finish picketlink abstraction
This commit is contained in:
Bill Burke
parent
93f9a34175
commit
72d9841baa
29 changed files with 1087 additions and 710 deletions
|
|
@ -3,40 +3,15 @@ package org.keycloak.example.demo;
|
|||
import org.jboss.resteasy.jwt.JsonSerialization;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.models.relationships.RealmAdminRelationship;
|
||||
import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
|
||||
import org.keycloak.services.models.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.relationships.ScopeRelationship;
|
||||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
import org.keycloak.services.resources.RegistrationService;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.IdentitySessionFactory;
|
||||
import org.picketlink.idm.config.IdentityConfiguration;
|
||||
import org.picketlink.idm.config.IdentityConfigurationBuilder;
|
||||
import org.picketlink.idm.internal.DefaultIdentitySessionFactory;
|
||||
import org.picketlink.idm.jpa.internal.ResourceLocalJpaIdentitySessionHandler;
|
||||
import org.picketlink.idm.jpa.schema.CredentialObject;
|
||||
import org.picketlink.idm.jpa.schema.CredentialObjectAttribute;
|
||||
import org.picketlink.idm.jpa.schema.IdentityObject;
|
||||
import org.picketlink.idm.jpa.schema.IdentityObjectAttribute;
|
||||
import org.picketlink.idm.jpa.schema.PartitionObject;
|
||||
import org.picketlink.idm.jpa.schema.RelationshipIdentityObject;
|
||||
import org.picketlink.idm.jpa.schema.RelationshipObject;
|
||||
import org.picketlink.idm.jpa.schema.RelationshipObjectAttribute;
|
||||
import org.picketlink.idm.model.Realm;
|
||||
import org.picketlink.idm.model.SimpleRole;
|
||||
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.Application;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
|
|
@ -45,7 +20,7 @@ public class DemoApplication extends KeycloakApplication {
|
|||
|
||||
public DemoApplication() {
|
||||
super();
|
||||
IdentitySession session = factory.createIdentitySession();
|
||||
KeycloakSession session = factory.createSession();
|
||||
session.getTransaction().begin();
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
if (realmManager.defaultRealm() == null) {
|
||||
|
|
@ -55,8 +30,8 @@ public class DemoApplication extends KeycloakApplication {
|
|||
}
|
||||
|
||||
public void install(RealmManager manager) {
|
||||
RealmModel defaultRealm = manager.createRealm(Realm.DEFAULT_REALM, Realm.DEFAULT_REALM);
|
||||
defaultRealm.setName(Realm.DEFAULT_REALM);
|
||||
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setName(RealmModel.DEFAULT_REALM);
|
||||
defaultRealm.setEnabled(true);
|
||||
defaultRealm.setTokenLifespan(300);
|
||||
defaultRealm.setAccessCodeLifespan(60);
|
||||
|
|
@ -64,7 +39,6 @@ public class DemoApplication extends KeycloakApplication {
|
|||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.updateRealm();
|
||||
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
|
||||
defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE);
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@ package org.keycloak.services.filters;
|
|||
|
||||
import org.jboss.resteasy.logging.Logger;
|
||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.IdentitySessionFactory;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.models.KeycloakSessionFactory;
|
||||
|
||||
import javax.ws.rs.container.ContainerRequestContext;
|
||||
import javax.ws.rs.container.ContainerRequestFilter;
|
||||
|
|
@ -17,24 +17,24 @@ import java.io.IOException;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
@PreMatching
|
||||
public class IdentitySessionFilter implements ContainerRequestFilter, ContainerResponseFilter {
|
||||
protected static final Logger logger = Logger.getLogger(IdentitySessionFilter.class);
|
||||
protected IdentitySessionFactory factory;
|
||||
public class KeycloakSessionFilter implements ContainerRequestFilter, ContainerResponseFilter {
|
||||
protected static final Logger logger = Logger.getLogger(KeycloakSessionFilter.class);
|
||||
protected KeycloakSessionFactory factory;
|
||||
|
||||
public IdentitySessionFilter(IdentitySessionFactory factory) {
|
||||
public KeycloakSessionFilter(KeycloakSessionFactory factory) {
|
||||
this.factory = factory;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void filter(ContainerRequestContext requestContext) throws IOException {
|
||||
IdentitySession ctx = factory.createIdentitySession();
|
||||
requestContext.setProperty(IdentitySession.class.getName(), ctx);
|
||||
ResteasyProviderFactory.pushContext(IdentitySession.class, ctx);
|
||||
KeycloakSession ctx = factory.createSession();
|
||||
requestContext.setProperty(KeycloakSession.class.getName(), ctx);
|
||||
ResteasyProviderFactory.pushContext(KeycloakSession.class, ctx);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
|
||||
IdentitySession ctx = (IdentitySession)requestContext.getProperty(IdentitySession.class.getName());
|
||||
KeycloakSession ctx = (KeycloakSession)requestContext.getProperty(KeycloakSession.class.getName());
|
||||
if (ctx != null) ctx.close();
|
||||
}
|
||||
}
|
||||
|
|
@ -8,17 +8,13 @@ import org.keycloak.representations.idm.RoleMappingRepresentation;
|
|||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.ScopeMappingRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.UserCredentialModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.model.Realm;
|
||||
import org.picketlink.idm.model.SimpleAgent;
|
||||
import org.picketlink.idm.model.SimpleRole;
|
||||
|
||||
import javax.ws.rs.WebApplicationException;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
|
@ -45,22 +41,18 @@ public class RealmManager {
|
|||
return counter.getAndIncrement() + "-" + System.currentTimeMillis();
|
||||
}
|
||||
|
||||
protected IdentitySession identitySession;
|
||||
protected KeycloakSession identitySession;
|
||||
|
||||
public RealmManager(IdentitySession identitySession) {
|
||||
public RealmManager(KeycloakSession identitySession) {
|
||||
this.identitySession = identitySession;
|
||||
}
|
||||
|
||||
public RealmModel defaultRealm() {
|
||||
return getRealm(Realm.DEFAULT_REALM);
|
||||
return getRealm(RealmModel.DEFAULT_REALM);
|
||||
}
|
||||
|
||||
public RealmModel getRealm(String id) {
|
||||
Realm existing = identitySession.findRealm(id);
|
||||
if (existing == null) {
|
||||
return null;
|
||||
}
|
||||
return new RealmModel(existing, identitySession);
|
||||
return identitySession.getRealm(id);
|
||||
}
|
||||
|
||||
public RealmModel createRealm(String name) {
|
||||
|
|
@ -68,14 +60,11 @@ public class RealmManager {
|
|||
}
|
||||
|
||||
public RealmModel createRealm(String id, String name) {
|
||||
Realm newRealm = identitySession.createRealm(id);
|
||||
IdentityManager idm = identitySession.createIdentityManager(newRealm);
|
||||
SimpleAgent agent = new SimpleAgent(RealmModel.REALM_AGENT_ID);
|
||||
idm.add(agent);
|
||||
RealmModel realm = new RealmModel(newRealm, identitySession);
|
||||
idm.add(new SimpleRole(WILDCARD_ROLE));
|
||||
idm.add(new SimpleRole(RESOURCE_ROLE));
|
||||
idm.add(new SimpleRole(IDENTITY_REQUESTER_ROLE));
|
||||
RealmModel realm =identitySession.createRealm(id, name);
|
||||
realm.setName(name);
|
||||
realm.addRole(WILDCARD_ROLE);
|
||||
realm.addRole(RESOURCE_ROLE);
|
||||
realm.addRole(IDENTITY_REQUESTER_ROLE);
|
||||
return realm;
|
||||
}
|
||||
|
||||
|
|
@ -88,7 +77,6 @@ public class RealmManager {
|
|||
}
|
||||
realm.setPrivateKey(keyPair.getPrivate());
|
||||
realm.setPublicKey(keyPair.getPublic());
|
||||
realm.updateRealm();
|
||||
}
|
||||
|
||||
public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
|
||||
|
|
@ -96,7 +84,6 @@ public class RealmManager {
|
|||
RealmModel realm = createRealm(rep.getRealm());
|
||||
importRealm(rep, realm);
|
||||
realm.addRealmAdmin(realmCreator);
|
||||
realm.updateRealm();
|
||||
return realm;
|
||||
}
|
||||
|
||||
|
|
@ -115,9 +102,6 @@ public class RealmManager {
|
|||
newRealm.setPublicKeyPem(rep.getPublicKey());
|
||||
}
|
||||
|
||||
newRealm.updateRealm();
|
||||
|
||||
|
||||
Map<String, UserModel> userMap = new HashMap<String, UserModel>();
|
||||
|
||||
for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) {
|
||||
|
|
@ -292,5 +276,4 @@ public class RealmManager {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,5 +7,10 @@ package org.keycloak.services.models;
|
|||
public interface KeycloakSession {
|
||||
KeycloakTransaction getTransaction();
|
||||
|
||||
RealmModel createRealm(String name);
|
||||
RealmModel createRealm(String id, String name);
|
||||
RealmModel getRealm(String id);
|
||||
void deleteRealm(RealmModel realm);
|
||||
|
||||
void close();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,4 +5,6 @@ package org.keycloak.services.models;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface KeycloakSessionFactory {
|
||||
KeycloakSession createSession();
|
||||
void close();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,421 +1,101 @@
|
|||
package org.keycloak.services.models;
|
||||
|
||||
import org.bouncycastle.openssl.PEMWriter;
|
||||
import org.jboss.resteasy.security.PemUtils;
|
||||
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.relationships.RealmAdminRelationship;
|
||||
import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
|
||||
import org.keycloak.services.models.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.relationships.ScopeRelationship;
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.credential.Credentials;
|
||||
import org.picketlink.idm.credential.Password;
|
||||
