refactor out picketlink
This commit is contained in:
parent
85c4626d5b
commit
92c15637b2
15 changed files with 159 additions and 72 deletions
|
@ -66,7 +66,7 @@ public class DemoApplication extends KeycloakApplication {
|
|||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.updateRealm();
|
||||
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
|
||||
defaultRealm.getIdm().add(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE));
|
||||
defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE);
|
||||
|
||||
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
|
||||
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
||||
|
|
|
@ -72,7 +72,7 @@ public class AuthenticationManager {
|
|||
expireIdentityCookie(realm, uriInfo);
|
||||
return null;
|
||||
}
|
||||
User user = realm.getIdm().getUser(token.getPrincipal());
|
||||
User user = realm.getUser(token.getPrincipal());
|
||||
if (user == null || !user.isEnabled()) {
|
||||
logger.info("Unknown user in identity cookie");
|
||||
expireIdentityCookie(realm, uriInfo);
|
||||
|
@ -104,7 +104,7 @@ public class AuthenticationManager {
|
|||
if (!token.isActive()) {
|
||||
throw new NotAuthorizedException("token_expired");
|
||||
}
|
||||
User user = realm.getIdm().getUser(token.getPrincipal());
|
||||
User user = realm.getUser(token.getPrincipal());
|
||||
if (user == null || !user.isEnabled()) {
|
||||
throw new NotAuthorizedException("invalid_user");
|
||||
}
|
||||
|
@ -136,25 +136,13 @@ public class AuthenticationManager {
|
|||
logger.warn("TOTP token not provided");
|
||||
return false;
|
||||
}
|
||||
TOTPCredentials creds = new TOTPCredentials();
|
||||
creds.setToken(token);
|
||||
creds.setUsername(username);
|
||||
creds.setPassword(new Password(password));
|
||||
realm.getIdm().validateCredentials(creds);
|
||||
if (creds.getStatus() != Credentials.Status.VALID) {
|
||||
return false;
|
||||
}
|
||||
return realm.validateTOTP(user, password, token);
|
||||
} else {
|
||||
UsernamePasswordCredentials creds = new UsernamePasswordCredentials(username, new Password(password));
|
||||
realm.getIdm().validateCredentials(creds);
|
||||
if (creds.getStatus() != Credentials.Status.VALID) {
|
||||
return false;
|
||||
}
|
||||
return realm.validatePassword(user, password);
|
||||
}
|
||||
} else {
|
||||
logger.warn("Do not know how to authenticate user");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ public class InstallationManager {
|
|||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.updateRealm();
|
||||
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
|
||||
defaultRealm.getIdm().add(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE));
|
||||
defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE);
|
||||
}
|
||||
|
||||
public boolean isInstalled(RealmManager manager) {
|
||||
|
|
|
@ -139,7 +139,7 @@ public class RealmManager {
|
|||
user.setAttribute(new Attribute<String>(entry.getKey(), entry.getValue()));
|
||||
}
|
||||
}
|
||||
newRealm.getIdm().add(user);
|
||||
newRealm.addUser(user);
|
||||
if (userRep.getCredentials() != null) {
|
||||
for (CredentialRepresentation cred : userRep.getCredentials()) {
|
||||
UserCredentialModel credential = new UserCredentialModel();
|
||||
|
@ -155,7 +155,7 @@ public class RealmManager {
|
|||
for (RoleRepresentation roleRep : rep.getRoles()) {
|
||||
SimpleRole role = new SimpleRole(roleRep.getName());
|
||||
if (roleRep.getDescription() != null) role.setAttribute(new Attribute<String>("description", roleRep.getDescription()));
|
||||
newRealm.getIdm().add(role);
|
||||
newRealm.addRole(role);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -167,12 +167,12 @@ public class RealmManager {
|
|||
for (RoleMappingRepresentation mapping : rep.getRoleMappings()) {
|
