acct svc + sessions
This commit is contained in:
parent
2b525c6016
commit
7e8b16f975
8 changed files with 57 additions and 13 deletions
|
@ -1,9 +1,13 @@
|
||||||
package org.keycloak.account.freemarker.model;
|
package org.keycloak.account.freemarker.model;
|
||||||
|
|
||||||
|
import org.keycloak.models.ApplicationModel;
|
||||||
|
import org.keycloak.models.ClientModel;
|
||||||
|
import org.keycloak.models.OAuthClientModel;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserSessionModel;
|
import org.keycloak.models.UserSessionModel;
|
||||||
import org.keycloak.util.Time;
|
import org.keycloak.util.Time;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -50,6 +54,21 @@ public class SessionsBean {
|
||||||
return Time.toDate(max);
|
return Time.toDate(max);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public List<String> getApplications() {
|
||||||
|
List<String> apps = new ArrayList<String>();
|
||||||
|
for (ClientModel client : session.getClientAssociations()) {
|
||||||
|
if (client instanceof ApplicationModel) apps.add(client.getClientId());
|
||||||
|
}
|
||||||
|
return apps;
|
||||||
|
}
|
||||||
|
public List<String> getClients() {
|
||||||
|
List<String> apps = new ArrayList<String>();
|
||||||
|
for (ClientModel client : session.getClientAssociations()) {
|
||||||
|
if (client instanceof OAuthClientModel) apps.add(client.getClientId());
|
||||||
|
}
|
||||||
|
return apps;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
16
forms/common-themes/src/main/resources/theme/account/base/sessions.ftl
Normal file → Executable file
16
forms/common-themes/src/main/resources/theme/account/base/sessions.ftl
Normal file → Executable file
|
@ -13,6 +13,8 @@
|
||||||
<td>IP</td>
|
<td>IP</td>
|
||||||
<td>Started</td>
|
<td>Started</td>
|
||||||
<td>Expires</td>
|
<td>Expires</td>
|
||||||
|
<td>Applications</td>
|
||||||
|
<td>Clients</td>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
|
|
||||||
|
@ -22,6 +24,20 @@
|
||||||
<td>${session.ipAddress}</td>
|
<td>${session.ipAddress}</td>
|
||||||
<td>${session.started?datetime}</td>
|
<td>${session.started?datetime}</td>
|
||||||
<td>${session.expires?datetime}</td>
|
<td>${session.expires?datetime}</td>
|
||||||
|
<td>
|
||||||
|
<ul style="list-style: none; ">
|
||||||
|
<#list session.applications as app>
|
||||||
|
<li>${app}</li>
|
||||||
|
</#list>
|
||||||
|
</ul>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<ul style="list-style: none; ">
|
||||||
|
<#list session.clients as client>
|
||||||
|
<li>${client}</li>
|
||||||
|
</#list>
|
||||||
|
</ul>
|
||||||
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
</#list>
|
</#list>
|
||||||
</tbody>
|
</tbody>
|
||||||
|
|
|
@ -21,7 +21,7 @@ public class AppAuthManager extends AuthenticationManager {
|
||||||
super(providerSession);
|
super(providerSession);
|
||||||
}
|
}
|
||||||
|
|
||||||
public UserModel authenticateRequest(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
|
public AuthResult authenticateRequest(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
|
||||||
AuthResult authResult = authenticateIdentityCookie(realm, uriInfo, headers);
|
AuthResult authResult = authenticateIdentityCookie(realm, uriInfo, headers);
|
||||||
if (authResult != null) {
|
if (authResult != null) {
|
||||||
Cookie remember = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
|
Cookie remember = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
|
||||||
|
@ -29,7 +29,7 @@ public class AppAuthManager extends AuthenticationManager {
|
||||||
// refresh the cookies!
|
// refresh the cookies!
|
||||||
createLoginCookie(realm, authResult.getUser(), authResult.getSession(), uriInfo, rememberMe);
|
createLoginCookie(realm, authResult.getUser(), authResult.getSession(), uriInfo, rememberMe);
|
||||||
if (rememberMe) createRememberMeCookie(realm, uriInfo);
|
if (rememberMe) createRememberMeCookie(realm, uriInfo);
|
||||||
return authResult.getUser();
|
return authResult;
|
||||||
} else {
|
} else {
|
||||||
return authenticateBearerToken(realm, uriInfo, headers);
|
return authenticateBearerToken(realm, uriInfo, headers);
|
||||||
}
|
}
|
||||||
|
@ -47,11 +47,11 @@ public class AppAuthManager extends AuthenticationManager {
|
||||||
return tokenString;
|
return tokenString;
|
||||||
}
|
}
|
||||||
|
|
||||||
public UserModel authenticateBearerToken(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
|
public AuthResult authenticateBearerToken(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
|
||||||
String tokenString = extractAuthorizationHeaderToken(headers);
|
String tokenString = extractAuthorizationHeaderToken(headers);
|
||||||
if (tokenString == null) return null;
|
if (tokenString == null) return null;
|
||||||
AuthResult authResult = verifyIdentityToken(realm, uriInfo, true, tokenString);
|
AuthResult authResult = verifyIdentityToken(realm, uriInfo, true, tokenString);
|
||||||
return authResult != null ? authResult.getUser() : null;
|
return authResult;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -279,6 +279,8 @@ public class RealmManager {
|
||||||
if (application == null) {
|
if (application == null) {
|
||||||
application = new ApplicationManager(this).createApplication(realm, Constants.ACCOUNT_MANAGEMENT_APP);
|
application = new ApplicationManager(this).createApplication(realm, Constants.ACCOUNT_MANAGEMENT_APP);
|
||||||
application.setEnabled(true);
|
application.setEnabled(true);
|
||||||
|
String redirectUri = contextPath + "/realms/" + realm.getName() + "/account/*";
|
||||||
|
application.addRedirectUri(redirectUri);
|
||||||
|
|
||||||
for (String role : AccountRoles.ALL) {
|
for (String role : AccountRoles.ALL) {
|
||||||
application.addDefaultRole(role);
|
application.addDefaultRole(role);
|
||||||
|
|
|
@ -49,6 +49,7 @@ import org.keycloak.provider.ProviderSession;
|
||||||
import org.keycloak.services.ForbiddenException;
|
import org.keycloak.services.ForbiddenException;
|
||||||
import org.keycloak.services.managers.AppAuthManager;
|
import org.keycloak.services.managers.AppAuthManager;
|
||||||
import org.keycloak.services.managers.Auth;
|
import org.keycloak.services.managers.Auth;
|
||||||
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.ModelToRepresentation;
|
import org.keycloak.services.managers.ModelToRepresentation;
|
||||||
import org.keycloak.services.managers.SocialRequestManager;
|
import org.keycloak.services.managers.SocialRequestManager;
|
||||||
import org.keycloak.services.managers.TokenManager;
|
import org.keycloak.services.managers.TokenManager;
|
||||||
|
@ -148,9 +149,12 @@ public class AccountService {
|
||||||
account = AccountLoader.load().createAccount(uriInfo).setRealm(realm);
|
account = AccountLoader.load().createAccount(uriInfo).setRealm(realm);
|
||||||
|
|
||||||
boolean passwordUpdateSupported = false;
|
boolean passwordUpdateSupported = false;
|
||||||
UserModel user = authManager.authenticateRequest(realm, uriInfo, headers);
|
AuthenticationManager.AuthResult authResult = authManager.authenticateRequest(realm, uriInfo, headers);
|
||||||
if (user != null) {
|
if (authResult != null) {
|
||||||
auth = new Auth(realm, user, application);
|
auth = new Auth(realm, authResult.getUser(), application);
|
||||||
|
if (authResult.getSession() != null) {
|
||||||
|
authResult.getSession().associateClient(application);
|
||||||
|
}
|
||||||
account.setUser(auth.getUser());
|
account.setUser(auth.getUser());
|
||||||
|
|
||||||
AuthenticationLinkModel authLinkModel = realm.getAuthenticationLink(auth.getUser());
|
AuthenticationLinkModel authLinkModel = realm.getAuthenticationLink(auth.getUser());
|
||||||
|
|
|
@ -18,6 +18,7 @@ import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.provider.ProviderSession;
|
import org.keycloak.provider.ProviderSession;
|
||||||
import org.keycloak.services.managers.AppAuthManager;
|
import org.keycloak.services.managers.AppAuthManager;
|
||||||
import org.keycloak.services.managers.ApplicationManager;
|
import org.keycloak.services.managers.ApplicationManager;
|
||||||
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.resources.KeycloakApplication;
|
import org.keycloak.services.resources.KeycloakApplication;
|
||||||
import org.keycloak.services.resources.TokenService;
|
import org.keycloak.services.resources.TokenService;
|
||||||
|
@ -164,10 +165,11 @@ public class AdminConsole {
|
||||||
@NoCache
|
@NoCache
|
||||||
public Response whoAmI(final @Context HttpHeaders headers) {
|
public Response whoAmI(final @Context HttpHeaders headers) {
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
UserModel user = authManager.authenticateBearerToken(realm, uriInfo, headers);
|
AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(realm, uriInfo, headers);
|
||||||
if (user == null) {
|
if (authResult == null) {
|
||||||
return Response.status(401).build();
|
return Response.status(401).build();
|
||||||
}
|
}
|
||||||
|
UserModel user= authResult.getUser();
|
||||||
String displayName;
|
String displayName;
|
||||||
if ((user.getFirstName() != null && !user.getFirstName().trim().equals("")) || (user.getLastName() != null && !user.getLastName().trim().equals(""))) {
|
if ((user.getFirstName() != null && !user.getFirstName().trim().equals("")) || (user.getLastName() != null && !user.getLastName().trim().equals(""))) {
|
||||||
displayName = user.getFirstName();
|
displayName = user.getFirstName();
|
||||||
|
|
|
@ -14,6 +14,7 @@ import org.keycloak.provider.ProviderSession;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.services.managers.AppAuthManager;
|
import org.keycloak.services.managers.AppAuthManager;
|
||||||
import org.keycloak.services.managers.Auth;
|
import org.keycloak.services.managers.Auth;
|
||||||
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.managers.TokenManager;
|
import org.keycloak.services.managers.TokenManager;
|
||||||
|
|
||||||
|
@ -116,8 +117,8 @@ public class AdminRoot {
|
||||||
if (realm == null) {
|
if (realm == null) {
|
||||||
throw new UnauthorizedException("Unknown realm in token");
|
throw new UnauthorizedException("Unknown realm in token");
|
||||||
}
|
}
|
||||||
UserModel user = authManager.authenticateBearerToken(realm, uriInfo, headers);
|
AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(realm, uriInfo, headers);
|
||||||
if (user == null) {
|
if (authResult == null) {
|
||||||
logger.debug("Token not valid");
|
logger.debug("Token not valid");
|
||||||
throw new UnauthorizedException("Bearer");
|
throw new UnauthorizedException("Bearer");
|
||||||
}
|
}
|
||||||
|
@ -126,7 +127,7 @@ public class AdminRoot {
|
||||||
if (consoleApp == null) {
|
if (consoleApp == null) {
|
||||||
throw new NotFoundException("Could not find admin console application");
|
throw new NotFoundException("Could not find admin console application");
|
||||||
}
|
}
|
||||||
Auth auth = new Auth(realm, user, consoleApp);
|
Auth auth = new Auth(realm, authResult.getUser(), consoleApp);
|
||||||
return auth;
|
return auth;
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -201,7 +201,7 @@ public class KeycloakServer {
|
||||||
info("Not importing realm " + rep.getRealm() + " realm already exists");
|
info("Not importing realm " + rep.getRealm() + " realm already exists");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
manager.setContextPath("/auth");
|
||||||
RealmModel realm = manager.createRealm(rep.getId(), rep.getRealm());
|
RealmModel realm = manager.createRealm(rep.getId(), rep.getRealm());
|
||||||
manager.importRealm(rep, realm);
|
manager.importRealm(rep, realm);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue