libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #254 from patriot1burke/master

Browse source 
add claims to grant page
This commit is contained in:
Bill Burke 2014-02-28 10:45:54 -05:00
commit 581d64614e
11 changed files with 135 additions and 82 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
core/src/main/java/org/keycloak/representations/idm/PublishedRealmRepresentation.java
View file

@ -15,34 +15,22 @@ import java.security.PublicKey;
*/
public class PublishedRealmRepresentation {
protected String realm;
protected String self;
@JsonProperty("public_key")
protected String publicKeyPem;
@JsonProperty("authorization")
protected String authorizationUrl;
@JsonProperty("token-service")
protected String tokenServiceUrl;
@JsonProperty("codes")
protected String codeUrl;
@JsonProperty("account-service")
protected String accountServiceUrl;
@JsonProperty("grants")
protected String grantUrl;
@JsonProperty("admin-role")
protected String adminRole;
@JsonProperty("admin-api")
protected String adminApiUrl;
@JsonIgnore
protected volatile transient PublicKey publicKey;
public String getAdminRole() {
return adminRole;
}
public void setAdminRole(String adminRole) {
this.adminRole = adminRole;
}
public String getRealm() {
return realm;
}
@ -51,14 +39,6 @@ public class PublishedRealmRepresentation {
this.realm = realm;
}
public String getSelf() {
return self;
}
public void setSelf(String self) {
this.self = self;
}
public String getPublicKeyPem() {
return publicKeyPem;
}
@ -97,28 +77,27 @@ public class PublishedRealmRepresentation {
this.publicKeyPem = PemUtils.removeBeginEnd(s);
}
public String getAuthorizationUrl() {
return authorizationUrl;
public String getTokenServiceUrl() {
return tokenServiceUrl;
}
public void setAuthorizationUrl(String authorizationUrl) {
this.authorizationUrl = authorizationUrl;
public void setTokenServiceUrl(String tokenServiceUrl) {
this.tokenServiceUrl = tokenServiceUrl;
}
public String getCodeUrl() {
return codeUrl;
public String getAccountServiceUrl() {
return accountServiceUrl;
}
public void setCodeUrl(String codeUrl) {
this.codeUrl = codeUrl;
public void setAccountServiceUrl(String accountServiceUrl) {
this.accountServiceUrl = accountServiceUrl;
}
public String getGrantUrl() {
return grantUrl;
public String getAdminApiUrl() {
return adminApiUrl;
}
public void setGrantUrl(String grantUrl) {
this.grantUrl = grantUrl;
public void setAdminApiUrl(String adminApiUrl) {
this.adminApiUrl = adminApiUrl;
}
}

3
docbook/reference/en/en-US/modules/Overview.xml
View file

@ -48,6 +48,9 @@
<listitem>
OAuth 2.0 Grant requests
</listitem>
<listitem>
OpenID Connect Support.
</listitem>
<listitem>
CORS Support
</listitem>

16
examples/demo-template/third-party/src/main/java/org/keycloak/example/oauth/ProductDatabaseClient.java vendored
View file

@ -5,6 +5,7 @@ import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.keycloak.adapters.TokenGrantRequest;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.servlet.ServletOAuthClient;
import org.keycloak.util.JsonSerialization;
@ -50,7 +51,7 @@ public class ProductDatabaseClient {
static class TypedList extends ArrayList<String> {}
public static List<String> getProducts(HttpServletRequest request) throws Failure {
public static AccessTokenResponse getTokenResponse(HttpServletRequest request) {
// The ServletOAuthClient is obtained by getting a context attribute
// that is set in the Bootstrap context listener in this project.
// You really should come up with a better way to initialize
@ -59,17 +60,26 @@ public class ProductDatabaseClient {
ServletOAuthClient oAuthClient = (ServletOAuthClient) request.getServletContext().getAttribute(ServletOAuthClient.class.getName());
String token = null;
try {
token = oAuthClient.getBearerToken(request).getToken();
return oAuthClient.getBearerToken(request);
} catch (IOException e) {
throw new RuntimeException(e);
} catch (TokenGrantRequest.HttpFailure failure) {
throw new RuntimeException(failure);
}
}
public static List<String> getProducts(HttpServletRequest request, String accessToken) throws Failure {
// The ServletOAuthClient is obtained by getting a context attribute
// that is set in the Bootstrap context listener in this project.
// You really should come up with a better way to initialize
// and obtain the ServletOAuthClient. I actually suggest downloading the ServletOAuthClient code
// and take a look how it works. You can also take a look at third-party-cdi example
ServletOAuthClient oAuthClient = (ServletOAuthClient) request.getServletContext().getAttribute(ServletOAuthClient.class.getName());
HttpClient client = oAuthClient.getClient();
HttpGet get = new HttpGet("http://localhost:8080/database/products");
get.addHeader("Authorization", "Bearer " + token);
get.addHeader("Authorization", "Bearer " + accessToken);
try {
HttpResponse response = client.execute(get);
if (response.getStatusLine().getStatusCode() != 200) {

