libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

demo fixes

Browse source
This commit is contained in:
Bill Burke 2014-08-20 11:08:40 -04:00
parent 971bea8a24
commit 6e7924da76
5 changed files with 52 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
examples/demo-template/README.md
View file

@ -15,6 +15,7 @@ machine on the network or Internet.
* **customer-app-cli** A pure CLI application that does remote login using OAuth2 browser redirects with the auth server * **customer-app-cli** A pure CLI application that does remote login using OAuth2 browser redirects with the auth server
* **product-app** A WAR application that does remote login using OAuth2 browser redirects with the auth server * **product-app** A WAR application that does remote login using OAuth2 browser redirects with the auth server
* **admin-access-app** A WAR application that does remote REST login to admin console to obtain a list of realm roles from Admin REST API * **admin-access-app** A WAR application that does remote REST login to admin console to obtain a list of realm roles from Admin REST API
* **angular-product-app** An Angular JS pure HTML5/Javascript application.
* **database-service** JAX-RS services authenticated by bearer tokens only. The customer and product app invoke on it to get data * **database-service** JAX-RS services authenticated by bearer tokens only. The customer and product app invoke on it to get data
* **third-party** Simple WAR that obtain a bearer token using OAuth2 using browser redirects to the auth-server. * **third-party** Simple WAR that obtain a bearer token using OAuth2 using browser redirects to the auth-server.
* **third-party-cdi** Simple CDI/JSF WAR that obtain a bearer token using OAuth2 using browser redirects to the auth-server. * **third-party-cdi** Simple CDI/JSF WAR that obtain a bearer token using OAuth2 using browser redirects to the auth-server.
@ -187,6 +188,24 @@ then using that token to access the Admin REST API.
If you are already logged in, you will not be asked for a username and password, but you will be redirected to If you are already logged in, you will not be asked for a username and password, but you will be redirected to
an oauth grant page. This page asks you if you want to grant certain permissions to the third-part app. an oauth grant page. This page asks you if you want to grant certain permissions to the third-part app.
Step 9: Angular JS Example
----------------------------------
An Angular JS example using Keycloak to secure it.
[http://localhost:8080/angular-product](http://localhost:8080/angular-product)
If you are already logged in, you will not be asked for a username and password, but you will be redirected to
an oauth grant page. This page asks you if you want to grant certain permissions to the third-part app.
Step 9: Pure HTML5/Javascript Example
----------------------------------
An pure HTML5/Javascript example using Keycloak to secure it.
[http://localhost:8080/customer-portal-js](http://localhost:8080/customer-portal-js)
If you are already logged in, you will not be asked for a username and password, but you will be redirected to
an oauth grant page. This page asks you if you want to grant certain permissions to the third-part app.
Admin Console Admin Console
========================== ==========================

48
examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java
View file

@ -44,6 +44,28 @@ public class AdminClient {
} }
} }
public static String getContent(HttpEntity entity) throws IOException {
if (entity == null) return null;
InputStream is = entity.getContent();
try {
ByteArrayOutputStream os = new ByteArrayOutputStream();
int c;
while ((c = is.read()) != -1) {
os.write(c);
}
byte[] bytes = os.toByteArray();
String data = new String(bytes);
return data;
} finally {
try {
is.close();
} catch (IOException ignored) {
}
}
}
public static AccessTokenResponse getToken(HttpServletRequest request) throws IOException { public static AccessTokenResponse getToken(HttpServletRequest request) throws IOException {
HttpClient client = new HttpClientBuilder() HttpClient client = new HttpClientBuilder()
@ -64,32 +86,14 @@ public class AdminClient {
int status = response.getStatusLine().getStatusCode(); int status = response.getStatusLine().getStatusCode();
HttpEntity entity = response.getEntity(); HttpEntity entity = response.getEntity();
if (status != 200) { if (status != 200) {
throw new IOException("Bad status: " + status); String json = getContent(entity);
throw new IOException("Bad status: " + status + " response: " + json);
} }
if (entity == null) { if (entity == null) {
throw new IOException("No Entity"); throw new IOException("No Entity");
} }
InputStream is = entity.getContent(); String json = getContent(entity);
try {
ByteArrayOutputStream os = new ByteArrayOutputStream();
int c;
while ((c = is.read()) != -1) {
os.write(c);
}
byte[] bytes = os.toByteArray();
String json = new String(bytes);
try {
return JsonSerialization.readValue(json, AccessTokenResponse.class); return JsonSerialization.readValue(json, AccessTokenResponse.class);
} catch (IOException e) {
throw new IOException(json, e);
}
} finally {
try {
is.close();
} catch (IOException ignored) {
}
}
} finally { } finally {
client.getConnectionManager().shutdown(); client.getConnectionManager().shutdown();
} }
@ -108,6 +112,8 @@ public class AdminClient {
List<NameValuePair> formparams = new ArrayList<NameValuePair>(); List<NameValuePair> formparams = new ArrayList<NameValuePair>();
formparams.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, res.getRefreshToken())); formparams.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, res.getRefreshToken()));
formparams.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, "admin-client")); formparams.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, "admin-client"));
UrlEncodedFormEntity form = new UrlEncodedFormEntity(formparams, "UTF-8");
post.setEntity(form);
HttpResponse response = client.execute(post); HttpResponse response = client.execute(post);
boolean status = response.getStatusLine().getStatusCode() != 204; boolean status = response.getStatusLine().getStatusCode() != 204;
HttpEntity entity = response.getEntity(); HttpEntity entity = response.getEntity();

4
examples/providers/federation-provider/README.md
View file

@ -3,14 +3,14 @@ Example User Federation Provider
This is an example of user federation backed by a simple properties file. This properties file only contains username/password This is an example of user federation backed by a simple properties file. This properties file only contains username/password
key pairs. To deploy, build this directory then take the jar and copy it to the WEB-INF/lib of the keycloak server's key pairs. To deploy, build this directory then take the jar and copy it to the WEB-INF/lib of the keycloak server's
WAR file. WAR file. You will then have to restart the authentication server.
The ClasspathPropertiesFederationProvider is an example of a readonly provider. If you go to the Users/Federation The ClasspathPropertiesFederationProvider is an example of a readonly provider. If you go to the Users/Federation
page of the admin console you will see this provider listed under "classpath-properties. To configure this provider you page of the admin console you will see this provider listed under "classpath-properties. To configure this provider you
specify a classpath to a properties file in the "path" field of the admin page for this plugin. This example includes specify a classpath to a properties file in the "path" field of the admin page for this plugin. This example includes
a "test-users.properties" within the JAR that you can use as the variable. a "test-users.properties" within the JAR that you can use as the variable.
The FilePropertiesFederationProvider is an exxample of a writable provider. It synchronizes changes made to The FilePropertiesFederationProvider is an example of a writable provider. It synchronizes changes made to
username and password with the properties file. If you go to the Users/Federation page of the admin console you will username and password with the properties file. If you go to the Users/Federation page of the admin console you will
see this provider listed under "file-properties". To configure this provider you specify a fully qualified file path to see this provider listed under "file-properties". To configure this provider you specify a fully qualified file path to
a properties file in the "path" field of the admin page for this plugin. a properties file in the "path" field of the admin page for this plugin.

4
forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-list.html
View file

@ -5,10 +5,10 @@
</div> </div>
<div id="content-area" class="col-md-9" role="main"> <div id="content-area" class="col-md-9" role="main">
<ul class="nav nav-tabs nav-tabs-pf"> <ul class="nav nav-tabs nav-tabs-pf">
<li class="active"><a href="">Choose realm to manage</a></li> <li class="active"><a href="">Realm List</a></li>
</ul> </ul>
<div id="content"> <div id="content">
<h2 class="margin-top">Realms</h2> <h2 class="margin-top">Choose Realm to Manage</h2>
<table class="table table-striped table-bordered"> <table class="table table-striped table-bordered">
<thead> <thead>
<tr> <tr>

2
services/src/main/java/org/keycloak/services/resources/TokenService.java
View file

@ -229,7 +229,7 @@ public class TokenService {
} }
if (!realm.isPasswordCredentialGrantAllowed()) { if (!realm.isPasswordCredentialGrantAllowed()) {
return createError("not_enabled", "Resource Owner Password Credentials Grant not enabled", Response.Status.FORBIDDEN); return createError("not_enabled", "Direct Grant REST API not enabled", Response.Status.FORBIDDEN);
} }
audit.event(EventType.LOGIN).detail(Details.AUTH_METHOD, "oauth_credentials").detail(Details.RESPONSE_TYPE, "token"); audit.event(EventType.LOGIN).detail(Details.AUTH_METHOD, "oauth_credentials").detail(Details.RESPONSE_TYPE, "token");