||||
}
|
|
||||||
if (first != null) {
|
|
||||||
attributes.put(UserModel.FIRST_NAME, first);
|
|
||||||
}
|
|
||||||
if (email != null) {
|
|
||||||
attributes.put(UserModel.EMAIL, email);
|
|
||||||
}
|
|
||||||
if (username != null) {
|
|
||||||
attributes.put(UserModel.LOGIN_NAME, username);
|
|
||||||
}
|
|
||||||
List<UserModel> userModels = realm.searchForUserByAttributes(attributes);
|
|
||||||
for (UserModel user : userModels) {
|
|
||||||
results.add(manager.toRepresentation(user));
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
return results;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
309
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
Executable file
309
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
Executable file
|
@ -0,0 +1,309 @@
|
||||||
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
|
import org.keycloak.representations.idm.*;
|
||||||
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.services.models.*;
|
||||||
|
|
||||||
|
import javax.ws.rs.*;
|
||||||
|
import javax.ws.rs.container.ResourceContext;
|
||||||
|
import javax.ws.rs.core.Context;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
import javax.ws.rs.core.UriInfo;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
|
* @version $Revision: 1 $
|
||||||
|
*/
|
||||||
|
public class UsersResource {
|
||||||
|
|
||||||
|
protected RealmModel realm;
|
||||||
|
|
||||||
|
public UsersResource(RealmModel realm) {
|
||||||
|
this.realm = realm;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Context
|
||||||
|
protected ResourceContext resourceContext;
|
||||||
|
|
||||||
|
@Context
|
||||||
|
protected KeycloakSession session;
|
||||||
|
|
||||||
|
|
||||||
|
@Path("{username}")
|
||||||
|
@PUT
|
||||||
|
@Consumes("application/json")
|
||||||
|
public void updateUser(final @PathParam("username") String username, final UserRepresentation rep) {
|
||||||
|
UserModel user = realm.getUser(username);
|
||||||
|
if (user == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
user.setEmail(rep.getEmail());
|
||||||
|
user.setFirstName(rep.getFirstName());
|
||||||
|
user.setLastName(rep.getLastName());
|
||||||
|
for (Map.Entry<String, String> attr : rep.getAttributes().entrySet()) {
|
||||||
|
user.setAttribute(attr.getKey(), attr.getValue());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@POST
|
||||||
|
@Consumes("application/json")
|
||||||
|
public Response createUser(final @Context UriInfo uriInfo, final UserRepresentation rep) {
|
||||||
|
if (realm.getUser(rep.getUsername()) != null) {
|
||||||
|
throw new InternalServerErrorException(); // todo appropriate status here.
|
||||||
|
}
|
||||||
|
UserModel user = realm.addUser(rep.getUsername());
|
||||||
|
if (user == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
user.setEmail(rep.getEmail());
|
||||||
|
user.setFirstName(rep.getFirstName());
|
||||||
|
user.setLastName(rep.getLastName());
|
||||||
|
if (rep.getAttributes() != null) {
|
||||||
|
for (Map.Entry<String, String> attr : rep.getAttributes().entrySet()) {
|
||||||
|
user.setAttribute(attr.getKey(), attr.getValue());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return Response.created(uriInfo.getAbsolutePathBuilder().path(user.getLoginName()).build()).build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Path("{username}")
|
||||||
|
@GET
|
||||||
|
@NoCache
|
||||||
|
@Produces("application/json")
|
||||||
|
public UserRepresentation getUser(final @PathParam("username") String username) {
|
||||||
|
UserModel user = realm.getUser(username);
|
||||||
|
if (user == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
return new RealmManager(session).toRepresentation(user);
|
||||||
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@NoCache
|
||||||
|
@Produces("application/json")
|
||||||
|
public List<UserRepresentation> getUsers(@QueryParam("search") String search,
|
||||||
|
@QueryParam("lastName") String last,
|
||||||
|
@QueryParam("firstName") String first,
|
||||||
|
@QueryParam("email") String email,
|
||||||
|
@QueryParam("username") String username) {
