Merge pull request #236 from patriot1burke/master

central login timeouts, rememberme framework
This commit is contained in:
Bill Burke 2014-02-22 21:52:54 -05:00
commit 3552f9e4aa
13 changed files with 162 additions and 6 deletions

View file

@ -549,6 +549,12 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
$scope.realm.accessTokenLifespan = TimeUnit.convert($scope.realm.accessTokenLifespan, from, to);
});
$scope.realm.centralLoginLifespanUnit = TimeUnit.autoUnit(realm.accessTokenLifespan);
$scope.realm.centralLoginLifespan = TimeUnit.toUnit(realm.centralLoginLifespan, $scope.realm.centralLoginLifespanUnit);
$scope.$watch('realm.centralLoginLifespanUnit', function(to, from) {
$scope.realm.centralLoginLifespan = TimeUnit.convert($scope.realm.centralLoginLifespan, from, to);
});
$scope.realm.refreshTokenLifespanUnit = TimeUnit.autoUnit(realm.refreshTokenLifespan);
$scope.realm.refreshTokenLifespan = TimeUnit.toUnit(realm.refreshTokenLifespan, $scope.realm.refreshTokenLifespanUnit);
$scope.$watch('realm.refreshTokenLifespanUnit', function(to, from) {
@ -582,6 +588,7 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
delete realmCopy["accessTokenLifespanUnit"];
delete realmCopy["refreshTokenLifespanUnit"];
delete realmCopy["accessCodeLifespanUnit"];
delete realmCopy["centralLoginLifespanUnit"];
delete realmCopy["accessCodeLifespanUserActionUnit"];
realmCopy.accessTokenLifespan = TimeUnit.toSeconds($scope.realm.accessTokenLifespan, $scope.realm.accessTokenLifespanUnit)

View file

@ -10,6 +10,32 @@
<h2><span>{{realm.realm}}</span> Token Settings</h2>
<form class="form-horizontal" name="realmForm" novalidate>
<fieldset class="border-top">
<div class="form-group">
<label class="col-sm-2 control-label" for="rememberMe">Remember Me</label>
<div class="col-sm-4">
<input ng-model="realm.rememberMe" name="rememberMe" id="rememberMe" onoffswitch />
</div>
</div>
<div class="form-group input-select">
<label class="col-sm-2 control-label" for="centralLoginLifespan">Central Login lifespan</label>
<div class="col-sm-10">
<div class="row">
<div class="col-sm-2">
<input class="form-control" type="number" required min="1"
max="31536000" data-ng-model="realm.centralLoginLifespan"
id="centralLoginLifespan" name="centralLoginLifespan"/>
</div>
<div class="col-sm-2 select-kc">
<select name="centralLoginLifespanUnit" data-ng-model="realm.centralLoginLifespanUnit" >
<option data-ng-selected="!realm.centralLoginLifespanUnit">Seconds</option>
<option>Minutes</option>
<option>Hours</option>
<option>Days</option>
</select>
</div>
</div>
</div>
</div>
<div class="form-group input-select">
<label class="col-sm-2 control-label" for="accessTokenLifespan">Access token lifespan</label>
<div class="col-sm-10">
@ -67,7 +93,7 @@
</div>
</div>
<div class="form-group input-select">
<label class="col-sm-2 control-label" for="refreshTokenLifespan">Refresh token lifespan {{realm.refreshTokenLifespan}}</label>
<label class="col-sm-2 control-label" for="refreshTokenLifespan">Refresh token lifespan</label>
<div class="col-sm-10">
<div class="row">
<div class="col-sm-2">

View file

@ -15,11 +15,13 @@ public class RealmRepresentation {
protected String realm;
protected Integer accessTokenLifespan;
protected Integer refreshTokenLifespan;
protected Integer centralLoginLifespan;
protected Integer accessCodeLifespan;
protected Integer accessCodeLifespanUserAction;
protected Boolean enabled;
protected Boolean sslNotRequired;
protected Boolean registrationAllowed;
protected Boolean rememberMe;
protected Boolean verifyEmail;
protected Boolean resetPasswordAllowed;
protected Boolean social;
@ -127,6 +129,14 @@ public class RealmRepresentation {
return refreshTokenLifespan;
}
public Integer getCentralLoginLifespan() {
return centralLoginLifespan;
}
public void setCentralLoginLifespan(Integer centralLoginLifespan) {
this.centralLoginLifespan = centralLoginLifespan;
}
public void setRefreshTokenLifespan(Integer refreshTokenLifespan) {
this.refreshTokenLifespan = refreshTokenLifespan;
}
@ -231,6 +241,14 @@ public class RealmRepresentation {
this.registrationAllowed = registrationAllowed;
}
public Boolean isRememberMe() {
return rememberMe;
}
public void setRememberMe(Boolean rememberMe) {
this.rememberMe = rememberMe;
}
public Boolean isVerifyEmail() {
return verifyEmail;
}

View file

@ -29,6 +29,9 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
boolean isRegistrationAllowed();
void setRegistrationAllowed(boolean registrationAllowed);
boolean isRememberMe();
void setRememberMe(boolean rememberMe);
boolean isVerifyEmail();
@ -38,6 +41,10 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
void setResetPasswordAllowed(boolean resetPasswordAllowed);
int getCentralLoginLifespan();
void setCentralLoginLifespan(int lifespan);
int getAccessTokenLifespan();
void setAccessTokenLifespan(int tokenLifespan);

View file

@ -105,6 +105,17 @@ public class RealmAdapter implements RealmModel {
em.flush();
}
@Override
public boolean isRememberMe() {
return realm.isRememberMe();
}
@Override
public void setRememberMe(boolean rememberMe) {
realm.setRememberMe(rememberMe);
em.flush();
}
@Override
public boolean isVerifyEmail() {
return realm.isVerifyEmail();
@ -138,6 +149,17 @@ public class RealmAdapter implements RealmModel {
em.flush();
}
@Override
public int getCentralLoginLifespan() {
return realm.getCentralLoginLifespan();
}
@Override
public void setCentralLoginLifespan(int lifespan) {
realm.setCentralLoginLifespan(lifespan);
em.flush();
}
@Override
public int getRefreshTokenLifespan() {
return realm.getRefreshTokenLifespan();

View file

@ -38,11 +38,13 @@ public class RealmEntity {
protected boolean verifyEmail;
protected boolean resetPasswordAllowed;
protected boolean social;
protected boolean rememberMe;
@Column(name="updateProfileOnInitSocLogin")
protected boolean updateProfileOnInitialSocialLogin;
protected String passwordPolicy;
protected int centralLoginLifespan;
protected int accessTokenLifespan;
protected int accessCodeLifespan;
protected int accessCodeLifespanUserAction;
@ -130,6 +132,14 @@ public class RealmEntity {
this.registrationAllowed = registrationAllowed;
}
public boolean isRememberMe() {
return rememberMe;
}
public void setRememberMe(boolean rememberMe) {
this.rememberMe = rememberMe;
}
public boolean isVerifyEmail() {
return verifyEmail;
}
@ -162,6 +172,14 @@ public class RealmEntity {
this.updateProfileOnInitialSocialLogin = updateProfileOnInitialSocialLogin;
}
public int getCentralLoginLifespan() {
return centralLoginLifespan;
}
public void setCentralLoginLifespan(int centralLoginLifespan) {
this.centralLoginLifespan = centralLoginLifespan;
}
public int getRefreshTokenLifespan() {
return refreshTokenLifespan;
}

View file

@ -107,6 +107,18 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
updateRealm();
}
@Override
public boolean isRememberMe() {
return realm.isRememberMe();
}
@Override
public void setRememberMe(boolean rememberMe) {
realm.setRememberMe(rememberMe);
updateRealm();
}
@Override
public boolean isVerifyEmail() {
return realm.isVerifyEmail();
@ -177,6 +189,18 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
updateRealm();
}
@Override
public int getCentralLoginLifespan() {
return realm.getCentralLoginLifespan();
}
@Override
public void setCentralLoginLifespan(int lifespan) {
realm.setCentralLoginLifespan(lifespan);
updateRealm();
}
@Override
public int getRefreshTokenLifespan() {
return realm.getRefreshTokenLifespan();

View file

@ -23,12 +23,14 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
private boolean enabled;
private boolean sslNotRequired;
private boolean registrationAllowed;
private boolean rememberMe;
private boolean verifyEmail;
private boolean resetPasswordAllowed;
private boolean social;
private boolean updateProfileOnInitialSocialLogin;
private String passwordPolicy;
private int centralLoginLifespan;
private int accessTokenLifespan;
private int accessCodeLifespan;
private int accessCodeLifespanUserAction;
@ -86,6 +88,15 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
this.registrationAllowed = registrationAllowed;
}
@MongoField
public boolean isRememberMe() {
return rememberMe;
}
public void setRememberMe(boolean rememberMe) {
this.rememberMe = rememberMe;
}
@MongoField
public boolean isVerifyEmail() {
return verifyEmail;
@ -131,6 +142,15 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
this.passwordPolicy = passwordPolicy;
}
@MongoField
public int getCentralLoginLifespan() {
return centralLoginLifespan;
}
public void setCentralLoginLifespan(int centralLoginLifespan) {
this.centralLoginLifespan = centralLoginLifespan;
}
@MongoField
public int getAccessTokenLifespan() {
return accessTokenLifespan;

View file

@ -46,6 +46,7 @@ public class ApplianceBootstrap {
realm.addRequiredCredential(CredentialRepresentation.PASSWORD);
realm.addRequiredOAuthClientCredential(CredentialRepresentation.PASSWORD);
realm.addRequiredResourceCredential(CredentialRepresentation.PASSWORD);
realm.setCentralLoginLifespan(3000);
realm.setAccessTokenLifespan(60);
realm.setRefreshTokenLifespan(3600);
realm.setAccessCodeLifespan(60);

View file

@ -46,13 +46,12 @@ public class AuthenticationManager {
token.issuedNow();
token.subject(user.getId());
token.audience(realm.getName());
if (realm.getAccessTokenLifespan() > 0) {
token.expiration((System.currentTimeMillis() / 1000) + realm.getAccessTokenLifespan());
if (realm.getCentralLoginLifespan() > 0) {
token.expiration((System.currentTimeMillis() / 1000) + realm.getCentralLoginLifespan());
}
return token;
}
public NewCookie createLoginCookie(RealmModel realm, UserModel user, UriInfo uriInfo) {
String cookieName = KEYCLOAK_IDENTITY_COOKIE;
String cookiePath = getIdentityCookiePath(realm, uriInfo);
@ -80,7 +79,13 @@ public class AuthenticationManager {
String encoded = encodeToken(realm, identityToken);
boolean secureOnly = !realm.isSslNotRequired();
logger.debug("creatingLoginCookie - name: {0} path: {1}", cookieName, cookiePath);
NewCookie cookie = new NewCookie(cookieName, encoded, cookiePath, null, null, NewCookie.DEFAULT_MAX_AGE, secureOnly, true);
int maxAge = NewCookie.DEFAULT_MAX_AGE;
/*
if (realm.isRememberMe()) {
maxAge = realm.getCentralLoginLifespan();
}
*/
NewCookie cookie = new NewCookie(cookieName, encoded, cookiePath, null, null, maxAge, secureOnly, true);
return cookie;
}

View file

@ -69,9 +69,11 @@ public class ModelToRepresentation {
rep.setPublicKey(realm.getPublicKeyPem());
rep.setPrivateKey(realm.getPrivateKeyPem());
rep.setRegistrationAllowed(realm.isRegistrationAllowed());
rep.setRememberMe(realm.isRememberMe());
rep.setVerifyEmail(realm.isVerifyEmail());
rep.setResetPasswordAllowed(realm.isResetPasswordAllowed());
rep.setAccessTokenLifespan(realm.getAccessTokenLifespan());
rep.setCentralLoginLifespan(realm.getCentralLoginLifespan());
rep.setRefreshTokenLifespan(realm.getRefreshTokenLifespan());
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction());

View file

@ -97,6 +97,7 @@ public class RealmManager {
if (rep.isEnabled() != null) realm.setEnabled(rep.isEnabled());
if (rep.isSocial() != null) realm.setSocial(rep.isSocial());
if (rep.isRegistrationAllowed() != null) realm.setRegistrationAllowed(rep.isRegistrationAllowed());
if (rep.isRememberMe() != null) realm.setRememberMe(rep.isRememberMe());
if (rep.isVerifyEmail() != null) realm.setVerifyEmail(rep.isVerifyEmail());
if (rep.isResetPasswordAllowed() != null) realm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
if (rep.isUpdateProfileOnInitialSocialLogin() != null)
@ -107,6 +108,7 @@ public class RealmManager {
realm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction());
if (rep.getAccessTokenLifespan() != null) realm.setAccessTokenLifespan(rep.getAccessTokenLifespan());
if (rep.getRefreshTokenLifespan() != null) realm.setRefreshTokenLifespan(rep.getRefreshTokenLifespan());
if (rep.getCentralLoginLifespan() != null) realm.setCentralLoginLifespan(rep.getCentralLoginLifespan());
if (rep.getRequiredCredentials() != null) {
realm.updateRequiredCredentials(rep.getRequiredCredentials());
}
@ -163,7 +165,9 @@ public class RealmManager {
else newRealm.setAccessTokenLifespan(300);
if (rep.getRefreshTokenLifespan() != null) newRealm.setRefreshTokenLifespan(rep.getRefreshTokenLifespan());
else newRealm.setRefreshTokenLifespan(3600);
else newRealm.setRefreshTokenLifespan(36000);
if (rep.getCentralLoginLifespan() != null) newRealm.setCentralLoginLifespan(rep.getCentralLoginLifespan());
else newRealm.setCentralLoginLifespan(300);
if (rep.getAccessCodeLifespan() != null) newRealm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
else newRealm.setAccessCodeLifespan(60);
@ -174,6 +178,7 @@ public class RealmManager {
if (rep.isSslNotRequired() != null) newRealm.setSslNotRequired(rep.isSslNotRequired());
if (rep.isRegistrationAllowed() != null) newRealm.setRegistrationAllowed(rep.isRegistrationAllowed());
if (rep.isRememberMe() != null) newRealm.setRememberMe(rep.isRememberMe());
if (rep.isVerifyEmail() != null) newRealm.setVerifyEmail(rep.isVerifyEmail());
if (rep.isResetPasswordAllowed() != null) newRealm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
if (rep.isUpdateProfileOnInitialSocialLogin() != null)

View file

@ -57,6 +57,7 @@ public class CompositeRoleTest {
RealmModel realm = manager.createRealm("Test");
manager.generateRealmKeys(realm);
realmPublicKey = realm.getPublicKey();
realm.setCentralLoginLifespan(3000);
realm.setAccessTokenLifespan(10000);
realm.setRefreshTokenLifespan(10000);
realm.setAccessCodeLifespanUserAction(1000);