From 4b399fe05adbf56ab9eee0b30e1191597b292e6a Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Wed, 1 Oct 2014 10:01:42 -0400 Subject: [PATCH 1/4] login protocol abstraction --- .../org/keycloak/ServiceUrlConstants.java | 10 +++--- .../email/EmailEventListenerProvider.java | 6 ++-- .../EmailEventListenerProviderFactory.java | 2 +- .../JBossLoggingEventListenerProvider.java | 2 +- .../events/jpa/JpaEventStoreProvider.java | 2 +- .../jpa/JpaEventStoreProviderFactory.java | 2 +- .../events/mongo/MongoEventStoreProvider.java | 2 +- .../mongo/MongoEventStoreProviderFactory.java | 2 +- .../example/CustomerDatabaseClient.java | 5 --- .../src/main/webapp/customers/session.jsp | 10 +++--- .../example/oauth/ProductDatabaseClient.java | 1 - .../events/SysoutEventListenerProvider.java | 2 +- .../events/MemEventStoreProvider.java | 2 +- .../events/MemEventStoreProviderFactory.java | 2 +- .../util/ExportImportSessionTask.java | 4 +-- .../exportimport/dir/DirImportProvider.java | 1 - .../singlefile/SingleFileExportProvider.java | 1 - .../singlefile/SingleFileImportProvider.java | 7 ++-- .../exportimport/zip/ZipImportProvider.java | 1 - .../ldap/LDAPFederationProviderFactory.java | 6 ++-- .../account/freemarker/model/AccountBean.java | 4 +-- .../freemarker/FreeMarkerEmailProvider.java | 2 +- .../admin/client/token/TokenService.java | 4 +-- .../extension/RealmDefinitionTestCase.java | 4 +-- .../tomcat7/AuthenticatedActionsValve.java | 11 +++---- .../extension/RealmDefinitionTestCase.java | 4 +-- .../extension/SubsystemParsingTestCase.java | 4 +-- .../models/UserFederationManager.java | 4 +-- .../keycloak/models/UserSessionProvider.java | 1 - .../models/jpa/entities/AttributeMap.java | 2 -- .../InfinispanUserSessionProviderFactory.java | 7 ---- .../infinispan/UserSessionAdapter.java | 4 --- .../entities/ClientSessionEntity.java | 1 - .../infinispan/mapreduce/SessionMapper.java | 1 - .../mapreduce/UserSessionMapper.java | 1 - .../sessions/jpa/ClientSessionAdapter.java | 2 -- .../sessions/jpa/JpaUserSessionProvider.java | 3 -- .../sessions/mem/MemUserSessionProvider.java | 1 - .../mongo/MongoUserSessionProvider.java | 2 -- .../idm/LDAPKeycloakCredentialHandler.java | 5 ++- .../ldap/PartitionManagerRegistry.java | 8 ++--- .../protocol/LoginProtocolFactory.java | 4 +++ .../keycloak/protocol/oidc/OpenIDConnect.java | 4 +-- .../protocol/oidc/OpenIDConnectFactory.java | 8 +++++ .../protocol/oidc/OpenIDConnectService.java | 9 +++--- .../oidc}/TokenManager.java | 5 +-- .../services/managers/ApplianceBootstrap.java | 2 -- .../services/managers/ClientSessionCode.java | 2 -- .../managers/ResourceAdminManager.java | 1 + .../services/managers/UsersSyncManager.java | 4 +-- .../services/resources/AccountService.java | 4 +-- .../resources/KeycloakApplication.java | 9 ++---- .../resources/LoginActionsService.java | 10 +++--- .../services/resources/RealmsResource.java | 32 +++++++++++-------- .../services/resources/SocialResource.java | 6 ++-- .../services/resources/WelcomeResource.java | 1 - .../resources/admin/AdminConsole.java | 2 +- .../services/resources/admin/AdminRoot.java | 7 ++-- .../resources/admin/RealmAdminResource.java | 6 ++-- .../resources/admin/RealmsAdminResource.java | 2 +- .../resources/admin/UsersResource.java | 5 ++- .../resources/flows/SocialRedirectFlows.java | 4 --- .../services/resources/flows/Urls.java | 2 +- .../java/org/keycloak/social/AuthRequest.java | 2 -- .../DummyUserFederationProviderFactory.java | 1 + .../org/keycloak/testsuite/AssertEvents.java | 4 +-- .../org/keycloak/testsuite/OAuthClient.java | 2 +- .../testsuite/account/AccountTest.java | 4 --- .../testsuite/adapter/AdapterTest.java | 4 +-- .../adapter/RelativeUriAdapterTest.java | 4 +-- .../testsuite/admin/AdminAPITest.java | 2 +- .../keycloak/testsuite/admin/UserTest.java | 4 +-- .../events/EventStoreProviderTest.java | 2 +- .../FederationProvidersIntegrationTest.java | 1 - .../keycloak/testsuite/forms/LoginTest.java | 1 - .../testsuite/forms/SyncProvidersTest.java | 8 ++--- .../model/AuthenticationManagerTest.java | 1 - .../testsuite/oauth/AccessTokenTest.java | 4 +-- .../oauth/AuthorizationCodeTest.java | 4 +-- .../testsuite/oauth/RefreshTokenTest.java | 4 +-- .../testsuite/perf/AccessTokenPerfTest.java | 2 +- .../performance/web/OAuthClient.java | 2 +- 82 files changed, 142 insertions(+), 188 deletions(-) mode change 100644 => 100755 events/email/src/main/java/org/keycloak/events/email/EmailEventListenerProviderFactory.java mode change 100644 => 100755 events/jboss-logging/src/main/java/org/keycloak/events/log/JBossLoggingEventListenerProvider.java mode change 100644 => 100755 events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProvider.java mode change 100644 => 100755 events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProviderFactory.java mode change 100644 => 100755 events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java mode change 100644 => 100755 events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProviderFactory.java mode change 100644 => 100755 examples/demo-template/customer-app/src/main/webapp/customers/session.jsp mode change 100644 => 100755 examples/providers/event-listener-sysout/src/main/java/org/keycloak/examples/providers/events/SysoutEventListenerProvider.java mode change 100644 => 100755 examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProvider.java mode change 100644 => 100755 examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProviderFactory.java mode change 100644 => 100755 export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportImportSessionTask.java mode change 100644 => 100755 forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountBean.java mode change 100644 => 100755 forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java mode change 100644 => 100755 integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java mode change 100644 => 100755 model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java mode change 100644 => 100755 model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/ClientSessionEntity.java mode change 100644 => 100755 model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/mapreduce/SessionMapper.java mode change 100644 => 100755 model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/mapreduce/UserSessionMapper.java mode change 100644 => 100755 picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/idm/LDAPKeycloakCredentialHandler.java rename services/src/main/java/org/keycloak/{services/managers => protocol/oidc}/TokenManager.java (97%) mode change 100644 => 100755 services/src/main/java/org/keycloak/services/managers/UsersSyncManager.java mode change 100644 => 100755 testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java mode change 100644 => 100755 testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java mode change 100644 => 100755 testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SyncProvidersTest.java diff --git a/core/src/main/java/org/keycloak/ServiceUrlConstants.java b/core/src/main/java/org/keycloak/ServiceUrlConstants.java index 34b5f502d3..7ff32542cf 100755 --- a/core/src/main/java/org/keycloak/ServiceUrlConstants.java +++ b/core/src/main/java/org/keycloak/ServiceUrlConstants.java @@ -6,11 +6,11 @@ package org.keycloak; */ public interface ServiceUrlConstants { - public static final String TOKEN_SERVICE_LOGIN_PATH = "/realms/{realm-name}/tokens/login"; - public static final String TOKEN_SERVICE_ACCESS_CODE_PATH = "/realms/{realm-name}/tokens/access/codes"; - public static final String TOKEN_SERVICE_REFRESH_PATH = "/realms/{realm-name}/tokens/refresh"; - public static final String TOKEN_SERVICE_LOGOUT_PATH = "/realms/{realm-name}/tokens/logout"; - public static final String TOKEN_SERVICE_DIRECT_GRANT_PATH = "/realms/{realm-name}/tokens/grants/access"; + public static final String TOKEN_SERVICE_LOGIN_PATH = "/realms/{realm-name}/protocol/openid-connect/login"; + public static final String TOKEN_SERVICE_ACCESS_CODE_PATH = "/realms/{realm-name}/protocol/openid-connect/access/codes"; + public static final String TOKEN_SERVICE_REFRESH_PATH = "/realms/{realm-name}/protocol/openid-connect/refresh"; + public static final String TOKEN_SERVICE_LOGOUT_PATH = "/realms/{realm-name}/protocol/openid-connect/logout"; + public static final String TOKEN_SERVICE_DIRECT_GRANT_PATH = "/realms/{realm-name}/protocol/openid-connect/grants/access"; public static final String ACCOUNT_SERVICE_PATH = "/realms/{realm-name}/account"; public static final String REALM_INFO_PATH = "/realms/{realm-name}"; diff --git a/events/email/src/main/java/org/keycloak/events/email/EmailEventListenerProvider.java b/events/email/src/main/java/org/keycloak/events/email/EmailEventListenerProvider.java index c0f6116974..71a432acca 100755 --- a/events/email/src/main/java/org/keycloak/events/email/EmailEventListenerProvider.java +++ b/events/email/src/main/java/org/keycloak/events/email/EmailEventListenerProvider.java @@ -1,11 +1,11 @@ package org.keycloak.events.email; import org.jboss.logging.Logger; -import org.keycloak.events.EventListenerProvider; -import org.keycloak.events.Event; -import org.keycloak.events.EventType; import org.keycloak.email.EmailException; import org.keycloak.email.EmailProvider; +import org.keycloak.events.Event; +import org.keycloak.events.EventListenerProvider; +import org.keycloak.events.EventType; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RealmProvider; diff --git a/events/email/src/main/java/org/keycloak/events/email/EmailEventListenerProviderFactory.java b/events/email/src/main/java/org/keycloak/events/email/EmailEventListenerProviderFactory.java old mode 100644 new mode 100755 index 6920bd8226..d479116ed6 --- a/events/email/src/main/java/org/keycloak/events/email/EmailEventListenerProviderFactory.java +++ b/events/email/src/main/java/org/keycloak/events/email/EmailEventListenerProviderFactory.java @@ -1,10 +1,10 @@ package org.keycloak.events.email; import org.keycloak.Config; +import org.keycloak.email.EmailProvider; import org.keycloak.events.EventListenerProvider; import org.keycloak.events.EventListenerProviderFactory; import org.keycloak.events.EventType; -import org.keycloak.email.EmailProvider; import org.keycloak.models.KeycloakSession; import java.util.Collections; diff --git a/events/jboss-logging/src/main/java/org/keycloak/events/log/JBossLoggingEventListenerProvider.java b/events/jboss-logging/src/main/java/org/keycloak/events/log/JBossLoggingEventListenerProvider.java old mode 100644 new mode 100755 index 38fc305387..badc0eea93 --- a/events/jboss-logging/src/main/java/org/keycloak/events/log/JBossLoggingEventListenerProvider.java +++ b/events/jboss-logging/src/main/java/org/keycloak/events/log/JBossLoggingEventListenerProvider.java @@ -1,8 +1,8 @@ package org.keycloak.events.log; import org.jboss.logging.Logger; -import org.keycloak.events.EventListenerProvider; import org.keycloak.events.Event; +import org.keycloak.events.EventListenerProvider; import java.util.Map; diff --git a/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProvider.java b/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProvider.java old mode 100644 new mode 100755 index a5547cc524..40b3840055 --- a/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProvider.java +++ b/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProvider.java @@ -3,9 +3,9 @@ package org.keycloak.events.jpa; import org.codehaus.jackson.map.ObjectMapper; import org.codehaus.jackson.type.TypeReference; import org.jboss.logging.Logger; -import org.keycloak.events.EventStoreProvider; import org.keycloak.events.Event; import org.keycloak.events.EventQuery; +import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventType; import javax.persistence.EntityManager; diff --git a/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProviderFactory.java b/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProviderFactory.java old mode 100644 new mode 100755 index b4922079d2..c8964eecce --- a/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProviderFactory.java +++ b/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProviderFactory.java @@ -1,10 +1,10 @@ package org.keycloak.events.jpa; import org.keycloak.Config; +import org.keycloak.connections.jpa.JpaConnectionProvider; import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventStoreProviderFactory; import org.keycloak.events.EventType; -import org.keycloak.connections.jpa.JpaConnectionProvider; import org.keycloak.models.KeycloakSession; import java.util.HashSet; diff --git a/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java b/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java old mode 100644 new mode 100755 index 58388b5e28..368ef20331 --- a/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java +++ b/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java @@ -3,9 +3,9 @@ package org.keycloak.events.mongo; import com.mongodb.BasicDBObject; import com.mongodb.DBCollection; import com.mongodb.DBObject; -import org.keycloak.events.EventStoreProvider; import org.keycloak.events.Event; import org.keycloak.events.EventQuery; +import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventType; import java.util.HashMap; diff --git a/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProviderFactory.java b/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProviderFactory.java old mode 100644 new mode 100755 index 80ac5add32..41d057dbb9 --- a/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProviderFactory.java +++ b/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProviderFactory.java @@ -4,10 +4,10 @@ import com.mongodb.DBCollection; import com.mongodb.WriteConcern; import org.jboss.logging.Logger; import org.keycloak.Config; +import org.keycloak.connections.mongo.MongoConnectionProvider; import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventStoreProviderFactory; import org.keycloak.events.EventType; -import org.keycloak.connections.mongo.MongoConnectionProvider; import org.keycloak.models.KeycloakSession; import java.util.HashSet; diff --git a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java index 7e3d74cce8..ec1ed04b46 100755 --- a/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java +++ b/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java @@ -7,16 +7,11 @@ import org.apache.http.client.methods.HttpGet; import org.keycloak.KeycloakSecurityContext; import org.keycloak.adapters.AdapterUtils; import org.keycloak.adapters.HttpClientBuilder; -import org.keycloak.adapters.KeycloakDeployment; -import org.keycloak.adapters.RefreshableKeycloakSecurityContext; -import org.keycloak.enums.RelativeUrlsUsed; import org.keycloak.representations.IDToken; import org.keycloak.util.JsonSerialization; -import org.keycloak.util.UriUtils; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; - import java.io.IOException; import java.io.InputStream; import java.util.ArrayList; diff --git a/examples/demo-template/customer-app/src/main/webapp/customers/session.jsp b/examples/demo-template/customer-app/src/main/webapp/customers/session.jsp old mode 100644 new mode 100755 index 07f99a1bc2..9898c4b381 --- a/examples/demo-template/customer-app/src/main/webapp/customers/session.jsp +++ b/examples/demo-template/customer-app/src/main/webapp/customers/session.jsp @@ -1,15 +1,13 @@ <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1" %> -<%@ page import="org.keycloak.ServiceUrlConstants" %> <%@ page import="org.keycloak.example.CustomerDatabaseClient" %> -<%@ page import="org.keycloak.representations.IDToken" %> <%@ page import="org.keycloak.util.UriUtils" %> - + Customer Session Page - - -

Your hostname: <%= UriUtils.getHostName() %>

+ + +

Your hostname: <%= UriUtils.getHostName() %>

Your session ID: <%= request.getSession().getId() %>

You visited this page <%= CustomerDatabaseClient.increaseAndGetCounter(request) %> times.