|
||||||
|
RealmManager manager = new RealmManager(session);
|
||||||
|
List<UserRepresentation> results = new ArrayList<UserRepresentation>();
|
||||||
|
if (search != null) {
|
||||||
|
List<UserModel> userModels = manager.searchUsers(search, realm);
|
||||||
|
for (UserModel user : userModels) {
|
||||||
|
results.add(manager.toRepresentation(user));
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Map<String, String> attributes = new HashMap<String, String>();
|
||||||
|
if (last != null) {
|
||||||
|
attributes.put(UserModel.LAST_NAME, last);
|
||||||
|
}
|
||||||
|
if (first != null) {
|
||||||
|
attributes.put(UserModel.FIRST_NAME, first);
|
||||||
|
}
|
||||||
|
if (email != null) {
|
||||||
|
attributes.put(UserModel.EMAIL, email);
|
||||||
|
}
|
||||||
|
if (username != null) {
|
||||||
|
attributes.put(UserModel.LOGIN_NAME, username);
|
||||||
|
}
|
||||||
|
List<UserModel> userModels = realm.searchForUserByAttributes(attributes);
|
||||||
|
for (UserModel user : userModels) {
|
||||||
|
results.add(manager.toRepresentation(user));
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
return results;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Path("{username}/role-mappings")
|
||||||
|
@GET
|
||||||
|
public AllRoleMappingsRepresentation getRoleMappings(@PathParam("username") String username) {
|
||||||
|
UserModel user = realm.getUser(username);
|
||||||
|
if (user == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
AllRoleMappingsRepresentation all = new AllRoleMappingsRepresentation();
|
||||||
|
all.setRealmId(realm.getId());
|
||||||
|
all.setRealmName(realm.getName());
|
||||||
|
all.setUsername(username);
|
||||||
|
List<RoleModel> realmMappings = realm.getRoleMappings(user);
|
||||||
|
RealmManager manager = new RealmManager(session);
|
||||||
|
if (realmMappings.size() > 0) {
|
||||||
|
List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>();
|
||||||
|
for (RoleModel roleModel : realmMappings) {
|
||||||
|
realmRep.add(manager.toRepresentation(roleModel));
|
||||||
|
}
|
||||||
|
all.setRealmMappings(realmRep);
|
||||||
|
}
|
||||||
|
|
||||||
|
List<ApplicationModel> applications = realm.getApplications();
|
||||||
|
if (applications.size() > 0) {
|
||||||
|
Map<String, ApplicationRoleMappings> appMappings = new HashMap<String, ApplicationRoleMappings>();
|
||||||
|
for (ApplicationModel application : applications) {
|
||||||
|
List<RoleModel> roleMappings = application.getRoleMappings(user);
|
||||||
|
if (roleMappings.size() > 0) {
|
||||||
|
ApplicationRoleMappings mappings = new ApplicationRoleMappings();
|
||||||
|
mappings.setUsername(user.getLoginName());
|
||||||
|
mappings.setApplicationId(application.getId());
|
||||||
|
mappings.setApplication(application.getName());
|
||||||
|
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
|
||||||
|
mappings.setMappings(roles);
|
||||||
|
for (RoleModel role : roleMappings) {
|
||||||
|
roles.add(manager.toRepresentation(role));
|
||||||
|
}
|
||||||
|
appMappings.put(application.getName(), mappings);
|
||||||
|
all.setApplicationMappings(appMappings);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return all;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Path("{username}/role-mappings/realm")
|
||||||
|
@GET
|
||||||
|
public RealmRoleMappingsRepresentation getRealmRoleMappings(@PathParam("username") String username) {
|
||||||
|
UserModel user = realm.getUser(username);
|
||||||
|
if (user == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
RealmRoleMappingsRepresentation rep = new RealmRoleMappingsRepresentation();
|
||||||
|
List<RoleModel> realmMappings = realm.getRoleMappings(user);
|
||||||
|
if (realmMappings.size() > 0) {
|
||||||
|
RealmManager manager = new RealmManager(session);
|
||||||
|
List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>();
|
||||||
|
for (RoleModel roleModel : realmMappings) {
|
||||||
|
realmRep.add(manager.toRepresentation(roleModel));
|
||||||
|
}
|
||||||
|
rep.setMappings(realmRep);
|
||||||
|
}
|
||||||
|
