refactoring for demo setup
This commit is contained in:
parent
f7b3f2998d
commit
79e6f46183
16 changed files with 503 additions and 314 deletions
101
examples/as7-eap-demo/server/pom.xml
Executable file
101
examples/as7-eap-demo/server/pom.xml
Executable file
|
@ -0,0 +1,101 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.0-alpha-1</version>
|
||||
<relativePath>../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.keycloak.example.as7.demo</groupId>
|
||||
<artifactId>keycloak-server</artifactId>
|
||||
<packaging>war</packaging>
|
||||
<name>Keycloak Demo</name>
|
||||
<description/>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-core</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-services</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.picketlink</groupId>
|
||||
<artifactId>picketlink-idm-api</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.picketlink</groupId>
|
||||
<artifactId>picketlink-idm-impl</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.picketlink</groupId>
|
||||
<artifactId>picketlink-idm-schema</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.picketlink</groupId>
|
||||
<artifactId>picketlink-config</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jboss.resteasy</groupId>
|
||||
<artifactId>resteasy-jaxrs</artifactId>
|
||||
<scope>provided</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>log4j</groupId>
|
||||
<artifactId>log4j</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-api</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-simple</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jboss.resteasy</groupId>
|
||||
<artifactId>jaxrs-api</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
<version>4.1</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<finalName>auth-server</finalName>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.jboss.as.plugins</groupId>
|
||||
<artifactId>jboss-as-maven-plugin</artifactId>
|
||||
<version>7.4.Final</version>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-deploy-plugin</artifactId>
|
||||
<configuration>
|
||||
<skip>true</skip>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-compiler-plugin</artifactId>
|
||||
<configuration>
|
||||
<source>1.6</source>
|
||||
<target>1.6</target>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
|
@ -0,0 +1,37 @@
|
|||
package org.keycloak.example.demo;
|
||||
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
import org.keycloak.services.resources.RegistrationService;
|
||||
import org.picketlink.idm.model.Realm;
|
||||
import org.picketlink.idm.model.SimpleRole;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class DemoApplication extends KeycloakApplication {
|
||||
|
||||
public DemoApplication() {
|
||||
super();
|
||||
|
||||
}
|
||||
|
||||
public void install(RealmManager manager) {
|
||||
RealmModel defaultRealm = manager.createRealm(Realm.DEFAULT_REALM, Realm.DEFAULT_REALM);
|
||||
defaultRealm.setName(Realm.DEFAULT_REALM);
|
||||
defaultRealm.setEnabled(true);
|
||||
defaultRealm.setTokenLifespan(300);
|
||||
defaultRealm.setAccessCodeLifespan(60);
|
||||
defaultRealm.setSslNotRequired(false);
|
||||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.updateRealm();
|
||||
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
|
||||
defaultRealm.getIdm().add(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE));
|
||||
}
|
||||
|
||||
}
|
16
examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml
Executable file
16
examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml
Executable file
|
@ -0,0 +1,16 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||
version="3.0">
|
||||
<!--
|
||||
<security-constraint>
|
||||
<web-resource-collection>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</web-resource-collection>
|
||||
<user-data-constraint>
|
||||
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
|
||||
</user-data-constraint>
|
||||
</security-constraint> -->
|
||||
|
||||
</web-app>
|
20
examples/pom.xml
Executable file
20
examples/pom.xml
Executable file
|
@ -0,0 +1,20 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.0-alpha-1</version>
|
||||
<relativePath>../pom.xml</relativePath>
|
||||
</parent>
|
||||
<name>Examples</name>
|
||||
<description/>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>examples-pom</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
<modules>
|
||||
<module>as7-eap-demo/server</module>
|
||||
</modules>
|
||||
</project>
|
21
pom.xml
21
pom.xml
|
@ -55,6 +55,7 @@
|
|||
<module>core</module>
|
||||
<module>services</module>
|
||||
<module>integration</module>
|
||||
<module>examples</module>
|
||||
</modules>
|
||||
|
||||
<dependencyManagement>
|
||||
|
@ -69,16 +70,6 @@
|
|||
<artifactId>bcmail-jdk16</artifactId>
|
||||
<version>1.46</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.infinispan</groupId>
|
||||
<artifactId>infinispan-core</artifactId>
|
||||
<version>5.1.6.FINAL</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.infinispan</groupId>
|
||||
<artifactId>infinispan-tree</artifactId>
|
||||
<version>5.1.6.FINAL</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jboss.resteasy</groupId>
|
||||
<artifactId>jaxrs-api</artifactId>
|
||||
|
@ -145,6 +136,11 @@
|
|||
<artifactId>tjws</artifactId>
|
||||
<version>${resteasy.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.picketlink</groupId>
|
||||
<artifactId>picketlink-common</artifactId>
|
||||
<version>2.5.0-SNAPSHOT</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.picketlink</groupId>
|
||||
<artifactId>picketlink-idm-api</artifactId>
|
||||
|
@ -165,6 +161,11 @@
|
|||
<artifactId>picketlink-config</artifactId>
|
||||
<version>2.5.0-SNAPSHOT</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jboss.logging</groupId>
|
||||
<artifactId>jboss-logging</artifactId>
|
||||
<version>3.1.1.GA</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
|
|
|
@ -19,25 +19,35 @@
|
|||
<version>${project.version}</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jboss.logging</groupId>
|
||||
<artifactId>jboss-logging</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.picketlink</groupId>
|
||||
<artifactId>picketlink-idm-api</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.picketlink</groupId>
|
||||
<artifactId>picketlink-common</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.picketlink</groupId>
|
||||
<artifactId>picketlink-idm-impl</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.picketlink</groupId>
|
||||
<artifactId>picketlink-idm-schema</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.picketlink</groupId>
|
||||
<artifactId>picketlink-config</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.infinispan</groupId>
|
||||
<artifactId>infinispan-core</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jboss.resteasy</groupId>
|
||||
|
|
|
@ -5,7 +5,6 @@ import org.keycloak.RSATokenVerifier;
|
|||
import org.keycloak.VerificationException;
|
||||
import org.keycloak.representations.SkeletonKeyToken;
|
||||
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
|
||||
import org.keycloak.services.models.RealmManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.picketlink.idm.credential.Credentials;
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
package org.keycloak.services.managers;
|
||||
|
||||
import org.keycloak.services.models.RealmManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.resources.RegistrationService;
|
||||
|
|
290
services/src/main/java/org/keycloak/services/managers/RealmManager.java
Executable file
290
services/src/main/java/org/keycloak/services/managers/RealmManager.java
Executable file
|
@ -0,0 +1,290 @@
|
|||
package org.keycloak.services.managers;
|
||||
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
|
||||
import org.keycloak.representations.idm.ResourceRepresentation;
|
||||
import org.keycloak.representations.idm.RoleMappingRepresentation;
|
||||
import org.keycloak.representations.idm.ScopeMappingRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.keycloak.services.models.UserCredentialModel;
|
||||
import org.keycloak.services.resources.RegistrationService;
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.model.Attribute;
|
||||
import org.picketlink.idm.model.Realm;
|
||||
import org.picketlink.idm.model.Role;
|
||||
import org.picketlink.idm.model.SimpleAgent;
|
||||
import org.picketlink.idm.model.SimpleRole;
|
||||
import org.picketlink.idm.model.SimpleUser;
|
||||
import org.picketlink.idm.model.User;
|
||||
|
||||
import javax.ws.rs.NotAuthorizedException;
|
||||
import javax.ws.rs.WebApplicationException;
|
||||
import javax.ws.rs.core.Response;
|
||||
import java.security.KeyPair;
|
||||
import java.security.KeyPairGenerator;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.atomic.AtomicLong;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RealmManager {
|
||||
private static AtomicLong counter = new AtomicLong(1);
|
||||
|
||||
public static String generateId() {
|
||||
return counter.getAndIncrement() + "-" + System.currentTimeMillis();
|
||||
}
|
||||
|
||||
protected IdentitySession identitySession;
|
||||
|
||||
public RealmManager(IdentitySession IdentitySession) {
|
||||
this.identitySession = IdentitySession;
|
||||
}
|
||||
|
||||
public RealmModel defaultRealm() {
|
||||
return getRealm(Realm.DEFAULT_REALM);
|
||||
}
|
||||
|
||||
public RealmModel getRealm(String id) {
|
||||
Realm existing = identitySession.findRealm(id);
|
||||
if (existing == null) {
|
||||
return null;
|
||||
}
|
||||
return new RealmModel(existing, identitySession);
|
||||
}
|
||||
|
||||
public RealmModel createRealm(String name) {
|
||||
return createRealm(generateId(), name);
|
||||
}
|
||||
|
||||
public RealmModel createRealm(String id, String name) {
|
||||
Realm newRealm = identitySession.createRealm(id);
|
||||
IdentityManager idm = identitySession.createIdentityManager(newRealm);
|
||||
SimpleAgent agent = new SimpleAgent(RealmModel.REALM_AGENT_ID);
|
||||
idm.add(agent);
|
||||
RealmModel realm = new RealmModel(newRealm, identitySession);
|
||||
return realm;
|
||||
}
|
||||
|
||||
public void generateRealmKeys(RealmModel realm) {
|
||||
KeyPair keyPair = null;
|
||||
try {
|
||||
keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
realm.setPrivateKey(keyPair.getPrivate());
|
||||
realm.setPublicKey(keyPair.getPublic());
|
||||
realm.updateRealm();
|
||||
}
|
||||
|
||||
public RealmModel importRealm(RealmRepresentation rep, User realmCreator) {
|
||||
verifyRealmRepresentation(rep);
|
||||
|
||||
RealmModel realm = createRealm(rep.getRealm());
|
||||
generateRealmKeys(realm);
|
||||
realm.addRealmAdmin(realmCreator);
|
||||
realm.setName(rep.getRealm());
|
||||
realm.setEnabled(rep.isEnabled());
|
||||
realm.setTokenLifespan(rep.getTokenLifespan());
|
||||
realm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
|
||||
realm.setSslNotRequired(rep.isSslNotRequired());
|
||||
realm.setCookieLoginAllowed(rep.isCookieLoginAllowed());
|
||||
realm.updateRealm();
|
||||
|
||||
|
||||
Map<String, User> userMap = new HashMap<String, User>();
|
||||
|
||||
for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) {
|
||||
RequiredCredentialModel credential = new RequiredCredentialModel();
|
||||
credential.setType(requiredCred.getType());
|
||||
credential.setInput(requiredCred.isInput());
|
||||
credential.setSecret(requiredCred.isSecret());
|
||||
realm.addRequiredCredential(credential);
|
||||
}
|
||||
|
||||
for (UserRepresentation userRep : rep.getUsers()) {
|
||||
User user = new SimpleUser(userRep.getUsername());
|
||||
user.setEnabled(userRep.isEnabled());
|
||||
if (userRep.getAttributes() != null) {
|
||||
for (Map.Entry<String, String> entry : userRep.getAttributes().entrySet()) {
|
||||
user.setAttribute(new Attribute<String>(entry.getKey(), entry.getValue()));
|
||||
}
|
||||
}
|
||||
realm.getIdm().add(user);
|
||||
if (userRep.getCredentials() != null) {
|
||||
for (UserRepresentation.Credential cred : userRep.getCredentials()) {
|
||||
UserCredentialModel credential = new UserCredentialModel();
|
||||
credential.setType(cred.getType());
|
||||
credential.setValue(cred.getValue());
|
||||
realm.updateCredential(user, credential);
|
||||
}
|
||||
}
|
||||
userMap.put(user.getLoginName(), user);
|
||||
}
|
||||
|
||||
Map<String, Role> roles = new HashMap<String, Role>();
|
||||
|
||||
if (rep.getRoles() != null) {
|
||||
for (String roleString : rep.getRoles()) {
|
||||
SimpleRole role = new SimpleRole(roleString.trim());
|
||||
realm.getIdm().add(role);
|
||||
roles.put(role.getName(), role);
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getRoleMappings() != null) {
|
||||
for (RoleMappingRepresentation mapping : rep.getRoleMappings()) {
|
||||
User user = userMap.get(mapping.getUsername());
|
||||
for (String roleString : mapping.getRoles()) {
|
||||
Role role = roles.get(roleString.trim());
|
||||
if (role == null) {
|
||||
role = new SimpleRole(roleString.trim());
|
||||
realm.getIdm().add(role);
|
||||
roles.put(role.getName(), role);
|
||||
}
|
||||
realm.getIdm().grantRole(user, role);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getScopeMappings() != null) {
|
||||
for (ScopeMappingRepresentation scope : rep.getScopeMappings()) {
|
||||
for (String roleString : scope.getRoles()) {
|
||||
Role role = roles.get(roleString.trim());
|
||||
if (role == null) {
|
||||
role = new SimpleRole(roleString.trim());
|
||||
realm.getIdm().add(role);
|
||||
roles.put(role.getName(), role);
|
||||
}
|
||||
User user = userMap.get(scope.getUsername());
|
||||
realm.addScope(user, role.getName());
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
if (!roles.containsKey("*")) {
|
||||
SimpleRole wildcard = new SimpleRole("*");
|
||||
realm.getIdm().add(wildcard);
|
||||
roles.put("*", wildcard);
|
||||
}
|
||||
|
||||
if (rep.getResources() != null) {
|
||||
createResources(rep, realm, userMap);
|
||||
}
|
||||
return realm;
|
||||
}
|
||||
|
||||
protected void createResources(RealmRepresentation rep, RealmModel realm, Map<String, User> userMap) {
|
||||
for (ResourceRepresentation resourceRep : rep.getResources()) {
|
||||
ResourceModel resource = realm.addResource(resourceRep.getName());
|
||||
resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
|
||||
resource.updateResource();
|
||||
Map<String, Role> roles = new HashMap<String, Role>();
|
||||
if (resourceRep.getRoles() != null) {
|
||||
for (String roleString : resourceRep.getRoles()) {
|
||||
SimpleRole role = new SimpleRole(roleString.trim());
|
||||
resource.getIdm().add(role);
|
||||
roles.put(role.getName(), role);
|
||||
}
|
||||
}
|
||||
if (resourceRep.getRoleMappings() != null) {
|
||||
for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
|
||||
User user = userMap.get(mapping.getUsername());
|
||||
for (String roleString : mapping.getRoles()) {
|
||||
Role role = roles.get(roleString.trim());
|
||||
if (role == null) {
|
||||
role = new SimpleRole(roleString.trim());
|
||||
resource.getIdm().add(role);
|
||||
roles.put(role.getName(), role);
|
||||
}
|
||||
Role role1 = resource.getIdm().getRole(role.getName());
|
||||
realm.getIdm().grantRole(user, role1);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (resourceRep.getScopeMappings() != null) {
|
||||
for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
|
||||
User user = userMap.get(mapping.getUsername());
|
||||
for (String roleString : mapping.getRoles()) {
|
||||
Role role = roles.get(roleString.trim());
|
||||
if (role == null) {
|
||||
role = new SimpleRole(roleString.trim());
|
||||
resource.getIdm().add(role);
|
||||
roles.put(role.getName(), role);
|
||||
}
|
||||
resource.addScope(user, role.getName());
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!roles.containsKey("*")) {
|
||||
SimpleRole wildcard = new SimpleRole("*");
|
||||
resource.getIdm().add(wildcard);
|
||||
roles.put("*", wildcard);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
protected void verifyRealmRepresentation(RealmRepresentation rep) {
|
||||
if (rep.getRequiredCredentials() == null) {
|
||||
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
|
||||
.entity("Realm credential requirements not defined").type("text/plain").build());
|
||||
|
||||
}
|
||||
|
||||
HashMap<String, UserRepresentation> userReps = new HashMap<String, UserRepresentation>();
|
||||
for (UserRepresentation userRep : rep.getUsers()) userReps.put(userRep.getUsername(), userRep);
|
||||
|
||||
// override enabled to false if user does not have at least all of browser or client credentials
|
||||
for (UserRepresentation userRep : rep.getUsers()) {
|
||||
if (userRep.getCredentials() == null) {
|
||||
userRep.setEnabled(false);
|
||||
} else {
|
||||
boolean hasBrowserCredentials = true;
|
||||
for (RequiredCredentialRepresentation credential : rep.getRequiredCredentials()) {
|
||||
boolean hasCredential = false;
|
||||
for (UserRepresentation.Credential cred : userRep.getCredentials()) {
|
||||
if (cred.getType().equals(credential.getType())) {
|
||||
hasCredential = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!hasCredential) {
|
||||
hasBrowserCredentials = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!hasBrowserCredentials) {
|
||||
userRep.setEnabled(false);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getResources() != null) {
|
||||
// check mappings
|
||||
for (ResourceRepresentation resourceRep : rep.getResources()) {
|
||||
if (resourceRep.getRoleMappings() != null) {
|
||||
for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
|
||||
if (!userReps.containsKey(mapping.getUsername())) {
|
||||
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
|
||||
.entity("No users declared for role mapping").type("text/plain").build());
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -5,7 +5,6 @@ import org.jboss.resteasy.jose.jws.JWSBuilder;
|
|||
import org.jboss.resteasy.jwt.JsonSerialization;
|
||||
import org.keycloak.representations.SkeletonKeyScope;
|
||||
import org.keycloak.representations.SkeletonKeyToken;
|
||||
import org.keycloak.services.models.RealmManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.picketlink.idm.model.User;
|
||||
|
|
|
@ -1,66 +0,0 @@
|
|||
package org.keycloak.services.models;
|
||||
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.model.Realm;
|
||||
import org.picketlink.idm.model.SimpleAgent;
|
||||
|
||||
import java.security.KeyPair;
|
||||
import java.security.KeyPairGenerator;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.concurrent.atomic.AtomicLong;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RealmManager {
|
||||
private static AtomicLong counter = new AtomicLong(1);
|
||||
|
||||
public static String generateId() {
|
||||
return counter.getAndIncrement() + "-" + System.currentTimeMillis();
|
||||
}
|
||||
|
||||
protected IdentitySession identitySession;
|
||||
|
||||
public RealmManager(IdentitySession IdentitySession) {
|
||||
this.identitySession = IdentitySession;
|
||||
}
|
||||
|
||||
public RealmModel defaultRealm() {
|
||||
return getRealm(Realm.DEFAULT_REALM);
|
||||
}
|
||||
|
||||
public RealmModel getRealm(String id) {
|
||||
Realm existing = identitySession.findRealm(id);
|
||||
if (existing == null) {
|
||||
return null;
|
||||
}
|
||||
return new RealmModel(existing, identitySession);
|
||||
}
|
||||
|
||||
public RealmModel createRealm(String name) {
|
||||
return createRealm(generateId(), name);
|
||||
}
|
||||
|
||||
public RealmModel createRealm(String id, String name) {
|
||||
Realm newRealm = identitySession.createRealm(id);
|
||||
IdentityManager idm = identitySession.createIdentityManager(newRealm);
|
||||
SimpleAgent agent = new SimpleAgent(RealmModel.REALM_AGENT_ID);
|
||||
idm.add(agent);
|
||||
RealmModel realm = new RealmModel(newRealm, identitySession);
|
||||
return realm;
|
||||
}
|
||||
|
||||
public void generateRealmKeys(RealmModel realm) {
|
||||
KeyPair keyPair = null;
|
||||
try {
|
||||
keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
realm.setPrivateKey(keyPair.getPrivate());
|
||||
realm.setPublicKey(keyPair.getPublic());
|
||||
realm.updateRealm();
|
||||
}
|
||||
}
|
|
@ -3,6 +3,7 @@ package org.keycloak.services.models;
|
|||
import org.bouncycastle.openssl.PEMWriter;
|
||||
import org.jboss.resteasy.security.PemUtils;
|
||||
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.relationships.RealmAdminRelationship;
|
||||
import org.keycloak.services.models.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
|
||||
|
|
|
@ -2,24 +2,13 @@ package org.keycloak.services.resources;
|
|||
|
||||
import org.jboss.resteasy.logging.Logger;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
|
||||
import org.keycloak.representations.idm.ResourceRepresentation;
|
||||
import org.keycloak.representations.idm.RoleMappingRepresentation;
|
||||
import org.keycloak.representations.idm.ScopeMappingRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.TokenManager;
|
||||
import org.keycloak.services.models.RealmManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.keycloak.services.models.UserCredentialModel;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.model.Attribute;
|
||||
import org.picketlink.idm.model.Realm;
|
||||
import org.picketlink.idm.model.Role;
|
||||
import org.picketlink.idm.model.SimpleRole;
|
||||
import org.picketlink.idm.model.SimpleUser;
|
||||
import org.picketlink.idm.model.User;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
|
@ -28,7 +17,6 @@ import javax.ws.rs.NotFoundException;
|
|||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.PathParam;
|
||||
import javax.ws.rs.WebApplicationException;
|
||||
import javax.ws.rs.container.ResourceContext;
|
||||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.HttpHeaders;
|
||||
|
@ -36,8 +24,6 @@ import javax.ws.rs.core.MediaType;
|
|||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.UriBuilder;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
|
@ -101,7 +87,15 @@ public class RealmsResource {
|
|||
identitySession.getTransaction().begin();
|
||||
RealmModel realm;
|
||||
try {
|
||||
realm = createRealm(rep);
|
||||
RealmManager realmManager = new RealmManager(identitySession);
|
||||
RealmModel defaultRealm = realmManager.getRealm(Realm.DEFAULT_REALM);
|
||||
User realmCreator = new AuthenticationManager().authenticateToken(defaultRealm, headers);
|
||||
Role creatorRole = defaultRealm.getIdm().getRole(RegistrationService.REALM_CREATOR_ROLE);
|
||||
if (!defaultRealm.getIdm().hasRole(realmCreator, creatorRole)) {
|
||||
logger.warn("not a realm creator");
|
||||
throw new NotAuthorizedException("Bearer");
|
||||
}
|
||||
realm = realmManager.importRealm(rep, realmCreator);
|
||||
identitySession.getTransaction().commit();
|
||||
} catch (RuntimeException re) {
|
||||
identitySession.getTransaction().rollback();
|
||||
|
@ -112,214 +106,4 @@ public class RealmsResource {
|
|||
.entity(RealmSubResource.realmRep(realm, uriInfo))
|
||||
.type(MediaType.APPLICATION_JSON_TYPE).build();
|
||||
}
|
||||
|
||||
protected RealmModel createRealm(RealmRepresentation rep) {
|
||||
RealmManager realmManager = new RealmManager(identitySession);
|
||||
RealmModel defaultRealm = realmManager.getRealm(Realm.DEFAULT_REALM);
|
||||
User realmCreator = new AuthenticationManager().authenticateToken(defaultRealm, headers);
|
||||
Role creatorRole = defaultRealm.getIdm().getRole(RegistrationService.REALM_CREATOR_ROLE);
|
||||
if (!defaultRealm.getIdm().hasRole(realmCreator, creatorRole)) {
|
||||
logger.warn("not a realm creator");
|
||||
throw new NotAuthorizedException("Bearer");
|
||||
}
|
||||
verifyRealmRepresentation(rep);
|
||||
|
||||
RealmModel realm = realmManager.createRealm(rep.getRealm());
|
||||
realmManager.generateRealmKeys(realm);
|
||||
realm.addRealmAdmin(realmCreator);
|
||||
realm.setName(rep.getRealm());
|
||||
realm.setEnabled(rep.isEnabled());
|
||||
realm.setTokenLifespan(rep.getTokenLifespan());
|
||||
realm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
|
||||
realm.setSslNotRequired(rep.isSslNotRequired());
|
||||
realm.setCookieLoginAllowed(rep.isCookieLoginAllowed());
|
||||
realm.updateRealm();
|
||||
|
||||
|
||||
Map<String, User> userMap = new HashMap<String, User>();
|
||||
|
||||
for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) {
|
||||
RequiredCredentialModel credential = new RequiredCredentialModel();
|
||||
credential.setType(requiredCred.getType());
|
||||
credential.setInput(requiredCred.isInput());
|
||||
credential.setSecret(requiredCred.isSecret());
|
||||
realm.addRequiredCredential(credential);
|
||||
}
|
||||
|
||||
for (UserRepresentation userRep : rep.getUsers()) {
|
||||
User user = new SimpleUser(userRep.getUsername());
|
||||
user.setEnabled(userRep.isEnabled());
|
||||
if (userRep.getAttributes() != null) {
|
||||
for (Map.Entry<String, String> entry : userRep.getAttributes().entrySet()) {
|
||||
user.setAttribute(new Attribute<String>(entry.getKey(), entry.getValue()));
|
||||
}
|
||||
}
|
||||
realm.getIdm().add(user);
|
||||
if (userRep.getCredentials() != null) {
|
||||
for (UserRepresentation.Credential cred : userRep.getCredentials()) {
|
||||
UserCredentialModel credential = new UserCredentialModel();
|
||||
credential.setType(cred.getType());
|
||||
credential.setValue(cred.getValue());
|
||||
realm.updateCredential(user, credential);
|
||||
}
|
||||
}
|
||||
userMap.put(user.getLoginName(), user);
|
||||
}
|
||||
|
||||
Map<String, Role> roles = new HashMap<String, Role>();
|
||||
|
||||
if (rep.getRoles() != null) {
|
||||
for (String roleString : rep.getRoles()) {
|
||||
SimpleRole role = new SimpleRole(roleString.trim());
|
||||
realm.getIdm().add(role);
|
||||
roles.put(role.getName(), role);
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getRoleMappings() != null) {
|
||||
for (RoleMappingRepresentation mapping : rep.getRoleMappings()) {
|
||||
User user = userMap.get(mapping.getUsername());
|
||||
for (String roleString : mapping.getRoles()) {
|
||||
Role role = roles.get(roleString.trim());
|
||||
if (role == null) {
|
||||
role = new SimpleRole(roleString.trim());
|
||||
realm.getIdm().add(role);
|
||||
roles.put(role.getName(), role);
|
||||
}
|
||||
realm.getIdm().grantRole(user, role);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getScopeMappings() != null) {
|
||||
for (ScopeMappingRepresentation scope : rep.getScopeMappings()) {
|
||||
for (String roleString : scope.getRoles()) {
|
||||
Role role = roles.get(roleString.trim());
|
||||
if (role == null) {
|
||||
role = new SimpleRole(roleString.trim());
|
||||
realm.getIdm().add(role);
|
||||
roles.put(role.getName(), role);
|
||||
}
|
||||
User user = userMap.get(scope.getUsername());
|
||||
realm.addScope(user, role.getName());
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
if (!roles.containsKey("*")) {
|
||||
SimpleRole wildcard = new SimpleRole("*");
|
||||
realm.getIdm().add(wildcard);
|
||||
roles.put("*", wildcard);
|
||||
}
|
||||
|
||||
if (rep.getResources() != null) {
|
||||
createResources(rep, realm, userMap);
|
||||
}
|
||||
return realm;
|
||||
}
|
||||
|
||||
protected void createResources(RealmRepresentation rep, RealmModel realm, Map<String, User> userMap) {
|
||||
for (ResourceRepresentation resourceRep : rep.getResources()) {
|
||||
ResourceModel resource = realm.addResource(resourceRep.getName());
|
||||
resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
|
||||
resource.updateResource();
|
||||
Map<String, Role> roles = new HashMap<String, Role>();
|
||||
if (resourceRep.getRoles() != null) {
|
||||
for (String roleString : resourceRep.getRoles()) {
|
||||
SimpleRole role = new SimpleRole(roleString.trim());
|
||||
resource.getIdm().add(role);
|
||||
roles.put(role.getName(), role);
|
||||
}
|
||||
}
|
||||
if (resourceRep.getRoleMappings() != null) {
|
||||
for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
|
||||
User user = userMap.get(mapping.getUsername());
|
||||
for (String roleString : mapping.getRoles()) {
|
||||
Role role = roles.get(roleString.trim());
|
||||
if (role == null) {
|
||||
role = new SimpleRole(roleString.trim());
|
||||
resource.getIdm().add(role);
|
||||
roles.put(role.getName(), role);
|
||||
}
|
||||
Role role1 = resource.getIdm().getRole(role.getName());
|
||||
realm.getIdm().grantRole(user, role1);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (resourceRep.getScopeMappings() != null) {
|
||||
for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
|
||||
User user = userMap.get(mapping.getUsername());
|
||||
for (String roleString : mapping.getRoles()) {
|
||||
Role role = roles.get(roleString.trim());
|
||||
if (role == null) {
|
||||
role = new SimpleRole(roleString.trim());
|
||||
resource.getIdm().add(role);
|
||||
roles.put(role.getName(), role);
|
||||
}
|
||||
resource.addScope(user, role.getName());
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!roles.containsKey("*")) {
|
||||
SimpleRole wildcard = new SimpleRole("*");
|
||||
resource.getIdm().add(wildcard);
|
||||
roles.put("*", wildcard);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
protected void verifyRealmRepresentation(RealmRepresentation rep) {
|
||||
if (rep.getRequiredCredentials() == null) {
|
||||
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
|
||||
.entity("Realm credential requirements not defined").type("text/plain").build());
|
||||
|
||||
}
|
||||
|
||||
HashMap<String, UserRepresentation> userReps = new HashMap<String, UserRepresentation>();
|
||||
for (UserRepresentation userRep : rep.getUsers()) userReps.put(userRep.getUsername(), userRep);
|
||||
|
||||
// override enabled to false if user does not have at least all of browser or client credentials
|
||||
for (UserRepresentation userRep : rep.getUsers()) {
|
||||
if (userRep.getCredentials() == null) {
|
||||
userRep.setEnabled(false);
|
||||
} else {
|
||||
boolean hasBrowserCredentials = true;
|
||||
for (RequiredCredentialRepresentation credential : rep.getRequiredCredentials()) {
|
||||
boolean hasCredential = false;
|
||||
for (UserRepresentation.Credential cred : userRep.getCredentials()) {
|
||||
if (cred.getType().equals(credential.getType())) {
|
||||
hasCredential = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!hasCredential) {
|
||||
hasBrowserCredentials = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!hasBrowserCredentials) {
|
||||
userRep.setEnabled(false);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getResources() != null) {
|
||||
// check mappings
|
||||
for (ResourceRepresentation resourceRep : rep.getResources()) {
|
||||
if (resourceRep.getRoleMappings() != null) {
|
||||
for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
|
||||
if (!userReps.containsKey(mapping.getUsername())) {
|
||||
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
|
||||
.entity("No users declared for role mapping").type("text/plain").build());
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@ package org.keycloak.services.resources;
|
|||
|
||||
import org.jboss.resteasy.logging.Logger;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.services.models.RealmManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.UserCredentialModel;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
|
|
|
@ -8,7 +8,7 @@ import org.junit.Test;
|
|||
import org.junit.runners.MethodSorters;
|
||||
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
|
||||
import org.keycloak.services.managers.InstallationManager;
|
||||
import org.keycloak.services.models.RealmManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.models.UserCredentialModel;
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
package org.keycloak.test;
|
||||
|
||||
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
|
||||
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
|
||||
import org.jboss.resteasy.spi.ResteasyDeployment;
|
||||
import org.jboss.resteasy.test.EmbeddedContainer;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Assert;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
|
@ -15,7 +13,7 @@ import org.keycloak.representations.idm.RequiredCredentialRepresentation;
|
|||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.InstallationManager;
|
||||
import org.keycloak.services.models.RealmManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.model.Realm;
|
||||
|
|
Loading…
Reference in a new issue