Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
742f162cfc
107 changed files with 1803 additions and 395 deletions
|
@ -70,7 +70,6 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.jboss.logging</groupId>
|
<groupId>org.jboss.logging</groupId>
|
||||||
<artifactId>jboss-logging-annotations</artifactId>
|
<artifactId>jboss-logging-annotations</artifactId>
|
||||||
<version>${jboss-logging-tools.version}</version>
|
|
||||||
<!-- This is a compile-time dependency of this project, but is not needed at compile or runtime by other
|
<!-- This is a compile-time dependency of this project, but is not needed at compile or runtime by other
|
||||||
projects that depend on this project.-->
|
projects that depend on this project.-->
|
||||||
<scope>provided</scope>
|
<scope>provided</scope>
|
||||||
|
|
|
@ -70,7 +70,6 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.jboss.logging</groupId>
|
<groupId>org.jboss.logging</groupId>
|
||||||
<artifactId>jboss-logging-annotations</artifactId>
|
<artifactId>jboss-logging-annotations</artifactId>
|
||||||
<version>${jboss-logging-tools.version}</version>
|
|
||||||
<!-- This is a compile-time dependency of this project, but is not needed at compile or runtime by other
|
<!-- This is a compile-time dependency of this project, but is not needed at compile or runtime by other
|
||||||
projects that depend on this project.-->
|
projects that depend on this project.-->
|
||||||
<scope>provided</scope>
|
<scope>provided</scope>
|
||||||
|
|
|
@ -211,7 +211,7 @@
|
||||||
<para>
|
<para>
|
||||||
Social providers allows you to enable social authentication to your realm.
|
Social providers allows you to enable social authentication to your realm.
|
||||||
Keycloak makes it easy to let users log in to your application using an existing account with a social network.
|
Keycloak makes it easy to let users log in to your application using an existing account with a social network.
|
||||||
Currently Facebook, Google, Twitter, GitHub, LinkedIn and StackOverflow are supported with more planned for the future.
|
Currently Facebook, Google, Twitter, GitHub, LinkedIn, Microsoft and StackOverflow are supported with more planned for the future.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -357,7 +357,7 @@
|
||||||
So is trying to remember yet another username and password combination.
|
So is trying to remember yet another username and password combination.
|
||||||
Social identity providers makes it easy for users to register on your realm and quickly sign in using a social network.
|
Social identity providers makes it easy for users to register on your realm and quickly sign in using a social network.
|
||||||
Keycloak provides built-in support for the most common social networks out there, such as Google, Facebook, Twitter,
|
Keycloak provides built-in support for the most common social networks out there, such as Google, Facebook, Twitter,
|
||||||
Github, LinkedId and StackOverflow.
|
Github, LinkedId, Microsoft and StackOverflow.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
|
@ -855,6 +855,95 @@
|
||||||
</tgroup>
|
</tgroup>
|
||||||
</table>
|
</table>
|
||||||
</section>
|
</section>
|
||||||
|
<section>
|
||||||
|
<title>Microsoft</title>
|
||||||
|
<para>
|
||||||
|
To enable login with Microsoft account you first have to register an OAuth application on
|
||||||
|
<ulink url="https://account.live.com/developers/applications/index">Microsoft account Developer Center</ulink>. Then you need to copy the client id and secret into the Keycloak Admin Console.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Let's see first how to create an application with Microsoft.
|
||||||
|
</para>
|
||||||
|
<orderedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Go to <ulink url="https://account.live.com/developers/applications/create">create new application on Microsoft account Developer Center</ulink> url and login here.
|
||||||
|
Use any value for <literal>Application Name</literal>, <literal>Application Logo</literal> and <literal>URLs</literal> you want.
|
||||||
|
In <literal>API Settings</literal> set <literal>Target Domain</literal> to the domain where your Keycloak instance runs.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Copy <literal>Client Id</literal> and <literal>Client Secret</literal> from <literal>App Settings</literal> page.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</orderedlist>
|
||||||
|
<para>
|
||||||
|
Now that you have the client id and secret you can proceed with the creation of a Microsoft Identity Provider in Keycloak. As follows:
|
||||||
|
</para>
|
||||||
|
<orderedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Select the <literal>Microsoft</literal> identity provider from the drop-down box on the top right corner of the identity providers table in Keycloak's Admin Console. You should be presented with a specific page to configure the selected provided.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Copy the client id and client secret to their corresponding fields in the Keycloak Admin Console. Click <literal>Save</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</orderedlist>
|
||||||
|
<para>
|
||||||
|
Once you create the identity provider in Keycloak, you must update your Microsoft application with the redirect url that was
|
||||||
|
generated to your identity provider.
|
||||||
|
</para>
|
||||||
|
<orderedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Open the Microsoft account Developer Center and select <literal>API Settings</literal> of your application. In <literal>Redirect URLs</literal>
|
||||||
|
insert the redirect uri created by Keycloak. The redirect uri
|
||||||
|
usually have the following format: <literal>http://{host}:{port}/auth/realms/{realm}/broker/microsoft/endpoint</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</orderedlist>
|
||||||
|
<note>
|
||||||
|
<para>
|
||||||
|
You can always get the redirect url for a specific identity provider from the table presented when you
|
||||||
|
click on the 'Identity Provider' tab in <emphasis>Realm > Settings</emphasis>.
|
||||||
|
</para>
|
||||||
|
</note>
|
||||||
|
<para>
|
||||||
|
That is it! This pretty much what you need to do in order to setup this identity provider.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The table below lists some additional configuration options you may use when configuring this provider.
|
||||||
|
</para>
|
||||||
|
<table>
|
||||||
|
<title>Configuration Options</title>
|
||||||
|
<tgroup align="left" cols="2">
|
||||||
|
<thead>
|
||||||
|
<row>
|
||||||
|
<entry>
|
||||||
|
Configuration
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
Description
|
||||||
|
</entry>
|
||||||
|
</row>
|
||||||
|
</thead>
|
||||||
|
<tbody valign="top">
|
||||||
|
<row>
|
||||||
|
<entry>
|
||||||
|
<literal>Default Scopes</literal>
|
||||||
|
</entry>
|
||||||
|
<entry>
|
||||||
|
Allows you to manually specify the scopes that users must authorize when authenticating with this provider. For a complete list of scopes, please take a look at <ulink url="https://msdn.microsoft.com/en-us/library/hh243646.aspx">https://msdn.microsoft.com/en-us/library/hh243646.aspx</ulink>. By default, Keycloak uses the following scopes: <literal>wl.basic,wl.emails</literal>
|
||||||
|
</entry>
|
||||||
|
</row>
|
||||||
|
</tbody>
|
||||||
|
</tgroup>
|
||||||
|
</table>
|
||||||
|
</section>
|
||||||
<section>
|
<section>
|
||||||
<title>StackOverflow</title>
|
<title>StackOverflow</title>
|
||||||
<para>
|
<para>
|
||||||
|
@ -1282,7 +1371,7 @@ keycloak.createLoginUrl({
|
||||||
<section>
|
<section>
|
||||||
<title>Mapping/Importing User profile data from Social Identity Provider</title>
|
<title>Mapping/Importing User profile data from Social Identity Provider</title>
|
||||||
<para>
|
<para>
|
||||||
You can import user profile data provided by social identity providers like Google, GitHub, LinkedIn, Stackoverflow and Facebook
|
You can import user profile data provided by social identity providers like Google, GitHub, LinkedIn, Microsoft, Stackoverflow and Facebook
|
||||||
into new Keycloak user created from given social accounts. After you configure a broker, you'll see a <literal>Mappers</literal>
|
into new Keycloak user created from given social accounts. After you configure a broker, you'll see a <literal>Mappers</literal>
|
||||||
button appear. Click on that and you'll get to the list of mappers that are assigned to this broker. There is a
|
button appear. Click on that and you'll get to the list of mappers that are assigned to this broker. There is a
|
||||||
<literal>Create</literal> button on this page. Clicking on this create button allows you to create a broker mapper.
|
<literal>Create</literal> button on this page. Clicking on this create button allows you to create a broker mapper.
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
<title>Javascript Adapter</title>
|
<title>Javascript Adapter</title>
|
||||||
<para>
|
<para>
|
||||||
The Keycloak Server comes with a Javascript library you can use to secure HTML/Javascript applications. This
|
The Keycloak Server comes with a Javascript library you can use to secure HTML/Javascript applications. This
|
||||||
library is referencable directly from the keycloak server. You can also download the adapter from Keycloak's download
|
library is referenceable directly from the keycloak server. You can also download the adapter from Keycloak's download
|
||||||
site if you want a static copy of this library. It
|
site if you want a static copy. It
|
||||||
works in the same way as other application adapters except that your browser is driving the OAuth redirect protocol
|
works in the same way as other application adapters except that your browser is driving the OAuth redirect protocol
|
||||||
rather than the server.
|
rather than the server.
|
||||||
</para>
|
</para>
|
||||||
|
@ -14,13 +14,13 @@
|
||||||
<para>
|
<para>
|
||||||
To use this adapter, you must first configure an application (or client) through the <literal>Keycloak Admin Console</literal>.
|
To use this adapter, you must first configure an application (or client) through the <literal>Keycloak Admin Console</literal>.
|
||||||
You should select <literal>public</literal> for the <literal>Client Type</literal> field. As public clients can't
|
You should select <literal>public</literal> for the <literal>Client Type</literal> field. As public clients can't
|
||||||
be verified with a client secret you are required to configure one or more valid redirect uris as well.
|
be verified with a client secret, you are required to configure one or more valid redirect uris.
|
||||||
Once you've configured the application click on the <literal>Installation</literal> tab and download the <literal>keycloak.json</literal>
|
Once you've configured the application, click on the <literal>Installation</literal> tab and download the <literal>keycloak.json</literal>
|
||||||
file. This file should be hosted in your web-server at the same root as your HTML pages. Alternatively you can either
|
file. This file should be hosted on your web-server at the same root as your HTML pages. Alternatively, you can manually
|
||||||
specify the URL for this file, or manually configure the adapter.
|
configure the adapter and specify the URL for this file.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
Next you have to initialize the adapter in your application. An example on how to do this is shown below.
|
Next, you have to initialize the adapter in your application. An example is shown below.
|
||||||
<programlisting><![CDATA[
|
<programlisting><![CDATA[
|
||||||
<head>
|
<head>
|
||||||
<script src="http://<keycloak server>/auth/js/keycloak.js"></script>
|
<script src="http://<keycloak server>/auth/js/keycloak.js"></script>
|
||||||
|
@ -47,7 +47,7 @@ var keycloak = Keycloak({
|
||||||
});
|
});
|
||||||
]]></programlisting>
|
]]></programlisting>
|
||||||
You can also pass <literal>login-required</literal> or <literal>check-sso</literal> to the init function. Login
|
You can also pass <literal>login-required</literal> or <literal>check-sso</literal> to the init function. Login
|
||||||
required will redirect to the login form on the server, while check-sso will redirect to the auth server to check
|
required will cause a redirect to the login form on the server, while check-sso will simply redirect to the auth server to check
|
||||||
if the user is already logged in to the realm. For example:
|
if the user is already logged in to the realm. For example:
|
||||||
<programlisting><![CDATA[
|
<programlisting><![CDATA[
|
||||||
keycloak.init({ onLoad: 'login-required' })
|
keycloak.init({ onLoad: 'login-required' })
|
||||||
|
@ -111,9 +111,9 @@ keycloak.init({ onLoad: 'login-required' })
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
To refresh the token if it's expired call the <literal>updateToken</literal> method. This method returns a promise
|
To refresh the token when it is expired, call the <literal>updateToken</literal> method. This method returns a promise
|
||||||
object which can be used to invoke a function on success or failure. This method can be used to wrap functions
|
object, which can be used to invoke a function on success or failure. This method can be used to wrap functions
|
||||||
that should only be called with a valid token. For example the following method will refresh the token if it
|
that should only be called with a valid token. For example, the following method will refresh the token if it
|
||||||
expires within 30 seconds, and then invoke the specified function. If the token is valid for more than 30 seconds it
|
expires within 30 seconds, and then invoke the specified function. If the token is valid for more than 30 seconds it
|
||||||
will just call the specified function.
|
will just call the specified function.
|
||||||
<programlisting><![CDATA[
|
<programlisting><![CDATA[
|
||||||
|
@ -129,7 +129,7 @@ keycloak.updateToken(30).success(function() {
|
||||||
<title>Session status iframe</title>
|
<title>Session status iframe</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
By default the JavaScript adapter creates a non-visible iframe that is used to detect if a single-sign out has occured.
|
By default, the JavaScript adapter creates a non-visible iframe that is used to detect if a single-sign out has occurred.
|
||||||
This does not require any network traffic, instead the status is retrieved from a special status cookie. This feature can be disabled
|
This does not require any network traffic, instead the status is retrieved from a special status cookie. This feature can be disabled
|
||||||
by setting <literal>checkLoginIframe: false</literal> in the options passed to the <literal>init</literal>
|
by setting <literal>checkLoginIframe: false</literal> in the options passed to the <literal>init</literal>
|
||||||
method.
|
method.
|
||||||
|
@ -140,33 +140,32 @@ keycloak.updateToken(30).success(function() {
|
||||||
<title>Implicit and Hybrid Flow</title>
|
<title>Implicit and Hybrid Flow</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
By default the JavaScript adapter uses <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">OpenID Connect standard (Authorization code) flow</ulink>, which
|
By default, the JavaScript adapter uses <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">OpenID Connect standard (Authorization code) flow</ulink>, which
|
||||||
means that after authentication will Keycloak server redirects back to your application and Javascript adapter will exchange <literal>code</literal> for access token and refresh token.
|
means that after authentication, the Keycloak server redirects the user back to your application, where the JavaScript adapter will exchange the <literal>code</literal> for an access token and a refresh token.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
However Keycloak also supports <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth">OpenID Connect Implicit flow</ulink>
|
However, Keycloak also supports <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth">OpenID Connect Implicit flow</ulink>
|
||||||
where access token is directly sent after successful authentication from Keycloak and there is no additional request for exchange code.
|
where an access token is sent immediately after successful authentication with Keycloak (there is no additional request for exchange code).
|
||||||
This might have better performance than standard flow as there is no additional request for exchange code-to-token. However sending access token
|
This could have better performance than standard flow, as there is no additional request to exchange the code for tokens. However, sending the access token
|
||||||
in URL fragment might be security issue in some environments (Token can be more easily stolen from the network etc).
|
in the URL fragment could pose a security issue in some environments (access logs might expose tokens located in the URL).
|
||||||
</para>
|
</para>
|
||||||
<para>To enable implicit flow, you need to enable the flag <literal>Implicit Flow Enabled</literal> for the client in Keycloak admin console. You also need to pass
|
<para>To enable implicit flow, you need to enable the <literal>Implicit Flow Enabled</literal> flag for the client in the Keycloak admin console. You also need to pass
|
||||||
the parameter <literal>flow</literal> with value <literal>implicit</literal> to <literal>init</literal> method, so that Javascript adapter will use implicit flow instead of standard flow.
|
the parameter <literal>flow</literal> with value <literal>implicit</literal> to <literal>init</literal> method.
|
||||||
The example is here:
|
An example is below:
|
||||||
<programlisting><![CDATA[
|
<programlisting><![CDATA[
|
||||||
keycloak.init({ flow: 'implicit' })
|
keycloak.init({ flow: 'implicit' })
|
||||||
]]></programlisting>
|
]]></programlisting>
|
||||||
Note that with implicit flow, you don't have refresh token available after authentication. This makes it harder for your application to periodically update
|
Note that with implicit flow, you are not given a refresh token after authentication. This makes it harder for your application to periodically update
|
||||||
access token in background (without browser redirection). It's recommended that you implement <literal>onTokenExpired</literal> callback method on keycloak object, so you
|
the access token in background (without browser redirection). It's recommended that you implement an <literal>onTokenExpired</literal> callback method on the keycloak object, so you
|
||||||
have possibility to do something after token is expired (For example you can call keycloak.login, which will redirect browser to Keycloak login screen and it will immediately
|
are notified after the token is expired (For example you can call keycloak.login, which will redirect browser to Keycloak login screen and it will immediately
|
||||||
redirect you back if SSO session is still valid and user is still logged. However make sure to save the application state before doing redirect.)
|
redirect you back if the SSO session is still valid and the user is still logged. However, make sure to save the application state before performing a redirect.)
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
Keycloak also have support for <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth">OpenID Connect Hybrid flow</ulink>. This requires
|
Keycloak also has support for <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth">OpenID Connect Hybrid flow</ulink>. This requires
|
||||||
that client in admin console has both flags <literal>Standard Flow Enabled</literal> and <literal>Implicit Flow Enabled</literal> enabled in admin console.
|
the client to have both the <literal>Standard Flow Enabled</literal> and <literal>Implicit Flow Enabled</literal> flags enabled in the admin console.
|
||||||
The Keycloak will send both the code and tokens to your application. Access token can be immediately used and in the meantime, code can be exchanged for access token and refresh token.
|
The Keycloak server will then send both the code and tokens to your application. The access token can be used immediately while the code can be exchanged for access and refresh tokens.
|
||||||
Hybrid flow is good for performance similarly like implicit flow, because access token is available immediatelly to your application. But similarly like implicit flow, the token is
|
Similar to the implicit flow, the hybrid flow is good for performance because the access token is available immediately. But, the token is still sent in the URL, and security risks might still apply.
|
||||||
sent in URL fragment, so security may not be so good.
|
However, one advantage over the implicit flow is that a refresh token is made available to the application (after the code-to-token request is finished).
|
||||||
One advantage over implicit flow is, that you have also refresh token available in your application (after code-to-token request is finished in background).
|
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
For hybrid flow, you need to pass the parameter <literal>flow</literal> with value <literal>hybrid</literal> to <literal>init</literal> method.
|
For hybrid flow, you need to pass the parameter <literal>flow</literal> with value <literal>hybrid</literal> to <literal>init</literal> method.
|
||||||
|
@ -410,4 +409,4 @@ keycloak.onAuthSuccess = function() { alert('authenticated'); }
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
|
@ -117,7 +117,7 @@
|
||||||
|
|
||||||
<update tableName="CREDENTIAL">
|
<update tableName="CREDENTIAL">
|
||||||
<column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
|
<column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
|
||||||
<where>TYPE in ('password-history', 'password') AND ALGORITHM is 'HmacSHA1'</where>
|
<where>TYPE in ('password-history', 'password') AND ALGORITHM = 'HmacSHA1'</where>
|
||||||
</update>
|
</update>
|
||||||
</changeSet>
|
</changeSet>
|
||||||
|
|
||||||
|
|
13
pom.xml
Executable file → Normal file
13
pom.xml
Executable file → Normal file
|
@ -35,7 +35,8 @@
|
||||||
<undertow.version>1.3.10.Final</undertow.version>
|
<undertow.version>1.3.10.Final</undertow.version>
|
||||||
<picketlink.version>2.7.0.Final</picketlink.version>
|
<picketlink.version>2.7.0.Final</picketlink.version>
|
||||||
<mongo.driver.version>3.2.0</mongo.driver.version>
|
<mongo.driver.version>3.2.0</mongo.driver.version>
|
||||||
<jboss.logging.version>3.1.4.GA</jboss.logging.version>
|
<jboss.logging.version>3.3.0.Final</jboss.logging.version>
|
||||||
|
<jboss.logging.tools.version>2.0.1.Final</jboss.logging.tools.version>
|
||||||
<jboss-logging-tools.version>1.2.0.Beta1</jboss-logging-tools.version>
|
<jboss-logging-tools.version>1.2.0.Beta1</jboss-logging-tools.version>
|
||||||
<jboss.spec.javax.xml.bind.jboss-jaxb-api_2.2_spec.version>1.0.4.Final</jboss.spec.javax.xml.bind.jboss-jaxb-api_2.2_spec.version>
|
<jboss.spec.javax.xml.bind.jboss-jaxb-api_2.2_spec.version>1.0.4.Final</jboss.spec.javax.xml.bind.jboss-jaxb-api_2.2_spec.version>
|
||||||
<jboss-jaxrs-api_2.0_spec>1.0.0.Final</jboss-jaxrs-api_2.0_spec>
|
<jboss-jaxrs-api_2.0_spec>1.0.0.Final</jboss-jaxrs-api_2.0_spec>
|
||||||
|
@ -297,6 +298,16 @@
|
||||||
<artifactId>jboss-logging</artifactId>
|
<artifactId>jboss-logging</artifactId>
|
||||||
<version>${jboss.logging.version}</version>
|
<version>${jboss.logging.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.logging</groupId>
|
||||||
|
<artifactId>jboss-logging-annotations</artifactId>
|
||||||
|
<version>${jboss.logging.tools.version}</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.logging</groupId>
|
||||||
|
<artifactId>jboss-logging-processor</artifactId>
|
||||||
|
<version>${jboss.logging.tools.version}</version>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>log4j</groupId>
|
<groupId>log4j</groupId>
|
||||||
<artifactId>log4j</artifactId>
|
<artifactId>log4j</artifactId>
|
||||||
|
|
|
@ -57,6 +57,18 @@
|
||||||
<groupId>org.jboss.logging</groupId>
|
<groupId>org.jboss.logging</groupId>
|
||||||
<artifactId>jboss-logging</artifactId>
|
<artifactId>jboss-logging</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.logging</groupId>
|
||||||
|
<artifactId>jboss-logging-annotations</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
<optional>true</optional>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.logging</groupId>
|
||||||
|
<artifactId>jboss-logging-processor</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
<optional>true</optional>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.jboss.resteasy</groupId>
|
<groupId>org.jboss.resteasy</groupId>
|
||||||
<artifactId>resteasy-jaxrs</artifactId>
|
<artifactId>resteasy-jaxrs</artifactId>
|
||||||
|
@ -129,6 +141,9 @@
|
||||||
<configuration>
|
<configuration>
|
||||||
<source>${maven.compiler.source}</source>
|
<source>${maven.compiler.source}</source>
|
||||||
<target>${maven.compiler.target}</target>
|
<target>${maven.compiler.target}</target>
|
||||||
|
<compilerArgument>
|
||||||
|
-AgeneratedTranslationFilesPath=${project.build.directory}/generated-translation-files
|
||||||
|
</compilerArgument>
|
||||||
</configuration>
|
</configuration>
|
||||||
</plugin>
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.authentication;
|
package org.keycloak.authentication;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
|
@ -24,6 +23,7 @@ import org.keycloak.protocol.LoginProtocol;
|
||||||
import org.keycloak.protocol.LoginProtocol.Error;
|
import org.keycloak.protocol.LoginProtocol.Error;
|
||||||
import org.keycloak.protocol.oidc.TokenManager;
|
import org.keycloak.protocol.oidc.TokenManager;
|
||||||
import org.keycloak.services.ErrorPage;
|
import org.keycloak.services.ErrorPage;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.BruteForceProtector;
|
import org.keycloak.services.managers.BruteForceProtector;
|
||||||
import org.keycloak.services.managers.ClientSessionCode;
|
import org.keycloak.services.managers.ClientSessionCode;
|
||||||
|
@ -44,7 +44,7 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public class AuthenticationProcessor {
|
public class AuthenticationProcessor {
|
||||||
public static final String CURRENT_AUTHENTICATION_EXECUTION = "current.authentication.execution";
|
public static final String CURRENT_AUTHENTICATION_EXECUTION = "current.authentication.execution";
|
||||||
protected static Logger logger = Logger.getLogger(AuthenticationProcessor.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
protected RealmModel realm;
|
protected RealmModel realm;
|
||||||
protected UserSessionModel userSession;
|
protected UserSessionModel userSession;
|
||||||
protected ClientSessionModel clientSession;
|
protected ClientSessionModel clientSession;
|
||||||
|
@ -539,25 +539,25 @@ public class AuthenticationProcessor {
|
||||||
if (failure instanceof AuthenticationFlowException) {
|
if (failure instanceof AuthenticationFlowException) {
|
||||||
AuthenticationFlowException e = (AuthenticationFlowException) failure;
|
AuthenticationFlowException e = (AuthenticationFlowException) failure;
|
||||||
if (e.getError() == AuthenticationFlowError.INVALID_USER) {
|
if (e.getError() == AuthenticationFlowError.INVALID_USER) {
|
||||||
logger.error("failed authentication: " + e.getError().toString(), e);
|
logger.failedAuthentication(e);
|
||||||
event.error(Errors.USER_NOT_FOUND);
|
event.error(Errors.USER_NOT_FOUND);
|
||||||
return ErrorPage.error(session, Messages.INVALID_USER);
|
return ErrorPage.error(session, Messages.INVALID_USER);
|
||||||
} else if (e.getError() == AuthenticationFlowError.USER_DISABLED) {
|
} else if (e.getError() == AuthenticationFlowError.USER_DISABLED) {
|
||||||
logger.error("failed authentication: " + e.getError().toString(), e);
|
logger.failedAuthentication(e);
|
||||||
event.error(Errors.USER_DISABLED);
|
event.error(Errors.USER_DISABLED);
|
||||||
return ErrorPage.error(session, Messages.ACCOUNT_DISABLED);
|
return ErrorPage.error(session, Messages.ACCOUNT_DISABLED);
|
||||||
} else if (e.getError() == AuthenticationFlowError.USER_TEMPORARILY_DISABLED) {
|
} else if (e.getError() == AuthenticationFlowError.USER_TEMPORARILY_DISABLED) {
|
||||||
logger.error("failed authentication: " + e.getError().toString(), e);
|
logger.failedAuthentication(e);
|
||||||
event.error(Errors.USER_TEMPORARILY_DISABLED);
|
event.error(Errors.USER_TEMPORARILY_DISABLED);
|
||||||
return ErrorPage.error(session, Messages.ACCOUNT_TEMPORARILY_DISABLED);
|
return ErrorPage.error(session, Messages.ACCOUNT_TEMPORARILY_DISABLED);
|
||||||
|
|
||||||
} else if (e.getError() == AuthenticationFlowError.INVALID_CLIENT_SESSION) {
|
} else if (e.getError() == AuthenticationFlowError.INVALID_CLIENT_SESSION) {
|
||||||
logger.error("failed authentication: " + e.getError().toString(), e);
|
logger.failedAuthentication(e);
|
||||||
event.error(Errors.INVALID_CODE);
|
event.error(Errors.INVALID_CODE);
|
||||||
return ErrorPage.error(session, Messages.INVALID_CODE);
|
return ErrorPage.error(session, Messages.INVALID_CODE);
|
||||||
|
|
||||||
} else if (e.getError() == AuthenticationFlowError.EXPIRED_CODE) {
|
} else if (e.getError() == AuthenticationFlowError.EXPIRED_CODE) {
|
||||||
logger.error("failed authentication: " + e.getError().toString(), e);
|
logger.failedAuthentication(e);
|
||||||
event.error(Errors.EXPIRED_CODE);
|
event.error(Errors.EXPIRED_CODE);
|
||||||
return ErrorPage.error(session, Messages.EXPIRED_CODE);
|
return ErrorPage.error(session, Messages.EXPIRED_CODE);
|
||||||
|
|
||||||
|
@ -580,13 +580,13 @@ public class AuthenticationProcessor {
|
||||||
return processor.authenticate();
|
return processor.authenticate();
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
logger.error("failed authentication: " + e.getError().toString(), e);
|
logger.failedAuthentication(e);
|
||||||
event.error(Errors.INVALID_USER_CREDENTIALS);
|
event.error(Errors.INVALID_USER_CREDENTIALS);
|
||||||
return ErrorPage.error(session, Messages.INVALID_USER);
|
return ErrorPage.error(session, Messages.INVALID_USER);
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
logger.error("failed authentication", failure);
|
logger.failedAuthentication(failure);
|
||||||
event.error(Errors.INVALID_USER_CREDENTIALS);
|
event.error(Errors.INVALID_USER_CREDENTIALS);
|
||||||
return ErrorPage.error(session, Messages.UNEXPECTED_ERROR_HANDLING_REQUEST);
|
return ErrorPage.error(session, Messages.UNEXPECTED_ERROR_HANDLING_REQUEST);
|
||||||
}
|
}
|
||||||
|
@ -596,7 +596,7 @@ public class AuthenticationProcessor {
|
||||||
public Response handleClientAuthException(Exception failure) {
|
public Response handleClientAuthException(Exception failure) {
|
||||||
if (failure instanceof AuthenticationFlowException) {
|
if (failure instanceof AuthenticationFlowException) {
|
||||||
AuthenticationFlowException e = (AuthenticationFlowException) failure;
|
AuthenticationFlowException e = (AuthenticationFlowException) failure;
|
||||||
logger.error("Failed client authentication: " + e.getError().toString(), e);
|
logger.failedClientAuthentication(e);
|
||||||
if (e.getError() == AuthenticationFlowError.CLIENT_NOT_FOUND) {
|
if (e.getError() == AuthenticationFlowError.CLIENT_NOT_FOUND) {
|
||||||
event.error(Errors.CLIENT_NOT_FOUND);
|
event.error(Errors.CLIENT_NOT_FOUND);
|
||||||
return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "invalid_client", "Could not find client");
|
return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "invalid_client", "Could not find client");
|
||||||
|
@ -611,7 +611,7 @@ public class AuthenticationProcessor {
|
||||||
return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", e.getError().toString() + ": " + e.getMessage());
|
return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", e.getError().toString() + ": " + e.getMessage());
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
logger.error("Unexpected error when authenticating client", failure);
|
logger.errorAuthenticatingClient(failure);
|
||||||
event.error(Errors.INVALID_CLIENT_CREDENTIALS);
|
event.error(Errors.INVALID_CLIENT_CREDENTIALS);
|
||||||
return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Unexpected error when authenticating client: " + failure.getMessage());
|
return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Unexpected error when authenticating client: " + failure.getMessage());
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,12 +12,15 @@ import org.keycloak.models.AuthenticationExecutionModel;
|
||||||
import org.keycloak.models.AuthenticationFlowModel;
|
import org.keycloak.models.AuthenticationFlowModel;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
*/
|
*/
|
||||||
public class ClientAuthenticationFlow implements AuthenticationFlow {
|
public class ClientAuthenticationFlow implements AuthenticationFlow {
|
||||||
|
|
||||||
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
Response alternativeChallenge = null;
|
Response alternativeChallenge = null;
|
||||||
AuthenticationProcessor processor;
|
AuthenticationProcessor processor;
|
||||||
AuthenticationFlowModel flow;
|
AuthenticationFlowModel flow;
|
||||||
|
@ -42,7 +45,7 @@ public class ClientAuthenticationFlow implements AuthenticationFlow {
|
||||||
throw new AuthenticationFlowException("Could not find ClientAuthenticatorFactory for: " + model.getAuthenticator(), AuthenticationFlowError.INTERNAL_ERROR);
|
throw new AuthenticationFlowException("Could not find ClientAuthenticatorFactory for: " + model.getAuthenticator(), AuthenticationFlowError.INTERNAL_ERROR);
|
||||||
}
|
}
|
||||||
ClientAuthenticator authenticator = factory.create();
|
ClientAuthenticator authenticator = factory.create();
|
||||||
AuthenticationProcessor.logger.debugv("client authenticator: {0}", factory.getId());
|
logger.debugv("client authenticator: {0}", factory.getId());
|
||||||
|
|
||||||
AuthenticationProcessor.Result context = processor.createClientAuthenticatorContext(model, authenticator, executions);
|
AuthenticationProcessor.Result context = processor.createClientAuthenticatorContext(model, authenticator, executions);
|
||||||
authenticator.authenticateClient(context);
|
authenticator.authenticateClient(context);
|
||||||
|
@ -54,7 +57,7 @@ public class ClientAuthenticationFlow implements AuthenticationFlow {
|
||||||
// Fallback to secret just in case (for backwards compatibility)
|
// Fallback to secret just in case (for backwards compatibility)
|
||||||
if (expectedClientAuthType == null) {
|
if (expectedClientAuthType == null) {
|
||||||
expectedClientAuthType = KeycloakModelUtils.getDefaultClientAuthenticatorType();
|
expectedClientAuthType = KeycloakModelUtils.getDefaultClientAuthenticatorType();
|
||||||
AuthenticationProcessor.logger.warnv("Client {0} doesn't have have authentication method configured. Fallback to {1}", client.getClientId(), expectedClientAuthType);
|
logger.authMethodFallback(client.getClientId(), expectedClientAuthType);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if client authentication matches
|
// Check if client authentication matches
|
||||||
|
@ -66,7 +69,7 @@ public class ClientAuthenticationFlow implements AuthenticationFlow {
|
||||||
throw new AuthenticationFlowException("Expected success, but for an unknown reason the status was " + context.getStatus(), AuthenticationFlowError.INTERNAL_ERROR);
|
throw new AuthenticationFlowException("Expected success, but for an unknown reason the status was " + context.getStatus(), AuthenticationFlowError.INTERNAL_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
AuthenticationProcessor.logger.debugv("Client {0} authenticated by {1}", client.getClientId(), factory.getId());
|
logger.debugv("Client {0} authenticated by {1}", client.getClientId(), factory.getId());
|
||||||
processor.getEvent().detail(Details.CLIENT_AUTH_METHOD, factory.getId());
|
processor.getEvent().detail(Details.CLIENT_AUTH_METHOD, factory.getId());
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -96,12 +99,12 @@ public class ClientAuthenticationFlow implements AuthenticationFlow {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (AuthenticationProcessor.logger.isTraceEnabled()) {
|
if (logger.isTraceEnabled()) {
|
||||||
List<String> exIds = new ArrayList<>();
|
List<String> exIds = new ArrayList<>();
|
||||||
for (AuthenticationExecutionModel execution : executionsToRun) {
|
for (AuthenticationExecutionModel execution : executionsToRun) {
|
||||||
exIds.add(execution.getId());
|
exIds.add(execution.getId());
|
||||||
}
|
}
|
||||||
AuthenticationProcessor.logger.tracef("Using executions for client authentication: %s", exIds.toString());
|
logger.tracef("Using executions for client authentication: %s", exIds.toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
return executionsToRun;
|
return executionsToRun;
|
||||||
|
@ -111,7 +114,7 @@ public class ClientAuthenticationFlow implements AuthenticationFlow {
|
||||||
AuthenticationExecutionModel execution = result.getExecution();
|
AuthenticationExecutionModel execution = result.getExecution();
|
||||||
FlowStatus status = result.getStatus();
|
FlowStatus status = result.getStatus();
|
||||||
|
|
||||||
AuthenticationProcessor.logger.debugv("client authenticator {0}: {1}", status.toString(), execution.getAuthenticator());
|
logger.debugv("client authenticator {0}: {1}", status.toString(), execution.getAuthenticator());
|
||||||
|
|
||||||
if (status == FlowStatus.SUCCESS) {
|
if (status == FlowStatus.SUCCESS) {
|
||||||
return null;
|
return null;
|
||||||
|
@ -135,13 +138,13 @@ public class ClientAuthenticationFlow implements AuthenticationFlow {
|
||||||
} else if (status == FlowStatus.FAILURE_CHALLENGE) {
|
} else if (status == FlowStatus.FAILURE_CHALLENGE) {
|
||||||
return sendChallenge(result, execution);
|
return sendChallenge(result, execution);
|
||||||
} else {
|
} else {
|
||||||
AuthenticationProcessor.logger.error("Unknown result status");
|
logger.unknownResultStatus();
|
||||||
throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
|
throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public Response sendChallenge(AuthenticationProcessor.Result result, AuthenticationExecutionModel execution) {
|
public Response sendChallenge(AuthenticationProcessor.Result result, AuthenticationExecutionModel execution) {
|
||||||
AuthenticationProcessor.logger.debugv("client authenticator: sending challenge for authentication execution {0}", execution.getAuthenticator());
|
logger.debugv("client authenticator: sending challenge for authentication execution {0}", execution.getAuthenticator());
|
||||||
|
|
||||||
if (result.getError() != null) {
|
if (result.getError() != null) {
|
||||||
String errorAsString = result.getError().toString().toLowerCase();
|
String errorAsString = result.getError().toString().toLowerCase();
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
package org.keycloak.authentication;
|
package org.keycloak.authentication;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.models.AuthenticationExecutionModel;
|
import org.keycloak.models.AuthenticationExecutionModel;
|
||||||
import org.keycloak.models.AuthenticationFlowModel;
|
import org.keycloak.models.AuthenticationFlowModel;
|
||||||
import org.keycloak.models.ClientSessionModel;
|
import org.keycloak.models.ClientSessionModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
|
@ -15,7 +15,7 @@ import java.util.List;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
||||||
protected static Logger logger = Logger.getLogger(DefaultAuthenticationFlow.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
Response alternativeChallenge = null;
|
Response alternativeChallenge = null;
|
||||||
AuthenticationExecutionModel challengedAlternativeExecution = null;
|
AuthenticationExecutionModel challengedAlternativeExecution = null;
|
||||||
boolean alternativeSuccessful = false;
|
boolean alternativeSuccessful = false;
|
||||||
|
@ -222,7 +222,7 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
||||||
return processor.authenticate();
|
return processor.authenticate();
|
||||||
default:
|
default:
|
||||||
logger.debugv("authenticator INTERNAL_ERROR: {0}", execution.getAuthenticator());
|
logger.debugv("authenticator INTERNAL_ERROR: {0}", execution.getAuthenticator());
|
||||||
logger.error("Unknown result status");
|
logger.unknownResultStatus();
|
||||||
throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
|
throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,6 @@ package org.keycloak.authentication.authenticators.broker;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
import org.keycloak.authentication.AuthenticationFlowException;
|
import org.keycloak.authentication.AuthenticationFlowException;
|
||||||
|
@ -15,6 +14,7 @@ import org.keycloak.models.ClientSessionModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -22,7 +22,7 @@ import org.keycloak.services.messages.Messages;
|
||||||
*/
|
*/
|
||||||
public class IdpConfirmLinkAuthenticator extends AbstractIdpAuthenticator {
|
public class IdpConfirmLinkAuthenticator extends AbstractIdpAuthenticator {
|
||||||
|
|
||||||
protected static Logger logger = Logger.getLogger(IdpConfirmLinkAuthenticator.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void authenticateImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext) {
|
protected void authenticateImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext) {
|
||||||
|
@ -30,7 +30,7 @@ public class IdpConfirmLinkAuthenticator extends AbstractIdpAuthenticator {
|
||||||
|
|
||||||
String existingUserInfo = clientSession.getNote(EXISTING_USER_INFO);
|
String existingUserInfo = clientSession.getNote(EXISTING_USER_INFO);
|
||||||
if (existingUserInfo == null) {
|
if (existingUserInfo == null) {
|
||||||
logger.warnf("No duplication detected.");
|
logger.noDuplicationDetected();
|
||||||
context.attempted();
|
context.attempted();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,7 +5,6 @@ import java.util.Map;
|
||||||
|
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo;
|
import org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo;
|
||||||
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
|
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
|
||||||
|
@ -16,6 +15,7 @@ import org.keycloak.models.AuthenticatorConfigModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -23,7 +23,7 @@ import org.keycloak.services.messages.Messages;
|
||||||
*/
|
*/
|
||||||
public class IdpCreateUserIfUniqueAuthenticator extends AbstractIdpAuthenticator {
|
public class IdpCreateUserIfUniqueAuthenticator extends AbstractIdpAuthenticator {
|
||||||
|
|
||||||
protected static Logger logger = Logger.getLogger(IdpCreateUserIfUniqueAuthenticator.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -43,7 +43,7 @@ public class IdpCreateUserIfUniqueAuthenticator extends AbstractIdpAuthenticator
|
||||||
|
|
||||||
String username = getUsername(context, serializedCtx, brokerContext);
|
String username = getUsername(context, serializedCtx, brokerContext);
|
||||||
if (username == null) {
|
if (username == null) {
|
||||||
logger.warnf("%s is null. Reset flow and enforce showing reviewProfile page", realm.isRegistrationEmailAsUsername() ? "Email" : "Username");
|
logger.resetFlow(realm.isRegistrationEmailAsUsername() ? "Email" : "Username");
|
||||||
context.getClientSession().setNote(ENFORCE_UPDATE_PROFILE, "true");
|
context.getClientSession().setNote(ENFORCE_UPDATE_PROFILE, "true");
|
||||||
context.resetFlow();
|
context.resetFlow();
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -6,7 +6,6 @@ import javax.ws.rs.core.MultivaluedMap;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.UriBuilder;
|
import javax.ws.rs.core.UriBuilder;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
import org.keycloak.authentication.requiredactions.VerifyEmail;
|
import org.keycloak.authentication.requiredactions.VerifyEmail;
|
||||||
|
@ -24,6 +23,7 @@ import org.keycloak.models.Constants;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
import org.keycloak.services.resources.LoginActionsService;
|
import org.keycloak.services.resources.LoginActionsService;
|
||||||
|
|
||||||
|
@ -32,7 +32,7 @@ import org.keycloak.services.resources.LoginActionsService;
|
||||||
*/
|
*/
|
||||||
public class IdpEmailVerificationAuthenticator extends AbstractIdpAuthenticator {
|
public class IdpEmailVerificationAuthenticator extends AbstractIdpAuthenticator {
|
||||||
|
|
||||||
protected static Logger logger = Logger.getLogger(IdpEmailVerificationAuthenticator.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void authenticateImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext) {
|
protected void authenticateImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext) {
|
||||||
|
@ -41,7 +41,7 @@ public class IdpEmailVerificationAuthenticator extends AbstractIdpAuthenticator
|
||||||
ClientSessionModel clientSession = context.getClientSession();
|
ClientSessionModel clientSession = context.getClientSession();
|
||||||
|
|
||||||
if (realm.getSmtpConfig().size() == 0) {
|
if (realm.getSmtpConfig().size() == 0) {
|
||||||
logger.warnf("Smtp is not configured for the realm. Ignoring email verification authenticator");
|
logger.smtpNotConfigured();
|
||||||
context.attempted();
|
context.attempted();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -78,7 +78,7 @@ public class IdpEmailVerificationAuthenticator extends AbstractIdpAuthenticator
|
||||||
} catch (EmailException e) {
|
} catch (EmailException e) {
|
||||||
event.error(Errors.EMAIL_SEND_FAILED);
|
event.error(Errors.EMAIL_SEND_FAILED);
|
||||||
|
|
||||||
logger.error("Failed to send email to confirm identity broker linking", e);
|
logger.confirmBrokerEmailFailed(e);
|
||||||
Response challenge = context.form()
|
Response challenge = context.form()
|
||||||
.setError(Messages.EMAIL_SENT_ERROR)
|
.setError(Messages.EMAIL_SENT_ERROR)
|
||||||
.createErrorPage();
|
.createErrorPage();
|
||||||
|
@ -118,7 +118,7 @@ public class IdpEmailVerificationAuthenticator extends AbstractIdpAuthenticator
|
||||||
context.setUser(existingUser);
|
context.setUser(existingUser);
|
||||||
context.success();
|
context.success();
|
||||||
} else {
|
} else {
|
||||||
logger.error("Key parameter don't match with the expected value from client session");
|
logger.keyParamDoesNotMatch();
|
||||||
Response challengeResponse = context.form()
|
Response challengeResponse = context.form()
|
||||||
.setError(Messages.INVALID_ACCESS_CODE)
|
.setError(Messages.INVALID_ACCESS_CODE)
|
||||||
.createErrorPage();
|
.createErrorPage();
|
||||||
|
|
|
@ -5,7 +5,6 @@ import java.util.List;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
|
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
|
||||||
import org.keycloak.broker.provider.BrokeredIdentityContext;
|
import org.keycloak.broker.provider.BrokeredIdentityContext;
|
||||||
|
@ -21,6 +20,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.FormMessage;
|
import org.keycloak.models.utils.FormMessage;
|
||||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.resources.AttributeFormDataProcessor;
|
import org.keycloak.services.resources.AttributeFormDataProcessor;
|
||||||
import org.keycloak.services.validation.Validation;
|
import org.keycloak.services.validation.Validation;
|
||||||
|
|
||||||
|
@ -29,7 +29,7 @@ import org.keycloak.services.validation.Validation;
|
||||||
*/
|
*/
|
||||||
public class IdpReviewProfileAuthenticator extends AbstractIdpAuthenticator {
|
public class IdpReviewProfileAuthenticator extends AbstractIdpAuthenticator {
|
||||||
|
|
||||||
protected static Logger logger = Logger.getLogger(IdpReviewProfileAuthenticator.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean requiresUser() {
|
public boolean requiresUser() {
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.authentication.authenticators.browser;
|
package org.keycloak.authentication.authenticators.browser;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.authentication.AbstractFormAuthenticator;
|
import org.keycloak.authentication.AbstractFormAuthenticator;
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
|
@ -11,6 +10,7 @@ import org.keycloak.models.UserCredentialModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ import java.util.List;
|
||||||
*/
|
*/
|
||||||
public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuthenticator {
|
public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuthenticator {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(AbstractUsernameFormAuthenticator.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static final String REGISTRATION_FORM_ACTION = "registration_form";
|
public static final String REGISTRATION_FORM_ACTION = "registration_form";
|
||||||
public static final String ATTEMPTED_USERNAME = "ATTEMPTED_USERNAME";
|
public static final String ATTEMPTED_USERNAME = "ATTEMPTED_USERNAME";
|
||||||
|
@ -109,7 +109,7 @@ public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuth
|
||||||
try {
|
try {
|
||||||
user = KeycloakModelUtils.findUserByNameOrEmail(context.getSession(), context.getRealm(), username);
|
user = KeycloakModelUtils.findUserByNameOrEmail(context.getSession(), context.getRealm(), username);
|
||||||
} catch (ModelDuplicateException mde) {
|
} catch (ModelDuplicateException mde) {
|
||||||
logger.error(mde.getMessage(), mde);
|
logger.modelDuplicateException(mde);
|
||||||
|
|
||||||
// Could happen during federation import
|
// Could happen during federation import
|
||||||
if (mde.getDuplicateFieldName() != null && mde.getDuplicateFieldName().equals(UserModel.EMAIL)) {
|
if (mde.getDuplicateFieldName() != null && mde.getDuplicateFieldName().equals(UserModel.EMAIL)) {
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.authentication.authenticators.browser;
|
package org.keycloak.authentication.authenticators.browser;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
|
@ -13,6 +12,7 @@ import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserCredentialModel;
|
import org.keycloak.models.UserCredentialModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
|
@ -27,7 +27,7 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public class SpnegoAuthenticator extends AbstractUsernameFormAuthenticator implements Authenticator{
|
public class SpnegoAuthenticator extends AbstractUsernameFormAuthenticator implements Authenticator{
|
||||||
public static final String KERBEROS_DISABLED = "kerberos_disabled";
|
public static final String KERBEROS_DISABLED = "kerberos_disabled";
|
||||||
protected static Logger logger = Logger.getLogger(SpnegoAuthenticator.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean requiresUser() {
|
public boolean requiresUser() {
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.authentication.authenticators.browser;
|
package org.keycloak.authentication.authenticators.browser;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
|
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.authentication.AuthenticationProcessor;
|
import org.keycloak.authentication.AuthenticationProcessor;
|
||||||
|
@ -10,6 +9,7 @@ import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
|
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
|
@ -20,7 +20,7 @@ import javax.ws.rs.core.Response;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class UsernamePasswordForm extends AbstractUsernameFormAuthenticator implements Authenticator {
|
public class UsernamePasswordForm extends AbstractUsernameFormAuthenticator implements Authenticator {
|
||||||
protected static Logger logger = Logger.getLogger(UsernamePasswordForm.class);
|
protected static ServicesLogger log = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void action(AuthenticationFlowContext context) {
|
public void action(AuthenticationFlowContext context) {
|
||||||
|
|
|
@ -11,7 +11,6 @@ import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
import org.keycloak.authentication.ClientAuthenticationFlowContext;
|
import org.keycloak.authentication.ClientAuthenticationFlowContext;
|
||||||
|
@ -19,6 +18,7 @@ import org.keycloak.models.AuthenticationExecutionModel;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.util.BasicAuthHelper;
|
import org.keycloak.util.BasicAuthHelper;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -30,7 +30,7 @@ import org.keycloak.util.BasicAuthHelper;
|
||||||
*/
|
*/
|
||||||
public class ClientIdAndSecretAuthenticator extends AbstractClientAuthenticator {
|
public class ClientIdAndSecretAuthenticator extends AbstractClientAuthenticator {
|
||||||
|
|
||||||
protected static Logger logger = Logger.getLogger(ClientIdAndSecretAuthenticator.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static final String PROVIDER_ID = "client-secret";
|
public static final String PROVIDER_ID = "client-secret";
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,6 @@ import java.util.Map;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
import org.keycloak.authentication.ClientAuthenticationFlowContext;
|
import org.keycloak.authentication.ClientAuthenticationFlowContext;
|
||||||
|
@ -23,6 +22,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
import org.keycloak.representations.JsonWebToken;
|
import org.keycloak.representations.JsonWebToken;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.Urls;
|
import org.keycloak.services.Urls;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -36,7 +36,7 @@ import org.keycloak.services.Urls;
|
||||||
*/
|
*/
|
||||||
public class JWTClientAuthenticator extends AbstractClientAuthenticator {
|
public class JWTClientAuthenticator extends AbstractClientAuthenticator {
|
||||||
|
|
||||||
protected static Logger logger = Logger.getLogger(JWTClientAuthenticator.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static final String PROVIDER_ID = "client-jwt";
|
public static final String PROVIDER_ID = "client-jwt";
|
||||||
public static final String CERTIFICATE_ATTR = "jwt.credential.certificate";
|
public static final String CERTIFICATE_ATTR = "jwt.credential.certificate";
|
||||||
|
@ -129,7 +129,7 @@ public class JWTClientAuthenticator extends AbstractClientAuthenticator {
|
||||||
|
|
||||||
context.success();
|
context.success();
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error("Error when validate client assertion", e);
|
logger.errorValidatingAssertion(e);
|
||||||
Response challengeResponse = ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Client authentication with signed JWT failed: " + e.getMessage());
|
Response challengeResponse = ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Client authentication with signed JWT failed: " + e.getMessage());
|
||||||
context.failure(AuthenticationFlowError.INVALID_CLIENT_CREDENTIALS, challengeResponse);
|
context.failure(AuthenticationFlowError.INVALID_CLIENT_CREDENTIALS, challengeResponse);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.authentication.authenticators.directgrant;
|
package org.keycloak.authentication.authenticators.directgrant;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.events.Errors;
|
import org.keycloak.events.Errors;
|
||||||
|
@ -23,7 +22,6 @@ import java.util.List;
|
||||||
*/
|
*/
|
||||||
public class ValidateOTP extends AbstractDirectGrantAuthenticator {
|
public class ValidateOTP extends AbstractDirectGrantAuthenticator {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(ValidateOTP.class);
|
|
||||||
public static final String PROVIDER_ID = "direct-grant-validate-otp";
|
public static final String PROVIDER_ID = "direct-grant-validate-otp";
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.authentication.authenticators.directgrant;
|
package org.keycloak.authentication.authenticators.directgrant;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.events.Errors;
|
import org.keycloak.events.Errors;
|
||||||
|
@ -23,7 +22,6 @@ import java.util.List;
|
||||||
*/
|
*/
|
||||||
public class ValidatePassword extends AbstractDirectGrantAuthenticator {
|
public class ValidatePassword extends AbstractDirectGrantAuthenticator {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(ValidatePassword.class);
|
|
||||||
public static final String PROVIDER_ID = "direct-grant-validate-password";
|
public static final String PROVIDER_ID = "direct-grant-validate-password";
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.authentication.authenticators.directgrant;
|
package org.keycloak.authentication.authenticators.directgrant;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
|
import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
|
||||||
|
@ -13,6 +12,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
|
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
|
@ -26,7 +26,7 @@ import java.util.List;
|
||||||
*/
|
*/
|
||||||
public class ValidateUsername extends AbstractDirectGrantAuthenticator {
|
public class ValidateUsername extends AbstractDirectGrantAuthenticator {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(ValidateUsername.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
public static final String PROVIDER_ID = "direct-grant-validate-username";
|
public static final String PROVIDER_ID = "direct-grant-validate-username";
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -46,7 +46,7 @@ public class ValidateUsername extends AbstractDirectGrantAuthenticator {
|
||||||
try {
|
try {
|
||||||
user = KeycloakModelUtils.findUserByNameOrEmail(context.getSession(), context.getRealm(), username);
|
user = KeycloakModelUtils.findUserByNameOrEmail(context.getSession(), context.getRealm(), username);
|
||||||
} catch (ModelDuplicateException mde) {
|
} catch (ModelDuplicateException mde) {
|
||||||
logger.error(mde.getMessage(), mde);
|
logger.modelDuplicateException(mde);
|
||||||
Response challengeResponse = errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_request", "Invalid user credentials");
|
Response challengeResponse = errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_request", "Invalid user credentials");
|
||||||
context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse);
|
context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse);
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.authentication.authenticators.resetcred;
|
package org.keycloak.authentication.authenticators.resetcred;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
|
@ -17,6 +16,7 @@ import org.keycloak.models.KeycloakSessionFactory;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
|
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
|
@ -29,7 +29,7 @@ import java.util.List;
|
||||||
*/
|
*/
|
||||||
public class ResetCredentialChooseUser implements Authenticator, AuthenticatorFactory {
|
public class ResetCredentialChooseUser implements Authenticator, AuthenticatorFactory {
|
||||||
|
|
||||||
protected static Logger logger = Logger.getLogger(ResetCredentialChooseUser.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static final String PROVIDER_ID = "reset-credentials-choose-user";
|
public static final String PROVIDER_ID = "reset-credentials-choose-user";
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.authentication.authenticators.resetcred;
|
package org.keycloak.authentication.authenticators.resetcred;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||||
import org.keycloak.authentication.AuthenticationFlowError;
|
import org.keycloak.authentication.AuthenticationFlowError;
|
||||||
|
@ -22,6 +21,7 @@ import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.FormMessage;
|
import org.keycloak.models.utils.FormMessage;
|
||||||
import org.keycloak.models.utils.HmacOTP;
|
import org.keycloak.models.utils.HmacOTP;
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
|
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
@ -36,7 +36,7 @@ import java.util.concurrent.TimeUnit;
|
||||||
public class ResetCredentialEmail implements Authenticator, AuthenticatorFactory {
|
public class ResetCredentialEmail implements Authenticator, AuthenticatorFactory {
|
||||||
public static final String RESET_CREDENTIAL_SECRET = "RESET_CREDENTIAL_SECRET";
|
public static final String RESET_CREDENTIAL_SECRET = "RESET_CREDENTIAL_SECRET";
|
||||||
|
|
||||||
protected static Logger logger = Logger.getLogger(ResetCredentialEmail.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static final String PROVIDER_ID = "reset-credential-email";
|
public static final String PROVIDER_ID = "reset-credential-email";
|
||||||
|
|
||||||
|
@ -83,7 +83,7 @@ public class ResetCredentialEmail implements Authenticator, AuthenticatorFactory
|
||||||
.detail(Details.USERNAME, username)
|
.detail(Details.USERNAME, username)
|
||||||
.user(user)
|
.user(user)
|
||||||
.error(Errors.EMAIL_SEND_FAILED);
|
.error(Errors.EMAIL_SEND_FAILED);
|
||||||
logger.error("Failed to send password reset email", e);
|
logger.failedToSendPwdResetEmail(e);
|
||||||
Response challenge = context.form()
|
Response challenge = context.form()
|
||||||
.setError(Messages.EMAIL_SENT_ERROR)
|
.setError(Messages.EMAIL_SENT_ERROR)
|
||||||
.createErrorPage();
|
.createErrorPage();
|
||||||
|
|
|
@ -6,7 +6,6 @@ import org.apache.http.client.HttpClient;
|
||||||
import org.apache.http.client.entity.UrlEncodedFormEntity;
|
import org.apache.http.client.entity.UrlEncodedFormEntity;
|
||||||
import org.apache.http.client.methods.HttpPost;
|
import org.apache.http.client.methods.HttpPost;
|
||||||
import org.apache.http.message.BasicNameValuePair;
|
import org.apache.http.message.BasicNameValuePair;
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.authentication.FormAction;
|
import org.keycloak.authentication.FormAction;
|
||||||
import org.keycloak.authentication.FormActionFactory;
|
import org.keycloak.authentication.FormActionFactory;
|
||||||
|
@ -25,6 +24,7 @@ import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.FormMessage;
|
import org.keycloak.models.utils.FormMessage;
|
||||||
import org.keycloak.provider.ConfiguredProvider;
|
import org.keycloak.provider.ConfiguredProvider;
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
import org.keycloak.services.validation.Validation;
|
import org.keycloak.services.validation.Validation;
|
||||||
import org.keycloak.util.JsonSerialization;
|
import org.keycloak.util.JsonSerialization;
|
||||||
|
@ -45,7 +45,7 @@ public class RegistrationRecaptcha implements FormAction, FormActionFactory, Con
|
||||||
public static final String RECAPTCHA_REFERENCE_CATEGORY = "recaptcha";
|
public static final String RECAPTCHA_REFERENCE_CATEGORY = "recaptcha";
|
||||||
public static final String SITE_KEY = "site.key";
|
public static final String SITE_KEY = "site.key";
|
||||||
public static final String SITE_SECRET = "secret";
|
public static final String SITE_SECRET = "secret";
|
||||||
protected static Logger logger = Logger.getLogger(RegistrationRecaptcha.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static final String PROVIDER_ID = "registration-recaptcha-action";
|
public static final String PROVIDER_ID = "registration-recaptcha-action";
|
||||||
|
|
||||||
|
@ -135,7 +135,7 @@ public class RegistrationRecaptcha implements FormAction, FormActionFactory, Con
|
||||||
content.close();
|
content.close();
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error("Recaptcha failed", e);
|
logger.recaptchaFailed(e);
|
||||||
}
|
}
|
||||||
return success;
|
return success;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.authentication.requiredactions;
|
package org.keycloak.authentication.requiredactions;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.authentication.RequiredActionContext;
|
import org.keycloak.authentication.RequiredActionContext;
|
||||||
import org.keycloak.authentication.RequiredActionFactory;
|
import org.keycloak.authentication.RequiredActionFactory;
|
||||||
|
@ -13,6 +12,7 @@ import org.keycloak.models.ModelException;
|
||||||
import org.keycloak.models.UserCredentialModel;
|
import org.keycloak.models.UserCredentialModel;
|
||||||
import org.keycloak.models.UserCredentialValueModel;
|
import org.keycloak.models.UserCredentialValueModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
import org.keycloak.services.validation.Validation;
|
import org.keycloak.services.validation.Validation;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
|
@ -26,7 +26,7 @@ import java.util.concurrent.TimeUnit;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class UpdatePassword implements RequiredActionProvider, RequiredActionFactory {
|
public class UpdatePassword implements RequiredActionProvider, RequiredActionFactory {
|
||||||
protected static Logger logger = Logger.getLogger(UpdatePassword.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
@Override
|
@Override
|
||||||
public void evaluateTriggers(RequiredActionContext context) {
|
public void evaluateTriggers(RequiredActionContext context) {
|
||||||
int daysToExpirePassword = context.getRealm().getPasswordPolicy().getDaysToExpirePassword();
|
int daysToExpirePassword = context.getRealm().getPasswordPolicy().getDaysToExpirePassword();
|
||||||
|
|
4
services/src/main/java/org/keycloak/authentication/requiredactions/UpdateProfile.java
Executable file → Normal file
4
services/src/main/java/org/keycloak/authentication/requiredactions/UpdateProfile.java
Executable file → Normal file
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.authentication.requiredactions;
|
package org.keycloak.authentication.requiredactions;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.authentication.RequiredActionContext;
|
import org.keycloak.authentication.RequiredActionContext;
|
||||||
import org.keycloak.authentication.RequiredActionFactory;
|
import org.keycloak.authentication.RequiredActionFactory;
|
||||||
|
@ -13,6 +12,7 @@ import org.keycloak.models.KeycloakSessionFactory;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.FormMessage;
|
import org.keycloak.models.utils.FormMessage;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
import org.keycloak.services.resources.AttributeFormDataProcessor;
|
import org.keycloak.services.resources.AttributeFormDataProcessor;
|
||||||
import org.keycloak.services.validation.Validation;
|
import org.keycloak.services.validation.Validation;
|
||||||
|
@ -26,7 +26,7 @@ import java.util.List;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class UpdateProfile implements RequiredActionProvider, RequiredActionFactory {
|
public class UpdateProfile implements RequiredActionProvider, RequiredActionFactory {
|
||||||
protected static Logger logger = Logger.getLogger(UpdateProfile.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
@Override
|
@Override
|
||||||
public void evaluateTriggers(RequiredActionContext context) {
|
public void evaluateTriggers(RequiredActionContext context) {
|
||||||
}
|
}
|
||||||
|
|
4
services/src/main/java/org/keycloak/authentication/requiredactions/UpdateTotp.java
Executable file → Normal file
4
services/src/main/java/org/keycloak/authentication/requiredactions/UpdateTotp.java
Executable file → Normal file
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.authentication.requiredactions;
|
package org.keycloak.authentication.requiredactions;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.authentication.RequiredActionContext;
|
import org.keycloak.authentication.RequiredActionContext;
|
||||||
import org.keycloak.authentication.RequiredActionFactory;
|
import org.keycloak.authentication.RequiredActionFactory;
|
||||||
|
@ -12,6 +11,7 @@ import org.keycloak.models.KeycloakSessionFactory;
|
||||||
import org.keycloak.models.UserCredentialModel;
|
import org.keycloak.models.UserCredentialModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.CredentialValidation;
|
import org.keycloak.models.utils.CredentialValidation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
import org.keycloak.services.validation.Validation;
|
import org.keycloak.services.validation.Validation;
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ import javax.ws.rs.core.Response;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class UpdateTotp implements RequiredActionProvider, RequiredActionFactory {
|
public class UpdateTotp implements RequiredActionProvider, RequiredActionFactory {
|
||||||
protected static Logger logger = Logger.getLogger(UpdateTotp.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
@Override
|
@Override
|
||||||
public void evaluateTriggers(RequiredActionContext context) {
|
public void evaluateTriggers(RequiredActionContext context) {
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.authentication.requiredactions;
|
package org.keycloak.authentication.requiredactions;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.authentication.RequiredActionContext;
|
import org.keycloak.authentication.RequiredActionContext;
|
||||||
import org.keycloak.authentication.RequiredActionFactory;
|
import org.keycloak.authentication.RequiredActionFactory;
|
||||||
|
@ -14,6 +13,7 @@ import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.HmacOTP;
|
import org.keycloak.models.utils.HmacOTP;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.resources.LoginActionsService;
|
import org.keycloak.services.resources.LoginActionsService;
|
||||||
import org.keycloak.services.validation.Validation;
|
import org.keycloak.services.validation.Validation;
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ import javax.ws.rs.core.Response;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class VerifyEmail implements RequiredActionProvider, RequiredActionFactory {
|
public class VerifyEmail implements RequiredActionProvider, RequiredActionFactory {
|
||||||
protected static Logger logger = Logger.getLogger(VerifyEmail.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
@Override
|
@Override
|
||||||
public void evaluateTriggers(RequiredActionContext context) {
|
public void evaluateTriggers(RequiredActionContext context) {
|
||||||
if (context.getRealm().isVerifyEmail() && !context.getUser().isEmailVerified()) {
|
if (context.getRealm().isVerifyEmail() && !context.getUser().isEmailVerified()) {
|
||||||
|
|
6
services/src/main/java/org/keycloak/email/DefaultEmailSenderProvider.java
Executable file → Normal file
6
services/src/main/java/org/keycloak/email/DefaultEmailSenderProvider.java
Executable file → Normal file
|
@ -1,11 +1,11 @@
|
||||||
package org.keycloak.email;
|
package org.keycloak.email;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.truststore.HostnameVerificationPolicy;
|
import org.keycloak.truststore.HostnameVerificationPolicy;
|
||||||
import org.keycloak.truststore.JSSETruststoreConfigurator;
|
import org.keycloak.truststore.JSSETruststoreConfigurator;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import javax.mail.Message;
|
import javax.mail.Message;
|
||||||
import javax.mail.Multipart;
|
import javax.mail.Multipart;
|
||||||
|
@ -26,7 +26,7 @@ import java.util.Properties;
|
||||||
*/
|
*/
|
||||||
public class DefaultEmailSenderProvider implements EmailSenderProvider {
|
public class DefaultEmailSenderProvider implements EmailSenderProvider {
|
||||||
|
|
||||||
private static final Logger log = Logger.getLogger(DefaultEmailSenderProvider.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
|
|
||||||
|
@ -104,7 +104,7 @@ public class DefaultEmailSenderProvider implements EmailSenderProvider {
|
||||||
}
|
}
|
||||||
transport.sendMessage(msg, new InternetAddress[]{new InternetAddress(address)});
|
transport.sendMessage(msg, new InternetAddress[]{new InternetAddress(address)});
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
log.error("Failed to send email", e);
|
logger.failedToSendEmail(e);
|
||||||
throw new EmailException(e);
|
throw new EmailException(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
package org.keycloak.exportimport;
|
package org.keycloak.exportimport;
|
||||||
|
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@ import java.io.IOException;
|
||||||
*/
|
*/
|
||||||
public class ExportImportManager {
|
public class ExportImportManager {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(ExportImportManager.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private KeycloakSessionFactory sessionFactory;
|
private KeycloakSessionFactory sessionFactory;
|
||||||
|
|
||||||
|
@ -65,13 +65,13 @@ public class ExportImportManager {
|
||||||
try {
|
try {
|
||||||
Strategy strategy = ExportImportConfig.getStrategy();
|
Strategy strategy = ExportImportConfig.getStrategy();
|
||||||
if (realmName == null) {
|
if (realmName == null) {
|
||||||
logger.infof("Full model import requested. Strategy: %s", strategy.toString());
|
logger.fullModelImport(strategy.toString());
|
||||||
importProvider.importModel(sessionFactory, strategy);
|
importProvider.importModel(sessionFactory, strategy);
|
||||||
} else {
|
} else {
|
||||||
logger.infof("Import of realm '%s' requested. Strategy: %s", realmName, strategy.toString());
|
logger.realmImportRequested(realmName, strategy.toString());
|
||||||
importProvider.importRealm(sessionFactory, realmName, strategy);
|
importProvider.importRealm(sessionFactory, realmName, strategy);
|
||||||
}
|
}
|
||||||
logger.info("Import finished successfully");
|
logger.importSuccess();
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
throw new RuntimeException("Failed to run import", e);
|
throw new RuntimeException("Failed to run import", e);
|
||||||
}
|
}
|
||||||
|
@ -80,13 +80,13 @@ public class ExportImportManager {
|
||||||
public void runExport() {
|
public void runExport() {
|
||||||
try {
|
try {
|
||||||
if (realmName == null) {
|
if (realmName == null) {
|
||||||
logger.info("Full model export requested");
|
logger.fullModelExportRequested();
|
||||||
exportProvider.exportModel(sessionFactory);
|
exportProvider.exportModel(sessionFactory);
|
||||||
} else {
|
} else {
|
||||||
logger.infof("Export of realm '%s' requested", realmName);
|
logger.realmExportRequested(realmName);
|
||||||
exportProvider.exportRealm(sessionFactory, realmName);
|
exportProvider.exportRealm(sessionFactory, realmName);
|
||||||
}
|
}
|
||||||
logger.info("Export finished successfully");
|
logger.exportSuccess();
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
throw new RuntimeException("Failed to run export");
|
throw new RuntimeException("Failed to run export");
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,11 +21,11 @@ import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.representations.idm.PartialImportRepresentation;
|
import org.keycloak.representations.idm.PartialImportRepresentation;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Base PartialImport for most resource types.
|
* Base PartialImport for most resource types.
|
||||||
|
@ -33,7 +33,7 @@ import org.keycloak.services.ErrorResponse;
|
||||||
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
|
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
|
||||||
*/
|
*/
|
||||||
public abstract class AbstractPartialImport<T> implements PartialImport<T> {
|
public abstract class AbstractPartialImport<T> implements PartialImport<T> {
|
||||||
protected static Logger logger = Logger.getLogger(AbstractPartialImport.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
protected final Set<T> toOverwrite = new HashSet<>();
|
protected final Set<T> toOverwrite = new HashSet<>();
|
||||||
protected final Set<T> toSkip = new HashSet<>();
|
protected final Set<T> toSkip = new HashSet<>();
|
||||||
|
@ -99,7 +99,7 @@ public abstract class AbstractPartialImport<T> implements PartialImport<T> {
|
||||||
try {
|
try {
|
||||||
create(realm, session, resourceRep);
|
create(realm, session, resourceRep);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error("Error overwriting " + getName(resourceRep), e);
|
logger.overwriteError(e, getName(resourceRep));
|
||||||
throw new ErrorResponseException(ErrorResponse.error(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR));
|
throw new ErrorResponseException(ErrorResponse.error(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -121,7 +121,7 @@ public abstract class AbstractPartialImport<T> implements PartialImport<T> {
|
||||||
String modelId = getModelId(realm, session, resourceRep);
|
String modelId = getModelId(realm, session, resourceRep);
|
||||||
results.addResult(added(modelId, resourceRep));
|
results.addResult(added(modelId, resourceRep));
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error("Error creating " + getName(resourceRep), e);
|
logger.creationError(e, getName(resourceRep));
|
||||||
throw new ErrorResponseException(ErrorResponse.error(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR));
|
throw new ErrorResponseException(ErrorResponse.error(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,6 @@ import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
|
@ -29,6 +28,7 @@ import org.keycloak.representations.idm.PartialImportRepresentation;
|
||||||
import org.keycloak.representations.idm.RoleRepresentation;
|
import org.keycloak.representations.idm.RoleRepresentation;
|
||||||
import org.keycloak.representations.idm.RolesRepresentation;
|
import org.keycloak.representations.idm.RolesRepresentation;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class handles both realm roles and client roles. It delegates to
|
* This class handles both realm roles and client roles. It delegates to
|
||||||
|
@ -44,7 +44,7 @@ import org.keycloak.services.ErrorResponse;
|
||||||
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
|
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
|
||||||
*/
|
*/
|
||||||
public class RolesPartialImport implements PartialImport<RolesRepresentation> {
|
public class RolesPartialImport implements PartialImport<RolesRepresentation> {
|
||||||
protected static Logger logger = Logger.getLogger(RolesPartialImport.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private Set<RoleRepresentation> realmRolesToOverwrite;
|
private Set<RoleRepresentation> realmRolesToOverwrite;
|
||||||
private Set<RoleRepresentation> realmRolesToSkip;
|
private Set<RoleRepresentation> realmRolesToSkip;
|
||||||
|
@ -97,7 +97,7 @@ public class RolesPartialImport implements PartialImport<RolesRepresentation> {
|
||||||
try {
|
try {
|
||||||
RepresentationToModel.importRoles(rep.getRoles(), realm);
|
RepresentationToModel.importRoles(rep.getRoles(), realm);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error("Error importing roles", e);
|
logger.roleImportError(e);
|
||||||
throw new ErrorResponseException(ErrorResponse.error(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR));
|
throw new ErrorResponseException(ErrorResponse.error(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,6 @@ import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.UriInfo;
|
import javax.ws.rs.core.UriInfo;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.keycloak.authentication.AuthenticationProcessor;
|
import org.keycloak.authentication.AuthenticationProcessor;
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
|
@ -19,6 +18,7 @@ import org.keycloak.models.IdentityProviderModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.protocol.LoginProtocol.Error;
|
import org.keycloak.protocol.LoginProtocol.Error;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.Urls;
|
import org.keycloak.services.Urls;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.ClientSessionCode;
|
import org.keycloak.services.managers.ClientSessionCode;
|
||||||
|
@ -31,7 +31,7 @@ import org.keycloak.services.resources.LoginActionsService;
|
||||||
*/
|
*/
|
||||||
public abstract class AuthorizationEndpointBase {
|
public abstract class AuthorizationEndpointBase {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(AuthorizationEndpointBase.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
protected RealmModel realm;
|
protected RealmModel realm;
|
||||||
protected EventBuilder event;
|
protected EventBuilder event;
|
||||||
|
@ -70,7 +70,7 @@ public abstract class AuthorizationEndpointBase {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Common method to handle browser authentication request in protocols unified way.
|
* Common method to handle browser authentication request in protocols unified way.
|
||||||
*
|
*
|
||||||
* @param clientSession for current request
|
* @param clientSession for current request
|
||||||
* @param protocol handler for protocol used to initiate login
|
* @param protocol handler for protocol used to initiate login
|
||||||
* @param isPassive set to true if login should be passive (without login screen shown)
|
* @param isPassive set to true if login should be passive (without login screen shown)
|
||||||
|
|
4
services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java
Executable file → Normal file
4
services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java
Executable file → Normal file
|
@ -1,7 +1,6 @@
|
||||||
package org.keycloak.protocol;
|
package org.keycloak.protocol;
|
||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonProperty;
|
import com.fasterxml.jackson.annotation.JsonProperty;
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
import org.keycloak.jose.jws.JWSBuilder;
|
import org.keycloak.jose.jws.JWSBuilder;
|
||||||
import org.keycloak.jose.jws.JWSInput;
|
import org.keycloak.jose.jws.JWSInput;
|
||||||
|
@ -10,6 +9,7 @@ import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.ClientSessionModel;
|
import org.keycloak.models.ClientSessionModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.util.CookieHelper;
|
import org.keycloak.services.util.CookieHelper;
|
||||||
|
|
||||||
|
@ -27,7 +27,7 @@ import java.util.Map;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class RestartLoginCookie {
|
public class RestartLoginCookie {
|
||||||
private static final Logger logger = Logger.getLogger(RestartLoginCookie.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
public static final String KC_RESTART = "KC_RESTART";
|
public static final String KC_RESTART = "KC_RESTART";
|
||||||
@JsonProperty("cs")
|
@JsonProperty("cs")
|
||||||
protected String clientSession;
|
protected String clientSession;
|
||||||
|
|
|
@ -21,7 +21,6 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.protocol.oidc;
|
package org.keycloak.protocol.oidc;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.events.Details;
|
import org.keycloak.events.Details;
|
||||||
import org.keycloak.events.EventBuilder;
|
import org.keycloak.events.EventBuilder;
|
||||||
|
@ -37,6 +36,7 @@ import org.keycloak.protocol.oidc.utils.OIDCRedirectUriBuilder;
|
||||||
import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
|
import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
|
||||||
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
|
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
|
||||||
import org.keycloak.representations.AccessTokenResponse;
|
import org.keycloak.representations.AccessTokenResponse;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.ClientSessionCode;
|
import org.keycloak.services.managers.ClientSessionCode;
|
||||||
import org.keycloak.services.managers.ResourceAdminManager;
|
import org.keycloak.services.managers.ResourceAdminManager;
|
||||||
|
|
||||||
|
@ -68,7 +68,7 @@ public class OIDCLoginProtocol implements LoginProtocol {
|
||||||
|
|
||||||
public static final String RESPONSE_MODE_PARAM = "response_mode";
|
public static final String RESPONSE_MODE_PARAM = "response_mode";
|
||||||
|
|
||||||
private static final Logger log = Logger.getLogger(OIDCLoginProtocol.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
protected KeycloakSession session;
|
protected KeycloakSession session;
|
||||||
|
|
||||||
|
@ -143,7 +143,7 @@ public class OIDCLoginProtocol implements LoginProtocol {
|
||||||
String redirect = clientSession.getRedirectUri();
|
String redirect = clientSession.getRedirectUri();
|
||||||
OIDCRedirectUriBuilder redirectUri = OIDCRedirectUriBuilder.fromUri(redirect, responseMode);
|
OIDCRedirectUriBuilder redirectUri = OIDCRedirectUriBuilder.fromUri(redirect, responseMode);
|
||||||
String state = clientSession.getNote(OIDCLoginProtocol.STATE_PARAM);
|
String state = clientSession.getNote(OIDCLoginProtocol.STATE_PARAM);
|
||||||
log.debugv("redirectAccessCode: state: {0}", state);
|
logger.debugv("redirectAccessCode: state: {0}", state);
|
||||||
if (state != null)
|
if (state != null)
|
||||||
redirectUri.addParam(OAuth2Constants.STATE, state);
|
redirectUri.addParam(OAuth2Constants.STATE, state);
|
||||||
|
|
||||||
|
@ -203,7 +203,7 @@ public class OIDCLoginProtocol implements LoginProtocol {
|
||||||
case PASSIVE_LOGIN_REQUIRED:
|
case PASSIVE_LOGIN_REQUIRED:
|
||||||
return "login_required";
|
return "login_required";
|
||||||
default:
|
default:
|
||||||
log.warn("Untranslated protocol Error: " + error.name() + " so we return default SAML error");
|
logger.untranslatedProtocol(error.name());
|
||||||
return "access_denied";
|
return "access_denied";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,7 +16,6 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.protocol.oidc;
|
package org.keycloak.protocol.oidc;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.common.constants.KerberosConstants;
|
import org.keycloak.common.constants.KerberosConstants;
|
||||||
import org.keycloak.common.util.UriUtils;
|
import org.keycloak.common.util.UriUtils;
|
||||||
import org.keycloak.events.EventBuilder;
|
import org.keycloak.events.EventBuilder;
|
||||||
|
@ -34,6 +33,7 @@ import org.keycloak.protocol.oidc.mappers.UserPropertyMapper;
|
||||||
import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
|
import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
import org.keycloak.representations.idm.ClientTemplateRepresentation;
|
import org.keycloak.representations.idm.ClientTemplateRepresentation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
@ -50,7 +50,7 @@ import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
|
public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
|
||||||
private static Logger logger = Logger.getLogger(OIDCLoginProtocolFactory.class);
|
private static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static final String USERNAME = "username";
|
public static final String USERNAME = "username";
|
||||||
public static final String EMAIL = "email";
|
public static final String EMAIL = "email";
|
||||||
|
@ -195,7 +195,7 @@ public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
|
||||||
|
|
||||||
// Backwards compatibility only
|
// Backwards compatibility only
|
||||||
if (rep.isDirectGrantsOnly() != null) {
|
if (rep.isDirectGrantsOnly() != null) {
|
||||||
logger.warn("Using deprecated 'directGrantsOnly' configuration in JSON representation. It will be removed in future versions");
|
logger.usingDeprecatedDirectGrantsOnly();
|
||||||
newClient.setStandardFlowEnabled(!rep.isDirectGrantsOnly());
|
newClient.setStandardFlowEnabled(!rep.isDirectGrantsOnly());
|
||||||
newClient.setDirectAccessGrantsEnabled(rep.isDirectGrantsOnly());
|
newClient.setDirectAccessGrantsEnabled(rep.isDirectGrantsOnly());
|
||||||
} else {
|
} else {
|
||||||
|
|
4
services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java
Executable file → Normal file
4
services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java
Executable file → Normal file
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.protocol.oidc;
|
package org.keycloak.protocol.oidc;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
|
@ -16,6 +15,7 @@ import org.keycloak.protocol.oidc.endpoints.LogoutEndpoint;
|
||||||
import org.keycloak.protocol.oidc.endpoints.TokenEndpoint;
|
import org.keycloak.protocol.oidc.endpoints.TokenEndpoint;
|
||||||
import org.keycloak.protocol.oidc.endpoints.UserInfoEndpoint;
|
import org.keycloak.protocol.oidc.endpoints.UserInfoEndpoint;
|
||||||
import org.keycloak.protocol.oidc.representations.JSONWebKeySet;
|
import org.keycloak.protocol.oidc.representations.JSONWebKeySet;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.resources.RealmsResource;
|
import org.keycloak.services.resources.RealmsResource;
|
||||||
|
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
|
@ -37,7 +37,7 @@ import javax.ws.rs.core.UriInfo;
|
||||||
*/
|
*/
|
||||||
public class OIDCLoginProtocolService {
|
public class OIDCLoginProtocolService {
|
||||||
|
|
||||||
protected static final Logger logger = Logger.getLogger(OIDCLoginProtocolService.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private RealmModel realm;
|
private RealmModel realm;
|
||||||
private TokenManager tokenManager;
|
private TokenManager tokenManager;
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.protocol.oidc;
|
package org.keycloak.protocol.oidc;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.OAuthErrorException;
|
import org.keycloak.OAuthErrorException;
|
||||||
|
@ -34,6 +33,7 @@ import org.keycloak.representations.AccessTokenResponse;
|
||||||
import org.keycloak.representations.IDToken;
|
import org.keycloak.representations.IDToken;
|
||||||
import org.keycloak.representations.RefreshToken;
|
import org.keycloak.representations.RefreshToken;
|
||||||
import org.keycloak.services.ErrorResponseException;
|
import org.keycloak.services.ErrorResponseException;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.ClientSessionCode;
|
import org.keycloak.services.managers.ClientSessionCode;
|
||||||
import org.keycloak.services.managers.UserSessionManager;
|
import org.keycloak.services.managers.UserSessionManager;
|
||||||
|
@ -59,7 +59,7 @@ import java.util.Set;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class TokenManager {
|
public class TokenManager {
|
||||||
protected static final Logger logger = Logger.getLogger(TokenManager.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static void applyScope(RoleModel role, RoleModel scope, Set<RoleModel> visited, Set<RoleModel> requested) {
|
public static void applyScope(RoleModel role, RoleModel scope, Set<RoleModel> visited, Set<RoleModel> requested) {
|
||||||
if (visited.contains(scope)) return;
|
if (visited.contains(scope)) return;
|
||||||
|
|
10
services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java
Executable file → Normal file
10
services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java
Executable file → Normal file
|
@ -4,7 +4,6 @@ import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.authentication.AuthenticationProcessor;
|
import org.keycloak.authentication.AuthenticationProcessor;
|
||||||
import org.keycloak.constants.AdapterConstants;
|
import org.keycloak.constants.AdapterConstants;
|
||||||
import org.keycloak.events.Details;
|
import org.keycloak.events.Details;
|
||||||
|
@ -24,6 +23,7 @@ import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
|
||||||
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
|
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
|
||||||
import org.keycloak.protocol.oidc.utils.RedirectUtils;
|
import org.keycloak.protocol.oidc.utils.RedirectUtils;
|
||||||
import org.keycloak.services.ErrorPageException;
|
import org.keycloak.services.ErrorPageException;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.Urls;
|
import org.keycloak.services.Urls;
|
||||||
import org.keycloak.services.managers.ClientSessionCode;
|
import org.keycloak.services.managers.ClientSessionCode;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
|
@ -34,7 +34,7 @@ import org.keycloak.services.resources.LoginActionsService;
|
||||||
*/
|
*/
|
||||||
public class AuthorizationEndpoint extends AuthorizationEndpointBase {
|
public class AuthorizationEndpoint extends AuthorizationEndpointBase {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(AuthorizationEndpoint.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static final String CODE_AUTH_TYPE = "code";
|
public static final String CODE_AUTH_TYPE = "code";
|
||||||
|
|
||||||
|
@ -182,7 +182,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
|
||||||
action = Action.CODE;
|
action = Action.CODE;
|
||||||
}
|
}
|
||||||
} catch (IllegalArgumentException iae) {
|
} catch (IllegalArgumentException iae) {
|
||||||
logger.error(iae.getMessage());
|
logger.error(iae);
|
||||||
event.error(Errors.INVALID_REQUEST);
|
event.error(Errors.INVALID_REQUEST);
|
||||||
throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM);
|
throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM);
|
||||||
}
|
}
|
||||||
|
@ -193,7 +193,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
|
||||||
|
|
||||||
// Disallowed by OIDC specs
|
// Disallowed by OIDC specs
|
||||||
if (parsedResponseType.isImplicitOrHybridFlow() && parsedResponseMode == OIDCResponseMode.QUERY) {
|
if (parsedResponseType.isImplicitOrHybridFlow() && parsedResponseMode == OIDCResponseMode.QUERY) {
|
||||||
logger.error("Response_mode 'query' not allowed for implicit or hybrid flow");
|
logger.responseModeQueryNotAllowed();
|
||||||
event.error(Errors.INVALID_REQUEST);
|
event.error(Errors.INVALID_REQUEST);
|
||||||
throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_MODE_PARAM);
|
throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_MODE_PARAM);
|
||||||
}
|
}
|
||||||
|
@ -277,4 +277,4 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.protocol.oidc.endpoints;
|
package org.keycloak.protocol.oidc.endpoints;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
|
@ -21,6 +20,7 @@ import org.keycloak.protocol.oidc.utils.RedirectUtils;
|
||||||
import org.keycloak.representations.IDToken;
|
import org.keycloak.representations.IDToken;
|
||||||
import org.keycloak.representations.RefreshToken;
|
import org.keycloak.representations.RefreshToken;
|
||||||
import org.keycloak.services.ErrorResponseException;
|
import org.keycloak.services.ErrorResponseException;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
import org.keycloak.services.resources.Cors;
|
import org.keycloak.services.resources.Cors;
|
||||||
|
@ -43,7 +43,7 @@ import javax.ws.rs.core.UriInfo;
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
*/
|
*/
|
||||||
public class LogoutEndpoint {
|
public class LogoutEndpoint {
|
||||||
protected static Logger logger = Logger.getLogger(LogoutEndpoint.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
private KeycloakSession session;
|
private KeycloakSession session;
|
||||||
|
|
14
services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
Executable file → Normal file
14
services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
Executable file → Normal file
|
@ -1,6 +1,5 @@
|
||||||
package org.keycloak.protocol.oidc.endpoints;
|
package org.keycloak.protocol.oidc.endpoints;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
|
@ -27,6 +26,7 @@ import org.keycloak.protocol.oidc.utils.AuthorizeClientUtil;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.representations.AccessTokenResponse;
|
import org.keycloak.representations.AccessTokenResponse;
|
||||||
import org.keycloak.services.ErrorResponseException;
|
import org.keycloak.services.ErrorResponseException;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.ClientManager;
|
import org.keycloak.services.managers.ClientManager;
|
||||||
import org.keycloak.services.managers.ClientSessionCode;
|
import org.keycloak.services.managers.ClientSessionCode;
|
||||||
|
@ -51,7 +51,7 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public class TokenEndpoint {
|
public class TokenEndpoint {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(TokenEndpoint.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
private MultivaluedMap<String, String> formParams;
|
private MultivaluedMap<String, String> formParams;
|
||||||
private ClientModel client;
|
private ClientModel client;
|
||||||
private Map<String, String> clientAuthAttributes;
|
private Map<String, String> clientAuthAttributes;
|
||||||
|
@ -285,7 +285,7 @@ public class TokenEndpoint {
|
||||||
private void updateClientSession(ClientSessionModel clientSession) {
|
private void updateClientSession(ClientSessionModel clientSession) {
|
||||||
|
|
||||||
if(clientSession == null) {
|
if(clientSession == null) {
|
||||||
logger.error("client session is null");
|
logger.clientSessionNull();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -303,16 +303,16 @@ public class TokenEndpoint {
|
||||||
|
|
||||||
private void updateClientSessions(List<ClientSessionModel> clientSessions) {
|
private void updateClientSessions(List<ClientSessionModel> clientSessions) {
|
||||||
if(clientSessions == null) {
|
if(clientSessions == null) {
|
||||||
logger.error("client sessions is null");
|
logger.clientSessionNull();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
for (ClientSessionModel clientSession : clientSessions) {
|
for (ClientSessionModel clientSession : clientSessions) {
|
||||||
if(clientSession == null) {
|
if(clientSession == null) {
|
||||||
logger.error("client session is null");
|
logger.clientSessionNull();
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if(clientSession.getClient() == null) {
|
if(clientSession.getClient() == null) {
|
||||||
logger.error("client model in client session is null");
|
logger.clientModelNull();
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if(client.getId().equals(clientSession.getClient().getId())) {
|
if(client.getId().equals(clientSession.getClient().getId())) {
|
||||||
|
@ -448,4 +448,4 @@ public class TokenEndpoint {
|
||||||
return Cors.add(request, Response.ok(res, MediaType.APPLICATION_JSON_TYPE)).auth().allowedOrigins(client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
|
return Cors.add(request, Response.ok(res, MediaType.APPLICATION_JSON_TYPE)).auth().allowedOrigins(client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
package org.keycloak.protocol.oidc.mappers;
|
package org.keycloak.protocol.oidc.mappers;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.models.ProtocolMapperModel;
|
import org.keycloak.models.ProtocolMapperModel;
|
||||||
import org.keycloak.protocol.ProtocolMapperUtils;
|
import org.keycloak.protocol.ProtocolMapperUtils;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
import org.keycloak.representations.IDToken;
|
import org.keycloak.representations.IDToken;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
@ -17,7 +17,7 @@ import java.util.Map;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class OIDCAttributeMapperHelper {
|
public class OIDCAttributeMapperHelper {
|
||||||
private static final Logger logger = Logger.getLogger(OIDCAttributeMapperHelper.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static final String TOKEN_CLAIM_NAME = "claim.name";
|
public static final String TOKEN_CLAIM_NAME = "claim.name";
|
||||||
public static final String TOKEN_CLAIM_NAME_LABEL = "tokenClaimName.label";
|
public static final String TOKEN_CLAIM_NAME_LABEL = "tokenClaimName.label";
|
||||||
|
@ -46,7 +46,7 @@ public class OIDCAttributeMapperHelper {
|
||||||
return result;
|
return result;
|
||||||
} else {
|
} else {
|
||||||
if (valueAsList.size() > 1) {
|
if (valueAsList.size() > 1) {
|
||||||
logger.warnf("Multiple values found '%s' for protocol mapper '%s' but expected just single value", attributeValue.toString(), mappingModel.getName());
|
logger.multipleValuesForMapper(attributeValue.toString(), mappingModel.getName());
|
||||||
}
|
}
|
||||||
|
|
||||||
attributeValue = valueAsList.get(0);
|
attributeValue = valueAsList.get(0);
|
||||||
|
|
|
@ -110,7 +110,7 @@ public class UserAttributeMapper extends AbstractOIDCProtocolMapper implements O
|
||||||
if (multivalued) {
|
if (multivalued) {
|
||||||
mapper.getConfig().put(ProtocolMapperUtils.MULTIVALUED, "true");
|
mapper.getConfig().put(ProtocolMapperUtils.MULTIVALUED, "true");
|
||||||
}
|
}
|
||||||
|
|
||||||
return mapper;
|
return mapper;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
package org.keycloak.protocol.oidc.utils;
|
package org.keycloak.protocol.oidc.utils;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.Constants;
|
import org.keycloak.models.Constants;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.services.Urls;
|
import org.keycloak.services.Urls;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import javax.ws.rs.core.UriInfo;
|
import javax.ws.rs.core.UriInfo;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
|
@ -16,7 +16,7 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
public class RedirectUtils {
|
public class RedirectUtils {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(RedirectUtils.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static String verifyRealmRedirectUri(UriInfo uriInfo, String redirectUri, RealmModel realm) {
|
public static String verifyRealmRedirectUri(UriInfo uriInfo, String redirectUri, RealmModel realm) {
|
||||||
Set<String> validRedirects = getValidateRedirectUris(uriInfo, realm);
|
Set<String> validRedirects = getValidateRedirectUris(uriInfo, realm);
|
||||||
|
|
|
@ -1,6 +1,22 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.provider;
|
package org.keycloak.provider;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FilenameFilter;
|
import java.io.FilenameFilter;
|
||||||
|
@ -14,7 +30,7 @@ import java.util.List;
|
||||||
*/
|
*/
|
||||||
public class FileSystemProviderLoaderFactory implements ProviderLoaderFactory {
|
public class FileSystemProviderLoaderFactory implements ProviderLoaderFactory {
|
||||||
|
|
||||||
private static final Logger log = Logger.getLogger(FileSystemProviderLoaderFactory.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean supports(String type) {
|
public boolean supports(String type) {
|
||||||
|
@ -43,7 +59,7 @@ public class FileSystemProviderLoaderFactory implements ProviderLoaderFactory {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
log.debug("Loading providers from " + urls.toString());
|
logger.debug("Loading providers from " + urls.toString());
|
||||||
|
|
||||||
return new URLClassLoader(urls.toArray(new URL[urls.size()]), parent);
|
return new URLClassLoader(urls.toArray(new URL[urls.size()]), parent);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
|
|
|
@ -1,6 +1,22 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.provider;
|
package org.keycloak.provider;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.IdentityHashMap;
|
import java.util.IdentityHashMap;
|
||||||
|
@ -14,7 +30,7 @@ import java.util.ServiceLoader;
|
||||||
*/
|
*/
|
||||||
public class ProviderManager {
|
public class ProviderManager {
|
||||||
|
|
||||||
private static final Logger log = Logger.getLogger(ProviderManager.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private List<ProviderLoader> loaders = new LinkedList<ProviderLoader>();
|
private List<ProviderLoader> loaders = new LinkedList<ProviderLoader>();
|
||||||
private Map<String, List<ProviderFactory>> cache = new HashMap<String, List<ProviderFactory>>();
|
private Map<String, List<ProviderFactory>> cache = new HashMap<String, List<ProviderFactory>>();
|
||||||
|
@ -25,7 +41,7 @@ public class ProviderManager {
|
||||||
factories.add(f);
|
factories.add(f);
|
||||||
}
|
}
|
||||||
|
|
||||||
log.debugv("Provider loaders {0}", factories);
|
logger.debugv("Provider loaders {0}", factories);
|
||||||
|
|
||||||
loaders.add(new DefaultProviderLoader(baseClassLoader));
|
loaders.add(new DefaultProviderLoader(baseClassLoader));
|
||||||
|
|
||||||
|
|
18
services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java
Executable file → Normal file
18
services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java
Executable file → Normal file
|
@ -1,3 +1,19 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services;
|
package org.keycloak.services;
|
||||||
|
|
||||||
import org.keycloak.models.*;
|
import org.keycloak.models.*;
|
||||||
|
@ -94,7 +110,7 @@ public class DefaultKeycloakSession implements KeycloakSession {
|
||||||
T provider = (T) providers.get(hash);
|
T provider = (T) providers.get(hash);
|
||||||
if (provider == null) {
|
if (provider == null) {
|
||||||
ProviderFactory<T> providerFactory = factory.getProviderFactory(clazz, id);
|
ProviderFactory<T> providerFactory = factory.getProviderFactory(clazz, id);
|
||||||
|
|
||||||
if (providerFactory != null) {
|
if (providerFactory != null) {
|
||||||
provider = providerFactory.create(this);
|
provider = providerFactory.create(this);
|
||||||
providers.put(hash, provider);
|
providers.put(hash, provider);
|
||||||
|
|
36
services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java
Executable file → Normal file
36
services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java
Executable file → Normal file
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services;
|
package org.keycloak.services;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
|
@ -10,6 +25,7 @@ import org.keycloak.provider.ProviderEventListener;
|
||||||
import org.keycloak.provider.ProviderFactory;
|
import org.keycloak.provider.ProviderFactory;
|
||||||
import org.keycloak.provider.ProviderManager;
|
import org.keycloak.provider.ProviderManager;
|
||||||
import org.keycloak.provider.Spi;
|
import org.keycloak.provider.Spi;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
|
@ -22,7 +38,7 @@ import java.util.concurrent.CopyOnWriteArrayList;
|
||||||
|
|
||||||
public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
|
public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
|
||||||
|
|
||||||
private static final Logger log = Logger.getLogger(DefaultKeycloakSessionFactory.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private Map<Class<? extends Provider>, String> provider = new HashMap<Class<? extends Provider>, String>();
|
private Map<Class<? extends Provider>, String> provider = new HashMap<Class<? extends Provider>, String>();
|
||||||
private Map<Class<? extends Provider>, Map<String, ProviderFactory>> factoriesMap = new HashMap<Class<? extends Provider>, Map<String, ProviderFactory>>();
|
private Map<Class<? extends Provider>, Map<String, ProviderFactory>> factoriesMap = new HashMap<Class<? extends Provider>, Map<String, ProviderFactory>>();
|
||||||
|
@ -30,7 +46,7 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
|
||||||
|
|
||||||
// TODO: Likely should be changed to int and use Time.currentTime() to be compatible with all our "time" reps
|
// TODO: Likely should be changed to int and use Time.currentTime() to be compatible with all our "time" reps
|
||||||
protected long serverStartupTimestamp;
|
protected long serverStartupTimestamp;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void register(ProviderEventListener listener) {
|
public void register(ProviderEventListener listener) {
|
||||||
listeners.add(listener);
|
listeners.add(listener);
|
||||||
|
@ -50,7 +66,7 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
|
||||||
|
|
||||||
public void init() {
|
public void init() {
|
||||||
serverStartupTimestamp = System.currentTimeMillis();
|
serverStartupTimestamp = System.currentTimeMillis();
|
||||||
|
|
||||||
ProviderManager pm = new ProviderManager(getClass().getClassLoader(), Config.scope().getArray("providers"));
|
ProviderManager pm = new ProviderManager(getClass().getClassLoader(), Config.scope().getArray("providers"));
|
||||||
|
|
||||||
for (Spi spi : ServiceLoader.load(Spi.class, getClass().getClassLoader())) {
|
for (Spi spi : ServiceLoader.load(Spi.class, getClass().getClassLoader())) {
|
||||||
|
@ -70,12 +86,12 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
|
||||||
factory.init(scope);
|
factory.init(scope);
|
||||||
|
|
||||||
if (spi.isInternal() && !isInternal(factory)) {
|
if (spi.isInternal() && !isInternal(factory)) {
|
||||||
log.warnv("{0} ({1}) is implementing the internal SPI {2}. This SPI is internal and may change without notice", factory.getId(), factory.getClass().getName(), spi.getName());
|
logger.spiMayChange(factory.getId(), factory.getClass().getName(), spi.getName());
|
||||||
}
|
}
|
||||||
|
|
||||||
factories.put(factory.getId(), factory);
|
factories.put(factory.getId(), factory);
|
||||||
|
|
||||||
log.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider);
|
logger.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider);
|
||||||
} else {
|
} else {
|
||||||
for (ProviderFactory factory : pm.load(spi)) {
|
for (ProviderFactory factory : pm.load(spi)) {
|
||||||
Config.Scope scope = Config.scope(spi.getName(), factory.getId());
|
Config.Scope scope = Config.scope(spi.getName(), factory.getId());
|
||||||
|
@ -83,12 +99,12 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
|
||||||
factory.init(scope);
|
factory.init(scope);
|
||||||
|
|
||||||
if (spi.isInternal() && !isInternal(factory)) {
|
if (spi.isInternal() && !isInternal(factory)) {
|
||||||
log.warnv("{0} ({1}) is implementing the internal SPI {2}. This SPI is internal and may change without notice", factory.getId(), factory.getClass().getName(), spi.getName());
|
logger.spiMayChange(factory.getId(), factory.getClass().getName(), spi.getName());
|
||||||
}
|
}
|
||||||
|
|
||||||
factories.put(factory.getId(), factory);
|
factories.put(factory.getId(), factory);
|
||||||
} else {
|
} else {
|
||||||
log.debugv("SPI {0} provider {1} disabled", spi.getName(), factory.getId());
|
logger.debugv("SPI {0} provider {1} disabled", spi.getName(), factory.getId());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -96,9 +112,9 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
|
||||||
provider = factories.values().iterator().next().getId();
|
provider = factories.values().iterator().next().getId();
|
||||||
this.provider.put(spi.getProviderClass(), provider);
|
this.provider.put(spi.getProviderClass(), provider);
|
||||||
|
|
||||||
log.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider);
|
logger.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider);
|
||||||
} else {
|
} else {
|
||||||
log.debugv("Loaded SPI {0} (providers = {1})", spi.getName(), factories.keySet());
|
logger.debugv("Loaded SPI {0} (providers = {1})", spi.getName(), factories.keySet());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,24 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services;
|
package org.keycloak.services;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.models.KeycloakTransaction;
|
import org.keycloak.models.KeycloakTransaction;
|
||||||
import org.keycloak.models.KeycloakTransactionManager;
|
import org.keycloak.models.KeycloakTransactionManager;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -12,7 +28,7 @@ import java.util.List;
|
||||||
*/
|
*/
|
||||||
public class DefaultKeycloakTransactionManager implements KeycloakTransactionManager {
|
public class DefaultKeycloakTransactionManager implements KeycloakTransactionManager {
|
||||||
|
|
||||||
public static final Logger logger = Logger.getLogger(DefaultKeycloakTransactionManager.class);
|
public static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private List<KeycloakTransaction> transactions = new LinkedList<KeycloakTransaction>();
|
private List<KeycloakTransaction> transactions = new LinkedList<KeycloakTransaction>();
|
||||||
private List<KeycloakTransaction> afterCompletion = new LinkedList<KeycloakTransaction>();
|
private List<KeycloakTransaction> afterCompletion = new LinkedList<KeycloakTransaction>();
|
||||||
|
@ -75,7 +91,7 @@ public class DefaultKeycloakTransactionManager implements KeycloakTransactionMan
|
||||||
try {
|
try {
|
||||||
tx.rollback();
|
tx.rollback();
|
||||||
} catch (RuntimeException e) {
|
} catch (RuntimeException e) {
|
||||||
logger.error("Exception during rollback", e);
|
logger.exceptionDuringRollback(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
404
services/src/main/java/org/keycloak/services/ServicesLogger.java
Normal file
404
services/src/main/java/org/keycloak/services/ServicesLogger.java
Normal file
|
@ -0,0 +1,404 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.keycloak.services;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.net.URI;
|
||||||
|
import javax.naming.NamingException;
|
||||||
|
import org.jboss.logging.BasicLogger;
|
||||||
|
import org.jboss.logging.Logger;
|
||||||
|
import org.jboss.logging.annotations.Cause;
|
||||||
|
import org.jboss.logging.annotations.LogMessage;
|
||||||
|
import org.jboss.logging.annotations.Message;
|
||||||
|
import org.jboss.logging.annotations.MessageLogger;
|
||||||
|
|
||||||
|
import static org.jboss.logging.Logger.Level.ERROR;
|
||||||
|
import static org.jboss.logging.Logger.Level.FATAL;
|
||||||
|
import static org.jboss.logging.Logger.Level.INFO;
|
||||||
|
import static org.jboss.logging.Logger.Level.WARN;
|
||||||
|
import org.keycloak.email.EmailException;
|
||||||
|
import org.keycloak.events.EventListenerProvider;
|
||||||
|
import org.keycloak.models.ModelDuplicateException;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Main logger for the Keycloak Services module.
|
||||||
|
*
|
||||||
|
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
|
||||||
|
*/
|
||||||
|
@MessageLogger(projectCode="KC-SERVICES", length=4)
|
||||||
|
public interface ServicesLogger extends BasicLogger {
|
||||||
|
|
||||||
|
ServicesLogger ROOT_LOGGER = Logger.getMessageLogger(ServicesLogger.class, "org.keycloak.services");
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=1, value="Loading config from %s")
|
||||||
|
void loadingFrom(Object from);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=2, value="Failed to migrate datamodel")
|
||||||
|
void migrationFailure(@Cause Throwable t);
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=3, value="Not importing realm %s from %s. It already exists.")
|
||||||
|
void realmExists(String realmName, String from);
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=4, value="Imported realm %s from %s.")
|
||||||
|
void importedRealm(String realmName, String from);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=5, value="Unable to import realm %s from %s.")
|
||||||
|
void unableToImportRealm(@Cause Throwable t, String realmName, String from);
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=6, value="Importing users from '%s'")
|
||||||
|
void imprtingUsersFrom(Object from);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=7, value="Failed to load 'keycloak-add-user.json'")
|
||||||
|
void failedToLoadUsers(@Cause Throwable t);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=8, value="Failed to add user %s to realm %s: realm not found")
|
||||||
|
void addUserFailedRealmNotFound(String user, String realm);
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=9, value="Added user '%s' to realm '%s'")
|
||||||
|
void addUserSuccess(String user, String realm);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=10, value="Failed to add user '%s' to realm '%s': user with username exists")
|
||||||
|
void addUserFailedUserExists(String user, String realm);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=11, value="Failed to add user '%s' to realm '%s'")
|
||||||
|
void addUserFailed(@Cause Throwable t, String user, String realm);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=12, value="Failed to delete '%s'")
|
||||||
|
void failedToDeleteFile(String fileName);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=13, value="failed authentication")
|
||||||
|
void failedAuthentication(@Cause Throwable t);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=14, value="Failed client authentication")
|
||||||
|
void failedClientAuthentication(@Cause Throwable t);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=15, value="Unexpected error when authenticating client")
|
||||||
|
void errorAuthenticatingClient(@Cause Throwable t);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=16, value="Unknown flow to execute with")
|
||||||
|
void unknownFlow();
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=17, value="Unknown result status")
|
||||||
|
void unknownResultStatus();
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=18, value="Client %s doesn't have have authentication method configured. Fallback to %s")
|
||||||
|
void authMethodFallback(String clientId, String expectedClientAuthType);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=19, value="No duplication detected.")
|
||||||
|
void noDuplicationDetected();
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=20, value="%s is null. Reset flow and enforce showing reviewProfile page")
|
||||||
|
void resetFlow(String emailOrUserName);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=21, value="Failed to send email to confirm identity broker linking")
|
||||||
|
void confirmBrokerEmailFailed(@Cause Throwable t);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=22, value="Key parameter don't match with the expected value from client session")
|
||||||
|
void keyParamDoesNotMatch();
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=23, value="Smtp is not configured for the realm. Ignoring email verification authenticator")
|
||||||
|
void smtpNotConfigured();
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=24, value="")
|
||||||
|
void modelDuplicateException(@Cause ModelDuplicateException mde);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=25, value="Error when validating client assertion")
|
||||||
|
void errorValidatingAssertion(@Cause Throwable t);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=26, value="Failed to send password reset email")
|
||||||
|
void failedToSendPwdResetEmail(@Cause EmailException e);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=28, value="Recaptcha failed")
|
||||||
|
void recaptchaFailed(@Cause Exception e);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=29, value="Failed to send email")
|
||||||
|
void failedToSendEmail(@Cause Exception e);
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=30, value="Full model import requested. Strategy: %s")
|
||||||
|
void fullModelImport(String strategy);
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=31, value="Import of realm '%s' requested. Strategy: %s")
|
||||||
|
void realmImportRequested(String realmName, String strategy);
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=32, value="Import finished successfully")
|
||||||
|
void importSuccess();
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=33, value="Full model export requested")
|
||||||
|
void fullModelExportRequested();
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=34, value="Export of realm '%s' requested.")
|
||||||
|
void realmExportRequested(String realmName);
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=35, value="Export finished successfully")
|
||||||
|
void exportSuccess();
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=36, value="Error overwriting %s")
|
||||||
|
void overwriteError(@Cause Exception e, String name);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=37, value="Error creating %s")
|
||||||
|
void creationError(@Cause Exception e, String name);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=38, value="Error importing roles")
|
||||||
|
void roleImportError(@Cause Exception e);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=39, value="Untranslated protocol Error: %s so we return default SAML error")
|
||||||
|
void untranslatedProtocol(String errorName);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=40, value="Using deprecated 'directGrantsOnly' configuration in JSON representation. It will be removed in future versions")
|
||||||
|
void usingDeprecatedDirectGrantsOnly();
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=41, value="Invoking deprecated endpoint %s")
|
||||||
|
void invokingDeprecatedEndpoint(URI requestUri);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=42, value="Response_mode 'query' not allowed for implicit or hybrid flow")
|
||||||
|
void responseModeQueryNotAllowed();
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=43, value="Client session is null")
|
||||||
|
void clientSessionNull();
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=44, value="Client model in client session is null")
|
||||||
|
void clientModelNull();
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=45, value="Invalid token. Token verification failed.")
|
||||||
|
void invalidToken();
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=46, value="Multiple values found '%s' for protocol mapper '%s' but expected just single value")
|
||||||
|
void multipleValuesForMapper(String attrValue, String mapper);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=47, value="%s (%s) is implementing the internal SPI %s. This SPI is internal and may change without notice")
|
||||||
|
void spiMayChange(String factoryId, String factoryClass, String spiName);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=48, value="Exception during rollback")
|
||||||
|
void exceptionDuringRollback(@Cause RuntimeException e);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=49, value="%s")
|
||||||
|
void clientRegistrationException(String message);
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=50, value="Initializing %s realm")
|
||||||
|
void initializingAdminRealm(String adminRealmName);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=51, value="Failed to logout client, continuing")
|
||||||
|
void failedToLogoutClient(@Cause Exception e);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=52, value="Failed processing type")
|
||||||
|
void failedProcessingType(@Cause Exception e);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=53, value="login failure for user %s from ip %s")
|
||||||
|
void loginFailure(String user, String ip);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=54, value="Unknown action: %s")
|
||||||
|
void unknownAction(String action);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=55, value="%s")
|
||||||
|
void errorAuthenticating(@Cause Exception e, String message);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=56, value="Error when closing LDAP connection")
|
||||||
|
void errorClosingLDAP(@Cause NamingException ne);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=57, value="Logout for client '%s' failed")
|
||||||
|
void logoutFailed(@Cause IOException ioe, String clientId);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=58, value="Failed to send revocation request")
|
||||||
|
void failedToSendRevocation(@Cause IOException ioe);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=59, value="Availability test failed for uri '%s'")
|
||||||
|
void availabilityTestFailed(String managementUrl);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=60, value="Role '%s' not available in realm")
|
||||||
|
void roleNotInRealm(String offlineAccessRole);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=61, value="Error occurred during full sync of users")
|
||||||
|
void errorDuringFullUserSync(@Cause Throwable t);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=62, value="Error occurred during sync of changed users")
|
||||||
|
void errorDuringChangedUserSync(@Cause Throwable t);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=63, value="Failed to format message due to: %s")
|
||||||
|
void failedToFormatMessage(String cause);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=64, value="Failed to load messages")
|
||||||
|
void failedToloadMessages(@Cause IOException ioe);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=65, value="Failed to update Password")
|
||||||
|
void failedToUpdatePassword(@Cause Exception e);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=66, value="Could not fire event.")
|
||||||
|
void couldNotFireEvent(@Cause Exception e);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=67, value="failed to parse RestartLoginCookie")
|
||||||
|
void failedToParseRestartLoginCookie(@Cause Exception e);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=68, value="Not found serialized context in clientSession under note '%s'")
|
||||||
|
void notFoundSerializedCtxInClientSession(String noteKey);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=69, value="Flow not configured for identity provider '%s'")
|
||||||
|
void flowNotConfigForIDP(String identityProviderAlias);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=70, value="Not found configured flow with ID '%s' for identity provider '%s'")
|
||||||
|
void flowNotFoundForIDP(String flowId, String identityProviderAlias);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=71, value="required action doesn't match current required action")
|
||||||
|
void reqdActionDoesNotMatch();
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=72, value="Invalid key for email verification")
|
||||||
|
void invalidKeyForEmailVerification();
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=73, value="User session was null")
|
||||||
|
void userSessionNull();
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=74, value="Required action provider was null")
|
||||||
|
void actionProviderNull();
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=75, value="Failed to get theme request")
|
||||||
|
void failedToGetThemeRequest(@Cause Exception e);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=76, value="Rejected non-local attempt to create initial user from %s")
|
||||||
|
void rejectedNonLocalAttemptToCreateInitialUser(String remoteAddr);
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=77, value="Created initial admin user with username %s")
|
||||||
|
void createdInitialAdminUser(String userName);
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=78, value="Rejected attempt to create initial user as user is already created")
|
||||||
|
void initialUserAlreadyCreated();
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=79, value="Locale not specified for messages.json")
|
||||||
|
void localeNotSpecified();
|
||||||
|
|
||||||
|
@LogMessage(level = WARN)
|
||||||
|
@Message(id=80, value="Message bundle not found for language code '%s'")
|
||||||
|
void msgBundleNotFound(String lang);
|
||||||
|
|
||||||
|
@LogMessage(level = FATAL)
|
||||||
|
@Message(id=81, value="Message bundle not found for language code 'en'")
|
||||||
|
void msgBundleNotFoundForEn();
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=82, value="Admin Events enabled, but no event store provider configured")
|
||||||
|
void noEventStoreProvider();
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=83, value="Event listener '%s' registered, but provider not found")
|
||||||
|
void providerNotFound(String id);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=84, value="Failed to save event")
|
||||||
|
void failedToSaveEvent(@Cause Throwable t);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=85, value="Failed to send type to %s")
|
||||||
|
void failedToSendType(@Cause Throwable t, EventListenerProvider listener);
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=86, value="Added 'kerberos' to required realm credentials")
|
||||||
|
void addedKerberosToRealmCredentials();
|
||||||
|
|
||||||
|
@LogMessage(level = INFO)
|
||||||
|
@Message(id=87, value="Syncing data for mapper '%s' of type '%s'. Direction: %s")
|
||||||
|
void syncingDataForMapper(String modelName, String mapperType, String direction);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=88, value="Failed to send execute actions email")
|
||||||
|
void failedToSendActionsEmail(@Cause EmailException e);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=89, value="Failed to run scheduled task %s")
|
||||||
|
void failedToRunScheduledTask(@Cause Throwable t, String taskClass);
|
||||||
|
|
||||||
|
@LogMessage(level = ERROR)
|
||||||
|
@Message(id=90, value="Failed to close ProviderSession")
|
||||||
|
void failedToCloseProviderSession(@Cause Throwable t);
|
||||||
|
}
|
|
@ -1,12 +1,28 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.clientregistration.oidc;
|
package org.keycloak.services.clientregistration.oidc;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
import org.keycloak.events.EventBuilder;
|
import org.keycloak.events.EventBuilder;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.representations.oidc.OIDCClientRepresentation;
|
import org.keycloak.representations.oidc.OIDCClientRepresentation;
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
import org.keycloak.services.ErrorResponseException;
|
import org.keycloak.services.ErrorResponseException;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.clientregistration.AbstractClientRegistrationProvider;
|
import org.keycloak.services.clientregistration.AbstractClientRegistrationProvider;
|
||||||
import org.keycloak.services.clientregistration.ClientRegistrationAuth;
|
import org.keycloak.services.clientregistration.ClientRegistrationAuth;
|
||||||
import org.keycloak.services.clientregistration.ClientRegistrationException;
|
import org.keycloak.services.clientregistration.ClientRegistrationException;
|
||||||
|
@ -22,7 +38,7 @@ import java.net.URI;
|
||||||
*/
|
*/
|
||||||
public class OIDCClientRegistrationProvider extends AbstractClientRegistrationProvider {
|
public class OIDCClientRegistrationProvider extends AbstractClientRegistrationProvider {
|
||||||
|
|
||||||
private static final Logger log = Logger.getLogger(OIDCClientRegistrationProvider.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public OIDCClientRegistrationProvider(KeycloakSession session) {
|
public OIDCClientRegistrationProvider(KeycloakSession session) {
|
||||||
super(session);
|
super(session);
|
||||||
|
@ -44,7 +60,7 @@ public class OIDCClientRegistrationProvider extends AbstractClientRegistrationPr
|
||||||
clientOIDC.setClientIdIssuedAt(Time.currentTime());
|
clientOIDC.setClientIdIssuedAt(Time.currentTime());
|
||||||
return Response.created(uri).entity(clientOIDC).build();
|
return Response.created(uri).entity(clientOIDC).build();
|
||||||
} catch (ClientRegistrationException cre) {
|
} catch (ClientRegistrationException cre) {
|
||||||
log.error(cre.getMessage());
|
logger.clientRegistrationException(cre.getMessage());
|
||||||
throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client metadata invalid", Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client metadata invalid", Response.Status.BAD_REQUEST);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -69,7 +85,7 @@ public class OIDCClientRegistrationProvider extends AbstractClientRegistrationPr
|
||||||
clientOIDC = DescriptionConverter.toExternalResponse(client, uri);
|
clientOIDC = DescriptionConverter.toExternalResponse(client, uri);
|
||||||
return Response.ok(clientOIDC).build();
|
return Response.ok(clientOIDC).build();
|
||||||
} catch (ClientRegistrationException cre) {
|
} catch (ClientRegistrationException cre) {
|
||||||
log.error(cre.getMessage());
|
logger.clientRegistrationException(cre.getMessage());
|
||||||
throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client metadata invalid", Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client metadata invalid", Response.Status.BAD_REQUEST);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.managers;
|
package org.keycloak.services.managers;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.spi.UnauthorizedException;
|
import org.jboss.resteasy.spi.UnauthorizedException;
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
import org.keycloak.models.KeycloakContext;
|
import org.keycloak.models.KeycloakContext;
|
||||||
|
@ -16,8 +31,6 @@ import javax.ws.rs.core.UriInfo;
|
||||||
*/
|
*/
|
||||||
public class AppAuthManager extends AuthenticationManager {
|
public class AppAuthManager extends AuthenticationManager {
|
||||||
|
|
||||||
protected static Logger logger = Logger.getLogger(AppAuthManager.class);
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AuthResult authenticateIdentityCookie(KeycloakSession session, RealmModel realm) {
|
public AuthResult authenticateIdentityCookie(KeycloakSession session, RealmModel realm) {
|
||||||
AuthResult authResult = super.authenticateIdentityCookie(session, realm);
|
AuthResult authResult = super.authenticateIdentityCookie(session, realm);
|
||||||
|
|
|
@ -1,12 +1,28 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.managers;
|
package org.keycloak.services.managers;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.common.Version;
|
import org.keycloak.common.Version;
|
||||||
import org.keycloak.common.enums.SslRequired;
|
import org.keycloak.common.enums.SslRequired;
|
||||||
import org.keycloak.models.*;
|
import org.keycloak.models.*;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
|
@ -14,7 +30,7 @@ import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
*/
|
*/
|
||||||
public class ApplianceBootstrap {
|
public class ApplianceBootstrap {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(ApplianceBootstrap.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
|
|
||||||
public ApplianceBootstrap(KeycloakSession session) {
|
public ApplianceBootstrap(KeycloakSession session) {
|
||||||
|
@ -40,7 +56,7 @@ public class ApplianceBootstrap {
|
||||||
}
|
}
|
||||||
|
|
||||||
String adminRealmName = Config.getAdminRealm();
|
String adminRealmName = Config.getAdminRealm();
|
||||||
logger.info("Initializing " + adminRealmName + " realm");
|
logger.initializingAdminRealm(adminRealmName);
|
||||||
|
|
||||||
RealmManager manager = new RealmManager(session);
|
RealmManager manager = new RealmManager(session);
|
||||||
manager.setContextPath(contextPath);
|
manager.setContextPath(contextPath);
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
* as indicated by the @author tags. All rights reserved.
|
* as indicated by the @author tags. All rights reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
@ -16,7 +16,6 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.services.managers;
|
package org.keycloak.services.managers;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
|
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
|
@ -39,6 +38,7 @@ import org.keycloak.protocol.LoginProtocol;
|
||||||
import org.keycloak.protocol.LoginProtocol.Error;
|
import org.keycloak.protocol.LoginProtocol.Error;
|
||||||
import org.keycloak.protocol.oidc.TokenManager;
|
import org.keycloak.protocol.oidc.TokenManager;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.Urls;
|
import org.keycloak.services.Urls;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
import org.keycloak.services.resources.IdentityBrokerService;
|
import org.keycloak.services.resources.IdentityBrokerService;
|
||||||
|
@ -60,7 +60,7 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
public class AuthenticationManager {
|
public class AuthenticationManager {
|
||||||
public static final String END_AFTER_REQUIRED_ACTIONS = "END_AFTER_REQUIRED_ACTIONS";
|
public static final String END_AFTER_REQUIRED_ACTIONS = "END_AFTER_REQUIRED_ACTIONS";
|
||||||
protected static Logger logger = Logger.getLogger(AuthenticationManager.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
public static final String FORM_USERNAME = "username";
|
public static final String FORM_USERNAME = "username";
|
||||||
// used for auth login
|
// used for auth login
|
||||||
public static final String KEYCLOAK_IDENTITY_COOKIE = "KEYCLOAK_IDENTITY";
|
public static final String KEYCLOAK_IDENTITY_COOKIE = "KEYCLOAK_IDENTITY";
|
||||||
|
@ -195,7 +195,7 @@ public class AuthenticationManager {
|
||||||
protocol.backchannelLogout(userSession, clientSession);
|
protocol.backchannelLogout(userSession, clientSession);
|
||||||
clientSession.setAction(ClientSessionModel.Action.LOGGED_OUT.name());
|
clientSession.setAction(ClientSessionModel.Action.LOGGED_OUT.name());
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.warn("Failed to logout client, continuing", e);
|
logger.failedToLogoutClient(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -216,7 +216,7 @@ public class AuthenticationManager {
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.warn("Failed to logout client, continuing", e);
|
logger.failedToLogoutClient(e);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
20
services/src/main/java/org/keycloak/services/managers/ClientManager.java
Executable file → Normal file
20
services/src/main/java/org/keycloak/services/managers/ClientManager.java
Executable file → Normal file
|
@ -1,8 +1,23 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.managers;
|
package org.keycloak.services.managers;
|
||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonProperty;
|
import com.fasterxml.jackson.annotation.JsonProperty;
|
||||||
import com.fasterxml.jackson.annotation.JsonPropertyOrder;
|
import com.fasterxml.jackson.annotation.JsonPropertyOrder;
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.authentication.ClientAuthenticator;
|
import org.keycloak.authentication.ClientAuthenticator;
|
||||||
import org.keycloak.authentication.ClientAuthenticatorFactory;
|
import org.keycloak.authentication.ClientAuthenticatorFactory;
|
||||||
import org.keycloak.common.constants.ServiceAccountConstants;
|
import org.keycloak.common.constants.ServiceAccountConstants;
|
||||||
|
@ -21,6 +36,7 @@ import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
|
||||||
import org.keycloak.representations.adapters.config.BaseRealmConfig;
|
import org.keycloak.representations.adapters.config.BaseRealmConfig;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
@ -35,7 +51,7 @@ import java.util.TreeSet;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class ClientManager {
|
public class ClientManager {
|
||||||
protected Logger logger = Logger.getLogger(ClientManager.class);
|
protected ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
protected RealmManager realmManager;
|
protected RealmManager realmManager;
|
||||||
|
|
||||||
|
|
24
services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtector.java
Executable file → Normal file
24
services/src/main/java/org/keycloak/services/managers/DefaultBruteForceProtector.java
Executable file → Normal file
|
@ -1,12 +1,28 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.managers;
|
package org.keycloak.services.managers;
|
||||||
|
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UsernameLoginFailureModel;
|
import org.keycloak.models.UsernameLoginFailureModel;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
@ -21,7 +37,7 @@ import java.util.concurrent.TimeUnit;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class DefaultBruteForceProtector implements Runnable, BruteForceProtector {
|
public class DefaultBruteForceProtector implements Runnable, BruteForceProtector {
|
||||||
protected static Logger logger = Logger.getLogger(DefaultBruteForceProtector.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
protected volatile boolean run = true;
|
protected volatile boolean run = true;
|
||||||
protected int maxDeltaTimeSeconds = 60 * 60 * 12; // 12 hours
|
protected int maxDeltaTimeSeconds = 60 * 60 * 12; // 12 hours
|
||||||
|
@ -178,7 +194,7 @@ public class DefaultBruteForceProtector implements Runnable, BruteForceProtector
|
||||||
session.close();
|
session.close();
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error("Failed processing type", e);
|
logger.failedProcessingType(e);
|
||||||
}
|
}
|
||||||
} catch (InterruptedException e) {
|
} catch (InterruptedException e) {
|
||||||
break;
|
break;
|
||||||
|
@ -190,7 +206,7 @@ public class DefaultBruteForceProtector implements Runnable, BruteForceProtector
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void logFailure(LoginEvent event) {
|
protected void logFailure(LoginEvent event) {
|
||||||
logger.warn("login failure for user " + event.username + " from ip " + event.ip);
|
logger.loginFailure(event.username, event.ip);
|
||||||
failures++;
|
failures++;
|
||||||
long delta = 0;
|
long delta = 0;
|
||||||
if (lastFailure > 0) {
|
if (lastFailure > 0) {
|
||||||
|
|
|
@ -1,6 +1,22 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.managers;
|
package org.keycloak.services.managers;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import javax.naming.Context;
|
import javax.naming.Context;
|
||||||
import javax.naming.NamingException;
|
import javax.naming.NamingException;
|
||||||
|
@ -12,14 +28,14 @@ import java.util.Hashtable;
|
||||||
*/
|
*/
|
||||||
public class LDAPConnectionTestManager {
|
public class LDAPConnectionTestManager {
|
||||||
|
|
||||||
protected static final Logger logger = Logger.getLogger(LDAPConnectionTestManager.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static final String TEST_CONNECTION = "testConnection";
|
public static final String TEST_CONNECTION = "testConnection";
|
||||||
public static final String TEST_AUTHENTICATION = "testAuthentication";
|
public static final String TEST_AUTHENTICATION = "testAuthentication";
|
||||||
|
|
||||||
public boolean testLDAP(String action, String connectionUrl, String bindDn, String bindCredential) {
|
public boolean testLDAP(String action, String connectionUrl, String bindDn, String bindCredential) {
|
||||||
if (!TEST_CONNECTION.equals(action) && !TEST_AUTHENTICATION.equals(action)) {
|
if (!TEST_CONNECTION.equals(action) && !TEST_AUTHENTICATION.equals(action)) {
|
||||||
logger.error("Unknown action: " + action);
|
logger.unknownAction(action);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -44,14 +60,14 @@ public class LDAPConnectionTestManager {
|
||||||
return true;
|
return true;
|
||||||
} catch (Exception ne) {
|
} catch (Exception ne) {
|
||||||
String errorMessage = (TEST_AUTHENTICATION.equals(action)) ? "Error when authenticating to LDAP: " : "Error when connecting to LDAP: ";
|
String errorMessage = (TEST_AUTHENTICATION.equals(action)) ? "Error when authenticating to LDAP: " : "Error when connecting to LDAP: ";
|
||||||
logger.error(errorMessage + ne.getMessage(), ne);
|
logger.errorAuthenticating(ne, errorMessage + ne.getMessage());
|
||||||
return false;
|
return false;
|
||||||
} finally {
|
} finally {
|
||||||
if (ldapContext != null) {
|
if (ldapContext != null) {
|
||||||
try {
|
try {
|
||||||
ldapContext.close();
|
ldapContext.close();
|
||||||
} catch (NamingException ne) {
|
} catch (NamingException ne) {
|
||||||
logger.warn("Error when closing LDAP connection", ne);
|
logger.errorClosingLDAP(ne);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
* as indicated by the @author tags. All rights reserved.
|
* as indicated by the @author tags. All rights reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
@ -16,7 +16,6 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.services.managers;
|
package org.keycloak.services.managers;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.common.enums.SslRequired;
|
import org.keycloak.common.enums.SslRequired;
|
||||||
import org.keycloak.models.session.UserSessionPersisterProvider;
|
import org.keycloak.models.session.UserSessionPersisterProvider;
|
||||||
|
@ -61,7 +60,6 @@ import org.keycloak.protocol.ProtocolMapperUtils;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class RealmManager implements RealmImporter {
|
public class RealmManager implements RealmImporter {
|
||||||
protected static final Logger logger = Logger.getLogger(RealmManager.class);
|
|
||||||
|
|
||||||
protected KeycloakSession session;
|
protected KeycloakSession session;
|
||||||
protected RealmProvider model;
|
protected RealmProvider model;
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.managers;
|
package org.keycloak.services.managers;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.TokenIdGenerator;
|
import org.keycloak.TokenIdGenerator;
|
||||||
import org.keycloak.connections.httpclient.HttpClientProvider;
|
import org.keycloak.connections.httpclient.HttpClientProvider;
|
||||||
import org.keycloak.constants.AdapterConstants;
|
import org.keycloak.constants.AdapterConstants;
|
||||||
|
@ -15,6 +30,7 @@ import org.keycloak.representations.adapters.action.GlobalRequestResult;
|
||||||
import org.keycloak.representations.adapters.action.LogoutAction;
|
import org.keycloak.representations.adapters.action.LogoutAction;
|
||||||
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
|
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
|
||||||
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
|
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.util.ResolveRelative;
|
import org.keycloak.services.util.ResolveRelative;
|
||||||
import org.keycloak.common.util.KeycloakUriBuilder;
|
import org.keycloak.common.util.KeycloakUriBuilder;
|
||||||
import org.keycloak.common.util.MultivaluedHashMap;
|
import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
|
@ -37,7 +53,7 @@ import java.util.Set;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class ResourceAdminManager {
|
public class ResourceAdminManager {
|
||||||
protected static Logger logger = Logger.getLogger(ResourceAdminManager.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
private static final String CLIENT_SESSION_HOST_PROPERTY = "${application.session.host}";
|
private static final String CLIENT_SESSION_HOST_PROPERTY = "${application.session.host}";
|
||||||
|
|
||||||
private KeycloakSession session;
|
private KeycloakSession session;
|
||||||
|
@ -237,7 +253,7 @@ public class ResourceAdminManager {
|
||||||
logger.debugf("logout success for %s: %s", managementUrl, success);
|
logger.debugf("logout success for %s: %s", managementUrl, success);
|
||||||
return success;
|
return success;
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
logger.warn("Logout for client '" + resource.getClientId() + "' failed", e);
|
logger.logoutFailed(e, resource.getClientId());
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -288,7 +304,7 @@ public class ResourceAdminManager {
|
||||||
logger.debugf("pushRevocation success for %s: %s", managementUrl, success);
|
logger.debugf("pushRevocation success for %s: %s", managementUrl, success);
|
||||||
return success;
|
return success;
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
logger.warn("Failed to send revocation request", e);
|
logger.failedToSendRevocation(e);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -326,7 +342,7 @@ public class ResourceAdminManager {
|
||||||
logger.debugf("testAvailability success for %s: %s", managementUrl, success);
|
logger.debugf("testAvailability success for %s: %s", managementUrl, success);
|
||||||
return success;
|
return success;
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
logger.warn("Availability test failed for uri '" + managementUrl + "'", e);
|
logger.availabilityTestFailed(managementUrl);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,19 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.managers;
|
package org.keycloak.services.managers;
|
||||||
|
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
|
@ -5,7 +21,7 @@ import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.keycloak.common.util.Time;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.ClientSessionModel;
|
import org.keycloak.models.ClientSessionModel;
|
||||||
import org.keycloak.models.Constants;
|
import org.keycloak.models.Constants;
|
||||||
|
@ -16,7 +32,8 @@ import org.keycloak.models.RoleModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.UserSessionModel;
|
import org.keycloak.models.UserSessionModel;
|
||||||
import org.keycloak.models.session.UserSessionPersisterProvider;
|
import org.keycloak.models.session.UserSessionPersisterProvider;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
|
@ -24,7 +41,7 @@ import org.keycloak.common.util.Time;
|
||||||
*/
|
*/
|
||||||
public class UserSessionManager {
|
public class UserSessionManager {
|
||||||
|
|
||||||
protected static Logger logger = Logger.getLogger(UserSessionManager.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private final KeycloakSession kcSession;
|
private final KeycloakSession kcSession;
|
||||||
private final UserSessionPersisterProvider persister;
|
private final UserSessionPersisterProvider persister;
|
||||||
|
@ -119,7 +136,7 @@ public class UserSessionManager {
|
||||||
public boolean isOfflineTokenAllowed(ClientSessionModel clientSession) {
|
public boolean isOfflineTokenAllowed(ClientSessionModel clientSession) {
|
||||||
RoleModel offlineAccessRole = clientSession.getRealm().getRole(Constants.OFFLINE_ACCESS_ROLE);
|
RoleModel offlineAccessRole = clientSession.getRealm().getRole(Constants.OFFLINE_ACCESS_ROLE);
|
||||||
if (offlineAccessRole == null) {
|
if (offlineAccessRole == null) {
|
||||||
logger.warnf("Role '%s' not available in realm", Constants.OFFLINE_ACCESS_ROLE);
|
logger.roleNotInRealm(Constants.OFFLINE_ACCESS_ROLE);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,22 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.managers;
|
package org.keycloak.services.managers;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.keycloak.common.util.Time;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
import org.keycloak.models.KeycloakSessionTask;
|
import org.keycloak.models.KeycloakSessionTask;
|
||||||
|
@ -10,8 +26,9 @@ import org.keycloak.models.UserFederationProviderFactory;
|
||||||
import org.keycloak.models.UserFederationProviderModel;
|
import org.keycloak.models.UserFederationProviderModel;
|
||||||
import org.keycloak.models.UserFederationSyncResult;
|
import org.keycloak.models.UserFederationSyncResult;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.timer.TimerProvider;
|
import org.keycloak.timer.TimerProvider;
|
||||||
import org.keycloak.common.util.Time;
|
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
@ -20,7 +37,7 @@ import java.util.List;
|
||||||
*/
|
*/
|
||||||
public class UsersSyncManager {
|
public class UsersSyncManager {
|
||||||
|
|
||||||
protected static final Logger logger = Logger.getLogger(UsersSyncManager.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check federationProviderModel of all realms and possibly start periodic sync for them
|
* Check federationProviderModel of all realms and possibly start periodic sync for them
|
||||||
|
@ -69,7 +86,7 @@ public class UsersSyncManager {
|
||||||
try {
|
try {
|
||||||
syncAllUsers(sessionFactory, realmId, fedProvider);
|
syncAllUsers(sessionFactory, realmId, fedProvider);
|
||||||
} catch (Throwable t) {
|
} catch (Throwable t) {
|
||||||
logger.error("Error occurred during full sync of users", t);
|
logger.errorDuringFullUserSync(t);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -87,7 +104,7 @@ public class UsersSyncManager {
|
||||||
try {
|
try {
|
||||||
syncChangedUsers(sessionFactory, realmId, fedProvider);
|
syncChangedUsers(sessionFactory, realmId, fedProvider);
|
||||||
} catch (Throwable t) {
|
} catch (Throwable t) {
|
||||||
logger.error("Error occurred during sync of changed users", t);
|
logger.errorDuringChangedUserSync(t);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,19 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.messages;
|
package org.keycloak.services.messages;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
@ -5,16 +21,16 @@ import java.net.URL;
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
import java.util.Locale;
|
import java.util.Locale;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.messages.MessagesProvider;
|
import org.keycloak.messages.MessagesProvider;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:leonardo.zanivan@gmail.com">Leonardo Zanivan</a>
|
* @author <a href="mailto:leonardo.zanivan@gmail.com">Leonardo Zanivan</a>
|
||||||
*/
|
*/
|
||||||
public class AdminMessagesProvider implements MessagesProvider {
|
public class AdminMessagesProvider implements MessagesProvider {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(AdminMessagesProvider.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private KeycloakSession session;
|
private KeycloakSession session;
|
||||||
private Locale locale;
|
private Locale locale;
|
||||||
|
@ -33,7 +49,7 @@ public class AdminMessagesProvider implements MessagesProvider {
|
||||||
try {
|
try {
|
||||||
return new MessageFormat(message, locale).format(parameters);
|
return new MessageFormat(message, locale).format(parameters);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.warnf("Failed to format message due to: %s", e.getMessage());
|
logger.failedToFormatMessage(e.getMessage());
|
||||||
return message;
|
return message;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -55,7 +71,7 @@ public class AdminMessagesProvider implements MessagesProvider {
|
||||||
try {
|
try {
|
||||||
properties.load(url.openStream());
|
properties.load(url.openStream());
|
||||||
} catch (IOException ex) {
|
} catch (IOException ex) {
|
||||||
logger.warn("Failed to load messages", ex);
|
logger.failedToloadMessages(ex);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.spi.BadRequestException;
|
import org.jboss.resteasy.spi.BadRequestException;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.keycloak.AbstractOAuthClient;
|
import org.keycloak.AbstractOAuthClient;
|
||||||
|
@ -12,6 +27,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
||||||
import org.keycloak.services.ForbiddenException;
|
import org.keycloak.services.ForbiddenException;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.AppAuthManager;
|
import org.keycloak.services.managers.AppAuthManager;
|
||||||
import org.keycloak.services.managers.Auth;
|
import org.keycloak.services.managers.Auth;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
|
@ -39,7 +55,7 @@ import java.util.Set;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public abstract class AbstractSecuredLocalService {
|
public abstract class AbstractSecuredLocalService {
|
||||||
private static final Logger logger = Logger.getLogger(AbstractSecuredLocalService.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private static final String KEYCLOAK_STATE_CHECKER = "KEYCLOAK_STATE_CHECKER";
|
private static final String KEYCLOAK_STATE_CHECKER = "KEYCLOAK_STATE_CHECKER";
|
||||||
|
|
||||||
|
|
|
@ -51,6 +51,7 @@ import org.keycloak.protocol.oidc.utils.RedirectUtils;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
import org.keycloak.services.ForbiddenException;
|
import org.keycloak.services.ForbiddenException;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.Urls;
|
import org.keycloak.services.Urls;
|
||||||
import org.keycloak.services.managers.AppAuthManager;
|
import org.keycloak.services.managers.AppAuthManager;
|
||||||
import org.keycloak.services.managers.Auth;
|
import org.keycloak.services.managers.Auth;
|
||||||
|
@ -91,7 +92,7 @@ import java.util.UUID;
|
||||||
*/
|
*/
|
||||||
public class AccountService extends AbstractSecuredLocalService {
|
public class AccountService extends AbstractSecuredLocalService {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(AccountService.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private static Set<String> VALID_PATHS = new HashSet<String>();
|
private static Set<String> VALID_PATHS = new HashSet<String>();
|
||||||
static {
|
static {
|
||||||
|
@ -641,11 +642,11 @@ public class AccountService extends AbstractSecuredLocalService {
|
||||||
setReferrerOnPage();
|
setReferrerOnPage();
|
||||||
return account.setError(Messages.READ_ONLY_PASSWORD).createResponse(AccountPages.PASSWORD);
|
return account.setError(Messages.READ_ONLY_PASSWORD).createResponse(AccountPages.PASSWORD);
|
||||||
}catch (ModelException me) {
|
}catch (ModelException me) {
|
||||||
logger.error("Failed to update password", me);
|
logger.failedToUpdatePassword(me);
|
||||||
setReferrerOnPage();
|
setReferrerOnPage();
|
||||||
return account.setError(me.getMessage(), me.getParameters()).createResponse(AccountPages.PASSWORD);
|
return account.setError(me.getMessage(), me.getParameters()).createResponse(AccountPages.PASSWORD);
|
||||||
}catch (Exception ape) {
|
}catch (Exception ape) {
|
||||||
logger.error("Failed to update password", ape);
|
logger.failedToUpdatePassword(ape);
|
||||||
setReferrerOnPage();
|
setReferrerOnPage();
|
||||||
return account.setError(ape.getMessage()).createResponse(AccountPages.PASSWORD);
|
return account.setError(ape.getMessage()).createResponse(AccountPages.PASSWORD);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.spi.BadRequestException;
|
import org.jboss.resteasy.spi.BadRequestException;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.UnauthorizedException;
|
import org.jboss.resteasy.spi.UnauthorizedException;
|
||||||
|
@ -16,6 +31,7 @@ import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.protocol.oidc.utils.AuthorizeClientUtil;
|
import org.keycloak.protocol.oidc.utils.AuthorizeClientUtil;
|
||||||
import org.keycloak.services.ForbiddenException;
|
import org.keycloak.services.ForbiddenException;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
|
|
||||||
import javax.ws.rs.HeaderParam;
|
import javax.ws.rs.HeaderParam;
|
||||||
|
@ -38,7 +54,7 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public class ClientsManagementService {
|
public class ClientsManagementService {
|
||||||
|
|
||||||
protected static final Logger logger = Logger.getLogger(ClientsManagementService.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private RealmModel realm;
|
private RealmModel realm;
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,27 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.HttpResponse;
|
import org.jboss.resteasy.spi.HttpResponse;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.common.util.CollectionUtil;
|
import org.keycloak.common.util.CollectionUtil;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.Response.ResponseBuilder;
|
import javax.ws.rs.core.Response.ResponseBuilder;
|
||||||
|
@ -18,7 +34,7 @@ import java.util.concurrent.TimeUnit;
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
*/
|
*/
|
||||||
public class Cors {
|
public class Cors {
|
||||||
protected static final Logger logger = Logger.getLogger(Cors.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static final long DEFAULT_MAX_AGE = TimeUnit.HOURS.toSeconds(1);
|
public static final long DEFAULT_MAX_AGE = TimeUnit.HOURS.toSeconds(1);
|
||||||
public static final String DEFAULT_ALLOW_METHODS = "GET, HEAD, OPTIONS";
|
public static final String DEFAULT_ALLOW_METHODS = "GET, HEAD, OPTIONS";
|
||||||
|
|
44
services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
Executable file → Normal file
44
services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
Executable file → Normal file
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
* JBoss, Home of Professional Open Source
|
* JBoss, Home of Professional Open Source
|
||||||
*
|
*
|
||||||
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
|
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -17,7 +17,6 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
|
@ -60,6 +59,7 @@ import org.keycloak.services.managers.ClientSessionCode;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
import org.keycloak.services.ErrorPage;
|
import org.keycloak.services.ErrorPage;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.Urls;
|
import org.keycloak.services.Urls;
|
||||||
import org.keycloak.services.validation.Validation;
|
import org.keycloak.services.validation.Validation;
|
||||||
import org.keycloak.broker.social.SocialIdentityProvider;
|
import org.keycloak.broker.social.SocialIdentityProvider;
|
||||||
|
@ -93,7 +93,7 @@ import static org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_CLIENT_ID;
|
||||||
*/
|
*/
|
||||||
public class IdentityBrokerService implements IdentityProvider.AuthenticationCallback {
|
public class IdentityBrokerService implements IdentityProvider.AuthenticationCallback {
|
||||||
|
|
||||||
private static final Logger LOGGER = Logger.getLogger(IdentityBrokerService.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private final RealmModel realmModel;
|
private final RealmModel realmModel;
|
||||||
|
|
||||||
|
@ -138,7 +138,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
this.event.detail(Details.IDENTITY_PROVIDER, providerId);
|
this.event.detail(Details.IDENTITY_PROVIDER, providerId);
|
||||||
|
|
||||||
if (isDebugEnabled()) {
|
if (isDebugEnabled()) {
|
||||||
LOGGER.debugf("Sending authentication request to identity provider [%s].", providerId);
|
logger.debugf("Sending authentication request to identity provider [%s].", providerId);
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
@ -148,7 +148,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
|
|
||||||
if (response != null) {
|
if (response != null) {
|
||||||
if (isDebugEnabled()) {
|
if (isDebugEnabled()) {
|
||||||
LOGGER.debugf("Identity provider [%s] is going to send a request [%s].", identityProvider, response);
|
logger.debugf("Identity provider [%s] is going to send a request [%s].", identityProvider, response);
|
||||||
}
|
}
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
@ -252,7 +252,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
String providerId = identityProviderConfig.getAlias();
|
String providerId = identityProviderConfig.getAlias();
|
||||||
if (!identityProviderConfig.isStoreToken()) {
|
if (!identityProviderConfig.isStoreToken()) {
|
||||||
if (isDebugEnabled()) {
|
if (isDebugEnabled()) {
|
||||||
LOGGER.debugf("Token will not be stored for identity provider [%s].", providerId);
|
logger.debugf("Token will not be stored for identity provider [%s].", providerId);
|
||||||
}
|
}
|
||||||
context.setToken(null);
|
context.setToken(null);
|
||||||
}
|
}
|
||||||
|
@ -288,7 +288,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
|
|
||||||
if (federatedUser == null) {
|
if (federatedUser == null) {
|
||||||
|
|
||||||
LOGGER.debugf("Federated user not found for provider '%s' and broker username '%s' . Redirecting to flow for firstBrokerLogin", providerId, context.getUsername());
|
logger.debugf("Federated user not found for provider '%s' and broker username '%s' . Redirecting to flow for firstBrokerLogin", providerId, context.getUsername());
|
||||||
|
|
||||||
String username = context.getModelUsername();
|
String username = context.getModelUsername();
|
||||||
if (username == null) {
|
if (username == null) {
|
||||||
|
@ -371,7 +371,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
String isRegisteredNewUser = clientSession.getNote(AbstractIdpAuthenticator.BROKER_REGISTERED_NEW_USER);
|
String isRegisteredNewUser = clientSession.getNote(AbstractIdpAuthenticator.BROKER_REGISTERED_NEW_USER);
|
||||||
if (Boolean.parseBoolean(isRegisteredNewUser)) {
|
if (Boolean.parseBoolean(isRegisteredNewUser)) {
|
||||||
|
|
||||||
LOGGER.debugf("Registered new user '%s' after first login with identity provider '%s'. Identity provider username is '%s' . ", federatedUser.getUsername(), providerId, context.getUsername());
|
logger.debugf("Registered new user '%s' after first login with identity provider '%s'. Identity provider username is '%s' . ", federatedUser.getUsername(), providerId, context.getUsername());
|
||||||
|
|
||||||
context.getIdp().importNewUser(session, realmModel, federatedUser, context);
|
context.getIdp().importNewUser(session, realmModel, federatedUser, context);
|
||||||
Set<IdentityProviderMapperModel> mappers = realmModel.getIdentityProviderMappersByAlias(providerId);
|
Set<IdentityProviderMapperModel> mappers = realmModel.getIdentityProviderMappersByAlias(providerId);
|
||||||
|
@ -384,7 +384,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
}
|
}
|
||||||
|
|
||||||
if (context.getIdpConfig().isTrustEmail() && !Validation.isBlank(federatedUser.getEmail()) && !Boolean.parseBoolean(clientSession.getNote(AbstractIdpAuthenticator.UPDATE_PROFILE_EMAIL_CHANGED))) {
|
if (context.getIdpConfig().isTrustEmail() && !Validation.isBlank(federatedUser.getEmail()) && !Boolean.parseBoolean(clientSession.getNote(AbstractIdpAuthenticator.UPDATE_PROFILE_EMAIL_CHANGED))) {
|
||||||
LOGGER.debugf("Email verified automatically after registration of user '%s' through Identity provider '%s' ", federatedUser.getUsername(), context.getIdpConfig().getAlias());
|
logger.debugf("Email verified automatically after registration of user '%s' through Identity provider '%s' ", federatedUser.getUsername(), context.getIdpConfig().getAlias());
|
||||||
federatedUser.setEmailVerified(true);
|
federatedUser.setEmailVerified(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -394,7 +394,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
.success();
|
.success();
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
LOGGER.debugf("Linked existing keycloak user '%s' with identity provider '%s' . Identity provider username is '%s' .", federatedUser.getUsername(), providerId, context.getUsername());
|
logger.debugf("Linked existing keycloak user '%s' with identity provider '%s' . Identity provider username is '%s' .", federatedUser.getUsername(), providerId, context.getUsername());
|
||||||
|
|
||||||
event.event(EventType.FEDERATED_IDENTITY_LINK)
|
event.event(EventType.FEDERATED_IDENTITY_LINK)
|
||||||
.success();
|
.success();
|
||||||
|
@ -414,11 +414,11 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
String postBrokerLoginFlowId = context.getIdpConfig().getPostBrokerLoginFlowId();
|
String postBrokerLoginFlowId = context.getIdpConfig().getPostBrokerLoginFlowId();
|
||||||
if (postBrokerLoginFlowId == null) {
|
if (postBrokerLoginFlowId == null) {
|
||||||
|
|
||||||
LOGGER.debugf("Skip redirect to postBrokerLogin flow. PostBrokerLogin flow not set for identityProvider '%s'.", context.getIdpConfig().getAlias());
|
logger.debugf("Skip redirect to postBrokerLogin flow. PostBrokerLogin flow not set for identityProvider '%s'.", context.getIdpConfig().getAlias());
|
||||||
return afterPostBrokerLoginFlowSuccess(clientSession, context, wasFirstBrokerLogin);
|
return afterPostBrokerLoginFlowSuccess(clientSession, context, wasFirstBrokerLogin);
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
LOGGER.debugf("Redirect to postBrokerLogin flow after authentication with identityProvider '%s'.", context.getIdpConfig().getAlias());
|
logger.debugf("Redirect to postBrokerLogin flow after authentication with identityProvider '%s'.", context.getIdpConfig().getAlias());
|
||||||
|
|
||||||
clientSession.setTimestamp(Time.currentTime());
|
clientSession.setTimestamp(Time.currentTime());
|
||||||
|
|
||||||
|
@ -489,7 +489,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
|
|
||||||
boolean firstBrokerLoginInProgress = (clientSession.getNote(AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE) != null);
|
boolean firstBrokerLoginInProgress = (clientSession.getNote(AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE) != null);
|
||||||
if (firstBrokerLoginInProgress) {
|
if (firstBrokerLoginInProgress) {
|
||||||
LOGGER.debugf("Reauthenticated with broker '%s' when linking user '%s' with other broker", context.getIdpConfig().getAlias(), federatedUser.getUsername());
|
logger.debugf("Reauthenticated with broker '%s' when linking user '%s' with other broker", context.getIdpConfig().getAlias(), federatedUser.getUsername());
|
||||||
|
|
||||||
UserModel linkingUser = AbstractIdpAuthenticator.getExistingUser(session, realmModel, clientSession);
|
UserModel linkingUser = AbstractIdpAuthenticator.getExistingUser(session, realmModel, clientSession);
|
||||||
if (!linkingUser.getId().equals(federatedUser.getId())) {
|
if (!linkingUser.getId().equals(federatedUser.getId())) {
|
||||||
|
@ -517,7 +517,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
userSession.setNote(Details.IDENTITY_PROVIDER_USERNAME, context.getUsername());
|
userSession.setNote(Details.IDENTITY_PROVIDER_USERNAME, context.getUsername());
|
||||||
|
|
||||||
if (isDebugEnabled()) {
|
if (isDebugEnabled()) {
|
||||||
LOGGER.debugf("Performing local authentication for user [%s].", federatedUser);
|
logger.debugf("Performing local authentication for user [%s].", federatedUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
return AuthenticationProcessor.redirectToRequiredActions(realmModel, clientSession, uriInfo);
|
return AuthenticationProcessor.redirectToRequiredActions(realmModel, clientSession, uriInfo);
|
||||||
|
@ -553,7 +553,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
UserModel authenticatedUser = clientSession.getUserSession().getUser();
|
UserModel authenticatedUser = clientSession.getUserSession().getUser();
|
||||||
|
|
||||||
if (isDebugEnabled()) {
|
if (isDebugEnabled()) {
|
||||||
LOGGER.debugf("Linking account [%s] from identity provider [%s] to user [%s].", federatedIdentityModel, context.getIdpConfig().getAlias(), authenticatedUser);
|
logger.debugf("Linking account [%s] from identity provider [%s] to user [%s].", federatedIdentityModel, context.getIdpConfig().getAlias(), authenticatedUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!authenticatedUser.isEnabled()) {
|
if (!authenticatedUser.isEnabled()) {
|
||||||
|
@ -585,7 +585,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
this.session.users().updateFederatedIdentity(this.realmModel, federatedUser, federatedIdentityModel);
|
this.session.users().updateFederatedIdentity(this.realmModel, federatedUser, federatedIdentityModel);
|
||||||
|
|
||||||
if (isDebugEnabled()) {
|
if (isDebugEnabled()) {
|
||||||
LOGGER.debugf("Identity [%s] update with response from identity provider [%s].", federatedUser, context.getIdpConfig().getAlias());
|
logger.debugf("Identity [%s] update with response from identity provider [%s].", federatedUser, context.getIdpConfig().getAlias());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
context.getIdp().updateBrokeredUser(session, realmModel, federatedUser, context);
|
context.getIdp().updateBrokeredUser(session, realmModel, federatedUser, context);
|
||||||
|
@ -613,7 +613,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
throw new IdentityBrokerException("Invalid client");
|
throw new IdentityBrokerException("Invalid client");
|
||||||
}
|
}
|
||||||
|
|
||||||
LOGGER.debugf("Got authorization code from client [%s].", client.getClientId());
|
logger.debugf("Got authorization code from client [%s].", client.getClientId());
|
||||||
this.event.client(client);
|
this.event.client(client);
|
||||||
this.session.getContext().setClient(client);
|
this.session.getContext().setClient(client);
|
||||||
|
|
||||||
|
@ -623,7 +623,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isDebugEnabled()) {
|
if (isDebugEnabled()) {
|
||||||
LOGGER.debugf("Authorization code is valid.");
|
logger.debugf("Authorization code is valid.");
|
||||||
}
|
}
|
||||||
|
|
||||||
return clientCode;
|
return clientCode;
|
||||||
|
@ -777,15 +777,15 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
this.session.getTransaction().commit();
|
this.session.getTransaction().commit();
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
LOGGER.error("Could not fire event.", e);
|
logger.couldNotFireEvent(e);
|
||||||
rollback();
|
rollback();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (throwable != null) {
|
if (throwable != null) {
|
||||||
LOGGER.error(message, throwable);
|
logger.error(message, throwable);
|
||||||
} else {
|
} else {
|
||||||
LOGGER.error(message);
|
logger.error(message);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -794,7 +794,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean isDebugEnabled() {
|
private boolean isDebugEnabled() {
|
||||||
return LOGGER.isDebugEnabled();
|
return logger.isDebugEnabled();
|
||||||
}
|
}
|
||||||
|
|
||||||
private void rollback() {
|
private void rollback() {
|
||||||
|
|
49
services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
Executable file → Normal file
49
services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
Executable file → Normal file
|
@ -1,9 +1,25 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source
|
||||||
|
*
|
||||||
|
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.type.TypeReference;
|
import com.fasterxml.jackson.core.type.TypeReference;
|
||||||
import com.fasterxml.jackson.databind.JsonNode;
|
import com.fasterxml.jackson.databind.JsonNode;
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.core.Dispatcher;
|
import org.jboss.resteasy.core.Dispatcher;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
|
@ -15,6 +31,7 @@ import org.keycloak.models.utils.RepresentationToModel;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
import org.keycloak.services.DefaultKeycloakSessionFactory;
|
import org.keycloak.services.DefaultKeycloakSessionFactory;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.filters.KeycloakTransactionCommitter;
|
import org.keycloak.services.filters.KeycloakTransactionCommitter;
|
||||||
import org.keycloak.services.managers.ApplianceBootstrap;
|
import org.keycloak.services.managers.ApplianceBootstrap;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
@ -44,7 +61,7 @@ import java.util.*;
|
||||||
*/
|
*/
|
||||||
public class KeycloakApplication extends Application {
|
public class KeycloakApplication extends Application {
|
||||||
|
|
||||||
private static final Logger log = Logger.getLogger(KeycloakApplication.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
protected Set<Object> singletons = new HashSet<Object>();
|
protected Set<Object> singletons = new HashSet<Object>();
|
||||||
protected Set<Class<?>> classes = new HashSet<Class<?>>();
|
protected Set<Class<?>> classes = new HashSet<Class<?>>();
|
||||||
|
@ -135,7 +152,7 @@ public class KeycloakApplication extends Application {
|
||||||
session.getTransaction().commit();
|
session.getTransaction().commit();
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
session.getTransaction().rollback();
|
session.getTransaction().rollback();
|
||||||
log.error("Failed to migrate datamodel", e);
|
logger.migrationFailure(e);
|
||||||
} finally {
|
} finally {
|
||||||
session.close();
|
session.close();
|
||||||
}
|
}
|
||||||
|
@ -163,7 +180,7 @@ public class KeycloakApplication extends Application {
|
||||||
if (configDir != null) {
|
if (configDir != null) {
|
||||||
File f = new File(configDir + File.separator + "keycloak-server.json");
|
File f = new File(configDir + File.separator + "keycloak-server.json");
|
||||||
if (f.isFile()) {
|
if (f.isFile()) {
|
||||||
log.info("Load config from " + f.getAbsolutePath());
|
logger.loadingFrom(f.getAbsolutePath());
|
||||||
node = new ObjectMapper().readTree(f);
|
node = new ObjectMapper().readTree(f);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -171,7 +188,7 @@ public class KeycloakApplication extends Application {
|
||||||
if (node == null) {
|
if (node == null) {
|
||||||
URL resource = Thread.currentThread().getContextClassLoader().getResource("META-INF/keycloak-server.json");
|
URL resource = Thread.currentThread().getContextClassLoader().getResource("META-INF/keycloak-server.json");
|
||||||
if (resource != null) {
|
if (resource != null) {
|
||||||
log.info("Load config from " + resource);
|
logger.loadingFrom(resource);
|
||||||
node = new ObjectMapper().readTree(resource);
|
node = new ObjectMapper().readTree(resource);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -247,22 +264,22 @@ public class KeycloakApplication extends Application {
|
||||||
manager.setContextPath(getContextPath());
|
manager.setContextPath(getContextPath());
|
||||||
|
|
||||||
if (rep.getId() != null && manager.getRealm(rep.getId()) != null) {
|
if (rep.getId() != null && manager.getRealm(rep.getId()) != null) {
|
||||||
log.info("Not importing realm " + rep.getRealm() + " from " + from + ". It already exists.");
|
logger.realmExists(rep.getRealm(), from);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (manager.getRealmByName(rep.getRealm()) != null) {
|
if (manager.getRealmByName(rep.getRealm()) != null) {
|
||||||
log.info("Not importing realm " + rep.getRealm() + " from " + from + ". It already exists.");
|
logger.realmExists(rep.getRealm(), from);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
RealmModel realm = manager.importRealm(rep);
|
RealmModel realm = manager.importRealm(rep);
|
||||||
session.getTransaction().commit();
|
session.getTransaction().commit();
|
||||||
log.info("Imported realm " + realm.getName() + " from " + from);
|
logger.importedRealm(realm.getName(), from);
|
||||||
} catch (Throwable t) {
|
} catch (Throwable t) {
|
||||||
session.getTransaction().rollback();
|
session.getTransaction().rollback();
|
||||||
log.warn("Unable to import realm " + rep.getRealm() + " from " + from + ". Cause: " + t.getMessage());
|
logger.unableToImportRealm(t, rep.getRealm(), from);
|
||||||
}
|
}
|
||||||
} finally {
|
} finally {
|
||||||
session.close();
|
session.close();
|
||||||
|
@ -274,14 +291,14 @@ public class KeycloakApplication extends Application {
|
||||||
if (configDir != null) {
|
if (configDir != null) {
|
||||||
File addUserFile = new File(configDir + File.separator + "keycloak-add-user.json");
|
File addUserFile = new File(configDir + File.separator + "keycloak-add-user.json");
|
||||||
if (addUserFile.isFile()) {
|
if (addUserFile.isFile()) {
|
||||||
log.info("Importing users from '" + addUserFile + "'");
|
logger.imprtingUsersFrom(addUserFile);
|
||||||
|
|
||||||
List<RealmRepresentation> realms;
|
List<RealmRepresentation> realms;
|
||||||
try {
|
try {
|
||||||
realms = JsonSerialization.readValue(new FileInputStream(addUserFile), new TypeReference<List<RealmRepresentation>>() {
|
realms = JsonSerialization.readValue(new FileInputStream(addUserFile), new TypeReference<List<RealmRepresentation>>() {
|
||||||
});
|
});
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
log.errorv("Failed to load 'keycloak-add-user.json': {0}", e.getMessage());
|
logger.failedToLoadUsers(e);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -293,7 +310,7 @@ public class KeycloakApplication extends Application {
|
||||||
|
|
||||||
RealmModel realm = session.realms().getRealmByName(realmRep.getRealm());
|
RealmModel realm = session.realms().getRealmByName(realmRep.getRealm());
|
||||||
if (realm == null) {
|
if (realm == null) {
|
||||||
log.errorv("Failed to add user ''{0}'' to realm ''{1}'': realm not found", userRep.getUsername(), realmRep.getRealm());
|
logger.addUserFailedRealmNotFound(userRep.getUsername(), realmRep.getRealm());
|
||||||
} else {
|
} else {
|
||||||
UserModel user = session.users().addUser(realm, userRep.getUsername());
|
UserModel user = session.users().addUser(realm, userRep.getUsername());
|
||||||
user.setEnabled(userRep.isEnabled());
|
user.setEnabled(userRep.isEnabled());
|
||||||
|
@ -302,12 +319,12 @@ public class KeycloakApplication extends Application {
|
||||||
}
|
}
|
||||||
|
|
||||||
session.getTransaction().commit();
|
session.getTransaction().commit();
|
||||||
log.infov("Added user ''{0}'' to realm ''{1}''", userRep.getUsername(), realmRep.getRealm());
|
logger.addUserSuccess(userRep.getUsername(), realmRep.getRealm());
|
||||||
} catch (ModelDuplicateException e) {
|
} catch (ModelDuplicateException e) {
|
||||||
log.errorv("Failed to add user ''{0}'' to realm ''{1}'': user with username exists", userRep.getUsername(), realmRep.getRealm());
|
logger.addUserFailedUserExists(userRep.getUsername(), realmRep.getRealm());
|
||||||
} catch (Throwable t) {
|
} catch (Throwable t) {
|
||||||
session.getTransaction().rollback();
|
session.getTransaction().rollback();
|
||||||
log.errorv("Failed to add user ''{0}'' to realm ''{1}'': {2}", userRep.getUsername(), realmRep.getRealm(), t.getMessage());
|
logger.addUserFailed(t, userRep.getUsername(), realmRep.getRealm());
|
||||||
} finally {
|
} finally {
|
||||||
session.close();
|
session.close();
|
||||||
}
|
}
|
||||||
|
@ -315,7 +332,7 @@ public class KeycloakApplication extends Application {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!addUserFile.delete()) {
|
if (!addUserFile.delete()) {
|
||||||
log.errorv("Failed to delete '{0}'", addUserFile.getAbsolutePath());
|
logger.failedToDeleteFile(addUserFile.getAbsolutePath());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,7 +21,6 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator;
|
import org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator;
|
||||||
import org.keycloak.authentication.authenticators.broker.util.PostBrokerLoginConstants;
|
import org.keycloak.authentication.authenticators.broker.util.PostBrokerLoginConstants;
|
||||||
|
@ -63,6 +62,7 @@ import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||||
import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
|
import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
|
||||||
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
|
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
|
||||||
import org.keycloak.services.ErrorPage;
|
import org.keycloak.services.ErrorPage;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.Urls;
|
import org.keycloak.services.Urls;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.ClientSessionCode;
|
import org.keycloak.services.managers.ClientSessionCode;
|
||||||
|
@ -91,7 +91,7 @@ import java.net.URI;
|
||||||
*/
|
*/
|
||||||
public class LoginActionsService {
|
public class LoginActionsService {
|
||||||
|
|
||||||
protected static final Logger logger = Logger.getLogger(LoginActionsService.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public static final String ACTION_COOKIE = "KEYCLOAK_ACTION";
|
public static final String ACTION_COOKIE = "KEYCLOAK_ACTION";
|
||||||
public static final String AUTHENTICATE_PATH = "authenticate";
|
public static final String AUTHENTICATE_PATH = "authenticate";
|
||||||
|
@ -225,7 +225,7 @@ public class LoginActionsService {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error("failed to parse RestartLoginCookie", e);
|
logger.failedToParseRestartLoginCookie(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
event.error(Errors.INVALID_CODE);
|
event.error(Errors.INVALID_CODE);
|
||||||
|
@ -527,7 +527,7 @@ public class LoginActionsService {
|
||||||
String noteKey = firstBrokerLogin ? AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE : PostBrokerLoginConstants.PBL_BROKERED_IDENTITY_CONTEXT;
|
String noteKey = firstBrokerLogin ? AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE : PostBrokerLoginConstants.PBL_BROKERED_IDENTITY_CONTEXT;
|
||||||
SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromClientSession(clientSessionn, noteKey);
|
SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromClientSession(clientSessionn, noteKey);
|
||||||
if (serializedCtx == null) {
|
if (serializedCtx == null) {
|
||||||
logger.errorf("Not found serialized context in clientSession under note '%s'", noteKey);
|
logger.notFoundSerializedCtxInClientSession(noteKey);
|
||||||
throw new WebApplicationException(ErrorPage.error(session, "Not found serialized context in clientSession."));
|
throw new WebApplicationException(ErrorPage.error(session, "Not found serialized context in clientSession."));
|
||||||
}
|
}
|
||||||
BrokeredIdentityContext brokerContext = serializedCtx.deserialize(session, clientSessionn);
|
BrokeredIdentityContext brokerContext = serializedCtx.deserialize(session, clientSessionn);
|
||||||
|
@ -535,12 +535,12 @@ public class LoginActionsService {
|
||||||
|
|
||||||
String flowId = firstBrokerLogin ? brokerContext.getIdpConfig().getFirstBrokerLoginFlowId() : brokerContext.getIdpConfig().getPostBrokerLoginFlowId();
|
String flowId = firstBrokerLogin ? brokerContext.getIdpConfig().getFirstBrokerLoginFlowId() : brokerContext.getIdpConfig().getPostBrokerLoginFlowId();
|
||||||
if (flowId == null) {
|
if (flowId == null) {
|
||||||
logger.errorf("Flow not configured for identity provider '%s'", identityProviderAlias);
|
logger.flowNotConfigForIDP(identityProviderAlias);
|
||||||
throw new WebApplicationException(ErrorPage.error(session, "Flow not configured for identity provider"));
|
throw new WebApplicationException(ErrorPage.error(session, "Flow not configured for identity provider"));
|
||||||
}
|
}
|
||||||
AuthenticationFlowModel brokerLoginFlow = realm.getAuthenticationFlowById(flowId);
|
AuthenticationFlowModel brokerLoginFlow = realm.getAuthenticationFlowById(flowId);
|
||||||
if (brokerLoginFlow == null) {
|
if (brokerLoginFlow == null) {
|
||||||
logger.errorf("Not found configured flow with ID '%s' for identity provider '%s'", flowId, identityProviderAlias);
|
logger.flowNotFoundForIDP(flowId, identityProviderAlias);
|
||||||
throw new WebApplicationException(ErrorPage.error(session, "Flow not found for identity provider"));
|
throw new WebApplicationException(ErrorPage.error(session, "Flow not found for identity provider"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -659,7 +659,7 @@ public class LoginActionsService {
|
||||||
ClientSessionCode accessCode = checks.clientCode;
|
ClientSessionCode accessCode = checks.clientCode;
|
||||||
ClientSessionModel clientSession = accessCode.getClientSession();
|
ClientSessionModel clientSession = accessCode.getClientSession();
|
||||||
if (!ClientSessionModel.Action.VERIFY_EMAIL.name().equals(clientSession.getNote(AuthenticationManager.CURRENT_REQUIRED_ACTION))) {
|
if (!ClientSessionModel.Action.VERIFY_EMAIL.name().equals(clientSession.getNote(AuthenticationManager.CURRENT_REQUIRED_ACTION))) {
|
||||||
logger.error("required action doesn't match current required action");
|
logger.reqdActionDoesNotMatch();
|
||||||
event.error(Errors.INVALID_CODE);
|
event.error(Errors.INVALID_CODE);
|
||||||
throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
|
throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
|
||||||
}
|
}
|
||||||
|
@ -672,7 +672,7 @@ public class LoginActionsService {
|
||||||
String keyFromSession = clientSession.getNote(Constants.VERIFY_EMAIL_KEY);
|
String keyFromSession = clientSession.getNote(Constants.VERIFY_EMAIL_KEY);
|
||||||
clientSession.removeNote(Constants.VERIFY_EMAIL_KEY);
|
clientSession.removeNote(Constants.VERIFY_EMAIL_KEY);
|
||||||
if (!key.equals(keyFromSession)) {
|
if (!key.equals(keyFromSession)) {
|
||||||
logger.error("Invalid key for email verification");
|
logger.invalidKeyForEmailVerification();
|
||||||
event.error(Errors.INVALID_USER_CREDENTIALS);
|
event.error(Errors.INVALID_USER_CREDENTIALS);
|
||||||
throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
|
throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
|
||||||
}
|
}
|
||||||
|
@ -813,7 +813,7 @@ public class LoginActionsService {
|
||||||
final ClientSessionModel clientSession = clientCode.getClientSession();
|
final ClientSessionModel clientSession = clientCode.getClientSession();
|
||||||
|
|
||||||
if (clientSession.getUserSession() == null) {
|
if (clientSession.getUserSession() == null) {
|
||||||
logger.error("user session was null");
|
logger.userSessionNull();
|
||||||
event.error(Errors.USER_SESSION_NOT_FOUND);
|
event.error(Errors.USER_SESSION_NOT_FOUND);
|
||||||
throw new WebApplicationException(ErrorPage.error(session, Messages.SESSION_NOT_ACTIVE));
|
throw new WebApplicationException(ErrorPage.error(session, Messages.SESSION_NOT_ACTIVE));
|
||||||
}
|
}
|
||||||
|
@ -831,7 +831,7 @@ public class LoginActionsService {
|
||||||
|
|
||||||
RequiredActionFactory factory = (RequiredActionFactory)session.getKeycloakSessionFactory().getProviderFactory(RequiredActionProvider.class, action);
|
RequiredActionFactory factory = (RequiredActionFactory)session.getKeycloakSessionFactory().getProviderFactory(RequiredActionProvider.class, action);
|
||||||
if (factory == null) {
|
if (factory == null) {
|
||||||
logger.error("required action provider was null");
|
logger.actionProviderNull();
|
||||||
event.error(Errors.INVALID_CODE);
|
event.error(Errors.INVALID_CODE);
|
||||||
throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
|
throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,20 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source
|
||||||
|
*
|
||||||
|
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import javax.ws.rs.core.Context;
|
import javax.ws.rs.core.Context;
|
||||||
|
@ -5,11 +22,11 @@ import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.ext.ExceptionMapper;
|
import javax.ws.rs.ext.ExceptionMapper;
|
||||||
import javax.ws.rs.ext.Provider;
|
import javax.ws.rs.ext.Provider;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.messages.MessagesProvider;
|
import org.keycloak.messages.MessagesProvider;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.ModelException;
|
import org.keycloak.models.ModelException;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:leonardo.zanivan@gmail.com">Leonardo Zanivan</a>
|
* @author <a href="mailto:leonardo.zanivan@gmail.com">Leonardo Zanivan</a>
|
||||||
|
@ -17,7 +34,7 @@ import org.keycloak.services.ErrorResponse;
|
||||||
@Provider
|
@Provider
|
||||||
public class ModelExceptionMapper implements ExceptionMapper<ModelException> {
|
public class ModelExceptionMapper implements ExceptionMapper<ModelException> {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(ModelExceptionMapper.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
private KeycloakSession session;
|
private KeycloakSession session;
|
||||||
|
|
|
@ -1,12 +1,29 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source
|
||||||
|
*
|
||||||
|
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.HttpResponse;
|
import org.jboss.resteasy.spi.HttpResponse;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
||||||
import org.keycloak.representations.idm.PublishedRealmRepresentation;
|
import org.keycloak.representations.idm.PublishedRealmRepresentation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.resources.admin.AdminRoot;
|
import org.keycloak.services.resources.admin.AdminRoot;
|
||||||
|
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
|
@ -25,7 +42,7 @@ import javax.ws.rs.core.UriInfo;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class PublicRealmResource {
|
public class PublicRealmResource {
|
||||||
protected static final Logger logger = Logger.getLogger(PublicRealmResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
protected UriInfo uriInfo;
|
protected UriInfo uriInfo;
|
||||||
|
|
|
@ -1,6 +1,22 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source
|
||||||
|
*
|
||||||
|
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
|
@ -13,6 +29,7 @@ import org.keycloak.protocol.LoginProtocol;
|
||||||
import org.keycloak.protocol.LoginProtocolFactory;
|
import org.keycloak.protocol.LoginProtocolFactory;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.clientregistration.ClientRegistrationService;
|
import org.keycloak.services.clientregistration.ClientRegistrationService;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.util.CacheControlUtil;
|
import org.keycloak.services.util.CacheControlUtil;
|
||||||
|
@ -31,7 +48,7 @@ import javax.ws.rs.core.*;
|
||||||
*/
|
*/
|
||||||
@Path("/realms")
|
@Path("/realms")
|
||||||
public class RealmsResource {
|
public class RealmsResource {
|
||||||
protected static Logger logger = Logger.getLogger(RealmsResource.class);
|
protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
protected KeycloakSession session;
|
protected KeycloakSession session;
|
||||||
|
|
|
@ -1,10 +1,27 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source
|
||||||
|
*
|
||||||
|
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.HttpResponse;
|
import org.jboss.resteasy.spi.HttpResponse;
|
||||||
import org.keycloak.representations.VersionRepresentation;
|
import org.keycloak.representations.VersionRepresentation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.OPTIONS;
|
import javax.ws.rs.OPTIONS;
|
||||||
|
@ -21,7 +38,7 @@ import javax.ws.rs.core.Response;
|
||||||
@Path("/version")
|
@Path("/version")
|
||||||
public class ServerVersionResource {
|
public class ServerVersionResource {
|
||||||
|
|
||||||
protected static final Logger logger = Logger.getLogger(ServerVersionResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
protected HttpRequest request;
|
protected HttpRequest request;
|
||||||
|
|
23
services/src/main/java/org/keycloak/services/resources/ThemeResource.java
Executable file → Normal file
23
services/src/main/java/org/keycloak/services/resources/ThemeResource.java
Executable file → Normal file
|
@ -1,11 +1,28 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source
|
||||||
|
*
|
||||||
|
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.common.Version;
|
import org.keycloak.common.Version;
|
||||||
import org.keycloak.theme.Theme;
|
import org.keycloak.theme.Theme;
|
||||||
import org.keycloak.theme.ThemeProvider;
|
import org.keycloak.theme.ThemeProvider;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.common.util.MimeTypeUtil;
|
import org.keycloak.common.util.MimeTypeUtil;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.util.CacheControlUtil;
|
import org.keycloak.services.util.CacheControlUtil;
|
||||||
|
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
|
@ -23,7 +40,7 @@ import java.io.InputStream;
|
||||||
@Path("/resources")
|
@Path("/resources")
|
||||||
public class ThemeResource {
|
public class ThemeResource {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(ThemeResource.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
private KeycloakSession session;
|
private KeycloakSession session;
|
||||||
|
@ -53,7 +70,7 @@ public class ThemeResource {
|
||||||
return Response.status(Response.Status.NOT_FOUND).build();
|
return Response.status(Response.Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.warn("Failed to get theme resource", e);
|
logger.failedToGetThemeRequest(e);
|
||||||
return Response.serverError().build();
|
return Response.serverError().build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,12 +1,29 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source
|
||||||
|
*
|
||||||
|
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.theme.FreeMarkerUtil;
|
import org.keycloak.theme.FreeMarkerUtil;
|
||||||
import org.keycloak.theme.Theme;
|
import org.keycloak.theme.Theme;
|
||||||
import org.keycloak.theme.ThemeProvider;
|
import org.keycloak.theme.ThemeProvider;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.common.util.MimeTypeUtil;
|
import org.keycloak.common.util.MimeTypeUtil;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.ApplianceBootstrap;
|
import org.keycloak.services.managers.ApplianceBootstrap;
|
||||||
import org.keycloak.services.util.CacheControlUtil;
|
import org.keycloak.services.util.CacheControlUtil;
|
||||||
|
|
||||||
|
@ -27,7 +44,7 @@ import java.util.Map;
|
||||||
@Path("/")
|
@Path("/")
|
||||||
public class WelcomeResource {
|
public class WelcomeResource {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(WelcomeResource.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private boolean bootstrap;
|
private boolean bootstrap;
|
||||||
|
|
||||||
|
@ -69,7 +86,7 @@ public class WelcomeResource {
|
||||||
return createWelcomePage(null, null);
|
return createWelcomePage(null, null);
|
||||||
} else {
|
} else {
|
||||||
if (!isLocal()) {
|
if (!isLocal()) {
|
||||||
logger.errorv("Rejected non-local attempt to create initial user from {0}", session.getContext().getConnection().getRemoteAddr());
|
logger.rejectedNonLocalAttemptToCreateInitialUser(session.getContext().getConnection().getRemoteAddr());
|
||||||
throw new WebApplicationException(Response.Status.BAD_REQUEST);
|
throw new WebApplicationException(Response.Status.BAD_REQUEST);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -94,10 +111,10 @@ public class WelcomeResource {
|
||||||
bootstrap = false;
|
bootstrap = false;
|
||||||
applianceBootstrap.createMasterRealmUser(username, password);
|
applianceBootstrap.createMasterRealmUser(username, password);
|
||||||
|
|
||||||
logger.infov("Created initial admin user with username {0}", username);
|
logger.createdInitialAdminUser(username);
|
||||||
return createWelcomePage("User created", null);
|
return createWelcomePage("User created", null);
|
||||||
} else {
|
} else {
|
||||||
logger.warnv("Rejected attempt to create initial user as user is already created");
|
logger.initialUserAlreadyCreated();
|
||||||
return createWelcomePage(null, "Users already exists");
|
return createWelcomePage(null, "Users already exists");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
26
services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
Executable file → Normal file
26
services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
Executable file → Normal file
|
@ -1,7 +1,22 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonProperty;
|
import com.fasterxml.jackson.annotation.JsonProperty;
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.HttpResponse;
|
import org.jboss.resteasy.spi.HttpResponse;
|
||||||
|
@ -21,6 +36,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.RoleModel;
|
import org.keycloak.models.RoleModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.AppAuthManager;
|
import org.keycloak.services.managers.AppAuthManager;
|
||||||
import org.keycloak.services.managers.ClientManager;
|
import org.keycloak.services.managers.ClientManager;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
|
@ -48,7 +64,7 @@ import javax.ws.rs.QueryParam;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class AdminConsole {
|
public class AdminConsole {
|
||||||
protected static final Logger logger = Logger.getLogger(AdminConsole.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
protected UriInfo uriInfo;
|
protected UriInfo uriInfo;
|
||||||
|
@ -302,18 +318,18 @@ public class AdminConsole {
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Properties getMessages(@QueryParam("lang") String lang) {
|
public Properties getMessages(@QueryParam("lang") String lang) {
|
||||||
if (lang == null) {
|
if (lang == null) {
|
||||||
logger.warn("Locale not specified for messages.json");
|
logger.localeNotSpecified();
|
||||||
lang = "en";
|
lang = "en";
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
Properties msgs = getTheme().getMessages("admin-messages", Locale.forLanguageTag(lang));
|
Properties msgs = getTheme().getMessages("admin-messages", Locale.forLanguageTag(lang));
|
||||||
if (msgs.isEmpty()) {
|
if (msgs.isEmpty()) {
|
||||||
logger.warn("Message bundle not found for language code '" + lang + "'");
|
logger.msgBundleNotFound(lang);
|
||||||
msgs = getTheme().getMessages("admin-messages", Locale.ENGLISH);
|
msgs = getTheme().getMessages("admin-messages", Locale.ENGLISH);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (msgs.isEmpty()) logger.fatal("Message bundle not found for language code 'en'");
|
if (msgs.isEmpty()) logger.msgBundleNotFoundForEn();
|
||||||
|
|
||||||
return msgs;
|
return msgs;
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
|
|
|
@ -1,10 +1,25 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
import org.keycloak.events.EventListenerProvider;
|
import org.keycloak.events.EventListenerProvider;
|
||||||
import org.keycloak.events.EventStoreProvider;
|
import org.keycloak.events.EventStoreProvider;
|
||||||
|
@ -15,6 +30,7 @@ import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.util.JsonSerialization;
|
import org.keycloak.util.JsonSerialization;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
|
|
||||||
|
@ -22,7 +38,7 @@ import javax.ws.rs.core.UriInfo;
|
||||||
|
|
||||||
public class AdminEventBuilder {
|
public class AdminEventBuilder {
|
||||||
|
|
||||||
private static final Logger log = Logger.getLogger(AdminEventBuilder.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private EventStoreProvider store;
|
private EventStoreProvider store;
|
||||||
private List<EventListenerProvider> listeners;
|
private List<EventListenerProvider> listeners;
|
||||||
|
@ -38,7 +54,7 @@ public class AdminEventBuilder {
|
||||||
if (store != null) {
|
if (store != null) {
|
||||||
this.store = store;
|
this.store = store;
|
||||||
} else {
|
} else {
|
||||||
log.error("Admin Events enabled, but no event store provider configured");
|
logger.noEventStoreProvider();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -49,7 +65,7 @@ public class AdminEventBuilder {
|
||||||
if (listener != null) {
|
if (listener != null) {
|
||||||
listeners.add(listener);
|
listeners.add(listener);
|
||||||
} else {
|
} else {
|
||||||
log.error("Event listener '" + id + "' registered, but provider not found");
|
logger.providerNotFound(id);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -199,7 +215,7 @@ public class AdminEventBuilder {
|
||||||
try {
|
try {
|
||||||
store.onEvent(adminEvent, includeRepresentation);
|
store.onEvent(adminEvent, includeRepresentation);
|
||||||
} catch (Throwable t) {
|
} catch (Throwable t) {
|
||||||
log.error("Failed to save event", t);
|
logger.failedToSaveEvent(t);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -208,7 +224,7 @@ public class AdminEventBuilder {
|
||||||
try {
|
try {
|
||||||
l.onEvent(adminEvent, includeRepresentation);
|
l.onEvent(adminEvent, includeRepresentation);
|
||||||
} catch (Throwable t) {
|
} catch (Throwable t) {
|
||||||
log.error("Failed to send type to " + l, t);
|
logger.failedToSendType(t, l);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.HttpResponse;
|
import org.jboss.resteasy.spi.HttpResponse;
|
||||||
import org.jboss.resteasy.spi.NoLogWebApplicationException;
|
import org.jboss.resteasy.spi.NoLogWebApplicationException;
|
||||||
|
@ -17,6 +32,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.protocol.oidc.TokenManager;
|
import org.keycloak.protocol.oidc.TokenManager;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.services.ForbiddenException;
|
import org.keycloak.services.ForbiddenException;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.AppAuthManager;
|
import org.keycloak.services.managers.AppAuthManager;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
@ -40,7 +56,7 @@ import javax.ws.rs.core.UriInfo;
|
||||||
*/
|
*/
|
||||||
@Path("/admin")
|
@Path("/admin")
|
||||||
public class AdminRoot {
|
public class AdminRoot {
|
||||||
protected static final Logger logger = Logger.getLogger(AdminRoot.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
protected UriInfo uriInfo;
|
protected UriInfo uriInfo;
|
||||||
|
@ -189,7 +205,7 @@ public class AdminRoot {
|
||||||
}
|
}
|
||||||
|
|
||||||
Cors.add(request).allowedOrigins(auth.getToken()).allowedMethods("GET", "PUT", "POST", "DELETE").auth().build(response);
|
Cors.add(request).allowedOrigins(auth.getToken()).allowedMethods("GET", "PUT", "POST", "DELETE").auth().build(response);
|
||||||
|
|
||||||
RealmsAdminResource adminResource = new RealmsAdminResource(auth, tokenManager);
|
RealmsAdminResource adminResource = new RealmsAdminResource(auth, tokenManager);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(adminResource);
|
ResteasyProviderFactory.getInstance().injectProperties(adminResource);
|
||||||
return adminResource;
|
return adminResource;
|
||||||
|
|
|
@ -1,12 +1,28 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
import org.keycloak.events.admin.OperationType;
|
import org.keycloak.events.admin.OperationType;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UsernameLoginFailureModel;
|
import org.keycloak.models.UsernameLoginFailureModel;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.BruteForceProtector;
|
import org.keycloak.services.managers.BruteForceProtector;
|
||||||
|
|
||||||
import javax.ws.rs.DELETE;
|
import javax.ws.rs.DELETE;
|
||||||
|
@ -28,7 +44,7 @@ import java.util.Map;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class AttackDetectionResource {
|
public class AttackDetectionResource {
|
||||||
protected static final Logger logger = Logger.getLogger(AttackDetectionResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
protected RealmAuth auth;
|
protected RealmAuth auth;
|
||||||
protected RealmModel realm;
|
protected RealmModel realm;
|
||||||
private AdminEventBuilder adminEvent;
|
private AdminEventBuilder adminEvent;
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.BadRequestException;
|
import org.jboss.resteasy.spi.BadRequestException;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
|
@ -23,6 +38,7 @@ import org.keycloak.provider.ProviderConfigProperty;
|
||||||
import org.keycloak.provider.ProviderFactory;
|
import org.keycloak.provider.ProviderFactory;
|
||||||
import org.keycloak.representations.idm.ConfigPropertyRepresentation;
|
import org.keycloak.representations.idm.ConfigPropertyRepresentation;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.utils.CredentialHelper;
|
import org.keycloak.utils.CredentialHelper;
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
|
@ -57,7 +73,7 @@ public class AuthenticationManagementResource {
|
||||||
@Context
|
@Context
|
||||||
private UriInfo uriInfo;
|
private UriInfo uriInfo;
|
||||||
|
|
||||||
private static Logger logger = Logger.getLogger(AuthenticationManagementResource.class);
|
private static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
public AuthenticationManagementResource(RealmModel realm, KeycloakSession session, RealmAuth auth, AdminEventBuilder adminEvent) {
|
public AuthenticationManagementResource(RealmModel realm, KeycloakSession session, RealmAuth auth, AdminEventBuilder adminEvent) {
|
||||||
this.realm = realm;
|
this.realm = realm;
|
||||||
|
@ -276,7 +292,7 @@ public class AuthenticationManagementResource {
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
public Response createFlow(AuthenticationFlowModel model) {
|
public Response createFlow(AuthenticationFlowModel model) {
|
||||||
this.auth.requireManage();
|
this.auth.requireManage();
|
||||||
|
|
||||||
if (model.getAlias() == null || model.getAlias().isEmpty()) {
|
if (model.getAlias() == null || model.getAlias().isEmpty()) {
|
||||||
return ErrorResponse.exists("Failed to create flow with empty alias name");
|
return ErrorResponse.exists("Failed to create flow with empty alias name");
|
||||||
}
|
}
|
||||||
|
@ -715,12 +731,12 @@ public class AuthenticationManagementResource {
|
||||||
if (parentFlow.isBuiltIn()) {
|
if (parentFlow.isBuiltIn()) {
|
||||||
throw new BadRequestException("It is illegal to remove execution from a built in flow");
|
throw new BadRequestException("It is illegal to remove execution from a built in flow");
|
||||||
}
|
}
|
||||||
|
|
||||||
if(model.getFlowId() != null) {
|
if(model.getFlowId() != null) {
|
||||||
AuthenticationFlowModel nonTopLevelFlow = realm.getAuthenticationFlowById(model.getFlowId());
|
AuthenticationFlowModel nonTopLevelFlow = realm.getAuthenticationFlowById(model.getFlowId());
|
||||||
realm.removeAuthenticationFlow(nonTopLevelFlow);
|
realm.removeAuthenticationFlow(nonTopLevelFlow);
|
||||||
}
|
}
|
||||||
|
|
||||||
realm.removeAuthenticatorExecution(model);
|
realm.removeAuthenticatorExecution(model);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.BadRequestException;
|
import org.jboss.resteasy.spi.BadRequestException;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
