Merge pull request #1292 from mposolda/ldap2

Ldap enhancements + Make admin requests to have RealmModel and ClientModel available
This commit is contained in:
Marek Posolda 2015-05-28 12:40:11 +02:00
commit 90cb3acd2f
16 changed files with 104 additions and 39 deletions

View file

@ -35,11 +35,6 @@ public abstract class AbstractLDAPFederationMapperFactory implements UserFederat
public void postInit(KeycloakSessionFactory factory) { public void postInit(KeycloakSessionFactory factory) {
} }
@Override
public List<ProviderConfigProperty> getConfigProperties() {
throw new IllegalStateException("Method not supported for this implementation");
}
@Override @Override
public void close() { public void close() {
} }

View file

@ -46,7 +46,7 @@ public class FullNameLDAPFederationMapperFactory extends AbstractLDAPFederationM
} }
@Override @Override
public List<ProviderConfigProperty> getConfigProperties(RealmModel realm) { public List<ProviderConfigProperty> getConfigProperties() {
return configProperties; return configProperties;
} }

View file

@ -59,7 +59,10 @@ public class RoleLDAPFederationMapperFactory extends AbstractLDAPFederationMappe
"If true, then LDAP role mappings will be mapped to realm role mappings in Keycloak. Otherwise it will be mapped to client role mappings", ProviderConfigProperty.BOOLEAN_TYPE, "true"); "If true, then LDAP role mappings will be mapped to realm role mappings in Keycloak. Otherwise it will be mapped to client role mappings", ProviderConfigProperty.BOOLEAN_TYPE, "true");
configProperties.add(useRealmRolesMappings); configProperties.add(useRealmRolesMappings);
// NOTE: ClientID will be computed dynamically from available clients ProviderConfigProperty clientIdProperty = createConfigProperty(RoleLDAPFederationMapper.CLIENT_ID, "Client ID",
"Client ID of client to which LDAP role mappings will be mapped. Applicable just if 'Use Realm Roles Mapping' is false",
ProviderConfigProperty.CLIENT_LIST_TYPE, null);
configProperties.add(clientIdProperty);
} }
@Override @Override
@ -78,18 +81,8 @@ public class RoleLDAPFederationMapperFactory extends AbstractLDAPFederationMappe
} }
@Override @Override
public List<ProviderConfigProperty> getConfigProperties(RealmModel realm) { public List<ProviderConfigProperty> getConfigProperties() {
List<ProviderConfigProperty> props = new ArrayList<ProviderConfigProperty>(configProperties); return configProperties;
Map<String, ClientModel> clients = realm.getClientNameMap();
List<String> clientIds = new ArrayList<String>(clients.keySet());
ProviderConfigProperty clientIdProperty = createConfigProperty(RoleLDAPFederationMapper.CLIENT_ID, "Client ID",
"Client ID of client to which LDAP role mappings will be mapped. Applicable just if 'Use Realm Roles Mapping' is false",
ProviderConfigProperty.LIST_TYPE, clientIds);
props.add(clientIdProperty);
return props;
} }
@Override @Override

View file

@ -48,7 +48,7 @@ public class UserAttributeLDAPFederationMapperFactory extends AbstractLDAPFedera
} }
@Override @Override
public List<ProviderConfigProperty> getConfigProperties(RealmModel realm) { public List<ProviderConfigProperty> getConfigProperties() {
return configProperties; return configProperties;
} }

View file

@ -984,7 +984,10 @@ module.config([ '$routeProvider', function($routeProvider) {
}, },
mapper : function(UserFederationMapperLoader) { mapper : function(UserFederationMapperLoader) {
return UserFederationMapperLoader(); return UserFederationMapperLoader();
} },
clients : function(ClientListLoader) {
return ClientListLoader();
},
}, },
controller : 'UserFederationMapperCtrl' controller : 'UserFederationMapperCtrl'
}) })
@ -1000,6 +1003,9 @@ module.config([ '$routeProvider', function($routeProvider) {
mapperTypes : function(UserFederationMapperTypesLoader) { mapperTypes : function(UserFederationMapperTypesLoader) {
return UserFederationMapperTypesLoader(); return UserFederationMapperTypesLoader();
}, },
clients : function(ClientListLoader) {
return ClientListLoader();
}
}, },
controller : 'UserFederationMapperCreateCtrl' controller : 'UserFederationMapperCreateCtrl'
}) })

View file

@ -754,10 +754,11 @@ module.controller('UserFederationMapperListCtrl', function($scope, $location, No
}); });
module.controller('UserFederationMapperCtrl', function($scope, realm, provider, mapperTypes, mapper, UserFederationMapper, Notifications, Dialog, $location) { module.controller('UserFederationMapperCtrl', function($scope, realm, provider, mapperTypes, mapper, clients, UserFederationMapper, Notifications, Dialog, $location) {
console.log('UserFederationMapperCtrl'); console.log('UserFederationMapperCtrl');
$scope.realm = realm; $scope.realm = realm;
$scope.provider = provider; $scope.provider = provider;
$scope.clients = clients;
$scope.create = false; $scope.create = false;
$scope.mapper = angular.copy(mapper); $scope.mapper = angular.copy(mapper);
$scope.changed = false; $scope.changed = false;
@ -780,10 +781,10 @@ module.controller('UserFederationMapperCtrl', function($scope, realm, provider,
$location.url("/realms/" + realm.realm + '/user-federation/providers/' + provider.providerName + '/' + provider.id + '/mappers/' + mapper.id); $location.url("/realms/" + realm.realm + '/user-federation/providers/' + provider.providerName + '/' + provider.id + '/mappers/' + mapper.id);
Notifications.success("Your changes have been saved."); Notifications.success("Your changes have been saved.");
}, function(error) { }, function(error) {
if (error.status == 400) { if (error.status == 400 && error.data.error_description) {
Notifications.error('Error in configuration of mapper: ' + error.data.error_description); Notifications.error('Error in configuration of mapper: ' + error.data.error_description);
} else { } else {
Notification.error('Unexpected error when creating mapper'); Notifications.error('Unexpected error when creating mapper');
} }
}); });
}; };
@ -808,10 +809,11 @@ module.controller('UserFederationMapperCtrl', function($scope, realm, provider,
}); });
module.controller('UserFederationMapperCreateCtrl', function($scope, realm, provider, mapperTypes, UserFederationMapper, Notifications, Dialog, $location) { module.controller('UserFederationMapperCreateCtrl', function($scope, realm, provider, mapperTypes, clients, UserFederationMapper, Notifications, Dialog, $location) {
console.log('UserFederationMapperCreateCtrl'); console.log('UserFederationMapperCreateCtrl');
$scope.realm = realm; $scope.realm = realm;
$scope.provider = provider; $scope.provider = provider;
$scope.clients = clients;
$scope.create = true; $scope.create = true;
$scope.mapper = { federationProviderDisplayName: provider.displayName, config: {}}; $scope.mapper = { federationProviderDisplayName: provider.displayName, config: {}};
$scope.mapperTypes = mapperTypes; $scope.mapperTypes = mapperTypes;
@ -844,10 +846,10 @@ module.controller('UserFederationMapperCreateCtrl', function($scope, realm, prov
$location.url('/realms/' + realm.realm +'/user-federation/providers/' + provider.providerName + '/' + provider.id + '/mappers/' + id); $location.url('/realms/' + realm.realm +'/user-federation/providers/' + provider.providerName + '/' + provider.id + '/mappers/' + id);
Notifications.success("Mapper has been created."); Notifications.success("Mapper has been created.");
}, function(error) { }, function(error) {
if (error.status == 400) { if (error.status == 400 && error.data.error_description) {
Notifications.error('Error in configuration of mapper: ' + error.data.error_description); Notifications.error('Error in configuration of mapper: ' + error.data.error_description);
} else { } else {
Notification.error('Unexpected error when creating mapper'); Notifications.error('Unexpected error when creating mapper');
} }
}); });
}; };

View file

@ -47,7 +47,7 @@
<div data-ng-repeat="option in mapperType.properties" class="form-group"> <div data-ng-repeat="option in mapperType.properties" class="form-group">
<label class="col-md-2 control-label">{{option.label}}</label> <label class="col-md-2 control-label">{{option.label}}</label>
<div class="col-sm-4" data-ng-hide="option.type == 'boolean' || option.type == 'List'"> <div class="col-sm-4" data-ng-show="option.type == 'String'">
<input class="form-control" type="text" data-ng-model="mapper.config[ option.name ]"> <input class="form-control" type="text" data-ng-model="mapper.config[ option.name ]">
</div> </div>
<div class="col-sm-4" data-ng-show="option.type == 'boolean'"> <div class="col-sm-4" data-ng-show="option.type == 'boolean'">
@ -58,6 +58,11 @@
<option value="" selected> Select one... </option> <option value="" selected> Select one... </option>
</select> </select>
</div> </div>
<div class="col-sm-4" data-ng-show="option.type == 'ClientList'">
<select ng-model="mapper.config[ option.name ]" ng-options="client.clientId as client.clientId for client in clients">
<option value="" selected> Select one... </option>
</select>
</div>
<kc-tooltip>{{option.helpText}}</kc-tooltip> <kc-tooltip>{{option.helpText}}</kc-tooltip>
</div> </div>

