libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge remote-tracking branch 'upstream/master'

Browse source
This commit is contained in:
Bill Burke 2016-01-22 17:01:14 -05:00
commit 742f162cfc
107 changed files with 1803 additions and 395 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
adapters/oidc/wildfly/wildfly-subsystem/pom.xml
View file

@ -70,7 +70,6 @@
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging-annotations</artifactId>
<version>${jboss-logging-tools.version}</version>
<!-- This is a compile-time dependency of this project, but is not needed at compile or runtime by other
projects that depend on this project.-->
<scope>provided</scope>

1
adapters/saml/wildfly/wildfly-subsystem/pom.xml
View file

@ -70,7 +70,6 @@
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging-annotations</artifactId>
<version>${jboss-logging-tools.version}</version>
<!-- This is a compile-time dependency of this project, but is not needed at compile or runtime by other
projects that depend on this project.-->
<scope>provided</scope>

95
docbook/auth-server-docs/reference/en/en-US/modules/identity-broker.xml
View file

@ -211,7 +211,7 @@
<para>
Social providers allows you to enable social authentication to your realm.
Keycloak makes it easy to let users log in to your application using an existing account with a social network.
Currently Facebook, Google, Twitter, GitHub, LinkedIn and StackOverflow are supported with more planned for the future.
Currently Facebook, Google, Twitter, GitHub, LinkedIn, Microsoft and StackOverflow are supported with more planned for the future.
</para>
</listitem>
</varlistentry>
@ -357,7 +357,7 @@
So is trying to remember yet another username and password combination.
Social identity providers makes it easy for users to register on your realm and quickly sign in using a social network.
Keycloak provides built-in support for the most common social networks out there, such as Google, Facebook, Twitter,
Github, LinkedId and StackOverflow.
Github, LinkedId, Microsoft and StackOverflow.
</para>
<section>
@ -855,6 +855,95 @@
</tgroup>
</table>
</section>
<section>
<title>Microsoft</title>
<para>
To enable login with Microsoft account you first have to register an OAuth application on
<ulink url="https://account.live.com/developers/applications/index">Microsoft account Developer Center</ulink>. Then you need to copy the client id and secret into the Keycloak Admin Console.
</para>
<para>
Let's see first how to create an application with Microsoft.
</para>
<orderedlist>
<listitem>
<para>
Go to <ulink url="https://account.live.com/developers/applications/create">create new application on Microsoft account Developer Center</ulink> url and login here.
Use any value for <literal>Application Name</literal>, <literal>Application Logo</literal> and <literal>URLs</literal> you want.
In <literal>API Settings</literal> set <literal>Target Domain</literal> to the domain where your Keycloak instance runs.
</para>
</listitem>
<listitem>
<para>
Copy <literal>Client Id</literal> and <literal>Client Secret</literal> from <literal>App Settings</literal> page.
</para>
</listitem>
</orderedlist>
<para>
Now that you have the client id and secret you can proceed with the creation of a Microsoft Identity Provider in Keycloak. As follows:
</para>
<orderedlist>
<listitem>
<para>
Select the <literal>Microsoft</literal> identity provider from the drop-down box on the top right corner of the identity providers table in Keycloak's Admin Console. You should be presented with a specific page to configure the selected provided.
</para>
</listitem>
<listitem>
<para>
Copy the client id and client secret to their corresponding fields in the Keycloak Admin Console. Click <literal>Save</literal>.
</para>
</listitem>
</orderedlist>
<para>
Once you create the identity provider in Keycloak, you must update your Microsoft application with the redirect url that was
generated to your identity provider.
</para>
<orderedlist>
<listitem>
<para>
Open the Microsoft account Developer Center and select <literal>API Settings</literal> of your application. In <literal>Redirect URLs</literal>
insert the redirect uri created by Keycloak. The redirect uri
usually have the following format: <literal>http://{host}:{port}/auth/realms/{realm}/broker/microsoft/endpoint</literal>.
</para>
</listitem>
</orderedlist>
<note>
<para>
You can always get the redirect url for a specific identity provider from the table presented when you
click on the 'Identity Provider' tab in <emphasis>Realm > Settings</emphasis>.
</para>
</note>
<para>
That is it! This pretty much what you need to do in order to setup this identity provider.
</para>
<para>
The table below lists some additional configuration options you may use when configuring this provider.
</para>
<table>
<title>Configuration Options</title>
<tgroup align="left" cols="2">
<thead>
<row>
<entry>
Configuration
</entry>
<entry>
Description
</entry>
</row>
</thead>
<tbody valign="top">
<row>
<entry>
<literal>Default Scopes</literal>
</entry>
<entry>
Allows you to manually specify the scopes that users must authorize when authenticating with this provider. For a complete list of scopes, please take a look at <ulink url="https://msdn.microsoft.com/en-us/library/hh243646.aspx">https://msdn.microsoft.com/en-us/library/hh243646.aspx</ulink>. By default, Keycloak uses the following scopes: <literal>wl.basic,wl.emails</literal>
</entry>
</row>
</tbody>
</tgroup>
</table>
</section>
<section>
<title>StackOverflow</title>
<para>
@ -1282,7 +1371,7 @@ keycloak.createLoginUrl({
<section>
<title>Mapping/Importing User profile data from Social Identity Provider</title>
<para>
You can import user profile data provided by social identity providers like Google, GitHub, LinkedIn, Stackoverflow and Facebook
You can import user profile data provided by social identity providers like Google, GitHub, LinkedIn, Microsoft, Stackoverflow and Facebook
into new Keycloak user created from given social accounts. After you configure a broker, you'll see a <literal>Mappers</literal>
button appear. Click on that and you'll get to the list of mappers that are assigned to this broker. There is a
<literal>Create</literal> button on this page. Clicking on this create button allows you to create a broker mapper.

63
docbook/auth-server-docs/reference/en/en-US/modules/javascript-adapter.xml
View file

@ -2,8 +2,8 @@
<title>Javascript Adapter</title>
<para>
The Keycloak Server comes with a Javascript library you can use to secure HTML/Javascript applications. This
library is referencable directly from the keycloak server. You can also download the adapter from Keycloak's download
site if you want a static copy of this library. It
library is referenceable directly from the keycloak server. You can also download the adapter from Keycloak's download
site if you want a static copy. It
works in the same way as other application adapters except that your browser is driving the OAuth redirect protocol
rather than the server.
</para>
@ -14,13 +14,13 @@
<para>
To use this adapter, you must first configure an application (or client) through the <literal>Keycloak Admin Console</literal>.
You should select <literal>public</literal> for the <literal>Client Type</literal> field. As public clients can't
be verified with a client secret you are required to configure one or more valid redirect uris as well.
Once you've configured the application click on the <literal>Installation</literal> tab and download the <literal>keycloak.json</literal>
file. This file should be hosted in your web-server at the same root as your HTML pages. Alternatively you can either
specify the URL for this file, or manually configure the adapter.
be verified with a client secret, you are required to configure one or more valid redirect uris.
Once you've configured the application, click on the <literal>Installation</literal> tab and download the <literal>keycloak.json</literal>
file. This file should be hosted on your web-server at the same root as your HTML pages. Alternatively, you can manually
configure the adapter and specify the URL for this file.
</para>
<para>
Next you have to initialize the adapter in your application. An example on how to do this is shown below.
Next, you have to initialize the adapter in your application. An example is shown below.
<programlisting><![CDATA[
<head>
<script src="http://<keycloak server>/auth/js/keycloak.js"></script>
@ -47,7 +47,7 @@ var keycloak = Keycloak({
});
]]></programlisting>
You can also pass <literal>login-required</literal> or <literal>check-sso</literal> to the init function. Login
required will redirect to the login form on the server, while check-sso will redirect to the auth server to check
required will cause a redirect to the login form on the server, while check-sso will simply redirect to the auth server to check
if the user is already logged in to the realm. For example:
<programlisting><![CDATA[
keycloak.init({ onLoad: 'login-required' })
@ -111,9 +111,9 @@ keycloak.init({ onLoad: 'login-required' })
</para>
<para>
To refresh the token if it's expired call the <literal>updateToken</literal> method. This method returns a promise
object which can be used to invoke a function on success or failure. This method can be used to wrap functions
that should only be called with a valid token. For example the following method will refresh the token if it
To refresh the token when it is expired, call the <literal>updateToken</literal> method. This method returns a promise
object, which can be used to invoke a function on success or failure. This method can be used to wrap functions
that should only be called with a valid token. For example, the following method will refresh the token if it
expires within 30 seconds, and then invoke the specified function. If the token is valid for more than 30 seconds it
will just call the specified function.
<programlisting><![CDATA[
@ -129,7 +129,7 @@ keycloak.updateToken(30).success(function() {
<title>Session status iframe</title>
<para>
By default the JavaScript adapter creates a non-visible iframe that is used to detect if a single-sign out has occured.
By default, the JavaScript adapter creates a non-visible iframe that is used to detect if a single-sign out has occurred.
This does not require any network traffic, instead the status is retrieved from a special status cookie. This feature can be disabled
by setting <literal>checkLoginIframe: false</literal> in the options passed to the <literal>init</literal>
method.
@ -140,33 +140,32 @@ keycloak.updateToken(30).success(function() {
<title>Implicit and Hybrid Flow</title>
<para>
By default the JavaScript adapter uses <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">OpenID Connect standard (Authorization code) flow</ulink>, which
means that after authentication will Keycloak server redirects back to your application and Javascript adapter will exchange <literal>code</literal> for access token and refresh token.
By default, the JavaScript adapter uses <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">OpenID Connect standard (Authorization code) flow</ulink>, which
means that after authentication, the Keycloak server redirects the user back to your application, where the JavaScript adapter will exchange the <literal>code</literal> for an access token and a refresh token.
</para>
<para>
However Keycloak also supports <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth">OpenID Connect Implicit flow</ulink>
where access token is directly sent after successful authentication from Keycloak and there is no additional request for exchange code.
This might have better performance than standard flow as there is no additional request for exchange code-to-token. However sending access token
in URL fragment might be security issue in some environments (Token can be more easily stolen from the network etc).
However, Keycloak also supports <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth">OpenID Connect Implicit flow</ulink>
where an access token is sent immediately after successful authentication with Keycloak (there is no additional request for exchange code).
This could have better performance than standard flow, as there is no additional request to exchange the code for tokens. However, sending the access token
in the URL fragment could pose a security issue in some environments (access logs might expose tokens located in the URL).
</para>
<para>To enable implicit flow, you need to enable the flag <literal>Implicit Flow Enabled</literal> for the client in Keycloak admin console. You also need to pass
the parameter <literal>flow</literal> with value <literal>implicit</literal> to <literal>init</literal> method, so that Javascript adapter will use implicit flow instead of standard flow.
The example is here:
<para>To enable implicit flow, you need to enable the <literal>Implicit Flow Enabled</literal> flag for the client in the Keycloak admin console. You also need to pass
the parameter <literal>flow</literal> with value <literal>implicit</literal> to <literal>init</literal> method.
An example is below:
<programlisting><![CDATA[
keycloak.init({ flow: 'implicit' })
]]></programlisting>
Note that with implicit flow, you don't have refresh token available after authentication. This makes it harder for your application to periodically update
access token in background (without browser redirection). It's recommended that you implement <literal>onTokenExpired</literal> callback method on keycloak object, so you
have possibility to do something after token is expired (For example you can call keycloak.login, which will redirect browser to Keycloak login screen and it will immediately
redirect you back if SSO session is still valid and user is still logged. However make sure to save the application state before doing redirect.)
Note that with implicit flow, you are not given a refresh token after authentication. This makes it harder for your application to periodically update
the access token in background (without browser redirection). It's recommended that you implement an <literal>onTokenExpired</literal> callback method on the keycloak object, so you
are notified after the token is expired (For example you can call keycloak.login, which will redirect browser to Keycloak login screen and it will immediately
redirect you back if the SSO session is still valid and the user is still logged. However, make sure to save the application state before performing a redirect.)
</para>
<para>
Keycloak also have support for <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth">OpenID Connect Hybrid flow</ulink>. This requires
that client in admin console has both flags <literal>Standard Flow Enabled</literal> and <literal>Implicit Flow Enabled</literal> enabled in admin console.
The Keycloak will send both the code and tokens to your application. Access token can be immediately used and in the meantime, code can be exchanged for access token and refresh token.
Hybrid flow is good for performance similarly like implicit flow, because access token is available immediatelly to your application. But similarly like implicit flow, the token is
sent in URL fragment, so security may not be so good.
One advantage over implicit flow is, that you have also refresh token available in your application (after code-to-token request is finished in background).
Keycloak also has support for <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth">OpenID Connect Hybrid flow</ulink>. This requires
the client to have both the <literal>Standard Flow Enabled</literal> and <literal>Implicit Flow Enabled</literal> flags enabled in the admin console.
The Keycloak server will then send both the code and tokens to your application. The access token can be used immediately while the code can be exchanged for access and refresh tokens.
Similar to the implicit flow, the hybrid flow is good for performance because the access token is available immediately. But, the token is still sent in the URL, and security risks might still apply.
However, one advantage over the implicit flow is that a refresh token is made available to the application (after the code-to-token request is finished).
</para>
<para>
For hybrid flow, you need to pass the parameter <literal>flow</literal> with value <literal>hybrid</literal> to <literal>init</literal> method.
@ -410,4 +409,4 @@ keycloak.onAuthSuccess = function() { alert('authenticated'); }
</itemizedlist>
</section>
</section>
</section>
</section>

2
model/jpa/src/main/resources/META-INF/jpa-changelog-1.8.0.xml
View file

@ -117,7 +117,7 @@
<update tableName="CREDENTIAL">
<column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
<where>TYPE in ('password-history', 'password') AND ALGORITHM is 'HmacSHA1'</where>
<where>TYPE in ('password-history', 'password') AND ALGORITHM = 'HmacSHA1'</where>
</update>
</changeSet>

13
pom.xml Executable file → Normal file
View file

@ -35,7 +35,8 @@
<undertow.version>1.3.10.Final</undertow.version>
<picketlink.version>2.7.0.Final</picketlink.version>
<mongo.driver.version>3.2.0</mongo.driver.version>
<jboss.logging.version>3.1.4.GA</jboss.logging.version>
<jboss.logging.version>3.3.0.Final</jboss.logging.version>
<jboss.logging.tools.version>2.0.1.Final</jboss.logging.tools.version>
<jboss-logging-tools.version>1.2.0.Beta1</jboss-logging-tools.version>
<jboss.spec.javax.xml.bind.jboss-jaxb-api_2.2_spec.version>1.0.4.Final</jboss.spec.javax.xml.bind.jboss-jaxb-api_2.2_spec.version>
<jboss-jaxrs-api_2.0_spec>1.0.0.Final</jboss-jaxrs-api_2.0_spec>
@ -297,6 +298,16 @@
<artifactId>jboss-logging</artifactId>
<version>${jboss.logging.version}</version>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging-annotations</artifactId>
<version>${jboss.logging.tools.version}</version>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging-processor</artifactId>
<version>${jboss.logging.tools.version}</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>

15
services/pom.xml
View file

@ -57,6 +57,18 @@
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging-annotations</artifactId>
<scope>provided</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging-processor</artifactId>
<scope>provided</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>
@ -129,6 +141,9 @@
<configuration>
<source>${maven.compiler.source}</source>
<target>${maven.compiler.target}</target>
<compilerArgument>
-AgeneratedTranslationFilesPath=${project.build.directory}/generated-translation-files
</compilerArgument>
</configuration>
</plugin>
</plugins>

22
services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
View file

@ -1,6 +1,5 @@
package org.keycloak.authentication;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.common.ClientConnection;
import org.keycloak.OAuth2Constants;
@ -24,6 +23,7 @@ import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.LoginProtocol.Error;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.services.ErrorPage;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.BruteForceProtector;
import org.keycloak.services.managers.ClientSessionCode;
@ -44,7 +44,7 @@ import java.util.Map;
*/
public class AuthenticationProcessor {
public static final String CURRENT_AUTHENTICATION_EXECUTION = "current.authentication.execution";
protected static Logger logger = Logger.getLogger(AuthenticationProcessor.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected RealmModel realm;
protected UserSessionModel userSession;
protected ClientSessionModel clientSession;
@ -539,25 +539,25 @@ public class AuthenticationProcessor {
if (failure instanceof AuthenticationFlowException) {
AuthenticationFlowException e = (AuthenticationFlowException) failure;
if (e.getError() == AuthenticationFlowError.INVALID_USER) {
logger.error("failed authentication: " + e.getError().toString(), e);
logger.failedAuthentication(e);
event.error(Errors.USER_NOT_FOUND);
return ErrorPage.error(session, Messages.INVALID_USER);
} else if (e.getError() == AuthenticationFlowError.USER_DISABLED) {
logger.error("failed authentication: " + e.getError().toString(), e);
logger.failedAuthentication(e);
event.error(Errors.USER_DISABLED);
return ErrorPage.error(session, Messages.ACCOUNT_DISABLED);
} else if (e.getError() == AuthenticationFlowError.USER_TEMPORARILY_DISABLED) {
logger.error("failed authentication: " + e.getError().toString(), e);
logger.failedAuthentication(e);
event.error(Errors.USER_TEMPORARILY_DISABLED);
return ErrorPage.error(session, Messages.ACCOUNT_TEMPORARILY_DISABLED);
} else if (e.getError() == AuthenticationFlowError.INVALID_CLIENT_SESSION) {
logger.error("failed authentication: " + e.getError().toString(), e);
logger.failedAuthentication(e);
event.error(Errors.INVALID_CODE);
return ErrorPage.error(session, Messages.INVALID_CODE);
} else if (e.getError() == AuthenticationFlowError.EXPIRED_CODE) {
logger.error("failed authentication: " + e.getError().toString(), e);
logger.failedAuthentication(e);
event.error(Errors.EXPIRED_CODE);
return ErrorPage.error(session, Messages.EXPIRED_CODE);
@ -580,13 +580,13 @@ public class AuthenticationProcessor {
return processor.authenticate();
} else {
logger.error("failed authentication: " + e.getError().toString(), e);
logger.failedAuthentication(e);
event.error(Errors.INVALID_USER_CREDENTIALS);
return ErrorPage.error(session, Messages.INVALID_USER);
}
} else {
logger.error("failed authentication", failure);
logger.failedAuthentication(failure);
event.error(Errors.INVALID_USER_CREDENTIALS);
return ErrorPage.error(session, Messages.UNEXPECTED_ERROR_HANDLING_REQUEST);
}
@ -596,7 +596,7 @@ public class AuthenticationProcessor {
public Response handleClientAuthException(Exception failure) {
if (failure instanceof AuthenticationFlowException) {
AuthenticationFlowException e = (AuthenticationFlowException) failure;
logger.error("Failed client authentication: " + e.getError().toString(), e);
logger.failedClientAuthentication(e);
if (e.getError() == AuthenticationFlowError.CLIENT_NOT_FOUND) {
event.error(Errors.CLIENT_NOT_FOUND);
return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "invalid_client", "Could not find client");
@ -611,7 +611,7 @@ public class AuthenticationProcessor {
return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", e.getError().toString() + ": " + e.getMessage());
}
} else {
logger.error("Unexpected error when authenticating client", failure);
logger.errorAuthenticatingClient(failure);
event.error(Errors.INVALID_CLIENT_CREDENTIALS);
return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Unexpected error when authenticating client: " + failure.getMessage());
}

19
services/src/main/java/org/keycloak/authentication/ClientAuthenticationFlow.java
View file

@ -12,12 +12,15 @@ import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.ServicesLogger;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class ClientAuthenticationFlow implements AuthenticationFlow {
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
Response alternativeChallenge = null;
AuthenticationProcessor processor;
AuthenticationFlowModel flow;
@ -42,7 +45,7 @@ public class ClientAuthenticationFlow implements AuthenticationFlow {
throw new AuthenticationFlowException("Could not find ClientAuthenticatorFactory for: " + model.getAuthenticator(), AuthenticationFlowError.INTERNAL_ERROR);
}
ClientAuthenticator authenticator = factory.create();
AuthenticationProcessor.logger.debugv("client authenticator: {0}", factory.getId());
logger.debugv("client authenticator: {0}", factory.getId());
AuthenticationProcessor.Result context = processor.createClientAuthenticatorContext(model, authenticator, executions);
authenticator.authenticateClient(context);
@ -54,7 +57,7 @@ public class ClientAuthenticationFlow implements AuthenticationFlow {
// Fallback to secret just in case (for backwards compatibility)
if (expectedClientAuthType == null) {
expectedClientAuthType = KeycloakModelUtils.getDefaultClientAuthenticatorType();
AuthenticationProcessor.logger.warnv("Client {0} doesn't have have authentication method configured. Fallback to {1}", client.getClientId(), expectedClientAuthType);
logger.authMethodFallback(client.getClientId(), expectedClientAuthType);
}
// Check if client authentication matches
@ -66,7 +69,7 @@ public class ClientAuthenticationFlow implements AuthenticationFlow {
throw new AuthenticationFlowException("Expected success, but for an unknown reason the status was " + context.getStatus(), AuthenticationFlowError.INTERNAL_ERROR);
}
AuthenticationProcessor.logger.debugv("Client {0} authenticated by {1}", client.getClientId(), factory.getId());
logger.debugv("Client {0} authenticated by {1}", client.getClientId(), factory.getId());
processor.getEvent().detail(Details.CLIENT_AUTH_METHOD, factory.getId());
return null;
}
@ -96,12 +99,12 @@ public class ClientAuthenticationFlow implements AuthenticationFlow {
}
}
if (AuthenticationProcessor.logger.isTraceEnabled()) {
if (logger.isTraceEnabled()) {
List<String> exIds = new ArrayList<>();
for (AuthenticationExecutionModel execution : executionsToRun) {
exIds.add(execution.getId());
}
AuthenticationProcessor.logger.tracef("Using executions for client authentication: %s", exIds.toString());
logger.tracef("Using executions for client authentication: %s", exIds.toString());
}
return executionsToRun;
@ -111,7 +114,7 @@ public class ClientAuthenticationFlow implements AuthenticationFlow {
AuthenticationExecutionModel execution = result.getExecution();
FlowStatus status = result.getStatus();
AuthenticationProcessor.logger.debugv("client authenticator {0}: {1}", status.toString(), execution.getAuthenticator());
logger.debugv("client authenticator {0}: {1}", status.toString(), execution.getAuthenticator());
if (status == FlowStatus.SUCCESS) {
return null;
@ -135,13 +138,13 @@ public class ClientAuthenticationFlow implements AuthenticationFlow {
} else if (status == FlowStatus.FAILURE_CHALLENGE) {
return sendChallenge(result, execution);
} else {
AuthenticationProcessor.logger.error("Unknown result status");
logger.unknownResultStatus();
throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
}
}
public Response sendChallenge(AuthenticationProcessor.Result result, AuthenticationExecutionModel execution) {
AuthenticationProcessor.logger.debugv("client authenticator: sending challenge for authentication execution {0}", execution.getAuthenticator());
logger.debugv("client authenticator: sending challenge for authentication execution {0}", execution.getAuthenticator());
if (result.getError() != null) {
String errorAsString = result.getError().toString().toLowerCase();

6
services/src/main/java/org/keycloak/authentication/DefaultAuthenticationFlow.java
View file

@ -1,10 +1,10 @@
package org.keycloak.authentication;
import org.jboss.logging.Logger;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import javax.ws.rs.core.Response;
import java.util.Iterator;
@ -15,7 +15,7 @@ import java.util.List;
* @version $Revision: 1 $
*/
public class DefaultAuthenticationFlow implements AuthenticationFlow {
protected static Logger logger = Logger.getLogger(DefaultAuthenticationFlow.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
Response alternativeChallenge = null;
AuthenticationExecutionModel challengedAlternativeExecution = null;
boolean alternativeSuccessful = false;
@ -222,7 +222,7 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
return processor.authenticate();
default:
logger.debugv("authenticator INTERNAL_ERROR: {0}", execution.getAuthenticator());
logger.error("Unknown result status");
logger.unknownResultStatus();
throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
}
}

6
services/src/main/java/org/keycloak/authentication/authenticators/broker/IdpConfirmLinkAuthenticator.java
View file

@ -3,7 +3,6 @@ package org.keycloak.authentication.authenticators.broker;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.AuthenticationFlowException;
@ -15,6 +14,7 @@ import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;
/**
@ -22,7 +22,7 @@ import org.keycloak.services.messages.Messages;
*/
public class IdpConfirmLinkAuthenticator extends AbstractIdpAuthenticator {
protected static Logger logger = Logger.getLogger(IdpConfirmLinkAuthenticator.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Override
protected void authenticateImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext) {
@ -30,7 +30,7 @@ public class IdpConfirmLinkAuthenticator extends AbstractIdpAuthenticator {
String existingUserInfo = clientSession.getNote(EXISTING_USER_INFO);
if (existingUserInfo == null) {
logger.warnf("No duplication detected.");
logger.noDuplicationDetected();
context.attempted();
return;
}

6
services/src/main/java/org/keycloak/authentication/authenticators/broker/IdpCreateUserIfUniqueAuthenticator.java
View file

@ -5,7 +5,6 @@ import java.util.Map;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
@ -16,6 +15,7 @@ import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;
/**
@ -23,7 +23,7 @@ import org.keycloak.services.messages.Messages;
*/
public class IdpCreateUserIfUniqueAuthenticator extends AbstractIdpAuthenticator {
protected static Logger logger = Logger.getLogger(IdpCreateUserIfUniqueAuthenticator.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Override
@ -43,7 +43,7 @@ public class IdpCreateUserIfUniqueAuthenticator extends AbstractIdpAuthenticator
String username = getUsername(context, serializedCtx, brokerContext);
if (username == null) {
logger.warnf("%s is null. Reset flow and enforce showing reviewProfile page", realm.isRegistrationEmailAsUsername() ? "Email" : "Username");
logger.resetFlow(realm.isRegistrationEmailAsUsername() ? "Email" : "Username");
context.getClientSession().setNote(ENFORCE_UPDATE_PROFILE, "true");
context.resetFlow();
return;

10
services/src/main/java/org/keycloak/authentication/authenticators/broker/IdpEmailVerificationAuthenticator.java
View file

@ -6,7 +6,6 @@ import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.requiredactions.VerifyEmail;
@ -24,6 +23,7 @@ import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.LoginActionsService;
@ -32,7 +32,7 @@ import org.keycloak.services.resources.LoginActionsService;
*/
public class IdpEmailVerificationAuthenticator extends AbstractIdpAuthenticator {
protected static Logger logger = Logger.getLogger(IdpEmailVerificationAuthenticator.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Override
protected void authenticateImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext) {
@ -41,7 +41,7 @@ public class IdpEmailVerificationAuthenticator extends AbstractIdpAuthenticator
ClientSessionModel clientSession = context.getClientSession();
if (realm.getSmtpConfig().size() == 0) {
logger.warnf("Smtp is not configured for the realm. Ignoring email verification authenticator");
logger.smtpNotConfigured();
context.attempted();
return;
}
@ -78,7 +78,7 @@ public class IdpEmailVerificationAuthenticator extends AbstractIdpAuthenticator
} catch (EmailException e) {
event.error(Errors.EMAIL_SEND_FAILED);
logger.error("Failed to send email to confirm identity broker linking", e);
logger.confirmBrokerEmailFailed(e);
Response challenge = context.form()
.setError(Messages.EMAIL_SENT_ERROR)
.createErrorPage();
@ -118,7 +118,7 @@ public class IdpEmailVerificationAuthenticator extends AbstractIdpAuthenticator
context.setUser(existingUser);
context.success();
} else {
logger.error("Key parameter don't match with the expected value from client session");
logger.keyParamDoesNotMatch();
Response challengeResponse = context.form()
.setError(Messages.INVALID_ACCESS_CODE)
.createErrorPage();

4
services/src/main/java/org/keycloak/authentication/authenticators/broker/IdpReviewProfileAuthenticator.java
View file

@ -5,7 +5,6 @@ import java.util.List;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
import org.keycloak.broker.provider.BrokeredIdentityContext;
@ -21,6 +20,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.FormMessage;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.resources.AttributeFormDataProcessor;
import org.keycloak.services.validation.Validation;
@ -29,7 +29,7 @@ import org.keycloak.services.validation.Validation;
*/
public class IdpReviewProfileAuthenticator extends AbstractIdpAuthenticator {
protected static Logger logger = Logger.getLogger(IdpReviewProfileAuthenticator.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Override
public boolean requiresUser() {

6
services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java
View file

@ -1,6 +1,5 @@
package org.keycloak.authentication.authenticators.browser;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AbstractFormAuthenticator;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.AuthenticationFlowContext;
@ -11,6 +10,7 @@ import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.messages.Messages;
@ -25,7 +25,7 @@ import java.util.List;
*/
public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuthenticator {
private static final Logger logger = Logger.getLogger(AbstractUsernameFormAuthenticator.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String REGISTRATION_FORM_ACTION = "registration_form";
public static final String ATTEMPTED_USERNAME = "ATTEMPTED_USERNAME";
@ -109,7 +109,7 @@ public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuth
try {
user = KeycloakModelUtils.findUserByNameOrEmail(context.getSession(), context.getRealm(), username);
} catch (ModelDuplicateException mde) {
logger.error(mde.getMessage(), mde);
logger.modelDuplicateException(mde);
// Could happen during federation import
if (mde.getDuplicateFieldName() != null && mde.getDuplicateFieldName().equals(UserModel.EMAIL)) {

4
services/src/main/java/org/keycloak/authentication/authenticators/browser/SpnegoAuthenticator.java
View file

@ -1,6 +1,5 @@
package org.keycloak.authentication.authenticators.browser;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.AuthenticationFlowContext;
@ -13,6 +12,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;
import javax.ws.rs.core.HttpHeaders;
@ -27,7 +27,7 @@ import java.util.Map;
*/
public class SpnegoAuthenticator extends AbstractUsernameFormAuthenticator implements Authenticator{
public static final String KERBEROS_DISABLED = "kerberos_disabled";
protected static Logger logger = Logger.getLogger(SpnegoAuthenticator.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Override
public boolean requiresUser() {

4
services/src/main/java/org/keycloak/authentication/authenticators/browser/UsernamePasswordForm.java
View file

@ -1,6 +1,5 @@
package org.keycloak.authentication.authenticators.browser;
import org.jboss.logging.Logger;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationProcessor;
@ -10,6 +9,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AuthenticationManager;
import javax.ws.rs.core.MultivaluedMap;
@ -20,7 +20,7 @@ import javax.ws.rs.core.Response;
* @version $Revision: 1 $
*/
public class UsernamePasswordForm extends AbstractUsernameFormAuthenticator implements Authenticator {
protected static Logger logger = Logger.getLogger(UsernamePasswordForm.class);
protected static ServicesLogger log = ServicesLogger.ROOT_LOGGER;
@Override
public void action(AuthenticationFlowContext context) {

4
services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
View file

@ -11,7 +11,6 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.OAuth2Constants;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.ClientAuthenticationFlowContext;
@ -19,6 +18,7 @@ import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.ClientModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.util.BasicAuthHelper;
/**
@ -30,7 +30,7 @@ import org.keycloak.util.BasicAuthHelper;
*/
public class ClientIdAndSecretAuthenticator extends AbstractClientAuthenticator {
protected static Logger logger = Logger.getLogger(ClientIdAndSecretAuthenticator.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String PROVIDER_ID = "client-secret";

6
services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
View file

@ -11,7 +11,6 @@ import java.util.Map;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.OAuth2Constants;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.ClientAuthenticationFlowContext;
@ -23,6 +22,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.Urls;
/**
@ -36,7 +36,7 @@ import org.keycloak.services.Urls;
*/
public class JWTClientAuthenticator extends AbstractClientAuthenticator {
protected static Logger logger = Logger.getLogger(JWTClientAuthenticator.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String PROVIDER_ID = "client-jwt";
public static final String CERTIFICATE_ATTR = "jwt.credential.certificate";
@ -129,7 +129,7 @@ public class JWTClientAuthenticator extends AbstractClientAuthenticator {
context.success();
} catch (Exception e) {
logger.error("Error when validate client assertion", e);
logger.errorValidatingAssertion(e);
Response challengeResponse = ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Client authentication with signed JWT failed: " + e.getMessage());
context.failure(AuthenticationFlowError.INVALID_CLIENT_CREDENTIALS, challengeResponse);
}

2
services/src/main/java/org/keycloak/authentication/authenticators/directgrant/ValidateOTP.java
View file

@ -1,6 +1,5 @@
package org.keycloak.authentication.authenticators.directgrant;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.events.Errors;
@ -23,7 +22,6 @@ import java.util.List;
*/
public class ValidateOTP extends AbstractDirectGrantAuthenticator {
private static final Logger logger = Logger.getLogger(ValidateOTP.class);
public static final String PROVIDER_ID = "direct-grant-validate-otp";
@Override

2
services/src/main/java/org/keycloak/authentication/authenticators/directgrant/ValidatePassword.java
View file

@ -1,6 +1,5 @@
package org.keycloak.authentication.authenticators.directgrant;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.events.Errors;
@ -23,7 +22,6 @@ import java.util.List;
*/
public class ValidatePassword extends AbstractDirectGrantAuthenticator {
private static final Logger logger = Logger.getLogger(ValidatePassword.class);
public static final String PROVIDER_ID = "direct-grant-validate-password";
@Override

6
services/src/main/java/org/keycloak/authentication/authenticators/directgrant/ValidateUsername.java
View file

@ -1,6 +1,5 @@
package org.keycloak.authentication.authenticators.directgrant;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
@ -13,6 +12,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AuthenticationManager;
import javax.ws.rs.core.MultivaluedMap;
@ -26,7 +26,7 @@ import java.util.List;
*/
public class ValidateUsername extends AbstractDirectGrantAuthenticator {
private static final Logger logger = Logger.getLogger(ValidateUsername.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String PROVIDER_ID = "direct-grant-validate-username";
@Override
@ -46,7 +46,7 @@ public class ValidateUsername extends AbstractDirectGrantAuthenticator {
try {
user = KeycloakModelUtils.findUserByNameOrEmail(context.getSession(), context.getRealm(), username);
} catch (ModelDuplicateException mde) {
logger.error(mde.getMessage(), mde);
logger.modelDuplicateException(mde);
Response challengeResponse = errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_request", "Invalid user credentials");
context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse);
return;

4
services/src/main/java/org/keycloak/authentication/authenticators/resetcred/ResetCredentialChooseUser.java
View file

@ -1,6 +1,5 @@
package org.keycloak.authentication.authenticators.resetcred;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
@ -17,6 +16,7 @@ import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;
import javax.ws.rs.core.MultivaluedMap;
@ -29,7 +29,7 @@ import java.util.List;
*/
public class ResetCredentialChooseUser implements Authenticator, AuthenticatorFactory {
protected static Logger logger = Logger.getLogger(ResetCredentialChooseUser.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String PROVIDER_ID = "reset-credentials-choose-user";

6
services/src/main/java/org/keycloak/authentication/authenticators/resetcred/ResetCredentialEmail.java
View file

@ -1,6 +1,5 @@
package org.keycloak.authentication.authenticators.resetcred;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
@ -22,6 +21,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.utils.FormMessage;
import org.keycloak.models.utils.HmacOTP;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;
import javax.ws.rs.core.Response;
@ -36,7 +36,7 @@ import java.util.concurrent.TimeUnit;
public class ResetCredentialEmail implements Authenticator, AuthenticatorFactory {
public static final String RESET_CREDENTIAL_SECRET = "RESET_CREDENTIAL_SECRET";
protected static Logger logger = Logger.getLogger(ResetCredentialEmail.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String PROVIDER_ID = "reset-credential-email";
@ -83,7 +83,7 @@ public class ResetCredentialEmail implements Authenticator, AuthenticatorFactory
.detail(Details.USERNAME, username)
.user(user)
.error(Errors.EMAIL_SEND_FAILED);
logger.error("Failed to send password reset email", e);
logger.failedToSendPwdResetEmail(e);
Response challenge = context.form()
.setError(Messages.EMAIL_SENT_ERROR)
.createErrorPage();

6
services/src/main/java/org/keycloak/authentication/forms/RegistrationRecaptcha.java
View file

@ -6,7 +6,6 @@ import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.message.BasicNameValuePair;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.FormAction;
import org.keycloak.authentication.FormActionFactory;
@ -25,6 +24,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.utils.FormMessage;
import org.keycloak.provider.ConfiguredProvider;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.validation.Validation;
import org.keycloak.util.JsonSerialization;
@ -45,7 +45,7 @@ public class RegistrationRecaptcha implements FormAction, FormActionFactory, Con
public static final String RECAPTCHA_REFERENCE_CATEGORY = "recaptcha";
public static final String SITE_KEY = "site.key";
public static final String SITE_SECRET = "secret";
protected static Logger logger = Logger.getLogger(RegistrationRecaptcha.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String PROVIDER_ID = "registration-recaptcha-action";
@ -135,7 +135,7 @@ public class RegistrationRecaptcha implements FormAction, FormActionFactory, Con
content.close();
}
} catch (Exception e) {
logger.error("Recaptcha failed", e);
logger.recaptchaFailed(e);
}
return success;
}

4
services/src/main/java/org/keycloak/authentication/requiredactions/UpdatePassword.java
View file

@ -1,6 +1,5 @@
package org.keycloak.authentication.requiredactions;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionFactory;
@ -13,6 +12,7 @@ import org.keycloak.models.ModelException;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.validation.Validation;
import org.keycloak.common.util.Time;
@ -26,7 +26,7 @@ import java.util.concurrent.TimeUnit;
* @version $Revision: 1 $
*/
public class UpdatePassword implements RequiredActionProvider, RequiredActionFactory {
protected static Logger logger = Logger.getLogger(UpdatePassword.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Override
public void evaluateTriggers(RequiredActionContext context) {
int daysToExpirePassword = context.getRealm().getPasswordPolicy().getDaysToExpirePassword();

4
services/src/main/java/org/keycloak/authentication/requiredactions/UpdateProfile.java Executable file → Normal file
View file

@ -1,6 +1,5 @@
package org.keycloak.authentication.requiredactions;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionFactory;
@ -13,6 +12,7 @@ import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.FormMessage;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.AttributeFormDataProcessor;
import org.keycloak.services.validation.Validation;
@ -26,7 +26,7 @@ import java.util.List;
* @version $Revision: 1 $
*/
public class UpdateProfile implements RequiredActionProvider, RequiredActionFactory {
protected static Logger logger = Logger.getLogger(UpdateProfile.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Override
public void evaluateTriggers(RequiredActionContext context) {
}

4
services/src/main/java/org/keycloak/authentication/requiredactions/UpdateTotp.java Executable file → Normal file
View file

@ -1,6 +1,5 @@
package org.keycloak.authentication.requiredactions;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionFactory;
@ -12,6 +11,7 @@ import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.CredentialValidation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.validation.Validation;
@ -23,7 +23,7 @@ import javax.ws.rs.core.Response;
* @version $Revision: 1 $
*/
public class UpdateTotp implements RequiredActionProvider, RequiredActionFactory {
protected static Logger logger = Logger.getLogger(UpdateTotp.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Override
public void evaluateTriggers(RequiredActionContext context) {
}

4
services/src/main/java/org/keycloak/authentication/requiredactions/VerifyEmail.java
View file

@ -1,6 +1,5 @@
package org.keycloak.authentication.requiredactions;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionFactory;
@ -14,6 +13,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.HmacOTP;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.resources.LoginActionsService;
import org.keycloak.services.validation.Validation;
@ -24,7 +24,7 @@ import javax.ws.rs.core.Response;
* @version $Revision: 1 $
*/
public class VerifyEmail implements RequiredActionProvider, RequiredActionFactory {
protected static Logger logger = Logger.getLogger(VerifyEmail.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Override
public void evaluateTriggers(RequiredActionContext context) {
if (context.getRealm().isVerifyEmail() && !context.getUser().isEmailVerified()) {

6
services/src/main/java/org/keycloak/email/DefaultEmailSenderProvider.java Executable file → Normal file
View file

@ -1,11 +1,11 @@
package org.keycloak.email;
import org.jboss.logging.Logger;
import org.keycloak.truststore.HostnameVerificationPolicy;
import org.keycloak.truststore.JSSETruststoreConfigurator;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import javax.mail.Message;
import javax.mail.Multipart;
@ -26,7 +26,7 @@ import java.util.Properties;
*/
public class DefaultEmailSenderProvider implements EmailSenderProvider {
private static final Logger log = Logger.getLogger(DefaultEmailSenderProvider.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private final KeycloakSession session;
@ -104,7 +104,7 @@ public class DefaultEmailSenderProvider implements EmailSenderProvider {
}
transport.sendMessage(msg, new InternetAddress[]{new InternetAddress(address)});
} catch (Exception e) {
log.error("Failed to send email", e);
logger.failedToSendEmail(e);
throw new EmailException(e);
}
}

16
services/src/main/java/org/keycloak/exportimport/ExportImportManager.java
View file

@ -1,7 +1,7 @@
package org.keycloak.exportimport;
import org.jboss.logging.Logger;
import org.keycloak.services.ServicesLogger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
@ -12,7 +12,7 @@ import java.io.IOException;
*/
public class ExportImportManager {
private static final Logger logger = Logger.getLogger(ExportImportManager.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private KeycloakSessionFactory sessionFactory;
@ -65,13 +65,13 @@ public class ExportImportManager {
try {
Strategy strategy = ExportImportConfig.getStrategy();
if (realmName == null) {
logger.infof("Full model import requested. Strategy: %s", strategy.toString());
logger.fullModelImport(strategy.toString());
importProvider.importModel(sessionFactory, strategy);
} else {
logger.infof("Import of realm '%s' requested. Strategy: %s", realmName, strategy.toString());
logger.realmImportRequested(realmName, strategy.toString());
importProvider.importRealm(sessionFactory, realmName, strategy);
}
logger.info("Import finished successfully");
logger.importSuccess();
} catch (IOException e) {
throw new RuntimeException("Failed to run import", e);
}
@ -80,13 +80,13 @@ public class ExportImportManager {
public void runExport() {
try {
if (realmName == null) {
logger.info("Full model export requested");
logger.fullModelExportRequested();
exportProvider.exportModel(sessionFactory);
} else {
logger.infof("Export of realm '%s' requested", realmName);
logger.realmExportRequested(realmName);
exportProvider.exportRealm(sessionFactory, realmName);
}
logger.info("Export finished successfully");
logger.exportSuccess();
} catch (IOException e) {
throw new RuntimeException("Failed to run export");
}

8
services/src/main/java/org/keycloak/partialimport/AbstractPartialImport.java
View file

@ -21,11 +21,11 @@ import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.PartialImportRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ServicesLogger;
/**
* Base PartialImport for most resource types.
@ -33,7 +33,7 @@ import org.keycloak.services.ErrorResponse;
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
*/
public abstract class AbstractPartialImport<T> implements PartialImport<T> {
protected static Logger logger = Logger.getLogger(AbstractPartialImport.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected final Set<T> toOverwrite = new HashSet<>();
protected final Set<T> toSkip = new HashSet<>();
@ -99,7 +99,7 @@ public abstract class AbstractPartialImport<T> implements PartialImport<T> {
try {
create(realm, session, resourceRep);
} catch (Exception e) {
logger.error("Error overwriting " + getName(resourceRep), e);
logger.overwriteError(e, getName(resourceRep));
throw new ErrorResponseException(ErrorResponse.error(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR));
}
@ -121,7 +121,7 @@ public abstract class AbstractPartialImport<T> implements PartialImport<T> {
String modelId = getModelId(realm, session, resourceRep);
results.addResult(added(modelId, resourceRep));
} catch (Exception e) {
logger.error("Error creating " + getName(resourceRep), e);
logger.creationError(e, getName(resourceRep));
throw new ErrorResponseException(ErrorResponse.error(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR));
}
}

6
services/src/main/java/org/keycloak/partialimport/RolesPartialImport.java
View file

@ -20,7 +20,6 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
@ -29,6 +28,7 @@ import org.keycloak.representations.idm.PartialImportRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.RolesRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ServicesLogger;
/**
* This class handles both realm roles and client roles. It delegates to
@ -44,7 +44,7 @@ import org.keycloak.services.ErrorResponse;
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
*/
public class RolesPartialImport implements PartialImport<RolesRepresentation> {
protected static Logger logger = Logger.getLogger(RolesPartialImport.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private Set<RoleRepresentation> realmRolesToOverwrite;
private Set<RoleRepresentation> realmRolesToSkip;
@ -97,7 +97,7 @@ public class RolesPartialImport implements PartialImport<RolesRepresentation> {
try {
RepresentationToModel.importRoles(rep.getRoles(), realm);
} catch (Exception e) {
logger.error("Error importing roles", e);
logger.roleImportError(e);
throw new ErrorResponseException(ErrorResponse.error(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR));
}

6
services/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java
View file

@ -7,7 +7,6 @@ import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.common.ClientConnection;
@ -19,6 +18,7 @@ import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.LoginProtocol.Error;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.ClientSessionCode;
@ -31,7 +31,7 @@ import org.keycloak.services.resources.LoginActionsService;
*/
public abstract class AuthorizationEndpointBase {
private static final Logger logger = Logger.getLogger(AuthorizationEndpointBase.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected RealmModel realm;
protected EventBuilder event;
@ -70,7 +70,7 @@ public abstract class AuthorizationEndpointBase {
/**
* Common method to handle browser authentication request in protocols unified way.
*
*
* @param clientSession for current request
* @param protocol handler for protocol used to initiate login
* @param isPassive set to true if login should be passive (without login screen shown)

4
services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java Executable file → Normal file
View file

@ -1,7 +1,6 @@
package org.keycloak.protocol;
import com.fasterxml.jackson.annotation.JsonProperty;
import org.jboss.logging.Logger;
import org.keycloak.common.ClientConnection;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.jose.jws.JWSInput;
@ -10,6 +9,7 @@ import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.util.CookieHelper;
@ -27,7 +27,7 @@ import java.util.Map;
* @version $Revision: 1 $
*/
public class RestartLoginCookie {
private static final Logger logger = Logger.getLogger(RestartLoginCookie.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String KC_RESTART = "KC_RESTART";
@JsonProperty("cs")
protected String clientSession;

8
services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocol.java
View file

@ -21,7 +21,6 @@
*/
package org.keycloak.protocol.oidc;
import org.jboss.logging.Logger;
import org.keycloak.OAuth2Constants;
import org.keycloak.events.Details;
import org.keycloak.events.EventBuilder;
@ -37,6 +36,7 @@ import org.keycloak.protocol.oidc.utils.OIDCRedirectUriBuilder;
import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.managers.ResourceAdminManager;
@ -68,7 +68,7 @@ public class OIDCLoginProtocol implements LoginProtocol {
public static final String RESPONSE_MODE_PARAM = "response_mode";
private static final Logger log = Logger.getLogger(OIDCLoginProtocol.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected KeycloakSession session;
@ -143,7 +143,7 @@ public class OIDCLoginProtocol implements LoginProtocol {
String redirect = clientSession.getRedirectUri();
OIDCRedirectUriBuilder redirectUri = OIDCRedirectUriBuilder.fromUri(redirect, responseMode);
String state = clientSession.getNote(OIDCLoginProtocol.STATE_PARAM);
log.debugv("redirectAccessCode: state: {0}", state);
logger.debugv("redirectAccessCode: state: {0}", state);
if (state != null)
redirectUri.addParam(OAuth2Constants.STATE, state);
@ -203,7 +203,7 @@ public class OIDCLoginProtocol implements LoginProtocol {
case PASSIVE_LOGIN_REQUIRED:
return "login_required";
default:
log.warn("Untranslated protocol Error: " + error.name() + " so we return default SAML error");
logger.untranslatedProtocol(error.name());
return "access_denied";
}
}

6
services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java
View file

@ -16,7 +16,6 @@
*/
package org.keycloak.protocol.oidc;
import org.jboss.logging.Logger;
import org.keycloak.common.constants.KerberosConstants;
import org.keycloak.common.util.UriUtils;
import org.keycloak.events.EventBuilder;
@ -34,6 +33,7 @@ import org.keycloak.protocol.oidc.mappers.UserPropertyMapper;
import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientTemplateRepresentation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AuthenticationManager;
import java.util.ArrayList;
@ -50,7 +50,7 @@ import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
* @version $Revision: 1 $
*/
public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
private static Logger logger = Logger.getLogger(OIDCLoginProtocolFactory.class);
private static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String USERNAME = "username";
public static final String EMAIL = "email";
@ -195,7 +195,7 @@ public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
// Backwards compatibility only
if (rep.isDirectGrantsOnly() != null) {
logger.warn("Using deprecated 'directGrantsOnly' configuration in JSON representation. It will be removed in future versions");
logger.usingDeprecatedDirectGrantsOnly();
newClient.setStandardFlowEnabled(!rep.isDirectGrantsOnly());
newClient.setDirectAccessGrantsEnabled(rep.isDirectGrantsOnly());
} else {

4
services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java Executable file → Normal file
View file

@ -1,6 +1,5 @@
package org.keycloak.protocol.oidc;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.OAuth2Constants;
@ -16,6 +15,7 @@ import org.keycloak.protocol.oidc.endpoints.LogoutEndpoint;
import org.keycloak.protocol.oidc.endpoints.TokenEndpoint;
import org.keycloak.protocol.oidc.endpoints.UserInfoEndpoint;
import org.keycloak.protocol.oidc.representations.JSONWebKeySet;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.resources.RealmsResource;
import javax.ws.rs.GET;
@ -37,7 +37,7 @@ import javax.ws.rs.core.UriInfo;
*/
public class OIDCLoginProtocolService {
protected static final Logger logger = Logger.getLogger(OIDCLoginProtocolService.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private RealmModel realm;
private TokenManager tokenManager;

4
services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
View file

@ -1,6 +1,5 @@
package org.keycloak.protocol.oidc;
import org.jboss.logging.Logger;
import org.keycloak.common.ClientConnection;
import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException;
@ -34,6 +33,7 @@ import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.IDToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.managers.UserSessionManager;
@ -59,7 +59,7 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public class TokenManager {
protected static final Logger logger = Logger.getLogger(TokenManager.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static void applyScope(RoleModel role, RoleModel scope, Set<RoleModel> visited, Set<RoleModel> requested) {
if (visited.contains(scope)) return;

10
services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java Executable file → Normal file
View file

@ -4,7 +4,6 @@ import javax.ws.rs.GET;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.constants.AdapterConstants;
import org.keycloak.events.Details;
@ -24,6 +23,7 @@ import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.services.ErrorPageException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.messages.Messages;
@ -34,7 +34,7 @@ import org.keycloak.services.resources.LoginActionsService;
*/
public class AuthorizationEndpoint extends AuthorizationEndpointBase {
private static final Logger logger = Logger.getLogger(AuthorizationEndpoint.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String CODE_AUTH_TYPE = "code";
@ -182,7 +182,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
action = Action.CODE;
}
} catch (IllegalArgumentException iae) {
logger.error(iae.getMessage());
logger.error(iae);
event.error(Errors.INVALID_REQUEST);
throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM);
}
@ -193,7 +193,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
// Disallowed by OIDC specs
if (parsedResponseType.isImplicitOrHybridFlow() && parsedResponseMode == OIDCResponseMode.QUERY) {
logger.error("Response_mode 'query' not allowed for implicit or hybrid flow");
logger.responseModeQueryNotAllowed();
event.error(Errors.INVALID_REQUEST);
throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_MODE_PARAM);
}
@ -277,4 +277,4 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
}
}

4
services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java
View file

@ -1,6 +1,5 @@
package org.keycloak.protocol.oidc.endpoints;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.common.ClientConnection;
@ -21,6 +20,7 @@ import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.representations.IDToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.Cors;
@ -43,7 +43,7 @@ import javax.ws.rs.core.UriInfo;
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class LogoutEndpoint {
protected static Logger logger = Logger.getLogger(LogoutEndpoint.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Context
private KeycloakSession session;

14
services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java Executable file → Normal file
View file

@ -1,6 +1,5 @@
package org.keycloak.protocol.oidc.endpoints;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.common.ClientConnection;
@ -27,6 +26,7 @@ import org.keycloak.protocol.oidc.utils.AuthorizeClientUtil;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.ClientManager;
import org.keycloak.services.managers.ClientSessionCode;
@ -51,7 +51,7 @@ import java.util.Map;
*/
public class TokenEndpoint {
private static final Logger logger = Logger.getLogger(TokenEndpoint.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private MultivaluedMap<String, String> formParams;
private ClientModel client;
private Map<String, String> clientAuthAttributes;
@ -285,7 +285,7 @@ public class TokenEndpoint {
private void updateClientSession(ClientSessionModel clientSession) {
if(clientSession == null) {
logger.error("client session is null");
logger.clientSessionNull();
return;
}
@ -303,16 +303,16 @@ public class TokenEndpoint {
private void updateClientSessions(List<ClientSessionModel> clientSessions) {
if(clientSessions == null) {
logger.error("client sessions is null");
logger.clientSessionNull();
return;
}
for (ClientSessionModel clientSession : clientSessions) {
if(clientSession == null) {
logger.error("client session is null");
logger.clientSessionNull();
continue;
}
if(clientSession.getClient() == null) {
logger.error("client model in client session is null");
logger.clientModelNull();
continue;
}
if(client.getId().equals(clientSession.getClient().getId())) {
@ -448,4 +448,4 @@ public class TokenEndpoint {
return Cors.add(request, Response.ok(res, MediaType.APPLICATION_JSON_TYPE)).auth().allowedOrigins(client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
}
}
}

6
services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java
View file

@ -1,11 +1,11 @@
package org.keycloak.protocol.oidc.mappers;
import org.jboss.logging.Logger;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.IDToken;
import org.keycloak.services.ServicesLogger;
import java.util.ArrayList;
import java.util.HashMap;
@ -17,7 +17,7 @@ import java.util.Map;
* @version $Revision: 1 $
*/
public class OIDCAttributeMapperHelper {
private static final Logger logger = Logger.getLogger(OIDCAttributeMapperHelper.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String TOKEN_CLAIM_NAME = "claim.name";
public static final String TOKEN_CLAIM_NAME_LABEL = "tokenClaimName.label";
@ -46,7 +46,7 @@ public class OIDCAttributeMapperHelper {
return result;
} else {
if (valueAsList.size() > 1) {
logger.warnf("Multiple values found '%s' for protocol mapper '%s' but expected just single value", attributeValue.toString(), mappingModel.getName());
logger.multipleValuesForMapper(attributeValue.toString(), mappingModel.getName());
}
attributeValue = valueAsList.get(0);

2
services/src/main/java/org/keycloak/protocol/oidc/mappers/UserAttributeMapper.java
View file

@ -110,7 +110,7 @@ public class UserAttributeMapper extends AbstractOIDCProtocolMapper implements O
if (multivalued) {
mapper.getConfig().put(ProtocolMapperUtils.MULTIVALUED, "true");
}
return mapper;
}

4
services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
View file

@ -1,10 +1,10 @@
package org.keycloak.protocol.oidc.utils;
import org.jboss.logging.Logger;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.services.Urls;
import org.keycloak.services.ServicesLogger;
import javax.ws.rs.core.UriInfo;
import java.net.URI;
@ -16,7 +16,7 @@ import java.util.Set;
*/
public class RedirectUtils {
private static final Logger logger = Logger.getLogger(RedirectUtils.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static String verifyRealmRedirectUri(UriInfo uriInfo, String redirectUri, RealmModel realm) {
Set<String> validRedirects = getValidateRedirectUris(uriInfo, realm);

22
services/src/main/java/org/keycloak/provider/FileSystemProviderLoaderFactory.java
View file

@ -1,6 +1,22 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.provider;
import org.jboss.logging.Logger;
import org.keycloak.services.ServicesLogger;
import java.io.File;
import java.io.FilenameFilter;
@ -14,7 +30,7 @@ import java.util.List;
*/
public class FileSystemProviderLoaderFactory implements ProviderLoaderFactory {
private static final Logger log = Logger.getLogger(FileSystemProviderLoaderFactory.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Override
public boolean supports(String type) {
@ -43,7 +59,7 @@ public class FileSystemProviderLoaderFactory implements ProviderLoaderFactory {
}
}
log.debug("Loading providers from " + urls.toString());
logger.debug("Loading providers from " + urls.toString());
return new URLClassLoader(urls.toArray(new URL[urls.size()]), parent);
} catch (Exception e) {

22
services/src/main/java/org/keycloak/provider/ProviderManager.java
View file

@ -1,6 +1,22 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.provider;
import org.jboss.logging.Logger;
import org.keycloak.services.ServicesLogger;
import java.util.HashMap;
import java.util.IdentityHashMap;
@ -14,7 +30,7 @@ import java.util.ServiceLoader;
*/
public class ProviderManager {
private static final Logger log = Logger.getLogger(ProviderManager.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private List<ProviderLoader> loaders = new LinkedList<ProviderLoader>();
private Map<String, List<ProviderFactory>> cache = new HashMap<String, List<ProviderFactory>>();
@ -25,7 +41,7 @@ public class ProviderManager {
factories.add(f);
}
log.debugv("Provider loaders {0}", factories);
logger.debugv("Provider loaders {0}", factories);
loaders.add(new DefaultProviderLoader(baseClassLoader));

18
services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java Executable file → Normal file
View file

@ -1,3 +1,19 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services;
import org.keycloak.models.*;
@ -94,7 +110,7 @@ public class DefaultKeycloakSession implements KeycloakSession {
T provider = (T) providers.get(hash);
if (provider == null) {
ProviderFactory<T> providerFactory = factory.getProviderFactory(clazz, id);
if (providerFactory != null) {
provider = providerFactory.create(this);
providers.put(hash, provider);

36
services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java Executable file → Normal file
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
@ -10,6 +25,7 @@ import org.keycloak.provider.ProviderEventListener;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.provider.ProviderManager;
import org.keycloak.provider.Spi;
import org.keycloak.services.ServicesLogger;
import java.util.HashMap;
import java.util.HashSet;
@ -22,7 +38,7 @@ import java.util.concurrent.CopyOnWriteArrayList;
public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
private static final Logger log = Logger.getLogger(DefaultKeycloakSessionFactory.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private Map<Class<? extends Provider>, String> provider = new HashMap<Class<? extends Provider>, String>();
private Map<Class<? extends Provider>, Map<String, ProviderFactory>> factoriesMap = new HashMap<Class<? extends Provider>, Map<String, ProviderFactory>>();
@ -30,7 +46,7 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
// TODO: Likely should be changed to int and use Time.currentTime() to be compatible with all our "time" reps
protected long serverStartupTimestamp;
@Override
public void register(ProviderEventListener listener) {
listeners.add(listener);
@ -50,7 +66,7 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
public void init() {
serverStartupTimestamp = System.currentTimeMillis();
ProviderManager pm = new ProviderManager(getClass().getClassLoader(), Config.scope().getArray("providers"));
for (Spi spi : ServiceLoader.load(Spi.class, getClass().getClassLoader())) {
@ -70,12 +86,12 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
factory.init(scope);
if (spi.isInternal() && !isInternal(factory)) {
log.warnv("{0} ({1}) is implementing the internal SPI {2}. This SPI is internal and may change without notice", factory.getId(), factory.getClass().getName(), spi.getName());
logger.spiMayChange(factory.getId(), factory.getClass().getName(), spi.getName());
}
factories.put(factory.getId(), factory);
log.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider);
logger.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider);
} else {
for (ProviderFactory factory : pm.load(spi)) {
Config.Scope scope = Config.scope(spi.getName(), factory.getId());
@ -83,12 +99,12 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
factory.init(scope);
if (spi.isInternal() && !isInternal(factory)) {
log.warnv("{0} ({1}) is implementing the internal SPI {2}. This SPI is internal and may change without notice", factory.getId(), factory.getClass().getName(), spi.getName());
logger.spiMayChange(factory.getId(), factory.getClass().getName(), spi.getName());
}
factories.put(factory.getId(), factory);
} else {
log.debugv("SPI {0} provider {1} disabled", spi.getName(), factory.getId());
logger.debugv("SPI {0} provider {1} disabled", spi.getName(), factory.getId());
}
}
@ -96,9 +112,9 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
provider = factories.values().iterator().next().getId();
this.provider.put(spi.getProviderClass(), provider);
log.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider);
logger.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider);
} else {
log.debugv("Loaded SPI {0} (providers = {1})", spi.getName(), factories.keySet());
logger.debugv("Loaded SPI {0} (providers = {1})", spi.getName(), factories.keySet());
}
}
}

22
services/src/main/java/org/keycloak/services/DefaultKeycloakTransactionManager.java
View file

@ -1,8 +1,24 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services;
import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakTransaction;
import org.keycloak.models.KeycloakTransactionManager;
import org.keycloak.services.ServicesLogger;
import java.util.LinkedList;
import java.util.List;
@ -12,7 +28,7 @@ import java.util.List;
*/
public class DefaultKeycloakTransactionManager implements KeycloakTransactionManager {
public static final Logger logger = Logger.getLogger(DefaultKeycloakTransactionManager.class);
public static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private List<KeycloakTransaction> transactions = new LinkedList<KeycloakTransaction>();
private List<KeycloakTransaction> afterCompletion = new LinkedList<KeycloakTransaction>();
@ -75,7 +91,7 @@ public class DefaultKeycloakTransactionManager implements KeycloakTransactionMan
try {
tx.rollback();
} catch (RuntimeException e) {
logger.error("Exception during rollback", e);
logger.exceptionDuringRollback(e);
}
}
}

404
services/src/main/java/org/keycloak/services/ServicesLogger.java Normal file
View file

