diff --git a/examples/as7-eap-demo/server/pom.xml b/examples/as7-eap-demo/server/pom.xml
new file mode 100755
index 0000000000..5c21e16d3e
--- /dev/null
+++ b/examples/as7-eap-demo/server/pom.xml
@@ -0,0 +1,101 @@
+
+
+
+ keycloak-parent
+ org.keycloak
+ 1.0-alpha-1
+ ../../../pom.xml
+
+ 4.0.0
+ org.keycloak.example.as7.demo
+ keycloak-server
+ war
+ Keycloak Demo
+
+
+
+
+ org.keycloak
+ keycloak-core
+ ${project.version}
+
+
+ org.keycloak
+ keycloak-services
+ ${project.version}
+
+
+ org.picketlink
+ picketlink-idm-api
+
+
+ org.picketlink
+ picketlink-idm-impl
+
+
+ org.picketlink
+ picketlink-idm-schema
+
+
+ org.picketlink
+ picketlink-config
+
+
+ org.jboss.resteasy
+ resteasy-jaxrs
+ provided
+
+
+ log4j
+ log4j
+
+
+ org.slf4j
+ slf4j-api
+
+
+ org.slf4j
+ slf4j-simple
+
+
+
+
+ org.jboss.resteasy
+ jaxrs-api
+ provided
+
+
+ junit
+ junit
+ 4.1
+ test
+
+
+
+
+ auth-server
+
+
+ org.jboss.as.plugins
+ jboss-as-maven-plugin
+ 7.4.Final
+
+
+ org.apache.maven.plugins
+ maven-deploy-plugin
+
+ true
+
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+
+ 1.6
+ 1.6
+
+
+
+
+
diff --git a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
new file mode 100755
index 0000000000..cd483cd1ee
--- /dev/null
+++ b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
@@ -0,0 +1,37 @@
+package org.keycloak.example.demo;
+
+import org.keycloak.services.managers.RealmManager;
+import org.keycloak.services.models.RealmModel;
+import org.keycloak.services.models.RequiredCredentialModel;
+import org.keycloak.services.resources.KeycloakApplication;
+import org.keycloak.services.resources.RegistrationService;
+import org.picketlink.idm.model.Realm;
+import org.picketlink.idm.model.SimpleRole;
+
+/**
+ * @author Bill Burke
+ * @version $Revision: 1 $
+ */
+public class DemoApplication extends KeycloakApplication {
+
+ public DemoApplication() {
+ super();
+
+ }
+
+ public void install(RealmManager manager) {
+ RealmModel defaultRealm = manager.createRealm(Realm.DEFAULT_REALM, Realm.DEFAULT_REALM);
+ defaultRealm.setName(Realm.DEFAULT_REALM);
+ defaultRealm.setEnabled(true);
+ defaultRealm.setTokenLifespan(300);
+ defaultRealm.setAccessCodeLifespan(60);
+ defaultRealm.setSslNotRequired(false);
+ defaultRealm.setCookieLoginAllowed(true);
+ defaultRealm.setRegistrationAllowed(true);
+ manager.generateRealmKeys(defaultRealm);
+ defaultRealm.updateRealm();
+ defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
+ defaultRealm.getIdm().add(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE));
+ }
+
+}
diff --git a/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml b/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml
new file mode 100755
index 0000000000..e2096d76c2
--- /dev/null
+++ b/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,16 @@
+
+
+
+
+
diff --git a/examples/pom.xml b/examples/pom.xml
new file mode 100755
index 0000000000..5e5a46fbd3
--- /dev/null
+++ b/examples/pom.xml
@@ -0,0 +1,20 @@
+
+
+ keycloak-parent
+ org.keycloak
+ 1.0-alpha-1
+ ../pom.xml
+
+ Examples
+
+ 4.0.0
+
+ org.keycloak
+ examples-pom
+ pom
+
+
+ as7-eap-demo/server
+
+
diff --git a/pom.xml b/pom.xml
index 6ba8fd23c4..d01a72c6a3 100755
--- a/pom.xml
+++ b/pom.xml
@@ -55,6 +55,7 @@
core
services
integration
+ examples
@@ -69,16 +70,6 @@
bcmail-jdk16
1.46
-
- org.infinispan
- infinispan-core
- 5.1.6.FINAL
-
-
- org.infinispan
- infinispan-tree
- 5.1.6.FINAL
-
org.jboss.resteasy
jaxrs-api
@@ -145,6 +136,11 @@
tjws
${resteasy.version}
+
+ org.picketlink
+ picketlink-common
+ 2.5.0-SNAPSHOT
+
org.picketlink
picketlink-idm-api
@@ -165,6 +161,11 @@
picketlink-config
2.5.0-SNAPSHOT
+
+ org.jboss.logging
+ jboss-logging
+ 3.1.1.GA
+
junit
junit
diff --git a/services/pom.xml b/services/pom.xml
index 5daecdd8c9..87fa920dd3 100755
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -19,25 +19,35 @@
${project.version}
provided
+
+ org.jboss.logging
+ jboss-logging
+ provided
+
org.picketlink
picketlink-idm-api
+ provided
+
+
+ org.picketlink
+ picketlink-common
+ provided
org.picketlink
picketlink-idm-impl
+ provided
org.picketlink
picketlink-idm-schema
+ provided
org.picketlink
picketlink-config
-
-
- org.infinispan
- infinispan-core
+ provided
org.jboss.resteasy
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index e77e1c66a4..8126764b24 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -5,7 +5,6 @@ import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
-import org.keycloak.services.models.RealmManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.picketlink.idm.credential.Credentials;
diff --git a/services/src/main/java/org/keycloak/services/managers/InstallationManager.java b/services/src/main/java/org/keycloak/services/managers/InstallationManager.java
index 61545475a8..0cb0efcaf3 100755
--- a/services/src/main/java/org/keycloak/services/managers/InstallationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/InstallationManager.java
@@ -1,6 +1,5 @@
package org.keycloak.services.managers;
-import org.keycloak.services.models.RealmManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.resources.RegistrationService;
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
new file mode 100755
index 0000000000..797b41db8e
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -0,0 +1,290 @@
+package org.keycloak.services.managers;
+
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.RequiredCredentialRepresentation;
+import org.keycloak.representations.idm.ResourceRepresentation;
+import org.keycloak.representations.idm.RoleMappingRepresentation;
+import org.keycloak.representations.idm.ScopeMappingRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.services.managers.AuthenticationManager;
+import org.keycloak.services.models.RealmModel;
+import org.keycloak.services.models.RequiredCredentialModel;
+import org.keycloak.services.models.ResourceModel;
+import org.keycloak.services.models.UserCredentialModel;
+import org.keycloak.services.resources.RegistrationService;
+import org.picketlink.idm.IdentityManager;
+import org.picketlink.idm.IdentitySession;
+import org.picketlink.idm.model.Attribute;
+import org.picketlink.idm.model.Realm;
+import org.picketlink.idm.model.Role;
+import org.picketlink.idm.model.SimpleAgent;
+import org.picketlink.idm.model.SimpleRole;
+import org.picketlink.idm.model.SimpleUser;
+import org.picketlink.idm.model.User;
+
+import javax.ws.rs.NotAuthorizedException;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.atomic.AtomicLong;
+
+/**
+ * @author Bill Burke
+ * @version $Revision: 1 $
+ */
+public class RealmManager {
+ private static AtomicLong counter = new AtomicLong(1);
+
+ public static String generateId() {
+ return counter.getAndIncrement() + "-" + System.currentTimeMillis();
+ }
+
+ protected IdentitySession identitySession;
+
+ public RealmManager(IdentitySession IdentitySession) {
+ this.identitySession = IdentitySession;
+ }
+
+ public RealmModel defaultRealm() {
+ return getRealm(Realm.DEFAULT_REALM);
+ }
+
+ public RealmModel getRealm(String id) {
+ Realm existing = identitySession.findRealm(id);
+ if (existing == null) {
+ return null;
+ }
+ return new RealmModel(existing, identitySession);
+ }
+
+ public RealmModel createRealm(String name) {
+ return createRealm(generateId(), name);
+ }
+
+ public RealmModel createRealm(String id, String name) {
+ Realm newRealm = identitySession.createRealm(id);
+ IdentityManager idm = identitySession.createIdentityManager(newRealm);
+ SimpleAgent agent = new SimpleAgent(RealmModel.REALM_AGENT_ID);
+ idm.add(agent);
+ RealmModel realm = new RealmModel(newRealm, identitySession);
+ return realm;
+ }
+
+ public void generateRealmKeys(RealmModel realm) {
+ KeyPair keyPair = null;
+ try {
+ keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ }
+ realm.setPrivateKey(keyPair.getPrivate());
+ realm.setPublicKey(keyPair.getPublic());
+ realm.updateRealm();
+ }
+
+ public RealmModel importRealm(RealmRepresentation rep, User realmCreator) {
+ verifyRealmRepresentation(rep);
+
+ RealmModel realm = createRealm(rep.getRealm());
+ generateRealmKeys(realm);
+ realm.addRealmAdmin(realmCreator);
+ realm.setName(rep.getRealm());
+ realm.setEnabled(rep.isEnabled());
+ realm.setTokenLifespan(rep.getTokenLifespan());
+ realm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
+ realm.setSslNotRequired(rep.isSslNotRequired());
+ realm.setCookieLoginAllowed(rep.isCookieLoginAllowed());
+ realm.updateRealm();
+
+
+ Map userMap = new HashMap();
+
+ for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) {
+ RequiredCredentialModel credential = new RequiredCredentialModel();
+ credential.setType(requiredCred.getType());
+ credential.setInput(requiredCred.isInput());
+ credential.setSecret(requiredCred.isSecret());
+ realm.addRequiredCredential(credential);
+ }
+
+ for (UserRepresentation userRep : rep.getUsers()) {
+ User user = new SimpleUser(userRep.getUsername());
+ user.setEnabled(userRep.isEnabled());
+ if (userRep.getAttributes() != null) {
+ for (Map.Entry entry : userRep.getAttributes().entrySet()) {
+ user.setAttribute(new Attribute(entry.getKey(), entry.getValue()));
+ }
+ }
+ realm.getIdm().add(user);
+ if (userRep.getCredentials() != null) {
+ for (UserRepresentation.Credential cred : userRep.getCredentials()) {
+ UserCredentialModel credential = new UserCredentialModel();
+ credential.setType(cred.getType());
+ credential.setValue(cred.getValue());
+ realm.updateCredential(user, credential);
+ }
+ }
+ userMap.put(user.getLoginName(), user);
+ }
+
+ Map roles = new HashMap();
+
+ if (rep.getRoles() != null) {
+ for (String roleString : rep.getRoles()) {
+ SimpleRole role = new SimpleRole(roleString.trim());
+ realm.getIdm().add(role);
+ roles.put(role.getName(), role);
+ }
+ }
+
+ if (rep.getRoleMappings() != null) {
+ for (RoleMappingRepresentation mapping : rep.getRoleMappings()) {
+ User user = userMap.get(mapping.getUsername());
+ for (String roleString : mapping.getRoles()) {
+ Role role = roles.get(roleString.trim());
+ if (role == null) {
+ role = new SimpleRole(roleString.trim());
+ realm.getIdm().add(role);
+ roles.put(role.getName(), role);
+ }
+ realm.getIdm().grantRole(user, role);
+ }
+ }
+ }
+
+ if (rep.getScopeMappings() != null) {
+ for (ScopeMappingRepresentation scope : rep.getScopeMappings()) {
+ for (String roleString : scope.getRoles()) {
+ Role role = roles.get(roleString.trim());
+ if (role == null) {
+ role = new SimpleRole(roleString.trim());
+ realm.getIdm().add(role);
+ roles.put(role.getName(), role);
+ }
+ User user = userMap.get(scope.getUsername());
+ realm.addScope(user, role.getName());
+ }
+
+ }
+ }
+
+ if (!roles.containsKey("*")) {
+ SimpleRole wildcard = new SimpleRole("*");
+ realm.getIdm().add(wildcard);
+ roles.put("*", wildcard);
+ }
+
+ if (rep.getResources() != null) {
+ createResources(rep, realm, userMap);
+ }
+ return realm;
+ }
+
+ protected void createResources(RealmRepresentation rep, RealmModel realm, Map userMap) {
+ for (ResourceRepresentation resourceRep : rep.getResources()) {
+ ResourceModel resource = realm.addResource(resourceRep.getName());
+ resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
+ resource.updateResource();
+ Map roles = new HashMap();
+ if (resourceRep.getRoles() != null) {
+ for (String roleString : resourceRep.getRoles()) {
+ SimpleRole role = new SimpleRole(roleString.trim());
+ resource.getIdm().add(role);
+ roles.put(role.getName(), role);
+ }
+ }
+ if (resourceRep.getRoleMappings() != null) {
+ for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
+ User user = userMap.get(mapping.getUsername());
+ for (String roleString : mapping.getRoles()) {
+ Role role = roles.get(roleString.trim());
+ if (role == null) {
+ role = new SimpleRole(roleString.trim());
+ resource.getIdm().add(role);
+ roles.put(role.getName(), role);
+ }
+ Role role1 = resource.getIdm().getRole(role.getName());
+ realm.getIdm().grantRole(user, role1);
+ }
+ }
+ }
+ if (resourceRep.getScopeMappings() != null) {
+ for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
+ User user = userMap.get(mapping.getUsername());
+ for (String roleString : mapping.getRoles()) {
+ Role role = roles.get(roleString.trim());
+ if (role == null) {
+ role = new SimpleRole(roleString.trim());
+ resource.getIdm().add(role);
+ roles.put(role.getName(), role);
+ }
+ resource.addScope(user, role.getName());
+ }
+ }
+ }
+ if (!roles.containsKey("*")) {
+ SimpleRole wildcard = new SimpleRole("*");
+ resource.getIdm().add(wildcard);
+ roles.put("*", wildcard);
+ }
+
+ }
+ }
+
+ protected void verifyRealmRepresentation(RealmRepresentation rep) {
+ if (rep.getRequiredCredentials() == null) {
+ throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
+ .entity("Realm credential requirements not defined").type("text/plain").build());
+
+ }
+
+ HashMap userReps = new HashMap();
+ for (UserRepresentation userRep : rep.getUsers()) userReps.put(userRep.getUsername(), userRep);
+
+ // override enabled to false if user does not have at least all of browser or client credentials
+ for (UserRepresentation userRep : rep.getUsers()) {
+ if (userRep.getCredentials() == null) {
+ userRep.setEnabled(false);
+ } else {
+ boolean hasBrowserCredentials = true;
+ for (RequiredCredentialRepresentation credential : rep.getRequiredCredentials()) {
+ boolean hasCredential = false;
+ for (UserRepresentation.Credential cred : userRep.getCredentials()) {
+ if (cred.getType().equals(credential.getType())) {
+ hasCredential = true;
+ break;
+ }
+ }
+ if (!hasCredential) {
+ hasBrowserCredentials = false;
+ break;
+ }
+ }
+ if (!hasBrowserCredentials) {
+ userRep.setEnabled(false);
+ }
+
+ }
+ }
+
+ if (rep.getResources() != null) {
+ // check mappings
+ for (ResourceRepresentation resourceRep : rep.getResources()) {
+ if (resourceRep.getRoleMappings() != null) {
+ for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
+ if (!userReps.containsKey(mapping.getUsername())) {
+ throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
+ .entity("No users declared for role mapping").type("text/plain").build());
+
+ }
+ }
+ }
+ }
+ }
+ }
+
+}
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index dc54604c59..4dcce28706 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -5,7 +5,6 @@ import org.jboss.resteasy.jose.jws.JWSBuilder;
import org.jboss.resteasy.jwt.JsonSerialization;
import org.keycloak.representations.SkeletonKeyScope;
import org.keycloak.representations.SkeletonKeyToken;
-import org.keycloak.services.models.RealmManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.ResourceModel;
import org.picketlink.idm.model.User;
diff --git a/services/src/main/java/org/keycloak/services/models/RealmManager.java b/services/src/main/java/org/keycloak/services/models/RealmManager.java
deleted file mode 100755
index 77a75b3cc3..0000000000
--- a/services/src/main/java/org/keycloak/services/models/RealmManager.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package org.keycloak.services.models;
-
-import org.picketlink.idm.IdentityManager;
-import org.picketlink.idm.IdentitySession;
-import org.picketlink.idm.model.Realm;
-import org.picketlink.idm.model.SimpleAgent;
-
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
-import java.util.concurrent.atomic.AtomicLong;
-
-/**
- * @author Bill Burke
- * @version $Revision: 1 $
- */
-public class RealmManager {
- private static AtomicLong counter = new AtomicLong(1);
-
- public static String generateId() {
- return counter.getAndIncrement() + "-" + System.currentTimeMillis();
- }
-
- protected IdentitySession identitySession;
-
- public RealmManager(IdentitySession IdentitySession) {
- this.identitySession = IdentitySession;
- }
-
- public RealmModel defaultRealm() {
- return getRealm(Realm.DEFAULT_REALM);
- }
-
- public RealmModel getRealm(String id) {
- Realm existing = identitySession.findRealm(id);
- if (existing == null) {
- return null;
- }
- return new RealmModel(existing, identitySession);
- }
-
- public RealmModel createRealm(String name) {
- return createRealm(generateId(), name);
- }
-
- public RealmModel createRealm(String id, String name) {
- Realm newRealm = identitySession.createRealm(id);
- IdentityManager idm = identitySession.createIdentityManager(newRealm);
- SimpleAgent agent = new SimpleAgent(RealmModel.REALM_AGENT_ID);
- idm.add(agent);
- RealmModel realm = new RealmModel(newRealm, identitySession);
- return realm;
- }
-
- public void generateRealmKeys(RealmModel realm) {
- KeyPair keyPair = null;
- try {
- keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
- } catch (NoSuchAlgorithmException e) {
- throw new RuntimeException(e);
- }
- realm.setPrivateKey(keyPair.getPrivate());
- realm.setPublicKey(keyPair.getPublic());
- realm.updateRealm();
- }
-}
diff --git a/services/src/main/java/org/keycloak/services/models/RealmModel.java b/services/src/main/java/org/keycloak/services/models/RealmModel.java
index 0cdf45ca01..6e971d3910 100755
--- a/services/src/main/java/org/keycloak/services/models/RealmModel.java
+++ b/services/src/main/java/org/keycloak/services/models/RealmModel.java
@@ -3,6 +3,7 @@ package org.keycloak.services.models;
import org.bouncycastle.openssl.PEMWriter;
import org.jboss.resteasy.security.PemUtils;
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
+import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.relationships.RealmAdminRelationship;
import org.keycloak.services.models.relationships.ResourceRelationship;
import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
index cf7576d431..82609c336f 100755
--- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
@@ -2,24 +2,13 @@ package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.representations.idm.RequiredCredentialRepresentation;
-import org.keycloak.representations.idm.ResourceRepresentation;
-import org.keycloak.representations.idm.RoleMappingRepresentation;
-import org.keycloak.representations.idm.ScopeMappingRepresentation;
-import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.TokenManager;
-import org.keycloak.services.models.RealmManager;
+import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.RealmModel;
-import org.keycloak.services.models.RequiredCredentialModel;
-import org.keycloak.services.models.ResourceModel;
-import org.keycloak.services.models.UserCredentialModel;
import org.picketlink.idm.IdentitySession;
-import org.picketlink.idm.model.Attribute;
import org.picketlink.idm.model.Realm;
import org.picketlink.idm.model.Role;
-import org.picketlink.idm.model.SimpleRole;
-import org.picketlink.idm.model.SimpleUser;
import org.picketlink.idm.model.User;
import javax.ws.rs.Consumes;
@@ -28,7 +17,6 @@ import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
@@ -36,8 +24,6 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
-import java.util.HashMap;
-import java.util.Map;
/**
* @author Bill Burke
@@ -101,7 +87,15 @@ public class RealmsResource {
identitySession.getTransaction().begin();
RealmModel realm;
try {
- realm = createRealm(rep);
+ RealmManager realmManager = new RealmManager(identitySession);
+ RealmModel defaultRealm = realmManager.getRealm(Realm.DEFAULT_REALM);
+ User realmCreator = new AuthenticationManager().authenticateToken(defaultRealm, headers);
+ Role creatorRole = defaultRealm.getIdm().getRole(RegistrationService.REALM_CREATOR_ROLE);
+ if (!defaultRealm.getIdm().hasRole(realmCreator, creatorRole)) {
+ logger.warn("not a realm creator");
+ throw new NotAuthorizedException("Bearer");
+ }
+ realm = realmManager.importRealm(rep, realmCreator);
identitySession.getTransaction().commit();
} catch (RuntimeException re) {
identitySession.getTransaction().rollback();
@@ -112,214 +106,4 @@ public class RealmsResource {
.entity(RealmSubResource.realmRep(realm, uriInfo))
.type(MediaType.APPLICATION_JSON_TYPE).build();
}
-
- protected RealmModel createRealm(RealmRepresentation rep) {
- RealmManager realmManager = new RealmManager(identitySession);
- RealmModel defaultRealm = realmManager.getRealm(Realm.DEFAULT_REALM);
- User realmCreator = new AuthenticationManager().authenticateToken(defaultRealm, headers);
- Role creatorRole = defaultRealm.getIdm().getRole(RegistrationService.REALM_CREATOR_ROLE);
- if (!defaultRealm.getIdm().hasRole(realmCreator, creatorRole)) {
- logger.warn("not a realm creator");
- throw new NotAuthorizedException("Bearer");
- }
- verifyRealmRepresentation(rep);
-
- RealmModel realm = realmManager.createRealm(rep.getRealm());
- realmManager.generateRealmKeys(realm);
- realm.addRealmAdmin(realmCreator);
- realm.setName(rep.getRealm());
- realm.setEnabled(rep.isEnabled());
- realm.setTokenLifespan(rep.getTokenLifespan());
- realm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
- realm.setSslNotRequired(rep.isSslNotRequired());
- realm.setCookieLoginAllowed(rep.isCookieLoginAllowed());
- realm.updateRealm();
-
-
- Map userMap = new HashMap();
-
- for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) {
- RequiredCredentialModel credential = new RequiredCredentialModel();
- credential.setType(requiredCred.getType());
- credential.setInput(requiredCred.isInput());
- credential.setSecret(requiredCred.isSecret());
- realm.addRequiredCredential(credential);
- }
-
- for (UserRepresentation userRep : rep.getUsers()) {
- User user = new SimpleUser(userRep.getUsername());
- user.setEnabled(userRep.isEnabled());
- if (userRep.getAttributes() != null) {
- for (Map.Entry entry : userRep.getAttributes().entrySet()) {
- user.setAttribute(new Attribute(entry.getKey(), entry.getValue()));
- }
- }
- realm.getIdm().add(user);
- if (userRep.getCredentials() != null) {
- for (UserRepresentation.Credential cred : userRep.getCredentials()) {
- UserCredentialModel credential = new UserCredentialModel();
- credential.setType(cred.getType());
- credential.setValue(cred.getValue());
- realm.updateCredential(user, credential);
- }
- }
- userMap.put(user.getLoginName(), user);
- }
-
- Map roles = new HashMap();
-
- if (rep.getRoles() != null) {
- for (String roleString : rep.getRoles()) {
- SimpleRole role = new SimpleRole(roleString.trim());
- realm.getIdm().add(role);
- roles.put(role.getName(), role);
- }
- }
-
- if (rep.getRoleMappings() != null) {
- for (RoleMappingRepresentation mapping : rep.getRoleMappings()) {
- User user = userMap.get(mapping.getUsername());
- for (String roleString : mapping.getRoles()) {
- Role role = roles.get(roleString.trim());
- if (role == null) {
- role = new SimpleRole(roleString.trim());
- realm.getIdm().add(role);
- roles.put(role.getName(), role);
- }
- realm.getIdm().grantRole(user, role);
- }
- }
- }
-
- if (rep.getScopeMappings() != null) {
- for (ScopeMappingRepresentation scope : rep.getScopeMappings()) {
- for (String roleString : scope.getRoles()) {
- Role role = roles.get(roleString.trim());
- if (role == null) {
- role = new SimpleRole(roleString.trim());
- realm.getIdm().add(role);
- roles.put(role.getName(), role);
- }
- User user = userMap.get(scope.getUsername());
- realm.addScope(user, role.getName());
- }
-
- }
- }
-
- if (!roles.containsKey("*")) {
- SimpleRole wildcard = new SimpleRole("*");
- realm.getIdm().add(wildcard);
- roles.put("*", wildcard);
- }
-
- if (rep.getResources() != null) {
- createResources(rep, realm, userMap);
- }
- return realm;
- }
-
- protected void createResources(RealmRepresentation rep, RealmModel realm, Map userMap) {
- for (ResourceRepresentation resourceRep : rep.getResources()) {
- ResourceModel resource = realm.addResource(resourceRep.getName());
- resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
- resource.updateResource();
- Map roles = new HashMap();
- if (resourceRep.getRoles() != null) {
- for (String roleString : resourceRep.getRoles()) {
- SimpleRole role = new SimpleRole(roleString.trim());
- resource.getIdm().add(role);
- roles.put(role.getName(), role);
- }
- }
- if (resourceRep.getRoleMappings() != null) {
- for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
- User user = userMap.get(mapping.getUsername());
- for (String roleString : mapping.getRoles()) {
- Role role = roles.get(roleString.trim());
- if (role == null) {
- role = new SimpleRole(roleString.trim());
- resource.getIdm().add(role);
- roles.put(role.getName(), role);
- }
- Role role1 = resource.getIdm().getRole(role.getName());
- realm.getIdm().grantRole(user, role1);
- }
- }
- }
- if (resourceRep.getScopeMappings() != null) {
