composite representations
This commit is contained in:
parent
e222240282
commit
8505cc612a
11 changed files with 236 additions and 111 deletions
|
@ -8,7 +8,6 @@ import java.util.List;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class ApplicationRepresentation {
|
||||
protected String self; // link
|
||||
protected String id;
|
||||
protected String name;
|
||||
protected String adminUrl;
|
||||
|
@ -16,19 +15,10 @@ public class ApplicationRepresentation {
|
|||
protected boolean surrogateAuthRequired;
|
||||
protected boolean enabled;
|
||||
protected List<CredentialRepresentation> credentials;
|
||||
protected List<RoleRepresentation> roles;
|
||||
protected String[] defaultRoles;
|
||||
protected List<String> redirectUris;
|
||||
protected List<String> webOrigins;
|
||||
|
||||
public String getSelf() {
|
||||
return self;
|
||||
}
|
||||
|
||||
public void setSelf(String self) {
|
||||
this.self = self;
|
||||
}
|
||||
|
||||
public String getId() {
|
||||
return id;
|
||||
}
|
||||
|
@ -61,27 +51,6 @@ public class ApplicationRepresentation {
|
|||
this.surrogateAuthRequired = surrogateAuthRequired;
|
||||
}
|
||||
|
||||
public List<RoleRepresentation> getRoles() {
|
||||
return roles;
|
||||
}
|
||||
|
||||
public void setRoles(List<RoleRepresentation> roles) {
|
||||
this.roles = roles;
|
||||
}
|
||||
|
||||
public ApplicationRepresentation role(RoleRepresentation role) {
|
||||
if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
|
||||
this.roles.add(role);
|
||||
return this;
|
||||
}
|
||||
|
||||
|
||||
public ApplicationRepresentation role(String role, String description) {
|
||||
if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
|
||||
this.roles.add(new RoleRepresentation(role, description));
|
||||
return this;
|
||||
}
|
||||
|
||||
public String getAdminUrl() {
|
||||
return adminUrl;
|
||||
}
|
||||
|
|
|
@ -25,7 +25,7 @@ public class RealmRepresentation {
|
|||
protected Boolean updateProfileOnInitialSocialLogin;
|
||||
protected String privateKey;
|
||||
protected String publicKey;
|
||||
protected List<RoleRepresentation> roles;
|
||||
protected RolesRepresentation roles;
|
||||
protected List<String> defaultRoles;
|
||||
protected Set<String> requiredCredentials;
|
||||
protected Set<String> requiredApplicationCredentials;
|
||||
|
@ -206,14 +206,6 @@ public class RealmRepresentation {
|
|||
this.accessCodeLifespanUserAction = accessCodeLifespanUserAction;
|
||||
}
|
||||
|
||||
public List<RoleRepresentation> getRoles() {
|
||||
return roles;
|
||||
}
|
||||
|
||||
public void setRoles(List<RoleRepresentation> roles) {
|
||||
this.roles = roles;
|
||||
}
|
||||
|
||||
public List<String> getDefaultRoles() {
|
||||
return defaultRoles;
|
||||
}
|
||||
|
@ -317,4 +309,12 @@ public class RealmRepresentation {
|
|||
public void setApplicationScopeMappings(Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings) {
|
||||
this.applicationScopeMappings = applicationScopeMappings;
|
||||
}
|
||||
|
||||
public RolesRepresentation getRoles() {
|
||||
return roles;
|
||||
}
|
||||
|
||||
public void setRoles(RolesRepresentation roles) {
|
||||
this.roles = roles;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package org.keycloak.representations.idm;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
|
@ -12,7 +13,29 @@ public class RoleRepresentation {
|
|||
protected String name;
|
||||
protected String description;
|
||||
protected boolean composite;
|
||||
protected List<RoleRepresentation> composites;
|
||||
protected Composites composites;
|
||||
|
||||
public static class Composites {
|
||||
protected Set<String> realm;
|
||||
protected Map<String, List<String>> application;
|
||||
|
||||
|
||||
public Set<String> getRealm() {
|
||||
return realm;
|
||||
}
|
||||
|
||||
public void setRealm(Set<String> realm) {
|
||||
this.realm = realm;
