acct svc + sessions

This commit is contained in:
Bill Burke 2014-05-19 11:45:42 -04:00 committed by Stian Thorgersen
parent 2b525c6016
commit 7e8b16f975
8 changed files with 57 additions and 13 deletions

View file

@ -1,9 +1,13 @@
package org.keycloak.account.freemarker.model; package org.keycloak.account.freemarker.model;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel; import org.keycloak.models.UserSessionModel;
import org.keycloak.util.Time; import org.keycloak.util.Time;
import java.util.ArrayList;
import java.util.Date; import java.util.Date;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.List; import java.util.List;
@ -50,6 +54,21 @@ public class SessionsBean {
return Time.toDate(max); return Time.toDate(max);
} }
public List<String> getApplications() {
List<String> apps = new ArrayList<String>();
for (ClientModel client : session.getClientAssociations()) {
if (client instanceof ApplicationModel) apps.add(client.getClientId());
}
return apps;
}
public List<String> getClients() {
List<String> apps = new ArrayList<String>();
for (ClientModel client : session.getClientAssociations()) {
if (client instanceof OAuthClientModel) apps.add(client.getClientId());
}
return apps;
}
} }
} }

View file

@ -13,6 +13,8 @@
<td>IP</td> <td>IP</td>
<td>Started</td> <td>Started</td>
<td>Expires</td> <td>Expires</td>
<td>Applications</td>
<td>Clients</td>
</tr> </tr>
</thead> </thead>
@ -22,6 +24,20 @@
<td>${session.ipAddress}</td> <td>${session.ipAddress}</td>
<td>${session.started?datetime}</td> <td>${session.started?datetime}</td>
<td>${session.expires?datetime}</td> <td>${session.expires?datetime}</td>
<td>
<ul style="list-style: none; ">
<#list session.applications as app>
<li>${app}</li>
</#list>
</ul>
</td>
<td>
<ul style="list-style: none; ">
<#list session.clients as client>
<li>${client}</li>
</#list>
</ul>
</td>
</tr> </tr>
</#list> </#list>
</tbody> </tbody>

View file

@ -21,7 +21,7 @@ public class AppAuthManager extends AuthenticationManager {
super(providerSession); super(providerSession);
} }
public UserModel authenticateRequest(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) { public AuthResult authenticateRequest(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
AuthResult authResult = authenticateIdentityCookie(realm, uriInfo, headers); AuthResult authResult = authenticateIdentityCookie(realm, uriInfo, headers);
if (authResult != null) { if (authResult != null) {
Cookie remember = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME); Cookie remember = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
@ -29,7 +29,7 @@ public class AppAuthManager extends AuthenticationManager {
// refresh the cookies! // refresh the cookies!
createLoginCookie(realm, authResult.getUser(), authResult.getSession(), uriInfo, rememberMe); createLoginCookie(realm, authResult.getUser(), authResult.getSession(), uriInfo, rememberMe);
if (rememberMe) createRememberMeCookie(realm, uriInfo); if (rememberMe) createRememberMeCookie(realm, uriInfo);
return authResult.getUser(); return authResult;
} else { } else {
return authenticateBearerToken(realm, uriInfo, headers); return authenticateBearerToken(realm, uriInfo, headers);
} }
@ -47,11 +47,11 @@ public class AppAuthManager extends AuthenticationManager {
return tokenString; return tokenString;
} }
public UserModel authenticateBearerToken(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) { public AuthResult authenticateBearerToken(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
String tokenString = extractAuthorizationHeaderToken(headers); String tokenString = extractAuthorizationHeaderToken(headers);
if (tokenString == null) return null; if (tokenString == null) return null;
AuthResult authResult = verifyIdentityToken(realm, uriInfo, true, tokenString); AuthResult authResult = verifyIdentityToken(realm, uriInfo, true, tokenString);
return authResult != null ? authResult.getUser() : null; return authResult;
} }
} }

View file

@ -279,6 +279,8 @@ public class RealmManager {
if (application == null) { if (application == null) {
application = new ApplicationManager(this).createApplication(realm, Constants.ACCOUNT_MANAGEMENT_APP); application = new ApplicationManager(this).createApplication(realm, Constants.ACCOUNT_MANAGEMENT_APP);
application.setEnabled(true); application.setEnabled(true);
String redirectUri = contextPath + "/realms/" + realm.getName() + "/account/*";
application.addRedirectUri(redirectUri);
for (String role : AccountRoles.ALL) { for (String role : AccountRoles.ALL) {
application.addDefaultRole(role); application.addDefaultRole(role);

View file

@ -49,6 +49,7 @@ import org.keycloak.provider.ProviderSession;
import org.keycloak.services.ForbiddenException; import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.AppAuthManager; import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.Auth; import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.ModelToRepresentation; import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.SocialRequestManager; import org.keycloak.services.managers.SocialRequestManager;
import org.keycloak.services.managers.TokenManager; import org.keycloak.services.managers.TokenManager;
@ -148,9 +149,12 @@ public class AccountService {
account = AccountLoader.load().createAccount(uriInfo).setRealm(realm); account = AccountLoader.load().createAccount(uriInfo).setRealm(realm);
boolean passwordUpdateSupported = false; boolean passwordUpdateSupported = false;
UserModel user = authManager.authenticateRequest(realm, uriInfo, headers); AuthenticationManager.AuthResult authResult = authManager.authenticateRequest(realm, uriInfo, headers);
if (user != null) { if (authResult != null) {
auth = new Auth(realm, user, application); auth = new Auth(realm, authResult.getUser(), application);
if (authResult.getSession() != null) {
authResult.getSession().associateClient(application);
}
account.setUser(auth.getUser()); account.setUser(auth.getUser());
AuthenticationLinkModel authLinkModel = realm.getAuthenticationLink(auth.getUser()); AuthenticationLinkModel authLinkModel = realm.getAuthenticationLink(auth.getUser());

View file

@ -18,6 +18,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderSession; import org.keycloak.provider.ProviderSession;
import org.keycloak.services.managers.AppAuthManager; import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.ApplicationManager; import org.keycloak.services.managers.ApplicationManager;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication; import org.keycloak.services.resources.KeycloakApplication;
import org.keycloak.services.resources.TokenService; import org.keycloak.services.resources.TokenService;
@ -164,10 +165,11 @@ public class AdminConsole {
@NoCache @NoCache
public Response whoAmI(final @Context HttpHeaders headers) { public Response whoAmI(final @Context HttpHeaders headers) {
RealmManager realmManager = new RealmManager(session); RealmManager realmManager = new RealmManager(session);
UserModel user = authManager.authenticateBearerToken(realm, uriInfo, headers); AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(realm, uriInfo, headers);
if (user == null) { if (authResult == null) {
return Response.status(401).build(); return Response.status(401).build();
} }
UserModel user= authResult.getUser();
String displayName; String displayName;
if ((user.getFirstName() != null && !user.getFirstName().trim().equals("")) || (user.getLastName() != null && !user.getLastName().trim().equals(""))) { if ((user.getFirstName() != null && !user.getFirstName().trim().equals("")) || (user.getLastName() != null && !user.getLastName().trim().equals(""))) {
displayName = user.getFirstName(); displayName = user.getFirstName();

View file

@ -14,6 +14,7 @@ import org.keycloak.provider.ProviderSession;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.services.managers.AppAuthManager; import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.Auth; import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.TokenManager; import org.keycloak.services.managers.TokenManager;
@ -116,8 +117,8 @@ public class AdminRoot {
if (realm == null) { if (realm == null) {
throw new UnauthorizedException("Unknown realm in token"); throw new UnauthorizedException("Unknown realm in token");
} }
UserModel user = authManager.authenticateBearerToken(realm, uriInfo, headers); AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(realm, uriInfo, headers);
if (user == null) { if (authResult == null) {
logger.debug("Token not valid"); logger.debug("Token not valid");
throw new UnauthorizedException("Bearer"); throw new UnauthorizedException("Bearer");
} }
@ -126,7 +127,7 @@ public class AdminRoot {
if (consoleApp == null) { if (consoleApp == null) {
throw new NotFoundException("Could not find admin console application"); throw new NotFoundException("Could not find admin console application");
} }
Auth auth = new Auth(realm, user, consoleApp); Auth auth = new Auth(realm, authResult.getUser(), consoleApp);
return auth; return auth;

View file

@ -201,7 +201,7 @@ public class KeycloakServer {
info("Not importing realm " + rep.getRealm() + " realm already exists"); info("Not importing realm " + rep.getRealm() + " realm already exists");
return; return;
} }
manager.setContextPath("/auth");
RealmModel realm = manager.createRealm(rep.getId(), rep.getRealm()); RealmModel realm = manager.createRealm(rep.getId(), rep.getRealm());
manager.importRealm(rep, realm); manager.importRealm(rep, realm);