Merge pull request #32 from patriot1burke/master

retire Transaction
2013-09-11 06:46:09 -07:00 · 2013-09-11 06:46:09 -07:00 · 67be783503
commit 67be783503
parent b851c118c3 bfe9beae72
54 changed files with 1268 additions and 1318 deletions
--- a/core/pom.xml
+++ b/core/pom.xml
@ -29,15 +29,10 @@
            <scope>provided</scope>
        </dependency>
        <dependency>
-            <groupId>javax.servlet</groupId>
+            <groupId>org.jboss.spec.javax.servlet</groupId>
-            <artifactId>servlet-api</artifactId>
+            <artifactId>jboss-servlet-api_3.0_spec</artifactId>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>org.jboss.resteasy</groupId>
            <artifactId>tjws</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
--- a/examples/as7-eap-demo/customer-app/pom.xml
+++ b/examples/as7-eap-demo/customer-app/pom.xml
@ -24,8 +24,8 @@
    <dependencies>
        <dependency>
-            <groupId>javax.servlet</groupId>
+            <groupId>org.jboss.spec.javax.servlet</groupId>
-            <artifactId>servlet-api</artifactId>
+            <artifactId>jboss-servlet-api_3.0_spec</artifactId>
            <scope>provided</scope>
        </dependency>
        <dependency>
--- a/examples/as7-eap-demo/product-app/pom.xml
+++ b/examples/as7-eap-demo/product-app/pom.xml
@ -24,8 +24,8 @@
    <dependencies>
        <dependency>
-            <groupId>javax.servlet</groupId>
+            <groupId>org.jboss.spec.javax.servlet</groupId>
-            <artifactId>servlet-api</artifactId>
+            <artifactId>jboss-servlet-api_3.0_spec</artifactId>
            <scope>provided</scope>
        </dependency>
        <dependency>
--- a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
+++ b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
@ -11,6 +11,8 @@ import org.keycloak.services.resources.KeycloakApplication;
 import org.keycloak.services.resources.SaasService;
 import org.keycloak.services.resources.SaasService;
 import javax.servlet.ServletContext;
 import javax.ws.rs.core.Context;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
@ -20,8 +22,8 @@ import java.io.InputStream;
 */
 public class DemoApplication extends KeycloakApplication {
-    public DemoApplication() {
+    public DemoApplication(@Context ServletContext servletContext) {
-        super();
+        super(servletContext);
        KeycloakSession session = factory.createSession();
        session.getTransaction().begin();
        RealmManager realmManager = new RealmManager(session);
--- a/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml
+++ b/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml
@ -21,6 +21,16 @@
        <async-supported>true</async-supported>
    </servlet>
    <filter>
        <filter-name>Keycloak Session Management</filter-name>
        <filter-class>org.keycloak.services.filters.KeycloakSessionServletFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>Keycloak Session Management</filter-name>
        <url-pattern>/rest/*</url-pattern>
    </filter-mapping>
    <servlet-mapping>
        <servlet-name>Resteasy</servlet-name>
        <url-pattern>/rest/*</url-pattern>
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/app.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/app.js
@ -55,9 +55,6 @@ module.config([ '$routeProvider', function($routeProvider) {
 		resolve : {
 			realm : function(RealmLoader) {
 				return RealmLoader();
 			},
 			users : function(UserListLoader) {
 				return UserListLoader();
 			}
        },
 		controller : 'UserListCtrl'
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
@ -181,15 +181,39 @@ module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $ht
 });
-module.controller('UserListCtrl', function($scope, realm, users) {
+module.controller('UserListCtrl', function($scope, realm, User) {
 	$scope.realm = realm;
-	$scope.users = users;
+    $scope.users = [];
    $scope.query = "*";
    $scope.attribute = {};
    var params = {};
    $scope.addAttribute = function() {
        console.log('queryAttribute');
        params[$scope.attribute.name] = $scope.attribute.value;
        for (var key in params) {
            $scope.query = " " + key + "=" +params[key];
        }
    };
    $scope.executeQuery = function() {
        console.log('executeQuery');
        var parameters = angular.copy(params);
        parameters["realm"] = realm.id;
        $scope.users = User.query(parameters);
    };
    $scope.clearQuery = function() {
        params = {};
        $scopre.query = "*";
        $scope.users = [];
    };
 });
 module.controller('UserDetailCtrl', function($scope, realm, user, User, $location, Dialog, Notifications) {
 	$scope.realm = realm;
 	$scope.user = angular.copy(user);
-	$scope.create = !user.userId;
+	$scope.create = !user.username;
 	$scope.changed = $scope.create;
@ -201,22 +225,27 @@ module.controller('UserDetailCtrl', function($scope, realm, user, User, $locatio
 	$scope.save = function() {
 		if ($scope.userForm.$valid) {
-
+            if ($scope.create) {
                User.save({
                    realm: realm.id
                }, $scope.user, function () {
                    $scope.changed = false;
                    user = angular.copy($scope.user);
-				if ($scope.create) {
+                    $location.url("/realms/" + realm.id + "/users/" + $scope.user.username);
 					$location.url("/realms/" + realm.id + "/users/" + $scope.user.userId);
                    Notifications.success("Created user");
 				} else {
 					Notifications.success("Saved changes to user");
 				}
                });
            } else {
                User.update({
                    realm: realm.id,
                    userId: $scope.user.username
                }, $scope.user, function () {
                    $scope.changed = false;
                    user = angular.copy($scope.user);
                    Notifications.success("Saved changes to user");
                });
            }
        } else {
 			$scope.userForm.showErrors = true;
 		}
@ -236,7 +265,7 @@ module.controller('UserDetailCtrl', function($scope, realm, user, User, $locatio
 		Dialog.confirmDelete($scope.user.userId, 'user', function() {
 			$scope.user.$remove({
 				realm : realm.id,
-				userId : $scope.user.userId
+				userId : $scope.user.username
 			}, function() {
 				$location.url("/realms/" + realm.id + "/users");
 				Notifications.success("Deleted user");
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
@ -110,11 +110,11 @@ module.factory('RoleMapping', function($resource) {
 });
 module.factory('User', function($resource) {
-	return $resource('/keycloak-server/ui/api/realms/:realm/users/:userId', {
+	return $resource('/auth-server/rest/saas/admin/realms/:realm/users/:userId', {
 		realm : '@realm',
 		userId : '@userId'
 	}, {
-		save : {
+		update : {
 			method : 'PUT'
 		}
 	});
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-menu.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-menu.html
@ -6,7 +6,7 @@
                    <li data-ng-class="path[0] == 'create' && path[1] == 'user' && 'active'"><a
                            href="#/create/user/{{realm.id}}">New User</a></li>
                    <li data-ng-class="path[0] == 'find' && path[1] == 'user' && 'active'"><a
-                            href="#/find/user/{{realm.id}}">Find User</a></li>
+                            href="#/realms/{{realm.id}}/users">Find User</a></li>
                </ul>
            </li>
            <li data-ng-class="path[2] == 'roles' && 'active'"><a href="#/realms/{{realm.id}}/roles">Roles</a>
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-detail.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-detail.html
@ -13,13 +13,13 @@
            <div data-ng-show="roleForm.showErrors && roleForm.$error.required" class="alert alert-error">Please fill in
                all required fields
            </div>
-            <p class="subtitle subtitle-right"><span class="required">*</span> Required fields</p>
+            <p class="subtitle subtitle-right" data-ng-show="create"><span class="required">*</span> Required fields</p>
            <form class="form-horizontal" name="roleForm" novalidate>
                <fieldset>
                    <legend>Details</legend>
                    <div class="control-group">
-                        <label class="control-label" for="name">Role name <span class="required">*</span></label>
+                        <label class="control-label" for="name">Role name <span class="required" data-ng-show="create">*</span></label>
                        <div class="controls">
                            <input type="text" class="input-xlarge" id="name" name="name" data-ng-model="role.name"
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-list.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-list.html
@ -4,8 +4,6 @@
        <div id="actions-bg"></div>
        <div id="container-right" class="span9">
            <a class="btn btn-small pull-right" href="#/create/role/{{realm.id}}">Add Role</a>
            <h1>
                <span class="gray">Realm Roles</span>
            </h1>
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/user-detail.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/user-detail.html
@ -7,26 +7,35 @@
            <h1 data-ng-show="create"><span class="gray">New User</span></h1>
            <h1 data-ng-hide="create">
-                <span class="gray">{{user.userId}}</span> configuration
+                <span class="gray">User {{user.username}}</span>
            </h1>
            <div data-ng-show="userForm.showErrors && userForm.$error.required" class="alert alert-error">Please fill in
                all required fields
            </div>
-            <p class="subtitle subtitle-right"><span class="required">*</span> Required fields</p>
+            <p class="subtitle subtitle-right" data-ng-show="create"><span class="required">*</span> Required fields</p>
            <form class="form-horizontal" name="userForm" novalidate>
                <fieldset>
                    <legend>Details</legend>
                    <div class="control-group">
-                        <label class="control-label" for="name">Username <span class="required">*</span></label>
+                        <label class="control-label" for="name">Username <span class="required" data-ng-show="create">*</span></label>
                        <div class="controls">
-                            <input type="text" class="input-xlarge" id="name" name="name" data-ng-model="user.userId"
+                            <input type="text" class="input-xlarge" id="name" name="name" data-ng-model="user.username"
                                   autofocus required data-ng-readonly="!create">
                        </div>
                    </div>
                    <div class="control-group">
                        <label class="control-label">Enabled</label>
                        <div class="controls">
                            <input class="input-xlarge" type="checkbox" name="enabled"
                                   data-ng-model="realm.enabled">
                        </div>
                    </div>
                    <div class="control-group">
                        <label class="control-label" for="email">Email </label>
@ -52,15 +61,6 @@
                            <input type="text" class="input-xlarge" id="lastName" data-ng-model="user.lastName">
                        </div>
                    </div>
                    <div class="control-group">
                        <label class="control-label" for="password">Password <span class="required">*</span></label>
                        <div class="controls">
                            <input type="password" class="input-xlarge" id="password" name="password"
                                   data-ng-model="user.password" data-ng-required="create">
                        </div>
                    </div>
                </fieldset>
                <fieldset data-ng-show="user.attributes.length > 0">
@ -94,7 +94,6 @@
                    </button>
                    <button type="submit" data-ng-click="reset()" class="btn" data-ng-show="changed">Clear changes
                    </button>
                    <a href="#/realms/{{realm.id}}/users" data-ng-hide="changed">View users &#187;</a>
                    <button type="submit" data-ng-click="remove()" class="btn btn-danger" data-ng-hide="changed">
                        Delete
                    </button>
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/user-list.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/user-list.html
@ -3,13 +3,42 @@
        <aside class="span3" data-ng-include data-src="'partials/realm-menu.html'"></aside>
        <div id="actions-bg"></div>
        <div id="container-right" class="span9">
-            <a class="btn btn-small pull-right" href="#/create/user/{{realm.id}}">Add User</a>
+            <form class="form-horizontal" name="queryForm" novalidate>
                <div class="control-group">
                    <label class="control-label">Query </label>
-            <h1>
+                    <div class="controls">
-                <span class="gray">{{realm.name}}</span> users
+                        <input type="text" class="input-xlarge" id="query" name="query" data-ng-model="query"
-            </h1>
+                               autofocus required readonly>
                        <button type="submit" data-ng-click="executeQuery()" class="btn btn-primary">Execute Query
                        </button>
                    </div>
                </div>
            </form>
            <form class="form-horizontal" name="queryAttribute" novalidate>
                <fieldset>
                    <div class="control-group">
                        <label class="control-label">Predefined Attribute</label>
                        <div class="controls">
                            <select style="width: auto;" name="name"
                                    data-ng-model="attribute.name">
                                <option value="loginName">Login name</option>
                                <option value="lastName">Last name</option>
                                <option value="firstName">First name</option>
                                <option value="email">Email</option>
                            </select>
                            <input class="input-small" type="text" name="value"
                                   data-ng-model="attribute.value">
                            <button type="submit" data-ng-click="addAttribute()" class="btn btn-primary">Add Attribute
                            </button>
                        </div>
                    </div>
                </fieldset>
            </form>
            <table class="table table-striped table-bordered">
                <thead>
                <tr>
@ -20,7 +49,7 @@
                </tr>
                </thead>
                <tr data-ng-repeat="user in users">
-                    <td><a href="#/realms/{{realm.id}}/users/{{user.userId}}">{{user.userId}}</a></td>
+                    <td><a href="#/realms/{{realm.id}}/users/{{user.username}}">{{user.username}}</a></td>
                    <td>{{user.firstName}}</td>
                    <td>{{user.lastName}}</td>
                    <td>{{user.email}}</td>
--- a/integration/as7-eap6/adapter/pom.xml
+++ b/integration/as7-eap6/adapter/pom.xml
@ -33,7 +33,6 @@
        <dependency>
            <groupId>org.jboss.spec.javax.servlet</groupId>
            <artifactId>jboss-servlet-api_3.0_spec</artifactId>
            <version>1.0.0.Final</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
--- a/pom.xml
+++ b/pom.xml
@ -9,7 +9,8 @@
    <packaging>pom</packaging>
    <properties>
-        <resteasy.version>3.0.2.Final</resteasy.version>
+        <resteasy.version>3.0.4.Final</resteasy.version>
        <undertow.version>1.0.0.Beta12</undertow.version>
        <picketlink.version>2.5.0.Beta6</picketlink.version>
    </properties>
@ -108,7 +109,21 @@
                <groupId>org.jboss.resteasy</groupId>
                <artifactId>tjws</artifactId>
                <version>${resteasy.version}</version>
-                <scope>provided</scope>
+            </dependency>
            <dependency>
                <groupId>org.jboss.resteasy</groupId>
                <artifactId>resteasy-undertow</artifactId>
                <version>${resteasy.version}</version>
            </dependency>
            <dependency>
                <groupId>io.undertow</groupId>
                <artifactId>undertow-servlet</artifactId>
                <version>${undertow.version}</version>
            </dependency>
            <dependency>
                <groupId>io.undertow</groupId>
                <artifactId>undertow-core</artifactId>
                <version>${undertow.version}</version>
            </dependency>
            <dependency>
                <groupId>org.codehaus.jackson</groupId>
@ -131,9 +146,9 @@
                <version>1.9.12</version>
            </dependency>
            <dependency>
-                <groupId>javax.servlet</groupId>
+                <groupId>org.jboss.spec.javax.servlet</groupId>
-                <artifactId>servlet-api</artifactId>
+                <artifactId>jboss-servlet-api_3.0_spec</artifactId>
-                <version>2.5</version>
+                <version>1.0.1.Final</version>
            </dependency>
            <dependency>
                <groupId>org.jboss.resteasy</groupId>
--- a/services/pom.xml
+++ b/services/pom.xml
@ -79,11 +79,6 @@
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.jboss.resteasy</groupId>
            <artifactId>tjws</artifactId>
            <scope>test</scope>
        </dependency>
         <dependency>
            <groupId>org.jboss.resteasy</groupId>
            <artifactId>jaxrs-api</artifactId>
@ -105,13 +100,18 @@
            <scope>provided</scope>
        </dependency>
        <dependency>
-            <groupId>javax.servlet</groupId>
+            <groupId>org.jboss.resteasy</groupId>
-            <artifactId>servlet-api</artifactId>
+            <artifactId>resteasy-undertow</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
-            <groupId>org.jboss.resteasy</groupId>
+            <groupId>io.undertow</groupId>
-            <artifactId>tjws</artifactId>
+            <artifactId>undertow-servlet</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>io.undertow</groupId>
            <artifactId>undertow-core</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
@ -124,6 +124,11 @@
            <artifactId>jackson-mapper-asl</artifactId>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>org.jboss.spec.javax.servlet</groupId>
            <artifactId>jboss-servlet-api_3.0_spec</artifactId>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>org.codehaus.jackson</groupId>
            <artifactId>jackson-xc</artifactId>
--- a/services/src/main/java/org/keycloak/services/filters/KeycloakSessionCreateFilter.java
+++ b/services/src/main/java/org/keycloak/services/filters/KeycloakSessionCreateFilter.java
@ -7,8 +7,6 @@ import org.keycloak.services.models.KeycloakSessionFactory;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.container.ContainerResponseContext;
 import javax.ws.rs.container.ContainerResponseFilter;
 import javax.ws.rs.container.PreMatching;
 import java.io.IOException;
--- a/services/src/main/java/org/keycloak/services/filters/KeycloakSessionServletFilter.java
+++ b/services/src/main/java/org/keycloak/services/filters/KeycloakSessionServletFilter.java
@ -0,0 +1,56 @@
 package org.keycloak.services.filters;
 import org.jboss.resteasy.spi.ResteasyProviderFactory;
 import org.keycloak.services.models.KeycloakSession;
 import org.keycloak.services.models.KeycloakSessionFactory;
 import org.keycloak.services.models.KeycloakTransaction;
 import javax.servlet.*;
 import java.io.IOException;
 /**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
 * @version $Revision: 1 $
 */
 public class KeycloakSessionServletFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        KeycloakSessionFactory factory = (KeycloakSessionFactory)servletRequest.getServletContext().getAttribute(KeycloakSessionFactory.class.getName());
        if (factory == null) throw new ServletException("Factory was null");
        KeycloakSession session = factory.createSession();
        ResteasyProviderFactory.pushContext(KeycloakSession.class, session);
        KeycloakTransaction tx = session.getTransaction();
        ResteasyProviderFactory.pushContext(KeycloakTransaction.class, tx);
        tx.begin();
        try {
            filterChain.doFilter(servletRequest, servletResponse);
            if (tx.isActive()) {
                if (tx.getRollbackOnly()) tx.rollback();
                else tx.commit();
            }
        } catch (IOException ex) {
            if (tx.isActive()) tx.rollback();
            throw ex;
        } catch (ServletException ex) {
            if (tx.isActive()) tx.rollback();
            throw ex;
        }
        catch (RuntimeException ex) {
            if (tx.isActive()) tx.rollback();
            throw ex;
        } finally {
            session.close();
            ResteasyProviderFactory.clearContextData();
        }
    }
    @Override
    public void destroy() {
    }
 }
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@ -16,11 +16,7 @@ import org.keycloak.services.resources.RealmsResource;
 import org.keycloak.services.resources.SaasService;
 import javax.ws.rs.NotAuthorizedException;
-import javax.ws.rs.core.Cookie;
+import javax.ws.rs.core.*;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.NewCookie;
 import javax.ws.rs.core.UriInfo;
 import java.net.URI;
 import java.util.HashSet;
 import java.util.List;
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@ -7,7 +7,10 @@ import org.keycloak.services.models.*;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
-import java.util.*;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicLong;
 /**
--- a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
@ -5,8 +5,8 @@ import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
 import org.jboss.resteasy.logging.Logger;
 import org.keycloak.TokenIdGenerator;
 import org.keycloak.representations.idm.admin.LogoutAction;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.ApplicationModel;
 import org.keycloak.services.models.RealmModel;
 import javax.ws.rs.client.Entity;
 import javax.ws.rs.core.Form;
--- a/services/src/main/java/org/keycloak/services/managers/ResourceManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ResourceManager.java
@ -1,12 +1,7 @@
 package org.keycloak.services.managers;
 import org.keycloak.representations.idm.*;
-import org.keycloak.representations.idm.ApplicationRepresentation;
+import org.keycloak.services.models.*;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.ApplicationModel;
 import org.keycloak.services.models.RoleModel;
 import org.keycloak.services.models.UserCredentialModel;
 import org.keycloak.services.models.UserModel;
 /**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@ -5,8 +5,8 @@ import org.jboss.resteasy.jose.jws.JWSBuilder;
 import org.jboss.resteasy.jwt.JsonSerialization;
 import org.keycloak.representations.SkeletonKeyScope;
 import org.keycloak.representations.SkeletonKeyToken;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.ApplicationModel;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.RoleModel;
 import org.keycloak.services.models.UserModel;
--- a/services/src/main/java/org/keycloak/services/managers/UserManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/UserManager.java
@ -0,0 +1,89 @@
 package org.keycloak.services.managers;
 import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.UserCredentialModel;
 import org.keycloak.services.models.UserModel;
 import java.util.Map;
 /**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
 * @version $Revision: 1 $
 */
 public class UserManager {
    public static UserRepresentation toRepresentation(UserModel user) {
        UserRepresentation rep = new UserRepresentation();
        rep.setEmail(user.getEmail());
        rep.setLastName(user.getLastName());
        rep.setFirstName(user.getFirstName());
        rep.setEnabled(user.isEnabled());
        rep.setUsername(user.getLoginName());
        for (Map.Entry<String, String> entry : user.getAttributes().entrySet()) {
            rep.attribute(entry.getKey(), entry.getValue());
        }
        return rep;
    }
    public UserModel createUser(RealmModel newRealm, UserRepresentation userRep) {
        UserModel user = newRealm.addUser(userRep.getUsername());
        user.setEnabled(userRep.isEnabled());
        user.setEmail(userRep.getEmail());
        user.setFirstName(userRep.getFirstName());
        user.setLastName(userRep.getLastName());
        if (userRep.getAttributes() != null) {
            for (Map.Entry<String, String> entry : userRep.getAttributes().entrySet()) {
                user.setAttribute(entry.getKey(), entry.getValue());
            }
        }
        if (userRep.getCredentials() != null) {
            for (CredentialRepresentation cred : userRep.getCredentials()) {
                UserCredentialModel credential = new UserCredentialModel();
                credential.setType(cred.getType());
                credential.setValue(cred.getValue());
                newRealm.updateCredential(user, credential);
            }
        }
        return user;
    }
    /**
     * Doesn't allow you to change loginname.
     *
     * @param user
     * @param userRep
     */
    public void updateUserAsAdmin(UserModel user, UserRepresentation userRep) {
        user.setEnabled(userRep.isEnabled());
        user.setEmail(userRep.getEmail());
        user.setFirstName(userRep.getFirstName());
        user.setLastName(userRep.getLastName());
        if (userRep.getAttributes() != null) {
            for (Map.Entry<String, String> entry : userRep.getAttributes().entrySet()) {
                user.setAttribute(entry.getKey(), entry.getValue());
            }
        }
    }
    /**
     * Doesn't allow you to change loginname.
     * Doesn't allow you to change enable
     *
     * @param user
     * @param userRep
     */
    public void updateUserAsUser(UserModel user, UserRepresentation userRep) {
        user.setEmail(userRep.getEmail());
        user.setFirstName(userRep.getFirstName());
        user.setLastName(userRep.getLastName());
        if (userRep.getAttributes() != null) {
            for (Map.Entry<String, String> entry : userRep.getAttributes().entrySet()) {
                user.setAttribute(entry.getKey(), entry.getValue());
            }
        }
    }
 }
--- a/services/src/main/java/org/keycloak/services/models/UserModel.java
+++ b/services/src/main/java/org/keycloak/services/models/UserModel.java
@ -7,6 +7,10 @@ import java.util.Map;
 * @version $Revision: 1 $
 */
 public interface UserModel {
    public static final String LAST_NAME = "lastName";
    public static final String FIRST_NAME = "firstName";
    public static final String EMAIL = "email";
    String getLoginName();
    boolean isEnabled();
--- a/services/src/main/java/org/keycloak/services/models/jpa/entities/RealmEntity.java
+++ b/services/src/main/java/org/keycloak/services/models/jpa/entities/RealmEntity.java
@ -1,13 +1,7 @@
 package org.keycloak.services.models.jpa.entities;
-import javax.persistence.CascadeType;
+import javax.persistence.*;
 import javax.persistence.Column;
 import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
 import javax.persistence.Id;
 import javax.persistence.MapKey;
 import javax.persistence.OneToMany;
 import java.util.Collection;
 /**
--- a/services/src/main/java/org/keycloak/services/models/jpa/entities/ResourceEntity.java
+++ b/services/src/main/java/org/keycloak/services/models/jpa/entities/ResourceEntity.java
@ -1,13 +1,6 @@
 package org.keycloak.services.models.jpa.entities;
-import javax.persistence.CascadeType;
+import javax.persistence.*;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
 import javax.persistence.Id;
 import javax.persistence.ManyToOne;
 import javax.persistence.OneToMany;
 import javax.persistence.OneToOne;
 import java.util.Collection;
 /**
--- a/services/src/main/java/org/keycloak/services/models/jpa/entities/UserRoleMappingEntity.java
+++ b/services/src/main/java/org/keycloak/services/models/jpa/entities/UserRoleMappingEntity.java
@ -4,7 +4,6 @@ import javax.persistence.Entity;
 import javax.persistence.GeneratedValue;
 import javax.persistence.Id;
 import javax.persistence.ManyToOne;
 import javax.persistence.OneToOne;
 /**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
--- a/services/src/main/java/org/keycloak/services/models/picketlink/UserAdapter.java
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/UserAdapter.java
@ -3,7 +3,6 @@ package org.keycloak.services.models.picketlink;
 import org.keycloak.services.models.UserModel;
 import org.picketlink.idm.IdentityManager;
 import org.picketlink.idm.model.Attribute;
 import org.picketlink.idm.model.annotation.AttributeProperty;
 import org.picketlink.idm.model.sample.User;
 import java.util.HashMap;
--- a/services/src/main/java/org/keycloak/services/models/picketlink/mappings/ApplicationData.java
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/mappings/ApplicationData.java
@ -1,6 +1,5 @@
 package org.keycloak.services.models.picketlink.mappings;
 import org.picketlink.idm.jpa.annotations.AttributeValue;
 import org.picketlink.idm.model.AbstractPartition;
 import org.picketlink.idm.model.annotation.AttributeProperty;
 import org.picketlink.idm.model.sample.User;
--- a/services/src/main/java/org/keycloak/services/models/picketlink/mappings/RealmData.java
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/mappings/RealmData.java
@ -1,6 +1,5 @@
 package org.keycloak.services.models.picketlink.mappings;
 import org.picketlink.idm.jpa.annotations.AttributeValue;
 import org.picketlink.idm.model.AbstractPartition;
 import org.picketlink.idm.model.annotation.AttributeProperty;
--- a/services/src/main/java/org/keycloak/services/models/picketlink/relationships/RealmAdminRelationship.java
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/RealmAdminRelationship.java
@ -1,10 +1,8 @@
 package org.keycloak.services.models.picketlink.relationships;
 import org.keycloak.services.models.picketlink.mappings.RealmData;
 import org.picketlink.idm.model.AbstractAttributedType;
 import org.picketlink.idm.model.Attribute;
 import org.picketlink.idm.model.Relationship;
 import org.picketlink.idm.model.annotation.AttributeProperty;
 import org.picketlink.idm.model.sample.User;
 import org.picketlink.idm.query.AttributeParameter;
 import org.picketlink.idm.query.RelationshipQueryParameter;
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@ -21,18 +21,6 @@
 */
 package org.keycloak.services.resources;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriInfo;
 import javax.ws.rs.core.Response.Status;
 import org.jboss.resteasy.spi.HttpRequest;
 import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.services.managers.AuthenticationManager;
@ -45,6 +33,13 @@ import org.keycloak.services.resources.flows.FormFlows;
 import org.keycloak.services.validation.Validation;
 import org.picketlink.idm.credential.util.TimeBasedOTP;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.core.*;
 import javax.ws.rs.core.Response.Status;
 /**
 * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
 */
@ -70,8 +65,6 @@ public class AccountService {
    @Path("access")
    @GET
    public Response accessPage() {
        return new Transaction<Response>() {
            protected Response callImpl() {
        UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
        if (user != null) {
            return Flows.forms(realm, request).setUser(user).forwardToAccess();
@ -79,15 +72,11 @@ public class AccountService {
            return Response.status(Status.FORBIDDEN).build();
        }
    }
        }.call();
    }
    @Path("")
    @POST
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    public Response processAccountUpdate(final MultivaluedMap<String, String> formData) {
        return new Transaction<Response>() {
            protected Response callImpl() {
        UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
        if (user != null) {
            user.setFirstName(formData.getFirst("firstName"));
@ -99,15 +88,11 @@ public class AccountService {
            return Response.status(Status.FORBIDDEN).build();
        }
    }
        }.call();
    }
    @Path("totp")
    @POST
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    public Response processTotpUpdate(final MultivaluedMap<String, String> formData) {
        return new Transaction<Response>() {
            protected Response callImpl() {
        UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
        if (user != null) {
            FormFlows forms = Flows.forms(realm, request);
@ -143,15 +128,11 @@ public class AccountService {
            return Response.status(Status.FORBIDDEN).build();
        }
    }
        }.call();
    }
    @Path("password")
    @POST
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    public Response processPasswordUpdate(final MultivaluedMap<String, String> formData) {
        return new Transaction<Response>() {
            protected Response callImpl() {
        UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
        if (user != null) {
            FormFlows forms = Flows.forms(realm, request).setUser(user);
@ -187,14 +168,10 @@ public class AccountService {
            return Response.status(Status.FORBIDDEN).build();
        }
    }
        }.call();
    }
    @Path("")
    @GET
    public Response accountPage() {
        return new Transaction<Response>() {
            protected Response callImpl() {
        UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
        if (user != null) {
            return Flows.forms(realm, request).setUser(user).forwardToAccount();
@ -202,14 +179,10 @@ public class AccountService {
            return Response.status(Status.FORBIDDEN).build();
        }
    }
        }.call();
    }
    @Path("social")
    @GET
    public Response socialPage() {
        return new Transaction<Response>() {
            protected Response callImpl() {
        UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
        if (user != null) {
            return Flows.forms(realm, request).setUser(user).forwardToSocial();
@ -217,14 +190,10 @@ public class AccountService {
            return Response.status(Status.FORBIDDEN).build();
        }
    }
        }.call();
    }
    @Path("totp")
    @GET
    public Response totpPage() {
        return new Transaction<Response>() {
            protected Response callImpl() {
        UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
        if (user != null) {
            return Flows.forms(realm, request).setUser(user).forwardToTotp();
@ -232,14 +201,10 @@ public class AccountService {
            return Response.status(Status.FORBIDDEN).build();
        }
    }
        }.call();
    }
    @Path("password")
    @GET
    public Response passwordPage() {
        return new Transaction<Response>() {
            protected Response callImpl() {
        UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
        if (user != null) {
            return Flows.forms(realm, request).setUser(user).forwardToPassword();
@ -247,7 +212,4 @@ public class AccountService {
            return Response.status(Status.FORBIDDEN).build();
        }
    }
        }.call();
    }
 }
--- a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
+++ b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
@ -1,7 +1,6 @@
 package org.keycloak.services.resources;
 import org.keycloak.SkeletonKeyContextResolver;
 import org.keycloak.services.filters.KeycloakSessionCleanupFilter;
 import org.keycloak.services.managers.TokenManager;
 import org.keycloak.services.models.KeycloakSessionFactory;
 import org.keycloak.services.models.picketlink.PicketlinkKeycloakSession;
@ -13,25 +12,15 @@ import org.picketlink.idm.PartitionManager;
 import org.picketlink.idm.config.IdentityConfigurationBuilder;
 import org.picketlink.idm.internal.DefaultPartitionManager;
 import org.picketlink.idm.jpa.internal.JPAContextInitializer;
-import org.picketlink.idm.jpa.model.sample.simple.AccountTypeEntity;
+import org.picketlink.idm.jpa.model.sample.simple.*;
 import org.picketlink.idm.jpa.model.sample.simple.AttributeTypeEntity;
 import org.picketlink.idm.jpa.model.sample.simple.AttributedTypeEntity;
 import org.picketlink.idm.jpa.model.sample.simple.DigestCredentialTypeEntity;
 import org.picketlink.idm.jpa.model.sample.simple.GroupTypeEntity;
 import org.picketlink.idm.jpa.model.sample.simple.IdentityTypeEntity;
 import org.picketlink.idm.jpa.model.sample.simple.OTPCredentialTypeEntity;
 import org.picketlink.idm.jpa.model.sample.simple.PartitionTypeEntity;
 import org.picketlink.idm.jpa.model.sample.simple.PasswordCredentialTypeEntity;
 import org.picketlink.idm.jpa.model.sample.simple.RelationshipIdentityTypeEntity;
 import org.picketlink.idm.jpa.model.sample.simple.RelationshipTypeEntity;
 import org.picketlink.idm.jpa.model.sample.simple.RoleTypeEntity;
 import org.picketlink.idm.jpa.model.sample.simple.X509CredentialTypeEntity;
 import javax.annotation.PreDestroy;
 import javax.persistence.EntityManager;
 import javax.persistence.EntityManagerFactory;
 import javax.persistence.Persistence;
 import javax.servlet.ServletContext;
 import javax.ws.rs.core.Application;
 import javax.ws.rs.core.Context;
 import java.util.HashSet;
 import java.util.Set;
@ -45,10 +34,11 @@ public class KeycloakApplication extends Application {
    protected KeycloakSessionFactory factory;
-    public KeycloakApplication() {
+    public KeycloakApplication(@Context ServletContext context) {
        KeycloakSessionFactory f = createSessionFactory();
        this.factory = f;
-        classes.add(KeycloakSessionCleanupFilter.class);
+        context.setAttribute(KeycloakSessionFactory.class.getName(), factory);
        //classes.add(KeycloakSessionCleanupFilter.class);
        TokenManager tokenManager = new TokenManager();
@ -56,6 +46,7 @@ public class KeycloakApplication extends Application {
        singletons.add(new SocialResource(tokenManager, new SocialRequestManager()));
        classes.add(SkeletonKeyContextResolver.class);
        classes.add(SaasService.class);
    }
    protected KeycloakSessionFactory createSessionFactory() {
--- a/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
@ -3,7 +3,6 @@ package org.keycloak.services.resources;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.jboss.resteasy.logging.Logger;
 import org.keycloak.representations.idm.PublishedRealmRepresentation;
 import org.keycloak.services.models.KeycloakSession;
 import org.keycloak.services.models.RealmModel;
 import javax.ws.rs.GET;
@ -41,20 +40,14 @@ public class PublicRealmResource {
    @NoCache
    @Produces("application/json")
    public PublishedRealmRepresentation getRealm(@PathParam("realm") String id) {
        return new Transaction<PublishedRealmRepresentation>() {
            protected PublishedRealmRepresentation callImpl() {
        return realmRep(realm, uriInfo);
    }
        }.call();
    }
    @GET
    @NoCache
    @Path("html")
    @Produces("text/html")
    public String getRealmHtml(@PathParam("realm") String id) {
        return new Transaction<String>() {
            protected String callImpl() {
        StringBuffer html = new StringBuffer();
        String authUri = TokenService.loginPageUrl(uriInfo).build(realm.getId()).toString();
@ -72,8 +65,6 @@ public class PublicRealmResource {
        return html.toString();
    }
        }.call();
    }
    public static PublishedRealmRepresentation realmRep(RealmModel realm, UriInfo uriInfo) {
--- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
@ -1,26 +1,17 @@
 package org.keycloak.services.resources;
 import org.jboss.resteasy.logging.Logger;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.managers.TokenManager;
 import org.keycloak.services.models.KeycloakSession;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.RoleModel;
 import org.keycloak.services.models.UserModel;
 import org.keycloak.social.SocialRequestManager;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.NotAuthorizedException;
 import javax.ws.rs.NotFoundException;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.container.ResourceContext;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
@ -39,7 +30,10 @@ public class RealmsResource {
    protected HttpHeaders headers;
    @Context
-    ResourceContext resourceContext;
+    protected ResourceContext resourceContext;
    @Context
    protected KeycloakSession session;
    protected TokenManager tokenManager;
@ -53,9 +47,6 @@ public class RealmsResource {
    @Path("{realm}/tokens")
    public TokenService getTokenService(final @PathParam("realm") String id) {
        return new Transaction<TokenService>(false) {
            @Override
            protected TokenService callImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel realm = realmManager.getRealm(id);
        if (realm == null) {
@ -66,15 +57,9 @@ public class RealmsResource {
        resourceContext.initResource(tokenService);
        return tokenService;
    }
        }.call();
    }
    @Path("{realm}/account")
    public AccountService getAccountService(final @PathParam("realm") String id) {
        return new Transaction<AccountService>(false) {
            @Override
            protected AccountService callImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel realm = realmManager.getRealm(id);
        if (realm == null) {
@ -85,14 +70,9 @@ public class RealmsResource {
        resourceContext.initResource(accountService);
        return accountService;
    }
        }.call();
    }
    @Path("{realm}")
    public PublicRealmResource getRealmResource(final @PathParam("realm") String id) {
        return new Transaction<PublicRealmResource>(false) {
            @Override
            protected PublicRealmResource callImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel realm = realmManager.getRealm(id);
        if (realm == null) {
@ -103,8 +83,6 @@ public class RealmsResource {
        resourceContext.initResource(realmResource);
        return realmResource;
    }
        }.call();
    }
 }
--- a/services/src/main/java/org/keycloak/services/resources/SaasService.java
+++ b/services/src/main/java/org/keycloak/services/resources/SaasService.java
@ -10,18 +10,14 @@ import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.messages.Messages;
-import org.keycloak.services.models.RealmModel;
+import org.keycloak.services.models.*;
 import org.keycloak.services.models.RequiredCredentialModel;
 import org.keycloak.services.models.RoleModel;
 import org.keycloak.services.models.UserCredentialModel;
 import org.keycloak.services.models.UserModel;
 import org.keycloak.services.resources.admin.RealmsAdminResource;
 import org.keycloak.services.resources.flows.Flows;
 import org.keycloak.services.validation.Validation;
 import javax.ws.rs.*;
 import javax.ws.rs.container.ResourceContext;
 import javax.ws.rs.core.*;
 import java.net.URI;
 import java.util.LinkedList;
 import java.util.List;
@ -44,7 +40,13 @@ public class SaasService {
    protected HttpRequest request;
    @Context
-    HttpResponse response;
+    protected HttpResponse response;
    @Context
    protected KeycloakSession session;
    @Context
    protected ResourceContext resourceContext;
    protected String adminPath = "/saas/admin/index.html";
    protected AuthenticationManager authManager = new AuthenticationManager();
@ -82,10 +84,7 @@ public class SaasService {
    @GET
    @NoCache
    public Response keepalive(final @Context HttpHeaders headers) {
-        logger.info("keepalive");
+        logger.debug("keepalive");
        return new Transaction<Response>() {
            @Override
            public Response callImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel realm = realmManager.defaultRealm();
        if (realm == null)
@ -97,17 +96,12 @@ public class SaasService {
        NewCookie refreshCookie = authManager.createSaasIdentityCookie(realm, user, uriInfo);
        return Response.noContent().cookie(refreshCookie).build();
    }
        }.call();
    }
    @Path("whoami")
    @GET
    @Produces("application/json")
    @NoCache
    public Response whoAmI(final @Context HttpHeaders headers) {
        return new Transaction<Response>() {
            @Override
            public Response callImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel realm = realmManager.defaultRealm();
        if (realm == null)
@ -118,18 +112,13 @@ public class SaasService {
        }
        return Response.ok(new WhoAmI(user.getLoginName(), user.getFirstName() + " " + user.getLastName())).build();
    }
        }.call();
    }
    @Path("isLoggedIn.js")
    @GET
    @Produces("application/javascript")
    @NoCache
    public String isLoggedIn(final @Context HttpHeaders headers) {
-        return new Transaction<String>() {
+        logger.debug("WHOAMI Javascript start.");
            @Override
            public String callImpl() {
                logger.info("WHOAMI Javascript start.");
        RealmManager realmManager = new RealmManager(session);
        RealmModel realm = realmManager.defaultRealm();
        if (realm == null) {
@ -140,11 +129,9 @@ public class SaasService {
        if (user == null) {
            return "var keycloakCookieLoggedIn = false;";
        }
-                logger.info("WHOAMI: " + user.getLoginName());
+        logger.debug("WHOAMI: " + user.getLoginName());
        return "var keycloakCookieLoggedIn = true;";
    }
        }.call();
    }
    public static UriBuilder contextRoot(UriInfo uriInfo) {
        return UriBuilder.fromUri(uriInfo.getBaseUri()).replacePath("/auth-server");
@ -156,9 +143,6 @@ public class SaasService {
    @Path("admin/realms")
    public RealmsAdminResource getRealmsAdmin(@Context final HttpHeaders headers) {
        return new Transaction<RealmsAdminResource>(false) {
            @Override
            protected RealmsAdminResource callImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel saasRealm = realmManager.defaultRealm();
        if (saasRealm == null)
@ -172,80 +156,57 @@ public class SaasService {
            logger.warn("not a Realm creator");
            throw new NotAuthorizedException("Bearer");
        }
-                return new RealmsAdminResource(admin);
+        RealmsAdminResource adminResource = new RealmsAdminResource(admin);
-            }
+        resourceContext.initResource(adminResource);
-        }.call();
+        return adminResource;
    }
    @Path("login")
    @GET
    @NoCache
    public void loginPage() {
        new Transaction() {
            @Override
            protected void runImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel realm = realmManager.defaultRealm();
        authManager.expireSaasIdentityCookie(uriInfo);
        Flows.forms(realm, request).forwardToLogin();
    }
        }.run();
    }
    @Path("registrations")
    @GET
    @NoCache
    public void registerPage() {
        new Transaction() {
            @Override
            protected void runImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel realm = realmManager.defaultRealm();
        authManager.expireSaasIdentityCookie(uriInfo);
        Flows.forms(realm, request).forwardToRegistration();
    }
        }.run();
    }
    @Path("logout")
    @GET
    @NoCache
    public void logout() {
        new Transaction() {
            @Override
            protected void runImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel realm = realmManager.defaultRealm();
        authManager.expireSaasIdentityCookie(uriInfo);
        Flows.forms(realm, request).forwardToLogin();
    }
        }.run();
    }
    @Path("logout-cookie")
    @GET
    @NoCache
    public void logoutCookie() {
-        logger.info("*** logoutCookie");
+        logger.debug("*** logoutCookie");
        new Transaction() {
            @Override
            protected void runImpl() {
        authManager.expireSaasIdentityCookie(uriInfo);
    }
        }.run();
    }
    @Path("login")
    @POST
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    public Response processLogin(final MultivaluedMap<String, String> formData) {
        logger.info("processLogin start");
        return new Transaction<Response>() {
            @Override
            protected Response callImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel realm = realmManager.defaultRealm();
        if (realm == null)
@ -280,16 +241,11 @@ public class SaasService {
        NewCookie cookie = authManager.createSaasIdentityCookie(realm, user, uriInfo);
        return Response.status(302).cookie(cookie).location(contextRoot(uriInfo).path(adminPath).build()).build();
    }
        }.call();
    }
    @Path("registrations")
    @POST
    @Consumes(MediaType.APPLICATION_JSON)
    public Response register(final UserRepresentation newUser) {
        return new Transaction<Response>() {
            @Override
            protected Response callImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel defaultRealm = realmManager.defaultRealm();
        UserModel user = registerMe(defaultRealm, newUser);
@ -299,16 +255,11 @@ public class SaasService {
        URI uri = uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(user.getLoginName()).build();
        return Response.created(uri).build();
    }
        }.call();
    }
    @Path("registrations")
    @POST
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    public Response processRegister(final MultivaluedMap<String, String> formData) {
        return new Transaction<Response>() {
            @Override
            protected Response callImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel defaultRealm = realmManager.defaultRealm();
@ -368,8 +319,6 @@ public class SaasService {
        NewCookie cookie = authManager.createSaasIdentityCookie(defaultRealm, user, uriInfo);
        return Response.status(302).location(contextRoot(uriInfo).path(adminPath).build()).cookie(cookie).build();
    }
        }.call();
    }
    protected UserModel registerMe(RealmModel defaultRealm, UserRepresentation newUser) {
        if (!defaultRealm.isEnabled()) {
--- a/services/src/main/java/org/keycloak/services/resources/SocialResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
@ -56,10 +56,7 @@ import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.managers.TokenManager;
 import org.keycloak.services.messages.Messages;
-import org.keycloak.services.models.RealmModel;
+import org.keycloak.services.models.*;
 import org.keycloak.services.models.RoleModel;
 import org.keycloak.services.models.SocialLinkModel;
 import org.keycloak.services.models.UserModel;
 import org.keycloak.services.resources.flows.Flows;
 import org.keycloak.services.resources.flows.OAuthFlows;
 import org.keycloak.services.resources.flows.PageFlows;
@ -98,6 +95,10 @@ public class SocialResource {
    @Context
    ResourceContext resourceContext;
    @Context
    protected KeycloakSession session;
    private SocialRequestManager socialRequestManager;
    private TokenManager tokenManager;
@ -112,8 +113,6 @@ public class SocialResource {
    @GET
    @Path("callback")
    public Response callback() throws URISyntaxException {
        return new Transaction<Response>() {
            protected Response callImpl() {
        Map<String, String[]> queryParams = getQueryParams();
        RequestDetails requestData = getRequestDetails(queryParams);
@ -216,8 +215,6 @@ public class SocialResource {
        return oauth.processAccessCode(scope, state, redirectUri, client, user);
    }
        }.call();
    }
    @GET
    @Path("{realm}/login")
@ -257,8 +254,6 @@ public class SocialResource {
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    public Response socialRegistration(@PathParam("realm") final String realmId,
                                       final MultivaluedMap<String, String> formData) {
        return new Transaction<Response>() {
            protected Response callImpl() {
        PageFlows pageFlows = Flows.pages(request);
        Cookie cookie = headers.getCookies().get(SocialConstants.SOCIAL_REGISTRATION_COOKIE);
        if (cookie == null) {
@ -313,8 +308,6 @@ public class SocialResource {
        return tokenService.processLogin(clientId, scope, state, redirectUri, formData);
    }
        }.call();
    }
    private RequestDetails getRequestDetails(Map<String, String[]> queryParams) {
        Iterator<SocialProvider> itr = ServiceRegistry.lookupProviders(SocialProvider.class);
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@ -18,11 +18,7 @@ import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.managers.ResourceAdminManager;
 import org.keycloak.services.managers.TokenManager;
 import org.keycloak.services.messages.Messages;
-import org.keycloak.services.models.RealmModel;
+import org.keycloak.services.models.*;
 import org.keycloak.services.models.RequiredCredentialModel;
 import org.keycloak.services.models.RoleModel;
 import org.keycloak.services.models.UserCredentialModel;
 import org.keycloak.services.models.UserModel;
 import org.keycloak.services.resources.flows.Flows;
 import org.keycloak.services.resources.flows.OAuthFlows;
 import org.keycloak.services.validation.Validation;
@ -75,9 +71,14 @@ public class TokenService {
    @Context
    protected HttpHeaders headers;
    @Context
-    HttpRequest request;
+    protected HttpRequest request;
    @Context
-    HttpResponse response;
+    protected HttpResponse response;
    @Context
    protected KeycloakSession session;
    @Context
    protected KeycloakTransaction transaction;
    private ResourceAdminManager resourceAdminManager = new ResourceAdminManager();
@ -123,8 +124,6 @@ public class TokenService {
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    @Produces(MediaType.APPLICATION_JSON)
    public Response grantIdentityToken(final MultivaluedMap<String, String> form) {
        return new Transaction<Response>() {
            protected Response callImpl() {
        String username = form.getFirst(AuthenticationManager.FORM_USERNAME);
        if (username == null) {
            throw new NotAuthorizedException("No user");
@ -148,16 +147,12 @@ public class TokenService {
        AccessTokenResponse res = accessTokenResponse(token, encoded);
        return Response.ok(res, MediaType.APPLICATION_JSON_TYPE).build();
    }
        }.call();
    }
    @Path("grants/access")
    @POST
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    @Produces(MediaType.APPLICATION_JSON)
    public Response grantAccessToken(final MultivaluedMap<String, String> form) {
        return new Transaction<Response>() {
            protected Response callImpl() {
        String username = form.getFirst(AuthenticationManager.FORM_USERNAME);
        if (username == null) {
            throw new NotAuthorizedException("No user");
@ -180,9 +175,6 @@ public class TokenService {
        AccessTokenResponse res = accessTokenResponse(token, encoded);
        return Response.ok(res, MediaType.APPLICATION_JSON_TYPE).build();
    }
        }.call();
    }
    @Path("auth/request/login")
    @POST
@ -190,8 +182,6 @@ public class TokenService {
    public Response processLogin(@QueryParam("client_id") final String clientId, @QueryParam("scope") final String scopeParam,
            @QueryParam("state") final String state, @QueryParam("redirect_uri") final String redirect,
            final MultivaluedMap<String, String> formData) {
        return new Transaction<Response>() {
            protected Response callImpl() {
        OAuthFlows oauth = Flows.oauth(realm, request, uriInfo, authManager, tokenManager);
        if (!realm.isEnabled()) {
@ -237,8 +227,6 @@ public class TokenService {
        return oauth.processAccessCode(scopeParam, state, redirect, client, user);
    }
        }.call();
    }
    @Path("registrations")
    @POST
@ -246,9 +234,6 @@ public class TokenService {
    public Response processRegister(@QueryParam("client_id") final String clientId,
            @QueryParam("scope") final String scopeParam, @QueryParam("state") final String state,
            @QueryParam("redirect_uri") final String redirect, final MultivaluedMap<String, String> formData) {
        return new Transaction<Response>() {
            @Override
            protected Response callImpl() {
        Response registrationResponse = processRegisterImpl(clientId, scopeParam, state, redirect, formData, false);
        // If request has been already forwarded (either due to security or validation error) then we won't continue with login
@ -259,8 +244,6 @@ public class TokenService {
            return processLogin(clientId, scopeParam, state, redirect, formData);
        }
    }
        }.call();
    }
    public Response processRegisterImpl(String clientId, String scopeParam, String state, String redirect,
                                        MultivaluedMap<String, String> formData, boolean isSocialRegistration) {
@ -347,8 +330,6 @@ public class TokenService {
    @POST
    @Produces("application/json")
    public Response accessCodeToToken(final MultivaluedMap<String, String> formData) {
        return new Transaction<Response>() {
            protected Response callImpl() {
        logger.info("accessRequest <---");
        if (!realm.isEnabled()) {
            throw new NotAuthorizedException("Realm not enabled");
@ -443,9 +424,6 @@ public class TokenService {
        AccessTokenResponse res = accessTokenResponse(realm.getPrivateKey(), accessCode.getToken());
        return Response.ok(res).build();
    }
        }.call();
    }
    protected AccessTokenResponse accessTokenResponse(PrivateKey privateKey, SkeletonKeyToken token) {
        byte[] tokenBytes = null;
@ -475,8 +453,6 @@ public class TokenService {
    public Response loginPage(final @QueryParam("response_type") String responseType,
            final @QueryParam("redirect_uri") String redirect, final @QueryParam("client_id") String clientId,
            final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state) {
        return new Transaction<Response>() {
            protected Response callImpl() {
        OAuthFlows oauth = Flows.oauth(realm, request, uriInfo, authManager, tokenManager);
        if (!realm.isEnabled()) {
@ -515,16 +491,12 @@ public class TokenService {
        return Flows.forms(realm, request).forwardToLogin();
    }
        }.call();
    }
    @Path("registrations")
    @GET
    public Response registerPage(final @QueryParam("response_type") String responseType,
            final @QueryParam("redirect_uri") String redirect, final @QueryParam("client_id") String clientId,
            final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state) {
        return new Transaction<Response>() {
            protected Response callImpl() {
        OAuthFlows oauth = Flows.oauth(realm, request, uriInfo, authManager, tokenManager);
        if (!realm.isEnabled()) {
@ -547,15 +519,11 @@ public class TokenService {
        return Flows.forms(realm, request).forwardToRegistration();
    }
        }.call();
    }
    @Path("logout")
    @GET
    @NoCache
    public Response logout(final @QueryParam("redirect_uri") String redirectUri) {
        return new Transaction<Response>() {
            protected Response callImpl() {
        // todo do we care if anybody can trigger this?
        UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
@ -567,15 +535,11 @@ public class TokenService {
        // todo manage legal redirects
        return Response.status(302).location(UriBuilder.fromUri(redirectUri).build()).build();
    }
        }.call();
    }
    @Path("oauth/grant")
    @POST
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    public Response processOAuth(final MultivaluedMap<String, String> formData) {
        return new Transaction<Response>() {
            protected Response callImpl() {
        OAuthFlows oauth = Flows.oauth(realm, request, uriInfo, authManager, tokenManager);
        String code = formData.getFirst("code");
@ -604,8 +568,6 @@ public class TokenService {
        return oauth.redirectAccessCode(accessCodeEntry, state, redirect);
    }
        }.call();
    }
    protected Response redirectAccessDenied(String redirect, String state) {
        UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam("error", "access_denied");
--- a/services/src/main/java/org/keycloak/services/resources/Transaction.java
+++ b/services/src/main/java/org/keycloak/services/resources/Transaction.java
@ -2,17 +2,15 @@ package org.keycloak.services.resources;
 import org.jboss.resteasy.spi.ResteasyProviderFactory;
 import org.keycloak.services.models.KeycloakSession;
 import org.keycloak.services.models.KeycloakSessionFactory;
 import org.keycloak.services.models.KeycloakTransaction;
 import javax.ws.rs.core.Application;
 /**
 * Meant to be used as an inner class wrapper (I forget the pattern name, its been awhile).
 *
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
 * @version $Revision: 1 $
 */
@Deprecated
 public class Transaction<T> {
    protected KeycloakSession session;
    protected KeycloakTransaction transaction;
@ -36,6 +34,8 @@ public class Transaction<T> {
     */
    public Transaction(boolean close) {
        this.session = ResteasyProviderFactory.getContextData(KeycloakSession.class);
        this.transaction = session.getTransaction();
        /*
        if (session == null) {
            KeycloakApplication app = (KeycloakApplication)ResteasyProviderFactory.getContextData(Application.class);
            session = app.getFactory().createSession();
@ -44,18 +44,8 @@ public class Transaction<T> {
        }
        transaction = session.getTransaction();
        closeSession = close;
    }
    /**
     * Creates and manages its own session.
     *
     * @param factory
        */
-    public Transaction(KeycloakSessionFactory factory) {
+
        this.closeSession = true;
        this.session = factory.createSession();
        this.transaction = session.getTransaction();
    }
    protected void runImpl() {
@ -67,20 +57,20 @@ public class Transaction<T> {
     *
     */
    public void run() {
-        boolean wasActive = transaction.isActive();
+//        boolean wasActive = transaction.isActive();
-        if (!wasActive) transaction.begin();
+//        if (!wasActive) transaction.begin();
-        try {
+//        try {
            runImpl();
-            if (!wasActive && transaction.isActive()) transaction.commit();
+//            if (!wasActive && transaction.isActive()) transaction.commit();
-        } catch (RuntimeException e) {
+//        } catch (RuntimeException e) {
-            if (!wasActive && transaction.isActive()) transaction.rollback();
+//            if (!wasActive && transaction.isActive()) transaction.rollback();
-            if (created) closeSession = true;
+//            if (created) closeSession = true;
-            throw e;
+//            throw e;
-        } finally {
+//        } finally {
-            if (!wasActive && closeSession) {
+//            if (!wasActive && closeSession) {
-                session.close();
+//                session.close();
-            }
+//            }
-        }
+//        }
    }
    protected T callImpl() {
@ -92,18 +82,18 @@ public class Transaction<T> {
     *
     */
    public T call() {
-        boolean wasActive = transaction.isActive();
+//        boolean wasActive = transaction.isActive();
-        if (!wasActive) transaction.begin();
+//        if (!wasActive) transaction.begin();
-        try {
+//        try {
            T rtn = callImpl();
-            if (!wasActive && transaction.isActive()) transaction.commit();
+//            if (!wasActive && transaction.isActive()) transaction.commit();
            return rtn;
-        } catch (RuntimeException e) {
+//        } catch (RuntimeException e) {
-            if (!wasActive && transaction.isActive()) transaction.rollback();
+//            if (!wasActive && transaction.isActive()) transaction.rollback();
-            if (created) closeSession = true; // close if there was a failure
+//            if (created) closeSession = true; // close if there was a failure
-            throw e;
+//            throw e;
-        } finally {
+//        } finally {
-            if (!wasActive && closeSession) session.close();
+//            if (!wasActive && closeSession) session.close();
-        }
+//        }
    }
 }
--- a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
@ -5,16 +5,13 @@ import org.jboss.resteasy.logging.Logger;
 import org.keycloak.representations.idm.ApplicationRepresentation;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.managers.ResourceManager;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.ApplicationModel;
 import org.keycloak.services.models.KeycloakSession;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.UserModel;
 import org.keycloak.services.resources.Transaction;
-import javax.ws.rs.Consumes;
+import javax.ws.rs.*;
-import javax.ws.rs.GET;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.PUT;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 /**
@ -27,6 +24,9 @@ public class ApplicationResource {
    protected RealmModel realm;
    protected ApplicationModel applicationModel;
    @Context
    protected KeycloakSession session;
    public ApplicationResource(UserModel admin, RealmModel realm, ApplicationModel applicationModel) {
        this.admin = admin;
        this.realm = realm;
@ -36,26 +36,16 @@ public class ApplicationResource {
    @PUT
    @Consumes(MediaType.APPLICATION_JSON)
    public void update(final ApplicationRepresentation rep) {
        new Transaction<Void>() {
            @Override
            protected void runImpl() {
        ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
        resourceManager.updateResource(rep, applicationModel);
    }
        }.run();
    }
    @GET
    @NoCache
    @Produces(MediaType.APPLICATION_JSON)
    public ApplicationRepresentation getResource(final @PathParam("id") String id) {
        return new Transaction<ApplicationRepresentation>() {
            @Override
            protected ApplicationRepresentation callImpl() {
        ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
        return resourceManager.toRepresentation(applicationModel);
    }
        }.call();
    }
 }
--- a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationsResource.java
@ -5,18 +5,13 @@ import org.jboss.resteasy.logging.Logger;
 import org.keycloak.representations.idm.ApplicationRepresentation;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.managers.ResourceManager;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.ApplicationModel;
 import org.keycloak.services.models.KeycloakSession;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.UserModel;
 import org.keycloak.services.resources.Transaction;
-import javax.ws.rs.Consumes;
+import javax.ws.rs.*;
-import javax.ws.rs.GET;
+import javax.ws.rs.container.ResourceContext;
 import javax.ws.rs.NotFoundException;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
@ -33,6 +28,12 @@ public class ApplicationsResource {
