libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

composite representations

Browse source
This commit is contained in:
Bill Burke 2014-02-03 17:21:56 -05:00
parent e222240282
commit 8505cc612a
11 changed files with 236 additions and 111 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
View file

@ -8,7 +8,6 @@ import java.util.List;
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class ApplicationRepresentation { public class ApplicationRepresentation {
protected String self; // link
protected String id; protected String id;
protected String name; protected String name;
protected String adminUrl; protected String adminUrl;
@ -16,19 +15,10 @@ public class ApplicationRepresentation {
protected boolean surrogateAuthRequired; protected boolean surrogateAuthRequired;
protected boolean enabled; protected boolean enabled;
protected List<CredentialRepresentation> credentials; protected List<CredentialRepresentation> credentials;
protected List<RoleRepresentation> roles;
protected String[] defaultRoles; protected String[] defaultRoles;
protected List<String> redirectUris; protected List<String> redirectUris;
protected List<String> webOrigins; protected List<String> webOrigins;
public String getSelf() {
return self;
}
public void setSelf(String self) {
this.self = self;
}
public String getId() { public String getId() {
return id; return id;
} }
@ -61,27 +51,6 @@ public class ApplicationRepresentation {
this.surrogateAuthRequired = surrogateAuthRequired; this.surrogateAuthRequired = surrogateAuthRequired;
} }
public List<RoleRepresentation> getRoles() {
return roles;
}
public void setRoles(List<RoleRepresentation> roles) {
this.roles = roles;
}
public ApplicationRepresentation role(RoleRepresentation role) {
if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
this.roles.add(role);
return this;
}
public ApplicationRepresentation role(String role, String description) {
if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
this.roles.add(new RoleRepresentation(role, description));
return this;
}
public String getAdminUrl() { public String getAdminUrl() {
return adminUrl; return adminUrl;
} }

18
core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
View file

@ -25,7 +25,7 @@ public class RealmRepresentation {
protected Boolean updateProfileOnInitialSocialLogin; protected Boolean updateProfileOnInitialSocialLogin;
protected String privateKey; protected String privateKey;
protected String publicKey; protected String publicKey;
protected List<RoleRepresentation> roles; protected RolesRepresentation roles;
protected List<String> defaultRoles; protected List<String> defaultRoles;
protected Set<String> requiredCredentials; protected Set<String> requiredCredentials;
protected Set<String> requiredApplicationCredentials; protected Set<String> requiredApplicationCredentials;
@ -206,14 +206,6 @@ public class RealmRepresentation {
this.accessCodeLifespanUserAction = accessCodeLifespanUserAction; this.accessCodeLifespanUserAction = accessCodeLifespanUserAction;
} }
public List<RoleRepresentation> getRoles() {
return roles;
}
public void setRoles(List<RoleRepresentation> roles) {
this.roles = roles;
}
public List<String> getDefaultRoles() { public List<String> getDefaultRoles() {
return defaultRoles; return defaultRoles;
} }
@ -317,4 +309,12 @@ public class RealmRepresentation {
public void setApplicationScopeMappings(Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings) { public void setApplicationScopeMappings(Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings) {
this.applicationScopeMappings = applicationScopeMappings; this.applicationScopeMappings = applicationScopeMappings;
} }
public RolesRepresentation getRoles() {
return roles;
}
public void setRoles(RolesRepresentation roles) {
this.roles = roles;
}
} }

29
core/src/main/java/org/keycloak/representations/idm/RoleRepresentation.java
View file

@ -1,6 +1,7 @@
package org.keycloak.representations.idm; package org.keycloak.representations.idm;
import java.util.List; import java.util.List;
import java.util.Map;
import java.util.Set; import java.util.Set;
/** /**
@ -12,7 +13,29 @@ public class RoleRepresentation {
protected String name; protected String name;
protected String description; protected String description;
protected boolean composite; protected boolean composite;
protected List<RoleRepresentation> composites; protected Composites composites;
public static class Composites {
protected Set<String> realm;
protected Map<String, List<String>> application;
public Set<String> getRealm() {
return realm;
}
public void setRealm(Set<String> realm) {
this.realm = realm;
}
public Map<String, List<String>> getApplication() {
return application;
}
public void setApplication(Map<String, List<String>> application) {
this.application = application;
}
}
public RoleRepresentation() { public RoleRepresentation() {
} }
@ -54,11 +77,11 @@ public class RoleRepresentation {
this.composite = composite; this.composite = composite;
} }
public List<RoleRepresentation> getComposites() { public Composites getComposites() {
return composites; return composites;
} }
public void setComposites(List<RoleRepresentation> composites) { public void setComposites(Composites composites) {
this.composites = composites; this.composites = composites;
} }
} }

29
core/src/main/java/org/keycloak/representations/idm/RolesRepresentation.java Executable file
View file

