libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge remote-tracking branch 'upstream/master'

Browse source
This commit is contained in:
Bill Burke 2014-04-25 10:34:35 -04:00
commit 5594c73ceb
14 changed files with 100 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
model/api/src/main/java/org/keycloak/models/AdminRoles.java
View file

@ -25,8 +25,4 @@ public class AdminRoles {
public static String[] ALL_REALM_ROLES = {VIEW_REALM, VIEW_USERS, VIEW_APPLICATIONS, VIEW_CLIENTS, VIEW_AUDIT, MANAGE_REALM, MANAGE_USERS, MANAGE_APPLICATIONS, MANAGE_CLIENTS, MANAGE_AUDIT};
public static String getAdminApp(RealmModel realm) {
return realm.getName() + APP_SUFFIX;
}
}

5
model/api/src/main/java/org/keycloak/models/RealmModel.java
View file

@ -233,4 +233,9 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
Set<String> getAuditListeners();
void setAuditListeners(Set<String> listeners);
ApplicationModel getAdminApp();
void setAdminApp(ApplicationModel app);
}

4
model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
View file

@ -260,4 +260,8 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
public String toString() {
return getName();
}
ApplicationEntity getJpaEntity() {
return applicationEntity;
}
}

12
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -1276,4 +1276,16 @@ public class RealmAdapter implements RealmModel {
realm.setAuditListeners(listeners);
em.flush();
}
@Override
public ApplicationModel getAdminApp() {
return new ApplicationAdapter(this, em, realm.getAdminApp());
}
@Override
public void setAdminApp(ApplicationModel app) {
realm.setAdminApp(((ApplicationAdapter) app).getJpaEntity());
em.flush();
}
}

15
model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
View file

@ -1,6 +1,8 @@
package org.keycloak.models.jpa.entities;
import org.keycloak.models.ApplicationModel;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
@ -13,6 +15,7 @@ import javax.persistence.MapKeyColumn;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
@ -114,6 +117,9 @@ public class RealmEntity {
@ElementCollection
private Set<String> auditListeners= new HashSet<String>();
@OneToOne
private ApplicationEntity adminApp;
public String getId() {
return id;
}
@ -432,5 +438,14 @@ public class RealmEntity {
public void setAuditListeners(Set<String> auditListeners) {
this.auditListeners = auditListeners;
}
public ApplicationEntity getAdminApp() {
return adminApp;
}
public void setAdminApp(ApplicationEntity adminApp) {
this.adminApp = adminApp;
}
}

1
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
View file

@ -207,4 +207,5 @@ public class ApplicationAdapter extends ClientAdapter<ApplicationEntity> impleme
getMongoEntity().setDefaultRoles(roleNames);
updateMongoEntity();
}
}

3
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java
View file

@ -15,7 +15,7 @@ import org.keycloak.models.mongo.keycloak.entities.ClientEntity;
*/
public class ClientAdapter<T extends ClientEntity> extends AbstractMongoAdapter<T> implements ClientModel {
private final T clientEntity;
protected final T clientEntity;
private final RealmModel realm;
public ClientAdapter(RealmModel realm, T clientEntity, MongoStoreInvocationContext invContext) {
@ -157,4 +157,5 @@ public class ClientAdapter<T extends ClientEntity> extends AbstractMongoAdapter<
clientEntity.setNotBefore(notBefore);
updateMongoEntity();
}
}

10
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
View file

@ -1240,6 +1240,16 @@ public class RealmAdapter extends AbstractMongoAdapter<RealmEntity> implements R
updateRealm();
}
@Override
public ApplicationModel getAdminApp() {
return new ApplicationAdapter(this, realm.getAdminApp(), invocationContext);
}
@Override
public void setAdminApp(ApplicationModel app) {
realm.setAdminApp(((ApplicationAdapter) app).getMongoEntity());
}
@Override
public RealmEntity getMongoEntity() {
return realm;

12
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/RealmEntity.java
View file

@ -2,6 +2,7 @@ package org.keycloak.models.mongo.keycloak.entities;
import com.mongodb.DBObject;
import com.mongodb.QueryBuilder;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.mongo.api.AbstractMongoIdentifiableEntity;
import org.keycloak.models.mongo.api.MongoCollection;
import org.keycloak.models.mongo.api.MongoEntity;
@ -69,6 +70,8 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
private long auditExpiration;
private List<String> auditListeners = new ArrayList<String>();
private ApplicationEntity adminApp;
@MongoField
public String getName() {
return name;
@ -393,6 +396,15 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
this.auditListeners = auditListeners;
}
@MongoField
public ApplicationEntity getAdminApp() {
return adminApp;
}
public void setAdminApp(ApplicationEntity adminApp) {
this.adminApp = adminApp;
}
@Override
public void afterRemove(MongoStoreInvocationContext context) {
DBObject query = new QueryBuilder()

