acct svc + sessions
This commit is contained in:
parent
2b525c6016
commit
7e8b16f975
8 changed files with 57 additions and 13 deletions
|
@ -1,9 +1,13 @@
|
|||
package org.keycloak.account.freemarker.model;
|
||||
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.OAuthClientModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.util.Time;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Date;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
|
@ -50,6 +54,21 @@ public class SessionsBean {
|
|||
return Time.toDate(max);
|
||||
}
|
||||
|
||||
public List<String> getApplications() {
|
||||
List<String> apps = new ArrayList<String>();
|
||||
for (ClientModel client : session.getClientAssociations()) {
|
||||
if (client instanceof ApplicationModel) apps.add(client.getClientId());
|
||||
}
|
||||
return apps;
|
||||
}
|
||||
public List<String> getClients() {
|
||||
List<String> apps = new ArrayList<String>();
|
||||
for (ClientModel client : session.getClientAssociations()) {
|
||||
if (client instanceof OAuthClientModel) apps.add(client.getClientId());
|
||||
}
|
||||
return apps;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
16
forms/common-themes/src/main/resources/theme/account/base/sessions.ftl
Normal file → Executable file
16
forms/common-themes/src/main/resources/theme/account/base/sessions.ftl
Normal file → Executable file
|
@ -13,6 +13,8 @@
|
|||
<td>IP</td>
|
||||
<td>Started</td>
|
||||
<td>Expires</td>
|
||||
<td>Applications</td>
|
||||
<td>Clients</td>
|
||||
</tr>
|
||||
</thead>
|
||||
|
||||
|
@ -22,6 +24,20 @@
|
|||
<td>${session.ipAddress}</td>
|
||||
<td>${session.started?datetime}</td>
|
||||
<td>${session.expires?datetime}</td>
|
||||
<td>
|
||||
<ul style="list-style: none; ">
|
||||
<#list session.applications as app>
|
||||
<li>${app}</li>
|
||||
</#list>
|
||||
</ul>
|
||||
</td>
|
||||
<td>
|
||||
<ul style="list-style: none; ">
|
||||
<#list session.clients as client>
|
||||
<li>${client}</li>
|
||||
</#list>
|
||||
</ul>
|
||||
</td>
|
||||
</tr>
|
||||
</#list>
|
||||
</tbody>
|
||||
|
|
|
@ -21,7 +21,7 @@ public class AppAuthManager extends AuthenticationManager {
|
|||
super(providerSession);
|
||||
}
|
||||
|
||||
public UserModel authenticateRequest(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
|
||||
public AuthResult authenticateRequest(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
|
||||
AuthResult authResult = authenticateIdentityCookie(realm, uriInfo, headers);
|
||||
if (authResult != null) {
|
||||
Cookie remember = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
|
||||
|
@ -29,7 +29,7 @@ public class AppAuthManager extends AuthenticationManager {
|
|||
// refresh the cookies!
|
||||
createLoginCookie(realm, authResult.getUser(), authResult.getSession(), uriInfo, rememberMe);
|
||||
if (rememberMe) createRememberMeCookie(realm, uriInfo);
|
||||
return authResult.getUser();
|
||||
return authResult;
|
||||
} else {
|
||||
return authenticateBearerToken(realm, uriInfo, headers);
|
||||
}
|
||||
|
@ -47,11 +47,11 @@ public class AppAuthManager extends AuthenticationManager {
|
|||
return tokenString;
|
||||
}
|
||||
|
||||
public UserModel authenticateBearerToken(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
|
||||
public AuthResult authenticateBearerToken(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
|
||||
String tokenString = extractAuthorizationHeaderToken(headers);
|
||||
if (tokenString == null) return null;
|
||||
AuthResult authResult = verifyIdentityToken(realm, uriInfo, true, tokenString);
|
||||
return authResult != null ? authResult.getUser() : null;
|
||||
return authResult;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -279,6 +279,8 @@ public class RealmManager {
|
|||
if (application == null) {
|
||||
application = new ApplicationManager(this).createApplication(realm, Constants.ACCOUNT_MANAGEMENT_APP);
|
||||
application.setEnabled(true);
|
||||
String redirectUri = contextPath + "/realms/" + realm.getName() + "/account/*";
|
||||
