libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-1116 KEYCLOAK-1117 JSON migration and removal of ClientModel.claimsMask

Browse source
This commit is contained in:
mposolda 2015-03-26 08:09:50 +01:00
parent 2599e77491
commit 477d8b35e3
40 changed files with 327 additions and 258 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
connections/jpa-liquibase/pom.xml
View file

@ -21,7 +21,7 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<artifactId>keycloak-model-api</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>

11
connections/jpa-liquibase/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate1_2_0_Beta1.java
View file

@ -2,7 +2,6 @@ package org.keycloak.connections.jpa.updater.liquibase.custom;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Collection;
import java.util.List;
import java.util.Map;
@ -12,11 +11,11 @@ import liquibase.statement.core.InsertStatement;
import liquibase.statement.core.UpdateStatement;
import liquibase.structure.core.Table;
import org.keycloak.Config;
import org.keycloak.migration.MigrationProvider;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.util.MigrationUtils;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@ -296,8 +295,10 @@ public class JpaUpdate1_2_0_Beta1 extends CustomKeycloakTask {
Object acmObj = resultSet.getObject("ALLOWED_CLAIMS_MASK");
long mask = (acmObj != null) ? (Long) acmObj : ClaimMask.ALL;
Collection<ProtocolMapperModel> protocolMappers = MigrationUtils.getMappersForClaimMask(this.kcSession, mask);
for (ProtocolMapperModel protocolMapper : protocolMappers) {
MigrationProvider migrationProvider = this.kcSession.getProvider(MigrationProvider.class);
List<ProtocolMapperRepresentation> protocolMappers = migrationProvider.getMappersForClaimMask(mask);
for (ProtocolMapperRepresentation protocolMapper : protocolMappers) {
String mapperId = KeycloakModelUtils.generateId();
InsertStatement insert = new InsertStatement(null, null, protocolMapperTableName)

3
connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.Beta1.xml
View file

@ -152,11 +152,12 @@
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate1_2_0_Beta1"/>
<!-- Remove obsolete 'social' stuff -->
<!-- Remove obsolete 'social' and 'claims' stuff -->
<dropForeignKeyConstraint baseTableName="USER_SOCIAL_LINK" constraintName="FK_68CJYS5UWM55UY823Y75XG4OM" />
<dropTable tableName="USER_SOCIAL_LINK" cascadeConstraints="true" />
<dropForeignKeyConstraint baseTableName="REALM_SOCIAL_CONFIG" constraintName="FK_SV5I3C2TI7G0G922FGE683SOV" />
<dropTable tableName="REALM_SOCIAL_CONFIG" cascadeConstraints="true" />
<dropColumn tableName="CLIENT" columnName="ALLOWED_CLAIMS_MASK" />
</changeSet>
</databaseChangeLog>

5
connections/mongo-update/pom.xml
View file

@ -29,11 +29,6 @@
<artifactId>keycloak-connections-mongo</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongo-java-driver</artifactId>

17
connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_2_0_Beta1.java
View file

@ -1,6 +1,5 @@
package org.keycloak.connections.mongo.updater.impl.updates;
import java.util.Collection;
import java.util.List;
import java.util.Map;
@ -12,14 +11,11 @@ import com.mongodb.DBCursor;
import com.mongodb.DBObject;
import org.keycloak.Config;
import org.keycloak.connections.mongo.impl.types.MapMapper;
import org.keycloak.migration.MigrationProvider;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.LoginProtocolFactory;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.services.util.MigrationUtils;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@ -74,8 +70,7 @@ public class Update1_2_0_Beta1 extends Update {
DBObject identityProvider = new BasicDBObjectBuilder()
.add("internalId", KeycloakModelUtils.generateId())
.add("providerId", socialProviderId)
.add("name", socialProviderId)
.add("id", socialProviderId)
.add("alias", socialProviderId.substring(0, 1).toUpperCase() + socialProviderId.substring(1))
.add("updateProfileFirstLogin", updateProfileOnInitialSocialLogin)
.add("enabled", true)
.add("storeToken", false)
@ -241,9 +236,10 @@ public class Update1_2_0_Beta1 extends Update {
currentClient.put("protocolMappers", dbProtocolMappers);
Object claimMask = currentClient.get("allowedClaimsMask");
Collection<ProtocolMapperModel> clientProtocolMappers = MigrationUtils.getMappersForClaimMask(session, (Long) claimMask);
MigrationProvider migrationProvider = session.getProvider(MigrationProvider.class);
List<ProtocolMapperRepresentation> protocolMappers = migrationProvider.getMappersForClaimMask((Long) claimMask);
for (ProtocolMapperModel protocolMapper : clientProtocolMappers) {
for (ProtocolMapperRepresentation protocolMapper : protocolMappers) {
BasicDBObject dbMapper = new BasicDBObject();
dbMapper.put("id", KeycloakModelUtils.generateId());
dbMapper.put("protocol", protocolMapper.getProtocol());
@ -259,6 +255,7 @@ public class Update1_2_0_Beta1 extends Update {
dbProtocolMappers.add(dbMapper);
}
// Remove obsolete keys from client
currentClient.remove("allowedClaimsMask");
log.debugv("Added default mappers to application {1}", currentClient.get("name"));

