libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

abstract Picketlink User/Role

Browse source
This commit is contained in:
Bill Burke 2013-07-31 16:30:39 -04:00
parent d19466db4b
commit 93f9a34175
38 changed files with 795 additions and 617 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
examples/as7-eap-demo/server/src/main/webapp/oauthGrantForm.jsp
View file

@ -1,4 +1,4 @@
<%@ page import="org.picketlink.idm.model.*,org.keycloak.services.models.*,org.keycloak.services.resources.*,javax.ws.rs.core.*,java.util.*" language="java" contentType="text/html; charset=ISO-8859-1"
<%@ page import="org.keycloak.services.models.*,org.keycloak.services.resources.*,javax.ws.rs.core.*,java.util.*" language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%
RealmModel realm = (RealmModel)request.getAttribute(RealmModel.class.getName());
@ -22,9 +22,9 @@
<body>
<%
User client = (User)request.getAttribute("client");
List<Role> realmRolesRequested = (List<Role>)request.getAttribute("realmRolesRequested");
MultivaluedMap<String, Role> resourceRolesRequested = (MultivaluedMap<String, Role>)request.getAttribute("resourceRolesRequested");
UserModel client = (UserModel)request.getAttribute("client");
List<RoleModel> realmRolesRequested = (List<RoleModel>)request.getAttribute("realmRolesRequested");
MultivaluedMap<String, RoleModel> resourceRolesRequested = (MultivaluedMap<String, RoleModel>)request.getAttribute("resourceRolesRequested");
%>
<h1>Grant request for: <%=client.getLoginName()%></h1>
@ -36,11 +36,11 @@
<%
if (realmRolesRequested.size() > 0) {
%> <ul> <%
for (Role role : realmRolesRequested) {
for (RoleModel role : realmRolesRequested) {
String desc = "Have " + role.getName() + " privileges.";
Attribute roleDesc = role.getAttribute("description");
String roleDesc = role.getDescription();
if (roleDesc != null) {
desc = (String)roleDesc.getValue();
desc = roleDesc;
}
%>
<li><%=desc%></li>
@ -49,14 +49,14 @@
%> </ul> <%
}
for (String resource : resourceRolesRequested.keySet()) {
List<Role> roles = resourceRolesRequested.get(resource);
List<RoleModel> roles = resourceRolesRequested.get(resource);
out.println("<i>For application " + resource + ":</i> ");
out.println("<ul>");
for (Role role : roles) {
for (RoleModel role : roles) {
String desc = "Have " + role.getName() + " privileges.";
Attribute roleDesc = role.getAttribute("description");
String roleDesc = role.getDescription();
if (roleDesc != null) {
desc = (String)roleDesc.getValue();
desc = roleDesc;
}
out.println("<li>" + desc + "</li>");
}

70
sdk-html/pom.xml
View file

@ -1,42 +1,42 @@
<?xml version="1.0"?>
<project>
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>1.0-alpha-1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>1.0-alpha-1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>keycloak-sdk-html</artifactId>
<name>Keycloak HTML SDK</name>
<description />
<artifactId>keycloak-sdk-html</artifactId>
<name>Keycloak HTML SDK</name>
<description/>
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-social</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>jaxrs-api</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-social</artifactId>
<version>${project.version}</version>
</dependency>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>
</plugins>
</build>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>jaxrs-api</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>
</plugins>
</build>
</project>

66
sdk-html/src/main/resources/META-INF/resources/sdk/login.html Normal file → Executable file
View file

@ -1,46 +1,46 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<link href="css/bootstrap.css" rel="stylesheet">
<link href="css/default.css" rel="stylesheet">
<meta charset="utf-8">
<link href="css/bootstrap.css" rel="stylesheet">
<link href="css/default.css" rel="stylesheet">
<script src="js/angular.js"></script>
<script src="js/angular-resource.js"></script>
<script src="js/app.js"></script>
<script src="js/angular.js"></script>
<script src="js/angular-resource.js"></script>
<script src="js/app.js"></script>
</head>
<body class=keycloak-login-page data-ng-app=keycloak>
<div id=keycloak-login-container data-ng-controller=GlobalCtrl>
<div id=keycloak-login-standard>
<h1>Login to {{config.name}}</h1>
<div class="alert alert-info" data-ng-show="info">{{info}}</div>
<div class="alert alert-error" data-ng-show="error">{{error}}</div>
<div id=keycloak-login-container data-ng-controller=GlobalCtrl>
<div id=keycloak-login-standard>
<h1>Login to {{config.name}}</h1>
<form action="#">
<label for=username>Username</label>
<input id=username type=text data-ng-model=username required />
<label for=password>Password</label>
<input id=password type=text data-ng-model=password required />
<div>
<button class="btn btn-primary" id=keycloak-login-submit type=submit>Login</button>
<a class="btn" href="register.html?application={{config.id}}">Register</a>
<a class="btn" href="{{config.callbackUrl}}">Cancel</a>
</div>
</form>
</div>
<div class="alert alert-info" data-ng-show="info">{{info}}</div>
<div class="alert alert-error" data-ng-show="error">{{error}}</div>
<div id=keycloak-login-social>
<h3>Login with</h3>
<form action="#">
<label for=username>Username</label>
<input id=username type=text data-ng-model=username required/>
<div data-ng-repeat="p in config.providers">
<a href="/keycloak-server/social/api/{{config.id}}/auth/{{p}}"><img data-ng-src="icons/{{p}}.png" /></a>
</div>
</div>
</div>
<label for=password>Password</label>
<input id=password type=text data-ng-model=password required/>
<div>
<button class="btn btn-primary" id=keycloak-login-submit type=submit>Login</button>
<a class="btn" href="register.html?application={{config.id}}">Register</a>
<a class="btn" href="{{config.callbackUrl}}">Cancel</a>
</div>
</form>
</div>
<div id=keycloak-login-social>
<h3>Login with</h3>
<div data-ng-repeat="p in config.providers">
<a href="/keycloak-server/social/api/{{config.id}}/auth/{{p}}"><img data-ng-src="icons/{{p}}.png"/></a>
</div>
</div>
</div>
</body>
</html>

87
sdk-html/src/main/resources/META-INF/resources/sdk/register.html Normal file → Executable file
View file

@ -1,57 +1,58 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<link href="css/bootstrap.css" rel="stylesheet">
<link href="css/default.css" rel="stylesheet">
<meta charset="utf-8">
<link href="css/bootstrap.css" rel="stylesheet">
<link href="css/default.css" rel="stylesheet">
<script src="js/angular.js"></script>
<script src="js/angular-resource.js"></script>
<script src="js/app.js"></script>
<script src="js/angular.js"></script>
<script src="js/angular-resource.js"></script>
<script src="js/app.js"></script>
</head>
<body class=keycloak-login-page data-ng-app=keycloak>
<div id=keycloak-login-container data-ng-controller=GlobalCtrl>
<div id=keycloak-login-standard>
<h1>Register with {{config.name}}</h1>
<div class="alert alert-info" data-ng-show="info">{{info}}</div>
<div class="alert alert-error" data-ng-show="error">{{error}}</div>
<div id=keycloak-login-container data-ng-controller=GlobalCtrl>
<div id=keycloak-login-standard>
<h1>Register with {{config.name}}</h1>
<form action="#">
<label for=firstname>Firstname</label>
<input id=firstname type=text data-ng-model=firstname />
<label for=lastname>Lastname</label>
<input id=lastname type=text data-ng-model=lastname />
<label for=email>Email</label>
<input id=email type=email data-ng-model=email />
<div class="alert alert-info" data-ng-show="info">{{info}}</div>
<div class="alert alert-error" data-ng-show="error">{{error}}</div>
<label for=username>Username</label>
<input id=username type=text data-ng-model=username />
<label for=password>Password</label>
<input id=password type=text data-ng-model=password required />
<label for=password-confirm>Password confirmation</label>
<input id=password-confirm type=text data-ng-model=passwordConfirm required pattern="{{password}}" title="Passwords don't match" />
<div>
<button class="btn btn-primary" id=keycloak-login-submit type=submit>Register</button>
<a class="btn" href="{{config.callbackUrl}}">Cancel</a>
</div>
</form>
</div>
<form action="#">
<label for=firstname>Firstname</label>
<input id=firstname type=text data-ng-model=firstname/>
<div id=keycloak-login-social>
<h3>Login with</h3>
<label for=lastname>Lastname</label>
<input id=lastname type=text data-ng-model=lastname/>
<div data-ng-repeat="p in config.providers">
<a href="/social/{{config.id}}/provider/{{p}}"><img data-ng-src="icons/{{p}}.png" /></a>
</div>
</div>
</div>
<label for=email>Email</label>
<input id=email type=email data-ng-model=email/>
<label for=username>Username</label>
<input id=username type=text data-ng-model=username/>
<label for=password>Password</label>
<input id=password type=text data-ng-model=password required/>
<label for=password-confirm>Password confirmation</label>
<input id=password-confirm type=text data-ng-model=passwordConfirm required pattern="{{password}}"
title="Passwords don't match"/>
<div>
<button class="btn btn-primary" id=keycloak-login-submit type=submit>Register</button>
<a class="btn" href="{{config.callbackUrl}}">Cancel</a>
</div>
</form>
</div>
<div id=keycloak-login-social>
<h3>Login with</h3>
<div data-ng-repeat="p in config.providers">
<a href="/social/{{config.id}}/provider/{{p}}"><img data-ng-src="icons/{{p}}.png"/></a>
</div>
</div>
</div>
</body>
</html>

66
server/pom.xml
View file

@ -1,40 +1,40 @@
<?xml version="1.0"?>
<project>
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>1.0-alpha-1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>1.0-alpha-1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>keycloak-server</artifactId>
<name>Keycloak Server</name>
<packaging>war</packaging>
<artifactId>keycloak-server</artifactId>
<name>Keycloak Server</name>
<packaging>war</packaging>
<description />
<description/>
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-sdk-html</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-social</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-ui</artifactId>
<version>${project.version}</version>
</dependency>
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-sdk-html</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-social</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-ui</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>jaxrs-api</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>jaxrs-api</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
</project>

6
server/src/main/webapp/WEB-INF/web.xml Normal file → Executable file
View file

@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ">
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ">
<module-name>keycloak-server</module-name>
<module-name>keycloak-server</module-name>
</web-app>

