libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge remote-tracking branch 'upstream/master'

Browse source
This commit is contained in:
Bill Burke 2014-04-25 10:34:35 -04:00
commit 5594c73ceb
14 changed files with 100 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
model/api/src/main/java/org/keycloak/models/AdminRoles.java
View file

@ -25,8 +25,4 @@ public class AdminRoles {
public static String[] ALL_REALM_ROLES = {VIEW_REALM, VIEW_USERS, VIEW_APPLICATIONS, VIEW_CLIENTS, VIEW_AUDIT, MANAGE_REALM, MANAGE_USERS, MANAGE_APPLICATIONS, MANAGE_CLIENTS, MANAGE_AUDIT}; public static String[] ALL_REALM_ROLES = {VIEW_REALM, VIEW_USERS, VIEW_APPLICATIONS, VIEW_CLIENTS, VIEW_AUDIT, MANAGE_REALM, MANAGE_USERS, MANAGE_APPLICATIONS, MANAGE_CLIENTS, MANAGE_AUDIT};
public static String getAdminApp(RealmModel realm) {
return realm.getName() + APP_SUFFIX;
}
} }

5
model/api/src/main/java/org/keycloak/models/RealmModel.java
View file

@ -233,4 +233,9 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
Set<String> getAuditListeners(); Set<String> getAuditListeners();
void setAuditListeners(Set<String> listeners); void setAuditListeners(Set<String> listeners);
ApplicationModel getAdminApp();
void setAdminApp(ApplicationModel app);
} }

4
model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
View file

@ -260,4 +260,8 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
public String toString() { public String toString() {
return getName(); return getName();
} }
ApplicationEntity getJpaEntity() {
return applicationEntity;
}
} }

12
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -1276,4 +1276,16 @@ public class RealmAdapter implements RealmModel {
realm.setAuditListeners(listeners); realm.setAuditListeners(listeners);
em.flush(); em.flush();
} }
@Override
public ApplicationModel getAdminApp() {
return new ApplicationAdapter(this, em, realm.getAdminApp());
}
@Override
public void setAdminApp(ApplicationModel app) {
realm.setAdminApp(((ApplicationAdapter) app).getJpaEntity());
em.flush();
}
} }

15
model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
View file

@ -1,6 +1,8 @@
package org.keycloak.models.jpa.entities; package org.keycloak.models.jpa.entities;
import org.keycloak.models.ApplicationModel;
import javax.persistence.CascadeType; import javax.persistence.CascadeType;
import javax.persistence.CollectionTable; import javax.persistence.CollectionTable;
import javax.persistence.Column; import javax.persistence.Column;
@ -13,6 +15,7 @@ import javax.persistence.MapKeyColumn;
import javax.persistence.NamedQueries; import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery; import javax.persistence.NamedQuery;
import javax.persistence.OneToMany; import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
@ -114,6 +117,9 @@ public class RealmEntity {
@ElementCollection @ElementCollection
private Set<String> auditListeners= new HashSet<String>(); private Set<String> auditListeners= new HashSet<String>();
@OneToOne
private ApplicationEntity adminApp;
public String getId() { public String getId() {
return id; return id;
} }
@ -432,5 +438,14 @@ public class RealmEntity {
public void setAuditListeners(Set<String> auditListeners) { public void setAuditListeners(Set<String> auditListeners) {
this.auditListeners = auditListeners; this.auditListeners = auditListeners;
} }
public ApplicationEntity getAdminApp() {
return adminApp;
}
public void setAdminApp(ApplicationEntity adminApp) {
this.adminApp = adminApp;
}
} }

1
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
View file

@ -207,4 +207,5 @@ public class ApplicationAdapter extends ClientAdapter<ApplicationEntity> impleme
getMongoEntity().setDefaultRoles(roleNames); getMongoEntity().setDefaultRoles(roleNames);
updateMongoEntity(); updateMongoEntity();
} }
} }

3
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java
View file

@ -15,7 +15,7 @@ import org.keycloak.models.mongo.keycloak.entities.ClientEntity;
*/ */
public class ClientAdapter<T extends ClientEntity> extends AbstractMongoAdapter<T> implements ClientModel { public class ClientAdapter<T extends ClientEntity> extends AbstractMongoAdapter<T> implements ClientModel {
private final T clientEntity; protected final T clientEntity;
private final RealmModel realm; private final RealmModel realm;
public ClientAdapter(RealmModel realm, T clientEntity, MongoStoreInvocationContext invContext) { public ClientAdapter(RealmModel realm, T clientEntity, MongoStoreInvocationContext invContext) {
@ -157,4 +157,5 @@ public class ClientAdapter<T extends ClientEntity> extends AbstractMongoAdapter<
clientEntity.setNotBefore(notBefore); clientEntity.setNotBefore(notBefore);
updateMongoEntity(); updateMongoEntity();
} }
} }

46
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
View file

@ -642,7 +642,7 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
.and("name").is(name) .and("name").is(name)
.get(); .get();
ApplicationEntity appEntity = getMongoStore().loadSingleEntity(ApplicationEntity.class, query, invocationContext); ApplicationEntity appEntity = getMongoStore().loadSingleEntity(ApplicationEntity.class, query, invocationContext);
return appEntity==null ? null : new ApplicationAdapter(this, appEntity, invocationContext); return appEntity == null ? null : new ApplicationAdapter(this, appEntity, invocationContext);
} }
@Override @Override
@ -697,7 +697,7 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
@Override @Override
public void grantRole(UserModel user, RoleModel role) { public void grantRole(UserModel user, RoleModel role) {
UserEntity userEntity = ((UserAdapter)user).getUser(); UserEntity userEntity = ((UserAdapter) user).getUser();
getMongoStore().pushItemToList(userEntity, "roleIds", role.getId(), true, invocationContext); getMongoStore().pushItemToList(userEntity, "roleIds", role.getId(), true, invocationContext);
} }
@ -724,7 +724,7 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
// Filter to retrieve just realm roles TODO: Maybe improve to avoid filter programmatically... Maybe have separate fields for realmRoles and appRoles on user? // Filter to retrieve just realm roles TODO: Maybe improve to avoid filter programmatically... Maybe have separate fields for realmRoles and appRoles on user?
Set<RoleModel> realmRoles = new HashSet<RoleModel>(); Set<RoleModel> realmRoles = new HashSet<RoleModel>();
for (RoleModel role : allRoles) { for (RoleModel role : allRoles) {
RoleEntity roleEntity = ((RoleAdapter)role).getRole(); RoleEntity roleEntity = ((RoleAdapter) role).getRole();
if (getId().equals(roleEntity.getRealmId())) { if (getId().equals(roleEntity.getRealmId())) {
realmRoles.add(role); realmRoles.add(role);
@ -737,7 +737,7 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
public void deleteRoleMapping(UserModel user, RoleModel role) { public void deleteRoleMapping(UserModel user, RoleModel role) {
if (user == null || role == null) return; if (user == null || role == null) return;
UserEntity userEntity = ((UserAdapter)user).getUser(); UserEntity userEntity = ((UserAdapter) user).getUser();
getMongoStore().pullItemFromList(userEntity, "roleIds", role.getId(), invocationContext); getMongoStore().pullItemFromList(userEntity, "roleIds", role.getId(), invocationContext);
} }
@ -764,7 +764,7 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
// Filter to retrieve just realm roles TODO: Maybe improve to avoid filter programmatically... Maybe have separate fields for realmRoles and appRoles on user? // Filter to retrieve just realm roles TODO: Maybe improve to avoid filter programmatically... Maybe have separate fields for realmRoles and appRoles on user?
Set<RoleModel> realmRoles = new HashSet<RoleModel>(); Set<RoleModel> realmRoles = new HashSet<RoleModel>();
for (RoleModel role : allScopes) { for (RoleModel role : allScopes) {
RoleEntity roleEntity = ((RoleAdapter)role).getRole(); RoleEntity roleEntity = ((RoleAdapter) role).getRole();
if (getId().equals(roleEntity.getRealmId())) { if (getId().equals(roleEntity.getRealmId())) {
realmRoles.add(role); realmRoles.add(role);
@ -787,12 +787,12 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
@Override @Override
public void addScopeMapping(ClientModel client, RoleModel role) { public void addScopeMapping(ClientModel client, RoleModel role) {
getMongoStore().pushItemToList(((AbstractMongoAdapter)client).getMongoEntity(), "scopeIds", role.getId(), true, invocationContext); getMongoStore().pushItemToList(((AbstractMongoAdapter) client).getMongoEntity(), "scopeIds", role.getId(), true, invocationContext);
} }
@Override @Override
public void deleteScopeMapping(ClientModel client, RoleModel role) { public void deleteScopeMapping(ClientModel client, RoleModel role) {
getMongoStore().pullItemFromList(((AbstractMongoAdapter)client).getMongoEntity(), "scopeIds", role.getId(), invocationContext); getMongoStore().pullItemFromList(((AbstractMongoAdapter) client).getMongoEntity(), "scopeIds", role.getId(), invocationContext);
} }
@Override @Override
@ -911,7 +911,7 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
@Override @Override
public boolean validatePassword(UserModel user, String password) { public boolean validatePassword(UserModel user, String password) {
for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) { for (CredentialEntity cred : ((UserAdapter) user).getUser().getCredentials()) {
if (cred.getType().equals(UserCredentialModel.PASSWORD)) { if (cred.getType().equals(UserCredentialModel.PASSWORD)) {
return new Pbkdf2PasswordEncoder(cred.getSalt()).verify(password, cred.getValue()); return new Pbkdf2PasswordEncoder(cred.getSalt()).verify(password, cred.getValue());
} }
@ -922,7 +922,7 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
@Override @Override
public boolean validateTOTP(UserModel user, String password, String token) { public boolean validateTOTP(UserModel user, String password, String token) {
if (!validatePassword(user, password)) return false; if (!validatePassword(user, password)) return false;
for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) { for (CredentialEntity cred : ((UserAdapter) user).getUser().getCredentials()) {
if (cred.getType().equals(UserCredentialModel.TOTP)) { if (cred.getType().equals(UserCredentialModel.TOTP)) {
return new TimeBasedOTP().validate(token, cred.getValue().getBytes()); return new TimeBasedOTP().validate(token, cred.getValue().getBytes());
} }
@ -967,12 +967,12 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
.and("realmId").is(getId()) .and("realmId").is(getId())
.get(); .get();
UserEntity userEntity = getMongoStore().loadSingleEntity(UserEntity.class, query, invocationContext); UserEntity userEntity = getMongoStore().loadSingleEntity(UserEntity.class, query, invocationContext);
return userEntity==null ? null : new UserAdapter(userEntity, invocationContext); return userEntity == null ? null : new UserAdapter(userEntity, invocationContext);
} }
@Override @Override
public Set<SocialLinkModel> getSocialLinks(UserModel user) { public Set<SocialLinkModel> getSocialLinks(UserModel user) {
UserEntity userEntity = ((UserAdapter)user).getUser(); UserEntity userEntity = ((UserAdapter) user).getUser();
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks(); List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
if (linkEntities == null) { if (linkEntities == null) {
@ -990,12 +990,12 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
@Override @Override
public SocialLinkModel getSocialLink(UserModel user, String socialProvider) { public SocialLinkModel getSocialLink(UserModel user, String socialProvider) {
SocialLinkEntity socialLinkEntity = findSocialLink(user, socialProvider); SocialLinkEntity socialLinkEntity = findSocialLink(user, socialProvider);
return socialLinkEntity!=null ? new SocialLinkModel(socialLinkEntity.getSocialProvider(), socialLinkEntity.getSocialUserId(), socialLinkEntity.getSocialUsername()) : null; return socialLinkEntity != null ? new SocialLinkModel(socialLinkEntity.getSocialProvider(), socialLinkEntity.getSocialUserId(), socialLinkEntity.getSocialUsername()) : null;
} }
@Override @Override
public void addSocialLink(UserModel user, SocialLinkModel socialLink) { public void addSocialLink(UserModel user, SocialLinkModel socialLink) {
UserEntity userEntity = ((UserAdapter)user).getUser(); UserEntity userEntity = ((UserAdapter) user).getUser();
SocialLinkEntity socialLinkEntity = new SocialLinkEntity(); SocialLinkEntity socialLinkEntity = new SocialLinkEntity();
socialLinkEntity.setSocialProvider(socialLink.getSocialProvider()); socialLinkEntity.setSocialProvider(socialLink.getSocialProvider());
socialLinkEntity.setSocialUserId(socialLink.getSocialUserId()); socialLinkEntity.setSocialUserId(socialLink.getSocialUserId());
@ -1005,18 +1005,18 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
} }
@Override @Override
public boolean removeSocialLink(UserModel user,String socialProvider) { public boolean removeSocialLink(UserModel user, String socialProvider) {
SocialLinkEntity socialLinkEntity = findSocialLink(user, socialProvider); SocialLinkEntity socialLinkEntity = findSocialLink(user, socialProvider);
if (socialLinkEntity == null) { if (socialLinkEntity == null) {
return false; return false;
} }
UserEntity userEntity = ((UserAdapter)user).getUser(); UserEntity userEntity = ((UserAdapter) user).getUser();
return getMongoStore().pullItemFromList(userEntity, "socialLinks", socialLinkEntity, invocationContext); return getMongoStore().pullItemFromList(userEntity, "socialLinks", socialLinkEntity, invocationContext);
} }
private SocialLinkEntity findSocialLink(UserModel user, String socialProvider) { private SocialLinkEntity findSocialLink(UserModel user, String socialProvider) {
UserEntity userEntity = ((UserAdapter)user).getUser(); UserEntity userEntity = ((UserAdapter) user).getUser();
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks(); List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
if (linkEntities == null) { if (linkEntities == null) {
return null; return null;
@ -1032,7 +1032,7 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
@Override @Override
public AuthenticationLinkModel getAuthenticationLink(UserModel user) { public AuthenticationLinkModel getAuthenticationLink(UserModel user) {
UserEntity userEntity = ((UserAdapter)user).getUser(); UserEntity userEntity = ((UserAdapter) user).getUser();
AuthenticationLinkEntity authLinkEntity = userEntity.getAuthenticationLink(); AuthenticationLinkEntity authLinkEntity = userEntity.getAuthenticationLink();
if (authLinkEntity == null) { if (authLinkEntity == null) {
@ -1044,7 +1044,7 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
@Override @Override
public void setAuthenticationLink(UserModel user, AuthenticationLinkModel authenticationLink) { public void setAuthenticationLink(UserModel user, AuthenticationLinkModel authenticationLink) {
UserEntity userEntity = ((UserAdapter)user).getUser(); UserEntity userEntity = ((UserAdapter) user).getUser();
AuthenticationLinkEntity authLinkEntity = new AuthenticationLinkEntity(); AuthenticationLinkEntity authLinkEntity = new AuthenticationLinkEntity();
authLinkEntity.setAuthProvider(authenticationLink.getAuthProvider()); authLinkEntity.setAuthProvider(authenticationLink.getAuthProvider());
authLinkEntity.setAuthUserId(authenticationLink.getAuthUserId()); authLinkEntity.setAuthUserId(authenticationLink.getAuthUserId());
@ -1240,6 +1240,16 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
updateRealm(); updateRealm();
} }
@Override
public ApplicationModel getAdminApp() {
return new ApplicationAdapter(this, realm.getAdminApp(), invocationContext);
}
@Override
public void setAdminApp(ApplicationModel app) {
realm.setAdminApp(((ApplicationAdapter) app).getMongoEntity());
}
@Override @Override
public RealmEntity getMongoEntity() { public RealmEntity getMongoEntity() {
return realm; return realm;

12
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/RealmEntity.java
View file

@ -2,6 +2,7 @@ package org.keycloak.models.mongo.keycloak.entities;
import com.mongodb.DBObject; import com.mongodb.DBObject;
import com.mongodb.QueryBuilder; import com.mongodb.QueryBuilder;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.mongo.api.AbstractMongoIdentifiableEntity; import org.keycloak.models.mongo.api.AbstractMongoIdentifiableEntity;
import org.keycloak.models.mongo.api.MongoCollection; import org.keycloak.models.mongo.api.MongoCollection;
import org.keycloak.models.mongo.api.MongoEntity; import org.keycloak.models.mongo.api.MongoEntity;
@ -69,6 +70,8 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
private long auditExpiration; private long auditExpiration;
private List<String> auditListeners = new ArrayList<String>(); private List<String> auditListeners = new ArrayList<String>();
private ApplicationEntity adminApp;
@MongoField @MongoField
public String getName() { public String getName() {
return name; return name;
@ -393,6 +396,15 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
this.auditListeners = auditListeners; this.auditListeners = auditListeners;
} }
@MongoField
public ApplicationEntity getAdminApp() {
return adminApp;
}
public void setAdminApp(ApplicationEntity adminApp) {
this.adminApp = adminApp;
}
@Override @Override
public void afterRemove(MongoStoreInvocationContext context) { public void afterRemove(MongoStoreInvocationContext context) {
DBObject query = new QueryBuilder() DBObject query = new QueryBuilder()

9
services/src/main/java/org/keycloak/services/managers/Auth.java
View file

@ -1,5 +1,6 @@
package org.keycloak.services.managers; package org.keycloak.services.managers;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
@ -72,16 +73,16 @@ public class Auth {
return false; return false;
} }
public boolean hasAppRole(String app, String role) { public boolean hasAppRole(ApplicationModel app, String role) {
if (cookie) { if (cookie) {
return realm.hasRole(user, realm.getApplicationByName(app).getRole(role)); return realm.hasRole(user, app.getRole(role));
} else { } else {
AccessToken.Access access = token.getResourceAccess(app); AccessToken.Access access = token.getResourceAccess(app.getName());
return access != null && access.isUserInRole(role); return access != null && access.isUserInRole(role);
} }
} }
public boolean hasOneOfAppRole(String app, String... roles) { public boolean hasOneOfAppRole(ApplicationModel app, String... roles) {
for (String r : roles) { for (String r : roles) {
if (hasAppRole(app, r)) { if (hasAppRole(app, r)) {
return true; return true;

6
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -108,7 +108,7 @@ public class RealmManager {
RealmModel adminRealm = getKeycloakAdminstrationRealm(); RealmModel adminRealm = getKeycloakAdminstrationRealm();
RoleModel adminRole = adminRealm.getRole(AdminRoles.ADMIN); RoleModel adminRole = adminRealm.getRole(AdminRoles.ADMIN);
ApplicationModel realmAdminApp = adminRealm.getApplicationByName(AdminRoles.getAdminApp(realm)); ApplicationModel realmAdminApp = realm.getAdminApp();
for (RoleModel r : realmAdminApp.getRoles()) { for (RoleModel r : realmAdminApp.getRoles()) {
adminRole.removeCompositeRole(r); adminRole.removeCompositeRole(r);
} }
@ -214,7 +214,9 @@ public class RealmManager {
} }
ApplicationManager applicationManager = new ApplicationManager(new RealmManager(identitySession)); ApplicationManager applicationManager = new ApplicationManager(new RealmManager(identitySession));
ApplicationModel realmAdminApp = applicationManager.createApplication(adminRealm, AdminRoles.getAdminApp(realm));
ApplicationModel realmAdminApp = applicationManager.createApplication(adminRealm, realm.getName() + "-realm");
realm.setAdminApp(realmAdminApp);
for (String r : AdminRoles.ALL_REALM_ROLES) { for (String r : AdminRoles.ALL_REALM_ROLES) {
RoleModel role = realmAdminApp.addRole(r); RoleModel role = realmAdminApp.addRole(r);

4
services/src/main/java/org/keycloak/services/resources/AccountService.java
View file

@ -539,7 +539,7 @@ public class AccountService {
throw new ForbiddenException(); throw new ForbiddenException();
} }
if (!auth.hasAppRole(application.getName(), role)) { if (!auth.hasAppRole(application, role)) {
throw new ForbiddenException(); throw new ForbiddenException();
} }
} }
@ -549,7 +549,7 @@ public class AccountService {
throw new ForbiddenException(); throw new ForbiddenException();
} }
if (!auth.hasOneOfAppRole(application.getName(), roles)) { if (!auth.hasOneOfAppRole(application, roles)) {
throw new ForbiddenException(); throw new ForbiddenException();
} }
} }

5
services/src/main/java/org/keycloak/services/resources/admin/RealmAuth.java
View file

@ -1,6 +1,7 @@
package org.keycloak.services.resources.admin; package org.keycloak.services.resources.admin;
import org.keycloak.models.AdminRoles; import org.keycloak.models.AdminRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.services.ForbiddenException; import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.Auth; import org.keycloak.services.managers.Auth;
@ -19,9 +20,9 @@ public class RealmAuth {
} }
private Auth auth; private Auth auth;
private String realmAdminApp; private ApplicationModel realmAdminApp;
public RealmAuth(Auth auth, String realmAdminApp) { public RealmAuth(Auth auth, ApplicationModel realmAdminApp) {
this.auth = auth; this.auth = auth;
this.realmAdminApp = realmAdminApp; this.realmAdminApp = realmAdminApp;
} }

10
services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
View file

@ -69,11 +69,9 @@ public class RealmsAdminResource {
List<RealmModel> realms = session.getRealms(); List<RealmModel> realms = session.getRealms();
List<RealmRepresentation> reps = new ArrayList<RealmRepresentation>(); List<RealmRepresentation> reps = new ArrayList<RealmRepresentation>();
for (RealmModel realm : realms) { for (RealmModel realm : realms) {
String realmAdminApp = AdminRoles.getAdminApp(realm); if (auth.hasAppRole(realm.getAdminApp(), AdminRoles.MANAGE_REALM)) {
if (auth.hasAppRole(realmAdminApp, AdminRoles.MANAGE_REALM)) {
reps.add(ModelToRepresentation.toRepresentation(realm)); reps.add(ModelToRepresentation.toRepresentation(realm));
} else if (auth.hasOneOfAppRole(realmAdminApp, AdminRoles.ALL_REALM_ROLES)) { } else if (auth.hasOneOfAppRole(realm.getAdminApp(), AdminRoles.ALL_REALM_ROLES)) {
RealmRepresentation rep = new RealmRepresentation(); RealmRepresentation rep = new RealmRepresentation();
rep.setRealm(realm.getName()); rep.setRealm(realm.getName());
reps.add(rep); reps.add(rep);
@ -144,7 +142,7 @@ public class RealmsAdminResource {
} }
RealmModel adminRealm = new RealmManager(session).getKeycloakAdminstrationRealm(); RealmModel adminRealm = new RealmManager(session).getKeycloakAdminstrationRealm();
ApplicationModel realmAdminApp = adminRealm.getApplicationByName(AdminRoles.getAdminApp(realm)); ApplicationModel realmAdminApp = realm.getAdminApp();
for (String r : AdminRoles.ALL_REALM_ROLES) { for (String r : AdminRoles.ALL_REALM_ROLES) {
RoleModel role = realmAdminApp.getRole(r); RoleModel role = realmAdminApp.getRole(r);
adminRealm.grantRole(auth.getUser(), role); adminRealm.grantRole(auth.getUser(), role);
@ -159,7 +157,7 @@ public class RealmsAdminResource {
RealmModel realm = realmManager.getRealmByName(name); RealmModel realm = realmManager.getRealmByName(name);
if (realm == null) throw new NotFoundException("{realm} = " + name); if (realm == null) throw new NotFoundException("{realm} = " + name);
RealmAuth realmAuth = new RealmAuth(auth, AdminRoles.getAdminApp(realm)); RealmAuth realmAuth = new RealmAuth(auth, realm.getAdminApp());
RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager); RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager);
ResteasyProviderFactory.getInstance().injectProperties(adminResource); ResteasyProviderFactory.getInstance().injectProperties(adminResource);