1
core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
View file

@ -18,6 +18,7 @@ public class ApplicationRepresentation {
protected String[] defaultRoles;
protected List<String> redirectUris;
protected List<String> webOrigins;
@Deprecated
protected ClaimRepresentation claims;
protected Integer notBefore;
protected Boolean bearerOnly;

1
core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java
View file

@ -14,6 +14,7 @@ public class OAuthClientRepresentation {
protected List<String> webOrigins;
protected Boolean enabled;
protected String secret;
@Deprecated
protected ClaimRepresentation claims;
protected Integer notBefore;
protected Boolean publicClient;

1
distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-jpa-liquibase/main/module.xml
View file

@ -10,7 +10,6 @@
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-model-api"/>
<module name="org.keycloak.keycloak-connections-jpa"/>
<module name="org.keycloak.keycloak-services"/>
<module name="org.liquibase"/>
<module name="javax.persistence.api"/>
<module name="org.jboss.logging"/>

1
distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-mongo-update/main/module.xml
View file

@ -10,7 +10,6 @@
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-model-api"/>
<module name="org.keycloak.keycloak-connections-mongo"/>
<module name="org.keycloak.keycloak-services"/>
<module name="org.mongodb.mongo-java-driver"/>
<module name="org.jboss.logging"/>
<module name="javax.api"/>

2
export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportUtils.java
View file

@ -169,8 +169,6 @@ public class ExportUtils {
ApplicationRepresentation appRep = ModelToRepresentation.toRepresentation(app);
appRep.setSecret(app.getSecret());
ClaimRepresentation claimRep = ModelToRepresentation.toRepresentation((ClientModel)app);
appRep.setClaims(claimRep);
return appRep;
}

15
integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ApplicationResource.java
View file

@ -1,8 +1,6 @@
package org.keycloak.admin.client.resource;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.representations.idm.ClaimRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
@ -25,6 +23,9 @@ import java.util.Set;
*/
public interface ApplicationResource {
@Path("protocol-mappers")
public ProtocolMappersResource getProtocolMappers();
@GET
@Produces(MediaType.APPLICATION_JSON)
public ApplicationRepresentation toRepresentation();
@ -51,16 +52,6 @@ public interface ApplicationResource {
@Consumes(MediaType.APPLICATION_JSON)
public void removeAllowedOrigins(Set<String> originsToRemove);
@GET
@Path("claims")
@Produces(MediaType.APPLICATION_JSON)
public ClaimRepresentation getClaims();
@PUT
@Path("claims")
@Consumes(MediaType.APPLICATION_JSON)
public void updateClaims(ClaimRepresentation claimRepresentation);
@POST
@Path("client-secret")
@Produces(MediaType.APPLICATION_JSON)

24
integration/admin-client/src/main/java/org/keycloak/admin/client/resource/OAuthClientResource.java
View file

@ -1,6 +1,5 @@
package org.keycloak.admin.client.resource;
import org.keycloak.representations.idm.ClaimRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.OAuthClientRepresentation;
@ -16,37 +15,40 @@ import javax.ws.rs.core.MediaType;
/**
* @author rodrigo.sasaki@icarros.com.br
*/
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public interface OAuthClientResource {
@Path("protocol-mappers")
public ProtocolMappersResource getProtocolMappers();
// TODO
// @Path("certificates/{attr}")
// public ClientAttributeCertificateResource getCertficateResource(@PathParam("attr") String attributePrefix);
@GET
@Produces(MediaType.APPLICATION_JSON)
public OAuthClientRepresentation toRepresentation();
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public void update(OAuthClientRepresentation oAuthClientRepresentation);
@DELETE
public void remove();
@GET
@Path("claims")
public ClaimRepresentation getClaims();
@PUT
@Path("claims")
public ClaimRepresentation updateClaims(ClaimRepresentation claimRepresentation);
@POST
@Path("client-secret")
@Consumes("application/json")
@Produces(MediaType.APPLICATION_JSON)
public CredentialRepresentation generateNewSecret();
@GET
@Path("client-secret")
@Produces(MediaType.APPLICATION_JSON)
public CredentialRepresentation getSecret();
@GET
@Path("installation")
@Produces(MediaType.APPLICATION_JSON)
public String getInstallationJson();
@Path("/scope-mappings")