View file

@ -31,6 +31,4 @@ public interface UserFederationMapperFactory extends ProviderFactory<UserFederat
*/ */
void validateConfig(UserFederationMapperModel mapperModel) throws MapperConfigValidationException; void validateConfig(UserFederationMapperModel mapperModel) throws MapperConfigValidationException;
// TODO: Remove this and add realm to the method on ConfiguredProvider?
List<ProviderConfigProperty> getConfigProperties(RealmModel realm);
} }

View file

@ -71,6 +71,6 @@ public class LDAPConstants {
public static final String CUSTOM_ATTRIBUTE_EXPIRY_DATE = "expiryDate"; public static final String CUSTOM_ATTRIBUTE_EXPIRY_DATE = "expiryDate";
public static final String ENTRY_UUID = "entryUUID"; public static final String ENTRY_UUID = "entryUUID";
public static final String OBJECT_GUID = "objectGUID"; public static final String OBJECT_GUID = "objectGUID";
public static final String CREATE_TIMESTAMP = "createTimeStamp"; public static final String CREATE_TIMESTAMP = "createTimestamp";
public static final String MODIFY_TIMESTAMP = "modifyTimeStamp"; public static final String MODIFY_TIMESTAMP = "modifyTimestamp";
} }

View file

@ -8,6 +8,7 @@ public class ProviderConfigProperty {
public static final String BOOLEAN_TYPE="boolean"; public static final String BOOLEAN_TYPE="boolean";
public static final String STRING_TYPE="String"; public static final String STRING_TYPE="String";
public static final String LIST_TYPE="List"; public static final String LIST_TYPE="List";
public static final String CLIENT_LIST_TYPE="ClientList";
protected String name; protected String name;
protected String label; protected String label;

View file

@ -118,6 +118,9 @@ public class ClientsResource {
if (clientModel == null) { if (clientModel == null) {
throw new NotFoundException("Could not find client: " + name); throw new NotFoundException("Could not find client: " + name);
} }
session.getContext().setClient(clientModel);
ClientResource clientResource = new ClientResource(realm, auth, clientModel, session, adminEvent); ClientResource clientResource = new ClientResource(realm, auth, clientModel, session, adminEvent);
ResteasyProviderFactory.getInstance().injectProperties(clientResource); ResteasyProviderFactory.getInstance().injectProperties(clientResource);
return clientResource; return clientResource;

View file

@ -438,8 +438,8 @@ public class RealmAdminResource {
/** /**
* Query admin events. Returns all admin events, or will query based on URL query parameters listed here * Query admin events. Returns all admin events, or will query based on URL query parameters listed here
* *
* @param client app or oauth client name * @param authRealm
* @param operationTypes operation type * @param authClient
* @param authUser user id * @param authUser user id
* @param authIpAddress * @param authIpAddress
* @param resourcePath * @param resourcePath

View file

@ -227,6 +227,7 @@ public class RealmsAdminResource {
} }
AdminEventBuilder adminEvent = new AdminEventBuilder(realm, auth, session, clientConnection); AdminEventBuilder adminEvent = new AdminEventBuilder(realm, auth, session, clientConnection);
session.getContext().setRealm(realm);
RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager, adminEvent); RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager, adminEvent);
ResteasyProviderFactory.getInstance().injectProperties(adminResource); ResteasyProviderFactory.getInstance().injectProperties(adminResource);

View file

@ -171,7 +171,7 @@ public class UserFederationProviderResource {
rep.setCategory(mapperFactory.getDisplayCategory()); rep.setCategory(mapperFactory.getDisplayCategory());
rep.setName(mapperFactory.getDisplayType()); rep.setName(mapperFactory.getDisplayType());
rep.setHelpText(mapperFactory.getHelpText()); rep.setHelpText(mapperFactory.getHelpText());
List<ProviderConfigProperty> configProperties = mapperFactory.getConfigProperties(realm); List<ProviderConfigProperty> configProperties = mapperFactory.getConfigProperties();
for (ProviderConfigProperty prop : configProperties) { for (ProviderConfigProperty prop : configProperties) {
ConfigPropertyRepresentation propRep = new ConfigPropertyRepresentation(); ConfigPropertyRepresentation propRep = new ConfigPropertyRepresentation();
propRep.setName(prop.getName()); propRep.setName(prop.getName());

View file

@ -13,6 +13,10 @@ import org.keycloak.federation.ldap.LDAPFederationProvider;
import org.keycloak.federation.ldap.LDAPFederationProviderFactory; import org.keycloak.federation.ldap.LDAPFederationProviderFactory;
import org.keycloak.federation.ldap.LDAPUtils; import org.keycloak.federation.ldap.LDAPUtils;
import org.keycloak.federation.ldap.idm.model.LDAPObject; import org.keycloak.federation.ldap.idm.model.LDAPObject;
import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapper;
import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapperFactory;
import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapper;
import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapperFactory;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants; import org.keycloak.models.LDAPConstants;
@ -20,9 +24,11 @@ import org.keycloak.models.ModelReadOnlyException;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserCredentialValueModel; import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserFederationProvider; import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.AccountPasswordPage; import org.keycloak.testsuite.pages.AccountPasswordPage;
@ -36,7 +42,9 @@ import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule; import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver; import org.openqa.selenium.WebDriver;
import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set;
/** /**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@ -264,6 +272,55 @@ public class FederationProvidersIntegrationTest {
} }
} }
@Test
public void testFullNameMapper() {
KeycloakSession session = keycloakRule.startSession();
UserFederationMapperModel firstNameMapper = null;
try {
RealmModel appRealm = new RealmManager(session).getRealmByName("test");
// assert that user "fullnameUser" is not in local DB
Assert.assertNull(session.users().getUserByUsername("fullname", appRealm));
// Add the user with some fullName into LDAP directly. Ensure that fullName is saved into "cn" attribute in LDAP (currently mapped to model firstName)
LDAPFederationProvider ldapFedProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "fullname", "James Dee", "Dee", "fullname@email.org", "4578");
// add fullname mapper to the provider and remove "firstNameMapper"
UserFederationMapperModel fullNameMapperModel = KeycloakModelUtils.createUserFederationMapperModel("full name", ldapModel.getId(), FullNameLDAPFederationMapperFactory.PROVIDER_ID,
FullNameLDAPFederationMapper.LDAP_FULL_NAME_ATTRIBUTE, LDAPConstants.CN,
UserAttributeLDAPFederationMapper.READ_ONLY, "false");
appRealm.addUserFederationMapper(fullNameMapperModel);
firstNameMapper = appRealm.getUserFederationMapperByName(ldapModel.getId(), "first name");
appRealm.removeUserFederationMapper(firstNameMapper);
// Assert user is successfully imported in Keycloak DB now with correct firstName and lastName
FederationTestUtils.assertUserImported(session.users(), appRealm, "fullname", "James", "Dee", "fullname@email.org", "4578");
} finally {
keycloakRule.stopSession(session, true);
}
session = keycloakRule.startSession();
try {
RealmModel appRealm = new RealmManager(session).getRealmByName("test");
// Remove "fullnameUser" to assert he is removed from LDAP. Revert mappers to previous state
UserModel fullnameUser = session.users().getUserByUsername("fullname", appRealm);
session.users().removeUser(appRealm, fullnameUser);
// Revert mappers
UserFederationMapperModel fullNameMapperModel = appRealm.getUserFederationMapperByName(ldapModel.getId(), "full name");
appRealm.removeUserFederationMapper(fullNameMapperModel);
firstNameMapper.setId(null);
appRealm.addUserFederationMapper(firstNameMapper);
} finally {
keycloakRule.stopSession(session, true);
}
}
@Test @Test
public void testReadonly() { public void testReadonly() {
KeycloakSession session = keycloakRule.startSession(); KeycloakSession session = keycloakRule.startSession();

View file

@ -91,9 +91,13 @@ class FederationTestUtils {
} }
public static void addZipCodeLDAPMapper(RealmModel realm, UserFederationProviderModel providerModel) { public static void addZipCodeLDAPMapper(RealmModel realm, UserFederationProviderModel providerModel) {
UserFederationMapperModel mapperModel = KeycloakModelUtils.createUserFederationMapperModel("zipCodeMapper", providerModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, addUserAttributeMapper(realm, providerModel, "zipCodeMapper", "postal_code", LDAPConstants.POSTAL_CODE);
UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "postal_code", }
UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, LDAPConstants.POSTAL_CODE,
public static void addUserAttributeMapper(RealmModel realm, UserFederationProviderModel providerModel, String mapperName, String userModelAttributeName, String ldapAttributeName) {
UserFederationMapperModel mapperModel = KeycloakModelUtils.createUserFederationMapperModel(mapperName, providerModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID,
UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, userModelAttributeName,
UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, ldapAttributeName,
UserAttributeLDAPFederationMapper.READ_ONLY, "false"); UserAttributeLDAPFederationMapper.READ_ONLY, "false");
realm.addUserFederationMapper(mapperModel); realm.addUserFederationMapper(mapperModel);
} }