diff --git a/forms/login-api/src/main/java/org/keycloak/login/LoginForms.java b/forms/login-api/src/main/java/org/keycloak/login/LoginForms.java index 9f91751c00..e112755da7 100755 --- a/forms/login-api/src/main/java/org/keycloak/login/LoginForms.java +++ b/forms/login-api/src/main/java/org/keycloak/login/LoginForms.java @@ -1,5 +1,6 @@ package org.keycloak.login; +import org.keycloak.models.ClientModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserModel; @@ -38,7 +39,7 @@ public interface LoginForms { public LoginForms setUser(UserModel user); - public LoginForms setClient(UserModel client); + public LoginForms setClient(ClientModel client); public LoginForms setFormData(MultivaluedMap formData); diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java index 95f005b9f2..b139aa5785 100755 --- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java +++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java @@ -17,6 +17,7 @@ import org.keycloak.login.freemarker.model.RegisterBean; import org.keycloak.login.freemarker.model.SocialBean; import org.keycloak.login.freemarker.model.TotpBean; import org.keycloak.login.freemarker.model.UrlBean; +import org.keycloak.models.ClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserModel; @@ -63,7 +64,7 @@ public class FreeMarkerLoginForms implements LoginForms { private UserModel user; - private UserModel client; + private ClientModel client; private UriInfo uriInfo; @@ -240,7 +241,7 @@ public class FreeMarkerLoginForms implements LoginForms { return this; } - public FreeMarkerLoginForms setClient(UserModel client) { + public FreeMarkerLoginForms setClient(ClientModel client) { this.client = client; return this; } diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java index d18dde5ccf..1324bfd20e 100755 --- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java +++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java @@ -21,6 +21,7 @@ */ package org.keycloak.login.freemarker.model; +import org.keycloak.models.ClientModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserModel; @@ -36,11 +37,11 @@ public class OAuthGrantBean { private List realmRolesRequested; private MultivaluedMap resourceRolesRequested; private String code; - private UserModel client; + private ClientModel client; private String oAuthCode; private String action; - public OAuthGrantBean(String code, UserModel client, List realmRolesRequested, MultivaluedMap resourceRolesRequested) { + public OAuthGrantBean(String code, ClientModel client, List realmRolesRequested, MultivaluedMap resourceRolesRequested) { this.code = code; this.client = client; this.realmRolesRequested = realmRolesRequested; @@ -60,7 +61,7 @@ public class OAuthGrantBean { } public String getClient() { - return client.getLoginName(); + return client.getAgent().getLoginName(); } } diff --git a/model/api/src/main/java/org/keycloak/models/ApplicationModel.java b/model/api/src/main/java/org/keycloak/models/ApplicationModel.java index 6247cdca34..d8688e4a07 100755 --- a/model/api/src/main/java/org/keycloak/models/ApplicationModel.java +++ b/model/api/src/main/java/org/keycloak/models/ApplicationModel.java @@ -14,10 +14,6 @@ public interface ApplicationModel extends RoleContainerModel, ClientModel { void setName(String name); - boolean isEnabled(); - - void setEnabled(boolean enabled); - boolean isSurrogateAuthRequired(); void setSurrogateAuthRequired(boolean surrogateAuthRequired); @@ -38,7 +34,7 @@ public interface ApplicationModel extends RoleContainerModel, ClientModel { Set getApplicationRoleMappings(UserModel user); - Set getApplicationScopeMappings(UserModel user); + Set getApplicationScopeMappings(ClientModel client); void addScope(RoleModel role); diff --git a/model/api/src/main/java/org/keycloak/models/ClientModel.java b/model/api/src/main/java/org/keycloak/models/ClientModel.java index ab38dd3c53..7efae1a5f7 100755 --- a/model/api/src/main/java/org/keycloak/models/ClientModel.java +++ b/model/api/src/main/java/org/keycloak/models/ClientModel.java @@ -1,15 +1,38 @@ package org.keycloak.models; +import java.util.Set; + /** * @author Bill Burke * @version $Revision: 1 $ */ public interface ClientModel { + String getId(); + + UserModel getAgent(); + long getAllowedClaimsMask(); void setAllowedClaimsMask(long mask); - UserModel getAgent(); + Set getWebOrigins(); - String getId(); + void setWebOrigins(Set webOrigins); + + void addWebOrigin(String webOrigin); + + void removeWebOrigin(String webOrigin); + + Set getRedirectUris(); + + void setRedirectUris(Set redirectUris); + + void addRedirectUri(String redirectUri); + + void removeRedirectUri(String redirectUri); + + + boolean isEnabled(); + + void setEnabled(boolean enabled); } diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java index a49e269d86..3f96f4f788 100755 --- a/model/api/src/main/java/org/keycloak/models/RealmModel.java +++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java @@ -107,6 +107,8 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa void updateDefaultRoles(String[] defaultRoles); + ClientModel findClient(String clientId); + Map getApplicationNameMap(); List getApplications(); @@ -173,7 +175,7 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa Set getRealmRoleMappings(UserModel user); - Set getRealmScopeMappings(UserModel user); + Set getRealmScopeMappings(ClientModel client); String getLoginTheme(); @@ -193,5 +195,5 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa */ UserCredentialModel getSecret(UserModel user); - boolean hasScope(UserModel user, RoleModel role); + boolean hasScope(ClientModel client, RoleModel role); } diff --git a/model/api/src/main/java/org/keycloak/models/ScopeMapperModel.java b/model/api/src/main/java/org/keycloak/models/ScopeMapperModel.java index d67529097a..480943bec1 100755 --- a/model/api/src/main/java/org/keycloak/models/ScopeMapperModel.java +++ b/model/api/src/main/java/org/keycloak/models/ScopeMapperModel.java @@ -8,7 +8,7 @@ import java.util.Set; * @version $Revision: 1 $ */ public interface ScopeMapperModel { - Set getScopeMappings(UserModel agent); - void addScopeMapping(UserModel agent, RoleModel role); - void deleteScopeMapping(UserModel user, RoleModel role); + Set getScopeMappings(ClientModel client); + void addScopeMapping(ClientModel client, RoleModel role); + void deleteScopeMapping(ClientModel client, RoleModel role); } diff --git a/model/api/src/main/java/org/keycloak/models/UserModel.java b/model/api/src/main/java/org/keycloak/models/UserModel.java index b86ee77f56..2b2a0cf3f8 100755 --- a/model/api/src/main/java/org/keycloak/models/UserModel.java +++ b/model/api/src/main/java/org/keycloak/models/UserModel.java @@ -37,22 +37,6 @@ public interface UserModel { void removeRequiredAction(RequiredAction action); - Set getWebOrigins(); - - void setWebOrigins(Set webOrigins); - - void addWebOrigin(String webOrigin); - - void removeWebOrigin(String webOrigin); - - Set getRedirectUris(); - - void setRedirectUris(Set redirectUris); - - void addRedirectUri(String redirectUri); - - void removeRedirectUri(String redirectUri); - String getFirstName(); void setFirstName(String firstName); diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java index 3b43464656..1b9b86ee20 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java @@ -1,6 +1,7 @@ package org.keycloak.models.jpa; import org.keycloak.models.ApplicationModel; +import org.keycloak.models.ClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleContainerModel; import org.keycloak.models.RoleModel; @@ -22,13 +23,13 @@ import java.util.Set; public class ApplicationAdapter implements ApplicationModel { protected EntityManager em; - protected ApplicationEntity application; + protected ApplicationEntity entity; protected RealmModel realm; - public ApplicationAdapter(RealmModel realm, EntityManager em, ApplicationEntity application) { + public ApplicationAdapter(RealmModel realm, EntityManager em, ApplicationEntity entity) { this.realm = realm; this.em = em; - this.application = application; + this.entity = entity; } @Override @@ -38,79 +39,79 @@ public class ApplicationAdapter implements ApplicationModel { @Override public UserModel getAgent() { - return new UserAdapter(application.getApplicationUser()); + return new UserAdapter(entity.getApplicationUser()); } @Override public String getId() { - return application.getId(); + return entity.getId(); } @Override public String getName() { - return application.getName(); + return entity.getName(); } @Override public void setName(String name) { - application.setName(name); + entity.setName(name); } @Override public boolean isEnabled() { - return application.isEnabled(); + return entity.isEnabled(); } @Override public void setEnabled(boolean enabled) { - application.setEnabled(enabled); + entity.setEnabled(enabled); } @Override public long getAllowedClaimsMask() { - return application.getAllowedClaimsMask(); + return entity.getAllowedClaimsMask(); } @Override public void setAllowedClaimsMask(long mask) { - application.setAllowedClaimsMask(mask); + entity.setAllowedClaimsMask(mask); } @Override public boolean isSurrogateAuthRequired() { - return application.isSurrogateAuthRequired(); + return entity.isSurrogateAuthRequired(); } @Override public void setSurrogateAuthRequired(boolean surrogateAuthRequired) { - application.setSurrogateAuthRequired(surrogateAuthRequired); + entity.setSurrogateAuthRequired(surrogateAuthRequired); } @Override public String getManagementUrl() { - return application.getManagementUrl(); + return entity.getManagementUrl(); } @Override public void setManagementUrl(String url) { - application.setManagementUrl(url); + entity.setManagementUrl(url); } @Override public String getBaseUrl() { - return application.getBaseUrl(); + return entity.getBaseUrl(); } @Override public void setBaseUrl(String url) { - application.setBaseUrl(url); + entity.setBaseUrl(url); } @Override public RoleModel getRole(String name) { TypedQuery query = em.createNamedQuery("getAppRoleByName", ApplicationRoleEntity.class); query.setParameter("name", name); - query.setParameter("application", application); + query.setParameter("application", entity); List roles = query.getResultList(); if (roles.size() == 0) return null; return new RoleAdapter(realm, em, roles.get(0)); @@ -120,13 +121,13 @@ public class ApplicationAdapter implements ApplicationModel { public RoleModel addRole(String name) { RoleModel role = getRole(name); if (role != null) return role; - ApplicationRoleEntity entity = new ApplicationRoleEntity(); - entity.setName(name); - entity.setApplication(application); - em.persist(entity); - application.getRoles().add(entity); + ApplicationRoleEntity roleEntity = new ApplicationRoleEntity(); + roleEntity.setName(name); + roleEntity.setApplication(entity); + em.persist(roleEntity); + entity.getRoles().add(roleEntity); em.flush(); - return new RoleAdapter(realm, em, entity); + return new RoleAdapter(realm, em, roleEntity); } @Override @@ -138,8 +139,8 @@ public class ApplicationAdapter implements ApplicationModel { ApplicationRoleEntity role = (ApplicationRoleEntity)roleAdapter.getRole(); - application.getRoles().remove(role); - application.getDefaultRoles().remove(role); + entity.getRoles().remove(role); + entity.getDefaultRoles().remove(role); em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate(); em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate(); @@ -153,7 +154,7 @@ public class ApplicationAdapter implements ApplicationModel { @Override public Set getRoles() { Set list = new HashSet(); - Collection roles = application.getRoles(); + Collection roles = entity.getRoles(); if (roles == null) return list; for (RoleEntity entity : roles) { list.add(new RoleAdapter(realm, em, entity)); @@ -168,7 +169,7 @@ public class ApplicationAdapter implements ApplicationModel { // Check if it's application role and belongs to this application if (entity == null || !(entity instanceof ApplicationRoleEntity)) return null; ApplicationRoleEntity appRoleEntity = (ApplicationRoleEntity)entity; - return (appRoleEntity.getApplication().equals(this.application)) ? new RoleAdapter(this.realm, em, appRoleEntity) : null; + return (appRoleEntity.getApplication().equals(this.entity)) ? new RoleAdapter(this.realm, em, appRoleEntity) : null; } @Override @@ -191,8 +192,8 @@ public class ApplicationAdapter implements ApplicationModel { } @Override - public Set getApplicationScopeMappings(UserModel user) { - Set roleMappings = realm.getScopeMappings(user); + public Set getApplicationScopeMappings(ClientModel client) { + Set roleMappings = realm.getScopeMappings(client); Set appRoles = new HashSet(); for (RoleModel role : roleMappings) { @@ -214,7 +215,7 @@ public class ApplicationAdapter implements ApplicationModel { @Override public List getDefaultRoles() { - Collection entities = application.getDefaultRoles(); + Collection entities = entity.getDefaultRoles(); List roles = new ArrayList(); if (entities == null) return roles; for (RoleEntity entity : entities) { @@ -229,7 +230,7 @@ public class ApplicationAdapter implements ApplicationModel { if (role == null) { role = addRole(name); } - Collection entities = application.getDefaultRoles(); + Collection entities = entity.getDefaultRoles(); for (RoleEntity entity : entities) { if (entity.getId().equals(role.getId())) { return; @@ -248,7 +249,7 @@ public class ApplicationAdapter implements ApplicationModel { @Override public void updateDefaultRoles(String[] defaultRoles) { - Collection entities = application.getDefaultRoles(); + Collection entities = entity.getDefaultRoles(); Set already = new HashSet(); List remove = new ArrayList(); for (RoleEntity rel : entities) { @@ -272,7 +273,7 @@ public class ApplicationAdapter implements ApplicationModel { @Override public void addScope(RoleModel role) { - realm.addScopeMapping(getAgent(), role); + realm.addScopeMapping(this, role); } public boolean equals(Object o) { @@ -286,4 +287,49 @@ public class ApplicationAdapter implements ApplicationModel { public String toString() { return getName(); } + + @Override + public Set getWebOrigins() { + Set result = new HashSet(); + result.addAll(entity.getWebOrigins()); + return result; + } + + @Override + public void setWebOrigins(Set webOrigins) { + entity.setWebOrigins(webOrigins); + } + + @Override + public void addWebOrigin(String webOrigin) { + entity.getWebOrigins().add(webOrigin); + } + + @Override + public void removeWebOrigin(String webOrigin) { + entity.getWebOrigins().remove(webOrigin); + } + + @Override + public Set getRedirectUris() { + Set result = new HashSet(); + result.addAll(entity.getRedirectUris()); + return result; + } + + @Override + public void setRedirectUris(Set redirectUris) { + entity.setRedirectUris(redirectUris); + } + + @Override + public void addRedirectUri(String redirectUri) { + entity.getRedirectUris().add(redirectUri); + } + + @Override + public void removeRedirectUri(String redirectUri) { + entity.getRedirectUris().remove(redirectUri); + } + } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java index 6bb62ccacb..4098ff0371 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java @@ -4,6 +4,9 @@ import org.keycloak.models.OAuthClientModel; import org.keycloak.models.UserModel; import org.keycloak.models.jpa.entities.OAuthClientEntity; +import java.util.HashSet; +import java.util.Set; + /** * @author Bill Burke * @version $Revision: 1 $ @@ -24,6 +27,16 @@ public class OAuthClientAdapter implements OAuthClientModel { return entity.getId(); } + @Override + public boolean isEnabled() { + return getAgent().isEnabled(); + } + + @Override + public void setEnabled(boolean enabled) { + getAgent().setEnabled(enabled); + } + @Override public UserModel getAgent() { return new UserAdapter(entity.getAgent()); @@ -38,6 +51,51 @@ public class OAuthClientAdapter implements OAuthClientModel { entity.setAllowedClaimsMask(mask); } + @Override + public Set getWebOrigins() { + Set result = new HashSet(); + result.addAll(entity.getWebOrigins()); + return result; + } + + @Override + public void setWebOrigins(Set webOrigins) { + entity.setWebOrigins(webOrigins); + } + + @Override + public void addWebOrigin(String webOrigin) { + entity.getWebOrigins().add(webOrigin); + } + + @Override + public void removeWebOrigin(String webOrigin) { + entity.getWebOrigins().remove(webOrigin); + } + + @Override + public Set getRedirectUris() { + Set result = new HashSet(); + result.addAll(entity.getRedirectUris()); + return result; + } + + @Override + public void setRedirectUris(Set redirectUris) { + entity.setRedirectUris(redirectUris); + } + + @Override + public void addRedirectUri(String redirectUri) { + entity.getRedirectUris().add(redirectUri); + } + + @Override + public void removeRedirectUri(String redirectUri) { + entity.getRedirectUris().remove(redirectUri); + } + + } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java index a84b5d7327..0330586fbb 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java @@ -1,5 +1,6 @@ package org.keycloak.models.jpa; +import org.keycloak.models.ClientModel; import org.keycloak.models.RoleContainerModel; import org.keycloak.models.jpa.entities.ApplicationEntity; import org.keycloak.models.jpa.entities.CredentialEntity; @@ -558,6 +559,13 @@ public class RealmAdapter implements RealmModel { em.flush(); } + @Override + public ClientModel findClient(String clientId) { + ClientModel model = getApplicationByName(clientId); + if (model != null) return model; + return getOAuthClient(clientId); + } + @Override public Map getApplicationNameMap() { Map map = new HashMap(); @@ -926,8 +934,8 @@ public class RealmAdapter implements RealmModel { } @Override - public boolean hasScope(UserModel user, RoleModel role) { - Set roles = getScopeMappings(user); + public boolean hasScope(ClientModel client, RoleModel role) { + Set roles = getScopeMappings(client); if (roles.contains(role)) return true; for (RoleModel mapping : roles) { @@ -996,8 +1004,8 @@ public class RealmAdapter implements RealmModel { } @Override - public Set getRealmScopeMappings(UserModel user) { - Set roleMappings = getScopeMappings(user); + public Set getRealmScopeMappings(ClientModel client) { + Set roleMappings = getScopeMappings(client); Set appRoles = new HashSet(); for (RoleModel role : roleMappings) { @@ -1014,9 +1022,9 @@ public class RealmAdapter implements RealmModel { @Override - public Set getScopeMappings(UserModel agent) { + public Set getScopeMappings(ClientModel client) { TypedQuery query = em.createNamedQuery("userScopeMappings", UserScopeMappingEntity.class); - query.setParameter("user", ((UserAdapter)agent).getUser()); + query.setParameter("user", ((UserAdapter)client.getAgent()).getUser()); List entities = query.getResultList(); Set roles = new HashSet(); for (UserScopeMappingEntity entity : entities) { @@ -1026,8 +1034,9 @@ public class RealmAdapter implements RealmModel { } @Override - public void addScopeMapping(UserModel agent, RoleModel role) { - if (hasScope(agent, role)) return; + public void addScopeMapping(ClientModel client, RoleModel role) { + UserModel agent = client.getAgent(); + if (hasScope(client, role)) return; UserScopeMappingEntity entity = new UserScopeMappingEntity(); entity.setUser(((UserAdapter) agent).getUser()); entity.setRole(((RoleAdapter)role).getRole()); @@ -1035,8 +1044,9 @@ public class RealmAdapter implements RealmModel { } @Override - public void deleteScopeMapping(UserModel user, RoleModel role) { - TypedQuery query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role); + public void deleteScopeMapping(ClientModel client, RoleModel role) { + UserModel agent = client.getAgent(); + TypedQuery query = getRealmScopeMappingQuery((UserAdapter) agent, (RoleAdapter) role); List results = query.getResultList(); if (results.size() == 0) return; for (UserScopeMappingEntity entity : results) { diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java index 6c2bf30d45..cff1659f9d 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java @@ -99,49 +99,6 @@ public class UserAdapter implements UserModel { user.getRequiredActions().remove(action); } - @Override - public Set getWebOrigins() { - Set result = new HashSet(); - result.addAll(user.getWebOrigins()); - return result; - } - - @Override - public void setWebOrigins(Set webOrigins) { - user.setWebOrigins(webOrigins); - } - - @Override - public void addWebOrigin(String webOrigin) { - user.getWebOrigins().add(webOrigin); - } - - @Override - public void removeWebOrigin(String webOrigin) { - user.getWebOrigins().remove(webOrigin); - } - - @Override - public Set getRedirectUris() { - Set result = new HashSet(); - result.addAll(user.getRedirectUris()); - return result; - } - - @Override - public void setRedirectUris(Set redirectUris) { - user.setRedirectUris(redirectUris); - } - - @Override - public void addRedirectUri(String redirectUri) { - user.getRedirectUris().add(redirectUri); - } - - @Override - public void removeRedirectUri(String redirectUri) { - user.getRedirectUris().remove(redirectUri); - } @Override public String getFirstName() { diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java index b85f720f7b..e5ab951593 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java @@ -1,6 +1,8 @@ package org.keycloak.models.jpa.entities; import javax.persistence.CascadeType; +import javax.persistence.CollectionTable; +import javax.persistence.ElementCollection; import javax.persistence.Entity; import javax.persistence.FetchType; import javax.persistence.GeneratedValue; @@ -11,6 +13,8 @@ import javax.persistence.OneToMany; import javax.persistence.OneToOne; import java.util.ArrayList; import java.util.Collection; +import java.util.HashSet; +import java.util.Set; import org.hibernate.annotations.GenericGenerator; @@ -35,6 +39,14 @@ public class ApplicationEntity { @OneToOne(fetch = FetchType.EAGER) private UserEntity applicationUser; + @ElementCollection + @CollectionTable + protected Set webOrigins = new HashSet(); + + @ElementCollection + @CollectionTable + protected Set redirectUris = new HashSet(); + @OneToMany(fetch = FetchType.EAGER, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "application") Collection roles = new ArrayList(); @@ -128,4 +140,22 @@ public class ApplicationEntity { public void setAllowedClaimsMask(long allowedClaimsMask) { this.allowedClaimsMask = allowedClaimsMask; } + + public Set getWebOrigins() { + return webOrigins; + } + + public void setWebOrigins(Set webOrigins) { + this.webOrigins = webOrigins; + } + + public Set getRedirectUris() { + return redirectUris; + } + + public void setRedirectUris(Set redirectUris) { + this.redirectUris = redirectUris; + } + + } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java index 9a114a1795..eb38b86e88 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java @@ -1,5 +1,7 @@ package org.keycloak.models.jpa.entities; +import javax.persistence.CollectionTable; +import javax.persistence.ElementCollection; import javax.persistence.Entity; import javax.persistence.FetchType; import javax.persistence.GeneratedValue; @@ -11,6 +13,9 @@ import javax.persistence.OneToOne; import org.hibernate.annotations.GenericGenerator; +import java.util.HashSet; +import java.util.Set; + /** * @author Bill Burke * @version $Revision: 1 $ @@ -30,6 +35,15 @@ public class OAuthClientEntity { private String name; private long allowedClaimsMask; + @ElementCollection + @CollectionTable + protected Set webOrigins = new HashSet(); + + @ElementCollection + @CollectionTable + protected Set redirectUris = new HashSet(); + + @OneToOne(fetch = FetchType.EAGER) private UserEntity agent; @@ -72,4 +86,22 @@ public class OAuthClientEntity { this.allowedClaimsMask = allowedClaimsMask; } + public Set getWebOrigins() { + return webOrigins; + } + + public void setWebOrigins(Set webOrigins) { + this.webOrigins = webOrigins; + } + + public Set getRedirectUris() { + return redirectUris; + } + + public void setRedirectUris(Set redirectUris) { + this.redirectUris = redirectUris; + } + + + } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java index 58a92925a4..51daf7b12d 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java @@ -60,14 +60,6 @@ public class UserEntity { @CollectionTable protected Set requiredActions = new HashSet(); - @ElementCollection - @CollectionTable - protected Set webOrigins = new HashSet(); - - @ElementCollection - @CollectionTable - protected Set redirectUris = new HashSet(); - @OneToMany(cascade = CascadeType.REMOVE, orphanRemoval = true) protected Collection credentials = new ArrayList(); @@ -151,22 +143,6 @@ public class UserEntity { this.requiredActions = requiredActions; } - public Set getWebOrigins() { - return webOrigins; - } - - public void setWebOrigins(Set webOrigins) { - this.webOrigins = webOrigins; - } - - public Set getRedirectUris() { - return redirectUris; - } - - public void setRedirectUris(Set redirectUris) { - this.redirectUris = redirectUris; - } - public RealmEntity getRealm() { return realm; } diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java index a0da211452..4f17350979 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java @@ -3,6 +3,7 @@ package org.keycloak.models.mongo.keycloak.adapters; import com.mongodb.DBObject; import com.mongodb.QueryBuilder; import org.keycloak.models.ApplicationModel; +import org.keycloak.models.ClientModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserModel; import org.keycloak.models.mongo.api.AbstractMongoIdentifiableEntity; @@ -201,9 +202,9 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo } @Override - public Set getApplicationScopeMappings(UserModel user) { + public Set getApplicationScopeMappings(ClientModel client) { Set result = new HashSet(); - List roles = MongoModelUtils.getAllScopesOfUser(user, invocationContext); + List roles = MongoModelUtils.getAllScopesOfUser(client.getAgent(), invocationContext); for (RoleEntity role : roles) { if (getId().equals(role.getApplicationId())) { @@ -247,4 +248,57 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo public AbstractMongoIdentifiableEntity getMongoEntity() { return application; } + + @Override + public Set getWebOrigins() { + Set result = new HashSet(); + if (application.getWebOrigins() != null) { + result.addAll(application.getWebOrigins()); + } + return result; + } + + @Override + public void setWebOrigins(Set webOrigins) { + List result = new ArrayList(); + result.addAll(webOrigins); + application.setWebOrigins(result); + } + + @Override + public void addWebOrigin(String webOrigin) { + getMongoStore().pushItemToList(application, "webOrigins", webOrigin, true, invocationContext); + } + + @Override + public void removeWebOrigin(String webOrigin) { + getMongoStore().pullItemFromList(application, "webOrigins", webOrigin, invocationContext); + } + + @Override + public Set getRedirectUris() { + Set result = new HashSet(); + if (application.getRedirectUris() != null) { + result.addAll(application.getRedirectUris()); + } + return result; + } + + @Override + public void setRedirectUris(Set redirectUris) { + List result = new ArrayList(); + result.addAll(redirectUris); + application.setRedirectUris(result); + } + + @Override + public void addRedirectUri(String redirectUri) { + getMongoStore().pushItemToList(application, "redirectUris", redirectUri, true, invocationContext); + } + + @Override + public void removeRedirectUri(String redirectUri) { + getMongoStore().pullItemFromList(application, "redirectUris", redirectUri, invocationContext); + } + } diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java index ea48f9154b..043249e285 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java @@ -7,6 +7,11 @@ import org.keycloak.models.mongo.api.context.MongoStoreInvocationContext; import org.keycloak.models.mongo.keycloak.entities.OAuthClientEntity; import org.keycloak.models.mongo.keycloak.entities.UserEntity; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + /** * @author Marek Posolda */ @@ -40,6 +45,16 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo delegate.setAllowedClaimsMask(mask); } + @Override + public boolean isEnabled() { + return getAgent().isEnabled(); + } + + @Override + public void setEnabled(boolean enabled) { + getAgent().setEnabled(enabled); + } + @Override public UserModel getAgent() { // This is not thread-safe. Assumption is that OAuthClientAdapter instance is per-client object @@ -54,4 +69,57 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo public AbstractMongoIdentifiableEntity getMongoEntity() { return delegate; } + + @Override + public Set getWebOrigins() { + Set result = new HashSet(); + if (delegate.getWebOrigins() != null) { + result.addAll(delegate.getWebOrigins()); + } + return result; + } + + @Override + public void setWebOrigins(Set webOrigins) { + List result = new ArrayList(); + result.addAll(webOrigins); + delegate.setWebOrigins(result); + } + + @Override + public void addWebOrigin(String webOrigin) { + getMongoStore().pushItemToList(delegate, "webOrigins", webOrigin, true, invocationContext); + } + + @Override + public void removeWebOrigin(String webOrigin) { + getMongoStore().pullItemFromList(delegate, "webOrigins", webOrigin, invocationContext); + } + + @Override + public Set getRedirectUris() { + Set result = new HashSet(); + if (delegate.getRedirectUris() != null) { + result.addAll(delegate.getRedirectUris()); + } + return result; + } + + @Override + public void setRedirectUris(Set redirectUris) { + List result = new ArrayList(); + result.addAll(redirectUris); + delegate.setRedirectUris(result); + } + + @Override + public void addRedirectUri(String redirectUri) { + getMongoStore().pushItemToList(delegate, "redirectUris", redirectUri, true, invocationContext); + } + + @Override + public void removeRedirectUri(String redirectUri) { + getMongoStore().pullItemFromList(delegate, "redirectUris", redirectUri, invocationContext); + } + } diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java index 7192a6f6a5..9466bb32f7 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java @@ -4,6 +4,7 @@ import com.mongodb.DBObject; import com.mongodb.QueryBuilder; import org.jboss.logging.Logger; import org.keycloak.models.ApplicationModel; +import org.keycloak.models.ClientModel; import org.keycloak.models.OAuthClientModel; import org.keycloak.models.PasswordPolicy; import org.keycloak.models.RealmModel; @@ -485,6 +486,14 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel { updateRealm(); } + @Override + public ClientModel findClient(String clientId) { + ClientModel model = getApplicationByName(clientId); + if (model != null) return model; + return getOAuthClient(clientId); + } + + @Override public ApplicationModel getApplicationById(String id) { ApplicationEntity appData = getMongoStore().loadEntity(ApplicationEntity.class, id, invocationContext); @@ -607,9 +616,9 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel { } @Override - public Set getScopeMappings(UserModel user) { + public Set getScopeMappings(ClientModel client) { Set result = new HashSet(); - List roles = MongoModelUtils.getAllScopesOfUser(user, invocationContext); + List roles = MongoModelUtils.getAllScopesOfUser(client.getAgent(), invocationContext); for (RoleEntity role : roles) { if (getId().equals(role.getRealmId())) { @@ -623,8 +632,8 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel { } @Override - public Set getRealmScopeMappings(UserModel user) { - Set allScopes = getScopeMappings(user); + public Set getRealmScopeMappings(ClientModel client) { + Set allScopes = getScopeMappings(client); // Filter to retrieve just realm roles TODO: Maybe improve to avoid filter programmatically... Maybe have separate fields for realmRoles and appRoles on user? Set realmRoles = new HashSet(); @@ -639,8 +648,8 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel { } @Override - public boolean hasScope(UserModel user, RoleModel role) { - Set roles = getScopeMappings(user); + public boolean hasScope(ClientModel client, RoleModel role) { + Set roles = getScopeMappings(client); if (roles.contains(role)) return true; for (RoleModel mapping : roles) { @@ -651,14 +660,14 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel { @Override - public void addScopeMapping(UserModel agent, RoleModel role) { - UserEntity userEntity = ((UserAdapter)agent).getUser(); + public void addScopeMapping(ClientModel client, RoleModel role) { + UserEntity userEntity = ((UserAdapter)client.getAgent()).getUser(); getMongoStore().pushItemToList(userEntity, "scopeIds", role.getId(), true, invocationContext); } @Override - public void deleteScopeMapping(UserModel user, RoleModel role) { - UserEntity userEntity = ((UserAdapter)user).getUser(); + public void deleteScopeMapping(ClientModel client, RoleModel role) { + UserEntity userEntity = ((UserAdapter)client.getAgent()).getUser(); getMongoStore().pullItemFromList(userEntity, "scopeIds", role.getId(), invocationContext); } diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java index 2276313122..8f22a7bffd 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java @@ -124,59 +124,6 @@ public class UserAdapter extends AbstractAdapter implements UserModel { return user; } - @Override - public Set getWebOrigins() { - Set result = new HashSet(); - if (user.getWebOrigins() != null) { - result.addAll(user.getWebOrigins()); - } - return result; - } - - @Override - public void setWebOrigins(Set webOrigins) { - List result = new ArrayList(); - result.addAll(webOrigins); - user.setWebOrigins(result); - updateUser(); - } - - @Override - public void addWebOrigin(String webOrigin) { - getMongoStore().pushItemToList(user, "webOrigins", webOrigin, true, invocationContext); - } - - @Override - public void removeWebOrigin(String webOrigin) { - getMongoStore().pullItemFromList(user, "webOrigins", webOrigin, invocationContext); - } - - @Override - public Set getRedirectUris() { - Set result = new HashSet(); - if (user.getRedirectUris() != null) { - result.addAll(user.getRedirectUris()); - } - return result; - } - - @Override - public void setRedirectUris(Set redirectUris) { - List result = new ArrayList(); - result.addAll(redirectUris); - user.setRedirectUris(result); - updateUser(); - } - - @Override - public void addRedirectUri(String redirectUri) { - getMongoStore().pushItemToList(user, "redirectUris", redirectUri, true, invocationContext); - } - - @Override - public void removeRedirectUri(String redirectUri) { - getMongoStore().pullItemFromList(user, "redirectUris", redirectUri, invocationContext); - } @Override public Set getRequiredActions() { diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java index 2a03171993..c279934a7b 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java @@ -26,6 +26,9 @@ public class ApplicationEntity extends AbstractMongoIdentifiableEntity implement private String resourceUserId; private String realmId; private long allowedClaimsMask; + private List webOrigins; + private List redirectUris; + // We are using names of defaultRoles (not ids) private List defaultRoles = new ArrayList(); @@ -84,6 +87,26 @@ public class ApplicationEntity extends AbstractMongoIdentifiableEntity implement this.resourceUserId = resourceUserId; } + @MongoField + public List getWebOrigins() { + return webOrigins; + } + + public void setWebOrigins(List webOrigins) { + this.webOrigins = webOrigins; + } + + @MongoField + public List getRedirectUris() { + return redirectUris; + } + + public void setRedirectUris(List redirectUris) { + this.redirectUris = redirectUris; + } + + + @MongoField public long getAllowedClaimsMask() { return allowedClaimsMask; diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java index 78c3687f7f..11583e144c 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java @@ -6,6 +6,8 @@ import org.keycloak.models.mongo.api.MongoEntity; import org.keycloak.models.mongo.api.MongoField; import org.keycloak.models.mongo.api.context.MongoStoreInvocationContext; +import java.util.List; + /** * @author Marek Posolda */ @@ -17,6 +19,8 @@ public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implement private String oauthAgentId; private String realmId; private long allowedClaimsMask; + private List webOrigins; + private List redirectUris; @MongoField public String getName() { @@ -54,6 +58,26 @@ public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implement this.allowedClaimsMask = allowedClaimsMask; } + @MongoField + public List getWebOrigins() { + return webOrigins; + } + + public void setWebOrigins(List webOrigins) { + this.webOrigins = webOrigins; + } + + @MongoField + public List getRedirectUris() { + return redirectUris; + } + + public void setRedirectUris(List redirectUris) { + this.redirectUris = redirectUris; + } + + + @Override public void afterRemove(MongoStoreInvocationContext context) { // Remove user of this oauthClient diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java index fdd69a2141..7cfa2f7c83 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java @@ -30,8 +30,6 @@ public class UserEntity extends AbstractMongoIdentifiableEntity implements Mongo private List scopeIds; private Map attributes; - private List webOrigins; - private List redirectUris; private List requiredActions; private List credentials = new ArrayList(); private List socialLinks; @@ -135,24 +133,6 @@ public class UserEntity extends AbstractMongoIdentifiableEntity implements Mongo this.attributes = attributes; } - @MongoField - public List getWebOrigins() { - return webOrigins; - } - - public void setWebOrigins(List webOrigins) { - this.webOrigins = webOrigins; - } - - @MongoField - public List getRedirectUris() { - return redirectUris; - } - - public void setRedirectUris(List redirectUris) { - this.redirectUris = redirectUris; - } - @MongoField public List getRequiredActions() { return requiredActions; diff --git a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java index eb119d547c..e1d860dfd0 100755 --- a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java @@ -184,10 +184,10 @@ public class AdapterTest extends AbstractModelTest { RoleModel appRole = app.addRole("test"); realmModel.grantRole(user, appRole); - realmModel.addScopeMapping(client.getAgent(), appRole); + realmModel.addScopeMapping(client, appRole); RoleModel realmRole = realmModel.addRole("test"); - realmModel.addScopeMapping(app.getAgent(), realmRole); + realmModel.addScopeMapping(app, realmRole); Assert.assertTrue(realmModel.removeApplication(app.getId())); Assert.assertFalse(realmModel.removeApplication(app.getId())); @@ -212,10 +212,10 @@ public class AdapterTest extends AbstractModelTest { RoleModel appRole = app.addRole("test"); realmModel.grantRole(user, appRole); - realmModel.addScopeMapping(client.getAgent(), appRole); + realmModel.addScopeMapping(client, appRole); RoleModel realmRole = realmModel.addRole("test"); - realmModel.addScopeMapping(app.getAgent(), realmRole); + realmModel.addScopeMapping(app, realmRole); Assert.assertTrue(identitySession.removeRealm(realmModel.getId())); Assert.assertFalse(identitySession.removeRealm(realmModel.getId())); @@ -235,10 +235,10 @@ public class AdapterTest extends AbstractModelTest { RoleModel appRole = app.addRole("test"); realmModel.grantRole(user, appRole); - realmModel.addScopeMapping(client.getAgent(), appRole); + realmModel.addScopeMapping(client, appRole); RoleModel realmRole = realmModel.addRole("test"); - realmModel.addScopeMapping(app.getAgent(), realmRole); + realmModel.addScopeMapping(app, realmRole); Assert.assertTrue(realmModel.removeRoleById(realmRole.getId())); Assert.assertFalse(realmModel.removeRoleById(realmRole.getId())); diff --git a/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java index 942aab901e..c314619948 100755 --- a/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java @@ -37,11 +37,11 @@ public class ApplicationModelTest extends AbstractModelTest { application.addDefaultRole("role-1"); application.addDefaultRole("role-2"); - application.getAgent().addRedirectUri("redirect-1"); - application.getAgent().addRedirectUri("redirect-2"); + application.addRedirectUri("redirect-1"); + application.addRedirectUri("redirect-2"); - application.getAgent().addWebOrigin("origin-1"); - application.getAgent().addWebOrigin("origin-2"); + application.addWebOrigin("origin-1"); + application.addWebOrigin("origin-2"); application.updateApplication(); } @@ -69,11 +69,8 @@ public class ApplicationModelTest extends AbstractModelTest { Assert.assertEquals(expected.getManagementUrl(), actual.getManagementUrl()); Assert.assertEquals(expected.getDefaultRoles(), actual.getDefaultRoles()); - UserModel auser = actual.getAgent(); - UserModel euser = expected.getAgent(); - - Assert.assertTrue(euser.getRedirectUris().containsAll(auser.getRedirectUris())); - Assert.assertTrue(euser.getWebOrigins().containsAll(auser.getWebOrigins())); + Assert.assertTrue(expected.getRedirectUris().containsAll(actual.getRedirectUris())); + Assert.assertTrue(expected.getWebOrigins().containsAll(actual.getWebOrigins())); } public static void assertEquals(List expected, List actual) { diff --git a/model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java index c0ec969328..2472ed0700 100755 --- a/model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java @@ -60,7 +60,7 @@ public class CompositeRolesModelTest extends AbstractModelTest { ApplicationModel application = realm.getApplicationByName(applicationName); Set roleMappings = realm.getRoleMappings(user); - Set scopeMappings = realm.getScopeMappings(application.getAgent()); + Set scopeMappings = realm.getScopeMappings(application); Set appRoles = application.getRoles(); if (appRoles != null) scopeMappings.addAll(appRoles); diff --git a/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java b/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java index ba30206ab6..728eaef58c 100755 --- a/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java @@ -6,6 +6,7 @@ import org.junit.Test; import org.junit.runners.MethodSorters; import org.keycloak.models.AccountRoles; import org.keycloak.models.ApplicationModel; +import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.RealmModel; import org.keycloak.models.RequiredCredentialModel; @@ -47,8 +48,6 @@ public class ImportTest extends AbstractModelTest { UserModel user = realm.getUser("loginclient"); Assert.assertNotNull(user); - Set scopes = realm.getRealmScopeMappings(user); - Assert.assertEquals(0, scopes.size()); Assert.assertEquals(0, realm.getSocialLinks(user).size()); List resources = realm.getApplications(); @@ -103,7 +102,7 @@ public class ImportTest extends AbstractModelTest { // Test scope relationship - UserModel oauthClient = realm.getUser("oauthclient"); + ClientModel oauthClient = realm.findClient("oauthclient"); Assert.assertNotNull(oauthClient); Set allScopes = realm.getScopeMappings(oauthClient); Assert.assertEquals(2, allScopes.size()); diff --git a/model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java index 12b463505a..5bc94d2035 100755 --- a/model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java @@ -2,6 +2,8 @@ package org.keycloak.model.test; import org.junit.Assert; import org.junit.Test; +import org.keycloak.models.ApplicationModel; +import org.keycloak.models.ClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserModel.RequiredAction; @@ -19,15 +21,9 @@ public class UserModelTest extends AbstractModelTest { user.setLastName("last-name"); user.setEmail("email"); - user.addRedirectUri("redirect-1"); - user.addRedirectUri("redirect-2"); - user.addRequiredAction(RequiredAction.CONFIGURE_TOTP); user.addRequiredAction(RequiredAction.UPDATE_PASSWORD); - user.addWebOrigin("origin-1"); - user.addWebOrigin("origin-2"); - UserModel persisted = realmManager.getRealm(realm.getId()).getUser("user"); assertEquals(user, persisted); @@ -39,21 +35,38 @@ public class UserModelTest extends AbstractModelTest { @Test public void webOriginSetTest() { RealmModel realm = realmManager.createRealm("original"); - UserModel user = realm.addUser("user"); + ClientModel client = realm.addApplication("user"); - Assert.assertTrue(user.getWebOrigins().isEmpty()); + Assert.assertTrue(client.getWebOrigins().isEmpty()); - user.addWebOrigin("origin-1"); - Assert.assertEquals(1, user.getWebOrigins().size()); + client.addWebOrigin("origin-1"); + Assert.assertEquals(1, client.getWebOrigins().size()); - user.addWebOrigin("origin-2"); - Assert.assertEquals(2, user.getWebOrigins().size()); + client.addWebOrigin("origin-2"); + Assert.assertEquals(2, client.getWebOrigins().size()); - user.removeWebOrigin("origin-2"); - Assert.assertEquals(1, user.getWebOrigins().size()); + client.removeWebOrigin("origin-2"); + Assert.assertEquals(1, client.getWebOrigins().size()); + + client.removeWebOrigin("origin-1"); + Assert.assertTrue(client.getWebOrigins().isEmpty()); + + client = realm.addOAuthClient("oauthclient2"); + + Assert.assertTrue(client.getWebOrigins().isEmpty()); + + client.addWebOrigin("origin-1"); + Assert.assertEquals(1, client.getWebOrigins().size()); + + client.addWebOrigin("origin-2"); + Assert.assertEquals(2, client.getWebOrigins().size()); + + client.removeWebOrigin("origin-2"); + Assert.assertEquals(1, client.getWebOrigins().size()); + + client.removeWebOrigin("origin-1"); + Assert.assertTrue(client.getWebOrigins().isEmpty()); - user.removeWebOrigin("origin-1"); - Assert.assertTrue(user.getWebOrigins().isEmpty()); } @Test @@ -101,9 +114,7 @@ public class UserModelTest extends AbstractModelTest { Assert.assertEquals(expected.getLoginName(), actual.getLoginName()); Assert.assertEquals(expected.getFirstName(), actual.getFirstName()); Assert.assertEquals(expected.getLastName(), actual.getLastName()); - Assert.assertArrayEquals(expected.getRedirectUris().toArray(), actual.getRedirectUris().toArray()); Assert.assertArrayEquals(expected.getRequiredActions().toArray(), actual.getRequiredActions().toArray()); - Assert.assertArrayEquals(expected.getWebOrigins().toArray(), actual.getWebOrigins().toArray()); } } diff --git a/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java b/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java index a94cb1b268..79da6b7e8d 100755 --- a/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java +++ b/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java @@ -1,5 +1,6 @@ package org.keycloak.services.managers; +import org.keycloak.models.ClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserModel; @@ -29,7 +30,7 @@ public class AccessCodeEntry { protected AccessToken token; protected UserModel user; protected Set requiredActions; - protected UserModel client; + protected ClientModel client; protected List realmRolesRequested = new ArrayList(); MultivaluedMap resourceRolesRequested = new MultivaluedHashMap(); @@ -73,11 +74,11 @@ public class AccessCodeEntry { this.token = token; } - public UserModel getClient() { + public ClientModel getClient() { return client; } - public void setClient(UserModel client) { + public void setClient(ClientModel client) { this.client = client; } diff --git a/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java b/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java old mode 100644 new mode 100755 index 9aea2f38cd..2011541a72 --- a/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java @@ -9,6 +9,7 @@ import org.keycloak.jose.jws.JWSBuilder; import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.crypto.RSAProvider; import org.keycloak.models.ApplicationModel; +import org.keycloak.models.ClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.representations.AccessToken; @@ -66,7 +67,7 @@ public class AppAuthManager extends AuthenticationManager { throw new BadRequestException(); } - if (!client.getLoginName().equals(accessCode.getClient().getLoginName())) { + if (!client.getLoginName().equals(accessCode.getClient().getAgent().getLoginName())) { logger.debug("bad client"); throw new BadRequestException(); } @@ -74,7 +75,7 @@ public class AppAuthManager extends AuthenticationManager { return createLoginCookie(realm, accessCode.getUser(), accessCode.getClient(), cookieName, uri.getRawPath(), false); } - public NewCookie createRefreshCookie(RealmModel realm, UserModel user, UserModel client, URI uri) { + public NewCookie createRefreshCookie(RealmModel realm, UserModel user, ClientModel client, URI uri) { return createLoginCookie(realm, user, client, cookieName, uri.getRawPath(), false); } @@ -117,9 +118,9 @@ public class AppAuthManager extends AuthenticationManager { return null; } - UserModel client = null; + ClientModel client = null; if (token.getIssuedFor() != null) { - client = realm.getUser(token.getIssuedFor()); + client = realm.findClient(token.getIssuedFor()); if (client == null || !client.isEnabled()) { logger.info("Unknown client in cookie"); expireCookie(cookie.getName(), cookie.getPath()); @@ -158,9 +159,9 @@ public class AppAuthManager extends AuthenticationManager { throw new NotAuthorizedException("invalid_user"); } - UserModel client = null; + ClientModel client = null; if (token.getIssuedFor() != null) { - client = realm.getUser(token.getIssuedFor()); + client = realm.findClient(token.getIssuedFor()); if (client == null || !client.isEnabled()) { throw new NotAuthorizedException("invalid_user"); } diff --git a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java index 3bbd8e49f9..746b4d5591 100755 --- a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java @@ -5,6 +5,7 @@ import org.codehaus.jackson.annotate.JsonPropertyOrder; import org.jboss.resteasy.logging.Logger; import org.keycloak.models.ApplicationModel; import org.keycloak.models.ClaimMask; +import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; @@ -73,13 +74,13 @@ public class ApplicationManager { if (resourceRep.getRedirectUris() != null) { for (String redirectUri : resourceRep.getRedirectUris()) { - resourceUser.addRedirectUri(redirectUri); + applicationModel.addRedirectUri(redirectUri); } } if (resourceRep.getWebOrigins() != null) { for (String webOrigin : resourceRep.getWebOrigins()) { logger.debug("Application: {0} webOrigin: {1}", resourceUser.getLoginName(), webOrigin); - resourceUser.addWebOrigin(webOrigin); + applicationModel.addWebOrigin(webOrigin); } } @@ -117,13 +118,13 @@ public class ApplicationManager { public void createScopeMappings(RealmModel realm, ApplicationModel applicationModel, List mappings) { for (ScopeMappingRepresentation mapping : mappings) { - UserModel user = realm.getUser(mapping.getUsername()); for (String roleString : mapping.getRoles()) { RoleModel role = applicationModel.getRole(roleString.trim()); if (role == null) { role = applicationModel.addRole(roleString.trim()); } - realm.addScopeMapping(user, role); + ClientModel client = realm.findClient(mapping.getUsername()); + realm.addScopeMapping(client, role); } } } @@ -162,12 +163,12 @@ public class ApplicationManager { List redirectUris = rep.getRedirectUris(); if (redirectUris != null) { - resource.getAgent().setRedirectUris(new HashSet(redirectUris)); + resource.setRedirectUris(new HashSet(redirectUris)); } List webOrigins = rep.getWebOrigins(); if (webOrigins != null) { - resource.getAgent().setWebOrigins(new HashSet(webOrigins)); + resource.setWebOrigins(new HashSet(webOrigins)); } if (rep.getClaims() != null) { @@ -184,12 +185,12 @@ public class ApplicationManager { rep.setSurrogateAuthRequired(applicationModel.isSurrogateAuthRequired()); rep.setBaseUrl(applicationModel.getBaseUrl()); - Set redirectUris = applicationModel.getAgent().getRedirectUris(); + Set redirectUris = applicationModel.getRedirectUris(); if (redirectUris != null) { rep.setRedirectUris(new LinkedList(redirectUris)); } - Set webOrigins = applicationModel.getAgent().getWebOrigins(); + Set webOrigins = applicationModel.getWebOrigins(); if (webOrigins != null) { rep.setWebOrigins(new LinkedList(webOrigins)); } diff --git a/services/src/main/java/org/keycloak/services/managers/Auth.java b/services/src/main/java/org/keycloak/services/managers/Auth.java old mode 100644 new mode 100755 index 6bc86288d6..0718a61205 --- a/services/src/main/java/org/keycloak/services/managers/Auth.java +++ b/services/src/main/java/org/keycloak/services/managers/Auth.java @@ -1,5 +1,6 @@ package org.keycloak.services.managers; +import org.keycloak.models.ClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.representations.AccessToken; @@ -13,9 +14,9 @@ public class Auth { private final RealmModel realm; private final AccessToken token; private final UserModel user; - private final UserModel client; + private final ClientModel client; - public Auth(RealmModel realm, UserModel user, UserModel client) { + public Auth(RealmModel realm, UserModel user, ClientModel client) { this.cookie = true; this.realm = realm; this.token = null; @@ -24,7 +25,7 @@ public class Auth { this.client = client; } - public Auth(AccessToken token, UserModel user, UserModel client) { + public Auth(AccessToken token, UserModel user, ClientModel client) { this.cookie = false; this.token = token; this.realm = null; @@ -45,7 +46,7 @@ public class Auth { return user; } - public UserModel getClient() { + public ClientModel getClient() { return client; } diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index 90ab901895..94bf390b8d 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -6,6 +6,7 @@ import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.RSATokenVerifier; import org.keycloak.VerificationException; import org.keycloak.jose.jws.JWSBuilder; +import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.RealmModel; import org.keycloak.models.RequiredCredentialModel; @@ -56,10 +57,10 @@ public class AuthenticationManager { return createLoginCookie(realm, user, null, cookieName, cookiePath, rememberMe); } - protected NewCookie createLoginCookie(RealmModel realm, UserModel user, UserModel client, String cookieName, String cookiePath, boolean rememberMe) { + protected NewCookie createLoginCookie(RealmModel realm, UserModel user, ClientModel client, String cookieName, String cookiePath, boolean rememberMe) { AccessToken identityToken = createIdentityToken(realm, user); if (client != null) { - identityToken.issuedFor(client.getLoginName()); + identityToken.issuedFor(client.getAgent().getLoginName()); } String encoded = encodeToken(realm, identityToken); boolean secureOnly = !realm.isSslNotRequired(); diff --git a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java index 500bbadec1..cbdbf81d35 100755 --- a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java +++ b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java @@ -72,12 +72,12 @@ public class OAuthClientManager { model.getAgent().setEnabled(rep.isEnabled()); List redirectUris = rep.getRedirectUris(); if (redirectUris != null) { - model.getAgent().setRedirectUris(new HashSet(redirectUris)); + model.setRedirectUris(new HashSet(redirectUris)); } List webOrigins = rep.getWebOrigins(); if (webOrigins != null) { - model.getAgent().setWebOrigins(new HashSet(webOrigins)); + model.setWebOrigins(new HashSet(webOrigins)); } if (rep.getClaims() != null) { @@ -90,12 +90,12 @@ public class OAuthClientManager { rep.setId(model.getId()); rep.setName(model.getAgent().getLoginName()); rep.setEnabled(model.getAgent().isEnabled()); - Set redirectUris = model.getAgent().getRedirectUris(); + Set redirectUris = model.getRedirectUris(); if (redirectUris != null) { rep.setRedirectUris(new LinkedList(redirectUris)); } - Set webOrigins = model.getAgent().getWebOrigins(); + Set webOrigins = model.getWebOrigins(); if (webOrigins != null) { rep.setWebOrigins(new LinkedList(webOrigins)); } diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index 0ee5c389aa..632504ad96 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -4,6 +4,7 @@ import org.jboss.resteasy.logging.Logger; import org.keycloak.models.AccountRoles; import org.keycloak.models.AdminRoles; import org.keycloak.models.ApplicationModel; +import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; import org.keycloak.models.OAuthClientModel; @@ -361,7 +362,8 @@ public class RealmManager { role = newRealm.addRole(roleString.trim()); } UserModel user = userMap.get(scope.getUsername()); - newRealm.addScopeMapping(user, role); + ClientModel client = newRealm.findClient(user.getLoginName()); + newRealm.addScopeMapping(client, role); } } diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java index 93b7c5daae..9aae471f97 100755 --- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java +++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java @@ -87,13 +87,13 @@ public class TokenManager { - public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) { + public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, ClientModel client, UserModel user) { AccessCodeEntry code = createAccessCodeEntry(scopeParam, state, redirect, realm, client, user); accessCodeMap.put(code.getId(), code); return code; } - private AccessCodeEntry createAccessCodeEntry(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) { + private AccessCodeEntry createAccessCodeEntry(String scopeParam, String state, String redirect, RealmModel realm, ClientModel client, UserModel user) { AccessCodeEntry code = new AccessCodeEntry(); List realmRolesRequested = code.getRealmRolesRequested(); MultivaluedMap resourceRolesRequested = code.getResourceRolesRequested(); @@ -117,7 +117,7 @@ public class TokenManager { return code; } - public AccessToken refreshAccessToken(RealmModel realm, UserModel client, String encodedRefreshToken) throws OAuthErrorException { + public AccessToken refreshAccessToken(RealmModel realm, ClientModel client, String encodedRefreshToken) throws OAuthErrorException { JWSInput jws = new JWSInput(encodedRefreshToken); RefreshToken refreshToken = null; try { @@ -142,7 +142,7 @@ public class TokenManager { } - ApplicationModel clientApp = realm.getApplicationByName(client.getLoginName()); + ApplicationModel clientApp = (client instanceof ApplicationModel) ? (ApplicationModel)client : null; if (refreshToken.getRealmAccess() != null) { @@ -180,15 +180,14 @@ public class TokenManager { } } - ClientModel claimRequesterModel = getClaimRequester(realm, client); - AccessToken accessToken = initToken(realm, claimRequesterModel, client, user); + AccessToken accessToken = initToken(realm, client, user); accessToken.setRealmAccess(refreshToken.getRealmAccess()); accessToken.setResourceAccess(refreshToken.getResourceAccess()); return accessToken; } - public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, UserModel client, UserModel user) { + public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, ClientModel client, UserModel user) { return createClientAccessToken(scopeParam, realm, client, user, new LinkedList(), new MultivaluedHashMap()); } @@ -199,15 +198,14 @@ public class TokenManager { } - public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, UserModel client, UserModel user, List realmRolesRequested, MultivaluedMap resourceRolesRequested) { + public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, ClientModel client, UserModel user, List realmRolesRequested, MultivaluedMap resourceRolesRequested) { AccessScope scopeMap = null; if (scopeParam != null) scopeMap = decodeScope(scopeParam); Set roleMappings = realm.getRoleMappings(user); Set scopeMappings = realm.getScopeMappings(client); - ClientModel claimRequesterModel = getClaimRequester(realm, client); - ApplicationModel clientApp = realm.getApplicationByName(client.getLoginName()); + ApplicationModel clientApp = (client instanceof ApplicationModel) ? (ApplicationModel)client : null; Set clientAppRoles = clientApp == null ? null : clientApp.getRoles(); if (clientAppRoles != null) scopeMappings.addAll(clientAppRoles); @@ -233,7 +231,7 @@ public class TokenManager { } } - AccessToken token = initToken(realm, claimRequesterModel, client, user); + AccessToken token = initToken(realm, client, user); if (realmRolesRequested.size() > 0) { for (RoleModel role : realmRolesRequested) { @@ -286,13 +284,13 @@ public class TokenManager { - protected AccessToken initToken(RealmModel realm, ClientModel claimer, UserModel client, UserModel user) { + protected AccessToken initToken(RealmModel realm, ClientModel client, UserModel user) { AccessToken token = new AccessToken(); token.id(KeycloakModelUtils.generateId()); token.subject(user.getId()); token.audience(realm.getName()); token.issuedNow(); - token.issuedFor(client.getLoginName()); + token.issuedFor(client.getAgent().getLoginName()); token.issuer(realm.getName()); if (realm.getAccessTokenLifespan() > 0) { token.expiration((System.currentTimeMillis() / 1000) + realm.getAccessTokenLifespan()); @@ -301,7 +299,7 @@ public class TokenManager { if (allowedOrigins != null) { token.setAllowedOrigins(allowedOrigins); } - initClaims(token, claimer, user); + initClaims(token, client, user); return token; } @@ -385,7 +383,7 @@ public class TokenManager { return this; } - public AccessTokenResponseBuilder generateAccessToken(String scopeParam, UserModel client, UserModel user) { + public AccessTokenResponseBuilder generateAccessToken(String scopeParam, ClientModel client, UserModel user) { accessToken = createClientAccessToken(scopeParam, realm, client, user); return this; } diff --git a/services/src/main/java/org/keycloak/services/resources/Cors.java b/services/src/main/java/org/keycloak/services/resources/Cors.java index 42c34d1896..30f62946e3 100755 --- a/services/src/main/java/org/keycloak/services/resources/Cors.java +++ b/services/src/main/java/org/keycloak/services/resources/Cors.java @@ -7,6 +7,7 @@ import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.ResponseBuilder; import org.jboss.resteasy.spi.HttpRequest; +import org.keycloak.models.ClientModel; import org.keycloak.models.UserModel; /** @@ -52,7 +53,7 @@ public class Cors { return this; } - public Cors allowedOrigins(UserModel client) { + public Cors allowedOrigins(ClientModel client) { if (client != null) { allowedOrigins = client.getWebOrigins(); } diff --git a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java index 2d6268ce80..b8eb4dba5a 100755 --- a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java +++ b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java @@ -26,6 +26,7 @@ import org.jboss.resteasy.spi.HttpRequest; import org.keycloak.login.LoginForms; import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.crypto.RSAProvider; +import org.keycloak.models.ClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserModel; @@ -244,7 +245,7 @@ public class RequiredActionsService { String redirect = uriInfo.getQueryParameters().getFirst("redirect_uri"); String clientId = uriInfo.getQueryParameters().getFirst("client_id"); - UserModel client = realm.getUser(clientId); + ClientModel client = realm.findClient(clientId); if (client == null) { return Flows.oauth(realm, request, uriInfo, authManager, tokenManager).forwardToSecurityFailure( "Unknown login requester."); diff --git a/services/src/main/java/org/keycloak/services/resources/SocialResource.java b/services/src/main/java/org/keycloak/services/resources/SocialResource.java index 1d0f0b59a5..eae0ba4614 100755 --- a/services/src/main/java/org/keycloak/services/resources/SocialResource.java +++ b/services/src/main/java/org/keycloak/services/resources/SocialResource.java @@ -24,6 +24,7 @@ package org.keycloak.services.resources; import org.jboss.resteasy.logging.Logger; import org.jboss.resteasy.spi.HttpRequest; import org.jboss.resteasy.spi.HttpResponse; +import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.SocialLinkModel; @@ -117,7 +118,7 @@ public class SocialResource { String clientId = requestData.getClientAttributes().get("clientId"); - UserModel client = realm.getUser(clientId); + ClientModel client = realm.findClient(clientId); if (client == null) { return oauth.forwardToSecurityFailure("Unknown login requester."); } @@ -192,7 +193,7 @@ public class SocialResource { SocialProviderConfig config = new SocialProviderConfig(key, secret, callbackUri); - UserModel client = realm.getUser(clientId); + ClientModel client = realm.findClient(clientId); if (client == null) { logger.warn("Unknown login requester: " + clientId); return Flows.forms(realm, request, uriInfo).setError("Unknown login requester.").createErrorPage(); diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java index ba6ce97a19..082c015cf9 100755 --- a/services/src/main/java/org/keycloak/services/resources/TokenService.java +++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java @@ -8,6 +8,7 @@ import org.keycloak.OAuthErrorException; import org.keycloak.jose.jws.JWSBuilder; import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.crypto.RSAProvider; +import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakTransaction; @@ -137,7 +138,7 @@ public class TokenService { throw new NotAcceptableException("HTTPS required"); } - UserModel client = authorizeClient(authorizationHeader); + ClientModel client = authorizeClient(authorizationHeader); String username = form.getFirst(AuthenticationManager.FORM_USERNAME); @@ -176,7 +177,7 @@ public class TokenService { throw new NotAcceptableException("HTTPS required"); } - UserModel client = authorizeClient(authorizationHeader); + ClientModel client = authorizeClient(authorizationHeader); String refreshToken = form.getFirst("refresh_token"); AccessToken accessToken = null; try { @@ -211,7 +212,7 @@ public class TokenService { if (!realm.isEnabled()) { return oauth.forwardToSecurityFailure("Realm not enabled."); } - UserModel client = realm.getUser(clientId); + ClientModel client = realm.findClient(clientId); if (client == null) { return oauth.forwardToSecurityFailure("Unknown login requester."); } @@ -282,7 +283,7 @@ public class TokenService { logger.warn("Realm not enabled"); return oauth.forwardToSecurityFailure("Realm not enabled"); } - UserModel client = realm.getUser(clientId); + ClientModel client = realm.findClient(clientId); if (client == null) { logger.warn("Unknown login requester."); return oauth.forwardToSecurityFailure("Unknown login requester."); @@ -355,7 +356,7 @@ public class TokenService { throw new NotAuthorizedException("Realm not enabled"); } - UserModel client = authorizeClient(authorizationHeader); + ClientModel client = authorizeClient(authorizationHeader); String code = formData.getFirst("code"); if (code == null) { @@ -403,7 +404,7 @@ public class TokenService { return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res) .build(); } - if (!client.getLoginName().equals(accessCode.getClient().getLoginName())) { + if (!client.getAgent().getLoginName().equals(accessCode.getClient().getAgent().getLoginName())) { Map res = new HashMap(); res.put("error", "invalid_grant"); res.put("error_description", "Auth error"); @@ -419,7 +420,7 @@ public class TokenService { return Cors.add(request, Response.ok(res)).allowedOrigins(client).allowedMethods("POST").build(); } - protected UserModel authorizeClient(String authorizationHeader) { + protected ClientModel authorizeClient(String authorizationHeader) { if (authorizationHeader == null) { throw new NotAuthorizedException("No Authorization header to authenticate client", "Basic realm=\"" + realm.getName() + "\""); } @@ -431,7 +432,7 @@ public class TokenService { String client_id = usernameSecret[0]; String clientSecret = usernameSecret[1]; - UserModel client = realm.getUser(client_id); + ClientModel client = realm.findClient(client_id); if (client == null) { Map error = new HashMap(); error.put("error", "invalid_client"); @@ -446,7 +447,7 @@ public class TokenService { throw new BadRequestException("Client is not enabled", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build()); } - if (!realm.validateSecret(client, clientSecret)) { + if (!realm.validateSecret(client.getAgent(), clientSecret)) { Map error = new HashMap(); error.put("error", "unauthorized_client"); throw new BadRequestException("Unauthorized Client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build()); @@ -470,7 +471,7 @@ public class TokenService { logger.warn("Realm not enabled"); return oauth.forwardToSecurityFailure("Realm not enabled"); } - UserModel client = realm.getUser(clientId); + ClientModel client = realm.findClient(clientId); if (client == null) { logger.warn("Unknown login requester: " + clientId); return oauth.forwardToSecurityFailure("Unknown login requester."); @@ -488,8 +489,8 @@ public class TokenService { logger.info("Checking roles..."); RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE); RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE); - boolean isResource = realm.hasRole(client, resourceRole); - if (!isResource && !realm.hasRole(client, identityRequestRole)) { + boolean isResource = realm.hasRole(client.getAgent(), resourceRole); + if (!isResource && !realm.hasRole(client.getAgent(), identityRequestRole)) { logger.warn("Login requester not allowed to request login."); return oauth.forwardToSecurityFailure("Login requester not allowed to request login."); } @@ -523,7 +524,7 @@ public class TokenService { logger.warn("Realm not enabled"); return oauth.forwardToSecurityFailure("Realm not enabled"); } - UserModel client = realm.getUser(clientId); + ClientModel client = realm.findClient(clientId); if (client == null) { logger.warn("Unknown login requester."); return oauth.forwardToSecurityFailure("Unknown login requester."); @@ -615,7 +616,7 @@ public class TokenService { return location.build(); } - public static String verifyRedirectUri(String redirectUri, UserModel client) { + public static String verifyRedirectUri(String redirectUri, ClientModel client) { if (redirectUri == null) { return client.getRedirectUris().size() == 1 ? client.getRedirectUris().iterator().next() : null; } else if (client.getRedirectUris().isEmpty()) { diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java index 30270e5db9..0e28083380 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java @@ -145,7 +145,7 @@ public class ApplicationResource { @Path("scope-mappings") public ScopeMappedResource getScopeMappedResource() { - return new ScopeMappedResource(realm, auth, application.getAgent(), session); + return new ScopeMappedResource(realm, auth, application, session); } @Path("roles") @@ -160,7 +160,7 @@ public class ApplicationResource { { auth.requireView(); - return application.getAgent().getWebOrigins(); + return application.getWebOrigins(); } @Path("allowed-origins") @@ -170,7 +170,7 @@ public class ApplicationResource { { auth.requireManage(); - application.getAgent().setWebOrigins(allowedOrigins); + application.setWebOrigins(allowedOrigins); } @Path("allowed-origins") @@ -181,7 +181,7 @@ public class ApplicationResource { auth.requireManage(); for (String origin : allowedOrigins) { - application.getAgent().removeWebOrigin(origin); + application.removeWebOrigin(origin); } } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java index cbd6018f86..5053860744 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java @@ -131,7 +131,7 @@ public class OAuthClientResource { @Path("scope-mappings") public ScopeMappedResource getScopeMappedResource() { - return new ScopeMappedResource(realm, auth, oauthClient.getAgent(), session); + return new ScopeMappedResource(realm, auth, oauthClient, session); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java index c5e8662c39..c6f9b03ff9 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java @@ -2,6 +2,7 @@ package org.keycloak.services.resources.admin; import org.jboss.resteasy.annotations.cache.NoCache; import org.keycloak.models.ApplicationModel; +import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; @@ -33,13 +34,13 @@ import java.util.Set; public class ScopeMappedResource { protected RealmModel realm; private RealmAuth auth; - protected UserModel agent; + protected ClientModel client; protected KeycloakSession session; - public ScopeMappedResource(RealmModel realm, RealmAuth auth, UserModel account, KeycloakSession session) { + public ScopeMappedResource(RealmModel realm, RealmAuth auth, ClientModel client, KeycloakSession session) { this.realm = realm; this.auth = auth; - this.agent = account; + this.client = client; this.session = session; } @@ -50,7 +51,7 @@ public class ScopeMappedResource { auth.requireView(); MappingsRepresentation all = new MappingsRepresentation(); - Set realmMappings = realm.getRealmScopeMappings(agent); + Set realmMappings = realm.getRealmScopeMappings(client); RealmManager manager = new RealmManager(session); if (realmMappings.size() > 0) { List realmRep = new ArrayList(); @@ -64,7 +65,7 @@ public class ScopeMappedResource { if (applications.size() > 0) { Map appMappings = new HashMap(); for (ApplicationModel app : applications) { - Set roleMappings = app.getApplicationScopeMappings(agent); + Set roleMappings = app.getApplicationScopeMappings(client); if (roleMappings.size() > 0) { ApplicationMappingsRepresentation mappings = new ApplicationMappingsRepresentation(); mappings.setApplicationId(app.getId()); @@ -89,7 +90,7 @@ public class ScopeMappedResource { public List getRealmScopeMappings() { auth.requireView(); - Set realmMappings = realm.getRealmScopeMappings(agent); + Set realmMappings = realm.getRealmScopeMappings(client); List realmMappingsRep = new ArrayList(); RealmManager manager = new RealmManager(session); for (RoleModel roleModel : realmMappings) { @@ -109,7 +110,7 @@ public class ScopeMappedResource { if (roleModel == null) { throw new NotFoundException(); } - realm.addScopeMapping(agent, roleModel); + realm.addScopeMapping(client, roleModel); } @@ -122,9 +123,9 @@ public class ScopeMappedResource { auth.requireManage(); if (roles == null) { - Set roleModels = realm.getRealmScopeMappings(agent); + Set roleModels = realm.getRealmScopeMappings(client); for (RoleModel roleModel : roleModels) { - realm.deleteScopeMapping(agent, roleModel); + realm.deleteScopeMapping(client, roleModel); } } else { @@ -133,7 +134,7 @@ public class ScopeMappedResource { if (roleModel == null) { throw new NotFoundException(); } - realm.deleteScopeMapping(agent, roleModel); + realm.deleteScopeMapping(client, roleModel); } } } @@ -151,7 +152,7 @@ public class ScopeMappedResource { throw new NotFoundException(); } - Set mappings = app.getApplicationScopeMappings(agent); + Set mappings = app.getApplicationScopeMappings(client); List mapRep = new ArrayList(); for (RoleModel roleModel : mappings) { mapRep.add(ModelToRepresentation.toRepresentation(roleModel)); @@ -176,7 +177,7 @@ public class ScopeMappedResource { if (roleModel == null) { throw new NotFoundException(); } - realm.addScopeMapping(agent, roleModel); + realm.addScopeMapping(client, roleModel); } } @@ -194,9 +195,9 @@ public class ScopeMappedResource { } if (roles == null) { - Set roleModels = app.getApplicationScopeMappings(agent); + Set roleModels = app.getApplicationScopeMappings(client); for (RoleModel roleModel : roleModels) { - realm.deleteScopeMapping(agent, roleModel); + realm.deleteScopeMapping(client, roleModel); } } else { @@ -205,7 +206,7 @@ public class ScopeMappedResource { if (roleModel == null) { throw new NotFoundException(); } - realm.deleteScopeMapping(agent, roleModel); + realm.deleteScopeMapping(client, roleModel); } } } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java index 212c6b6510..dba0217a0b 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java @@ -3,6 +3,7 @@ package org.keycloak.services.resources.admin; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.logging.Logger; import org.keycloak.models.ApplicationModel; +import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -467,7 +468,7 @@ public class UsersResource { String state = null; String scope = null; - UserModel client = realm.getUser(clientId); + ClientModel client = realm.findClient(clientId); if (client == null || !client.isEnabled()) { return Flows.errors().error("Account management not enabled", Response.Status.INTERNAL_SERVER_ERROR); } diff --git a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java index f523fcc72a..2b741ab555 100755 --- a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java +++ b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java @@ -23,6 +23,7 @@ package org.keycloak.services.resources.flows; import org.jboss.resteasy.logging.Logger; import org.jboss.resteasy.spi.HttpRequest; +import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.OAuthClientModel; import org.keycloak.models.RealmModel; @@ -88,7 +89,7 @@ public class OAuthFlows { return location.build(); } - public Response redirectError(UserModel client, String error, String state, String redirect) { + public Response redirectError(ClientModel client, String error, String state, String redirect) { UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam("error", error); if (state != null) { redirectUri.queryParam("state", state); @@ -97,19 +98,19 @@ public class OAuthFlows { return Response.status(302).location(redirectUri.build()).build(); } - public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) { + public Response processAccessCode(String scopeParam, String state, String redirect, ClientModel client, UserModel user) { return processAccessCode(scopeParam, state, redirect, client, user, false); } - public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user, boolean rememberMe) { + public Response processAccessCode(String scopeParam, String state, String redirect, ClientModel client, UserModel user, boolean rememberMe) { isTotpConfigurationRequired(user); isEmailVerificationRequired(user); RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE); RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE); - boolean isResource = realm.hasRole(client, resourceRole); - if (!isResource && !realm.hasRole(client, identityRequestRole)) { + boolean isResource = realm.hasRole(client.getAgent(), resourceRole); + if (!isResource && !realm.hasRole(client.getAgent(), identityRequestRole)) { return forwardToSecurityFailure("Login requester not allowed to request login."); } AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user); @@ -128,7 +129,7 @@ public class OAuthFlows { if (!isResource && (accessCode.getRealmRolesRequested().size() > 0 || accessCode.getResourceRolesRequested().size() > 0)) { - OAuthClientModel oauthClient = realm.getOAuthClient(client.getLoginName()); + OAuthClientModel oauthClient = realm.getOAuthClient(client.getAgent().getLoginName()); accessCode.setExpiration(System.currentTimeMillis() / 1000 + realm.getAccessCodeLifespanUserAction()); return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode.getId(), accessCode.getCode()). setAccessRequest(accessCode.getRealmRolesRequested(), accessCode.getResourceRolesRequested()). diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java index 044d72faea..95e9e9b6d3 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java @@ -12,6 +12,7 @@ import org.junit.Rule; import org.junit.Test; import org.keycloak.models.AccountRoles; import org.keycloak.models.ApplicationModel; +import org.keycloak.models.ClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserModel; @@ -65,11 +66,11 @@ public class ProfileTest { appRealm.updateCredential(user2, creds); ApplicationModel app = appRealm.getApplicationNameMap().get("test-app"); - appRealm.addScopeMapping(app.getAgent(), accountApp.getRole(AccountRoles.VIEW_PROFILE)); + appRealm.addScopeMapping(app, accountApp.getRole(AccountRoles.VIEW_PROFILE)); - app.getAgent().addWebOrigin("http://localtest.me:8081"); + app.addWebOrigin("http://localtest.me:8081"); - UserModel thirdParty = appRealm.getUser("third-party"); + ClientModel thirdParty = appRealm.findClient("third-party"); appRealm.addScopeMapping(thirdParty, accountApp.getRole(AccountRoles.VIEW_PROFILE)); } }); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java index cf7765ee4c..620ecadfbc 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java @@ -82,8 +82,7 @@ public class AuthorizationCodeTest { public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { for (ApplicationModel app : appRealm.getApplications()) { if (app.getName().equals("test-app")) { - UserModel client = app.getAgent(); - client.addRedirectUri(oauth.getRedirectUri()); + app.addRedirectUri(oauth.getRedirectUri()); } } } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java index 8e973c117b..55f66fc723 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java @@ -48,7 +48,7 @@ public class OAuthRedirectUriTest { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { ApplicationModel app = appRealm.getApplicationNameMap().get("test-app"); - app.getAgent().addRedirectUri("http://localhost:8081/app"); + app.addRedirectUri("http://localhost:8081/app"); } }); @@ -81,7 +81,7 @@ public class OAuthRedirectUriTest { keycloakRule.configure(new KeycloakRule.KeycloakSetup() { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app2"); + appRealm.getApplicationNameMap().get("test-app").addRedirectUri("http://localhost:8081/app2"); } }); @@ -95,7 +95,7 @@ public class OAuthRedirectUriTest { keycloakRule.configure(new KeycloakRule.KeycloakSetup() { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app2"); + appRealm.getApplicationNameMap().get("test-app").removeRedirectUri("http://localhost:8081/app2"); } }); } @@ -106,7 +106,7 @@ public class OAuthRedirectUriTest { keycloakRule.configure(new KeycloakRule.KeycloakSetup() { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app"); + appRealm.getApplicationNameMap().get("test-app").removeRedirectUri("http://localhost:8081/app"); } }); @@ -120,7 +120,7 @@ public class OAuthRedirectUriTest { keycloakRule.configure(new KeycloakRule.KeycloakSetup() { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app"); + appRealm.getApplicationNameMap().get("test-app").addRedirectUri("http://localhost:8081/app"); } }); } @@ -131,7 +131,7 @@ public class OAuthRedirectUriTest { keycloakRule.configure(new KeycloakRule.KeycloakSetup() { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app"); + appRealm.getApplicationNameMap().get("test-app").removeRedirectUri("http://localhost:8081/app"); } }); @@ -144,7 +144,7 @@ public class OAuthRedirectUriTest { keycloakRule.configure(new KeycloakRule.KeycloakSetup() { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app"); + appRealm.getApplicationNameMap().get("test-app").addRedirectUri("http://localhost:8081/app"); } }); } diff --git a/testsuite/performance/src/test/java/org/keycloak/testsuite/performance/ReadUsersWorker.java b/testsuite/performance/src/test/java/org/keycloak/testsuite/performance/ReadUsersWorker.java index 737fc21312..80c8b57985 100755 --- a/testsuite/performance/src/test/java/org/keycloak/testsuite/performance/ReadUsersWorker.java +++ b/testsuite/performance/src/test/java/org/keycloak/testsuite/performance/ReadUsersWorker.java @@ -3,6 +3,7 @@ package org.keycloak.testsuite.performance; import org.apache.jmeter.samplers.SampleResult; import org.apache.jorphan.logging.LoggingManager; import org.apache.log.Logger; +import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.SocialLinkModel; @@ -95,7 +96,8 @@ public class ReadUsersWorker implements Worker { // Read scopes of user in realm if (readScopes) { - realm.getScopeMappings(user); + ClientModel client = realm.findClient(username); + realm.getScopeMappings(client); } // Validate password (shoould be same as username)