55
integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ProtocolMappersResource.java Normal file
View file

@ -0,0 +1,55 @@
package org.keycloak.admin.client.resource;
import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public interface ProtocolMappersResource {
@GET
@Path("protocol/{protocol}")
@Produces("application/json")
public List<ProtocolMapperRepresentation> getMappersPerProtocol(@PathParam("protocol") String protocol);
@Path("models")
@POST
@Consumes("application/json")
public Response createMapper(ProtocolMapperRepresentation rep);
@Path("add-models")
@POST
@Consumes("application/json")
public void createMapper(List<ProtocolMapperRepresentation> reps);
@GET
@Path("models")
@Produces("application/json")
public List<ProtocolMapperRepresentation> getMappers();
@GET
@Path("models/{id}")
@Produces("application/json")
public ProtocolMapperRepresentation getMapperById(@PathParam("id") String id);
@PUT
@Path("models/{id}")
@Consumes("application/json")
public void update(@PathParam("id") String id, ProtocolMapperRepresentation rep);
@DELETE
@Path("models/{id}")
public void delete(@PathParam("id") String id);
}

20
model/api/src/main/java/org/keycloak/migration/MigrationProvider.java Normal file
View file

@ -0,0 +1,20 @@
package org.keycloak.migration;
import java.util.List;
import org.keycloak.provider.Provider;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
/**
* Various common utils needed for migration from older version to newer
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public interface MigrationProvider extends Provider {
/**
* @param claimMask mask used on ClientModel in 1.1.0
* @return set of 1.2.0.Beta1 protocol mappers corresponding to given claimMask
*/
List<ProtocolMapperRepresentation> getMappersForClaimMask(Long claimMask);
}

9
model/api/src/main/java/org/keycloak/migration/MigrationProviderFactory.java Normal file
View file

@ -0,0 +1,9 @@
package org.keycloak.migration;
import org.keycloak.provider.ProviderFactory;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public interface MigrationProviderFactory extends ProviderFactory<MigrationProvider> {
}

26
model/api/src/main/java/org/keycloak/migration/MigrationSpi.java Normal file
View file

@ -0,0 +1,26 @@
package org.keycloak.migration;
import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.provider.Spi;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class MigrationSpi implements Spi {
@Override
public String getName() {
return "migration";
}
@Override
public Class<? extends Provider> getProviderClass() {
return MigrationProvider.class;
}
@Override
public Class<? extends ProviderFactory> getProviderFactoryClass() {
return MigrationProviderFactory.class;
}
}

4
model/api/src/main/java/org/keycloak/models/ClientModel.java
View file

@ -30,10 +30,6 @@ public interface ClientModel {
*/
String getClientId();
long getAllowedClaimsMask();
void setAllowedClaimsMask(long mask);
Set<String> getWebOrigins();
void setWebOrigins(Set<String> webOrigins);

8
model/api/src/main/java/org/keycloak/models/entities/ClientEntity.java
View file

@ -56,14 +56,6 @@ public class ClientEntity extends AbstractIdentifiableEntity {
this.secret = secret;
}
public long getAllowedClaimsMask() {
return allowedClaimsMask;
}
public void setAllowedClaimsMask(long allowedClaimsMask) {
this.allowedClaimsMask = allowedClaimsMask;
}
public int getNotBefore() {
return notBefore;
}

1
model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
View file

@ -178,7 +178,6 @@ public final class KeycloakModelUtils {
ApplicationModel app = realm.addApplication(name);
generateSecret(app);
app.setFullScopeAllowed(true);
app.setAllowedClaimsMask(ClaimMask.ALL);
return app;
}

15
model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
View file

@ -192,21 +192,6 @@ public class ModelToRepresentation {
return rep;
}
public static ClaimRepresentation toRepresentation(ClientModel model) {
ClaimRepresentation rep = new ClaimRepresentation();
rep.setAddress(ClaimMask.hasAddress(model.getAllowedClaimsMask()));
rep.setEmail(ClaimMask.hasEmail(model.getAllowedClaimsMask()));
rep.setGender(ClaimMask.hasGender(model.getAllowedClaimsMask()));
rep.setLocale(ClaimMask.hasLocale(model.getAllowedClaimsMask()));
rep.setName(ClaimMask.hasName(model.getAllowedClaimsMask()));
rep.setPhone(ClaimMask.hasPhone(model.getAllowedClaimsMask()));
rep.setPicture(ClaimMask.hasPicture(model.getAllowedClaimsMask()));
rep.setProfile(ClaimMask.hasProfile(model.getAllowedClaimsMask()));
rep.setWebsite(ClaimMask.hasWebsite(model.getAllowedClaimsMask()));
rep.setUsername(ClaimMask.hasUsername(model.getAllowedClaimsMask()));
return rep;
}
public static FederatedIdentityRepresentation toRepresentation(FederatedIdentityModel socialLink) {
FederatedIdentityRepresentation rep = new FederatedIdentityRepresentation();
rep.setUserName(socialLink.getUserName());