||||
User user = userMap.get(mapping.getUsername());
|
||||
for (String roleString : mapping.getRoles()) {
|
||||
Role role = newRealm.getIdm().getRole(roleString.trim());
|
||||
Role role = newRealm.getRole(roleString.trim());
|
||||
if (role == null) {
|
||||
role = new SimpleRole(roleString.trim());
|
||||
newRealm.getIdm().add(role);
|
||||
newRealm.addRole(role);
|
||||
}
|
||||
newRealm.getIdm().grantRole(user, role);
|
||||
newRealm.grantRole(user, role);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -180,10 +180,10 @@ public class RealmManager {
|
|||
if (rep.getScopeMappings() != null) {
|
||||
for (ScopeMappingRepresentation scope : rep.getScopeMappings()) {
|
||||
for (String roleString : scope.getRoles()) {
|
||||
Role role = newRealm.getIdm().getRole(roleString.trim());
|
||||
Role role = newRealm.getRole(roleString.trim());
|
||||
if (role == null) {
|
||||
role = new SimpleRole(roleString.trim());
|
||||
newRealm.getIdm().add(role);
|
||||
newRealm.addRole(role);
|
||||
}
|
||||
User user = userMap.get(scope.getUsername());
|
||||
newRealm.addScope(user, role.getName());
|
||||
|
@ -194,7 +194,7 @@ public class RealmManager {
|
|||
}
|
||||
|
||||
protected void createResources(RealmRepresentation rep, RealmModel realm, Map<String, User> userMap) {
|
||||
Role loginRole = realm.getIdm().getRole(RealmManager.RESOURCE_ROLE);
|
||||
Role loginRole = realm.getRole(RealmManager.RESOURCE_ROLE);
|
||||
for (ResourceRepresentation resourceRep : rep.getResources()) {
|
||||
ResourceModel resource = realm.addResource(resourceRep.getName());
|
||||
resource.setManagementUrl(resourceRep.getAdminUrl());
|
||||
|
@ -211,26 +211,26 @@ public class RealmManager {
|
|||
}
|
||||
}
|
||||
userMap.put(resourceUser.getLoginName(), resourceUser);
|
||||
realm.getIdm().grantRole(resourceUser, loginRole);
|
||||
realm.grantRole(resourceUser, loginRole);
|
||||
|
||||
|
||||
if (resourceRep.getRoles() != null) {
|
||||
for (RoleRepresentation roleRep : resourceRep.getRoles()) {
|
||||
SimpleRole role = new SimpleRole(roleRep.getName());
|
||||
if (roleRep.getDescription() != null) role.setAttribute(new Attribute<String>("description", roleRep.getDescription()));
|
||||
resource.getIdm().add(role);
|
||||
resource.addRole(role);
|
||||
}
|
||||
}
|
||||
if (resourceRep.getRoleMappings() != null) {
|
||||
for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
|
||||
User user = userMap.get(mapping.getUsername());
|
||||
for (String roleString : mapping.getRoles()) {
|
||||
Role role = resource.getIdm().getRole(roleString.trim());
|
||||
Role role = resource.getRole(roleString.trim());
|
||||
if (role == null) {
|
||||
role = new SimpleRole(roleString.trim());
|
||||
resource.getIdm().add(role);
|
||||
resource.addRole(role);
|
||||
}
|
||||
realm.getIdm().grantRole(user, role);
|
||||
realm.grantRole(user, role);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -238,10 +238,10 @@ public class RealmManager {
|
|||
for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
|
||||
User user = userMap.get(mapping.getUsername());
|
||||
for (String roleString : mapping.getRoles()) {
|
||||
Role role = resource.getIdm().getRole(roleString.trim());
|
||||
Role role = resource.getRole(roleString.trim());
|
||||
if (role == null) {
|
||||
role = new SimpleRole(roleString.trim());
|
||||
resource.getIdm().add(role);
|
||||
resource.addRole(role);
|
||||
}
|
||||
resource.addScope(user, role.getName());
|
||||
}
|
||||
|
|
|
@ -75,7 +75,7 @@ public class TokenManager {
|
|||
(scopeRequest == null || scopeRequest.contains(role)) &&
|
||||
(scope.contains("*") || scope.contains(role))
|
||||
)
|
||||
realmRolesRequested.add(realm.getIdm().getRole(role));
|
||||
realmRolesRequested.add(realm.getRole(role));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -94,7 +94,7 @@ public class TokenManager {
|
|||
(scopeRequest == null || scopeRequest.contains(role)) &&
|
||||
(scope.contains("*") || scope.contains(role))
|
||||
)
|
||||
resourceRolesRequested.add(resource.getName(), resource.getIdm().getRole(role));
|
||||
resourceRolesRequested.add(resource.getName(), resource.getRole(role));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
11
services/src/main/java/org/keycloak/services/models/KeycloakSession.java
Executable file
11
services/src/main/java/org/keycloak/services/models/KeycloakSession.java
Executable file
|
@ -0,0 +1,11 @@
|
|||
package org.keycloak.services.models;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface KeycloakSession {
|
||||
KeycloakTransaction getTransaction();
|
||||
|
||||
void close();
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
package org.keycloak.services.models;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface KeycloakSessionFactory {
|
||||
}
|
13
services/src/main/java/org/keycloak/services/models/KeycloakTransaction.java
Executable file
13
services/src/main/java/org/keycloak/services/models/KeycloakTransaction.java
Executable file
|
@ -0,0 +1,13 @@
|
|||
package org.keycloak.services.models;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface KeycloakTransaction {
|
||||
void begin();
|
||||
void commit();
|
||||
void rollback();
|
||||
void setRollbackOnly();
|
||||
boolean getRollbackOnly();
|
||||
boolean isActive();}
|
|
@ -10,8 +10,11 @@ import org.keycloak.services.models.relationships.RequiredCredentialRelationship
|
|||
import org.keycloak.services.models.relationships.ScopeRelationship;
|
||||
import org.picketlink.idm.IdentitySession;
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.credential.Credentials;
|
||||
import org.picketlink.idm.credential.Password;
|
||||
import org.picketlink.idm.credential.TOTPCredential;
|
||||
import org.picketlink.idm.credential.TOTPCredentials;
|
||||
import org.picketlink.idm.credential.UsernamePasswordCredentials;
|
||||
import org.picketlink.idm.credential.X509CertificateCredentials;
|
||||
import org.picketlink.idm.model.Agent;
|
||||
import org.picketlink.idm.model.Attribute;
|
||||
|
@ -67,7 +70,7 @@ public class RealmModel {
|
|||
realmAgent = getIdm().getAgent(REALM_AGENT_ID);
|
||||
}
|
||||
|
||||
public IdentityManager getIdm() {
|
||||
protected IdentityManager getIdm() {
|
||||
if (idm == null) idm = identitySession.createIdentityManager(realm);
|
||||
return idm;
|
||||
}
|
||||
|
@ -236,6 +239,21 @@ public class RealmModel {
|
|||
idm.add(relationship);
|
||||
}
|
||||
|
||||
public boolean validatePassword(User user, String password) {
|
||||
UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user.getLoginName(), new Password(password));
|
||||
getIdm().validateCredentials(creds);
|
||||
return creds.getStatus() == Credentials.Status.VALID;
|
||||
}
|
||||
|
||||
public boolean validateTOTP(User user, String password, String token) {
|
||||
TOTPCredentials creds = new TOTPCredentials();
|
||||
creds.setToken(token);
|
||||
creds.setUsername(user.getLoginName());
|
||||
creds.setPassword(new Password(password));
|
||||
getIdm().validateCredentials(creds);
|
||||
return creds.getStatus() == Credentials.Status.VALID;
|
||||
}
|
||||
|
||||
public void updateCredential(User user, UserCredentialModel cred) {
|
||||
IdentityManager idm = getIdm();
|
||||
if (cred.getType().equals(RequiredCredentialRepresentation.PASSWORD)) {
|
||||
|
@ -256,6 +274,28 @@ public class RealmModel {
|
|||
}
|
||||
}
|
||||
|
||||
public User getUser(String name) {
|
||||
return getIdm().getUser(name);
|
||||
}
|
||||
|
||||
public void addUser(User user) {
|
||||
getIdm().add(user);
|
||||
}
|
||||
|
||||
public Role getRole(String name) {
|
||||
return getIdm().getRole(name);
|
||||
}
|
||||
|
||||
public Role addRole(String name) {
|
||||
Role role = new SimpleRole(name);
|
||||
getIdm().add(role);
|
||||
return role;
|
||||
}
|
||||
|
||||
public void addRole(Role role) {
|
||||
getIdm().add(role);
|
||||
}
|
||||
|
||||
public List<Role> getRoles() {
|
||||
IdentityManager idm = getIdm();
|
||||
IdentityQuery<Role> query = idm.createIdentityQuery(Role.class);
|
||||
|
@ -305,11 +345,19 @@ public class RealmModel {
|
|||
relationship.setResourceUser(resourceUser);
|
||||
idm.add(relationship);
|
||||
ResourceModel resource = new ResourceModel(newTier, relationship, this, identitySession);
|
||||
resource.getIdm().add(new SimpleRole("*"));
|
||||
resource.addRole(new SimpleRole("*"));
|
||||
resource.addScope(resourceUser, "*");
|
||||
return resource;
|
||||
}
|
||||
|
||||
public boolean hasRole(User user, Role role) {
|
||||
return getIdm().hasRole(user, role);
|
||||
}
|
||||
|
||||
public void grantRole(User user, Role role) {
|
||||
getIdm().grantRole(user, role);
|
||||
}
|
||||
|
||||
public Set<String> getRoleMappings(User user) {
|
||||
RelationshipQuery<Grant> query = getIdm().createRelationshipQuery(Grant.class);
|
||||
query.setParameter(Grant.ASSIGNEE, user);
|
||||
|
|
|
@ -7,6 +7,7 @@ import org.picketlink.idm.IdentityManager;
|
|||
import org.picketlink.idm.model.Agent;
|
||||
import org.picketlink.idm.model.Grant;
|
||||
import org.picketlink.idm.model.Role;
|
||||
import org.picketlink.idm.model.SimpleRole;
|
||||
import org.picketlink.idm.model.Tier;
|
||||
import org.picketlink.idm.model.User;
|
||||
import org.picketlink.idm.query.IdentityQuery;
|
||||
|
@ -34,7 +35,7 @@ public class ResourceModel {
|
|||
this.identitySession = session;
|
||||
}
|
||||
|
||||
public IdentityManager getIdm() {
|
||||
protected IdentityManager getIdm() {
|
||||
if (idm == null) idm = identitySession.createIdentityManager(tier);
|
||||
return idm;
|
||||
}
|
||||
|
@ -83,6 +84,28 @@ public class ResourceModel {
|
|||
agent.setManagementUrl(url);
|
||||
}
|
||||
|
||||
public User getUser(String name) {
|
||||
return getIdm().getUser(name);
|
||||
}
|
||||
|
||||
public void addUser(User user) {
|
||||
getIdm().add(user);
|
||||
}
|
||||
|
||||
public Role getRole(String name) {
|
||||
return getIdm().getRole(name);
|
||||
}
|
||||
|
||||
public Role addRole(String name) {
|
||||
Role role = new SimpleRole(name);
|
||||
getIdm().add(role);
|
||||
return role;
|
||||
}
|
||||
|
||||
public void addRole(Role role) {
|
||||
getIdm().add(role);
|
||||
}
|
||||
|
||||
public List<Role> getRoles() {
|
||||
IdentityQuery<Role> query = getIdm().createIdentityQuery(Role.class);
|
||||
query.setParameter(Role.PARTITION, tier);
|
||||
|
|
|
@ -94,8 +94,8 @@ public class RealmsResource {
|
|||
RealmManager realmManager = new RealmManager(identitySession);
|
||||
RealmModel defaultRealm = realmManager.getRealm(Realm.DEFAULT_REALM);
|
||||
User realmCreator = new AuthenticationManager().authenticateBearerToken(defaultRealm, headers);
|
||||
Role creatorRole = defaultRealm.getIdm().getRole(RegistrationService.REALM_CREATOR_ROLE);
|
||||
if (!defaultRealm.getIdm().hasRole(realmCreator, creatorRole)) {
|
||||
Role creatorRole = defaultRealm.getRole(RegistrationService.REALM_CREATOR_ROLE);
|
||||
if (!defaultRealm.hasRole(realmCreator, creatorRole)) {
|
||||
logger.warn("not a realm creator");
|
||||
throw new NotAuthorizedException("Bearer");
|
||||
}
|
||||
|
|
|
@ -49,21 +49,21 @@ public class RegistrationService {
|
|||
if (!defaultRealm.isRegistrationAllowed()) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
User user = defaultRealm.getIdm().getUser(newUser.getUsername());
|
||||
