Merge pull request #236 from patriot1burke/master
central login timeouts, rememberme framework
This commit is contained in:
commit
3552f9e4aa
13 changed files with 162 additions and 6 deletions
|
@ -549,6 +549,12 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
|
|||
$scope.realm.accessTokenLifespan = TimeUnit.convert($scope.realm.accessTokenLifespan, from, to);
|
||||
});
|
||||
|
||||
$scope.realm.centralLoginLifespanUnit = TimeUnit.autoUnit(realm.accessTokenLifespan);
|
||||
$scope.realm.centralLoginLifespan = TimeUnit.toUnit(realm.centralLoginLifespan, $scope.realm.centralLoginLifespanUnit);
|
||||
$scope.$watch('realm.centralLoginLifespanUnit', function(to, from) {
|
||||
$scope.realm.centralLoginLifespan = TimeUnit.convert($scope.realm.centralLoginLifespan, from, to);
|
||||
});
|
||||
|
||||
$scope.realm.refreshTokenLifespanUnit = TimeUnit.autoUnit(realm.refreshTokenLifespan);
|
||||
$scope.realm.refreshTokenLifespan = TimeUnit.toUnit(realm.refreshTokenLifespan, $scope.realm.refreshTokenLifespanUnit);
|
||||
$scope.$watch('realm.refreshTokenLifespanUnit', function(to, from) {
|
||||
|
@ -582,6 +588,7 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
|
|||
delete realmCopy["accessTokenLifespanUnit"];
|
||||
delete realmCopy["refreshTokenLifespanUnit"];
|
||||
delete realmCopy["accessCodeLifespanUnit"];
|
||||
delete realmCopy["centralLoginLifespanUnit"];
|
||||
delete realmCopy["accessCodeLifespanUserActionUnit"];
|
||||
|
||||
realmCopy.accessTokenLifespan = TimeUnit.toSeconds($scope.realm.accessTokenLifespan, $scope.realm.accessTokenLifespanUnit)
|
||||
|
|
|
@ -10,6 +10,32 @@
|
|||
<h2><span>{{realm.realm}}</span> Token Settings</h2>
|
||||
<form class="form-horizontal" name="realmForm" novalidate>
|
||||
<fieldset class="border-top">
|
||||
<div class="form-group">
|
||||
<label class="col-sm-2 control-label" for="rememberMe">Remember Me</label>
|
||||
<div class="col-sm-4">
|
||||
<input ng-model="realm.rememberMe" name="rememberMe" id="rememberMe" onoffswitch />
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group input-select">
|
||||
<label class="col-sm-2 control-label" for="centralLoginLifespan">Central Login lifespan</label>
|
||||
<div class="col-sm-10">
|
||||
<div class="row">
|
||||
<div class="col-sm-2">
|
||||
<input class="form-control" type="number" required min="1"
|
||||
max="31536000" data-ng-model="realm.centralLoginLifespan"
|
||||
id="centralLoginLifespan" name="centralLoginLifespan"/>
|
||||
</div>
|
||||
<div class="col-sm-2 select-kc">
|
||||
<select name="centralLoginLifespanUnit" data-ng-model="realm.centralLoginLifespanUnit" >
|
||||
<option data-ng-selected="!realm.centralLoginLifespanUnit">Seconds</option>
|
||||
<option>Minutes</option>
|
||||
<option>Hours</option>
|
||||
<option>Days</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group input-select">
|
||||
<label class="col-sm-2 control-label" for="accessTokenLifespan">Access token lifespan</label>
|
||||
<div class="col-sm-10">
|
||||
|
@ -67,7 +93,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<div class="form-group input-select">
|
||||
<label class="col-sm-2 control-label" for="refreshTokenLifespan">Refresh token lifespan {{realm.refreshTokenLifespan}}</label>
|
||||
<label class="col-sm-2 control-label" for="refreshTokenLifespan">Refresh token lifespan</label>
|
||||
<div class="col-sm-10">
|
||||
<div class="row">
|
||||
<div class="col-sm-2">
|
||||
|
|
|
@ -15,11 +15,13 @@ public class RealmRepresentation {
|
|||
protected String realm;
|
||||
protected Integer accessTokenLifespan;
|
||||
protected Integer refreshTokenLifespan;
|
||||
protected Integer centralLoginLifespan;
|
||||
protected Integer accessCodeLifespan;
|
||||
protected Integer accessCodeLifespanUserAction;
|
||||
protected Boolean enabled;
|
||||
protected Boolean sslNotRequired;
|
||||
protected Boolean registrationAllowed;
|
||||
protected Boolean rememberMe;
|
||||
protected Boolean verifyEmail;
|
||||
protected Boolean resetPasswordAllowed;
|
||||
protected Boolean social;
|
||||
|
@ -127,6 +129,14 @@ public class RealmRepresentation {
|
|||
return refreshTokenLifespan;
|
||||
}
|
||||
|
||||
public Integer getCentralLoginLifespan() {
|
||||
return centralLoginLifespan;
|
||||
}
|
||||
|
||||
public void setCentralLoginLifespan(Integer centralLoginLifespan) {
|
||||
this.centralLoginLifespan = centralLoginLifespan;
|
||||
}
|
||||
|
||||
public void setRefreshTokenLifespan(Integer refreshTokenLifespan) {
|
||||
this.refreshTokenLifespan = refreshTokenLifespan;
|
||||
}
|
||||
|
@ -231,6 +241,14 @@ public class RealmRepresentation {
|
|||
this.registrationAllowed = registrationAllowed;
|
||||
}
|
||||
|
||||
public Boolean isRememberMe() {
|
||||
return rememberMe;
|
||||
}
|
||||
|
||||
public void setRememberMe(Boolean rememberMe) {
|
||||
this.rememberMe = rememberMe;
|
||||
}
|
||||
|
||||
public Boolean isVerifyEmail() {
|
||||
return verifyEmail;
|
||||
}
|
||||
|
|
|
@ -29,6 +29,9 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
|
|||
boolean isRegistrationAllowed();
|
||||
|
||||
void setRegistrationAllowed(boolean registrationAllowed);
|
||||
boolean isRememberMe();
|
||||
|
||||
void setRememberMe(boolean rememberMe);
|
||||
|
||||
boolean isVerifyEmail();
|
||||
|
||||
|
@ -38,6 +41,10 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
|
|||
|
||||
void setResetPasswordAllowed(boolean resetPasswordAllowed);
|
||||
|
||||
int getCentralLoginLifespan();
|
||||
|
||||
void setCentralLoginLifespan(int lifespan);
|
||||
|
||||
int getAccessTokenLifespan();
|
||||
|
||||
void setAccessTokenLifespan(int tokenLifespan);
|
||||
|
|
|
@ -105,6 +105,17 @@ public class RealmAdapter implements RealmModel {
|
|||
em.flush();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isRememberMe() {
|
||||
return realm.isRememberMe();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setRememberMe(boolean rememberMe) {
|
||||
realm.setRememberMe(rememberMe);
|
||||
em.flush();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isVerifyEmail() {
|
||||
return realm.isVerifyEmail();
|
||||
|
@ -138,6 +149,17 @@ public class RealmAdapter implements RealmModel {
|
|||
em.flush();
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getCentralLoginLifespan() {
|
||||
return realm.getCentralLoginLifespan();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setCentralLoginLifespan(int lifespan) {
|
||||
realm.setCentralLoginLifespan(lifespan);
|
||||
em.flush();
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getRefreshTokenLifespan() {
|
||||
return realm.getRefreshTokenLifespan();
|
||||
|
|
|
@ -38,11 +38,13 @@ public class RealmEntity {
|
|||
protected boolean verifyEmail;
|
||||
protected boolean resetPasswordAllowed;
|
||||
protected boolean social;
|
||||
protected boolean rememberMe;
|
||||
|
||||
@Column(name="updateProfileOnInitSocLogin")
|
||||
protected boolean updateProfileOnInitialSocialLogin;
|
||||
protected String passwordPolicy;
|
||||
|
||||
protected int centralLoginLifespan;
|
||||
protected int accessTokenLifespan;
|
||||
protected int accessCodeLifespan;
|
||||
protected int accessCodeLifespanUserAction;
|
||||
|
@ -130,6 +132,14 @@ public class RealmEntity {
|
|||
this.registrationAllowed = registrationAllowed;
|
||||
}
|
||||
|
||||
public boolean isRememberMe() {
|
||||
return rememberMe;
|
||||
}
|
||||
|
||||
public void setRememberMe(boolean rememberMe) {
|
||||
this.rememberMe = rememberMe;
|
||||
}
|
||||
|
||||
public boolean isVerifyEmail() {
|
||||
return verifyEmail;
|
||||
}
|
||||
|
@ -162,6 +172,14 @@ public class RealmEntity {
|
|||
this.updateProfileOnInitialSocialLogin = updateProfileOnInitialSocialLogin;
|
||||
}
|
||||
|
||||
public int getCentralLoginLifespan() {
|
||||
return centralLoginLifespan;
|
||||
}
|
||||
|
||||
public void setCentralLoginLifespan(int centralLoginLifespan) {
|
||||
this.centralLoginLifespan = centralLoginLifespan;
|
||||
}
|
||||
|
||||
public int getRefreshTokenLifespan() {
|
||||
return refreshTokenLifespan;
|
||||
}
|
||||
|
|
|