23
examples/demo-template/third-party/src/main/webapp/pull_data.jsp vendored
View file

@ -1,4 +1,7 @@
<%@ page import="org.keycloak.example.oauth.ProductDatabaseClient" %>
<%@ page import="org.keycloak.representations.AccessTokenResponse" %>
<%@ page import="org.keycloak.representations.IDToken" %>
<%@ page import="org.keycloak.servlet.ServletOAuthClient" %>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<html>
@ -6,17 +9,33 @@
<title>Pull Page</title>
</head>
<body>
<h2>Pulled Product Listing</h2>
<%
java.util.List<String> list = null;
try {
list = ProductDatabaseClient.getProducts(request);
AccessTokenResponse tokenResponse = ProductDatabaseClient.getTokenResponse(request);
if (tokenResponse.getIdToken() != null) {
IDToken idToken = ServletOAuthClient.extractIdToken(tokenResponse.getIdToken());
out.println("<p><i>Change client claims in admin console to view personal info of user</i></p>");
if (idToken.getPreferredUsername() != null) {
out.println("<p>Username: " + idToken.getPreferredUsername() + "</p>");
}
if (idToken.getName() != null) {
out.println("<p>Full Name: " + idToken.getName() + "</p>");
}
if (idToken.getEmail() != null) {
out.println("<p>Email: " + idToken.getEmail() + "</p>");
}
}
list = ProductDatabaseClient.getProducts(request, tokenResponse.getToken());
} catch (ProductDatabaseClient.Failure failure) {
out.println("There was a failure processing request. You either didn't configure Keycloak properly, or maybe" +
"you just forgot to secure the database service?");
out.println("Status from database service invocation was: " + failure.getStatus());
return;
}
%>
<h2>Pulled Product Listing</h2>
<%
for (String prod : list)
{
out.print("<p>");

10
forms/common-themes/src/main/resources/theme/login/base/login-oauth-grant.ftl
View file

@ -9,6 +9,16 @@
<div id="kc-oauth" class="content-area">
<h3><strong>${oauth.client}</strong> ${rb.oauthGrantRequest}</h3>
<ul>
<#if oauth.claimsRequested??>
<li>
<span>
Personal Info:&nbsp;
<#list oauth.claimsRequested as claim>
${claim}&nbsp;
</#list>
</span>
</li>
</#if>
<#list oauth.realmRolesRequested as role>
<li>
<span><#if role.description??>${role.description}<#else>${role.name}</#if></span>

41
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java
View file

@ -21,12 +21,14 @@
*/
package org.keycloak.login.freemarker.model;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import javax.ws.rs.core.MultivaluedMap;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
/**
@ -38,6 +40,7 @@ public class OAuthGrantBean {
private MultivaluedMap<String, RoleModel> resourceRolesRequested;
private String code;
private ClientModel client;
private List<String> claimsRequested;
private String oAuthCode;
private String action;
@ -46,6 +49,41 @@ public class OAuthGrantBean {
this.client = client;
this.realmRolesRequested = realmRolesRequested;
this.resourceRolesRequested = resourceRolesRequested;
// todo support locale
List<String> claims = new LinkedList<String>();
long mask = client.getAllowedClaimsMask();
if (ClaimMask.hasEmail(mask)) {
claims.add("email");
}
if (ClaimMask.hasUsername(mask)) {
claims.add("username");
}
if (ClaimMask.hasName(mask)) {
claims.add("name");
}
if (ClaimMask.hasGender(mask)) {
claims.add("gender");
}
if (ClaimMask.hasAddress(mask)) {
claims.add("address");
}
if (ClaimMask.hasPhone(mask)) {
claims.add("phone");
}
if (ClaimMask.hasPicture(mask)) {
claims.add("picture");
}
if (ClaimMask.hasProfile(mask)) {
claims.add("profile page");
}
if (ClaimMask.hasLocale(mask)) {
claims.add("locale");
}
if (ClaimMask.hasWebsite(mask)) {
claims.add("website");
}
if (claims.size() > 0) this.claimsRequested = claims;
}
public String getCode() {
@ -64,4 +102,7 @@ public class OAuthGrantBean {
return client.getClientId();
}
public List<String> getClaimsRequested() {
return claimsRequested;
}
}

12
integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java
View file

@ -4,7 +4,9 @@ import org.apache.http.client.HttpClient;
import org.keycloak.AbstractOAuthClient;
import org.keycloak.adapters.HttpClientBuilder;
import org.keycloak.adapters.TokenGrantRequest;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.IDToken;
import org.keycloak.util.KeycloakUriBuilder;
import javax.servlet.http.Cookie;
@ -156,5 +158,15 @@ public class ServletOAuthClient extends AbstractOAuthClient {
return TokenGrantRequest.invokeRefresh(client, refreshToken, refreshUrl, clientId, credentials);
}
public static IDToken extractIdToken(String idToken) {
if (idToken == null) return null;
JWSInput input = new JWSInput(idToken);
try {
return input.readJsonContent(IDToken.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}

3
services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
View file

@ -51,10 +51,7 @@ public class OAuthClientManager {
model.setSecret(rep.getSecret());
if (rep.getClaims() != null) {
ClaimManager.setClaims(model, rep.getClaims());
} else {
model.setAllowedClaimsMask(ClaimMask.USERNAME);
}
return model;
}

6
services/src/main/java/org/keycloak/services/resources/AccountService.java
View file

@ -74,6 +74,12 @@ public class AccountService {
this.authManager = new AppAuthManager("KEYCLOAK_ACCOUNT_IDENTITY", tokenManager);
}
public static UriBuilder accountServiceBaseUrl(UriInfo uriInfo) {
UriBuilder base = uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(RealmsResource.class, "getAccountService");
return base;
}
private Response forwardToPage(String path, AccountPages page) {
Auth auth = getAuth(false);
if (auth != null) {

39
services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
View file

@ -4,6 +4,7 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.PublishedRealmRepresentation;
import org.keycloak.services.resources.admin.AdminService;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
@ -19,7 +20,6 @@ import javax.ws.rs.core.UriInfo;
*/
public class PublicRealmResource {
protected static final Logger logger = Logger.getLogger(PublicRealmResource.class);
public static final String ADMIN_ROLE = "$REALM-ADMIN$";
@Context
protected UriInfo uriInfo;
@ -30,12 +30,6 @@ public class PublicRealmResource {
this.realm = realm;
}
public static UriBuilder realmUrl(UriInfo uriInfo) {
UriBuilder base = uriInfo.getBaseUriBuilder()
.path(RealmsResource.class).path(RealmsResource.class, "getRealmResource");
return base;
}
@GET
@NoCache
@Produces("application/json")
@ -43,38 +37,13 @@ public class PublicRealmResource {
return realmRep(realm, uriInfo);
}
@GET
@NoCache
@Path("html")
@Produces("text/html")
public String getRealmHtml(@PathParam("realm") String id) {
StringBuffer html = new StringBuffer();
String authUri = TokenService.loginPageUrl(uriInfo).build(realm.getName()).toString();
String codeUri = TokenService.accessCodeToTokenUrl(uriInfo).build(realm.getName()).toString();
String grantUrl = TokenService.grantAccessTokenUrl(uriInfo).build(realm.getName()).toString();
html.append("<html><body><h1>Realm: ").append(realm.getName()).append("</h1>");
html.append("<p>auth: ").append(authUri).append("</p>");
html.append("<p>code: ").append(codeUri).append("</p>");
html.append("<p>grant: ").append(grantUrl).append("</p>");
html.append("<p>public key: ").append(realm.getPublicKeyPem()).append("</p>");
html.append("</body></html>");
return html.toString();
}
public static PublishedRealmRepresentation realmRep(RealmModel realm, UriInfo uriInfo) {
PublishedRealmRepresentation rep = new PublishedRealmRepresentation();
rep.setRealm(realm.getName());
rep.setSelf(realmUrl(uriInfo).build(realm.getId()).toString());
rep.setTokenServiceUrl(TokenService.tokenServiceBaseUrl(uriInfo).build(realm.getId()).toString());
rep.setAccountServiceUrl(AccountService.accountServiceBaseUrl(uriInfo).build(realm.getId()).toString());
rep.setAdminApiUrl(AdminService.adminApiUrl(uriInfo).build(realm.getId()).toString());
rep.setPublicKeyPem(realm.getPublicKeyPem());
rep.setAdminRole(ADMIN_ROLE);
rep.setAuthorizationUrl(TokenService.loginPageUrl(uriInfo).build(realm.getName()).toString());
rep.setCodeUrl(TokenService.accessCodeToTokenUrl(uriInfo).build(realm.getName()).toString());
rep.setGrantUrl(TokenService.grantAccessTokenUrl(uriInfo).build(realm.getName()).toString());
return rep;
}

7
services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
View file

@ -17,6 +17,7 @@ import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.TokenManager;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.services.resources.TokenService;
import org.keycloak.services.resources.flows.Flows;
@ -75,6 +76,12 @@ public class AdminService {
this.authManager = new AppAuthManager("KEYCLOAK_ADMIN_CONSOLE_IDENTITY", tokenManager);
}
public static UriBuilder adminApiUrl(UriInfo uriInfo) {
UriBuilder base = uriInfo.getBaseUriBuilder().path(AdminService.class).path(AdminService.class, "getRealmsAdmin").path(RealmsAdminResource.class, "getRealmAdmin");
return base;
}
public static class WhoAmI {
protected String userId;
protected String displayName;