User user = defaultRealm.getUser(newUser.getUsername());
|
||||
if (user != null) {
|
||||
return Response.status(400).type("text/plain").entity("user exists").build();
|
||||
}
|
||||
|
||||
user = new SimpleUser(newUser.getUsername());
|
||||
defaultRealm.getIdm().add(user);
|
||||
defaultRealm.addUser(user);
|
||||
for (CredentialRepresentation cred : newUser.getCredentials()) {
|
||||
UserCredentialModel credModel = new UserCredentialModel();
|
||||
credModel.setType(cred.getType());
|
||||
credModel.setValue(cred.getValue());
|
||||
defaultRealm.updateCredential(user, credModel);
|
||||
}
|
||||
Role realmCreator = defaultRealm.getIdm().getRole(REALM_CREATOR_ROLE);
|
||||
defaultRealm.getIdm().grantRole(user, realmCreator);
|
||||
Role realmCreator = defaultRealm.getRole(REALM_CREATOR_ROLE);
|
||||
defaultRealm.grantRole(user, realmCreator);
|
||||
identitySession.getTransaction().commit();
|
||||
URI uri = uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(user.getLoginName()).build();
|
||||
return Response.created(uri).build();
|
||||
|
|
|
@ -125,7 +125,7 @@ public class TokenService {
|
|||
if (!realm.isEnabled()) {
|
||||
throw new NotAuthorizedException("Disabled realm");
|
||||
}
|
||||
User user = realm.getIdm().getUser(username);
|
||||
User user = realm.getUser(username);
|
||||
if (user == null) {
|
||||
throw new NotAuthorizedException("No user");
|
||||
}
|
||||
|
@ -154,7 +154,7 @@ public class TokenService {
|
|||
if (!realm.isEnabled()) {
|
||||
throw new NotAuthorizedException("Disabled realm");
|
||||
}
|
||||
User user = realm.getIdm().getUser(username);
|
||||
User user = realm.getUser(username);
|
||||
if (user == null) {
|
||||
throw new NotAuthorizedException("No user");
|
||||
}
|
||||
|
@ -183,7 +183,7 @@ public class TokenService {
|
|||
securityFailureForward("Realm not enabled.");
|
||||
return null;
|
||||
}
|
||||
User client = realm.getIdm().getUser(clientId);
|
||||
User client = realm.getUser(clientId);
|
||||
if (client == null) {
|
||||
securityFailureForward("Unknown login requester.");
|
||||
return null;
|
||||
|
@ -193,7 +193,7 @@ public class TokenService {
|
|||
return null;
|
||||
}
|
||||
String username = formData.getFirst("username");
|
||||
User user = realm.getIdm().getUser(username);
|
||||
User user = realm.getUser(username);
|
||||
if (user == null) {
|
||||
logger.error("Incorrect user name.");
|
||||
request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Incorrect user name.");
|
||||
|
@ -217,10 +217,10 @@ public class TokenService {
|
|||
}
|
||||
|
||||
protected Response processAccessCode(String scopeParam, String state, String redirect, User client, User user) {
|
||||
Role resourceRole = realm.getIdm().getRole(RealmManager.RESOURCE_ROLE);
|
||||
Role identityRequestRole = realm.getIdm().getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
|
||||
boolean isResource = realm.getIdm().hasRole(client, resourceRole);
|
||||
if (!isResource && !realm.getIdm().hasRole(client, identityRequestRole)) {
|
||||
Role resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE);
|
||||
Role identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
|
||||
boolean isResource = realm.hasRole(client, resourceRole);
|
||||
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
|
||||
securityFailureForward("Login requester not allowed to request login.");
|
||||
identitySession.close();
|
||||
return null;
|
||||
|
@ -274,7 +274,7 @@ public class TokenService {
|
|||
error.put("error_description", "client_id not specified");
|
||||
return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
|
||||
}
|
||||
User client = realm.getIdm().getUser(client_id);
|
||||
User client = realm.getUser(client_id);
|
||||
if (client == null) {
|
||||
logger.debug("Could not find user");
|