@ -107,6 +107,18 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
|
|||
updateRealm();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isRememberMe() {
|
||||
return realm.isRememberMe();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setRememberMe(boolean rememberMe) {
|
||||
realm.setRememberMe(rememberMe);
|
||||
updateRealm();
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public boolean isVerifyEmail() {
|
||||
return realm.isVerifyEmail();
|
||||
|
@ -177,6 +189,18 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
|
|||
updateRealm();
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getCentralLoginLifespan() {
|
||||
return realm.getCentralLoginLifespan();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setCentralLoginLifespan(int lifespan) {
|
||||
realm.setCentralLoginLifespan(lifespan);
|
||||
updateRealm();
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public int getRefreshTokenLifespan() {
|
||||
return realm.getRefreshTokenLifespan();
|
||||
|
|
|
@ -23,12 +23,14 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
|
|||
private boolean enabled;
|
||||
private boolean sslNotRequired;
|
||||
private boolean registrationAllowed;
|
||||
private boolean rememberMe;
|
||||
private boolean verifyEmail;
|
||||
private boolean resetPasswordAllowed;
|
||||
private boolean social;
|
||||
private boolean updateProfileOnInitialSocialLogin;
|
||||
private String passwordPolicy;
|
||||
|
||||
private int centralLoginLifespan;
|
||||
private int accessTokenLifespan;
|
||||
private int accessCodeLifespan;
|
||||
private int accessCodeLifespanUserAction;
|
||||
|
@ -86,6 +88,15 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
|
|||
this.registrationAllowed = registrationAllowed;
|
||||
}
|
||||
|
||||
@MongoField
|
||||
public boolean isRememberMe() {
|
||||
return rememberMe;
|
||||
}
|
||||
|
||||
public void setRememberMe(boolean rememberMe) {
|
||||
this.rememberMe = rememberMe;
|
||||
}
|
||||
|
||||
@MongoField
|
||||
public boolean isVerifyEmail() {
|
||||
return verifyEmail;
|
||||
|
@ -131,6 +142,15 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
|
|||
this.passwordPolicy = passwordPolicy;
|
||||
}
|
||||
|
||||
@MongoField
|
||||
public int getCentralLoginLifespan() {
|
||||
return centralLoginLifespan;
|
||||
}
|
||||
|
||||
public void setCentralLoginLifespan(int centralLoginLifespan) {
|
||||
this.centralLoginLifespan = centralLoginLifespan;
|
||||
}
|
||||
|
||||
@MongoField
|
||||
public int getAccessTokenLifespan() {
|
||||
return accessTokenLifespan;
|
||||
|
|
|
@ -46,6 +46,7 @@ public class ApplianceBootstrap {
|
|||
realm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||
realm.addRequiredOAuthClientCredential(CredentialRepresentation.PASSWORD);
|
||||
realm.addRequiredResourceCredential(CredentialRepresentation.PASSWORD);
|
||||
realm.setCentralLoginLifespan(3000);
|
||||
realm.setAccessTokenLifespan(60);
|
||||
realm.setRefreshTokenLifespan(3600);
|
||||
realm.setAccessCodeLifespan(60);
|
||||
|
|
|
@ -46,13 +46,12 @@ public class AuthenticationManager {
|
|||
token.issuedNow();
|
||||
token.subject(user.getId());
|
||||
token.audience(realm.getName());
|
||||
if (realm.getAccessTokenLifespan() > 0) {
|
||||
token.expiration((System.currentTimeMillis() / 1000) + realm.getAccessTokenLifespan());
|
||||
if (realm.getCentralLoginLifespan() > 0) {
|
||||
token.expiration((System.currentTimeMillis() / 1000) + realm.getCentralLoginLifespan());
|
||||
}
|
||||
return token;
|
||||
}
|
||||
|
||||
|
||||
public NewCookie createLoginCookie(RealmModel realm, UserModel user, UriInfo uriInfo) {
|
||||
String cookieName = KEYCLOAK_IDENTITY_COOKIE;
|
||||
String cookiePath = getIdentityCookiePath(realm, uriInfo);
|
||||
|
@ -80,7 +79,13 @@ public class AuthenticationManager {
|
|||
String encoded = encodeToken(realm, identityToken);
|
||||
boolean secureOnly = !realm.isSslNotRequired();
|
||||
logger.debug("creatingLoginCookie - name: {0} path: {1}", cookieName, cookiePath);
|
||||
NewCookie cookie = new NewCookie(cookieName, encoded, cookiePath, null, null, NewCookie.DEFAULT_MAX_AGE, secureOnly, true);