- for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
- User user = userMap.get(mapping.getUsername());
- for (String roleString : mapping.getRoles()) {
- Role role = roles.get(roleString.trim());
- if (role == null) {
- role = new SimpleRole(roleString.trim());
- resource.getIdm().add(role);
- roles.put(role.getName(), role);
- }
- resource.addScope(user, role.getName());
- }
- }
- }
- if (!roles.containsKey("*")) {
- SimpleRole wildcard = new SimpleRole("*");
- resource.getIdm().add(wildcard);
- roles.put("*", wildcard);
- }
-
- }
- }
-
- protected void verifyRealmRepresentation(RealmRepresentation rep) {
- if (rep.getRequiredCredentials() == null) {
- throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
- .entity("Realm credential requirements not defined").type("text/plain").build());
-
- }
-
- HashMap userReps = new HashMap();
- for (UserRepresentation userRep : rep.getUsers()) userReps.put(userRep.getUsername(), userRep);
-
- // override enabled to false if user does not have at least all of browser or client credentials
- for (UserRepresentation userRep : rep.getUsers()) {
- if (userRep.getCredentials() == null) {
- userRep.setEnabled(false);
- } else {
- boolean hasBrowserCredentials = true;
- for (RequiredCredentialRepresentation credential : rep.getRequiredCredentials()) {
- boolean hasCredential = false;
- for (UserRepresentation.Credential cred : userRep.getCredentials()) {
- if (cred.getType().equals(credential.getType())) {
- hasCredential = true;
- break;
- }
- }
- if (!hasCredential) {
- hasBrowserCredentials = false;
- break;
- }
- }
- if (!hasBrowserCredentials) {
- userRep.setEnabled(false);
- }
-
- }
- }
-
- if (rep.getResources() != null) {
- // check mappings
- for (ResourceRepresentation resourceRep : rep.getResources()) {
- if (resourceRep.getRoleMappings() != null) {
- for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
- if (!userReps.containsKey(mapping.getUsername())) {
- throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
- .entity("No users declared for role mapping").type("text/plain").build());
-
- }
- }
- }
- }
- }
- }
-
}
diff --git a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java
index 55c576c3f8..9a2a181ffd 100755
--- a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java
+++ b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java
@@ -2,7 +2,7 @@ package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.services.models.RealmManager;
+import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.UserCredentialModel;
import org.picketlink.idm.IdentitySession;
diff --git a/services/src/test/java/org/keycloak/test/AdapterTest.java b/services/src/test/java/org/keycloak/test/AdapterTest.java
index 98fa18b055..86972bf571 100755
--- a/services/src/test/java/org/keycloak/test/AdapterTest.java
+++ b/services/src/test/java/org/keycloak/test/AdapterTest.java
@@ -8,7 +8,7 @@ import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
import org.keycloak.services.managers.InstallationManager;
-import org.keycloak.services.models.RealmManager;
+import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.models.UserCredentialModel;
diff --git a/services/src/test/java/org/keycloak/test/RealmCreationTest.java b/services/src/test/java/org/keycloak/test/RealmCreationTest.java
index 57d378f3f7..88cbe49b68 100755
--- a/services/src/test/java/org/keycloak/test/RealmCreationTest.java
+++ b/services/src/test/java/org/keycloak/test/RealmCreationTest.java
@@ -1,10 +1,8 @@
package org.keycloak.test;
-import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.spi.ResteasyDeployment;
import org.jboss.resteasy.test.EmbeddedContainer;
-import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -15,7 +13,7 @@ import org.keycloak.representations.idm.RequiredCredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.InstallationManager;
-import org.keycloak.services.models.RealmManager;
+import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication;
import org.picketlink.idm.IdentitySession;
import org.picketlink.idm.model.Realm;