import org.picketlink.idm.credential.TOTPCredential;
|
||||
import org.picketlink.idm.credential.TOTPCredentials;
|
||||
import org.picketlink.idm.credential.UsernamePasswordCredentials;
|
||||
import org.picketlink.idm.credential.X509CertificateCredentials;
|
||||
import org.picketlink.idm.model.Agent;
|
||||
import org.picketlink.idm.model.Attribute;
|
||||
import org.picketlink.idm.model.Grant;
|
||||
import org.picketlink.idm.model.Realm;
|
||||
import org.picketlink.idm.model.Role;
|
||||
import org.picketlink.idm.model.SimpleRole;
|
||||
import org.picketlink.idm.model.SimpleUser;
|
||||
import org.picketlink.idm.model.Tier;
|
||||
import org.picketlink.idm.model.User;
|
||||
import org.picketlink.idm.query.IdentityQuery;
|
||||
import org.picketlink.idm.query.RelationshipQuery;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.StringWriter;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* Meant to be a per-request object
|
||||
*
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RealmModel {
|
||||
public static final String DEFAULT_REALM = "default";
|
||||
public static final String REALM_AGENT_ID = "_realm_";
|
||||
public static final String REALM_NAME = "name";
|
||||
public static final String REALM_ACCESS_CODE_LIFESPAN = "accessCodeLifespan";
|
||||
public static final String REALM_TOKEN_LIFESPAN = "tokenLifespan";
|
||||
public static final String REALM_PRIVATE_KEY = "privateKey";
|
||||
public static final String REALM_PUBLIC_KEY = "publicKey";
|
||||
public static final String REALM_IS_SSL_NOT_REQUIRED = "isSSLNotRequired";
|
||||
public static final String REALM_IS_COOKIE_LOGIN_ALLOWED = "isCookieLoginAllowed";
|
||||
public static final String REALM_IS_REGISTRATION_ALLOWED = "isRegistrationAllowed";
|
||||
public interface RealmModel {
|
||||
String DEFAULT_REALM = "default";
|
||||
|
||||
protected Realm realm;
|
||||
protected Agent realmAgent;
|
||||
protected IdentitySession identitySession;
|
||||
protected volatile transient PublicKey publicKey;
|
||||
protected volatile transient PrivateKey privateKey;
|
||||
protected IdentityManager idm;
|
||||
String getId();
|
||||
|
||||
public RealmModel(Realm realm, IdentitySession session) {
|
||||
this.realm = realm;
|
||||
this.identitySession = session;
|
||||
realmAgent = getIdm().getAgent(REALM_AGENT_ID);
|
||||
}
|
||||
String getName();
|
||||
|
||||
protected IdentityManager getIdm() {
|
||||
if (idm == null) idm = identitySession.createIdentityManager(realm);
|
||||
return idm;
|
||||
}
|
||||
void setName(String name);
|
||||
|
||||
public void updateRealm() {
|
||||
getIdm().update(realmAgent);
|
||||
}
|
||||
boolean isEnabled();
|
||||
|
||||
public String getId() {
|
||||
return realm.getId();
|
||||
}
|
||||
void setEnabled(boolean enabled);
|
||||
|
||||
public String getName() {
|
||||
return (String) realmAgent.getAttribute(REALM_NAME).getValue();
|
||||
}
|
||||
boolean isSslNotRequired();
|
||||
|
||||
public void setName(String name) {
|
||||
realmAgent.setAttribute(new Attribute<String>(REALM_NAME, name));
|
||||
}
|
||||
void setSslNotRequired(boolean sslNotRequired);
|
||||
|
||||
public boolean isEnabled() {
|
||||
return realmAgent.isEnabled();
|
||||
}
|
||||
boolean isCookieLoginAllowed();
|
||||
|
||||
public void setEnabled(boolean enabled) {
|
||||
realmAgent.setEnabled(enabled);
|
||||
}
|
||||
void setCookieLoginAllowed(boolean cookieLoginAllowed);
|
||||
|
||||
public boolean isSslNotRequired() {
|
||||
return (Boolean) realmAgent.getAttribute(REALM_IS_SSL_NOT_REQUIRED).getValue();
|
||||
}
|
||||
boolean isRegistrationAllowed();
|
||||
|
||||
public void setSslNotRequired(boolean sslNotRequired) {
|
||||
realmAgent.setAttribute(new Attribute<Boolean>(REALM_IS_SSL_NOT_REQUIRED, sslNotRequired));
|
||||
}
|
||||
void setRegistrationAllowed(boolean registrationAllowed);
|
||||
|
||||
public boolean isCookieLoginAllowed() {
|
||||
return (Boolean) realmAgent.getAttribute(REALM_IS_COOKIE_LOGIN_ALLOWED).getValue();
|
||||
}
|
||||
int getTokenLifespan();
|
||||
|
||||
public void setCookieLoginAllowed(boolean cookieLoginAllowed) {
|
||||
realmAgent.setAttribute(new Attribute<Boolean>(REALM_IS_COOKIE_LOGIN_ALLOWED, cookieLoginAllowed));
|
||||
}
|
||||
void setTokenLifespan(int tokenLifespan);
|
||||
|
||||
public boolean isRegistrationAllowed() {
|
||||
return (Boolean) realmAgent.getAttribute(REALM_IS_REGISTRATION_ALLOWED).getValue();
|
||||
}
|
||||
int getAccessCodeLifespan();
|
||||
|
||||
public void setRegistrationAllowed(boolean registrationAllowed) {
|
||||
realmAgent.setAttribute(new Attribute<Boolean>(REALM_IS_REGISTRATION_ALLOWED, registrationAllowed));
|
||||
}
|
||||
void setAccessCodeLifespan(int accessCodeLifespan);
|
||||
|
||||
public int getTokenLifespan() {
|
||||
return (Integer) realmAgent.getAttribute(REALM_TOKEN_LIFESPAN).getValue();
|
||||
}
|
||||
String getPublicKeyPem();
|
||||
|
||||
public void setTokenLifespan(int tokenLifespan) {
|
||||
realmAgent.setAttribute(new Attribute<Integer>(REALM_TOKEN_LIFESPAN, tokenLifespan));
|
||||
}
|
||||
void setPublicKeyPem(String publicKeyPem);
|
||||
|
||||
public int getAccessCodeLifespan() {
|
||||
return (Integer) realmAgent.getAttribute(REALM_ACCESS_CODE_LIFESPAN).getValue();
|
||||
}
|
||||
String getPrivateKeyPem();
|
||||
|
||||
public void setAccessCodeLifespan(int accessCodeLifespan) {
|
||||
realmAgent.setAttribute(new Attribute<Integer>(REALM_ACCESS_CODE_LIFESPAN, accessCodeLifespan));
|
||||
}
|
||||
void setPrivateKeyPem(String privateKeyPem);
|
||||
|
||||
public String getPublicKeyPem() {
|
||||
return (String) realmAgent.getAttribute(REALM_PUBLIC_KEY).getValue();
|
||||
}
|
||||
PublicKey getPublicKey();
|
||||
|
||||
public void setPublicKeyPem(String publicKeyPem) {
|
||||
realmAgent.setAttribute(new Attribute<String>(REALM_PUBLIC_KEY, publicKeyPem));
|
||||
this.publicKey = null;
|
||||
}
|
||||
void setPublicKey(PublicKey publicKey);
|
||||
|
||||
public String getPrivateKeyPem() {
|
||||
return (String) realmAgent.getAttribute(REALM_PRIVATE_KEY).getValue();
|
||||
}
|
||||
PrivateKey getPrivateKey();
|
||||
|
||||
public void setPrivateKeyPem(String privateKeyPem) {
|
||||
realmAgent.setAttribute(new Attribute<String>(REALM_PRIVATE_KEY, privateKeyPem));
|
||||
this.privateKey = null;
|
||||
}
|
||||
void setPrivateKey(PrivateKey privateKey);
|
||||
|
||||
public PublicKey getPublicKey() {
|
||||
if (publicKey != null) return publicKey;
|
||||
String pem = getPublicKeyPem();
|
||||
if (pem != null) {
|
||||
try {
|
||||
publicKey = PemUtils.decodePublicKey(pem);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
return publicKey;
|
||||
}
|
||||
List<RequiredCredentialModel> getRequiredCredentials();
|
||||
|
||||
public void setPublicKey(PublicKey publicKey) {
|
||||
this.publicKey = publicKey;
|
||||
StringWriter writer = new StringWriter();
|
||||
PEMWriter pemWriter = new PEMWriter(writer);
|
||||
try {
|
||||
pemWriter.writeObject(publicKey);
|
||||
pemWriter.flush();
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
String s = writer.toString();
|
||||
setPublicKeyPem(PemUtils.removeBeginEnd(s));
|
||||
}
|
||||
void addRequiredCredential(RequiredCredentialModel cred);
|
||||
|
||||
public PrivateKey getPrivateKey() {
|
||||
if (privateKey != null) return privateKey;
|
||||
String pem = getPrivateKeyPem();
|
||||
if (pem != null) {
|
||||
try {
|
||||
privateKey = PemUtils.decodePrivateKey(pem);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
return privateKey;
|
||||
}
|
||||
boolean validatePassword(UserModel user, String password);
|
||||
|
||||
public void setPrivateKey(PrivateKey privateKey) {
|
||||
this.privateKey = privateKey;
|
||||
StringWriter writer = new StringWriter();
|
||||
PEMWriter pemWriter = new PEMWriter(writer);
|
||||
try {
|
||||
pemWriter.writeObject(privateKey);
|
||||
pemWriter.flush();
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
String s = writer.toString();
|
||||
setPrivateKeyPem(PemUtils.removeBeginEnd(s));
|
||||
}
|
||||
boolean validateTOTP(UserModel user, String password, String token);
|
||||
|
||||
public List<RequiredCredentialModel> getRequiredCredentials() {
|
||||
IdentityManager idm = getIdm();
|
||||
Agent realmAgent = idm.getAgent(REALM_AGENT_ID);
|
||||
RelationshipQuery<RequiredCredentialRelationship> query = idm.createRelationshipQuery(RequiredCredentialRelationship.class);
|
||||
query.setParameter(RequiredCredentialRelationship.REALM_AGENT, realmAgent);
|
||||
List<RequiredCredentialRelationship> results = query.getResultList();
|
||||
List<RequiredCredentialModel> rtn = new ArrayList<RequiredCredentialModel>();
|
||||
for (RequiredCredentialRelationship relationship : results) {
|
||||
RequiredCredentialModel model = new RequiredCredentialModel();
|
||||
model.setInput(relationship.isInput());
|
||||
model.setSecret(relationship.isSecret());
|
||||
model.setType(relationship.getCredentialType());
|
||||
rtn.add(model);
|
||||
}
|
||||
return rtn;
|
||||
}
|
||||
void updateCredential(UserModel user, UserCredentialModel cred);
|
||||
|
||||
public void addRequiredCredential(RequiredCredentialModel cred) {
|
||||
IdentityManager idm = getIdm();
|
||||
Agent realmAgent = idm.getAgent(REALM_AGENT_ID);
|
||||
RequiredCredentialRelationship relationship = new RequiredCredentialRelationship();
|
||||
relationship.setCredentialType(cred.getType());
|
||||
relationship.setInput(cred.isInput());
|
||||
relationship.setSecret(cred.isSecret());
|
||||
relationship.setRealmAgent(realmAgent);
|
||||
idm.add(relationship);
|
||||
}
|
||||
UserModel getUser(String name);
|
||||
|
||||
public boolean validatePassword(UserModel user, String password) {
|
||||
UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user.getLoginName(), new Password(password));
|
||||
getIdm().validateCredentials(creds);
|
||||
return creds.getStatus() == Credentials.Status.VALID;
|
||||
}
|
||||
UserModel addUser(String username);
|
||||
|
||||
public boolean validateTOTP(UserModel user, String password, String token) {
|
||||
TOTPCredentials creds = new TOTPCredentials();
|
||||
creds.setToken(token);
|
||||
creds.setUsername(user.getLoginName());
|
||||
creds.setPassword(new Password(password));
|
||||
getIdm().validateCredentials(creds);
|
||||
return creds.getStatus() == Credentials.Status.VALID;
|
||||
}
|
||||
RoleModel getRole(String name);
|
||||
|
||||
public void updateCredential(UserModel user, UserCredentialModel cred) {
|
||||
IdentityManager idm = getIdm();
|
||||
if (cred.getType().equals(RequiredCredentialRepresentation.PASSWORD)) {
|
||||
Password password = new Password(cred.getValue());
|
||||
idm.updateCredential(user.getUser(), password);
|
||||
} else if (cred.getType().equals(RequiredCredentialRepresentation.TOTP)) {
|
||||
TOTPCredential totp = new TOTPCredential(cred.getValue());
|
||||
idm.updateCredential(user.getUser(), totp);
|
||||
} else if (cred.getType().equals(RequiredCredentialRepresentation.CLIENT_CERT)) {
|
||||
X509Certificate cert = null;
|
||||
try {
|
||||
cert = org.keycloak.PemUtils.decodeCertificate(cred.getValue());
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
X509CertificateCredentials creds = new X509CertificateCredentials(cert);
|
||||
idm.updateCredential(user.getUser(), creds);
|
||||
}
|
||||
}
|
||||
RoleModel addRole(String name);
|
||||
|
||||
public UserModel getUser(String name) {
|
||||
User user = getIdm().getUser(name);
|
||||
if (user == null) return null;
|
||||
return new UserModel(user, getIdm());
|
||||
}
|
||||
List<RoleModel> getRoles();
|
||||
|
||||
public UserModel addUser(String username) {
|
||||
User user = getIdm().getUser(username);
|
||||
if (user != null) throw new IllegalStateException("User already exists");
|
||||
user = new SimpleUser(username);
|
||||
getIdm().add(user);
|
||||
return new UserModel(user, getIdm());
|
||||
}
|
||||
Map<String, ResourceModel> getResourceMap();
|
||||
|
||||
public RoleModel getRole(String name) {
|
||||
Role role = getIdm().getRole(name);
|
||||
if (role == null) return null;
|
||||
return new RoleModel(role, getIdm());
|
||||
}
|
||||
List<ResourceModel> getResources();
|
||||
|
||||
public RoleModel addRole(String name) {
|
||||
Role role = new SimpleRole(name);
|
||||
getIdm().add(role);
|
||||
return new RoleModel(role, getIdm());
|
||||
}
|
||||
ResourceModel addResource(String name);
|
||||
|
||||
public List<RoleModel> getRoles() {
|
||||
IdentityManager idm = getIdm();
|
||||
IdentityQuery<Role> query = idm.createIdentityQuery(Role.class);
|
||||
query.setParameter(Role.PARTITION, realm);
|
||||
List<Role> roles = query.getResultList();
|
||||
List<RoleModel> roleModels = new ArrayList<RoleModel>();
|
||||
for (Role role : roles) {
|
||||
roleModels.add(new RoleModel(role, idm));
|
||||
}
|
||||
return roleModels;
|
||||
}
|
||||
boolean hasRole(UserModel user, RoleModel role);
|
||||
|
||||
void grantRole(UserModel user, RoleModel role);
|
||||
|
||||
/**
|
||||
* Key name, value resource
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public Map<String, ResourceModel> getResourceMap() {
|
||||
Map<String, ResourceModel> resourceMap = new HashMap<String, ResourceModel>();
|
||||
for (ResourceModel resource : getResources()) {
|
||||
resourceMap.put(resource.getName(), resource);
|
||||
}
|
||||
return resourceMap;
|
||||
}
|
||||
Set<String> getRoleMappings(UserModel user);
|
||||
|
||||
public List<ResourceModel> getResources() {
|
||||
IdentityManager idm = getIdm();
|
||||
RelationshipQuery<ResourceRelationship> query = idm.createRelationshipQuery(ResourceRelationship.class);
|
||||
query.setParameter(ResourceRelationship.REALM_AGENT, realmAgent);
|
||||
List<ResourceRelationship> results = query.getResultList();
|
||||
List<ResourceModel> resources = new ArrayList<ResourceModel>();
|
||||
for (ResourceRelationship relationship : results) {
|
||||
Tier resourceTier = identitySession.findTier(relationship.getResourceId());
|
||||
ResourceModel model = new ResourceModel(resourceTier,relationship, this, identitySession);
|
||||
resources.add(model);
|
||||
}
|
||||
void addScope(UserModel agent, String roleName);
|
||||
|
||||
return resources;
|
||||
}
|
||||
Set<String> getScope(UserModel agent);
|
||||
|
||||
public ResourceModel addResource(String name) {
|
||||
Tier newTier = identitySession.createTier(RealmManager.generateId());
|
||||
IdentityManager idm = getIdm();
|
||||
ResourceRelationship relationship = new ResourceRelationship();
|
||||
relationship.setResourceName(name);
|
||||
relationship.setRealmAgent(realmAgent);
|
||||
relationship.setResourceId(newTier.getId());
|
||||
relationship.setManagementUrl(""); // Picketlink doesn't like null attribute values
|
||||
User resourceUser = new SimpleUser(name);
|
||||
idm.add(resourceUser);
|
||||
relationship.setResourceUser(resourceUser);
|
||||
idm.add(relationship);
|
||||
ResourceModel resource = new ResourceModel(newTier, relationship, this, identitySession);
|
||||
resource.addRole("*");
|
||||
resource.addScope(new UserModel(resourceUser, idm), "*");
|
||||
return resource;
|
||||
}
|
||||
boolean isRealmAdmin(UserModel agent);
|
||||
|
||||
public boolean hasRole(UserModel user, RoleModel role) {
|
||||
return getIdm().hasRole(user.getUser(), role.getRole());
|
||||
}
|
||||
|
||||
public void grantRole(UserModel user, RoleModel role) {
|
||||
getIdm().grantRole(user.getUser(), role.getRole());
|
||||
}
|
||||
|
||||
public Set<String> getRoleMappings(UserModel user) {
|
||||
RelationshipQuery<Grant> query = getIdm().createRelationshipQuery(Grant.class);
|
||||
query.setParameter(Grant.ASSIGNEE, user.getUser());
|
||||
List<Grant> grants = query.getResultList();
|
||||
HashSet<String> set = new HashSet<String>();
|
||||
for (Grant grant : grants) {
|
||||
if (grant.getRole().getPartition().getId().equals(realm.getId())) set.add(grant.getRole().getName());
|
||||
}
|
||||
return set;
|
||||
}
|
||||
|
||||
public void addScope(UserModel agent, String roleName) {
|
||||
IdentityManager idm = getIdm();
|
||||
Role role = idm.getRole(roleName);
|
||||
if (role == null) throw new RuntimeException("role not found");
|
||||
ScopeRelationship scope = new ScopeRelationship();
|
||||
scope.setClient(agent.getUser());
|
||||
scope.setScope(role);
|
||||
idm.add(scope);
|
||||
|
||||
}
|
||||
|
||||
|
||||
public Set<String> getScope(UserModel agent) {
|
||||
RelationshipQuery<ScopeRelationship> query = getIdm().createRelationshipQuery(ScopeRelationship.class);
|
||||
query.setParameter(ScopeRelationship.CLIENT, agent.getUser());
|
||||
List<ScopeRelationship> scope = query.getResultList();
|
||||
HashSet<String> set = new HashSet<String>();
|
||||
for (ScopeRelationship rel : scope) {
|
||||
if (rel.getScope().getPartition().getId().equals(realm.getId())) set.add(rel.getScope().getName());
|
||||
}
|
||||
return set;
|
||||
}
|
||||
|
||||
public boolean isRealmAdmin(UserModel agent) {
|
||||
IdentityManager idm = new RealmManager(identitySession).defaultRealm().getIdm();
|
||||
RelationshipQuery<RealmAdminRelationship> query = idm.createRelationshipQuery(RealmAdminRelationship.class);
|
||||
query.setParameter(RealmAdminRelationship.REALM, realm.getId());
|
||||
query.setParameter(RealmAdminRelationship.ADMIN, agent.getUser());
|
||||
List<RealmAdminRelationship> results = query.getResultList();
|
||||
return results.size() > 0;
|
||||
}
|
||||
|
||||
public void addRealmAdmin(UserModel agent) {
|
||||
IdentityManager idm = new RealmManager(identitySession).defaultRealm().getIdm();
|
||||
RealmAdminRelationship relationship = new RealmAdminRelationship();
|
||||
relationship.setAdmin(agent.getUser());
|
||||
relationship.setRealm(realm.getId());
|
||||
idm.add(relationship);
|
||||
}
|
||||
void addRealmAdmin(UserModel agent);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,18 +1,5 @@
|
|||
package org.keycloak.services.models;
|
||||
|
||||
import org.keycloak.services.models.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.relationships.ScopeRelationship;
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.model.Grant;
|
||||
import org.picketlink.idm.model.Role;
|
||||
import org.picketlink.idm.model.SimpleRole;
|
||||
import org.picketlink.idm.model.Tier;
|
||||
import org.picketlink.idm.query.IdentityQuery;
|
||||
import org.picketlink.idm.query.RelationshipQuery;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
|
|
@ -20,125 +7,40 @@ import java.util.Set;
|
|||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class ResourceModel {
|
||||
protected Tier tier;
|
||||
protected ResourceRelationship agent;
|
||||
protected RealmModel realm;
|
||||
protected IdentitySession identitySession;
|
||||
protected IdentityManager idm;
|
||||
public interface ResourceModel {
|
||||
void updateResource();
|
||||
|
||||
public ResourceModel(Tier tier, ResourceRelationship agent, RealmModel realm, IdentitySession session) {
|
||||
this.tier = tier;
|
||||
this.agent = agent;
|
||||
this.realm = realm;
|
||||
this.identitySession = session;
|
||||
}
|
||||
UserModel getResourceUser();
|
||||
|
||||
protected IdentityManager getIdm() {
|
||||
if (idm == null) idm = identitySession.createIdentityManager(tier);
|
||||
return idm;
|
||||
}
|
||||
String getId();
|
||||
|
||||
public void updateResource() {
|
||||
getIdm().update(agent);
|
||||
}
|
||||
String getName();
|
||||
|
||||
public UserModel getResourceUser() {
|
||||
return new UserModel(agent.getResourceUser(), realm.getIdm());
|
||||
}
|
||||
void setName(String name);
|
||||
|
||||
public String getId() {
|
||||
return tier.getId();
|
||||
}
|
||||
boolean isEnabled();
|
||||
|
||||
public String getName() {
|
||||
return agent.getResourceName();
|
||||
}
|
||||
void setEnabled(boolean enabled);
|
||||
|
||||
public void setName(String name) {
|
||||
agent.setResourceName(name);
|
||||
}
|
||||
boolean isSurrogateAuthRequired();
|
||||
|
||||
public boolean isEnabled() {
|
||||
return agent.getEnabled();
|
||||
}
|
||||
void setSurrogateAuthRequired(boolean surrogateAuthRequired);
|
||||
|
||||
public void setEnabled(boolean enabled) {
|
||||
agent.setEnabled(enabled);
|
||||
}
|
||||
String getManagementUrl();
|
||||
|
||||
public boolean isSurrogateAuthRequired() {
|
||||
return agent.getSurrogateAuthRequired();
|
||||
}
|
||||
void setManagementUrl(String url);
|
||||
|
||||
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
|
||||
agent.setSurrogateAuthRequired(surrogateAuthRequired);
|
||||
}
|
||||
RoleModel getRole(String name);
|
||||
|
||||
public String getManagementUrl() {
|
||||
return agent.getManagementUrl();
|
||||
}
|
||||
RoleModel addRole(String name);
|
||||
|
||||
public void setManagementUrl(String url) {
|
||||
agent.setManagementUrl(url);
|
||||
}
|
||||
List<RoleModel> getRoles();
|
||||
|
||||
public RoleModel getRole(String name) {
|
||||
Role role = getIdm().getRole(name);
|
||||
if (role == null) return null;
|
||||
return new RoleModel(role, getIdm());
|
||||
}
|
||||
Set<String> getRoleMappings(UserModel user);
|
||||
|
||||
public RoleModel addRole(String name) {
|
||||
Role role = new SimpleRole(name);
|
||||
getIdm().add(role);
|
||||
return new RoleModel(role, getIdm());
|
||||
}
|
||||
void addScope(UserModel agent, String roleName);
|
||||
|
||||
public List<RoleModel> getRoles() {
|
||||
IdentityQuery<Role> query = getIdm().createIdentityQuery(Role.class);
|
||||
query.setParameter(Role.PARTITION, tier);
|
||||
List<Role> roles = query.getResultList();
|
||||
List<RoleModel> roleModels = new ArrayList<RoleModel>();
|
||||
for (Role role : roles) {
|
||||
roleModels.add(new RoleModel(role, idm));
|
||||
}
|
||||
return roleModels;
|
||||
}
|
||||
void addScope(UserModel agent, RoleModel role);
|
||||
|
||||
public Set<String> getRoleMappings(UserModel user) {
|
||||
RelationshipQuery<Grant> query = getIdm().createRelationshipQuery(Grant.class);
|
||||
query.setParameter(Grant.ASSIGNEE, user.getUser());
|
||||
List<Grant> grants = query.getResultList();
|
||||
HashSet<String> set = new HashSet<String>();
|
||||
for (Grant grant : grants) {
|
||||
if (grant.getRole().getPartition().getId().equals(tier.getId())) set.add(grant.getRole().getName());
|
||||
}
|
||||
return set;
|
||||
}
|
||||
|
||||
public void addScope(UserModel agent, String roleName) {
|
||||
IdentityManager idm = getIdm();
|
||||
Role role = idm.getRole(roleName);
|
||||
if (role == null) throw new RuntimeException("role not found");
|
||||
addScope(agent, role);
|
||||
|
||||
}
|
||||
|
||||
public void addScope(UserModel agent, Role role) {
|
||||
ScopeRelationship scope = new ScopeRelationship();
|
||||
scope.setClient(agent.getUser());
|
||||
scope.setScope(role);
|
||||
}
|
||||
|
||||
public Set<String> getScope(UserModel agent) {
|
||||
RelationshipQuery<ScopeRelationship> query = getIdm().createRelationshipQuery(ScopeRelationship.class);
|
||||
query.setParameter(ScopeRelationship.CLIENT, agent.getUser());
|
||||
List<ScopeRelationship> scope = query.getResultList();
|
||||
HashSet<String> set = new HashSet<String>();
|
||||
for (ScopeRelationship rel : scope) {
|
||||
if (rel.getScope().getPartition().getId().equals(tier.getId())) set.add(rel.getScope().getName());
|
||||
}
|
||||
return set;
|
||||
}
|
||||
Set<String> getScope(UserModel agent);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,45 +1,13 @@
|
|||
package org.keycloak.services.models;
|
||||
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.model.Attribute;
|
||||
import org.picketlink.idm.model.Role;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RoleModel {
|
||||
protected Role role;
|
||||
protected IdentityManager idm;
|
||||
public interface RoleModel {
|
||||
String getName();
|
||||
|
||||
public RoleModel(Role role, IdentityManager idm) {
|
||||
this.role = role;
|
||||
this.idm = idm;
|
||||
}
|
||||
|
||||
protected Role getRole() {
|
||||
return role;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return role.getName();
|
||||
}
|
||||
|
||||
public String getDescription() {
|
||||
Attribute<Serializable> description = role.getAttribute("description");
|
||||
if (description == null) return null;
|
||||
return (String) description.getValue();
|
||||
}
|
||||
|
||||
public void setDescription(String description) {
|
||||
if (description == null) {
|
||||
role.removeAttribute("description");
|
||||
} else {
|
||||
role.setAttribute(new Attribute<String>("description", description));
|
||||
}
|
||||
idm.update(role);
|
||||
}
|
||||
String getDescription();
|
||||
|
||||
void setDescription(String description);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,63 +1,23 @@
|
|||
package org.keycloak.services.models;
|
||||
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.model.Attribute;
|
||||
import org.picketlink.idm.model.User;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class UserModel {
|
||||
protected User user;
|
||||
protected IdentityManager idm;
|
||||
public interface UserModel {
|
||||
String getLoginName();
|
||||
|
||||
public UserModel(User user, IdentityManager idm) {
|
||||
this.user = user;
|
||||
this.idm = idm;
|
||||
}
|
||||
boolean isEnabled();
|
||||
|
||||
protected User getUser() {
|
||||
return user;
|
||||
}
|
||||
void setEnabled(boolean enabled);
|
||||
|
||||
public String getLoginName() {
|
||||
return user.getLoginName();
|
||||
}
|
||||
void setAttribute(String name, String value);
|
||||
|
||||
public boolean isEnabled() {
|
||||
return user.isEnabled();
|
||||
}
|
||||
void removeAttribute(String name);
|
||||
|
||||
public void setEnabled(boolean enabled) {
|
||||
user.setEnabled(enabled);
|
||||
idm.update(user);
|
||||
}
|
||||
String getAttribute(String name);
|
||||
|
||||
public void setAttribute(String name, String value) {
|
||||
user.setAttribute(new Attribute<String>(name, value));
|
||||
idm.update(user);
|
||||
}
|
||||
|
||||
public void removeAttribute(String name) {
|
||||
user.removeAttribute(name);
|
||||
idm.update(user);
|
||||
}
|
||||
|
||||
public String getAttribute(String name) {
|
||||
Attribute<String> attribute = user.getAttribute(name);
|
||||
if (attribute == null || attribute.getValue() == null) return null;
|
||||
return attribute.getValue().toString();
|
||||
}
|
||||
|
||||
public Map<String, String> getAttributes() {
|
||||
Map<String, String> attributes = new HashMap<String, String>();
|
||||
for (Attribute attribute : user.getAttributes()) {
|
||||
if (attribute.getValue() != null) attributes.put(attribute.getName(), attribute.getValue().toString());
|
||||
}
|
||||
return attributes;
|
||||
}
|
||||
Map<String, String> getAttributes();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,69 @@
|
|||
package org.keycloak.services.models.picketlink;
|
||||
|
||||
import org.jboss.resteasy.spi.NotImplementedYetException;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.models.KeycloakTransaction;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.model.Realm;
|
||||
import org.picketlink.idm.model.SimpleAgent;
|
||||
|
||||
import java.util.concurrent.atomic.AtomicLong;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class PicketlinkKeycloakSession implements KeycloakSession {
|
||||
protected IdentitySession session;
|
||||
|
||||
private static AtomicLong counter = new AtomicLong(1);
|
||||
public static String generateId() {
|
||||
return counter.getAndIncrement() + "-" + System.currentTimeMillis();
|
||||
}
|
||||
|
||||
public PicketlinkKeycloakSession(IdentitySession session) {
|
||||
this.session = session;
|
||||
}
|
||||
|
||||
@Override
|
||||
public KeycloakTransaction getTransaction() {
|
||||
return new PicketlinkKeycloakTransaction(session.getTransaction());
|
||||
}
|
||||
|
||||
@Override
|
||||
public RealmAdapter createRealm(String name) {
|
||||
return createRealm(generateId(), name);
|
||||
}
|
||||
|
||||
@Override
|
||||
public RealmAdapter createRealm(String id, String name) {
|
||||
Realm newRealm = session.createRealm(id);
|
||||
IdentityManager idm = session.createIdentityManager(newRealm);
|
||||
SimpleAgent agent = new SimpleAgent(RealmAdapter.REALM_AGENT_ID);
|
||||
idm.add(agent);
|
||||
RealmAdapter realm = new RealmAdapter(newRealm, session);
|
||||
return realm;
|
||||
}
|
||||
|
||||
@Override
|
||||
public RealmAdapter getRealm(String id) {
|
||||
Realm existing = session.findRealm(id);
|
||||
if (existing == null) {
|
||||
return null;
|
||||
}
|
||||
return new RealmAdapter(existing, session);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void deleteRealm(RealmModel realm) {
|
||||
throw new NotImplementedYetException();
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
session.close();
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
package org.keycloak.services.models.picketlink;
|
||||
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.models.KeycloakSessionFactory;
|
||||
import org.picketlink.idm.IdentitySessionFactory;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class PicketlinkKeycloakSessionFactory implements KeycloakSessionFactory {
|
||||
protected IdentitySessionFactory factory;
|
||||
|
||||
public PicketlinkKeycloakSessionFactory(IdentitySessionFactory factory) {
|
||||
this.factory = factory;
|
||||
}
|
||||
|
||||
@Override
|
||||
public KeycloakSession createSession() {
|
||||
return new PicketlinkKeycloakSession(factory.createIdentitySession());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
factory.close();
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
package org.keycloak.services.models.picketlink;
|
||||
|
||||
import org.keycloak.services.models.KeycloakTransaction;
|
||||
import org.picketlink.idm.IdentityTransaction;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class PicketlinkKeycloakTransaction implements KeycloakTransaction{
|
||||
protected IdentityTransaction transaction;
|
||||
|
||||
public PicketlinkKeycloakTransaction(IdentityTransaction transaction) {
|
||||
this.transaction = transaction;
|
||||
}
|
||||
|
||||
public void begin() {
|
||||
transaction.begin();
|
||||
}
|
||||
|
||||
public void setRollbackOnly() {
|
||||
transaction.setRollbackOnly();
|
||||
}
|
||||
|
||||
public boolean isActive() {
|
||||
return transaction.isActive();
|
||||
}
|
||||
|
||||
public boolean getRollbackOnly() {
|
||||
return transaction.getRollbackOnly();
|
||||
}
|
||||
|
||||
public void commit() {
|
||||
transaction.commit();
|
||||
}
|
||||
|
||||
public void rollback() {
|
||||
transaction.rollback();
|
||||
}
|
||||
}
|
||||
479
services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java
Executable file
479
services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java
Executable file
|
|
@ -0,0 +1,479 @@
|
|||
package org.keycloak.services.models.picketlink;
|
||||
|
||||
import org.bouncycastle.openssl.PEMWriter;
|
||||
import org.jboss.resteasy.security.PemUtils;
|
||||
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.UserCredentialModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.credential.Credentials;
|
||||
import org.picketlink.idm.credential.Password;
|
||||
import org.picketlink.idm.credential.TOTPCredential;
|
||||
import org.picketlink.idm.credential.TOTPCredentials;
|
||||
import org.picketlink.idm.credential.UsernamePasswordCredentials;
|
||||
import org.picketlink.idm.credential.X509CertificateCredentials;
|
||||
import org.picketlink.idm.model.Agent;
|
||||
import org.picketlink.idm.model.Attribute;
|
||||
import org.picketlink.idm.model.Grant;
|
||||
import org.picketlink.idm.model.Realm;
|
||||
import org.picketlink.idm.model.Role;
|
||||
import org.picketlink.idm.model.SimpleRole;
|
||||
import org.picketlink.idm.model.SimpleUser;
|
||||
import org.picketlink.idm.model.Tier;
|
||||
import org.picketlink.idm.model.User;
|
||||
import org.picketlink.idm.query.IdentityQuery;
|
||||
import org.picketlink.idm.query.RelationshipQuery;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.StringWriter;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* Meant to be a per-request object
|
||||
*
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RealmAdapter implements RealmModel {
|
||||
public static final String REALM_AGENT_ID = "_realm_";
|
||||
public static final String REALM_NAME = "name";
|
||||
public static final String REALM_ACCESS_CODE_LIFESPAN = "accessCodeLifespan";
|
||||
public static final String REALM_TOKEN_LIFESPAN = "tokenLifespan";
|
||||
public static final String REALM_PRIVATE_KEY = "privateKey";
|
||||
public static final String REALM_PUBLIC_KEY = "publicKey";
|
||||
public static final String REALM_IS_SSL_NOT_REQUIRED = "isSSLNotRequired";
|
||||
public static final String REALM_IS_COOKIE_LOGIN_ALLOWED = "isCookieLoginAllowed";
|
||||
public static final String REALM_IS_REGISTRATION_ALLOWED = "isRegistrationAllowed";
|
||||
|
||||
protected Realm realm;
|
||||
protected Agent realmAgent;
|
||||
protected IdentitySession identitySession;
|
||||
protected volatile transient PublicKey publicKey;
|
||||
protected volatile transient PrivateKey privateKey;
|
||||
protected IdentityManager idm;
|
||||
|
||||
public RealmAdapter(Realm realm, IdentitySession session) {
|
||||
this.realm = realm;
|
||||
this.identitySession = session;
|
||||
realmAgent = getIdm().getAgent(REALM_AGENT_ID);
|
||||
}
|
||||
|
||||
protected IdentityManager getIdm() {
|
||||
if (idm == null) idm = identitySession.createIdentityManager(realm);
|
||||
return idm;
|
||||
}
|
||||
|
||||
protected void updateRealm() {
|
||||
getIdm().update(realmAgent);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return realm.getId();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return (String) realmAgent.getAttribute(REALM_NAME).getValue();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setName(String name) {
|
||||
realmAgent.setAttribute(new Attribute<String>(REALM_NAME, name));
|
||||
updateRealm();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return realmAgent.isEnabled();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setEnabled(boolean enabled) {
|
||||
realmAgent.setEnabled(enabled);
|
||||
updateRealm();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSslNotRequired() {
|
||||
return (Boolean) realmAgent.getAttribute(REALM_IS_SSL_NOT_REQUIRED).getValue();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setSslNotRequired(boolean sslNotRequired) {
|
||||
realmAgent.setAttribute(new Attribute<Boolean>(REALM_IS_SSL_NOT_REQUIRED, sslNotRequired));
|
||||
updateRealm();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isCookieLoginAllowed() {
|
||||
return (Boolean) realmAgent.getAttribute(REALM_IS_COOKIE_LOGIN_ALLOWED).getValue();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setCookieLoginAllowed(boolean cookieLoginAllowed) {
|
||||
realmAgent.setAttribute(new Attribute<Boolean>(REALM_IS_COOKIE_LOGIN_ALLOWED, cookieLoginAllowed));
|
||||
updateRealm();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isRegistrationAllowed() {
|
||||
return (Boolean) realmAgent.getAttribute(REALM_IS_REGISTRATION_ALLOWED).getValue();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setRegistrationAllowed(boolean registrationAllowed) {
|
||||
realmAgent.setAttribute(new Attribute<Boolean>(REALM_IS_REGISTRATION_ALLOWED, registrationAllowed));
|
||||
updateRealm();
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getTokenLifespan() {
|
||||
return (Integer) realmAgent.getAttribute(REALM_TOKEN_LIFESPAN).getValue();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setTokenLifespan(int tokenLifespan) {
|
||||
realmAgent.setAttribute(new Attribute<Integer>(REALM_TOKEN_LIFESPAN, tokenLifespan));
|
||||
updateRealm();
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getAccessCodeLifespan() {
|
||||
return (Integer) realmAgent.getAttribute(REALM_ACCESS_CODE_LIFESPAN).getValue();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setAccessCodeLifespan(int accessCodeLifespan) {
|
||||
realmAgent.setAttribute(new Attribute<Integer>(REALM_ACCESS_CODE_LIFESPAN, accessCodeLifespan));
|
||||
updateRealm();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPublicKeyPem() {
|
||||
return (String) realmAgent.getAttribute(REALM_PUBLIC_KEY).getValue();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setPublicKeyPem(String publicKeyPem) {
|
||||
realmAgent.setAttribute(new Attribute<String>(REALM_PUBLIC_KEY, publicKeyPem));
|
||||
this.publicKey = null;
|
||||
updateRealm();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivateKeyPem() {
|
||||
return (String) realmAgent.getAttribute(REALM_PRIVATE_KEY).getValue();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setPrivateKeyPem(String privateKeyPem) {
|
||||
realmAgent.setAttribute(new Attribute<String>(REALM_PRIVATE_KEY, privateKeyPem));
|
||||
this.privateKey = null;
|
||||
updateRealm();
|
||||
}
|
||||
|
||||
@Override
|
||||
public PublicKey getPublicKey() {
|
||||
if (publicKey != null) return publicKey;
|
||||
String pem = getPublicKeyPem();
|
||||
if (pem != null) {
|
||||
try {
|
||||
publicKey = PemUtils.decodePublicKey(pem);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
return publicKey;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setPublicKey(PublicKey publicKey) {
|
||||
this.publicKey = publicKey;
|
||||
StringWriter writer = new StringWriter();
|
||||
PEMWriter pemWriter = new PEMWriter(writer);
|
||||
try {
|
||||
pemWriter.writeObject(publicKey);
|
||||
pemWriter.flush();
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
String s = writer.toString();
|
||||
setPublicKeyPem(PemUtils.removeBeginEnd(s));
|
||||
}
|
||||
|
||||
@Override
|
||||
public PrivateKey getPrivateKey() {
|
||||
if (privateKey != null) return privateKey;
|
||||
String pem = getPrivateKeyPem();
|
||||
if (pem != null) {
|
||||
try {
|
||||
privateKey = PemUtils.decodePrivateKey(pem);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
return privateKey;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setPrivateKey(PrivateKey privateKey) {
|
||||
this.privateKey = privateKey;
|
||||
StringWriter writer = new StringWriter();
|
||||
PEMWriter pemWriter = new PEMWriter(writer);
|
||||
try {
|
||||
pemWriter.writeObject(privateKey);
|
||||
pemWriter.flush();
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
String s = writer.toString();
|
||||
setPrivateKeyPem(PemUtils.removeBeginEnd(s));
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RequiredCredentialModel> getRequiredCredentials() {
|
||||
IdentityManager idm = getIdm();
|
||||
Agent realmAgent = idm.getAgent(REALM_AGENT_ID);
|
||||
RelationshipQuery<RequiredCredentialRelationship> query = idm.createRelationshipQuery(RequiredCredentialRelationship.class);
|
||||
query.setParameter(RequiredCredentialRelationship.REALM_AGENT, realmAgent);
|
||||
List<RequiredCredentialRelationship> results = query.getResultList();
|
||||
List<RequiredCredentialModel> rtn = new ArrayList<RequiredCredentialModel>();
|
||||
for (RequiredCredentialRelationship relationship : results) {
|
||||
RequiredCredentialModel model = new RequiredCredentialModel();
|
||||
model.setInput(relationship.isInput());
|
||||
model.setSecret(relationship.isSecret());
|
||||
model.setType(relationship.getCredentialType());
|
||||
rtn.add(model);
|
||||
}
|
||||
return rtn;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addRequiredCredential(RequiredCredentialModel cred) {
|
||||
IdentityManager idm = getIdm();
|
||||
Agent realmAgent = idm.getAgent(REALM_AGENT_ID);
|
||||
RequiredCredentialRelationship relationship = new RequiredCredentialRelationship();
|
||||
relationship.setCredentialType(cred.getType());
|
||||
relationship.setInput(cred.isInput());
|
||||
relationship.setSecret(cred.isSecret());
|
||||
relationship.setRealmAgent(realmAgent);
|
||||
idm.add(relationship);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean validatePassword(UserModel user, String password) {
|
||||
UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user.getLoginName(), new Password(password));
|
||||
getIdm().validateCredentials(creds);
|
||||
return creds.getStatus() == Credentials.Status.VALID;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean validateTOTP(UserModel user, String password, String token) {
|
||||
TOTPCredentials creds = new TOTPCredentials();
|
||||
creds.setToken(token);
|
||||
creds.setUsername(user.getLoginName());
|
||||
creds.setPassword(new Password(password));
|
||||
getIdm().validateCredentials(creds);
|
||||
return creds.getStatus() == Credentials.Status.VALID;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateCredential(UserModel user, UserCredentialModel cred) {
|
||||
IdentityManager idm = getIdm();
|
||||
if (cred.getType().equals(RequiredCredentialRepresentation.PASSWORD)) {
|
||||
Password password = new Password(cred.getValue());
|
||||
idm.updateCredential(((UserAdapter)user).getUser(), password);
|
||||
} else if (cred.getType().equals(RequiredCredentialRepresentation.TOTP)) {
|
||||
TOTPCredential totp = new TOTPCredential(cred.getValue());
|
||||
idm.updateCredential(((UserAdapter)user).getUser(), totp);
|
||||
} else if (cred.getType().equals(RequiredCredentialRepresentation.CLIENT_CERT)) {
|
||||
X509Certificate cert = null;
|
||||
try {
|
||||
cert = org.keycloak.PemUtils.decodeCertificate(cred.getValue());
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
X509CertificateCredentials creds = new X509CertificateCredentials(cert);
|
||||
idm.updateCredential(((UserAdapter)user).getUser(), creds);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserAdapter getUser(String name) {
|
||||
User user = getIdm().getUser(name);
|
||||
if (user == null) return null;
|
||||
return new UserAdapter(user, getIdm());
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserAdapter addUser(String username) {
|
||||
User user = getIdm().getUser(username);
|
||||
if (user != null) throw new IllegalStateException("User already exists");
|
||||
user = new SimpleUser(username);
|
||||
getIdm().add(user);
|
||||
return new UserAdapter(user, getIdm());
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleAdapter getRole(String name) {
|
||||
Role role = getIdm().getRole(name);
|
||||
if (role == null) return null;
|
||||
return new RoleAdapter(role, getIdm());
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleAdapter addRole(String name) {
|
||||
Role role = new SimpleRole(name);
|
||||
getIdm().add(role);
|
||||
return new RoleAdapter(role, getIdm());
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RoleModel> getRoles() {
|
||||
IdentityManager idm = getIdm();
|
||||
IdentityQuery<Role> query = idm.createIdentityQuery(Role.class);
|
||||
query.setParameter(Role.PARTITION, realm);
|
||||
List<Role> roles = query.getResultList();
|
||||
List<RoleModel> roleModels = new ArrayList<RoleModel>();
|
||||
for (Role role : roles) {
|
||||
roleModels.add(new RoleAdapter(role, idm));
|
||||
}
|
||||
return roleModels;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Key name, value resource
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
@Override
|
||||
public Map<String, ResourceModel> getResourceMap() {
|
||||
Map<String, ResourceModel> resourceMap = new HashMap<String, ResourceModel>();
|
||||
for (ResourceModel resource : getResources()) {
|
||||
resourceMap.put(resource.getName(), resource);
|
||||
}
|
||||
return resourceMap;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<ResourceModel> getResources() {
|
||||
IdentityManager idm = getIdm();
|
||||
RelationshipQuery<ResourceRelationship> query = idm.createRelationshipQuery(ResourceRelationship.class);
|
||||
query.setParameter(ResourceRelationship.REALM_AGENT, realmAgent);
|
||||
List<ResourceRelationship> results = query.getResultList();
|
||||
List<ResourceModel> resources = new ArrayList<ResourceModel>();
|
||||
for (ResourceRelationship relationship : results) {
|
||||
Tier resourceTier = identitySession.findTier(relationship.getResourceId());
|
||||
ResourceModel model = new ResourceAdapter(resourceTier,relationship, this, identitySession);
|
||||
resources.add(model);
|
||||
}
|
||||
|
||||
return resources;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ResourceModel addResource(String name) {
|
||||
Tier newTier = identitySession.createTier(RealmManager.generateId());
|
||||
IdentityManager idm = getIdm();
|
||||
ResourceRelationship relationship = new ResourceRelationship();
|
||||
relationship.setResourceName(name);
|
||||
relationship.setRealmAgent(realmAgent);
|
||||
relationship.setResourceId(newTier.getId());
|
||||
relationship.setManagementUrl(""); // Picketlink doesn't like null attribute values
|
||||
User resourceUser = new SimpleUser(name);
|
||||
idm.add(resourceUser);
|
||||
relationship.setResourceUser(resourceUser);
|
||||
idm.add(relationship);
|
||||
ResourceModel resource = new ResourceAdapter(newTier, relationship, this, identitySession);
|
||||
resource.addRole("*");
|
||||
resource.addScope(new UserAdapter(resourceUser, idm), "*");
|
||||
return resource;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasRole(UserModel user, RoleModel role) {
|
||||
return getIdm().hasRole(((UserAdapter)user).getUser(), ((RoleAdapter)role).getRole());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void grantRole(UserModel user, RoleModel role) {
|
||||
getIdm().grantRole(((UserAdapter)user).getUser(), ((RoleAdapter)role).getRole());
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> getRoleMappings(UserModel user) {
|
||||
RelationshipQuery<Grant> query = getIdm().createRelationshipQuery(Grant.class);
|
||||
query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser());
|
||||
List<Grant> grants = query.getResultList();
|
||||
HashSet<String> set = new HashSet<String>();
|
||||
for (Grant grant : grants) {
|
||||
if (grant.getRole().getPartition().getId().equals(realm.getId())) set.add(grant.getRole().getName());
|
||||
}
|
||||
return set;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addScope(UserModel agent, String roleName) {
|
||||
IdentityManager idm = getIdm();
|
||||
Role role = idm.getRole(roleName);
|
||||
if (role == null) throw new RuntimeException("role not found");
|
||||
ScopeRelationship scope = new ScopeRelationship();
|
||||
scope.setClient(((UserAdapter)agent).getUser());
|
||||
scope.setScope(role);
|
||||
idm.add(scope);
|
||||
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public Set<String> getScope(UserModel agent) {
|
||||
RelationshipQuery<ScopeRelationship> query = getIdm().createRelationshipQuery(ScopeRelationship.class);
|
||||
query.setParameter(ScopeRelationship.CLIENT, ((UserAdapter)agent).getUser());
|
||||
List<ScopeRelationship> scope = query.getResultList();
|
||||
HashSet<String> set = new HashSet<String>();
|
||||
for (ScopeRelationship rel : scope) {
|
||||
if (rel.getScope().getPartition().getId().equals(realm.getId())) set.add(rel.getScope().getName());
|
||||
}
|
||||
return set;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isRealmAdmin(UserModel agent) {
|
||||
RealmAdapter realmModel = (RealmAdapter)new RealmManager(new PicketlinkKeycloakSession(identitySession)).defaultRealm();
|
||||
IdentityManager idm = realmModel.getIdm();
|
||||
RelationshipQuery<RealmAdminRelationship> query = idm.createRelationshipQuery(RealmAdminRelationship.class);
|
||||
query.setParameter(RealmAdminRelationship.REALM, realm.getId());
|
||||
query.setParameter(RealmAdminRelationship.ADMIN, ((UserAdapter)agent).getUser());
|
||||
List<RealmAdminRelationship> results = query.getResultList();
|
||||
return results.size() > 0;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addRealmAdmin(UserModel agent) {
|
||||
RealmAdapter realmModel = (RealmAdapter)new RealmManager(new PicketlinkKeycloakSession(identitySession)).defaultRealm();
|
||||
RealmAdminRelationship relationship = new RealmAdminRelationship();
|
||||
relationship.setAdmin(((UserAdapter)agent).getUser());
|
||||
relationship.setRealm(realm.getId());
|
||||
idm.add(relationship);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,165 @@
|
|||
package org.keycloak.services.models.picketlink;
|
||||
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.model.Grant;
|
||||
import org.picketlink.idm.model.Role;
|
||||
import org.picketlink.idm.model.SimpleRole;
|
||||
import org.picketlink.idm.model.Tier;
|
||||
import org.picketlink.idm.query.IdentityQuery;
|
||||
import org.picketlink.idm.query.RelationshipQuery;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class ResourceAdapter implements ResourceModel {
|
||||
protected Tier tier;
|
||||
protected ResourceRelationship agent;
|
||||
protected RealmAdapter realm;
|
||||
protected IdentitySession identitySession;
|
||||
protected IdentityManager idm;
|
||||
|
||||
public ResourceAdapter(Tier tier, ResourceRelationship agent, RealmAdapter realm, IdentitySession session) {
|
||||
this.tier = tier;
|
||||
this.agent = agent;
|
||||
this.realm = realm;
|
||||
this.identitySession = session;
|
||||
}
|
||||
|
||||
protected IdentityManager getIdm() {
|
||||
if (idm == null) idm = identitySession.createIdentityManager(tier);
|
||||
return idm;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateResource() {
|
||||
getIdm().update(agent);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserAdapter getResourceUser() {
|
||||
return new UserAdapter(agent.getResourceUser(), realm.getIdm());
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return tier.getId();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return agent.getResourceName();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setName(String name) {
|
||||
agent.setResourceName(name);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return agent.getEnabled();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setEnabled(boolean enabled) {
|
||||
agent.setEnabled(enabled);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSurrogateAuthRequired() {
|
||||
return agent.getSurrogateAuthRequired();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
|
||||
agent.setSurrogateAuthRequired(surrogateAuthRequired);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getManagementUrl() {
|
||||
return agent.getManagementUrl();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setManagementUrl(String url) {
|
||||
agent.setManagementUrl(url);
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleAdapter getRole(String name) {
|
||||
Role role = getIdm().getRole(name);
|
||||
if (role == null) return null;
|
||||
return new RoleAdapter(role, getIdm());
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleAdapter addRole(String name) {
|
||||
Role role = new SimpleRole(name);
|
||||
getIdm().add(role);
|
||||
return new RoleAdapter(role, getIdm());
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RoleModel> getRoles() {
|
||||
IdentityQuery<Role> query = getIdm().createIdentityQuery(Role.class);
|
||||
query.setParameter(Role.PARTITION, tier);
|
||||
List<Role> roles = query.getResultList();
|
||||
List<RoleModel> roleModels = new ArrayList<RoleModel>();
|
||||
for (Role role : roles) {
|
||||
roleModels.add(new RoleAdapter(role, idm));
|
||||
}
|
||||
return roleModels;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> getRoleMappings(UserModel user) {
|
||||
RelationshipQuery<Grant> query = getIdm().createRelationshipQuery(Grant.class);
|
||||
query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser());
|
||||
List<Grant> grants = query.getResultList();
|
||||
HashSet<String> set = new HashSet<String>();
|
||||
for (Grant grant : grants) {
|
||||
if (grant.getRole().getPartition().getId().equals(tier.getId())) set.add(grant.getRole().getName());
|
||||
}
|
||||
return set;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addScope(UserModel agent, String roleName) {
|
||||
IdentityManager idm = getIdm();
|
||||
Role role = idm.getRole(roleName);
|
||||
if (role == null) throw new RuntimeException("role not found");
|
||||
addScope(agent, new RoleAdapter(role, idm));
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addScope(UserModel agent, RoleModel role) {
|
||||
ScopeRelationship scope = new ScopeRelationship();
|
||||
scope.setClient(((UserAdapter)agent).getUser());
|
||||
scope.setScope(((RoleAdapter)role).getRole());
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> getScope(UserModel agent) {
|
||||
RelationshipQuery<ScopeRelationship> query = getIdm().createRelationshipQuery(ScopeRelationship.class);
|
||||
query.setParameter(ScopeRelationship.CLIENT, ((UserAdapter)agent).getUser());
|
||||
List<ScopeRelationship> scope = query.getResultList();
|
||||
HashSet<String> set = new HashSet<String>();
|
||||
for (ScopeRelationship rel : scope) {
|
||||
if (rel.getScope().getPartition().getId().equals(tier.getId())) set.add(rel.getScope().getName());
|
||||
}
|
||||
return set;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
package org.keycloak.services.models.picketlink;
|
||||
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.model.Attribute;
|
||||
import org.picketlink.idm.model.Role;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RoleAdapter implements RoleModel {
|
||||
protected Role role;
|
||||
protected IdentityManager idm;
|
||||
|
||||
public RoleAdapter(Role role, IdentityManager idm) {
|
||||
this.role = role;
|
||||
this.idm = idm;
|
||||
}
|
||||
|
||||
protected Role getRole() {
|
||||
return role;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return role.getName();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getDescription() {
|
||||
Attribute<Serializable> description = role.getAttribute("description");
|
||||
if (description == null) return null;
|
||||
return (String) description.getValue();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setDescription(String description) {
|
||||
if (description == null) {
|
||||
role.removeAttribute("description");
|
||||
} else {
|
||||
role.setAttribute(new Attribute<String>("description", description));
|
||||
}
|
||||
idm.update(role);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,71 @@
|
|||
package org.keycloak.services.models.picketlink;
|
||||
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.model.Attribute;
|
||||
import org.picketlink.idm.model.User;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class UserAdapter implements UserModel {
|
||||
protected User user;
|
||||
protected IdentityManager idm;
|
||||
|
||||
public UserAdapter(User user, IdentityManager idm) {
|
||||
this.user = user;
|
||||
this.idm = idm;
|
||||
}
|
||||
|
||||
protected User getUser() {
|
||||
return user;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getLoginName() {
|
||||
return user.getLoginName();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return user.isEnabled();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setEnabled(boolean enabled) {
|
||||
user.setEnabled(enabled);
|
||||
idm.update(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setAttribute(String name, String value) {
|
||||
user.setAttribute(new Attribute<String>(name, value));
|
||||
idm.update(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeAttribute(String name) {
|
||||
user.removeAttribute(name);
|
||||
idm.update(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getAttribute(String name) {
|
||||
Attribute<String> attribute = user.getAttribute(name);
|
||||
if (attribute == null || attribute.getValue() == null) return null;
|
||||
return attribute.getValue().toString();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, String> getAttributes() {
|
||||
Map<String, String> attributes = new HashMap<String, String>();
|
||||
for (Attribute attribute : user.getAttributes()) {
|
||||
if (attribute.getValue() != null) attributes.put(attribute.getName(), attribute.getValue().toString());
|
||||
}
|
||||
return attributes;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package org.keycloak.services.models.relationships;
|
||||
package org.keycloak.services.models.picketlink.relationships;
|
||||
|
||||
import org.picketlink.idm.model.AbstractAttributedType;
|
||||
import org.picketlink.idm.model.Agent;
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package org.keycloak.services.models.relationships;
|
||||
package org.keycloak.services.models.picketlink.relationships;
|
||||
|
||||
import org.picketlink.idm.model.AbstractAttributedType;
|
||||
import org.picketlink.idm.model.Agent;
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package org.keycloak.services.models.relationships;
|
||||
package org.keycloak.services.models.picketlink.relationships;
|
||||
|
||||
import org.picketlink.idm.model.AbstractAttributedType;
|
||||
import org.picketlink.idm.model.Agent;
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package org.keycloak.services.models.relationships;
|
||||
package org.keycloak.services.models.picketlink.relationships;
|
||||
|
||||
import org.picketlink.idm.model.AbstractAttributedType;
|
||||
import org.picketlink.idm.model.Agent;
|
||||
|
|
@ -1,12 +1,14 @@
|
|||
package org.keycloak.services.resources;
|
||||
|
||||
import org.keycloak.SkeletonKeyContextResolver;
|
||||
import org.keycloak.services.filters.IdentitySessionFilter;
|
||||
import org.keycloak.services.filters.KeycloakSessionFilter;
|
||||
import org.keycloak.services.managers.TokenManager;
|
||||
import org.keycloak.services.models.relationships.RealmAdminRelationship;
|
||||
import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
|
||||
import org.keycloak.services.models.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.relationships.ScopeRelationship;
|
||||
import org.keycloak.services.models.KeycloakSessionFactory;
|
||||
import org.keycloak.services.models.picketlink.PicketlinkKeycloakSessionFactory;
|
||||
import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
|
||||
import org.picketlink.idm.IdentitySessionFactory;
|
||||
import org.picketlink.idm.config.IdentityConfiguration;
|
||||
import org.picketlink.idm.config.IdentityConfigurationBuilder;
|
||||
|
|
@ -34,18 +36,18 @@ public class KeycloakApplication extends Application {
|
|||
protected Set<Object> singletons = new HashSet<Object>();
|
||||
protected Set<Class<?>> classes = new HashSet<Class<?>>();
|
||||
|
||||
protected IdentitySessionFactory factory;
|
||||
protected KeycloakSessionFactory factory;
|
||||
|
||||
public KeycloakApplication() {
|
||||
this.factory = createFactory();
|
||||
IdentitySessionFilter filter = new IdentitySessionFilter(factory);
|
||||
this.factory = new PicketlinkKeycloakSessionFactory(createFactory());
|
||||
KeycloakSessionFilter filter = new KeycloakSessionFilter(factory);
|
||||
singletons.add(new RealmsResource(new TokenManager()));
|
||||
singletons.add(filter);
|
||||
classes.add(SkeletonKeyContextResolver.class);
|
||||
classes.add(RegistrationService.class);
|
||||
}
|
||||
|
||||
public IdentitySessionFactory getFactory() {
|
||||
public KeycloakSessionFactory getFactory() {
|
||||
return factory;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@ package org.keycloak.services.resources;
|
|||
|
||||
import org.jboss.resteasy.logging.Logger;
|
||||
import org.keycloak.representations.idm.PublishedRealmRepresentation;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.Path;
|
||||
|
|
@ -25,7 +25,7 @@ public class RealmSubResource {
|
|||
protected UriInfo uriInfo;
|
||||
|
||||
@Context
|
||||
protected IdentitySession identitySession;
|
||||
protected KeycloakSession identitySession;
|
||||
|
||||
protected RealmModel realm;
|
||||
|
||||
|
|
|
|||
|
|
@ -5,10 +5,10 @@ import org.keycloak.representations.idm.RealmRepresentation;
|
|||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.managers.TokenManager;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.NotAuthorizedException;
|
||||
|
|
@ -39,7 +39,7 @@ public class RealmsResource {
|
|||
protected HttpHeaders headers;
|
||||
|
||||
@Context
|
||||
protected IdentitySession identitySession;
|
||||
protected KeycloakSession identitySession;
|
||||
|
||||
@Context
|
||||
ResourceContext resourceContext;
|
||||
|
|
|
|||
|
|
@ -4,11 +4,11 @@ import org.jboss.resteasy.logging.Logger;
|
|||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.UserCredentialModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.keycloak.services.models.UserCredentialModel;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.ForbiddenException;
|
||||
|
|
@ -33,7 +33,7 @@ public class RegistrationService {
|
|||
protected UriInfo uriInfo;
|
||||
|
||||
@Context
|
||||
protected IdentitySession identitySession;
|
||||
protected KeycloakSession identitySession;
|
||||
|
||||
@POST
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
|
|
|
|||
|
|
@ -15,10 +15,10 @@ import org.keycloak.services.managers.AuthenticationManager;
|
|||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.managers.ResourceAdminManager;
|
||||
import org.keycloak.services.managers.TokenManager;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.GET;
|
||||
|
|
@ -58,7 +58,7 @@ public class TokenService {
|
|||
@Context
|
||||
protected HttpHeaders headers;
|
||||
@Context
|
||||
protected IdentitySession identitySession;
|
||||
protected KeycloakSession identitySession;
|
||||
@Context
|
||||
HttpRequest request;
|
||||
@Context
|
||||
|
|
|
|||
|
|
@ -7,18 +7,19 @@ import org.junit.FixMethodOrder;
|
|||
import org.junit.Test;
|
||||
import org.junit.runners.MethodSorters;
|
||||
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
|
||||
import org.keycloak.services.managers.InstallationManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.models.KeycloakSessionFactory;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.UserCredentialModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.keycloak.services.models.relationships.RealmAdminRelationship;
|
||||
import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
|
||||
import org.keycloak.services.models.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.relationships.ScopeRelationship;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.keycloak.services.models.UserCredentialModel;
|
||||
import org.keycloak.services.models.picketlink.PicketlinkKeycloakSessionFactory;
|
||||
import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
|
||||
import org.picketlink.idm.IdentitySessionFactory;
|
||||
import org.picketlink.idm.config.IdentityConfiguration;
|
||||
import org.picketlink.idm.config.IdentityConfigurationBuilder;
|
||||
|
|
@ -41,16 +42,16 @@ import java.util.List;
|
|||
*/
|
||||
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
|
||||
public class AdapterTest {
|
||||
private IdentitySessionFactory factory;
|
||||
private IdentitySession IdentitySession;
|
||||
private KeycloakSessionFactory factory;
|
||||
private KeycloakSession identitySession;
|
||||
private RealmManager adapter;
|
||||
private RealmModel realmModel;
|
||||
|
||||
@Before
|
||||
public void before() throws Exception {
|
||||
factory = createFactory();
|
||||
IdentitySession = factory.createIdentitySession();
|
||||
adapter = new RealmManager(IdentitySession);
|
||||
factory = new PicketlinkKeycloakSessionFactory(createFactory());
|
||||
identitySession = factory.createSession();
|
||||
adapter = new RealmManager(identitySession);
|
||||
}
|
||||
|
||||
public static IdentitySessionFactory createFactory() {
|
||||
|
|
@ -79,7 +80,7 @@ public class AdapterTest {
|
|||
|
||||
@After
|
||||
public void after() throws Exception {
|
||||
IdentitySession.close();
|
||||
identitySession.close();
|
||||
factory.close();
|
||||
}
|
||||
|
||||
|
|
@ -99,7 +100,6 @@ public class AdapterTest {
|
|||
realmModel.setPrivateKeyPem("0234234");
|
||||
realmModel.setPublicKeyPem("0234234");
|
||||
realmModel.setTokenLifespan(1000);
|
||||
realmModel.updateRealm();
|
||||
|
||||
System.out.println(realmModel.getId());
|
||||
realmModel = adapter.getRealm(realmModel.getId());
|
||||
|
|
|
|||
|
|
@ -8,15 +8,17 @@ import org.junit.Test;
|
|||
import org.junit.runners.MethodSorters;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.models.KeycloakSessionFactory;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.keycloak.services.models.relationships.RealmAdminRelationship;
|
||||
import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
|
||||
import org.keycloak.services.models.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.relationships.ScopeRelationship;
|
||||
import org.keycloak.services.models.picketlink.PicketlinkKeycloakSessionFactory;
|
||||
import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
|
||||
import org.keycloak.services.resources.RegistrationService;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.IdentitySessionFactory;
|
||||
import org.picketlink.idm.config.IdentityConfiguration;
|
||||
import org.picketlink.idm.config.IdentityConfigurationBuilder;
|
||||
|
|
@ -40,15 +42,15 @@ import java.util.Set;
|
|||
*/
|
||||
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
|
||||
public class ImportTest {
|
||||
private IdentitySessionFactory factory;
|
||||
private IdentitySession identitySession;
|
||||
private KeycloakSessionFactory factory;
|
||||
private KeycloakSession identitySession;
|
||||
private RealmManager manager;
|
||||
private RealmModel realmModel;
|
||||
|
||||
@Before
|
||||
public void before() throws Exception {
|
||||
factory = createFactory();
|
||||
identitySession = factory.createIdentitySession();
|
||||
factory = new PicketlinkKeycloakSessionFactory(createFactory());
|
||||
identitySession = factory.createSession();
|
||||
manager = new RealmManager(identitySession);
|
||||
}
|
||||
|
||||
|
|
@ -93,7 +95,6 @@ public class ImportTest {
|
|||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.updateRealm();
|
||||
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
|
||||
defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
package org.keycloak.services.managers;
|
||||
package org.keycloak.test;
|
||||
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.resources.RegistrationService;
|
||||
|
|
@ -20,7 +21,6 @@ public class InstallationManager {
|
|||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.updateRealm();
|
||||
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
|
||||
defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE);
|
||||
}
|
||||
|
|
@ -12,8 +12,8 @@ import org.keycloak.representations.idm.RealmRepresentation;
|
|||
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.InstallationManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.model.Realm;
|
||||
|
|
@ -43,7 +43,7 @@ public class RealmCreationTest {
|
|||
deployment.setApplicationClass(KeycloakApplication.class.getName());
|
||||
EmbeddedContainer.start(deployment);
|
||||
KeycloakApplication application = (KeycloakApplication) deployment.getApplication();
|
||||
IdentitySession IdentitySession = application.getFactory().createIdentitySession();
|
||||
KeycloakSession IdentitySession = application.getFactory().createSession();
|
||||
RealmManager manager = new RealmManager(IdentitySession);
|
||||
new InstallationManager().install(manager);
|
||||
client = new ResteasyClientBuilder().build();
|
||||
|
|
|
|||
Loading…
Reference in a new issue