libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #19 from patriot1burke/master

Browse source 
nav, resource, req creds
This commit is contained in:
Bill Burke 2013-08-04 16:34:20 -07:00
commit 52f84175ea
33 changed files with 566 additions and 418 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
View file

@ -21,6 +21,8 @@ public class RealmRepresentation {
protected String publicKey;
protected List<RoleRepresentation> roles;
protected List<RequiredCredentialRepresentation> requiredCredentials;
protected List<RequiredCredentialRepresentation> requiredResourceCredentials;
protected List<RequiredCredentialRepresentation> requiredOAuthClientCredentials;
protected List<UserRepresentation> users;
protected List<RoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings;
@ -147,6 +149,22 @@ public class RealmRepresentation {
this.requiredCredentials = requiredCredentials;
}
public List<RequiredCredentialRepresentation> getRequiredResourceCredentials() {
return requiredResourceCredentials;
}
public void setRequiredResourceCredentials(List<RequiredCredentialRepresentation> requiredResourceCredentials) {
this.requiredResourceCredentials = requiredResourceCredentials;
}
public List<RequiredCredentialRepresentation> getRequiredOAuthClientCredentials() {
return requiredOAuthClientCredentials;
}
public void setRequiredOAuthClientCredentials(List<RequiredCredentialRepresentation> requiredOAuthClientCredentials) {
this.requiredOAuthClientCredentials = requiredOAuthClientCredentials;
}
public int getAccessCodeLifespan() {
return accessCodeLifespan;
}

25
core/src/main/java/org/keycloak/representations/idm/ResourceRepresentation.java
View file

@ -11,10 +11,12 @@ import java.util.Set;
*/
public class ResourceRepresentation {
protected String self; // link
protected String id;
protected String name;
protected String adminUrl;
protected boolean surrogateAuthRequired;
protected boolean useRealmMappings;
protected boolean enabled;
protected List<CredentialRepresentation> credentials;
protected List<RoleRepresentation> roles;
protected List<RoleMappingRepresentation> roleMappings;
@ -28,6 +30,14 @@ public class ResourceRepresentation {
this.self = self;
}
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getName() {
return name;
}
@ -36,6 +46,14 @@ public class ResourceRepresentation {
this.name = name;
}
public boolean isEnabled() {
return enabled;
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
public boolean isSurrogateAuthRequired() {
return surrogateAuthRequired;
}
@ -52,6 +70,13 @@ public class ResourceRepresentation {
this.roles = roles;
}
public ResourceRepresentation role(RoleRepresentation role) {
if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
this.roles.add(role);
return this;
}
public ResourceRepresentation role(String role, String description) {
if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
this.roles.add(new RoleRepresentation(role, description));

16
examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
View file

@ -14,6 +14,20 @@
"secret" : true
}
],
"requiredResourceCredentials" : [
{
"type" : "Password",
"input" : true,
"secret" : true
}
],
"requiredOAuthClientCredentials" : [
{
"type" : "Password",
"input" : true,
"secret" : true
}
],
"users" : [
{
"username" : "bburke@redhat.com",
@ -58,6 +72,7 @@
"resources" : [
{
"name" : "customer-portal",
"enabled" : true,
"adminUrl" : "http://localhost:8080/customer-portal/j_admin_request",
"useRealmMappings" : true,
"credentials" : [
@ -67,6 +82,7 @@
},
{
"name" : "product-portal",
"enabled" : true,
"adminUrl" : "http://localhost:8080/product-portal/j_admin_request",
"useRealmMappings" : true,
"credentials" : [

41
examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
View file

@ -4,6 +4,7 @@ var module = angular.module('keycloak.controllers', [ 'keycloak.services' ]);
var realmslist = {};
module.controller('GlobalCtrl', function($scope, $http, Auth, $location, Notifications) {
$scope.addMessage = function() {
Notifications.success("test");
@ -152,20 +153,30 @@ module.controller('ApplicationDetailCtrl', function($scope, application, Applica
});
module.controller('RealmListCtrl', function($scope, Realm) {
module.controller('RealmListCtrl', function($scope, Realm, Current) {
$scope.realms = Realm.get();
realmslist = $scope.realms;
Current.realms = $scope.realms;
});
module.controller('RealmDropdownCtrl', function($scope, Realm) {
module.controller('RealmDropdownCtrl', function($scope, Realm, Current, $location) {
console.log('test log writing');
realmslist = Realm.get();
$scope.realmslist = function() {
return realmslist;
Current.realms = Realm.get();
$scope.current = Current;
$scope.changeRealm = function() {
console.log('select box changed');
for (var id in Current.realms) {
var val = Current.realms[id];
console.log('checking: ' + val);
if (val == Current.realm) {
console.log("redirect to: /realms/" + id);
$location.url("/realms/" + id);
break;
}
}
};
});
module.controller('RealmDetailCtrl', function($scope, Realm, realm, $location, Dialog, Notifications) {
module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $location, Dialog, Notifications) {
$scope.realm = angular.copy(realm);
$scope.createRealm = !realm.id;
@ -260,13 +271,21 @@ module.controller('RealmDetailCtrl', function($scope, Realm, realm, $location, D
Realm.save(realmCopy, function(data, headers) {
var l = headers().location;
var id = l.substring(l.lastIndexOf("/") + 1);
realmslist = Realm.get();
$location.url("/realms/" + id);
var data = Realm.get(function() {
Current.realms = data;
Current.realm = Current.realms[id];
console.log('Current.realms[id]: ' + Current.realms[id]);
console.log('data[id]: ' + data[id]);
console.log('Current.realm.name: ' + Current.realm.name);
});
$location.url("/realms/" + id);
Notifications.success("Created realm");
});
} else {
Realm.update(realmCopy, function() {
realmslist = Realm.get();
Current.realms = Realm.get();
$scope.changed = false;
realm = angular.copy($scope.realm);
Notifications.success("Saved changes to realm");
@ -290,7 +309,7 @@ module.controller('RealmDetailCtrl', function($scope, Realm, realm, $location, D
$scope.remove = function() {
Dialog.confirmDelete($scope.realm.name, 'realm', function() {
Realm.remove($scope.realm, function() {
realmslist = Realm.get();
Current.realms = Realm.get();
$location.url("/realms");
Notifications.success("Deleted realm");
});