|
||||
int maxAge = NewCookie.DEFAULT_MAX_AGE;
|
||||
/*
|
||||
if (realm.isRememberMe()) {
|
||||
maxAge = realm.getCentralLoginLifespan();
|
||||
}
|
||||
*/
|
||||
NewCookie cookie = new NewCookie(cookieName, encoded, cookiePath, null, null, maxAge, secureOnly, true);
|
||||
return cookie;
|
||||
}
|
||||
|
||||
|
|
|
@ -69,9 +69,11 @@ public class ModelToRepresentation {
|
|||
rep.setPublicKey(realm.getPublicKeyPem());
|
||||
rep.setPrivateKey(realm.getPrivateKeyPem());
|
||||
rep.setRegistrationAllowed(realm.isRegistrationAllowed());
|
||||
rep.setRememberMe(realm.isRememberMe());
|
||||
rep.setVerifyEmail(realm.isVerifyEmail());
|
||||
rep.setResetPasswordAllowed(realm.isResetPasswordAllowed());
|
||||
rep.setAccessTokenLifespan(realm.getAccessTokenLifespan());
|
||||
rep.setCentralLoginLifespan(realm.getCentralLoginLifespan());
|
||||
rep.setRefreshTokenLifespan(realm.getRefreshTokenLifespan());
|
||||
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
|
||||
rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction());
|
||||
|
|
|
@ -97,6 +97,7 @@ public class RealmManager {
|
|||
if (rep.isEnabled() != null) realm.setEnabled(rep.isEnabled());
|
||||
if (rep.isSocial() != null) realm.setSocial(rep.isSocial());
|
||||
if (rep.isRegistrationAllowed() != null) realm.setRegistrationAllowed(rep.isRegistrationAllowed());
|
||||
if (rep.isRememberMe() != null) realm.setRememberMe(rep.isRememberMe());
|
||||
if (rep.isVerifyEmail() != null) realm.setVerifyEmail(rep.isVerifyEmail());
|
||||
if (rep.isResetPasswordAllowed() != null) realm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
|
||||
if (rep.isUpdateProfileOnInitialSocialLogin() != null)
|
||||
|
@ -107,6 +108,7 @@ public class RealmManager {
|
|||
realm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction());
|
||||
if (rep.getAccessTokenLifespan() != null) realm.setAccessTokenLifespan(rep.getAccessTokenLifespan());
|
||||
if (rep.getRefreshTokenLifespan() != null) realm.setRefreshTokenLifespan(rep.getRefreshTokenLifespan());
|
||||
if (rep.getCentralLoginLifespan() != null) realm.setCentralLoginLifespan(rep.getCentralLoginLifespan());
|
||||
if (rep.getRequiredCredentials() != null) {
|
||||
realm.updateRequiredCredentials(rep.getRequiredCredentials());
|
||||
}
|
||||
|
@ -163,7 +165,9 @@ public class RealmManager {
|
|||
else newRealm.setAccessTokenLifespan(300);
|
||||
|
||||
if (rep.getRefreshTokenLifespan() != null) newRealm.setRefreshTokenLifespan(rep.getRefreshTokenLifespan());
|
||||
else newRealm.setRefreshTokenLifespan(3600);
|
||||
else newRealm.setRefreshTokenLifespan(36000);
|
||||
if (rep.getCentralLoginLifespan() != null) newRealm.setCentralLoginLifespan(rep.getCentralLoginLifespan());
|
||||
else newRealm.setCentralLoginLifespan(300);
|
||||
|
||||
if (rep.getAccessCodeLifespan() != null) newRealm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
|
||||
else newRealm.setAccessCodeLifespan(60);
|
||||
|
@ -174,6 +178,7 @@ public class RealmManager {
|
|||
|
||||
if (rep.isSslNotRequired() != null) newRealm.setSslNotRequired(rep.isSslNotRequired());
|
||||
if (rep.isRegistrationAllowed() != null) newRealm.setRegistrationAllowed(rep.isRegistrationAllowed());
|
||||
if (rep.isRememberMe() != null) newRealm.setRememberMe(rep.isRememberMe());
|
||||
if (rep.isVerifyEmail() != null) newRealm.setVerifyEmail(rep.isVerifyEmail());
|
||||
if (rep.isResetPasswordAllowed() != null) newRealm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
|
||||
if (rep.isUpdateProfileOnInitialSocialLogin() != null)
|
||||
|
|
|
@ -57,6 +57,7 @@ public class CompositeRoleTest {
|
|||
RealmModel realm = manager.createRealm("Test");
|
||||
manager.generateRealmKeys(realm);
|
||||
realmPublicKey = realm.getPublicKey();
|
||||
realm.setCentralLoginLifespan(3000);
|
||||
realm.setAccessTokenLifespan(10000);
|
||||
realm.setRefreshTokenLifespan(10000);
|
||||
realm.setAccessCodeLifespanUserAction(1000);
|
||||
|
|
Loading…
Reference in a new issue