@ -0,0 +1,404 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services;
import java.io.IOException;
import java.net.URI;
import javax.naming.NamingException;
import org.jboss.logging.BasicLogger;
import org.jboss.logging.Logger;
import org.jboss.logging.annotations.Cause;
import org.jboss.logging.annotations.LogMessage;
import org.jboss.logging.annotations.Message;
import org.jboss.logging.annotations.MessageLogger;
import static org.jboss.logging.Logger.Level.ERROR;
import static org.jboss.logging.Logger.Level.FATAL;
import static org.jboss.logging.Logger.Level.INFO;
import static org.jboss.logging.Logger.Level.WARN;
import org.keycloak.email.EmailException;
import org.keycloak.events.EventListenerProvider;
import org.keycloak.models.ModelDuplicateException;
/**
* Main logger for the Keycloak Services module.
*
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
*/
@MessageLogger(projectCode="KC-SERVICES", length=4)
public interface ServicesLogger extends BasicLogger {
ServicesLogger ROOT_LOGGER = Logger.getMessageLogger(ServicesLogger.class, "org.keycloak.services");
@LogMessage(level = INFO)
@Message(id=1, value="Loading config from %s")
void loadingFrom(Object from);
@LogMessage(level = ERROR)
@Message(id=2, value="Failed to migrate datamodel")
void migrationFailure(@Cause Throwable t);
@LogMessage(level = INFO)
@Message(id=3, value="Not importing realm %s from %s. It already exists.")
void realmExists(String realmName, String from);
@LogMessage(level = INFO)
@Message(id=4, value="Imported realm %s from %s.")
void importedRealm(String realmName, String from);
@LogMessage(level = WARN)
@Message(id=5, value="Unable to import realm %s from %s.")
void unableToImportRealm(@Cause Throwable t, String realmName, String from);
@LogMessage(level = INFO)
@Message(id=6, value="Importing users from '%s'")
void imprtingUsersFrom(Object from);
@LogMessage(level = ERROR)
@Message(id=7, value="Failed to load 'keycloak-add-user.json'")
void failedToLoadUsers(@Cause Throwable t);
@LogMessage(level = ERROR)
@Message(id=8, value="Failed to add user %s to realm %s: realm not found")
void addUserFailedRealmNotFound(String user, String realm);
@LogMessage(level = INFO)
@Message(id=9, value="Added user '%s' to realm '%s'")
void addUserSuccess(String user, String realm);
@LogMessage(level = ERROR)
@Message(id=10, value="Failed to add user '%s' to realm '%s': user with username exists")
void addUserFailedUserExists(String user, String realm);
@LogMessage(level = ERROR)
@Message(id=11, value="Failed to add user '%s' to realm '%s'")
void addUserFailed(@Cause Throwable t, String user, String realm);
@LogMessage(level = ERROR)
@Message(id=12, value="Failed to delete '%s'")
void failedToDeleteFile(String fileName);
@LogMessage(level = ERROR)
@Message(id=13, value="failed authentication")
void failedAuthentication(@Cause Throwable t);
@LogMessage(level = ERROR)
@Message(id=14, value="Failed client authentication")
void failedClientAuthentication(@Cause Throwable t);
@LogMessage(level = ERROR)
@Message(id=15, value="Unexpected error when authenticating client")
void errorAuthenticatingClient(@Cause Throwable t);
@LogMessage(level = ERROR)
@Message(id=16, value="Unknown flow to execute with")
void unknownFlow();
@LogMessage(level = ERROR)
@Message(id=17, value="Unknown result status")
void unknownResultStatus();
@LogMessage(level = WARN)
@Message(id=18, value="Client %s doesn't have have authentication method configured. Fallback to %s")
void authMethodFallback(String clientId, String expectedClientAuthType);
@LogMessage(level = WARN)
@Message(id=19, value="No duplication detected.")
void noDuplicationDetected();
@LogMessage(level = WARN)
@Message(id=20, value="%s is null. Reset flow and enforce showing reviewProfile page")
void resetFlow(String emailOrUserName);
@LogMessage(level = ERROR)
@Message(id=21, value="Failed to send email to confirm identity broker linking")
void confirmBrokerEmailFailed(@Cause Throwable t);
@LogMessage(level = ERROR)
@Message(id=22, value="Key parameter don't match with the expected value from client session")
void keyParamDoesNotMatch();
@LogMessage(level = WARN)
@Message(id=23, value="Smtp is not configured for the realm. Ignoring email verification authenticator")
void smtpNotConfigured();
@LogMessage(level = ERROR)
@Message(id=24, value="")
void modelDuplicateException(@Cause ModelDuplicateException mde);
@LogMessage(level = ERROR)
@Message(id=25, value="Error when validating client assertion")
void errorValidatingAssertion(@Cause Throwable t);
@LogMessage(level = ERROR)
@Message(id=26, value="Failed to send password reset email")
void failedToSendPwdResetEmail(@Cause EmailException e);
@LogMessage(level = ERROR)
@Message(id=28, value="Recaptcha failed")
void recaptchaFailed(@Cause Exception e);
@LogMessage(level = ERROR)
@Message(id=29, value="Failed to send email")
void failedToSendEmail(@Cause Exception e);
@LogMessage(level = INFO)
@Message(id=30, value="Full model import requested. Strategy: %s")
void fullModelImport(String strategy);
@LogMessage(level = INFO)
@Message(id=31, value="Import of realm '%s' requested. Strategy: %s")
void realmImportRequested(String realmName, String strategy);
@LogMessage(level = INFO)
@Message(id=32, value="Import finished successfully")
void importSuccess();
@LogMessage(level = INFO)
@Message(id=33, value="Full model export requested")
void fullModelExportRequested();
@LogMessage(level = INFO)
@Message(id=34, value="Export of realm '%s' requested.")
void realmExportRequested(String realmName);
@LogMessage(level = INFO)
@Message(id=35, value="Export finished successfully")
void exportSuccess();
@LogMessage(level = ERROR)
@Message(id=36, value="Error overwriting %s")
void overwriteError(@Cause Exception e, String name);
@LogMessage(level = ERROR)
@Message(id=37, value="Error creating %s")
void creationError(@Cause Exception e, String name);
@LogMessage(level = ERROR)
@Message(id=38, value="Error importing roles")
void roleImportError(@Cause Exception e);
@LogMessage(level = WARN)
@Message(id=39, value="Untranslated protocol Error: %s so we return default SAML error")
void untranslatedProtocol(String errorName);
@LogMessage(level = WARN)
@Message(id=40, value="Using deprecated 'directGrantsOnly' configuration in JSON representation. It will be removed in future versions")
void usingDeprecatedDirectGrantsOnly();
@LogMessage(level = WARN)
@Message(id=41, value="Invoking deprecated endpoint %s")
void invokingDeprecatedEndpoint(URI requestUri);
@LogMessage(level = ERROR)
@Message(id=42, value="Response_mode 'query' not allowed for implicit or hybrid flow")
void responseModeQueryNotAllowed();
@LogMessage(level = ERROR)
@Message(id=43, value="Client session is null")
void clientSessionNull();
@LogMessage(level = ERROR)
@Message(id=44, value="Client model in client session is null")
void clientModelNull();
@LogMessage(level = ERROR)
@Message(id=45, value="Invalid token. Token verification failed.")
void invalidToken();
@LogMessage(level = WARN)
@Message(id=46, value="Multiple values found '%s' for protocol mapper '%s' but expected just single value")
void multipleValuesForMapper(String attrValue, String mapper);
@LogMessage(level = WARN)
@Message(id=47, value="%s (%s) is implementing the internal SPI %s. This SPI is internal and may change without notice")
void spiMayChange(String factoryId, String factoryClass, String spiName);
@LogMessage(level = ERROR)
@Message(id=48, value="Exception during rollback")
void exceptionDuringRollback(@Cause RuntimeException e);
@LogMessage(level = ERROR)
@Message(id=49, value="%s")
void clientRegistrationException(String message);
@LogMessage(level = INFO)
@Message(id=50, value="Initializing %s realm")
void initializingAdminRealm(String adminRealmName);
@LogMessage(level = WARN)
@Message(id=51, value="Failed to logout client, continuing")
void failedToLogoutClient(@Cause Exception e);
@LogMessage(level = ERROR)
@Message(id=52, value="Failed processing type")
void failedProcessingType(@Cause Exception e);
@LogMessage(level = WARN)
@Message(id=53, value="login failure for user %s from ip %s")
void loginFailure(String user, String ip);
@LogMessage(level = ERROR)
@Message(id=54, value="Unknown action: %s")
void unknownAction(String action);
@LogMessage(level = ERROR)
@Message(id=55, value="%s")
void errorAuthenticating(@Cause Exception e, String message);
@LogMessage(level = WARN)
@Message(id=56, value="Error when closing LDAP connection")
void errorClosingLDAP(@Cause NamingException ne);
@LogMessage(level = WARN)
@Message(id=57, value="Logout for client '%s' failed")
void logoutFailed(@Cause IOException ioe, String clientId);
@LogMessage(level = WARN)
@Message(id=58, value="Failed to send revocation request")
void failedToSendRevocation(@Cause IOException ioe);
@LogMessage(level = WARN)
@Message(id=59, value="Availability test failed for uri '%s'")
void availabilityTestFailed(String managementUrl);
@LogMessage(level = WARN)
@Message(id=60, value="Role '%s' not available in realm")
void roleNotInRealm(String offlineAccessRole);
@LogMessage(level = ERROR)
@Message(id=61, value="Error occurred during full sync of users")
void errorDuringFullUserSync(@Cause Throwable t);
@LogMessage(level = ERROR)
@Message(id=62, value="Error occurred during sync of changed users")
void errorDuringChangedUserSync(@Cause Throwable t);
@LogMessage(level = WARN)
@Message(id=63, value="Failed to format message due to: %s")
void failedToFormatMessage(String cause);
@LogMessage(level = WARN)
@Message(id=64, value="Failed to load messages")
void failedToloadMessages(@Cause IOException ioe);
@LogMessage(level = ERROR)
@Message(id=65, value="Failed to update Password")
void failedToUpdatePassword(@Cause Exception e);
@LogMessage(level = ERROR)
@Message(id=66, value="Could not fire event.")
void couldNotFireEvent(@Cause Exception e);
@LogMessage(level = ERROR)
@Message(id=67, value="failed to parse RestartLoginCookie")
void failedToParseRestartLoginCookie(@Cause Exception e);
@LogMessage(level = ERROR)
@Message(id=68, value="Not found serialized context in clientSession under note '%s'")
void notFoundSerializedCtxInClientSession(String noteKey);
@LogMessage(level = ERROR)
@Message(id=69, value="Flow not configured for identity provider '%s'")
void flowNotConfigForIDP(String identityProviderAlias);
@LogMessage(level = ERROR)
@Message(id=70, value="Not found configured flow with ID '%s' for identity provider '%s'")
void flowNotFoundForIDP(String flowId, String identityProviderAlias);
@LogMessage(level = ERROR)
@Message(id=71, value="required action doesn't match current required action")
void reqdActionDoesNotMatch();
@LogMessage(level = ERROR)
@Message(id=72, value="Invalid key for email verification")
void invalidKeyForEmailVerification();
@LogMessage(level = ERROR)
@Message(id=73, value="User session was null")
void userSessionNull();
@LogMessage(level = ERROR)
@Message(id=74, value="Required action provider was null")
void actionProviderNull();
@LogMessage(level = WARN)
@Message(id=75, value="Failed to get theme request")
void failedToGetThemeRequest(@Cause Exception e);
@LogMessage(level = ERROR)
@Message(id=76, value="Rejected non-local attempt to create initial user from %s")
void rejectedNonLocalAttemptToCreateInitialUser(String remoteAddr);
@LogMessage(level = INFO)
@Message(id=77, value="Created initial admin user with username %s")
void createdInitialAdminUser(String userName);
@LogMessage(level = WARN)
@Message(id=78, value="Rejected attempt to create initial user as user is already created")
void initialUserAlreadyCreated();
@LogMessage(level = WARN)
@Message(id=79, value="Locale not specified for messages.json")
void localeNotSpecified();
@LogMessage(level = WARN)
@Message(id=80, value="Message bundle not found for language code '%s'")
void msgBundleNotFound(String lang);
@LogMessage(level = FATAL)
@Message(id=81, value="Message bundle not found for language code 'en'")
void msgBundleNotFoundForEn();
@LogMessage(level = ERROR)
@Message(id=82, value="Admin Events enabled, but no event store provider configured")
void noEventStoreProvider();
@LogMessage(level = ERROR)
@Message(id=83, value="Event listener '%s' registered, but provider not found")
void providerNotFound(String id);
@LogMessage(level = ERROR)
@Message(id=84, value="Failed to save event")
void failedToSaveEvent(@Cause Throwable t);
@LogMessage(level = ERROR)
@Message(id=85, value="Failed to send type to %s")
void failedToSendType(@Cause Throwable t, EventListenerProvider listener);
@LogMessage(level = INFO)
@Message(id=86, value="Added 'kerberos' to required realm credentials")
void addedKerberosToRealmCredentials();
@LogMessage(level = INFO)
@Message(id=87, value="Syncing data for mapper '%s' of type '%s'. Direction: %s")
void syncingDataForMapper(String modelName, String mapperType, String direction);
@LogMessage(level = ERROR)
@Message(id=88, value="Failed to send execute actions email")
void failedToSendActionsEmail(@Cause EmailException e);
@LogMessage(level = ERROR)
@Message(id=89, value="Failed to run scheduled task %s")
void failedToRunScheduledTask(@Cause Throwable t, String taskClass);
@LogMessage(level = ERROR)
@Message(id=90, value="Failed to close ProviderSession")
void failedToCloseProviderSession(@Cause Throwable t);
}

24
services/src/main/java/org/keycloak/services/clientregistration/oidc/OIDCClientRegistrationProvider.java
View file

@ -1,12 +1,28 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.clientregistration.oidc;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Time;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.KeycloakSession;
import org.keycloak.representations.oidc.OIDCClientRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.clientregistration.AbstractClientRegistrationProvider;
import org.keycloak.services.clientregistration.ClientRegistrationAuth;
import org.keycloak.services.clientregistration.ClientRegistrationException;
@ -22,7 +38,7 @@ import java.net.URI;
*/
public class OIDCClientRegistrationProvider extends AbstractClientRegistrationProvider {
private static final Logger log = Logger.getLogger(OIDCClientRegistrationProvider.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public OIDCClientRegistrationProvider(KeycloakSession session) {
super(session);
@ -44,7 +60,7 @@ public class OIDCClientRegistrationProvider extends AbstractClientRegistrationPr
clientOIDC.setClientIdIssuedAt(Time.currentTime());
return Response.created(uri).entity(clientOIDC).build();
} catch (ClientRegistrationException cre) {
log.error(cre.getMessage());
logger.clientRegistrationException(cre.getMessage());
throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client metadata invalid", Response.Status.BAD_REQUEST);
}
}
@ -69,7 +85,7 @@ public class OIDCClientRegistrationProvider extends AbstractClientRegistrationPr
clientOIDC = DescriptionConverter.toExternalResponse(client, uri);
return Response.ok(clientOIDC).build();
} catch (ClientRegistrationException cre) {
log.error(cre.getMessage());
logger.clientRegistrationException(cre.getMessage());
throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client metadata invalid", Response.Status.BAD_REQUEST);
}
}

19
services/src/main/java/org/keycloak/services/managers/AppAuthManager.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.managers;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.UnauthorizedException;
import org.keycloak.common.ClientConnection;
import org.keycloak.models.KeycloakContext;
@ -16,8 +31,6 @@ import javax.ws.rs.core.UriInfo;
*/
public class AppAuthManager extends AuthenticationManager {
protected static Logger logger = Logger.getLogger(AppAuthManager.class);
@Override
public AuthResult authenticateIdentityCookie(KeycloakSession session, RealmModel realm) {
AuthResult authResult = super.authenticateIdentityCookie(session, realm);

22
services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
View file

@ -1,12 +1,28 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.managers;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.common.Version;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.models.*;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.ServicesLogger;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -14,7 +30,7 @@ import org.keycloak.representations.idm.CredentialRepresentation;
*/
public class ApplianceBootstrap {
private static final Logger logger = Logger.getLogger(ApplianceBootstrap.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private final KeycloakSession session;
public ApplianceBootstrap(KeycloakSession session) {
@ -40,7 +56,7 @@ public class ApplianceBootstrap {
}
String adminRealmName = Config.getAdminRealm();
logger.info("Initializing " + adminRealmName + " realm");
logger.initializingAdminRealm(adminRealmName);
RealmManager manager = new RealmManager(session);
manager.setContextPath(contextPath);

10
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
View file

@ -1,5 +1,5 @@
/*
* Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
@ -16,7 +16,6 @@
*/
package org.keycloak.services.managers;
import org.jboss.logging.Logger;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.common.ClientConnection;
@ -39,6 +38,7 @@ import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.LoginProtocol.Error;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.AccessToken;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.Urls;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.IdentityBrokerService;
@ -60,7 +60,7 @@ import java.util.Set;
*/
public class AuthenticationManager {
public static final String END_AFTER_REQUIRED_ACTIONS = "END_AFTER_REQUIRED_ACTIONS";
protected static Logger logger = Logger.getLogger(AuthenticationManager.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String FORM_USERNAME = "username";
// used for auth login
public static final String KEYCLOAK_IDENTITY_COOKIE = "KEYCLOAK_IDENTITY";
@ -195,7 +195,7 @@ public class AuthenticationManager {
protocol.backchannelLogout(userSession, clientSession);
clientSession.setAction(ClientSessionModel.Action.LOGGED_OUT.name());
} catch (Exception e) {
logger.warn("Failed to logout client, continuing", e);
logger.failedToLogoutClient(e);
}
}
}
@ -216,7 +216,7 @@ public class AuthenticationManager {
return response;
}
} catch (Exception e) {
logger.warn("Failed to logout client, continuing", e);
logger.failedToLogoutClient(e);
}
}

20
services/src/main/java/org/keycloak/services/managers/ClientManager.java Executable file → Normal file
View file

@ -1,8 +1,23 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.managers;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonPropertyOrder;
import org.jboss.logging.Logger;
import org.keycloak.authentication.ClientAuthenticator;
import org.keycloak.authentication.ClientAuthenticatorFactory;
import org.keycloak.common.constants.ServiceAccountConstants;
@ -21,6 +36,7 @@ import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
import org.keycloak.representations.adapters.config.BaseRealmConfig;
import org.keycloak.common.util.Time;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.services.ServicesLogger;
import java.net.URI;
import java.util.Collections;
@ -35,7 +51,7 @@ import java.util.TreeSet;
* @version $Revision: 1 $
*/
public class ClientManager {
protected Logger logger = Logger.getLogger(ClientManager.class);
protected ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected RealmManager realmManager;

24
services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtector.java Executable file → Normal file
View file

@ -1,12 +1,28 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.managers;
import org.jboss.logging.Logger;
import org.keycloak.common.ClientConnection;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UsernameLoginFailureModel;
import org.keycloak.services.ServicesLogger;
import java.util.ArrayList;
import java.util.Collections;
@ -21,7 +37,7 @@ import java.util.concurrent.TimeUnit;
* @version $Revision: 1 $
*/
public class DefaultBruteForceProtector implements Runnable, BruteForceProtector {
protected static Logger logger = Logger.getLogger(DefaultBruteForceProtector.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected volatile boolean run = true;
protected int maxDeltaTimeSeconds = 60 * 60 * 12; // 12 hours
@ -178,7 +194,7 @@ public class DefaultBruteForceProtector implements Runnable, BruteForceProtector
session.close();
}
} catch (Exception e) {
logger.error("Failed processing type", e);
logger.failedProcessingType(e);
}
} catch (InterruptedException e) {
break;
@ -190,7 +206,7 @@ public class DefaultBruteForceProtector implements Runnable, BruteForceProtector
}
protected void logFailure(LoginEvent event) {
logger.warn("login failure for user " + event.username + " from ip " + event.ip);
logger.loginFailure(event.username, event.ip);
failures++;
long delta = 0;
if (lastFailure > 0) {

26
services/src/main/java/org/keycloak/services/managers/LDAPConnectionTestManager.java
View file

@ -1,6 +1,22 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.managers;
import org.jboss.logging.Logger;
import org.keycloak.services.ServicesLogger;
import javax.naming.Context;
import javax.naming.NamingException;
@ -12,14 +28,14 @@ import java.util.Hashtable;
*/
public class LDAPConnectionTestManager {
protected static final Logger logger = Logger.getLogger(LDAPConnectionTestManager.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String TEST_CONNECTION = "testConnection";
public static final String TEST_AUTHENTICATION = "testAuthentication";
public boolean testLDAP(String action, String connectionUrl, String bindDn, String bindCredential) {
if (!TEST_CONNECTION.equals(action) && !TEST_AUTHENTICATION.equals(action)) {
logger.error("Unknown action: " + action);
logger.unknownAction(action);
return false;
}
@ -44,14 +60,14 @@ public class LDAPConnectionTestManager {
return true;
} catch (Exception ne) {
String errorMessage = (TEST_AUTHENTICATION.equals(action)) ? "Error when authenticating to LDAP: " : "Error when connecting to LDAP: ";
logger.error(errorMessage + ne.getMessage(), ne);
logger.errorAuthenticating(ne, errorMessage + ne.getMessage());
return false;
} finally {
if (ldapContext != null) {
try {
ldapContext.close();
} catch (NamingException ne) {
logger.warn("Error when closing LDAP connection", ne);
logger.errorClosingLDAP(ne);
}
}
}

4
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -1,5 +1,5 @@
/*
* Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
@ -16,7 +16,6 @@
*/
package org.keycloak.services.managers;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.models.session.UserSessionPersisterProvider;
@ -61,7 +60,6 @@ import org.keycloak.protocol.ProtocolMapperUtils;
* @version $Revision: 1 $
*/
public class RealmManager implements RealmImporter {
protected static final Logger logger = Logger.getLogger(RealmManager.class);
protected KeycloakSession session;
protected RealmProvider model;

26
services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.managers;
import org.jboss.logging.Logger;
import org.keycloak.TokenIdGenerator;
import org.keycloak.connections.httpclient.HttpClientProvider;
import org.keycloak.constants.AdapterConstants;
@ -15,6 +30,7 @@ import org.keycloak.representations.adapters.action.GlobalRequestResult;
import org.keycloak.representations.adapters.action.LogoutAction;
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.common.util.MultivaluedHashMap;
@ -37,7 +53,7 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public class ResourceAdminManager {
protected static Logger logger = Logger.getLogger(ResourceAdminManager.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private static final String CLIENT_SESSION_HOST_PROPERTY = "${application.session.host}";
private KeycloakSession session;
@ -237,7 +253,7 @@ public class ResourceAdminManager {
logger.debugf("logout success for %s: %s", managementUrl, success);
return success;
} catch (IOException e) {
logger.warn("Logout for client '" + resource.getClientId() + "' failed", e);
logger.logoutFailed(e, resource.getClientId());
return false;
}
}
@ -288,7 +304,7 @@ public class ResourceAdminManager {
logger.debugf("pushRevocation success for %s: %s", managementUrl, success);
return success;
} catch (IOException e) {
logger.warn("Failed to send revocation request", e);
logger.failedToSendRevocation(e);
return false;
}
}
@ -326,7 +342,7 @@ public class ResourceAdminManager {
logger.debugf("testAvailability success for %s: %s", managementUrl, success);
return success;
} catch (IOException e) {
logger.warn("Availability test failed for uri '" + managementUrl + "'", e);
logger.availabilityTestFailed(managementUrl);
return false;
}
}

25
services/src/main/java/org/keycloak/services/managers/UserSessionManager.java
View file

@ -1,3 +1,19 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.managers;
import java.util.HashSet;
@ -5,7 +21,7 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Time;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.Constants;
@ -16,7 +32,8 @@ import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.session.UserSessionPersisterProvider;
import org.keycloak.common.util.Time;
import org.keycloak.services.ServicesLogger;
/**
*
@ -24,7 +41,7 @@ import org.keycloak.common.util.Time;
*/
public class UserSessionManager {
protected static Logger logger = Logger.getLogger(UserSessionManager.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private final KeycloakSession kcSession;
private final UserSessionPersisterProvider persister;
@ -119,7 +136,7 @@ public class UserSessionManager {
public boolean isOfflineTokenAllowed(ClientSessionModel clientSession) {
RoleModel offlineAccessRole = clientSession.getRealm().getRole(Constants.OFFLINE_ACCESS_ROLE);
if (offlineAccessRole == null) {
logger.warnf("Role '%s' not available in realm", Constants.OFFLINE_ACCESS_ROLE);
logger.roleNotInRealm(Constants.OFFLINE_ACCESS_ROLE);
return false;
}

27
services/src/main/java/org/keycloak/services/managers/UsersSyncManager.java
View file

@ -1,6 +1,22 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.managers;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Time;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.KeycloakSessionTask;
@ -10,8 +26,9 @@ import org.keycloak.models.UserFederationProviderFactory;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserFederationSyncResult;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.ServicesLogger;
import org.keycloak.timer.TimerProvider;
import org.keycloak.common.util.Time;
import java.util.List;
@ -20,7 +37,7 @@ import java.util.List;
*/
public class UsersSyncManager {
protected static final Logger logger = Logger.getLogger(UsersSyncManager.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
/**
* Check federationProviderModel of all realms and possibly start periodic sync for them
@ -69,7 +86,7 @@ public class UsersSyncManager {
try {
syncAllUsers(sessionFactory, realmId, fedProvider);
} catch (Throwable t) {
logger.error("Error occurred during full sync of users", t);
logger.errorDuringFullUserSync(t);
}
}
@ -87,7 +104,7 @@ public class UsersSyncManager {
try {
syncChangedUsers(sessionFactory, realmId, fedProvider);
} catch (Throwable t) {
logger.error("Error occurred during sync of changed users", t);
logger.errorDuringChangedUserSync(t);
}
}

24
services/src/main/java/org/keycloak/services/messages/AdminMessagesProvider.java
View file

@ -1,3 +1,19 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.messages;
import java.io.IOException;
@ -5,16 +21,16 @@ import java.net.URL;
import java.text.MessageFormat;
import java.util.Locale;
import java.util.Properties;
import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.messages.MessagesProvider;
import org.keycloak.services.ServicesLogger;
/**
* @author <a href="mailto:leonardo.zanivan@gmail.com">Leonardo Zanivan</a>
*/
public class AdminMessagesProvider implements MessagesProvider {
private static final Logger logger = Logger.getLogger(AdminMessagesProvider.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private KeycloakSession session;
private Locale locale;
@ -33,7 +49,7 @@ public class AdminMessagesProvider implements MessagesProvider {
try {
return new MessageFormat(message, locale).format(parameters);
} catch (Exception e) {
logger.warnf("Failed to format message due to: %s", e.getMessage());
logger.failedToFormatMessage(e.getMessage());
return message;
}
}
@ -55,7 +71,7 @@ public class AdminMessagesProvider implements MessagesProvider {
try {
properties.load(url.openStream());
} catch (IOException ex) {
logger.warn("Failed to load messages", ex);
logger.failedToloadMessages(ex);
}
}

20
services/src/main/java/org/keycloak/services/resources/AbstractSecuredLocalService.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.AbstractOAuthClient;
@ -12,6 +27,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.AuthenticationManager;
@ -39,7 +55,7 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public abstract class AbstractSecuredLocalService {
private static final Logger logger = Logger.getLogger(AbstractSecuredLocalService.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private static final String KEYCLOAK_STATE_CHECKER = "KEYCLOAK_STATE_CHECKER";

7
services/src/main/java/org/keycloak/services/resources/AccountService.java
View file

@ -51,6 +51,7 @@ import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.Auth;
@ -91,7 +92,7 @@ import java.util.UUID;
*/
public class AccountService extends AbstractSecuredLocalService {
private static final Logger logger = Logger.getLogger(AccountService.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private static Set<String> VALID_PATHS = new HashSet<String>();
static {
@ -641,11 +642,11 @@ public class AccountService extends AbstractSecuredLocalService {
setReferrerOnPage();
return account.setError(Messages.READ_ONLY_PASSWORD).createResponse(AccountPages.PASSWORD);
}catch (ModelException me) {
logger.error("Failed to update password", me);
logger.failedToUpdatePassword(me);
setReferrerOnPage();
return account.setError(me.getMessage(), me.getParameters()).createResponse(AccountPages.PASSWORD);
}catch (Exception ape) {
logger.error("Failed to update password", ape);
logger.failedToUpdatePassword(ape);
setReferrerOnPage();
return account.setError(ape.getMessage()).createResponse(AccountPages.PASSWORD);
}

20
services/src/main/java/org/keycloak/services/resources/ClientsManagementService.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.UnauthorizedException;
@ -16,6 +31,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.utils.AuthorizeClientUtil;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.common.util.Time;
import javax.ws.rs.HeaderParam;
@ -38,7 +54,7 @@ import java.util.Map;
*/
public class ClientsManagementService {
protected static final Logger logger = Logger.getLogger(ClientsManagementService.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private RealmModel realm;

20
services/src/main/java/org/keycloak/services/resources/Cors.java
View file

@ -1,11 +1,27 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.keycloak.models.ClientModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.common.util.CollectionUtil;
import org.keycloak.services.ServicesLogger;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.ResponseBuilder;
@ -18,7 +34,7 @@ import java.util.concurrent.TimeUnit;
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class Cors {
protected static final Logger logger = Logger.getLogger(Cors.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final long DEFAULT_MAX_AGE = TimeUnit.HOURS.toSeconds(1);
public static final String DEFAULT_ALLOW_METHODS = "GET, HEAD, OPTIONS";

44
services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java Executable file → Normal file
View file

@ -1,7 +1,7 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -17,7 +17,6 @@
*/
package org.keycloak.services.resources;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.OAuth2Constants;
@ -60,6 +59,7 @@ import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ErrorPage;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.Urls;
import org.keycloak.services.validation.Validation;
import org.keycloak.broker.social.SocialIdentityProvider;
@ -93,7 +93,7 @@ import static org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_CLIENT_ID;
*/
public class IdentityBrokerService implements IdentityProvider.AuthenticationCallback {
private static final Logger LOGGER = Logger.getLogger(IdentityBrokerService.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private final RealmModel realmModel;
@ -138,7 +138,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
this.event.detail(Details.IDENTITY_PROVIDER, providerId);
if (isDebugEnabled()) {
LOGGER.debugf("Sending authentication request to identity provider [%s].", providerId);
logger.debugf("Sending authentication request to identity provider [%s].", providerId);
}
try {
@ -148,7 +148,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
if (response != null) {
if (isDebugEnabled()) {
LOGGER.debugf("Identity provider [%s] is going to send a request [%s].", identityProvider, response);
logger.debugf("Identity provider [%s] is going to send a request [%s].", identityProvider, response);
}
return response;
}
@ -252,7 +252,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
String providerId = identityProviderConfig.getAlias();
if (!identityProviderConfig.isStoreToken()) {
if (isDebugEnabled()) {
LOGGER.debugf("Token will not be stored for identity provider [%s].", providerId);
logger.debugf("Token will not be stored for identity provider [%s].", providerId);
}
context.setToken(null);
}
@ -288,7 +288,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
if (federatedUser == null) {
LOGGER.debugf("Federated user not found for provider '%s' and broker username '%s' . Redirecting to flow for firstBrokerLogin", providerId, context.getUsername());
logger.debugf("Federated user not found for provider '%s' and broker username '%s' . Redirecting to flow for firstBrokerLogin", providerId, context.getUsername());
String username = context.getModelUsername();
if (username == null) {
@ -371,7 +371,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
String isRegisteredNewUser = clientSession.getNote(AbstractIdpAuthenticator.BROKER_REGISTERED_NEW_USER);
if (Boolean.parseBoolean(isRegisteredNewUser)) {
LOGGER.debugf("Registered new user '%s' after first login with identity provider '%s'. Identity provider username is '%s' . ", federatedUser.getUsername(), providerId, context.getUsername());
logger.debugf("Registered new user '%s' after first login with identity provider '%s'. Identity provider username is '%s' . ", federatedUser.getUsername(), providerId, context.getUsername());
context.getIdp().importNewUser(session, realmModel, federatedUser, context);
Set<IdentityProviderMapperModel> mappers = realmModel.getIdentityProviderMappersByAlias(providerId);
@ -384,7 +384,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
}
if (context.getIdpConfig().isTrustEmail() && !Validation.isBlank(federatedUser.getEmail()) && !Boolean.parseBoolean(clientSession.getNote(AbstractIdpAuthenticator.UPDATE_PROFILE_EMAIL_CHANGED))) {
LOGGER.debugf("Email verified automatically after registration of user '%s' through Identity provider '%s' ", federatedUser.getUsername(), context.getIdpConfig().getAlias());
logger.debugf("Email verified automatically after registration of user '%s' through Identity provider '%s' ", federatedUser.getUsername(), context.getIdpConfig().getAlias());
federatedUser.setEmailVerified(true);
}
@ -394,7 +394,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
.success();
} else {
LOGGER.debugf("Linked existing keycloak user '%s' with identity provider '%s' . Identity provider username is '%s' .", federatedUser.getUsername(), providerId, context.getUsername());
logger.debugf("Linked existing keycloak user '%s' with identity provider '%s' . Identity provider username is '%s' .", federatedUser.getUsername(), providerId, context.getUsername());
event.event(EventType.FEDERATED_IDENTITY_LINK)
.success();
@ -414,11 +414,11 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
String postBrokerLoginFlowId = context.getIdpConfig().getPostBrokerLoginFlowId();
if (postBrokerLoginFlowId == null) {
LOGGER.debugf("Skip redirect to postBrokerLogin flow. PostBrokerLogin flow not set for identityProvider '%s'.", context.getIdpConfig().getAlias());
logger.debugf("Skip redirect to postBrokerLogin flow. PostBrokerLogin flow not set for identityProvider '%s'.", context.getIdpConfig().getAlias());
return afterPostBrokerLoginFlowSuccess(clientSession, context, wasFirstBrokerLogin);
} else {
LOGGER.debugf("Redirect to postBrokerLogin flow after authentication with identityProvider '%s'.", context.getIdpConfig().getAlias());
logger.debugf("Redirect to postBrokerLogin flow after authentication with identityProvider '%s'.", context.getIdpConfig().getAlias());
clientSession.setTimestamp(Time.currentTime());
@ -489,7 +489,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
boolean firstBrokerLoginInProgress = (clientSession.getNote(AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE) != null);
if (firstBrokerLoginInProgress) {
LOGGER.debugf("Reauthenticated with broker '%s' when linking user '%s' with other broker", context.getIdpConfig().getAlias(), federatedUser.getUsername());
logger.debugf("Reauthenticated with broker '%s' when linking user '%s' with other broker", context.getIdpConfig().getAlias(), federatedUser.getUsername());
UserModel linkingUser = AbstractIdpAuthenticator.getExistingUser(session, realmModel, clientSession);
if (!linkingUser.getId().equals(federatedUser.getId())) {
@ -517,7 +517,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
userSession.setNote(Details.IDENTITY_PROVIDER_USERNAME, context.getUsername());
if (isDebugEnabled()) {
LOGGER.debugf("Performing local authentication for user [%s].", federatedUser);
logger.debugf("Performing local authentication for user [%s].", federatedUser);
}
return AuthenticationProcessor.redirectToRequiredActions(realmModel, clientSession, uriInfo);
@ -553,7 +553,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
UserModel authenticatedUser = clientSession.getUserSession().getUser();
if (isDebugEnabled()) {
LOGGER.debugf("Linking account [%s] from identity provider [%s] to user [%s].", federatedIdentityModel, context.getIdpConfig().getAlias(), authenticatedUser);
logger.debugf("Linking account [%s] from identity provider [%s] to user [%s].", federatedIdentityModel, context.getIdpConfig().getAlias(), authenticatedUser);
}
if (!authenticatedUser.isEnabled()) {
@ -585,7 +585,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
this.session.users().updateFederatedIdentity(this.realmModel, federatedUser, federatedIdentityModel);
if (isDebugEnabled()) {
LOGGER.debugf("Identity [%s] update with response from identity provider [%s].", federatedUser, context.getIdpConfig().getAlias());
logger.debugf("Identity [%s] update with response from identity provider [%s].", federatedUser, context.getIdpConfig().getAlias());
}
}
context.getIdp().updateBrokeredUser(session, realmModel, federatedUser, context);
@ -613,7 +613,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
throw new IdentityBrokerException("Invalid client");
}
LOGGER.debugf("Got authorization code from client [%s].", client.getClientId());
logger.debugf("Got authorization code from client [%s].", client.getClientId());
this.event.client(client);
this.session.getContext().setClient(client);
@ -623,7 +623,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
}
if (isDebugEnabled()) {
LOGGER.debugf("Authorization code is valid.");
logger.debugf("Authorization code is valid.");
}
return clientCode;
@ -777,15 +777,15 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
this.session.getTransaction().commit();
}
} catch (Exception e) {
LOGGER.error("Could not fire event.", e);
logger.couldNotFireEvent(e);
rollback();
}
}
if (throwable != null) {
LOGGER.error(message, throwable);
logger.error(message, throwable);
} else {
LOGGER.error(message);
logger.error(message);
}
}
@ -794,7 +794,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
}
private boolean isDebugEnabled() {
return LOGGER.isDebugEnabled();
return logger.isDebugEnabled();
}
private void rollback() {

49
services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java Executable file → Normal file
View file

@ -1,9 +1,25 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.services.resources;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.jboss.logging.Logger;
import org.jboss.resteasy.core.Dispatcher;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.Config;
@ -15,6 +31,7 @@ import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.DefaultKeycloakSessionFactory;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.filters.KeycloakTransactionCommitter;
import org.keycloak.services.managers.ApplianceBootstrap;
import org.keycloak.services.managers.RealmManager;
@ -44,7 +61,7 @@ import java.util.*;
*/
public class KeycloakApplication extends Application {
private static final Logger log = Logger.getLogger(KeycloakApplication.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected Set<Object> singletons = new HashSet<Object>();
protected Set<Class<?>> classes = new HashSet<Class<?>>();
@ -135,7 +152,7 @@ public class KeycloakApplication extends Application {
session.getTransaction().commit();
} catch (Exception e) {
session.getTransaction().rollback();
log.error("Failed to migrate datamodel", e);
logger.migrationFailure(e);
} finally {
session.close();
}
@ -163,7 +180,7 @@ public class KeycloakApplication extends Application {
if (configDir != null) {
File f = new File(configDir + File.separator + "keycloak-server.json");
if (f.isFile()) {
log.info("Load config from " + f.getAbsolutePath());
logger.loadingFrom(f.getAbsolutePath());
node = new ObjectMapper().readTree(f);
}
}
@ -171,7 +188,7 @@ public class KeycloakApplication extends Application {
if (node == null) {
URL resource = Thread.currentThread().getContextClassLoader().getResource("META-INF/keycloak-server.json");
if (resource != null) {
log.info("Load config from " + resource);
logger.loadingFrom(resource);
node = new ObjectMapper().readTree(resource);
}
}
@ -247,22 +264,22 @@ public class KeycloakApplication extends Application {
manager.setContextPath(getContextPath());
if (rep.getId() != null && manager.getRealm(rep.getId()) != null) {
log.info("Not importing realm " + rep.getRealm() + " from " + from + ". It already exists.");
logger.realmExists(rep.getRealm(), from);
return;
}
if (manager.getRealmByName(rep.getRealm()) != null) {
log.info("Not importing realm " + rep.getRealm() + " from " + from + ". It already exists.");
logger.realmExists(rep.getRealm(), from);
return;
}
try {
RealmModel realm = manager.importRealm(rep);
session.getTransaction().commit();
log.info("Imported realm " + realm.getName() + " from " + from);
logger.importedRealm(realm.getName(), from);
} catch (Throwable t) {
session.getTransaction().rollback();
log.warn("Unable to import realm " + rep.getRealm() + " from " + from + ". Cause: " + t.getMessage());
logger.unableToImportRealm(t, rep.getRealm(), from);
}
} finally {
session.close();
@ -274,14 +291,14 @@ public class KeycloakApplication extends Application {
if (configDir != null) {
File addUserFile = new File(configDir + File.separator + "keycloak-add-user.json");
if (addUserFile.isFile()) {
log.info("Importing users from '" + addUserFile + "'");
logger.imprtingUsersFrom(addUserFile);
List<RealmRepresentation> realms;
try {
realms = JsonSerialization.readValue(new FileInputStream(addUserFile), new TypeReference<List<RealmRepresentation>>() {
});
} catch (IOException e) {
log.errorv("Failed to load 'keycloak-add-user.json': {0}", e.getMessage());
logger.failedToLoadUsers(e);
return;
}
@ -293,7 +310,7 @@ public class KeycloakApplication extends Application {
RealmModel realm = session.realms().getRealmByName(realmRep.getRealm());
if (realm == null) {
log.errorv("Failed to add user ''{0}'' to realm ''{1}'': realm not found", userRep.getUsername(), realmRep.getRealm());
logger.addUserFailedRealmNotFound(userRep.getUsername(), realmRep.getRealm());
} else {
UserModel user = session.users().addUser(realm, userRep.getUsername());
user.setEnabled(userRep.isEnabled());
@ -302,12 +319,12 @@ public class KeycloakApplication extends Application {
}
session.getTransaction().commit();
log.infov("Added user ''{0}'' to realm ''{1}''", userRep.getUsername(), realmRep.getRealm());
logger.addUserSuccess(userRep.getUsername(), realmRep.getRealm());
} catch (ModelDuplicateException e) {
log.errorv("Failed to add user ''{0}'' to realm ''{1}'': user with username exists", userRep.getUsername(), realmRep.getRealm());
logger.addUserFailedUserExists(userRep.getUsername(), realmRep.getRealm());
} catch (Throwable t) {
session.getTransaction().rollback();
log.errorv("Failed to add user ''{0}'' to realm ''{1}'': {2}", userRep.getUsername(), realmRep.getRealm(), t.getMessage());
logger.addUserFailed(t, userRep.getUsername(), realmRep.getRealm());
} finally {
session.close();
}
@ -315,7 +332,7 @@ public class KeycloakApplication extends Application {
}
if (!addUserFile.delete()) {
log.errorv("Failed to delete '{0}'", addUserFile.getAbsolutePath());
logger.failedToDeleteFile(addUserFile.getAbsolutePath());
}
}
}

20
services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
View file

@ -21,7 +21,6 @@
*/
package org.keycloak.services.resources;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator;
import org.keycloak.authentication.authenticators.broker.util.PostBrokerLoginConstants;
@ -63,6 +62,7 @@ import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
import org.keycloak.services.ErrorPage;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.ClientSessionCode;
@ -91,7 +91,7 @@ import java.net.URI;
*/
public class LoginActionsService {
protected static final Logger logger = Logger.getLogger(LoginActionsService.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public static final String ACTION_COOKIE = "KEYCLOAK_ACTION";
public static final String AUTHENTICATE_PATH = "authenticate";
@ -225,7 +225,7 @@ public class LoginActionsService {
return false;
}
} catch (Exception e) {
logger.error("failed to parse RestartLoginCookie", e);
logger.failedToParseRestartLoginCookie(e);
}
}
event.error(Errors.INVALID_CODE);
@ -527,7 +527,7 @@ public class LoginActionsService {
String noteKey = firstBrokerLogin ? AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE : PostBrokerLoginConstants.PBL_BROKERED_IDENTITY_CONTEXT;
SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromClientSession(clientSessionn, noteKey);
if (serializedCtx == null) {
logger.errorf("Not found serialized context in clientSession under note '%s'", noteKey);
logger.notFoundSerializedCtxInClientSession(noteKey);
throw new WebApplicationException(ErrorPage.error(session, "Not found serialized context in clientSession."));
}
BrokeredIdentityContext brokerContext = serializedCtx.deserialize(session, clientSessionn);
@ -535,12 +535,12 @@ public class LoginActionsService {
String flowId = firstBrokerLogin ? brokerContext.getIdpConfig().getFirstBrokerLoginFlowId() : brokerContext.getIdpConfig().getPostBrokerLoginFlowId();
if (flowId == null) {
logger.errorf("Flow not configured for identity provider '%s'", identityProviderAlias);
logger.flowNotConfigForIDP(identityProviderAlias);
throw new WebApplicationException(ErrorPage.error(session, "Flow not configured for identity provider"));
}
AuthenticationFlowModel brokerLoginFlow = realm.getAuthenticationFlowById(flowId);
if (brokerLoginFlow == null) {
logger.errorf("Not found configured flow with ID '%s' for identity provider '%s'", flowId, identityProviderAlias);
logger.flowNotFoundForIDP(flowId, identityProviderAlias);
throw new WebApplicationException(ErrorPage.error(session, "Flow not found for identity provider"));
}
@ -659,7 +659,7 @@ public class LoginActionsService {
ClientSessionCode accessCode = checks.clientCode;
ClientSessionModel clientSession = accessCode.getClientSession();
if (!ClientSessionModel.Action.VERIFY_EMAIL.name().equals(clientSession.getNote(AuthenticationManager.CURRENT_REQUIRED_ACTION))) {
logger.error("required action doesn't match current required action");
logger.reqdActionDoesNotMatch();
event.error(Errors.INVALID_CODE);
throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
}
@ -672,7 +672,7 @@ public class LoginActionsService {
String keyFromSession = clientSession.getNote(Constants.VERIFY_EMAIL_KEY);
clientSession.removeNote(Constants.VERIFY_EMAIL_KEY);
if (!key.equals(keyFromSession)) {
logger.error("Invalid key for email verification");
logger.invalidKeyForEmailVerification();
event.error(Errors.INVALID_USER_CREDENTIALS);
throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
}
@ -813,7 +813,7 @@ public class LoginActionsService {
final ClientSessionModel clientSession = clientCode.getClientSession();
if (clientSession.getUserSession() == null) {
logger.error("user session was null");
logger.userSessionNull();
event.error(Errors.USER_SESSION_NOT_FOUND);
throw new WebApplicationException(ErrorPage.error(session, Messages.SESSION_NOT_ACTIVE));
}
@ -831,7 +831,7 @@ public class LoginActionsService {
RequiredActionFactory factory = (RequiredActionFactory)session.getKeycloakSessionFactory().getProviderFactory(RequiredActionProvider.class, action);
if (factory == null) {
logger.error("required action provider was null");
logger.actionProviderNull();
event.error(Errors.INVALID_CODE);
throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
}

21
services/src/main/java/org/keycloak/services/resources/ModelExceptionMapper.java
View file

@ -1,3 +1,20 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.services.resources;
import javax.ws.rs.core.Context;
@ -5,11 +22,11 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.ext.ExceptionMapper;
import javax.ws.rs.ext.Provider;
import org.jboss.logging.Logger;
import org.keycloak.messages.MessagesProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ServicesLogger;
/**
* @author <a href="mailto:leonardo.zanivan@gmail.com">Leonardo Zanivan</a>
@ -17,7 +34,7 @@ import org.keycloak.services.ErrorResponse;
@Provider
public class ModelExceptionMapper implements ExceptionMapper<ModelException> {
private static final Logger logger = Logger.getLogger(ModelExceptionMapper.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Context
private KeycloakSession session;

21
services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
View file

@ -1,12 +1,29 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.services.resources;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.idm.PublishedRealmRepresentation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.resources.admin.AdminRoot;
import javax.ws.rs.GET;
@ -25,7 +42,7 @@ import javax.ws.rs.core.UriInfo;
* @version $Revision: 1 $
*/
public class PublicRealmResource {
protected static final Logger logger = Logger.getLogger(PublicRealmResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Context
protected UriInfo uriInfo;

21
services/src/main/java/org/keycloak/services/resources/RealmsResource.java
View file

@ -1,6 +1,22 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.services.resources;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.common.ClientConnection;
@ -13,6 +29,7 @@ import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.LoginProtocolFactory;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.clientregistration.ClientRegistrationService;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.util.CacheControlUtil;
@ -31,7 +48,7 @@ import javax.ws.rs.core.*;
*/
@Path("/realms")
public class RealmsResource {
protected static Logger logger = Logger.getLogger(RealmsResource.class);
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Context
protected KeycloakSession session;

21
services/src/main/java/org/keycloak/services/resources/ServerVersionResource.java
View file

@ -1,10 +1,27 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.services.resources;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.keycloak.representations.VersionRepresentation;
import org.keycloak.services.ServicesLogger;
import javax.ws.rs.GET;
import javax.ws.rs.OPTIONS;
@ -21,7 +38,7 @@ import javax.ws.rs.core.Response;
@Path("/version")
public class ServerVersionResource {
protected static final Logger logger = Logger.getLogger(ServerVersionResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Context
protected HttpRequest request;

23
services/src/main/java/org/keycloak/services/resources/ThemeResource.java Executable file → Normal file
View file

@ -1,11 +1,28 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.services.resources;
import org.jboss.logging.Logger;
import org.keycloak.common.Version;
import org.keycloak.theme.Theme;
import org.keycloak.theme.ThemeProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.common.util.MimeTypeUtil;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.util.CacheControlUtil;
import javax.ws.rs.GET;
@ -23,7 +40,7 @@ import java.io.InputStream;
@Path("/resources")
public class ThemeResource {
private static final Logger logger = Logger.getLogger(ThemeResource.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Context
private KeycloakSession session;
@ -53,7 +70,7 @@ public class ThemeResource {
return Response.status(Response.Status.NOT_FOUND).build();
}
} catch (Exception e) {
logger.warn("Failed to get theme resource", e);
logger.failedToGetThemeRequest(e);
return Response.serverError().build();
}
}

27
services/src/main/java/org/keycloak/services/resources/WelcomeResource.java
View file

@ -1,12 +1,29 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.services.resources;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.theme.FreeMarkerUtil;
import org.keycloak.theme.Theme;
import org.keycloak.theme.ThemeProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.common.util.MimeTypeUtil;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.ApplianceBootstrap;
import org.keycloak.services.util.CacheControlUtil;
@ -27,7 +44,7 @@ import java.util.Map;
@Path("/")
public class WelcomeResource {
private static final Logger logger = Logger.getLogger(WelcomeResource.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private boolean bootstrap;
@ -69,7 +86,7 @@ public class WelcomeResource {
return createWelcomePage(null, null);
} else {
if (!isLocal()) {
logger.errorv("Rejected non-local attempt to create initial user from {0}", session.getContext().getConnection().getRemoteAddr());
logger.rejectedNonLocalAttemptToCreateInitialUser(session.getContext().getConnection().getRemoteAddr());
throw new WebApplicationException(Response.Status.BAD_REQUEST);
}
@ -94,10 +111,10 @@ public class WelcomeResource {
bootstrap = false;
applianceBootstrap.createMasterRealmUser(username, password);
logger.infov("Created initial admin user with username {0}", username);
logger.createdInitialAdminUser(username);
return createWelcomePage("User created", null);
} else {
logger.warnv("Rejected attempt to create initial user as user is already created");
logger.initialUserAlreadyCreated();
return createWelcomePage(null, "Users already exists");
}
}

26
services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java Executable file → Normal file
View file

@ -1,7 +1,22 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import com.fasterxml.jackson.annotation.JsonProperty;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
@ -21,6 +36,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.ClientManager;
import org.keycloak.services.managers.AuthenticationManager;
@ -48,7 +64,7 @@ import javax.ws.rs.QueryParam;
* @version $Revision: 1 $
*/
public class AdminConsole {
protected static final Logger logger = Logger.getLogger(AdminConsole.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Context
protected UriInfo uriInfo;
@ -302,18 +318,18 @@ public class AdminConsole {
@Produces(MediaType.APPLICATION_JSON)
public Properties getMessages(@QueryParam("lang") String lang) {
if (lang == null) {
logger.warn("Locale not specified for messages.json");
logger.localeNotSpecified();
lang = "en";
}
try {
Properties msgs = getTheme().getMessages("admin-messages", Locale.forLanguageTag(lang));
if (msgs.isEmpty()) {
logger.warn("Message bundle not found for language code '" + lang + "'");
logger.msgBundleNotFound(lang);
msgs = getTheme().getMessages("admin-messages", Locale.ENGLISH);
}
if (msgs.isEmpty()) logger.fatal("Message bundle not found for language code 'en'");
if (msgs.isEmpty()) logger.msgBundleNotFoundForEn();
return msgs;
} catch (IOException e) {

28
services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java
View file

@ -1,10 +1,25 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import java.io.IOException;
import java.util.LinkedList;
import java.util.List;
import org.jboss.logging.Logger;
import org.keycloak.common.ClientConnection;
import org.keycloak.events.EventListenerProvider;
import org.keycloak.events.EventStoreProvider;
@ -15,6 +30,7 @@ import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.util.JsonSerialization;
import org.keycloak.common.util.Time;
@ -22,7 +38,7 @@ import javax.ws.rs.core.UriInfo;
public class AdminEventBuilder {
private static final Logger log = Logger.getLogger(AdminEventBuilder.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private EventStoreProvider store;
private List<EventListenerProvider> listeners;
@ -38,7 +54,7 @@ public class AdminEventBuilder {
if (store != null) {
this.store = store;
} else {
log.error("Admin Events enabled, but no event store provider configured");
logger.noEventStoreProvider();
}
}
@ -49,7 +65,7 @@ public class AdminEventBuilder {
if (listener != null) {
listeners.add(listener);
} else {
log.error("Event listener '" + id + "' registered, but provider not found");
logger.providerNotFound(id);
}
}
}
@ -199,7 +215,7 @@ public class AdminEventBuilder {
try {
store.onEvent(adminEvent, includeRepresentation);
} catch (Throwable t) {
log.error("Failed to save event", t);
logger.failedToSaveEvent(t);
}
}
@ -208,7 +224,7 @@ public class AdminEventBuilder {
try {
l.onEvent(adminEvent, includeRepresentation);
} catch (Throwable t) {
log.error("Failed to send type to " + l, t);
logger.failedToSendType(t, l);
}
}
}

22
services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.jboss.resteasy.spi.NoLogWebApplicationException;
@ -17,6 +32,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.AccessToken;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.RealmManager;
@ -40,7 +56,7 @@ import javax.ws.rs.core.UriInfo;
*/
@Path("/admin")
public class AdminRoot {
protected static final Logger logger = Logger.getLogger(AdminRoot.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
@Context
protected UriInfo uriInfo;
@ -189,7 +205,7 @@ public class AdminRoot {
}
Cors.add(request).allowedOrigins(auth.getToken()).allowedMethods("GET", "PUT", "POST", "DELETE").auth().build(response);
RealmsAdminResource adminResource = new RealmsAdminResource(auth, tokenManager);
ResteasyProviderFactory.getInstance().injectProperties(adminResource);
return adminResource;

20
services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java
View file

@ -1,12 +1,28 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.common.ClientConnection;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UsernameLoginFailureModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.BruteForceProtector;
import javax.ws.rs.DELETE;
@ -28,7 +44,7 @@ import java.util.Map;
* @version $Revision: 1 $
*/
public class AttackDetectionResource {
protected static final Logger logger = Logger.getLogger(AttackDetectionResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected RealmAuth auth;
protected RealmModel realm;
private AdminEventBuilder adminEvent;