application.addRedirectUri(redirectUri);
|
||||
|
||||
for (String role : AccountRoles.ALL) {
|
||||
application.addDefaultRole(role);
|
||||
|
|
|
@ -49,6 +49,7 @@ import org.keycloak.provider.ProviderSession;
|
|||
import org.keycloak.services.ForbiddenException;
|
||||
import org.keycloak.services.managers.AppAuthManager;
|
||||
import org.keycloak.services.managers.Auth;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.ModelToRepresentation;
|
||||
import org.keycloak.services.managers.SocialRequestManager;
|
||||
import org.keycloak.services.managers.TokenManager;
|
||||
|
@ -148,9 +149,12 @@ public class AccountService {
|
|||
account = AccountLoader.load().createAccount(uriInfo).setRealm(realm);
|
||||
|
||||
boolean passwordUpdateSupported = false;
|
||||
UserModel user = authManager.authenticateRequest(realm, uriInfo, headers);
|
||||
if (user != null) {
|
||||
auth = new Auth(realm, user, application);
|
||||
AuthenticationManager.AuthResult authResult = authManager.authenticateRequest(realm, uriInfo, headers);
|
||||
if (authResult != null) {
|
||||
auth = new Auth(realm, authResult.getUser(), application);
|
||||
if (authResult.getSession() != null) {
|
||||
authResult.getSession().associateClient(application);
|
||||
}
|
||||
account.setUser(auth.getUser());
|
||||
|
||||
AuthenticationLinkModel authLinkModel = realm.getAuthenticationLink(auth.getUser());
|
||||
|
|
|
@ -18,6 +18,7 @@ import org.keycloak.models.UserModel;
|
|||
import org.keycloak.provider.ProviderSession;
|
||||
import org.keycloak.services.managers.AppAuthManager;
|
||||
import org.keycloak.services.managers.ApplicationManager;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
import org.keycloak.services.resources.TokenService;
|
||||
|
@ -164,10 +165,11 @@ public class AdminConsole {
|
|||
@NoCache
|
||||
public Response whoAmI(final @Context HttpHeaders headers) {
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
UserModel user = authManager.authenticateBearerToken(realm, uriInfo, headers);
|
||||
if (user == null) {
|
||||
AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(realm, uriInfo, headers);
|
||||
if (authResult == null) {
|
||||
return Response.status(401).build();
|
||||
}
|
||||
UserModel user= authResult.getUser();
|
||||
String displayName;
|
||||
if ((user.getFirstName() != null && !user.getFirstName().trim().equals("")) || (user.getLastName() != null && !user.getLastName().trim().equals(""))) {
|
||||
displayName = user.getFirstName();
|
||||
|
|
|
@ -14,6 +14,7 @@ import org.keycloak.provider.ProviderSession;
|
|||
import org.keycloak.representations.AccessToken;
|
||||
import org.keycloak.services.managers.AppAuthManager;
|
||||
import org.keycloak.services.managers.Auth;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.managers.TokenManager;
|
||||
|
||||
|
@ -116,8 +117,8 @@ public class AdminRoot {
|
|||
if (realm == null) {
|
||||
throw new UnauthorizedException("Unknown realm in token");
|
||||
}
|
||||
UserModel user = authManager.authenticateBearerToken(realm, uriInfo, headers);
|
||||
if (user == null) {
|
||||
AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(realm, uriInfo, headers);
|
||||
if (authResult == null) {
|
||||
logger.debug("Token not valid");
|
||||
throw new UnauthorizedException("Bearer");
|
||||
}
|
||||
|
@ -126,7 +127,7 @@ public class AdminRoot {
|
|||
if (consoleApp == null) {
|
||||
throw new NotFoundException("Could not find admin console application");
|
||||
}
|
||||
Auth auth = new Auth(realm, user, consoleApp);
|
||||
Auth auth = new Auth(realm, authResult.getUser(), consoleApp);
|
||||
return auth;
|
||||
|
||||
|
||||
|
|
|
@ -201,7 +201,7 @@ public class KeycloakServer {
|
|||
info("Not importing realm " + rep.getRealm() + " realm already exists");
|
||||
return;
|
||||
}
|
||||
|
||||
manager.setContextPath("/auth");
|
||||
RealmModel realm = manager.createRealm(rep.getId(), rep.getRealm());
|
||||
manager.importRealm(rep, realm);
|
||||
|
||||
|
|
Loading…
Reference in a new issue