libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-1187 First round: Combined ApplicationModel and OAuthClientModel into ClientModel. Removed OAuth Clients from Admin console and renamed Applications to Clients.

Browse source
This commit is contained in:
Stian Thorgersen 2015-04-09 10:01:42 +02:00
parent b92a178142
commit 6fbc0975c0
196 changed files with 6069 additions and 9521 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
connections/jpa-liquibase/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/SetConsentRequiredOnOAuthClients.java Normal file
View file

@ -0,0 +1,84 @@
package org.keycloak.connections.jpa.updater.liquibase.custom;
import liquibase.change.custom.CustomSqlChange;
import liquibase.database.Database;
import liquibase.database.jvm.JdbcConnection;
import liquibase.exception.CustomChangeException;
import liquibase.exception.SetupException;
import liquibase.exception.ValidationErrors;
import liquibase.resource.ResourceAccessor;
import liquibase.snapshot.SnapshotGeneratorFactory;
import liquibase.statement.SqlStatement;
import liquibase.statement.core.UpdateStatement;
import liquibase.structure.core.Table;
import org.keycloak.models.utils.KeycloakModelUtils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.util.ArrayList;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class SetConsentRequiredOnOAuthClients implements CustomSqlChange {
private String confirmationMessage;
@Override
public SqlStatement[] generateStatements(Database database) throws CustomChangeException {
try {
StringBuilder sb = new StringBuilder();
sb.append("Set consent required for: ");
Connection connection = ((JdbcConnection) (database.getConnection())).getWrappedConnection();
ArrayList<SqlStatement> statements = new ArrayList<SqlStatement>();
String correctedTableName = database.correctObjectName("CLIENT", Table.class);
if (SnapshotGeneratorFactory.getInstance().has(new Table().setName(correctedTableName), database)) {
ResultSet resultSet = connection.createStatement().executeQuery("SELECT * FROM CLIENT");
while (resultSet.next()) {
String id = resultSet.getString(1);
UpdateStatement statement = new UpdateStatement(null, null, correctedTableName)
.addNewColumnValue("CONSENT_REQUIRED", true)
.setWhereClause("ID='" + id + "'");
statements.add(statement);
if (!resultSet.isFirst()) {
sb.append(", ");
}
sb.append(id);
}
if (!statements.isEmpty()) {
confirmationMessage = sb.toString();
}
}
return statements.toArray(new SqlStatement[statements.size()]);
} catch (Exception e) {
throw new CustomChangeException("Failed to add realm code secret", e);
}
}
@Override
public String getConfirmationMessage() {
return confirmationMessage;
}
@Override
public void setUp() throws SetupException {
}
@Override
public void setFileOpener(ResourceAccessor resourceAccessor) {
}
@Override
public ValidationErrors validate(Database database) {
return null;
}
}

7
connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.RC1.xml
View file

@ -36,5 +36,12 @@
<addPrimaryKey columnNames="IDP_MAPPER_ID, NAME" constraintName="CONSTRAINT_IDPMConfig" tableName="IDP_MAPPER_CONFIG"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="IDENTITY_PROVIDER_MAPPER" constraintName="FK_IDPM_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="IDP_MAPPER_ID" baseTableName="IDP_MAPPER_CONFIG" constraintName="FK_IDPMConfig" referencedColumnNames="ID" referencedTableName="IDENTITY_PROVIDER_MAPPER"/>
<addColumn tableName="CLIENT">
<column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
</addColumn>
<dropColumn tableName="CLIENT" columnName="DTYPE"/>
</changeSet>
</databaseChangeLog>

3
connections/jpa/src/main/resources/META-INF/persistence.xml
View file

@ -3,9 +3,8 @@
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
version="1.0">
<persistence-unit name="keycloak-default" transaction-type="RESOURCE_LOCAL">
<class>org.keycloak.models.jpa.entities.ApplicationEntity</class>
<class>org.keycloak.models.jpa.entities.ClientEntity</class>
<class>org.keycloak.models.jpa.entities.CredentialEntity</class>
<class>org.keycloak.models.jpa.entities.OAuthClientEntity</class>
<class>org.keycloak.models.jpa.entities.RealmEntity</class>
<class>org.keycloak.models.jpa.entities.RealmAttributeEntity</class>
<class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class>

3
connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
View file

@ -33,8 +33,7 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
"org.keycloak.models.entities.RequiredCredentialEntity",
"org.keycloak.models.entities.CredentialEntity",
"org.keycloak.models.entities.FederatedIdentityEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoApplicationEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoOAuthClientEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoClientEntity",
"org.keycloak.models.sessions.mongo.entities.MongoUsernameLoginFailureEntity",
"org.keycloak.models.sessions.mongo.entities.MongoUserSessionEntity",
"org.keycloak.models.sessions.mongo.entities.MongoClientSessionEntity",

18
core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
View file

@ -22,6 +22,8 @@ public class ApplicationRepresentation {
protected ClaimRepresentation claims;
protected Integer notBefore;
protected Boolean bearerOnly;
protected Boolean consentRequired;
protected Boolean directGrantsOnly;
protected Boolean publicClient;
protected Boolean frontchannelLogout;
protected String protocol;
@ -136,6 +138,22 @@ public class ApplicationRepresentation {
this.bearerOnly = bearerOnly;
}
public Boolean isConsentRequired() {
return consentRequired;
}
public void setConsentRequired(Boolean consentRequired) {
this.consentRequired = consentRequired;
}
public Boolean getDirectGrantsOnly() {
return directGrantsOnly;
}
public void setDirectGrantsOnly(Boolean directGrantsOnly) {
this.directGrantsOnly = directGrantsOnly;
}
public Boolean isPublicClient() {
return publicClient;
}

43
export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportUtils.java
View file

@ -6,10 +6,8 @@ import org.codehaus.jackson.JsonFactory;
import org.codehaus.jackson.JsonGenerator;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.map.SerializationConfig;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
@ -18,9 +16,7 @@ import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.representations.idm.ClaimRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.OAuthClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.RolesRepresentation;
@ -58,24 +54,14 @@ public class ExportUtils {
}
// Applications
List<ApplicationModel> applications = realm.getApplications();
List<ClientModel> applications = realm.getClients();
List<ApplicationRepresentation> appReps = new ArrayList<ApplicationRepresentation>();
for (ApplicationModel app : applications) {
for (ClientModel app : applications) {
ApplicationRepresentation appRep = exportApplication(app);
appReps.add(appRep);
}
rep.setApplications(appReps);
// OAuth clients
List<OAuthClientModel> oauthClients = realm.getOAuthClients();
List<OAuthClientRepresentation> oauthClientReps = new ArrayList<OAuthClientRepresentation>();
for (OAuthClientModel oauthClient : oauthClients) {
OAuthClientRepresentation clientRep = ModelToRepresentation.toRepresentation(oauthClient);
clientRep.setSecret(oauthClient.getSecret());
oauthClientReps.add(clientRep);
}
rep.setOauthClients(oauthClientReps);
// Roles
List<RoleRepresentation> realmRoleReps = null;
Map<String, List<RoleRepresentation>> appRolesReps = new HashMap<String, List<RoleRepresentation>>();
@ -84,10 +70,10 @@ public class ExportUtils {
if (realmRoles != null && realmRoles.size() > 0) {
realmRoleReps = exportRoles(realmRoles);
}
for (ApplicationModel app : applications) {
for (ClientModel app : applications) {
Set<RoleModel> currentAppRoles = app.getRoles();
List<RoleRepresentation> currentAppRoleReps = exportRoles(currentAppRoles);
appRolesReps.put(app.getName(), currentAppRoleReps);
appRolesReps.put(app.getClientId(), currentAppRoleReps);
}
RolesRepresentation rolesRep = new RolesRepresentation();
@ -100,9 +86,8 @@ public class ExportUtils {
rep.setRoles(rolesRep);
// Scopes
List<ClientModel> allClients = new ArrayList<ClientModel>(applications);
allClients.addAll(realm.getOAuthClients());
Map<String, List<ScopeMappingRepresentation>> appScopeReps = new HashMap<String, List<ScopeMappingRepresentation>>();
List<ClientModel> allClients = new ArrayList<>(applications);
Map<String, List<ScopeMappingRepresentation>> appScopeReps = new HashMap<>();
for (ClientModel client : allClients) {
Set<RoleModel> clientScopes = client.getScopeMappings();
@ -114,11 +99,11 @@ public class ExportUtils {
}
scopeMappingRep.role(scope.getName());
} else {
ApplicationModel app = (ApplicationModel)scope.getContainer();
String appName = app.getName();
ClientModel app = (ClientModel)scope.getContainer();
String appName = app.getClientId();
List<ScopeMappingRepresentation> currentAppScopes = appScopeReps.get(appName);
if (currentAppScopes == null) {
currentAppScopes = new ArrayList<ScopeMappingRepresentation>();
currentAppScopes = new ArrayList<>();
appScopeReps.put(appName, currentAppScopes);
}
@ -165,7 +150,7 @@ public class ExportUtils {
* @param app
* @return full ApplicationRepresentation
*/
public static ApplicationRepresentation exportApplication(ApplicationModel app) {
public static ApplicationRepresentation exportApplication(ClientModel app) {
ApplicationRepresentation appRep = ModelToRepresentation.toRepresentation(app);
appRep.setSecret(app.getSecret());
@ -216,8 +201,8 @@ public class ExportUtils {
compositeAppRoles = new HashMap<String, List<String>>();
}
ApplicationModel app = (ApplicationModel)crContainer;
String appName = app.getName();
ClientModel app = (ClientModel)crContainer;
String appName = app.getClientId();
List<String> currentAppComposites = compositeAppRoles.get(appName);
if (currentAppComposites == null) {
currentAppComposites = new ArrayList<String>();
@ -269,8 +254,8 @@ public class ExportUtils {
if (role.getContainer() instanceof RealmModel) {
realmRoleNames.add(role.getName());
} else {
ApplicationModel app = (ApplicationModel)role.getContainer();
String appName = app.getName();
ClientModel app = (ClientModel)role.getContainer();
String appName = app.getClientId();
List<String> currentAppRoles = appRoleNames.get(appName);
if (currentAppRoles == null) {
currentAppRoles = new ArrayList<String>();

10
export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ImportUtils.java
View file

@ -8,7 +8,7 @@ import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.exportimport.Strategy;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
@ -81,7 +81,7 @@ public class ImportUtils {
// We just imported master realm. All 'masterAdminApps' need to be refreshed
RealmModel adminRealm = realm;
for (RealmModel currentRealm : model.getRealms()) {
ApplicationModel masterApp = adminRealm.getApplicationByName(KeycloakModelUtils.getMasterRealmAdminApplicationName(currentRealm));
ClientModel masterApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationName(currentRealm));
if (masterApp != null) {
currentRealm.setMasterAdminApp(masterApp);
} else {
@ -91,7 +91,7 @@ public class ImportUtils {
} else {
// Need to refresh masterApp for current realm
RealmModel adminRealm = model.getRealm(adminRealmId);
ApplicationModel masterApp = adminRealm.getApplicationByName(KeycloakModelUtils.getMasterRealmAdminApplicationName(realm));
ClientModel masterApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationName(realm));
if (masterApp != null) {
realm.setMasterAdminApp(masterApp);
} else {
@ -119,7 +119,7 @@ public class ImportUtils {
}
adminRole.setDescription("${role_"+AdminRoles.ADMIN+"}");
ApplicationModel realmAdminApp = KeycloakModelUtils.createApplication(adminRealm, KeycloakModelUtils.getMasterRealmAdminApplicationName(realm));
ClientModel realmAdminApp = KeycloakModelUtils.createApplication(adminRealm, KeycloakModelUtils.getMasterRealmAdminApplicationName(realm));
realmAdminApp.setBearerOnly(true);
realm.setMasterAdminApp(realmAdminApp);
@ -220,7 +220,7 @@ public class ImportUtils {
private static void importUsers(KeycloakSession session, RealmProvider model, String realmName, List<UserRepresentation> userReps) {
RealmModel realm = model.getRealmByName(realmName);
Map<String, ApplicationModel> apps = realm.getApplicationNameMap();
Map<String, ClientModel> apps = realm.getClientNameMap();
for (UserRepresentation user : userReps) {
RepresentationToModel.createUser(session, realm, user, apps);
}

20
forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/SessionsBean.java
View file

@ -1,14 +1,11 @@
package org.keycloak.account.freemarker.model;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.util.Time;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.LinkedList;
@ -63,23 +60,14 @@ public class SessionsBean {
return Time.toDate(max);
}
public Set<String> getApplications() {
Set<String> apps = new HashSet<String>();
public Set<String> getClients() {
Set<String> clients = new HashSet<String>();
for (ClientSessionModel clientSession : session.getClientSessions()) {
ClientModel client = clientSession.getClient();
if (client instanceof ApplicationModel) apps.add(client.getClientId());
clients.add(client.getClientId());
}
return apps;
return clients;
}
public List<String> getClients() {
List<String> apps = new ArrayList<String>();
for (ClientSessionModel clientSession : session.getClientSessions()) {
ClientModel client = clientSession.getClient();
if (client instanceof OAuthClientModel) apps.add(client.getClientId());
}
return apps;
}
}
}

6
forms/common-themes/src/main/resources/theme/base/account/sessions.ftl
View file

@ -14,7 +14,6 @@
<td>${msg("started")}</td>
<td>${msg("lastAccess")}</td>
<td>${msg("expires")}</td>
<td>${msg("applications")}</td>
<td>${msg("clients")}</td>
</tr>
</thead>
@ -26,11 +25,6 @@
<td>${session.started?datetime}</td>
<td>${session.lastAccess?datetime}</td>
<td>${session.expires?datetime}</td>
<td>
<#list session.applications as app>
${app}<br/>
</#list>
</td>
<td>
<#list session.clients as client>
${client}<br/>

196
forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
View file

@ -512,72 +512,6 @@ module.config([ '$routeProvider', function($routeProvider) {
},
controller : 'ApplicationProtocolMapperCreateCtrl'
})
.when('/realms/:realm/oauth-clients/:oauth/mappers', {
templateUrl : resourceUrl + '/partials/oauth-client-mappers.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
oauth : function(OAuthClientLoader) {
return OAuthClientLoader();
},
serverInfo : function(ServerInfoLoader) {
return ServerInfoLoader();
}
},
controller : 'OAuthClientProtocolMapperListCtrl'
})
.when('/realms/:realm/oauth-clients/:oauth/add-mappers', {
templateUrl : resourceUrl + '/partials/oauth-client-mappers-add.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
oauth : function(OAuthClientLoader) {
return OAuthClientLoader();
},
serverInfo : function(ServerInfoLoader) {
return ServerInfoLoader();
}
},
controller : 'OAuthClientAddBuiltinProtocolMapperCtrl'
})
.when('/realms/:realm/oauth-clients/:oauth/mappers/:id', {
templateUrl : resourceUrl + '/partials/oauth-client-protocol-mapper-detail.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
oauth : function(OAuthClientLoader) {
return OAuthClientLoader();
},
serverInfo : function(ServerInfoLoader) {
return ServerInfoLoader();
},
mapper : function(OAuthClientProtocolMapperLoader) {
return OAuthClientProtocolMapperLoader();
}
},
controller : 'OAuthClientProtocolMapperCtrl'
})
.when('/create/oauth-client/:realm/:oauth/mappers', {
templateUrl : resourceUrl + '/partials/oauth-client-protocol-mapper-detail.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
serverInfo : function(ServerInfoLoader) {
return ServerInfoLoader();
},
oauth : function(OAuthClientLoader) {
return OAuthClientLoader();
}
},
controller : 'OAuthClientProtocolMapperCreateCtrl'
})
.when('/realms/:realm/applications/:application/sessions', {
templateUrl : resourceUrl + '/partials/application-sessions.html',
resolve : {
@ -807,127 +741,6 @@ module.config([ '$routeProvider', function($routeProvider) {
},
controller : 'ApplicationImportCtrl'
})
// OAUTH Client
.when('/realms/:realm/oauth-clients/:oauth/claims', {
templateUrl : resourceUrl + '/partials/oauth-client-claims.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
oauth : function(OAuthClientLoader) {
return OAuthClientLoader();
},
claims : function(OAuthClientClaimsLoader) {
return OAuthClientClaimsLoader();
}
},
controller : 'OAuthClientClaimsCtrl'
})
.when('/realms/:realm/oauth-clients/:oauth/revocation', {
templateUrl : resourceUrl + '/partials/oauth-client-revocation.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
oauth : function(OAuthClientLoader) {
return OAuthClientLoader();
}
},
controller : 'OAuthClientRevocationCtrl'
})
.when('/realms/:realm/oauth-clients/:oauth/credentials', {
templateUrl : resourceUrl + '/partials/oauth-client-credentials.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
oauth : function(OAuthClientLoader) {
return OAuthClientLoader();
}
},
controller : 'OAuthClientCredentialsCtrl'
})
.when('/realms/:realm/oauth-clients/:oauth/scope-mappings', {
templateUrl : resourceUrl + '/partials/oauth-client-scope-mappings.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
oauth : function(OAuthClientLoader) {
return OAuthClientLoader();
},
applications : function(ApplicationListLoader) {
return ApplicationListLoader();
}
},
controller : 'OAuthClientScopeMappingCtrl'
})
.when('/realms/:realm/oauth-clients/:oauth/installation', {
templateUrl : resourceUrl + '/partials/oauth-client-installation.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
oauth : function(OAuthClientLoader) {
return OAuthClientLoader();
},
installation : function(OAuthClientInstallationLoader) {
return OAuthClientInstallationLoader();
}
},
controller : 'OAuthClientInstallationCtrl'
})
.when('/create/oauth-client/:realm', {
templateUrl : resourceUrl + '/partials/oauth-client-detail.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
oauth : function() {
return {};
}
},
controller : 'OAuthClientDetailCtrl'
})
.when('/realms/:realm/oauth-clients/:oauth', {
templateUrl : resourceUrl + '/partials/oauth-client-detail.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
oauth : function(OAuthClientLoader) {
return OAuthClientLoader();
}
},
controller : 'OAuthClientDetailCtrl'
})
.when('/realms/:realm/oauth-clients/:oauth/identity-provider', {
templateUrl : resourceUrl + '/partials/oauth-client-identity-provider.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
oauth : function(OAuthClientLoader) {
return OAuthClientLoader();
}
},
controller : 'OAuthClientIdentityProviderCtrl'
})
.when('/realms/:realm/oauth-clients', {
templateUrl : resourceUrl + '/partials/oauth-client-list.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
oauthClients : function(OAuthClientListLoader) {
return OAuthClientListLoader();
}
},
controller : 'OAuthClientListCtrl'
})
.when('/', {
templateUrl : resourceUrl + '/partials/home.html',
controller : 'HomeCtrl'
@ -1549,15 +1362,6 @@ module.directive('kcNavigationApplication', function () {
}
});
module.directive('kcNavigationOauthClient', function () {
return {
scope: true,
restrict: 'E',
replace: true,
templateUrl: resourceUrl + '/templates/kc-navigation-oauth-client.html'
}
});
/*
* Used to select the element (invoke $(elem).select()) on specified action list.
* Usages kc-select-action="click mouseover"

611
forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/oauth-clients.js
View file

@ -1,611 +0,0 @@
module.controller('OAuthClientClaimsCtrl', function($scope, realm, oauth, claims,
OAuthClientClaims,
$location, Dialog, Notifications) {
$scope.realm = realm;
$scope.oauth = oauth;
$scope.claims = angular.copy(claims);
$scope.changed = false;
$scope.$watch('claims', function () {
if (!angular.equals($scope.claims, claims)) {
$scope.changed = true;
}
}, true);
$scope.save = function () {
OAuthClientClaims.update({
realm: realm.realm,
oauth: oauth.id
}, $scope.claims, function () {
$scope.changed = false;
claims = angular.copy($scope.claims);
Notifications.success("Your claim changes have been saved.");
});
};
$scope.reset = function () {
$location.url("/realms/" + realm.realm + "/oauth-clients/" + oauth.id + "/claims");
};
});
module.controller('OAuthClientCredentialsCtrl', function($scope, $location, realm, oauth, OAuthClientCredentials, Notifications) {
$scope.realm = realm;
$scope.oauth = oauth;
var secret = OAuthClientCredentials.get({ realm : realm.realm, oauth : oauth.id },
function() {
$scope.secret = secret.value;
}
);
$scope.changePassword = function() {
var secret = OAuthClientCredentials.update({ realm : realm.realm, oauth : oauth.id },
function() {
Notifications.success('The secret has been changed.');
$scope.secret = secret.value;
},
function() {
Notifications.error("The secret was not changed due to a problem.");
$scope.secret = "error";
}
);
};
$scope.$watch(function() {
return $location.path();
}, function() {
$scope.path = $location.path().substring(1).split("/");
});
});
module.controller('OAuthClientListCtrl', function($scope, realm, oauthClients, OAuthClient, $location) {
$scope.realm = realm;
$scope.oauthClients = oauthClients;
$scope.$watch(function() {
return $location.path();
}, function() {
$scope.path = $location.path().substring(1).split("/");
});
});
module.controller('OAuthClientDetailCtrl', function($scope, realm, oauth, OAuthClient, $location, Dialog, Notifications) {
$scope.realm = realm;
$scope.create = !oauth.id;
$scope.accessTypes = [
"confidential",
"public"
];
$scope.changeAccessType = function() {
if ($scope.accessType == "confidential") {
$scope.oauth.publicClient = false;
} else if ($scope.accessType == "public") {
$scope.oauth.publicClient = true;
}
};
if (!$scope.create) {
$scope.oauth= angular.copy(oauth);
$scope.accessType = $scope.accessTypes[0];
if (oauth.publicClient) {
$scope.accessType = $scope.accessTypes[1];
}
} else {
$scope.oauth = { enabled: true };
$scope.oauth.webOrigins = [];
$scope.oauth.redirectUris = [];
$scope.accessType = $scope.accessTypes[0];
}
$scope.$watch(function() {
return $location.path();
}, function() {
$scope.path = $location.path().substring(1).split("/");
});
$scope.$watch('oauth', function() {
if (!angular.equals($scope.oauth, oauth)) {
$scope.changed = true;
}
}, true);
$scope.deleteWebOrigin = function(index) {
$scope.oauth.webOrigins.splice(index, 1);
}
$scope.addWebOrigin = function() {
$scope.oauth.webOrigins.push($scope.newWebOrigin);
$scope.newWebOrigin = "";
}
$scope.deleteRedirectUri = function(index) {
$scope.oauth.redirectUris.splice(index, 1);
}
$scope.addRedirectUri = function() {
$scope.oauth.redirectUris.push($scope.newRedirectUri);
$scope.newRedirectUri = "";
}
$scope.save = function() {
if (!$scope.oauth.directGrantsOnly && (!$scope.oauth.redirectUris || $scope.oauth.redirectUris.length == 0)) {
Notifications.error("You must specify at least one redirect uri");
} else {
if ($scope.create) {
OAuthClient.save({
realm: realm.realm
}, $scope.oauth, function (data, headers) {
$scope.changed = false;
var l = headers().location;
var name = l.substring(l.lastIndexOf("/") + 1);
$location.url("/realms/" + realm.realm + "/oauth-clients/" + name);
Notifications.success("The oauth client has been created.");
});
} else {
OAuthClient.update({
realm : realm.realm,
oauth : oauth.id
}, $scope.oauth, function() {
$scope.changed = false;
oauth = angular.copy($scope.oauth);
$location.url("/realms/" + realm.realm + "/oauth-clients/" + oauth.id);
Notifications.success("Your changes have been saved to the oauth client.");
});
}
}
};
$scope.reset = function() {
$scope.oauth = angular.copy(oauth);
$scope.changed = false;
};
$scope.cancel = function() {
$location.url("/realms/" + realm.realm + "/oauth-clients");
};
$scope.remove = function() {
Dialog.confirmDelete($scope.oauth.id, 'oauth', function() {
$scope.oauth.$remove({
realm : realm.realm,
oauth : $scope.oauth.id
}, function() {
$location.url("/realms/" + realm.realm + "/oauth-clients");
Notifications.success("The oauth client has been deleted.");
});
});
};
});
module.controller('OAuthClientScopeMappingCtrl', function($scope, $http, realm, oauth, applications, Notifications,
OAuthClient,
OAuthClientRealmScopeMapping, OAuthClientApplicationScopeMapping, ApplicationRole,
OAuthClientAvailableRealmScopeMapping, OAuthClientAvailableApplicationScopeMapping,
OAuthClientCompositeRealmScopeMapping, OAuthClientCompositeApplicationScopeMapping) {
$scope.realm = realm;
$scope.oauth = angular.copy(oauth);
$scope.selectedRealmRoles = [];
$scope.selectedRealmMappings = [];
$scope.realmMappings = [];
$scope.applications = applications;
$scope.applicationRoles = [];
$scope.applicationComposite = [];
$scope.selectedApplicationRoles = [];
$scope.selectedApplicationMappings = [];
$scope.applicationMappings = [];
$scope.dummymodel = [];
$scope.changeFullScopeAllowed = function() {
console.log('change full scope');
OAuthClient.update({
realm : realm.realm,
oauth : oauth.id
}, $scope.oauth, function() {
$scope.changed = false;
oauth = angular.copy($scope.oauth);
Notifications.success("Scope mappings updated.");
});
}
function updateRealmRoles() {
$scope.realmRoles = OAuthClientAvailableRealmScopeMapping.query({realm : realm.realm, oauth : oauth.id});
$scope.realmMappings = OAuthClientRealmScopeMapping.query({realm : realm.realm, oauth : oauth.id});
$scope.realmComposite = OAuthClientCompositeRealmScopeMapping.query({realm : realm.realm, oauth : oauth.id});
}
function updateAppRoles() {
if ($scope.targetApp) {
console.debug($scope.targetApp.name);
$scope.applicationRoles = OAuthClientAvailableApplicationScopeMapping.query({realm : realm.realm, oauth : oauth.id, targetApp : $scope.targetApp.id});
$scope.applicationMappings = OAuthClientApplicationScopeMapping.query({realm : realm.realm, oauth : oauth.id, targetApp : $scope.targetApp.id});
$scope.applicationComposite = OAuthClientCompositeApplicationScopeMapping.query({realm : realm.realm, oauth : oauth.id, targetApp : $scope.targetApp.id});
} else {
$scope.applicationRoles = null;
$scope.applicationMappings = null;
$scope.applicationComposite = null;
}
}
$scope.changeApplication = function() {
updateAppRoles();
};
$scope.addRealmRole = function() {
$http.post(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients-by-id/' + oauth.id + '/scope-mappings/realm',
$scope.selectedRealmRoles).success(function () {
updateRealmRoles();
Notifications.success("Scope mappings updated.");
});
};
$scope.deleteRealmRole = function() {
$http.delete(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients-by-id/' + oauth.id + '/scope-mappings/realm',
{data : $scope.selectedRealmMappings, headers : {"content-type" : "application/json"}}).success(function () {
updateRealmRoles();
Notifications.success("Scope mappings updated.");
});
};
$scope.addApplicationRole = function() {
$http.post(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients-by-id/' + oauth.id + '/scope-mappings/applications-by-id/' + $scope.targetApp.id,
$scope.selectedApplicationRoles).success(function () {
updateAppRoles();
Notifications.success("Scope mappings updated.");
});
};
$scope.deleteApplicationRole = function() {
$http.delete(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients-by-id/' + oauth.id + '/scope-mappings/applications-by-id/' + $scope.targetApp.id,
{data : $scope.selectedApplicationMappings, headers : {"content-type" : "application/json"}}).success(function () {
updateAppRoles();
Notifications.success("Scope mappings updated.");
});
};
updateRealmRoles();
});
module.controller('OAuthClientInstallationCtrl', function($scope, realm, installation, oauth, OAuthClientInstallation, $routeParams) {
$scope.realm = realm;
$scope.oauth = oauth;
$scope.installation = installation;
$scope.download = function() {
saveAs(new Blob([angular.toJson($scope.installation, true)], { type: 'application/json' }), 'keycloak.json');
}
});
module.controller('OAuthClientRevocationCtrl', function($scope, realm, oauth, OAuthClient, $location, Dialog, Notifications) {
$scope.oauth = oauth;
$scope.realm = realm;
var setNotBefore = function() {
if ($scope.oauth.notBefore == 0) {
$scope.notBefore = "None";
} else {
$scope.notBefore = new Date($scope.oauth.notBefore * 1000);
}
};
setNotBefore();
var refresh = function() {
OAuthClient.get({ realm : realm.realm, oauth: $scope.oauth.id }, function(updated) {
$scope.oauth = updated;
setNotBefore();
})
};
$scope.clear = function() {
$scope.oauth.notBefore = 0;
OAuthClient.update({ realm : realm.realm, oauth: $scope.oauth.id}, $scope.oauth, function () {
$scope.notBefore = "None";
Notifications.success('Not Before cleared for application.');
refresh();
});
}
$scope.setNotBeforeNow = function() {
$scope.oauth.notBefore = new Date().getTime()/1000;
OAuthClient.update({ realm : realm.realm, oauth: $scope.oauth.id}, $scope.oauth, function () {
Notifications.success('Not Before cleared for application.');
refresh();
});
}
});
module.controller('OAuthClientIdentityProviderCtrl', function($scope, $route, realm, oauth, OAuthClient, $location, Notifications) {
$scope.realm = realm;
$scope.oauth = angular.copy(oauth);
var length = 0;
if ($scope.oauth.identityProviders) {
length = $scope.oauth.identityProviders.length;
} else {
$scope.oauth.identityProviders = new Array(realm.identityProviders.length);
}
for (j = length; j < realm.identityProviders.length; j++) {
$scope.oauth.identityProviders[j] = {};
}
$scope.identityProviders = [];
for (j = 0; j < realm.identityProviders.length; j++) {
var identityProvider = realm.identityProviders[j];
var match = false;
var applicationProvider;
for (i = 0; i < $scope.oauth.identityProviders.length; i++) {
applicationProvider = $scope.oauth.identityProviders[i];
if (applicationProvider) {
if (applicationProvider.retrieveToken) {
applicationProvider.retrieveToken = applicationProvider.retrieveToken.toString();
} else {
applicationProvider.retrieveToken = false.toString();
}
if (applicationProvider.id == identityProvider.id) {
$scope.identityProviders[i] = {};
$scope.identityProviders[i].identityProvider = identityProvider;
$scope.identityProviders[i].retrieveToken = applicationProvider.retrieveToken.toString();
break;
}
applicationProvider = null;
}
}
if (applicationProvider == null) {
var length = $scope.identityProviders.length + $scope.oauth.identityProviders.length;
$scope.identityProviders[length] = {};
$scope.identityProviders[length].identityProvider = identityProvider;
$scope.identityProviders[length].retrieveToken = false.toString();
}
}
$scope.identityProviders = $scope.identityProviders.filter(function(n){ return n != undefined });
var oldCopy = angular.copy($scope.oauth);
$scope.save = function() {
var selectedProviders = [];
for (i = 0; i < $scope.oauth.identityProviders.length; i++) {
var appProvider = $scope.oauth.identityProviders[i];
if (appProvider.id != null && appProvider.id != false) {
selectedProviders[selectedProviders.length] = appProvider;
}
}
$scope.oauth.identityProviders = selectedProviders;
OAuthClient.update({
realm : realm.realm,
oauth : oauth.id
}, $scope.oauth, function() {
$scope.changed = false;
$route.reload();
Notifications.success("Your changes have been saved to the application.");
});
};
$scope.reset = function() {
$scope.oauth = angular.copy(oldCopy);
$scope.changed = false;
};
$scope.$watch('oauth', function() {
if (!angular.equals($scope.oauth, oldCopy)) {
$scope.changed = true;
}
}, true);
});
module.controller('OAuthClientProtocolMapperListCtrl', function($scope, realm, oauth, serverInfo,
OAuthClientProtocolMappersByProtocol,
$http, $location, Dialog, Notifications) {
$scope.realm = realm;
$scope.oauth = oauth;
if (oauth.protocol == null) {
oauth.protocol = 'openid-connect';
}
var protocolMappers = serverInfo.protocolMapperTypes[oauth.protocol];
var mapperTypes = {};
for (var i = 0; i < protocolMappers.length; i++) {
mapperTypes[protocolMappers[i].id] = protocolMappers[i];
}
$scope.mapperTypes = mapperTypes;
var updateMappers = function() {
$scope.mappers = OAuthClientProtocolMappersByProtocol.query({realm : realm.realm, oauth : oauth.id, protocol : oauth.protocol});
};
updateMappers();
});
module.controller('OAuthClientAddBuiltinProtocolMapperCtrl', function($scope, realm, oauth, serverInfo,
OAuthClientProtocolMappersByProtocol,
$http, $location, Dialog, Notifications) {
$scope.realm = realm;
$scope.oauth = oauth;
if (oauth.protocol == null) {
oauth.protocol = 'openid-connect';
}
var protocolMappers = serverInfo.protocolMapperTypes[oauth.protocol];
var mapperTypes = {};
for (var i = 0; i < protocolMappers.length; i++) {
mapperTypes[protocolMappers[i].id] = protocolMappers[i];
}
$scope.mapperTypes = mapperTypes;
var updateMappers = function() {
var appMappers = OAuthClientProtocolMappersByProtocol.query({realm : realm.realm, oauth : oauth.id, protocol : oauth.protocol}, function() {
var builtinMappers = serverInfo.builtinProtocolMappers[oauth.protocol];
for (var i = 0; i < appMappers.length; i++) {
for (var j = 0; j < builtinMappers.length; j++) {
if (builtinMappers[j].name == appMappers[i].name
&& builtinMappers[j].protocolMapper == appMappers[i].protocolMapper) {
console.log('removing: ' + builtinMappers[j].name);
builtinMappers.splice(j, 1);
break;
}
}
}
for (var j = 0; j < builtinMappers.length; j++) {
console.log('builtin left: ' + builtinMappers[j].name);
}
$scope.mappers = builtinMappers;
for (var i = 0; i < $scope.mappers.length; i++) {
$scope.mappers[i].isChecked = false;
}
});
};
updateMappers();
$scope.add = function() {
var toAdd = [];
for (var i = 0; i < $scope.mappers.length; i++) {
if ($scope.mappers[i].isChecked) {
delete $scope.mappers[i].isChecked;
toAdd.push($scope.mappers[i]);
}
}
$http.post(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients-by-id/' + oauth.id + '/protocol-mappers/add-models',
toAdd).success(function() {
Notifications.success("Mappers added");
$location.url('/realms/' + realm.realm + '/oauth-clients/' + oauth.id + '/mappers');
}).error(function() {
Notifications.error("Error adding mappers");
$location.url('/realms/' + realm.realm + '/oauth-clients/' + oauth.id + '/mappers');
});
};
});
module.controller('OAuthClientProtocolMapperCtrl', function($scope, realm, serverInfo, oauth, mapper, OAuthClientProtocolMapper, Notifications, Dialog, $location) {
if (oauth.protocol == null) {
oauth.protocol = 'openid-connect';
}
$scope.realm = realm;
$scope.oauth = oauth;
$scope.create = false;
var protocol = oauth.protocol;
$scope.protocol = oauth.protocol;
$scope.mapper = angular.copy(mapper);
var oldCopy = angular.copy($scope.realm);
$scope.changed = false;
var protocolMappers = serverInfo.protocolMapperTypes[protocol];
for (var i = 0; i < protocolMappers.length; i++) {
if (protocolMappers[i].id == mapper.protocolMapper) {
$scope.mapperType = protocolMappers[i];
}
}
$scope.$watch(function() {
return $location.path();
}, function() {
$scope.path = $location.path().substring(1).split("/");
});
$scope.$watch('mapper', function() {
if (!angular.equals($scope.mapper, mapper)) {
$scope.changed = true;
}
}, true);
$scope.save = function() {
OAuthClientProtocolMapper.update({
realm : realm.realm,
oauth: oauth.id,
id : mapper.id
}, $scope.mapper, function() {
$scope.changed = false;
mapper = angular.copy($scope.mapper);
$location.url("/realms/" + realm.realm + '/oauth-clients/' + oauth.id + "/mappers/" + mapper.id);
Notifications.success("Your changes have been saved.");
});
};
$scope.reset = function() {
$scope.mapper = angular.copy(mapper);
$scope.changed = false;
};
$scope.cancel = function() {
//$location.url("/realms");
window.history.back();
};
$scope.remove = function() {
Dialog.confirmDelete($scope.mapper.name, 'mapper', function() {
OAuthClientProtocolMapper.remove({ realm: realm.realm, oauth: oauth.id, id : $scope.mapper.id }, function() {
Notifications.success("The mapper has been deleted.");
$location.url("/realms/" + realm.realm + '/oauth-clients/' + oauth.id + "/mappers");
});
});
};
});
module.controller('OAuthClientProtocolMapperCreateCtrl', function($scope, realm, serverInfo, oauth, OAuthClientProtocolMapper, Notifications, Dialog, $location) {
if (oauth.protocol == null) {
oauth.protocol = 'openid-connect';
}
$scope.realm = realm;
$scope.oauth = oauth;
$scope.create = true;
var protocol = oauth.protocol;
$scope.protocol = protocol;
$scope.mapper = { protocol : oauth.protocol, config: {}};
$scope.mapperTypes = serverInfo.protocolMapperTypes[protocol];
$scope.$watch(function() {
return $location.path();
}, function() {
$scope.path = $location.path().substring(1).split("/");
});
$scope.save = function() {
$scope.mapper.protocolMapper = $scope.mapperType.id;
OAuthClientProtocolMapper.save({
realm : realm.realm, oauth: oauth.id
}, $scope.mapper, function(data, headers) {
var l = headers().location;
var id = l.substring(l.lastIndexOf("/") + 1);
$location.url("/realms/" + realm.realm + '/oauth-clients/' + oauth.id + "/mappers/" + id);
Notifications.success("Mapper has been created.");
});
};
$scope.cancel = function() {
//$location.url("/realms");
window.history.back();
};
});

8
forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
View file

@ -53,10 +53,6 @@ module.controller('GlobalCtrl', function($scope, $http, Auth, WhoAmI, Current, $
return getAccess('view-realm') || this.manageRealm;
},
get viewApplications() {
return getAccess('view-applications') || this.manageApplications;
},
get viewClients() {
return getAccess('view-clients') || this.manageClients;
},
@ -73,10 +69,6 @@ module.controller('GlobalCtrl', function($scope, $http, Auth, WhoAmI, Current, $
return getAccess('manage-realm');
},
get manageApplications() {
return getAccess('manage-applications');
},
get manageClients() {
return getAccess('manage-clients');
},

47
forms/common-themes/src/main/resources/theme/base/admin/resources/js/loaders.js
View file

@ -89,17 +89,6 @@ module.factory('ApplicationProtocolMapperLoader', function(Loader, ApplicationPr
});
});
module.factory('OAuthClientProtocolMapperLoader', function(Loader, OAuthClientProtocolMapper, $route, $q) {
return Loader.get(OAuthClientProtocolMapper, function() {
return {
realm : $route.current.params.realm,
oauth : $route.current.params.oauth,
id: $route.current.params.id
}
});
});
module.factory('UserLoader', function(Loader, User, $route, $q) {
return Loader.get(User, function() {
return {
@ -261,42 +250,6 @@ module.factory('RoleMappingLoader', function(Loader, RoleMapping, $route, $q) {
});
});
module.factory('OAuthClientLoader', function(Loader, OAuthClient, $route, $q) {
return Loader.get(OAuthClient, function() {
return {
realm : $route.current.params.realm,
oauth : $route.current.params.oauth
}
});
});
module.factory('OAuthClientClaimsLoader', function(Loader, OAuthClientClaims, $route, $q) {
return Loader.get(OAuthClientClaims, function() {
return {
realm : $route.current.params.realm,
oauth : $route.current.params.oauth
}
});
});
module.factory('OAuthClientListLoader', function(Loader, OAuthClient, $route, $q) {
return Loader.query(OAuthClient, function() {
return {
realm : $route.current.params.realm
}
});
});
module.factory('OAuthClientInstallationLoader', function(Loader, OAuthClientInstallation, $route, $q) {
return Loader.get(OAuthClientInstallation, function() {
return {
realm : $route.current.params.realm,
oauth : $route.current.params.oauth
}
});
});
module.factory('IdentityProviderLoader', function(Loader, IdentityProvider, $route, $q) {
return Loader.get(IdentityProvider, function () {
return {

137
forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
View file

@ -202,29 +202,6 @@ module.factory('ApplicationProtocolMapper', function($resource) {
});
});
module.factory('OAuthClientProtocolMapper', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/protocol-mappers/models/:id', {
realm : '@realm',
oauth: '@oauth',
id : "@id"
}, {
update : {
method : 'PUT'
}
});
});
module.factory('OAuthClientProtocolMappersByProtocol', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/protocol-mappers/protocol/:protocol', {
realm : '@realm',
oauth : "@oauth",
protocol : "@protocol"
});
});
module.factory('User', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/users/:userId', {
realm : '@realm',
@ -840,120 +817,6 @@ module.factory('ApplicationOrigins', function($resource) {
});
});
module.factory('OAuthClient', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth', {
realm : '@realm',
oauth : '@oauth'
}, {
update : {
method : 'PUT'
}
});
});
module.factory('OAuthClientClaims', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/claims', {
realm : '@realm',
oauth : "@oauth"
}, {
update : {
method : 'PUT'
}
});
});
module.factory('OAuthClientCredentials', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/client-secret', {
realm : '@realm',
oauth : '@oauth'
}, {
update : {
method : 'POST'
}
});
});
module.factory('OAuthCertificate', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/certificates', {
realm : '@realm',
oauth : '@oauth'
});
});
module.factory('OAuthCertificateDownload', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/certificates/download', {
realm : '@realm',
oauth : '@oauth'
});
});
module.factory('OAuthClientRealmScopeMapping', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/scope-mappings/realm', {
realm : '@realm',
oauth : '@oauth'
});
});
module.factory('OAuthClientCompositeRealmScopeMapping', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/scope-mappings/realm/composite', {
realm : '@realm',
oauth : '@oauth'
});
});
module.factory('OAuthClientAvailableRealmScopeMapping', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/scope-mappings/realm/available', {
realm : '@realm',
oauth : '@oauth'
});
});
module.factory('OAuthClientApplicationScopeMapping', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/scope-mappings/applications-by-id/:targetApp', {
realm : '@realm',
oauth : '@oauth',
targetApp : '@targetApp'
});
});
module.factory('OAuthClientCompositeApplicationScopeMapping', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/scope-mappings/applications-by-id/:targetApp/composite', {
realm : '@realm',
oauth : '@oauth',
targetApp : '@targetApp'
});
});
module.factory('OAuthClientAvailableApplicationScopeMapping', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/scope-mappings/applications-by-id/:targetApp/available', {
realm : '@realm',
oauth : '@oauth',
targetApp : '@targetApp'
});
});
module.factory('OAuthClientInstallation', function($resource) {
var url = authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/installation';
var resource = $resource(authUrl + '/admin/realms/:realm/oauth-clients-by-id/:oauth/installation', {
realm : '@realm',
oauth : '@oauth'
}, {
update : {
method : 'PUT'
}
});
resource.url = function(parameters) {
return url.replace(':realm', parameters.realm).replace(':oauth', parameters.oauth);
}
return resource;
});
module.factory('Current', function(Realm, $route) {
var current = {};

2
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/application-clustering-node.html
View file

@ -10,7 +10,7 @@
</ol>
<h2 data-ng-show="create || registered"><span>{{application.name}} Clustering</span></h2>
<h2 data-ng-hide="create || registered">Cluster node on host <span>{{node.host}}</span> not registered!</h2>
<form class="form-horizontal" name="clusteringForm" novalidate kc-read-only="!access.manageApplications" data-ng-show="create || registered">
<form class="form-horizontal" name="clusteringForm" novalidate kc-read-only="!access.manageClients" data-ng-show="create || registered">
<fieldset >
<legend><span class="text">Configuration of cluster node</span></legend>
<div class="form-group">

4
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/application-clustering.html
View file

@ -8,7 +8,7 @@
<li class="active">Clustering</li>
</ol>
<h2 data-ng-hide="create"><span>{{application.name}}</span> Clustering</h2>
<form class="form-horizontal" name="clusteringForm" novalidate kc-read-only="!access.manageApplications">
<form class="form-horizontal" name="clusteringForm" novalidate kc-read-only="!access.manageClients">
<legend><span class="text">Basic configuration</span></legend>
<fieldset >
<div class="form-group clearfix">
@ -43,7 +43,7 @@
<table class="table table-striped table-bordered">
<thead>
<tr>
<th class="kc-table-actions" colspan="3" data-ng-show="access.manageApplications">
<th class="kc-table-actions" colspan="3" data-ng-show="access.manageClients">
<div class="pull-right">
<a class="btn btn-primary" tooltip="Manually register cluster node. This is usually not needed as cluster node should be registered automatically by adapter"
tooltip-placement="bottom" href="#/register-node/realms/{{realm.realm}}/applications/{{application.id}}/clustering">Register node manually</a>

20
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/application-detail.html
View file

@ -15,7 +15,7 @@
<h2 data-ng-show="create" class="pull-left"><span>{{realm.realm}}</span> Add Application</h2>
<p class="subtitle" data-ng-show="create"><span class="required">*</span> Required fields</p>
<form class="form-horizontal" name="applicationForm" novalidate kc-read-only="!access.manageApplications">
<form class="form-horizontal" name="applicationForm" novalidate kc-read-only="!access.manageClients">
<fieldset class="border-top">
<div class="form-group">
<label class="col-sm-2 control-label" for="name">Name <span class="required" data-ng-show="create">*</span></label>
@ -30,6 +30,20 @@
</div>
<span tooltip-placement="right" tooltip="Disabled applications cannot initiate a login or have obtain access tokens." class="fa fa-info-circle"></span>
</div>
<div class="form-group clearfix block">
<label class="col-sm-2 control-label" for="consentRequired">Consent Required</label>
<div class="col-sm-6">
<input ng-model="application.consentRequired" name="consentRequired" id="consentRequired" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="If enabled users have to consent to client access." class="fa fa-info-circle"></span>
</div>
<div class="form-group clearfix block">
<label class="col-sm-2 control-label" for="directGrantsOnly">Direct Grants Only</label>
<div class="col-sm-6">
<input ng-model="application.directGrantsOnly" name="directGrantsOnly" id="directGrantsOnly" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="When enabled, client can only obtain grants from grant REST API." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="protocol">Client Protocol</label>
<div class="col-sm-6">
@ -244,11 +258,11 @@
</div>
</fieldset>
<div class="pull-right form-actions" data-ng-show="create && access.manageApplications">
<div class="pull-right form-actions" data-ng-show="create && access.manageClients">
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-show="changed">Save</button>
</div>
<div class="pull-right form-actions" data-ng-show="!create && access.manageApplications">
<div class="pull-right form-actions" data-ng-show="!create && access.manageClients">
<button kc-reset data-ng-show="changed">Clear changes</button>
<button kc-save data-ng-show="changed">Save</button>
<button kc-delete data-ng-click="remove()" data-ng-hide="changed">Delete Application</button>

2
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/application-revocation.html
View file

@ -18,7 +18,7 @@
<span tooltip-placement="right" tooltip="Revoke any tokens issued before this date for this application." class="fa fa-info-circle"></span>
</div>
</fieldset>
<div class="pull-right form-actions" data-ng-show="access.manageApplications">
<div class="pull-right form-actions" data-ng-show="access.manageClients">
<button type="submit" data-ng-click="clear()" class="btn btn-default btn-lg">Clear
</button>
<button type="submit" data-ng-click="setNotBeforeNow()" class="btn btn-primary btn-lg">Set To Now

6
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/application-role-detail.html
View file

@ -20,7 +20,7 @@
<h2 data-ng-show="create" class="pull-left"><span>{{application.name}}</span> Add Application Role</h2>
<p class="subtitle" data-ng-show="create"><span class="required">*</span> Required fields</p>
<form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageApplications">
<form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageClients">
<fieldset class="border-top">
<div class="form-group">
@ -126,11 +126,11 @@
</div>
</fieldset>
<div class="pull-right form-actions" data-ng-show="create && access.manageApplications">
<div class="pull-right form-actions" data-ng-show="create && access.manageClients">
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-show="changed">Save</button>
</div>
<div class="pull-right form-actions" data-ng-show="!create && access.manageApplications">
<div class="pull-right form-actions" data-ng-show="!create && access.manageClients">
<button kc-reset data-ng-show="changed">Clear changes</button>
<button kc-save data-ng-show="changed">Save</button>
<button kc-delete data-ng-click="remove()" data-ng-hide="changed">Delete</button>

2
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/application-role-list.html
View file

@ -12,7 +12,7 @@
<table class="table table-striped table-bordered">
<thead>
<tr>
<th class="kc-table-actions" colspan="3" data-ng-show="access.manageApplications">
<th class="kc-table-actions" colspan="3" data-ng-show="access.manageClients">
<div class="pull-right">
<a class="btn btn-primary" href="#/create/role/{{realm.realm}}/applications/{{application.id}}">Add Role</a>
<!-- <button class="remove disabled">Remove</button> -->

4
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/application-scope-mappings.html
View file

@ -10,7 +10,7 @@
</ol>
<h2><span>{{application.name}}</span> Scope Mappings <span tooltip-placement="right" tooltip="Scope mappings allow you to restrict which user role mappings are included within the access token requested by the application." class="fa fa-info-circle"></span></h2>
<p class="subtitle"></p>
<form class="form-horizontal" name="allowScope" novalidate kc-read-only="!access.manageApplications">
<form class="form-horizontal" name="allowScope" novalidate kc-read-only="!access.manageClients">
<fieldset class="border-top">
<div class="form-group">
<label class="col-sm-2 control-label" for="fullScopeAllowed">Full Scope Allowed</label>
@ -22,7 +22,7 @@
</fieldset>
</form>
<form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageApplications" data-ng-show="!application.fullScopeAllowed">
<form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageClients" data-ng-show="!application.fullScopeAllowed">
<fieldset>
<legend><span class="text">Realm Roles</span> <span tooltip-placement="right" tooltip="Realm level roles assigned to scope." class="fa fa-info-circle"></span></legend>
<div class="form-group col-sm-10">

19
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/oauth-client-claims.html
View file

@ -1,19 +0,0 @@
<div class="bs-sidebar col-md-3 clearfix" data-ng-include data-src="resourceUrl + '/partials/realm-menu.html'"></div>
<div id="content-area" class="col-md-9" role="main">
<kc-navigation-oauth-client></kc-navigation-oauth-client>
<div id="content">
<ol class="breadcrumb" data-ng-hide="create">
<li><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}">{{oauth.name}}</a></li>
<li class="active">Claims</li>
</ol>
<h2 data-ng-hide="create"><span>{{oauth.name}}</span> Allowed Claims <span tooltip-placement="right" tooltip="Allows you to restrict which claim information is stored in the access token generated for the application." class="fa fa-info-circle"></span></h2>
<form class="form-horizontal" name="claimForm">
<div data-ng-include data-src="resourceUrl + '/partials/claims.html'"></div>
<div class="pull-right form-actions" data-ng-show="access.manageClients">
<button kc-reset data-ng-show="changed">Clear changes</button>
<button kc-save data-ng-show="changed">Save</button>
</div>
</form>
</div>
</div>

29
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/oauth-client-credentials.html
View file

@ -1,29 +0,0 @@
<div class="bs-sidebar col-sm-3" data-ng-include data-src="resourceUrl + '/partials/realm-menu.html'"></div>
<div id="content-area" class="col-sm-9" role="main">
<kc-navigation-oauth-client></kc-navigation-oauth-client>
<div id="content">
<ol class="breadcrumb" data-ng-hide="create">
<li><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}">{{oauth.name}}</a></li>
<li class="active">Credentials</li>
</ol>
<h2 data-ng-hide="create"><span>{{oauth.name}}</span> Credentials</h2>
<form class="form-horizontal" name="credentialForm" novalidate kc-read-only="!access.manageClients">
<fieldset >
<legend><span class="text">Client Secret</span></legend>
<div class="form-group">
<label class="col-sm-2 control-label" for="secret">Secret</label>
<div class="col-sm-4">
<input ng-disabled="true" class="form-control" type="text" id="secret" name="secret" data-ng-model="secret" autofocus
required>
</div>
</div>
</fieldset>
<div class="pull-right form-actions" data-ng-show="access.manageClients">
<button type="submit" data-ng-click="changePassword()" class="btn btn-primary btn-lg">Regenerate Secret
</button>
</div>
</form>
</div>
</div>

116
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/oauth-client-detail.html
View file

@ -1,116 +0,0 @@
<div class="bs-sidebar col-md-3 clearfix" data-ng-include data-src="resourceUrl + '/partials/realm-menu.html'"></div>
<div id="content-area" class="col-md-9" role="main">
<kc-navigation-oauth-client></kc-navigation-oauth-client>
<div id="content">
<ol class="breadcrumb" data-ng-hide="create">
<li><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}">{{oauth.name}}</a></li>
<li class="active">Settings</li>
</ol>
<ol class="breadcrumb" data-ng-show="create">
<li><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li class="active">Add OAuth Client</li>
</ol>
<h2 data-ng-show="create" class="pull-left"><span>{{realm.realm}}</span> Add OAuth Client</h2>
<p class="subtitle" data-ng-show="create"><span class="required">*</span> Required fields</p>
<h2 data-ng-hide="create"><span>{{oauth.name}}</span> Settings</h2>
<form class="form-horizontal" name="oauthForm" novalidate kc-read-only="!access.manageClients">
<fieldset class="border-top">
<div class="form-group">
<label class="col-sm-2 control-label" for="name">Name <span class="required" data-ng-show="create">*</span></label>
<div class="col-sm-4">
<input class="form-control" type="text" id="name" name="name" data-ng-model="oauth.name" autofocus
required>
</div>
</div>
<div class="form-group clearfix block">
<label class="col-sm-2 control-label" for="enabled">Enabled</label>
<div class="col-sm-4">
<input ng-model="oauth.enabled" name="enabled" id="enabled" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Disabled oauth clients cannot obtain access tokens." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="accessType">Access Type</label>
<div class="col-sm-4">
<div class="select-kc">
<select id="accessType"
ng-change="changeAccessType()"
ng-model="accessType"
ng-options="aType for aType in accessTypes">
</select>
</div>
</div>
<span tooltip-placement="right" tooltip="'Confidential' oauth clients require a secret to initiate login protocol. 'Public' clients do not require a secret." class="fa fa-info-circle"></span>
</div>
<div class="form-group clearfix block">
<label class="col-sm-2 control-label" for="directGrantsOnly">Direct Grants Only</label>
<div class="col-sm-4">
<input ng-model="oauth.directGrantsOnly" name="directGrantsOnly" id="directGrantsOnly" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="When enabled, client can only obtain grants from grant REST API." class="fa fa-info-circle"></span>
</div>
<div class="form-group" data-ng-hide="oauth.directGrantsOnly">
<label class="col-sm-2 control-label" for="newRedirectUri">Redirect URI <span class="required" data-ng-show="create">*</span></label>
<div class="col-sm-6 multiple" ng-repeat="redirectUri in oauth.redirectUris">
<div class="input-group kc-item-deletable">
<input class="form-control" type="text" data-ng-class="{'input-below':!$first}"
name="redirectUri" id="redirectUri" data-ng-model="redirectUri" readonly />
<span class="input-group-btn">
<button class="btn btn-default" type="button" data-ng-click="deleteRedirectUri($index)">
Delete</button>
</span>
</div>
</div>
<div class="col-sm-6 multiple">
<div class="input-group">
<input class="form-control" type="text" name="newRedirectUri" id="newRedirectUri"
placeholder="New Redirect URI..." data-ng-model="newRedirectUri"
data-ng-class="{'input-below':oauth.redirectUris.length}" />
<span class="input-group-btn">
<button class="btn btn-default" data-ng-click="addRedirectUri()" ng-show="newRedirectUri.length > 0">Add</button>
</span>
</div>
</div>
<span tooltip-placement="right" tooltip="Valid URI pattern a browser can redirect to after a successful login or logout. Simple wildcards are allowed i.e. 'http://example.com/*'. Relative path can be specified too i.e. /my/relative/path/*. Relative paths will generate a redirect URI using the request's host and port." class="fa fa-info-circle"></span>
</div>
<div class="form-group" data-ng-hide="create">
<label class="col-sm-2 control-label" for="newWebOrigin">Web Origin</label>
<div class="col-sm-6 multiple" ng-repeat="webOrigin in oauth.webOrigins">
<div class="input-group kc-item-deletable">
<input class="form-control" type="text" data-ng-class="{'input-below':!$first}"
name="webOrigin" id="webOrigin" data-ng-model="webOrigin" readonly />
<span class="input-group-btn">
<button class="btn btn-default" type="button" data-ng-click="deleteWebOrigin($index)">
Delete</button>
</span>
</div>
</div>
<div class="col-sm-6 multiple">
<div class="input-group">
<input class="form-control" type="text" name="newWebOrigin" id="newWebOrigin"
placeholder="New Web Origin..." data-ng-model="newWebOrigin"
data-ng-class="{'input-below':oauth.webOrigins.length}" />
<span class="input-group-btn">
<button class="btn btn-default" data-ng-click="addWebOrigin()" ng-show="newWebOrigin.length > 0">Add</button>
</span>
</div>
</div>
<span tooltip-placement="right" tooltip="Allowed CORS origins. Only useful if the client adapter has CORS processing enabled." class="fa fa-info-circle"></span>
</div>
</fieldset>
<div class="pull-right form-actions" data-ng-show="create && access.manageClients">
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save data-ng-show="changed">Save</button>
</div>
<div class="pull-right form-actions" data-ng-show="!create && access.manageClients">
<button kc-reset data-ng-show="changed">Clear changes</button>
<button kc-save data-ng-show="changed">Save</button>
<button kc-delete data-ng-click="remove()" data-ng-hide="changed">Delete Client</button>
</div>
</form>
</div>
</div>

31
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/oauth-client-identity-provider.html
View file

@ -1,31 +0,0 @@
<div class="bs-sidebar col-md-3 clearfix" data-ng-include data-src="resourceUrl + '/partials/realm-menu.html'"></div>
<div id="content-area" class="col-md-9" role="main">
<kc-navigation-oauth-client></kc-navigation-oauth-client>
<div id="content">
<ol class="breadcrumb" data-ng-hide="create">
<li><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}">{{oauth.name}}</a></li>
<li class="active">Identity Provider</li>
</ol>
<h2 data-ng-hide="create"><span>{{oauth.name}}</span> Identity Provider Settings</h2>
<form class="form-horizontal" name="identityProviderForm" novalidate>
<div class="form-group" ng-repeat="identityProvider in identityProviders">
<legend><span class="text">{{identityProvider.identityProvider.name}}</span></legend>
<label class="col-sm-2 control-label" for="{{identityProvider.identityProvider.id}}">Enable&nbsp;<span tooltip-placement="right" tooltip="If disabled, users can not login to the application using this identity provider." class="fa fa-info-circle"></span></label>
<div class="col-sm-4">
<input ng-model="oauth.identityProviders[$index].id" name="identityProvider.identityProvider.id" id="identityProvider.identityProvider.id" value="identityProvider.identityProvider.id" onoffswitchmodel />
</div>
<div data-ng-show="oauth.identityProviders[$index].id">
<label class="col-sm-2 control-label" for="{{identityProvider.identityProvider.id}}retrieveToken">Can Retrieve Token&nbsp;<span tooltip-placement="right" tooltip="If disabled, the application can not retrieve tokens from the identity provider." class="fa fa-info-circle"></span></label>
<div class="col-sm-4">
<input ng-model="oauth.identityProviders[$index].retrieveToken" name="identityProvider.identityProvider.id + 'retrieveToken'" id="identityProvider.identityProvider.id + 'retrieveToken'" value="true" onoffswitchmodel />
</div>
</div>
</div>
<div class="pull-right form-actions">
<button kc-reset data-ng-show="changed">Clear changes</button>
<button kc-save data-ng-show="changed">Save</button>
</div>
</form>
</div>
</div>

26
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/oauth-client-installation.html
View file

@ -1,26 +0,0 @@
<div class="bs-sidebar col-sm-3" data-ng-include data-src="resourceUrl + '/partials/realm-menu.html'"></div>
<div id="content-area" class="col-md-9" role="main">
<kc-navigation-oauth-client></kc-navigation-oauth-client>
<div id="content">
<ol class="breadcrumb" data-ng-hide="create">
<li><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}">{{oauth.name}}</a></li>
<li class="active">Installation</li>
</ol>
<h2>{{oauth.name}} Adapter Installation <span tooltip-placement="right" tooltip="Helper utility for generating various client adapter configuration formats which you can download or cut and paste to configure your client applications." class="fa fa-info-circle"></span></h2>
<form class="form-horizontal" name="realmForm" novalidate>
<fieldset>
<div class="form-group">
<div class="col-sm-12">
<textarea class="form-control" rows="20" kc-select-action="click">{{installation | json}}</textarea>
</div>
</div>
</fieldset>
</form>
<div class="pull-right form-actions">
<a class="btn btn-primary btn-lg" data-ng-click="download()" type="submit">Download</a>
</div>
</div>
</div>

55
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/oauth-client-list.html
View file

@ -1,55 +0,0 @@
<div class="bs-sidebar col-md-3 clearfix" data-ng-include data-src="resourceUrl + '/partials/realm-menu.html'"></div>
<div id="content-area" class="col-md-9" role="main">
<h2></h2>
<div id="content">
<h2><span>{{realm.realm}}</span> OAuth Clients <span tooltip-placement="right" tooltip="OAuth clients are like applications, but are only granted temporary access. In browser apps, users will be queried to explicitly grant access." class="fa fa-info-circle"></span></h2>
<table class="table table-striped table-bordered">
<thead>
<tr>
<th class="kc-table-actions" colspan="3">
<div class="search-comp clearfix">
<input type="text" placeholder="Search..." class="form-control search" data-ng-model="search.name"
onkeyup="if(event.keyCode == 13){$(this).next('button').click();}">
<button type="submit" class="kc-icon-search" tooltip-placement="right"
tooltip="Search by application name.">
Icon: search
</button>
</div>
<div class="pull-right">
<a class="btn btn-primary" href="#/create/oauth-client/{{realm.realm}}">Add Client</a>
</div>
</th>
</tr>
<tr data-ng-hide="oauthClients.length == 0">
<th>OAuth Client Name</th>
<th>Enabled</th>
</tr>
</thead>
<!--<tfoot data-ng-show="oauthClients && oauthClients.length > 5">
<tr>
<td colspan="2">
<div class="table-nav">
<a href="#" class="first disabled">First page</a><a href="#" class="prev disabled">Previous
page</a><span><strong>1-8</strong> of <strong>10</strong></span><a href="#"
class="next">Next
page</a><a href="#" class="last">Last page</a>
</div>
</td>
</tr>
</tfoot>
-->
<tbody>
<tr ng-repeat="client in oauthClients | filter:search">
<td><a href="#/realms/{{realm.realm}}/oauth-clients/{{client.id}}">{{client.name}}</a></td>
<td>{{client.enabled}}</td>
</tr>
<tr data-ng-show="oauthClients.length == 0">
<td>No clients available</td>
</tr>
</tbody>
</table>
<div class="feedback warning inline" data-ng-show="search && oauthClients.length == 0">
<p><strong>Your search returned no results.</strong><br>Try modifying the query and try again.</p>
</div>
</div>
</div>

49
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/oauth-client-mappers-add.html
View file

@ -1,49 +0,0 @@
<div class="bs-sidebar col-md-3 clearfix" data-ng-include data-src="resourceUrl + '/partials/realm-menu.html'"></div>
<div id="content-area" class="col-md-9" role="main">
<kc-navigation-oauth-client></kc-navigation-oauth-client>
<div id="content">
<ol class="breadcrumb" data-ng-hide="create">
<li><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}">{{oauth.name}}</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}/mappers">{{oauth.name}} Mappers</a></li>
<li class="active">Add Builtin Protocol Mappers</li>
</ol>
<h2>Add Builtin Protocol Mappers <span tooltip-placement="right" tooltip="Protocol mappers perform transformation on tokens and documents. They an do things like map user data into protocol claims, or just transform any requests going between the application and auth server." class="fa fa-info-circle"></span></h2>
<table class="table table-striped table-bordered">
<thead>
<tr>
<th class="kc-table-actions" colspan="4">
<div class="search-comp clearfix">
<input type="text" placeholder="Search..." class="form-control search" data-ng-model="search.name"
onkeyup="if(event.keyCode == 13){$(this).next('button').click();}">
<button type="submit" class="kc-icon-search" tooltip-placement="right"
tooltip="Search by mapper name.">
Icon: search
</button>
</div>
<div class="pull-right">
<button class="btn btn-primary" data-ng-click="add()">Add Selected</button>
</div>
</th>
</tr>
<tr data-ng-hide="mappers.length == 0">
<th>Name</th>
<th>Category</th>
<th>Type</th>
<th>Add</th>
</tr>
</thead>
<tbody>
<tr ng-repeat="mapper in mappers | filter:search">
<td>{{mapper.name}}</td>
<td>{{mapperTypes[mapper.protocolMapper].category}}</td>
<td>{{mapperTypes[mapper.protocolMapper].name}}</td>
<td><input type="checkbox" ng-model="mapper.isChecked"></td>
</tr>
<tr data-ng-show="mappers.length == 0">
<td>No mappers available</td>
</tr>
</tbody>
</table>
</div>
</div>

47
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/oauth-client-mappers.html
View file

@ -1,47 +0,0 @@
<div class="bs-sidebar col-md-3 clearfix" data-ng-include data-src="resourceUrl + '/partials/realm-menu.html'"></div>
<div id="content-area" class="col-md-9" role="main">
<kc-navigation-oauth-client></kc-navigation-oauth-client>
<div id="content">
<ol class="breadcrumb" data-ng-hide="create">
<li><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}">{{oauth.name}}</a></li>
<li class="active">Protocol Mappers</li>
</ol>
<h2><span>{{realm.realm}} </span> {{oauth.name}} {{oauth.protocol}} Protocol Mappers <span tooltip-placement="right" tooltip="Protocol mappers perform transformation on tokens and documents. They an do things like map user data into protocol claims, or just transform any requests going between the application and auth server." class="fa fa-info-circle"></span></h2>
<table class="table table-striped table-bordered">
<thead>
<tr>
<th class="kc-table-actions" colspan="4">
<div class="search-comp clearfix">
<input type="text" placeholder="Search..." class="form-control search" data-ng-model="search.name"
onkeyup="if(event.keyCode == 13){$(this).next('button').click();}">
<button type="submit" class="kc-icon-search" tooltip-placement="right"
tooltip="Search by mapper name.">
Icon: search
</button>
</div>
<div class="pull-right">
<a class="btn btn-primary" href="#/create/oauth-client/{{realm.realm}}/{{oauth.id}}/mappers">Create</a>
<a class="btn btn-primary" href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}/add-mappers">Add Builtin</a>
</div>
</th>
</tr>
<tr data-ng-hide="mappers.length == 0">
<th>Name</th>
<th>Category</th>
<th>Type</th>
</tr>
</thead>
<tbody>
<tr ng-repeat="mapper in mappers | filter:search">
<td><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}/mappers/{{mapper.id}}">{{mapper.name}}</a></td>
<td>{{mapperTypes[mapper.protocolMapper].category}}</td>
<td>{{mapperTypes[mapper.protocolMapper].name}}</td>
</tr>
<tr data-ng-show="mappers.length == 0">
<td>No mappers available</td>
</tr>
</tbody>
</table>
</div>
</div>

108
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/oauth-client-protocol-mapper-detail.html
View file

@ -1,108 +0,0 @@
<div class="bs-sidebar col-sm-3 " data-ng-include data-src="resourceUrl + '/partials/realm-menu.html'"></div>
<div id="content-area" class="col-sm-9" role="main">
<kc-navigation-oauth-client></kc-navigation-oauth-client>
<div id="content">
<ol class="breadcrumb" data-ng-show="create">
<li><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}">{{oauth.name}}</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}/mappers">{{oauth.name}} Mappers</a></li>
<li class="active">Create Protocol Mapper</li>
</ol>
<ol class="breadcrumb" data-ng-hide="create">
<li><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}">{{oauth.name}}</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}/mappers">{{oauth.name}} Mappers</a></li>
<li class="active">{{mapper.name}}</li>
</ol>
<h2 class="pull-left" data-ng-hide="create">{{mapper.name}} Protocol Mapper</h2>
<h2 class="pull-left" data-ng-show="create">Create Protocol Mapper</h2>
<p class="subtitle"><span class="required">*</span> Required fields</p>
<form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm">
<fieldset>
<div class="form-group clearfix">
<label class="col-sm-2 control-label" for="protocol">Protocol</label>
<div class="col-sm-4">
<input class="form-control" id="protocol" type="text" ng-model="protocol" readonly>
</div>
<span tooltip-placement="right" tooltip="Protocol." class="fa fa-info-circle"></span>
</div>
<div class="form-group clearfix" data-ng-show="!create">
<label class="col-sm-2 control-label" for="mapperId">ID </label>
<div class="col-sm-4">
<input class="form-control" id="mapperId" type="text" ng-model="mapper.id" readonly>
</div>
</div>
<div class="form-group clearfix">
<label class="col-sm-2 control-label" for="name">Name</label>
<div class="col-sm-4">
<input class="form-control" id="name" type="text" ng-model="mapper.name" data-ng-readonly="!create">
</div>
<span tooltip-placement="right" tooltip="Name of the mapper." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label for="consentRequired" class="col-sm-2 control-label">Consent required</label>
<div class="col-sm-4">
<input ng-model="mapper.consentRequired" name="consentRequired" id="consentRequired" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="When granting temporary access, must the user consent to providing this data to the client?" class="fa fa-info-circle"></span>
</div>
<div class="form-group" data-ng-show="mapper.consentRequired">
<label class="col-sm-2 control-label" for="consentText">Consent Text </label>
<div class="col-sm-4">
<textarea class="form-control" rows="5" cols="50" id="consentText" name="consentText" data-ng-model="mapper.consentText"></textarea>
</div>
<span tooltip-placement="right" tooltip="Text to display on consent page" class="fa fa-info-circle"></span>
</div>
<div class="form-group" data-ng-show="create">
<label class="col-sm-2 control-label" for="mapperTypeCreate">Mapper Type</label>
<div class="col-sm-6">
<div class="select-kc">
<select id="mapperTypeCreate"
ng-model="mapperType"
ng-options="mapperType.name for mapperType in mapperTypes">
</select>
</div>
</div>
<span tooltip-placement="right" tooltip="{{mapperType.helpText}}" class="fa fa-info-circle"></span>
</div>
<div class="form-group clearfix" data-ng-hide="create">
<label class="col-sm-2 control-label" for="mapperType">Mapper Type</label>
<div class="col-sm-4">
<input class="form-control" id="mapperType" type="text" ng-model="mapperType.name" data-ng-readonly="true">
</div>
<span tooltip-placement="right" tooltip="{{mapperType.helpText}}" class="fa fa-info-circle"></span>
</div>
<div data-ng-repeat="option in mapperType.properties" class="form-group">
<label class="col-sm-2 control-label">{{option.label}} </label>
<div class="col-sm-4" data-ng-hide="option.type == 'boolean' || option.type == 'List'">
<input class="form-control" type="text" data-ng-model="mapper.config[ option.name ]" >
</div>
<div class="col-sm-4" data-ng-show="option.type == 'boolean'">
<input ng-model="mapper.config[ option.name ]" value="'true'" name="option.name" id="option.name" onoffswitchmodel />
</div>
<div class="col-sm-4" data-ng-show="option.type == 'List'">
<select ng-model="mapper.config[ option.name ]" ng-options="data for data in option.defaultValue">
<option value="" selected> Select one... </option>
</select>
</div>
<span tooltip-placement="right" tooltip="{{option.helpText}}" class="fa fa-info-circle"></span>
</div>
</fieldset>
<div class="pull-right form-actions" data-ng-show="create && access.manageRealm">
<button kc-cancel data-ng-click="cancel()">Cancel</button>
<button kc-save>Save</button>
</div>
<div class="pull-right form-actions" data-ng-show="!create && access.manageRealm">
<button kc-reset data-ng-show="changed">Clear changes</button>
<button kc-save data-ng-show="changed">Save</button>
<button kc-delete data-ng-click="remove()" data-ng-hide="changed">Delete</button>
</div>
</form>
</div>
</div>

29
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/oauth-client-revocation.html
View file

@ -1,29 +0,0 @@
<div class="bs-sidebar col-md-3 clearfix" data-ng-include data-src="resourceUrl + '/partials/realm-menu.html'"></div>
<div id="content-area" class="col-md-9" role="main">
<kc-navigation-oauth-client></kc-navigation-oauth-client>
<div id="content">
<ol class="breadcrumb">
<li><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}">{{oauth.name}}</a></li>
<li class="active">Revocation</li>
</ol>
<h2 data-ng-hide="create"><span>{{oauth.name}}</span> Revocation Policies</h2>
<form class="form-horizontal" name="credentialForm" novalidate kc-read-only="!access.manageRealm">
<fieldset class="border-top">
<div class="form-group">
<label class="col-sm-2 control-label" for="notBefore">Not Before</label>
<div class="col-sm-4">
<input ng-disabled="true" class="form-control" type="text" id="notBefore" name="notBefore" data-ng-model="notBefore" autofocus>
</div>
<span tooltip-placement="right" tooltip="Revoke any tokens issued before this date for this client." class="fa fa-info-circle"></span>
</div>
</fieldset>
<div class="pull-right form-actions" data-ng-show="access.manageApplications">
<button type="submit" data-ng-click="clear()" class="btn btn-default btn-lg">Clear
</button>
<button type="submit" data-ng-click="setNotBeforeNow()" class="btn btn-primary btn-lg">Set To Now
</button>
</div>
</form>
</div>
</div>

124
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/oauth-client-scope-mappings.html
View file

@ -1,124 +0,0 @@
<div class="bs-sidebar col-md-3 clearfix" data-ng-include data-src="resourceUrl + '/partials/realm-menu.html'"></div>
<div id="content-area" class="col-md-9" role="main">
<kc-navigation-oauth-client></kc-navigation-oauth-client>
<div id="content">
<ol class="breadcrumb" data-ng-hide="create">
<li><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}">{{oauth.name}}</a></li>
<li class="active">Scope</li>
</ol>
<h2><span>{{oauth.name}}</span> Scope Mappings <span tooltip-placement="right" tooltip="Scope mappings allow you to restrict which user role mappings are included within the access token requested by the client." class="fa fa-info-circle"></span></h2>
<p class="subtitle"></p>
<form class="form-horizontal" name="allowScope" novalidate kc-read-only="!access.manageClients">
<fieldset class="border-top">
<div class="form-group">
<label class="col-sm-2 control-label" for="fullScopeAllowed">Full Scope Allowed</label>
<div class="col-sm-4">
<input ng-model="oauth.fullScopeAllowed" ng-click="changeFullScopeAllowed()" name="fullScopeAllowed" id="fullScopeAllowed" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Allows you to disable all restrictions." class="fa fa-info-circle"></span>
</div>
</fieldset>
</form>
<form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageClients" data-ng-show="!oauth.fullScopeAllowed">
<fieldset>
<legend><span class="text">Realm Roles</span> <span tooltip-placement="right" tooltip="Realm level roles assigned to scope." class="fa fa-info-circle"></span></legend>
<div class="form-group col-sm-10">
<div class="controls changing-selectors">
<div class="select-title">
<label class="control-label" for="available">Available Roles <span tooltip-placement="right" tooltip="Realm level roles that can be assigned to scope." class="fa fa-info-circle"></span></label>
<select id="available" class="form-control" multiple size="5"
ng-multiple="true"
ng-model="selectedRealmRoles"
ng-options="r.name for r in realmRoles">
</select>
</div>
<div class="middle-buttons kc-vertical">
<button class="btn btn-default" type="submit" ng-click="addRealmRole()" tooltip="Assign role" tooltip-placement="right">
<span class="kc-icon-arrow-right">Assign role</span>
</button>
<button class="btn btn-default" type="submit" ng-click="deleteRealmRole()" tooltip="Unassign role" tooltip-placement="left">
<span class="kc-icon-arrow-left">Unassign role</span>
</button>
</div>
<div class="select-title">
<label class="control-label" for="assigned">Assigned Roles <span tooltip-placement="right" tooltip="Realm level roles assigned to scope." class="fa fa-info-circle"></span></label>
<select id="assigned" class="form-control" multiple size=5
ng-multiple="true"
ng-model="selectedRealmMappings"
ng-options="r.name for r in realmMappings">
</select>
</div>
<div class="middle-buttons">
-
</div>
<div class="select-title">
<label class="control-label" for="realm-composite">Effective Roles <span tooltip-placement="right" tooltip="Assigned realm level roles that may have been inherited from a composite role." class="fa fa-info-circle"></span></label>
<select id="realm-composite" class="form-control" multiple size=5
ng-disabled="true"
ng-model="dummymodel"
ng-options="r.name for r in realmComposite">
</select>
</div>
</div>
</div>
</fieldset>
<fieldset ng-show="applications.length > 0">
<legend><span class="text">Application Roles</span> </legend>
<div class="form-group input-select">
<label class="col-sm-2 control-label" for="applications">Application <span tooltip-placement="right" tooltip="Select an application to view or modify additional roles to assign." class="fa fa-info-circle"></span></label>
<div class="col-sm-4">
<div class="input-group">
<div class="select-kc">
<select id="applications" name="applications" ng-change="changeApplication()" ng-model="targetApp" ng-options="a.name for a in (applications)" ng-disabled="false">
<option value="" selected> Select an Application </option>
</select>
</div>
</div>
</div>
</div>
<div class="form-group" data-ng-show="targetApp">
<div class="controls changing-selectors col-sm-10">
<div class="select-title">
<label class="control-label" for="app-available">Available Roles <span tooltip-placement="right" tooltip="Application roles available to be assigned." class="fa fa-info-circle"></span></label>
<select id="app-available" class="form-control" multiple size="5"
ng-multiple="true"
ng-model="selectedApplicationRoles"
ng-options="r.name for r in applicationRoles">
</select>
</div>
<div class="middle-buttons kc-vertical">
<button class="btn btn-default" type="submit" ng-click="addApplicationRole()" tooltip="Assign role" tooltip-placement="right">
<span class="kc-icon-arrow-right">Move right</span>
</button>
<button class="btn btn-default" type="submit" ng-click="deleteApplicationRole()" tooltip="Unassign role" tooltip-placement="left">
<span class="kc-icon-arrow-left">Move left</span>
</button>
</div>
<div class="select-title">
<label class="control-label" for="app-assigned">Assigned Roles <span tooltip-placement="right" tooltip="Assigned application roles." class="fa fa-info-circle"></span></label>
<select id="app-assigned" class="form-control" multiple size=5
ng-multiple="true"
ng-model="selectedApplicationMappings"
ng-options="r.name for r in applicationMappings">
</select>
</div>
<div class="middle-buttons">
-
</div>
<div class="select-title">
<label class="control-label" for="app-composite">Effective Roles <span tooltip-placement="right" tooltip="Assigned application roles that may have been inherited from a composite role." class="fa fa-info-circle"></span></label>
<select id="app-composite" class="form-control" multiple size=5
ng-disabled="true"
ng-model="dummymodel"
ng-options="r.name for r in applicationComposite">
</select>
</div>
</div>
</div>
</fieldset>
</form>
</div>
</div>

9
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-menu.html
View file

@ -7,12 +7,9 @@
|| path[2] == 'keys-settings' || path[2] == 'smtp-settings' || path[2] == 'ldap-settings' || path[2] == 'auth-settings') && path[3] != 'applications') && 'active'">
<a href="#/realms/{{realm.realm}}">Settings</a>
</li>
<li data-ng-show="access.viewUsers" data-ng-class="(path[2] == 'users' || path[1] == 'user') && 'active'"><a href="#/realms/{{realm.realm}}/users">Users</a>
</li>
<li data-ng-show="access.viewRealm" data-ng-class="(path[2] == 'roles' || (path[1] == 'role' && path[3] != 'applications')) && 'active'"><a href="#/realms/{{realm.realm}}/roles">Roles</a>
</li>
<li data-ng-show="access.viewApplications" data-ng-class="(path[2] == 'applications' || path[1] == 'application' || path[3] == 'applications') && 'active'"><a href="#/realms/{{realm.realm}}/applications">Applications</a></li>
<li data-ng-show="access.viewClients" data-ng-class="(path[2] == 'oauth-clients' || path[1] == 'oauth-client') && 'active'"><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li data-ng-show="access.viewUsers" data-ng-class="(path[2] == 'users' || path[1] == 'user') && 'active'"><a href="#/realms/{{realm.realm}}/users">Users</a></li>
<li data-ng-show="access.viewClients" data-ng-class="(path[2] == 'applications' || path[1] == 'application' || path[3] == 'applications') && 'active'"><a href="#/realms/{{realm.realm}}/applications">Clients</a></li>
<li data-ng-show="access.viewRealm" data-ng-class="(path[2] == 'roles' || (path[1] == 'role' && path[3] != 'applications')) && 'active'"><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
<li data-ng-show="access.viewRealm" data-ng-class="(path[2] == 'sessions' || path[2] == 'token-settings') && 'active'"><a href="#/realms/{{realm.realm}}/sessions/realm">Sessions and Tokens</a></li>
<li data-ng-show="access.viewRealm" data-ng-class="(path[2] == 'defense') && 'active'"><a href="#/realms/{{realm.realm}}/defense/headers">Security Defenses</a></li>
<li data-ng-show="access.viewEvents" data-ng-class="(path[2] == 'events' || path[2] == 'events-settings') && 'active'"><a href="#/realms/{{realm.realm}}/events">Events</a></li>

2
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/session-revocation.html
View file

@ -18,7 +18,7 @@
<span tooltip-placement="right" tooltip="Revoke any tokens issued before this date." class="fa fa-info-circle"></span>
</div>
</fieldset>
<div class="pull-right form-actions" data-ng-show="access.manageApplications">
<div class="pull-right form-actions" data-ng-show="access.manageClients">
<button type="submit" data-ng-click="clear()" class="btn btn-default btn-lg">Clear
</button>
<button type="submit" data-ng-click="setNotBeforeNow()" class="btn btn-primary btn-lg">Set To Now

9
forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-navigation-oauth-client.html
View file

@ -1,9 +0,0 @@
<ul class="nav nav-tabs nav-tabs-pf" data-ng-show="!create">
<li ng-class="{active: !path[4]}"><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}">Settings</a></li>
<li ng-class="{active: path[4] == 'credentials'}" data-ng-show="!oauth.publicClient"><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}/credentials">Credentials</a></li>
<li ng-class="{active: path[4] == 'mappers'}" data-ng-show="!oauth.bearerOnly"><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}/mappers">Mappers</a></li>
<li ng-class="{active: path[4] == 'scope-mappings'}"><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}/scope-mappings">Scope</a></li>
<li ng-class="{active: path[4] == 'revocation'}"><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}/revocation">Revocation</a></li>
<!-- <li ng-class="{active: path[4] == 'identity-provider'}" data-ng-show="realm.identityFederationEnabled"><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}/identity-provider">Identity Provider</a></li> -->
<li ng-class="{active: path[4] == 'installation'}"><a href="#/realms/{{realm.realm}}/oauth-clients/{{oauth.id}}/installation">Installation</a></li>
</ul>

12
forms/common-themes/src/main/resources/theme/base/login/login.ftl
View file

@ -1,17 +1,9 @@
<#import "template.ftl" as layout>
<@layout.registrationLayout displayInfo=social.displayInfo; section>
<#if section = "title">
<#if client.application>
${msg("loginTitle",(realm.name!''))}
<#elseif client.oauthClient>
${msg("loginOauthTitle",(realm.name!''))}
</#if>
${msg("loginTitle",(realm.name!''))}
<#elseif section = "header">
<#if client.application>
${msg("loginTitleHtml",(realm.name!''))}
<#elseif client.oauthClient>
${msg("loginOauthTitleHtml",(realm.name!''), (client.clientId!''))}
</#if>
${msg("loginTitleHtml",(realm.name!''))}
<#elseif section = "form">
<#if realm.password>
<form id="kc-form-login" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">

2
forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties
View file

@ -11,7 +11,7 @@ registerWithTitle=Registrierung bei {0}
registerWithTitleHtml=Registrierung bei <strong>{0}</strong>
loginTitle=Anmeldung bei {0}
loginTitleHtml=Anmeldung bei <strong>{0}</strong>
loginOauthTitle=Tempor\u00E4rer zugriff auf {0}
loginOauthTitle=
loginOauthTitleHtml=Tempor\u00E4rer zugriff auf <strong>{0}</strong> angefordert von <strong>{1}</strong>.
loginTotpTitle=Mobile Authentifizierung Einrichten
loginProfileTitle=Benutzerkonto Informationen aktualisieren

2
forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties
View file

@ -11,8 +11,6 @@ registerWithTitle=Register with {0}
registerWithTitleHtml=Register with <strong>{0}</strong>
loginTitle=Log in to {0}
loginTitleHtml=Log in to <strong>{0}</strong>
loginOauthTitle=Temporary access for {0}
loginOauthTitleHtml=Temporary access for <strong>{0}</strong> requested by <strong>{1}</strong>.
loginTotpTitle=Mobile Authenticator Setup
loginProfileTitle=Update Account Information
oauthGrantTitle=OAuth Grant

35
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java
View file

@ -1,23 +1,5 @@
package org.keycloak.login.freemarker;
import java.io.IOException;
import java.net.URI;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.keycloak.OAuth2Constants;
@ -57,6 +39,23 @@ import org.keycloak.models.utils.FormMessage;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.flows.Urls;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
import java.net.URI;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/

16
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/ClientBean.java
View file

@ -1,37 +1,25 @@
package org.keycloak.login.freemarker.model;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.OAuthClientModel;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ClientBean {
protected ClientModel client;
public ClientBean(ClientModel client) {
this.client = client;
}
public boolean isApplication() {
return client instanceof ApplicationModel;
}
public boolean isOauthClient() {
return client instanceof OAuthClientModel;
}
public String getClientId() {
return client.getClientId();
}
public String getBaseUrl() {
if (client instanceof ApplicationModel) {
return ((ApplicationModel) client).getBaseUrl();
}
return null;
return client.getBaseUrl();
}
}

4
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/IdentityProviderBean.java
View file

@ -21,10 +21,6 @@
*/
package org.keycloak.login.freemarker.model;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.RealmModel;
import org.keycloak.services.resources.flows.Urls;

57
integration/admin-client/src/main/java/org/keycloak/admin/client/resource/OAuthClientResource.java
View file

@ -1,57 +0,0 @@
package org.keycloak.admin.client.resource;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.OAuthClientRepresentation;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
/**
* @author rodrigo.sasaki@icarros.com.br
*/
public interface OAuthClientResource {
@Path("protocol-mappers")
public ProtocolMappersResource getProtocolMappers();
// TODO
// @Path("certificates/{attr}")
// public ClientAttributeCertificateResource getCertficateResource(@PathParam("attr") String attributePrefix);
@GET
@Produces(MediaType.APPLICATION_JSON)
public OAuthClientRepresentation toRepresentation();
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public void update(OAuthClientRepresentation oAuthClientRepresentation);
@DELETE
public void remove();
@POST
@Path("client-secret")
@Consumes("application/json")
@Produces(MediaType.APPLICATION_JSON)
public CredentialRepresentation generateNewSecret();
@GET
@Path("client-secret")
@Produces(MediaType.APPLICATION_JSON)
public CredentialRepresentation getSecret();
@GET
@Path("installation")
@Produces(MediaType.APPLICATION_JSON)
public String getInstallationJson();
@Path("/scope-mappings")
public RoleMappingResource getScopeMappings();
}

30
integration/admin-client/src/main/java/org/keycloak/admin/client/resource/OAuthClientsResource.java
View file

@ -1,30 +0,0 @@
package org.keycloak.admin.client.resource;
import org.keycloak.representations.idm.OAuthClientRepresentation;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import java.util.List;
/**
* @author rodrigo.sasaki@icarros.com.br
*/
public interface OAuthClientsResource {
@GET
@Produces(MediaType.APPLICATION_JSON)
public List<OAuthClientRepresentation> findAll();
@POST
@Consumes(MediaType.APPLICATION_JSON)
public void create(OAuthClientRepresentation oAuthClientRepresentation);
@Path("{oAuthClientId}")
public OAuthClientResource get(@PathParam("oAuthClientId") String oAuthClientId);
}

3
integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RealmResource.java
View file

@ -29,9 +29,6 @@ public interface RealmResource {
@Path("users")
public UsersResource users();
@Path("oauth-clients")
public OAuthClientsResource oAuthClients();
@Path("roles")
public RolesResource roles();

4
model/api/src/main/java/org/keycloak/models/AdminRoles.java
View file

@ -16,18 +16,16 @@ public class AdminRoles {
public static String VIEW_REALM = "view-realm";
public static String VIEW_USERS = "view-users";
public static String VIEW_APPLICATIONS = "view-applications";
public static String VIEW_CLIENTS = "view-clients";
public static String VIEW_EVENTS = "view-events";
public static String VIEW_IDENTITY_PROVIDERS = "view-identity-providers";
public static String MANAGE_REALM = "manage-realm";
public static String MANAGE_USERS = "manage-users";
public static String MANAGE_APPLICATIONS = "manage-applications";
public static String MANAGE_IDENTITY_PROVIDERS = "manage-identity-providers";
public static String MANAGE_CLIENTS = "manage-clients";
public static String MANAGE_EVENTS = "manage-events";
public static String[] ALL_REALM_ROLES = {VIEW_REALM, VIEW_USERS, VIEW_APPLICATIONS, VIEW_CLIENTS, VIEW_EVENTS, VIEW_IDENTITY_PROVIDERS, MANAGE_REALM, MANAGE_USERS, MANAGE_APPLICATIONS, MANAGE_CLIENTS, MANAGE_EVENTS, MANAGE_IDENTITY_PROVIDERS};
public static String[] ALL_REALM_ROLES = {VIEW_REALM, VIEW_USERS, VIEW_CLIENTS, VIEW_EVENTS, VIEW_IDENTITY_PROVIDERS, MANAGE_REALM, MANAGE_USERS, MANAGE_CLIENTS, MANAGE_EVENTS, MANAGE_IDENTITY_PROVIDERS};
}

56
model/api/src/main/java/org/keycloak/models/ApplicationModel.java
View file

@ -1,56 +0,0 @@
package org.keycloak.models;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ApplicationModel extends RoleContainerModel, ClientModel {
void updateApplication();
String getName();
void setName(String name);
boolean isSurrogateAuthRequired();
void setSurrogateAuthRequired(boolean surrogateAuthRequired);
String getManagementUrl();
void setManagementUrl(String url);
String getBaseUrl();
void setBaseUrl(String url);
List<String> getDefaultRoles();
void addDefaultRole(String name);
void updateDefaultRoles(String[] defaultRoles);
Set<RoleModel> getApplicationScopeMappings(ClientModel client);
boolean isBearerOnly();
void setBearerOnly(boolean only);
int getNodeReRegistrationTimeout();
void setNodeReRegistrationTimeout(int timeout);
Map<String, Integer> getRegisteredNodes();
/**
* Register node or just update the 'lastReRegistration' time if this node is already registered
*
* @param nodeHost
* @param registrationTime
*/
void registerNode(String nodeHost, int registrationTime);
void unregisterNode(String nodeHost);
}

62
model/api/src/main/java/org/keycloak/models/ClientModel.java
View file

@ -8,7 +8,7 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ClientModel {
public interface ClientModel extends RoleContainerModel {
// COMMON ATTRIBUTES
@ -16,20 +16,22 @@ public interface ClientModel {
String PUBLIC_KEY = "publicKey";
String X509CERTIFICATE = "X509Certificate";
/**
* Internal database key
*
* @return
*/
void updateApplication();
String getId();
/**
* String exposed to outside world
*
* @return
*/
String getClientId();
void setClientId(String clientId);
boolean isEnabled();
void setEnabled(boolean enabled);
boolean isSurrogateAuthRequired();
void setSurrogateAuthRequired(boolean surrogateAuthRequired);
Set<String> getWebOrigins();
void setWebOrigins(Set<String> webOrigins);
@ -46,10 +48,28 @@ public interface ClientModel {
void removeRedirectUri(String redirectUri);
String getManagementUrl();
boolean isEnabled();
void setManagementUrl(String url);
void setEnabled(boolean enabled);
String getBaseUrl();
void setBaseUrl(String url);
List<String> getDefaultRoles();
void addDefaultRole(String name);
void updateDefaultRoles(String[] defaultRoles);
Set<RoleModel> getApplicationScopeMappings(ClientModel client);
boolean isBearerOnly();
void setBearerOnly(boolean only);
int getNodeReRegistrationTimeout();
void setNodeReRegistrationTimeout(int timeout);
boolean validateSecret(String secret);
String getSecret();
@ -76,13 +96,15 @@ public interface ClientModel {
boolean isDirectGrantsOnly();
void setDirectGrantsOnly(boolean flag);
boolean isConsentRequired();
void setConsentRequired(boolean consentRequired);
Set<RoleModel> getScopeMappings();
void addScopeMapping(RoleModel role);
void deleteScopeMapping(RoleModel role);
Set<RoleModel> getRealmScopeMappings();
boolean hasScope(RoleModel role);
RealmModel getRealm();
/**
@ -104,4 +126,16 @@ public interface ClientModel {
void updateProtocolMapper(ProtocolMapperModel mapping);
public ProtocolMapperModel getProtocolMapperById(String id);
public ProtocolMapperModel getProtocolMapperByName(String protocol, String name);
Map<String, Integer> getRegisteredNodes();
/**
* Register node or just update the 'lastReRegistration' time if this node is already registered
*
* @param nodeHost
* @param registrationTime
*/
void registerNode(String nodeHost, int registrationTime);
void unregisterNode(String nodeHost);
}

10
model/api/src/main/java/org/keycloak/models/OAuthClientModel.java
View file

@ -1,10 +0,0 @@
package org.keycloak.models;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface OAuthClientModel extends ClientModel {
void setClientId(String id);
}

39
model/api/src/main/java/org/keycloak/models/RealmModel.java
View file

@ -19,15 +19,10 @@ public interface RealmModel extends RoleContainerModel {
interface RealmCreationEvent extends ProviderEvent {
RealmModel getCreatedRealm();
}
interface ClientCreationEvent extends ProviderEvent {
ClientModel getCreatedClient();
}
interface ApplicationCreationEvent extends ClientCreationEvent {
ApplicationModel getCreatedApplication();
}
interface OAuthClientCreationEvent extends ClientCreationEvent {
OAuthClientModel getCreatedOAuthClient();
}
String getId();
@ -150,33 +145,21 @@ public interface RealmModel extends RoleContainerModel {
void updateDefaultRoles(String[] defaultRoles);
ClientModel findClient(String clientId);
Map<String, ClientModel> getClientNameMap();
Map<String, ApplicationModel> getApplicationNameMap();
List<ClientModel> getClients();
List<ApplicationModel> getApplications();
ClientModel addClient(String name);
ApplicationModel addApplication(String name);
ClientModel addClient(String id, String clientId);
ApplicationModel addApplication(String id, String name);
boolean removeClient(String id);
boolean removeApplication(String id);
ApplicationModel getApplicationById(String id);
ApplicationModel getApplicationByName(String name);
ClientModel getClientById(String id);
ClientModel getClientByClientId(String clientId);
void updateRequiredCredentials(Set<String> creds);
OAuthClientModel addOAuthClient(String name);
OAuthClientModel addOAuthClient(String id, String name);
OAuthClientModel getOAuthClient(String name);
OAuthClientModel getOAuthClientById(String id);
boolean removeOAuthClient(String id);
List<OAuthClientModel> getOAuthClients();
Map<String, String> getBrowserSecurityHeaders();
void setBrowserSecurityHeaders(Map<String, String> headers);
@ -249,11 +232,9 @@ public interface RealmModel extends RoleContainerModel {
void setEnabledEventTypes(Set<String> enabledEventTypes);
ApplicationModel getMasterAdminApp();
ClientModel getMasterAdminApp();
void setMasterAdminApp(ApplicationModel app);
ClientModel findClientById(String id);
void setMasterAdminApp(ClientModel app);
boolean isIdentityFederationEnabled();

4
model/api/src/main/java/org/keycloak/models/RealmProvider.java
View file

@ -1,7 +1,6 @@
package org.keycloak.models;
import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderEvent;
import java.util.List;
@ -19,8 +18,7 @@ public interface RealmProvider extends Provider {
RealmModel getRealmByName(String name);
RoleModel getRoleById(String id, RealmModel realm);
ApplicationModel getApplicationById(String id, RealmModel realm);
OAuthClientModel getOAuthClientById(String id, RealmModel realm);
ClientModel getClientById(String id, RealmModel realm);
List<RealmModel> getRealms();
boolean removeRealm(String id);

2
model/api/src/main/java/org/keycloak/models/UserModel.java
View file

@ -66,7 +66,7 @@ public interface UserModel {
void updateCredentialDirectly(UserCredentialValueModel cred);
Set<RoleModel> getRealmRoleMappings();
Set<RoleModel> getApplicationRoleMappings(ApplicationModel app);
Set<RoleModel> getApplicationRoleMappings(ClientModel app);
boolean hasRole(RoleModel role);
void grantRole(RoleModel role);
Set<RoleModel> getRoleMappings();

1
model/api/src/main/java/org/keycloak/models/UserSessionProvider.java
View file

@ -3,7 +3,6 @@ package org.keycloak.models;
import org.keycloak.provider.Provider;
import java.util.List;
import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>

159
model/api/src/main/java/org/keycloak/models/entities/ApplicationEntity.java
View file

@ -1,18 +1,31 @@
package org.keycloak.models.entities;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class ApplicationEntity extends ClientEntity {
public class ApplicationEntity extends AbstractIdentifiableEntity {
private String name;
private String realmId;
private boolean enabled;
private String secret;
private String protocol;
private int notBefore;
private boolean publicClient;
private boolean fullScopeAllowed;
private boolean frontchannelLogout;
private boolean surrogateAuthRequired;
private String managementUrl;
private String baseUrl;
private boolean bearerOnly;
private boolean consentRequired;
private boolean directGrantsOnly;
private int nodeReRegistrationTimeout;
// We are using names of defaultRoles (not ids)
@ -20,6 +33,134 @@ public class ApplicationEntity extends ClientEntity {
private Map<String, Integer> registeredNodes;
private Map<String, String> attributes = new HashMap<String, String>();
private List<String> webOrigins = new ArrayList<String>();
private List<String> redirectUris = new ArrayList<String>();
private List<String> scopeIds = new ArrayList<String>();
private List<ClientIdentityProviderMappingEntity> identityProviders = new ArrayList<ClientIdentityProviderMappingEntity>();
private List<ProtocolMapperEntity> protocolMappers = new ArrayList<ProtocolMapperEntity>();
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public boolean isEnabled() {
return enabled;
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
public String getSecret() {
return secret;
}
public void setSecret(String secret) {
this.secret = secret;
}
public int getNotBefore() {
return notBefore;
}
public void setNotBefore(int notBefore) {
this.notBefore = notBefore;
}
public boolean isPublicClient() {
return publicClient;
}
public void setPublicClient(boolean publicClient) {
this.publicClient = publicClient;
}
public String getRealmId() {
return realmId;
}
public void setRealmId(String realmId) {
this.realmId = realmId;
}
public List<String> getWebOrigins() {
return webOrigins;
}
public void setWebOrigins(List<String> webOrigins) {
this.webOrigins = webOrigins;
}
public List<String> getRedirectUris() {
return redirectUris;
}
public void setRedirectUris(List<String> redirectUris) {
this.redirectUris = redirectUris;
}
public List<String> getScopeIds() {
return scopeIds;
}
public void setScopeIds(List<String> scopeIds) {
this.scopeIds = scopeIds;
}
public boolean isFullScopeAllowed() {
return fullScopeAllowed;
}
public void setFullScopeAllowed(boolean fullScopeAllowed) {
this.fullScopeAllowed = fullScopeAllowed;
}
public String getProtocol() {
return protocol;
}
public void setProtocol(String protocol) {
this.protocol = protocol;
}
public Map<String, String> getAttributes() {
return attributes;
}
public void setAttributes(Map<String, String> attributes) {
this.attributes = attributes;
}
public boolean isFrontchannelLogout() {
return frontchannelLogout;
}
public void setFrontchannelLogout(boolean frontchannelLogout) {
this.frontchannelLogout = frontchannelLogout;
}
public List<ClientIdentityProviderMappingEntity> getIdentityProviders() {
return this.identityProviders;
}
public void setIdentityProviders(List<ClientIdentityProviderMappingEntity> identityProviders) {
this.identityProviders = identityProviders;
}
public List<ProtocolMapperEntity> getProtocolMappers() {
return protocolMappers;
}
public void setProtocolMappers(List<ProtocolMapperEntity> protocolMappers) {
this.protocolMappers = protocolMappers;
}
public boolean isSurrogateAuthRequired() {
return surrogateAuthRequired;
}
@ -52,6 +193,22 @@ public class ApplicationEntity extends ClientEntity {
this.bearerOnly = bearerOnly;
}
public boolean isConsentRequired() {
return consentRequired;
}
public void setConsentRequired(boolean consentRequired) {
this.consentRequired = consentRequired;
}
public boolean isDirectGrantsOnly() {
return directGrantsOnly;
}
public void setDirectGrantsOnly(boolean directGrantsOnly) {
this.directGrantsOnly = directGrantsOnly;
}
public List<String> getDefaultRoles() {
return defaultRoles;
}

154
model/api/src/main/java/org/keycloak/models/entities/ClientEntity.java
View file

@ -1,154 +0,0 @@
package org.keycloak.models.entities;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class ClientEntity extends AbstractIdentifiableEntity {
private String name;
private boolean enabled;
private String secret;
private String protocol;
private long allowedClaimsMask;
private int notBefore;
private boolean publicClient;
private boolean fullScopeAllowed;
private boolean frontchannelLogout;
private String realmId;
private Map<String, String> attributes = new HashMap<String, String>();
private List<String> webOrigins = new ArrayList<String>();
private List<String> redirectUris = new ArrayList<String>();
private List<String> scopeIds = new ArrayList<String>();
private List<ClientIdentityProviderMappingEntity> identityProviders = new ArrayList<ClientIdentityProviderMappingEntity>();
private List<ProtocolMapperEntity> protocolMappers = new ArrayList<ProtocolMapperEntity>();
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public boolean isEnabled() {
return enabled;
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
public String getSecret() {
return secret;
}
public void setSecret(String secret) {
this.secret = secret;
}
public int getNotBefore() {
return notBefore;
}
public void setNotBefore(int notBefore) {
this.notBefore = notBefore;
}
public boolean isPublicClient() {
return publicClient;
}
public void setPublicClient(boolean publicClient) {
this.publicClient = publicClient;
}
public String getRealmId() {
return realmId;
}
public void setRealmId(String realmId) {
this.realmId = realmId;
}
public List<String> getWebOrigins() {
return webOrigins;
}
public void setWebOrigins(List<String> webOrigins) {
this.webOrigins = webOrigins;
}
public List<String> getRedirectUris() {
return redirectUris;
}
public void setRedirectUris(List<String> redirectUris) {
this.redirectUris = redirectUris;
}
public List<String> getScopeIds() {
return scopeIds;
}
public void setScopeIds(List<String> scopeIds) {
this.scopeIds = scopeIds;
}
public boolean isFullScopeAllowed() {
return fullScopeAllowed;
}
public void setFullScopeAllowed(boolean fullScopeAllowed) {
this.fullScopeAllowed = fullScopeAllowed;
}
public String getProtocol() {
return protocol;
}
public void setProtocol(String protocol) {
this.protocol = protocol;
}
public Map<String, String> getAttributes() {
return attributes;
}
public void setAttributes(Map<String, String> attributes) {
this.attributes = attributes;
}
public boolean isFrontchannelLogout() {
return frontchannelLogout;
}
public void setFrontchannelLogout(boolean frontchannelLogout) {
this.frontchannelLogout = frontchannelLogout;
}
public List<ClientIdentityProviderMappingEntity> getIdentityProviders() {
return this.identityProviders;
}
public void setIdentityProviders(List<ClientIdentityProviderMappingEntity> identityProviders) {
this.identityProviders = identityProviders;
}
public List<ProtocolMapperEntity> getProtocolMappers() {
return protocolMappers;
}
public void setProtocolMappers(List<ProtocolMapperEntity> protocolMappers) {
this.protocolMappers = protocolMappers;
}
}

16
model/api/src/main/java/org/keycloak/models/entities/OAuthClientEntity.java
View file

@ -1,16 +0,0 @@
package org.keycloak.models.entities;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class OAuthClientEntity extends ClientEntity {
protected boolean directGrantsOnly;
public boolean isDirectGrantsOnly() {
return directGrantsOnly;
}
public void setDirectGrantsOnly(boolean directGrantsOnly) {
this.directGrantsOnly = directGrantsOnly;
}
}

11
model/api/src/main/java/org/keycloak/models/entities/RoleEntity.java
View file

@ -13,7 +13,7 @@ public class RoleEntity extends AbstractIdentifiableEntity {
private List<String> compositeRoleIds;
private String realmId;
private String applicationId;
private String clientId;
public String getName() {
return name;
@ -47,11 +47,12 @@ public class RoleEntity extends AbstractIdentifiableEntity {
this.realmId = realmId;
}
public String getApplicationId() {
return applicationId;
public String getClientId() {
return clientId;
}
public void setApplicationId(String applicationId) {
this.applicationId = applicationId;
public void setClientId(String clientId) {
this.clientId = clientId;
}
}

6
model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
View file

@ -1,8 +1,6 @@
package org.keycloak.models.utils;
import org.bouncycastle.openssl.PEMWriter;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
@ -174,8 +172,8 @@ public final class KeycloakModelUtils {
return UUID.randomUUID().toString();
}
public static ApplicationModel createApplication(RealmModel realm, String name) {
ApplicationModel app = realm.addApplication(name);
public static ClientModel createApplication(RealmModel realm, String name) {
ClientModel app = realm.addClient(name);
generateSecret(app);
app.setFullScopeAllowed(true);

101
model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
View file

@ -1,13 +1,10 @@
package org.keycloak.models.utils;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.ClientIdentityProviderMappingModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientIdentityProviderMappingModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
@ -17,12 +14,10 @@ import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.representations.idm.ClaimRepresentation;
import org.keycloak.representations.idm.ClientIdentityProviderMappingRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.FederatedIdentityRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.OAuthClientRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
@ -217,57 +212,54 @@ public class ModelToRepresentation {
rep.setIpAddress(session.getIpAddress());
for (ClientSessionModel clientSession : session.getClientSessions()) {
ClientModel client = clientSession.getClient();
if (client instanceof ApplicationModel) {
rep.getApplications().put(client.getId(), client.getClientId());
} else if (client instanceof OAuthClientModel) {
rep.getClients().put(client.getId(), client.getClientId());
}
rep.getApplications().put(client.getId(), client.getClientId());
}
return rep;
}
public static ApplicationRepresentation toRepresentation(ApplicationModel applicationModel) {
public static ApplicationRepresentation toRepresentation(ClientModel clientModel) {
ApplicationRepresentation rep = new ApplicationRepresentation();
rep.setId(applicationModel.getId());
rep.setName(applicationModel.getName());
rep.setEnabled(applicationModel.isEnabled());
rep.setAdminUrl(applicationModel.getManagementUrl());
rep.setPublicClient(applicationModel.isPublicClient());
rep.setFrontchannelLogout(applicationModel.isFrontchannelLogout());
rep.setProtocol(applicationModel.getProtocol());
rep.setAttributes(applicationModel.getAttributes());
rep.setFullScopeAllowed(applicationModel.isFullScopeAllowed());
rep.setBearerOnly(applicationModel.isBearerOnly());
rep.setSurrogateAuthRequired(applicationModel.isSurrogateAuthRequired());
rep.setBaseUrl(applicationModel.getBaseUrl());
rep.setNotBefore(applicationModel.getNotBefore());
rep.setNodeReRegistrationTimeout(applicationModel.getNodeReRegistrationTimeout());
rep.setId(clientModel.getId());
rep.setName(clientModel.getClientId());
rep.setEnabled(clientModel.isEnabled());
rep.setAdminUrl(clientModel.getManagementUrl());
rep.setPublicClient(clientModel.isPublicClient());
rep.setFrontchannelLogout(clientModel.isFrontchannelLogout());
rep.setProtocol(clientModel.getProtocol());
rep.setAttributes(clientModel.getAttributes());
rep.setFullScopeAllowed(clientModel.isFullScopeAllowed());
rep.setBearerOnly(clientModel.isBearerOnly());
rep.setConsentRequired(clientModel.isConsentRequired());
rep.setSurrogateAuthRequired(clientModel.isSurrogateAuthRequired());
rep.setBaseUrl(clientModel.getBaseUrl());
rep.setNotBefore(clientModel.getNotBefore());
rep.setNodeReRegistrationTimeout(clientModel.getNodeReRegistrationTimeout());
Set<String> redirectUris = applicationModel.getRedirectUris();
Set<String> redirectUris = clientModel.getRedirectUris();
if (redirectUris != null) {
rep.setRedirectUris(new LinkedList<String>(redirectUris));
}
Set<String> webOrigins = applicationModel.getWebOrigins();
Set<String> webOrigins = clientModel.getWebOrigins();
if (webOrigins != null) {
rep.setWebOrigins(new LinkedList<String>(webOrigins));
}
if (!applicationModel.getDefaultRoles().isEmpty()) {
rep.setDefaultRoles(applicationModel.getDefaultRoles().toArray(new String[0]));
if (!clientModel.getDefaultRoles().isEmpty()) {
rep.setDefaultRoles(clientModel.getDefaultRoles().toArray(new String[0]));
}
if (!applicationModel.getRegisteredNodes().isEmpty()) {
rep.setRegisteredNodes(new HashMap<String, Integer>(applicationModel.getRegisteredNodes()));
if (!clientModel.getRegisteredNodes().isEmpty()) {
rep.setRegisteredNodes(new HashMap<String, Integer>(clientModel.getRegisteredNodes()));
}
if (!applicationModel.getIdentityProviders().isEmpty()) {
rep.setIdentityProviders(toRepresentation(applicationModel.getIdentityProviders()));
if (!clientModel.getIdentityProviders().isEmpty()) {
rep.setIdentityProviders(toRepresentation(clientModel.getIdentityProviders()));
}
if (!applicationModel.getProtocolMappers().isEmpty()) {
if (!clientModel.getProtocolMappers().isEmpty()) {
List<ProtocolMapperRepresentation> mappings = new LinkedList<ProtocolMapperRepresentation>();
for (ProtocolMapperModel model : applicationModel.getProtocolMappers()) {
for (ProtocolMapperModel model : clientModel.getProtocolMappers()) {
mappings.add(toRepresentation(model));
}
rep.setProtocolMappers(mappings);
@ -291,43 +283,6 @@ public class ModelToRepresentation {
return representations;
}
public static OAuthClientRepresentation toRepresentation(OAuthClientModel model) {
OAuthClientRepresentation rep = new OAuthClientRepresentation();
rep.setId(model.getId());
rep.setName(model.getClientId());
rep.setEnabled(model.isEnabled());
rep.setPublicClient(model.isPublicClient());
rep.setFrontchannelLogout(model.isFrontchannelLogout());
rep.setProtocol(model.getProtocol());
rep.setAttributes(model.getAttributes());
rep.setFullScopeAllowed(model.isFullScopeAllowed());
rep.setDirectGrantsOnly(model.isDirectGrantsOnly());
Set<String> redirectUris = model.getRedirectUris();
if (redirectUris != null) {
rep.setRedirectUris(new LinkedList<String>(redirectUris));
}
Set<String> webOrigins = model.getWebOrigins();
if (webOrigins != null) {
rep.setWebOrigins(new LinkedList<String>(webOrigins));
}
rep.setNotBefore(model.getNotBefore());
if (!model.getIdentityProviders().isEmpty()) {
rep.setIdentityProviders(toRepresentation(model.getIdentityProviders()));
}
if (!model.getProtocolMappers().isEmpty()) {
List<ProtocolMapperRepresentation> mappings = new LinkedList<ProtocolMapperRepresentation>();
for (ProtocolMapperModel mapper : model.getProtocolMappers()) {
mappings.add(toRepresentation(mapper));
}
rep.setProtocolMappers(mappings);
}
return rep;
}
public static UserFederationProviderRepresentation toRepresentation(UserFederationProviderModel model) {
UserFederationProviderRepresentation rep = new UserFederationProviderRepresentation();
rep.setId(model.getId());

56
model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -4,7 +4,6 @@ import net.iharder.Base64;
import org.jboss.logging.Logger;
import org.keycloak.enums.SslRequired;
import org.keycloak.migration.MigrationProvider;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.BrowserSecurityHeaders;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.ClientIdentityProviderMappingModel;
@ -12,7 +11,6 @@ import org.keycloak.models.ClientModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
@ -130,7 +128,7 @@ public class RepresentationToModel {
importIdentityProviders(rep, newRealm);
if (rep.getApplications() != null) {
Map<String, ApplicationModel> appMap = createApplications(session, rep, newRealm);
Map<String, ClientModel> appMap = createApplications(session, rep, newRealm);
}
if (rep.getRoles() != null) {
@ -141,7 +139,7 @@ public class RepresentationToModel {
}
if (rep.getRoles().getApplication() != null) {
for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
ClientModel app = newRealm.getClientByClientId(entry.getKey());
if (app == null) {
throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
}
@ -161,7 +159,7 @@ public class RepresentationToModel {
}
if (rep.getRoles().getApplication() != null) {
for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
ClientModel app = newRealm.getClientByClientId(entry.getKey());
if (app == null) {
throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
}
@ -183,7 +181,7 @@ public class RepresentationToModel {
if (rep.getApplications() != null) {
for (ApplicationRepresentation resourceRep : rep.getApplications()) {
if (resourceRep.getDefaultRoles() != null) {
ApplicationModel appModel = newRealm.getApplicationByName(resourceRep.getName());
ClientModel appModel = newRealm.getClientByClientId(resourceRep.getName());
appModel.updateDefaultRoles(resourceRep.getDefaultRoles());
}
}
@ -196,12 +194,12 @@ public class RepresentationToModel {
// Now that all possible roles and applications are created, create scope mappings
Map<String, ApplicationModel> appMap = newRealm.getApplicationNameMap();
Map<String, ClientModel> appMap = newRealm.getClientNameMap();
if (rep.getApplicationScopeMappings() != null) {
for (Map.Entry<String, List<ScopeMappingRepresentation>> entry : rep.getApplicationScopeMappings().entrySet()) {
ApplicationModel app = appMap.get(entry.getKey());
ClientModel app = appMap.get(entry.getKey());
if (app == null) {
throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
}
@ -211,7 +209,7 @@ public class RepresentationToModel {
if (rep.getScopeMappings() != null) {
for (ScopeMappingRepresentation scope : rep.getScopeMappings()) {
ClientModel client = newRealm.findClient(scope.getClient());
ClientModel client = newRealm.getClientByClientId(scope.getClient());
if (client == null) {
throw new RuntimeException("Unknown client specification in realm scope mappings");
}
@ -434,7 +432,7 @@ public class RepresentationToModel {
}
if (roleRep.getComposites().getApplication() != null) {
for (Map.Entry<String, List<String>> entry : roleRep.getComposites().getApplication().entrySet()) {
ApplicationModel app = realm.getApplicationByName(entry.getKey());
ClientModel app = realm.getClientByClientId(entry.getKey());
if (app == null) {
throw new RuntimeException("App doesn't exist in role definitions: " + roleRep.getName());
}
@ -452,11 +450,11 @@ public class RepresentationToModel {
// APPLICATIONS
private static Map<String, ApplicationModel> createApplications(KeycloakSession session, RealmRepresentation rep, RealmModel realm) {
Map<String, ApplicationModel> appMap = new HashMap<String, ApplicationModel>();
private static Map<String, ClientModel> createApplications(KeycloakSession session, RealmRepresentation rep, RealmModel realm) {
Map<String, ClientModel> appMap = new HashMap<String, ClientModel>();
for (ApplicationRepresentation resourceRep : rep.getApplications()) {
ApplicationModel app = createApplication(session, realm, resourceRep, false);
appMap.put(app.getName(), app);
ClientModel app = createApplication(session, realm, resourceRep, false);
appMap.put(app.getClientId(), app);
}
return appMap;
}
@ -468,7 +466,7 @@ public class RepresentationToModel {
* @param resourceRep
* @return
*/
public static ApplicationModel createApplication(KeycloakSession session, RealmModel realm, ApplicationRepresentation resourceRep, boolean addDefaultRoles) {
public static ClientModel createApplication(KeycloakSession session, RealmModel realm, ApplicationRepresentation resourceRep, boolean addDefaultRoles) {
logger.debug("************ CREATE APPLICATION: {0}" + resourceRep.getName());
if (resourceRep.getProtocolMappers() == null) {
@ -478,7 +476,7 @@ public class RepresentationToModel {
}
}
ApplicationModel applicationModel = resourceRep.getId()!=null ? realm.addApplication(resourceRep.getId(), resourceRep.getName()) : realm.addApplication(resourceRep.getName());
ClientModel applicationModel = resourceRep.getId()!=null ? realm.addClient(resourceRep.getId(), resourceRep.getName()) : realm.addClient(resourceRep.getName());
if (resourceRep.isEnabled() != null) applicationModel.setEnabled(resourceRep.isEnabled());
applicationModel.setManagementUrl(resourceRep.getAdminUrl());
if (resourceRep.isSurrogateAuthRequired() != null)
@ -573,10 +571,11 @@ public class RepresentationToModel {
return applicationModel;
}
public static void updateApplication(ApplicationRepresentation rep, ApplicationModel resource) {
if (rep.getName() != null) resource.setName(rep.getName());
public static void updateApplication(ApplicationRepresentation rep, ClientModel resource) {
if (rep.getName() != null) resource.setClientId(rep.getName());
if (rep.isEnabled() != null) resource.setEnabled(rep.isEnabled());
if (rep.isBearerOnly() != null) resource.setBearerOnly(rep.isBearerOnly());
if (rep.isConsentRequired() != null) resource.setConsentRequired(rep.isConsentRequired());
if (rep.isPublicClient() != null) resource.setPublicClient(rep.isPublicClient());
if (rep.isFullScopeAllowed() != null) resource.setFullScopeAllowed(rep.isFullScopeAllowed());
if (rep.isFrontchannelLogout() != null) resource.setFrontchannelLogout(rep.isFrontchannelLogout());
@ -684,14 +683,15 @@ public class RepresentationToModel {
}
}
public static OAuthClientModel createOAuthClient(String id, String name, RealmModel realm) {
OAuthClientModel model = id!=null ? realm.addOAuthClient(id, name) : realm.addOAuthClient(name);
public static ClientModel createOAuthClient(String id, String name, RealmModel realm) {
ClientModel model = id!=null ? realm.addClient(id, name) : realm.addClient(name);
model.setConsentRequired(true);
KeycloakModelUtils.generateSecret(model);
return model;
}
public static OAuthClientModel createOAuthClient(KeycloakSession session, OAuthClientRepresentation rep, RealmModel realm) {
OAuthClientModel model = createOAuthClient(rep.getId(), rep.getName(), realm);
public static ClientModel createOAuthClient(KeycloakSession session, OAuthClientRepresentation rep, RealmModel realm) {
ClientModel model = createOAuthClient(rep.getId(), rep.getName(), realm);
model.updateIdentityProviders(toModel(rep.getIdentityProviders(), realm));
@ -699,7 +699,7 @@ public class RepresentationToModel {
return model;
}
public static void updateOAuthClient(KeycloakSession session, OAuthClientRepresentation rep, OAuthClientModel model) {
public static void updateOAuthClient(KeycloakSession session, OAuthClientRepresentation rep, ClientModel model) {
if (rep.getProtocolMappers() == null) {
List<ProtocolMapperRepresentation> convertedProtocolMappers = convertDeprecatedClaimsMask(session, rep.getClaims());
if (convertedProtocolMappers != null) {
@ -753,9 +753,9 @@ public class RepresentationToModel {
// Scope mappings
public static void createApplicationScopeMappings(RealmModel realm, ApplicationModel applicationModel, List<ScopeMappingRepresentation> mappings) {
public static void createApplicationScopeMappings(RealmModel realm, ClientModel applicationModel, List<ScopeMappingRepresentation> mappings) {
for (ScopeMappingRepresentation mapping : mappings) {
ClientModel client = realm.findClient(mapping.getClient());
ClientModel client = realm.getClientByClientId(mapping.getClient());
if (client == null) {
throw new RuntimeException("Unknown client specified in application scope mappings");
}
@ -771,7 +771,7 @@ public class RepresentationToModel {
// Users
public static UserModel createUser(KeycloakSession session, RealmModel newRealm, UserRepresentation userRep, Map<String, ApplicationModel> appMap) {
public static UserModel createUser(KeycloakSession session, RealmModel newRealm, UserRepresentation userRep, Map<String, ClientModel> appMap) {
convertDeprecatedSocialProviders(userRep);
// Import users just to user storage. Don't federate
@ -814,7 +814,7 @@ public class RepresentationToModel {
}
if (userRep.getApplicationRoles() != null) {
for (Map.Entry<String, List<String>> entry : userRep.getApplicationRoles().entrySet()) {
ApplicationModel app = appMap.get(entry.getKey());
ClientModel app = appMap.get(entry.getKey());
if (app == null) {
throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
}
@ -853,7 +853,7 @@ public class RepresentationToModel {
// Role mappings
public static void createApplicationRoleMappings(ApplicationModel applicationModel, UserModel user, List<String> roleNames) {
public static void createApplicationRoleMappings(ClientModel applicationModel, UserModel user, List<String> roleNames) {
if (user == null) {
throw new RuntimeException("User not found");
}

4
model/api/src/main/java/org/keycloak/models/utils/UserModelDelegate.java
View file

@ -1,6 +1,6 @@
package org.keycloak.models.utils;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserCredentialValueModel;
@ -152,7 +152,7 @@ public class UserModelDelegate implements UserModel {
}
@Override
public Set<RoleModel> getApplicationRoleMappings(ApplicationModel app) {
public Set<RoleModel> getApplicationRoleMappings(ClientModel app) {
return delegate.getApplicationRoleMappings(app);
}

24
model/file/src/main/java/org/keycloak/models/file/FileRealmProvider.java
View file

@ -16,21 +16,20 @@
*/
package org.keycloak.models.file;
import org.keycloak.models.file.adapter.RealmAdapter;
import java.util.ArrayList;
import org.keycloak.models.ApplicationModel;
import org.keycloak.connections.file.FileConnectionProvider;
import org.keycloak.connections.file.InMemoryModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
import org.keycloak.models.entities.RealmEntity;
import org.keycloak.models.file.adapter.RealmAdapter;
import org.keycloak.models.utils.KeycloakModelUtils;
import java.util.ArrayList;
import java.util.List;
import org.keycloak.connections.file.FileConnectionProvider;
import org.keycloak.connections.file.InMemoryModel;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.entities.RealmEntity;
/**
* Realm Provider for JSON persistence.
@ -100,13 +99,8 @@ public class FileRealmProvider implements RealmProvider {
}
@Override
public ApplicationModel getApplicationById(String id, RealmModel realm) {
return realm.getApplicationById(id);
}
@Override
public OAuthClientModel getOAuthClientById(String id, RealmModel realm) {
return realm.getOAuthClientById(id);
public ClientModel getClientById(String id, RealmModel realm) {
return realm.getClientById(id);
}
}

4
model/file/src/main/java/org/keycloak/models/file/FileUserProvider.java
View file

@ -36,7 +36,7 @@ import java.util.Set;
import java.util.regex.Pattern;
import org.keycloak.connections.file.FileConnectionProvider;
import org.keycloak.connections.file.InMemoryModel;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.CredentialValidationOutput;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.entities.FederatedIdentityEntity;
@ -276,7 +276,7 @@ public class FileUserProvider implements UserProvider {
userModel.grantRole(realm.getRole(r));
}
for (ApplicationModel application : realm.getApplications()) {
for (ClientModel application : realm.getClients()) {
for (String r : application.getDefaultRoles()) {
userModel.grantRole(application.getRole(r));
}

322
model/file/src/main/java/org/keycloak/models/file/adapter/ApplicationAdapter.java
View file

@ -1,322 +0,0 @@
/*
* Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.models.file.adapter;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.keycloak.connections.file.InMemoryModel;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.entities.ApplicationEntity;
import org.keycloak.models.entities.ClientEntity;
import org.keycloak.models.entities.RoleEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
/**
* ApplicationModel used for JSON persistence.
*
* @author Stan Silvert ssilvert@redhat.com (C) 2015 Red Hat Inc.
*/
public class ApplicationAdapter extends ClientAdapter implements ApplicationModel {
private final ApplicationEntity applicationEntity;
private final InMemoryModel inMemoryModel;
private final Map<String, RoleAdapter> allRoles = new HashMap<String, RoleAdapter>();
public ApplicationAdapter(KeycloakSession session, RealmModel realm, ApplicationEntity applicationEntity, ClientEntity clientEntity, InMemoryModel inMemoryModel) {
super(session, realm, clientEntity);
this.applicationEntity = applicationEntity;
this.inMemoryModel = inMemoryModel;
}
public ApplicationEntity getApplicationEntity() {
return applicationEntity;
}
@Override
public void updateApplication() {
}
@Override
public String getName() {
return applicationEntity.getName();
}
@Override
public void setName(String name) {
if (appNameExists(name)) throw new ModelDuplicateException("Application named " + name + " already exists.");
applicationEntity.setName(name);
}
private boolean appNameExists(String name) {
for (ApplicationModel app : realm.getApplications()) {
if (app == this) continue;
if (app.getName().equals(name)) return true;
}
return false;
}
@Override
public boolean isSurrogateAuthRequired() {
return applicationEntity.isSurrogateAuthRequired();
}
@Override
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
applicationEntity.setSurrogateAuthRequired(surrogateAuthRequired);
}
@Override
public String getManagementUrl() {
return applicationEntity.getManagementUrl();
}
@Override
public void setManagementUrl(String url) {
applicationEntity.setManagementUrl(url);
}
@Override
public void setBaseUrl(String url) {
applicationEntity.setBaseUrl(url);
}
@Override
public String getBaseUrl() {
return applicationEntity.getBaseUrl();
}
@Override
public boolean isBearerOnly() {
return applicationEntity.isBearerOnly();
}
@Override
public void setBearerOnly(boolean only) {
applicationEntity.setBearerOnly(only);
}
@Override
public boolean isPublicClient() {
return applicationEntity.isPublicClient();
}
@Override
public void setPublicClient(boolean flag) {
applicationEntity.setPublicClient(flag);
}
@Override
public boolean isDirectGrantsOnly() {
return false; // applications can't be grant only
}
@Override
public void setDirectGrantsOnly(boolean flag) {
// applications can't be grant only
}
@Override
public RoleAdapter getRole(String name) {
for (RoleAdapter role : allRoles.values()) {
if (role.getName().equals(name)) return role;
}
return null;
}
@Override
public RoleAdapter addRole(String name) {
return this.addRole(KeycloakModelUtils.generateId(), name);
}
@Override
public RoleAdapter addRole(String id, String name) {
if (roleNameExists(name)) throw new ModelDuplicateException("Role named " + name + " already exists.");
RoleEntity roleEntity = new RoleEntity();
roleEntity.setId(id);
roleEntity.setName(name);
roleEntity.setApplicationId(getId());
RoleAdapter role = new RoleAdapter(getRealm(), roleEntity, this);
allRoles.put(id, role);
return role;
}
private boolean roleNameExists(String name) {
for (RoleModel role : allRoles.values()) {
if (role.getName().equals(name)) return true;
}
return false;
}
@Override
public boolean removeRole(RoleModel role) {
boolean removed = (allRoles.remove(role.getId()) != null);
// remove application roles from users
for (UserModel user : inMemoryModel.getUsers(realm.getId())) {
user.deleteRoleMapping(role);
}
// delete scope mappings from applications
for (ApplicationModel app : realm.getApplications()) {
app.deleteScopeMapping(role);
}
// delete scope mappings from oauth clients
for (OAuthClientModel oaClient : realm.getOAuthClients()) {
oaClient.deleteScopeMapping(role);
}
// remove role from the realm
realm.removeRole(role);
this.deleteScopeMapping(role);
return removed;
}
@Override
public Set<RoleModel> getRoles() {
return new HashSet(allRoles.values());
}
@Override
public boolean hasScope(RoleModel role) {
if (super.hasScope(role)) {
return true;
}
Set<RoleModel> roles = getRoles();
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
return false;
}
@Override
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> allScopes = client.getScopeMappings();
Set<RoleModel> appRoles = new HashSet<RoleModel>();
for (RoleModel role : allScopes) {
RoleAdapter roleAdapter = (RoleAdapter)role;
if (getId().equals(roleAdapter.getRoleEntity().getApplicationId())) {
appRoles.add(role);
}
}
return appRoles;
}
@Override
public List<String> getDefaultRoles() {
return applicationEntity.getDefaultRoles();
}
@Override
public void addDefaultRole(String name) {
RoleModel role = getRole(name);
if (role == null) {
addRole(name);
}
List<String> defaultRoles = getDefaultRoles();
if (defaultRoles.contains(name)) return;
String[] defaultRoleNames = defaultRoles.toArray(new String[defaultRoles.size() + 1]);
defaultRoleNames[defaultRoleNames.length - 1] = name;
updateDefaultRoles(defaultRoleNames);
}
@Override
public void updateDefaultRoles(String[] defaultRoles) {
List<String> roleNames = new ArrayList<String>();
for (String roleName : defaultRoles) {
RoleModel role = getRole(roleName);
if (role == null) {
addRole(roleName);
}
roleNames.add(roleName);
}
applicationEntity.setDefaultRoles(roleNames);
}
@Override
public int getNodeReRegistrationTimeout() {
return applicationEntity.getNodeReRegistrationTimeout();
}
@Override
public void setNodeReRegistrationTimeout(int timeout) {
applicationEntity.setNodeReRegistrationTimeout(timeout);
}
@Override
public Map<String, Integer> getRegisteredNodes() {
return applicationEntity.getRegisteredNodes() == null ? Collections.<String, Integer>emptyMap() : Collections.unmodifiableMap(applicationEntity.getRegisteredNodes());
}
@Override
public void registerNode(String nodeHost, int registrationTime) {
if (applicationEntity.getRegisteredNodes() == null) {
applicationEntity.setRegisteredNodes(new HashMap<String, Integer>());
}
applicationEntity.getRegisteredNodes().put(nodeHost, registrationTime);
}
@Override
public void unregisterNode(String nodeHost) {
if (applicationEntity.getRegisteredNodes() == null) return;
applicationEntity.getRegisteredNodes().remove(nodeHost);
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || !(o instanceof ApplicationModel)) return false;
ApplicationModel that = (ApplicationModel) o;
return that.getId().equals(getId());
}
@Override
public int hashCode() {
return getId().hashCode();
}
}

1080
model/file/src/main/java/org/keycloak/models/file/adapter/ClientAdapter.java
View file

File diff suppressed because it is too large Load diff

45
model/file/src/main/java/org/keycloak/models/file/adapter/OAuthClientAdapter.java
View file

@ -1,45 +0,0 @@
package org.keycloak.models.file.adapter;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.entities.OAuthClientEntity;
/**
* OAuthClientModel for JSON persistence.
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class OAuthClientAdapter extends ClientAdapter implements OAuthClientModel {
private final OAuthClientEntity oauthClientEntity;
public OAuthClientAdapter(KeycloakSession session, RealmModel realm, OAuthClientEntity oauthClientEntity) {
super(session, realm, oauthClientEntity);
this.oauthClientEntity = oauthClientEntity;
}
public String getName() {
return oauthClientEntity.getName();
}
@Override
public void setClientId(String id) {
if (id == null) throw new NullPointerException("id == null");
if (oauthClientEntity.getName().equals(id)) return; // allow setting name to same name
RealmAdapter realmAdapter = (RealmAdapter)realm;
if (realmAdapter.hasOAuthClientWithClientId(id)) throw new ModelDuplicateException("Realm already has OAuthClient with client id " + id);
oauthClientEntity.setName(id);
}
@Override
public boolean isDirectGrantsOnly() {
return oauthClientEntity.isDirectGrantsOnly();
}
@Override
public void setDirectGrantsOnly(boolean flag) {
oauthClientEntity.setDirectGrantsOnly(flag);
}
}

2431
model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java
View file

File diff suppressed because it is too large Load diff

6
model/file/src/main/java/org/keycloak/models/file/adapter/RoleAdapter.java
View file

@ -111,7 +111,7 @@ public class RoleAdapter implements RoleModel {
Set<RoleModel> toBeRemoved = new HashSet<RoleModel>();
for (RoleModel compositeRole : getComposites()) {
RoleAdapter roleAdapter = (RoleAdapter)compositeRole;
if (appId.equals(roleAdapter.getRoleEntity().getApplicationId())) {
if (appId.equals(roleAdapter.getRoleEntity().getClientId())) {
toBeRemoved.add(compositeRole);
} else {
roleAdapter.removeApplicationComposites(appId);
@ -143,8 +143,8 @@ public class RoleAdapter implements RoleModel {
// Compute it
if (role.getRealmId() != null) {
roleContainer = realm;//new RealmAdapter(session, realm);
} else if (role.getApplicationId() != null) {
roleContainer = realm.getApplicationById(role.getApplicationId());//new ApplicationAdapter(session, realm, appEntity);
} else if (role.getClientId() != null) {
roleContainer = realm.getClientById(role.getClientId());//new ApplicationAdapter(session, realm, appEntity);
} else {
throw new IllegalStateException("Both realmId and applicationId are null for role: " + this);
}

6
model/file/src/main/java/org/keycloak/models/file/adapter/UserAdapter.java
View file

@ -16,7 +16,7 @@
*/
package org.keycloak.models.file.adapter;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@ -325,12 +325,12 @@ public class UserAdapter implements UserModel, Comparable {
}
@Override
public Set<RoleModel> getApplicationRoleMappings(ApplicationModel app) {
public Set<RoleModel> getApplicationRoleMappings(ClientModel app) {
Set<RoleModel> result = new HashSet<RoleModel>();
for (RoleModel role : allRoles) {
RoleEntity roleEntity = ((RoleAdapter)role).getRoleEntity();
if (app.getId().equals(roleEntity.getApplicationId())) {
if (app.getId().equals(roleEntity.getClientId())) {
result.add(new RoleAdapter(realm, roleEntity, app));
}
}

26
model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanRealmCache.java vendored
View file

@ -4,7 +4,6 @@ import org.infinispan.Cache;
import org.jboss.logging.Logger;
import org.keycloak.models.cache.RealmCache;
import org.keycloak.models.cache.entities.CachedApplication;
import org.keycloak.models.cache.entities.CachedOAuthClient;
import org.keycloak.models.cache.entities.CachedRealm;
import org.keycloak.models.cache.entities.CachedRole;
@ -102,31 +101,6 @@ public class InfinispanRealmCache implements RealmCache {
cache.remove(id);
}
@Override
public CachedOAuthClient getOAuthClient(String id) {
if (!enabled) return null;
return get(id, CachedOAuthClient.class);
}
@Override
public void invalidateOAuthClient(CachedOAuthClient client) {
logger.tracev("Removing oauth client {0}", client.getId());
cache.remove(client.getId());
}
@Override
public void addCachedOAuthClient(CachedOAuthClient client) {
if (!enabled) return;
logger.tracev("Adding oauth client {0}", client.getId());
cache.put(client.getId(), client);
}
@Override
public void invalidateCachedOAuthClientById(String id) {
logger.tracev("Removing oauth client {0}", id);
cache.remove(id);
}
@Override
public CachedRole getRole(String id) {
if (!enabled) return null;

247
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ApplicationAdapter.java vendored
View file

@ -1,247 +0,0 @@
package org.keycloak.models.cache;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.cache.entities.CachedApplication;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ApplicationAdapter extends ClientAdapter implements ApplicationModel {
protected ApplicationModel updated;
protected CachedApplication cached;
public ApplicationAdapter(RealmModel cachedRealm, CachedApplication cached, CacheRealmProvider cacheSession, RealmCache cache) {
super(cachedRealm, cached, cache, cacheSession);
this.cached = cached;
}
@Override
protected void getDelegateForUpdate() {
if (updated == null) {
cacheSession.registerApplicationInvalidation(getId());
updatedClient = updated = cacheSession.getDelegate().getApplicationById(getId(), cachedRealm);
if (updated == null) throw new IllegalStateException("Not found in database");
}
}
@Override
public void updateApplication() {
if (updated != null) updated.updateApplication();
}
@Override
public String getName() {
if (updated != null) return updated.getName();
return cached.getName();
}
@Override
public String getClientId() {
return getName();
}
@Override
public void setName(String name) {
getDelegateForUpdate();
updated.setName(name);
cacheSession.registerRealmInvalidation(cachedRealm.getId());
}
@Override
public boolean isSurrogateAuthRequired() {
if (updated != null) return updated.isSurrogateAuthRequired();
return cached.isSurrogateAuthRequired();
}
@Override
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
getDelegateForUpdate();
updated.setSurrogateAuthRequired(surrogateAuthRequired);
}
@Override
public String getManagementUrl() {
if (updated != null) return updated.getManagementUrl();
return cached.getManagementUrl();
}
@Override
public void setManagementUrl(String url) {
getDelegateForUpdate();
updated.setManagementUrl(url);
}
@Override
public String getBaseUrl() {
if (updated != null) return updated.getBaseUrl();
return cached.getBaseUrl();
}
@Override
public void setBaseUrl(String url) {
getDelegateForUpdate();
updated.setBaseUrl(url);
}
@Override
public List<String> getDefaultRoles() {
if (updated != null) return updated.getDefaultRoles();
return cached.getDefaultRoles();
}
@Override
public void addDefaultRole(String name) {
getDelegateForUpdate();
updated.addDefaultRole(name);
}
@Override
public void updateDefaultRoles(String[] defaultRoles) {
getDelegateForUpdate();
updated.updateDefaultRoles(defaultRoles);
}
@Override
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> roleMappings = client.getScopeMappings();
Set<RoleModel> appRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
RoleContainerModel container = role.getContainer();
if (container instanceof RealmModel) {
} else {
ApplicationModel app = (ApplicationModel)container;
if (app.getId().equals(getId())) {
appRoles.add(role);
}
}
}
return appRoles;
}
@Override
public boolean isBearerOnly() {
if (updated != null) return updated.isBearerOnly();
return cached.isBearerOnly();
}
@Override
public void setBearerOnly(boolean only) {
getDelegateForUpdate();
updated.setBearerOnly(only);
}
@Override
public RoleModel getRole(String name) {
if (updated != null) return updated.getRole(name);
String id = cached.getRoles().get(name);
if (id == null) return null;
return cacheSession.getRoleById(id, cachedRealm);
}
@Override
public RoleModel addRole(String name) {
getDelegateForUpdate();
RoleModel role = updated.addRole(name);
cacheSession.registerRoleInvalidation(role.getId());
return role;
}
@Override
public RoleModel addRole(String id, String name) {
getDelegateForUpdate();
RoleModel role = updated.addRole(id, name);
cacheSession.registerRoleInvalidation(role.getId());
return role;
}
@Override
public boolean removeRole(RoleModel role) {
cacheSession.registerRoleInvalidation(role.getId());
getDelegateForUpdate();
return updated.removeRole(role);
}
@Override
public Set<RoleModel> getRoles() {
if (updated != null) return updated.getRoles();
Set<RoleModel> roles = new HashSet<RoleModel>();
for (String id : cached.getRoles().values()) {
RoleModel roleById = cacheSession.getRoleById(id, cachedRealm);
if (roleById == null) continue;
roles.add(roleById);
}
return roles;
}
@Override
public int getNodeReRegistrationTimeout() {
if (updated != null) return updated.getNodeReRegistrationTimeout();
return cached.getNodeReRegistrationTimeout();
}
@Override
public void setNodeReRegistrationTimeout(int timeout) {
getDelegateForUpdate();
updated.setNodeReRegistrationTimeout(timeout);
}
@Override
public Map<String, Integer> getRegisteredNodes() {
if (updated != null) return updated.getRegisteredNodes();
return cached.getRegisteredNodes();
}
@Override
public void registerNode(String nodeHost, int registrationTime) {
getDelegateForUpdate();
updated.registerNode(nodeHost, registrationTime);
}
@Override
public void unregisterNode(String nodeHost) {
getDelegateForUpdate();
updated.unregisterNode(nodeHost);
}
@Override
public boolean hasScope(RoleModel role) {
if (super.hasScope(role)) {
return true;
}
Set<RoleModel> roles = getRoles();
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
return false;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || !(o instanceof ApplicationModel)) return false;
ApplicationModel that = (ApplicationModel) o;
return that.getId().equals(getId());
}
@Override
public int hashCode() {
return getId().hashCode();
}
}

4
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheRealmProvider.java vendored
View file

@ -17,8 +17,4 @@ public interface CacheRealmProvider extends RealmProvider {
void registerApplicationInvalidation(String id);
void registerRoleInvalidation(String id);
void registerOAuthClientInvalidation(String id);
void registerUserInvalidation(String id);
}

379
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ClientAdapter.java vendored
View file

@ -1,12 +1,12 @@
package org.keycloak.models.cache;
import org.keycloak.models.ClientIdentityProviderMappingModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientIdentityProviderMappingModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.cache.entities.CachedClient;
import org.keycloak.models.cache.entities.CachedApplication;
import java.util.HashMap;
import java.util.HashSet;
@ -18,80 +18,88 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public abstract class ClientAdapter implements ClientModel {
protected CachedClient cachedClient;
public class ClientAdapter implements ClientModel {
protected CacheRealmProvider cacheSession;
protected ClientModel updatedClient;
protected RealmModel cachedRealm;
protected RealmCache cache;
public ClientAdapter(RealmModel cachedRealm, CachedClient cached, RealmCache cache, CacheRealmProvider cacheSession) {
protected ClientModel updated;
protected CachedApplication cached;
public ClientAdapter(RealmModel cachedRealm, CachedApplication cached, CacheRealmProvider cacheSession, RealmCache cache) {
this.cachedRealm = cachedRealm;
this.cache = cache;
this.cacheSession = cacheSession;
this.cachedClient = cached;
this.cached = cached;
}
protected abstract void getDelegateForUpdate();
private void getDelegateForUpdate() {
if (updated == null) {
cacheSession.registerApplicationInvalidation(getId());
updated = updated = cacheSession.getDelegate().getClientById(getId(), cachedRealm);
if (updated == null) throw new IllegalStateException("Not found in database");
}
}
@Override
public void updateApplication() {
if (updated != null) updated.updateApplication();
}
@Override
public String getId() {
if (updatedClient != null) return updatedClient.getId();
return cachedClient.getId();
if (updated != null) return updated.getId();
return cached.getId();
}
@Override
public abstract String getClientId();
public Set<String> getWebOrigins() {
if (updatedClient != null) return updatedClient.getWebOrigins();
return cachedClient.getWebOrigins();
if (updated != null) return updated.getWebOrigins();
return cached.getWebOrigins();
}
public void setWebOrigins(Set<String> webOrigins) {
getDelegateForUpdate();
updatedClient.setWebOrigins(webOrigins);
updated.setWebOrigins(webOrigins);
}
public void addWebOrigin(String webOrigin) {
getDelegateForUpdate();
updatedClient.addWebOrigin(webOrigin);
updated.addWebOrigin(webOrigin);
}
public void removeWebOrigin(String webOrigin) {
getDelegateForUpdate();
updatedClient.removeWebOrigin(webOrigin);
updated.removeWebOrigin(webOrigin);
}
public Set<String> getRedirectUris() {
if (updatedClient != null) return updatedClient.getRedirectUris();
return cachedClient.getRedirectUris();
if (updated != null) return updated.getRedirectUris();
return cached.getRedirectUris();
}
public void setRedirectUris(Set<String> redirectUris) {
getDelegateForUpdate();
updatedClient.setRedirectUris(redirectUris);
updated.setRedirectUris(redirectUris);
}
public void addRedirectUri(String redirectUri) {
getDelegateForUpdate();
updatedClient.addRedirectUri(redirectUri);
updated.addRedirectUri(redirectUri);
}
public void removeRedirectUri(String redirectUri) {
getDelegateForUpdate();
updatedClient.removeRedirectUri(redirectUri);
updated.removeRedirectUri(redirectUri);
}
public boolean isEnabled() {
if (updatedClient != null) return updatedClient.isEnabled();
return cachedClient.isEnabled();
if (updated != null) return updated.isEnabled();
return cached.isEnabled();
}
public void setEnabled(boolean enabled) {
getDelegateForUpdate();
updatedClient.setEnabled(enabled);
updated.setEnabled(enabled);
}
public boolean validateSecret(String secret) {
@ -99,62 +107,62 @@ public abstract class ClientAdapter implements ClientModel {
}
public String getSecret() {
if (updatedClient != null) return updatedClient.getSecret();
return cachedClient.getSecret();
if (updated != null) return updated.getSecret();
return cached.getSecret();
}
public void setSecret(String secret) {
getDelegateForUpdate();
updatedClient.setSecret(secret);
updated.setSecret(secret);
}
public boolean isPublicClient() {
if (updatedClient != null) return updatedClient.isPublicClient();
return cachedClient.isPublicClient();
if (updated != null) return updated.isPublicClient();
return cached.isPublicClient();
}
public void setPublicClient(boolean flag) {
getDelegateForUpdate();
updatedClient.setPublicClient(flag);
updated.setPublicClient(flag);
}
public boolean isFrontchannelLogout() {
if (updatedClient != null) return updatedClient.isPublicClient();
return cachedClient.isFrontchannelLogout();
if (updated != null) return updated.isPublicClient();
return cached.isFrontchannelLogout();
}
public void setFrontchannelLogout(boolean flag) {
getDelegateForUpdate();
updatedClient.setFrontchannelLogout(flag);
updated.setFrontchannelLogout(flag);
}
@Override
public boolean isFullScopeAllowed() {
if (updatedClient != null) return updatedClient.isFullScopeAllowed();
return cachedClient.isFullScopeAllowed();
if (updated != null) return updated.isFullScopeAllowed();
return cached.isFullScopeAllowed();
}
@Override
public void setFullScopeAllowed(boolean value) {
getDelegateForUpdate();
updatedClient.setFullScopeAllowed(value);
updated.setFullScopeAllowed(value);
}
public boolean isDirectGrantsOnly() {
if (updatedClient != null) return updatedClient.isDirectGrantsOnly();
return cachedClient.isDirectGrantsOnly();
if (updated != null) return updated.isDirectGrantsOnly();
return cached.isDirectGrantsOnly();
}
public void setDirectGrantsOnly(boolean flag) {
getDelegateForUpdate();
updatedClient.setDirectGrantsOnly(flag);
updated.setDirectGrantsOnly(flag);
}
public Set<RoleModel> getScopeMappings() {
if (updatedClient != null) return updatedClient.getScopeMappings();
if (updated != null) return updated.getScopeMappings();
Set<RoleModel> roles = new HashSet<RoleModel>();
for (String id : cachedClient.getScope()) {
for (String id : cached.getScope()) {
roles.add(cacheSession.getRoleById(id, getRealm()));
}
@ -163,12 +171,12 @@ public abstract class ClientAdapter implements ClientModel {
public void addScopeMapping(RoleModel role) {
getDelegateForUpdate();
updatedClient.addScopeMapping(role);
updated.addScopeMapping(role);
}
public void deleteScopeMapping(RoleModel role) {
getDelegateForUpdate();
updatedClient.deleteScopeMapping(role);
updated.deleteScopeMapping(role);
}
public Set<RoleModel> getRealmScopeMappings() {
@ -187,119 +195,107 @@ public abstract class ClientAdapter implements ClientModel {
return appRoles;
}
public boolean hasScope(RoleModel role) {
if (updatedClient != null) return updatedClient.hasScope(role);
if (cachedClient.isFullScopeAllowed() || cachedClient.getScope().contains(role.getId())) return true;
Set<RoleModel> roles = getScopeMappings();
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
return false;
}
public RealmModel getRealm() {
return cachedRealm;
}
public int getNotBefore() {
if (updatedClient != null) return updatedClient.getNotBefore();
return cachedClient.getNotBefore();
if (updated != null) return updated.getNotBefore();
return cached.getNotBefore();
}
public void setNotBefore(int notBefore) {
getDelegateForUpdate();
updatedClient.setNotBefore(notBefore);
updated.setNotBefore(notBefore);
}
@Override
public String getProtocol() {
if (updatedClient != null) return updatedClient.getProtocol();
return cachedClient.getProtocol();
if (updated != null) return updated.getProtocol();
return cached.getProtocol();
}
@Override
public void setProtocol(String protocol) {
getDelegateForUpdate();
updatedClient.setProtocol(protocol);
updated.setProtocol(protocol);
}
@Override
public void setAttribute(String name, String value) {
getDelegateForUpdate();
updatedClient.setAttribute(name, value);
updated.setAttribute(name, value);
}
@Override
public void removeAttribute(String name) {
getDelegateForUpdate();
updatedClient.removeAttribute(name);
updated.removeAttribute(name);
}
@Override
public String getAttribute(String name) {
if (updatedClient != null) return updatedClient.getAttribute(name);
return cachedClient.getAttributes().get(name);
if (updated != null) return updated.getAttribute(name);
return cached.getAttributes().get(name);
}
@Override
public Map<String, String> getAttributes() {
if (updatedClient != null) return updatedClient.getAttributes();
if (updated != null) return updated.getAttributes();
Map<String, String> copy = new HashMap<String, String>();
copy.putAll(cachedClient.getAttributes());
copy.putAll(cached.getAttributes());
return copy;
}
@Override
public void updateIdentityProviders(List<ClientIdentityProviderMappingModel> identityProviders) {
getDelegateForUpdate();
updatedClient.updateIdentityProviders(identityProviders);
updated.updateIdentityProviders(identityProviders);
}
@Override
public List<ClientIdentityProviderMappingModel> getIdentityProviders() {
if (updatedClient != null) return updatedClient.getIdentityProviders();
return cachedClient.getIdentityProviders();
if (updated != null) return updated.getIdentityProviders();
return cached.getIdentityProviders();
}
@Override
public boolean isAllowedRetrieveTokenFromIdentityProvider(String providerId) {
if (updatedClient != null) return updatedClient.isAllowedRetrieveTokenFromIdentityProvider(providerId);
return cachedClient.isAllowedRetrieveTokenFromIdentityProvider(providerId);
if (updated != null) return updated.isAllowedRetrieveTokenFromIdentityProvider(providerId);
return cached.isAllowedRetrieveTokenFromIdentityProvider(providerId);
}
@Override
public Set<ProtocolMapperModel> getProtocolMappers() {
if (updatedClient != null) return updatedClient.getProtocolMappers();
return cachedClient.getProtocolMappers();
if (updated != null) return updated.getProtocolMappers();
return cached.getProtocolMappers();
}
@Override
public ProtocolMapperModel addProtocolMapper(ProtocolMapperModel model) {
getDelegateForUpdate();
return updatedClient.addProtocolMapper(model);
return updated.addProtocolMapper(model);
}
@Override
public void removeProtocolMapper(ProtocolMapperModel mapping) {
getDelegateForUpdate();
updatedClient.removeProtocolMapper(mapping);
updated.removeProtocolMapper(mapping);
}
@Override
public void updateProtocolMapper(ProtocolMapperModel mapping) {
getDelegateForUpdate();
updatedClient.updateProtocolMapper(mapping);
updated.updateProtocolMapper(mapping);
}
@Override
public ProtocolMapperModel getProtocolMapperById(String id) {
for (ProtocolMapperModel mapping : cachedClient.getProtocolMappers()) {
for (ProtocolMapperModel mapping : cached.getProtocolMappers()) {
if (mapping.getId().equals(id)) return mapping;
}
return null;
@ -307,9 +303,228 @@ public abstract class ClientAdapter implements ClientModel {
@Override
public ProtocolMapperModel getProtocolMapperByName(String protocol, String name) {
for (ProtocolMapperModel mapping : cachedClient.getProtocolMappers()) {
for (ProtocolMapperModel mapping : cached.getProtocolMappers()) {
if (mapping.getProtocol().equals(protocol) && mapping.getName().equals(name)) return mapping;
}
return null;
}
@Override
public String getClientId() {
if (updated != null) return updated.getClientId();
return cached.getName();
}
@Override
public void setClientId(String clientId) {
getDelegateForUpdate();
updated.setClientId(clientId);
cacheSession.registerRealmInvalidation(cachedRealm.getId());
}
@Override
public boolean isSurrogateAuthRequired() {
if (updated != null) return updated.isSurrogateAuthRequired();
return cached.isSurrogateAuthRequired();
}
@Override
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
getDelegateForUpdate();
updated.setSurrogateAuthRequired(surrogateAuthRequired);
}
@Override
public String getManagementUrl() {
if (updated != null) return updated.getManagementUrl();
return cached.getManagementUrl();
}
@Override
public void setManagementUrl(String url) {
getDelegateForUpdate();
updated.setManagementUrl(url);
}
@Override
public String getBaseUrl() {
if (updated != null) return updated.getBaseUrl();
return cached.getBaseUrl();
}
@Override
public void setBaseUrl(String url) {
getDelegateForUpdate();
updated.setBaseUrl(url);
}
@Override
public List<String> getDefaultRoles() {
if (updated != null) return updated.getDefaultRoles();
return cached.getDefaultRoles();
}
@Override
public void addDefaultRole(String name) {
getDelegateForUpdate();
updated.addDefaultRole(name);
}
@Override
public void updateDefaultRoles(String[] defaultRoles) {
getDelegateForUpdate();
updated.updateDefaultRoles(defaultRoles);
}
@Override
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> roleMappings = client.getScopeMappings();
Set<RoleModel> appRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
RoleContainerModel container = role.getContainer();
if (container instanceof RealmModel) {
} else {
ClientModel app = (ClientModel)container;
if (app.getId().equals(getId())) {
appRoles.add(role);
}
}
}
return appRoles;
}
@Override
public boolean isBearerOnly() {
if (updated != null) return updated.isBearerOnly();
return cached.isBearerOnly();
}
@Override
public void setBearerOnly(boolean only) {
getDelegateForUpdate();
updated.setBearerOnly(only);
}
@Override
public boolean isConsentRequired() {
if (updated != null) return updated.isConsentRequired();
return cached.isConsentRequired();
}
@Override
public void setConsentRequired(boolean consentRequired) {
getDelegateForUpdate();
updated.setConsentRequired(consentRequired);
}
@Override
public RoleModel getRole(String name) {
if (updated != null) return updated.getRole(name);
String id = cached.getRoles().get(name);
if (id == null) return null;
return cacheSession.getRoleById(id, cachedRealm);
}
@Override
public RoleModel addRole(String name) {
getDelegateForUpdate();
RoleModel role = updated.addRole(name);
cacheSession.registerRoleInvalidation(role.getId());
return role;
}
@Override
public RoleModel addRole(String id, String name) {
getDelegateForUpdate();
RoleModel role = updated.addRole(id, name);
cacheSession.registerRoleInvalidation(role.getId());
return role;
}
@Override
public boolean removeRole(RoleModel role) {
cacheSession.registerRoleInvalidation(role.getId());
getDelegateForUpdate();
return updated.removeRole(role);
}
@Override
public Set<RoleModel> getRoles() {
if (updated != null) return updated.getRoles();
Set<RoleModel> roles = new HashSet<RoleModel>();
for (String id : cached.getRoles().values()) {
RoleModel roleById = cacheSession.getRoleById(id, cachedRealm);
if (roleById == null) continue;
roles.add(roleById);
}
return roles;
}
@Override
public int getNodeReRegistrationTimeout() {
if (updated != null) return updated.getNodeReRegistrationTimeout();
return cached.getNodeReRegistrationTimeout();
}
@Override
public void setNodeReRegistrationTimeout(int timeout) {
getDelegateForUpdate();
updated.setNodeReRegistrationTimeout(timeout);
}
@Override
public Map<String, Integer> getRegisteredNodes() {
if (updated != null) return updated.getRegisteredNodes();
return cached.getRegisteredNodes();
}
@Override
public void registerNode(String nodeHost, int registrationTime) {
getDelegateForUpdate();
updated.registerNode(nodeHost, registrationTime);
}
@Override
public void unregisterNode(String nodeHost) {
getDelegateForUpdate();
updated.unregisterNode(nodeHost);
}
@Override
public boolean hasScope(RoleModel role) {
if (updated != null) return updated.hasScope(role);
if (cached.isFullScopeAllowed() || cached.getScope().contains(role.getId())) return true;
Set<RoleModel> roles = getScopeMappings();
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
roles = getRoles();
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
return false;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || !(o instanceof ClientModel)) return false;
ClientModel that = (ClientModel) o;
return that.getId().equals(getId());
}
@Override
public int hashCode() {
return getId().hashCode();
}
}

60
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheRealmProvider.java vendored
View file

@ -1,15 +1,13 @@
package org.keycloak.models.cache;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakTransaction;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
import org.keycloak.models.cache.entities.CachedApplication;
import org.keycloak.models.cache.entities.CachedApplicationRole;
import org.keycloak.models.cache.entities.CachedOAuthClient;
import org.keycloak.models.cache.entities.CachedRealm;
import org.keycloak.models.cache.entities.CachedRealmRole;
import org.keycloak.models.cache.entities.CachedRole;
@ -34,11 +32,8 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider {
protected Set<String> realmInvalidations = new HashSet<String>();
protected Set<String> appInvalidations = new HashSet<String>();
protected Set<String> roleInvalidations = new HashSet<String>();
protected Set<String> clientInvalidations = new HashSet<String>();
protected Set<String> userInvalidations = new HashSet<String>();
protected Map<String, RealmModel> managedRealms = new HashMap<String, RealmModel>();
protected Map<String, ApplicationModel> managedApplications = new HashMap<String, ApplicationModel>();
protected Map<String, OAuthClientModel> managedClients = new HashMap<String, OAuthClientModel>();
protected Map<String, ClientModel> managedApplications = new HashMap<String, ClientModel>();
protected Map<String, RoleModel> managedRoles = new HashMap<String, RoleModel>();
protected boolean clearAll;
@ -83,16 +78,6 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider {
roleInvalidations.add(id);
}
@Override
public void registerOAuthClientInvalidation(String id) {
clientInvalidations.add(id);
}
@Override
public void registerUserInvalidation(String id) {
userInvalidations.add(id);
}
protected void runInvalidations() {
for (String id : realmInvalidations) {
cache.invalidateCachedRealmById(id);
@ -103,9 +88,6 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider {
for (String id : appInvalidations) {
cache.invalidateCachedApplicationById(id);
}
for (String id : clientInvalidations) {
cache.invalidateCachedOAuthClientById(id);
}
}
private KeycloakTransaction getTransaction() {
@ -252,8 +234,8 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider {
RoleModel model = getDelegate().getRoleById(id, realm);
if (model == null) return null;
if (roleInvalidations.contains(id)) return model;
if (model.getContainer() instanceof ApplicationModel) {
cached = new CachedApplicationRole(((ApplicationModel) model.getContainer()).getId(), model, realm);
if (model.getContainer() instanceof ClientModel) {
cached = new CachedApplicationRole(((ClientModel) model.getContainer()).getId(), model, realm);
} else {
cached = new CachedRealmRole(model, realm);
}
@ -270,51 +252,27 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider {
}
@Override
public ApplicationModel getApplicationById(String id, RealmModel realm) {
if (!cache.isEnabled()) return getDelegate().getApplicationById(id, realm);
public ClientModel getClientById(String id, RealmModel realm) {
if (!cache.isEnabled()) return getDelegate().getClientById(id, realm);
CachedApplication cached = cache.getApplication(id);
if (cached != null && !cached.getRealm().equals(realm.getId())) {
cached = null;
}
if (cached == null) {
ApplicationModel model = getDelegate().getApplicationById(id, realm);
ClientModel model = getDelegate().getClientById(id, realm);
if (model == null) return null;
if (appInvalidations.contains(id)) return model;
cached = new CachedApplication(cache, getDelegate(), realm, model);
cache.addCachedApplication(cached);
} else if (appInvalidations.contains(id)) {
return getDelegate().getApplicationById(id, realm);
return getDelegate().getClientById(id, realm);
} else if (managedApplications.containsKey(id)) {
return managedApplications.get(id);
}
ApplicationAdapter adapter = new ApplicationAdapter(realm, cached, this, cache);
ClientAdapter adapter = new ClientAdapter(realm, cached, this, cache);
managedApplications.put(id, adapter);
return adapter;
}
@Override
public OAuthClientModel getOAuthClientById(String id, RealmModel realm) {
if (!cache.isEnabled()) return getDelegate().getOAuthClientById(id, realm);
CachedOAuthClient cached = cache.getOAuthClient(id);
if (cached != null && !cached.getRealm().equals(realm.getId())) {
cached = null;
}
if (cached == null) {
OAuthClientModel model = getDelegate().getOAuthClientById(id, realm);
if (model == null) return null;
if (clientInvalidations.contains(id)) return model;
cached = new CachedOAuthClient(cache, getDelegate(), realm, model);
cache.addCachedOAuthClient(cached);
} else if (clientInvalidations.contains(id)) {
return getDelegate().getOAuthClientById(id, realm);
} else if (managedClients.containsKey(id)) {
return managedClients.get(id);
}
OAuthClientAdapter adapter = new OAuthClientAdapter(realm, cached, this, cache);
managedClients.put(id, adapter);
return adapter;
}
}

25
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/MemoryRealmCache.java vendored
View file

@ -1,7 +1,6 @@
package org.keycloak.models.cache;
import org.keycloak.models.cache.entities.CachedApplication;
import org.keycloak.models.cache.entities.CachedOAuthClient;
import org.keycloak.models.cache.entities.CachedRealm;
import org.keycloak.models.cache.entities.CachedRole;
@ -16,7 +15,6 @@ public class MemoryRealmCache implements RealmCache {
protected ConcurrentHashMap<String, CachedRealm> realmCache = new ConcurrentHashMap<String, CachedRealm>();
protected ConcurrentHashMap<String, CachedRealm> realmCacheByName = new ConcurrentHashMap<String, CachedRealm>();
protected ConcurrentHashMap<String, CachedApplication> applicationCache = new ConcurrentHashMap<String, CachedApplication>();
protected ConcurrentHashMap<String, CachedOAuthClient> clientCache = new ConcurrentHashMap<String, CachedOAuthClient>();
protected ConcurrentHashMap<String, CachedRole> roleCache = new ConcurrentHashMap<String, CachedRole>();
protected volatile boolean enabled = true;
@ -25,7 +23,6 @@ public class MemoryRealmCache implements RealmCache {
realmCache.clear();
realmCacheByName.clear();
applicationCache.clear();
clientCache.clear();
roleCache.clear();
}
@ -96,28 +93,6 @@ public class MemoryRealmCache implements RealmCache {
applicationCache.remove(id);
}
@Override
public CachedOAuthClient getOAuthClient(String id) {
if (!enabled) return null;
return clientCache.get(id);
}
@Override
public void invalidateOAuthClient(CachedOAuthClient client) {
clientCache.remove(client.getId());
}
@Override
public void addCachedOAuthClient(CachedOAuthClient client) {
if (!enabled) return;
clientCache.put(client.getId(), client);
}
@Override
public void invalidateCachedOAuthClientById(String id) {
clientCache.remove(id);
}
@Override
public CachedRole getRole(String id) {
if (!enabled) return null;

21
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/NoCacheRealmProvider.java vendored
View file

@ -1,8 +1,7 @@
package org.keycloak.models.cache;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
@ -50,10 +49,6 @@ public class NoCacheRealmProvider implements CacheRealmProvider {
public void registerRoleInvalidation(String id) {
}
@Override
public void registerOAuthClientInvalidation(String id) {
}
@Override
public RealmModel createRealm(String name) {
return getDelegate().createRealm(name);
@ -96,17 +91,7 @@ public class NoCacheRealmProvider implements CacheRealmProvider {
}
@Override
public ApplicationModel getApplicationById(String id, RealmModel realm) {
return getDelegate().getApplicationById(id, realm);
}
@Override
public OAuthClientModel getOAuthClientById(String id, RealmModel realm) {
return getDelegate().getOAuthClientById(id, realm);
}
@Override
public void registerUserInvalidation(String id) {
//To change body of implemented methods use File | Settings | File Templates.
public ClientModel getClientById(String id, RealmModel realm) {
return getDelegate().getClientById(id, realm);
}
}

56
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/OAuthClientAdapter.java vendored
View file

@ -1,56 +0,0 @@
package org.keycloak.models.cache;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.cache.entities.CachedOAuthClient;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class OAuthClientAdapter extends ClientAdapter implements OAuthClientModel {
protected OAuthClientModel updated;
protected CachedOAuthClient cached;
public OAuthClientAdapter(RealmModel cachedRealm, CachedOAuthClient cached, CacheRealmProvider cacheSession, RealmCache cache) {
super(cachedRealm, cached, cache, cacheSession);
this.cached = cached;
}
@Override
protected void getDelegateForUpdate() {
if (updated == null) {
cacheSession.registerOAuthClientInvalidation(getId());
updatedClient = updated = cacheSession.getDelegate().getOAuthClientById(getId(), cachedRealm);
if (updated == null) throw new IllegalStateException("Not found in database");
}
}
@Override
public String getClientId() {
if (updated != null) return updated.getClientId();
return cached.getName();
}
@Override
public void setClientId(String id) {
getDelegateForUpdate();
updated.setClientId(id);
cacheSession.registerRealmInvalidation(cachedRealm.getId());
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || !(o instanceof OAuthClientModel)) return false;
OAuthClientModel that = (OAuthClientModel) o;
return that.getId().equals(this.getId());
}
@Override
public int hashCode() {
return getId().hashCode();
}
}

126
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java vendored
View file

@ -2,14 +2,10 @@ package org.keycloak.models.cache;
import org.keycloak.Config;
import org.keycloak.enums.SslRequired;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClaimTypeModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
@ -476,39 +472,25 @@ public class RealmAdapter implements RealmModel {
}
@Override
public ClientModel findClient(String clientId) {
if (updated != null) return updated.findClient(clientId);
String appId = cached.getApplications().get(clientId);
if (appId != null) {
return cacheSession.getApplicationById(appId, this);
}
String oauth = cached.getClients().get(clientId);
if (oauth != null) {
return cacheSession.getOAuthClientById(oauth, this);
}
return null;
}
@Override
public Map<String, ApplicationModel> getApplicationNameMap() {
if (updated != null) return updated.getApplicationNameMap();
Map<String, ApplicationModel> map = new HashMap<String, ApplicationModel>();
public Map<String, ClientModel> getClientNameMap() {
if (updated != null) return updated.getClientNameMap();
Map<String, ClientModel> map = new HashMap<String, ClientModel>();
for (String id : cached.getApplications().values()) {
ApplicationModel model = cacheSession.getApplicationById(id, this);
ClientModel model = cacheSession.getClientById(id, this);
if (model == null) {
throw new IllegalStateException("Cached application not found: " + id);
}
map.put(model.getName(), model);
map.put(model.getClientId(), model);
}
return map;
}
@Override
public List<ApplicationModel> getApplications() {
if (updated != null) return updated.getApplications();
List<ApplicationModel> apps = new LinkedList<ApplicationModel>();
public List<ClientModel> getClients() {
if (updated != null) return updated.getClients();
List<ClientModel> apps = new LinkedList<ClientModel>();
for (String id : cached.getApplications().values()) {
ApplicationModel model = cacheSession.getApplicationById(id, this);
ClientModel model = cacheSession.getClientById(id, this);
if (model == null) {
throw new IllegalStateException("Cached application not found: " + id);
}
@ -519,40 +501,40 @@ public class RealmAdapter implements RealmModel {
}
@Override
public ApplicationModel addApplication(String name) {
public ClientModel addClient(String name) {
getDelegateForUpdate();
ApplicationModel app = updated.addApplication(name);
ClientModel app = updated.addClient(name);
cacheSession.registerApplicationInvalidation(app.getId());
return app;
}
@Override
public ApplicationModel addApplication(String id, String name) {
public ClientModel addClient(String id, String clientId) {
getDelegateForUpdate();
ApplicationModel app = updated.addApplication(id, name);
ClientModel app = updated.addClient(id, clientId);
cacheSession.registerApplicationInvalidation(app.getId());
return app;
}
@Override
public boolean removeApplication(String id) {
public boolean removeClient(String id) {
cacheSession.registerApplicationInvalidation(id);
getDelegateForUpdate();
return updated.removeApplication(id);
return updated.removeClient(id);
}
@Override
public ApplicationModel getApplicationById(String id) {
if (updated != null) return updated.getApplicationById(id);
return cacheSession.getApplicationById(id, this);
public ClientModel getClientById(String id) {
if (updated != null) return updated.getClientById(id);
return cacheSession.getClientById(id, this);
}
@Override
public ApplicationModel getApplicationByName(String name) {
if (updated != null) return updated.getApplicationByName(name);
String id = cached.getApplications().get(name);
public ClientModel getClientByClientId(String clientId) {
if (updated != null) return updated.getClientByClientId(clientId);
String id = cached.getApplications().get(clientId);
if (id == null) return null;
return getApplicationById(id);
return getClientById(id);
}
@Override
@ -561,57 +543,6 @@ public class RealmAdapter implements RealmModel {
updated.updateRequiredCredentials(creds);
}
@Override
public OAuthClientModel addOAuthClient(String name) {
getDelegateForUpdate();
OAuthClientModel client = updated.addOAuthClient(name);
cacheSession.registerOAuthClientInvalidation(client.getId());
return client;
}
@Override
public OAuthClientModel addOAuthClient(String id, String name) {
getDelegateForUpdate();
OAuthClientModel client = updated.addOAuthClient(id, name);
cacheSession.registerOAuthClientInvalidation(client.getId());
return client;
}
@Override
public OAuthClientModel getOAuthClient(String name) {
if (updated != null) return updated.getOAuthClient(name);
String id = cached.getClients().get(name);
if (id == null) return null;
return getOAuthClientById(id);
}
@Override
public OAuthClientModel getOAuthClientById(String id) {
if (updated != null) return updated.getOAuthClientById(id);
return cacheSession.getOAuthClientById(id, this);
}
@Override
public boolean removeOAuthClient(String id) {
cacheSession.registerOAuthClientInvalidation(id);
getDelegateForUpdate();
return updated.removeOAuthClient(id);
}
@Override
public List<OAuthClientModel> getOAuthClients() {
if (updated != null) return updated.getOAuthClients();
List<OAuthClientModel> clients = new LinkedList<OAuthClientModel>();
for (String id : cached.getClients().values()) {
OAuthClientModel model = cacheSession.getOAuthClientById(id, this);
if (model == null) {
throw new IllegalStateException("Cached oauth client not found: " + id);
}
clients.add(model);
}
return clients;
}
@Override
public Map<String, String> getBrowserSecurityHeaders() {
if (updated != null) return updated.getBrowserSecurityHeaders();
@ -821,12 +752,12 @@ public class RealmAdapter implements RealmModel {
}
@Override
public ApplicationModel getMasterAdminApp() {
return cacheSession.getRealm(Config.getAdminRealm()).getApplicationById(cached.getMasterAdminApp());
public ClientModel getMasterAdminApp() {
return cacheSession.getRealm(Config.getAdminRealm()).getClientById(cached.getMasterAdminApp());
}
@Override
public void setMasterAdminApp(ApplicationModel app) {
public void setMasterAdminApp(ClientModel app) {
getDelegateForUpdate();
updated.setMasterAdminApp(app);
}
@ -875,13 +806,6 @@ public class RealmAdapter implements RealmModel {
return roles;
}
@Override
public ClientModel findClientById(String id) {
ClientModel model = getApplicationById(id);
if (model != null) return model;
return getOAuthClientById(id);
}
@Override
public boolean isIdentityFederationEnabled() {
if (updated != null) return updated.isIdentityFederationEnabled();

10
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmCache.java vendored
View file

@ -1,7 +1,6 @@
package org.keycloak.models.cache;
import org.keycloak.models.cache.entities.CachedApplication;
import org.keycloak.models.cache.entities.CachedOAuthClient;
import org.keycloak.models.cache.entities.CachedRealm;
import org.keycloak.models.cache.entities.CachedRole;
@ -30,14 +29,6 @@ public interface RealmCache {
void invalidateCachedApplicationById(String id);
CachedOAuthClient getOAuthClient(String id);
void invalidateOAuthClient(CachedOAuthClient client);
void addCachedOAuthClient(CachedOAuthClient client);
void invalidateCachedOAuthClientById(String id);
CachedRole getRole(String id);
void invalidateRole(CachedRole role);
@ -46,7 +37,6 @@ public interface RealmCache {
void invalidateCachedRoleById(String id);
void invalidateRoleById(String id);
boolean isEnabled();

2
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RoleAdapter.java vendored
View file

@ -107,7 +107,7 @@ public class RoleAdapter implements RoleModel {
return realm;
} else {
CachedApplicationRole appRole = (CachedApplicationRole)cached;
return realm.getApplicationById(appRole.getAppId());
return realm.getClientById(appRole.getAppId());
}
}

8
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java vendored
View file

@ -1,6 +1,6 @@
package org.keycloak.models.cache;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
@ -219,14 +219,14 @@ public class UserAdapter implements UserModel {
}
@Override
public Set<RoleModel> getApplicationRoleMappings(ApplicationModel app) {
public Set<RoleModel> getApplicationRoleMappings(ClientModel app) {
if (updated != null) return updated.getApplicationRoleMappings(app);
Set<RoleModel> roleMappings = getRoleMappings();
Set<RoleModel> appMappings = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
RoleContainerModel container = role.getContainer();
if (container instanceof ApplicationModel) {
if (((ApplicationModel) container).getId().equals(app.getId())) {
if (container instanceof ClientModel) {
if (((ClientModel) container).getId().equals(app.getId())) {
appMappings.add(role);
}
}

143
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedApplication.java vendored
View file

@ -1,38 +1,82 @@
package org.keycloak.models.cache.entities;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientIdentityProviderMappingModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
import org.keycloak.models.cache.RealmCache;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class CachedApplication extends CachedClient {
public class CachedApplication {
private String id;
private String name;
private String realm;
private Set<String> redirectUris = new HashSet<String>();
private boolean enabled;
private String secret;
private String protocol;
private Map<String, String> attributes = new HashMap<String, String>();
private boolean publicClient;
private boolean fullScopeAllowed;
private boolean directGrantsOnly;
private boolean frontchannelLogout;
private int notBefore;
private Set<String> scope = new HashSet<String>();
private Set<String> webOrigins = new HashSet<String>();
private List<ClientIdentityProviderMappingModel> identityProviders = new ArrayList<ClientIdentityProviderMappingModel>();
private Set<ProtocolMapperModel> protocolMappers = new HashSet<ProtocolMapperModel>();
private boolean surrogateAuthRequired;
private String managementUrl;
private String baseUrl;
private List<String> defaultRoles = new LinkedList<String>();
private boolean bearerOnly;
private boolean consentRequired;
private Map<String, String> roles = new HashMap<String, String>();
private int nodeReRegistrationTimeout;
private Map<String, Integer> registeredNodes;
public CachedApplication(RealmCache cache, RealmProvider delegate, RealmModel realm, ApplicationModel model) {
super(cache, delegate, realm, model);
public CachedApplication(RealmCache cache, RealmProvider delegate, RealmModel realm, ClientModel model) {
id = model.getId();
secret = model.getSecret();
name = model.getClientId();
this.realm = realm.getId();
enabled = model.isEnabled();
protocol = model.getProtocol();
attributes.putAll(model.getAttributes());
notBefore = model.getNotBefore();
directGrantsOnly = model.isDirectGrantsOnly();
frontchannelLogout = model.isFrontchannelLogout();
publicClient = model.isPublicClient();
fullScopeAllowed = model.isFullScopeAllowed();
redirectUris.addAll(model.getRedirectUris());
webOrigins.addAll(model.getWebOrigins());
for (RoleModel role : model.getScopeMappings()) {
scope.add(role.getId());
}
this.identityProviders = model.getIdentityProviders();
for (ProtocolMapperModel mapper : model.getProtocolMappers()) {
this.protocolMappers.add(mapper);
}
surrogateAuthRequired = model.isSurrogateAuthRequired();
managementUrl = model.getManagementUrl();
baseUrl = model.getBaseUrl();
defaultRoles.addAll(model.getDefaultRoles());
bearerOnly = model.isBearerOnly();
consentRequired = model.isConsentRequired();
for (RoleModel role : model.getRoles()) {
roles.put(role.getName(), role.getId());
cache.addCachedRole(new CachedApplicationRole(id, role, realm));
@ -41,6 +85,93 @@ public class CachedApplication extends CachedClient {
nodeReRegistrationTimeout = model.getNodeReRegistrationTimeout();
registeredNodes = new TreeMap<String, Integer>(model.getRegisteredNodes());
}
public String getId() {
return id;
}
public String getName() {
return name;
}
public String getRealm() {
return realm;
}
public Set<String> getRedirectUris() {
return redirectUris;
}
public boolean isEnabled() {
return enabled;
}
public String getSecret() {
return secret;
}
public boolean isPublicClient() {
return publicClient;
}
public boolean isDirectGrantsOnly() {
return directGrantsOnly;
}
public int getNotBefore() {
return notBefore;
}
public Set<String> getScope() {
return scope;
}
public Set<String> getWebOrigins() {
return webOrigins;
}
public boolean isFullScopeAllowed() {
return fullScopeAllowed;
}
public String getProtocol() {
return protocol;
}
public Map<String, String> getAttributes() {
return attributes;
}
public boolean isFrontchannelLogout() {
return frontchannelLogout;
}
public List<ClientIdentityProviderMappingModel> getIdentityProviders() {
return this.identityProviders;
}
public boolean hasIdentityProvider(String providerId) {
for (ClientIdentityProviderMappingModel model : getIdentityProviders()) {
if (model.getIdentityProvider().equals(providerId)) {
return true;
}
}
return false;
}
public Set<ProtocolMapperModel> getProtocolMappers() {
return protocolMappers;
}
public boolean isAllowedRetrieveTokenFromIdentityProvider(String providerId) {
for (ClientIdentityProviderMappingModel model : getIdentityProviders()) {
if (model.getIdentityProvider().equals(providerId)) {
return model.isRetrieveToken();
}
}
return false;
}
public boolean isSurrogateAuthRequired() {
return surrogateAuthRequired;
@ -62,6 +193,10 @@ public class CachedApplication extends CachedClient {
return bearerOnly;
}
public boolean isConsentRequired() {
return consentRequired;
}
public Map<String, String> getRoles() {
return roles;
}

152
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedClient.java vendored
View file

@ -1,152 +0,0 @@
package org.keycloak.models.cache.entities;
import org.keycloak.models.ClientIdentityProviderMappingModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
import org.keycloak.models.cache.RealmCache;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class CachedClient {
protected String id;
protected String name;
protected String realm;
protected Set<String> redirectUris = new HashSet<String>();
protected boolean enabled;
protected String secret;
protected String protocol;
protected Map<String, String> attributes = new HashMap<String, String>();
protected boolean publicClient;
protected boolean fullScopeAllowed;
protected boolean directGrantsOnly;
protected boolean frontchannelLogout;
protected int notBefore;
protected Set<String> scope = new HashSet<String>();
protected Set<String> webOrigins = new HashSet<String>();
private List<ClientIdentityProviderMappingModel> identityProviders = new ArrayList<ClientIdentityProviderMappingModel>();
private Set<ProtocolMapperModel> protocolMappers = new HashSet<ProtocolMapperModel>();
public CachedClient(RealmCache cache, RealmProvider delegate, RealmModel realm, ClientModel model) {
id = model.getId();
secret = model.getSecret();
name = model.getClientId();
this.realm = realm.getId();
enabled = model.isEnabled();
protocol = model.getProtocol();
attributes.putAll(model.getAttributes());
notBefore = model.getNotBefore();
directGrantsOnly = model.isDirectGrantsOnly();
frontchannelLogout = model.isFrontchannelLogout();
publicClient = model.isPublicClient();
fullScopeAllowed = model.isFullScopeAllowed();
redirectUris.addAll(model.getRedirectUris());
webOrigins.addAll(model.getWebOrigins());
for (RoleModel role : model.getScopeMappings()) {
scope.add(role.getId());
}
this.identityProviders = model.getIdentityProviders();
for (ProtocolMapperModel mapper : model.getProtocolMappers()) {
this.protocolMappers.add(mapper);
}
}
public String getId() {
return id;
}
public String getName() {
return name;
}
public String getRealm() {
return realm;
}
public Set<String> getRedirectUris() {
return redirectUris;
}
public boolean isEnabled() {
return enabled;
}
public String getSecret() {
return secret;
}
public boolean isPublicClient() {
return publicClient;
}
public boolean isDirectGrantsOnly() {
return directGrantsOnly;
}
public int getNotBefore() {
return notBefore;
}
public Set<String> getScope() {
return scope;
}
public Set<String> getWebOrigins() {
return webOrigins;
}
public boolean isFullScopeAllowed() {
return fullScopeAllowed;
}
public String getProtocol() {
return protocol;
}
public Map<String, String> getAttributes() {
return attributes;
}
public boolean isFrontchannelLogout() {
return frontchannelLogout;
}
public List<ClientIdentityProviderMappingModel> getIdentityProviders() {
return this.identityProviders;
}
public boolean hasIdentityProvider(String providerId) {
for (ClientIdentityProviderMappingModel model : getIdentityProviders()) {
if (model.getIdentityProvider().equals(providerId)) {
return true;
}
}
return false;
}
public Set<ProtocolMapperModel> getProtocolMappers() {
return protocolMappers;
}
public boolean isAllowedRetrieveTokenFromIdentityProvider(String providerId) {
for (ClientIdentityProviderMappingModel model : getIdentityProviders()) {
if (model.getIdentityProvider().equals(providerId)) {
return model.isRetrieveToken();
}
}
return false;
}
}

17
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedOAuthClient.java vendored
View file

@ -1,17 +0,0 @@
package org.keycloak.models.cache.entities;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.cache.RealmCache;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class CachedOAuthClient extends CachedClient {
public CachedOAuthClient(RealmCache cache, RealmProvider delegate, RealmModel realm, OAuthClientModel model) {
super(cache, delegate, realm, model);
}
}

777
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java vendored
View file

@ -1,392 +1,385 @@
package org.keycloak.models.cache.entities;
import org.keycloak.enums.SslRequired;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.cache.RealmCache;
import org.keycloak.util.MultivaluedHashMap;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class CachedRealm {
private String id;
private String name;
private boolean enabled;
private SslRequired sslRequired;
private boolean registrationAllowed;
private boolean registrationEmailAsUsername;
private boolean rememberMe;
private boolean verifyEmail;
private boolean passwordCredentialGrantAllowed;
private boolean resetPasswordAllowed;
private boolean identityFederationEnabled;
//--- brute force settings
private boolean bruteForceProtected;
private int maxFailureWaitSeconds;
private int minimumQuickLoginWaitSeconds;
private int waitIncrementSeconds;
private long quickLoginCheckMilliSeconds;
private int maxDeltaTimeSeconds;
private int failureFactor;
//--- end brute force settings
private int ssoSessionIdleTimeout;
private int ssoSessionMaxLifespan;
private int accessTokenLifespan;
private int accessCodeLifespan;
private int accessCodeLifespanUserAction;
private int accessCodeLifespanLogin;
private int notBefore;
private PasswordPolicy passwordPolicy;
private String publicKeyPem;
private String privateKeyPem;
private String certificatePem;
private String codeSecret;
private String loginTheme;
private String accountTheme;
private String adminTheme;
private String emailTheme;
private String masterAdminApp;
private List<RequiredCredentialModel> requiredCredentials = new ArrayList<RequiredCredentialModel>();
private List<UserFederationProviderModel> userFederationProviders = new ArrayList<UserFederationProviderModel>();
private List<IdentityProviderModel> identityProviders = new ArrayList<IdentityProviderModel>();
private Map<String, String> browserSecurityHeaders = new HashMap<String, String>();
private Map<String, String> smtpConfig = new HashMap<String, String>();
private boolean eventsEnabled;
private long eventsExpiration;
private Set<String> eventsListeners = new HashSet<String>();
private Set<String> enabledEventTypes = new HashSet<String>();
private List<String> defaultRoles = new LinkedList<String>();
private Map<String, String> realmRoles = new HashMap<String, String>();
private Map<String, String> applications = new HashMap<String, String>();
private Map<String, String> clients = new HashMap<String, String>();
private boolean internationalizationEnabled;
private Set<String> supportedLocales = new HashSet<String>();
private String defaultLocale;
private MultivaluedHashMap<String, IdentityProviderMapperModel> identityProviderMappers = new MultivaluedHashMap<>();
public CachedRealm() {
}
public CachedRealm(RealmCache cache, RealmProvider delegate, RealmModel model) {
id = model.getId();
name = model.getName();
enabled = model.isEnabled();
sslRequired = model.getSslRequired();
registrationAllowed = model.isRegistrationAllowed();
registrationEmailAsUsername = model.isRegistrationEmailAsUsername();
rememberMe = model.isRememberMe();
verifyEmail = model.isVerifyEmail();
passwordCredentialGrantAllowed = model.isPasswordCredentialGrantAllowed();
resetPasswordAllowed = model.isResetPasswordAllowed();
identityFederationEnabled = model.isIdentityFederationEnabled();
//--- brute force settings
bruteForceProtected = model.isBruteForceProtected();
maxFailureWaitSeconds = model.getMaxFailureWaitSeconds();
minimumQuickLoginWaitSeconds = model.getMinimumQuickLoginWaitSeconds();
waitIncrementSeconds = model.getWaitIncrementSeconds();
quickLoginCheckMilliSeconds = model.getQuickLoginCheckMilliSeconds();
maxDeltaTimeSeconds = model.getMaxDeltaTimeSeconds();
failureFactor = model.getFailureFactor();
//--- end brute force settings
ssoSessionIdleTimeout = model.getSsoSessionIdleTimeout();
ssoSessionMaxLifespan = model.getSsoSessionMaxLifespan();
accessTokenLifespan = model.getAccessTokenLifespan();
accessCodeLifespan = model.getAccessCodeLifespan();
accessCodeLifespanUserAction = model.getAccessCodeLifespanUserAction();
accessCodeLifespanLogin = model.getAccessCodeLifespanLogin();
notBefore = model.getNotBefore();
passwordPolicy = model.getPasswordPolicy();
publicKeyPem = model.getPublicKeyPem();
privateKeyPem = model.getPrivateKeyPem();
certificatePem = model.getCertificatePem();
codeSecret = model.getCodeSecret();
loginTheme = model.getLoginTheme();
accountTheme = model.getAccountTheme();
adminTheme = model.getAdminTheme();
emailTheme = model.getEmailTheme();
requiredCredentials = model.getRequiredCredentials();
userFederationProviders = model.getUserFederationProviders();
this.identityProviders = new ArrayList<>();
for (IdentityProviderModel identityProviderModel : model.getIdentityProviders()) {
this.identityProviders.add(new IdentityProviderModel(identityProviderModel));
}
for (IdentityProviderMapperModel mapper : model.getIdentityProviderMappers()) {
identityProviderMappers.add(mapper.getIdentityProviderAlias(), mapper);
}
smtpConfig.putAll(model.getSmtpConfig());
browserSecurityHeaders.putAll(model.getBrowserSecurityHeaders());
eventsEnabled = model.isEventsEnabled();
eventsExpiration = model.getEventsExpiration();
eventsListeners.addAll(model.getEventsListeners());
enabledEventTypes.addAll(model.getEnabledEventTypes());
defaultRoles.addAll(model.getDefaultRoles());
masterAdminApp = model.getMasterAdminApp().getId();
for (RoleModel role : model.getRoles()) {
realmRoles.put(role.getName(), role.getId());
CachedRole cachedRole = new CachedRealmRole(role, model);
cache.addCachedRole(cachedRole);
}
for (ApplicationModel app : model.getApplications()) {
applications.put(app.getName(), app.getId());
CachedApplication cachedApp = new CachedApplication(cache, delegate, model, app);
cache.addCachedApplication(cachedApp);
}
for (OAuthClientModel client : model.getOAuthClients()) {
clients.put(client.getClientId(), client.getId());
CachedOAuthClient cachedApp = new CachedOAuthClient(cache, delegate, model, client);
cache.addCachedOAuthClient(cachedApp);
}
internationalizationEnabled = model.isInternationalizationEnabled();
supportedLocales.addAll(model.getSupportedLocales());
defaultLocale = model.getDefaultLocale();
}
public String getId() {
return id;
}
public String getMasterAdminApp() {
return masterAdminApp;
}
public String getName() {
return name;
}
public List<String> getDefaultRoles() {
return defaultRoles;
}
public Map<String, String> getRealmRoles() {
return realmRoles;
}
public Map<String, String> getApplications() {
return applications;
}
public Map<String, String> getClients() {
return clients;
}
public boolean isEnabled() {
return enabled;
}
public SslRequired getSslRequired() {
return sslRequired;
}
public boolean isRegistrationAllowed() {
return registrationAllowed;
}
public boolean isRegistrationEmailAsUsername() {
return registrationEmailAsUsername;
}
public boolean isPasswordCredentialGrantAllowed() {
return passwordCredentialGrantAllowed;
}
public boolean isRememberMe() {
return this.rememberMe;
}
public boolean isBruteForceProtected() {
return bruteForceProtected;
}
public int getMaxFailureWaitSeconds() {
return this.maxFailureWaitSeconds;
}
public int getWaitIncrementSeconds() {
return this.waitIncrementSeconds;
}
public int getMinimumQuickLoginWaitSeconds() {
return this.minimumQuickLoginWaitSeconds;
}
public long getQuickLoginCheckMilliSeconds() {
return quickLoginCheckMilliSeconds;
}
public int getMaxDeltaTimeSeconds() {
return maxDeltaTimeSeconds;
}
public int getFailureFactor() {
return failureFactor;
}
public boolean isVerifyEmail() {
return verifyEmail;
}
public boolean isResetPasswordAllowed() {
return resetPasswordAllowed;
}
public int getSsoSessionIdleTimeout() {
return ssoSessionIdleTimeout;
}
public int getSsoSessionMaxLifespan() {
return ssoSessionMaxLifespan;
}
public int getAccessTokenLifespan() {
return accessTokenLifespan;
}
public int getAccessCodeLifespan() {
return accessCodeLifespan;
}
public int getAccessCodeLifespanUserAction() {
return accessCodeLifespanUserAction;
}
public int getAccessCodeLifespanLogin() {
return accessCodeLifespanLogin;
}
public String getPublicKeyPem() {
return publicKeyPem;
}
public String getPrivateKeyPem() {
return privateKeyPem;
}
public String getCodeSecret() {
return codeSecret;
}
public List<RequiredCredentialModel> getRequiredCredentials() {
return requiredCredentials;
}
public PasswordPolicy getPasswordPolicy() {
return passwordPolicy;
}
public boolean isIdentityFederationEnabled() {
return identityFederationEnabled;
}
public Map<String, String> getSmtpConfig() {
return smtpConfig;
}
public Map<String, String> getBrowserSecurityHeaders() {
return browserSecurityHeaders;
}
public String getLoginTheme() {
return loginTheme;
}
public String getAccountTheme() {
return accountTheme;
}
public String getAdminTheme() {
return this.adminTheme;
}
public String getEmailTheme() {
return emailTheme;
}
public int getNotBefore() {
return notBefore;
}
public boolean isEventsEnabled() {
return eventsEnabled;
}
public long getEventsExpiration() {
return eventsExpiration;
}
public Set<String> getEventsListeners() {
return eventsListeners;
}
public Set<String> getEnabledEventTypes() {
return enabledEventTypes;
}
public List<UserFederationProviderModel> getUserFederationProviders() {
return userFederationProviders;
}
public String getCertificatePem() {
return certificatePem;
}
public List<IdentityProviderModel> getIdentityProviders() {
return identityProviders;
}
public boolean isInternationalizationEnabled() {
return internationalizationEnabled;
}
public Set<String> getSupportedLocales() {
return supportedLocales;
}
public String getDefaultLocale() {
return defaultLocale;
}
public MultivaluedHashMap<String, IdentityProviderMapperModel> getIdentityProviderMappers() {
return identityProviderMappers;
}
}
package org.keycloak.models.cache.entities;
import org.keycloak.enums.SslRequired;
import org.keycloak.models.ClientModel;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.cache.RealmCache;
import org.keycloak.util.MultivaluedHashMap;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class CachedRealm {
private String id;
private String name;
private boolean enabled;
private SslRequired sslRequired;
private boolean registrationAllowed;
private boolean registrationEmailAsUsername;
private boolean rememberMe;
private boolean verifyEmail;
private boolean passwordCredentialGrantAllowed;
private boolean resetPasswordAllowed;
private boolean identityFederationEnabled;
//--- brute force settings
private boolean bruteForceProtected;
private int maxFailureWaitSeconds;
private int minimumQuickLoginWaitSeconds;
private int waitIncrementSeconds;
private long quickLoginCheckMilliSeconds;
private int maxDeltaTimeSeconds;
private int failureFactor;
//--- end brute force settings
private int ssoSessionIdleTimeout;
private int ssoSessionMaxLifespan;
private int accessTokenLifespan;
private int accessCodeLifespan;
private int accessCodeLifespanUserAction;
private int accessCodeLifespanLogin;
private int notBefore;
private PasswordPolicy passwordPolicy;
private String publicKeyPem;
private String privateKeyPem;
private String certificatePem;
private String codeSecret;
private String loginTheme;
private String accountTheme;
private String adminTheme;
private String emailTheme;
private String masterAdminApp;
private List<RequiredCredentialModel> requiredCredentials = new ArrayList<RequiredCredentialModel>();
private List<UserFederationProviderModel> userFederationProviders = new ArrayList<UserFederationProviderModel>();
private List<IdentityProviderModel> identityProviders = new ArrayList<IdentityProviderModel>();
private Map<String, String> browserSecurityHeaders = new HashMap<String, String>();
private Map<String, String> smtpConfig = new HashMap<String, String>();
private boolean eventsEnabled;
private long eventsExpiration;
private Set<String> eventsListeners = new HashSet<String>();
private Set<String> enabledEventTypes = new HashSet<String>();
private List<String> defaultRoles = new LinkedList<String>();
private Map<String, String> realmRoles = new HashMap<String, String>();
private Map<String, String> applications = new HashMap<String, String>();
private Map<String, String> clients = new HashMap<String, String>();
private boolean internationalizationEnabled;
private Set<String> supportedLocales = new HashSet<String>();
private String defaultLocale;
private MultivaluedHashMap<String, IdentityProviderMapperModel> identityProviderMappers = new MultivaluedHashMap<>();
public CachedRealm() {
}
public CachedRealm(RealmCache cache, RealmProvider delegate, RealmModel model) {
id = model.getId();
name = model.getName();
enabled = model.isEnabled();
sslRequired = model.getSslRequired();
registrationAllowed = model.isRegistrationAllowed();
registrationEmailAsUsername = model.isRegistrationEmailAsUsername();
rememberMe = model.isRememberMe();
verifyEmail = model.isVerifyEmail();
passwordCredentialGrantAllowed = model.isPasswordCredentialGrantAllowed();
resetPasswordAllowed = model.isResetPasswordAllowed();
identityFederationEnabled = model.isIdentityFederationEnabled();
//--- brute force settings
bruteForceProtected = model.isBruteForceProtected();
maxFailureWaitSeconds = model.getMaxFailureWaitSeconds();
minimumQuickLoginWaitSeconds = model.getMinimumQuickLoginWaitSeconds();
waitIncrementSeconds = model.getWaitIncrementSeconds();
quickLoginCheckMilliSeconds = model.getQuickLoginCheckMilliSeconds();
maxDeltaTimeSeconds = model.getMaxDeltaTimeSeconds();
failureFactor = model.getFailureFactor();
//--- end brute force settings
ssoSessionIdleTimeout = model.getSsoSessionIdleTimeout();
ssoSessionMaxLifespan = model.getSsoSessionMaxLifespan();
accessTokenLifespan = model.getAccessTokenLifespan();
accessCodeLifespan = model.getAccessCodeLifespan();
accessCodeLifespanUserAction = model.getAccessCodeLifespanUserAction();
accessCodeLifespanLogin = model.getAccessCodeLifespanLogin();
notBefore = model.getNotBefore();
passwordPolicy = model.getPasswordPolicy();
publicKeyPem = model.getPublicKeyPem();
privateKeyPem = model.getPrivateKeyPem();
certificatePem = model.getCertificatePem();
codeSecret = model.getCodeSecret();
loginTheme = model.getLoginTheme();
accountTheme = model.getAccountTheme();
adminTheme = model.getAdminTheme();
emailTheme = model.getEmailTheme();
requiredCredentials = model.getRequiredCredentials();
userFederationProviders = model.getUserFederationProviders();
this.identityProviders = new ArrayList<>();
for (IdentityProviderModel identityProviderModel : model.getIdentityProviders()) {
this.identityProviders.add(new IdentityProviderModel(identityProviderModel));
}
for (IdentityProviderMapperModel mapper : model.getIdentityProviderMappers()) {
identityProviderMappers.add(mapper.getIdentityProviderAlias(), mapper);
}
smtpConfig.putAll(model.getSmtpConfig());
browserSecurityHeaders.putAll(model.getBrowserSecurityHeaders());
eventsEnabled = model.isEventsEnabled();
eventsExpiration = model.getEventsExpiration();
eventsListeners.addAll(model.getEventsListeners());
enabledEventTypes.addAll(model.getEnabledEventTypes());
defaultRoles.addAll(model.getDefaultRoles());
masterAdminApp = model.getMasterAdminApp().getId();
for (RoleModel role : model.getRoles()) {
realmRoles.put(role.getName(), role.getId());
CachedRole cachedRole = new CachedRealmRole(role, model);
cache.addCachedRole(cachedRole);
}
for (ClientModel app : model.getClients()) {
applications.put(app.getClientId(), app.getId());
CachedApplication cachedApp = new CachedApplication(cache, delegate, model, app);
cache.addCachedApplication(cachedApp);
}
internationalizationEnabled = model.isInternationalizationEnabled();
supportedLocales.addAll(model.getSupportedLocales());
defaultLocale = model.getDefaultLocale();
}
public String getId() {
return id;
}
public String getMasterAdminApp() {
return masterAdminApp;
}
public String getName() {
return name;
}
public List<String> getDefaultRoles() {
return defaultRoles;
}
public Map<String, String> getRealmRoles() {
return realmRoles;
}
public Map<String, String> getApplications() {
return applications;
}
public Map<String, String> getClients() {
return clients;
}
public boolean isEnabled() {
return enabled;
}
public SslRequired getSslRequired() {
return sslRequired;
}
public boolean isRegistrationAllowed() {
return registrationAllowed;
}
public boolean isRegistrationEmailAsUsername() {
return registrationEmailAsUsername;
}
public boolean isPasswordCredentialGrantAllowed() {
return passwordCredentialGrantAllowed;
}
public boolean isRememberMe() {
return this.rememberMe;
}
public boolean isBruteForceProtected() {
return bruteForceProtected;
}
public int getMaxFailureWaitSeconds() {
return this.maxFailureWaitSeconds;
}
public int getWaitIncrementSeconds() {
return this.waitIncrementSeconds;
}
public int getMinimumQuickLoginWaitSeconds() {
return this.minimumQuickLoginWaitSeconds;
}
public long getQuickLoginCheckMilliSeconds() {
return quickLoginCheckMilliSeconds;
}
public int getMaxDeltaTimeSeconds() {
return maxDeltaTimeSeconds;
}
public int getFailureFactor() {
return failureFactor;
}
public boolean isVerifyEmail() {
return verifyEmail;
}
public boolean isResetPasswordAllowed() {
return resetPasswordAllowed;
}
public int getSsoSessionIdleTimeout() {
return ssoSessionIdleTimeout;
}
public int getSsoSessionMaxLifespan() {
return ssoSessionMaxLifespan;
}
public int getAccessTokenLifespan() {
return accessTokenLifespan;
}
public int getAccessCodeLifespan() {
return accessCodeLifespan;
}
public int getAccessCodeLifespanUserAction() {
return accessCodeLifespanUserAction;
}
public int getAccessCodeLifespanLogin() {
return accessCodeLifespanLogin;
}
public String getPublicKeyPem() {
return publicKeyPem;
}
public String getPrivateKeyPem() {
return privateKeyPem;
}
public String getCodeSecret() {
return codeSecret;
}
public List<RequiredCredentialModel> getRequiredCredentials() {
return requiredCredentials;
}
public PasswordPolicy getPasswordPolicy() {
return passwordPolicy;
}
public boolean isIdentityFederationEnabled() {
return identityFederationEnabled;
}
public Map<String, String> getSmtpConfig() {
return smtpConfig;
}
public Map<String, String> getBrowserSecurityHeaders() {
return browserSecurityHeaders;
}
public String getLoginTheme() {
return loginTheme;
}
public String getAccountTheme() {
return accountTheme;
}
public String getAdminTheme() {
return this.adminTheme;
}
public String getEmailTheme() {
return emailTheme;
}
public int getNotBefore() {
return notBefore;
}
public boolean isEventsEnabled() {
return eventsEnabled;
}
public long getEventsExpiration() {
return eventsExpiration;
}
public Set<String> getEventsListeners() {
return eventsListeners;
}
public Set<String> getEnabledEventTypes() {
return enabledEventTypes;
}
public List<UserFederationProviderModel> getUserFederationProviders() {
return userFederationProviders;
}
public String getCertificatePem() {
return certificatePem;
}
public List<IdentityProviderModel> getIdentityProviders() {
return identityProviders;
}
public boolean isInternationalizationEnabled() {
return internationalizationEnabled;
}
public Set<String> getSupportedLocales() {
return supportedLocales;
}
public String getDefaultLocale() {
return defaultLocale;
}
public MultivaluedHashMap<String, IdentityProviderMapperModel> getIdentityProviderMappers() {
return identityProviderMappers;
}
}

308
model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
View file

@ -1,308 +0,0 @@
package org.keycloak.models.jpa;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.jpa.entities.ApplicationEntity;
import org.keycloak.models.jpa.entities.IdentityProviderEntity;
import org.keycloak.models.jpa.entities.RoleEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ApplicationAdapter extends ClientAdapter implements ApplicationModel {
protected EntityManager em;
protected KeycloakSession session;
protected ApplicationEntity applicationEntity;
public ApplicationAdapter(RealmModel realm, EntityManager em, KeycloakSession session, ApplicationEntity applicationEntity) {
super(realm, applicationEntity, em);
this.session = session;
this.realm = realm;
this.em = em;
this.applicationEntity = applicationEntity;
}
@Override
public void updateApplication() {
em.flush();
}
@Override
public String getName() {
return entity.getName();
}
@Override
public void setName(String name) {
entity.setName(name);
}
@Override
public boolean isSurrogateAuthRequired() {
return applicationEntity.isSurrogateAuthRequired();
}
@Override
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
applicationEntity.setSurrogateAuthRequired(surrogateAuthRequired);
}
@Override
public String getManagementUrl() {
return applicationEntity.getManagementUrl();
}
@Override
public void setManagementUrl(String url) {
applicationEntity.setManagementUrl(url);
}
@Override
public String getBaseUrl() {
return applicationEntity.getBaseUrl();
}
@Override
public void setBaseUrl(String url) {
applicationEntity.setBaseUrl(url);
}
@Override
public boolean isBearerOnly() {
return applicationEntity.isBearerOnly();
}
@Override
public void setBearerOnly(boolean only) {
applicationEntity.setBearerOnly(only);
}
@Override
public boolean isDirectGrantsOnly() {
return false; // applications can't be grant only
}
@Override
public void setDirectGrantsOnly(boolean flag) {
// applications can't be grant only
}
@Override
public RoleModel getRole(String name) {
TypedQuery<RoleEntity> query = em.createNamedQuery("getAppRoleByName", RoleEntity.class);
query.setParameter("name", name);
query.setParameter("application", entity);
List<RoleEntity> roles = query.getResultList();
if (roles.size() == 0) return null;
return new RoleAdapter(realm, em, roles.get(0));
}
@Override
public RoleModel addRole(String name) {
return this.addRole(KeycloakModelUtils.generateId(), name);
}
@Override
public RoleModel addRole(String id, String name) {
RoleEntity roleEntity = new RoleEntity();
roleEntity.setId(id);
roleEntity.setName(name);
roleEntity.setApplication(applicationEntity);
roleEntity.setApplicationRole(true);
roleEntity.setRealmId(realm.getId());
em.persist(roleEntity);
applicationEntity.getRoles().add(roleEntity);
em.flush();
return new RoleAdapter(realm, em, roleEntity);
}
@Override
public boolean removeRole(RoleModel roleModel) {
if (roleModel == null) {
return false;
}
if (!roleModel.getContainer().equals(this)) return false;
session.users().preRemove(getRealm(), roleModel);
RoleEntity role = RoleAdapter.toRoleEntity(roleModel, em);
if (!role.isApplicationRole()) return false;
applicationEntity.getRoles().remove(role);
applicationEntity.getDefaultRoles().remove(role);
em.createNativeQuery("delete from COMPOSITE_ROLE where CHILD_ROLE = :role").setParameter("role", role).executeUpdate();
em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", role).executeUpdate();
role.setApplication(null);
em.flush();
em.remove(role);
em.flush();
return true;
}
@Override
public Set<RoleModel> getRoles() {
Set<RoleModel> list = new HashSet<RoleModel>();
Collection<RoleEntity> roles = applicationEntity.getRoles();
if (roles == null) return list;
for (RoleEntity entity : roles) {
list.add(new RoleAdapter(realm, em, entity));
}
return list;
}
@Override
public boolean hasScope(RoleModel role) {
if (super.hasScope(role)) {
return true;
}
Set<RoleModel> roles = getRoles();
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
return false;
}
@Override
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> roleMappings = client.getScopeMappings();
Set<RoleModel> appRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
RoleContainerModel container = role.getContainer();
if (container instanceof RealmModel) {
} else {
ApplicationModel app = (ApplicationModel)container;
if (app.getId().equals(getId())) {
appRoles.add(role);
}
}
}
return appRoles;
}
@Override
public List<String> getDefaultRoles() {
Collection<RoleEntity> entities = applicationEntity.getDefaultRoles();
List<String> roles = new ArrayList<String>();
if (entities == null) return roles;
for (RoleEntity entity : entities) {
roles.add(entity.getName());
}
return roles;
}
@Override
public void addDefaultRole(String name) {
RoleModel role = getRole(name);
if (role == null) {
role = addRole(name);
}
Collection<RoleEntity> entities = applicationEntity.getDefaultRoles();
for (RoleEntity entity : entities) {
if (entity.getId().equals(role.getId())) {
return;
}
}
RoleEntity roleEntity = RoleAdapter.toRoleEntity(role, em);
entities.add(roleEntity);
em.flush();
}
@Override
public void updateDefaultRoles(String[] defaultRoles) {
Collection<RoleEntity> entities = applicationEntity.getDefaultRoles();
Set<String> already = new HashSet<String>();
List<RoleEntity> remove = new ArrayList<RoleEntity>();
for (RoleEntity rel : entities) {
if (!contains(rel.getName(), defaultRoles)) {
remove.add(rel);
} else {
already.add(rel.getName());
}
}
for (RoleEntity entity : remove) {
entities.remove(entity);
}
em.flush();
for (String roleName : defaultRoles) {
if (!already.contains(roleName)) {
addDefaultRole(roleName);
}
}
em.flush();
}
@Override
public int getNodeReRegistrationTimeout() {
return applicationEntity.getNodeReRegistrationTimeout();
}
@Override
public void setNodeReRegistrationTimeout(int timeout) {
applicationEntity.setNodeReRegistrationTimeout(timeout);
}
@Override
public Map<String, Integer> getRegisteredNodes() {
return applicationEntity.getRegisteredNodes();
}
@Override
public void registerNode(String nodeHost, int registrationTime) {
Map<String, Integer> currentNodes = getRegisteredNodes();
currentNodes.put(nodeHost, registrationTime);
em.flush();
}
@Override
public void unregisterNode(String nodeHost) {
Map<String, Integer> currentNodes = getRegisteredNodes();
currentNodes.remove(nodeHost);
em.flush();
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || !(o instanceof ApplicationModel)) return false;
ApplicationModel that = (ApplicationModel) o;
return that.getId().equals(getId());
}
@Override
public int hashCode() {
return getId().hashCode();
}
public String toString() {
return getName();
}
ApplicationEntity getJpaEntity() {
return applicationEntity;
}
}

339
model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java
View file

@ -1,9 +1,8 @@
package org.keycloak.models.jpa;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientIdentityProviderMappingModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.ClientIdentityProviderMappingModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
@ -22,8 +21,6 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
@ -32,15 +29,18 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public abstract class ClientAdapter implements ClientModel {
protected ClientEntity entity;
public class ClientAdapter implements ClientModel {
protected KeycloakSession session;
protected RealmModel realm;
protected EntityManager em;
protected ClientEntity entity;
public ClientAdapter(RealmModel realm, ClientEntity entity, EntityManager em) {
public ClientAdapter(RealmModel realm, EntityManager em, KeycloakSession session, ClientEntity entity) {
this.session = session;
this.realm = realm;
this.entity = entity;
this.em = em;
this.entity = entity;
}
public ClientEntity getEntity() {
@ -57,11 +57,6 @@ public abstract class ClientAdapter implements ClientModel {
return realm;
}
@Override
public String getClientId() {
return entity.getName();
}
@Override
public boolean isEnabled() {
return entity.isEnabled();
@ -177,7 +172,7 @@ public abstract class ClientAdapter implements ClientModel {
public Set<RoleModel> getRealmScopeMappings() {
Set<RoleModel> roleMappings = getScopeMappings();
Set<RoleModel> appRoles = new HashSet<RoleModel>();
Set<RoleModel> appRoles = new HashSet<>();
for (RoleModel role : roleMappings) {
RoleContainerModel container = role.getContainer();
if (container instanceof RealmModel) {
@ -190,8 +185,6 @@ public abstract class ClientAdapter implements ClientModel {
return appRoles;
}
@Override
public Set<RoleModel> getScopeMappings() {
TypedQuery<String> query = em.createNamedQuery("clientScopeMappingIds", String.class);
@ -236,32 +229,6 @@ public abstract class ClientAdapter implements ClientModel {
return query;
}
@Override
public boolean hasScope(RoleModel role) {
if (isFullScopeAllowed()) return true;
Set<RoleModel> roles = getScopeMappings();
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
return false;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (!this.getClass().equals(o.getClass())) return false;
ClientAdapter that = (ClientAdapter) o;
return that.getId().equals(getId());
}
@Override
public int hashCode() {
return entity.getId().hashCode();
}
@Override
public String getProtocol() {
return entity.getProtocol();
@ -281,7 +248,7 @@ public abstract class ClientAdapter implements ClientModel {
@Override
public void removeAttribute(String name) {
entity.getAttributes().remove(name);
entity.getAttributes().remove(name);
}
@Override
@ -291,7 +258,7 @@ public abstract class ClientAdapter implements ClientModel {
@Override
public Map<String, String> getAttributes() {
Map<String, String> copy = new HashMap<String, String>();
Map<String, String> copy = new HashMap<>();
copy.putAll(entity.getAttributes());
return copy;
}
@ -299,8 +266,8 @@ public abstract class ClientAdapter implements ClientModel {
@Override
public void updateIdentityProviders(List<ClientIdentityProviderMappingModel> identityProviders) {
Collection<ClientIdentityProviderMappingEntity> entities = entity.getIdentityProviders();
Set<String> already = new HashSet<String>();
List<ClientIdentityProviderMappingEntity> remove = new ArrayList<ClientIdentityProviderMappingEntity>();
Set<String> already = new HashSet<>();
List<ClientIdentityProviderMappingEntity> remove = new ArrayList<>();
for (ClientIdentityProviderMappingEntity entity : entities) {
IdentityProviderEntity identityProvider = entity.getIdentityProvider();
@ -500,4 +467,282 @@ public abstract class ClientAdapter implements ClientModel {
mapping.setConfig(config);
return mapping;
}
@Override
public void updateApplication() {
em.flush();
}
@Override
public String getClientId() {
return entity.getName();
}
@Override
public void setClientId(String clientId) {
entity.setName(clientId);
}
@Override
public boolean isSurrogateAuthRequired() {
return entity.isSurrogateAuthRequired();
}
@Override
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
entity.setSurrogateAuthRequired(surrogateAuthRequired);
}
@Override
public String getManagementUrl() {
return entity.getManagementUrl();
}
@Override
public void setManagementUrl(String url) {
entity.setManagementUrl(url);
}
@Override
public String getBaseUrl() {
return entity.getBaseUrl();
}
@Override
public void setBaseUrl(String url) {
entity.setBaseUrl(url);
}
@Override
public boolean isBearerOnly() {
return entity.isBearerOnly();
}
@Override
public void setBearerOnly(boolean only) {
entity.setBearerOnly(only);
}
@Override
public boolean isConsentRequired() {
return entity.isConsentRequired();
}
@Override
public void setConsentRequired(boolean consentRequired) {
entity.setConsentRequired(consentRequired);
}
@Override
public boolean isDirectGrantsOnly() {
return entity.isDirectGrantsOnly();
}
@Override
public void setDirectGrantsOnly(boolean flag) {
entity.setDirectGrantsOnly(flag);
}
@Override
public RoleModel getRole(String name) {
TypedQuery<RoleEntity> query = em.createNamedQuery("getAppRoleByName", RoleEntity.class);
query.setParameter("name", name);
query.setParameter("application", entity);
List<RoleEntity> roles = query.getResultList();
if (roles.size() == 0) return null;
return new RoleAdapter(realm, em, roles.get(0));
}
@Override
public RoleModel addRole(String name) {
return this.addRole(KeycloakModelUtils.generateId(), name);
}
@Override
public RoleModel addRole(String id, String name) {
RoleEntity roleEntity = new RoleEntity();
roleEntity.setId(id);
roleEntity.setName(name);
roleEntity.setApplication(entity);
roleEntity.setApplicationRole(true);
roleEntity.setRealmId(realm.getId());
em.persist(roleEntity);
entity.getRoles().add(roleEntity);
em.flush();
return new RoleAdapter(realm, em, roleEntity);
}
@Override
public boolean removeRole(RoleModel roleModel) {
if (roleModel == null) {
return false;
}
if (!roleModel.getContainer().equals(this)) return false;
session.users().preRemove(getRealm(), roleModel);
RoleEntity role = RoleAdapter.toRoleEntity(roleModel, em);
if (!role.isApplicationRole()) return false;
entity.getRoles().remove(role);
entity.getDefaultRoles().remove(role);
em.createNativeQuery("delete from COMPOSITE_ROLE where CHILD_ROLE = :role").setParameter("role", role).executeUpdate();
em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", role).executeUpdate();
role.setApplication(null);
em.flush();
em.remove(role);
em.flush();
return true;
}
@Override
public Set<RoleModel> getRoles() {
Set<RoleModel> list = new HashSet<RoleModel>();
Collection<RoleEntity> roles = entity.getRoles();
if (roles == null) return list;
for (RoleEntity entity : roles) {
list.add(new RoleAdapter(realm, em, entity));
}
return list;
}
@Override
public boolean hasScope(RoleModel role) {
if (isFullScopeAllowed()) return true;
Set<RoleModel> roles = getScopeMappings();
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
roles = getRoles();
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
return false;
}
@Override
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> roleMappings = client.getScopeMappings();
Set<RoleModel> appRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
RoleContainerModel container = role.getContainer();
if (container instanceof RealmModel) {
} else {
ClientModel app = (ClientModel)container;
if (app.getId().equals(getId())) {
appRoles.add(role);
}
}
}
return appRoles;
}
@Override
public List<String> getDefaultRoles() {
Collection<RoleEntity> entities = entity.getDefaultRoles();
List<String> roles = new ArrayList<String>();
if (entities == null) return roles;
for (RoleEntity entity : entities) {
roles.add(entity.getName());
}
return roles;
}
@Override
public void addDefaultRole(String name) {
RoleModel role = getRole(name);
if (role == null) {
role = addRole(name);
}
Collection<RoleEntity> entities = entity.getDefaultRoles();
for (RoleEntity entity : entities) {
if (entity.getId().equals(role.getId())) {
return;
}
}
RoleEntity roleEntity = RoleAdapter.toRoleEntity(role, em);
entities.add(roleEntity);
em.flush();
}
@Override
public void updateDefaultRoles(String[] defaultRoles) {
Collection<RoleEntity> entities = entity.getDefaultRoles();
Set<String> already = new HashSet<String>();
List<RoleEntity> remove = new ArrayList<RoleEntity>();
for (RoleEntity rel : entities) {
if (!contains(rel.getName(), defaultRoles)) {
remove.add(rel);
} else {
already.add(rel.getName());
}
}
for (RoleEntity entity : remove) {
entities.remove(entity);
}
em.flush();
for (String roleName : defaultRoles) {
if (!already.contains(roleName)) {
addDefaultRole(roleName);
}
}
em.flush();
}
@Override
public int getNodeReRegistrationTimeout() {
return entity.getNodeReRegistrationTimeout();
}
@Override
public void setNodeReRegistrationTimeout(int timeout) {
entity.setNodeReRegistrationTimeout(timeout);
}
@Override
public Map<String, Integer> getRegisteredNodes() {
return entity.getRegisteredNodes();
}
@Override
public void registerNode(String nodeHost, int registrationTime) {
Map<String, Integer> currentNodes = getRegisteredNodes();
currentNodes.put(nodeHost, registrationTime);
em.flush();
}
@Override
public void unregisterNode(String nodeHost) {
Map<String, Integer> currentNodes = getRegisteredNodes();
currentNodes.remove(nodeHost);
em.flush();
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || !(o instanceof ClientModel)) return false;
ClientModel that = (ClientModel) o;
return that.getId().equals(getId());
}
@Override
public int hashCode() {
return getId().hashCode();
}
public String toString() {
return getClientId();
}
}

29
model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java
View file

@ -1,13 +1,11 @@
package org.keycloak.models.jpa;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
import org.keycloak.models.jpa.entities.ApplicationEntity;
import org.keycloak.models.jpa.entities.OAuthClientEntity;
import org.keycloak.models.jpa.entities.ClientEntity;
import org.keycloak.models.jpa.entities.RealmEntity;
import org.keycloak.models.jpa.entities.RoleEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
@ -93,12 +91,8 @@ public class JpaRealmProvider implements RealmProvider {
RealmAdapter adapter = new RealmAdapter(session, em, realm);
session.users().preRemove(adapter);
for (ApplicationEntity a : new LinkedList<ApplicationEntity>(realm.getApplications())) {
adapter.removeApplication(a.getId());
}
for (OAuthClientModel oauth : adapter.getOAuthClients()) {
adapter.removeOAuthClient(oauth.getId());
for (ClientEntity a : new LinkedList<>(realm.getApplications())) {
adapter.removeClient(a.getId());
}
em.remove(realm);
@ -118,21 +112,12 @@ public class JpaRealmProvider implements RealmProvider {
}
@Override
public ApplicationModel getApplicationById(String id, RealmModel realm) {
ApplicationEntity app = em.find(ApplicationEntity.class, id);
public ClientModel getClientById(String id, RealmModel realm) {
ClientEntity app = em.find(ClientEntity.class, id);
// Check if application belongs to this realm
if (app == null || !realm.getId().equals(app.getRealm().getId())) return null;
return new ApplicationAdapter(realm, em, session, app);
}
@Override
public OAuthClientModel getOAuthClientById(String id, RealmModel realm) {
OAuthClientEntity client = em.find(OAuthClientEntity.class, id);
// Check if client belongs to this realm
if (client == null || !realm.getId().equals(client.getRealm().getId())) return null;
return new OAuthClientAdapter(realm, client, em);
return new ClientAdapter(realm, em, session, app);
}
}

4
model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java
View file

@ -1,6 +1,6 @@
package org.keycloak.models.jpa;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.CredentialValidationOutput;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.KeycloakSession;
@ -61,7 +61,7 @@ public class JpaUserProvider implements UserProvider {
userModel.grantRole(realm.getRole(r));
}
for (ApplicationModel application : realm.getApplications()) {
for (ClientModel application : realm.getClients()) {
for (String r : application.getDefaultRoles()) {
userModel.grantRole(application.getRole(r));
}

52
model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java
View file

@ -1,52 +0,0 @@
package org.keycloak.models.jpa;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.jpa.entities.OAuthClientEntity;
import javax.persistence.EntityManager;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class OAuthClientAdapter extends ClientAdapter implements OAuthClientModel {
protected final OAuthClientEntity oAuthClientEntity;
public OAuthClientAdapter(RealmModel realm, OAuthClientEntity entity, EntityManager em) {
super(realm, entity, em);
oAuthClientEntity = entity;
}
@Override
public void setClientId(String id) {
entity.setName(id);
}
@Override
public boolean isDirectGrantsOnly() {
return oAuthClientEntity.isDirectGrantsOnly();
}
@Override
public void setDirectGrantsOnly(boolean flag) {
oAuthClientEntity.setDirectGrantsOnly(flag);
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || !(o instanceof OAuthClientModel)) return false;
OAuthClientModel that = (OAuthClientModel) o;
return that.getId().equals(getId());
}
@Override
public int hashCode() {
return getId().hashCode();
}
}

2738
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

File diff suppressed because it is too large Load diff

2
model/jpa/src/main/java/org/keycloak/models/jpa/RoleAdapter.java
View file

@ -105,7 +105,7 @@ public class RoleAdapter implements RoleModel {
@Override
public RoleContainerModel getContainer() {
if (role.isApplicationRole()) {
return realm.getApplicationById(role.getApplication().getId());
return realm.getClientById(role.getApplication().getId());
} else {
return realm;

8
model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java
View file

@ -1,6 +1,6 @@
package org.keycloak.models.jpa;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
@ -363,14 +363,14 @@ public class UserAdapter implements UserModel {
}
@Override
public Set<RoleModel> getApplicationRoleMappings(ApplicationModel app) {
public Set<RoleModel> getApplicationRoleMappings(ClientModel app) {
Set<RoleModel> roleMappings = getRoleMappings();
Set<RoleModel> roles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
RoleContainerModel container = role.getContainer();
if (container instanceof ApplicationModel) {
ApplicationModel appModel = (ApplicationModel)container;
if (container instanceof ClientModel) {
ClientModel appModel = (ClientModel)container;
if (appModel.getId().equals(app.getId())) {
roles.add(role);
}

116
model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
View file

@ -1,116 +0,0 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.MapKeyColumn;
import javax.persistence.OneToMany;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@Entity
public class ApplicationEntity extends ClientEntity {
@Column(name="SURROGATE_AUTH_REQUIRED")
private boolean surrogateAuthRequired;
@Column(name="BASE_URL")
private String baseUrl;
@Column(name="MANAGEMENT_URL")
private String managementUrl;
@Column(name="BEARER_ONLY")
private boolean bearerOnly;
@Column(name="NODE_REREG_TIMEOUT")
private int nodeReRegistrationTimeout;
@OneToMany(fetch = FetchType.EAGER, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "application")
Collection<RoleEntity> roles = new ArrayList<RoleEntity>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
@JoinTable(name="APPLICATION_DEFAULT_ROLES", joinColumns = { @JoinColumn(name="APPLICATION_ID")}, inverseJoinColumns = { @JoinColumn(name="ROLE_ID")})
Collection<RoleEntity> defaultRoles = new ArrayList<RoleEntity>();
@ElementCollection
@MapKeyColumn(name="NAME")
@Column(name="VALUE")
@CollectionTable(name="APP_NODE_REGISTRATIONS", joinColumns={ @JoinColumn(name="APPLICATION_ID") })
Map<String, Integer> registeredNodes = new HashMap<String, Integer>();
public boolean isSurrogateAuthRequired() {
return surrogateAuthRequired;
}
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
this.surrogateAuthRequired = surrogateAuthRequired;
}
public String getBaseUrl() {
return baseUrl;
}
public void setBaseUrl(String baseUrl) {
this.baseUrl = baseUrl;
}
public String getManagementUrl() {
return managementUrl;
}
public void setManagementUrl(String managementUrl) {
this.managementUrl = managementUrl;
}
public Collection<RoleEntity> getRoles() {
return roles;
}
public void setRoles(Collection<RoleEntity> roles) {
this.roles = roles;
}
public Collection<RoleEntity> getDefaultRoles() {
return defaultRoles;
}
public void setDefaultRoles(Collection<RoleEntity> defaultRoles) {
this.defaultRoles = defaultRoles;
}
public boolean isBearerOnly() {
return bearerOnly;
}
public void setBearerOnly(boolean bearerOnly) {
this.bearerOnly = bearerOnly;
}
public int getNodeReRegistrationTimeout() {
return nodeReRegistrationTimeout;
}
public void setNodeReRegistrationTimeout(int nodeReRegistrationTimeout) {
this.nodeReRegistrationTimeout = nodeReRegistrationTimeout;
}
public Map<String, Integer> getRegisteredNodes() {
return registeredNodes;
}
public void setRegisteredNodes(Map<String, Integer> registeredNodes) {
this.registeredNodes = registeredNodes;
}
}

120
model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java
View file

@ -7,8 +7,6 @@ import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.Inheritance;
import javax.persistence.InheritanceType;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToOne;
@ -28,9 +26,9 @@ import java.util.Set;
* @version $Revision: 1 $
*/
@Entity
@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
@Table(name="CLIENT", uniqueConstraints = {@UniqueConstraint(columnNames = {"REALM_ID", "NAME"})})
public abstract class ClientEntity {
public class ClientEntity {
@Id
@Column(name="ID", length = 36)
private String id;
@ -77,6 +75,40 @@ public abstract class ClientEntity {
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "client")
Collection<ProtocolMapperEntity> protocolMappers = new ArrayList<ProtocolMapperEntity>();
@Column(name="SURROGATE_AUTH_REQUIRED")
private boolean surrogateAuthRequired;
@Column(name="BASE_URL")
private String baseUrl;
@Column(name="MANAGEMENT_URL")
private String managementUrl;
@Column(name="DIRECT_GRANTS_ONLY")
protected boolean directGrantsOnly;
@Column(name="BEARER_ONLY")
private boolean bearerOnly;
@Column(name="CONSENT_REQUIRED")
private boolean consentRequired;
@Column(name="NODE_REREG_TIMEOUT")
private int nodeReRegistrationTimeout;
@OneToMany(fetch = FetchType.EAGER, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "application")
Collection<RoleEntity> roles = new ArrayList<RoleEntity>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
@JoinTable(name="APPLICATION_DEFAULT_ROLES", joinColumns = { @JoinColumn(name="APPLICATION_ID")}, inverseJoinColumns = { @JoinColumn(name="ROLE_ID")})
Collection<RoleEntity> defaultRoles = new ArrayList<RoleEntity>();
@ElementCollection
@MapKeyColumn(name="NAME")
@Column(name="VALUE")
@CollectionTable(name="APP_NODE_REGISTRATIONS", joinColumns={ @JoinColumn(name="APPLICATION_ID") })
Map<String, Integer> registeredNodes = new HashMap<String, Integer>();
public RealmEntity getRealm() {
return realm;
}
@ -196,4 +228,84 @@ public abstract class ClientEntity {
public void setProtocolMappers(Collection<ProtocolMapperEntity> protocolMappers) {
this.protocolMappers = protocolMappers;
}
public boolean isSurrogateAuthRequired() {
return surrogateAuthRequired;
}
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
this.surrogateAuthRequired = surrogateAuthRequired;
}
public String getBaseUrl() {
return baseUrl;
}
public void setBaseUrl(String baseUrl) {
this.baseUrl = baseUrl;
}
public String getManagementUrl() {
return managementUrl;
}
public void setManagementUrl(String managementUrl) {
this.managementUrl = managementUrl;
}
public Collection<RoleEntity> getRoles() {
return roles;
}
public void setRoles(Collection<RoleEntity> roles) {
this.roles = roles;
}
public Collection<RoleEntity> getDefaultRoles() {
return defaultRoles;
}
public void setDefaultRoles(Collection<RoleEntity> defaultRoles) {
this.defaultRoles = defaultRoles;
}
public boolean isBearerOnly() {
return bearerOnly;
}
public void setBearerOnly(boolean bearerOnly) {
this.bearerOnly = bearerOnly;
}
public boolean isConsentRequired() {
return consentRequired;
}
public void setConsentRequired(boolean consentRequired) {
this.consentRequired = consentRequired;
}
public boolean isDirectGrantsOnly() {
return directGrantsOnly;
}
public void setDirectGrantsOnly(boolean directGrantsOnly) {
this.directGrantsOnly = directGrantsOnly;
}
public int getNodeReRegistrationTimeout() {
return nodeReRegistrationTimeout;
}
public void setNodeReRegistrationTimeout(int nodeReRegistrationTimeout) {
this.nodeReRegistrationTimeout = nodeReRegistrationTimeout;
}
public Map<String, Integer> getRegisteredNodes() {
return registeredNodes;
}
public void setRegisteredNodes(Map<String, Integer> registeredNodes) {
this.registeredNodes = registeredNodes;
}
}

29
model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java
View file

@ -1,29 +0,0 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@NamedQueries({
@NamedQuery(name="findOAuthClientByName", query="select o from OAuthClientEntity o where o.name=:name and o.realm = :realm"),
@NamedQuery(name="findOAuthClientByRealm", query="select o from OAuthClientEntity o where o.realm = :realm")
})
@Entity
public class OAuthClientEntity extends ClientEntity {
@Column(name="DIRECT_GRANTS_ONLY")
protected boolean directGrantsOnly;
public boolean isDirectGrantsOnly() {
return directGrantsOnly;
}
public void setDirectGrantsOnly(boolean directGrantsOnly) {
this.directGrantsOnly = directGrantsOnly;
}
}

2
model/jpa/src/main/java/org/keycloak/models/jpa/entities/ProtocolMapperEntity.java
View file

@ -9,8 +9,6 @@ import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.MapKeyColumn;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import java.util.Map;

12
model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
View file

@ -105,7 +105,7 @@ public class RealmEntity {
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
@JoinTable(name="REALM_APPLICATION", joinColumns={ @JoinColumn(name="REALM_ID") }, inverseJoinColumns={ @JoinColumn(name="APPLICATION_ID") })
Collection<ApplicationEntity> applications = new ArrayList<ApplicationEntity>();
Collection<ClientEntity> applications = new ArrayList<ClientEntity>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
Collection<RoleEntity> roles = new ArrayList<RoleEntity>();
@ -137,7 +137,7 @@ public class RealmEntity {
@OneToOne
@JoinColumn(name="MASTER_ADMIN_APP")
protected ApplicationEntity masterAdminApp;
protected ClientEntity masterAdminApp;
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
protected List<IdentityProviderEntity> identityProviders = new ArrayList<IdentityProviderEntity>();
@ -318,11 +318,11 @@ public class RealmEntity {
this.requiredCredentials = requiredCredentials;
}
public Collection<ApplicationEntity> getApplications() {
public Collection<ClientEntity> getApplications() {
return applications;
}
public void setApplications(Collection<ApplicationEntity> applications) {
public void setApplications(Collection<ClientEntity> applications) {
this.applications = applications;
}
@ -437,11 +437,11 @@ public class RealmEntity {
this.enabledEventTypes = enabledEventTypes;
}
public ApplicationEntity getMasterAdminApp() {
public ClientEntity getMasterAdminApp() {
return masterAdminApp;
}
public void setMasterAdminApp(ApplicationEntity masterAdminApp) {
public void setMasterAdminApp(ClientEntity masterAdminApp) {
this.masterAdminApp = masterAdminApp;
}

6
model/jpa/src/main/java/org/keycloak/models/jpa/entities/RoleEntity.java
View file

@ -51,7 +51,7 @@ public class RoleEntity {
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "APPLICATION")
private ApplicationEntity application;
private ClientEntity application;
// Hack to ensure that either name+application or name+realm are unique. Needed due to MS-SQL as it don't allow multiple NULL values in the column, which is part of constraint
@Column(name="APP_REALM_CONSTRAINT", length = 36)
@ -118,11 +118,11 @@ public class RoleEntity {
this.appRealmConstraint = realm.getId();
}
public ApplicationEntity getApplication() {
public ClientEntity getApplication() {
return application;
}
public void setApplication(ApplicationEntity application) {
public void setApplication(ClientEntity application) {
this.application = application;
if (application != null) {
this.appRealmConstraint = application.getId();

275
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
View file

@ -1,275 +0,0 @@
package org.keycloak.models.mongo.keycloak.adapters;
import com.mongodb.DBObject;
import com.mongodb.QueryBuilder;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.mongo.keycloak.entities.MongoApplicationEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity;
import org.keycloak.models.mongo.utils.MongoModelUtils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class ApplicationAdapter extends ClientAdapter<MongoApplicationEntity> implements ApplicationModel {
public ApplicationAdapter(KeycloakSession session, RealmModel realm, MongoApplicationEntity applicationEntity, MongoStoreInvocationContext invContext) {
super(session, realm, applicationEntity, invContext);
}
@Override
public void updateApplication() {
updateMongoEntity();
}
@Override
public String getName() {
return getMongoEntity().getName();
}
@Override
public void setName(String name) {
getMongoEntity().setName(name);
updateMongoEntity();
}
@Override
public boolean isSurrogateAuthRequired() {
return getMongoEntity().isSurrogateAuthRequired();
}
@Override
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
getMongoEntity().setSurrogateAuthRequired(surrogateAuthRequired);
updateMongoEntity();
}
@Override
public String getManagementUrl() {
return getMongoEntity().getManagementUrl();
}
@Override
public void setManagementUrl(String url) {
getMongoEntity().setManagementUrl(url);
updateMongoEntity();
}
@Override
public void setBaseUrl(String url) {
getMongoEntity().setBaseUrl(url);
updateMongoEntity();
}
@Override
public String getBaseUrl() {
return getMongoEntity().getBaseUrl();
}
@Override
public boolean isBearerOnly() {
return getMongoEntity().isBearerOnly();
}
@Override
public void setBearerOnly(boolean only) {
getMongoEntity().setBearerOnly(only);
updateMongoEntity();
}
@Override
public boolean isPublicClient() {
return getMongoEntity().isPublicClient();
}
@Override
public void setPublicClient(boolean flag) {
getMongoEntity().setPublicClient(flag);
updateMongoEntity();
}
@Override
public boolean isDirectGrantsOnly() {
return false; // applications can't be grant only
}
@Override
public void setDirectGrantsOnly(boolean flag) {
// applications can't be grant only
}
@Override
public RoleAdapter getRole(String name) {
DBObject query = new QueryBuilder()
.and("name").is(name)
.and("applicationId").is(getId())
.get();
MongoRoleEntity role = getMongoStore().loadSingleEntity(MongoRoleEntity.class, query, invocationContext);
if (role == null) {
return null;
} else {
return new RoleAdapter(session, getRealm(), role, invocationContext);
}
}
@Override
public RoleAdapter addRole(String name) {
return this.addRole(null, name);
}
@Override
public RoleAdapter addRole(String id, String name) {
MongoRoleEntity roleEntity = new MongoRoleEntity();
roleEntity.setId(id);
roleEntity.setName(name);
roleEntity.setApplicationId(getId());
getMongoStore().insertEntity(roleEntity, invocationContext);
return new RoleAdapter(session, getRealm(), roleEntity, this, invocationContext);
}
@Override
public boolean removeRole(RoleModel role) {
session.users().preRemove(getRealm(), role);
return getMongoStore().removeEntity(MongoRoleEntity.class, role.getId(), invocationContext);
}
@Override
public Set<RoleModel> getRoles() {
DBObject query = new QueryBuilder()
.and("applicationId").is(getId())
.get();
List<MongoRoleEntity> roles = getMongoStore().loadEntities(MongoRoleEntity.class, query, invocationContext);
Set<RoleModel> result = new HashSet<RoleModel>();
for (MongoRoleEntity role : roles) {
result.add(new RoleAdapter(session, getRealm(), role, this, invocationContext));
}
return result;
}
@Override
public boolean hasScope(RoleModel role) {
if (super.hasScope(role)) {
return true;
}
Set<RoleModel> roles = getRoles();
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
return false;
}
@Override
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> result = new HashSet<RoleModel>();
List<MongoRoleEntity> roles = MongoModelUtils.getAllScopesOfClient(client, invocationContext);
for (MongoRoleEntity role : roles) {
if (getId().equals(role.getApplicationId())) {
result.add(new RoleAdapter(session, getRealm(), role, this, invocationContext));
}
}
return result;
}
@Override
public List<String> getDefaultRoles() {
return getMongoEntity().getDefaultRoles();
}
@Override
public void addDefaultRole(String name) {
RoleModel role = getRole(name);
if (role == null) {
addRole(name);
}
getMongoStore().pushItemToList(getMongoEntity(), "defaultRoles", name, true, invocationContext);
}
@Override
public void updateDefaultRoles(String[] defaultRoles) {
List<String> roleNames = new ArrayList<String>();
for (String roleName : defaultRoles) {
RoleModel role = getRole(roleName);
if (role == null) {
addRole(roleName);
}
roleNames.add(roleName);
}
getMongoEntity().setDefaultRoles(roleNames);
updateMongoEntity();
}
@Override
public int getNodeReRegistrationTimeout() {
return getMongoEntity().getNodeReRegistrationTimeout();
}
@Override
public void setNodeReRegistrationTimeout(int timeout) {
getMongoEntity().setNodeReRegistrationTimeout(timeout);
updateMongoEntity();
}
@Override
public Map<String, Integer> getRegisteredNodes() {
return getMongoEntity().getRegisteredNodes() == null ? Collections.<String, Integer>emptyMap() : Collections.unmodifiableMap(getMongoEntity().getRegisteredNodes());
}
@Override
public void registerNode(String nodeHost, int registrationTime) {
MongoApplicationEntity entity = getMongoEntity();
if (entity.getRegisteredNodes() == null) {
entity.setRegisteredNodes(new HashMap<String, Integer>());
}
entity.getRegisteredNodes().put(nodeHost, registrationTime);
updateMongoEntity();
}
@Override
public void unregisterNode(String nodeHost) {
MongoApplicationEntity entity = getMongoEntity();
if (entity.getRegisteredNodes() == null) return;
entity.getRegisteredNodes().remove(nodeHost);
updateMongoEntity();
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || !(o instanceof ApplicationModel)) return false;
ApplicationModel that = (ApplicationModel) o;
return that.getId().equals(getId());
}
@Override
public int hashCode() {
return getId().hashCode();
}
}

1117
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java
View file

File diff suppressed because it is too large Load diff

Some files were not shown because too many files have changed in this diff Show more