libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge pull request #1292 from mposolda/ldap2

Browse source 
Ldap enhancements + Make admin requests to have RealmModel and ClientModel available
This commit is contained in:
Marek Posolda 2015-05-28 12:40:11 +02:00
commit 90cb3acd2f
16 changed files with 104 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/AbstractLDAPFederationMapperFactory.java
View file

@ -35,11 +35,6 @@ public abstract class AbstractLDAPFederationMapperFactory implements UserFederat
public void postInit(KeycloakSessionFactory factory) {
}
@Override
public List<ProviderConfigProperty> getConfigProperties() {
throw new IllegalStateException("Method not supported for this implementation");
}
@Override
public void close() {
}

2
federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/FullNameLDAPFederationMapperFactory.java
View file

@ -46,7 +46,7 @@ public class FullNameLDAPFederationMapperFactory extends AbstractLDAPFederationM
}
@Override
public List<ProviderConfigProperty> getConfigProperties(RealmModel realm) {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}

19
federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapperFactory.java
View file

@ -59,7 +59,10 @@ public class RoleLDAPFederationMapperFactory extends AbstractLDAPFederationMappe
"If true, then LDAP role mappings will be mapped to realm role mappings in Keycloak. Otherwise it will be mapped to client role mappings", ProviderConfigProperty.BOOLEAN_TYPE, "true");
configProperties.add(useRealmRolesMappings);
// NOTE: ClientID will be computed dynamically from available clients
ProviderConfigProperty clientIdProperty = createConfigProperty(RoleLDAPFederationMapper.CLIENT_ID, "Client ID",
"Client ID of client to which LDAP role mappings will be mapped. Applicable just if 'Use Realm Roles Mapping' is false",
ProviderConfigProperty.CLIENT_LIST_TYPE, null);
configProperties.add(clientIdProperty);
}
@Override
@ -78,18 +81,8 @@ public class RoleLDAPFederationMapperFactory extends AbstractLDAPFederationMappe
}
@Override
public List<ProviderConfigProperty> getConfigProperties(RealmModel realm) {
List<ProviderConfigProperty> props = new ArrayList<ProviderConfigProperty>(configProperties);
Map<String, ClientModel> clients = realm.getClientNameMap();
List<String> clientIds = new ArrayList<String>(clients.keySet());
ProviderConfigProperty clientIdProperty = createConfigProperty(RoleLDAPFederationMapper.CLIENT_ID, "Client ID",
"Client ID of client to which LDAP role mappings will be mapped. Applicable just if 'Use Realm Roles Mapping' is false",
ProviderConfigProperty.LIST_TYPE, clientIds);
props.add(clientIdProperty);
return props;
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}
@Override

2
federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/UserAttributeLDAPFederationMapperFactory.java
View file

@ -48,7 +48,7 @@ public class UserAttributeLDAPFederationMapperFactory extends AbstractLDAPFedera
}
@Override
public List<ProviderConfigProperty> getConfigProperties(RealmModel realm) {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}

8
forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
View file

@ -984,7 +984,10 @@ module.config([ '$routeProvider', function($routeProvider) {
},
mapper : function(UserFederationMapperLoader) {
return UserFederationMapperLoader();
}
},
clients : function(ClientListLoader) {
return ClientListLoader();
},
},
controller : 'UserFederationMapperCtrl'
})
@ -1000,6 +1003,9 @@ module.config([ '$routeProvider', function($routeProvider) {
mapperTypes : function(UserFederationMapperTypesLoader) {
return UserFederationMapperTypesLoader();
},
clients : function(ClientListLoader) {
return ClientListLoader();
}
},
controller : 'UserFederationMapperCreateCtrl'
})