diff --git a/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java b/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java index a12bcee63d..24639085ae 100755 --- a/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java +++ b/examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java @@ -5,7 +5,6 @@ import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.keycloak.adapters.ServerRequest; -import org.keycloak.enums.RelativeUrlsUsed; import org.keycloak.representations.AccessTokenResponse; import org.keycloak.servlet.ServletOAuthClient; import org.keycloak.util.JsonSerialization; diff --git a/examples/providers/event-listener-sysout/src/main/java/org/keycloak/examples/providers/events/SysoutEventListenerProvider.java b/examples/providers/event-listener-sysout/src/main/java/org/keycloak/examples/providers/events/SysoutEventListenerProvider.java old mode 100644 new mode 100755 index f0ed12078b..8bd001ffe9 --- a/examples/providers/event-listener-sysout/src/main/java/org/keycloak/examples/providers/events/SysoutEventListenerProvider.java +++ b/examples/providers/event-listener-sysout/src/main/java/org/keycloak/examples/providers/events/SysoutEventListenerProvider.java @@ -1,7 +1,7 @@ package org.keycloak.examples.providers.events; -import org.keycloak.events.EventListenerProvider; import org.keycloak.events.Event; +import org.keycloak.events.EventListenerProvider; import org.keycloak.events.EventType; import java.util.Map; diff --git a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProvider.java b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProvider.java old mode 100644 new mode 100755 index fc5e474e3d..efe716f296 --- a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProvider.java +++ b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProvider.java @@ -1,8 +1,8 @@ package org.keycloak.examples.providers.events; -import org.keycloak.events.EventStoreProvider; import org.keycloak.events.Event; import org.keycloak.events.EventQuery; +import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventType; import java.util.Iterator; diff --git a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProviderFactory.java b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProviderFactory.java old mode 100644 new mode 100755 index 88818ea64e..acb2b0c872 --- a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProviderFactory.java +++ b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProviderFactory.java @@ -1,9 +1,9 @@ package org.keycloak.examples.providers.events; import org.keycloak.Config; +import org.keycloak.events.Event; import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventStoreProviderFactory; -import org.keycloak.events.Event; import org.keycloak.events.EventType; import org.keycloak.models.KeycloakSession; diff --git a/export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportImportSessionTask.java b/export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportImportSessionTask.java old mode 100644 new mode 100755 index 185a9663ec..87e4798af8 --- a/export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportImportSessionTask.java +++ b/export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportImportSessionTask.java @@ -1,10 +1,10 @@ package org.keycloak.exportimport.util; -import java.io.IOException; - import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionTask; +import java.io.IOException; + /** * Just to wrap {@link IOException} * diff --git a/export-import/export-import-dir/src/main/java/org/keycloak/exportimport/dir/DirImportProvider.java b/export-import/export-import-dir/src/main/java/org/keycloak/exportimport/dir/DirImportProvider.java index 739957470c..15d6dc8957 100755 --- a/export-import/export-import-dir/src/main/java/org/keycloak/exportimport/dir/DirImportProvider.java +++ b/export-import/export-import-dir/src/main/java/org/keycloak/exportimport/dir/DirImportProvider.java @@ -8,7 +8,6 @@ import org.keycloak.exportimport.util.ExportImportSessionTask; import org.keycloak.exportimport.util.ImportUtils; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.KeycloakSessionTask; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.util.JsonSerialization; diff --git a/export-import/export-import-single-file/src/main/java/org/keycloak/exportimport/singlefile/SingleFileExportProvider.java b/export-import/export-import-single-file/src/main/java/org/keycloak/exportimport/singlefile/SingleFileExportProvider.java index a8d7d98937..edb0ac0599 100755 --- a/export-import/export-import-single-file/src/main/java/org/keycloak/exportimport/singlefile/SingleFileExportProvider.java +++ b/export-import/export-import-single-file/src/main/java/org/keycloak/exportimport/singlefile/SingleFileExportProvider.java @@ -7,7 +7,6 @@ import org.keycloak.exportimport.util.ExportImportSessionTask; import org.keycloak.exportimport.util.ExportUtils; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.KeycloakSessionTask; import org.keycloak.models.RealmModel; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.representations.idm.RealmRepresentation; diff --git a/export-import/export-import-single-file/src/main/java/org/keycloak/exportimport/singlefile/SingleFileImportProvider.java b/export-import/export-import-single-file/src/main/java/org/keycloak/exportimport/singlefile/SingleFileImportProvider.java index a1e1109ca4..8e993d0b5f 100755 --- a/export-import/export-import-single-file/src/main/java/org/keycloak/exportimport/singlefile/SingleFileImportProvider.java +++ b/export-import/export-import-single-file/src/main/java/org/keycloak/exportimport/singlefile/SingleFileImportProvider.java @@ -3,15 +3,16 @@ package org.keycloak.exportimport.singlefile; import org.jboss.logging.Logger; import org.keycloak.exportimport.ImportProvider; import org.keycloak.exportimport.Strategy; +import org.keycloak.exportimport.util.ExportImportSessionTask; import org.keycloak.exportimport.util.ImportUtils; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; +import org.keycloak.models.utils.KeycloakModelUtils; +import org.keycloak.util.JsonSerialization; + import java.io.File; import java.io.FileInputStream; import java.io.IOException; -import org.keycloak.exportimport.util.ExportImportSessionTask; -import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.util.JsonSerialization; /** * @author Marek Posolda diff --git a/export-import/export-import-zip/src/main/java/org/keycloak/exportimport/zip/ZipImportProvider.java b/export-import/export-import-zip/src/main/java/org/keycloak/exportimport/zip/ZipImportProvider.java index 69cfd461d2..fb4013956f 100755 --- a/export-import/export-import-zip/src/main/java/org/keycloak/exportimport/zip/ZipImportProvider.java +++ b/export-import/export-import-zip/src/main/java/org/keycloak/exportimport/zip/ZipImportProvider.java @@ -12,7 +12,6 @@ import org.keycloak.exportimport.util.ExportImportSessionTask; import org.keycloak.exportimport.util.ImportUtils; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.KeycloakSessionTask; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.util.JsonSerialization; diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java index 88bf66f826..5472bc7a7f 100755 --- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java +++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java @@ -3,13 +3,13 @@ package org.keycloak.federation.ldap; import org.jboss.logging.Logger; import org.keycloak.Config; import org.keycloak.models.KeycloakSession; -import org.keycloak.models.UserFederationProvider; -import org.keycloak.models.UserFederationProviderFactory; -import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.KeycloakSessionTask; import org.keycloak.models.LDAPConstants; import org.keycloak.models.RealmModel; +import org.keycloak.models.UserFederationProvider; +import org.keycloak.models.UserFederationProviderFactory; +import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.picketlink.PartitionManagerProvider; import org.picketlink.idm.IdentityManager; diff --git a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountBean.java b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountBean.java old mode 100644 new mode 100755 index e9528adb76..7fa6b401cb --- a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountBean.java +++ b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountBean.java @@ -1,9 +1,9 @@ package org.keycloak.account.freemarker.model; -import javax.ws.rs.core.MultivaluedMap; - import org.keycloak.models.UserModel; +import javax.ws.rs.core.MultivaluedMap; + /** * @author Stian Thorgersen */ diff --git a/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java b/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java old mode 100644 new mode 100755 index 7bdd361cbd..df43d16fb2 --- a/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java +++ b/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java @@ -1,10 +1,10 @@ package org.keycloak.email.freemarker; import org.jboss.logging.Logger; -import org.keycloak.events.Event; import org.keycloak.email.EmailException; import org.keycloak.email.EmailProvider; import org.keycloak.email.freemarker.beans.EventBean; +import org.keycloak.events.Event; import org.keycloak.freemarker.FreeMarkerUtil; import org.keycloak.freemarker.Theme; import org.keycloak.freemarker.ThemeProvider; diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/token/TokenService.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/token/TokenService.java index 0d97fc2c19..376e5f0d5a 100755 --- a/integration/admin-client/src/main/java/org/keycloak/admin/client/token/TokenService.java +++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/token/TokenService.java @@ -18,11 +18,11 @@ import javax.ws.rs.core.MultivaluedMap; public interface TokenService { @POST - @Path("/realms/{realm}/tokens/grants/access") + @Path("/realms/{realm}/protocol/openid-connect/grants/access") public AccessTokenResponse grantToken(@PathParam("realm") String realm, MultivaluedMap map); @POST - @Path("/realms/{realm}/tokens/refresh") + @Path("/realms/{realm}/protocol/openid-connect/refresh") public AccessTokenResponse refreshToken(@PathParam("realm") String realm, MultivaluedMap map); } diff --git a/integration/as7-eap-subsystem/src/test/java/org/keycloak/subsystem/extension/RealmDefinitionTestCase.java b/integration/as7-eap-subsystem/src/test/java/org/keycloak/subsystem/extension/RealmDefinitionTestCase.java index dec35a5779..8bae47167a 100755 --- a/integration/as7-eap-subsystem/src/test/java/org/keycloak/subsystem/extension/RealmDefinitionTestCase.java +++ b/integration/as7-eap-subsystem/src/test/java/org/keycloak/subsystem/extension/RealmDefinitionTestCase.java @@ -37,8 +37,8 @@ public class RealmDefinitionTestCase { model.get("realm").set("demo"); model.get("resource").set("customer-portal"); model.get("realm-public-key").set("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB"); - model.get("auth-url").set("http://localhost:8080/auth-server/realms/demo/tokens/login"); - model.get("code-url").set("http://localhost:8080/auth-server/realms/demo/tokens/access/codes"); + model.get("auth-url").set("http://localhost:8080/auth-server/realms/demo/protocol/openid-connect/login"); + model.get("code-url").set("http://localhost:8080/auth-server/realms/demo/protocol/openid-connect/access/codes"); model.get("expose-token").set(true); ModelNode credential = new ModelNode(); credential.get("password").set("password"); diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java old mode 100644 new mode 100755 index 6feec2c216..c7ea65eab2 --- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java +++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java @@ -1,11 +1,5 @@ package org.keycloak.adapters.tomcat7; -import java.io.IOException; -import java.util.logging.Logger; - -import javax.management.ObjectName; -import javax.servlet.ServletException; - import org.apache.catalina.Container; import org.apache.catalina.Valve; import org.apache.catalina.connector.Request; @@ -15,6 +9,11 @@ import org.keycloak.adapters.AdapterDeploymentContext; import org.keycloak.adapters.AuthenticatedActionsHandler; import org.keycloak.adapters.KeycloakDeployment; +import javax.management.ObjectName; +import javax.servlet.ServletException; +import java.io.IOException; +import java.util.logging.Logger; + /** * Pre-installed actions that must be authenticated *

