libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

Removed '*' role

Browse source
This commit is contained in:
Stian Thorgersen 2013-11-15 12:43:17 +00:00
parent a923f44619
commit 45424e5eba
21 changed files with 56 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
admin-ui/src/main/resources/META-INF/resources/admin/js/app.js
View file

@ -489,16 +489,28 @@ module.filter('remove', function() {
for ( var i = 0; i < input.length; i++) {
var e = input[i];
for (var j = 0; j < remove.length; j++) {
if (Array.isArray(remove)) {
for (var j = 0; j < remove.length; j++) {
if (attribute) {
if (remove[j][attribute] == e[attribute]) {
e = null;
break;
}
} else {
if (remove[j] == e) {
e = null;
break;
}
}
}
} else {
if (attribute) {
if (remove[j][attribute] == e[attribute]) {
if (remove[attribute] == e[attribute]) {
e = null;
break;
}
} else {
if (remove[j] == e) {
if (remove == e) {
e = null;
break;
}
}
}

3
admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
View file

@ -208,7 +208,6 @@ module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm,
module.controller('RealmRegistrationCtrl', function ($scope, Realm, realm, applications, roles, Notifications, ApplicationRole, Application) {
console.log('RealmRegistrationCtrl');
var systemRoles = ["*", "KEYCLOAK_APPLICATION", "KEYCLOAK_IDENTITY_REQUESTER"];
$scope.realm = realm;
@ -230,7 +229,7 @@ module.controller('RealmRegistrationCtrl', function ($scope, Realm, realm, appli
for (var i = 0; i < roles.length; i++) {
var item = roles[i].name;
if ((systemRoles.indexOf(item) < 0) && ($scope.realm.defaultRoles.indexOf(item) < 0)) {
if ($scope.realm.defaultRoles.indexOf(item) < 0) {
$scope.availableRealmRoles.push(item);
}
}

2
admin-ui/src/main/resources/META-INF/resources/admin/partials/application-scope-mappings.html
View file

@ -56,7 +56,7 @@
<label for="applications">Application</label>
<div class="input-group">
<div class="select-rcue">
<select id="applications" name="applications" ng-change="changeApplication()" ng-model="targetApp" ng-options="a.name for a in applications">
<select id="applications" name="applications" ng-change="changeApplication()" ng-model="targetApp" ng-options="a.name for a in (applications|remove:application:'id')">
<option value="" selected> Select an Application </option>
</select>
</div>

9
core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
View file

@ -14,7 +14,6 @@ public class ApplicationRepresentation {
protected String adminUrl;
protected String baseUrl;
protected boolean surrogateAuthRequired;
protected boolean useRealmMappings;
protected boolean enabled;
protected List<CredentialRepresentation> credentials;
protected List<RoleRepresentation> roles;
@ -142,14 +141,6 @@ public class ApplicationRepresentation {
return this;
}
public boolean isUseRealmMappings() {
return useRealmMappings;
}
public void setUseRealmMappings(boolean useRealmMappings) {
this.useRealmMappings = useRealmMappings;
}
public List<String> getRedirectUris() {
return redirectUris;
}

2
examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
View file

@ -65,7 +65,6 @@
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
"useRealmMappings": true,
"credentials": [
{
"type": "password",
@ -77,7 +76,6 @@
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
"useRealmMappings": true,
"credentials": [
{
"type": "password",

2
examples/as7-eap-dev/server/src/main/resources/META-INF/testrealm.json
View file

@ -65,7 +65,6 @@
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
"useRealmMappings": true,
"webOrigins" : [ "http://localhost1:8080"],
"credentials": [
{
@ -78,7 +77,6 @@
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
"useRealmMappings": true,
"credentials": [
{
"type": "password",

1
examples/js/testrealm.json
View file

@ -48,7 +48,6 @@
"name": "test-app",
"enabled": true,
"adminUrl": "http://localhost:8081/app/logout",
"useRealmMappings": true,
"webOrigins": [ "http://localhost", "http://localhost:8000", "http://localhost:8080" ],
"credentials": [
{

3
model/api/src/main/java/org/keycloak/models/Constants.java
View file

@ -11,11 +11,8 @@ public interface Constants {
String ADMIN_CONSOLE_ADMIN_ROLE = "admin";
String APPLICATION_ROLE = INTERNAL_ROLE + "_APPLICATION";
String IDENTITY_REQUESTER_ROLE = INTERNAL_ROLE + "_IDENTITY_REQUESTER";
String WILDCARD_ROLE = "*";
String ACCOUNT_APPLICATION = "Account";
String ACCOUNT_PROFILE_ROLE = "view-profile";
String ACCOUNT_MANAGE_ROLE = "manage-account";
String ACCOUNT_MANAGEMENT_APPLICATION = "Account Management";
}

2
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -568,8 +568,6 @@ public class RealmAdapter implements RealmModel {
em.persist(applicationData);
em.flush();
ApplicationModel resource = new ApplicationAdapter(em, applicationData);
resource.addRole("*");
resource.addScopeMapping(new UserAdapter(user), "*");
em.flush();
return resource;
}

2
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
View file

@ -451,8 +451,6 @@ public class RealmAdapter implements RealmModel {
noSQL.saveObject(appData);
ApplicationModel resource = new ApplicationAdapter(appData, noSQL);
resource.addRole("*");
resource.addScopeMapping(resourceUser, "*");
return resource;
}

2
model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java
View file

@ -625,8 +625,6 @@ public class RealmAdapter implements RealmModel {
resourceRelationship.setApplication(applicationData.getName());
getRelationshipManager().add(resourceRelationship);
ApplicationModel resource = new ApplicationAdapter(applicationData, this, partitionManager);
resource.addRole("*");
resource.addScopeMapping(new UserAdapter(resourceUser, idm), "*");
return resource;
}

1
services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
View file

@ -102,7 +102,6 @@ public class ApplicationManager {
}
}
}
if (resourceRep.isUseRealmMappings()) realm.addScopeMapping(applicationModel.getApplicationUser(), "*");
return applicationModel;
}

13
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -68,7 +68,6 @@ public class RealmManager {
public RealmModel createRealm(String id, String name) {
RealmModel realm = identitySession.createRealm(id, name);
realm.setName(name);
realm.addRole(Constants.WILDCARD_ROLE);
realm.addRole(Constants.APPLICATION_ROLE);
realm.addRole(Constants.IDENTITY_REQUESTER_ROLE);
return realm;
@ -245,7 +244,10 @@ public class RealmManager {
}
if (rep.getApplications() != null) {
createApplications(rep, newRealm);
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
for (ApplicationModel app : appMap.values()) {
userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
}
}
if (rep.getRoleMappings() != null) {
@ -406,12 +408,15 @@ public class RealmManager {
}
protected void createApplications(RealmRepresentation rep, RealmModel realm) {
protected Map<String, ApplicationModel> createApplications(RealmRepresentation rep, RealmModel realm) {
Map<String, ApplicationModel> appMap = new HashMap<String, ApplicationModel>();
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
ApplicationManager manager = new ApplicationManager(this);
for (ApplicationRepresentation resourceRep : rep.getApplications()) {
manager.createApplication(realm, loginRole, resourceRep);
ApplicationModel app = manager.createApplication(realm, loginRole, resourceRep);
appMap.put(app.getName(), app);
}
return appMap;
}
public static UserRepresentation toRepresentation(UserModel user) {

44
services/src/main/java/org/keycloak/services/managers/TokenManager.java
View file

@ -46,6 +46,8 @@ public class TokenManager {
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) {
boolean applicationResource = realm.hasRole(client, realm.getRole(Constants.APPLICATION_ROLE));
AccessCodeEntry code = new AccessCodeEntry();
SkeletonKeyScope scopeMap = null;
if (scopeParam != null) scopeMap = decodeScope(scopeParam);
@ -56,42 +58,26 @@ public class TokenManager {
if (realmMapping != null && realmMapping.size() > 0 && (scopeMap == null || scopeMap.containsKey("realm"))) {
Set<String> scope = realm.getScopeMappingValues(client);
if (scope.size() > 0) {
Set<String> scopeRequest = null;
if (scopeMap != null) {
if (scopeRequest == null) {
scopeRequest = new HashSet<String>();
}
scopeRequest.addAll(scopeMap.get("realm"));
if (scopeRequest.contains(Constants.WILDCARD_ROLE)) scopeRequest = null;
}
Set<String> scopeRequest = scopeMap != null ? new HashSet<String>(scopeMap.get("realm")) : null;
for (String role : realmMapping) {
if (
(scopeRequest == null || scopeRequest.contains(role)) &&
(scope.contains("*") || scope.contains(role))
)
if ((scopeRequest == null || scopeRequest.contains(role)) && scope.contains(role))
realmRolesRequested.add(realm.getRole(role));
}
}
}
for (ApplicationModel resource : realm.getApplications()) {
Set<String> mapping = resource.getRoleMappingValues(user);
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
Set<String> scope = resource.getScopeMappingValues(client);
if (scope.size() > 0) {
Set<String> scopeRequest = null;
if (scopeMap != null) {
if (scopeRequest == null) {
scopeRequest = new HashSet<String>();
if (applicationResource && resource.getApplicationUser().getLoginName().equals(client.getLoginName())) {
resourceRolesRequested.addAll(resource.getName(), resource.getRoles());
} else {
Set<String> mapping = resource.getRoleMappingValues(user);
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
Set<String> scope = resource.getScopeMappingValues(client);
if (scope.size() > 0) {
Set<String> scopeRequest = scopeMap != null ? new HashSet<String>(scopeMap.get(resource.getName())) : null;
for (String role : mapping) {
if ((scopeRequest == null || scopeRequest.contains(role)) && scope.contains(role))
resourceRolesRequested.add(resource.getName(), resource.getRole(role));
}
scopeRequest.addAll(scopeMap.get(resource.getName()));
if (scopeRequest.contains(Constants.WILDCARD_ROLE)) scopeRequest = null;
}
for (String role : mapping) {
if (
(scopeRequest == null || scopeRequest.contains(role)) &&
(scope.contains("*") || scope.contains(role))
)
resourceRolesRequested.add(resource.getName(), resource.getRole(role));
}
}
}

2
services/src/test/java/org/keycloak/test/AdapterTest.java
View file

@ -350,7 +350,7 @@ public class AdapterTest extends AbstractKeycloakTest {
realmModel.addRole("admin");
realmModel.addRole("user");
List<RoleModel> roles = realmModel.getRoles();
Assert.assertEquals(6, roles.size());
Assert.assertEquals(5, roles.size());
UserModel user = realmModel.addUser("bburke");
RoleModel role = realmModel.getRole("user");
realmModel.grantRole(user, role);

3
services/src/test/java/org/keycloak/test/ImportTest.java
View file

@ -50,8 +50,7 @@ public class ImportTest extends AbstractKeycloakTest {
UserModel user = realm.getUser("loginclient");
Assert.assertNotNull(user);
Set<String> scopes = realm.getScopeMappingValues(user);
System.out.println("Scopes size: " + scopes.size());
Assert.assertTrue(scopes.contains("*"));
Assert.assertEquals(0, scopes.size());
Assert.assertEquals(0, realm.getSocialLinks(user).size());
List<ApplicationModel> resources = realm.getApplications();

2
services/src/test/resources/testrealm-demo.json
View file

@ -62,7 +62,6 @@
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
"useRealmMappings": true,
"credentials": [
{
"type": "totp",
@ -75,7 +74,6 @@
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
"useRealmMappings": true,
"credentials": [
{
"type": "totp",

6
services/src/test/resources/testrealm.json
View file

@ -64,12 +64,6 @@
"roles": ["admin"]
}
],
"scopeMappings": [
{
"username": "loginclient",
"roles": ["*"]
}
],
"socialMappings": [
{
"username": "mySocialUser",

4
testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
View file

@ -145,6 +145,10 @@ public class OAuthClient {
}
}
public String getClientId() {
return clientId;
}
public String getCurrentRequest() {
return driver.getCurrentUrl().substring(0, driver.getCurrentUrl().indexOf('?'));
}

3
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
View file

@ -73,6 +73,9 @@ public class AccessTokenTest {
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("user"));
Assert.assertEquals(1, token.getResourceAccess(oauth.getClientId()).getRoles().size());
Assert.assertTrue(token.getResourceAccess(oauth.getClientId()).isUserInRole("customer-user"));
}
}

5
testsuite/integration/src/test/resources/testrealm.json
View file

@ -62,6 +62,10 @@
{
"username": "third-party",
"roles": ["user"]
},
{
"username": "test-app",
"roles": ["user"]
}
],
"applications": [
@ -69,7 +73,6 @@
"name": "test-app",
"enabled": true,
"adminUrl": "http://localhost:8081/app/logout",
"useRealmMappings": true,
"credentials": [
{
"type": "password",