    protected UserModel admin;
    protected RealmModel realm;
    @Context
    protected ResourceContext resourceContext;
    @Context
    protected KeycloakSession session;
    public ApplicationsResource(UserModel admin, RealmModel realm) {
        this.admin = admin;
        this.realm = realm;
@ -42,9 +43,6 @@ public class ApplicationsResource {
    @Produces(MediaType.APPLICATION_JSON)
    @NoCache
    public List<ApplicationRepresentation> getResources() {
        return new Transaction<List<ApplicationRepresentation>>() {
            @Override
            protected List<ApplicationRepresentation> callImpl() {
        List<ApplicationRepresentation> rep = new ArrayList<ApplicationRepresentation>();
        List<ApplicationModel> applicationModels = realm.getApplications();
        ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
@ -53,35 +51,24 @@ public class ApplicationsResource {
        }
        return rep;
    }
        }.call();
    }
    @POST
    @Consumes(MediaType.APPLICATION_JSON)
    public Response createResource(final @Context UriInfo uriInfo, final ApplicationRepresentation rep) {
        return new Transaction<Response>() {
            @Override
            protected Response callImpl() {
        ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
        ApplicationModel applicationModel = resourceManager.createResource(realm, rep);
        return Response.created(uriInfo.getAbsolutePathBuilder().path(applicationModel.getId()).build()).build();
    }
        }.call();
    }
    @Path("{id}")
    public ApplicationResource getResource(final @PathParam("id") String id) {
        return new Transaction<ApplicationResource>(false) {
            @Override
            protected ApplicationResource callImpl() {
        ApplicationModel applicationModel = realm.getApplicationById(id);
        if (applicationModel == null) {
            throw new NotFoundException();
        }
-                return new ApplicationResource(admin, realm, applicationModel);
+        ApplicationResource applicationResource = new ApplicationResource(admin, realm, applicationModel);
-            }
+        resourceContext.initResource(applicationResource);
-        }.call();
+        return applicationResource;
    }
 }
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
@ -6,20 +6,13 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.models.KeycloakSession;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.RoleModel;
 import org.keycloak.services.models.UserModel;
 import org.keycloak.services.resources.Transaction;
-import javax.ws.rs.Consumes;
+import javax.ws.rs.*;
-import javax.ws.rs.GET;
+import javax.ws.rs.container.ResourceContext;
 import javax.ws.rs.InternalServerErrorException;
 import javax.ws.rs.NotFoundException;
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriInfo;
@ -35,6 +28,12 @@ public class RealmAdminResource {
    protected UserModel admin;
    protected RealmModel realm;
    @Context
    protected ResourceContext resourceContext;
    @Context
    protected KeycloakSession session;
    public RealmAdminResource(UserModel admin, RealmModel realm) {
        this.admin = admin;
        this.realm = realm;
@ -42,20 +41,17 @@ public class RealmAdminResource {
    @Path("applications")
    public ApplicationsResource getResources() {
-        return new ApplicationsResource(admin, realm);
+        ApplicationsResource applicationsResource = new ApplicationsResource(admin, realm);
        resourceContext.initResource(applicationsResource);
        return applicationsResource;
    }
    @GET
    @NoCache
    @Produces("application/json")
    public RealmRepresentation getRealm() {
        return new Transaction<RealmRepresentation>() {
            @Override
            protected RealmRepresentation callImpl() {
        return new RealmManager(session).toRepresentation(realm);
    }
        }.call();
    }
    @Path("roles")
@ -63,9 +59,6 @@ public class RealmAdminResource {
    @NoCache
    @Produces("application/json")
    public List<RoleRepresentation> getRoles() {
        return new Transaction<List<RoleRepresentation>>() {
            @Override
            protected List<RoleRepresentation> callImpl() {
        List<RoleModel> roleModels = realm.getRoles();
        List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
        for (RoleModel roleModel : roleModels) {
@ -74,30 +67,19 @@ public class RealmAdminResource {
        }
        return roles;
    }
        }.call();
    }
    @PUT
    @Consumes("application/json")
    public void updateRealm(final RealmRepresentation rep) {
        new Transaction() {
            @Override
            protected void runImpl() {
        logger.info("updating realm: " + rep.getRealm());
        new RealmManager(session).updateRealm(rep, realm);
    }
        }.run();
    }
    @Path("roles/{id}")
    @GET
    @NoCache
    @Produces("application/json")
    public RoleRepresentation getRole(final @PathParam("id") String id) {
        return new Transaction<RoleRepresentation>() {
            @Override
            protected RoleRepresentation callImpl() {
        RoleModel roleModel = realm.getRoleById(id);
        if (roleModel == null) {
            throw new NotFoundException();
@ -106,17 +88,12 @@ public class RealmAdminResource {
        rep.setId(roleModel.getId());
        return rep;
    }
        }.call();
    }
    @Path("roles/{id}")
    @PUT
    @Consumes("application/json")
    public void updateRole(final @PathParam("id") String id, final RoleRepresentation rep) {
        new Transaction() {
            @Override
            protected void runImpl() {
        RoleModel role = realm.getRoleById(id);
        if (role == null) {
            throw new NotFoundException();
@ -124,17 +101,11 @@ public class RealmAdminResource {
        role.setName(rep.getName());
        role.setDescription(rep.getDescription());
    }
        }.run();
    }
    @Path("roles")
    @POST
    @Consumes("application/json")
    public Response createRole(final @Context UriInfo uriInfo, final RoleRepresentation rep) {
        return new Transaction<Response>() {
            @Override
            protected Response callImpl() {
        if (realm.getRole(rep.getName()) != null) {
            throw new InternalServerErrorException(); // todo appropriate status here.
        }
@ -145,9 +116,6 @@ public class RealmAdminResource {
        role.setDescription(rep.getDescription());
        return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getId()).build()).build();
    }
        }.call();
    }
    @Path("users")
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
@ -4,34 +4,17 @@ import org.jboss.resteasy.annotations.cache.NoCache;
 import org.jboss.resteasy.logging.Logger;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.models.KeycloakSession;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.UserModel;
 import org.keycloak.services.resources.PublicRealmResource;
 import org.keycloak.services.resources.SaasService;
 import org.keycloak.services.resources.Transaction;
-import javax.ws.rs.Consumes;
+import javax.ws.rs.*;
-import javax.ws.rs.ForbiddenException;
+import javax.ws.rs.container.ResourceContext;
-import javax.ws.rs.GET;
+import javax.ws.rs.core.*;
 import javax.ws.rs.NotAuthorizedException;
 import javax.ws.rs.NotFoundException;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.CacheControl;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.GenericEntity;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
 import java.net.URI;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 /**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -50,13 +33,16 @@ public class RealmsAdminResource {
        noCache.setNoCache(true);
    }
    @Context
    protected ResourceContext resourceContext;
    @Context
    protected KeycloakSession session;
    @GET
    @NoCache
    @Produces("application/json")
    public List<RealmRepresentation> getRealms() {
        return new Transaction<List<RealmRepresentation>>() {
            @Override
            protected  List<RealmRepresentation> callImpl() {
        logger.info(("getRealms()"));
        RealmManager realmManager = new RealmManager(session);
        List<RealmModel> realms = session.getRealms(admin);
@ -66,8 +52,6 @@ public class RealmsAdminResource {
        }
        return reps;
    }
        }.call();
    }
    public static UriBuilder realmUrl(UriInfo uriInfo) {
        return realmsUrl(uriInfo).path("{id}");
@ -81,24 +65,16 @@ public class RealmsAdminResource {
    @Consumes("application/json")
    public Response importRealm(@Context final UriInfo uriInfo, final RealmRepresentation rep) {
        logger.info("importRealm: " + rep.getRealm());
        return new Transaction<Response>() {
            @Override
            protected Response callImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel realm = realmManager.importRealm(rep, admin);
        URI location = realmUrl(uriInfo).build(realm.getId());
        logger.info("imported realm success, sending back: " + location.toString());
        return Response.created(location).build();
    }
        }.call();
    }
    @Path("{id}")
    public RealmAdminResource getRealmAdmin(@Context final HttpHeaders headers,
                                            @PathParam("id") final String id) {
        return new Transaction<RealmAdminResource>(false) {
            @Override
            protected RealmAdminResource callImpl() {
        RealmManager realmManager = new RealmManager(session);
        RealmModel realm = realmManager.getRealm(id);
        if (realm == null) throw new NotFoundException();
@ -106,9 +82,9 @@ public class RealmsAdminResource {
            throw new ForbiddenException();
        }
-                return new RealmAdminResource(admin, realm);
+        RealmAdminResource adminResource = new RealmAdminResource(admin, realm);
-            }
+        resourceContext.initResource(adminResource);
-        }.call();
+        return adminResource;
    }
--- a/services/src/main/java/org/keycloak/services/resources/flows/Flows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/Flows.java
@ -21,13 +21,13 @@
 */
 package org.keycloak.services.resources.flows;
 import javax.ws.rs.core.UriInfo;
 import org.jboss.resteasy.spi.HttpRequest;
 import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.services.managers.TokenManager;
 import org.keycloak.services.models.RealmModel;
 import javax.ws.rs.core.UriInfo;
 /**
 * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
 */
--- a/services/src/main/java/org/keycloak/services/resources/flows/FormFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/FormFlows.java
@ -21,14 +21,14 @@
 */
 package org.keycloak.services.resources.flows;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 import org.jboss.resteasy.spi.HttpRequest;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.UserModel;
 import org.picketlink.idm.model.sample.Realm;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 /**
 * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
 */
--- a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
@ -21,10 +21,6 @@
 */
 package org.keycloak.services.resources.flows;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
 import org.jboss.resteasy.logging.Logger;
 import org.jboss.resteasy.spi.HttpRequest;
 import org.keycloak.services.managers.AccessCodeEntry;
@ -36,6 +32,10 @@ import org.keycloak.services.models.RoleModel;
 import org.keycloak.services.models.UserModel;
 import org.keycloak.services.resources.TokenService;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
 /**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
 * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
--- a/services/src/main/java/org/keycloak/services/resources/flows/PageFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/PageFlows.java
@ -21,12 +21,12 @@
 */
 package org.keycloak.services.resources.flows;
 import javax.ws.rs.core.Response;
 import org.jboss.resteasy.logging.Logger;
 import org.jboss.resteasy.spi.HttpRequest;
 import org.keycloak.services.JspRequestParameters;
 import javax.ws.rs.core.Response;
 /**
 * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
 */
--- a/services/src/main/java/org/keycloak/services/resources/flows/Urls.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/Urls.java
@ -21,15 +21,10 @@
 */
 package org.keycloak.services.resources.flows;
-import java.net.URI;
+import org.keycloak.services.resources.*;
 import javax.ws.rs.core.UriBuilder;
-
+import java.net.URI;
 import org.keycloak.services.resources.AccountService;
 import org.keycloak.services.resources.RealmsResource;
 import org.keycloak.services.resources.SaasService;
 import org.keycloak.services.resources.SocialResource;
 import org.keycloak.services.resources.TokenService;
 /**
 * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
--- a/services/src/main/java/org/keycloak/services/validation/Validation.java
+++ b/services/src/main/java/org/keycloak/services/validation/Validation.java
@ -1,12 +1,11 @@
 package org.keycloak.services.validation;
 import java.util.List;
 import javax.ws.rs.core.MultivaluedMap;
 import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.services.messages.Messages;
 import javax.ws.rs.core.MultivaluedMap;
 import java.util.List;
 public class Validation {
    public static String validateRegistrationForm(MultivaluedMap<String, String> formData, List<String> requiredCredentialTypes) {
--- a/services/src/test/java/org/keycloak/test/AbstractKeycloakServerTest.java
+++ b/services/src/test/java/org/keycloak/test/AbstractKeycloakServerTest.java
@ -0,0 +1,70 @@
 package org.keycloak.test;
 import io.undertow.servlet.Servlets;
 import io.undertow.servlet.api.DeploymentInfo;
 import io.undertow.servlet.api.FilterInfo;
 import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
 import org.jboss.resteasy.jwt.JsonSerialization;
 import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer;
 import org.jboss.resteasy.spi.ResteasyDeployment;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.keycloak.SkeletonKeyContextResolver;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.services.filters.KeycloakSessionServletFilter;
 import org.keycloak.services.resources.KeycloakApplication;
 import javax.servlet.DispatcherType;
 import javax.ws.rs.client.Client;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 /**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
 * @version $Revision: 1 $
 */
 public class AbstractKeycloakServerTest {
    public static UndertowJaxrsServer server;
    public static ResteasyDeployment deployment;
    public static Client client;
    public static KeycloakApplication application;
    @BeforeClass
    public static void undertowSetup() throws Exception {
        deployment = new ResteasyDeployment();
        deployment.setApplicationClass(KeycloakApplication.class.getName());
        server = new UndertowJaxrsServer().start();
        DeploymentInfo di = server.undertowDeployment(deployment);
        di.setClassLoader(AbstractKeycloakServerTest.class.getClassLoader());
        di.setContextPath("/");
        di.setDeploymentName("Keycloak");
        FilterInfo filter = Servlets.filter("SessionFilter", KeycloakSessionServletFilter.class);
        di.addFilter(filter);
        di.addFilterUrlMapping("SessionFilter", "/*", DispatcherType.REQUEST);
        server.deploy(di);
        application = (KeycloakApplication) deployment.getApplication();
        client = new ResteasyClientBuilder().connectionPoolSize(10).build();
        client.register(SkeletonKeyContextResolver.class);
    }
    @AfterClass
    public static void undertowShutdown() throws Exception {
        server.stop();
    }
    public static RealmRepresentation loadJson(String path) throws IOException {
        InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path);
        ByteArrayOutputStream os = new ByteArrayOutputStream();
        int c;
        while ((c = is.read()) != -1) {
            os.write(c);
        }
        byte[] bytes = os.toByteArray();
        System.out.println(new String(bytes));
        return JsonSerialization.fromBytes(RealmRepresentation.class, bytes);
    }
 }
--- a/services/src/test/java/org/keycloak/test/ImportTest.java
+++ b/services/src/test/java/org/keycloak/test/ImportTest.java
@ -66,7 +66,7 @@ public class ImportTest {
        UserModel admin = defaultRealm.addUser("admin");
        defaultRealm.grantRole(admin, role);
-        RealmRepresentation rep = KeycloakTestBase.loadJson("testrealm.json");
+        RealmRepresentation rep = AbstractKeycloakServerTest.loadJson("testrealm.json");
        RealmModel realm = manager.createRealm("demo", rep.getRealm());
        manager.importRealm(rep, realm);
        realm.addRealmAdmin(admin);
@ -141,7 +141,7 @@ public class ImportTest {
        UserModel admin = defaultRealm.addUser("admin");
        defaultRealm.grantRole(admin, role);
-        RealmRepresentation rep = KeycloakTestBase.loadJson("testrealm-demo.json");
+        RealmRepresentation rep = AbstractKeycloakServerTest.loadJson("testrealm-demo.json");
        RealmModel realm = manager.createRealm("demo", rep.getRealm());
        manager.importRealm(rep, realm);
        realm.addRealmAdmin(admin);
--- a/services/src/test/java/org/keycloak/test/KeycloakTestBase.java
+++ b/services/src/test/java/org/keycloak/test/KeycloakTestBase.java
@ -1,31 +0,0 @@
 package org.keycloak.test;
 import org.jboss.resteasy.jwt.JsonSerialization;
 import org.jboss.resteasy.test.BaseResourceTest;
 import org.keycloak.representations.idm.RealmRepresentation;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 /**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
 * @version $Revision: 1 $
 */
 public class KeycloakTestBase extends BaseResourceTest
 {
   public static RealmRepresentation loadJson(String path) throws IOException
   {
      InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path);
      ByteArrayOutputStream os = new ByteArrayOutputStream();
      int c;
      while ( (c = is.read()) != -1)
      {
         os.write(c);
      }
      byte[] bytes = os.toByteArray();
      System.out.println(new String(bytes));
      return JsonSerialization.fromBytes(RealmRepresentation.class, bytes);
   }
 }
--- a/services/src/test/java/org/keycloak/test/RealmCreationTest.java
+++ b/services/src/test/java/org/keycloak/test/RealmCreationTest.java
@ -1,12 +1,8 @@
 package org.keycloak.test;
 import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
 import org.jboss.resteasy.spi.ResteasyDeployment;
 import org.jboss.resteasy.test.EmbeddedContainer;
 import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.keycloak.SkeletonKeyContextResolver;
 import org.keycloak.representations.AccessTokenResponse;
 import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
@ -15,10 +11,8 @@ import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.models.KeycloakSession;
 import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.resources.KeycloakApplication;
 import javax.ws.rs.NotAuthorizedException;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.Entity;
 import javax.ws.rs.client.WebTarget;
 import javax.ws.rs.core.Form;
@ -31,30 +25,16 @@ import static org.jboss.resteasy.test.TestPortProvider.generateURL;
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
 * @version $Revision: 1 $
 */
-public class RealmCreationTest {
+public class RealmCreationTest extends AbstractKeycloakServerTest {
    private static ResteasyDeployment deployment;
    private static Client client;
    @BeforeClass
    public static void before() throws Exception {
        deployment = new ResteasyDeployment();
        deployment.setApplicationClass(KeycloakApplication.class.getName());
        EmbeddedContainer.start(deployment);
        KeycloakApplication application = (KeycloakApplication) deployment.getApplication();
        KeycloakSession session = application.getFactory().createSession();
        session.getTransaction().begin();
        RealmManager manager = new RealmManager(session);
        new InstallationManager().install(manager);
        session.getTransaction().commit();
        session.close();
        client = new ResteasyClientBuilder().build();
        client.register(SkeletonKeyContextResolver.class);
    }
    public static void after() throws Exception {
        client.close();
        EmbeddedContainer.stop();
    }
    @Test
@ -86,7 +66,7 @@ public class RealmCreationTest {
        System.out.println(tokenResponse.getToken());
        //
-        RealmRepresentation realm = KeycloakTestBase.loadJson("testrealm.json");
+        RealmRepresentation realm = loadJson("testrealm.json");
        response = target.path("saas/admin/realms").request().header(HttpHeaders.AUTHORIZATION, "Bearer " + tokenResponse.getToken()).post(Entity.json(realm));
        Assert.assertEquals(201, response.getStatus());
        response.close();