9
services/src/main/java/org/keycloak/services/managers/Auth.java
View file

@ -1,5 +1,6 @@
package org.keycloak.services.managers;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
@ -72,16 +73,16 @@ public class Auth {
return false;
}
public boolean hasAppRole(String app, String role) {
public boolean hasAppRole(ApplicationModel app, String role) {
if (cookie) {
return realm.hasRole(user, realm.getApplicationByName(app).getRole(role));
return realm.hasRole(user, app.getRole(role));
} else {
AccessToken.Access access = token.getResourceAccess(app);
AccessToken.Access access = token.getResourceAccess(app.getName());
return access != null && access.isUserInRole(role);
}
}
public boolean hasOneOfAppRole(String app, String... roles) {
public boolean hasOneOfAppRole(ApplicationModel app, String... roles) {
for (String r : roles) {
if (hasAppRole(app, r)) {
return true;

6
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -108,7 +108,7 @@ public class RealmManager {
RealmModel adminRealm = getKeycloakAdminstrationRealm();
RoleModel adminRole = adminRealm.getRole(AdminRoles.ADMIN);
ApplicationModel realmAdminApp = adminRealm.getApplicationByName(AdminRoles.getAdminApp(realm));
ApplicationModel realmAdminApp = realm.getAdminApp();
for (RoleModel r : realmAdminApp.getRoles()) {
adminRole.removeCompositeRole(r);
}
@ -214,7 +214,9 @@ public class RealmManager {
}
ApplicationManager applicationManager = new ApplicationManager(new RealmManager(identitySession));
ApplicationModel realmAdminApp = applicationManager.createApplication(adminRealm, AdminRoles.getAdminApp(realm));
ApplicationModel realmAdminApp = applicationManager.createApplication(adminRealm, realm.getName() + "-realm");
realm.setAdminApp(realmAdminApp);
for (String r : AdminRoles.ALL_REALM_ROLES) {
RoleModel role = realmAdminApp.addRole(r);

4
services/src/main/java/org/keycloak/services/resources/AccountService.java
View file

@ -539,7 +539,7 @@ public class AccountService {
throw new ForbiddenException();
}
if (!auth.hasAppRole(application.getName(), role)) {
if (!auth.hasAppRole(application, role)) {
throw new ForbiddenException();
}
}
@ -549,7 +549,7 @@ public class AccountService {
throw new ForbiddenException();
}
if (!auth.hasOneOfAppRole(application.getName(), roles)) {
if (!auth.hasOneOfAppRole(application, roles)) {
throw new ForbiddenException();
}
}

5
services/src/main/java/org/keycloak/services/resources/admin/RealmAuth.java
View file

@ -1,6 +1,7 @@
package org.keycloak.services.resources.admin;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.Auth;
@ -19,9 +20,9 @@ public class RealmAuth {
}
private Auth auth;
private String realmAdminApp;
private ApplicationModel realmAdminApp;
public RealmAuth(Auth auth, String realmAdminApp) {
public RealmAuth(Auth auth, ApplicationModel realmAdminApp) {
this.auth = auth;
this.realmAdminApp = realmAdminApp;
}

10
services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
View file

@ -69,11 +69,9 @@ public class RealmsAdminResource {
List<RealmModel> realms = session.getRealms();
List<RealmRepresentation> reps = new ArrayList<RealmRepresentation>();
for (RealmModel realm : realms) {
String realmAdminApp = AdminRoles.getAdminApp(realm);
if (auth.hasAppRole(realmAdminApp, AdminRoles.MANAGE_REALM)) {
if (auth.hasAppRole(realm.getAdminApp(), AdminRoles.MANAGE_REALM)) {
reps.add(ModelToRepresentation.toRepresentation(realm));
} else if (auth.hasOneOfAppRole(realmAdminApp, AdminRoles.ALL_REALM_ROLES)) {
} else if (auth.hasOneOfAppRole(realm.getAdminApp(), AdminRoles.ALL_REALM_ROLES)) {
RealmRepresentation rep = new RealmRepresentation();
rep.setRealm(realm.getName());
reps.add(rep);
@ -144,7 +142,7 @@ public class RealmsAdminResource {
}
RealmModel adminRealm = new RealmManager(session).getKeycloakAdminstrationRealm();
ApplicationModel realmAdminApp = adminRealm.getApplicationByName(AdminRoles.getAdminApp(realm));
ApplicationModel realmAdminApp = realm.getAdminApp();
for (String r : AdminRoles.ALL_REALM_ROLES) {
RoleModel role = realmAdminApp.getRole(r);
adminRealm.grantRole(auth.getUser(), role);
@ -159,7 +157,7 @@ public class RealmsAdminResource {
RealmModel realm = realmManager.getRealmByName(name);
if (realm == null) throw new NotFoundException("{realm} = " + name);
RealmAuth realmAuth = new RealmAuth(auth, AdminRoles.getAdminApp(realm));
RealmAuth realmAuth = new RealmAuth(auth, realm.getAdminApp());
RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager);
ResteasyProviderFactory.getInstance().injectProperties(adminResource);