|
||||
}
|
||||
|
||||
public Map<String, List<String>> getApplication() {
|
||||
return application;
|
||||
}
|
||||
|
||||
public void setApplication(Map<String, List<String>> application) {
|
||||
this.application = application;
|
||||
}
|
||||
}
|
||||
|
||||
public RoleRepresentation() {
|
||||
}
|
||||
|
@ -54,11 +77,11 @@ public class RoleRepresentation {
|
|||
this.composite = composite;
|
||||
}
|
||||
|
||||
public List<RoleRepresentation> getComposites() {
|
||||
public Composites getComposites() {
|
||||
return composites;
|
||||
}
|
||||
|
||||
public void setComposites(List<RoleRepresentation> composites) {
|
||||
public void setComposites(Composites composites) {
|
||||
this.composites = composites;
|
||||
}
|
||||
}
|
||||
|
|
29
core/src/main/java/org/keycloak/representations/idm/RolesRepresentation.java
Executable file
29
core/src/main/java/org/keycloak/representations/idm/RolesRepresentation.java
Executable file
|
@ -0,0 +1,29 @@
|
|||
package org.keycloak.representations.idm;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RolesRepresentation {
|
||||
protected List<RoleRepresentation> realm;
|
||||
protected Map<String, List<RoleRepresentation>> application;
|
||||
|
||||
public List<RoleRepresentation> getRealm() {
|
||||
return realm;
|
||||
}
|
||||
|
||||
public void setRealm(List<RoleRepresentation> realm) {
|
||||
this.realm = realm;
|
||||
}
|
||||
|
||||
public Map<String, List<RoleRepresentation>> getApplication() {
|
||||
return application;
|
||||
}
|
||||
|
||||
public void setApplication(Map<String, List<RoleRepresentation>> application) {
|
||||
this.application = application;
|
||||
}
|
||||
}
|
|
@ -26,16 +26,18 @@
|
|||
]
|
||||
}
|
||||
],
|
||||
"roles": [
|
||||
{
|
||||
"name": "user",
|
||||
"description": "User privileges"
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"description": "Administrator privileges"
|
||||
}
|
||||
],
|
||||
"roles" : {
|
||||
"realm" : [
|
||||
{
|
||||
"name": "user",
|
||||
"description": "User privileges"
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"description": "Administrator privileges"
|
||||
}
|
||||
]
|
||||
},
|
||||
"roleMappings": [
|
||||
{
|
||||
"username": "bburke@redhat.com",
|
||||
|
|
|
@ -87,12 +87,7 @@ public class UrlBean {
|
|||
}
|
||||
|
||||
public String getRegistrationUrl() {
|
||||
if (realm.isSaas()) {
|
||||
// TODO: saas social registration
|
||||
return Urls.saasRegisterPage(baseURI).toString();
|
||||
} else {
|
||||
return Urls.realmRegisterPage(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
return Urls.realmRegisterPage(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getLoginUpdatePasswordUrl() {
|
||||
|
|
|
@ -77,13 +77,6 @@ public class ApplicationManager {
|
|||
realm.grantRole(resourceUser, loginRole);
|
||||
|
||||
|
||||
if (resourceRep.getRoles() != null) {
|
||||
for (RoleRepresentation roleRep : resourceRep.getRoles()) {
|
||||
RoleModel role = applicationModel.addRole(roleRep.getName());
|
||||
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
|
||||
}
|
||||
}
|
||||
|
||||
if (resourceRep.getDefaultRoles() != null) {
|
||||
applicationModel.updateDefaultRoles(resourceRep.getDefaultRoles());
|
||||
}
|
||||
|
|
|
@ -234,24 +234,87 @@ public class RealmManager {
|
|||
}
|
||||
}
|
||||
|
||||
if (rep.getRoles() != null) {
|
||||
for (RoleRepresentation roleRep : rep.getRoles()) {
|
||||
if (rep.getApplications() != null) {
|
||||
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
|
||||
for (ApplicationModel app : appMap.values()) {
|
||||
userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getRoles() != null && rep.getRoles().getRealm() != null) {
|
||||
for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
|
||||
createRole(newRealm, roleRep);
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getRoles() != null) {
|
||||
if (rep.getRoles().getRealm() != null) { // realm roles
|
||||
for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
|
||||
createRole(newRealm, roleRep);
|
||||
}
|
||||
}
|
||||
if (rep.getRoles().getApplication() != null) {
|
||||
for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
|
||||
ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
|
||||
if (app == null) {
|
||||
throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
|
||||
}
|
||||
for (RoleRepresentation roleRep : entry.getValue()) {
|
||||
RoleModel role = app.addRole(roleRep.getName());
|
||||
role.setDescription(roleRep.getDescription());
|
||||
role.setComposite(roleRep.isComposite());
|
||||
}
|
||||
}
|
||||
}
|
||||
// now that all roles are created, re-interate and set up composites
|
||||
if (rep.getRoles().getRealm() != null) { // realm roles
|
||||
for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
|
||||
createRole(newRealm, roleRep);
|
||||
}
|
||||
}
|
||||
if (rep.getRoles().getApplication() != null) {
|
||||
for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
|
||||
ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
|
||||
if (app == null) {
|
||||
throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
|
||||
}
|
||||
for (RoleRepresentation roleRep : entry.getValue()) {
|
||||
RoleModel role = app.addRole(roleRep.getName());
|
||||
role.setDescription(roleRep.getDescription());
|
||||
role.setComposite(roleRep.isComposite());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (rep.getDefaultRoles() != null) {
|
||||
for (String roleString : rep.getDefaultRoles()) {
|
||||
newRealm.addDefaultRole(roleString.trim());
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getApplications() != null) {
|
||||
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
|
||||
for (ApplicationModel app : appMap.values()) {
|
||||
userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
|
||||
if (rep.getRoles() != null) {
|
||||
if (rep.getRoles().getRealm() != null) { // realm roles
|
||||
for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
|
||||
RoleModel role = newRealm.getRole(roleRep.getName());
|
||||
addComposites(role, roleRep, newRealm);
|
||||
}
|
||||
}
|
||||
if (rep.getRoles().getApplication() != null) {
|
||||
for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
|
||||
ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
|
||||
if (app == null) {
|
||||
throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
|
||||
}
|
||||
for (RoleRepresentation roleRep : entry.getValue()) {
|
||||
RoleModel role = app.getRole(roleRep.getName());
|
||||
addComposites(role, roleRep, newRealm);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getOauthClients() != null) {
|
||||
Map<String, OAuthClientModel> oauthMap = createOAuthClients(rep, newRealm);
|
||||
for (OAuthClientModel app : oauthMap.values()) {
|
||||
|
@ -334,11 +397,44 @@ public class RealmManager {
|
|||
}
|
||||
}
|
||||
|
||||
public void addComposites(RoleModel role, RoleRepresentation roleRep, RealmModel realm) {
|
||||
if (!roleRep.isComposite() || roleRep.getComposites() == null) return;
|
||||
if (roleRep.getComposites().getRealm() != null) {
|
||||
for (String roleStr : roleRep.getComposites().getRealm()) {
|
||||
RoleModel realmRole = realm.getRole(roleStr);
|
||||
if (realmRole == null) throw new RuntimeException("Unable to find composite realm role: " + roleStr);
|
||||
role.addCompositeRole(realmRole);
|
||||
}
|
||||
}
|
||||
if (roleRep.getComposites().getApplication() != null) {
|
||||
for (Map.Entry<String, List<String>> entry : roleRep.getComposites().getApplication().entrySet()) {
|
||||
ApplicationModel app = realm.getApplicationByName(entry.getKey());
|
||||
if (app == null) {
|
||||
throw new RuntimeException("App doesn't exist in role definitions: " + roleRep.getName());