||||
Map<String, String> error = new HashMap<String, String>();
|
||||
|
@ -403,7 +403,7 @@ public class TokenService {
|
|||
securityFailureForward("Realm not enabled");
|
||||
return null;
|
||||
}
|
||||
User client = realm.getIdm().getUser(clientId);
|
||||
User client = realm.getUser(clientId);
|
||||
if (client == null) {
|
||||
securityFailureForward("Unknown login requester.");
|
||||
return null;
|
||||
|
@ -415,10 +415,10 @@ public class TokenService {
|
|||
return null;
|
||||
}
|
||||
|
||||
Role resourceRole = realm.getIdm().getRole(RealmManager.RESOURCE_ROLE);
|
||||
Role identityRequestRole = realm.getIdm().getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
|
||||
boolean isResource = realm.getIdm().hasRole(client, resourceRole);
|
||||
if (!isResource && !realm.getIdm().hasRole(client, identityRequestRole)) {
|
||||
Role resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE);
|
||||
Role identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
|
||||
boolean isResource = realm.hasRole(client, resourceRole);
|
||||
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
|
||||
securityFailureForward("Login requester not allowed to request login.");
|
||||
identitySession.close();
|
||||
return null;
|
||||
|
|
|
@ -148,30 +148,26 @@ public class AdapterTest {
|
|||
public void testCredentialValidation() throws Exception {
|
||||
test1CreateRealm();
|
||||
User user = new SimpleUser("bburke");
|
||||
realmModel.getIdm().add(user);
|
||||
realmModel.addUser(user);
|
||||
UserCredentialModel cred = new UserCredentialModel();
|
||||
cred.setType(RequiredCredentialRepresentation.PASSWORD);
|
||||
cred.setValue("geheim");
|
||||
realmModel.updateCredential(user, cred);
|
||||
IdentityManager idm = realmModel.getIdm();
|
||||
UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user.getLoginName(), new Password("geheim"));
|
||||
idm.validateCredentials(creds);
|
||||
Assert.assertEquals(creds.getStatus(), Credentials.Status.VALID);
|
||||
Assert.assertTrue(realmModel.validatePassword(user, "geheim"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRoles() throws Exception {
|
||||
test1CreateRealm();
|
||||
IdentityManager idm = realmModel.getIdm();
|
||||
idm.add(new SimpleRole("admin"));
|
||||
idm.add(new SimpleRole("user"));
|
||||
realmModel.addRole(new SimpleRole("admin"));
|
||||
realmModel.addRole(new SimpleRole("user"));
|
||||
List<Role> roles = realmModel.getRoles();
|
||||
Assert.assertEquals(5, roles.size());
|
||||
SimpleUser user = new SimpleUser("bburke");
|
||||
idm.add(user);
|
||||
Role role = idm.getRole("user");
|
||||
idm.grantRole(user, role);
|
||||
Assert.assertTrue(idm.hasRole(user, role));
|
||||
realmModel.addUser(user);
|
||||
Role role = realmModel.getRole("user");
|
||||
realmModel.grantRole(user, role);
|
||||
Assert.assertTrue(realmModel.hasRole(user, role));
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -96,13 +96,13 @@ public class ImportTest {
|
|||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.updateRealm();
|
||||
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
|
||||
defaultRealm.getIdm().add(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE));
|
||||
defaultRealm.addRole(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE));
|
||||
|
||||
RealmRepresentation rep = KeycloakTestBase.loadJson("testrealm.json");
|
||||
RealmModel realm = manager.createRealm("demo", rep.getRealm());
|
||||
manager.importRealm(rep, realm);
|
||||
|
||||
User user = realm.getIdm().getUser("loginclient");
|
||||
User user = realm.getUser("loginclient");
|
||||
Assert.assertNotNull(user);
|
||||
Set<String> scopes = realm.getScope(user);
|
||||
System.out.println("Scopes size: " + scopes.size());
|
||||
|
|
Loading…
Reference in a new issue