|
@ -23,6 +38,7 @@ import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
import org.keycloak.representations.idm.UserSessionRepresentation;
|
import org.keycloak.representations.idm.UserSessionRepresentation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.clientregistration.ClientRegistrationTokenUtils;
|
import org.keycloak.services.clientregistration.ClientRegistrationTokenUtils;
|
||||||
import org.keycloak.services.managers.ClientManager;
|
import org.keycloak.services.managers.ClientManager;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
@ -62,7 +78,7 @@ import static java.lang.Boolean.TRUE;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class ClientResource {
|
public class ClientResource {
|
||||||
protected static final Logger logger = Logger.getLogger(ClientResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
protected RealmModel realm;
|
protected RealmModel realm;
|
||||||
private RealmAuth auth;
|
private RealmAuth auth;
|
||||||
private AdminEventBuilder adminEvent;
|
private AdminEventBuilder adminEvent;
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.keycloak.events.admin.OperationType;
|
import org.keycloak.events.admin.OperationType;
|
||||||
|
@ -10,6 +25,7 @@ import org.keycloak.models.RoleMapperModel;
|
||||||
import org.keycloak.models.RoleModel;
|
import org.keycloak.models.RoleModel;
|
||||||
import org.keycloak.models.utils.ModelToRepresentation;
|
import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
import org.keycloak.representations.idm.RoleRepresentation;
|
import org.keycloak.representations.idm.RoleRepresentation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.DELETE;
|
import javax.ws.rs.DELETE;
|
||||||
|
@ -30,7 +46,7 @@ import java.util.Set;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class ClientRoleMappingsResource {
|
public class ClientRoleMappingsResource {
|
||||||
protected static final Logger logger = Logger.getLogger(ClientRoleMappingsResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
protected RealmModel realm;
|
protected RealmModel realm;
|
||||||
protected RealmAuth auth;
|
protected RealmAuth auth;
|
||||||
|
|
20
services/src/main/java/org/keycloak/services/resources/admin/ClientTemplateResource.java
Executable file → Normal file
20
services/src/main/java/org/keycloak/services/resources/admin/ClientTemplateResource.java
Executable file → Normal file
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
import org.keycloak.events.admin.OperationType;
|
import org.keycloak.events.admin.OperationType;
|
||||||
|
@ -12,6 +27,7 @@ import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
import org.keycloak.models.utils.RepresentationToModel;
|
import org.keycloak.models.utils.RepresentationToModel;
|
||||||
import org.keycloak.representations.idm.ClientTemplateRepresentation;
|
import org.keycloak.representations.idm.ClientTemplateRepresentation;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.resources.KeycloakApplication;
|
import org.keycloak.services.resources.KeycloakApplication;
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
|
@ -33,7 +49,7 @@ import javax.ws.rs.core.UriInfo;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class ClientTemplateResource {
|
public class ClientTemplateResource {
|
||||||
protected static final Logger logger = Logger.getLogger(ClientTemplateResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
protected RealmModel realm;
|
protected RealmModel realm;
|
||||||
private RealmAuth auth;
|
private RealmAuth auth;
|
||||||
private AdminEventBuilder adminEvent;
|
private AdminEventBuilder adminEvent;
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
|
@ -13,6 +28,7 @@ import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
import org.keycloak.models.utils.RepresentationToModel;
|
import org.keycloak.models.utils.RepresentationToModel;
|
||||||
import org.keycloak.representations.idm.ClientTemplateRepresentation;
|
import org.keycloak.representations.idm.ClientTemplateRepresentation;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
|
@ -34,7 +50,7 @@ import java.util.List;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class ClientTemplatesResource {
|
public class ClientTemplatesResource {
|
||||||
protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
protected RealmModel realm;
|
protected RealmModel realm;
|
||||||
private RealmAuth auth;
|
private RealmAuth auth;
|
||||||
private AdminEventBuilder adminEvent;
|
private AdminEventBuilder adminEvent;
|
||||||
|
@ -46,7 +62,7 @@ public class ClientTemplatesResource {
|
||||||
this.realm = realm;
|
this.realm = realm;
|
||||||
this.auth = auth;
|
this.auth = auth;
|
||||||
this.adminEvent = adminEvent;
|
this.adminEvent = adminEvent;
|
||||||
|
|
||||||
auth.init(RealmAuth.Resource.CLIENT);
|
auth.init(RealmAuth.Resource.CLIENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -96,9 +112,9 @@ public class ClientTemplatesResource {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
ClientTemplateModel clientModel = RepresentationToModel.createClientTemplate(session, realm, rep);
|
ClientTemplateModel clientModel = RepresentationToModel.createClientTemplate(session, realm, rep);
|
||||||
|
|
||||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success();
|
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success();
|
||||||
|
|
||||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
|
return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
|
||||||
} catch (ModelDuplicateException e) {
|
} catch (ModelDuplicateException e) {
|
||||||
return ErrorResponse.exists("Client Template " + rep.getName() + " already exists");
|
return ErrorResponse.exists("Client Template " + rep.getName() + " already exists");
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
|
@ -12,6 +27,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.utils.ModelToRepresentation;
|
import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.ClientManager;
|
import org.keycloak.services.managers.ClientManager;
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
|
@ -35,11 +51,11 @@ import java.util.List;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class ClientsResource {
|
public class ClientsResource {
|
||||||
protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
protected RealmModel realm;
|
protected RealmModel realm;
|
||||||
private RealmAuth auth;
|
private RealmAuth auth;
|
||||||
private AdminEventBuilder adminEvent;
|
private AdminEventBuilder adminEvent;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
protected KeycloakSession session;
|
protected KeycloakSession session;
|
||||||
|
|
||||||
|
@ -47,7 +63,7 @@ public class ClientsResource {
|
||||||
this.realm = realm;
|
this.realm = realm;
|
||||||
this.auth = auth;
|
this.auth = auth;
|
||||||
this.adminEvent = adminEvent;
|
this.adminEvent = adminEvent;
|
||||||
|
|
||||||
auth.init(RealmAuth.Resource.CLIENT);
|
auth.init(RealmAuth.Resource.CLIENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -96,9 +112,9 @@ public class ClientsResource {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
ClientModel clientModel = ClientManager.createClient(session, realm, rep, true);
|
ClientModel clientModel = ClientManager.createClient(session, realm, rep, true);
|
||||||
|
|
||||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success();
|
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success();
|
||||||
|
|
||||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
|
return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
|
||||||
} catch (ModelDuplicateException e) {
|
} catch (ModelDuplicateException e) {
|
||||||
return ErrorResponse.exists("Client " + rep.getClientId() + " already exists");
|
return ErrorResponse.exists("Client " + rep.getClientId() + " already exists");
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
|
@ -36,8 +51,6 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
public class GroupResource {
|
public class GroupResource {
|
||||||
|
|
||||||
private static Logger logger = Logger.getLogger(GroupResource.class);
|
|
||||||
|
|
||||||
private final RealmModel realm;
|
private final RealmModel realm;
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
private final RealmAuth auth;
|
private final RealmAuth auth;
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
|
@ -28,8 +43,6 @@ import java.util.List;
|
||||||
*/
|
*/
|
||||||
public class GroupsResource {
|
public class GroupsResource {
|
||||||
|
|
||||||
private static Logger logger = Logger.getLogger(GroupsResource.class);
|
|
||||||
|
|
||||||
private final RealmModel realm;
|
private final RealmModel realm;
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
private final RealmAuth auth;
|
private final RealmAuth auth;
|
||||||
|
|
20
services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
Executable file → Normal file
20
services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
Executable file → Normal file
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.keycloak.broker.provider.IdentityProvider;
|
import org.keycloak.broker.provider.IdentityProvider;
|
||||||
|
@ -24,6 +39,7 @@ import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
|
||||||
import org.keycloak.representations.idm.IdentityProviderMapperTypeRepresentation;
|
import org.keycloak.representations.idm.IdentityProviderMapperTypeRepresentation;
|
||||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.broker.social.SocialIdentityProvider;
|
import org.keycloak.broker.social.SocialIdentityProvider;
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
|
@ -51,7 +67,7 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public class IdentityProviderResource {
|
public class IdentityProviderResource {
|
||||||
|
|
||||||
private static Logger logger = Logger.getLogger(IdentityProviderResource.class);
|
private static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private final RealmAuth auth;
|
private final RealmAuth auth;
|
||||||
private final RealmModel realm;
|
private final RealmModel realm;
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.keycloak.events.admin.OperationType;
|
import org.keycloak.events.admin.OperationType;
|
||||||
|
@ -12,6 +27,7 @@ import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
import org.keycloak.models.utils.RepresentationToModel;
|
import org.keycloak.models.utils.RepresentationToModel;
|
||||||
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
|
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.DELETE;
|
import javax.ws.rs.DELETE;
|
||||||
|
@ -36,12 +52,12 @@ import java.util.List;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class ProtocolMappersResource {
|
public class ProtocolMappersResource {
|
||||||
protected static final Logger logger = Logger.getLogger(ProtocolMappersResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
protected ProtocolMapperContainerModel client;
|
protected ProtocolMapperContainerModel client;
|
||||||
|
|
||||||
protected RealmAuth auth;
|
protected RealmAuth auth;
|
||||||
|
|
||||||
protected AdminEventBuilder adminEvent;
|
protected AdminEventBuilder adminEvent;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
|
|
20
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
Executable file → Normal file
20
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
Executable file → Normal file
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.BadRequestException;
|
import org.jboss.resteasy.spi.BadRequestException;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
|
@ -38,6 +53,7 @@ import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.LDAPConnectionTestManager;
|
import org.keycloak.services.managers.LDAPConnectionTestManager;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.managers.ResourceAdminManager;
|
import org.keycloak.services.managers.ResourceAdminManager;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.UsersSyncManager;
|
import org.keycloak.services.managers.UsersSyncManager;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
import org.keycloak.timer.TimerProvider;
|
import org.keycloak.timer.TimerProvider;
|
||||||
|
@ -75,7 +91,7 @@ import org.keycloak.representations.idm.PartialImportRepresentation;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class RealmAdminResource {
|
public class RealmAdminResource {
|
||||||
protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
protected RealmAuth auth;
|
protected RealmAuth auth;
|
||||||
protected RealmModel realm;
|
protected RealmModel realm;
|
||||||
private TokenManager tokenManager;
|
private TokenManager tokenManager;
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
|
@ -18,6 +33,7 @@ import org.keycloak.services.ForbiddenException;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.resources.KeycloakApplication;
|
import org.keycloak.services.resources.KeycloakApplication;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
|
@ -43,16 +59,16 @@ import java.util.List;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class RealmsAdminResource {
|
public class RealmsAdminResource {
|
||||||
protected static final Logger logger = Logger.getLogger(RealmsAdminResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
protected AdminAuth auth;
|
protected AdminAuth auth;
|
||||||
protected TokenManager tokenManager;
|
protected TokenManager tokenManager;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
protected KeycloakSession session;
|
protected KeycloakSession session;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
protected KeycloakApplication keycloak;
|
protected KeycloakApplication keycloak;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
protected ClientConnection clientConnection;
|
protected ClientConnection clientConnection;
|
||||||
|
|
||||||
|
@ -132,7 +148,7 @@ public class RealmsAdminResource {
|
||||||
|
|
||||||
URI location = AdminRoot.realmsUrl(uriInfo).path(realm.getName()).build();
|
URI location = AdminRoot.realmsUrl(uriInfo).path(realm.getName()).build();
|
||||||
logger.debugv("imported realm success, sending back: {0}", location.toString());
|
logger.debugv("imported realm success, sending back: {0}", location.toString());
|
||||||
|
|
||||||
return Response.created(location).build();
|
return Response.created(location).build();
|
||||||
} catch (ModelDuplicateException e) {
|
} catch (ModelDuplicateException e) {
|
||||||
return ErrorResponse.exists("Realm " + rep.getRealm() + " already exists");
|
return ErrorResponse.exists("Realm " + rep.getRealm() + " already exists");
|
||||||
|
@ -177,7 +193,7 @@ public class RealmsAdminResource {
|
||||||
} else {
|
} else {
|
||||||
realmAuth = new RealmAuth(auth, realm.getClientByClientId(realmManager.getRealmAdminClientId(auth.getRealm())));
|
realmAuth = new RealmAuth(auth, realm.getClientByClientId(realmManager.getRealmAdminClientId(auth.getRealm())));
|
||||||
}
|
}
|
||||||
|
|
||||||
AdminEventBuilder adminEvent = new AdminEventBuilder(realm, auth, session, clientConnection);
|
AdminEventBuilder adminEvent = new AdminEventBuilder(realm, auth, session, clientConnection);
|
||||||
session.getContext().setRealm(realm);
|
session.getContext().setRealm(realm);
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.keycloak.events.admin.OperationType;
|
import org.keycloak.events.admin.OperationType;
|
||||||
|
@ -10,6 +25,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.RoleModel;
|
import org.keycloak.models.RoleModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.representations.idm.RoleRepresentation;
|
import org.keycloak.representations.idm.RoleRepresentation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.DELETE;
|
import javax.ws.rs.DELETE;
|
||||||
|
@ -33,7 +49,7 @@ import java.util.Set;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class RoleByIdResource extends RoleResource {
|
public class RoleByIdResource extends RoleResource {
|
||||||
protected static final Logger logger = Logger.getLogger(RoleByIdResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
private final RealmModel realm;
|
private final RealmModel realm;
|
||||||
private final RealmAuth auth;
|
private final RealmAuth auth;
|
||||||
private AdminEventBuilder adminEvent;
|
private AdminEventBuilder adminEvent;
|
||||||
|
@ -226,7 +242,7 @@ public class RoleByIdResource extends RoleResource {
|
||||||
RoleModel role = getRoleModel(id);
|
RoleModel role = getRoleModel(id);
|
||||||
auth.requireManage();
|
auth.requireManage();
|
||||||
deleteComposites(roles, role);
|
deleteComposites(roles, role);
|
||||||
|
|
||||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
|
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
20
services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java
Executable file → Normal file
20
services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java
Executable file → Normal file
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.keycloak.common.ClientConnection;
|
import org.keycloak.common.ClientConnection;
|
||||||
|
@ -14,6 +29,7 @@ import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
import org.keycloak.representations.idm.ClientMappingsRepresentation;
|
import org.keycloak.representations.idm.ClientMappingsRepresentation;
|
||||||
import org.keycloak.representations.idm.MappingsRepresentation;
|
import org.keycloak.representations.idm.MappingsRepresentation;
|
||||||
import org.keycloak.representations.idm.RoleRepresentation;
|
import org.keycloak.representations.idm.RoleRepresentation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
|
@ -40,7 +56,7 @@ import java.util.Set;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class RoleMapperResource {
|
public class RoleMapperResource {
|
||||||
protected static final Logger logger = Logger.getLogger(RoleMapperResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
protected RealmModel realm;
|
protected RealmModel realm;
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,19 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
@ -21,7 +37,6 @@ import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.UriInfo;
|
import javax.ws.rs.core.UriInfo;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.keycloak.events.admin.OperationType;
|
import org.keycloak.events.admin.OperationType;
|
||||||
|
@ -46,6 +61,7 @@ import org.keycloak.representations.idm.UserFederationMapperRepresentation;
|
||||||
import org.keycloak.representations.idm.UserFederationMapperTypeRepresentation;
|
import org.keycloak.representations.idm.UserFederationMapperTypeRepresentation;
|
||||||
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
|
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
|
||||||
import org.keycloak.services.ErrorResponseException;
|
import org.keycloak.services.ErrorResponseException;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.UsersSyncManager;
|
import org.keycloak.services.managers.UsersSyncManager;
|
||||||
import org.keycloak.timer.TimerProvider;
|
import org.keycloak.timer.TimerProvider;
|
||||||
|
|
||||||
|
@ -54,7 +70,7 @@ import org.keycloak.timer.TimerProvider;
|
||||||
*/
|
*/
|
||||||
public class UserFederationProviderResource {
|
public class UserFederationProviderResource {
|
||||||
|
|
||||||
protected static final Logger logger = Logger.getLogger(UserFederationProviderResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
private final RealmModel realm;
|
private final RealmModel realm;
|
||||||
|
@ -93,7 +109,7 @@ public class UserFederationProviderResource {
|
||||||
new UsersSyncManager().refreshPeriodicSyncForProvider(session.getKeycloakSessionFactory(), session.getProvider(TimerProvider.class), model, realm.getId());
|
new UsersSyncManager().refreshPeriodicSyncForProvider(session.getKeycloakSessionFactory(), session.getProvider(TimerProvider.class), model, realm.getId());
|
||||||
boolean kerberosCredsAdded = UserFederationProvidersResource.checkKerberosCredential(session, realm, model);
|
boolean kerberosCredsAdded = UserFederationProvidersResource.checkKerberosCredential(session, realm, model);
|
||||||
if (kerberosCredsAdded) {
|
if (kerberosCredsAdded) {
|
||||||
logger.info("Added 'kerberos' to required realm credentials");
|
logger.addedKerberosToRealmCredentials();
|
||||||
}
|
}
|
||||||
|
|
||||||
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
|
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
|
||||||
|
@ -335,7 +351,7 @@ public class UserFederationProviderResource {
|
||||||
UserFederationProviderFactory providerFactory = (UserFederationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, providerModel.getProviderName());
|
UserFederationProviderFactory providerFactory = (UserFederationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, providerModel.getProviderName());
|
||||||
UserFederationProvider federationProvider = providerFactory.getInstance(session, providerModel);
|
UserFederationProvider federationProvider = providerFactory.getInstance(session, providerModel);
|
||||||
|
|
||||||
logger.infof("Syncing data for mapper '%s' of type '%s'. Direction: %s", mapperModel.getName(), mapperModel.getFederationMapperType(), direction);
|
logger.syncingDataForMapper(mapperModel.getName(), mapperModel.getFederationMapperType(), direction);
|
||||||
|
|
||||||
UserFederationSyncResult syncResult;
|
UserFederationSyncResult syncResult;
|
||||||
if ("fedToKeycloak".equals(direction)) {
|
if ("fedToKeycloak".equals(direction)) {
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
|
@ -20,6 +35,7 @@ import org.keycloak.representations.idm.ConfigPropertyRepresentation;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
import org.keycloak.representations.idm.UserFederationProviderFactoryRepresentation;
|
import org.keycloak.representations.idm.UserFederationProviderFactoryRepresentation;
|
||||||
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
|
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.managers.UsersSyncManager;
|
import org.keycloak.services.managers.UsersSyncManager;
|
||||||
import org.keycloak.timer.TimerProvider;
|
import org.keycloak.timer.TimerProvider;
|
||||||
import org.keycloak.utils.CredentialHelper;
|
import org.keycloak.utils.CredentialHelper;
|
||||||
|
@ -46,12 +62,12 @@ import java.util.List;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class UserFederationProvidersResource {
|
public class UserFederationProvidersResource {
|
||||||
protected static final Logger logger = Logger.getLogger(UserFederationProvidersResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
protected RealmModel realm;
|
protected RealmModel realm;
|
||||||
|
|
||||||
protected RealmAuth auth;
|
protected RealmAuth auth;
|
||||||
|
|
||||||
protected AdminEventBuilder adminEvent;
|
protected AdminEventBuilder adminEvent;
|
||||||
|
|
||||||
@Context
|
@Context
|
||||||
|
@ -64,7 +80,7 @@ public class UserFederationProvidersResource {
|
||||||
this.auth = auth;
|
this.auth = auth;
|
||||||
this.realm = realm;
|
this.realm = realm;
|
||||||
this.adminEvent = adminEvent;
|
this.adminEvent = adminEvent;
|
||||||
|
|
||||||
auth.init(RealmAuth.Resource.USER);
|
auth.init(RealmAuth.Resource.USER);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -165,10 +181,10 @@ public class UserFederationProvidersResource {
|
||||||
new UsersSyncManager().refreshPeriodicSyncForProvider(session.getKeycloakSessionFactory(), session.getProvider(TimerProvider.class), model, realm.getId());
|
new UsersSyncManager().refreshPeriodicSyncForProvider(session.getKeycloakSessionFactory(), session.getProvider(TimerProvider.class), model, realm.getId());
|
||||||
boolean kerberosCredsAdded = checkKerberosCredential(session, realm, model);
|
boolean kerberosCredsAdded = checkKerberosCredential(session, realm, model);
|
||||||
if (kerberosCredsAdded) {
|
if (kerberosCredsAdded) {
|
||||||
logger.info("Added 'kerberos' to required realm credentials");
|
logger.addedKerberosToRealmCredentials();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(rep).success();
|
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(rep).success();
|
||||||
|
|
||||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
|
return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.resources.admin;
|
package org.keycloak.services.resources.admin;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.BadRequestException;
|
import org.jboss.resteasy.spi.BadRequestException;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
|
@ -43,6 +58,7 @@ import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.ClientSessionCode;
|
import org.keycloak.services.managers.ClientSessionCode;
|
||||||
import org.keycloak.services.managers.UserManager;
|
import org.keycloak.services.managers.UserManager;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
import org.keycloak.services.Urls;
|
import org.keycloak.services.Urls;
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
|
@ -85,7 +101,7 @@ import org.keycloak.common.util.Time;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class UsersResource {
|
public class UsersResource {
|
||||||
protected static final Logger logger = Logger.getLogger(UsersResource.class);
|
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
protected RealmModel realm;
|
protected RealmModel realm;
|
||||||
|
|
||||||
|
@ -804,7 +820,7 @@ public class UsersResource {
|
||||||
|
|
||||||
return Response.ok().build();
|
return Response.ok().build();
|
||||||
} catch (EmailException e) {
|
} catch (EmailException e) {
|
||||||
logger.error("Failed to send execute actions email", e);
|
logger.failedToSendActionsEmail(e);
|
||||||
return ErrorResponse.error("Failed to send execute actions email", Response.Status.INTERNAL_SERVER_ERROR);
|
return ErrorResponse.error("Failed to send execute actions email", Response.Status.INTERNAL_SERVER_ERROR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
package org.keycloak.services.scheduled;
|
package org.keycloak.services.scheduled;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
|
import org.keycloak.services.ServicesLogger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
*/
|
*/
|
||||||
public class ScheduledTaskRunner implements Runnable {
|
public class ScheduledTaskRunner implements Runnable {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(ScheduledTaskRunner.class);
|
private static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||||
|
|
||||||
private final KeycloakSessionFactory sessionFactory;
|
private final KeycloakSessionFactory sessionFactory;
|
||||||
private final ScheduledTask task;
|
private final ScheduledTask task;
|
||||||
|
@ -29,14 +29,14 @@ public class ScheduledTaskRunner implements Runnable {
|
||||||
|
|
||||||
logger.debug("Executed scheduled task " + task.getClass().getSimpleName());
|
logger.debug("Executed scheduled task " + task.getClass().getSimpleName());
|
||||||
} catch (Throwable t) {
|
} catch (Throwable t) {
|
||||||
logger.error("Failed to run scheduled task " + task.getClass().getSimpleName(), t);
|
logger.failedToRunScheduledTask(t, task.getClass().getSimpleName());
|
||||||
|
|
||||||
session.getTransaction().rollback();
|
session.getTransaction().rollback();
|
||||||
} finally {
|
} finally {
|
||||||
try {
|
try {
|
||||||
session.close();
|
session.close();
|
||||||
} catch (Throwable t) {
|
} catch (Throwable t) {
|
||||||
logger.error("Failed to close ProviderSession", t);
|
logger.failedToCloseProviderSession(t);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,77 @@
|
||||||
|
package org.keycloak.social.microsoft;
|
||||||
|
|
||||||
|
import java.net.URLEncoder;
|
||||||
|
|
||||||
|
import org.jboss.logging.Logger;
|
||||||
|
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
|
||||||
|
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
|
||||||
|
import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
|
||||||
|
import org.keycloak.broker.oidc.util.JsonSimpleHttp;
|
||||||
|
import org.keycloak.broker.provider.BrokeredIdentityContext;
|
||||||
|
import org.keycloak.broker.provider.IdentityBrokerException;
|
||||||
|
import org.keycloak.broker.provider.util.SimpleHttp;
|
||||||
|
import org.keycloak.broker.social.SocialIdentityProvider;
|
||||||
|
|
||||||
|
import com.fasterxml.jackson.databind.JsonNode;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* Identity provider for Microsoft account. Uses OAuth 2 protocol of Windows Live Services as documented at <a href="https://msdn.microsoft.com/en-us/library/hh243647.aspx">https://msdn.microsoft.com/en-us/library/hh243647.aspx</a>
|
||||||
|
*
|
||||||
|
* @author Vlastimil Elias (velias at redhat dot com)
|
||||||
|
*/
|
||||||
|
public class MicrosoftIdentityProvider extends AbstractOAuth2IdentityProvider implements SocialIdentityProvider {
|
||||||
|
|
||||||
|
private static final Logger log = Logger.getLogger(MicrosoftIdentityProvider.class);
|
||||||
|
|
||||||
|
public static final String AUTH_URL = "https://login.live.com/oauth20_authorize.srf";
|
||||||
|
public static final String TOKEN_URL = "https://login.live.com/oauth20_token.srf";
|
||||||
|
public static final String PROFILE_URL = "https://apis.live.net/v5.0/me";
|
||||||
|
public static final String DEFAULT_SCOPE = "wl.basic,wl.emails";
|
||||||
|
|
||||||
|
public MicrosoftIdentityProvider(OAuth2IdentityProviderConfig config) {
|
||||||
|
super(config);
|
||||||
|
config.setAuthorizationUrl(AUTH_URL);
|
||||||
|
config.setTokenUrl(TOKEN_URL);
|
||||||
|
config.setUserInfoUrl(PROFILE_URL);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
|
||||||
|
try {
|
||||||
|
String URL = PROFILE_URL + "?access_token=" + URLEncoder.encode(accessToken, "UTF-8");
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Microsoft Live user profile request to: " + URL);
|
||||||
|
}
|
||||||
|
JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL));
|
||||||
|
|
||||||
|
String id = getJsonProperty(profile, "id");
|
||||||
|
|
||||||
|
String email = null;
|
||||||
|
if (profile.has("emails")) {
|
||||||
|
email = getJsonProperty(profile.get("emails"), "preferred");
|
||||||
|
}
|
||||||
|
|
||||||
|
BrokeredIdentityContext user = new BrokeredIdentityContext(id);
|
||||||
|
|
||||||
|
user.setUsername(email != null ? email : id);
|
||||||
|
user.setFirstName(getJsonProperty(profile, "first_name"));
|
||||||
|
user.setLastName(getJsonProperty(profile, "last_name"));
|
||||||
|
if (email != null)
|
||||||
|
user.setEmail(email);
|
||||||
|
user.setIdpConfig(getConfig());
|
||||||
|
user.setIdp(this);
|
||||||
|
|
||||||
|
AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
|
||||||
|
|
||||||
|
return user;
|
||||||
|
} catch (Exception e) {
|
||||||
|
throw new IdentityBrokerException("Could not obtain user profile from Microsoft Live ID.", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected String getDefaultScopes() {
|
||||||
|
return DEFAULT_SCOPE;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,46 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source
|
||||||
|
*
|
||||||
|
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.keycloak.social.microsoft;
|
||||||
|
|
||||||
|
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
|
||||||
|
import org.keycloak.broker.provider.AbstractIdentityProviderFactory;
|
||||||
|
import org.keycloak.broker.social.SocialIdentityProviderFactory;
|
||||||
|
import org.keycloak.models.IdentityProviderModel;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Vlastimil Elias (velias at redhat dot com)
|
||||||
|
*/
|
||||||
|
public class MicrosoftIdentityProviderFactory extends AbstractIdentityProviderFactory<MicrosoftIdentityProvider> implements SocialIdentityProviderFactory<MicrosoftIdentityProvider> {
|
||||||
|
|
||||||
|
public static final String PROVIDER_ID = "microsoft";
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getName() {
|
||||||
|
return "Microsoft";
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public MicrosoftIdentityProvider create(IdentityProviderModel model) {
|
||||||
|
return new MicrosoftIdentityProvider(new OAuth2IdentityProviderConfig(model));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getId() {
|
||||||
|
return PROVIDER_ID;
|
||||||
|
}
|
||||||
|
}
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue