From 79e6f46183a33b2ed85546f506a6ff49db480221 Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Thu, 18 Jul 2013 11:44:59 -0400 Subject: [PATCH] refactoring for demo setup --- examples/as7-eap-demo/server/pom.xml | 101 ++++++ .../example/demo/DemoApplication.java | 37 +++ .../server/src/main/webapp/WEB-INF/web.xml | 16 + examples/pom.xml | 20 ++ pom.xml | 21 +- services/pom.xml | 18 +- .../managers/AuthenticationManager.java | 1 - .../managers/InstallationManager.java | 1 - .../services/managers/RealmManager.java | 290 ++++++++++++++++++ .../services/managers/TokenManager.java | 1 - .../services/models/RealmManager.java | 66 ---- .../keycloak/services/models/RealmModel.java | 1 + .../services/resources/RealmsResource.java | 236 +------------- .../resources/RegistrationService.java | 2 +- .../java/org/keycloak/test/AdapterTest.java | 2 +- .../org/keycloak/test/RealmCreationTest.java | 4 +- 16 files changed, 503 insertions(+), 314 deletions(-) create mode 100755 examples/as7-eap-demo/server/pom.xml create mode 100755 examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java create mode 100755 examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml create mode 100755 examples/pom.xml create mode 100755 services/src/main/java/org/keycloak/services/managers/RealmManager.java delete mode 100755 services/src/main/java/org/keycloak/services/models/RealmManager.java diff --git a/examples/as7-eap-demo/server/pom.xml b/examples/as7-eap-demo/server/pom.xml new file mode 100755 index 0000000000..5c21e16d3e --- /dev/null +++ b/examples/as7-eap-demo/server/pom.xml @@ -0,0 +1,101 @@ + + + + keycloak-parent + org.keycloak + 1.0-alpha-1 + ../../../pom.xml + + 4.0.0 + org.keycloak.example.as7.demo + keycloak-server + war + Keycloak Demo + + + + + org.keycloak + keycloak-core + ${project.version} + + + org.keycloak + keycloak-services + ${project.version} + + + org.picketlink + picketlink-idm-api + + + org.picketlink + picketlink-idm-impl + + + org.picketlink + picketlink-idm-schema + + + org.picketlink + picketlink-config + + + org.jboss.resteasy + resteasy-jaxrs + provided + + + log4j + log4j + + + org.slf4j + slf4j-api + + + org.slf4j + slf4j-simple + + + + + org.jboss.resteasy + jaxrs-api + provided + + + junit + junit + 4.1 + test + + + + + auth-server + + + org.jboss.as.plugins + jboss-as-maven-plugin + 7.4.Final + + + org.apache.maven.plugins + maven-deploy-plugin + + true + + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.6 + 1.6 + + + + + diff --git a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java new file mode 100755 index 0000000000..cd483cd1ee --- /dev/null +++ b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java @@ -0,0 +1,37 @@ +package org.keycloak.example.demo; + +import org.keycloak.services.managers.RealmManager; +import org.keycloak.services.models.RealmModel; +import org.keycloak.services.models.RequiredCredentialModel; +import org.keycloak.services.resources.KeycloakApplication; +import org.keycloak.services.resources.RegistrationService; +import org.picketlink.idm.model.Realm; +import org.picketlink.idm.model.SimpleRole; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class DemoApplication extends KeycloakApplication { + + public DemoApplication() { + super(); + + } + + public void install(RealmManager manager) { + RealmModel defaultRealm = manager.createRealm(Realm.DEFAULT_REALM, Realm.DEFAULT_REALM); + defaultRealm.setName(Realm.DEFAULT_REALM); + defaultRealm.setEnabled(true); + defaultRealm.setTokenLifespan(300); + defaultRealm.setAccessCodeLifespan(60); + defaultRealm.setSslNotRequired(false); + defaultRealm.setCookieLoginAllowed(true); + defaultRealm.setRegistrationAllowed(true); + manager.generateRealmKeys(defaultRealm); + defaultRealm.updateRealm(); + defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD); + defaultRealm.getIdm().add(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE)); + } + +} diff --git a/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml b/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml new file mode 100755 index 0000000000..e2096d76c2 --- /dev/null +++ b/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,16 @@ + + + + + diff --git a/examples/pom.xml b/examples/pom.xml new file mode 100755 index 0000000000..5e5a46fbd3 --- /dev/null +++ b/examples/pom.xml @@ -0,0 +1,20 @@ + + + keycloak-parent + org.keycloak + 1.0-alpha-1 + ../pom.xml + + Examples + + 4.0.0 + + org.keycloak + examples-pom + pom + + + as7-eap-demo/server + + diff --git a/pom.xml b/pom.xml index 6ba8fd23c4..d01a72c6a3 100755 --- a/pom.xml +++ b/pom.xml @@ -55,6 +55,7 @@ core services integration + examples @@ -69,16 +70,6 @@ bcmail-jdk16 1.46 - - org.infinispan - infinispan-core - 5.1.6.FINAL - - - org.infinispan - infinispan-tree - 5.1.6.FINAL - org.jboss.resteasy jaxrs-api @@ -145,6 +136,11 @@ tjws ${resteasy.version} + + org.picketlink + picketlink-common + 2.5.0-SNAPSHOT + org.picketlink picketlink-idm-api @@ -165,6 +161,11 @@ picketlink-config 2.5.0-SNAPSHOT + + org.jboss.logging + jboss-logging + 3.1.1.GA + junit junit diff --git a/services/pom.xml b/services/pom.xml index 5daecdd8c9..87fa920dd3 100755 --- a/services/pom.xml +++ b/services/pom.xml @@ -19,25 +19,35 @@ ${project.version} provided + + org.jboss.logging + jboss-logging + provided + org.picketlink picketlink-idm-api + provided + + + org.picketlink + picketlink-common + provided org.picketlink picketlink-idm-impl + provided org.picketlink picketlink-idm-schema + provided org.picketlink picketlink-config - - - org.infinispan - infinispan-core + provided org.jboss.resteasy diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index e77e1c66a4..8126764b24 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -5,7 +5,6 @@ import org.keycloak.RSATokenVerifier; import org.keycloak.VerificationException; import org.keycloak.representations.SkeletonKeyToken; import org.keycloak.representations.idm.RequiredCredentialRepresentation; -import org.keycloak.services.models.RealmManager; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; import org.picketlink.idm.credential.Credentials; diff --git a/services/src/main/java/org/keycloak/services/managers/InstallationManager.java b/services/src/main/java/org/keycloak/services/managers/InstallationManager.java index 61545475a8..0cb0efcaf3 100755 --- a/services/src/main/java/org/keycloak/services/managers/InstallationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/InstallationManager.java @@ -1,6 +1,5 @@ package org.keycloak.services.managers; -import org.keycloak.services.models.RealmManager; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; import org.keycloak.services.resources.RegistrationService; diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java new file mode 100755 index 0000000000..797b41db8e --- /dev/null +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -0,0 +1,290 @@ +package org.keycloak.services.managers; + +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.representations.idm.RequiredCredentialRepresentation; +import org.keycloak.representations.idm.ResourceRepresentation; +import org.keycloak.representations.idm.RoleMappingRepresentation; +import org.keycloak.representations.idm.ScopeMappingRepresentation; +import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.services.managers.AuthenticationManager; +import org.keycloak.services.models.RealmModel; +import org.keycloak.services.models.RequiredCredentialModel; +import org.keycloak.services.models.ResourceModel; +import org.keycloak.services.models.UserCredentialModel; +import org.keycloak.services.resources.RegistrationService; +import org.picketlink.idm.IdentityManager; +import org.picketlink.idm.IdentitySession; +import org.picketlink.idm.model.Attribute; +import org.picketlink.idm.model.Realm; +import org.picketlink.idm.model.Role; +import org.picketlink.idm.model.SimpleAgent; +import org.picketlink.idm.model.SimpleRole; +import org.picketlink.idm.model.SimpleUser; +import org.picketlink.idm.model.User; + +import javax.ws.rs.NotAuthorizedException; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.util.HashMap; +import java.util.Map; +import java.util.concurrent.atomic.AtomicLong; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class RealmManager { + private static AtomicLong counter = new AtomicLong(1); + + public static String generateId() { + return counter.getAndIncrement() + "-" + System.currentTimeMillis(); + } + + protected IdentitySession identitySession; + + public RealmManager(IdentitySession IdentitySession) { + this.identitySession = IdentitySession; + } + + public RealmModel defaultRealm() { + return getRealm(Realm.DEFAULT_REALM); + } + + public RealmModel getRealm(String id) { + Realm existing = identitySession.findRealm(id); + if (existing == null) { + return null; + } + return new RealmModel(existing, identitySession); + } + + public RealmModel createRealm(String name) { + return createRealm(generateId(), name); + } + + public RealmModel createRealm(String id, String name) { + Realm newRealm = identitySession.createRealm(id); + IdentityManager idm = identitySession.createIdentityManager(newRealm); + SimpleAgent agent = new SimpleAgent(RealmModel.REALM_AGENT_ID); + idm.add(agent); + RealmModel realm = new RealmModel(newRealm, identitySession); + return realm; + } + + public void generateRealmKeys(RealmModel realm) { + KeyPair keyPair = null; + try { + keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + realm.setPrivateKey(keyPair.getPrivate()); + realm.setPublicKey(keyPair.getPublic()); + realm.updateRealm(); + } + + public RealmModel importRealm(RealmRepresentation rep, User realmCreator) { + verifyRealmRepresentation(rep); + + RealmModel realm = createRealm(rep.getRealm()); + generateRealmKeys(realm); + realm.addRealmAdmin(realmCreator); + realm.setName(rep.getRealm()); + realm.setEnabled(rep.isEnabled()); + realm.setTokenLifespan(rep.getTokenLifespan()); + realm.setAccessCodeLifespan(rep.getAccessCodeLifespan()); + realm.setSslNotRequired(rep.isSslNotRequired()); + realm.setCookieLoginAllowed(rep.isCookieLoginAllowed()); + realm.updateRealm(); + + + Map userMap = new HashMap(); + + for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) { + RequiredCredentialModel credential = new RequiredCredentialModel(); + credential.setType(requiredCred.getType()); + credential.setInput(requiredCred.isInput()); + credential.setSecret(requiredCred.isSecret()); + realm.addRequiredCredential(credential); + } + + for (UserRepresentation userRep : rep.getUsers()) { + User user = new SimpleUser(userRep.getUsername()); + user.setEnabled(userRep.isEnabled()); + if (userRep.getAttributes() != null) { + for (Map.Entry entry : userRep.getAttributes().entrySet()) { + user.setAttribute(new Attribute(entry.getKey(), entry.getValue())); + } + } + realm.getIdm().add(user); + if (userRep.getCredentials() != null) { + for (UserRepresentation.Credential cred : userRep.getCredentials()) { + UserCredentialModel credential = new UserCredentialModel(); + credential.setType(cred.getType()); + credential.setValue(cred.getValue()); + realm.updateCredential(user, credential); + } + } + userMap.put(user.getLoginName(), user); + } + + Map roles = new HashMap(); + + if (rep.getRoles() != null) { + for (String roleString : rep.getRoles()) { + SimpleRole role = new SimpleRole(roleString.trim()); + realm.getIdm().add(role); + roles.put(role.getName(), role); + } + } + + if (rep.getRoleMappings() != null) { + for (RoleMappingRepresentation mapping : rep.getRoleMappings()) { + User user = userMap.get(mapping.getUsername()); + for (String roleString : mapping.getRoles()) { + Role role = roles.get(roleString.trim()); + if (role == null) { + role = new SimpleRole(roleString.trim()); + realm.getIdm().add(role); + roles.put(role.getName(), role); + } + realm.getIdm().grantRole(user, role); + } + } + } + + if (rep.getScopeMappings() != null) { + for (ScopeMappingRepresentation scope : rep.getScopeMappings()) { + for (String roleString : scope.getRoles()) { + Role role = roles.get(roleString.trim()); + if (role == null) { + role = new SimpleRole(roleString.trim()); + realm.getIdm().add(role); + roles.put(role.getName(), role); + } + User user = userMap.get(scope.getUsername()); + realm.addScope(user, role.getName()); + } + + } + } + + if (!roles.containsKey("*")) { + SimpleRole wildcard = new SimpleRole("*"); + realm.getIdm().add(wildcard); + roles.put("*", wildcard); + } + + if (rep.getResources() != null) { + createResources(rep, realm, userMap); + } + return realm; + } + + protected void createResources(RealmRepresentation rep, RealmModel realm, Map userMap) { + for (ResourceRepresentation resourceRep : rep.getResources()) { + ResourceModel resource = realm.addResource(resourceRep.getName()); + resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired()); + resource.updateResource(); + Map roles = new HashMap(); + if (resourceRep.getRoles() != null) { + for (String roleString : resourceRep.getRoles()) { + SimpleRole role = new SimpleRole(roleString.trim()); + resource.getIdm().add(role); + roles.put(role.getName(), role); + } + } + if (resourceRep.getRoleMappings() != null) { + for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) { + User user = userMap.get(mapping.getUsername()); + for (String roleString : mapping.getRoles()) { + Role role = roles.get(roleString.trim()); + if (role == null) { + role = new SimpleRole(roleString.trim()); + resource.getIdm().add(role); + roles.put(role.getName(), role); + } + Role role1 = resource.getIdm().getRole(role.getName()); + realm.getIdm().grantRole(user, role1); + } + } + } + if (resourceRep.getScopeMappings() != null) { + for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) { + User user = userMap.get(mapping.getUsername()); + for (String roleString : mapping.getRoles()) { + Role role = roles.get(roleString.trim()); + if (role == null) { + role = new SimpleRole(roleString.trim()); + resource.getIdm().add(role); + roles.put(role.getName(), role); + } + resource.addScope(user, role.getName()); + } + } + } + if (!roles.containsKey("*")) { + SimpleRole wildcard = new SimpleRole("*"); + resource.getIdm().add(wildcard); + roles.put("*", wildcard); + } + + } + } + + protected void verifyRealmRepresentation(RealmRepresentation rep) { + if (rep.getRequiredCredentials() == null) { + throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST) + .entity("Realm credential requirements not defined").type("text/plain").build()); + + } + + HashMap userReps = new HashMap(); + for (UserRepresentation userRep : rep.getUsers()) userReps.put(userRep.getUsername(), userRep); + + // override enabled to false if user does not have at least all of browser or client credentials + for (UserRepresentation userRep : rep.getUsers()) { + if (userRep.getCredentials() == null) { + userRep.setEnabled(false); + } else { + boolean hasBrowserCredentials = true; + for (RequiredCredentialRepresentation credential : rep.getRequiredCredentials()) { + boolean hasCredential = false; + for (UserRepresentation.Credential cred : userRep.getCredentials()) { + if (cred.getType().equals(credential.getType())) { + hasCredential = true; + break; + } + } + if (!hasCredential) { + hasBrowserCredentials = false; + break; + } + } + if (!hasBrowserCredentials) { + userRep.setEnabled(false); + } + + } + } + + if (rep.getResources() != null) { + // check mappings + for (ResourceRepresentation resourceRep : rep.getResources()) { + if (resourceRep.getRoleMappings() != null) { + for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) { + if (!userReps.containsKey(mapping.getUsername())) { + throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST) + .entity("No users declared for role mapping").type("text/plain").build()); + + } + } + } + } + } + } + +} diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java index dc54604c59..4dcce28706 100755 --- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java +++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java @@ -5,7 +5,6 @@ import org.jboss.resteasy.jose.jws.JWSBuilder; import org.jboss.resteasy.jwt.JsonSerialization; import org.keycloak.representations.SkeletonKeyScope; import org.keycloak.representations.SkeletonKeyToken; -import org.keycloak.services.models.RealmManager; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.ResourceModel; import org.picketlink.idm.model.User; diff --git a/services/src/main/java/org/keycloak/services/models/RealmManager.java b/services/src/main/java/org/keycloak/services/models/RealmManager.java deleted file mode 100755 index 77a75b3cc3..0000000000 --- a/services/src/main/java/org/keycloak/services/models/RealmManager.java +++ /dev/null @@ -1,66 +0,0 @@ -package org.keycloak.services.models; - -import org.picketlink.idm.IdentityManager; -import org.picketlink.idm.IdentitySession; -import org.picketlink.idm.model.Realm; -import org.picketlink.idm.model.SimpleAgent; - -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; -import java.util.concurrent.atomic.AtomicLong; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class RealmManager { - private static AtomicLong counter = new AtomicLong(1); - - public static String generateId() { - return counter.getAndIncrement() + "-" + System.currentTimeMillis(); - } - - protected IdentitySession identitySession; - - public RealmManager(IdentitySession IdentitySession) { - this.identitySession = IdentitySession; - } - - public RealmModel defaultRealm() { - return getRealm(Realm.DEFAULT_REALM); - } - - public RealmModel getRealm(String id) { - Realm existing = identitySession.findRealm(id); - if (existing == null) { - return null; - } - return new RealmModel(existing, identitySession); - } - - public RealmModel createRealm(String name) { - return createRealm(generateId(), name); - } - - public RealmModel createRealm(String id, String name) { - Realm newRealm = identitySession.createRealm(id); - IdentityManager idm = identitySession.createIdentityManager(newRealm); - SimpleAgent agent = new SimpleAgent(RealmModel.REALM_AGENT_ID); - idm.add(agent); - RealmModel realm = new RealmModel(newRealm, identitySession); - return realm; - } - - public void generateRealmKeys(RealmModel realm) { - KeyPair keyPair = null; - try { - keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } - realm.setPrivateKey(keyPair.getPrivate()); - realm.setPublicKey(keyPair.getPublic()); - realm.updateRealm(); - } -} diff --git a/services/src/main/java/org/keycloak/services/models/RealmModel.java b/services/src/main/java/org/keycloak/services/models/RealmModel.java index 0cdf45ca01..6e971d3910 100755 --- a/services/src/main/java/org/keycloak/services/models/RealmModel.java +++ b/services/src/main/java/org/keycloak/services/models/RealmModel.java @@ -3,6 +3,7 @@ package org.keycloak.services.models; import org.bouncycastle.openssl.PEMWriter; import org.jboss.resteasy.security.PemUtils; import org.keycloak.representations.idm.RequiredCredentialRepresentation; +import org.keycloak.services.managers.RealmManager; import org.keycloak.services.models.relationships.RealmAdminRelationship; import org.keycloak.services.models.relationships.ResourceRelationship; import org.keycloak.services.models.relationships.RequiredCredentialRelationship; diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index cf7576d431..82609c336f 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -2,24 +2,13 @@ package org.keycloak.services.resources; import org.jboss.resteasy.logging.Logger; import org.keycloak.representations.idm.RealmRepresentation; -import org.keycloak.representations.idm.RequiredCredentialRepresentation; -import org.keycloak.representations.idm.ResourceRepresentation; -import org.keycloak.representations.idm.RoleMappingRepresentation; -import org.keycloak.representations.idm.ScopeMappingRepresentation; -import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.TokenManager; -import org.keycloak.services.models.RealmManager; +import org.keycloak.services.managers.RealmManager; import org.keycloak.services.models.RealmModel; -import org.keycloak.services.models.RequiredCredentialModel; -import org.keycloak.services.models.ResourceModel; -import org.keycloak.services.models.UserCredentialModel; import org.picketlink.idm.IdentitySession; -import org.picketlink.idm.model.Attribute; import org.picketlink.idm.model.Realm; import org.picketlink.idm.model.Role; -import org.picketlink.idm.model.SimpleRole; -import org.picketlink.idm.model.SimpleUser; import org.picketlink.idm.model.User; import javax.ws.rs.Consumes; @@ -28,7 +17,6 @@ import javax.ws.rs.NotFoundException; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.PathParam; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.container.ResourceContext; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; @@ -36,8 +24,6 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; -import java.util.HashMap; -import java.util.Map; /** * @author Bill Burke @@ -101,7 +87,15 @@ public class RealmsResource { identitySession.getTransaction().begin(); RealmModel realm; try { - realm = createRealm(rep); + RealmManager realmManager = new RealmManager(identitySession); + RealmModel defaultRealm = realmManager.getRealm(Realm.DEFAULT_REALM); + User realmCreator = new AuthenticationManager().authenticateToken(defaultRealm, headers); + Role creatorRole = defaultRealm.getIdm().getRole(RegistrationService.REALM_CREATOR_ROLE); + if (!defaultRealm.getIdm().hasRole(realmCreator, creatorRole)) { + logger.warn("not a realm creator"); + throw new NotAuthorizedException("Bearer"); + } + realm = realmManager.importRealm(rep, realmCreator); identitySession.getTransaction().commit(); } catch (RuntimeException re) { identitySession.getTransaction().rollback(); @@ -112,214 +106,4 @@ public class RealmsResource { .entity(RealmSubResource.realmRep(realm, uriInfo)) .type(MediaType.APPLICATION_JSON_TYPE).build(); } - - protected RealmModel createRealm(RealmRepresentation rep) { - RealmManager realmManager = new RealmManager(identitySession); - RealmModel defaultRealm = realmManager.getRealm(Realm.DEFAULT_REALM); - User realmCreator = new AuthenticationManager().authenticateToken(defaultRealm, headers); - Role creatorRole = defaultRealm.getIdm().getRole(RegistrationService.REALM_CREATOR_ROLE); - if (!defaultRealm.getIdm().hasRole(realmCreator, creatorRole)) { - logger.warn("not a realm creator"); - throw new NotAuthorizedException("Bearer"); - } - verifyRealmRepresentation(rep); - - RealmModel realm = realmManager.createRealm(rep.getRealm()); - realmManager.generateRealmKeys(realm); - realm.addRealmAdmin(realmCreator); - realm.setName(rep.getRealm()); - realm.setEnabled(rep.isEnabled()); - realm.setTokenLifespan(rep.getTokenLifespan()); - realm.setAccessCodeLifespan(rep.getAccessCodeLifespan()); - realm.setSslNotRequired(rep.isSslNotRequired()); - realm.setCookieLoginAllowed(rep.isCookieLoginAllowed()); - realm.updateRealm(); - - - Map userMap = new HashMap(); - - for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) { - RequiredCredentialModel credential = new RequiredCredentialModel(); - credential.setType(requiredCred.getType()); - credential.setInput(requiredCred.isInput()); - credential.setSecret(requiredCred.isSecret()); - realm.addRequiredCredential(credential); - } - - for (UserRepresentation userRep : rep.getUsers()) { - User user = new SimpleUser(userRep.getUsername()); - user.setEnabled(userRep.isEnabled()); - if (userRep.getAttributes() != null) { - for (Map.Entry entry : userRep.getAttributes().entrySet()) { - user.setAttribute(new Attribute(entry.getKey(), entry.getValue())); - } - } - realm.getIdm().add(user); - if (userRep.getCredentials() != null) { - for (UserRepresentation.Credential cred : userRep.getCredentials()) { - UserCredentialModel credential = new UserCredentialModel(); - credential.setType(cred.getType()); - credential.setValue(cred.getValue()); - realm.updateCredential(user, credential); - } - } - userMap.put(user.getLoginName(), user); - } - - Map roles = new HashMap(); - - if (rep.getRoles() != null) { - for (String roleString : rep.getRoles()) { - SimpleRole role = new SimpleRole(roleString.trim()); - realm.getIdm().add(role); - roles.put(role.getName(), role); - } - } - - if (rep.getRoleMappings() != null) { - for (RoleMappingRepresentation mapping : rep.getRoleMappings()) { - User user = userMap.get(mapping.getUsername()); - for (String roleString : mapping.getRoles()) { - Role role = roles.get(roleString.trim()); - if (role == null) { - role = new SimpleRole(roleString.trim()); - realm.getIdm().add(role); - roles.put(role.getName(), role); - } - realm.getIdm().grantRole(user, role); - } - } - } - - if (rep.getScopeMappings() != null) { - for (ScopeMappingRepresentation scope : rep.getScopeMappings()) { - for (String roleString : scope.getRoles()) { - Role role = roles.get(roleString.trim()); - if (role == null) { - role = new SimpleRole(roleString.trim()); - realm.getIdm().add(role); - roles.put(role.getName(), role); - } - User user = userMap.get(scope.getUsername()); - realm.addScope(user, role.getName()); - } - - } - } - - if (!roles.containsKey("*")) { - SimpleRole wildcard = new SimpleRole("*"); - realm.getIdm().add(wildcard); - roles.put("*", wildcard); - } - - if (rep.getResources() != null) { - createResources(rep, realm, userMap); - } - return realm; - } - - protected void createResources(RealmRepresentation rep, RealmModel realm, Map userMap) { - for (ResourceRepresentation resourceRep : rep.getResources()) { - ResourceModel resource = realm.addResource(resourceRep.getName()); - resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired()); - resource.updateResource(); - Map roles = new HashMap(); - if (resourceRep.getRoles() != null) { - for (String roleString : resourceRep.getRoles()) { - SimpleRole role = new SimpleRole(roleString.trim()); - resource.getIdm().add(role); - roles.put(role.getName(), role); - } - } - if (resourceRep.getRoleMappings() != null) { - for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) { - User user = userMap.get(mapping.getUsername()); - for (String roleString : mapping.getRoles()) { - Role role = roles.get(roleString.trim()); - if (role == null) { - role = new SimpleRole(roleString.trim()); - resource.getIdm().add(role); - roles.put(role.getName(), role); - } - Role role1 = resource.getIdm().getRole(role.getName()); - realm.getIdm().grantRole(user, role1); - } - } - } - if (resourceRep.getScopeMappings() != null) { - for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) { - User user = userMap.get(mapping.getUsername()); - for (String roleString : mapping.getRoles()) { - Role role = roles.get(roleString.trim()); - if (role == null) { - role = new SimpleRole(roleString.trim()); - resource.getIdm().add(role); - roles.put(role.getName(), role); - } - resource.addScope(user, role.getName()); - } - } - } - if (!roles.containsKey("*")) { - SimpleRole wildcard = new SimpleRole("*"); - resource.getIdm().add(wildcard); - roles.put("*", wildcard); - } - - } - } - - protected void verifyRealmRepresentation(RealmRepresentation rep) { - if (rep.getRequiredCredentials() == null) { - throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST) - .entity("Realm credential requirements not defined").type("text/plain").build()); - - } - - HashMap userReps = new HashMap(); - for (UserRepresentation userRep : rep.getUsers()) userReps.put(userRep.getUsername(), userRep); - - // override enabled to false if user does not have at least all of browser or client credentials - for (UserRepresentation userRep : rep.getUsers()) { - if (userRep.getCredentials() == null) { - userRep.setEnabled(false); - } else { - boolean hasBrowserCredentials = true; - for (RequiredCredentialRepresentation credential : rep.getRequiredCredentials()) { - boolean hasCredential = false; - for (UserRepresentation.Credential cred : userRep.getCredentials()) { - if (cred.getType().equals(credential.getType())) { - hasCredential = true; - break; - } - } - if (!hasCredential) { - hasBrowserCredentials = false; - break; - } - } - if (!hasBrowserCredentials) { - userRep.setEnabled(false); - } - - } - } - - if (rep.getResources() != null) { - // check mappings - for (ResourceRepresentation resourceRep : rep.getResources()) { - if (resourceRep.getRoleMappings() != null) { - for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) { - if (!userReps.containsKey(mapping.getUsername())) { - throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST) - .entity("No users declared for role mapping").type("text/plain").build()); - - } - } - } - } - } - } - } diff --git a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java index 55c576c3f8..9a2a181ffd 100755 --- a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java +++ b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java @@ -2,7 +2,7 @@ package org.keycloak.services.resources; import org.jboss.resteasy.logging.Logger; import org.keycloak.representations.idm.UserRepresentation; -import org.keycloak.services.models.RealmManager; +import org.keycloak.services.managers.RealmManager; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.UserCredentialModel; import org.picketlink.idm.IdentitySession; diff --git a/services/src/test/java/org/keycloak/test/AdapterTest.java b/services/src/test/java/org/keycloak/test/AdapterTest.java index 98fa18b055..86972bf571 100755 --- a/services/src/test/java/org/keycloak/test/AdapterTest.java +++ b/services/src/test/java/org/keycloak/test/AdapterTest.java @@ -8,7 +8,7 @@ import org.junit.Test; import org.junit.runners.MethodSorters; import org.keycloak.representations.idm.RequiredCredentialRepresentation; import org.keycloak.services.managers.InstallationManager; -import org.keycloak.services.models.RealmManager; +import org.keycloak.services.managers.RealmManager; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; import org.keycloak.services.models.UserCredentialModel; diff --git a/services/src/test/java/org/keycloak/test/RealmCreationTest.java b/services/src/test/java/org/keycloak/test/RealmCreationTest.java index 57d378f3f7..88cbe49b68 100755 --- a/services/src/test/java/org/keycloak/test/RealmCreationTest.java +++ b/services/src/test/java/org/keycloak/test/RealmCreationTest.java @@ -1,10 +1,8 @@ package org.keycloak.test; -import org.jboss.resteasy.client.jaxrs.ResteasyClient; import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; import org.jboss.resteasy.spi.ResteasyDeployment; import org.jboss.resteasy.test.EmbeddedContainer; -import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; @@ -15,7 +13,7 @@ import org.keycloak.representations.idm.RequiredCredentialRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.InstallationManager; -import org.keycloak.services.models.RealmManager; +import org.keycloak.services.managers.RealmManager; import org.keycloak.services.resources.KeycloakApplication; import org.picketlink.idm.IdentitySession; import org.picketlink.idm.model.Realm;