diff --git a/integration/wildfly-subsystem/src/test/java/org/keycloak/subsystem/extension/RealmDefinitionTestCase.java b/integration/wildfly-subsystem/src/test/java/org/keycloak/subsystem/extension/RealmDefinitionTestCase.java index 26ec2cbdf5..c21ff20ce6 100755 --- a/integration/wildfly-subsystem/src/test/java/org/keycloak/subsystem/extension/RealmDefinitionTestCase.java +++ b/integration/wildfly-subsystem/src/test/java/org/keycloak/subsystem/extension/RealmDefinitionTestCase.java @@ -38,8 +38,8 @@ public class RealmDefinitionTestCase { model.get("realm").set("demo"); model.get("resource").set("customer-portal"); model.get("realm-public-key").set("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB"); - model.get("auth-url").set("http://localhost:8080/auth-server/rest/realms/demo/tokens/login"); - model.get("code-url").set("http://localhost:8080/auth-server/rest/realms/demo/tokens/access/codes"); + model.get("auth-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/login"); + model.get("code-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/access/codes"); model.get("expose-token").set(true); ModelNode credential = new ModelNode(); credential.get("password").set("password"); diff --git a/integration/wildfly-subsystem/src/test/java/org/keycloak/subsystem/extension/SubsystemParsingTestCase.java b/integration/wildfly-subsystem/src/test/java/org/keycloak/subsystem/extension/SubsystemParsingTestCase.java index ba87801ca5..911fed4530 100755 --- a/integration/wildfly-subsystem/src/test/java/org/keycloak/subsystem/extension/SubsystemParsingTestCase.java +++ b/integration/wildfly-subsystem/src/test/java/org/keycloak/subsystem/extension/SubsystemParsingTestCase.java @@ -50,8 +50,8 @@ public class SubsystemParsingTestCase extends AbstractSubsystemTest { node.get("realm").set("demo"); node.get("resource").set("customer-portal"); node.get("realm-public-key").set("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB"); - node.get("auth-url").set("http://localhost:8080/auth-server/rest/realms/demo/tokens/login"); - node.get("code-url").set("http://localhost:8080/auth-server/rest/realms/demo/tokens/access/codes"); + node.get("auth-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/login"); + node.get("code-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/access/codes"); node.get("ssl-required").set("external"); node.get("expose-token").set(true); ModelNode credential = new ModelNode(); diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java index ce3eb7f69b..2a37f6c018 100755 --- a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java +++ b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java @@ -1,5 +1,7 @@ package org.keycloak.models; +import org.jboss.logging.Logger; + import java.util.ArrayList; import java.util.HashMap; import java.util.LinkedList; @@ -7,8 +9,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import org.jboss.logging.Logger; - /** * @author Bill Burke * @version $Revision: 1 $ diff --git a/model/api/src/main/java/org/keycloak/models/UserSessionProvider.java b/model/api/src/main/java/org/keycloak/models/UserSessionProvider.java index bf2c22dafe..a316f6fc48 100755 --- a/model/api/src/main/java/org/keycloak/models/UserSessionProvider.java +++ b/model/api/src/main/java/org/keycloak/models/UserSessionProvider.java @@ -3,7 +3,6 @@ package org.keycloak.models; import org.keycloak.provider.Provider; import java.util.List; -import java.util.Set; /** * @author Bill Burke diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AttributeMap.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AttributeMap.java index 5a4e28b19f..625b051bba 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AttributeMap.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AttributeMap.java @@ -1,8 +1,6 @@ package org.keycloak.models.jpa.entities; -import java.util.Collection; import java.util.HashMap; -import java.util.List; import java.util.Map; /** diff --git a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java old mode 100644 new mode 100755 index 40287af857..6098f3fbf5 --- a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java +++ b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java @@ -1,11 +1,6 @@ package org.keycloak.models.sessions.infinispan; import org.infinispan.Cache; -import org.infinispan.configuration.cache.CacheMode; -import org.infinispan.configuration.cache.ConfigurationBuilder; -import org.infinispan.configuration.global.GlobalConfigurationBuilder; -import org.infinispan.manager.DefaultCacheManager; -import org.infinispan.manager.EmbeddedCacheManager; import org.keycloak.Config; import org.keycloak.connections.infinispan.InfinispanConnectionProvider; import org.keycloak.models.KeycloakSession; @@ -14,8 +9,6 @@ import org.keycloak.models.UserSessionProviderFactory; import org.keycloak.models.sessions.infinispan.entities.LoginFailureEntity; import org.keycloak.models.sessions.infinispan.entities.SessionEntity; -import javax.naming.InitialContext; - /** * @author Stian Thorgersen */ diff --git a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserSessionAdapter.java b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserSessionAdapter.java index 7b3000ebca..1c6ffb6ccc 100755 --- a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserSessionAdapter.java +++ b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UserSessionAdapter.java @@ -1,7 +1,6 @@ package org.keycloak.models.sessions.infinispan; import org.infinispan.Cache; -import org.infinispan.distexec.mapreduce.MapReduceTask; import org.keycloak.models.ClientSessionModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -10,13 +9,10 @@ import org.keycloak.models.UserSessionModel; import org.keycloak.models.sessions.infinispan.entities.ClientSessionEntity; import org.keycloak.models.sessions.infinispan.entities.SessionEntity; import org.keycloak.models.sessions.infinispan.entities.UserSessionEntity; -import org.keycloak.models.sessions.infinispan.mapreduce.ClientSessionMapper; -import org.keycloak.models.sessions.infinispan.mapreduce.FirstResultReducer; import java.util.Collections; import java.util.LinkedList; import java.util.List; -import java.util.Map; /** * @author Stian Thorgersen diff --git a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/ClientSessionEntity.java b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/ClientSessionEntity.java old mode 100644 new mode 100755 index bfcf1c6f3c..9c085fcaa3 --- a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/ClientSessionEntity.java +++ b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/ClientSessionEntity.java @@ -2,7 +2,6 @@ package org.keycloak.models.sessions.infinispan.entities; import org.keycloak.models.ClientSessionModel; -import java.io.Serializable; import java.util.Map; import java.util.Set; diff --git a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/mapreduce/SessionMapper.java b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/mapreduce/SessionMapper.java old mode 100644 new mode 100755 index 747d094558..a56663af83 --- a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/mapreduce/SessionMapper.java +++ b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/mapreduce/SessionMapper.java @@ -3,7 +3,6 @@ package org.keycloak.models.sessions.infinispan.mapreduce; import org.infinispan.distexec.mapreduce.Collector; import org.infinispan.distexec.mapreduce.Mapper; import org.keycloak.models.sessions.infinispan.entities.SessionEntity; -import org.keycloak.models.sessions.infinispan.entities.UserSessionEntity; import java.io.Serializable; diff --git a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/mapreduce/UserSessionMapper.java b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/mapreduce/UserSessionMapper.java old mode 100644 new mode 100755 index 3c28284830..f781b9e014 --- a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/mapreduce/UserSessionMapper.java +++ b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/mapreduce/UserSessionMapper.java @@ -2,7 +2,6 @@ package org.keycloak.models.sessions.infinispan.mapreduce; import org.infinispan.distexec.mapreduce.Collector; import org.infinispan.distexec.mapreduce.Mapper; -import org.keycloak.models.sessions.infinispan.entities.ClientSessionEntity; import org.keycloak.models.sessions.infinispan.entities.SessionEntity; import org.keycloak.models.sessions.infinispan.entities.UserSessionEntity; diff --git a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java index 7e6a73f9d6..e05130c851 100755 --- a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java +++ b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java @@ -13,8 +13,6 @@ import org.keycloak.models.sessions.jpa.entities.UserSessionEntity; import javax.persistence.EntityManager; import java.util.HashSet; import java.util.Iterator; -import java.util.LinkedList; -import java.util.List; import java.util.Set; /** diff --git a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/JpaUserSessionProvider.java b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/JpaUserSessionProvider.java index b1ec11b02b..a54891d15d 100755 --- a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/JpaUserSessionProvider.java +++ b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/JpaUserSessionProvider.java @@ -9,7 +9,6 @@ import org.keycloak.models.UserSessionModel; import org.keycloak.models.UserSessionProvider; import org.keycloak.models.UsernameLoginFailureModel; import org.keycloak.models.sessions.jpa.entities.ClientSessionEntity; -import org.keycloak.models.sessions.jpa.entities.ClientSessionRoleEntity; import org.keycloak.models.sessions.jpa.entities.UserSessionEntity; import org.keycloak.models.sessions.jpa.entities.UsernameLoginFailureEntity; import org.keycloak.models.utils.KeycloakModelUtils; @@ -17,10 +16,8 @@ import org.keycloak.util.Time; import javax.persistence.EntityManager; import javax.persistence.TypedQuery; -import java.util.ArrayList; import java.util.LinkedList; import java.util.List; -import java.util.Set; /** * @author Stian Thorgersen diff --git a/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/MemUserSessionProvider.java b/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/MemUserSessionProvider.java index 27f9757b79..26ddb0a933 100755 --- a/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/MemUserSessionProvider.java +++ b/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/MemUserSessionProvider.java @@ -21,7 +21,6 @@ import java.util.Comparator; import java.util.Iterator; import java.util.LinkedList; import java.util.List; -import java.util.Set; import java.util.concurrent.ConcurrentHashMap; /** diff --git a/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/MongoUserSessionProvider.java b/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/MongoUserSessionProvider.java index c032e1b17b..fe3bb2ded9 100755 --- a/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/MongoUserSessionProvider.java +++ b/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/MongoUserSessionProvider.java @@ -19,10 +19,8 @@ import org.keycloak.models.sessions.mongo.entities.MongoUsernameLoginFailureEnti import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.util.Time; -import java.util.HashSet; import java.util.LinkedList; import java.util.List; -import java.util.Set; /** * @author Stian Thorgersen diff --git a/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/idm/LDAPKeycloakCredentialHandler.java b/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/idm/LDAPKeycloakCredentialHandler.java old mode 100644 new mode 100755 index dea12085e3..0c82906406 --- a/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/idm/LDAPKeycloakCredentialHandler.java +++ b/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/idm/LDAPKeycloakCredentialHandler.java @@ -1,19 +1,18 @@ package org.keycloak.picketlink.idm; -import javax.naming.directory.SearchResult; - import org.picketlink.idm.IdentityManager; import org.picketlink.idm.config.LDAPMappingConfiguration; import org.picketlink.idm.credential.UsernamePasswordCredentials; import org.picketlink.idm.credential.storage.CredentialStorage; import org.picketlink.idm.ldap.internal.LDAPIdentityStore; -import org.picketlink.idm.ldap.internal.LDAPOperationManager; import org.picketlink.idm.ldap.internal.LDAPPlainTextPasswordCredentialHandler; import org.picketlink.idm.model.Account; import org.picketlink.idm.model.basic.BasicModel; import org.picketlink.idm.model.basic.User; import org.picketlink.idm.spi.IdentityContext; +import javax.naming.directory.SearchResult; + import static org.picketlink.idm.IDMLog.CREDENTIAL_LOGGER; /** diff --git a/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/ldap/PartitionManagerRegistry.java b/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/ldap/PartitionManagerRegistry.java index 6fc5237335..a3aaab36e5 100755 --- a/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/ldap/PartitionManagerRegistry.java +++ b/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/ldap/PartitionManagerRegistry.java @@ -11,17 +11,13 @@ import org.picketlink.idm.config.LDAPMappingConfigurationBuilder; import org.picketlink.idm.config.LDAPStoreConfigurationBuilder; import org.picketlink.idm.internal.DefaultPartitionManager; import org.picketlink.idm.model.basic.User; + import java.util.HashMap; import java.util.Map; import java.util.Properties; import java.util.concurrent.ConcurrentHashMap; -import static org.picketlink.common.constants.LDAPConstants.CN; -import static org.picketlink.common.constants.LDAPConstants.EMAIL; -import static org.picketlink.common.constants.LDAPConstants.SN; -import static org.picketlink.common.constants.LDAPConstants.UID; -import static org.picketlink.common.constants.LDAPConstants.CREATE_TIMESTAMP; -import static org.picketlink.common.constants.LDAPConstants.MODIFY_TIMESTAMP; +import static org.picketlink.common.constants.LDAPConstants.