26
services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
@ -23,6 +38,7 @@ import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.representations.idm.ConfigPropertyRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ServicesLogger;
import org.keycloak.utils.CredentialHelper;
import javax.ws.rs.Consumes;
@ -57,7 +73,7 @@ public class AuthenticationManagementResource {
@Context
private UriInfo uriInfo;
private static Logger logger = Logger.getLogger(AuthenticationManagementResource.class);
private static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
public AuthenticationManagementResource(RealmModel realm, KeycloakSession session, RealmAuth auth, AdminEventBuilder adminEvent) {
this.realm = realm;
@ -276,7 +292,7 @@ public class AuthenticationManagementResource {
@Consumes(MediaType.APPLICATION_JSON)
public Response createFlow(AuthenticationFlowModel model) {
this.auth.requireManage();
if (model.getAlias() == null || model.getAlias().isEmpty()) {
return ErrorResponse.exists("Failed to create flow with empty alias name");
}
@ -715,12 +731,12 @@ public class AuthenticationManagementResource {
if (parentFlow.isBuiltIn()) {
throw new BadRequestException("It is illegal to remove execution from a built in flow");
}
if(model.getFlowId() != null) {
AuthenticationFlowModel nonTopLevelFlow = realm.getAuthenticationFlowById(model.getFlowId());
realm.removeAuthenticationFlow(nonTopLevelFlow);
}
realm.removeAuthenticatorExecution(model);
}

20
services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
@ -23,6 +38,7 @@ import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.clientregistration.ClientRegistrationTokenUtils;
import org.keycloak.services.managers.ClientManager;
import org.keycloak.services.managers.RealmManager;
@ -62,7 +78,7 @@ import static java.lang.Boolean.TRUE;
* @version $Revision: 1 $
*/
public class ClientResource {
protected static final Logger logger = Logger.getLogger(ClientResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected RealmModel realm;
private RealmAuth auth;
private AdminEventBuilder adminEvent;

20
services/src/main/java/org/keycloak/services/resources/admin/ClientRoleMappingsResource.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.events.admin.OperationType;
@ -10,6 +25,7 @@ import org.keycloak.models.RoleMapperModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.ServicesLogger;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@ -30,7 +46,7 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public class ClientRoleMappingsResource {
protected static final Logger logger = Logger.getLogger(ClientRoleMappingsResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected RealmModel realm;
protected RealmAuth auth;

20
services/src/main/java/org/keycloak/services/resources/admin/ClientTemplateResource.java Executable file → Normal file
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.events.admin.OperationType;
@ -12,6 +27,7 @@ import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.ClientTemplateRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.resources.KeycloakApplication;
import javax.ws.rs.Consumes;
@ -33,7 +49,7 @@ import javax.ws.rs.core.UriInfo;
* @version $Revision: 1 $
*/
public class ClientTemplateResource {
protected static final Logger logger = Logger.getLogger(ClientTemplateResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected RealmModel realm;
private RealmAuth auth;
private AdminEventBuilder adminEvent;

26
services/src/main/java/org/keycloak/services/resources/admin/ClientTemplatesResource.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
@ -13,6 +28,7 @@ import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.ClientTemplateRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ServicesLogger;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
@ -34,7 +50,7 @@ import java.util.List;
* @version $Revision: 1 $
*/
public class ClientTemplatesResource {
protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected RealmModel realm;
private RealmAuth auth;
private AdminEventBuilder adminEvent;
@ -46,7 +62,7 @@ public class ClientTemplatesResource {
this.realm = realm;
this.auth = auth;
this.adminEvent = adminEvent;
auth.init(RealmAuth.Resource.CLIENT);
}
@ -96,9 +112,9 @@ public class ClientTemplatesResource {
try {
ClientTemplateModel clientModel = RepresentationToModel.createClientTemplate(session, realm, rep);
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("Client Template " + rep.getName() + " already exists");

28
services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
@ -12,6 +27,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.ClientManager;
import javax.ws.rs.Consumes;
@ -35,11 +51,11 @@ import java.util.List;
* @version $Revision: 1 $
*/
public class ClientsResource {
protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected RealmModel realm;
private RealmAuth auth;
private AdminEventBuilder adminEvent;
@Context
protected KeycloakSession session;
@ -47,7 +63,7 @@ public class ClientsResource {
this.realm = realm;
this.auth = auth;
this.adminEvent = adminEvent;
auth.init(RealmAuth.Resource.CLIENT);
}
@ -96,9 +112,9 @@ public class ClientsResource {
try {
ClientModel clientModel = ClientManager.createClient(session, realm, rep, true);
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("Client " + rep.getClientId() + " already exists");

19
services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
@ -36,8 +51,6 @@ import java.util.Set;
*/
public class GroupResource {
private static Logger logger = Logger.getLogger(GroupResource.class);
private final RealmModel realm;
private final KeycloakSession session;
private final RealmAuth auth;

19
services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
@ -28,8 +43,6 @@ import java.util.List;
*/
public class GroupsResource {
private static Logger logger = Logger.getLogger(GroupsResource.class);
private final RealmModel realm;
private final KeycloakSession session;
private final RealmAuth auth;

20
services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java Executable file → Normal file
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.broker.provider.IdentityProvider;
@ -24,6 +39,7 @@ import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderMapperTypeRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ServicesLogger;
import org.keycloak.broker.social.SocialIdentityProvider;
import javax.ws.rs.Consumes;
@ -51,7 +67,7 @@ import java.util.Map;
*/
public class IdentityProviderResource {
private static Logger logger = Logger.getLogger(IdentityProviderResource.class);
private static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private final RealmAuth auth;
private final RealmModel realm;

24
services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.events.admin.OperationType;
@ -12,6 +27,7 @@ import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ServicesLogger;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@ -36,12 +52,12 @@ import java.util.List;
* @version $Revision: 1 $
*/
public class ProtocolMappersResource {
protected static final Logger logger = Logger.getLogger(ProtocolMappersResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected ProtocolMapperContainerModel client;
protected RealmAuth auth;
protected AdminEventBuilder adminEvent;
@Context

20
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java Executable file → Normal file
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
@ -38,6 +53,7 @@ import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.LDAPConnectionTestManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.UsersSyncManager;
import org.keycloak.services.ErrorResponse;
import org.keycloak.timer.TimerProvider;
@ -75,7 +91,7 @@ import org.keycloak.representations.idm.PartialImportRepresentation;
* @version $Revision: 1 $
*/
public class RealmAdminResource {
protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected RealmAuth auth;
protected RealmModel realm;
private TokenManager tokenManager;

28
services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
@ -18,6 +33,7 @@ import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ServicesLogger;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
@ -43,16 +59,16 @@ import java.util.List;
* @version $Revision: 1 $
*/
public class RealmsAdminResource {
protected static final Logger logger = Logger.getLogger(RealmsAdminResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected AdminAuth auth;
protected TokenManager tokenManager;
@Context
protected KeycloakSession session;
@Context
protected KeycloakApplication keycloak;
@Context
protected ClientConnection clientConnection;
@ -132,7 +148,7 @@ public class RealmsAdminResource {
URI location = AdminRoot.realmsUrl(uriInfo).path(realm.getName()).build();
logger.debugv("imported realm success, sending back: {0}", location.toString());
return Response.created(location).build();
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("Realm " + rep.getRealm() + " already exists");
@ -177,7 +193,7 @@ public class RealmsAdminResource {
} else {
realmAuth = new RealmAuth(auth, realm.getClientByClientId(realmManager.getRealmAdminClientId(auth.getRealm())));
}
AdminEventBuilder adminEvent = new AdminEventBuilder(realm, auth, session, clientConnection);
session.getContext().setRealm(realm);

22
services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.events.admin.OperationType;
@ -10,6 +25,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.ServicesLogger;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@ -33,7 +49,7 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public class RoleByIdResource extends RoleResource {
protected static final Logger logger = Logger.getLogger(RoleByIdResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private final RealmModel realm;
private final RealmAuth auth;
private AdminEventBuilder adminEvent;
@ -226,7 +242,7 @@ public class RoleByIdResource extends RoleResource {
RoleModel role = getRoleModel(id);
auth.requireManage();
deleteComposites(roles, role);
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
}

20
services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java Executable file → Normal file
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.common.ClientConnection;
@ -14,6 +29,7 @@ import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.ClientMappingsRepresentation;
import org.keycloak.representations.idm.MappingsRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.RealmManager;
import javax.ws.rs.Consumes;
@ -40,7 +56,7 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public class RoleMapperResource {
protected static final Logger logger = Logger.getLogger(RoleMapperResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected RealmModel realm;

24
services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java
View file

@ -1,3 +1,19 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import java.util.Collections;
@ -21,7 +37,6 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.events.admin.OperationType;
@ -46,6 +61,7 @@ import org.keycloak.representations.idm.UserFederationMapperRepresentation;
import org.keycloak.representations.idm.UserFederationMapperTypeRepresentation;
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.UsersSyncManager;
import org.keycloak.timer.TimerProvider;
@ -54,7 +70,7 @@ import org.keycloak.timer.TimerProvider;
*/
public class UserFederationProviderResource {
protected static final Logger logger = Logger.getLogger(UserFederationProviderResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private final KeycloakSession session;
private final RealmModel realm;
@ -93,7 +109,7 @@ public class UserFederationProviderResource {
new UsersSyncManager().refreshPeriodicSyncForProvider(session.getKeycloakSessionFactory(), session.getProvider(TimerProvider.class), model, realm.getId());
boolean kerberosCredsAdded = UserFederationProvidersResource.checkKerberosCredential(session, realm, model);
if (kerberosCredsAdded) {
logger.info("Added 'kerberos' to required realm credentials");
logger.addedKerberosToRealmCredentials();
}
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
@ -335,7 +351,7 @@ public class UserFederationProviderResource {
UserFederationProviderFactory providerFactory = (UserFederationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, providerModel.getProviderName());
UserFederationProvider federationProvider = providerFactory.getInstance(session, providerModel);
logger.infof("Syncing data for mapper '%s' of type '%s'. Direction: %s", mapperModel.getName(), mapperModel.getFederationMapperType(), direction);
logger.syncingDataForMapper(mapperModel.getName(), mapperModel.getFederationMapperType(), direction);
UserFederationSyncResult syncResult;
if ("fedToKeycloak".equals(direction)) {

28
services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
@ -20,6 +35,7 @@ import org.keycloak.representations.idm.ConfigPropertyRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserFederationProviderFactoryRepresentation;
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.UsersSyncManager;
import org.keycloak.timer.TimerProvider;
import org.keycloak.utils.CredentialHelper;
@ -46,12 +62,12 @@ import java.util.List;
* @version $Revision: 1 $
*/
public class UserFederationProvidersResource {
protected static final Logger logger = Logger.getLogger(UserFederationProvidersResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected RealmModel realm;
protected RealmAuth auth;
protected AdminEventBuilder adminEvent;
@Context
@ -64,7 +80,7 @@ public class UserFederationProvidersResource {
this.auth = auth;
this.realm = realm;
this.adminEvent = adminEvent;
auth.init(RealmAuth.Resource.USER);
}
@ -165,10 +181,10 @@ public class UserFederationProvidersResource {
new UsersSyncManager().refreshPeriodicSyncForProvider(session.getKeycloakSessionFactory(), session.getProvider(TimerProvider.class), model, realm.getId());
boolean kerberosCredsAdded = checkKerberosCredential(session, realm, model);
if (kerberosCredsAdded) {
logger.info("Added 'kerberos' to required realm credentials");
logger.addedKerberosToRealmCredentials();
}
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(rep).success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();

22
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -1,6 +1,21 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
@ -43,6 +58,7 @@ import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.managers.UserManager;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.Urls;
import javax.ws.rs.Consumes;
@ -85,7 +101,7 @@ import org.keycloak.common.util.Time;
* @version $Revision: 1 $
*/
public class UsersResource {
protected static final Logger logger = Logger.getLogger(UsersResource.class);
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
protected RealmModel realm;
@ -804,7 +820,7 @@ public class UsersResource {
return Response.ok().build();
} catch (EmailException e) {
logger.error("Failed to send execute actions email", e);
logger.failedToSendActionsEmail(e);
return ErrorResponse.error("Failed to send execute actions email", Response.Status.INTERNAL_SERVER_ERROR);
}
}

8
services/src/main/java/org/keycloak/services/scheduled/ScheduledTaskRunner.java
View file

@ -1,15 +1,15 @@
package org.keycloak.services.scheduled;
import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.services.ServicesLogger;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ScheduledTaskRunner implements Runnable {
private static final Logger logger = Logger.getLogger(ScheduledTaskRunner.class);
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
private final KeycloakSessionFactory sessionFactory;
private final ScheduledTask task;
@ -29,14 +29,14 @@ public class ScheduledTaskRunner implements Runnable {
logger.debug("Executed scheduled task " + task.getClass().getSimpleName());
} catch (Throwable t) {
logger.error("Failed to run scheduled task " + task.getClass().getSimpleName(), t);
logger.failedToRunScheduledTask(t, task.getClass().getSimpleName());
session.getTransaction().rollback();
} finally {
try {
session.close();
} catch (Throwable t) {
logger.error("Failed to close ProviderSession", t);
logger.failedToCloseProviderSession(t);
}
}
}

77
services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java Executable file
View file

@ -0,0 +1,77 @@
package org.keycloak.social.microsoft;
import java.net.URLEncoder;
import org.jboss.logging.Logger;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
import org.keycloak.broker.oidc.util.JsonSimpleHttp;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.broker.social.SocialIdentityProvider;
import com.fasterxml.jackson.databind.JsonNode;
/**
*
* Identity provider for Microsoft account. Uses OAuth 2 protocol of Windows Live Services as documented at <a href="https://msdn.microsoft.com/en-us/library/hh243647.aspx">https://msdn.microsoft.com/en-us/library/hh243647.aspx</a>
*
* @author Vlastimil Elias (velias at redhat dot com)
*/
public class MicrosoftIdentityProvider extends AbstractOAuth2IdentityProvider implements SocialIdentityProvider {
private static final Logger log = Logger.getLogger(MicrosoftIdentityProvider.class);
public static final String AUTH_URL = "https://login.live.com/oauth20_authorize.srf";
public static final String TOKEN_URL = "https://login.live.com/oauth20_token.srf";
public static final String PROFILE_URL = "https://apis.live.net/v5.0/me";
public static final String DEFAULT_SCOPE = "wl.basic,wl.emails";
public MicrosoftIdentityProvider(OAuth2IdentityProviderConfig config) {
super(config);
config.setAuthorizationUrl(AUTH_URL);
config.setTokenUrl(TOKEN_URL);
config.setUserInfoUrl(PROFILE_URL);
}
@Override
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
try {
String URL = PROFILE_URL + "?access_token=" + URLEncoder.encode(accessToken, "UTF-8");
if (log.isDebugEnabled()) {
log.debug("Microsoft Live user profile request to: " + URL);
}
JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL));
String id = getJsonProperty(profile, "id");
String email = null;
if (profile.has("emails")) {
email = getJsonProperty(profile.get("emails"), "preferred");
}
BrokeredIdentityContext user = new BrokeredIdentityContext(id);
user.setUsername(email != null ? email : id);
user.setFirstName(getJsonProperty(profile, "first_name"));
user.setLastName(getJsonProperty(profile, "last_name"));
if (email != null)
user.setEmail(email);
user.setIdpConfig(getConfig());
user.setIdp(this);
AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
return user;
} catch (Exception e) {
throw new IdentityBrokerException("Could not obtain user profile from Microsoft Live ID.", e);
}
}
@Override
protected String getDefaultScopes() {
return DEFAULT_SCOPE;
}
}

46
services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProviderFactory.java Normal file
View file

@ -0,0 +1,46 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.social.microsoft;
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.provider.AbstractIdentityProviderFactory;
import org.keycloak.broker.social.SocialIdentityProviderFactory;
import org.keycloak.models.IdentityProviderModel;
/**
* @author Vlastimil Elias (velias at redhat dot com)
*/
public class MicrosoftIdentityProviderFactory extends AbstractIdentityProviderFactory<MicrosoftIdentityProvider> implements SocialIdentityProviderFactory<MicrosoftIdentityProvider> {
public static final String PROVIDER_ID = "microsoft";
@Override
public String getName() {
return "Microsoft";
}
@Override
public MicrosoftIdentityProvider create(IdentityProviderModel model) {
return new MicrosoftIdentityProvider(new OAuth2IdentityProviderConfig(model));
}
@Override
public String getId() {
return PROVIDER_ID;
}
}

Some files were not shown because too many files have changed in this diff Show more