realm import changes

This commit is contained in:
Bill Burke 2013-11-27 17:02:12 -05:00
parent cac394627e
commit 799df520b8
9 changed files with 132 additions and 107 deletions

View file

@ -17,8 +17,6 @@ public class ApplicationRepresentation {
protected List<CredentialRepresentation> credentials;
protected List<RoleRepresentation> roles;
protected String[] defaultRoles;
protected List<UserRoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings;
protected List<String> redirectUris;
protected List<String> webOrigins;
@ -83,30 +81,6 @@ public class ApplicationRepresentation {
return this;
}
public List<UserRoleMappingRepresentation> getRoleMappings() {
return roleMappings;
}
public UserRoleMappingRepresentation roleMapping(String username) {
UserRoleMappingRepresentation mapping = new UserRoleMappingRepresentation();
mapping.setUsername(username);
if (roleMappings == null) roleMappings = new ArrayList<UserRoleMappingRepresentation>();
roleMappings.add(mapping);
return mapping;
}
public List<ScopeMappingRepresentation> getScopeMappings() {
return scopeMappings;
}
public ScopeMappingRepresentation scopeMapping(String username) {
ScopeMappingRepresentation mapping = new ScopeMappingRepresentation();
mapping.setUsername(username);
if (scopeMappings == null) scopeMappings = new ArrayList<ScopeMappingRepresentation>();
scopeMappings.add(mapping);
return mapping;
}
public String getAdminUrl() {
return adminUrl;
}

View file

@ -35,6 +35,8 @@ public class RealmRepresentation {
protected List<UserRepresentation> users;
protected List<UserRoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings;
protected Map<String, List<UserRoleMappingRepresentation>> applicationRoleMappings;
protected Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings;
protected List<SocialMappingRepresentation> socialMappings;
protected List<ApplicationRepresentation> applications;
protected List<OAuthClientRepresentation> oauthClients;
@ -308,4 +310,20 @@ public class RealmRepresentation {
public void setOauthClients(List<OAuthClientRepresentation> oauthClients) {
this.oauthClients = oauthClients;
}
public Map<String, List<UserRoleMappingRepresentation>> getApplicationRoleMappings() {
return applicationRoleMappings;
}
public void setApplicationRoleMappings(Map<String, List<UserRoleMappingRepresentation>> applicationRoleMappings) {
this.applicationRoleMappings = applicationRoleMappings;
}
public Map<String, List<ScopeMappingRepresentation>> getApplicationScopeMappings() {
return applicationScopeMappings;
}
public void setApplicationScopeMappings(Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings) {
this.applicationScopeMappings = applicationScopeMappings;
}
}

View file

@ -8,8 +8,9 @@
<%
String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout")
.queryParam("redirect_uri", "http://localhost:8080/customer-portal").build().toString();
String acctUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/account").build().toString();
%>
<p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a></p>
<p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
User <b><%=request.getUserPrincipal().getName()%></b> made this request.
<h2>Customer Listing</h2>
<%

View file

@ -8,9 +8,10 @@
<%
String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout")
.queryParam("redirect_uri", "http://localhost:8080/product-portal").build().toString();
String acctUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/account").build().toString();
%>
<p>Goto: <a href="http://localhost:8080/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a></p>
<p>Goto: <a href="http://localhost:8080/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
User <b><%=request.getUserPrincipal().getName()%></b> made this request.
<h2>Product Listing</h2>
<%

View file

@ -1,9 +1,10 @@
{
"realm": "demo",
"enabled": true,
"tokenLifespan": 300,
"tokenLifespan": 3000,
"accessCodeLifespan": 10,
"accessCodeLifespanUserAction": 600,
"accessCodeLifespanUserAction": 6000,
"accountManagement": true,
"sslNotRequired": true,
"cookieLoginAllowed": true,
"registrationAllowed": true,
@ -94,6 +95,14 @@
}
]
}
]
],
"applicationRoleMappings": {
"Account": [
{
"username": "bburke@redhat.com",
"roles": ["manage-account"]
}
]
}
}

