auth-server-url and Realm/App name changes

This commit is contained in:
Bill Burke 2014-01-15 10:02:56 -05:00
parent 6b388918c9
commit 6326d5d2b5
24 changed files with 97 additions and 63 deletions

View file

@ -26,13 +26,12 @@ module.controller('HomeCtrl', function(Realm, $location) {
if (realms.length == 1) {
realm = realms[0].realm;
} else if (realms.length == 2) {
if (realms[0].realm == 'Keycloak Administration') {
if (realms[0].realm == 'keycloak-admin') {
realm = realms[1].realm;
} else if (realms[1].realm == 'Keycloak Administration') {
} else if (realms[1].realm == 'keycloak-admin') {
realm = realms[0].realm;
}
}
console.log("****** HomeCtrl ******");
if (realm) {
$location.url('/realms/' + realm);
} else {

View file

@ -11,7 +11,7 @@
<a href="#" class="dropdown-toggle" data-toggle="dropdown">
<span class="icon-user">Icon: user</span>{{auth.user.displayName}}<i class="caret"></i></a>
<ul class="dropdown-menu">
<li><a href="/auth/rest/realms/Keycloak Administration/account">Manage Account</a></li>
<li><a href="/auth/rest/realms/keycloak-admin/account">Manage Account</a></li>
<li class="separator"><a href="/auth/rest/admin/logout">Sign Out</a></li>
</ul>
</li>

View file

@ -0,0 +1,11 @@
package org.keycloak;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ServiceUrlConstants {
public static final String TOKEN_SERVICE_LOGIN_PATH = "/rest/realms/{realm-name}/tokens/login";
public static final String TOKEN_SERVICE_ACCESS_CODE_PATH = "/rest/realms/{realm-name}/tokens/access/codes";
}

View file

@ -9,7 +9,7 @@ import org.codehaus.jackson.annotate.JsonPropertyOrder;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@JsonPropertyOrder({"realm", "realm-public-key", "auth-url", "code-url", "ssl-not-required",
@JsonPropertyOrder({"realm", "realm-public-key", "auth-server-url", "ssl-not-required",
"resource", "credentials",
"use-resource-role-mappings",
"enable-cors", "cors-max-age", "cors-allowed-methods",

View file

@ -13,7 +13,7 @@ import java.util.Map;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@JsonPropertyOrder({"realm", "realm-public-key", "auth-url", "code-url", "ssl-not-required",
@JsonPropertyOrder({"realm", "realm-public-key", "auth-server-url", "ssl-not-required",
"resource", "credentials",
"use-resource-role-mappings",
"enable-cors", "cors-max-age", "cors-allowed-methods",

View file

@ -9,16 +9,14 @@ import org.codehaus.jackson.annotate.JsonPropertyOrder;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@JsonPropertyOrder({"realm", "realm-public-key", "auth-url", "code-url", "ssl-not-required"})
@JsonPropertyOrder({"realm", "realm-public-key", "auth-server-url", "ssl-not-required"})
public class BaseRealmConfig {
@JsonProperty("realm")
protected String realm;
@JsonProperty("realm-public-key")
protected String realmKey;
@JsonProperty("auth-url")
protected String authUrl;
@JsonProperty("code-url")
protected String codeUrl;
@JsonProperty("auth-server-url")
protected String authServerUrl;
@JsonProperty("ssl-not-required")
protected boolean sslNotRequired;
@ -46,19 +44,11 @@ public class BaseRealmConfig {
this.realmKey = realmKey;
}
public String getAuthUrl() {
return authUrl;
public String getAuthServerUrl() {
return authServerUrl;
}
public void setAuthUrl(String authUrl) {
this.authUrl = authUrl;
}
public String getCodeUrl() {
return codeUrl;
}
public void setCodeUrl(String codeUrl) {
this.codeUrl = codeUrl;
public void setAuthServerUrl(String authServerUrl) {
this.authServerUrl = authServerUrl;
}
}

View file

@ -2,8 +2,7 @@
"realm" : "demo",
"resource" : "customer-portal",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/login",
"code-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/access/codes",
"auth-server-url" : "http://localhost:8080/auth",
"ssl-not-required" : true,
"expose-token" : true,
"credentials" : {

View file

@ -2,9 +2,8 @@
"realm" : "demo",
"resource" : "product-portal",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/login",
"code-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/access/codes",
"ssl-not-required" : true,
"auth-server-url" : "http://localhost:8080/auth",
"ssl-not-required" : true,
"credentials" : {
"password" : "password"
}

View file

@ -96,7 +96,7 @@
}
],
"applicationRoleMappings": {
"Account": [
"account": [
{
"username": "bburke@redhat.com",
"roles": ["manage-account"]

View file

@ -1,7 +1,6 @@
{
"resource" : "third-party",
"auth-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/login",
"code-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/access/codes",
"auth-server-url" : "http://localhost:8080/auth",
"ssl-not-required" : true,
"credentials" : {
"password" : "password"

View file

@ -1,7 +1,6 @@
{
"resource" : "third-party",
"auth-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/login",
"code-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/access/codes",
"auth-server-url" : "http://localhost:8080/auth",
"ssl-not-required" : true,
"credentials" : {
"password" : "password"

View file

@ -2,8 +2,7 @@
"realm" : "demo",
"resource" : "customer-portal",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/login",
"code-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/access/codes",
"auth-server-url" : "http://localhost:8080/auth",
"ssl-not-required" : true,
"expose-token" : true,
"credentials" : {

View file

@ -2,10 +2,9 @@
"realm" : "demo",
"resource" : "product-portal",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/login",
"code-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/access/codes",
"ssl-not-required" : true,
"credentials" : {
"auth-server-url" : "http://localhost:8080/auth",
"ssl-not-required" : true,
"credentials" : {
"password" : "password"
}
}

View file

@ -96,7 +96,7 @@
}
],
"applicationRoleMappings": {
"Account": [
"account": [
{
"username": "bburke@redhat.com",
"roles": ["manage-account"]

View file

@ -1,7 +1,7 @@
{
"realm" : "demo",
"resource" : "third-party",
"auth-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/login",
"code-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/access/codes",
"auth-server-url" : "http://localhost:8080/auth",
"ssl-not-required" : true,
"credentials" : {
"password" : "password"

View file

@ -1,7 +1,7 @@
{
"realm" : "demo",
"resource" : "third-party",
"auth-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/login",
"code-url" : "http://localhost:8080/auth/rest/realms/demo/tokens/access/codes",
"auth-server-url" : "http://localhost:8080/auth",
"ssl-not-required" : true,
"credentials" : {
"password" : "password"

View file

@ -3,6 +3,8 @@ package org.keycloak.adapters.config;
import java.io.InputStream;
import org.keycloak.AbstractOAuthClient;
import org.keycloak.ServiceUrlConstants;
import org.keycloak.util.KeycloakUriBuilder;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@ -27,8 +29,14 @@ public abstract class OAuthClientConfigLoader extends RealmConfigurationLoader {
public void configureOAuthClient(AbstractOAuthClient oauthClient) {
oauthClient.setClientId(adapterConfig.getResource());
oauthClient.setPassword(adapterConfig.getCredentials().get("password"));
oauthClient.setAuthUrl(adapterConfig.getAuthUrl());
oauthClient.setCodeUrl(adapterConfig.getCodeUrl());
if (adapterConfig.getAuthServerUrl() == null) {
throw new RuntimeException("You must specify auth-url");
}
KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(adapterConfig.getAuthServerUrl());
String authUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGIN_PATH).build(adapterConfig.getRealm()).toString();
String tokenUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_ACCESS_CODE_PATH).build(adapterConfig.getRealm()).toString();
oauthClient.setAuthUrl(authUrl);
oauthClient.setCodeUrl(tokenUrl);
oauthClient.setTruststore(truststore);
if (adapterConfig.getScope() != null) {
String scope = encodeScope(adapterConfig.getScope());

View file

@ -1,6 +1,7 @@
package org.keycloak.adapters.config;
import org.apache.http.client.HttpClient;
import org.keycloak.ServiceUrlConstants;
import org.keycloak.adapters.HttpClientBuilder;
import org.keycloak.util.KeycloakUriBuilder;
@ -30,14 +31,13 @@ public class RealmConfigurationLoader extends AdapterConfigLoader {
if (!setupClient || adapterConfig.isBearerOnly()) return;
initClient();
realmConfiguration = new RealmConfiguration();
String authUrl = adapterConfig.getAuthUrl();
if (authUrl == null) {
if (adapterConfig.getAuthServerUrl() == null) {
throw new RuntimeException("You must specify auth-url");
}
String tokenUrl = adapterConfig.getCodeUrl();
if (tokenUrl == null) {
throw new RuntimeException("You mut specify code-url");
}
KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(adapterConfig.getAuthServerUrl());
String authUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGIN_PATH).build(adapterConfig.getRealm()).toString();
String tokenUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_ACCESS_CODE_PATH).build(adapterConfig.getRealm()).toString();
realmConfiguration.setMetadata(resourceMetadata);
realmConfiguration.setSslRequired(!adapterConfig.isSslNotRequired());
realmConfiguration.setResourceCredentials(adapterConfig.getCredentials());

View file

@ -6,13 +6,13 @@ package org.keycloak.models;
*/
public interface Constants {
String INTERNAL_ROLE = "KEYCLOAK_";
String ADMIN_REALM = "Keycloak Administration";
String ADMIN_CONSOLE_APPLICATION = "Admin Console";
String ADMIN_REALM = "keycloak-admin";
String ADMIN_CONSOLE_APPLICATION = "admin-console";
String ADMIN_CONSOLE_ADMIN_ROLE = "admin";
String APPLICATION_ROLE = INTERNAL_ROLE + "_APPLICATION";
String IDENTITY_REQUESTER_ROLE = INTERNAL_ROLE + "_IDENTITY_REQUESTER";
String ACCOUNT_APPLICATION = "Account";
String ACCOUNT_APPLICATION = "account";
String ACCOUNT_PROFILE_ROLE = "view-profile";
String ACCOUNT_MANAGE_ROLE = "manage-account";
}

View file

@ -181,8 +181,7 @@ public class ApplicationManager {
rep.setRealmKey(realmModel.getPublicKeyPem());
rep.setSslNotRequired(realmModel.isSslNotRequired());
rep.setAuthUrl(Urls.realmLoginPage(baseUri, realmModel.getName()).toString());
rep.setCodeUrl(Urls.realmCode(baseUri, realmModel.getName()).toString());
rep.setAuthServerUrl(baseUri.toString());
rep.setUseResourceRoleMappings(applicationModel.getRoles().size() > 0);
rep.setResource(applicationModel.getName());

View file

@ -88,9 +88,7 @@ public class OAuthClientManager {
rep.setRealm(realmModel.getName());
rep.setRealmKey(realmModel.getPublicKeyPem());
rep.setSslNotRequired(realmModel.isSslNotRequired());
rep.setAuthUrl(Urls.realmLoginPage(baseUri, realmModel.getName()).toString());
rep.setCodeUrl(Urls.realmCode(baseUri, realmModel.getName()).toString());
rep.setAuthServerUrl(baseUri.toString());
rep.setUseResourceRoleMappings(false);
rep.setResource(model.getOAuthAgent().getLoginName());

View file

@ -12,6 +12,8 @@ import org.keycloak.services.resources.admin.AdminService;
import javax.servlet.ServletContext;
import javax.ws.rs.core.Application;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.UriInfo;
import java.net.URI;
import java.util.HashSet;
import java.util.ServiceLoader;
import java.util.Set;
@ -31,10 +33,11 @@ public class KeycloakApplication extends Application {
protected Set<Class<?>> classes = new HashSet<Class<?>>();
protected KeycloakSessionFactory factory;
protected String contextPath;
public KeycloakApplication(@Context ServletContext context) {
this.factory = createSessionFactory();
this.contextPath = context.getContextPath();
context.setAttribute(KeycloakSessionFactory.class.getName(), factory);
//classes.add(KeycloakSessionCleanupFilter.class);
@ -49,6 +52,20 @@ public class KeycloakApplication extends Application {
setupDefaultRealm();
}
public String getContextPath() {
return contextPath;
}
/**
* Get base URI of WAR distribution, not JAX-RS
*
* @param uriInfo
* @return
*/
public URI getBaseUri(UriInfo uriInfo) {
return uriInfo.getBaseUriBuilder().replacePath(getContextPath()).build();
}
protected void setupDefaultRealm() {
new ApplianceBootstrap().bootstrap(factory);
}

View file

@ -11,6 +11,7 @@ import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.ApplicationManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication;
import org.keycloak.util.JsonSerialization;
import javax.ws.rs.Consumes;
@ -19,6 +20,7 @@ import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Application;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriInfo;
@ -38,6 +40,13 @@ public class ApplicationResource extends RoleContainerResource {
@Context
protected UriInfo uriInfo;
@Context
protected Application keycloak;
protected KeycloakApplication getKeycloakApplication() {
return (KeycloakApplication)keycloak;
}
public ApplicationResource(RealmModel realm, ApplicationModel applicationModel, KeycloakSession session) {
super(applicationModel);
this.realm = realm;
@ -68,7 +77,7 @@ public class ApplicationResource extends RoleContainerResource {
@Produces(MediaType.APPLICATION_JSON)
public String getInstallation() throws IOException {
ApplicationManager applicationManager = new ApplicationManager(new RealmManager(session));
BaseAdapterConfig rep = applicationManager.toInstallationRepresentation(realm, application, uriInfo.getBaseUri());
BaseAdapterConfig rep = applicationManager.toInstallationRepresentation(realm, application, getKeycloakApplication().getBaseUri(uriInfo));
// TODO Temporary solution to pretty-print
return JsonSerialization.mapper.writerWithDefaultPrettyPrinter().writeValueAsString(rep);

View file

@ -12,6 +12,7 @@ import org.keycloak.representations.idm.OAuthClientRepresentation;
import org.keycloak.services.managers.ApplicationManager;
import org.keycloak.services.managers.OAuthClientManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication;
import org.keycloak.util.JsonSerialization;
import javax.ws.rs.Consumes;
@ -20,6 +21,7 @@ import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Application;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriInfo;
@ -38,6 +40,13 @@ public class OAuthClientResource {
@Context
protected UriInfo uriInfo;
@Context
protected Application application;
protected KeycloakApplication getApplication() {
return (KeycloakApplication)application;
}
public OAuthClientResource(RealmModel realm, OAuthClientModel oauthClient, KeycloakSession session) {
this.realm = realm;
this.oauthClient = oauthClient;
@ -65,7 +74,7 @@ public class OAuthClientResource {
@Produces(MediaType.APPLICATION_JSON)
public String getInstallation() throws IOException {
OAuthClientManager manager = new OAuthClientManager(realm);
BaseAdapterConfig rep = manager.toInstallationRepresentation(realm, oauthClient, uriInfo.getBaseUri());
BaseAdapterConfig rep = manager.toInstallationRepresentation(realm, oauthClient, getApplication().getBaseUri(uriInfo));
// TODO Temporary solution to pretty-print
return JsonSerialization.mapper.writerWithDefaultPrettyPrinter().writeValueAsString(rep);