acct svc + sessions

This commit is contained in:
Bill Burke 2014-05-19 11:45:42 -04:00
parent dc7923c436
commit 5826f02ebe
8 changed files with 57 additions and 13 deletions

View file

@ -1,9 +1,13 @@
package org.keycloak.account.freemarker.model;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.util.Time;
import java.util.ArrayList;
import java.util.Date;
import java.util.LinkedList;
import java.util.List;
@ -50,6 +54,21 @@ public class SessionsBean {
return Time.toDate(max);
}
public List<String> getApplications() {
List<String> apps = new ArrayList<String>();
for (ClientModel client : session.getClientAssociations()) {
if (client instanceof ApplicationModel) apps.add(client.getClientId());
}
return apps;
}
public List<String> getClients() {
List<String> apps = new ArrayList<String>();
for (ClientModel client : session.getClientAssociations()) {
if (client instanceof OAuthClientModel) apps.add(client.getClientId());
}
return apps;
}
}
}

View file

@ -13,6 +13,8 @@
<td>IP</td>
<td>Started</td>
<td>Expires</td>
<td>Applications</td>
<td>Clients</td>
</tr>
</thead>
@ -22,6 +24,20 @@
<td>${session.ipAddress}</td>
<td>${session.started?datetime}</td>
<td>${session.expires?datetime}</td>
<td>
<ul style="list-style: none; ">
<#list session.applications as app>
<li>${app}</li>
</#list>
</ul>
</td>
<td>
<ul style="list-style: none; ">
<#list session.clients as client>
<li>${client}</li>
</#list>
</ul>
</td>
</tr>
</#list>
</tbody>

View file

@ -21,7 +21,7 @@ public class AppAuthManager extends AuthenticationManager {
super(providerSession);
}
public UserModel authenticateRequest(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
public AuthResult authenticateRequest(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
AuthResult authResult = authenticateIdentityCookie(realm, uriInfo, headers);
if (authResult != null) {
Cookie remember = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
@ -29,7 +29,7 @@ public class AppAuthManager extends AuthenticationManager {
// refresh the cookies!
createLoginCookie(realm, authResult.getUser(), authResult.getSession(), uriInfo, rememberMe);
if (rememberMe) createRememberMeCookie(realm, uriInfo);
return authResult.getUser();
return authResult;
} else {
return authenticateBearerToken(realm, uriInfo, headers);
}
@ -47,11 +47,11 @@ public class AppAuthManager extends AuthenticationManager {
return tokenString;
}
public UserModel authenticateBearerToken(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
public AuthResult authenticateBearerToken(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
String tokenString = extractAuthorizationHeaderToken(headers);
if (tokenString == null) return null;
AuthResult authResult = verifyIdentityToken(realm, uriInfo, true, tokenString);
return authResult != null ? authResult.getUser() : null;
return authResult;
}
}

View file

@ -279,6 +279,8 @@ public class RealmManager {
if (application == null) {
application = new ApplicationManager(this).createApplication(realm, Constants.ACCOUNT_MANAGEMENT_APP);
application.setEnabled(true);
String redirectUri = contextPath + "/realms/" + realm.getName() + "/account/*";
application.addRedirectUri(redirectUri);
for (String role : AccountRoles.ALL) {
application.addDefaultRole(role);

View file

@ -49,6 +49,7 @@ import org.keycloak.provider.ProviderSession;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.SocialRequestManager;
import org.keycloak.services.managers.TokenManager;
@ -148,9 +149,12 @@ public class AccountService {
account = AccountLoader.load().createAccount(uriInfo).setRealm(realm);
boolean passwordUpdateSupported = false;
UserModel user = authManager.authenticateRequest(realm, uriInfo, headers);
if (user != null) {
auth = new Auth(realm, user, application);
AuthenticationManager.AuthResult authResult = authManager.authenticateRequest(realm, uriInfo, headers);
if (authResult != null) {
auth = new Auth(realm, authResult.getUser(), application);
if (authResult.getSession() != null) {
authResult.getSession().associateClient(application);
}
account.setUser(auth.getUser());
AuthenticationLinkModel authLinkModel = realm.getAuthenticationLink(auth.getUser());

View file

@ -18,6 +18,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderSession;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.ApplicationManager;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication;
import org.keycloak.services.resources.TokenService;
@ -164,10 +165,11 @@ public class AdminConsole {
@NoCache
public Response whoAmI(final @Context HttpHeaders headers) {
RealmManager realmManager = new RealmManager(session);
UserModel user = authManager.authenticateBearerToken(realm, uriInfo, headers);
if (user == null) {
AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(realm, uriInfo, headers);
if (authResult == null) {
return Response.status(401).build();
}
UserModel user= authResult.getUser();
String displayName;
if ((user.getFirstName() != null && !user.getFirstName().trim().equals("")) || (user.getLastName() != null && !user.getLastName().trim().equals(""))) {
displayName = user.getFirstName();

View file

@ -14,6 +14,7 @@ import org.keycloak.provider.ProviderSession;
import org.keycloak.representations.AccessToken;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.TokenManager;
@ -116,8 +117,8 @@ public class AdminRoot {
if (realm == null) {
throw new UnauthorizedException("Unknown realm in token");
}
UserModel user = authManager.authenticateBearerToken(realm, uriInfo, headers);
if (user == null) {
AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(realm, uriInfo, headers);
if (authResult == null) {
logger.debug("Token not valid");
throw new UnauthorizedException("Bearer");
}
@ -126,7 +127,7 @@ public class AdminRoot {
if (consoleApp == null) {
throw new NotFoundException("Could not find admin console application");
}
Auth auth = new Auth(realm, user, consoleApp);
Auth auth = new Auth(realm, authResult.getUser(), consoleApp);
return auth;

View file

@ -201,7 +201,7 @@ public class KeycloakServer {
info("Not importing realm " + rep.getRealm() + " realm already exists");
return;
}
manager.setContextPath("/auth");
RealmModel realm = manager.createRealm(rep.getId(), rep.getRealm());
manager.importRealm(rep, realm);