libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge remote-tracking branch 'upstream/master'

Browse source
This commit is contained in:
Bill Burke 2014-04-25 10:34:35 -04:00
commit 5594c73ceb
14 changed files with 100 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
model/api/src/main/java/org/keycloak/models/AdminRoles.java
View file

@ -25,8 +25,4 @@ public class AdminRoles {
public static String[] ALL_REALM_ROLES = {VIEW_REALM, VIEW_USERS, VIEW_APPLICATIONS, VIEW_CLIENTS, VIEW_AUDIT, MANAGE_REALM, MANAGE_USERS, MANAGE_APPLICATIONS, MANAGE_CLIENTS, MANAGE_AUDIT}; public static String[] ALL_REALM_ROLES = {VIEW_REALM, VIEW_USERS, VIEW_APPLICATIONS, VIEW_CLIENTS, VIEW_AUDIT, MANAGE_REALM, MANAGE_USERS, MANAGE_APPLICATIONS, MANAGE_CLIENTS, MANAGE_AUDIT};
public static String getAdminApp(RealmModel realm) {
return realm.getName() + APP_SUFFIX;
}
} }

5
model/api/src/main/java/org/keycloak/models/RealmModel.java
View file

@ -233,4 +233,9 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
Set<String> getAuditListeners(); Set<String> getAuditListeners();
void setAuditListeners(Set<String> listeners); void setAuditListeners(Set<String> listeners);
ApplicationModel getAdminApp();
void setAdminApp(ApplicationModel app);
} }

4
model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
View file

@ -260,4 +260,8 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
public String toString() { public String toString() {
return getName(); return getName();
} }
ApplicationEntity getJpaEntity() {
return applicationEntity;
}
} }

12
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -1276,4 +1276,16 @@ public class RealmAdapter implements RealmModel {
realm.setAuditListeners(listeners); realm.setAuditListeners(listeners);
em.flush(); em.flush();
} }
@Override
public ApplicationModel getAdminApp() {
return new ApplicationAdapter(this, em, realm.getAdminApp());
}
@Override
public void setAdminApp(ApplicationModel app) {
realm.setAdminApp(((ApplicationAdapter) app).getJpaEntity());
em.flush();
}
} }

15
model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
View file

@ -1,6 +1,8 @@
package org.keycloak.models.jpa.entities; package org.keycloak.models.jpa.entities;
import org.keycloak.models.ApplicationModel;
import javax.persistence.CascadeType; import javax.persistence.CascadeType;
import javax.persistence.CollectionTable; import javax.persistence.CollectionTable;
import javax.persistence.Column; import javax.persistence.Column;
@ -13,6 +15,7 @@ import javax.persistence.MapKeyColumn;
import javax.persistence.NamedQueries; import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery; import javax.persistence.NamedQuery;
import javax.persistence.OneToMany; import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
@ -114,6 +117,9 @@ public class RealmEntity {
@ElementCollection @ElementCollection
private Set<String> auditListeners= new HashSet<String>(); private Set<String> auditListeners= new HashSet<String>();
@OneToOne
private ApplicationEntity adminApp;
public String getId() { public String getId() {
return id; return id;
} }
@ -432,5 +438,14 @@ public class RealmEntity {
public void setAuditListeners(Set<String> auditListeners) { public void setAuditListeners(Set<String> auditListeners) {
this.auditListeners = auditListeners; this.auditListeners = auditListeners;
} }
public ApplicationEntity getAdminApp() {
return adminApp;
}
public void setAdminApp(ApplicationEntity adminApp) {
this.adminApp = adminApp;
}
} }

1
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
View file

@ -207,4 +207,5 @@ public class ApplicationAdapter extends ClientAdapter<ApplicationEntity> impleme
getMongoEntity().setDefaultRoles(roleNames); getMongoEntity().setDefaultRoles(roleNames);
updateMongoEntity(); updateMongoEntity();
} }
} }

3
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java
View file

@ -15,7 +15,7 @@ import org.keycloak.models.mongo.keycloak.entities.ClientEntity;
*/ */
public class ClientAdapter<T extends ClientEntity> extends AbstractMongoAdapter<T> implements ClientModel { public class ClientAdapter<T extends ClientEntity> extends AbstractMongoAdapter<T> implements ClientModel {
private final T clientEntity; protected final T clientEntity;
private final RealmModel realm; private final RealmModel realm;
public ClientAdapter(RealmModel realm, T clientEntity, MongoStoreInvocationContext invContext) { public ClientAdapter(RealmModel realm, T clientEntity, MongoStoreInvocationContext invContext) {
@ -157,4 +157,5 @@ public class ClientAdapter<T extends ClientEntity> extends AbstractMongoAdapter<
clientEntity.setNotBefore(notBefore); clientEntity.setNotBefore(notBefore);
updateMongoEntity(); updateMongoEntity();
} }
} }

10
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
View file

@ -1240,6 +1240,16 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
updateRealm(); updateRealm();
} }
@Override
public ApplicationModel getAdminApp() {
return new ApplicationAdapter(this, realm.getAdminApp(), invocationContext);
}
@Override
public void setAdminApp(ApplicationModel app) {
realm.setAdminApp(((ApplicationAdapter) app).getMongoEntity());
}
@Override @Override
public RealmEntity getMongoEntity() { public RealmEntity getMongoEntity() {
return realm; return realm;

12
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/RealmEntity.java
View file

@ -2,6 +2,7 @@ package org.keycloak.models.mongo.keycloak.entities;
import com.mongodb.DBObject; import com.mongodb.DBObject;
import com.mongodb.QueryBuilder; import com.mongodb.QueryBuilder;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.mongo.api.AbstractMongoIdentifiableEntity; import org.keycloak.models.mongo.api.AbstractMongoIdentifiableEntity;
import org.keycloak.models.mongo.api.MongoCollection; import org.keycloak.models.mongo.api.MongoCollection;
import org.keycloak.models.mongo.api.MongoEntity; import org.keycloak.models.mongo.api.MongoEntity;
@ -69,6 +70,8 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
private long auditExpiration; private long auditExpiration;
private List<String> auditListeners = new ArrayList<String>(); private List<String> auditListeners = new ArrayList<String>();
private ApplicationEntity adminApp;
@MongoField @MongoField
public String getName() { public String getName() {
return name; return name;
@ -393,6 +396,15 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
this.auditListeners = auditListeners; this.auditListeners = auditListeners;
} }
@MongoField
public ApplicationEntity getAdminApp() {
return adminApp;
}
public void setAdminApp(ApplicationEntity adminApp) {
this.adminApp = adminApp;
}
@Override @Override
public void afterRemove(MongoStoreInvocationContext context) { public void afterRemove(MongoStoreInvocationContext context) {
DBObject query = new QueryBuilder() DBObject query = new QueryBuilder()

9
services/src/main/java/org/keycloak/services/managers/Auth.java
View file

@ -1,5 +1,6 @@
package org.keycloak.services.managers; package org.keycloak.services.managers;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
@ -72,16 +73,16 @@ public class Auth {
return false; return false;
} }
public boolean hasAppRole(String app, String role) { public boolean hasAppRole(ApplicationModel app, String role) {
if (cookie) { if (cookie) {
return realm.hasRole(user, realm.getApplicationByName(app).getRole(role)); return realm.hasRole(user, app.getRole(role));
} else { } else {
AccessToken.Access access = token.getResourceAccess(app); AccessToken.Access access = token.getResourceAccess(app.getName());
return access != null && access.isUserInRole(role); return access != null && access.isUserInRole(role);
} }
} }
public boolean hasOneOfAppRole(String app, String... roles) { public boolean hasOneOfAppRole(ApplicationModel app, String... roles) {
for (String r : roles) { for (String r : roles) {
if (hasAppRole(app, r)) { if (hasAppRole(app, r)) {
return true; return true;

6
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -108,7 +108,7 @@ public class RealmManager {
RealmModel adminRealm = getKeycloakAdminstrationRealm(); RealmModel adminRealm = getKeycloakAdminstrationRealm();
RoleModel adminRole = adminRealm.getRole(AdminRoles.ADMIN); RoleModel adminRole = adminRealm.getRole(AdminRoles.ADMIN);
ApplicationModel realmAdminApp = adminRealm.getApplicationByName(AdminRoles.getAdminApp(realm)); ApplicationModel realmAdminApp = realm.getAdminApp();
for (RoleModel r : realmAdminApp.getRoles()) { for (RoleModel r : realmAdminApp.getRoles()) {
adminRole.removeCompositeRole(r); adminRole.removeCompositeRole(r);
} }
@ -214,7 +214,9 @@ public class RealmManager {
} }
ApplicationManager applicationManager = new ApplicationManager(new RealmManager(identitySession)); ApplicationManager applicationManager = new ApplicationManager(new RealmManager(identitySession));
ApplicationModel realmAdminApp = applicationManager.createApplication(adminRealm, AdminRoles.getAdminApp(realm));
ApplicationModel realmAdminApp = applicationManager.createApplication(adminRealm, realm.getName() + "-realm");
realm.setAdminApp(realmAdminApp);
for (String r : AdminRoles.ALL_REALM_ROLES) { for (String r : AdminRoles.ALL_REALM_ROLES) {
RoleModel role = realmAdminApp.addRole(r); RoleModel role = realmAdminApp.addRole(r);

4
services/src/main/java/org/keycloak/services/resources/AccountService.java
View file

@ -539,7 +539,7 @@ public class AccountService {
throw new ForbiddenException(); throw new ForbiddenException();
} }
if (!auth.hasAppRole(application.getName(), role)) { if (!auth.hasAppRole(application, role)) {
throw new ForbiddenException(); throw new ForbiddenException();
} }
} }
@ -549,7 +549,7 @@ public class AccountService {
throw new ForbiddenException(); throw new ForbiddenException();
} }
if (!auth.hasOneOfAppRole(application.getName(), roles)) { if (!auth.hasOneOfAppRole(application, roles)) {
throw new ForbiddenException(); throw new ForbiddenException();
} }
} }

5
services/src/main/java/org/keycloak/services/resources/admin/RealmAuth.java
View file

@ -1,6 +1,7 @@
package org.keycloak.services.resources.admin; package org.keycloak.services.resources.admin;
import org.keycloak.models.AdminRoles; import org.keycloak.models.AdminRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.services.ForbiddenException; import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.Auth; import org.keycloak.services.managers.Auth;
@ -19,9 +20,9 @@ public class RealmAuth {
} }
private Auth auth; private Auth auth;
private String realmAdminApp; private ApplicationModel realmAdminApp;
public RealmAuth(Auth auth, String realmAdminApp) { public RealmAuth(Auth auth, ApplicationModel realmAdminApp) {
this.auth = auth; this.auth = auth;
this.realmAdminApp = realmAdminApp; this.realmAdminApp = realmAdminApp;
} }

10
services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
View file

@ -69,11 +69,9 @@ public class RealmsAdminResource {
List<RealmModel> realms = session.getRealms(); List<RealmModel> realms = session.getRealms();
List<RealmRepresentation> reps = new ArrayList<RealmRepresentation>(); List<RealmRepresentation> reps = new ArrayList<RealmRepresentation>();
for (RealmModel realm : realms) { for (RealmModel realm : realms) {
String realmAdminApp = AdminRoles.getAdminApp(realm); if (auth.hasAppRole(realm.getAdminApp(), AdminRoles.MANAGE_REALM)) {
if (auth.hasAppRole(realmAdminApp, AdminRoles.MANAGE_REALM)) {
reps.add(ModelToRepresentation.toRepresentation(realm)); reps.add(ModelToRepresentation.toRepresentation(realm));
} else if (auth.hasOneOfAppRole(realmAdminApp, AdminRoles.ALL_REALM_ROLES)) { } else if (auth.hasOneOfAppRole(realm.getAdminApp(), AdminRoles.ALL_REALM_ROLES)) {
RealmRepresentation rep = new RealmRepresentation(); RealmRepresentation rep = new RealmRepresentation();
rep.setRealm(realm.getName()); rep.setRealm(realm.getName());
reps.add(rep); reps.add(rep);
@ -144,7 +142,7 @@ public class RealmsAdminResource {
} }
RealmModel adminRealm = new RealmManager(session).getKeycloakAdminstrationRealm(); RealmModel adminRealm = new RealmManager(session).getKeycloakAdminstrationRealm();
ApplicationModel realmAdminApp = adminRealm.getApplicationByName(AdminRoles.getAdminApp(realm)); ApplicationModel realmAdminApp = realm.getAdminApp();
for (String r : AdminRoles.ALL_REALM_ROLES) { for (String r : AdminRoles.ALL_REALM_ROLES) {
RoleModel role = realmAdminApp.getRole(r); RoleModel role = realmAdminApp.getRole(r);
adminRealm.grantRole(auth.getUser(), role); adminRealm.grantRole(auth.getUser(), role);
@ -159,7 +157,7 @@ public class RealmsAdminResource {
RealmModel realm = realmManager.getRealmByName(name); RealmModel realm = realmManager.getRealmByName(name);
if (realm == null) throw new NotFoundException("{realm} = " + name); if (realm == null) throw new NotFoundException("{realm} = " + name);
RealmAuth realmAuth = new RealmAuth(auth, AdminRoles.getAdminApp(realm)); RealmAuth realmAuth = new RealmAuth(auth, realm.getAdminApp());
RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager); RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager);
ResteasyProviderFactory.getInstance().injectProperties(adminResource); ResteasyProviderFactory.getInstance().injectProperties(adminResource);