From 72d9841baa68e85faebab85546a3c8a6dedbb9a4 Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Wed, 31 Jul 2013 17:56:17 -0400 Subject: [PATCH] finish picketlink abstraction --- .../example/demo/DemoApplication.java | 34 +- ...Filter.java => KeycloakSessionFilter.java} | 20 +- .../services/managers/RealmManager.java | 37 +- .../services/models/KeycloakSession.java | 5 + .../models/KeycloakSessionFactory.java | 2 + .../keycloak/services/models/RealmModel.java | 410 ++------------- .../services/models/ResourceModel.java | 190 ++----- .../keycloak/services/models/RoleModel.java | 40 +- .../keycloak/services/models/UserModel.java | 56 +- .../picketlink/PicketlinkKeycloakSession.java | 69 +++ .../PicketlinkKeycloakSessionFactory.java | 27 + .../PicketlinkKeycloakTransaction.java | 40 ++ .../models/picketlink/RealmAdapter.java | 479 ++++++++++++++++++ .../models/picketlink/ResourceAdapter.java | 165 ++++++ .../models/picketlink/RoleAdapter.java | 49 ++ .../models/picketlink/UserAdapter.java | 71 +++ .../relationships/RealmAdminRelationship.java | 2 +- .../RequiredCredentialRelationship.java | 2 +- .../relationships/ResourceRelationship.java | 2 +- .../relationships/ScopeRelationship.java | 2 +- .../resources/KeycloakApplication.java | 20 +- .../services/resources/RealmSubResource.java | 4 +- .../services/resources/RealmsResource.java | 4 +- .../resources/RegistrationService.java | 6 +- .../services/resources/TokenService.java | 4 +- .../java/org/keycloak/test/AdapterTest.java | 28 +- .../java/org/keycloak/test/ImportTest.java | 21 +- .../keycloak/test}/InstallationManager.java | 4 +- .../org/keycloak/test/RealmCreationTest.java | 4 +- 29 files changed, 1087 insertions(+), 710 deletions(-) rename services/src/main/java/org/keycloak/services/filters/{IdentitySessionFilter.java => KeycloakSessionFilter.java} (56%) create mode 100755 services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSession.java create mode 100755 services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSessionFactory.java create mode 100755 services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakTransaction.java create mode 100755 services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java create mode 100755 services/src/main/java/org/keycloak/services/models/picketlink/ResourceAdapter.java create mode 100755 services/src/main/java/org/keycloak/services/models/picketlink/RoleAdapter.java create mode 100755 services/src/main/java/org/keycloak/services/models/picketlink/UserAdapter.java rename services/src/main/java/org/keycloak/services/models/{ => picketlink}/relationships/RealmAdminRelationship.java (91%) rename services/src/main/java/org/keycloak/services/models/{ => picketlink}/relationships/RequiredCredentialRelationship.java (92%) rename services/src/main/java/org/keycloak/services/models/{ => picketlink}/relationships/ResourceRelationship.java (94%) rename services/src/main/java/org/keycloak/services/models/{ => picketlink}/relationships/ScopeRelationship.java (91%) rename services/src/{main/java/org/keycloak/services/managers => test/java/org/keycloak/test}/InstallationManager.java (91%) diff --git a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java index 8e9242cf6d..1d81d727b5 100755 --- a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java +++ b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java @@ -3,40 +3,15 @@ package org.keycloak.example.demo; import org.jboss.resteasy.jwt.JsonSerialization; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.managers.RealmManager; +import org.keycloak.services.models.KeycloakSession; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; -import org.keycloak.services.models.relationships.RealmAdminRelationship; -import org.keycloak.services.models.relationships.RequiredCredentialRelationship; -import org.keycloak.services.models.relationships.ResourceRelationship; -import org.keycloak.services.models.relationships.ScopeRelationship; import org.keycloak.services.resources.KeycloakApplication; import org.keycloak.services.resources.RegistrationService; -import org.picketlink.idm.IdentitySession; -import org.picketlink.idm.IdentitySessionFactory; -import org.picketlink.idm.config.IdentityConfiguration; -import org.picketlink.idm.config.IdentityConfigurationBuilder; -import org.picketlink.idm.internal.DefaultIdentitySessionFactory; -import org.picketlink.idm.jpa.internal.ResourceLocalJpaIdentitySessionHandler; -import org.picketlink.idm.jpa.schema.CredentialObject; -import org.picketlink.idm.jpa.schema.CredentialObjectAttribute; -import org.picketlink.idm.jpa.schema.IdentityObject; -import org.picketlink.idm.jpa.schema.IdentityObjectAttribute; -import org.picketlink.idm.jpa.schema.PartitionObject; -import org.picketlink.idm.jpa.schema.RelationshipIdentityObject; -import org.picketlink.idm.jpa.schema.RelationshipObject; -import org.picketlink.idm.jpa.schema.RelationshipObjectAttribute; -import org.picketlink.idm.model.Realm; -import org.picketlink.idm.model.SimpleRole; -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Application; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; -import java.util.HashSet; -import java.util.Set; /** * @author Bill Burke * @version $Revision: 1 $ @@ -45,7 +20,7 @@ public class DemoApplication extends KeycloakApplication { public DemoApplication() { super(); - IdentitySession session = factory.createIdentitySession(); + KeycloakSession session = factory.createSession(); session.getTransaction().begin(); RealmManager realmManager = new RealmManager(session); if (realmManager.defaultRealm() == null) { @@ -55,8 +30,8 @@ public class DemoApplication extends KeycloakApplication { } public void install(RealmManager manager) { - RealmModel defaultRealm = manager.createRealm(Realm.DEFAULT_REALM, Realm.DEFAULT_REALM); - defaultRealm.setName(Realm.DEFAULT_REALM); + RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM); + defaultRealm.setName(RealmModel.DEFAULT_REALM); defaultRealm.setEnabled(true); defaultRealm.setTokenLifespan(300); defaultRealm.setAccessCodeLifespan(60); @@ -64,7 +39,6 @@ public class DemoApplication extends KeycloakApplication { defaultRealm.setCookieLoginAllowed(true); defaultRealm.setRegistrationAllowed(true); manager.generateRealmKeys(defaultRealm); - defaultRealm.updateRealm(); defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD); defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE); diff --git a/services/src/main/java/org/keycloak/services/filters/IdentitySessionFilter.java b/services/src/main/java/org/keycloak/services/filters/KeycloakSessionFilter.java similarity index 56% rename from services/src/main/java/org/keycloak/services/filters/IdentitySessionFilter.java rename to services/src/main/java/org/keycloak/services/filters/KeycloakSessionFilter.java index 294ab9af58..29790bfd6a 100755 --- a/services/src/main/java/org/keycloak/services/filters/IdentitySessionFilter.java +++ b/services/src/main/java/org/keycloak/services/filters/KeycloakSessionFilter.java @@ -2,8 +2,8 @@ package org.keycloak.services.filters; import org.jboss.resteasy.logging.Logger; import org.jboss.resteasy.spi.ResteasyProviderFactory; -import org.picketlink.idm.IdentitySession; -import org.picketlink.idm.IdentitySessionFactory; +import org.keycloak.services.models.KeycloakSession; +import org.keycloak.services.models.KeycloakSessionFactory; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerRequestFilter; @@ -17,24 +17,24 @@ import java.io.IOException; * @version $Revision: 1 $ */ @PreMatching -public class IdentitySessionFilter implements ContainerRequestFilter, ContainerResponseFilter { - protected static final Logger logger = Logger.getLogger(IdentitySessionFilter.class); - protected IdentitySessionFactory factory; +public class KeycloakSessionFilter implements ContainerRequestFilter, ContainerResponseFilter { + protected static final Logger logger = Logger.getLogger(KeycloakSessionFilter.class); + protected KeycloakSessionFactory factory; - public IdentitySessionFilter(IdentitySessionFactory factory) { + public KeycloakSessionFilter(KeycloakSessionFactory factory) { this.factory = factory; } @Override public void filter(ContainerRequestContext requestContext) throws IOException { - IdentitySession ctx = factory.createIdentitySession(); - requestContext.setProperty(IdentitySession.class.getName(), ctx); - ResteasyProviderFactory.pushContext(IdentitySession.class, ctx); + KeycloakSession ctx = factory.createSession(); + requestContext.setProperty(KeycloakSession.class.getName(), ctx); + ResteasyProviderFactory.pushContext(KeycloakSession.class, ctx); } @Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { - IdentitySession ctx = (IdentitySession)requestContext.getProperty(IdentitySession.class.getName()); + KeycloakSession ctx = (KeycloakSession)requestContext.getProperty(KeycloakSession.class.getName()); if (ctx != null) ctx.close(); } } diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index 4a71d099d3..e9a9f71788 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -8,17 +8,13 @@ import org.keycloak.representations.idm.RoleMappingRepresentation; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.ScopeMappingRepresentation; import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.services.models.KeycloakSession; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; import org.keycloak.services.models.ResourceModel; import org.keycloak.services.models.RoleModel; import org.keycloak.services.models.UserCredentialModel; import org.keycloak.services.models.UserModel; -import org.picketlink.idm.IdentityManager; -import org.picketlink.idm.IdentitySession; -import org.picketlink.idm.model.Realm; -import org.picketlink.idm.model.SimpleAgent; -import org.picketlink.idm.model.SimpleRole; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Response; @@ -45,22 +41,18 @@ public class RealmManager { return counter.getAndIncrement() + "-" + System.currentTimeMillis(); } - protected IdentitySession identitySession; + protected KeycloakSession identitySession; - public RealmManager(IdentitySession identitySession) { + public RealmManager(KeycloakSession identitySession) { this.identitySession = identitySession; } public RealmModel defaultRealm() { - return getRealm(Realm.DEFAULT_REALM); + return getRealm(RealmModel.DEFAULT_REALM); } public RealmModel getRealm(String id) { - Realm existing = identitySession.findRealm(id); - if (existing == null) { - return null; - } - return new RealmModel(existing, identitySession); + return identitySession.getRealm(id); } public RealmModel createRealm(String name) { @@ -68,14 +60,11 @@ public class RealmManager { } public RealmModel createRealm(String id, String name) { - Realm newRealm = identitySession.createRealm(id); - IdentityManager idm = identitySession.createIdentityManager(newRealm); - SimpleAgent agent = new SimpleAgent(RealmModel.REALM_AGENT_ID); - idm.add(agent); - RealmModel realm = new RealmModel(newRealm, identitySession); - idm.add(new SimpleRole(WILDCARD_ROLE)); - idm.add(new SimpleRole(RESOURCE_ROLE)); - idm.add(new SimpleRole(IDENTITY_REQUESTER_ROLE)); + RealmModel realm =identitySession.createRealm(id, name); + realm.setName(name); + realm.addRole(WILDCARD_ROLE); + realm.addRole(RESOURCE_ROLE); + realm.addRole(IDENTITY_REQUESTER_ROLE); return realm; } @@ -88,7 +77,6 @@ public class RealmManager { } realm.setPrivateKey(keyPair.getPrivate()); realm.setPublicKey(keyPair.getPublic()); - realm.updateRealm(); } public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) { @@ -96,7 +84,6 @@ public class RealmManager { RealmModel realm = createRealm(rep.getRealm()); importRealm(rep, realm); realm.addRealmAdmin(realmCreator); - realm.updateRealm(); return realm; } @@ -115,9 +102,6 @@ public class RealmManager { newRealm.setPublicKeyPem(rep.getPublicKey()); } - newRealm.updateRealm(); - - Map userMap = new HashMap(); for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) { @@ -292,5 +276,4 @@ public class RealmManager { } } } - } diff --git a/services/src/main/java/org/keycloak/services/models/KeycloakSession.java b/services/src/main/java/org/keycloak/services/models/KeycloakSession.java index d245db93ef..dd65e03ebd 100755 --- a/services/src/main/java/org/keycloak/services/models/KeycloakSession.java +++ b/services/src/main/java/org/keycloak/services/models/KeycloakSession.java @@ -7,5 +7,10 @@ package org.keycloak.services.models; public interface KeycloakSession { KeycloakTransaction getTransaction(); + RealmModel createRealm(String name); + RealmModel createRealm(String id, String name); + RealmModel getRealm(String id); + void deleteRealm(RealmModel realm); + void close(); } diff --git a/services/src/main/java/org/keycloak/services/models/KeycloakSessionFactory.java b/services/src/main/java/org/keycloak/services/models/KeycloakSessionFactory.java index 28b326ef13..e582b40be9 100755 --- a/services/src/main/java/org/keycloak/services/models/KeycloakSessionFactory.java +++ b/services/src/main/java/org/keycloak/services/models/KeycloakSessionFactory.java @@ -5,4 +5,6 @@ package org.keycloak.services.models; * @version $Revision: 1 $ */ public interface KeycloakSessionFactory { + KeycloakSession createSession(); + void close(); } diff --git a/services/src/main/java/org/keycloak/services/models/RealmModel.java b/services/src/main/java/org/keycloak/services/models/RealmModel.java index b633d45860..fa01607f2e 100755 --- a/services/src/main/java/org/keycloak/services/models/RealmModel.java +++ b/services/src/main/java/org/keycloak/services/models/RealmModel.java @@ -1,421 +1,101 @@ package org.keycloak.services.models; -import org.bouncycastle.openssl.PEMWriter; -import org.jboss.resteasy.security.PemUtils; -import org.keycloak.representations.idm.RequiredCredentialRepresentation; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.services.models.relationships.RealmAdminRelationship; -import org.keycloak.services.models.relationships.RequiredCredentialRelationship; -import org.keycloak.services.models.relationships.ResourceRelationship; -import org.keycloak.services.models.relationships.ScopeRelationship; -import org.picketlink.idm.IdentityManager; -import org.picketlink.idm.IdentitySession; -import org.picketlink.idm.credential.Credentials; -import org.picketlink.idm.credential.Password; -import org.picketlink.idm.credential.TOTPCredential; -import org.picketlink.idm.credential.TOTPCredentials; -import org.picketlink.idm.credential.UsernamePasswordCredentials; -import org.picketlink.idm.credential.X509CertificateCredentials; -import org.picketlink.idm.model.Agent; -import org.picketlink.idm.model.Attribute; -import org.picketlink.idm.model.Grant; -import org.picketlink.idm.model.Realm; -import org.picketlink.idm.model.Role; -import org.picketlink.idm.model.SimpleRole; -import org.picketlink.idm.model.SimpleUser; -import org.picketlink.idm.model.Tier; -import org.picketlink.idm.model.User; -import org.picketlink.idm.query.IdentityQuery; -import org.picketlink.idm.query.RelationshipQuery; - -import java.io.IOException; -import java.io.StringWriter; import java.security.PrivateKey; import java.security.PublicKey; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; /** - * Meant to be a per-request object - * * @author Bill Burke * @version $Revision: 1 $ */ -public class RealmModel { - public static final String DEFAULT_REALM = "default"; - public static final String REALM_AGENT_ID = "_realm_"; - public static final String REALM_NAME = "name"; - public static final String REALM_ACCESS_CODE_LIFESPAN = "accessCodeLifespan"; - public static final String REALM_TOKEN_LIFESPAN = "tokenLifespan"; - public static final String REALM_PRIVATE_KEY = "privateKey"; - public static final String REALM_PUBLIC_KEY = "publicKey"; - public static final String REALM_IS_SSL_NOT_REQUIRED = "isSSLNotRequired"; - public static final String REALM_IS_COOKIE_LOGIN_ALLOWED = "isCookieLoginAllowed"; - public static final String REALM_IS_REGISTRATION_ALLOWED = "isRegistrationAllowed"; +public interface RealmModel { + String DEFAULT_REALM = "default"; - protected Realm realm; - protected Agent realmAgent; - protected IdentitySession identitySession; - protected volatile transient PublicKey publicKey; - protected volatile transient PrivateKey privateKey; - protected IdentityManager idm; + String getId(); - public RealmModel(Realm realm, IdentitySession session) { - this.realm = realm; - this.identitySession = session; - realmAgent = getIdm().getAgent(REALM_AGENT_ID); - } + String getName(); - protected IdentityManager getIdm() { - if (idm == null) idm = identitySession.createIdentityManager(realm); - return idm; - } + void setName(String name); - public void updateRealm() { - getIdm().update(realmAgent); - } + boolean isEnabled(); - public String getId() { - return realm.getId(); - } + void setEnabled(boolean enabled); - public String getName() { - return (String) realmAgent.getAttribute(REALM_NAME).getValue(); - } + boolean isSslNotRequired(); - public void setName(String name) { - realmAgent.setAttribute(new Attribute(REALM_NAME, name)); - } + void setSslNotRequired(boolean sslNotRequired); - public boolean isEnabled() { - return realmAgent.isEnabled(); - } + boolean isCookieLoginAllowed(); - public void setEnabled(boolean enabled) { - realmAgent.setEnabled(enabled); - } + void setCookieLoginAllowed(boolean cookieLoginAllowed); - public boolean isSslNotRequired() { - return (Boolean) realmAgent.getAttribute(REALM_IS_SSL_NOT_REQUIRED).getValue(); - } + boolean isRegistrationAllowed(); - public void setSslNotRequired(boolean sslNotRequired) { - realmAgent.setAttribute(new Attribute(REALM_IS_SSL_NOT_REQUIRED, sslNotRequired)); - } + void setRegistrationAllowed(boolean registrationAllowed); - public boolean isCookieLoginAllowed() { - return (Boolean) realmAgent.getAttribute(REALM_IS_COOKIE_LOGIN_ALLOWED).getValue(); - } + int getTokenLifespan(); - public void setCookieLoginAllowed(boolean cookieLoginAllowed) { - realmAgent.setAttribute(new Attribute(REALM_IS_COOKIE_LOGIN_ALLOWED, cookieLoginAllowed)); - } + void setTokenLifespan(int tokenLifespan); - public boolean isRegistrationAllowed() { - return (Boolean) realmAgent.getAttribute(REALM_IS_REGISTRATION_ALLOWED).getValue(); - } + int getAccessCodeLifespan(); - public void setRegistrationAllowed(boolean registrationAllowed) { - realmAgent.setAttribute(new Attribute(REALM_IS_REGISTRATION_ALLOWED, registrationAllowed)); - } + void setAccessCodeLifespan(int accessCodeLifespan); - public int getTokenLifespan() { - return (Integer) realmAgent.getAttribute(REALM_TOKEN_LIFESPAN).getValue(); - } + String getPublicKeyPem(); - public void setTokenLifespan(int tokenLifespan) { - realmAgent.setAttribute(new Attribute(REALM_TOKEN_LIFESPAN, tokenLifespan)); - } + void setPublicKeyPem(String publicKeyPem); - public int getAccessCodeLifespan() { - return (Integer) realmAgent.getAttribute(REALM_ACCESS_CODE_LIFESPAN).getValue(); - } + String getPrivateKeyPem(); - public void setAccessCodeLifespan(int accessCodeLifespan) { - realmAgent.setAttribute(new Attribute(REALM_ACCESS_CODE_LIFESPAN, accessCodeLifespan)); - } + void setPrivateKeyPem(String privateKeyPem); - public String getPublicKeyPem() { - return (String) realmAgent.getAttribute(REALM_PUBLIC_KEY).getValue(); - } + PublicKey getPublicKey(); - public void setPublicKeyPem(String publicKeyPem) { - realmAgent.setAttribute(new Attribute(REALM_PUBLIC_KEY, publicKeyPem)); - this.publicKey = null; - } + void setPublicKey(PublicKey publicKey); - public String getPrivateKeyPem() { - return (String) realmAgent.getAttribute(REALM_PRIVATE_KEY).getValue(); - } + PrivateKey getPrivateKey(); - public void setPrivateKeyPem(String privateKeyPem) { - realmAgent.setAttribute(new Attribute(REALM_PRIVATE_KEY, privateKeyPem)); - this.privateKey = null; - } + void setPrivateKey(PrivateKey privateKey); - public PublicKey getPublicKey() { - if (publicKey != null) return publicKey; - String pem = getPublicKeyPem(); - if (pem != null) { - try { - publicKey = PemUtils.decodePublicKey(pem); - } catch (Exception e) { - throw new RuntimeException(e); - } - } - return publicKey; - } + List getRequiredCredentials(); - public void setPublicKey(PublicKey publicKey) { - this.publicKey = publicKey; - StringWriter writer = new StringWriter(); - PEMWriter pemWriter = new PEMWriter(writer); - try { - pemWriter.writeObject(publicKey); - pemWriter.flush(); - } catch (IOException e) { - throw new RuntimeException(e); - } - String s = writer.toString(); - setPublicKeyPem(PemUtils.removeBeginEnd(s)); - } + void addRequiredCredential(RequiredCredentialModel cred); - public PrivateKey getPrivateKey() { - if (privateKey != null) return privateKey; - String pem = getPrivateKeyPem(); - if (pem != null) { - try { - privateKey = PemUtils.decodePrivateKey(pem); - } catch (Exception