24
services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java
View file

@ -1,8 +1,8 @@
package org.keycloak.services.managers;
import org.keycloak.representations.SkeletonKeyToken;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.User;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
@ -22,10 +22,10 @@ public class AccessCodeEntry {
protected long expiration;
protected SkeletonKeyToken token;
protected User user;
protected User client;
protected List<Role> realmRolesRequested = new ArrayList<Role>();
MultivaluedMap<String, Role> resourceRolesRequested = new MultivaluedHashMap<String, Role>();
protected UserModel user;
protected UserModel client;
protected List<RoleModel> realmRolesRequested = new ArrayList<RoleModel>();
MultivaluedMap<String, RoleModel> resourceRolesRequested = new MultivaluedHashMap<String, RoleModel>();
public boolean isExpired() {
return expiration != 0 && (System.currentTimeMillis() / 1000) > expiration;
@ -59,27 +59,27 @@ public class AccessCodeEntry {
this.token = token;
}
public User getClient() {
public UserModel getClient() {
return client;
}
public void setClient(User client) {
public void setClient(UserModel client) {
this.client = client;
}
public User getUser() {
public UserModel getUser() {
return user;
}
public void setUser(User user) {
public void setUser(UserModel user) {
this.user = user;
}
public List<Role> getRealmRolesRequested() {
public List<RoleModel> getRealmRolesRequested() {
return realmRolesRequested;
}
public MultivaluedMap<String, Role> getResourceRolesRequested() {
public MultivaluedMap<String, RoleModel> getResourceRolesRequested() {
return resourceRolesRequested;
}

18
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
View file

@ -9,12 +9,8 @@ import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.resources.RealmsResource;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.Password;
import org.picketlink.idm.credential.TOTPCredentials;
import org.picketlink.idm.credential.UsernamePasswordCredentials;
import org.picketlink.idm.model.User;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.core.Cookie;
@ -44,7 +40,7 @@ public class AuthenticationManager {
* @return
*/
public boolean isRealmAdmin(RealmModel realm, HttpHeaders headers) {
User user = authenticateBearerToken(realm, headers);
UserModel user = authenticateBearerToken(realm, headers);
return realm.isRealmAdmin(user);
}
@ -60,7 +56,7 @@ public class AuthenticationManager {
response.addNewCookie(expireIt);
}
public User authenticateIdentityCookie(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
public UserModel authenticateIdentityCookie(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) {
Cookie cookie = headers.getCookies().get(TokenManager.KEYCLOAK_IDENTITY_COOKIE);
if (cookie == null) return null;
@ -72,7 +68,7 @@ public class AuthenticationManager {
expireIdentityCookie(realm, uriInfo);
return null;
}
User user = realm.getUser(token.getPrincipal());
UserModel user = realm.getUser(token.getPrincipal());
if (user == null || !user.isEnabled()) {
logger.info("Unknown user in identity cookie");
expireIdentityCookie(realm, uriInfo);
@ -86,7 +82,7 @@ public class AuthenticationManager {
return null;
}
public User authenticateBearerToken(RealmModel realm, HttpHeaders headers) {
public UserModel authenticateBearerToken(RealmModel realm, HttpHeaders headers) {
String tokenString = null;
String authHeader = headers.getHeaderString(HttpHeaders.AUTHORIZATION);
if (authHeader == null) {
@ -104,7 +100,7 @@ public class AuthenticationManager {
if (!token.isActive()) {
throw new NotAuthorizedException("token_expired");
}
User user = realm.getUser(token.getPrincipal());
UserModel user = realm.getUser(token.getPrincipal());
if (user == null || !user.isEnabled()) {
throw new NotAuthorizedException("invalid_user");
}
@ -115,7 +111,7 @@ public class AuthenticationManager {
}
}
public boolean authenticateForm(RealmModel realm, User user, MultivaluedMap<String, String> formData) {
public boolean authenticateForm(RealmModel realm, UserModel user, MultivaluedMap<String, String> formData) {
String username = user.getLoginName();
Set<String> types = new HashSet<String>();

1
services/src/main/java/org/keycloak/services/managers/InstallationManager.java
View file

@ -4,7 +4,6 @@ import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.resources.RegistrationService;
import org.picketlink.idm.model.Realm;
import org.picketlink.idm.model.SimpleRole;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>

60
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -11,20 +11,17 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.models.UserModel;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.IdentitySession;
import org.picketlink.idm.model.Attribute;
import org.picketlink.idm.model.Realm;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.SimpleAgent;
import org.picketlink.idm.model.SimpleRole;
import org.picketlink.idm.model.SimpleUser;
import org.picketlink.idm.model.User;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import java.io.Serializable;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
@ -94,7 +91,7 @@ public class RealmManager {
realm.updateRealm();
}
public RealmModel importRealm(RealmRepresentation rep, User realmCreator) {
public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
verifyRealmRepresentation(rep);
RealmModel realm = createRealm(rep.getRealm());
importRealm(rep, realm);
@ -121,7 +118,7 @@ public class RealmManager {
newRealm.updateRealm();
Map<String, User> userMap = new HashMap<String, User>();
Map<String, UserModel> userMap = new HashMap<String, UserModel>();
for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) {
RequiredCredentialModel credential = new RequiredCredentialModel();
@ -132,14 +129,13 @@ public class RealmManager {
}
for (UserRepresentation userRep : rep.getUsers()) {
User user = new SimpleUser(userRep.getUsername());
UserModel user = newRealm.addUser(userRep.getUsername());
user.setEnabled(userRep.isEnabled());
if (userRep.getAttributes() != null) {
for (Map.Entry<String, String> entry : userRep.getAttributes().entrySet()) {
user.setAttribute(new Attribute<String>(entry.getKey(), entry.getValue()));
user.setAttribute(entry.getKey(), entry.getValue());
}
}
newRealm.addUser(user);
if (userRep.getCredentials() != null) {
for (CredentialRepresentation cred : userRep.getCredentials()) {
UserCredentialModel credential = new UserCredentialModel();
@ -153,9 +149,8 @@ public class RealmManager {
if (rep.getRoles() != null) {
for (RoleRepresentation roleRep : rep.getRoles()) {
SimpleRole role = new SimpleRole(roleRep.getName());
if (roleRep.getDescription() != null) role.setAttribute(new Attribute<String>("description", roleRep.getDescription()));
newRealm.addRole(role);
RoleModel role = newRealm.addRole(roleRep.getName());
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
}
}
@ -165,12 +160,11 @@ public class RealmManager {
if (rep.getRoleMappings() != null) {
for (RoleMappingRepresentation mapping : rep.getRoleMappings()) {
User user = userMap.get(mapping.getUsername());
UserModel user = userMap.get(mapping.getUsername());
for (String roleString : mapping.getRoles()) {
Role role = newRealm.getRole(roleString.trim());
RoleModel role = newRealm.getRole(roleString.trim());
if (role == null) {
role = new SimpleRole(roleString.trim());
newRealm.addRole(role);
role = newRealm.addRole(roleString.trim());
}
newRealm.grantRole(user, role);
}
@ -180,12 +174,11 @@ public class RealmManager {
if (rep.getScopeMappings() != null) {
for (ScopeMappingRepresentation scope : rep.getScopeMappings()) {
for (String roleString : scope.getRoles()) {
Role role = newRealm.getRole(roleString.trim());
RoleModel role = newRealm.getRole(roleString.trim());
if (role == null) {
role = new SimpleRole(roleString.trim());
newRealm.addRole(role);
role = newRealm.addRole(roleString.trim());
}
User user = userMap.get(scope.getUsername());
UserModel user = userMap.get(scope.getUsername());
newRealm.addScope(user, role.getName());
}
@ -193,15 +186,15 @@ public class RealmManager {
}
}
protected void createResources(RealmRepresentation rep, RealmModel realm, Map<String, User> userMap) {
Role loginRole = realm.getRole(RealmManager.RESOURCE_ROLE);
protected void createResources(RealmRepresentation rep, RealmModel realm, Map<String, UserModel> userMap) {
RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE);
for (ResourceRepresentation resourceRep : rep.getResources()) {
ResourceModel resource = realm.addResource(resourceRep.getName());
resource.setManagementUrl(resourceRep.getAdminUrl());
resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
resource.updateResource();
User resourceUser = resource.getResourceUser();
UserModel resourceUser = resource.getResourceUser();
if (resourceRep.getCredentials() != null) {
for (CredentialRepresentation cred : resourceRep.getCredentials()) {
UserCredentialModel credential = new UserCredentialModel();
@ -216,19 +209,17 @@ public class RealmManager {
if (resourceRep.getRoles() != null) {
for (RoleRepresentation roleRep : resourceRep.getRoles()) {
SimpleRole role = new SimpleRole(roleRep.getName());
if (roleRep.getDescription() != null) role.setAttribute(new Attribute<String>("description", roleRep.getDescription()));
resource.addRole(role);
RoleModel role = resource.addRole(roleRep.getName());
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
}
}
if (resourceRep.getRoleMappings() != null) {
for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
User user = userMap.get(mapping.getUsername());
UserModel user = userMap.get(mapping.getUsername());
for (String roleString : mapping.getRoles()) {
Role role = resource.getRole(roleString.trim());
RoleModel role = resource.getRole(roleString.trim());
if (role == null) {
role = new SimpleRole(roleString.trim());
resource.addRole(role);
role = resource.addRole(roleString.trim());
}
realm.grantRole(user, role);
}
@ -236,12 +227,11 @@ public class RealmManager {
}
if (resourceRep.getScopeMappings() != null) {
for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
User user = userMap.get(mapping.getUsername());
UserModel user = userMap.get(mapping.getUsername());
for (String roleString : mapping.getRoles()) {
Role role = resource.getRole(roleString.trim());
RoleModel role = resource.getRole(roleString.trim());
if (role == null) {
role = new SimpleRole(roleString.trim());
resource.addRole(role);
role = resource.addRole(roleString.trim());
}
resource.addScope(user, role.getName());
}

24
services/src/main/java/org/keycloak/services/managers/TokenManager.java
View file

@ -7,9 +7,9 @@ import org.keycloak.representations.SkeletonKeyScope;
import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.resources.RealmsResource;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.User;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.NewCookie;
@ -45,21 +45,21 @@ public class TokenManager {
return accessCodeMap.remove(key);
}
public NewCookie createLoginCookie(RealmModel realm, User user, UriInfo uriInfo) {
public NewCookie createLoginCookie(RealmModel realm, UserModel user, UriInfo uriInfo) {
SkeletonKeyToken identityToken = createIdentityToken(realm, user.getLoginName());
String encoded = encodeToken(realm, identityToken);
URI uri = RealmsResource.realmBaseUrl(uriInfo).build(realm.getId());
boolean secureOnly = !realm.isSslNotRequired();
NewCookie cookie = new NewCookie(KEYCLOAK_IDENTITY_COOKIE, encoded, uri.getPath(), null, null, realm.getTokenLifespan(), secureOnly, true);
NewCookie cookie = new NewCookie(KEYCLOAK_IDENTITY_COOKIE, encoded, uri.getPath(), null, null, NewCookie.DEFAULT_MAX_AGE, secureOnly, true);
return cookie;
}
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, User client, User user) {
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) {
AccessCodeEntry code = new AccessCodeEntry();
SkeletonKeyScope scopeMap = null;
if (scopeParam != null) scopeMap = decodeScope(scopeParam);
List<Role> realmRolesRequested = code.getRealmRolesRequested();
MultivaluedMap<String, Role> resourceRolesRequested = code.getResourceRolesRequested();
List<RoleModel> realmRolesRequested = code.getRealmRolesRequested();
MultivaluedMap<String, RoleModel> resourceRolesRequested = code.getResourceRolesRequested();
Set<String> realmMapping = realm.getRoleMappings(user);
if (realmMapping != null && realmMapping.size() > 0 && (scopeMap == null || scopeMap.containsKey("realm"))) {
@ -118,7 +118,7 @@ public class TokenManager {
return code;
}
protected SkeletonKeyToken initToken(RealmModel realm, User client, User user) {
protected SkeletonKeyToken initToken(RealmModel realm, UserModel client, UserModel user) {
SkeletonKeyToken token = new SkeletonKeyToken();
token.id(RealmManager.generateId());
token.principal(user.getLoginName());
@ -131,13 +131,13 @@ public class TokenManager {
return token;
}
protected void createToken(AccessCodeEntry accessCodeEntry, RealmModel realm, User client, User user) {
protected void createToken(AccessCodeEntry accessCodeEntry, RealmModel realm, UserModel client, UserModel user) {
SkeletonKeyToken token = initToken(realm, client, user);
if (accessCodeEntry.getRealmRolesRequested().size() > 0) {
SkeletonKeyToken.Access access = new SkeletonKeyToken.Access();
for (Role role : accessCodeEntry.getRealmRolesRequested()) {
for (RoleModel role : accessCodeEntry.getRealmRolesRequested()) {
access.addRole(role.getName());
}
token.setRealmAccess(access);
@ -148,7 +148,7 @@ public class TokenManager {
for (String resourceName : accessCodeEntry.getResourceRolesRequested().keySet()) {
ResourceModel resource = resourceMap.get(resourceName);
SkeletonKeyToken.Access access = token.addAccess(resourceName).verifyCaller(resource.isSurrogateAuthRequired());
for (Role role : accessCodeEntry.getResourceRolesRequested().get(resourceName)) {
for (RoleModel role : accessCodeEntry.getResourceRolesRequested().get(resourceName)) {
access.addRole(role.getName());
}
}
@ -178,7 +178,7 @@ public class TokenManager {
}
public SkeletonKeyToken createAccessToken(RealmModel realm, User user) {
public SkeletonKeyToken createAccessToken(RealmModel realm, UserModel user) {
List<ResourceModel> resources = realm.getResources();
SkeletonKeyToken token = new SkeletonKeyToken();
token.id(RealmManager.generateId());

84
services/src/main/java/org/keycloak/services/models/RealmModel.java
View file

@ -5,11 +5,11 @@ import org.jboss.resteasy.security.PemUtils;
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.relationships.RealmAdminRelationship;
import org.keycloak.services.models.relationships.ResourceRelationship;
import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
import org.keycloak.services.models.relationships.ResourceRelationship;
import org.keycloak.services.models.relationships.ScopeRelationship;
import org.picketlink.idm.IdentitySession;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.IdentitySession;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.Password;
import org.picketlink.idm.credential.TOTPCredential;
@ -47,6 +47,7 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public class RealmModel {
public static final String DEFAULT_REALM = "default";
public static final String REALM_AGENT_ID = "_realm_";
public static final String REALM_NAME = "name";
public static final String REALM_ACCESS_CODE_LIFESPAN = "accessCodeLifespan";
@ -239,13 +240,13 @@ public class RealmModel {
idm.add(relationship);
}
public boolean validatePassword(User user, String password) {
public boolean validatePassword(UserModel user, String password) {
UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user.getLoginName(), new Password(password));
getIdm().validateCredentials(creds);
return creds.getStatus() == Credentials.Status.VALID;
}
public boolean validateTOTP(User user, String password, String token) {
public boolean validateTOTP(UserModel user, String password, String token) {
TOTPCredentials creds = new TOTPCredentials();
creds.setToken(token);
creds.setUsername(user.getLoginName());
@ -254,14 +255,14 @@ public class RealmModel {
return creds.getStatus() == Credentials.Status.VALID;
}
public void updateCredential(User user, UserCredentialModel cred) {
public void updateCredential(UserModel user, UserCredentialModel cred) {
IdentityManager idm = getIdm();
if (cred.getType().equals(RequiredCredentialRepresentation.PASSWORD)) {
Password password = new Password(cred.getValue());
idm.updateCredential(user, password);
idm.updateCredential(user.getUser(), password);
} else if (cred.getType().equals(RequiredCredentialRepresentation.TOTP)) {
TOTPCredential totp = new TOTPCredential(cred.getValue());
idm.updateCredential(user, totp);
idm.updateCredential(user.getUser(), totp);
} else if (cred.getType().equals(RequiredCredentialRepresentation.CLIENT_CERT)) {
X509Certificate cert = null;
try {
@ -270,37 +271,46 @@ public class RealmModel {
throw new RuntimeException(e);
}
X509CertificateCredentials creds = new X509CertificateCredentials(cert);
idm.updateCredential(user, creds);
idm.updateCredential(user.getUser(), creds);
}
}
public User getUser(String name) {
return getIdm().getUser(name);
public UserModel getUser(String name) {
User user = getIdm().getUser(name);
if (user == null) return null;
return new UserModel(user, getIdm());
}
public void addUser(User user) {
public UserModel addUser(String username) {
User user = getIdm().getUser(username);
if (user != null) throw new IllegalStateException("User already exists");
user = new SimpleUser(username);
getIdm().add(user);
return new UserModel(user, getIdm());
}
public Role getRole(String name) {
return getIdm().getRole(name);
public RoleModel getRole(String name) {
Role role = getIdm().getRole(name);
if (role == null) return null;
return new RoleModel(role, getIdm());
}
public Role addRole(String name) {
public RoleModel addRole(String name) {
Role role = new SimpleRole(name);
getIdm().add(role);
return role;
return new RoleModel(role, getIdm());
}
public void addRole(Role role) {
getIdm().add(role);
}
public List<Role> getRoles() {
public List<RoleModel> getRoles() {
IdentityManager idm = getIdm();
IdentityQuery<Role> query = idm.createIdentityQuery(Role.class);
query.setParameter(Role.PARTITION, realm);
return query.getResultList();
List<Role> roles = query.getResultList();
List<RoleModel> roleModels = new ArrayList<RoleModel>();
for (Role role : roles) {
roleModels.add(new RoleModel(role, idm));
}
return roleModels;
}
@ -345,22 +355,22 @@ public class RealmModel {
relationship.setResourceUser(resourceUser);
idm.add(relationship);
ResourceModel resource = new ResourceModel(newTier, relationship, this, identitySession);
resource.addRole(new SimpleRole("*"));
resource.addScope(resourceUser, "*");
resource.addRole("*");
resource.addScope(new UserModel(resourceUser, idm), "*");
return resource;
}
public boolean hasRole(User user, Role role) {
return getIdm().hasRole(user, role);
public boolean hasRole(UserModel user, RoleModel role) {
return getIdm().hasRole(user.getUser(), role.getRole());
}
public void grantRole(User user, Role role) {
getIdm().grantRole(user, role);
public void grantRole(UserModel user, RoleModel role) {
getIdm().grantRole(user.getUser(), role.getRole());
}
public Set<String> getRoleMappings(User user) {
public Set<String> getRoleMappings(UserModel user) {
RelationshipQuery<Grant> query = getIdm().createRelationshipQuery(Grant.class);
query.setParameter(Grant.ASSIGNEE, user);
query.setParameter(Grant.ASSIGNEE, user.getUser());
List<Grant> grants = query.getResultList();
HashSet<String> set = new HashSet<String>();
for (Grant grant : grants) {
@ -369,21 +379,21 @@ public class RealmModel {
return set;
}
public void addScope(Agent agent, String roleName) {
public void addScope(UserModel agent, String roleName) {
IdentityManager idm = getIdm();
Role role = idm.getRole(roleName);
if (role == null) throw new RuntimeException("role not found");
ScopeRelationship scope = new ScopeRelationship();
scope.setClient(agent);
scope.setClient(agent.getUser());
scope.setScope(role);
idm.add(scope);
}
public Set<String> getScope(Agent agent) {
public Set<String> getScope(UserModel agent) {
RelationshipQuery<ScopeRelationship> query = getIdm().createRelationshipQuery(ScopeRelationship.class);
query.setParameter(ScopeRelationship.CLIENT, agent);
query.setParameter(ScopeRelationship.CLIENT, agent.getUser());
List<ScopeRelationship> scope = query.getResultList();
HashSet<String> set = new HashSet<String>();
for (ScopeRelationship rel : scope) {
@ -392,19 +402,19 @@ public class RealmModel {
return set;
}
public boolean isRealmAdmin(Agent agent) {
public boolean isRealmAdmin(UserModel agent) {
IdentityManager idm = new RealmManager(identitySession).defaultRealm().getIdm();
RelationshipQuery<RealmAdminRelationship> query = idm.createRelationshipQuery(RealmAdminRelationship.class);
query.setParameter(RealmAdminRelationship.REALM, realm.getId());
query.setParameter(RealmAdminRelationship.ADMIN, agent);
query.setParameter(RealmAdminRelationship.ADMIN, agent.getUser());
List<RealmAdminRelationship> results = query.getResultList();
return results.size() > 0;
}
public void addRealmAdmin(Agent agent) {
public void addRealmAdmin(UserModel agent) {
IdentityManager idm = new RealmManager(identitySession).defaultRealm().getIdm();
RealmAdminRelationship relationship = new RealmAdminRelationship();
relationship.setAdmin(agent);
relationship.setAdmin(agent.getUser());
relationship.setRealm(realm.getId());
idm.add(relationship);
}

54
services/src/main/java/org/keycloak/services/models/ResourceModel.java
View file

@ -2,17 +2,16 @@ package org.keycloak.services.models;
import org.keycloak.services.models.relationships.ResourceRelationship;
import org.keycloak.services.models.relationships.ScopeRelationship;
import org.picketlink.idm.IdentitySession;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.model.Agent;
import org.picketlink.idm.IdentitySession;
import org.picketlink.idm.model.Grant;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.SimpleRole;
import org.picketlink.idm.model.Tier;
import org.picketlink.idm.model.User;
import org.picketlink.idm.query.IdentityQuery;
import org.picketlink.idm.query.RelationshipQuery;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@ -44,8 +43,8 @@ public class ResourceModel {
getIdm().update(agent);
}
public User getResourceUser() {
return agent.getResourceUser();
public UserModel getResourceUser() {
return new UserModel(agent.getResourceUser(), realm.getIdm());
}
public String getId() {
@ -84,37 +83,32 @@ public class ResourceModel {
agent.setManagementUrl(url);
}
public User getUser(String name) {
return getIdm().getUser(name);
public RoleModel getRole(String name) {
Role role = getIdm().getRole(name);
if (role == null) return null;
return new RoleModel(role, getIdm());
}
public void addUser(User user) {
getIdm().add(user);
}
public Role getRole(String name) {
return getIdm().getRole(name);
}
public Role addRole(String name) {
public RoleModel addRole(String name) {
Role role = new SimpleRole(name);
getIdm().add(role);
return role;
return new RoleModel(role, getIdm());
}
public void addRole(Role role) {
getIdm().add(role);
}
public List<Role> getRoles() {
public List<RoleModel> getRoles() {
IdentityQuery<Role> query = getIdm().createIdentityQuery(Role.class);
query.setParameter(Role.PARTITION, tier);
return query.getResultList();
List<Role> roles = query.getResultList();
List<RoleModel> roleModels = new ArrayList<RoleModel>();
for (Role role : roles) {
roleModels.add(new RoleModel(role, idm));
}
return roleModels;
}
public Set<String> getRoleMappings(User user) {
public Set<String> getRoleMappings(UserModel user) {
RelationshipQuery<Grant> query = getIdm().createRelationshipQuery(Grant.class);
query.setParameter(Grant.ASSIGNEE, user);
query.setParameter(Grant.ASSIGNEE, user.getUser());
List<Grant> grants = query.getResultList();
HashSet<String> set = new HashSet<String>();
for (Grant grant : grants) {
@ -123,7 +117,7 @@ public class ResourceModel {
return set;
}
public void addScope(Agent agent, String roleName) {
public void addScope(UserModel agent, String roleName) {
IdentityManager idm = getIdm();
Role role = idm.getRole(roleName);
if (role == null) throw new RuntimeException("role not found");
@ -131,15 +125,15 @@ public class ResourceModel {
}
public void addScope(Agent agent, Role role) {
public void addScope(UserModel agent, Role role) {
ScopeRelationship scope = new ScopeRelationship();
scope.setClient(agent);
scope.setClient(agent.getUser());
scope.setScope(role);
}
public Set<String> getScope(Agent agent) {
public Set<String> getScope(UserModel agent) {
RelationshipQuery<ScopeRelationship> query = getIdm().createRelationshipQuery(ScopeRelationship.class);
query.setParameter(ScopeRelationship.CLIENT, agent);
query.setParameter(ScopeRelationship.CLIENT, agent.getUser());
List<ScopeRelationship> scope = query.getResultList();
HashSet<String> set = new HashSet<String>();
for (ScopeRelationship rel : scope) {

45
services/src/main/java/org/keycloak/services/models/RoleModel.java Executable file
View file

@ -0,0 +1,45 @@
package org.keycloak.services.models;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.model.Attribute;
import org.picketlink.idm.model.Role;
import java.io.Serializable;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class RoleModel {
protected Role role;
protected IdentityManager idm;
public RoleModel(Role role, IdentityManager idm) {
this.role = role;
this.idm = idm;
}
protected Role getRole() {
return role;
}
public String getName() {
return role.getName();
}
public String getDescription() {
Attribute<Serializable> description = role.getAttribute("description");
if (description == null) return null;
return (String) description.getValue();
}
public void setDescription(String description) {
if (description == null) {
role.removeAttribute("description");
} else {
role.setAttribute(new Attribute<String>("description", description));
}
idm.update(role);
}
}

63
services/src/main/java/org/keycloak/services/models/UserModel.java Executable file
View file

@ -0,0 +1,63 @@
package org.keycloak.services.models;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.model.Attribute;
import org.picketlink.idm.model.User;
import java.util.HashMap;
import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class UserModel {
protected User user;
protected IdentityManager idm;
public UserModel(User user, IdentityManager idm) {
this.user = user;
this.idm = idm;
}
protected User getUser() {
return user;
}
public String getLoginName() {
return user.getLoginName();
}
public boolean isEnabled() {
return user.isEnabled();
}
public void setEnabled(boolean enabled) {
user.setEnabled(enabled);
idm.update(user);
}
public void setAttribute(String name, String value) {
user.setAttribute(new Attribute<String>(name, value));
idm.update(user);
}
public void removeAttribute(String name) {
user.removeAttribute(name);
idm.update(user);
}
public String getAttribute(String name) {
Attribute<String> attribute = user.getAttribute(name);
if (attribute == null || attribute.getValue() == null) return null;
return attribute.getValue().toString();
}
public Map<String, String> getAttributes() {
Map<String, String> attributes = new HashMap<String, String>();
for (Attribute attribute : user.getAttributes()) {
if (attribute.getValue() != null) attributes.put(attribute.getName(), attribute.getValue().toString());
}
return attributes;
}
}

1
services/src/main/java/org/keycloak/services/models/relationships/RealmAdminRelationship.java
View file

@ -2,7 +2,6 @@ package org.keycloak.services.models.relationships;
import org.picketlink.idm.model.AbstractAttributedType;
import org.picketlink.idm.model.Agent;
import org.picketlink.idm.model.Realm;
import org.picketlink.idm.model.Relationship;
import org.picketlink.idm.model.annotation.AttributeProperty;
import org.picketlink.idm.model.annotation.IdentityProperty;

2
services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
View file

@ -4,8 +4,8 @@ import org.keycloak.SkeletonKeyContextResolver;
import org.keycloak.services.filters.IdentitySessionFilter;
import org.keycloak.services.managers.TokenManager;
import org.keycloak.services.models.relationships.RealmAdminRelationship;
import org.keycloak.services.models.relationships.ResourceRelationship;
import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
import org.keycloak.services.models.relationships.ResourceRelationship;
import org.keycloak.services.models.relationships.ScopeRelationship;
import org.picketlink.idm.IdentitySessionFactory;
import org.picketlink.idm.config.IdentityConfiguration;

13
services/src/main/java/org/keycloak/services/resources/RealmsResource.java
View file

@ -3,13 +3,12 @@ package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.TokenManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.TokenManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
import org.picketlink.idm.IdentitySession;
import org.picketlink.idm.model.Realm;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.User;
import javax.ws.rs.Consumes;
import javax.ws.rs.NotAuthorizedException;
@ -92,9 +91,9 @@ public class RealmsResource {
RealmModel realm;
try {
RealmManager realmManager = new RealmManager(identitySession);
RealmModel defaultRealm = realmManager.getRealm(Realm.DEFAULT_REALM);
User realmCreator = new AuthenticationManager().authenticateBearerToken(defaultRealm, headers);
Role creatorRole = defaultRealm.getRole(RegistrationService.REALM_CREATOR_ROLE);
RealmModel defaultRealm = realmManager.getRealm(RealmModel.DEFAULT_REALM);
UserModel realmCreator = new AuthenticationManager().authenticateBearerToken(defaultRealm, headers);
RoleModel creatorRole = defaultRealm.getRole(RegistrationService.REALM_CREATOR_ROLE);
if (!defaultRealm.hasRole(realmCreator, creatorRole)) {
logger.warn("not a realm creator");
throw new NotAuthorizedException("Bearer");

12
services/src/main/java/org/keycloak/services/resources/RegistrationService.java
View file

@ -5,11 +5,10 @@ import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.models.UserModel;
import org.picketlink.idm.IdentitySession;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.SimpleUser;
import org.picketlink.idm.model.User;
import javax.ws.rs.Consumes;
import javax.ws.rs.ForbiddenException;
@ -49,20 +48,19 @@ public class RegistrationService {
if (!defaultRealm.isRegistrationAllowed()) {
throw new ForbiddenException();
}
User user = defaultRealm.getUser(newUser.getUsername());
UserModel user = defaultRealm.getUser(newUser.getUsername());
if (user != null) {
return Response.status(400).type("text/plain").entity("user exists").build();
}
user = new SimpleUser(newUser.getUsername());
defaultRealm.addUser(user);
user = defaultRealm.addUser(newUser.getUsername());
for (CredentialRepresentation cred : newUser.getCredentials()) {
UserCredentialModel credModel = new UserCredentialModel();
credModel.setType(cred.getType());
credModel.setValue(cred.getValue());
defaultRealm.updateCredential(user, credModel);
}
Role realmCreator = defaultRealm.getRole(REALM_CREATOR_ROLE);
RoleModel realmCreator = defaultRealm.getRole(REALM_CREATOR_ROLE);
defaultRealm.grantRole(user, realmCreator);
identitySession.getTransaction().commit();
URI uri = uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(user.getLoginName()).build();

34
services/src/main/java/org/keycloak/services/resources/TokenService.java
View file

@ -16,9 +16,9 @@ import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.services.managers.TokenManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
import org.picketlink.idm.IdentitySession;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.User;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
@ -125,7 +125,7 @@ public class TokenService {
if (!realm.isEnabled()) {
throw new NotAuthorizedException("Disabled realm");
}
User user = realm.getUser(username);
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotAuthorizedException("No user");
}
@ -154,7 +154,7 @@ public class TokenService {
if (!realm.isEnabled()) {
throw new NotAuthorizedException("Disabled realm");
}
User user = realm.getUser(username);
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotAuthorizedException("No user");
}
@ -183,7 +183,7 @@ public class TokenService {
securityFailureForward("Realm not enabled.");
return null;
}
User client = realm.getUser(clientId);
UserModel client = realm.getUser(clientId);
if (client == null) {
securityFailureForward("Unknown login requester.");
return null;
@ -193,7 +193,7 @@ public class TokenService {
return null;
}
String username = formData.getFirst("username");
User user = realm.getUser(username);
UserModel user = realm.getUser(username);
if (user == null) {
logger.error("Incorrect user name.");
request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Incorrect user name.");
@ -216,9 +216,9 @@ public class TokenService {
return processAccessCode(scopeParam, state, redirect, client, user);
}
protected Response processAccessCode(String scopeParam, String state, String redirect, User client, User user) {
Role resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE);
Role identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
protected Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) {
RoleModel resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE);
RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
boolean isResource = realm.hasRole(client, resourceRole);
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
securityFailureForward("Login requester not allowed to request login.");
@ -274,7 +274,7 @@ public class TokenService {
error.put("error_description", "client_id not specified");
return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
}
User client = realm.getUser(client_id);
UserModel client = realm.getUser(client_id);
if (client == null) {
logger.debug("Could not find user");
Map<String, String> error = new HashMap<String, String>();
@ -332,7 +332,7 @@ public class TokenService {
res.put("error_description", "Token expired");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res).build();
}
if (!client.getId().equals(accessCode.getClient().getId())) {
if (!client.getLoginName().equals(accessCode.getClient().getLoginName())) {
Map<String, String> res = new HashMap<String, String>();
res.put("error", "invalid_grant");
res.put("error_description", "Auth error");
@ -403,7 +403,7 @@ public class TokenService {
securityFailureForward("Realm not enabled");
return null;
}
User client = realm.getUser(clientId);
UserModel client = realm.getUser(clientId);
if (client == null) {
securityFailureForward("Unknown login requester.");
return null;
@ -415,8 +415,8 @@ public class TokenService {
return null;
}
Role resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE);
Role identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
RoleModel resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE);
RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
boolean isResource = realm.hasRole(client, resourceRole);
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
securityFailureForward("Login requester not allowed to request login.");
@ -424,7 +424,7 @@ public class TokenService {
return null;
}
User user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
if (user != null) {
logger.info(user.getLoginName() + " already logged in.");
return processAccessCode(scopeParam, state, redirect, client, user);
@ -439,7 +439,7 @@ public class TokenService {
public Response logout(@QueryParam("redirect_uri") String redirectUri) {
// todo do we care if anybody can trigger this?
User user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
if (user != null) {
logger.info("Logging out: " + user.getLoginName());
authManager.expireIdentityCookie(realm, uriInfo);
@ -491,7 +491,7 @@ public class TokenService {
return location.build();
}
protected void oauthGrantPage(AccessCodeEntry accessCode, User client) {
protected void oauthGrantPage(AccessCodeEntry accessCode, UserModel client) {
request.setAttribute("realmRolesRequested", accessCode.getRealmRolesRequested());
request.setAttribute("resourceRolesRequested", accessCode.getResourceRolesRequested());
request.setAttribute("client", client);

25
services/src/test/java/org/keycloak/test/AdapterTest.java
View file

@ -11,20 +11,17 @@ import org.keycloak.services.managers.InstallationManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.models.relationships.RealmAdminRelationship;
import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
import org.keycloak.services.models.relationships.ResourceRelationship;
import org.keycloak.services.models.relationships.ScopeRelationship;
import org.keycloak.services.resources.KeycloakApplication;
import org.picketlink.idm.IdentitySession;
import org.picketlink.idm.IdentitySessionFactory;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.config.IdentityConfiguration;
import org.picketlink.idm.config.IdentityConfigurationBuilder;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.Password;
import org.picketlink.idm.credential.UsernamePasswordCredentials;
import org.picketlink.idm.internal.DefaultIdentitySessionFactory;
import org.picketlink.idm.jpa.internal.ResourceLocalJpaIdentitySessionHandler;
import org.picketlink.idm.jpa.schema.CredentialObject;
@ -35,10 +32,6 @@ import org.picketlink.idm.jpa.schema.PartitionObject;
import org.picketlink.idm.jpa.schema.RelationshipIdentityObject;
import org.picketlink.idm.jpa.schema.RelationshipObject;
import org.picketlink.idm.jpa.schema.RelationshipObjectAttribute;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.SimpleRole;
import org.picketlink.idm.model.SimpleUser;
import org.picketlink.idm.model.User;
import java.util.List;
@ -147,8 +140,7 @@ public class AdapterTest {
@Test
public void testCredentialValidation() throws Exception {
test1CreateRealm();
User user = new SimpleUser("bburke");
realmModel.addUser(user);
UserModel user = realmModel.addUser("bburke");
UserCredentialModel cred = new UserCredentialModel();
cred.setType(RequiredCredentialRepresentation.PASSWORD);
cred.setValue("geheim");
@ -159,13 +151,12 @@ public class AdapterTest {
@Test
public void testRoles() throws Exception {
test1CreateRealm();
realmModel.addRole(new SimpleRole("admin"));
realmModel.addRole(new SimpleRole("user"));
List<Role> roles = realmModel.getRoles();
realmModel.addRole("admin");
realmModel.addRole("user");
List<RoleModel> roles = realmModel.getRoles();
Assert.assertEquals(5, roles.size());
SimpleUser user = new SimpleUser("bburke");
realmModel.addUser(user);
Role role = realmModel.getRole("user");
UserModel user = realmModel.addUser("bburke");
RoleModel role = realmModel.getRole("user");
realmModel.grantRole(user, role);
Assert.assertTrue(realmModel.hasRole(user, role));
}

7
services/src/test/java/org/keycloak/test/ImportTest.java
View file

@ -10,6 +10,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.models.relationships.RealmAdminRelationship;
import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
import org.keycloak.services.models.relationships.ResourceRelationship;
@ -30,8 +31,6 @@ import org.picketlink.idm.jpa.schema.RelationshipIdentityObject;
import org.picketlink.idm.jpa.schema.RelationshipObject;
import org.picketlink.idm.jpa.schema.RelationshipObjectAttribute;
import org.picketlink.idm.model.Realm;
import org.picketlink.idm.model.SimpleRole;
import org.picketlink.idm.model.User;
import java.util.Set;
@ -96,13 +95,13 @@ public class ImportTest {
manager.generateRealmKeys(defaultRealm);
defaultRealm.updateRealm();
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
defaultRealm.addRole(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE));
defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE);
RealmRepresentation rep = KeycloakTestBase.loadJson("testrealm.json");
RealmModel realm = manager.createRealm("demo", rep.getRealm());
manager.importRealm(rep, realm);
User user = realm.getUser("loginclient");
UserModel user = realm.getUser("loginclient");
Assert.assertNotNull(user);
Set<String> scopes = realm.getScope(user);
System.out.println("Scopes size: " + scopes.size());

2
services/src/test/java/org/keycloak/test/RealmKeyGenerator.java
View file

@ -3,14 +3,12 @@ package org.keycloak.test;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMWriter;
import org.jboss.resteasy.security.PemUtils;
import org.keycloak.services.models.RealmModel;
import java.io.IOException;
import java.io.StringWriter;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Security;
/**

10
social/pom.xml
View file

@ -27,14 +27,14 @@
<groupId>org.picketlink</groupId>
<artifactId>picketlink-idm-api</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.ejb</groupId>
<artifactId>jboss-ejb-api_3.2_spec</artifactId>
<version>1.0.0.Alpha2</version>
<version>1.0.0.Alpha2</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client</artifactId>
@ -47,11 +47,11 @@
<groupId>com.google.apis</groupId>
<artifactId>google-api-services-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.twitter4j</groupId>
<artifactId>twitter4j-core</artifactId>
</dependency>
</dependency>
</dependencies>
<build>

34
ui/pom.xml
View file

@ -1,22 +1,22 @@
<?xml version="1.0"?>
<project>
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>1.0-alpha-1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>1.0-alpha-1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>keycloak-ui</artifactId>
<name>Keycloak UI</name>
<description />
<artifactId>keycloak-ui</artifactId>
<name>Keycloak UI</name>
<description/>
<dependencies>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>jaxrs-api</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
<dependencies>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>jaxrs-api</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
</project>

62
ui/src/main/resources/META-INF/resources/ui/index.html Normal file → Executable file
View file

@ -2,49 +2,49 @@
<html lang="en" data-ng-app="keycloak">
<head>
<meta charset="utf-8">
<title>Keycloak</title>
<meta charset="utf-8">
<title>Keycloak</title>
<link href="lib/bootstrap/css/bootstrap.css" rel="stylesheet">
<link href="lib/bootstrap/css/bootstrap-responsive.css" rel="stylesheet">
<link href="css/admin.css" rel="stylesheet">
<link href="css/admin-responsive.css" rel="stylesheet">
<link href="lib/bootstrap/css/bootstrap.css" rel="stylesheet">
<link href="lib/bootstrap/css/bootstrap-responsive.css" rel="stylesheet">
<link href="css/admin.css" rel="stylesheet">
<link href="css/admin-responsive.css" rel="stylesheet">
<link href="css/styles.css" rel="stylesheet">
<link href="css/styles.css" rel="stylesheet">
<script src="lib/jquery/jquery-1.10.2.js"></script>
<script src="lib/jquery/jquery-1.10.2.js"></script>
<script src="lib/angular/angular.js"></script>
<script src="lib/angular/angular-resource.js"></script>
<script src="lib/angular/ui-bootstrap-tpls-0.4.0.js"></script>
<script src="lib/angular/angular.js"></script>
<script src="lib/angular/angular-resource.js"></script>
<script src="lib/angular/ui-bootstrap-tpls-0.4.0.js"></script>
<script src="js/app.js"></script>
<script src="js/controllers.js"></script>
<script src="js/loaders.js"></script>
<script src="js/services.js"></script>
<script src="js/app.js"></script>
<script src="js/controllers.js"></script>
<script src="js/loaders.js"></script>
<script src="js/services.js"></script>
</head>
<body data-ng-controller="GlobalCtrl">
<div class="alert-container" data-ng-show="notification" data-ng-click="notification = null">
<div class="alert alert-{{notification.type}}">{{notification.message}}</div>
<div class="alert-container" data-ng-show="notification" data-ng-click="notification = null">
<div class="alert alert-{{notification.type}}">{{notification.message}}</div>
</div>
<div id="wrap">
<div data-ng-include data-src="'partials/menu.html'"></div>
<div data-ng-view id="view" data-ng-hide="httpProviderError"></div>
<div id="httpProviderError" data-ng-show="httpProviderError">
<button class="btn btn-danger" data-ng-click="httpProviderError=null">
<strong>Error</strong> {{httpProviderError}}
</button>
</div>
<div id="wrap">
<div data-ng-include data-src="'partials/menu.html'"></div>
<div data-ng-view id="view" data-ng-hide="httpProviderError"></div>
<div id="httpProviderError" data-ng-show="httpProviderError">
<button class="btn btn-danger" data-ng-click="httpProviderError=null">
<strong>Error</strong> {{httpProviderError}}
</button>
</div>
<div id="loading">
<i class="icon-spinner icon-spin"></i> Loading...
</div>
<div id="loading">
<i class="icon-spinner icon-spin"></i> Loading...
</div>
</div>
</body>
</html>

113
ui/src/main/resources/META-INF/resources/ui/partials/application-detail.html Normal file → Executable file
View file

@ -2,14 +2,17 @@
<div class="row">
<aside class="span3" data-ng-include data-src="'partials/application-menu.html'"></aside>
<div id="actions-bg"></div>
<div id="container-right" class="span9">
<h1 data-ng-show="create"><span class="gray">New Application</span></h1>
<h1 data-ng-hide="create">
<span class="gray">{{application.name}}</span> configuration
</h1>
<div data-ng-show="applicationForm.showErrors && applicationForm.$error.required" class="alert alert-error">Please fill in all required fields</div>
<div data-ng-show="applicationForm.showErrors && applicationForm.$error.required" class="alert alert-error">
Please fill in all required fields
</div>
<p class="subtitle subtitle-right"><span class="required">*</span> Required fields</p>
<form class="form-horizontal" name="applicationForm" novalidate>
@ -17,64 +20,86 @@
<legend>Settings</legend>
<div data-kc-input>
<label>Name</label>
<input class="input-xlarge" type="text" name="name" data-ng-model="application.name" autofocus required>
<label>Name</label>
<input class="input-xlarge" type="text" name="name" data-ng-model="application.name" autofocus
required>
</div>
<div data-kc-input>
<label>Enabled</label>
<input class="input-xlarge" type="checkbox" name="enabled" data-ng-model="application.enabled">
</div>
<div data-kc-input>
<label>Enabled</label>
<input class="input-xlarge" type="checkbox" name="enabled" data-ng-model="application.enabled">
</div>
<div class="control-group">
<label class="control-label" for="realm">Realm <span class="required">*</span></label>
<div class="controls">
<select data-ng-model="application.realm" id="realm" name="realm" data-ng-required>
<option data-ng-repeat="r in realms" value="{{r.id}}" data-ng-selected="r.id == application.realm">{{r.name}}</option>
</select>
<select data-ng-model="application.realm" id="realm" name="realm" data-ng-required>
<option data-ng-repeat="r in realms" value="{{r.id}}"
data-ng-selected="r.id == application.realm">{{r.name}}
</option>
</select>
</div>
</div>
</fieldset>
<fieldset>
<legend>Roles</legend>
<div class="control-group">
<label class="control-label">Roles</label>
<div class="controls">
<span class="label" style="margin-right: 1em;" data-ng-repeat="r in (application.roles|orderBy:'toString()')">{{r}} <button data-ng-click="removeRole(r)"><i class="icon-remove icon-white"></i></button></span>
<div class="input-append">
<input class="input-small" type="text" data-ng-model="newRole" placeHolder="Role" data-kc-enter="addRole()" />
<button class="btn" type="button" data-ng-click="addRole()">Add</button>
</div>
</div>
</div>
<legend>Roles</legend>
<div class="control-group">
<label class="control-label">Initial Roles</label>
<div class="controls">
<span class="label" style="margin-right: 1em;" data-ng-repeat="r in (application.initialRoles|orderBy:'toString()')">{{r}} <button data-ng-click="removeInitialRole(r)"><i class="icon-remove icon-white"></i></button></span>
<div class="input-append">
<select style="width: auto;" data-ng-model="newInitialRole" data-ng-click="addInitialRole()">
<option data-ng-repeat="r in (application.roles|remove:application.initialRoles|orderBy:'toString()')" value="{{r}}">{{r}}</option>
</select>
</div>
</div>
</div>
</fieldset>
<div class="control-group">
<label class="control-label">Roles</label>
<div class="controls">
<span class="label" style="margin-right: 1em;"
data-ng-repeat="r in (application.roles|orderBy:'toString()')">{{r}} <button
data-ng-click="removeRole(r)"><i class="icon-remove icon-white"></i></button></span>
<div class="input-append">
<input class="input-small" type="text" data-ng-model="newRole" placeHolder="Role"
data-kc-enter="addRole()"/>
<button class="btn" type="button" data-ng-click="addRole()">Add</button>
</div>
</div>
</div>
<div class="control-group">
<label class="control-label">Initial Roles</label>
<div class="controls">
<span class="label" style="margin-right: 1em;"
data-ng-repeat="r in (application.initialRoles|orderBy:'toString()')">{{r}} <button
data-ng-click="removeInitialRole(r)"><i class="icon-remove icon-white"></i></button></span>
<div class="input-append">
<select style="width: auto;" data-ng-model="newInitialRole"
data-ng-click="addInitialRole()">
<option data-ng-repeat="r in (application.roles|remove:application.initialRoles|orderBy:'toString()')"
value="{{r}}">{{r}}
</option>
</select>
</div>
</div>
</div>
</fieldset>
<div class="form-actions" data-ng-show="create">
<button type="submit" data-ng-click="save()" class="btn btn-primary" data-ng-show="changed">Save</button>
<button type="submit" data-ng-click="cancel()" class="btn" data-ng-click="cancel()" data-ng-show="changed">Cancel</button>
<button type="submit" data-ng-click="save()" class="btn btn-primary" data-ng-show="changed">Save
</button>
<button type="submit" data-ng-click="cancel()" class="btn" data-ng-click="cancel()"
data-ng-show="changed">Cancel
</button>
</div>
<div class="form-actions" data-ng-show="!create">
<button type="submit" data-ng-click="save()" class="btn btn-primary" data-ng-show="changed">Save changes</button>
<button type="submit" data-ng-click="reset()" class="btn" data-ng-show="changed">Clear changes</button>
<button type="submit" data-ng-click="save()" class="btn btn-primary" data-ng-show="changed">Save
changes
</button>
<button type="submit" data-ng-click="reset()" class="btn" data-ng-show="changed">Clear changes
</button>
<a href="#/applications" data-ng-hide="changed">View applications &#187;</a>
<button type="submit" data-ng-click="remove()" class="btn btn-danger" data-ng-hide="changed">Delete</button>
<button type="submit" data-ng-click="remove()" class="btn btn-danger" data-ng-hide="changed">
Delete
</button>
</div>
</form>
</div>

6
ui/src/main/resources/META-INF/resources/ui/partials/application-list.html Normal file → Executable file
View file

@ -12,9 +12,9 @@
<table class="table table-striped table-bordered">
<thead>
<tr>
<th>Application</th>
</tr>
<tr>
<th>Application</th>
</tr>
</thead>
<tr data-ng-repeat="application in applications">
<td><a href="#/applications/{{application.id}}">{{application.name}}</a></td>

8
ui/src/main/resources/META-INF/resources/ui/partials/application-menu.html Normal file → Executable file
View file

@ -6,10 +6,12 @@
</div>
<ul>
<li data-ng-repeat="a in applications" data-ng-class="path[1] == a.id && 'active'">
<a href="#/applications/{{a.id}}">{{a.name}}</a>
<a href="#/applications/{{a.id}}">{{a.name}}</a>
<ul class="sub-items" data-ng-show="path[1] == a.id">
<li data-ng-class="!path[2] && 'active'"><a href="#/applications/{{a.id}}">Configuration</a></li>
<li data-ng-class="path[2] == 'roles' && 'active'"><a href="#/applications/{{a.id}}/roles">Role mapping</a></li>
<li data-ng-class="!path[2] && 'active'"><a href="#/applications/{{a.id}}">Configuration</a>
</li>
<li data-ng-class="path[2] == 'roles' && 'active'"><a href="#/applications/{{a.id}}/roles">Role
mapping</a></li>
</ul>
</li>
</ul>

12
ui/src/main/resources/META-INF/resources/ui/partials/menu.html Normal file → Executable file
View file

@ -4,9 +4,12 @@
<div class="nav-collapse">
<nav id="global-nav">
<ul class="nav">
<li class="divider-vertical-left" data-ng-class="path[0] == '' && 'active'"><a href="#">Home</a></li>
<li class="divider-vertical-left" data-ng-class="path[0] == 'applications' && 'active'" data-ng-show="auth.loggedIn"><a href="#/applications">Applications</a></li>
<li class="divider-vertical-left" data-ng-class="path[0] == 'realms' && 'active'" data-ng-show="auth.loggedIn"><a href="#/realms">Realms</a></li>
<li class="divider-vertical-left" data-ng-class="path[0] == '' && 'active'"><a href="#">Home</a>
</li>
<li class="divider-vertical-left" data-ng-class="path[0] == 'applications' && 'active'"
data-ng-show="auth.loggedIn"><a href="#/applications">Applications</a></li>
<li class="divider-vertical-left" data-ng-class="path[0] == 'realms' && 'active'"
data-ng-show="auth.loggedIn"><a href="#/realms">Realms</a></li>
</ul>
<ul class="nav pull-right" data-ng-hide="auth.loggedIn">
<li><a href="/ejs-identity/api/login/system">Login</a></li>
@ -17,7 +20,8 @@
class="icon-user icon-gray"></i> {{auth.user.displayName}} <i class="caret"></i></a>
<ul class="dropdown-menu">
<li><a href="" data-ng-click="auth.logout()">Sign Out</a></li>
</ul></li>
</ul>
</li>
</ul>
</nav>
</div>

20
ui/src/main/resources/META-INF/resources/ui/partials/provider/google-help.html Normal file → Executable file
View file