*; /** * @author Marek Posolda diff --git a/services/src/main/java/org/keycloak/protocol/LoginProtocolFactory.java b/services/src/main/java/org/keycloak/protocol/LoginProtocolFactory.java index 817b224757..4bd4beac12 100755 --- a/services/src/main/java/org/keycloak/protocol/LoginProtocolFactory.java +++ b/services/src/main/java/org/keycloak/protocol/LoginProtocolFactory.java @@ -1,10 +1,14 @@ package org.keycloak.protocol; +import org.keycloak.events.EventBuilder; +import org.keycloak.models.RealmModel; import org.keycloak.provider.ProviderFactory; +import org.keycloak.services.managers.AuthenticationManager; /** * @author Bill Burke * @version $Revision: 1 $ */ public interface LoginProtocolFactory extends ProviderFactory { + Object createProtocolEndpoint(RealmModel realm, EventBuilder event, AuthenticationManager authManager); } diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnect.java b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnect.java index baf5763b49..b3afe30d59 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnect.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnect.java @@ -29,8 +29,8 @@ import org.keycloak.models.ClientSessionModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserSessionModel; -import org.keycloak.services.managers.ClientSessionCode; import org.keycloak.protocol.LoginProtocol; +import org.keycloak.services.managers.ClientSessionCode; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; @@ -42,7 +42,7 @@ import javax.ws.rs.core.UriInfo; */ public class OpenIDConnect implements LoginProtocol { - public static final String LOGIN_PAGE_PROTOCOL = "openid-connect"; + public static final String LOGIN_PROTOCOL = "openid-connect"; public static final String STATE_PARAM = "state"; public static final String SCOPE_PARAM = "scope"; public static final String RESPONSE_TYPE_PARAM = "response_type"; diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectFactory.java b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectFactory.java index 9182cd4508..f3b2eda387 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectFactory.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectFactory.java @@ -1,9 +1,12 @@ package org.keycloak.protocol.oidc; import org.keycloak.Config; +import org.keycloak.events.EventBuilder; import org.keycloak.models.KeycloakSession; +import org.keycloak.models.RealmModel; import org.keycloak.protocol.LoginProtocol; import org.keycloak.protocol.LoginProtocolFactory; +import org.keycloak.services.managers.AuthenticationManager; /** * @author Bill Burke @@ -20,6 +23,11 @@ public class OpenIDConnectFactory implements LoginProtocolFactory { } + @Override + public Object createProtocolEndpoint(RealmModel realm, EventBuilder event, AuthenticationManager authManager) { + return new OpenIDConnectService(realm, event, authManager); + } + @Override public void close() { diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java index af324a8294..5c923113e3 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java @@ -33,7 +33,6 @@ import org.keycloak.services.ForbiddenException; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus; import org.keycloak.services.managers.ClientSessionCode; -import org.keycloak.services.managers.TokenManager; import org.keycloak.services.resources.Cors; import org.keycloak.services.resources.RealmsResource; import org.keycloak.services.resources.flows.Flows; @@ -102,9 +101,9 @@ public class OpenIDConnectService { protected ResourceContext resourceContext; */ - public OpenIDConnectService(RealmModel realm, TokenManager tokenManager, EventBuilder event, AuthenticationManager authManager) { + public OpenIDConnectService(RealmModel realm, EventBuilder event, AuthenticationManager authManager) { this.realm = realm; - this.tokenManager = tokenManager; + this.tokenManager = new TokenManager(); this.event = event; this.authManager = authManager; } @@ -669,7 +668,7 @@ public class OpenIDConnectService { return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid code, please login again through your application."); } clientSession = clientCode.getClientSession(); - if (!clientSession.getAuthMethod().equals(OpenIDConnect.LOGIN_PAGE_PROTOCOL)) { + if (!clientSession.getAuthMethod().equals(OpenIDConnect.LOGIN_PROTOCOL)) { event.error(Errors.INVALID_CODE); return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid protocol, please login again through your application."); } @@ -708,7 +707,7 @@ public class OpenIDConnectService { return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid redirect_uri."); } clientSession = session.sessions().createClientSession(realm, client); - clientSession.setAuthMethod(OpenIDConnect.LOGIN_PAGE_PROTOCOL); + clientSession.setAuthMethod(OpenIDConnect.LOGIN_PROTOCOL); clientSession.setRedirectUri(redirect); clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE); clientSession.setNote(OpenIDConnect.STATE_PARAM, state); diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java similarity index 97% rename from services/src/main/java/org/keycloak/services/managers/TokenManager.java rename to services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java index e7de7172d7..761b69f889 100755 --- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java @@ -1,10 +1,10 @@ -package org.keycloak.services.managers; +package org.keycloak.protocol.oidc; import org.jboss.logging.Logger; import org.keycloak.ClientConnection; import org.keycloak.OAuthErrorException; -import org.keycloak.events.EventBuilder; import org.keycloak.events.Details; +import org.keycloak.events.EventBuilder; import org.keycloak.jose.jws.JWSBuilder; import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.crypto.RSAProvider; @@ -22,6 +22,7 @@ import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessTokenResponse; import org.keycloak.representations.IDToken; import org.keycloak.representations.RefreshToken; +import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.util.Time; import javax.ws.rs.core.UriInfo; diff --git a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java index 96f81344b4..cf5978fe4c 100755 --- a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java +++ b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java @@ -15,8 +15,6 @@ import org.keycloak.models.UserModel; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.representations.idm.CredentialRepresentation; -import java.util.Collections; - /** * @author Bill Burke * @version $Revision: 1 $ diff --git a/services/src/main/java/org/keycloak/services/managers/ClientSessionCode.java b/services/src/main/java/org/keycloak/services/managers/ClientSessionCode.java index 217675a581..32305b12da 100755 --- a/services/src/main/java/org/keycloak/services/managers/ClientSessionCode.java +++ b/services/src/main/java/org/keycloak/services/managers/ClientSessionCode.java @@ -3,12 +3,10 @@ package org.keycloak.services.managers; import org.keycloak.OAuthErrorException; import org.keycloak.jose.jws.Algorithm; import org.keycloak.jose.jws.crypto.RSAProvider; -import org.keycloak.models.ClientModel; import org.keycloak.models.ClientSessionModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; -import org.keycloak.models.UserModel; import org.keycloak.models.UserModel.RequiredAction; import org.keycloak.util.Base64Url; import org.keycloak.util.Time; diff --git a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java index c224f2db89..d754b7f886 100755 --- a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java +++ b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java @@ -14,6 +14,7 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; +import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.adapters.action.LogoutAction; import org.keycloak.representations.adapters.action.PushNotBeforeAction; import org.keycloak.representations.adapters.action.SessionStats; diff --git a/services/src/main/java/org/keycloak/services/managers/UsersSyncManager.java b/services/src/main/java/org/keycloak/services/managers/UsersSyncManager.java old mode 100644 new mode 100755 index 82d2972b43..9761b72a56 --- a/services/src/main/java/org/keycloak/services/managers/UsersSyncManager.java +++ b/services/src/main/java/org/keycloak/services/managers/UsersSyncManager.java @@ -1,7 +1,5 @@ package org.keycloak.services.managers; -import java.util.List; - import org.jboss.logging.Logger; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; @@ -14,6 +12,8 @@ import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.timer.TimerProvider; import org.keycloak.util.Time; +import java.util.List; + /** * @author Marek Posolda */ diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java index aa9a8e4237..99550a3b6c 100755 --- a/services/src/main/java/org/keycloak/services/resources/AccountService.java +++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java @@ -27,10 +27,10 @@ import org.jboss.resteasy.spi.HttpRequest; import org.keycloak.ClientConnection; import org.keycloak.account.AccountPages; import org.keycloak.account.AccountProvider; -import org.keycloak.events.EventBuilder; -import org.keycloak.events.EventStoreProvider; import org.keycloak.events.Details; import org.keycloak.events.Event; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventType; import org.keycloak.models.AccountRoles; import org.keycloak.models.ApplicationModel; diff --git a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java index 4f855edd78..d457c15630 100755 --- a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java +++ b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java @@ -15,9 +15,8 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.DefaultKeycloakSessionFactory; import org.keycloak.services.managers.ApplianceBootstrap; import org.keycloak.services.managers.BruteForceProtector; -import org.keycloak.services.managers.UsersSyncManager; import org.keycloak.services.managers.RealmManager; -import org.keycloak.services.managers.TokenManager; +import org.keycloak.services.managers.UsersSyncManager; import org.keycloak.services.resources.admin.AdminRoot; import org.keycloak.services.scheduled.ClearExpiredEvents; import org.keycloak.services.scheduled.ClearExpiredUserSessions; @@ -69,12 +68,10 @@ public class KeycloakApplication extends Application { context.setAttribute(BruteForceProtector.class.getName(), protector); context.setAttribute(KeycloakSessionFactory.class.getName(), this.sessionFactory); - TokenManager tokenManager = new TokenManager(); - singletons.add(new ServerVersionResource()); - singletons.add(new RealmsResource(tokenManager)); + singletons.add(new RealmsResource()); singletons.add(new SocialResource()); - singletons.add(new AdminRoot(tokenManager)); + singletons.add(new AdminRoot()); classes.add(SkeletonKeyContextResolver.class); classes.add(QRCodeResource.class); classes.add(ThemeResource.class); diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java index 989b866e2f..3a0e6d6df5 100755 --- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java +++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java @@ -24,12 +24,12 @@ package org.keycloak.services.resources; import org.jboss.logging.Logger; import org.jboss.resteasy.spi.HttpRequest; import org.keycloak.ClientConnection; -import org.keycloak.events.EventBuilder; -import org.keycloak.events.Details; -import org.keycloak.events.Errors; -import org.keycloak.events.EventType; import org.keycloak.email.EmailException; import org.keycloak.email.EmailProvider; +import org.keycloak.events.Details; +import org.keycloak.events.Errors; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventType; import org.keycloak.jose.jws.JWSBuilder; import org.keycloak.login.LoginFormsProvider; import org.keycloak.models.ClientModel; @@ -45,11 +45,11 @@ import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.TimeBasedOTP; import org.keycloak.protocol.LoginProtocol; import org.keycloak.protocol.oidc.OpenIDConnectService; +import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.PasswordToken; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.ClientSessionCode; -import org.keycloak.services.managers.TokenManager; import org.keycloak.services.messages.Messages; import org.keycloak.services.resources.flows.Flows; import org.keycloak.services.resources.flows.Urls; diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index e224cce3c1..dfe3c9ccb0 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -12,12 +12,13 @@ import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; +import org.keycloak.protocol.LoginProtocol; +import org.keycloak.protocol.LoginProtocolFactory; import org.keycloak.protocol.oidc.OpenIDConnectService; -import org.keycloak.services.managers.EventsManager; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.BruteForceProtector; +import org.keycloak.services.managers.EventsManager; import org.keycloak.services.managers.RealmManager; -import org.keycloak.services.managers.TokenManager; import org.keycloak.util.StreamUtil; import javax.ws.rs.GET; @@ -63,12 +64,6 @@ public class RealmsResource { @Context protected BruteForceProtector protector; - protected TokenManager tokenManager; - - public RealmsResource(TokenManager tokenManager) { - this.tokenManager = tokenManager; - } - public static UriBuilder realmBaseUrl(UriInfo uriInfo) { return uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(RealmsResource.class, "getRealmResource"); } @@ -142,16 +137,27 @@ public class RealmsResource { } } - @Path("{realm}/tokens") - public OpenIDConnectService getTokenService(final @PathParam("realm") String name) { + @Path("{realm}/protocol/{protocol}") + public Object getProtocol(final @PathParam("realm") String name, + final @PathParam("protocol") String protocol) { RealmManager realmManager = new RealmManager(session); RealmModel realm = locateRealm(name, realmManager); EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder(); AuthenticationManager authManager = new AuthenticationManager(protector); - OpenIDConnectService tokenService = new OpenIDConnectService(realm, tokenManager, event, authManager); - ResteasyProviderFactory.getInstance().injectProperties(tokenService); + + LoginProtocolFactory factory = (LoginProtocolFactory)session.getKeycloakSessionFactory().getProviderFactory(LoginProtocol.class, protocol); + Object endpoint = factory.createProtocolEndpoint(realm, event, authManager); + + ResteasyProviderFactory.getInstance().injectProperties(endpoint); //resourceContext.initResource(tokenService); - return tokenService; + return endpoint; + } + + @Path("{realm}/tokens") + @Deprecated + public Object getTokenService(final @PathParam("realm") String name) { + // for backward compatibility. + return getProtocol(name, "openid-connect"); } @Path("{realm}/login-actions") diff --git a/services/src/main/java/org/keycloak/services/resources/SocialResource.java b/services/src/main/java/org/keycloak/services/resources/SocialResource.java index f28db4cf17..ce40497b37 100755 --- a/services/src/main/java/org/keycloak/services/resources/SocialResource.java +++ b/services/src/main/java/org/keycloak/services/resources/SocialResource.java @@ -25,9 +25,9 @@ import org.jboss.logging.Logger; import org.jboss.resteasy.specimpl.MultivaluedMapImpl; import org.jboss.resteasy.spi.HttpRequest; import org.keycloak.ClientConnection; -import org.keycloak.events.EventBuilder; import org.keycloak.events.Details; import org.keycloak.events.Errors; +import org.keycloak.events.EventBuilder; import org.keycloak.events.EventType; import org.keycloak.models.AccountRoles; import org.keycloak.models.ClientModel; @@ -40,11 +40,11 @@ import org.keycloak.models.SocialLinkModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; import org.keycloak.models.utils.KeycloakModelUtils; +import org.keycloak.protocol.oidc.TokenManager; +import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.ClientSessionCode; import org.keycloak.services.managers.EventsManager; -import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.RealmManager; -import org.keycloak.services.managers.TokenManager; import org.keycloak.services.resources.flows.Flows; import org.keycloak.services.resources.flows.Urls; import org.keycloak.social.AuthCallback; diff --git a/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java b/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java index 5158e67d84..f0f9b506d3 100755 --- a/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java +++ b/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java @@ -2,7 +2,6 @@ package org.keycloak.services.resources; import org.jboss.logging.Logger; import org.keycloak.Config; -import org.keycloak.freemarker.BrowserSecurityHeaderSetup; import org.keycloak.freemarker.Theme; import org.keycloak.freemarker.ThemeProvider; import org.keycloak.models.KeycloakSession; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java index ebd6451220..1e408651cc 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java @@ -18,12 +18,12 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserModel; +import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.services.managers.AppAuthManager; import org.keycloak.services.managers.ApplicationManager; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.resources.KeycloakApplication; -import org.keycloak.protocol.oidc.OpenIDConnectService; import javax.activation.FileTypeMap; import javax.activation.MimetypesFileTypeMap; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java index 40fccf90bc..79f5f9edc3 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java @@ -12,17 +12,16 @@ import org.keycloak.jose.jws.JWSInput; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; +import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.AccessToken; import org.keycloak.services.managers.AppAuthManager; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.RealmManager; -import org.keycloak.services.managers.TokenManager; import org.keycloak.services.resources.Cors; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.PathParam; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Response; @@ -58,8 +57,8 @@ public class AdminRoot { @Context protected KeycloakSession session; - public AdminRoot(TokenManager tokenManager) { - this.tokenManager = tokenManager; + public AdminRoot() { + this.tokenManager = new TokenManager(); this.authManager = new AppAuthManager(); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java index 45fae436da..0f3253396d 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java @@ -4,9 +4,9 @@ import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; -import org.keycloak.events.EventStoreProvider; import org.keycloak.events.Event; import org.keycloak.events.EventQuery; +import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventType; import org.keycloak.models.ApplicationModel; import org.keycloak.models.KeycloakSession; @@ -18,14 +18,14 @@ import org.keycloak.models.cache.CacheRealmProvider; import org.keycloak.models.cache.CacheUserProvider; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.models.utils.RepresentationToModel; +import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.adapters.action.SessionStats; import org.keycloak.representations.idm.RealmEventsConfigRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.managers.LDAPConnectionTestManager; -import org.keycloak.services.managers.UsersSyncManager; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.ResourceAdminManager; -import org.keycloak.services.managers.TokenManager; +import org.keycloak.services.managers.UsersSyncManager; import org.keycloak.services.resources.flows.Flows; import org.keycloak.timer.TimerProvider; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java index ab703ac467..0eab7ef3b8 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java @@ -13,10 +13,10 @@ import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.models.utils.ModelToRepresentation; +import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.ForbiddenException; import org.keycloak.services.managers.RealmManager; -import org.keycloak.services.managers.TokenManager; import org.keycloak.services.resources.KeycloakApplication; import org.keycloak.services.resources.flows.Flows; import org.keycloak.util.JsonSerialization; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java index 7900cc7db9..d71391e619 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java @@ -23,6 +23,7 @@ import org.keycloak.models.UserSessionModel; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.models.utils.RepresentationToModel; import org.keycloak.protocol.oidc.OpenIDConnect; +import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.adapters.action.UserStats; import org.keycloak.representations.idm.ApplicationMappingsRepresentation; import org.keycloak.representations.idm.CredentialRepresentation; @@ -34,7 +35,6 @@ import org.keycloak.representations.idm.UserSessionRepresentation; import org.keycloak.services.managers.ClientSessionCode; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.ResourceAdminManager; -import org.keycloak.services.managers.TokenManager; import org.keycloak.services.managers.UserManager; import org.keycloak.services.resources.flows.Flows; import org.keycloak.services.resources.flows.Urls; @@ -56,7 +56,6 @@ import javax.ws.rs.core.UriInfo; import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; -import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Set; @@ -896,7 +895,7 @@ public class UsersResource { UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", false); //audit.session(userSession); ClientSessionModel clientSession = session.sessions().createClientSession(realm, client); - clientSession.setAuthMethod(OpenIDConnect.LOGIN_PAGE_PROTOCOL); + clientSession.setAuthMethod(OpenIDConnect.LOGIN_PROTOCOL); clientSession.setRedirectUri(redirect); clientSession.setUserSession(userSession); ClientSessionCode accessCode = new ClientSessionCode(realm, clientSession); diff --git a/services/src/main/java/org/keycloak/services/resources/flows/SocialRedirectFlows.java b/services/src/main/java/org/keycloak/services/resources/flows/SocialRedirectFlows.java index 8aa642a068..37d37f08eb 100755 --- a/services/src/main/java/org/keycloak/services/resources/flows/SocialRedirectFlows.java +++ b/services/src/main/java/org/keycloak/services/resources/flows/SocialRedirectFlows.java @@ -1,13 +1,9 @@ package org.keycloak.services.resources.flows; import org.keycloak.ClientConnection; -import org.keycloak.jose.jws.JWSBuilder; import org.keycloak.models.ClientSessionModel; import org.keycloak.models.RealmModel; -import org.keycloak.models.UserModel; import org.keycloak.services.managers.ClientSessionCode; -import org.keycloak.services.resources.SocialResource; -import org.keycloak.services.util.CookieHelper; import org.keycloak.social.AuthRequest; import org.keycloak.social.SocialProvider; import org.keycloak.social.SocialProviderConfig; diff --git a/services/src/main/java/org/keycloak/services/resources/flows/Urls.java b/services/src/main/java/org/keycloak/services/resources/flows/Urls.java index 5d61f14cc3..a12349532f 100755 --- a/services/src/main/java/org/keycloak/services/resources/flows/Urls.java +++ b/services/src/main/java/org/keycloak/services/resources/flows/Urls.java @@ -21,9 +21,9 @@ */ package org.keycloak.services.resources.flows; +import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.services.resources.AccountService; import org.keycloak.services.resources.LoginActionsService; -import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.services.resources.RealmsResource; import org.keycloak.services.resources.SocialResource; import org.keycloak.services.resources.ThemeResource; diff --git a/social/core/src/main/java/org/keycloak/social/AuthRequest.java b/social/core/src/main/java/org/keycloak/social/AuthRequest.java index 1efce3560f..57edcb82e8 100755 --- a/social/core/src/main/java/org/keycloak/social/AuthRequest.java +++ b/social/core/src/main/java/org/keycloak/social/AuthRequest.java @@ -25,8 +25,6 @@ import java.io.UnsupportedEncodingException; import java.net.URI; import java.net.URISyntaxException; import java.net.URLEncoder; -import java.util.HashMap; -import java.util.Map; /** * @author Stian Thorgersen diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/DummyUserFederationProviderFactory.java b/testsuite/integration/src/main/java/org/keycloak/testutils/DummyUserFederationProviderFactory.java index 2809544673..60229b1736 100755 --- a/testsuite/integration/src/main/java/org/keycloak/testutils/DummyUserFederationProviderFactory.java +++ b/testsuite/integration/src/main/java/org/keycloak/testutils/DummyUserFederationProviderFactory.java @@ -7,6 +7,7 @@ import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.UserFederationProvider; import org.keycloak.models.UserFederationProviderFactory; import org.keycloak.models.UserFederationProviderModel; + import java.util.Date; import java.util.HashSet; import java.util.Set; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java index 3f0279d106..0a3f6c36f8 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java @@ -8,10 +8,10 @@ import org.junit.Assert; import org.junit.rules.TestRule; import org.junit.runners.model.Statement; import org.keycloak.Config; -import org.keycloak.events.EventListenerProvider; -import org.keycloak.events.EventListenerProviderFactory; import org.keycloak.events.Details; import org.keycloak.events.Event; +import org.keycloak.events.EventListenerProvider; +import org.keycloak.events.EventListenerProviderFactory; import org.keycloak.events.EventType; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java index 297b6ab6eb..5fd7ad7aea 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java @@ -37,9 +37,9 @@ import org.keycloak.RSATokenVerifier; import org.keycloak.VerificationException; import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.crypto.RSAProvider; +import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.representations.AccessToken; import org.keycloak.representations.RefreshToken; -import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.util.BasicAuthHelper; import org.keycloak.util.PemUtils; import org.openqa.selenium.By; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java index 3ce90ddd2b..8ee9330898 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java @@ -25,7 +25,6 @@ import org.junit.After; import org.junit.Assert; import org.junit.Before; import org.junit.ClassRule; -import org.junit.Ignore; import org.junit.Rule; import org.junit.Test; import org.keycloak.events.Details; @@ -43,7 +42,6 @@ import org.keycloak.services.resources.AccountService; import org.keycloak.services.resources.RealmsResource; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.Retry; import org.keycloak.testsuite.pages.AccountLogPage; import org.keycloak.testsuite.pages.AccountPasswordPage; import org.keycloak.testsuite.pages.AccountSessionsPage; @@ -62,8 +60,6 @@ import org.openqa.selenium.By; import org.openqa.selenium.WebDriver; import javax.ws.rs.core.UriBuilder; -import java.util.Collections; -import java.util.Iterator; import java.util.LinkedList; import java.util.List; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java index 0060eabaa0..ce0d51f76a 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java @@ -35,12 +35,12 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; +import org.keycloak.protocol.oidc.OpenIDConnectService; +import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.AccessToken; import org.keycloak.representations.adapters.action.SessionStats; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.managers.RealmManager; -import org.keycloak.services.managers.TokenManager; -import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.services.resources.admin.AdminRoot; import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.pages.LoginPage; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java index 06bc36b86e..228461c083 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java @@ -32,12 +32,12 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; +import org.keycloak.protocol.oidc.OpenIDConnectService; +import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.AccessToken; import org.keycloak.representations.adapters.action.SessionStats; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.managers.RealmManager; -import org.keycloak.services.managers.TokenManager; -import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.services.resources.admin.AdminRoot; import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.pages.LoginPage; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java index 49424112a8..b118f5cbb9 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java @@ -31,12 +31,12 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; +import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.AccessToken; import org.keycloak.representations.idm.ApplicationRepresentation; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.managers.RealmManager; -import org.keycloak.services.managers.TokenManager; import org.keycloak.services.resources.admin.AdminRoot; import org.keycloak.testsuite.rule.AbstractKeycloakRule; import org.keycloak.testutils.KeycloakServer; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java old mode 100644 new mode 100755 index 2b2d70f4d0..921c9ab831 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java @@ -9,9 +9,7 @@ import javax.ws.rs.ClientErrorException; import javax.ws.rs.core.Response; import java.util.List; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.fail; +import static org.junit.Assert.*; /** * @author Stian Thorgersen diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java old mode 100644 new mode 100755 index 4f3a206915..e985421d09 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java @@ -5,8 +5,8 @@ import org.junit.Assert; import org.junit.Before; import org.junit.ClassRule; import org.junit.Test; -import org.keycloak.events.EventStoreProvider; import org.keycloak.events.Event; +import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventType; import org.keycloak.models.KeycloakSession; import org.keycloak.testsuite.rule.KeycloakRule; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/FederationProvidersIntegrationTest.java index 298ebd5b7b..8f94592b63 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/FederationProvidersIntegrationTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/FederationProvidersIntegrationTest.java @@ -3,7 +3,6 @@ package org.keycloak.testsuite.forms; import org.junit.Assert; import org.junit.ClassRule; import org.junit.FixMethodOrder; -import org.junit.Ignore; import org.junit.Rule; import org.junit.Test; import org.junit.rules.RuleChain; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java index f22458863b..0bb825f1f6 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java @@ -29,7 +29,6 @@ import org.keycloak.OAuth2Constants; import org.keycloak.events.Details; import org.keycloak.events.Event; import org.keycloak.models.BrowserSecurityHeaders; -import org.keycloak.models.PasswordPolicy; import org.keycloak.models.RealmModel; import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserModel; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SyncProvidersTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SyncProvidersTest.java old mode 100644 new mode 100755 index d629996dd7..7ec43e65d8 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SyncProvidersTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SyncProvidersTest.java @@ -1,8 +1,5 @@ package org.keycloak.testsuite.forms; -import java.util.HashMap; -import java.util.Map; - import org.junit.Assert; import org.junit.ClassRule; import org.junit.FixMethodOrder; @@ -20,8 +17,8 @@ import org.keycloak.models.UserFederationProvider; import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserProvider; -import org.keycloak.services.managers.UsersSyncManager; import org.keycloak.services.managers.RealmManager; +import org.keycloak.services.managers.UsersSyncManager; import org.keycloak.testsuite.rule.KeycloakRule; import org.keycloak.testsuite.rule.LDAPRule; import org.keycloak.testutils.DummyUserFederationProviderFactory; @@ -30,6 +27,9 @@ import org.keycloak.timer.TimerProvider; import org.picketlink.idm.PartitionManager; import org.picketlink.idm.model.basic.User; +import java.util.HashMap; +import java.util.Map; + /** * @author Marek Posolda */ diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthenticationManagerTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthenticationManagerTest.java index 95c3552e18..d43e636a92 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthenticationManagerTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthenticationManagerTest.java @@ -18,7 +18,6 @@ import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus; import org.keycloak.services.managers.BruteForceProtector; -import org.keycloak.services.managers.RealmManager; import javax.ws.rs.core.MultivaluedMap; import java.util.UUID; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java index 370e19525a..144cc46a0e 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java @@ -26,18 +26,18 @@ import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.keycloak.OAuth2Constants; +import org.keycloak.enums.SslRequired; import org.keycloak.events.Details; import org.keycloak.events.Errors; import org.keycloak.events.Event; -import org.keycloak.enums.SslRequired; import org.keycloak.models.ApplicationModel; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; +import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.representations.AccessToken; import org.keycloak.services.managers.RealmManager; -import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.OAuthClient.AccessTokenResponse; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java index 9ac958620a..83769785b6 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java @@ -109,7 +109,7 @@ public class AuthorizationCodeTest { String code = driver.findElement(By.id(OAuth2Constants.CODE)).getText(); keycloakRule.verifyCode(code); - String codeId = events.expectLogin().detail(Details.REDIRECT_URI, "http://localhost:8081/auth/realms/test/tokens/oauth/oob").assertEvent().getDetails().get(Details.CODE_ID); + String codeId = events.expectLogin().detail(Details.REDIRECT_URI, "http://localhost:8081/auth/realms/test/protocol/openid-connect/oauth/oob").assertEvent().getDetails().get(Details.CODE_ID); assertCode(codeId, code); keycloakRule.update(new KeycloakRule.KeycloakSetup() { @@ -141,7 +141,7 @@ public class AuthorizationCodeTest { events.expectLogin().error("rejected_by_user").user((String) null).session((String) null) .removeDetail(Details.USERNAME).removeDetail(Details.CODE_ID) - .detail(Details.REDIRECT_URI, "http://localhost:8081/auth/realms/test/tokens/oauth/oob") + .detail(Details.REDIRECT_URI, "http://localhost:8081/auth/realms/test/protocol/openid-connect/oauth/oob") .assertEvent().getDetails().get(Details.CODE_ID); keycloakRule.update(new KeycloakRule.KeycloakSetup() { diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java index ada75b530b..803133ea0e 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java @@ -26,16 +26,16 @@ import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.keycloak.OAuth2Constants; +import org.keycloak.enums.SslRequired; import org.keycloak.events.Details; import org.keycloak.events.Errors; import org.keycloak.events.Event; -import org.keycloak.enums.SslRequired; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserSessionModel; +import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.representations.AccessToken; import org.keycloak.representations.RefreshToken; -import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.OAuthClient.AccessTokenResponse; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/perf/AccessTokenPerfTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/perf/AccessTokenPerfTest.java index b7401d56a6..599247b388 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/perf/AccessTokenPerfTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/perf/AccessTokenPerfTest.java @@ -34,8 +34,8 @@ import org.junit.ClassRule; import org.junit.Test; import org.keycloak.OAuth2Constants; import org.keycloak.adapters.HttpClientBuilder; -import org.keycloak.services.resources.LoginActionsService; import org.keycloak.protocol.oidc.OpenIDConnectService; +import org.keycloak.services.resources.LoginActionsService; import org.keycloak.testsuite.Constants; import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.OAuthClient.AccessTokenResponse; diff --git a/testsuite/performance-web/src/main/java/org/keycloak/testsuite/performance/web/OAuthClient.java b/testsuite/performance-web/src/main/java/org/keycloak/testsuite/performance/web/OAuthClient.java index 6d43b8924a..6b1a51badd 100755 --- a/testsuite/performance-web/src/main/java/org/keycloak/testsuite/performance/web/OAuthClient.java +++ b/testsuite/performance-web/src/main/java/org/keycloak/testsuite/performance/web/OAuthClient.java @@ -16,9 +16,9 @@ import org.keycloak.RSATokenVerifier; import org.keycloak.VerificationException; import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.crypto.RSAProvider; +import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.representations.AccessToken; import org.keycloak.representations.RefreshToken; -import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.util.BasicAuthHelper; import javax.servlet.http.HttpServletRequest; From 546d45b009700531fc5f48264974d882ecc9579e Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Wed, 1 Oct 2014 10:38:42 -0400 Subject: [PATCH 2/4] protocol abstraction --- .../en-US/modules/MigrationFromOlderVersions.xml | 14 ++++++++++++-- .../protocol/oidc/OpenIDConnectService.java | 2 +- .../keycloak/services/resources/flows/Urls.java | 3 ++- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml index ea018955fb..777378947f 100755 --- a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml +++ b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml @@ -1,11 +1,21 @@ Migration from older versions + + Migrating from 1.0.x.Final to 1.1.Beta1 + + UserSessionModel JPA and Mongo storage schema has changed as these interfaces have been refactored + + Upgrade your adapters as REST API has changed. We're still supporting older adapters for now, but in future + versions this backward compatibility will be removed. + + + Migrating from 1.0 RC-1 to RC-2 A lot of info level logging has been changed to debug. Also, a realm no longer has the jboss-logging audit listener by default. - If you want log output when users login, logout, change passwords, etc. enable the jboss-logging audit listener through the admin console. - + If you want log output when users login, logout, change passwords, etc. enable the jboss-logging audit listener through the admin console. + Migrating from 1.0 Beta 4 to RC-1 diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java index 5c923113e3..674f59427a 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java @@ -114,7 +114,7 @@ public class OpenIDConnectService { } public static UriBuilder tokenServiceBaseUrl(UriBuilder baseUriBuilder) { - return baseUriBuilder.path(RealmsResource.class).path(RealmsResource.class, "getTokenService"); + return baseUriBuilder.path(RealmsResource.class).path("{realm}/protocol/" + OpenIDConnect.LOGIN_PROTOCOL); } public static UriBuilder accessCodeToTokenUrl(UriInfo uriInfo) { diff --git a/services/src/main/java/org/keycloak/services/resources/flows/Urls.java b/services/src/main/java/org/keycloak/services/resources/flows/Urls.java index a12349532f..af0efa4e64 100755 --- a/services/src/main/java/org/keycloak/services/resources/flows/Urls.java +++ b/services/src/main/java/org/keycloak/services/resources/flows/Urls.java @@ -21,6 +21,7 @@ */ package org.keycloak.services.resources.flows; +import org.keycloak.protocol.oidc.OpenIDConnect; import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.services.resources.AccountService; import org.keycloak.services.resources.LoginActionsService; @@ -186,7 +187,7 @@ public class Urls { } private static UriBuilder tokenBase(URI baseUri) { - return realmBase(baseUri).path(RealmsResource.class, "getTokenService"); + return realmBase(baseUri).path("{realm}/protocol/" + OpenIDConnect.LOGIN_PROTOCOL); } private static UriBuilder themeBase(URI baseUri) { From cbc383d4949977fdfe386ba7ab80167df9f0ce3d Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Wed, 1 Oct 2014 14:19:59 -0400 Subject: [PATCH 3/4] finish protocol refactoring --- .../protocol/oidc/OpenIDConnectService.java | 116 ++++++------------ .../services/resources/AccountService.java | 2 +- .../resources/LoginActionsService.java | 74 ++++++++++- .../services/resources/flows/Urls.java | 10 +- .../testsuite/account/AccountTest.java | 13 +- 5 files changed, 119 insertions(+), 96 deletions(-) diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java index 674f59427a..71d7b199d3 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java @@ -631,7 +631,6 @@ public class OpenIDConnectService { * */ private class FrontPageInitializer { - protected String code; protected String clientId; protected String redirect; protected String state; @@ -642,11 +641,7 @@ public class OpenIDConnectService { protected ClientSessionModel clientSession; public Response processInput() { - if (code != null) { - event.detail(Details.CODE_ID, code); - } else { - event.client(clientId).detail(Details.REDIRECT_URI, redirect).detail(Details.RESPONSE_TYPE, "code"); - } + event.client(clientId).detail(Details.REDIRECT_URI, redirect).detail(Details.RESPONSE_TYPE, "code"); if (!checkSsl()) { event.error(Errors.SSL_REQUIRED); return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "HTTPS required"); @@ -657,65 +652,43 @@ public class OpenIDConnectService { } clientSession = null; - if (code != null) { - ClientSessionCode clientCode = ClientSessionCode.parse(code, session, realm); - if (clientCode == null) { - event.error(Errors.INVALID_CODE); - return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Unknown code, please login again through your application."); - } - if (!clientCode.isValid(ClientSessionModel.Action.AUTHENTICATE)) { - event.error(Errors.INVALID_CODE); - return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid code, please login again through your application."); - } - clientSession = clientCode.getClientSession(); - if (!clientSession.getAuthMethod().equals(OpenIDConnect.LOGIN_PROTOCOL)) { - event.error(Errors.INVALID_CODE); - return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid protocol, please login again through your application."); - } - state = clientSession.getNote(OpenIDConnect.STATE_PARAM); - scopeParam = clientSession.getNote(OpenIDConnect.SCOPE_PARAM); - responseType = clientSession.getNote(OpenIDConnect.RESPONSE_TYPE_PARAM); - loginHint = clientSession.getNote(OpenIDConnect.LOGIN_HINT_PARAM); - prompt = clientSession.getNote(OpenIDConnect.PROMPT_PARAM); - } else { - if (state == null) { - event.error(Errors.STATE_PARAM_NOT_FOUND); - return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid state param."); + if (state == null) { + event.error(Errors.STATE_PARAM_NOT_FOUND); + return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid state param."); - } - ClientModel client = realm.findClient(clientId); - if (client == null) { - event.error(Errors.CLIENT_NOT_FOUND); - return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Unknown login requester."); - } - - if (!client.isEnabled()) { - event.error(Errors.CLIENT_DISABLED); - return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Login requester not enabled."); - } - if ((client instanceof ApplicationModel) && ((ApplicationModel)client).isBearerOnly()) { - event.error(Errors.NOT_ALLOWED); - return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Bearer-only applications are not allowed to initiate browser login"); - } - if (client.isDirectGrantsOnly()) { - event.error(Errors.NOT_ALLOWED); - return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "direct-grants-only clients are not allowed to initiate browser login"); - } - redirect = verifyRedirectUri(uriInfo, redirect, realm, client); - if (redirect == null) { - event.error(Errors.INVALID_REDIRECT_URI); - return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid redirect_uri."); - } - clientSession = session.sessions().createClientSession(realm, client); - clientSession.setAuthMethod(OpenIDConnect.LOGIN_PROTOCOL); - clientSession.setRedirectUri(redirect); - clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE); - clientSession.setNote(OpenIDConnect.STATE_PARAM, state); - if (scopeParam != null) clientSession.setNote(OpenIDConnect.SCOPE_PARAM, scopeParam); - if (responseType != null) clientSession.setNote(OpenIDConnect.RESPONSE_TYPE_PARAM, responseType); - if (loginHint != null) clientSession.setNote(OpenIDConnect.LOGIN_HINT_PARAM, loginHint); - if (prompt != null) clientSession.setNote(OpenIDConnect.PROMPT_PARAM, prompt); } + ClientModel client = realm.findClient(clientId); + if (client == null) { + event.error(Errors.CLIENT_NOT_FOUND); + return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Unknown login requester."); + } + + if (!client.isEnabled()) { + event.error(Errors.CLIENT_DISABLED); + return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Login requester not enabled."); + } + if ((client instanceof ApplicationModel) && ((ApplicationModel)client).isBearerOnly()) { + event.error(Errors.NOT_ALLOWED); + return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Bearer-only applications are not allowed to initiate browser login"); + } + if (client.isDirectGrantsOnly()) { + event.error(Errors.NOT_ALLOWED); + return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "direct-grants-only clients are not allowed to initiate browser login"); + } + redirect = verifyRedirectUri(uriInfo, redirect, realm, client); + if (redirect == null) { + event.error(Errors.INVALID_REDIRECT_URI); + return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid redirect_uri."); + } + clientSession = session.sessions().createClientSession(realm, client); + clientSession.setAuthMethod(OpenIDConnect.LOGIN_PROTOCOL); + clientSession.setRedirectUri(redirect); + clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE); + clientSession.setNote(OpenIDConnect.STATE_PARAM, state); + if (scopeParam != null) clientSession.setNote(OpenIDConnect.SCOPE_PARAM, scopeParam); + if (responseType != null) clientSession.setNote(OpenIDConnect.RESPONSE_TYPE_PARAM, responseType); + if (loginHint != null) clientSession.setNote(OpenIDConnect.LOGIN_HINT_PARAM, loginHint); + if (prompt != null) clientSession.setNote(OpenIDConnect.PROMPT_PARAM, prompt); return null; } } @@ -726,7 +699,6 @@ public class OpenIDConnectService { * @See http://tools.ietf.org/html/rfc6749#section-4.1 * * - * @param code * @param responseType * @param redirect * @param clientId @@ -737,8 +709,7 @@ public class OpenIDConnectService { */ @Path("login") @GET - public Response loginPage(@QueryParam("code") String code, - @QueryParam(OpenIDConnect.RESPONSE_TYPE_PARAM) String responseType, + public Response loginPage(@QueryParam(OpenIDConnect.RESPONSE_TYPE_PARAM) String responseType, @QueryParam(OpenIDConnect.REDIRECT_URI_PARAM) String redirect, @QueryParam(OpenIDConnect.CLIENT_ID_PARAM) String clientId, @QueryParam(OpenIDConnect.SCOPE_PARAM) String scopeParam, @@ -747,7 +718,6 @@ public class OpenIDConnectService { @QueryParam(OpenIDConnect.LOGIN_HINT_PARAM) String loginHint) { event.event(EventType.LOGIN); FrontPageInitializer pageInitializer = new FrontPageInitializer(); - pageInitializer.code = code; pageInitializer.responseType = responseType; pageInitializer.redirect = redirect; pageInitializer.clientId = clientId; @@ -758,14 +728,6 @@ public class OpenIDConnectService { Response response = pageInitializer.processInput(); if (response != null) return response; ClientSessionModel clientSession = pageInitializer.clientSession; - code = pageInitializer.code; - responseType = pageInitializer.responseType; - redirect = pageInitializer.redirect; - clientId = pageInitializer.clientId ; - scopeParam = pageInitializer.scopeParam; - state = pageInitializer.state; - prompt = pageInitializer.prompt; - loginHint = pageInitializer.loginHint; @@ -822,8 +784,7 @@ public class OpenIDConnectService { */ @Path("registrations") @GET - public Response registerPage(@QueryParam("code") String code, - @QueryParam(OpenIDConnect.RESPONSE_TYPE_PARAM) String responseType, + public Response registerPage(@QueryParam(OpenIDConnect.RESPONSE_TYPE_PARAM) String responseType, @QueryParam(OpenIDConnect.REDIRECT_URI_PARAM) String redirect, @QueryParam(OpenIDConnect.CLIENT_ID_PARAM) String clientId, @QueryParam(OpenIDConnect.SCOPE_PARAM) String scopeParam, @@ -835,7 +796,6 @@ public class OpenIDConnectService { } FrontPageInitializer pageInitializer = new FrontPageInitializer(); - pageInitializer.code = code; pageInitializer.responseType = responseType; pageInitializer.redirect = redirect; pageInitializer.clientId = clientId; diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java index 99550a3b6c..3b3e3cfd80 100755 --- a/services/src/main/java/org/keycloak/services/resources/AccountService.java +++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java @@ -742,7 +742,7 @@ public class AccountService { private Response login(String path) { OAuthRedirect oauth = new OAuthRedirect(); - String authUrl = Urls.realmLoginPage(uriInfo.getBaseUri(), realm.getName()).toString(); + String authUrl = OpenIDConnectService.loginPageUrl(uriInfo).build(realm.getName()).toString(); oauth.setAuthUrl(authUrl); oauth.setClientId(Constants.ACCOUNT_MANAGEMENT_APP); diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java index 3a0e6d6df5..c6bcc8cd51 100755 --- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java +++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java @@ -22,6 +22,7 @@ package org.keycloak.services.resources; import org.jboss.logging.Logger; +import org.jboss.resteasy.specimpl.MultivaluedMapImpl; import org.jboss.resteasy.spi.HttpRequest; import org.keycloak.ClientConnection; import org.keycloak.email.EmailException; @@ -44,6 +45,7 @@ import org.keycloak.models.UserSessionModel; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.TimeBasedOTP; import org.keycloak.protocol.LoginProtocol; +import org.keycloak.protocol.oidc.OpenIDConnect; import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.PasswordToken; @@ -61,6 +63,7 @@ import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; +import javax.ws.rs.core.Cookie; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; @@ -153,6 +156,15 @@ public class LoginActionsService { Response response; boolean check(String code, ClientSessionModel.Action requiredAction) { + if (!check(code)) return false; + if (!clientCode.isValid(requiredAction)) { + event.error(Errors.INVALID_CODE); + response = Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid code, please login again through your application."); + } + return true; + } + + public boolean check(String code) { if (!checkSsl()) { event.error(Errors.SSL_REQUIRED); response = Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "HTTPS required"); @@ -169,14 +181,68 @@ public class LoginActionsService { response = Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Unknown code, please login again through your application."); return false; } - if (!clientCode.isValid(requiredAction)) { - event.error(Errors.INVALID_CODE); - response = Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid code, please login again through your application."); - } return true; } } + /** + * protocol independent login page entry point + * + * + * @param code + * @return + */ + @Path("login") + @GET + public Response loginPage(@QueryParam("code") String code) { + event.event(EventType.LOGIN); + Checks checks = new Checks(); + if (!checks.check(code)) { + return checks.response; + } + event.detail(Details.CODE_ID, code); + ClientSessionCode clientSessionCode = checks.clientCode; + ClientSessionModel clientSession = clientSessionCode.getClientSession(); + + + + LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo) + .setClientSessionCode(clientSessionCode.getCode()); + + return forms.createLogin(); + } + + /** + * protocol independent registration page entry point + * + * @param code + * @return + */ + @Path("registration") + @GET + public Response registerPage(@QueryParam("code") String code) { + event.event(EventType.REGISTER); + if (!realm.isRegistrationAllowed()) { + event.error(Errors.REGISTRATION_DISABLED); + return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Registration not allowed"); + } + + Checks checks = new Checks(); + if (!checks.check(code)) { + return checks.response; + } + event.detail(Details.CODE_ID, code); + ClientSessionCode clientSessionCode = checks.clientCode; + ClientSessionModel clientSession = clientSessionCode.getClientSession(); + + + authManager.expireIdentityCookie(realm, uriInfo, clientConnection); + + return Flows.forms(session, realm, clientSession.getClient(), uriInfo) + .setClientSessionCode(clientSessionCode.getCode()) + .createRegistration(); + } + /** * URL called after login page. YOU SHOULD NEVER INVOKE THIS DIRECTLY! * diff --git a/services/src/main/java/org/keycloak/services/resources/flows/Urls.java b/services/src/main/java/org/keycloak/services/resources/flows/Urls.java index af0efa4e64..2e4148e27f 100755 --- a/services/src/main/java/org/keycloak/services/resources/flows/Urls.java +++ b/services/src/main/java/org/keycloak/services/resources/flows/Urls.java @@ -138,10 +138,10 @@ public class Urls { } public static URI realmLoginPage(URI baseUri, String realmId) { - return tokenBase(baseUri).path(OpenIDConnectService.class, "loginPage").build(realmId); + return requiredActionsBase(baseUri).path(LoginActionsService.class, "loginPage").build(realmId); } - public static UriBuilder realmLogout(URI baseUri) { + private static UriBuilder realmLogout(URI baseUri) { return tokenBase(baseUri).path(OpenIDConnectService.class, "logout"); } @@ -150,7 +150,7 @@ public class Urls { } public static URI realmRegisterPage(URI baseUri, String realmId) { - return tokenBase(baseUri).path(OpenIDConnectService.class, "registerPage").build(realmId); + return requiredActionsBase(baseUri).path(LoginActionsService.class, "registerPage").build(realmId); } public static URI realmInstalledAppUrnCallback(URI baseUri, String realmId) { @@ -161,10 +161,6 @@ public class Urls { return requiredActionsBase(baseUri).path(LoginActionsService.class, "processConsent").build(realmId); } - public static URI realmCode(URI baseUri, String realmId) { - return tokenBase(baseUri).path(OpenIDConnectService.class, "accessCodeToToken").build(realmId); - } - public static UriBuilder socialBase(URI baseUri) { return UriBuilder.fromUri(baseUri).path(SocialResource.class); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java index 8ee9330898..4fe0131178 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java @@ -25,6 +25,7 @@ import org.junit.After; import org.junit.Assert; import org.junit.Before; import org.junit.ClassRule; +import org.junit.Ignore; import org.junit.Rule; import org.junit.Test; import org.keycloak.events.Details; @@ -156,12 +157,12 @@ public class AccountTest { }); } -// @Test -// @Ignore -// public void runit() throws Exception { -// Thread.sleep(10000000); -// -// } + @Test + @Ignore + public void runit() throws Exception { + Thread.sleep(10000000); + + } From 6cf62a27686bf296fd1625c47455b93bf8e4b99c Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Wed, 1 Oct 2014 14:57:52 -0400 Subject: [PATCH 4/4] move pre-auth --- integration/js/src/main/resources/keycloak.js | 2 +- .../protocol/oidc/OpenIDConnectService.java | 77 ++++++++++++++++--- .../managers/AuthenticationManager.java | 18 +++++ .../services/resources/RealmsResource.java | 57 +++----------- 4 files changed, 96 insertions(+), 58 deletions(-) diff --git a/integration/js/src/main/resources/keycloak.js b/integration/js/src/main/resources/keycloak.js index 82f92d2410..d412f198c1 100755 --- a/integration/js/src/main/resources/keycloak.js +++ b/integration/js/src/main/resources/keycloak.js @@ -585,7 +585,7 @@ promise.setSuccess(); } - var src = getRealmUrl() + '/login-status-iframe.html?client_id=' + encodeURIComponent(kc.clientId) + '&origin=' + getOrigin(); + var src = getRealmUrl() + '/protocol/openid-connect/login-status-iframe.html?client_id=' + encodeURIComponent(kc.clientId) + '&origin=' + getOrigin(); iframe.setAttribute('src', src ); iframe.style.display = 'none'; document.body.appendChild(iframe); diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java index 71d7b199d3..7ee021b9a7 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java @@ -7,8 +7,10 @@ import org.jboss.resteasy.spi.BadRequestException; import org.jboss.resteasy.spi.HttpRequest; import org.jboss.resteasy.spi.HttpResponse; import org.jboss.resteasy.spi.NotAcceptableException; +import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.UnauthorizedException; import org.keycloak.ClientConnection; +import org.keycloak.Config; import org.keycloak.OAuth2Constants; import org.keycloak.OAuthErrorException; import org.keycloak.RSATokenVerifier; @@ -33,12 +35,14 @@ import org.keycloak.services.ForbiddenException; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus; import org.keycloak.services.managers.ClientSessionCode; +import org.keycloak.services.managers.RealmManager; import org.keycloak.services.resources.Cors; import org.keycloak.services.resources.RealmsResource; import org.keycloak.services.resources.flows.Flows; import org.keycloak.services.resources.flows.Urls; import org.keycloak.util.Base64Url; import org.keycloak.util.BasicAuthHelper; +import org.keycloak.util.StreamUtil; import javax.ws.rs.Consumes; import javax.ws.rs.GET; @@ -46,8 +50,10 @@ import javax.ws.rs.HeaderParam; import javax.ws.rs.OPTIONS; import javax.ws.rs.POST; import javax.ws.rs.Path; +import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; +import javax.ws.rs.core.CacheControl; import javax.ws.rs.core.Context; import javax.ws.rs.core.Cookie; import javax.ws.rs.core.HttpHeaders; @@ -58,6 +64,8 @@ import javax.ws.rs.core.SecurityContext; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; import javax.ws.rs.ext.Providers; +import java.io.IOException; +import java.io.InputStream; import java.net.URI; import java.util.HashMap; import java.util.HashSet; @@ -169,6 +177,64 @@ public class OpenIDConnectService { return uriBuilder.path(OpenIDConnectService.class, "refreshAccessToken"); } + /** + * + * + * @param client_id + * @param origin + * @return + */ + @Path("login-status-iframe.html") + @GET + @Produces(MediaType.TEXT_HTML) + public Response getLoginStatusIframe(@QueryParam("client_id") String client_id, + @QueryParam("origin") String origin) { + ClientModel client = realm.findClient(client_id); + if (client == null) { + throw new NotFoundException("could not find client: " + client_id); + } + + InputStream is = getClass().getClassLoader().getResourceAsStream("login-status-iframe.html"); + if (is == null) throw new NotFoundException("Could not find login-status-iframe.html "); + + boolean valid = false; + for (String o : client.getWebOrigins()) { + if (o.equals("*") || o.equals(origin)) { + valid = true; + break; + } + } + + for (String r : OpenIDConnectService.resolveValidRedirects(uriInfo, client.getRedirectUris())) { + int i = r.indexOf('/', 8); + if (i != -1) { + r = r.substring(0, i); + } + + if (r.equals(origin)) { + valid = true; + break; + } + } + + if (!valid) { + throw new BadRequestException("Invalid origin"); + } + + try { + String file = StreamUtil.readString(is); + file = file.replace("ORIGIN", origin); + + CacheControl cacheControl = new CacheControl(); + cacheControl.setNoTransform(false); + cacheControl.setMaxAge(Config.scope("theme").getInt("staticMaxAge", -1)); + + return Response.ok(file).cacheControl(cacheControl).build(); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + /** * Direct grant REST invocation. One stop call to obtain an access token. @@ -730,15 +796,8 @@ public class OpenIDConnectService { ClientSessionModel clientSession = pageInitializer.clientSession; - - AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, uriInfo, clientConnection, headers); - if (authResult != null) { - UserModel user = authResult.getUser(); - UserSessionModel userSession = authResult.getSession(); - TokenManager.attachClientSession(userSession, clientSession); - event.user(user).session(userSession).detail(Details.AUTH_METHOD, "sso"); - return authManager.nextActionAfterAuthentication(session, userSession, clientSession, clientConnection, request, uriInfo, event); - } + response = authManager.checkNonFormAuthentication(session, clientSession, realm, uriInfo, request, clientConnection, headers, event); + if (response != null) return response; if (prompt != null && prompt.equals("none")) { OpenIDConnect oauth = new OpenIDConnect(session, realm, request, uriInfo, clientConnection); diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index 2457705fb1..20616876fc 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -23,6 +23,7 @@ import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.protocol.LoginProtocol; +import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.AccessToken; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.services.resources.RealmsResource; @@ -193,6 +194,23 @@ public class AuthenticationManager { return authResult; } + public Response checkNonFormAuthentication(KeycloakSession session, ClientSessionModel clientSession, RealmModel realm, UriInfo uriInfo, + HttpRequest request, + ClientConnection clientConnection, HttpHeaders headers, + EventBuilder event) { + AuthResult authResult = authenticateIdentityCookie(session, realm, uriInfo, clientConnection, headers, true); + if (authResult != null) { + UserModel user = authResult.getUser(); + UserSessionModel userSession = authResult.getSession(); + TokenManager.attachClientSession(userSession, clientSession); + event.user(user).session(userSession).detail(Details.AUTH_METHOD, "sso"); + return nextActionAfterAuthentication(session, userSession, clientSession, clientConnection, request, uriInfo, event); + } + return null; + } + + + public static Response redirectAfterSuccessfulFlow(KeycloakSession session, RealmModel realm, UserSessionModel userSession, ClientSessionModel clientSession, HttpRequest request, UriInfo uriInfo, ClientConnection clientConnection) { diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index dfe3c9ccb0..785b1014ac 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -14,6 +14,7 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.protocol.LoginProtocol; import org.keycloak.protocol.LoginProtocolFactory; +import org.keycloak.protocol.oidc.OpenIDConnect; import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.BruteForceProtector; @@ -76,65 +77,25 @@ public class RealmsResource { return base.path(RealmsResource.class).path(RealmsResource.class, "getAccountService"); } - /** - * - * - * @param name - * @param client_id - * @return - */ @Path("{realm}/login-status-iframe.html") @GET @Produces(MediaType.TEXT_HTML) + @Deprecated public Response getLoginStatusIframe(final @PathParam("realm") String name, @QueryParam("client_id") String client_id, @QueryParam("origin") String origin) { + // backward compatibility RealmManager realmManager = new RealmManager(session); RealmModel realm = locateRealm(name, realmManager); - ClientModel client = realm.findClient(client_id); - if (client == null) { - throw new NotFoundException("could not find client: " + client_id); - } + EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder(); + AuthenticationManager authManager = new AuthenticationManager(protector); - InputStream is = getClass().getClassLoader().getResourceAsStream("login-status-iframe.html"); - if (is == null) throw new NotFoundException("Could not find login-status-iframe.html "); + LoginProtocolFactory factory = (LoginProtocolFactory)session.getKeycloakSessionFactory().getProviderFactory(LoginProtocol.class, OpenIDConnect.LOGIN_PROTOCOL); + OpenIDConnectService endpoint = (OpenIDConnectService)factory.createProtocolEndpoint(realm, event, authManager); - boolean valid = false; - for (String o : client.getWebOrigins()) { - if (o.equals("*") || o.equals(origin)) { - valid = true; - break; - } - } + ResteasyProviderFactory.getInstance().injectProperties(endpoint); + return endpoint.getLoginStatusIframe(client_id, origin); - for (String r : OpenIDConnectService.resolveValidRedirects(uriInfo, client.getRedirectUris())) { - int i = r.indexOf('/', 8); - if (i != -1) { - r = r.substring(0, i); - } - - if (r.equals(origin)) { - valid = true; - break; - } - } - - if (!valid) { - throw new BadRequestException("Invalid origin"); - } - - try { - String file = StreamUtil.readString(is); - file = file.replace("ORIGIN", origin); - - CacheControl cacheControl = new CacheControl(); - cacheControl.setNoTransform(false); - cacheControl.setMaxAge(Config.scope("theme").getInt("staticMaxAge", -1)); - - return Response.ok(file).cacheControl(cacheControl).build(); - } catch (IOException e) { - throw new RuntimeException(e); - } } @Path("{realm}/protocol/{protocol}")