@ -0,0 +1,29 @@
package org.keycloak.representations.idm;
import java.util.List;
import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class RolesRepresentation {
protected List<RoleRepresentation> realm;
protected Map<String, List<RoleRepresentation>> application;
public List<RoleRepresentation> getRealm() {
return realm;
}
public void setRealm(List<RoleRepresentation> realm) {
this.realm = realm;
}
public Map<String, List<RoleRepresentation>> getApplication() {
return application;
}
public void setApplication(Map<String, List<RoleRepresentation>> application) {
this.application = application;
}
}

22
examples/demo-template/testrealm.json
View file

@ -26,16 +26,18 @@
] ]
} }
], ],
"roles": [ "roles" : {
{ "realm" : [
"name": "user", {
"description": "User privileges" "name": "user",
}, "description": "User privileges"
{ },
"name": "admin", {
"description": "Administrator privileges" "name": "admin",
} "description": "Administrator privileges"
], }
]
},
"roleMappings": [ "roleMappings": [
{ {
"username": "bburke@redhat.com", "username": "bburke@redhat.com",

7
forms/src/main/java/org/keycloak/forms/UrlBean.java
View file

@ -87,12 +87,7 @@ public class UrlBean {
} }
public String getRegistrationUrl() { public String getRegistrationUrl() {
if (realm.isSaas()) { return Urls.realmRegisterPage(baseURI, getRealmIdentifier()).toString();
// TODO: saas social registration
return Urls.saasRegisterPage(baseURI).toString();
} else {
return Urls.realmRegisterPage(baseURI, getRealmIdentifier()).toString();
}
} }
public String getLoginUpdatePasswordUrl() { public String getLoginUpdatePasswordUrl() {

7
services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
View file

@ -77,13 +77,6 @@ public class ApplicationManager {
realm.grantRole(resourceUser, loginRole); realm.grantRole(resourceUser, loginRole);
if (resourceRep.getRoles() != null) {
for (RoleRepresentation roleRep : resourceRep.getRoles()) {
RoleModel role = applicationModel.addRole(roleRep.getName());
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
}
}
if (resourceRep.getDefaultRoles() != null) { if (resourceRep.getDefaultRoles() != null) {
applicationModel.updateDefaultRoles(resourceRep.getDefaultRoles()); applicationModel.updateDefaultRoles(resourceRep.getDefaultRoles());
} }

108
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -234,24 +234,87 @@ public class RealmManager {
} }
} }
if (rep.getRoles() != null) { if (rep.getApplications() != null) {
for (RoleRepresentation roleRep : rep.getRoles()) { Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
for (ApplicationModel app : appMap.values()) {
userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
}
}
if (rep.getRoles() != null && rep.getRoles().getRealm() != null) {
for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
createRole(newRealm, roleRep); createRole(newRealm, roleRep);
} }
} }
if (rep.getRoles() != null) {
if (rep.getRoles().getRealm() != null) { // realm roles
for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
createRole(newRealm, roleRep);
}
}
if (rep.getRoles().getApplication() != null) {
for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
if (app == null) {
throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
}
for (RoleRepresentation roleRep : entry.getValue()) {
RoleModel role = app.addRole(roleRep.getName());
role.setDescription(roleRep.getDescription());
role.setComposite(roleRep.isComposite());
}
}
}
// now that all roles are created, re-interate and set up composites
if (rep.getRoles().getRealm() != null) { // realm roles
for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
createRole(newRealm, roleRep);
}
}
if (rep.getRoles().getApplication() != null) {
for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
if (app == null) {
throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
}
for (RoleRepresentation roleRep : entry.getValue()) {
RoleModel role = app.addRole(roleRep.getName());
role.setDescription(roleRep.getDescription());
role.setComposite(roleRep.isComposite());
}
}
}
}
if (rep.getDefaultRoles() != null) { if (rep.getDefaultRoles() != null) {
for (String roleString : rep.getDefaultRoles()) { for (String roleString : rep.getDefaultRoles()) {
newRealm.addDefaultRole(roleString.trim()); newRealm.addDefaultRole(roleString.trim());
} }
} }
if (rep.getApplications() != null) { if (rep.getRoles() != null) {
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm); if (rep.getRoles().getRealm() != null) { // realm roles
for (ApplicationModel app : appMap.values()) { for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser()); RoleModel role = newRealm.getRole(roleRep.getName());
addComposites(role, roleRep, newRealm);
}
}
if (rep.getRoles().getApplication() != null) {
for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
if (app == null) {
throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
}
for (RoleRepresentation roleRep : entry.getValue()) {
RoleModel role = app.getRole(roleRep.getName());
addComposites(role, roleRep, newRealm);
}
}
} }
} }
if (rep.getOauthClients() != null) { if (rep.getOauthClients() != null) {
Map<String, OAuthClientModel> oauthMap = createOAuthClients(rep, newRealm); Map<String, OAuthClientModel> oauthMap = createOAuthClients(rep, newRealm);
for (OAuthClientModel app : oauthMap.values()) { for (OAuthClientModel app : oauthMap.values()) {
@ -334,11 +397,44 @@ public class RealmManager {
} }
} }
public void addComposites(RoleModel role, RoleRepresentation roleRep, RealmModel realm) {
if (!roleRep.isComposite() || roleRep.getComposites() == null) return;
if (roleRep.getComposites().getRealm() != null) {
for (String roleStr : roleRep.getComposites().getRealm()) {
RoleModel realmRole = realm.getRole(roleStr);
if (realmRole == null) throw new RuntimeException("Unable to find composite realm role: " + roleStr);
role.addCompositeRole(realmRole);
}
}
if (roleRep.getComposites().getApplication() != null) {
for (Map.Entry<String, List<String>> entry : roleRep.getComposites().getApplication().entrySet()) {
ApplicationModel app = realm.getApplicationByName(entry.getKey());
if (app == null) {
throw new RuntimeException("App doesn't exist in role definitions: " + roleRep.getName());
}
for (String roleStr : entry.getValue()) {
RoleModel appRole = app.getRole(roleStr);
if (appRole == null) throw new RuntimeException("Unable to find composite app role: " + roleStr);
role.addCompositeRole(appRole);
}
}
}
}
public void createRole(RealmModel newRealm, RoleRepresentation roleRep) { public void createRole(RealmModel newRealm, RoleRepresentation roleRep) {
RoleModel role = newRealm.addRole(roleRep.getName()); RoleModel role = newRealm.addRole(roleRep.getName());
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription()); if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
} }
public void createRole(RealmModel newRealm, ApplicationModel app, RoleRepresentation roleRep) {
RoleModel role = app.addRole(roleRep.getName());
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
}
public UserModel createUser(RealmModel newRealm, UserRepresentation userRep) { public UserModel createUser(RealmModel newRealm, UserRepresentation userRep) {
UserModel user = newRealm.addUser(userRep.getUsername()); UserModel user = newRealm.addUser(userRep.getUsername());
user.setEnabled(userRep.isEnabled()); user.setEnabled(userRep.isEnabled());

23
services/src/test/resources/testrealm-demo.json
View file

@ -34,16 +34,19 @@
] ]
} }
], ],
"roles": [ "roles" : {
{ "realm" : [
"name": "user", {
"description": "Have User privileges" "name": "user",
}, "description": "Have User privileges"
{ },
"name": "admin", {
"description": "Have Administrator privileges" "name": "admin",
} "description": "Have Administrator privileges"
], }
]
},
"roleMappings": [ "roleMappings": [
{ {
"username": "bburke@redhat.com", "username": "bburke@redhat.com",

39
services/src/test/resources/testrealm.json
View file

@ -58,12 +58,6 @@
"enabled": true "enabled": true
} }
], ],
"roleMappings": [
{
"username": "admin",
"roles": ["admin"]
}
],
"socialMappings": [ "socialMappings": [
{ {
"username": "mySocialUser", "username": "mySocialUser",
@ -86,20 +80,30 @@
"applications": [ "applications": [
{ {
"name": "Application", "name": "Application",
"enabled": true, "enabled": true
"roles": [ },
{
"name": "OtherApp",
"enabled": true
}
],
"roles" : {
"realm" : [
{
"name": "admin"
}
],
"application" : {
"Application" : [
{ {
"name": "admin" "name": "admin"
}, },
{ {
"name": "user" "name": "user"
} }
] ],
}, "OtherApp" : [
{
"name": "OtherApp",
"enabled": true,
"roles": [
{ {
"name": "admin" "name": "admin"
}, },
@ -108,7 +112,12 @@
} }
] ]
} }
},
"roleMappings": [
{
"username": "admin",
"roles": ["admin"]
}
], ],
"applicationRoleMappings": { "applicationRoleMappings": {
"Application": [ "Application": [

34
testsuite/integration/src/test/resources/testrealm.json
View file

@ -40,16 +40,6 @@
] ]
} }
], ],
"roles": [
{
"name": "user",
"description": "Have User privileges"
},
{
"name": "admin",
"description": "Have Administrator privileges"
}
],
"roleMappings": [ "roleMappings": [
{ {
"username": "test-user@localhost", "username": "test-user@localhost",
@ -77,8 +67,22 @@
"type": "password", "type": "password",
"value": "password" "value": "password"
} }
], ]
"roles": [ }
],
"roles" : {
"realm" : [
{
"name": "user",
"description": "Have User privileges"
},
{
"name": "admin",
"description": "Have Administrator privileges"
}
],
"application" : {
"test-app" : [
{ {
"name": "customer-user", "name": "customer-user",
"description": "Have Customer User privileges" "description": "Have Customer User privileges"
@ -88,8 +92,10 @@
"description": "Have Customer Admin privileges" "description": "Have Customer Admin privileges"
} }
] ]
} }
],
},
"applicationRoleMappings": { "applicationRoleMappings": {
"test-app": [ "test-app": [
{ {