@ -1,12 +1,16 @@
<p>
Open <a href="https://code.google.com/apis/console/" target="_blank">https://code.google.com/apis/console/</a>. From the
Open <a href="https://code.google.com/apis/console/" target="_blank">https://code.google.com/apis/console/</a>. From
the
drop-down menu select <i>Create</i>.
</p>
<p>Use any name that you'd like, click <i>Create Project</i>, select <i>API Access</i> and click on <i>Create an OAuth 2.0 client ID</i>.</p>
<p>Use any name that you'd like, click <i>Create Project</i>, select <i>API Access</i> and click on <i>Create an OAuth
2.0 client ID</i>.</p>
<p>Use any product name you'd like and leave the other fields empty, then click <i>Next</i>. On the next page select <i>Web application</i>
as the application type. Click <i>more options</i> next to <i>Your site or hostname</i>. Fill in the form with the following values:</p>
<p>Use any product name you'd like and leave the other fields empty, then click <i>Next</i>. On the next page select <i>Web
application</i>
as the application type. Click <i>more options</i> next to <i>Your site or hostname</i>. Fill in the form with the
following values:</p>
<ul>
<li><b>Authorized Redirect URIs:</b> {{callbackUrl}}</li>
@ -17,14 +21,18 @@
<form class="form-horizontal" name="googleHelpForm">
<div class="control-group">
<label class="control-label" for="providerHelp.key">Client ID </label>
<div class="controls">
<input type="text" class="input-xlarge" id="providerHelp.key" data-ng-model="application.providers[providerHelp.index].key">
<input type="text" class="input-xlarge" id="providerHelp.key"
data-ng-model="application.providers[providerHelp.index].key">
</div>
</div>
<div class="control-group">
<label class="control-label" for="providerHelp.secret">Client secret </label>
<div class="controls">
<input type="text" class="input-xlarge" id="providerHelp.secret" data-ng-model="application.providers[providerHelp.index].secret">
<input type="text" class="input-xlarge" id="providerHelp.secret"
data-ng-model="application.providers[providerHelp.index].secret">
</div>
</div>
</form>

16
ui/src/main/resources/META-INF/resources/ui/partials/provider/twitter-help.html Normal file → Executable file
View file

@ -1,5 +1,6 @@
<p>
Open <a href="https://dev.twitter.com/apps" target="_blank">https://dev.twitter.com/apps</a>. Click on <i>Create a new
Open <a href="https://dev.twitter.com/apps" target="_blank">https://dev.twitter.com/apps</a>. Click on <i>Create a
new
application</i>.
</p>
@ -18,21 +19,26 @@
<form class="form-horizontal" name="googleHelpForm">
<div class="control-group">
<label class="control-label" for="providerHelp.key">Consumer key </label>
<div class="controls">
<input type="text" class="input-xlarge" id="providerHelp.key" data-ng-model="application.providers[providerHelp.index].key">
<input type="text" class="input-xlarge" id="providerHelp.key"
data-ng-model="application.providers[providerHelp.index].key">
</div>
</div>
<div class="control-group">
<label class="control-label" for="providerHelp.secret">Consumer secret </label>
<div class="controls">
<input type="text" class="input-xlarge" id="providerHelp.secret" data-ng-model="application.providers[providerHelp.index].secret">
<input type="text" class="input-xlarge" id="providerHelp.secret"
data-ng-model="application.providers[providerHelp.index].secret">
</div>
</div>
</form>
<p>
Now click on <i>Settings</i> and tick the box <i>Allow this application to be used to Sign in with Twitter</i>, and click on <i>Update
this Twitter application's settings</i>.
Now click on <i>Settings</i> and tick the box <i>Allow this application to be used to Sign in with Twitter</i>, and
click on <i>Update
this Twitter application's settings</i>.
</p>
<p>

164
ui/src/main/resources/META-INF/resources/ui/partials/realm-detail.html Normal file → Executable file
View file

@ -5,92 +5,118 @@
<div id="container-right" class="span9">
<h1 data-ng-show="create"><span class="gray">New Realm</span></h1>
<h1 data-ng-hide="create">
<span class="gray">{{realm.name}}</span> configuration
</h1>
<div data-ng-show="realmForm.showErrors && realmForm.$error.required" class="alert alert-error">Please fill in all required fields</div>
<div data-ng-show="realmForm.showErrors && realmForm.$error.required" class="alert alert-error">Please fill
in all required fields
</div>
<p class="subtitle subtitle-right"><span class="required">*</span> Required fields</p>
<form class="form-horizontal" name="realmForm" novalidate>
<fieldset>
<legend>Settings</legend>
<div data-kc-input>
<label>Name</label>
<input class="input-xlarge" type="text" name="name" data-ng-model="realm.name" autofocus required>
</div>
<div data-kc-input>
<label>Enabled</label>
<input class="input-xlarge" type="checkbox" name="enabled" data-ng-model="realm.enabled">
</div>
<div data-kc-input>
<label>Social login</label>
<input class="input-xlarge" type="checkbox" name="social" data-ng-model="realm.social">
</div>
<div data-kc-input>
<label>User registration</label>
<input class="input-xlarge" type="checkbox" name="social" data-ng-model="realm.userRegistration">
</div>
<div class="control-group">
<label for="realmForm-tokenExpiration" class="control-label">Token expiration</label>
<div class="controls">
<input class="input-small" type="text" name="tokenExpiration" data-ng-model="realm.tokenExpiration">
<select style="width: auto;" name="tokenExpirationUnit" data-ng-model="realm.tokenExpirationUnit">
<option value="SECONDS" data-ng-selected="!realm.tokenExpirationUnit">Seconds</option>
<option value="MINUTES">Minutes</option>
<option value="HOURS">Hours</option>
<option value="DAYS">Days</option>
</select>
</div>
</div>
</fieldset>
<fieldset>
<legend>Roles</legend>
<div class="control-group">
<label class="control-label">Roles</label>
<div class="controls">
<span class="label" style="margin-right: 1em;" data-ng-repeat="r in (realm.roles|orderBy:'toString()')">{{r}} <button data-ng-click="removeRole(r)"><i class="icon-remove icon-white"></i></button></span>
<div class="input-append">
<input class="input-small" type="text" data-ng-model="newRole" placeHolder="Role" data-kc-enter="addRole()" />
<button class="btn" type="button" data-ng-click="addRole()">Add</button>
</div>
</div>
</div>
<div class="control-group">
<label class="control-label">Initial Roles</label>
<div class="controls">
<span class="label" style="margin-right: 1em;" data-ng-repeat="r in (realm.initialRoles|orderBy:'toString()')">{{r}} <button data-ng-click="removeInitialRole(r)"><i class="icon-remove icon-white"></i></button></span>
<div class="input-append">
<select style="width: auto;" data-ng-model="newInitialRole" data-ng-click="addInitialRole()">
<option data-ng-repeat="r in (realm.roles|remove:realm.initialRoles|orderBy:'toString()')" value="{{r}}">{{r}}</option>
</select>
</div>
</div>
</div>
<div data-kc-input>
<label>Name</label>
<input class="input-xlarge" type="text" name="name" data-ng-model="realm.name" autofocus
required>
</div>
<div data-kc-input>
<label>Enabled</label>
<input class="input-xlarge" type="checkbox" name="enabled" data-ng-model="realm.enabled">
</div>
<div data-kc-input>
<label>Social login</label>
<input class="input-xlarge" type="checkbox" name="social" data-ng-model="realm.social">
</div>
<div data-kc-input>
<label>User registration</label>
<input class="input-xlarge" type="checkbox" name="social"
data-ng-model="realm.userRegistration">
</div>
<div class="control-group">
<label for="realmForm-tokenExpiration" class="control-label">Token expiration</label>
<div class="controls">
<input class="input-small" type="text" name="tokenExpiration"
data-ng-model="realm.tokenExpiration">
<select style="width: auto;" name="tokenExpirationUnit"
data-ng-model="realm.tokenExpirationUnit">
<option value="SECONDS" data-ng-selected="!realm.tokenExpirationUnit">Seconds</option>
<option value="MINUTES">Minutes</option>
<option value="HOURS">Hours</option>
<option value="DAYS">Days</option>
</select>
</div>
</div>
</fieldset>
<fieldset>
<legend>Roles</legend>
<div class="control-group">
<label class="control-label">Roles</label>
<div class="controls">
<span class="label" style="margin-right: 1em;"
data-ng-repeat="r in (realm.roles|orderBy:'toString()')">{{r}} <button
data-ng-click="removeRole(r)"><i class="icon-remove icon-white"></i></button></span>
<div class="input-append">
<input class="input-small" type="text" data-ng-model="newRole" placeHolder="Role"
data-kc-enter="addRole()"/>
<button class="btn" type="button" data-ng-click="addRole()">Add</button>
</div>
</div>
</div>
<div class="control-group">
<label class="control-label">Initial Roles</label>
<div class="controls">
<span class="label" style="margin-right: 1em;"
data-ng-repeat="r in (realm.initialRoles|orderBy:'toString()')">{{r}} <button
data-ng-click="removeInitialRole(r)"><i class="icon-remove icon-white"></i></button></span>
<div class="input-append">
<select style="width: auto;" data-ng-model="newInitialRole"
data-ng-click="addInitialRole()">
<option data-ng-repeat="r in (realm.roles|remove:realm.initialRoles|orderBy:'toString()')"
value="{{r}}">{{r}}
</option>
</select>
</div>
</div>
</div>
</fieldset>
<div class="form-actions" data-ng-show="create">
<button type="submit" data-ng-click="save()" class="btn btn-primary" data-ng-show="changed">Save</button>
<button type="submit" data-ng-click="cancel()" class="btn" data-ng-click="cancel()" data-ng-show="changed">Cancel</button>
<button type="submit" data-ng-click="save()" class="btn btn-primary" data-ng-show="changed">Save
</button>
<button type="submit" data-ng-click="cancel()" class="btn" data-ng-click="cancel()"
data-ng-show="changed">Cancel
</button>
</div>
<div class="form-actions" data-ng-show="!create">
<button type="submit" data-ng-click="save()" class="btn btn-primary" data-ng-show="changed">Save changes</button>
<button type="submit" data-ng-click="reset()" class="btn" data-ng-show="changed">Clear changes</button>
<button type="submit" data-ng-click="save()" class="btn btn-primary" data-ng-show="changed">Save
changes
</button>
<button type="submit" data-ng-click="reset()" class="btn" data-ng-show="changed">Clear changes
</button>
<a href="#/realms" data-ng-hide="changed">View realms &#187;</a>
<button type="submit" data-ng-click="remove()" class="btn btn-danger" data-ng-hide="changed">Delete</button>
<button type="submit" data-ng-click="remove()" class="btn btn-danger" data-ng-hide="changed">
Delete
</button>
</div>
</form>
</div>
<div id="container-right-bg"></div>

8
ui/src/main/resources/META-INF/resources/ui/partials/realm-list.html Normal file → Executable file
View file

@ -5,16 +5,16 @@
<div id="container-right" class="span9">
<a class="btn btn-small pull-right" href="#/create/realm">Add Realm</a>
<h1>
<span class="gray">Realms</span>
</h1>
<table class="table table-striped table-bordered">
<thead>
<tr>
<th>Realm</th>
</tr>
<tr>
<th>Realm</th>
</tr>
</thead>
<tr data-ng-repeat="r in realms">
<td><a href="#/realms/{{r.id}}">{{r.name}}</a></td>

6
ui/src/main/resources/META-INF/resources/ui/partials/realm-menu.html Normal file → Executable file
View file

@ -9,8 +9,10 @@
<a href=#/realms/{{r.id}}>{{r.name}}</a>
<ul class="sub-items" data-ng-show="path[1] == r.id">
<li data-ng-class="!path[2] && 'active'"><a href="#/realms/{{r.id}}">Configuration</a></li>
<li data-ng-class="path[2] == 'users' && 'active'"><a href="#/realms/{{r.id}}/users">Users</a></li>
<li data-ng-class="path[2] == 'roles' && 'active'"><a href="#/realms/{{r.id}}/roles">Role mapping</a></li>
<li data-ng-class="path[2] == 'users' && 'active'"><a href="#/realms/{{r.id}}/users">Users</a>
</li>
<li data-ng-class="path[2] == 'roles' && 'active'"><a href="#/realms/{{r.id}}/roles">Role
mapping</a></li>
</ul>
</li>
</ul>

82
ui/src/main/resources/META-INF/resources/ui/partials/role-mapping.html Normal file → Executable file
View file

@ -1,46 +1,50 @@
<div id="wrapper" class="container">
<div class="row">
<aside class="span3" data-ng-include data-src="'partials/' + path[0].slice(0, -1) + '-menu.html'"></aside>
<div id="actions-bg"></div>
<div class="row">
<aside class="span3" data-ng-include data-src="'partials/' + path[0].slice(0, -1) + '-menu.html'"></aside>
<div id="container-right" class="span9">
<h1>
<span class="gray" data-ng-hide="create">{{realm.name}}</span> role mapping
</h1>
<div id="actions-bg"></div>
<ul class="nav nav-tabs">
<li data-ng-class="path[3] == r && 'active'" data-ng-repeat="r in (realm.roles|orderBy:'toString()')"><a href="#/{{path[0]}}/{{realm.id}}/roles/{{r}}">{{r}}</a></li>
</ul>
<div id="container-right" class="span9">
<h1>
<span class="gray" data-ng-hide="create">{{realm.name}}</span> role mapping
</h1>
<div data-ng-show="role">
<select style="width: auto;" id="realm" name="realm" data-ng-model="newUser" data-ng-click="addUser(u)">
<option data-ng-repeat="u in (allUsers|remove:users:'userId')" value="{{u.userId}}">{{u.userId}}</option>
</select>
<ul class="nav nav-tabs">
<li data-ng-class="path[3] == r && 'active'" data-ng-repeat="r in (realm.roles|orderBy:'toString()')"><a
href="#/{{path[0]}}/{{realm.id}}/roles/{{r}}">{{r}}</a></li>
</ul>
<table class="table table-striped table-bordered">
<thead>
<tr>
<th>Username</th>
<th>Firstname</th>
<th>Lastname</th>
<th>Email</th>
<th></th>
</tr>
</thead>
<tr data-ng-repeat="user in users">
<td>{{user.userId}}</td>
<td>{{user.firstName}}</td>
<td>{{user.lastName}}</td>
<td>{{user.email}}</td>
<td><button data-ng-click="removeUser(user.userId)">
<i class="icon-remove"></i>
</button></td>
</tr>
</table>
</div>
</div>
<div data-ng-show="role">
<select style="width: auto;" id="realm" name="realm" data-ng-model="newUser" data-ng-click="addUser(u)">
<option data-ng-repeat="u in (allUsers|remove:users:'userId')" value="{{u.userId}}">{{u.userId}}
</option>
</select>
<div id="container-right-bg"></div>
</div>
<table class="table table-striped table-bordered">
<thead>
<tr>
<th>Username</th>
<th>Firstname</th>
<th>Lastname</th>
<th>Email</th>
<th></th>
</tr>
</thead>
<tr data-ng-repeat="user in users">
<td>{{user.userId}}</td>
<td>{{user.firstName}}</td>
<td>{{user.lastName}}</td>
<td>{{user.email}}</td>
<td>
<button data-ng-click="removeUser(user.userId)">
<i class="icon-remove"></i>
</button>
</td>
</tr>
</table>
</div>
</div>
<div id="container-right-bg"></div>
</div>
</div>

47
ui/src/main/resources/META-INF/resources/ui/partials/user-detail.html Normal file → Executable file
View file

@ -5,11 +5,14 @@
<div id="container-right" class="span9">
<h1 data-ng-show="create"><span class="gray">New User</span></h1>
<h1 data-ng-hide="create">
<span class="gray">{{user.userId}}</span> configuration
</h1>
<div data-ng-show="userForm.showErrors && userForm.$error.required" class="alert alert-error">Please fill in all required fields</div>
<div data-ng-show="userForm.showErrors && userForm.$error.required" class="alert alert-error">Please fill in
all required fields
</div>
<p class="subtitle subtitle-right"><span class="required">*</span> Required fields</p>
<form class="form-horizontal" name="userForm" novalidate>
@ -17,21 +20,26 @@
<legend>Details</legend>
<div class="control-group">
<label class="control-label" for="name">Username <span class="required">*</span></label>
<div class="controls">
<input type="text" class="input-xlarge" id="name" name="name" data-ng-model="user.userId" autofocus required data-ng-readonly="!create">
<input type="text" class="input-xlarge" id="name" name="name" data-ng-model="user.userId"
autofocus required data-ng-readonly="!create">
</div>
</div>
<div class="control-group">
<label class="control-label" for="email">Email </label>
<div class="controls">
<input type="email" class="input-xlarge" id="email" name="email" data-ng-model="user.email">
<span class="help-inline error" data-ng-show="userForm.showErrors && userForm.email.$invalid">Invalid email</span>
<span class="help-inline error"
data-ng-show="userForm.showErrors && userForm.email.$invalid">Invalid email</span>
</div>
</div>
<div class="control-group">
<label class="control-label" for="firstName">Firstname </label>
<div class="controls">
<input type="text" class="input-xlarge" id="firstName" data-ng-model="user.firstName">
</div>
@ -39,6 +47,7 @@
<div class="control-group">
<label class="control-label" for="lastName">Lastname </label>
<div class="controls">
<input type="text" class="input-xlarge" id="lastName" data-ng-model="user.lastName">
</div>
@ -46,8 +55,10 @@
<div class="control-group">
<label class="control-label" for="password">Password <span class="required">*</span></label>
<div class="controls">
<input type="password" class="input-xlarge" id="password" name="password" data-ng-model="user.password" data-ng-required="create">
<input type="password" class="input-xlarge" id="password" name="password"
data-ng-model="user.password" data-ng-required="create">
</div>
</div>
</fieldset>
@ -57,10 +68,10 @@
<table class="table table-striped table-bordered margin-top">
<thead>
<tr>
<th>Name</th>
<th>Value</th>
</tr>
<tr>
<th>Name</th>
<th>Value</th>
</tr>
</thead>
<tr data-ng-repeat="attribute in user.attributes">
<td><input type="text" placeholder="Name" value="{{attribute.name}}" readonly></td>
@ -70,17 +81,25 @@
</fieldset>
<div class="form-actions" data-ng-show="create">
<button type="submit" data-ng-click="save()" class="btn btn-primary" data-ng-show="changed">Save</button>
<button type="submit" data-ng-click="cancel()" class="btn" data-ng-click="cancel()" data-ng-show="changed">Cancel</button>
<button type="submit" data-ng-click="save()" class="btn btn-primary" data-ng-show="changed">Save
</button>
<button type="submit" data-ng-click="cancel()" class="btn" data-ng-click="cancel()"
data-ng-show="changed">Cancel
</button>
</div>
<div class="form-actions" data-ng-show="!create">
<button type="submit" data-ng-click="save()" class="btn btn-primary" data-ng-show="changed">Save changes</button>
<button type="submit" data-ng-click="reset()" class="btn" data-ng-show="changed">Clear changes</button>
<button type="submit" data-ng-click="save()" class="btn btn-primary" data-ng-show="changed">Save
changes
</button>
<button type="submit" data-ng-click="reset()" class="btn" data-ng-show="changed">Clear changes
</button>
<a href="#/realms/{{realm.id}}/users" data-ng-hide="changed">View users &#187;</a>
<button type="submit" data-ng-click="remove()" class="btn btn-danger" data-ng-hide="changed">Delete</button>
<button type="submit" data-ng-click="remove()" class="btn btn-danger" data-ng-hide="changed">
Delete
</button>
</div>
</form>
</div>
<div id="container-right-bg"></div>

38
ui/src/main/resources/META-INF/resources/ui/partials/user-list.html Normal file → Executable file
View file

@ -6,26 +6,26 @@
<div id="container-right" class="span9">
<a class="btn btn-small pull-right" href="#/create/user/{{realm.id}}">Add User</a>
<h1>
<span class="gray">{{realm.name}}</span> users
</h1>
<h1>
<span class="gray">{{realm.name}}</span> users
</h1>
<table class="table table-striped table-bordered">
<thead>
<tr>
<th>Username</th>
<th>Firstname</th>
<th>Lastname</th>
<th>Email</th>
</tr>
</thead>
<tr data-ng-repeat="user in users">
<td><a href="#/realms/{{realm.id}}/users/{{user.userId}}">{{user.userId}}</a></td>
<td>{{user.firstName}}</td>
<td>{{user.lastName}}</td>
<td>{{user.email}}</td>
</tr>
</table>
<table class="table table-striped table-bordered">
<thead>
<tr>
<th>Username</th>
<th>Firstname</th>
<th>Lastname</th>
<th>Email</th>
</tr>
</thead>
<tr data-ng-repeat="user in users">
<td><a href="#/realms/{{realm.id}}/users/{{user.userId}}">{{user.userId}}</a></td>
<td>{{user.firstName}}</td>
<td>{{user.lastName}}</td>
<td>{{user.email}}</td>
</tr>
</table>
</div>
<div id="container-right-bg"></div>
</div>