57
model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -3,6 +3,7 @@ package org.keycloak.models.utils;
import net.iharder.Base64;
import org.jboss.logging.Logger;
import org.keycloak.enums.SslRequired;
import org.keycloak.migration.MigrationProvider;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.BrowserSecurityHeaders;
import org.keycloak.models.ClaimMask;
@ -129,7 +130,7 @@ public class RepresentationToModel {
importIdentityProviders(rep, newRealm);
if (rep.getApplications() != null) {
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
Map<String, ApplicationModel> appMap = createApplications(session, rep, newRealm);
}
if (rep.getRoles() != null) {
@ -189,7 +190,7 @@ public class RepresentationToModel {
}
if (rep.getOauthClients() != null) {
createOAuthClients(rep, newRealm);
createOAuthClients(session, rep, newRealm);
}
@ -302,6 +303,7 @@ public class RepresentationToModel {
federatedIdentity.setIdentityProvider(social.getSocialProvider());
federatedIdentity.setUserId(social.getSocialUserId());
federatedIdentity.setUserName(social.getSocialUsername());
federatedIdentities.add(federatedIdentity);
}
user.setFederatedIdentities(federatedIdentities);
}
@ -309,6 +311,16 @@ public class RepresentationToModel {
user.setSocialLinks(null);
}
private static List<ProtocolMapperRepresentation> convertDeprecatedClaimsMask(KeycloakSession session, ClaimRepresentation claimRep) {
if (claimRep == null) {
return null;
}
long mask = getClaimsMask(claimRep);
MigrationProvider migrationProvider = session.getProvider(MigrationProvider.class);
return migrationProvider.getMappersForClaimMask(mask);
}
public static void updateRealm(RealmRepresentation rep, RealmModel realm) {
if (rep.getRealm() != null) {
realm.setName(rep.getRealm());
@ -435,10 +447,10 @@ public class RepresentationToModel {
// APPLICATIONS
private static Map<String, ApplicationModel> createApplications(RealmRepresentation rep, RealmModel realm) {
private static Map<String, ApplicationModel> createApplications(KeycloakSession session, RealmRepresentation rep, RealmModel realm) {
Map<String, ApplicationModel> appMap = new HashMap<String, ApplicationModel>();
for (ApplicationRepresentation resourceRep : rep.getApplications()) {
ApplicationModel app = createApplication(realm, resourceRep, false);
ApplicationModel app = createApplication(session, realm, resourceRep, false);
appMap.put(app.getName(), app);
}
return appMap;
@ -451,8 +463,16 @@ public class RepresentationToModel {
* @param resourceRep
* @return
*/
public static ApplicationModel createApplication(RealmModel realm, ApplicationRepresentation resourceRep, boolean addDefaultRoles) {
public static ApplicationModel createApplication(KeycloakSession session, RealmModel realm, ApplicationRepresentation resourceRep, boolean addDefaultRoles) {
logger.debug("************ CREATE APPLICATION: {0}" + resourceRep.getName());
if (resourceRep.getProtocolMappers() == null) {
List<ProtocolMapperRepresentation> convertedProtocolMappers = convertDeprecatedClaimsMask(session, resourceRep.getClaims());
if (convertedProtocolMappers != null) {
resourceRep.setProtocolMappers(convertedProtocolMappers);
}
}
ApplicationModel applicationModel = resourceRep.getId()!=null ? realm.addApplication(resourceRep.getId(), resourceRep.getName()) : realm.addApplication(resourceRep.getName());
if (resourceRep.isEnabled() != null) applicationModel.setEnabled(resourceRep.isEnabled());
applicationModel.setManagementUrl(resourceRep.getAdminUrl());
@ -595,8 +615,9 @@ public class RepresentationToModel {
updateClientIdentityProviders(rep.getIdentityProviders(), resource);
}
public static void setClaims(ClientModel model, ClaimRepresentation rep) {
long mask = model.getAllowedClaimsMask();
public static long getClaimsMask(ClaimRepresentation rep) {
long mask = ClaimMask.ALL;
if (rep.getAddress()) {
mask |= ClaimMask.ADDRESS;
} else {
@ -647,14 +668,14 @@ public class RepresentationToModel {
} else {
mask &= ~ClaimMask.WEBSITE;
}
model.setAllowedClaimsMask(mask);
return mask;
}
// OAuth clients
private static void createOAuthClients(RealmRepresentation realmRep, RealmModel realm) {
private static void createOAuthClients(KeycloakSession session, RealmRepresentation realmRep, RealmModel realm) {
for (OAuthClientRepresentation rep : realmRep.getOauthClients()) {
createOAuthClient(rep, realm);
createOAuthClient(session, rep, realm);
}
}
@ -664,25 +685,29 @@ public class RepresentationToModel {
return model;
}
public static OAuthClientModel createOAuthClient(OAuthClientRepresentation rep, RealmModel realm) {
public static OAuthClientModel createOAuthClient(KeycloakSession session, OAuthClientRepresentation rep, RealmModel realm) {
OAuthClientModel model = createOAuthClient(rep.getId(), rep.getName(), realm);
model.updateIdentityProviders(toModel(rep.getIdentityProviders(), realm));
updateOAuthClient(rep, model);
updateOAuthClient(session, rep, model);
return model;
}
public static void updateOAuthClient(OAuthClientRepresentation rep, OAuthClientModel model) {
public static void updateOAuthClient(KeycloakSession session, OAuthClientRepresentation rep, OAuthClientModel model) {
if (rep.getProtocolMappers() == null) {
List<ProtocolMapperRepresentation> convertedProtocolMappers = convertDeprecatedClaimsMask(session, rep.getClaims());
if (convertedProtocolMappers != null) {
rep.setProtocolMappers(convertedProtocolMappers);
}
}
if (rep.getName() != null) model.setClientId(rep.getName());
if (rep.isEnabled() != null) model.setEnabled(rep.isEnabled());
if (rep.isPublicClient() != null) model.setPublicClient(rep.isPublicClient());
if (rep.isFrontchannelLogout() != null) model.setFrontchannelLogout(rep.isFrontchannelLogout());
if (rep.isFullScopeAllowed() != null) model.setFullScopeAllowed(rep.isFullScopeAllowed());
if (rep.isDirectGrantsOnly() != null) model.setDirectGrantsOnly(rep.isDirectGrantsOnly());
if (rep.getClaims() != null) {
setClaims(model, rep.getClaims());
}
if (rep.getNotBefore() != null) {
model.setNotBefore(rep.getNotBefore());
}

3
model/api/src/main/resources/META-INF/services/org.keycloak.provider.Spi
View file

@ -1,4 +1,5 @@
org.keycloak.models.UserFederationSpi
org.keycloak.models.RealmSpi
org.keycloak.models.UserSessionSpi
org.keycloak.models.UserSpi
org.keycloak.models.UserSpi
org.keycloak.migration.MigrationSpi

10
model/file/src/main/java/org/keycloak/models/file/adapter/ClientAdapter.java
View file

@ -69,16 +69,6 @@ public abstract class ClientAdapter implements ClientModel {
return clientEntity.getName();
}
@Override
public long getAllowedClaimsMask() {
return clientEntity.getAllowedClaimsMask();
}
@Override
public void setAllowedClaimsMask(long mask) {
clientEntity.setAllowedClaimsMask(mask);
}
@Override
public Set<String> getWebOrigins() {
Set<String> result = new HashSet<String>();

10
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ClientAdapter.java vendored
View file

@ -44,16 +44,6 @@ public abstract class ClientAdapter implements ClientModel {
@Override
public abstract String getClientId();
public long getAllowedClaimsMask() {
if (updatedClient != null) return updatedClient.getAllowedClaimsMask();
return cachedClient.getAllowedClaimsMask();
}
public void setAllowedClaimsMask(long mask) {
getDelegateForUpdate();
updatedClient.setAllowedClaimsMask(mask);
}
public Set<String> getWebOrigins() {
if (updatedClient != null) return updatedClient.getWebOrigins();
return cachedClient.getWebOrigins();

6
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedClient.java vendored
View file

@ -23,7 +23,6 @@ public class CachedClient {
protected String id;
protected String name;
protected String realm;
protected long allowedClaimsMask;
protected Set<String> redirectUris = new HashSet<String>();
protected boolean enabled;
protected String secret;
@ -51,7 +50,6 @@ public class CachedClient {
directGrantsOnly = model.isDirectGrantsOnly();
frontchannelLogout = model.isFrontchannelLogout();
publicClient = model.isPublicClient();
allowedClaimsMask = model.getAllowedClaimsMask();
fullScopeAllowed = model.isFullScopeAllowed();
redirectUris.addAll(model.getRedirectUris());
webOrigins.addAll(model.getWebOrigins());
@ -76,10 +74,6 @@ public class CachedClient {
return realm;
}
public long getAllowedClaimsMask() {
return allowedClaimsMask;
}
public Set<String> getRedirectUris() {
return redirectUris;
}

10
model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java
View file

@ -72,16 +72,6 @@ public abstract class ClientAdapter implements ClientModel {
entity.setEnabled(enabled);
}
@Override
public long getAllowedClaimsMask() {
return entity.getAllowedClaimsMask();
}
@Override
public void setAllowedClaimsMask(long mask) {
entity.setAllowedClaimsMask(mask);
}
@Override
public boolean isPublicClient() {
return entity.isPublicClient();

10
model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java
View file

@ -40,8 +40,6 @@ public abstract class ClientEntity {
private boolean enabled;
@Column(name="SECRET")
private String secret;
@Column(name="ALLOWED_CLAIMS_MASK")
private long allowedClaimsMask;
@Column(name="NOT_BEFORE")
private int notBefore;
@Column(name="PUBLIC_CLIENT")
@ -111,14 +109,6 @@ public abstract class ClientEntity {
this.name = name;
}
public long getAllowedClaimsMask() {
return allowedClaimsMask;
}
public void setAllowedClaimsMask(long allowedClaimsMask) {
this.allowedClaimsMask = allowedClaimsMask;
}
public Set<String> getWebOrigins() {
return webOrigins;
}

11
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java
View file

@ -59,17 +59,6 @@ public abstract class ClientAdapter<T extends MongoIdentifiableEntity> extends A
return getMongoEntityAsClient().getName();
}
@Override
public long getAllowedClaimsMask() {
return getMongoEntityAsClient().getAllowedClaimsMask();
}
@Override
public void setAllowedClaimsMask(long mask) {
getMongoEntityAsClient().setAllowedClaimsMask(mask);
updateMongoEntity();
}
@Override
public Set<String> getWebOrigins() {
Set<String> result = new HashSet<String>();

39
services/src/main/java/org/keycloak/services/util/DefaultMigrationProvider.java → services/src/main/java/org/keycloak/services/migration/DefaultMigrationProvider.java
View file

@ -1,4 +1,4 @@
package org.keycloak.services.util;
package org.keycloak.services.migration;
import java.util.ArrayList;
import java.util.Collection;
@ -6,34 +6,36 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.keycloak.migration.MigrationProvider;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.LoginProtocolFactory;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
/**
* Various common utils needed for migration from older version to newer
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class DefaultMigrationProvider {
public class DefaultMigrationProvider implements MigrationProvider {
private DefaultMigrationProvider() {}
private final KeycloakSession session;
/**
*
* @param session
* @param claimMask mask used on ClientModel in 1.1.0
* @return set of 1.2.0.Beta1 protocol mappers corresponding to given claimMask
*/
public static List<ProtocolMapperModel> getMappersForClaimMask(KeycloakSession session, Long claimMask) {
Map<String, ProtocolMapperModel> allMappers = getAllDefaultMappers(session);
public DefaultMigrationProvider(KeycloakSession session) {
this.session = session;
}
@Override
public List<ProtocolMapperRepresentation> getMappersForClaimMask(Long claimMask) {
Map<String, ProtocolMapperRepresentation> allMappers = getAllDefaultMappers(session);
if (claimMask == null) {
return new ArrayList<ProtocolMapperModel>(allMappers.values());
return new ArrayList<ProtocolMapperRepresentation>(allMappers.values());
}
if (!ClaimMask.hasUsername(claimMask)) {
@ -48,11 +50,15 @@ public class DefaultMigrationProvider {
allMappers.remove(OIDCLoginProtocolFactory.GIVEN_NAME);
}
return new ArrayList<ProtocolMapperModel>(allMappers.values());
return new ArrayList<ProtocolMapperRepresentation>(allMappers.values());
}
private static Map<String, ProtocolMapperModel> getAllDefaultMappers(KeycloakSession session) {
Map<String, ProtocolMapperModel> allMappers = new HashMap<String, ProtocolMapperModel>();
@Override
public void close() {
}
private static Map<String, ProtocolMapperRepresentation> getAllDefaultMappers(KeycloakSession session) {
Map<String, ProtocolMapperRepresentation> allMappers = new HashMap<String, ProtocolMapperRepresentation>();
List<ProviderFactory> loginProtocolFactories = session.getKeycloakSessionFactory().getProviderFactories(LoginProtocol.class);
@ -61,7 +67,8 @@ public class DefaultMigrationProvider {
List<ProtocolMapperModel> currentMappers = loginProtocolFactory.getDefaultBuiltinMappers();
for (ProtocolMapperModel protocolMapper : currentMappers) {
allMappers.put(protocolMapper.getName(), protocolMapper);
ProtocolMapperRepresentation rep = ModelToRepresentation.toRepresentation(protocolMapper);
allMappers.put(protocolMapper.getName(), rep);
}
}

38
services/src/main/java/org/keycloak/services/migration/DefaultMigrationProviderFactory.java Normal file
View file

@ -0,0 +1,38 @@
package org.keycloak.services.migration;
import org.keycloak.Config;
import org.keycloak.migration.MigrationProvider;
import org.keycloak.migration.MigrationProviderFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class DefaultMigrationProviderFactory implements MigrationProviderFactory {
@Override
public MigrationProvider create(KeycloakSession session) {
return new DefaultMigrationProvider(session);
}
@Override
public void init(Config.Scope config) {
}
@Override
public void postInit(KeycloakSessionFactory factory) {
}
@Override
public void close() {
}
@Override
public String getId() {
return "default";
}
}

10
services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
View file

@ -78,16 +78,6 @@ public class ApplicationResource {
auth.init(RealmAuth.Resource.APPLICATION);
}
/**
* base path for managing allowed application claims
*
* @return
*/
@Path("claims")
public ClaimResource getClaimResource() {
return new ClaimResource(application, auth);
}
@Path("protocol-mappers")
public ProtocolMappersResource getProtocolMappers() {
ProtocolMappersResource mappers = new ProtocolMappersResource(application, auth);

2
services/src/main/java/org/keycloak/services/resources/admin/ApplicationsResource.java
View file

@ -87,7 +87,7 @@ public class ApplicationsResource {
auth.requireManage();
try {
ApplicationModel applicationModel = RepresentationToModel.createApplication(realm, rep, true);
ApplicationModel applicationModel = RepresentationToModel.createApplication(session, realm, rep, true);
return Response.created(uriInfo.getAbsolutePathBuilder().path(getApplicationPath(applicationModel)).build()).build();
} catch (ModelDuplicateException e) {
return Flows.errors().exists("Application " + rep.getName() + " already exists");

54
services/src/main/java/org/keycloak/services/resources/admin/ClaimResource.java
View file

@ -1,54 +0,0 @@
package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.models.ClientModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.ClaimRepresentation;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
/**
* Base resource class for managing allowed claims for an application or oauth client
*
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ClaimResource {
protected ClientModel model;
protected RealmAuth auth;
public ClaimResource(ClientModel model, RealmAuth auth) {
this.model = model;
this.auth = auth;
}
/**
* Get the claims a client is allowed to ask for
*
* @return
*/
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public ClaimRepresentation getClaims() {
auth.requireView();
return ModelToRepresentation.toRepresentation(model);
}
/**
* Set the cliams a client is allowed to ask for.
*
* @param rep
*/
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public void updateClaims(ClaimRepresentation rep) {
auth.requireManage();
RepresentationToModel.setClaims(model, rep);
}
}

12
services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java
View file

@ -64,16 +64,6 @@ public class OAuthClientResource {
auth.init(RealmAuth.Resource.CLIENT);
}
/**
* Base path for managing allowed oauth client claims
*
* @return
*/
@Path("claims")
public ClaimResource getClaimResource() {
return new ClaimResource(oauthClient, auth);
}
/**
* interface for updating attached ProtocolMappers
*
@ -111,7 +101,7 @@ public class OAuthClientResource {
auth.requireManage();
try {
RepresentationToModel.updateOAuthClient(rep, oauthClient);
RepresentationToModel.updateOAuthClient(session, rep, oauthClient);
return Response.noContent().build();
} catch (ModelDuplicateException e) {
return Flows.errors().exists("Client " + rep.getName() + " already exists");

2
services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java
View file

@ -89,7 +89,7 @@ public class OAuthClientsResource {
auth.requireManage();
try {
OAuthClientModel oauth = RepresentationToModel.createOAuthClient(rep, realm);
OAuthClientModel oauth = RepresentationToModel.createOAuthClient(session, rep, realm);
return Response.created(uriInfo.getAbsolutePathBuilder().path(getClientPath(oauth)).build()).build();
} catch (ModelDuplicateException e) {
return Flows.errors().exists("Client " + rep.getName() + " already exists");

1
services/src/main/resources/META-INF/services/org.keycloak.migration.MigrationProviderFactory Normal file
View file

@ -0,0 +1 @@
org.keycloak.services.migration.DefaultMigrationProviderFactory

64
testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ApplicationTest.java
View file

@ -3,9 +3,12 @@ package org.keycloak.testsuite.admin;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.resource.ApplicationResource;
import org.keycloak.admin.client.resource.ProtocolMappersResource;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
@ -17,6 +20,8 @@ import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import java.util.LinkedList;
import java.util.List;
@ -113,4 +118,63 @@ public class ApplicationTest extends AbstractClientTest {
assertNull(realm.applications().get("my-app").toRepresentation().getDefaultRoles());
}
@Test
public void testProtocolMappers() {
createApplication();
ProtocolMappersResource mappersResource = realm.applications().get("my-app").getProtocolMappers();
protocolMappersTest(mappersResource);
}
public static void protocolMappersTest(ProtocolMappersResource mappersResource) {
// assert default mappers found
List<ProtocolMapperRepresentation> protocolMappers = mappersResource.getMappers();
String emailMapperId = null;
String usernameMapperId = null;
String fooMapperId = null;
for (ProtocolMapperRepresentation mapper : protocolMappers) {
if (mapper.getName().equals(OIDCLoginProtocolFactory.EMAIL)) {
emailMapperId = mapper.getId();
} else if (mapper.getName().equals(OIDCLoginProtocolFactory.USERNAME)) {
usernameMapperId = mapper.getId();
} else if (mapper.getName().equals("foo")) {
fooMapperId = mapper.getId();
}
}
assertNotNull(emailMapperId);
assertNotNull(usernameMapperId);
assertNull(fooMapperId);
// Create foo mapper
ProtocolMapperRepresentation fooMapper = new ProtocolMapperRepresentation();
fooMapper.setName("foo");
fooMapper.setProtocol("fooProtocol");
fooMapper.setProtocolMapper("fooMapper");
fooMapper.setConsentRequired(true);
Response response = mappersResource.createMapper(fooMapper);
String location = response.getLocation().toString();
fooMapperId = location.substring(location.lastIndexOf("/") + 1);
response.close();
fooMapper = mappersResource.getMapperById(fooMapperId);
assertEquals(fooMapper.getName(), "foo");
// Update foo mapper
fooMapper.setProtocolMapper("foo-mapper-updated");
mappersResource.update(fooMapperId, fooMapper);
fooMapper = mappersResource.getMapperById(fooMapperId);
assertEquals(fooMapper.getProtocolMapper(), "foo-mapper-updated");
// Remove foo mapper
mappersResource.delete(fooMapperId);
try {
mappersResource.getMapperById(fooMapperId);
fail("Not expected to find deleted mapper");
} catch (NotFoundException nfe) {
}
}
}

9
testsuite/integration/src/test/java/org/keycloak/testsuite/admin/OAuthClientTest.java
View file

@ -1,6 +1,7 @@
package org.keycloak.testsuite.admin;
import org.junit.Test;
import org.keycloak.admin.client.resource.ProtocolMappersResource;
import org.keycloak.representations.idm.OAuthClientRepresentation;
import static org.junit.Assert.assertEquals;
@ -33,6 +34,14 @@ public class OAuthClientTest extends AbstractClientTest {
realm.oAuthClients().get("my-client").remove();
}
@Test
public void testProtocolMappers() {
createOAuthClient();
ProtocolMappersResource mappersResource = realm.oAuthClients().get("my-client").getProtocolMappers();
ApplicationTest.protocolMappersTest(mappersResource);
}
@Test
public void getOAuthClientRepresentation() {
createOAuthClient();

2
testsuite/integration/src/test/java/org/keycloak/testsuite/model/ApplicationModelTest.java
View file

@ -65,7 +65,7 @@ public class ApplicationModelTest extends AbstractModelTest {
representation.setId(null);
RealmModel realm = realmManager.createRealm("copy");
ApplicationModel copy = RepresentationToModel.createApplication(realm, representation, true);
ApplicationModel copy = RepresentationToModel.createApplication(session, realm, representation, true);
assertEquals(application, copy);
}

14
testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
View file

@ -165,18 +165,6 @@
"userInfoUrl": "http://localhost:8082/auth/realms/realm-with-oidc-identity-provider/protocol/openid-connect/userinfo",
"defaultScope": "email profile"
}
},
{
"alias" : "model-kerberos",
"providerId" : "kerberos",
"enabled": true,
"updateProfileFirstLogin" : "true",
"authenticateByDefault" : "false",
"config": {
"serverPrincipal": "HTTP/server.domain.org@DOMAIN.ORG",
"keyTab": "/etc/http.keytab",
"debug": "true"
}
}
],
"users": [
@ -242,4 +230,4 @@
}
]
}
}
}