14
forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js
View file

@ -754,10 +754,11 @@ module.controller('UserFederationMapperListCtrl', function($scope, $location, No
});
module.controller('UserFederationMapperCtrl', function($scope, realm, provider, mapperTypes, mapper, UserFederationMapper, Notifications, Dialog, $location) {
module.controller('UserFederationMapperCtrl', function($scope, realm, provider, mapperTypes, mapper, clients, UserFederationMapper, Notifications, Dialog, $location) {
console.log('UserFederationMapperCtrl');
$scope.realm = realm;
$scope.provider = provider;
$scope.clients = clients;
$scope.create = false;
$scope.mapper = angular.copy(mapper);
$scope.changed = false;
@ -780,10 +781,10 @@ module.controller('UserFederationMapperCtrl', function($scope, realm, provider,
$location.url("/realms/" + realm.realm + '/user-federation/providers/' + provider.providerName + '/' + provider.id + '/mappers/' + mapper.id);
Notifications.success("Your changes have been saved.");
}, function(error) {
if (error.status == 400) {
if (error.status == 400 && error.data.error_description) {
Notifications.error('Error in configuration of mapper: ' + error.data.error_description);
} else {
Notification.error('Unexpected error when creating mapper');
Notifications.error('Unexpected error when creating mapper');
}
});
};
@ -808,10 +809,11 @@ module.controller('UserFederationMapperCtrl', function($scope, realm, provider,
});
module.controller('UserFederationMapperCreateCtrl', function($scope, realm, provider, mapperTypes, UserFederationMapper, Notifications, Dialog, $location) {
module.controller('UserFederationMapperCreateCtrl', function($scope, realm, provider, mapperTypes, clients, UserFederationMapper, Notifications, Dialog, $location) {
console.log('UserFederationMapperCreateCtrl');
$scope.realm = realm;
$scope.provider = provider;
$scope.clients = clients;
$scope.create = true;
$scope.mapper = { federationProviderDisplayName: provider.displayName, config: {}};
$scope.mapperTypes = mapperTypes;
@ -844,10 +846,10 @@ module.controller('UserFederationMapperCreateCtrl', function($scope, realm, prov
$location.url('/realms/' + realm.realm +'/user-federation/providers/' + provider.providerName + '/' + provider.id + '/mappers/' + id);
Notifications.success("Mapper has been created.");
}, function(error) {
if (error.status == 400) {
if (error.status == 400 && error.data.error_description) {
Notifications.error('Error in configuration of mapper: ' + error.data.error_description);
} else {
Notification.error('Unexpected error when creating mapper');
Notifications.error('Unexpected error when creating mapper');
}
});
};

7
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mapper-detail.html
View file

@ -47,7 +47,7 @@
<div data-ng-repeat="option in mapperType.properties" class="form-group">
<label class="col-md-2 control-label">{{option.label}}</label>
<div class="col-sm-4" data-ng-hide="option.type == 'boolean' || option.type == 'List'">
<div class="col-sm-4" data-ng-show="option.type == 'String'">
<input class="form-control" type="text" data-ng-model="mapper.config[ option.name ]">
</div>
<div class="col-sm-4" data-ng-show="option.type == 'boolean'">
@ -58,6 +58,11 @@
<option value="" selected> Select one... </option>
</select>
</div>
<div class="col-sm-4" data-ng-show="option.type == 'ClientList'">
<select ng-model="mapper.config[ option.name ]" ng-options="client.clientId as client.clientId for client in clients">
<option value="" selected> Select one... </option>
</select>
</div>
<kc-tooltip>{{option.helpText}}</kc-tooltip>
</div>

2
model/api/src/main/java/org/keycloak/mappers/UserFederationMapperFactory.java
View file

@ -31,6 +31,4 @@ public interface UserFederationMapperFactory extends ProviderFactory<UserFederat
*/
void validateConfig(UserFederationMapperModel mapperModel) throws MapperConfigValidationException;
// TODO: Remove this and add realm to the method on ConfiguredProvider?
List<ProviderConfigProperty> getConfigProperties(RealmModel realm);
}

4
model/api/src/main/java/org/keycloak/models/LDAPConstants.java
View file

@ -71,6 +71,6 @@ public class LDAPConstants {
public static final String CUSTOM_ATTRIBUTE_EXPIRY_DATE = "expiryDate";
public static final String ENTRY_UUID = "entryUUID";
public static final String OBJECT_GUID = "objectGUID";
public static final String CREATE_TIMESTAMP = "createTimeStamp";
public static final String MODIFY_TIMESTAMP = "modifyTimeStamp";
public static final String CREATE_TIMESTAMP = "createTimestamp";
public static final String MODIFY_TIMESTAMP = "modifyTimestamp";
}

1
model/api/src/main/java/org/keycloak/provider/ProviderConfigProperty.java
View file

@ -8,6 +8,7 @@ public class ProviderConfigProperty {
public static final String BOOLEAN_TYPE="boolean";
public static final String STRING_TYPE="String";
public static final String LIST_TYPE="List";
public static final String CLIENT_LIST_TYPE="ClientList";
protected String name;
protected String label;

3
services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
View file

@ -118,6 +118,9 @@ public class ClientsResource {
if (clientModel == null) {
throw new NotFoundException("Could not find client: " + name);
}
session.getContext().setClient(clientModel);
ClientResource clientResource = new ClientResource(realm, auth, clientModel, session, adminEvent);
ResteasyProviderFactory.getInstance().injectProperties(clientResource);
return clientResource;

4
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
View file

@ -438,8 +438,8 @@ public class RealmAdminResource {
/**
* Query admin events. Returns all admin events, or will query based on URL query parameters listed here
*
* @param client app or oauth client name
* @param operationTypes operation type
* @param authRealm
* @param authClient
* @param authUser user id
* @param authIpAddress
* @param resourcePath

3
services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
View file

@ -227,7 +227,8 @@ public class RealmsAdminResource {
}
AdminEventBuilder adminEvent = new AdminEventBuilder(realm, auth, session, clientConnection);
session.getContext().setRealm(realm);
RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager, adminEvent);
ResteasyProviderFactory.getInstance().injectProperties(adminResource);
//resourceContext.initResource(adminResource);