|
||||
}
|
||||
for (String roleStr : entry.getValue()) {
|
||||
RoleModel appRole = app.getRole(roleStr);
|
||||
if (appRole == null) throw new RuntimeException("Unable to find composite app role: " + roleStr);
|
||||
role.addCompositeRole(appRole);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public void createRole(RealmModel newRealm, RoleRepresentation roleRep) {
|
||||
RoleModel role = newRealm.addRole(roleRep.getName());
|
||||
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
|
||||
}
|
||||
|
||||
public void createRole(RealmModel newRealm, ApplicationModel app, RoleRepresentation roleRep) {
|
||||
RoleModel role = app.addRole(roleRep.getName());
|
||||
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
|
||||
}
|
||||
|
||||
|
||||
public UserModel createUser(RealmModel newRealm, UserRepresentation userRep) {
|
||||
UserModel user = newRealm.addUser(userRep.getUsername());
|
||||
user.setEnabled(userRep.isEnabled());
|
||||
|
|
|
@ -34,16 +34,19 @@
|
|||
]
|
||||
}
|
||||
],
|
||||
"roles": [
|
||||
{
|
||||
"name": "user",
|
||||
"description": "Have User privileges"
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"description": "Have Administrator privileges"
|
||||
}
|
||||
],
|
||||
"roles" : {
|
||||
"realm" : [
|
||||
{
|
||||
"name": "user",
|
||||
"description": "Have User privileges"
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"description": "Have Administrator privileges"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
"roleMappings": [
|
||||
{
|
||||
"username": "bburke@redhat.com",
|
||||
|
|
|
@ -58,12 +58,6 @@
|
|||
"enabled": true
|
||||
}
|
||||
],
|
||||
"roleMappings": [
|
||||
{
|
||||
"username": "admin",
|
||||
"roles": ["admin"]
|
||||
}
|
||||
],
|
||||
"socialMappings": [
|
||||
{
|
||||
"username": "mySocialUser",
|
||||
|
@ -86,20 +80,30 @@
|
|||
"applications": [
|
||||
{
|
||||
"name": "Application",
|
||||
"enabled": true,
|
||||
"roles": [
|
||||
"enabled": true
|
||||
},
|
||||
{
|
||||
"name": "OtherApp",
|
||||
"enabled": true
|
||||
}
|
||||
|
||||
],
|
||||
"roles" : {
|
||||
"realm" : [
|
||||
{
|
||||
"name": "admin"
|
||||
}
|
||||
],
|
||||
"application" : {
|
||||
"Application" : [
|
||||
{
|
||||
"name": "admin"
|
||||
},
|
||||
{
|
||||
"name": "user"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "OtherApp",
|
||||
"enabled": true,
|
||||
"roles": [
|
||||
],
|
||||
"OtherApp" : [
|
||||
{
|
||||
"name": "admin"
|
||||
},
|
||||
|
@ -108,7 +112,12 @@
|
|||
}
|
||||
]
|
||||
}
|
||||
|
||||
},
|
||||
"roleMappings": [
|
||||
{
|
||||
"username": "admin",
|
||||
"roles": ["admin"]
|
||||
}
|
||||
],
|
||||
"applicationRoleMappings": {
|
||||
"Application": [
|
||||
|
|
|
@ -40,16 +40,6 @@
|
|||
]
|
||||
}
|
||||
],
|
||||
"roles": [
|
||||
{
|
||||
"name": "user",
|
||||
"description": "Have User privileges"
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"description": "Have Administrator privileges"
|
||||
}
|
||||
],
|
||||
"roleMappings": [
|
||||
{
|
||||
"username": "test-user@localhost",
|
||||
|
@ -77,8 +67,22 @@
|
|||
"type": "password",
|
||||
"value": "password"
|
||||
}
|
||||
],
|
||||
"roles": [
|
||||
]
|
||||
}
|
||||
],
|
||||
"roles" : {
|
||||
"realm" : [
|
||||
{
|
||||
"name": "user",
|
||||
"description": "Have User privileges"
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"description": "Have Administrator privileges"
|
||||
}
|
||||
],
|
||||
"application" : {
|
||||
"test-app" : [
|
||||
{
|
||||
"name": "customer-user",
|
||||
"description": "Have Customer User privileges"
|
||||
|
@ -88,8 +92,10 @@
|
|||
"description": "Have Customer Admin privileges"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
}
|
||||
|
||||
},
|
||||
|
||||
"applicationRoleMappings": {
|
||||
"test-app": [
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue