Removed '*' role
This commit is contained in:
parent
a923f44619
commit
45424e5eba
21 changed files with 56 additions and 77 deletions
|
@ -489,16 +489,28 @@ module.filter('remove', function() {
|
|||
for ( var i = 0; i < input.length; i++) {
|
||||
var e = input[i];
|
||||
|
||||
for (var j = 0; j < remove.length; j++) {
|
||||
if (Array.isArray(remove)) {
|
||||
for (var j = 0; j < remove.length; j++) {
|
||||
if (attribute) {
|
||||
if (remove[j][attribute] == e[attribute]) {
|
||||
e = null;
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
if (remove[j] == e) {
|
||||
e = null;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (attribute) {
|
||||
if (remove[j][attribute] == e[attribute]) {
|
||||
if (remove[attribute] == e[attribute]) {
|
||||
e = null;
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
if (remove[j] == e) {
|
||||
if (remove == e) {
|
||||
e = null;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -208,7 +208,6 @@ module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm,
|
|||
module.controller('RealmRegistrationCtrl', function ($scope, Realm, realm, applications, roles, Notifications, ApplicationRole, Application) {
|
||||
|
||||
console.log('RealmRegistrationCtrl');
|
||||
var systemRoles = ["*", "KEYCLOAK_APPLICATION", "KEYCLOAK_IDENTITY_REQUESTER"];
|
||||
|
||||
$scope.realm = realm;
|
||||
|
||||
|
@ -230,7 +229,7 @@ module.controller('RealmRegistrationCtrl', function ($scope, Realm, realm, appli
|
|||
for (var i = 0; i < roles.length; i++) {
|
||||
var item = roles[i].name;
|
||||
|
||||
if ((systemRoles.indexOf(item) < 0) && ($scope.realm.defaultRoles.indexOf(item) < 0)) {
|
||||
if ($scope.realm.defaultRoles.indexOf(item) < 0) {
|
||||
$scope.availableRealmRoles.push(item);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -56,7 +56,7 @@
|
|||
<label for="applications">Application</label>
|
||||
<div class="input-group">
|
||||
<div class="select-rcue">
|
||||
<select id="applications" name="applications" ng-change="changeApplication()" ng-model="targetApp" ng-options="a.name for a in applications">
|
||||
<select id="applications" name="applications" ng-change="changeApplication()" ng-model="targetApp" ng-options="a.name for a in (applications|remove:application:'id')">
|
||||
<option value="" selected> Select an Application </option>
|
||||
</select>
|
||||
</div>
|
||||
|
|
|
@ -14,7 +14,6 @@ public class ApplicationRepresentation {
|
|||
protected String adminUrl;
|
||||
protected String baseUrl;
|
||||
protected boolean surrogateAuthRequired;
|
||||
protected boolean useRealmMappings;
|
||||
protected boolean enabled;
|
||||
protected List<CredentialRepresentation> credentials;
|
||||
protected List<RoleRepresentation> roles;
|
||||
|
@ -142,14 +141,6 @@ public class ApplicationRepresentation {
|
|||
return this;
|
||||
}
|
||||
|
||||
public boolean isUseRealmMappings() {
|
||||
return useRealmMappings;
|
||||
}
|
||||
|
||||
public void setUseRealmMappings(boolean useRealmMappings) {
|
||||
this.useRealmMappings = useRealmMappings;
|
||||
}
|
||||
|
||||
public List<String> getRedirectUris() {
|
||||
return redirectUris;
|
||||
}
|
||||
|
|
|
@ -65,7 +65,6 @@
|
|||
"name": "customer-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
|
||||
"useRealmMappings": true,
|
||||
"credentials": [
|
||||
{
|
||||
"type": "password",
|
||||
|
@ -77,7 +76,6 @@
|
|||
"name": "product-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
|
||||
"useRealmMappings": true,
|
||||
"credentials": [
|
||||
{
|
||||
"type": "password",
|
||||
|
|
|
@ -65,7 +65,6 @@
|
|||
"name": "customer-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
|
||||
"useRealmMappings": true,
|
||||
"webOrigins" : [ "http://localhost1:8080"],
|
||||
"credentials": [
|
||||
{
|
||||
|
@ -78,7 +77,6 @@
|
|||
"name": "product-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
|
||||
"useRealmMappings": true,
|
||||
"credentials": [
|
||||
{
|
||||
"type": "password",
|
||||
|
|
|
@ -48,7 +48,6 @@
|
|||
"name": "test-app",
|
||||
"enabled": true,
|
||||
"adminUrl": "http://localhost:8081/app/logout",
|
||||
"useRealmMappings": true,
|
||||
"webOrigins": [ "http://localhost", "http://localhost:8000", "http://localhost:8080" ],
|
||||
"credentials": [
|
||||
{
|
||||
|
|
|
@ -11,11 +11,8 @@ public interface Constants {
|
|||
String ADMIN_CONSOLE_ADMIN_ROLE = "admin";
|
||||
String APPLICATION_ROLE = INTERNAL_ROLE + "_APPLICATION";
|
||||
String IDENTITY_REQUESTER_ROLE = INTERNAL_ROLE + "_IDENTITY_REQUESTER";
|
||||
String WILDCARD_ROLE = "*";
|
||||
|
||||
String ACCOUNT_APPLICATION = "Account";
|
||||
String ACCOUNT_PROFILE_ROLE = "view-profile";
|
||||
String ACCOUNT_MANAGE_ROLE = "manage-account";
|
||||
|
||||
String ACCOUNT_MANAGEMENT_APPLICATION = "Account Management";
|
||||
}
|
||||
|
|
|
@ -568,8 +568,6 @@ public class RealmAdapter implements RealmModel {
|
|||
em.persist(applicationData);
|
||||
em.flush();
|
||||
ApplicationModel resource = new ApplicationAdapter(em, applicationData);
|
||||
resource.addRole("*");
|
||||
resource.addScopeMapping(new UserAdapter(user), "*");
|
||||
em.flush();
|
||||
return resource;
|
||||
}
|
||||
|
|
|
@ -451,8 +451,6 @@ public class RealmAdapter implements RealmModel {
|
|||
noSQL.saveObject(appData);
|
||||
|
||||
ApplicationModel resource = new ApplicationAdapter(appData, noSQL);
|
||||
resource.addRole("*");
|
||||
resource.addScopeMapping(resourceUser, "*");
|
||||
return resource;
|
||||
}
|
||||
|
||||
|
|
|
@ -625,8 +625,6 @@ public class RealmAdapter implements RealmModel {
|
|||
resourceRelationship.setApplication(applicationData.getName());
|
||||
getRelationshipManager().add(resourceRelationship);
|
||||
ApplicationModel resource = new ApplicationAdapter(applicationData, this, partitionManager);
|
||||
resource.addRole("*");
|
||||
resource.addScopeMapping(new UserAdapter(resourceUser, idm), "*");
|
||||
return resource;
|
||||
}
|
||||
|
||||
|
|
|
@ -102,7 +102,6 @@ public class ApplicationManager {
|
|||
}
|
||||
}
|
||||
}
|
||||
if (resourceRep.isUseRealmMappings()) realm.addScopeMapping(applicationModel.getApplicationUser(), "*");
|
||||
return applicationModel;
|
||||
}
|
||||
|
||||
|
|
|
@ -68,7 +68,6 @@ public class RealmManager {
|
|||
public RealmModel createRealm(String id, String name) {
|
||||
RealmModel realm = identitySession.createRealm(id, name);
|
||||
realm.setName(name);
|
||||
realm.addRole(Constants.WILDCARD_ROLE);
|
||||
realm.addRole(Constants.APPLICATION_ROLE);
|
||||
realm.addRole(Constants.IDENTITY_REQUESTER_ROLE);
|
||||
return realm;
|
||||
|
@ -245,7 +244,10 @@ public class RealmManager {
|
|||
}
|
||||
|
||||
if (rep.getApplications() != null) {
|
||||
createApplications(rep, newRealm);
|
||||
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
|
||||
for (ApplicationModel app : appMap.values()) {
|
||||
userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getRoleMappings() != null) {
|
||||
|
@ -406,12 +408,15 @@ public class RealmManager {
|
|||
}
|
||||
|
||||
|
||||
protected void createApplications(RealmRepresentation rep, RealmModel realm) {
|
||||
protected Map<String, ApplicationModel> createApplications(RealmRepresentation rep, RealmModel realm) {
|
||||
Map<String, ApplicationModel> appMap = new HashMap<String, ApplicationModel>();
|
||||
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||
ApplicationManager manager = new ApplicationManager(this);
|
||||
for (ApplicationRepresentation resourceRep : rep.getApplications()) {
|
||||
manager.createApplication(realm, loginRole, resourceRep);
|
||||
ApplicationModel app = manager.createApplication(realm, loginRole, resourceRep);
|
||||
appMap.put(app.getName(), app);
|
||||
}
|
||||
return appMap;
|
||||
}
|
||||
|
||||
public static UserRepresentation toRepresentation(UserModel user) {
|
||||
|
|
|
@ -46,6 +46,8 @@ public class TokenManager {
|
|||
|
||||
|
||||
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) {
|
||||
boolean applicationResource = realm.hasRole(client, realm.getRole(Constants.APPLICATION_ROLE));
|
||||
|
||||
AccessCodeEntry code = new AccessCodeEntry();
|
||||
SkeletonKeyScope scopeMap = null;
|
||||
if (scopeParam != null) scopeMap = decodeScope(scopeParam);
|
||||
|
@ -56,42 +58,26 @@ public class TokenManager {
|
|||
if (realmMapping != null && realmMapping.size() > 0 && (scopeMap == null || scopeMap.containsKey("realm"))) {
|
||||
Set<String> scope = realm.getScopeMappingValues(client);
|
||||
if (scope.size() > 0) {
|
||||
Set<String> scopeRequest = null;
|
||||
if (scopeMap != null) {
|
||||
if (scopeRequest == null) {
|
||||
scopeRequest = new HashSet<String>();
|
||||
}
|
||||
scopeRequest.addAll(scopeMap.get("realm"));
|
||||
if (scopeRequest.contains(Constants.WILDCARD_ROLE)) scopeRequest = null;
|
||||
}
|
||||
Set<String> scopeRequest = scopeMap != null ? new HashSet<String>(scopeMap.get("realm")) : null;
|
||||
for (String role : realmMapping) {
|
||||
if (
|
||||
(scopeRequest == null || scopeRequest.contains(role)) &&
|
||||
(scope.contains("*") || scope.contains(role))
|
||||
)
|
||||
if ((scopeRequest == null || scopeRequest.contains(role)) && scope.contains(role))
|
||||
realmRolesRequested.add(realm.getRole(role));
|
||||
}
|
||||
}
|
||||
}
|
||||
for (ApplicationModel resource : realm.getApplications()) {
|
||||
Set<String> mapping = resource.getRoleMappingValues(user);
|
||||
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
|
||||
Set<String> scope = resource.getScopeMappingValues(client);
|
||||
if (scope.size() > 0) {
|
||||
Set<String> scopeRequest = null;
|
||||
if (scopeMap != null) {
|
||||
if (scopeRequest == null) {
|
||||
scopeRequest = new HashSet<String>();
|
||||
if (applicationResource && resource.getApplicationUser().getLoginName().equals(client.getLoginName())) {
|
||||
resourceRolesRequested.addAll(resource.getName(), resource.getRoles());
|
||||
} else {
|
||||
Set<String> mapping = resource.getRoleMappingValues(user);
|
||||
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
|
||||
Set<String> scope = resource.getScopeMappingValues(client);
|
||||
if (scope.size() > 0) {
|
||||
Set<String> scopeRequest = scopeMap != null ? new HashSet<String>(scopeMap.get(resource.getName())) : null;
|
||||
for (String role : mapping) {
|
||||
if ((scopeRequest == null || scopeRequest.contains(role)) && scope.contains(role))
|
||||
resourceRolesRequested.add(resource.getName(), resource.getRole(role));
|
||||
}
|
||||
scopeRequest.addAll(scopeMap.get(resource.getName()));
|
||||
if (scopeRequest.contains(Constants.WILDCARD_ROLE)) scopeRequest = null;
|
||||
}
|
||||
for (String role : mapping) {
|
||||
if (
|
||||
(scopeRequest == null || scopeRequest.contains(role)) &&
|
||||
(scope.contains("*") || scope.contains(role))
|
||||
)
|
||||
resourceRolesRequested.add(resource.getName(), resource.getRole(role));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -350,7 +350,7 @@ public class AdapterTest extends AbstractKeycloakTest {
|
|||
realmModel.addRole("admin");
|
||||
realmModel.addRole("user");
|
||||
List<RoleModel> roles = realmModel.getRoles();
|
||||
Assert.assertEquals(6, roles.size());
|
||||
Assert.assertEquals(5, roles.size());
|
||||
UserModel user = realmModel.addUser("bburke");
|
||||
RoleModel role = realmModel.getRole("user");
|
||||
realmModel.grantRole(user, role);
|
||||
|
|
|
@ -50,8 +50,7 @@ public class ImportTest extends AbstractKeycloakTest {
|
|||
UserModel user = realm.getUser("loginclient");
|
||||
Assert.assertNotNull(user);
|
||||
Set<String> scopes = realm.getScopeMappingValues(user);
|
||||
System.out.println("Scopes size: " + scopes.size());
|
||||
Assert.assertTrue(scopes.contains("*"));
|
||||
Assert.assertEquals(0, scopes.size());
|
||||
Assert.assertEquals(0, realm.getSocialLinks(user).size());
|
||||
|
||||
List<ApplicationModel> resources = realm.getApplications();
|
||||
|
|
|
@ -62,7 +62,6 @@
|
|||
"name": "customer-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
|
||||
"useRealmMappings": true,
|
||||
"credentials": [
|
||||
{
|
||||
"type": "totp",
|
||||
|
@ -75,7 +74,6 @@
|
|||
"name": "product-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
|
||||
"useRealmMappings": true,
|
||||
"credentials": [
|
||||
{
|
||||
"type": "totp",
|
||||
|
|
|
@ -64,12 +64,6 @@
|
|||
"roles": ["admin"]
|
||||
}
|
||||
],
|
||||
"scopeMappings": [
|
||||
{
|
||||
"username": "loginclient",
|
||||
"roles": ["*"]
|
||||
}
|
||||
],
|
||||
"socialMappings": [
|
||||
{
|
||||
"username": "mySocialUser",
|
||||
|
|
|
@ -145,6 +145,10 @@ public class OAuthClient {
|
|||
}
|
||||
}
|
||||
|
||||
public String getClientId() {
|
||||
return clientId;
|
||||
}
|
||||
|
||||
public String getCurrentRequest() {
|
||||
return driver.getCurrentUrl().substring(0, driver.getCurrentUrl().indexOf('?'));
|
||||
}
|
||||
|
|
|
@ -73,6 +73,9 @@ public class AccessTokenTest {
|
|||
|
||||
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("user"));
|
||||
|
||||
Assert.assertEquals(1, token.getResourceAccess(oauth.getClientId()).getRoles().size());
|
||||
Assert.assertTrue(token.getResourceAccess(oauth.getClientId()).isUserInRole("customer-user"));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -62,6 +62,10 @@
|
|||
{
|
||||
"username": "third-party",
|
||||
"roles": ["user"]
|
||||
},
|
||||
{
|
||||
"username": "test-app",
|
||||
"roles": ["user"]
|
||||
}
|
||||
],
|
||||
"applications": [
|
||||
|
@ -69,7 +73,6 @@
|
|||
"name": "test-app",
|
||||
"enabled": true,
|
||||
"adminUrl": "http://localhost:8081/app/logout",
|
||||
"useRealmMappings": true,
|
||||
"credentials": [
|
||||
{
|
||||
"type": "password",
|
||||
|
|
Loading…
Reference in a new issue