2
services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java
View file

@ -171,7 +171,7 @@ public class UserFederationProviderResource {
rep.setCategory(mapperFactory.getDisplayCategory());
rep.setName(mapperFactory.getDisplayType());
rep.setHelpText(mapperFactory.getHelpText());
List<ProviderConfigProperty> configProperties = mapperFactory.getConfigProperties(realm);
List<ProviderConfigProperty> configProperties = mapperFactory.getConfigProperties();
for (ProviderConfigProperty prop : configProperties) {
ConfigPropertyRepresentation propRep = new ConfigPropertyRepresentation();
propRep.setName(prop.getName());

57
testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
View file

@ -13,6 +13,10 @@ import org.keycloak.federation.ldap.LDAPFederationProvider;
import org.keycloak.federation.ldap.LDAPFederationProviderFactory;
import org.keycloak.federation.ldap.LDAPUtils;
import org.keycloak.federation.ldap.idm.model.LDAPObject;
import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapper;
import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapperFactory;
import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapper;
import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapperFactory;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants;
@ -20,9 +24,11 @@ import org.keycloak.models.ModelReadOnlyException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.AccountPasswordPage;
@ -36,7 +42,9 @@ import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@ -264,6 +272,55 @@ public class FederationProvidersIntegrationTest {
}
}
@Test
public void testFullNameMapper() {
KeycloakSession session = keycloakRule.startSession();
UserFederationMapperModel firstNameMapper = null;
try {
RealmModel appRealm = new RealmManager(session).getRealmByName("test");
// assert that user "fullnameUser" is not in local DB
Assert.assertNull(session.users().getUserByUsername("fullname", appRealm));
// Add the user with some fullName into LDAP directly. Ensure that fullName is saved into "cn" attribute in LDAP (currently mapped to model firstName)
LDAPFederationProvider ldapFedProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "fullname", "James Dee", "Dee", "fullname@email.org", "4578");
// add fullname mapper to the provider and remove "firstNameMapper"
UserFederationMapperModel fullNameMapperModel = KeycloakModelUtils.createUserFederationMapperModel("full name", ldapModel.getId(), FullNameLDAPFederationMapperFactory.PROVIDER_ID,
FullNameLDAPFederationMapper.LDAP_FULL_NAME_ATTRIBUTE, LDAPConstants.CN,
UserAttributeLDAPFederationMapper.READ_ONLY, "false");
appRealm.addUserFederationMapper(fullNameMapperModel);
firstNameMapper = appRealm.getUserFederationMapperByName(ldapModel.getId(), "first name");
appRealm.removeUserFederationMapper(firstNameMapper);
// Assert user is successfully imported in Keycloak DB now with correct firstName and lastName
FederationTestUtils.assertUserImported(session.users(), appRealm, "fullname", "James", "Dee", "fullname@email.org", "4578");
} finally {
keycloakRule.stopSession(session, true);
}
session = keycloakRule.startSession();
try {
RealmModel appRealm = new RealmManager(session).getRealmByName("test");
// Remove "fullnameUser" to assert he is removed from LDAP. Revert mappers to previous state
UserModel fullnameUser = session.users().getUserByUsername("fullname", appRealm);
session.users().removeUser(appRealm, fullnameUser);
// Revert mappers
UserFederationMapperModel fullNameMapperModel = appRealm.getUserFederationMapperByName(ldapModel.getId(), "full name");
appRealm.removeUserFederationMapper(fullNameMapperModel);
firstNameMapper.setId(null);
appRealm.addUserFederationMapper(firstNameMapper);
} finally {
keycloakRule.stopSession(session, true);
}
}
@Test
public void testReadonly() {
KeycloakSession session = keycloakRule.startSession();

10
testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationTestUtils.java
View file

@ -91,9 +91,13 @@ class FederationTestUtils {
}
public static void addZipCodeLDAPMapper(RealmModel realm, UserFederationProviderModel providerModel) {
UserFederationMapperModel mapperModel = KeycloakModelUtils.createUserFederationMapperModel("zipCodeMapper", providerModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID,
UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "postal_code",
UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, LDAPConstants.POSTAL_CODE,
addUserAttributeMapper(realm, providerModel, "zipCodeMapper", "postal_code", LDAPConstants.POSTAL_CODE);
}
public static void addUserAttributeMapper(RealmModel realm, UserFederationProviderModel providerModel, String mapperName, String userModelAttributeName, String ldapAttributeName) {
UserFederationMapperModel mapperModel = KeycloakModelUtils.createUserFederationMapperModel(mapperName, providerModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID,
UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, userModelAttributeName,
UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, ldapAttributeName,
UserAttributeLDAPFederationMapper.READ_ONLY, "false");
realm.addUserFederationMapper(mapperModel);
}