View file

@ -90,32 +90,31 @@ public class ApplicationManager {
return applicationModel;
}
public void createMappings(RealmModel realm, ApplicationRepresentation resourceRep, ApplicationModel applicationModel) {
if (resourceRep.getRoleMappings() != null) {
for (UserRoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
UserModel user = realm.getUser(mapping.getUsername());
if (user == null) {
throw new RuntimeException("User not found");
}
for (String roleString : mapping.getRoles()) {
RoleModel role = applicationModel.getRole(roleString.trim());
if (role == null) {
role = applicationModel.addRole(roleString.trim());
}
applicationModel.grantRole(user, role);
public void createRoleMappings(RealmModel realm, ApplicationModel applicationModel, List<UserRoleMappingRepresentation> mappings) {
for (UserRoleMappingRepresentation mapping : mappings) {
UserModel user = realm.getUser(mapping.getUsername());
if (user == null) {
throw new RuntimeException("User not found");
}
for (String roleString : mapping.getRoles()) {
RoleModel role = applicationModel.getRole(roleString.trim());
if (role == null) {
role = applicationModel.addRole(roleString.trim());
}
applicationModel.grantRole(user, role);
}
}
if (resourceRep.getScopeMappings() != null) {
for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
UserModel user = realm.getUser(mapping.getUsername());
for (String roleString : mapping.getRoles()) {
RoleModel role = applicationModel.getRole(roleString.trim());
if (role == null) {
role = applicationModel.addRole(roleString.trim());
}
applicationModel.addScopeMapping(user, role.getName());
}
public void createScopeMappings(RealmModel realm, ApplicationModel applicationModel, List<ScopeMappingRepresentation> mappings) {
for (ScopeMappingRepresentation mapping : mappings) {
UserModel user = realm.getUser(mapping.getUsername());
for (String roleString : mapping.getRoles()) {
RoleModel role = applicationModel.getRole(roleString.trim());
if (role == null) {
role = applicationModel.addRole(roleString.trim());
}
applicationModel.addScopeMapping(user, role.getName());
}
}
}

View file

@ -241,14 +241,12 @@ public class RealmManager {
}
}
Map<String, ApplicationModel> appMap = null;
if (rep.getApplications() != null) {
appMap = createApplications(rep, newRealm);
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
for (ApplicationModel app : appMap.values()) {
userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
}
}
if (rep.getOauthClients() != null) {
Map<String, OAuthClientModel> oauthMap = createOAuthClients(rep, newRealm);
for (OAuthClientModel app : oauthMap.values()) {
@ -257,17 +255,37 @@ public class RealmManager {
}
// Now that all possible users are created (users, apps, and oauth clients), do role mappings and scope mappings
if (rep.getAccountManagement() != null && rep.getAccountManagement()) {
enableAccountManagement(newRealm);
}
if (rep.getApplications() != null) {
// Now that all possible users and applications are created (users, apps, and oauth clients), do role mappings and scope mappings
Map<String, ApplicationModel> appMap = newRealm.getApplicationNameMap();
if (rep.getApplicationRoleMappings() != null) {
ApplicationManager manager = new ApplicationManager(this);
for (ApplicationRepresentation appRep : rep.getApplications()) {
ApplicationModel model = appMap.get(appRep.getName());
manager.createMappings(newRealm, appRep, model);
for (Map.Entry<String, List<UserRoleMappingRepresentation>> entry : rep.getApplicationRoleMappings().entrySet()) {
ApplicationModel app = appMap.get(entry.getKey());
if (app == null) {
throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
}
manager.createRoleMappings(newRealm, app, entry.getValue());
}
}
if (rep.getApplicationScopeMappings() != null) {
ApplicationManager manager = new ApplicationManager(this);
for (Map.Entry<String, List<ScopeMappingRepresentation>> entry : rep.getApplicationScopeMappings().entrySet()) {
ApplicationModel app = appMap.get(entry.getKey());
if (app == null) {
throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
}
manager.createScopeMappings(newRealm, app, entry.getValue());
}
}
if (rep.getRoleMappings() != null) {
for (UserRoleMappingRepresentation mapping : rep.getRoleMappings()) {
@ -306,10 +324,6 @@ public class RealmManager {
}
}
if (rep.getAccountManagement() != null && rep.getAccountManagement()) {
enableAccountManagement(newRealm);
}
if (rep.getSmtpServer() != null) {
newRealm.setSmtpConfig(new HashMap(rep.getSmtpServer()));
}

View file

@ -94,22 +94,6 @@
{
"name": "user"
}
],
"roleMappings": [
{
"username": "wburke",
"roles": ["user"]
},
{
"username": "admin",
"roles": ["admin"]
}
],
"scopeMappings": [
{
"username": "oauthclient",
"roles": ["user"]
}
]
},
{
@ -122,20 +106,41 @@
{
"name": "user"
}
],
"roleMappings": [
{
"username": "wburke",
"roles": ["user"]
},
{
"username": "admin",
"roles": ["admin"]
}
]
}
]
],
"applicationRoleMappings": {
"Application": [
{
"username": "wburke",
"roles": ["user"]
},
{
"username": "admin",
"roles": ["admin"]
}
],
"OtherApp": [
{
"username": "wburke",
"roles": ["user"]
},
{
"username": "admin",
"roles": ["admin"]
}
]
},
"applicationScopeMappings": {
"Application": [
{
"username": "oauthclient",
"roles": ["user"]
}
]
}
}

View file

@ -88,19 +88,23 @@
"name": "customer-admin",
"description": "Have Customer Admin privileges"
}
],
"roleMappings": [
{
"username": "test-user@localhost",
"roles": ["customer-user"]
}
],
"scopeMappings": [
{
"username": "third-party",
"roles": ["customer-user"]
}
]
}
]
}
],
"applicationRoleMappings": {
"test-app": [
{
"username": "test-user@localhost",
"roles": ["customer-user"]
}
]
},
"applicationScopeMappings": {
"test-app": [
{
"username": "third-party",
"roles": ["customer-user"]
}
]
}
}