e) { - throw new RuntimeException(e); - } - } - return privateKey; - } + boolean validatePassword(UserModel user, String password); - public void setPrivateKey(PrivateKey privateKey) { - this.privateKey = privateKey; - StringWriter writer = new StringWriter(); - PEMWriter pemWriter = new PEMWriter(writer); - try { - pemWriter.writeObject(privateKey); - pemWriter.flush(); - } catch (IOException e) { - throw new RuntimeException(e); - } - String s = writer.toString(); - setPrivateKeyPem(PemUtils.removeBeginEnd(s)); - } + boolean validateTOTP(UserModel user, String password, String token); - public List getRequiredCredentials() { - IdentityManager idm = getIdm(); - Agent realmAgent = idm.getAgent(REALM_AGENT_ID); - RelationshipQuery query = idm.createRelationshipQuery(RequiredCredentialRelationship.class); - query.setParameter(RequiredCredentialRelationship.REALM_AGENT, realmAgent); - List results = query.getResultList(); - List rtn = new ArrayList(); - for (RequiredCredentialRelationship relationship : results) { - RequiredCredentialModel model = new RequiredCredentialModel(); - model.setInput(relationship.isInput()); - model.setSecret(relationship.isSecret()); - model.setType(relationship.getCredentialType()); - rtn.add(model); - } - return rtn; - } + void updateCredential(UserModel user, UserCredentialModel cred); - public void addRequiredCredential(RequiredCredentialModel cred) { - IdentityManager idm = getIdm(); - Agent realmAgent = idm.getAgent(REALM_AGENT_ID); - RequiredCredentialRelationship relationship = new RequiredCredentialRelationship(); - relationship.setCredentialType(cred.getType()); - relationship.setInput(cred.isInput()); - relationship.setSecret(cred.isSecret()); - relationship.setRealmAgent(realmAgent); - idm.add(relationship); - } + UserModel getUser(String name); - public boolean validatePassword(UserModel user, String password) { - UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user.getLoginName(), new Password(password)); - getIdm().validateCredentials(creds); - return creds.getStatus() == Credentials.Status.VALID; - } + UserModel addUser(String username); - public boolean validateTOTP(UserModel user, String password, String token) { - TOTPCredentials creds = new TOTPCredentials(); - creds.setToken(token); - creds.setUsername(user.getLoginName()); - creds.setPassword(new Password(password)); - getIdm().validateCredentials(creds); - return creds.getStatus() == Credentials.Status.VALID; - } + RoleModel getRole(String name); - public void updateCredential(UserModel user, UserCredentialModel cred) { - IdentityManager idm = getIdm(); - if (cred.getType().equals(RequiredCredentialRepresentation.PASSWORD)) { - Password password = new Password(cred.getValue()); - idm.updateCredential(user.getUser(), password); - } else if (cred.getType().equals(RequiredCredentialRepresentation.TOTP)) { - TOTPCredential totp = new TOTPCredential(cred.getValue()); - idm.updateCredential(user.getUser(), totp); - } else if (cred.getType().equals(RequiredCredentialRepresentation.CLIENT_CERT)) { - X509Certificate cert = null; - try { - cert = org.keycloak.PemUtils.decodeCertificate(cred.getValue()); - } catch (Exception e) { - throw new RuntimeException(e); - } - X509CertificateCredentials creds = new X509CertificateCredentials(cert); - idm.updateCredential(user.getUser(), creds); - } - } + RoleModel addRole(String name); - public UserModel getUser(String name) { - User user = getIdm().getUser(name); - if (user == null) return null; - return new UserModel(user, getIdm()); - } + List getRoles(); - public UserModel addUser(String username) { - User user = getIdm().getUser(username); - if (user != null) throw new IllegalStateException("User already exists"); - user = new SimpleUser(username); - getIdm().add(user); - return new UserModel(user, getIdm()); - } + Map getResourceMap(); - public RoleModel getRole(String name) { - Role role = getIdm().getRole(name); - if (role == null) return null; - return new RoleModel(role, getIdm()); - } + List getResources(); - public RoleModel addRole(String name) { - Role role = new SimpleRole(name); - getIdm().add(role); - return new RoleModel(role, getIdm()); - } + ResourceModel addResource(String name); - public List getRoles() { - IdentityManager idm = getIdm(); - IdentityQuery query = idm.createIdentityQuery(Role.class); - query.setParameter(Role.PARTITION, realm); - List roles = query.getResultList(); - List roleModels = new ArrayList(); - for (Role role : roles) { - roleModels.add(new RoleModel(role, idm)); - } - return roleModels; - } + boolean hasRole(UserModel user, RoleModel role); + void grantRole(UserModel user, RoleModel role); - /** - * Key name, value resource - * - * @return - */ - public Map getResourceMap() { - Map resourceMap = new HashMap(); - for (ResourceModel resource : getResources()) { - resourceMap.put(resource.getName(), resource); - } - return resourceMap; - } + Set getRoleMappings(UserModel user); - public List getResources() { - IdentityManager idm = getIdm(); - RelationshipQuery query = idm.createRelationshipQuery(ResourceRelationship.class); - query.setParameter(ResourceRelationship.REALM_AGENT, realmAgent); - List results = query.getResultList(); - List resources = new ArrayList(); - for (ResourceRelationship relationship : results) { - Tier resourceTier = identitySession.findTier(relationship.getResourceId()); - ResourceModel model = new ResourceModel(resourceTier,relationship, this, identitySession); - resources.add(model); - } + void addScope(UserModel agent, String roleName); - return resources; - } + Set getScope(UserModel agent); - public ResourceModel addResource(String name) { - Tier newTier = identitySession.createTier(RealmManager.generateId()); - IdentityManager idm = getIdm(); - ResourceRelationship relationship = new ResourceRelationship(); - relationship.setResourceName(name); - relationship.setRealmAgent(realmAgent); - relationship.setResourceId(newTier.getId()); - relationship.setManagementUrl(""); // Picketlink doesn't like null attribute values - User resourceUser = new SimpleUser(name); - idm.add(resourceUser); - relationship.setResourceUser(resourceUser); - idm.add(relationship); - ResourceModel resource = new ResourceModel(newTier, relationship, this, identitySession); - resource.addRole("*"); - resource.addScope(new UserModel(resourceUser, idm), "*"); - return resource; - } + boolean isRealmAdmin(UserModel agent); - public boolean hasRole(UserModel user, RoleModel role) { - return getIdm().hasRole(user.getUser(), role.getRole()); - } - - public void grantRole(UserModel user, RoleModel role) { - getIdm().grantRole(user.getUser(), role.getRole()); - } - - public Set getRoleMappings(UserModel user) { - RelationshipQuery query = getIdm().createRelationshipQuery(Grant.class); - query.setParameter(Grant.ASSIGNEE, user.getUser()); - List grants = query.getResultList(); - HashSet set = new HashSet(); - for (Grant grant : grants) { - if (grant.getRole().getPartition().getId().equals(realm.getId())) set.add(grant.getRole().getName()); - } - return set; - } - - public void addScope(UserModel agent, String roleName) { - IdentityManager idm = getIdm(); - Role role = idm.getRole(roleName); - if (role == null) throw new RuntimeException("role not found"); - ScopeRelationship scope = new ScopeRelationship(); - scope.setClient(agent.getUser()); - scope.setScope(role); - idm.add(scope); - - } - - - public Set getScope(UserModel agent) { - RelationshipQuery query = getIdm().createRelationshipQuery(ScopeRelationship.class); - query.setParameter(ScopeRelationship.CLIENT, agent.getUser()); - List scope = query.getResultList(); - HashSet set = new HashSet(); - for (ScopeRelationship rel : scope) { - if (rel.getScope().getPartition().getId().equals(realm.getId())) set.add(rel.getScope().getName()); - } - return set; - } - - public boolean isRealmAdmin(UserModel agent) { - IdentityManager idm = new RealmManager(identitySession).defaultRealm().getIdm(); - RelationshipQuery query = idm.createRelationshipQuery(RealmAdminRelationship.class); - query.setParameter(RealmAdminRelationship.REALM, realm.getId()); - query.setParameter(RealmAdminRelationship.ADMIN, agent.getUser()); - List results = query.getResultList(); - return results.size() > 0; - } - - public void addRealmAdmin(UserModel agent) { - IdentityManager idm = new RealmManager(identitySession).defaultRealm().getIdm(); - RealmAdminRelationship relationship = new RealmAdminRelationship(); - relationship.setAdmin(agent.getUser()); - relationship.setRealm(realm.getId()); - idm.add(relationship); - } + void addRealmAdmin(UserModel agent); } diff --git a/services/src/main/java/org/keycloak/services/models/ResourceModel.java b/services/src/main/java/org/keycloak/services/models/ResourceModel.java index 2874e60cb9..e5cffc9476 100755 --- a/services/src/main/java/org/keycloak/services/models/ResourceModel.java +++ b/services/src/main/java/org/keycloak/services/models/ResourceModel.java @@ -1,144 +1,46 @@ -package org.keycloak.services.models; - -import org.keycloak.services.models.relationships.ResourceRelationship; -import org.keycloak.services.models.relationships.ScopeRelationship; -import org.picketlink.idm.IdentityManager; -import org.picketlink.idm.IdentitySession; -import org.picketlink.idm.model.Grant; -import org.picketlink.idm.model.Role; -import org.picketlink.idm.model.SimpleRole; -import org.picketlink.idm.model.Tier; -import org.picketlink.idm.query.IdentityQuery; -import org.picketlink.idm.query.RelationshipQuery; - -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class ResourceModel { - protected Tier tier; - protected ResourceRelationship agent; - protected RealmModel realm; - protected IdentitySession identitySession; - protected IdentityManager idm; - - public ResourceModel(Tier tier, ResourceRelationship agent, RealmModel realm, IdentitySession session) { - this.tier = tier; - this.agent = agent; - this.realm = realm; - this.identitySession = session; - } - - protected IdentityManager getIdm() { - if (idm == null) idm = identitySession.createIdentityManager(tier); - return idm; - } - - public void updateResource() { - getIdm().update(agent); - } - - public UserModel getResourceUser() { - return new UserModel(agent.getResourceUser(), realm.getIdm()); - } - - public String getId() { - return tier.getId(); - } - - public String getName() { - return agent.getResourceName(); - } - - public void setName(String name) { - agent.setResourceName(name); - } - - public boolean isEnabled() { - return agent.getEnabled(); - } - - public void setEnabled(boolean enabled) { - agent.setEnabled(enabled); - } - - public boolean isSurrogateAuthRequired() { - return agent.getSurrogateAuthRequired(); - } - - public void setSurrogateAuthRequired(boolean surrogateAuthRequired) { - agent.setSurrogateAuthRequired(surrogateAuthRequired); - } - - public String getManagementUrl() { - return agent.getManagementUrl(); - } - - public void setManagementUrl(String url) { - agent.setManagementUrl(url); - } - - public RoleModel getRole(String name) { - Role role = getIdm().getRole(name); - if (role == null) return null; - return new RoleModel(role, getIdm()); - } - - public RoleModel addRole(String name) { - Role role = new SimpleRole(name); - getIdm().add(role); - return new RoleModel(role, getIdm()); - } - - public List getRoles() { - IdentityQuery query = getIdm().createIdentityQuery(Role.class); - query.setParameter(Role.PARTITION, tier); - List roles = query.getResultList(); - List roleModels = new ArrayList(); - for (Role role : roles) { - roleModels.add(new RoleModel(role, idm)); - } - return roleModels; - } - - public Set getRoleMappings(UserModel user) { - RelationshipQuery query = getIdm().createRelationshipQuery(Grant.class); - query.setParameter(Grant.ASSIGNEE, user.getUser()); - List grants = query.getResultList(); - HashSet set = new HashSet(); - for (Grant grant : grants) { - if (grant.getRole().getPartition().getId().equals(tier.getId())) set.add(grant.getRole().getName()); - } - return set; - } - - public void addScope(UserModel agent, String roleName) { - IdentityManager idm = getIdm(); - Role role = idm.getRole(roleName); - if (role == null) throw new RuntimeException("role not found"); - addScope(agent, role); - - } - - public void addScope(UserModel agent, Role role) { - ScopeRelationship scope = new ScopeRelationship(); - scope.setClient(agent.getUser()); - scope.setScope(role); - } - - public Set getScope(UserModel agent) { - RelationshipQuery query = getIdm().createRelationshipQuery(ScopeRelationship.class); - query.setParameter(ScopeRelationship.CLIENT, agent.getUser()); - List scope = query.getResultList(); - HashSet set = new HashSet(); - for (ScopeRelationship rel : scope) { - if (rel.getScope().getPartition().getId().equals(tier.getId())) set.add(rel.getScope().getName()); - } - return set; - } -} +package org.keycloak.services.models; + +import java.util.List; +import java.util.Set; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public interface ResourceModel { + void updateResource(); + + UserModel getResourceUser(); + + String getId(); + + String getName(); + + void setName(String name); + + boolean isEnabled(); + + void setEnabled(boolean enabled); + + boolean isSurrogateAuthRequired(); + + void setSurrogateAuthRequired(boolean surrogateAuthRequired); + + String getManagementUrl(); + + void setManagementUrl(String url); + + RoleModel getRole(String name); + + RoleModel addRole(String name); + + List getRoles(); + + Set getRoleMappings(UserModel user); + + void addScope(UserModel agent, String roleName); + + void addScope(UserModel agent, RoleModel role); + + Set getScope(UserModel agent); +} diff --git a/services/src/main/java/org/keycloak/services/models/RoleModel.java b/services/src/main/java/org/keycloak/services/models/RoleModel.java index 5fcea7c836..674dc620c7 100755 --- a/services/src/main/java/org/keycloak/services/models/RoleModel.java +++ b/services/src/main/java/org/keycloak/services/models/RoleModel.java @@ -1,45 +1,13 @@ package org.keycloak.services.models; -import org.picketlink.idm.IdentityManager; -import org.picketlink.idm.model.Attribute; -import org.picketlink.idm.model.Role; - -import java.io.Serializable; - /** * @author Bill Burke * @version $Revision: 1 $ */ -public class RoleModel { - protected Role role; - protected IdentityManager idm; +public interface RoleModel { + String getName(); - public RoleModel(Role role, IdentityManager idm) { - this.role = role; - this.idm = idm; - } - - protected Role getRole() { - return role; - } - - public String getName() { - return role.getName(); - } - - public String getDescription() { - Attribute description = role.getAttribute("description"); - if (description == null) return null; - return (String) description.getValue(); - } - - public void setDescription(String description) { - if (description == null) { - role.removeAttribute("description"); - } else { - role.setAttribute(new Attribute("description", description)); - } - idm.update(role); - } + String getDescription(); + void setDescription(String description); } diff --git a/services/src/main/java/org/keycloak/services/models/UserModel.java b/services/src/main/java/org/keycloak/services/models/UserModel.java index 7491f3c5c7..bac22c75ec 100755 --- a/services/src/main/java/org/keycloak/services/models/UserModel.java +++ b/services/src/main/java/org/keycloak/services/models/UserModel.java @@ -1,63 +1,23 @@ package org.keycloak.services.models; -import org.picketlink.idm.IdentityManager; -import org.picketlink.idm.model.Attribute; -import org.picketlink.idm.model.User; - -import java.util.HashMap; import java.util.Map; /** * @author Bill Burke * @version $Revision: 1 $ */ -public class UserModel { - protected User user; - protected IdentityManager idm; +public interface UserModel { + String getLoginName(); - public UserModel(User user, IdentityManager idm) { - this.user = user; - this.idm = idm; - } + boolean isEnabled(); - protected User getUser() { - return user; - } + void setEnabled(boolean enabled); - public String getLoginName() { - return user.getLoginName(); - } + void setAttribute(String name, String value); - public boolean isEnabled() { - return user.isEnabled(); - } + void removeAttribute(String name); - public void setEnabled(boolean enabled) { - user.setEnabled(enabled); - idm.update(user); - } + String getAttribute(String name); - public void setAttribute(String name, String value) { - user.setAttribute(new Attribute(name, value)); - idm.update(user); - } - - public void removeAttribute(String name) { - user.removeAttribute(name); - idm.update(user); - } - - public String getAttribute(String name) { - Attribute attribute = user.getAttribute(name); - if (attribute == null || attribute.getValue() == null) return null; - return attribute.getValue().toString(); - } - - public Map getAttributes() { - Map attributes = new HashMap(); - for (Attribute attribute : user.getAttributes()) { - if (attribute.getValue() != null) attributes.put(attribute.getName(), attribute.getValue().toString()); - } - return attributes; - } + Map getAttributes(); } diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSession.java b/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSession.java new file mode 100755 index 0000000000..9a49b5954f --- /dev/null +++ b/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSession.java @@ -0,0 +1,69 @@ +package org.keycloak.services.models.picketlink; + +import org.jboss.resteasy.spi.NotImplementedYetException; +import org.keycloak.services.models.KeycloakSession; +import org.keycloak.services.models.KeycloakTransaction; +import org.keycloak.services.models.RealmModel; +import org.picketlink.idm.IdentityManager; +import org.picketlink.idm.IdentitySession; +import org.picketlink.idm.model.Realm; +import org.picketlink.idm.model.SimpleAgent; + +import java.util.concurrent.atomic.AtomicLong; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class PicketlinkKeycloakSession implements KeycloakSession { + protected IdentitySession session; + + private static AtomicLong counter = new AtomicLong(1); + public static String generateId() { + return counter.getAndIncrement() + "-" + System.currentTimeMillis(); + } + + public PicketlinkKeycloakSession(IdentitySession session) { + this.session = session; + } + + @Override + public KeycloakTransaction getTransaction() { + return new PicketlinkKeycloakTransaction(session.getTransaction()); + } + + @Override + public RealmAdapter createRealm(String name) { + return createRealm(generateId(), name); + } + + @Override + public RealmAdapter createRealm(String id, String name) { + Realm newRealm = session.createRealm(id); + IdentityManager idm = session.createIdentityManager(newRealm); + SimpleAgent agent = new SimpleAgent(RealmAdapter.REALM_AGENT_ID); + idm.add(agent); + RealmAdapter realm = new RealmAdapter(newRealm, session); + return realm; + } + + @Override + public RealmAdapter getRealm(String id) { + Realm existing = session.findRealm(id); + if (existing == null) { + return null; + } + return new RealmAdapter(existing, session); + } + + @Override + public void deleteRealm(RealmModel realm) { + throw new NotImplementedYetException(); + + } + + @Override + public void close() { + session.close(); + } +} diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSessionFactory.java b/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSessionFactory.java new file mode 100755 index 0000000000..f74038ab37 --- /dev/null +++ b/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSessionFactory.java @@ -0,0 +1,27 @@ +package org.keycloak.services.models.picketlink; + +import org.keycloak.services.models.KeycloakSession; +import org.keycloak.services.models.KeycloakSessionFactory; +import org.picketlink.idm.IdentitySessionFactory; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class PicketlinkKeycloakSessionFactory implements KeycloakSessionFactory { + protected IdentitySessionFactory factory; + + public PicketlinkKeycloakSessionFactory(IdentitySessionFactory factory) { + this.factory = factory; + } + + @Override + public KeycloakSession createSession() { + return new PicketlinkKeycloakSession(factory.createIdentitySession()); + } + + @Override + public void close() { + factory.close(); + } +} diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakTransaction.java b/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakTransaction.java new file mode 100755 index 0000000000..1abb4f04c5 --- /dev/null +++ b/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakTransaction.java @@ -0,0 +1,40 @@ +package org.keycloak.services.models.picketlink; + +import org.keycloak.services.models.KeycloakTransaction; +import org.picketlink.idm.IdentityTransaction; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class PicketlinkKeycloakTransaction implements KeycloakTransaction{ + protected IdentityTransaction transaction; + + public PicketlinkKeycloakTransaction(IdentityTransaction transaction) { + this.transaction = transaction; + } + + public void begin() { + transaction.begin(); + } + + public void setRollbackOnly() { + transaction.setRollbackOnly(); + } + + public boolean isActive() { + return transaction.isActive(); + } + + public boolean getRollbackOnly() { + return transaction.getRollbackOnly(); + } + + public void commit() { + transaction.commit(); + } + + public void rollback() { + transaction.rollback(); + } +} diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java b/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java new file mode 100755 index 0000000000..61f90b2205 --- /dev/null +++ b/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java @@ -0,0 +1,479 @@ +package org.keycloak.services.models.picketlink; + +import org.bouncycastle.openssl.PEMWriter; +import org.jboss.resteasy.security.PemUtils; +import org.keycloak.representations.idm.RequiredCredentialRepresentation; +import org.keycloak.services.managers.RealmManager; +import org.keycloak.services.models.RealmModel; +import org.keycloak.services.models.RequiredCredentialModel; +import org.keycloak.services.models.ResourceModel; +import org.keycloak.services.models.RoleModel; +import org.keycloak.services.models.UserCredentialModel; +import org.keycloak.services.models.UserModel; +import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship; +import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship; +import org.keycloak.services.models.picketlink.relationships.ResourceRelationship; +import org.keycloak.services.models.picketlink.relationships.ScopeRelationship; +import org.picketlink.idm.IdentityManager; +import org.picketlink.idm.IdentitySession; +import org.picketlink.idm.credential.Credentials; +import org.picketlink.idm.credential.Password; +import org.picketlink.idm.credential.TOTPCredential; +import org.picketlink.idm.credential.TOTPCredentials; +import org.picketlink.idm.credential.UsernamePasswordCredentials; +import org.picketlink.idm.credential.X509CertificateCredentials; +import org.picketlink.idm.model.Agent; +import org.picketlink.idm.model.Attribute; +import org.picketlink.idm.model.Grant; +import org.picketlink.idm.model.Realm; +import org.picketlink.idm.model.Role; +import org.picketlink.idm.model.SimpleRole; +import org.picketlink.idm.model.SimpleUser; +import org.picketlink.idm.model.Tier; +import org.picketlink.idm.model.User; +import org.picketlink.idm.query.IdentityQuery; +import org.picketlink.idm.query.RelationshipQuery; + +import java.io.IOException; +import java.io.StringWriter; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +/** + * Meant to be a per-request object + * + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class RealmAdapter implements RealmModel { + public static final String REALM_AGENT_ID = "_realm_"; + public static final String REALM_NAME = "name"; + public static final String REALM_ACCESS_CODE_LIFESPAN = "accessCodeLifespan"; + public static final String REALM_TOKEN_LIFESPAN = "tokenLifespan"; + public static final String REALM_PRIVATE_KEY = "privateKey"; + public static final String REALM_PUBLIC_KEY = "publicKey"; + public static final String REALM_IS_SSL_NOT_REQUIRED = "isSSLNotRequired"; + public static final String REALM_IS_COOKIE_LOGIN_ALLOWED = "isCookieLoginAllowed"; + public static final String REALM_IS_REGISTRATION_ALLOWED = "isRegistrationAllowed"; + + protected Realm realm; + protected Agent realmAgent; + protected IdentitySession identitySession; + protected volatile transient PublicKey publicKey; + protected volatile transient PrivateKey privateKey; + protected IdentityManager idm; + + public RealmAdapter(Realm realm, IdentitySession session) { + this.realm = realm; + this.identitySession = session; + realmAgent = getIdm().getAgent(REALM_AGENT_ID); + } + + protected IdentityManager getIdm() { + if (idm == null) idm = identitySession.createIdentityManager(realm); + return idm; + } + + protected void updateRealm() { + getIdm().update(realmAgent); + } + + @Override + public String getId() { + return realm.getId(); + } + + @Override + public String getName() { + return (String) realmAgent.getAttribute(REALM_NAME).getValue(); + } + + @Override + public void setName(String name) { + realmAgent.setAttribute(new Attribute(REALM_NAME, name)); + updateRealm(); + } + + @Override + public boolean isEnabled() { + return realmAgent.isEnabled(); + } + + @Override + public void setEnabled(boolean enabled) { + realmAgent.setEnabled(enabled); + updateRealm(); + } + + @Override + public boolean isSslNotRequired() { + return (Boolean) realmAgent.getAttribute(REALM_IS_SSL_NOT_REQUIRED).getValue(); + } + + @Override + public void setSslNotRequired(boolean sslNotRequired) { + realmAgent.setAttribute(new Attribute(REALM_IS_SSL_NOT_REQUIRED, sslNotRequired)); + updateRealm(); + } + + @Override + public boolean isCookieLoginAllowed() { + return (Boolean) realmAgent.getAttribute(REALM_IS_COOKIE_LOGIN_ALLOWED).getValue(); + } + + @Override + public void setCookieLoginAllowed(boolean cookieLoginAllowed) { + realmAgent.setAttribute(new Attribute(REALM_IS_COOKIE_LOGIN_ALLOWED, cookieLoginAllowed)); + updateRealm(); + } + + @Override + public boolean isRegistrationAllowed() { + return (Boolean) realmAgent.getAttribute(REALM_IS_REGISTRATION_ALLOWED).getValue(); + } + + @Override + public void setRegistrationAllowed(boolean registrationAllowed) { + realmAgent.setAttribute(new Attribute(REALM_IS_REGISTRATION_ALLOWED, registrationAllowed)); + updateRealm(); + } + + @Override + public int getTokenLifespan() { + return (Integer) realmAgent.getAttribute(REALM_TOKEN_LIFESPAN).getValue(); + } + + @Override + public void setTokenLifespan(int tokenLifespan) { + realmAgent.setAttribute(new Attribute(REALM_TOKEN_LIFESPAN, tokenLifespan)); + updateRealm(); + } + + @Override + public int getAccessCodeLifespan() { + return (Integer) realmAgent.getAttribute(REALM_ACCESS_CODE_LIFESPAN).getValue(); + } + + @Override + public void setAccessCodeLifespan(int accessCodeLifespan) { + realmAgent.setAttribute(new Attribute(REALM_ACCESS_CODE_LIFESPAN, accessCodeLifespan)); + updateRealm(); + } + + @Override + public String getPublicKeyPem() { + return (String) realmAgent.getAttribute(REALM_PUBLIC_KEY).getValue(); + } + + @Override + public void setPublicKeyPem(String publicKeyPem) { + realmAgent.setAttribute(new Attribute(REALM_PUBLIC_KEY, publicKeyPem)); + this.publicKey = null; + updateRealm(); + } + + @Override + public String getPrivateKeyPem() { + return (String) realmAgent.getAttribute(REALM_PRIVATE_KEY).getValue(); + } + + @Override + public void setPrivateKeyPem(String privateKeyPem) { + realmAgent.setAttribute(new Attribute(REALM_PRIVATE_KEY, privateKeyPem)); + this.privateKey = null; + updateRealm(); + } + + @Override + public PublicKey getPublicKey() { + if (publicKey != null) return publicKey; + String pem = getPublicKeyPem(); + if (pem != null) { + try { + publicKey = PemUtils.decodePublicKey(pem); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + return publicKey; + } + + @Override + public void setPublicKey(PublicKey publicKey) { + this.publicKey = publicKey; + StringWriter writer = new StringWriter(); + PEMWriter pemWriter = new PEMWriter(writer); + try { + pemWriter.writeObject(publicKey); + pemWriter.flush(); + } catch (IOException e) { + throw new RuntimeException(e); + } + String s = writer.toString(); + setPublicKeyPem(PemUtils.removeBeginEnd(s)); + } + + @Override + public PrivateKey getPrivateKey() { + if (privateKey != null) return privateKey; + String pem = getPrivateKeyPem(); + if (pem != null) { + try { + privateKey = PemUtils.decodePrivateKey(pem); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + return privateKey; + } + + @Override + public void setPrivateKey(PrivateKey privateKey) { + this.privateKey = privateKey; + StringWriter writer = new StringWriter(); + PEMWriter pemWriter = new PEMWriter(writer); + try { + pemWriter.writeObject(privateKey); + pemWriter.flush(); + } catch (IOException e) { + throw new RuntimeException(e); + } + String s = writer.toString(); + setPrivateKeyPem(PemUtils.removeBeginEnd(s)); + } + + @Override + public List getRequiredCredentials() { + IdentityManager idm = getIdm(); + Agent realmAgent = idm.getAgent(REALM_AGENT_ID); + RelationshipQuery query = idm.createRelationshipQuery(RequiredCredentialRelationship.class); + query.setParameter(RequiredCredentialRelationship.REALM_AGENT, realmAgent); + List results = query.getResultList(); + List rtn = new ArrayList(); + for (RequiredCredentialRelationship relationship : results) { + RequiredCredentialModel model = new RequiredCredentialModel(); + model.setInput(relationship.isInput()); + model.setSecret(relationship.isSecret()); + model.setType(relationship.getCredentialType()); + rtn.add(model); + } + return rtn; + } + + @Override + public void addRequiredCredential(RequiredCredentialModel cred) { + IdentityManager idm = getIdm(); + Agent realmAgent = idm.getAgent(REALM_AGENT_ID); + RequiredCredentialRelationship relationship = new RequiredCredentialRelationship(); + relationship.setCredentialType(cred.getType()); + relationship.setInput(cred.isInput()); + relationship.setSecret(cred.isSecret()); + relationship.setRealmAgent(realmAgent); + idm.add(relationship); + } + + @Override + public boolean validatePassword(UserModel user, String password) { + UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user.getLoginName(), new Password(password)); + getIdm().validateCredentials(creds); + return creds.getStatus() == Credentials.Status.VALID; + } + + @Override + public boolean validateTOTP(UserModel user, String password, String token) { + TOTPCredentials creds = new TOTPCredentials(); + creds.setToken(token); + creds.setUsername(user.getLoginName()); + creds.setPassword(new Password(password)); + getIdm().validateCredentials(creds); + return creds.getStatus() == Credentials.Status.VALID; + } + + @Override + public void updateCredential(UserModel user, UserCredentialModel cred) { + IdentityManager idm = getIdm(); + if (cred.getType().equals(RequiredCredentialRepresentation.PASSWORD)) { + Password password = new Password(cred.getValue()); + idm.updateCredential(((UserAdapter)user).getUser(), password); + } else if (cred.getType().equals(RequiredCredentialRepresentation.TOTP)) { + TOTPCredential totp = new TOTPCredential(cred.getValue()); + idm.updateCredential(((UserAdapter)user).getUser(), totp); + } else if (cred.getType().equals(RequiredCredentialRepresentation.CLIENT_CERT)) { + X509Certificate cert = null; + try { + cert = org.keycloak.PemUtils.decodeCertificate(cred.getValue()); + } catch (Exception e) { + throw new RuntimeException(e); + } + X509CertificateCredentials creds = new X509CertificateCredentials(cert); + idm.updateCredential(((UserAdapter)user).getUser(), creds); + } + } + + @Override + public UserAdapter getUser(String name) { + User user = getIdm().getUser(name); + if (user == null) return null; + return new UserAdapter(user, getIdm()); + } + + @Override + public UserAdapter addUser(String username) { + User user = getIdm().getUser(username); + if (user != null) throw new IllegalStateException("User already exists"); + user = new SimpleUser(username); + getIdm().add(user); + return new UserAdapter(user, getIdm()); + } + + @Override + public RoleAdapter getRole(String name) { + Role role = getIdm().getRole(name); + if (role == null) return null; + return new RoleAdapter(role, getIdm()); + } + + @Override + public RoleAdapter addRole(String name) { + Role role = new SimpleRole(name); + getIdm().add(role); + return new RoleAdapter(role, getIdm()); + } + + @Override + public List getRoles() { + IdentityManager idm = getIdm(); + IdentityQuery query = idm.createIdentityQuery(Role.class); + query.setParameter(Role.PARTITION, realm); + List roles = query.getResultList(); + List roleModels = new ArrayList(); + for (Role role : roles) { + roleModels.add(new RoleAdapter(role, idm)); + } + return roleModels; + } + + + /** + * Key name, value resource + * + * @return + */ + @Override + public Map getResourceMap() { + Map resourceMap = new HashMap(); + for (ResourceModel resource : getResources()) { + resourceMap.put(resource.getName(), resource); + } + return resourceMap; + } + + @Override + public List getResources() { + IdentityManager idm = getIdm(); + RelationshipQuery query = idm.createRelationshipQuery(ResourceRelationship.class); + query.setParameter(ResourceRelationship.REALM_AGENT, realmAgent); + List results = query.getResultList(); + List resources = new ArrayList(); + for (ResourceRelationship relationship : results) { + Tier resourceTier = identitySession.findTier(relationship.getResourceId()); + ResourceModel model = new ResourceAdapter(resourceTier,relationship, this, identitySession); + resources.add(model); + } + + return resources; + } + + @Override + public ResourceModel addResource(String name) { + Tier newTier = identitySession.createTier(RealmManager.generateId()); + IdentityManager idm = getIdm(); + ResourceRelationship relationship = new ResourceRelationship(); + relationship.setResourceName(name); + relationship.setRealmAgent(realmAgent); + relationship.setResourceId(newTier.getId()); + relationship.setManagementUrl(""); // Picketlink doesn't like null attribute values + User resourceUser = new SimpleUser(name); + idm.add(resourceUser); + relationship.setResourceUser(resourceUser); + idm.add(relationship); + ResourceModel resource = new ResourceAdapter(newTier, relationship, this, identitySession); + resource.addRole("*"); + resource.addScope(new UserAdapter(resourceUser, idm), "*"); + return resource; + } + + @Override + public boolean hasRole(UserModel user, RoleModel role) { + return getIdm().hasRole(((UserAdapter)user).getUser(), ((RoleAdapter)role).getRole()); + } + + @Override + public void grantRole(UserModel user, RoleModel role) { + getIdm().grantRole(((UserAdapter)user).getUser(), ((RoleAdapter)role).getRole()); + } + + @Override + public Set getRoleMappings(UserModel user) { + RelationshipQuery query = getIdm().createRelationshipQuery(Grant.class); + query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser()); + List grants = query.getResultList(); + HashSet set = new HashSet(); + for (Grant grant : grants) { + if (grant.getRole().getPartition().getId().equals(realm.getId())) set.add(grant.getRole().getName()); + } + return set; + } + + @Override + public void addScope(UserModel agent, String roleName) { + IdentityManager idm = getIdm(); + Role role = idm.getRole(roleName); + if (role == null) throw new RuntimeException("role not found"); + ScopeRelationship scope = new ScopeRelationship(); + scope.setClient(((UserAdapter)agent).getUser()); + scope.setScope(role); + idm.add(scope); + + } + + + @Override + public Set getScope(UserModel agent) { + RelationshipQuery query = getIdm().createRelationshipQuery(ScopeRelationship.class); + query.setParameter(ScopeRelationship.CLIENT, ((UserAdapter)agent).getUser()); + List scope = query.getResultList(); + HashSet set = new HashSet(); + for (ScopeRelationship rel : scope) { + if (rel.getScope().getPartition().getId().equals(realm.getId())) set.add(rel.getScope().getName()); + } + return set; + } + + @Override + public boolean isRealmAdmin(UserModel agent) { + RealmAdapter realmModel = (RealmAdapter)new RealmManager(new PicketlinkKeycloakSession(identitySession)).defaultRealm(); + IdentityManager idm = realmModel.getIdm(); + RelationshipQuery query = idm.createRelationshipQuery(RealmAdminRelationship.class); + query.setParameter(RealmAdminRelationship.REALM, realm.getId()); + query.setParameter(RealmAdminRelationship.ADMIN, ((UserAdapter)agent).getUser()); + List results = query.getResultList(); + return results.size() > 0; + } + + @Override + public void addRealmAdmin(UserModel agent) { + RealmAdapter realmModel = (RealmAdapter)new RealmManager(new PicketlinkKeycloakSession(identitySession)).defaultRealm(); + RealmAdminRelationship relationship = new RealmAdminRelationship(); + relationship.setAdmin(((UserAdapter)agent).getUser()); + relationship.setRealm(realm.getId()); + idm.add(relationship); + } +} diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/ResourceAdapter.java b/services/src/main/java/org/keycloak/services/models/picketlink/ResourceAdapter.java new file mode 100755 index 0000000000..2e39356e6c --- /dev/null +++ b/services/src/main/java/org/keycloak/services/models/picketlink/ResourceAdapter.java @@ -0,0 +1,165 @@ +package org.keycloak.services.models.picketlink; + +import org.keycloak.services.models.ResourceModel; +import org.keycloak.services.models.RoleModel; +import org.keycloak.services.models.UserModel; +import org.keycloak.services.models.picketlink.relationships.ResourceRelationship; +import org.keycloak.services.models.picketlink.relationships.ScopeRelationship; +import org.picketlink.idm.IdentityManager; +import org.picketlink.idm.IdentitySession; +import org.picketlink.idm.model.Grant; +import org.picketlink.idm.model.Role; +import org.picketlink.idm.model.SimpleRole; +import org.picketlink.idm.model.Tier; +import org.picketlink.idm.query.IdentityQuery; +import org.picketlink.idm.query.RelationshipQuery; + +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class ResourceAdapter implements ResourceModel { + protected Tier tier; + protected ResourceRelationship agent; + protected RealmAdapter realm; + protected IdentitySession identitySession; + protected IdentityManager idm; + + public ResourceAdapter(Tier tier, ResourceRelationship agent, RealmAdapter realm, IdentitySession session) { + this.tier = tier; + this.agent = agent; + this.realm = realm; + this.identitySession = session; + } + + protected IdentityManager getIdm() { + if (idm == null) idm = identitySession.createIdentityManager(tier); + return idm; + } + + @Override + public void updateResource() { + getIdm().update(agent); + } + + @Override + public UserAdapter getResourceUser() { + return new UserAdapter(agent.getResourceUser(), realm.getIdm()); + } + + @Override + public String getId() { + return tier.getId(); + } + + @Override + public String getName() { + return agent.getResourceName(); + } + + @Override + public void setName(String name) { + agent.setResourceName(name); + } + + @Override + public boolean isEnabled() { + return agent.getEnabled(); + } + + @Override + public void setEnabled(boolean enabled) { + agent.setEnabled(enabled); + } + + @Override + public boolean isSurrogateAuthRequired() { + return agent.getSurrogateAuthRequired(); + } + + @Override + public void setSurrogateAuthRequired(boolean surrogateAuthRequired) { + agent.setSurrogateAuthRequired(surrogateAuthRequired); + } + + @Override + public String getManagementUrl() { + return agent.getManagementUrl(); + } + + @Override + public void setManagementUrl(String url) { + agent.setManagementUrl(url); + } + + @Override + public RoleAdapter getRole(String name) { + Role role = getIdm().getRole(name); + if (role == null) return null; + return new RoleAdapter(role, getIdm()); + } + + @Override + public RoleAdapter addRole(String name) { + Role role = new SimpleRole(name); + getIdm().add(role); + return new RoleAdapter(role, getIdm()); + } + + @Override + public List getRoles() { + IdentityQuery query = getIdm().createIdentityQuery(Role.class); + query.setParameter(Role.PARTITION, tier); + List roles = query.getResultList(); + List roleModels = new ArrayList(); + for (Role role : roles) { + roleModels.add(new RoleAdapter(role, idm)); + } + return roleModels; + } + + @Override + public Set getRoleMappings(UserModel user) { + RelationshipQuery query = getIdm().createRelationshipQuery(Grant.class); + query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser()); + List grants = query.getResultList(); + HashSet set = new HashSet(); + for (Grant grant : grants) { + if (grant.getRole().getPartition().getId().equals(tier.getId())) set.add(grant.getRole().getName()); + } + return set; + } + + @Override + public void addScope(UserModel agent, String roleName) { + IdentityManager idm = getIdm(); + Role role = idm.getRole(roleName); + if (role == null) throw new RuntimeException("role not found"); + addScope(agent, new RoleAdapter(role, idm)); + + } + + @Override + public void addScope(UserModel agent, RoleModel role) { + ScopeRelationship scope = new ScopeRelationship(); + scope.setClient(((UserAdapter)agent).getUser()); + scope.setScope(((RoleAdapter)role).getRole()); + } + + @Override + public Set getScope(UserModel agent) { + RelationshipQuery query = getIdm().createRelationshipQuery(ScopeRelationship.class); + query.setParameter(ScopeRelationship.CLIENT, ((UserAdapter)agent).getUser()); + List scope = query.getResultList(); + HashSet set = new HashSet(); + for (ScopeRelationship rel : scope) { + if (rel.getScope().getPartition().getId().equals(tier.getId())) set.add(rel.getScope().getName()); + } + return set; + } +} diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/RoleAdapter.java b/services/src/main/java/org/keycloak/services/models/picketlink/RoleAdapter.java new file mode 100755 index 0000000000..0934bc5b8f --- /dev/null +++ b/services/src/main/java/org/keycloak/services/models/picketlink/RoleAdapter.java @@ -0,0 +1,49 @@ +package org.keycloak.services.models.picketlink; + +import org.keycloak.services.models.RoleModel; +import org.picketlink.idm.IdentityManager; +import org.picketlink.idm.model.Attribute; +import org.picketlink.idm.model.Role; + +import java.io.Serializable; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class RoleAdapter implements RoleModel { + protected Role role; + protected IdentityManager idm; + + public RoleAdapter(Role role, IdentityManager idm) { + this.role = role; + this.idm = idm; + } + + protected Role getRole() { + return role; + } + + @Override + public String getName() { + return role.getName(); + } + + @Override + public String getDescription() { + Attribute description = role.getAttribute("description"); + if (description == null) return null; + return (String) description.getValue(); + } + + @Override + public void setDescription(String description) { + if (description == null) { + role.removeAttribute("description"); + } else { + role.setAttribute(new Attribute("description", description)); + } + idm.update(role); + } + +} diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/UserAdapter.java b/services/src/main/java/org/keycloak/services/models/picketlink/UserAdapter.java new file mode 100755 index 0000000000..2fa9a2092d --- /dev/null +++ b/services/src/main/java/org/keycloak/services/models/picketlink/UserAdapter.java @@ -0,0 +1,71 @@ +package org.keycloak.services.models.picketlink; + +import org.keycloak.services.models.UserModel; +import org.picketlink.idm.IdentityManager; +import org.picketlink.idm.model.Attribute; +import org.picketlink.idm.model.User; + +import java.util.HashMap; +import java.util.Map; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class UserAdapter implements UserModel { + protected User user; + protected IdentityManager idm; + + public UserAdapter(User user, IdentityManager idm) { + this.user = user; + this.idm = idm; + } + + protected User getUser() { + return user; + } + + @Override + public String getLoginName() { + return user.getLoginName(); + } + + @Override + public boolean isEnabled() { + return user.isEnabled(); + } + + @Override + public void setEnabled(boolean enabled) { + user.setEnabled(enabled); + idm.update(user); + } + + @Override + public void setAttribute(String name, String value) { + user.setAttribute(new Attribute(name, value)); + idm.update(user); + } + + @Override + public void removeAttribute(String name) { + user.removeAttribute(name); + idm.update(user); + } + + @Override + public String getAttribute(String name) { + Attribute attribute = user.getAttribute(name); + if (attribute == null || attribute.getValue() == null) return null; + return attribute.getValue().toString(); + } + + @Override + public Map getAttributes() { + Map attributes = new HashMap(); + for (Attribute attribute : user.getAttributes()) { + if (attribute.getValue() != null) attributes.put(attribute.getName(), attribute.getValue().toString()); + } + return attributes; + } +} diff --git a/services/src/main/java/org/keycloak/services/models/relationships/RealmAdminRelationship.java b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/RealmAdminRelationship.java similarity index 91% rename from services/src/main/java/org/keycloak/services/models/relationships/RealmAdminRelationship.java rename to services/src/main/java/org/keycloak/services/models/picketlink/relationships/RealmAdminRelationship.java index 1158e37108..7cc0e6c6e5 100755 --- a/services/src/main/java/org/keycloak/services/models/relationships/RealmAdminRelationship.java +++ b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/RealmAdminRelationship.java @@ -1,4 +1,4 @@ -package org.keycloak.services.models.relationships; +package org.keycloak.services.models.picketlink.relationships; import org.picketlink.idm.model.AbstractAttributedType; import org.picketlink.idm.model.Agent; diff --git a/services/src/main/java/org/keycloak/services/models/relationships/RequiredCredentialRelationship.java b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/RequiredCredentialRelationship.java similarity index 92% rename from services/src/main/java/org/keycloak/services/models/relationships/RequiredCredentialRelationship.java rename to services/src/main/java/org/keycloak/services/models/picketlink/relationships/RequiredCredentialRelationship.java index 59ce02d802..424f8fbe7c 100755 --- a/services/src/main/java/org/keycloak/services/models/relationships/RequiredCredentialRelationship.java +++ b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/RequiredCredentialRelationship.java @@ -1,4 +1,4 @@ -package org.keycloak.services.models.relationships; +package org.keycloak.services.models.picketlink.relationships; import org.picketlink.idm.model.AbstractAttributedType; import org.picketlink.idm.model.Agent; diff --git a/services/src/main/java/org/keycloak/services/models/relationships/ResourceRelationship.java b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRelationship.java similarity index 94% rename from services/src/main/java/org/keycloak/services/models/relationships/ResourceRelationship.java rename to services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRelationship.java index f63e76a887..7cf7975739 100755 --- a/services/src/main/java/org/keycloak/services/models/relationships/ResourceRelationship.java +++ b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRelationship.java @@ -1,4 +1,4 @@ -package org.keycloak.services.models.relationships; +package org.keycloak.services.models.picketlink.relationships; import org.picketlink.idm.model.AbstractAttributedType; import org.picketlink.idm.model.Agent; diff --git a/services/src/main/java/org/keycloak/services/models/relationships/ScopeRelationship.java b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/ScopeRelationship.java similarity index 91% rename from services/src/main/java/org/keycloak/services/models/relationships/ScopeRelationship.java rename to services/src/main/java/org/keycloak/services/models/picketlink/relationships/ScopeRelationship.java index 7221c72622..eebcd27f73 100755 --- a/services/src/main/java/org/keycloak/services/models/relationships/ScopeRelationship.java +++ b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/ScopeRelationship.java @@ -1,4 +1,4 @@ -package org.keycloak.services.models.relationships; +package org.keycloak.services.models.picketlink.relationships; import org.picketlink.idm.model.AbstractAttributedType; import org.picketlink.idm.model.Agent; diff --git a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java index fb423f06b2..2c6f49af65 100755 --- a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java +++ b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java @@ -1,12 +1,14 @@ package org.keycloak.services.resources; import org.keycloak.SkeletonKeyContextResolver; -import org.keycloak.services.filters.IdentitySessionFilter; +import org.keycloak.services.filters.KeycloakSessionFilter; import org.keycloak.services.managers.TokenManager; -import org.keycloak.services.models.relationships.RealmAdminRelationship; -import org.keycloak.services.models.relationships.RequiredCredentialRelationship; -import org.keycloak.services.models.relationships.ResourceRelationship; -import org.keycloak.services.models.relationships.ScopeRelationship; +import org.keycloak.services.models.KeycloakSessionFactory; +import org.keycloak.services.models.picketlink.PicketlinkKeycloakSessionFactory; +import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship; +import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship; +import org.keycloak.services.models.picketlink.relationships.ResourceRelationship; +import org.keycloak.services.models.picketlink.relationships.ScopeRelationship; import org.picketlink.idm.IdentitySessionFactory; import org.picketlink.idm.config.IdentityConfiguration; import org.picketlink.idm.config.IdentityConfigurationBuilder; @@ -34,18 +36,18 @@ public class KeycloakApplication extends Application { protected Set singletons = new HashSet(); protected Set> classes = new HashSet>(); - protected IdentitySessionFactory factory; + protected KeycloakSessionFactory factory; public KeycloakApplication() { - this.factory = createFactory(); - IdentitySessionFilter filter = new IdentitySessionFilter(factory); + this.factory = new PicketlinkKeycloakSessionFactory(createFactory()); + KeycloakSessionFilter filter = new KeycloakSessionFilter(factory); singletons.add(new RealmsResource(new TokenManager())); singletons.add(filter); classes.add(SkeletonKeyContextResolver.class); classes.add(RegistrationService.class); } - public IdentitySessionFactory getFactory() { + public KeycloakSessionFactory getFactory() { return factory; } diff --git a/services/src/main/java/org/keycloak/services/resources/RealmSubResource.java b/services/src/main/java/org/keycloak/services/resources/RealmSubResource.java index 4221f12cd9..63f0f8bf41 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmSubResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmSubResource.java @@ -2,8 +2,8 @@ package org.keycloak.services.resources; import org.jboss.resteasy.logging.Logger; import org.keycloak.representations.idm.PublishedRealmRepresentation; +import org.keycloak.services.models.KeycloakSession; import org.keycloak.services.models.RealmModel; -import org.picketlink.idm.IdentitySession; import javax.ws.rs.GET; import javax.ws.rs.Path; @@ -25,7 +25,7 @@ public class RealmSubResource { protected UriInfo uriInfo; @Context - protected IdentitySession identitySession; + protected KeycloakSession identitySession; protected RealmModel realm; diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index a0ab19ee92..da94d73168 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -5,10 +5,10 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.TokenManager; +import org.keycloak.services.models.KeycloakSession; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RoleModel; import org.keycloak.services.models.UserModel; -import org.picketlink.idm.IdentitySession; import javax.ws.rs.Consumes; import javax.ws.rs.NotAuthorizedException; @@ -39,7 +39,7 @@ public class RealmsResource { protected HttpHeaders headers; @Context - protected IdentitySession identitySession; + protected KeycloakSession identitySession; @Context ResourceContext resourceContext; diff --git a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java index d70546705b..18b06ffd1e 100755 --- a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java +++ b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java @@ -4,11 +4,11 @@ import org.jboss.resteasy.logging.Logger; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.managers.RealmManager; +import org.keycloak.services.models.KeycloakSession; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RoleModel; -import org.keycloak.services.models.UserCredentialModel; import org.keycloak.services.models.UserModel; -import org.picketlink.idm.IdentitySession; +import org.keycloak.services.models.UserCredentialModel; import javax.ws.rs.Consumes; import javax.ws.rs.ForbiddenException; @@ -33,7 +33,7 @@ public class RegistrationService { protected UriInfo uriInfo; @Context - protected IdentitySession identitySession; + protected KeycloakSession identitySession; @POST @Consumes(MediaType.APPLICATION_JSON) diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java index f1ceb54ac1..f307e68324 100755 --- a/services/src/main/java/org/keycloak/services/resources/TokenService.java +++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java @@ -15,10 +15,10 @@ import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.ResourceAdminManager; import org.keycloak.services.managers.TokenManager; +import org.keycloak.services.models.KeycloakSession; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RoleModel; import org.keycloak.services.models.UserModel; -import org.picketlink.idm.IdentitySession; import javax.ws.rs.Consumes; import javax.ws.rs.GET; @@ -58,7 +58,7 @@ public class TokenService { @Context protected HttpHeaders headers; @Context - protected IdentitySession identitySession; + protected KeycloakSession identitySession; @Context HttpRequest request; @Context diff --git a/services/src/test/java/org/keycloak/test/AdapterTest.java b/services/src/test/java/org/keycloak/test/AdapterTest.java index a0849012ed..ee0d2d7c4e 100755 --- a/services/src/test/java/org/keycloak/test/AdapterTest.java +++ b/services/src/test/java/org/keycloak/test/AdapterTest.java @@ -7,18 +7,19 @@ import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.runners.MethodSorters; import org.keycloak.representations.idm.RequiredCredentialRepresentation; -import org.keycloak.services.managers.InstallationManager; import org.keycloak.services.managers.RealmManager; +import org.keycloak.services.models.KeycloakSession; +import org.keycloak.services.models.KeycloakSessionFactory; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; import org.keycloak.services.models.RoleModel; -import org.keycloak.services.models.UserCredentialModel; import org.keycloak.services.models.UserModel; -import org.keycloak.services.models.relationships.RealmAdminRelationship; -import org.keycloak.services.models.relationships.RequiredCredentialRelationship; -import org.keycloak.services.models.relationships.ResourceRelationship; -import org.keycloak.services.models.relationships.ScopeRelationship; -import org.picketlink.idm.IdentitySession; +import org.keycloak.services.models.UserCredentialModel; +import org.keycloak.services.models.picketlink.PicketlinkKeycloakSessionFactory; +import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship; +import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship; +import org.keycloak.services.models.picketlink.relationships.ResourceRelationship; +import org.keycloak.services.models.picketlink.relationships.ScopeRelationship; import org.picketlink.idm.IdentitySessionFactory; import org.picketlink.idm.config.IdentityConfiguration; import org.picketlink.idm.config.IdentityConfigurationBuilder; @@ -41,16 +42,16 @@ import java.util.List; */ @FixMethodOrder(MethodSorters.NAME_ASCENDING) public class AdapterTest { - private IdentitySessionFactory factory; - private IdentitySession IdentitySession; + private KeycloakSessionFactory factory; + private KeycloakSession identitySession; private RealmManager adapter; private RealmModel realmModel; @Before public void before() throws Exception { - factory = createFactory(); - IdentitySession = factory.createIdentitySession(); - adapter = new RealmManager(IdentitySession); + factory = new PicketlinkKeycloakSessionFactory(createFactory()); + identitySession = factory.createSession(); + adapter = new RealmManager(identitySession); } public static IdentitySessionFactory createFactory() { @@ -79,7 +80,7 @@ public class AdapterTest { @After public void after() throws Exception { - IdentitySession.close(); + identitySession.close(); factory.close(); } @@ -99,7 +100,6 @@ public class AdapterTest { realmModel.setPrivateKeyPem("0234234"); realmModel.setPublicKeyPem("0234234"); realmModel.setTokenLifespan(1000); - realmModel.updateRealm(); System.out.println(realmModel.getId()); realmModel = adapter.getRealm(realmModel.getId()); diff --git a/services/src/test/java/org/keycloak/test/ImportTest.java b/services/src/test/java/org/keycloak/test/ImportTest.java index 5742fa75e9..d18b93a833 100755 --- a/services/src/test/java/org/keycloak/test/ImportTest.java +++ b/services/src/test/java/org/keycloak/test/ImportTest.java @@ -8,15 +8,17 @@ import org.junit.Test; import org.junit.runners.MethodSorters; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.managers.RealmManager; +import org.keycloak.services.models.KeycloakSession; +import org.keycloak.services.models.KeycloakSessionFactory; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; import org.keycloak.services.models.UserModel; -import org.keycloak.services.models.relationships.RealmAdminRelationship; -import org.keycloak.services.models.relationships.RequiredCredentialRelationship; -import org.keycloak.services.models.relationships.ResourceRelationship; -import org.keycloak.services.models.relationships.ScopeRelationship; +import org.keycloak.services.models.picketlink.PicketlinkKeycloakSessionFactory; +import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship; +import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship; +import org.keycloak.services.models.picketlink.relationships.ResourceRelationship; +import org.keycloak.services.models.picketlink.relationships.ScopeRelationship; import org.keycloak.services.resources.RegistrationService; -import org.picketlink.idm.IdentitySession; import org.picketlink.idm.IdentitySessionFactory; import org.picketlink.idm.config.IdentityConfiguration; import org.picketlink.idm.config.IdentityConfigurationBuilder; @@ -40,15 +42,15 @@ import java.util.Set; */ @FixMethodOrder(MethodSorters.NAME_ASCENDING) public class ImportTest { - private IdentitySessionFactory factory; - private IdentitySession identitySession; + private KeycloakSessionFactory factory; + private KeycloakSession identitySession; private RealmManager manager; private RealmModel realmModel; @Before public void before() throws Exception { - factory = createFactory(); - identitySession = factory.createIdentitySession(); + factory = new PicketlinkKeycloakSessionFactory(createFactory()); + identitySession = factory.createSession(); manager = new RealmManager(identitySession); } @@ -93,7 +95,6 @@ public class ImportTest { defaultRealm.setCookieLoginAllowed(true); defaultRealm.setRegistrationAllowed(true); manager.generateRealmKeys(defaultRealm); - defaultRealm.updateRealm(); defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD); defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE); diff --git a/services/src/main/java/org/keycloak/services/managers/InstallationManager.java b/services/src/test/java/org/keycloak/test/InstallationManager.java similarity index 91% rename from services/src/main/java/org/keycloak/services/managers/InstallationManager.java rename to services/src/test/java/org/keycloak/test/InstallationManager.java index 7d0321fdde..5162458be6 100755 --- a/services/src/main/java/org/keycloak/services/managers/InstallationManager.java +++ b/services/src/test/java/org/keycloak/test/InstallationManager.java @@ -1,5 +1,6 @@ -package org.keycloak.services.managers; +package org.keycloak.test; +import org.keycloak.services.managers.RealmManager; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; import org.keycloak.services.resources.RegistrationService; @@ -20,7 +21,6 @@ public class InstallationManager { defaultRealm.setCookieLoginAllowed(true); defaultRealm.setRegistrationAllowed(true); manager.generateRealmKeys(defaultRealm); - defaultRealm.updateRealm(); defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD); defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE); } diff --git a/services/src/test/java/org/keycloak/test/RealmCreationTest.java b/services/src/test/java/org/keycloak/test/RealmCreationTest.java index 88cbe49b68..a79acb8009 100755 --- a/services/src/test/java/org/keycloak/test/RealmCreationTest.java +++ b/services/src/test/java/org/keycloak/test/RealmCreationTest.java @@ -12,8 +12,8 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RequiredCredentialRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.managers.AuthenticationManager; -import org.keycloak.services.managers.InstallationManager; import org.keycloak.services.managers.RealmManager; +import org.keycloak.services.models.KeycloakSession; import org.keycloak.services.resources.KeycloakApplication; import org.picketlink.idm.IdentitySession; import org.picketlink.idm.model.Realm; @@ -43,7 +43,7 @@ public class RealmCreationTest { deployment.setApplicationClass(KeycloakApplication.class.getName()); EmbeddedContainer.start(deployment); KeycloakApplication application = (KeycloakApplication) deployment.getApplication(); - IdentitySession IdentitySession = application.getFactory().createIdentitySession(); + KeycloakSession IdentitySession = application.getFactory().createSession(); RealmManager manager = new RealmManager(IdentitySession); new InstallationManager().install(manager); client = new ResteasyClientBuilder().build();