7
examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
View file

@ -158,3 +158,10 @@ module.factory('Role', function($resource) {
}
});
});
module.factory('Current', function($resource) {
return {
realm : null,
realms : {}
};
});

20
examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/menu.html
View file

@ -3,32 +3,36 @@
<div class="container">
<div class="nav-collapse">
<nav id="global-nav">
<div data-ng-controller="RealmDropdownCtrl">
<div data-ng-controller="RealmDropdownCtrl" > <!--
<ul class="nav pull-left" data-ng-show="auth.loggedIn">
<li class="dropdown"><a data-toggle="dropdown" class="dropdown-toggle" href="#"> Realms <i class="caret"></i></a>
<ul class="dropdown-menu">
<li ng-repeat="(id, name) in realmslist()"><a href="#/realms/{{id}}">{{name}}</a>
<li ng-repeat="(id, name) in current.realms"><a href="#/realms/{{id}}">{{name}}</a>
</li>
</ul>
</li>
</ul>
</ul> -->
<h3 data-ng-show="auth.loggedIn"><span class="gray pull-left">Realm: </span></h3>
<select class="nav pull-left" data-ng-show="auth.loggedIn" ng-change="changeRealm()" ng-model="current.realm" ng-options="name for (id, name) in current.realms">
</select>
<!-- <select class="nav pull-left" ng-options="r.name for r in current.realms"></select> -->
</div>
<ul class="nav">
<li class="divider-vertical-left" data-ng-class="path[0] == 'realms' && 'active'"
data-ng-show="auth.loggedIn"><a href="#/create/realm">New Realm</a></li>
</ul>
<ul class="nav pull-right" data-ng-hide="auth.loggedIn">
<li><a href="/auth-server/saas/saas-login.jsp">Login</a></li>
<li><a href="/auth-server/saas/saas-register.jsp">Register</a></li>
</ul>
<ul class="nav pull-right" data-ng-show="auth.loggedIn">
<li class="dropdown"><a data-toggle="dropdown" class="dropdown-toggle" href="#"><i
<li class="divider-vertical-left dropdown"><a data-toggle="dropdown" class="dropdown-toggle" href="#"><i
class="icon-user icon-gray"></i> Welcome: <b>{{auth.user.displayName}}</b> <i class="caret"></i></a>
<ul class="dropdown-menu">
<li><a href="/auth-server/rest/saas/logout">Sign Out</a></li>
</ul>
</li>
</ul>
<ul class="nav pull-right" data-ng-show="auth.loggedIn">
<li class="divider-vertical-left" data-ng-class="path[0] == 'realms' && 'active'"
data-ng-show="auth.loggedIn"><a href="#/create/realm">New Realm</a></li>
</ul>
</nav>
</div>
</div>

2
examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-detail.html
View file

@ -7,7 +7,7 @@
<h1 data-ng-show="createRealm"><span class="gray">New Realm</span></h1>
<h1 data-ng-hide="createRealm">
<span class="gray">{{realm.realm}}</span>
<span class="gray">Realm Settings</span>
</h1>
<div data-ng-show="realmForm.showErrors && realmForm.$error.required" class="alert alert-error">Please fill

20
examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-menu.html
View file

@ -1,21 +1,11 @@
<div data-ng-hide="createRealm">
<nav id="local-nav">
<ul class="nav nav-list">
<li>
<div>
<span class="toggle">Realm: </span> {{realm.realm}}
</div>
<ul>
<li>
<ul class="sub-items">
<li data-ng-class="!path[2] && 'active'"><a href="#/realms/{{realm.id}}">Settings</a>
</li>
<li data-ng-class="path[2] == 'users' && 'active'"><a href="#/realms/{{realm.id}}/users">Users</a>
</li>
<li data-ng-class="path[2] == 'roles' && 'active'"><a href="#/realms/{{realm.id}}/roles">Roles</a></li>
</ul>
</li>
</ul>
<li data-ng-class="!path[2] && 'active'"><a href="#/realms/{{realm.id}}">Realm Settings</a>
</li>
<li data-ng-class="path[2] == 'users' && 'active'"><a href="#/realms/{{realm.id}}/users">Realm Users</a>
</li>
<li data-ng-class="path[2] == 'roles' && 'active'"><a href="#/realms/{{realm.id}}/roles">Realm Roles</a></li>
</ul>
</nav>
</div>

3
examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-detail.html
View file

@ -7,7 +7,7 @@
<h1 data-ng-show="create"><span class="gray">New Role</span></h1>
<h1 data-ng-hide="create">
<span class="gray">Role {{role.name}}</span>
<span class="gray">Realm Role {{role.name}}</span>
</h1>
<div data-ng-show="roleForm.showErrors && roleForm.$error.required" class="alert alert-error">Please fill in
@ -49,7 +49,6 @@
</button>
<button type="submit" data-ng-click="reset()" class="btn" data-ng-show="changed">Clear changes
</button>
<a href="#/realms/{{realm.id}}/users" data-ng-hide="changed">View users &#187;</a>
<button type="submit" data-ng-click="remove()" class="btn btn-danger" data-ng-hide="changed">
Delete
</button>

2
examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-list.html
View file

@ -7,7 +7,7 @@
<a class="btn btn-small pull-right" href="#/create/role/{{realm.id}}">Add Role</a>
<h1>
<span class="gray">{{realm.realm}}</span> roles
<span class="gray">Realm Roles</span>
</h1>
<table class="table table-striped table-bordered">

75
examples/as7-eap-demo/server/src/main/webapp/saas/realm-login.html
View file

@ -1,75 +0,0 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Log in to Subway</title>
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" type="text/css" href="css/base.css">
<link rel="stylesheet" type="text/css" href="css/forms.css">
<link rel="stylesheet" type="text/css" href="css/zocial/zocial.css">
<link rel="stylesheet" type="text/css" href="css/login-screen.css">
<link rel="stylesheet" type="text/css" href='http://fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,400italic,600,600italic,700,700italic,800,800italic'>
</head>
<body class="rcue-login-register customer">
<h1><a href="#" title="Go to the home page"><img src="img/subway-logo.png" alt="Subway logo"></a></h1>
<div class="content">
<h2>Log in to <strong>Subway</strong></h2>
<p class="powered"><a href="#">Powered by Keycloak</a></p>
<div class="background-area">
<div class="form-area social clearfix">
<section class="app-form">
<h3>Application login area</h3>
<form>
<div>
<label for="username">Username</label><input type="text" id="username" autofocus>
</div>
<div>
<label for="password">Password</label><input type="password" id="password">
</div>
<div>
<label for="one-time-pswd" class="two-lines">One-time-password</label><input type="password" id="one-time-pswd">
</div>
<div class="aside-btn">
<input type="checkbox" id="remember"><label for="remember">Remember Username</label>
<p>Forgot <a href="#">Username</a> or <a href="#">Password</a>?</p>
</div>
<input type="button" value="Log In">
</form>
</section>
<section class="social-login">
<span>or</span>
<h3>Social login area</h3>
<p>Log In with</p>
<ul>
<li>
<a href="#" class="zocial facebook">
<span class="text">Facebook</span>
</a>
</li>
<li>
<a href="#" class="zocial googleplus">
<span class="text">Google</span>
</a>
</li>
<li>
<a href="#" class="zocial twitter">
<span class="text">Twitter</span>
</a>
</li>
</ul>
</section>
<section class="info-area">
<h3>Info area</h3>
<p>Does not have an account? <a href="realm-register.html">Register</a>.</p>
<ul>
<li><strong>Domain:</strong> 10.0.0.1</li>
<li><strong>Zone:</strong> Live</li>
<li><strong>Appliance:</strong> Yep</li>
</ul>
</section>
</div>
</div>
</div>
</body>
</html>

81
examples/as7-eap-demo/server/src/main/webapp/saas/realm-register.html
View file

@ -1,81 +0,0 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Register with Subway</title>
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" type="text/css" href="css/base.css">
<link rel="stylesheet" type="text/css" href="css/forms.css">
<link rel="stylesheet" type="text/css" href="css/zocial/zocial.css">
<link rel="stylesheet" type="text/css" href="css/login-screen.css">
<link rel="stylesheet" type="text/css" href='http://fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,400italic,600,600italic,700,700italic,800,800italic'>
</head>
<body class="rcue-login-register customer register">
<h1><a href="#" title="Go to the home page"><img src="img/subway-logo.png" alt="Subway logo"></a></h1>
<div class="content">
<h2>Log in to <strong>Subway</strong></h2>
<p class="powered"><a href="#">Powered by Keycloak</a></p>
<div class="background-area">
<div class="form-area social clearfix">
<section class="app-form">
<h3>Application login area</h3>
<form>
<p class="subtitle">All fields required</p>
<div>
<label for="name">Full name</label><input type="text" id="name" autofocus>
</div>
<div>
<label for="email">Email</label><input type="email" id="email">
</div>
<div>
<label for="username">Username</label><input type="text" id="username">
</div>
<div>
<label for="password">Password</label><input type="password" id="password" placeholder="At least 6 characters">
</div>
<div>
<label for="password-confirm" class="two-lines">Password confirmation</label><input type="password" id="password-confirm">
</div>
<div class="aside-btn">
<p>By registering you agree to the <a href="#">Terms of Service</a> and the <a href="#">Privacy Policy</a>.</p>
</div>
<input type="button" value="Register">
</form>
</section>
<section class="social-login">
<span>or</span>
<h3>Social login area</h3>
<p>Log In with</p>
<ul>
<li>
<a href="#" class="zocial facebook">
<span class="text">Facebook</span>
</a>
</li>
<li>
<a href="#" class="zocial googleplus">
<span class="text">Google</span>
</a>
</li>
<li>
<a href="#" class="zocial twitter">
<span class="text">Twitter</span>
</a>
</li>
</ul>
</section>
<section class="info-area">
<h3>Info area</h3>
<p>Already have an account? <a href="realm-login.html">Log in</a>.</p>
<ul>
<li><strong>Domain:</strong> 10.0.0.1</li>
<li><strong>Zone:</strong> Live</li>
<li><strong>Appliance:</strong> Yep</li>
</ul>
</section>
</div>
</div>
</div>
</body>
</html>

77
examples/as7-eap-demo/server/src/main/webapp/saas/saas-login.html
View file

@ -1,77 +0,0 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Log in to Keycloak</title>
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" type="text/css" href="css/base.css">
<link rel="stylesheet" type="text/css" href="css/forms.css">
<link rel="stylesheet" type="text/css" href="css/zocial/zocial.css">
<link rel="stylesheet" type="text/css" href="css/login-screen.css">
<link rel="stylesheet" type="text/css" href='http://fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,400italic,600,600italic,700,700italic,800,800italic'>
</head>
<body class="rcue-login-register">
<h1><a href="#" title="Go to the home page"><img src="img/red-hat-logo.png" alt="Red Hat logo"></a></h1>
<div class="content">
<h2>Log in to <strong>Keycloak</strong></h2>
<div class="background-area">
<div class="form-area social clearfix">
<section class="app-form">
<h3>Application login area</h3>
<form action="rest/saas/login" method="POST">
<div class="feedback feedback-error">
<p><font color="red"><strong>Email is not valid</strong>. Please enter a valid email address.</font></p>
</div>
<div>
<label for="username">Username</label><input type="text" id="username" autofocus>
</div>
<div>
<label for="password">Password</label><input type="password" id="password">
</div> <!--
<div>
<label for="one-time-pswd" class="two-lines">One-time-password</label><input type="password" id="one-time-pswd">
</div> -->
<div class="aside-btn">
<input type="checkbox" id="remember"><label for="remember">Remember Username</label>
<p>Forgot <a href="#">Username</a> or <a href="#">Password</a>?</p>
</div>
<input type="button" value="Log In">
</form>
</section>
<section class="social-login">
<span>or</span>
<h3>Social login area</h3>
<p>Log In with</p>
<ul>
<li>
<a href="#" class="zocial facebook">
<span class="text">Facebook</span>
</a>
</li>
<li>
<a href="#" class="zocial googleplus">
<span class="text">Google</span>
</a>
</li>
<li>
<a href="#" class="zocial twitter">
<span class="text">Twitter</span>
</a>
</li>
</ul>
</section>
<section class="info-area">
<h3>Info area</h3>
<p>Does not have an account? <a href="saas-register.html">Register</a>.</p>
<ul>
<li><strong>Domain:</strong> 10.0.0.1</li>
<li><strong>Zone:</strong> Live</li>
<li><strong>Appliance:</strong> Yep</li>
</ul>
</section>
</div>
</div>
</div>
</body>
</html>

2
examples/as7-eap-demo/server/src/main/webapp/saas/saas-login.jsp
View file

@ -67,7 +67,7 @@
</section>
<section class="info-area">
<h3>Info area</h3>
<p>Does not have an account? <a href="saas-register.html">Register</a>.</p>
<p>Does not have an account? <a href="<%=application.getContextPath()%>/saas/saas-register.jsp">Register</a>.</p>
<ul>
<li><strong>Domain:</strong> 10.0.0.1</li>
<li><strong>Zone:</strong> Live</li>

80
examples/as7-eap-demo/server/src/main/webapp/saas/saas-register.html
View file

@ -1,80 +0,0 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Register with Keycloak</title>
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" type="text/css" href="css/base.css">
<link rel="stylesheet" type="text/css" href="css/forms.css">
<link rel="stylesheet" type="text/css" href="css/zocial/zocial.css">
<link rel="stylesheet" type="text/css" href="css/login-screen.css">
<link rel="stylesheet" type="text/css" href='http://fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,400italic,600,600italic,700,700italic,800,800italic'>
</head>
<body class="rcue-login-register register">
<h1><a href="#" title="Go to the home page"><img src="img/red-hat-logo.png" alt="Red Hat logo"></a></h1>
<div class="content">
<h2>Register with <strong>Keycloak</strong></h2>
<div class="background-area">
<div class="form-area social clearfix">
<section class="app-form">
<h3>Application login area</h3>
<form>
<p class="subtitle">All fields required</p>
<div>
<label for="name">Full name</label><input type="text" id="name" autofocus>
</div>
<div>
<label for="email">Email</label><input type="email" id="email">
</div>
<div>
<label for="username">Username</label><input type="text" id="username">
</div>
<div>
<label for="password">Password</label><input type="password" id="password" placeholder="At least 6 characters">
</div>
<div>
<label for="password-confirm" class="two-lines">Password confirmation</label><input type="password" id="password-confirm">
</div>
<div class="aside-btn">
<p>By registering you agree to the <a href="#">Terms of Service</a> and the <a href="#">Privacy Policy</a>.</p>
</div>
<input type="button" value="Register">
</form>
</section>
<section class="social-login">
<span>or</span>
<h3>Social login area</h3>
<p>Log In with</p>
<ul>
<li>
<a href="#" class="zocial facebook">
<span class="text">Facebook</span>
</a>
</li>
<li>
<a href="#" class="zocial googleplus">
<span class="text">Google</span>
</a>
</li>
<li>
<a href="#" class="zocial twitter">
<span class="text">Twitter</span>
</a>
</li>
</ul>
</section>
<section class="info-area">
<h3>Info area</h3>
<p>Already have an account? <a href="saas-login.html">Log in</a>.</p>
<ul>
<li><strong>Domain:</strong> 10.0.0.1</li>
<li><strong>Zone:</strong> Live</li>
<li><strong>Appliance:</strong> Yep</li>
</ul>
</section>
</div>
</div>
</div>
</body>
</html>

2
examples/as7-eap-demo/server/src/main/webapp/saas/saas-register.jsp
View file

@ -73,7 +73,7 @@
</section>
<section class="info-area">
<h3>Info area</h3>
<p>Already have an account? <a href="saas-login.html">Log in</a>.</p>
<p>Already have an account? <a href="<%=application.getContextPath()%>/saas/saas-login.jsp">Log in</a>.</p>
<ul>
<li><strong>Domain:</strong> 10.0.0.1</li>
<li><strong>Zone:</strong> Live</li>

2
sdk-html/src/main/resources/META-INF/resources/sdk/theme/saas/login.xhtml Normal file → Executable file
View file

@ -51,7 +51,7 @@
<section class="info-area">
<h3>Info area</h3>
<p>
Does not have an account? <a href="saas-register.html">Register</a>.
No account? <a href="saas-register.html">Register</a>.
</p>
<ul>
<li><strong>Domain:</strong> 10.0.0.1</li>

11
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
View file

@ -23,6 +23,7 @@ import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.UriInfo;
import java.net.URI;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
/**
@ -203,7 +204,15 @@ public class AuthenticationManager {
public boolean authenticateForm(RealmModel realm, UserModel user, MultivaluedMap<String, String> formData) {
Set<String> types = new HashSet<String>();
for (RequiredCredentialModel credential : realm.getRequiredCredentials()) {
List<RequiredCredentialModel> requiredCredentials = null;
if (realm.hasRole(user, RealmManager.RESOURCE_ROLE)) {
requiredCredentials = realm.getResourceRequiredCredentials();
} else if (realm.hasRole(user, RealmManager.IDENTITY_REQUESTER_ROLE)) {
requiredCredentials = realm.getOAuthClientRequiredCredentials();
} else {
requiredCredentials = realm.getRequiredCredentials();
}
for (RequiredCredentialModel credential : requiredCredentials) {
types.add(credential.getType());
}

90
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -110,6 +110,20 @@ public class RealmManager {
}
}
if (rep.getRequiredResourceCredentials() != null) {
for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) {
addResourceRequiredCredential(newRealm, requiredCred);
}
}
if (rep.getRequiredOAuthClientCredentials() != null) {
for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) {
addOAuthClientRequiredCredential(newRealm, requiredCred);
}
}
if (rep.getUsers() != null) {
for (UserRepresentation userRep : rep.getUsers()) {
UserModel user = createUser(newRealm, userRep);
@ -180,68 +194,42 @@ public class RealmManager {
}
public void addRequiredCredential(RealmModel newRealm, RequiredCredentialRepresentation requiredCred) {
RequiredCredentialModel credential = initializeCred(requiredCred);
newRealm.addRequiredCredential(credential);
}
public void addResourceRequiredCredential(RealmModel newRealm, RequiredCredentialRepresentation requiredCred) {
RequiredCredentialModel credential = initializeCred(requiredCred);
newRealm.addResourceRequiredCredential(credential);
}
public void addOAuthClientRequiredCredential(RealmModel newRealm, RequiredCredentialRepresentation requiredCred) {
RequiredCredentialModel credential = initializeCred(requiredCred);
newRealm.addOAuthClientRequiredCredential(credential);
}
private RequiredCredentialModel initializeCred(RequiredCredentialRepresentation requiredCred) {
RequiredCredentialModel credential = new RequiredCredentialModel();
credential.setType(requiredCred.getType());
credential.setInput(requiredCred.isInput());
credential.setSecret(requiredCred.isSecret());
newRealm.addRequiredCredential(credential);
return credential;
}
protected void createResources(RealmRepresentation rep, RealmModel realm) {
RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE);
ResourceManager manager = new ResourceManager(this);
for (ResourceRepresentation resourceRep : rep.getResources()) {
createResource(realm, loginRole, resourceRep);
manager.createResource(realm, loginRole, resourceRep);
}
}
public void createResource(RealmModel realm, RoleModel loginRole, ResourceRepresentation resourceRep) {
ResourceModel resource = realm.addResource(resourceRep.getName());
resource.setManagementUrl(resourceRep.getAdminUrl());
resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
resource.updateResource();
UserModel resourceUser = resource.getResourceUser();
if (resourceRep.getCredentials() != null) {
for (CredentialRepresentation cred : resourceRep.getCredentials()) {
UserCredentialModel credential = new UserCredentialModel();
credential.setType(cred.getType());
credential.setValue(cred.getValue());
realm.updateCredential(resourceUser, credential);
}
}
realm.grantRole(resourceUser, loginRole);
if (resourceRep.getRoles() != null) {
for (RoleRepresentation roleRep : resourceRep.getRoles()) {
RoleModel role = resource.addRole(roleRep.getName());
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
}
}
if (resourceRep.getRoleMappings() != null) {
for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
UserModel user = realm.getUser(mapping.getUsername());
for (String roleString : mapping.getRoles()) {
RoleModel role = resource.getRole(roleString.trim());
if (role == null) {
role = resource.addRole(roleString.trim());
}
realm.grantRole(user, role);
}
}
}
if (resourceRep.getScopeMappings() != null) {
for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
UserModel user = realm.getUser(mapping.getUsername());
for (String roleString : mapping.getRoles()) {
RoleModel role = resource.getRole(roleString.trim());
if (role == null) {
role = resource.addRole(roleString.trim());
}
resource.addScope(user, role.getName());
}
}
}
if (resourceRep.isUseRealmMappings()) realm.addScope(resource.getResourceUser(), "*");
public RoleRepresentation toRepresentation(RoleModel role) {
RoleRepresentation rep = new RoleRepresentation();
rep.setId(role.getId());
rep.setName(role.getName());
rep.setDescription(role.getDescription());
return rep;
}
}

105
services/src/main/java/org/keycloak/services/managers/ResourceManager.java Executable file
View file

@ -0,0 +1,105 @@
package org.keycloak.services.managers;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.ResourceRepresentation;
import org.keycloak.representations.idm.RoleMappingRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.ScopeMappingRepresentation;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.models.UserModel;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ResourceManager {
protected RealmManager realmManager;
public ResourceManager(RealmManager realmManager) {
this.realmManager = realmManager;
}
public ResourceModel createResource(RealmModel realm, RoleModel loginRole, ResourceRepresentation resourceRep) {
ResourceModel resource = realm.addResource(resourceRep.getName());
resource.setEnabled(resourceRep.isEnabled());
resource.setManagementUrl(resourceRep.getAdminUrl());
resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
resource.updateResource();
UserModel resourceUser = resource.getResourceUser();
if (resourceRep.getCredentials() != null) {
for (CredentialRepresentation cred : resourceRep.getCredentials()) {
UserCredentialModel credential = new UserCredentialModel();
credential.setType(cred.getType());
credential.setValue(cred.getValue());
realm.updateCredential(resourceUser, credential);
}
}
realm.grantRole(resourceUser, loginRole);
if (resourceRep.getRoles() != null) {
for (RoleRepresentation roleRep : resourceRep.getRoles()) {
RoleModel role = resource.addRole(roleRep.getName());
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
}
}
if (resourceRep.getRoleMappings() != null) {
for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
UserModel user = realm.getUser(mapping.getUsername());
for (String roleString : mapping.getRoles()) {
RoleModel role = resource.getRole(roleString.trim());
if (role == null) {
role = resource.addRole(roleString.trim());
}
realm.grantRole(user, role);
}
}
}
if (resourceRep.getScopeMappings() != null) {
for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
UserModel user = realm.getUser(mapping.getUsername());
for (String roleString : mapping.getRoles()) {
RoleModel role = resource.getRole(roleString.trim());
if (role == null) {
role = resource.addRole(roleString.trim());
}
resource.addScope(user, role.getName());
}
}
}
if (resourceRep.isUseRealmMappings()) realm.addScope(resource.getResourceUser(), "*");
return resource;
}
public ResourceModel createResource(RealmModel realm, ResourceRepresentation resourceRep) {
RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE);
return createResource(realm, loginRole, resourceRep);
}
public void updateResource(ResourceRepresentation rep, ResourceModel resource) {
resource.setName(rep.getName());
resource.setEnabled(rep.isEnabled());
resource.setManagementUrl(rep.getAdminUrl());
resource.setSurrogateAuthRequired(rep.isSurrogateAuthRequired());
resource.updateResource();
}
public ResourceRepresentation toRepresentation(ResourceModel resourceModel) {
ResourceRepresentation rep = new ResourceRepresentation();
rep.setId(resourceModel.getId());
rep.setName(resourceModel.getName());
rep.setEnabled(resourceModel.isEnabled());
rep.setAdminUrl(resourceModel.getManagementUrl());
rep.setSurrogateAuthRequired(resourceModel.isSurrogateAuthRequired());
return rep;
}
}

6
services/src/main/java/org/keycloak/services/managers/TokenManager.java
View file

@ -9,14 +9,10 @@ import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.resources.RealmsResource;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.Set;
@ -135,7 +131,7 @@ public class TokenManager {
}
if (accessCodeEntry.getResourceRolesRequested().size() > 0) {
Map<String, ResourceModel> resourceMap = realm.getResourceMap();
Map<String, ResourceModel> resourceMap = realm.getResourceNameMap();
for (String resourceName : accessCodeEntry.getResourceRolesRequested().keySet()) {
ResourceModel resource = resourceMap.get(resourceName);
SkeletonKeyToken.Access access = token.addAccess(resourceName).verifyCaller(resource.isSurrogateAuthRequired());

14
services/src/main/java/org/keycloak/services/models/RealmModel.java
View file

@ -79,7 +79,7 @@ public interface RealmModel {
List<RoleModel> getRoles();
Map<String, ResourceModel> getResourceMap();
Map<String, ResourceModel> getResourceNameMap();
List<ResourceModel> getResources();
@ -100,4 +100,16 @@ public interface RealmModel {
void addRealmAdmin(UserModel agent);
RoleModel getRoleById(String id);
void addResourceRequiredCredential(RequiredCredentialModel cred);
List<RequiredCredentialModel> getResourceRequiredCredentials();
void addOAuthClientRequiredCredential(RequiredCredentialModel cred);
List<RequiredCredentialModel> getOAuthClientRequiredCredentials();
boolean hasRole(UserModel user, String role);
ResourceModel getResourceById(String id);
}

76
services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java
View file

@ -13,9 +13,11 @@ import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.models.picketlink.mappings.RealmData;
import org.keycloak.services.models.picketlink.mappings.ResourceData;
import org.keycloak.services.models.picketlink.relationships.OAuthClientRequiredCredentialRelationship;
import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship;
import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship;
import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
import org.keycloak.services.models.picketlink.relationships.ResourceRequiredCredentialRelationship;
import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.PartitionManager;
@ -252,6 +254,48 @@ public class RealmAdapter implements RealmModel {
RelationshipQuery<RequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(RequiredCredentialRelationship.class);
query.setParameter(RequiredCredentialRelationship.REALM, realm.getName());
List<RequiredCredentialRelationship> results = query.getResultList();
return getRequiredCredentialModels(results);
}
@Override
public void addResourceRequiredCredential(RequiredCredentialModel cred) {
ResourceRequiredCredentialRelationship relationship = new ResourceRequiredCredentialRelationship();
addRequiredCredential(cred, relationship);
}
@Override
public List<RequiredCredentialModel> getResourceRequiredCredentials() {
RelationshipQuery<ResourceRequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRequiredCredentialRelationship.class);
query.setParameter(ResourceRequiredCredentialRelationship.REALM, realm.getName());
List<ResourceRequiredCredentialRelationship> results = query.getResultList();
return getRequiredCredentialModels(results);
}
@Override
public void addOAuthClientRequiredCredential(RequiredCredentialModel cred) {
OAuthClientRequiredCredentialRelationship relationship = new OAuthClientRequiredCredentialRelationship();
addRequiredCredential(cred, relationship);
}
@Override
public List<RequiredCredentialModel> getOAuthClientRequiredCredentials() {
RelationshipQuery<OAuthClientRequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(OAuthClientRequiredCredentialRelationship.class);
query.setParameter(ResourceRequiredCredentialRelationship.REALM, realm.getName());
List<OAuthClientRequiredCredentialRelationship> results = query.getResultList();
return getRequiredCredentialModels(results);
}
@Override
public void addRequiredCredential(RequiredCredentialModel cred) {
RequiredCredentialRelationship relationship = new RequiredCredentialRelationship();
addRequiredCredential(cred, relationship);
}
protected List<RequiredCredentialModel> getRequiredCredentialModels(List<? extends RequiredCredentialRelationship> results) {
List<RequiredCredentialModel> rtn = new ArrayList<RequiredCredentialModel>();
for (RequiredCredentialRelationship relationship : results) {
RequiredCredentialModel model = new RequiredCredentialModel();
@ -262,10 +306,7 @@ public class RealmAdapter implements RealmModel {
}
return rtn;
}
@Override
public void addRequiredCredential(RequiredCredentialModel cred) {
RequiredCredentialRelationship relationship = new RequiredCredentialRelationship();
protected void addRequiredCredential(RequiredCredentialModel cred, RequiredCredentialRelationship relationship) {
relationship.setCredentialType(cred.getType());
relationship.setInput(cred.isInput());
relationship.setSecret(cred.isSecret());
@ -375,7 +416,7 @@ public class RealmAdapter implements RealmModel {
* @return
*/
@Override
public Map<String, ResourceModel> getResourceMap() {
public Map<String, ResourceModel> getResourceNameMap() {
Map<String, ResourceModel> resourceMap = new HashMap<String, ResourceModel>();
for (ResourceModel resource : getResources()) {
resourceMap.put(resource.getName(), resource);
@ -383,6 +424,24 @@ public class RealmAdapter implements RealmModel {
return resourceMap;
}
/**
* Makes sure that the resource returned is owned by the realm
*
* @return
*/
@Override
public ResourceModel getResourceById(String id) {
RelationshipQuery<ResourceRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRelationship.class);
query.setParameter(ResourceRelationship.REALM, realm.getName());
query.setParameter(ResourceRelationship.RESOURCE, id);
List<ResourceRelationship> results = query.getResultList();
if (results.size() == 0) return null;
ResourceData resource = partitionManager.getPartition(ResourceData.class, id);
ResourceModel model = new ResourceAdapter(resource, this, partitionManager);
return model;
}
@Override
public List<ResourceModel> getResources() {
RelationshipQuery<ResourceRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRelationship.class);
@ -422,6 +481,13 @@ public class RealmAdapter implements RealmModel {
return SampleModel.hasRole(getRelationshipManager(), ((UserAdapter) user).getUser(), ((RoleAdapter) role).getRole());
}
@Override
public boolean hasRole(UserModel user, String role) {
RoleModel roleModel = getRole(role);
return hasRole(user, roleModel);
}
@Override
public void grantRole(UserModel user, RoleModel role) {
SampleModel.grantRole(getRelationshipManager(), ((UserAdapter) user).getUser(), ((RoleAdapter) role).getRole());

8
services/src/main/java/org/keycloak/services/models/picketlink/relationships/OAuthClientRequiredCredentialRelationship.java Executable file
View file

@ -0,0 +1,8 @@
package org.keycloak.services.models.picketlink.relationships;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class OAuthClientRequiredCredentialRelationship extends RequiredCredentialRelationship {
}

1
services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRelationship.java
View file

@ -14,6 +14,7 @@ public class ResourceRelationship extends AbstractAttributedType implements Rela
private static final long serialVersionUID = 1L;
public static final AttributeParameter REALM = new AttributeParameter("realm");
public static final AttributeParameter RESOURCE = new AttributeParameter("resource");
public ResourceRelationship() {
}

8
services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRequiredCredentialRelationship.java Executable file
View file

@ -0,0 +1,8 @@
package org.keycloak.services.models.picketlink.relationships;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ResourceRequiredCredentialRelationship extends RequiredCredentialRelationship {
}

3
services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
View file

@ -1,5 +1,6 @@
package org.keycloak.services.resources;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.PublishedRealmRepresentation;
import org.keycloak.services.models.KeycloakSession;
@ -37,6 +38,7 @@ public class PublicRealmResource {
}
@GET
@NoCache
@Produces("application/json")
public PublishedRealmRepresentation getRealm(@PathParam("realm") String id) {
return new Transaction() {
@ -47,6 +49,7 @@ public class PublicRealmResource {
}
@GET
@NoCache
@Path("html")
@Produces("text/html")
public String getRealmHtml(@PathParam("realm") String id) {

2
services/src/main/java/org/keycloak/services/resources/TokenService.java
View file

@ -1,5 +1,6 @@
package org.keycloak.services.resources;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.jose.jws.JWSBuilder;
import org.jboss.resteasy.jose.jws.JWSInput;
import org.jboss.resteasy.jose.jws.crypto.RSAProvider;
@ -381,6 +382,7 @@ public class TokenService extends AbstractLoginService {
@Path("logout")
@GET
@NoCache
public Response logout(final @QueryParam("redirect_uri") String redirectUri) {
return new Transaction() {
protected Response callImpl() {

10
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
View file

@ -1,5 +1,6 @@
package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
@ -47,7 +48,13 @@ public class RealmAdminResource {
this.realm = realm;
}
@Path("resources")
public RealmResourcesResource getResources() {
return new RealmResourcesResource(admin, realm);
}
@GET
@NoCache
@Produces("application/json")
public RealmRepresentation getRealm() {
return new Transaction() {
@ -70,6 +77,7 @@ public class RealmAdminResource {
@Path("roles")
@GET
@NoCache
@Produces("application/json")
public List<RoleRepresentation> getRoles() {
return new Transaction() {
@ -88,6 +96,7 @@ public class RealmAdminResource {
@Path("roles/{id}")
@GET
@NoCache
@Produces("application/json")
public RoleRepresentation getRole(final @PathParam("id") String id) {
return new Transaction() {
@ -147,6 +156,7 @@ public class RealmAdminResource {
@Path("users")
@GET
@NoCache
@Produces("application/json")
public List<UserRepresentation> getUsers() {
return null;

69
services/src/main/java/org/keycloak/services/resources/admin/RealmResourceResource.java Executable file
View file

@ -0,0 +1,69 @@
package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.ResourceRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.resources.Transaction;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.util.ArrayList;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class RealmResourceResource {
protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
protected UserModel admin;
protected RealmModel realm;
protected ResourceModel resourceModel;
public RealmResourceResource(UserModel admin, RealmModel realm, ResourceModel resourceModel) {
this.admin = admin;
this.realm = realm;
this.resourceModel = resourceModel;
}
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public void update(final ResourceRepresentation rep) {
new Transaction() {
@Override
protected void runImpl() {
ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
resourceManager.updateResource(rep, resourceModel);
}
}.run();
}
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public ResourceRepresentation getResource(final @PathParam("id") String id) {
return new Transaction() {
@Override
protected ResourceRepresentation callImpl() {
ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
return resourceManager.toRepresentation(resourceModel);
}
}.call();
}
}

88
services/src/main/java/org/keycloak/services/resources/admin/RealmResourcesResource.java Executable file
View file

@ -0,0 +1,88 @@
package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.ResourceRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.resources.Transaction;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.util.ArrayList;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class RealmResourcesResource {
protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
protected UserModel admin;
protected RealmModel realm;
public RealmResourcesResource(UserModel admin, RealmModel realm) {
this.admin = admin;
this.realm = realm;
}
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public List<ResourceRepresentation> getResources() {
return new Transaction() {
@Override
protected List<ResourceRepresentation> callImpl() {
List<ResourceRepresentation> rep = new ArrayList<ResourceRepresentation>();
List<ResourceModel> resourceModels = realm.getResources();
ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
for (ResourceModel resourceModel : resourceModels) {
rep.add(resourceManager.toRepresentation(resourceModel));
}
return rep;
}
}.call();
}
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response createResource(final @Context UriInfo uriInfo, final ResourceRepresentation rep) {
return new Transaction() {
@Override
protected Response callImpl() {
ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
ResourceModel resourceModel = resourceManager.createResource(realm, rep);
return Response.created(uriInfo.getAbsolutePathBuilder().path(resourceModel.getId()).build()).build();
}
}.call();
}
@Path("{id}")
public RealmResourceResource getResource(final @PathParam("id") String id) {
return new Transaction() {
@Override
protected RealmResourceResource callImpl() {
ResourceModel resourceModel = realm.getResourceById(id);
if (resourceModel == null) {
throw new NotFoundException();
}
return new RealmResourceResource(admin, realm, resourceModel);
}
}.call();
}
}

2
services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
View file

@ -1,5 +1,6 @@
package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
@ -49,6 +50,7 @@ public class RealmsAdminResource {
}
@GET
@NoCache
@Produces("application/json")
public Response getRealms() {
return new Transaction() {

18
services/src/test/resources/testrealm.json
View file

@ -10,6 +10,20 @@
"secret" : true
}
],
"requiredResourceCredentials" : [
{
"type" : "Password",
"input" : true,
"secret" : true
}
],
"requiredOAuthClientCredentials" : [
{
"type" : "Password",
"input" : true,
"secret" : true
}
],
"users" : [
{
"username" : "wburke",
@ -62,6 +76,7 @@
"resources" : [
{
"name" : "Application",
"enabled" : true,
"roles" : [
{ "name" : "admin" },
{ "name" : "user" }
@ -83,8 +98,9 @@
}
]
},
{
{
"name" : "OtherApp",
"enabled" : true,
"roles" : [
{ "name" : "admin" },
{ "name" : "user" }