return rep;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Path("{username}/role-mappings/realm")
|
||||||
|
@POST
|
||||||
|
public void addRealmRoleMappings(@PathParam("username") String username, List<RoleRepresentation> roles) {
|
||||||
|
UserModel user = realm.getUser(username);
|
||||||
|
if (user == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
for (RoleRepresentation role : roles) {
|
||||||
|
RoleModel roleModel = realm.getRoleById(role.getId());
|
||||||
|
if (roleModel == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
realm.grantRole(user, roleModel);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Path("{username}/role-mappings/realm")
|
||||||
|
@DELETE
|
||||||
|
public void deleteRoleMapping(@PathParam("username") String username, List<RoleRepresentation> roles) {
|
||||||
|
UserModel user = realm.getUser(username);
|
||||||
|
if (user == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (roles == null) {
|
||||||
|
List<RoleModel> roleModels = realm.getRoleMappings(user);
|
||||||
|
for (RoleModel roleModel : roleModels) {
|
||||||
|
realm.deleteRoleMapping(user, roleModel);
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
for (RoleRepresentation role : roles) {
|
||||||
|
RoleModel roleModel = realm.getRoleById(role.getId());
|
||||||
|
if (roleModel == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
realm.deleteRoleMapping(user, roleModel);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Path("{username}/role-mappings/applications/{appId}")
|
||||||
|
@GET
|
||||||
|
public ApplicationRoleMappings getApplicationRoleMappings(@PathParam("username") String username, @PathParam("appId") String appId) {
|
||||||
|
UserModel user = realm.getUser(username);
|
||||||
|
if (user == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
ApplicationModel application = realm.getApplicationById(appId);
|
||||||
|
|
||||||
|
if (application == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
ApplicationRoleMappings rep = new ApplicationRoleMappings();
|
||||||
|
List<RoleModel> mappings = application.getRoleMappings(user);
|
||||||
|
if (mappings.size() > 0) {
|
||||||
|
RealmManager manager = new RealmManager(session);
|
||||||
|
List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
|
||||||
|
for (RoleModel roleModel : mappings) {
|
||||||
|
mapRep.add(manager.toRepresentation(roleModel));
|
||||||
|
}
|
||||||
|
rep.setMappings(mapRep);
|
||||||
|
}
|
||||||
|
return rep;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Path("{username}/role-mappings/applications/{appId}")
|
||||||
|
@POST
|
||||||
|
public void addApplicationRoleMapping(@PathParam("username") String username, @PathParam("appId") String appId, List<RoleRepresentation> roles) {
|
||||||
|
UserModel user = realm.getUser(username);
|
||||||
|
if (user == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
ApplicationModel application = realm.getApplicationById(appId);
|
||||||
|
|
||||||
|
if (application == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Path("{username}/role-mappings/applications/{appId}")
|
||||||
|
@DELETE
|
||||||
|
public void deleteApplicationRoleMapping(@PathParam("username") String username, @PathParam("appId") String appId, List<RoleRepresentation> roles) {
|
||||||
|
UserModel user = realm.getUser(username);
|
||||||
|
if (user == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
ApplicationModel application = realm.getApplicationById(appId);
|
||||||
|
|
||||||
|
if (application == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (roles == null) {
|
||||||
|
List<RoleModel> roleModels = application.getRoleMappings(user);
|
||||||
|
for (RoleModel roleModel : roleModels) {
|
||||||
|
application.deleteRoleMapping(user, roleModel);
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
for (RoleRepresentation role : roles) {
|
||||||
|
RoleModel roleModel = application.getRoleById(role.getId());
|
||||||
|
if (roleModel == null) {
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
application.deleteRoleMapping(user, roleModel);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue