diff --git a/examples/as7-eap-demo/server/src/main/webapp/oauthGrantForm.jsp b/examples/as7-eap-demo/server/src/main/webapp/oauthGrantForm.jsp index 07c1d7e520..43ac5695f9 100755 --- a/examples/as7-eap-demo/server/src/main/webapp/oauthGrantForm.jsp +++ b/examples/as7-eap-demo/server/src/main/webapp/oauthGrantForm.jsp @@ -1,4 +1,4 @@ -<%@ page import="org.picketlink.idm.model.*,org.keycloak.services.models.*,org.keycloak.services.resources.*,javax.ws.rs.core.*,java.util.*" language="java" contentType="text/html; charset=ISO-8859-1" +<%@ page import="org.keycloak.services.models.*,org.keycloak.services.resources.*,javax.ws.rs.core.*,java.util.*" language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <% RealmModel realm = (RealmModel)request.getAttribute(RealmModel.class.getName()); @@ -22,9 +22,9 @@ <% - User client = (User)request.getAttribute("client"); - List realmRolesRequested = (List)request.getAttribute("realmRolesRequested"); - MultivaluedMap resourceRolesRequested = (MultivaluedMap)request.getAttribute("resourceRolesRequested"); + UserModel client = (UserModel)request.getAttribute("client"); + List realmRolesRequested = (List)request.getAttribute("realmRolesRequested"); + MultivaluedMap resourceRolesRequested = (MultivaluedMap)request.getAttribute("resourceRolesRequested"); %>

Grant request for: <%=client.getLoginName()%>

@@ -36,11 +36,11 @@ <% if (realmRolesRequested.size() > 0) { %>
    <% - for (Role role : realmRolesRequested) { + for (RoleModel role : realmRolesRequested) { String desc = "Have " + role.getName() + " privileges."; - Attribute roleDesc = role.getAttribute("description"); + String roleDesc = role.getDescription(); if (roleDesc != null) { - desc = (String)roleDesc.getValue(); + desc = roleDesc; } %>
  • <%=desc%>
    • @@ -49,14 +49,14 @@ %>
<% } for (String resource : resourceRolesRequested.keySet()) { - List roles = resourceRolesRequested.get(resource); + List roles = resourceRolesRequested.get(resource); out.println("For application " + resource + ": "); out.println("
    "); - for (Role role : roles) { + for (RoleModel role : roles) { String desc = "Have " + role.getName() + " privileges."; - Attribute roleDesc = role.getAttribute("description"); + String roleDesc = role.getDescription(); if (roleDesc != null) { - desc = (String)roleDesc.getValue(); + desc = roleDesc; } out.println("
  • " + desc + "
    • "); } diff --git a/sdk-html/pom.xml b/sdk-html/pom.xml index 3bb654a71c..ecef1dbc41 100755 --- a/sdk-html/pom.xml +++ b/sdk-html/pom.xml @@ -1,42 +1,42 @@ - - keycloak-parent - org.keycloak - 1.0-alpha-1 - ../pom.xml - - 4.0.0 + + keycloak-parent + org.keycloak + 1.0-alpha-1 + ../pom.xml + + 4.0.0 - keycloak-sdk-html - Keycloak HTML SDK - + keycloak-sdk-html + Keycloak HTML SDK + - - - org.keycloak - keycloak-social - ${project.version} - - - - org.jboss.resteasy - jaxrs-api - provided - - + + + org.keycloak + keycloak-social + ${project.version} + - - - - org.apache.maven.plugins - maven-compiler-plugin - - 1.6 - 1.6 - - - - + + org.jboss.resteasy + jaxrs-api + provided + + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.6 + 1.6 + + + + diff --git a/sdk-html/src/main/resources/META-INF/resources/sdk/login.html b/sdk-html/src/main/resources/META-INF/resources/sdk/login.html old mode 100644 new mode 100755 index 43a9b3a6b5..6cff18d4ab --- a/sdk-html/src/main/resources/META-INF/resources/sdk/login.html +++ b/sdk-html/src/main/resources/META-INF/resources/sdk/login.html @@ -1,46 +1,46 @@ - - - + + + - - - + + + -
    -
    -

    Login to {{config.name}}

    - -
    {{info}}
    -
    {{error}}
    +
    +
    +

    Login to {{config.name}}

    -
    - - - - - - -
    - - Register - Cancel -
    -
    -
    +
    {{info}}
    +
    {{error}}
    -
    -

    Login with

    +
    + + -
    - -
    -
    -
    + + + +
    + + Register + Cancel +
    + +
    + +
    +

    Login with

    + +
    + +
    +
    +
    \ No newline at end of file diff --git a/sdk-html/src/main/resources/META-INF/resources/sdk/register.html b/sdk-html/src/main/resources/META-INF/resources/sdk/register.html old mode 100644 new mode 100755 index cc3aebd9b2..ea498c31a1 --- a/sdk-html/src/main/resources/META-INF/resources/sdk/register.html +++ b/sdk-html/src/main/resources/META-INF/resources/sdk/register.html @@ -1,57 +1,58 @@ - - - + + + - - - + + + -
    -
    -

    Register with {{config.name}}

    - -
    {{info}}
    -
    {{error}}
    +
    +
    +

    Register with {{config.name}}

    -
    - - - - - - - - +
    {{info}}
    +
    {{error}}
    - - - - - - - - - -
    - - Cancel -
    -
    -
    +
    + + -
    -

    Login with

    + + -
    - -
    -
    -
    + + + + + + + + + + + + +
    + + Cancel +
    + +
    + +
    +

    Login with

    + +
    + +
    +
    +
    \ No newline at end of file diff --git a/server/pom.xml b/server/pom.xml index 26f83afdac..f5f18e6a73 100755 --- a/server/pom.xml +++ b/server/pom.xml @@ -1,40 +1,40 @@ - - keycloak-parent - org.keycloak - 1.0-alpha-1 - ../pom.xml - - 4.0.0 + + keycloak-parent + org.keycloak + 1.0-alpha-1 + ../pom.xml + + 4.0.0 - keycloak-server - Keycloak Server - war + keycloak-server + Keycloak Server + war - + - - - org.keycloak - keycloak-sdk-html - ${project.version} - - - org.keycloak - keycloak-social - ${project.version} - - - org.keycloak - keycloak-ui - ${project.version} - + + + org.keycloak + keycloak-sdk-html + ${project.version} + + + org.keycloak + keycloak-social + ${project.version} + + + org.keycloak + keycloak-ui + ${project.version} + - - org.jboss.resteasy - jaxrs-api - provided - - + + org.jboss.resteasy + jaxrs-api + provided + + diff --git a/server/src/main/webapp/WEB-INF/web.xml b/server/src/main/webapp/WEB-INF/web.xml old mode 100644 new mode 100755 index 6bf2c461d6..4ac0c75688 --- a/server/src/main/webapp/WEB-INF/web.xml +++ b/server/src/main/webapp/WEB-INF/web.xml @@ -1,8 +1,8 @@ + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd "> - keycloak-server + keycloak-server diff --git a/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java b/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java index bbffedf8d2..b735cd34eb 100755 --- a/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java +++ b/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java @@ -1,8 +1,8 @@ package org.keycloak.services.managers; import org.keycloak.representations.SkeletonKeyToken; -import org.picketlink.idm.model.Role; -import org.picketlink.idm.model.User; +import org.keycloak.services.models.RoleModel; +import org.keycloak.services.models.UserModel; import javax.ws.rs.core.MultivaluedHashMap; import javax.ws.rs.core.MultivaluedMap; @@ -22,10 +22,10 @@ public class AccessCodeEntry { protected long expiration; protected SkeletonKeyToken token; - protected User user; - protected User client; - protected List realmRolesRequested = new ArrayList(); - MultivaluedMap resourceRolesRequested = new MultivaluedHashMap(); + protected UserModel user; + protected UserModel client; + protected List realmRolesRequested = new ArrayList(); + MultivaluedMap resourceRolesRequested = new MultivaluedHashMap(); public boolean isExpired() { return expiration != 0 && (System.currentTimeMillis() / 1000) > expiration; @@ -59,27 +59,27 @@ public class AccessCodeEntry { this.token = token; } - public User getClient() { + public UserModel getClient() { return client; } - public void setClient(User client) { + public void setClient(UserModel client) { this.client = client; } - public User getUser() { + public UserModel getUser() { return user; } - public void setUser(User user) { + public void setUser(UserModel user) { this.user = user; } - public List getRealmRolesRequested() { + public List getRealmRolesRequested() { return realmRolesRequested; } - public MultivaluedMap getResourceRolesRequested() { + public MultivaluedMap getResourceRolesRequested() { return resourceRolesRequested; } diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index 24a9225a0d..8bcf3c65d8 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -9,12 +9,8 @@ import org.keycloak.representations.SkeletonKeyToken; import org.keycloak.representations.idm.RequiredCredentialRepresentation; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; +import org.keycloak.services.models.UserModel; import org.keycloak.services.resources.RealmsResource; -import org.picketlink.idm.credential.Credentials; -import org.picketlink.idm.credential.Password; -import org.picketlink.idm.credential.TOTPCredentials; -import org.picketlink.idm.credential.UsernamePasswordCredentials; -import org.picketlink.idm.model.User; import javax.ws.rs.NotAuthorizedException; import javax.ws.rs.core.Cookie; @@ -44,7 +40,7 @@ public class AuthenticationManager { * @return */ public boolean isRealmAdmin(RealmModel realm, HttpHeaders headers) { - User user = authenticateBearerToken(realm, headers); + UserModel user = authenticateBearerToken(realm, headers); return realm.isRealmAdmin(user); } @@ -60,7 +56,7 @@ public class AuthenticationManager { response.addNewCookie(expireIt); } - public User authenticateIdentityCookie(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) { + public UserModel authenticateIdentityCookie(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) { Cookie cookie = headers.getCookies().get(TokenManager.KEYCLOAK_IDENTITY_COOKIE); if (cookie == null) return null; @@ -72,7 +68,7 @@ public class AuthenticationManager { expireIdentityCookie(realm, uriInfo); return null; } - User user = realm.getUser(token.getPrincipal()); + UserModel user = realm.getUser(token.getPrincipal()); if (user == null || !user.isEnabled()) { logger.info("Unknown user in identity cookie"); expireIdentityCookie(realm, uriInfo); @@ -86,7 +82,7 @@ public class AuthenticationManager { return null; } - public User authenticateBearerToken(RealmModel realm, HttpHeaders headers) { + public UserModel authenticateBearerToken(RealmModel realm, HttpHeaders headers) { String tokenString = null; String authHeader = headers.getHeaderString(HttpHeaders.AUTHORIZATION); if (authHeader == null) { @@ -104,7 +100,7 @@ public class AuthenticationManager { if (!token.isActive()) { throw new NotAuthorizedException("token_expired"); } - User user = realm.getUser(token.getPrincipal()); + UserModel user = realm.getUser(token.getPrincipal()); if (user == null || !user.isEnabled()) { throw new NotAuthorizedException("invalid_user"); } @@ -115,7 +111,7 @@ public class AuthenticationManager { } } - public boolean authenticateForm(RealmModel realm, User user, MultivaluedMap formData) { + public boolean authenticateForm(RealmModel realm, UserModel user, MultivaluedMap formData) { String username = user.getLoginName(); Set types = new HashSet(); diff --git a/services/src/main/java/org/keycloak/services/managers/InstallationManager.java b/services/src/main/java/org/keycloak/services/managers/InstallationManager.java index 1da60e7158..7d0321fdde 100755 --- a/services/src/main/java/org/keycloak/services/managers/InstallationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/InstallationManager.java @@ -4,7 +4,6 @@ import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; import org.keycloak.services.resources.RegistrationService; import org.picketlink.idm.model.Realm; -import org.picketlink.idm.model.SimpleRole; /** * @author Bill Burke diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index 69b6b2de04..4a71d099d3 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -11,20 +11,17 @@ import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; import org.keycloak.services.models.ResourceModel; +import org.keycloak.services.models.RoleModel; import org.keycloak.services.models.UserCredentialModel; +import org.keycloak.services.models.UserModel; import org.picketlink.idm.IdentityManager; import org.picketlink.idm.IdentitySession; -import org.picketlink.idm.model.Attribute; import org.picketlink.idm.model.Realm; -import org.picketlink.idm.model.Role; import org.picketlink.idm.model.SimpleAgent; import org.picketlink.idm.model.SimpleRole; -import org.picketlink.idm.model.SimpleUser; -import org.picketlink.idm.model.User; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Response; -import java.io.Serializable; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; @@ -94,7 +91,7 @@ public class RealmManager { realm.updateRealm(); } - public RealmModel importRealm(RealmRepresentation rep, User realmCreator) { + public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) { verifyRealmRepresentation(rep); RealmModel realm = createRealm(rep.getRealm()); importRealm(rep, realm); @@ -121,7 +118,7 @@ public class RealmManager { newRealm.updateRealm(); - Map userMap = new HashMap(); + Map userMap = new HashMap(); for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) { RequiredCredentialModel credential = new RequiredCredentialModel(); @@ -132,14 +129,13 @@ public class RealmManager { } for (UserRepresentation userRep : rep.getUsers()) { - User user = new SimpleUser(userRep.getUsername()); + UserModel user = newRealm.addUser(userRep.getUsername()); user.setEnabled(userRep.isEnabled()); if (userRep.getAttributes() != null) { for (Map.Entry entry : userRep.getAttributes().entrySet()) { - user.setAttribute(new Attribute(entry.getKey(), entry.getValue())); + user.setAttribute(entry.getKey(), entry.getValue()); } } - newRealm.addUser(user); if (userRep.getCredentials() != null) { for (CredentialRepresentation cred : userRep.getCredentials()) { UserCredentialModel credential = new UserCredentialModel(); @@ -153,9 +149,8 @@ public class RealmManager { if (rep.getRoles() != null) { for (RoleRepresentation roleRep : rep.getRoles()) { - SimpleRole role = new SimpleRole(roleRep.getName()); - if (roleRep.getDescription() != null) role.setAttribute(new Attribute("description", roleRep.getDescription())); - newRealm.addRole(role); + RoleModel role = newRealm.addRole(roleRep.getName()); + if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription()); } } @@ -165,12 +160,11 @@ public class RealmManager { if (rep.getRoleMappings() != null) { for (RoleMappingRepresentation mapping : rep.getRoleMappings()) { - User user = userMap.get(mapping.getUsername()); + UserModel user = userMap.get(mapping.getUsername()); for (String roleString : mapping.getRoles()) { - Role role = newRealm.getRole(roleString.trim()); + RoleModel role = newRealm.getRole(roleString.trim()); if (role == null) { - role = new SimpleRole(roleString.trim()); - newRealm.addRole(role); + role = newRealm.addRole(roleString.trim()); } newRealm.grantRole(user, role); } @@ -180,12 +174,11 @@ public class RealmManager { if (rep.getScopeMappings() != null) { for (ScopeMappingRepresentation scope : rep.getScopeMappings()) { for (String roleString : scope.getRoles()) { - Role role = newRealm.getRole(roleString.trim()); + RoleModel role = newRealm.getRole(roleString.trim()); if (role == null) { - role = new SimpleRole(roleString.trim()); - newRealm.addRole(role); + role = newRealm.addRole(roleString.trim()); } - User user = userMap.get(scope.getUsername()); + UserModel user = userMap.get(scope.getUsername()); newRealm.addScope(user, role.getName()); } @@ -193,15 +186,15 @@ public class RealmManager { } } - protected void createResources(RealmRepresentation rep, RealmModel realm, Map userMap) { - Role loginRole = realm.getRole(RealmManager.RESOURCE_ROLE); + protected void createResources(RealmRepresentation rep, RealmModel realm, Map userMap) { + RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE); for (ResourceRepresentation resourceRep : rep.getResources()) { ResourceModel resource = realm.addResource(resourceRep.getName()); resource.setManagementUrl(resourceRep.getAdminUrl()); resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired()); resource.updateResource(); - User resourceUser = resource.getResourceUser(); + UserModel resourceUser = resource.getResourceUser(); if (resourceRep.getCredentials() != null) { for (CredentialRepresentation cred : resourceRep.getCredentials()) { UserCredentialModel credential = new UserCredentialModel(); @@ -216,19 +209,17 @@ public class RealmManager { if (resourceRep.getRoles() != null) { for (RoleRepresentation roleRep : resourceRep.getRoles()) { - SimpleRole role = new SimpleRole(roleRep.getName()); - if (roleRep.getDescription() != null) role.setAttribute(new Attribute("description", roleRep.getDescription())); - resource.addRole(role); + RoleModel role = resource.addRole(roleRep.getName()); + if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription()); } } if (resourceRep.getRoleMappings() != null) { for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) { - User user = userMap.get(mapping.getUsername()); + UserModel user = userMap.get(mapping.getUsername()); for (String roleString : mapping.getRoles()) { - Role role = resource.getRole(roleString.trim()); + RoleModel role = resource.getRole(roleString.trim()); if (role == null) { - role = new SimpleRole(roleString.trim()); - resource.addRole(role); + role = resource.addRole(roleString.trim()); } realm.grantRole(user, role); } @@ -236,12 +227,11 @@ public class RealmManager { } if (resourceRep.getScopeMappings() != null) { for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) { - User user = userMap.get(mapping.getUsername()); + UserModel user = userMap.get(mapping.getUsername()); for (String roleString : mapping.getRoles()) { - Role role = resource.getRole(roleString.trim()); + RoleModel role = resource.getRole(roleString.trim()); if (role == null) { - role = new SimpleRole(roleString.trim()); - resource.addRole(role); + role = resource.addRole(roleString.trim()); } resource.addScope(user, role.getName()); } diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java index 881f88aa20..4f9bdb3f1f 100755 --- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java +++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java @@ -7,9 +7,9 @@ import org.keycloak.representations.SkeletonKeyScope; import org.keycloak.representations.SkeletonKeyToken; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.ResourceModel; +import org.keycloak.services.models.RoleModel; +import org.keycloak.services.models.UserModel; import org.keycloak.services.resources.RealmsResource; -import org.picketlink.idm.model.Role; -import org.picketlink.idm.model.User; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.NewCookie; @@ -45,21 +45,21 @@ public class TokenManager { return accessCodeMap.remove(key); } - public NewCookie createLoginCookie(RealmModel realm, User user, UriInfo uriInfo) { + public NewCookie createLoginCookie(RealmModel realm, UserModel user, UriInfo uriInfo) { SkeletonKeyToken identityToken = createIdentityToken(realm, user.getLoginName()); String encoded = encodeToken(realm, identityToken); URI uri = RealmsResource.realmBaseUrl(uriInfo).build(realm.getId()); boolean secureOnly = !realm.isSslNotRequired(); - NewCookie cookie = new NewCookie(KEYCLOAK_IDENTITY_COOKIE, encoded, uri.getPath(), null, null, realm.getTokenLifespan(), secureOnly, true); + NewCookie cookie = new NewCookie(KEYCLOAK_IDENTITY_COOKIE, encoded, uri.getPath(), null, null, NewCookie.DEFAULT_MAX_AGE, secureOnly, true); return cookie; } - public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, User client, User user) { + public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) { AccessCodeEntry code = new AccessCodeEntry(); SkeletonKeyScope scopeMap = null; if (scopeParam != null) scopeMap = decodeScope(scopeParam); - List realmRolesRequested = code.getRealmRolesRequested(); - MultivaluedMap resourceRolesRequested = code.getResourceRolesRequested(); + List realmRolesRequested = code.getRealmRolesRequested(); + MultivaluedMap resourceRolesRequested = code.getResourceRolesRequested(); Set realmMapping = realm.getRoleMappings(user); if (realmMapping != null && realmMapping.size() > 0 && (scopeMap == null || scopeMap.containsKey("realm"))) { @@ -118,7 +118,7 @@ public class TokenManager { return code; } - protected SkeletonKeyToken initToken(RealmModel realm, User client, User user) { + protected SkeletonKeyToken initToken(RealmModel realm, UserModel client, UserModel user) { SkeletonKeyToken token = new SkeletonKeyToken(); token.id(RealmManager.generateId()); token.principal(user.getLoginName()); @@ -131,13 +131,13 @@ public class TokenManager { return token; } - protected void createToken(AccessCodeEntry accessCodeEntry, RealmModel realm, User client, User user) { + protected void createToken(AccessCodeEntry accessCodeEntry, RealmModel realm, UserModel client, UserModel user) { SkeletonKeyToken token = initToken(realm, client, user); if (accessCodeEntry.getRealmRolesRequested().size() > 0) { SkeletonKeyToken.Access access = new SkeletonKeyToken.Access(); - for (Role role : accessCodeEntry.getRealmRolesRequested()) { + for (RoleModel role : accessCodeEntry.getRealmRolesRequested()) { access.addRole(role.getName()); } token.setRealmAccess(access); @@ -148,7 +148,7 @@ public class TokenManager { for (String resourceName : accessCodeEntry.getResourceRolesRequested().keySet()) { ResourceModel resource = resourceMap.get(resourceName); SkeletonKeyToken.Access access = token.addAccess(resourceName).verifyCaller(resource.isSurrogateAuthRequired()); - for (Role role : accessCodeEntry.getResourceRolesRequested().get(resourceName)) { + for (RoleModel role : accessCodeEntry.getResourceRolesRequested().get(resourceName)) { access.addRole(role.getName()); } } @@ -178,7 +178,7 @@ public class TokenManager { } - public SkeletonKeyToken createAccessToken(RealmModel realm, User user) { + public SkeletonKeyToken createAccessToken(RealmModel realm, UserModel user) { List resources = realm.getResources(); SkeletonKeyToken token = new SkeletonKeyToken(); token.id(RealmManager.generateId()); diff --git a/services/src/main/java/org/keycloak/services/models/RealmModel.java b/services/src/main/java/org/keycloak/services/models/RealmModel.java index 6020194715..b633d45860 100755 --- a/services/src/main/java/org/keycloak/services/models/RealmModel.java +++ b/services/src/main/java/org/keycloak/services/models/RealmModel.java @@ -5,11 +5,11 @@ import org.jboss.resteasy.security.PemUtils; import org.keycloak.representations.idm.RequiredCredentialRepresentation; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.models.relationships.RealmAdminRelationship; -import org.keycloak.services.models.relationships.ResourceRelationship; import org.keycloak.services.models.relationships.RequiredCredentialRelationship; +import org.keycloak.services.models.relationships.ResourceRelationship; import org.keycloak.services.models.relationships.ScopeRelationship; -import org.picketlink.idm.IdentitySession; import org.picketlink.idm.IdentityManager; +import org.picketlink.idm.IdentitySession; import org.picketlink.idm.credential.Credentials; import org.picketlink.idm.credential.Password; import org.picketlink.idm.credential.TOTPCredential; @@ -47,6 +47,7 @@ import java.util.Set; * @version $Revision: 1 $ */ public class RealmModel { + public static final String DEFAULT_REALM = "default"; public static final String REALM_AGENT_ID = "_realm_"; public static final String REALM_NAME = "name"; public static final String REALM_ACCESS_CODE_LIFESPAN = "accessCodeLifespan"; @@ -239,13 +240,13 @@ public class RealmModel { idm.add(relationship); } - public boolean validatePassword(User user, String password) { + public boolean validatePassword(UserModel user, String password) { UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user.getLoginName(), new Password(password)); getIdm().validateCredentials(creds); return creds.getStatus() == Credentials.Status.VALID; } - public boolean validateTOTP(User user, String password, String token) { + public boolean validateTOTP(UserModel user, String password, String token) { TOTPCredentials creds = new TOTPCredentials(); creds.setToken(token); creds.setUsername(user.getLoginName()); @@ -254,14 +255,14 @@ public class RealmModel { return creds.getStatus() == Credentials.Status.VALID; } - public void updateCredential(User user, UserCredentialModel cred) { + public void updateCredential(UserModel user, UserCredentialModel cred) { IdentityManager idm = getIdm(); if (cred.getType().equals(RequiredCredentialRepresentation.PASSWORD)) { Password password = new Password(cred.getValue()); - idm.updateCredential(user, password); + idm.updateCredential(user.getUser(), password); } else if (cred.getType().equals(RequiredCredentialRepresentation.TOTP)) { TOTPCredential totp = new TOTPCredential(cred.getValue()); - idm.updateCredential(user, totp); + idm.updateCredential(user.getUser(), totp); } else if (cred.getType().equals(RequiredCredentialRepresentation.CLIENT_CERT)) { X509Certificate cert = null; try { @@ -270,37 +271,46 @@ public class RealmModel { throw new RuntimeException(e); } X509CertificateCredentials creds = new X509CertificateCredentials(cert); - idm.updateCredential(user, creds); + idm.updateCredential(user.getUser(), creds); } } - public User getUser(String name) { - return getIdm().getUser(name); + public UserModel getUser(String name) { + User user = getIdm().getUser(name); + if (user == null) return null; + return new UserModel(user, getIdm()); } - public void addUser(User user) { + public UserModel addUser(String username) { + User user = getIdm().getUser(username); + if (user != null) throw new IllegalStateException("User already exists"); + user = new SimpleUser(username); getIdm().add(user); + return new UserModel(user, getIdm()); } - public Role getRole(String name) { - return getIdm().getRole(name); + public RoleModel getRole(String name) { + Role role = getIdm().getRole(name); + if (role == null) return null; + return new RoleModel(role, getIdm()); } - public Role addRole(String name) { + public RoleModel addRole(String name) { Role role = new SimpleRole(name); getIdm().add(role); - return role; + return new RoleModel(role, getIdm()); } - public void addRole(Role role) { - getIdm().add(role); - } - - public List getRoles() { + public List getRoles() { IdentityManager idm = getIdm(); IdentityQuery query = idm.createIdentityQuery(Role.class); query.setParameter(Role.PARTITION, realm); - return query.getResultList(); + List roles = query.getResultList(); + List roleModels = new ArrayList(); + for (Role role : roles) { + roleModels.add(new RoleModel(role, idm)); + } + return roleModels; } @@ -345,22 +355,22 @@ public class RealmModel { relationship.setResourceUser(resourceUser); idm.add(relationship); ResourceModel resource = new ResourceModel(newTier, relationship, this, identitySession); - resource.addRole(new SimpleRole("*")); - resource.addScope(resourceUser, "*"); + resource.addRole("*"); + resource.addScope(new UserModel(resourceUser, idm), "*"); return resource; } - public boolean hasRole(User user, Role role) { - return getIdm().hasRole(user, role); + public boolean hasRole(UserModel user, RoleModel role) { + return getIdm().hasRole(user.getUser(), role.getRole()); } - public void grantRole(User user, Role role) { - getIdm().grantRole(user, role); + public void grantRole(UserModel user, RoleModel role) { + getIdm().grantRole(user.getUser(), role.getRole()); } - public Set getRoleMappings(User user) { + public Set getRoleMappings(UserModel user) { RelationshipQuery query = getIdm().createRelationshipQuery(Grant.class); - query.setParameter(Grant.ASSIGNEE, user); + query.setParameter(Grant.ASSIGNEE, user.getUser()); List grants = query.getResultList(); HashSet set = new HashSet(); for (Grant grant : grants) { @@ -369,21 +379,21 @@ public class RealmModel { return set; } - public void addScope(Agent agent, String roleName) { + public void addScope(UserModel agent, String roleName) { IdentityManager idm = getIdm(); Role role = idm.getRole(roleName); if (role == null) throw new RuntimeException("role not found"); ScopeRelationship scope = new ScopeRelationship(); - scope.setClient(agent); + scope.setClient(agent.getUser()); scope.setScope(role); idm.add(scope); } - public Set getScope(Agent agent) { + public Set getScope(UserModel agent) { RelationshipQuery query = getIdm().createRelationshipQuery(ScopeRelationship.class); - query.setParameter(ScopeRelationship.CLIENT, agent); + query.setParameter(ScopeRelationship.CLIENT, agent.getUser()); List scope = query.getResultList(); HashSet set = new HashSet(); for (ScopeRelationship rel : scope) { @@ -392,19 +402,19 @@ public class RealmModel { return set; } - public boolean isRealmAdmin(Agent agent) { + public boolean isRealmAdmin(UserModel agent) { IdentityManager idm = new RealmManager(identitySession).defaultRealm().getIdm(); RelationshipQuery query = idm.createRelationshipQuery(RealmAdminRelationship.class); query.setParameter(RealmAdminRelationship.REALM, realm.getId()); - query.setParameter(RealmAdminRelationship.ADMIN, agent); + query.setParameter(RealmAdminRelationship.ADMIN, agent.getUser()); List results = query.getResultList(); return results.size() > 0; } - public void addRealmAdmin(Agent agent) { + public void addRealmAdmin(UserModel agent) { IdentityManager idm = new RealmManager(identitySession).defaultRealm().getIdm(); RealmAdminRelationship relationship = new RealmAdminRelationship(); - relationship.setAdmin(agent); + relationship.setAdmin(agent.getUser()); relationship.setRealm(realm.getId()); idm.add(relationship); } diff --git a/services/src/main/java/org/keycloak/services/models/ResourceModel.java b/services/src/main/java/org/keycloak/services/models/ResourceModel.java index ee07bbadd0..2874e60cb9 100755 --- a/services/src/main/java/org/keycloak/services/models/ResourceModel.java +++ b/services/src/main/java/org/keycloak/services/models/ResourceModel.java @@ -2,17 +2,16 @@ package org.keycloak.services.models; import org.keycloak.services.models.relationships.ResourceRelationship; import org.keycloak.services.models.relationships.ScopeRelationship; -import org.picketlink.idm.IdentitySession; import org.picketlink.idm.IdentityManager; -import org.picketlink.idm.model.Agent; +import org.picketlink.idm.IdentitySession; import org.picketlink.idm.model.Grant; import org.picketlink.idm.model.Role; import org.picketlink.idm.model.SimpleRole; import org.picketlink.idm.model.Tier; -import org.picketlink.idm.model.User; import org.picketlink.idm.query.IdentityQuery; import org.picketlink.idm.query.RelationshipQuery; +import java.util.ArrayList; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -44,8 +43,8 @@ public class ResourceModel { getIdm().update(agent); } - public User getResourceUser() { - return agent.getResourceUser(); + public UserModel getResourceUser() { + return new UserModel(agent.getResourceUser(), realm.getIdm()); } public String getId() { @@ -84,37 +83,32 @@ public class ResourceModel { agent.setManagementUrl(url); } - public User getUser(String name) { - return getIdm().getUser(name); + public RoleModel getRole(String name) { + Role role = getIdm().getRole(name); + if (role == null) return null; + return new RoleModel(role, getIdm()); } - public void addUser(User user) { - getIdm().add(user); - } - - public Role getRole(String name) { - return getIdm().getRole(name); - } - - public Role addRole(String name) { + public RoleModel addRole(String name) { Role role = new SimpleRole(name); getIdm().add(role); - return role; + return new RoleModel(role, getIdm()); } - public void addRole(Role role) { - getIdm().add(role); - } - - public List getRoles() { + public List getRoles() { IdentityQuery query = getIdm().createIdentityQuery(Role.class); query.setParameter(Role.PARTITION, tier); - return query.getResultList(); + List roles = query.getResultList(); + List roleModels = new ArrayList(); + for (Role role : roles) { + roleModels.add(new RoleModel(role, idm)); + } + return roleModels; } - public Set getRoleMappings(User user) { + public Set getRoleMappings(UserModel user) { RelationshipQuery query = getIdm().createRelationshipQuery(Grant.class); - query.setParameter(Grant.ASSIGNEE, user); + query.setParameter(Grant.ASSIGNEE, user.getUser()); List grants = query.getResultList(); HashSet set = new HashSet(); for (Grant grant : grants) { @@ -123,7 +117,7 @@ public class ResourceModel { return set; } - public void addScope(Agent agent, String roleName) { + public void addScope(UserModel agent, String roleName) { IdentityManager idm = getIdm(); Role role = idm.getRole(roleName); if (role == null) throw new RuntimeException("role not found"); @@ -131,15 +125,15 @@ public class ResourceModel { } - public void addScope(Agent agent, Role role) { + public void addScope(UserModel agent, Role role) { ScopeRelationship scope = new ScopeRelationship(); - scope.setClient(agent); + scope.setClient(agent.getUser()); scope.setScope(role); } - public Set getScope(Agent agent) { + public Set getScope(UserModel agent) { RelationshipQuery query = getIdm().createRelationshipQuery(ScopeRelationship.class); - query.setParameter(ScopeRelationship.CLIENT, agent); + query.setParameter(ScopeRelationship.CLIENT, agent.getUser()); List scope = query.getResultList(); HashSet set = new HashSet(); for (ScopeRelationship rel : scope) { diff --git a/services/src/main/java/org/keycloak/services/models/RoleModel.java b/services/src/main/java/org/keycloak/services/models/RoleModel.java new file mode 100755 index 0000000000..5fcea7c836 --- /dev/null +++ b/services/src/main/java/org/keycloak/services/models/RoleModel.java @@ -0,0 +1,45 @@ +package org.keycloak.services.models; + +import org.picketlink.idm.IdentityManager; +import org.picketlink.idm.model.Attribute; +import org.picketlink.idm.model.Role; + +import java.io.Serializable; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class RoleModel { + protected Role role; + protected IdentityManager idm; + + public RoleModel(Role role, IdentityManager idm) { + this.role = role; + this.idm = idm; + } + + protected Role getRole() { + return role; + } + + public String getName() { + return role.getName(); + } + + public String getDescription() { + Attribute description = role.getAttribute("description"); + if (description == null) return null; + return (String) description.getValue(); + } + + public void setDescription(String description) { + if (description == null) { + role.removeAttribute("description"); + } else { + role.setAttribute(new Attribute("description", description)); + } + idm.update(role); + } + +} diff --git a/services/src/main/java/org/keycloak/services/models/UserModel.java b/services/src/main/java/org/keycloak/services/models/UserModel.java new file mode 100755 index 0000000000..7491f3c5c7 --- /dev/null +++ b/services/src/main/java/org/keycloak/services/models/UserModel.java @@ -0,0 +1,63 @@ +package org.keycloak.services.models; + +import org.picketlink.idm.IdentityManager; +import org.picketlink.idm.model.Attribute; +import org.picketlink.idm.model.User; + +import java.util.HashMap; +import java.util.Map; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class UserModel { + protected User user; + protected IdentityManager idm; + + public UserModel(User user, IdentityManager idm) { + this.user = user; + this.idm = idm; + } + + protected User getUser() { + return user; + } + + public String getLoginName() { + return user.getLoginName(); + } + + public boolean isEnabled() { + return user.isEnabled(); + } + + public void setEnabled(boolean enabled) { + user.setEnabled(enabled); + idm.update(user); + } + + public void setAttribute(String name, String value) { + user.setAttribute(new Attribute(name, value)); + idm.update(user); + } + + public void removeAttribute(String name) { + user.removeAttribute(name); + idm.update(user); + } + + public String getAttribute(String name) { + Attribute attribute = user.getAttribute(name); + if (attribute == null || attribute.getValue() == null) return null; + return attribute.getValue().toString(); + } + + public Map getAttributes() { + Map attributes = new HashMap(); + for (Attribute attribute : user.getAttributes()) { + if (attribute.getValue() != null) attributes.put(attribute.getName(), attribute.getValue().toString()); + } + return attributes; + } +} diff --git a/services/src/main/java/org/keycloak/services/models/relationships/RealmAdminRelationship.java b/services/src/main/java/org/keycloak/services/models/relationships/RealmAdminRelationship.java index cf68d46829..1158e37108 100755 --- a/services/src/main/java/org/keycloak/services/models/relationships/RealmAdminRelationship.java +++ b/services/src/main/java/org/keycloak/services/models/relationships/RealmAdminRelationship.java @@ -2,7 +2,6 @@ package org.keycloak.services.models.relationships; import org.picketlink.idm.model.AbstractAttributedType; import org.picketlink.idm.model.Agent; -import org.picketlink.idm.model.Realm; import org.picketlink.idm.model.Relationship; import org.picketlink.idm.model.annotation.AttributeProperty; import org.picketlink.idm.model.annotation.IdentityProperty; diff --git a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java index fdf172d3cb..fb423f06b2 100755 --- a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java +++ b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java @@ -4,8 +4,8 @@ import org.keycloak.SkeletonKeyContextResolver; import org.keycloak.services.filters.IdentitySessionFilter; import org.keycloak.services.managers.TokenManager; import org.keycloak.services.models.relationships.RealmAdminRelationship; -import org.keycloak.services.models.relationships.ResourceRelationship; import org.keycloak.services.models.relationships.RequiredCredentialRelationship; +import org.keycloak.services.models.relationships.ResourceRelationship; import org.keycloak.services.models.relationships.ScopeRelationship; import org.picketlink.idm.IdentitySessionFactory; import org.picketlink.idm.config.IdentityConfiguration; diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index 69a2b4757e..a0ab19ee92 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -3,13 +3,12 @@ package org.keycloak.services.resources; import org.jboss.resteasy.logging.Logger; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.managers.AuthenticationManager; -import org.keycloak.services.managers.TokenManager; import org.keycloak.services.managers.RealmManager; +import org.keycloak.services.managers.TokenManager; import org.keycloak.services.models.RealmModel; +import org.keycloak.services.models.RoleModel; +import org.keycloak.services.models.UserModel; import org.picketlink.idm.IdentitySession; -import org.picketlink.idm.model.Realm; -import org.picketlink.idm.model.Role; -import org.picketlink.idm.model.User; import javax.ws.rs.Consumes; import javax.ws.rs.NotAuthorizedException; @@ -92,9 +91,9 @@ public class RealmsResource { RealmModel realm; try { RealmManager realmManager = new RealmManager(identitySession); - RealmModel defaultRealm = realmManager.getRealm(Realm.DEFAULT_REALM); - User realmCreator = new AuthenticationManager().authenticateBearerToken(defaultRealm, headers); - Role creatorRole = defaultRealm.getRole(RegistrationService.REALM_CREATOR_ROLE); + RealmModel defaultRealm = realmManager.getRealm(RealmModel.DEFAULT_REALM); + UserModel realmCreator = new AuthenticationManager().authenticateBearerToken(defaultRealm, headers); + RoleModel creatorRole = defaultRealm.getRole(RegistrationService.REALM_CREATOR_ROLE); if (!defaultRealm.hasRole(realmCreator, creatorRole)) { logger.warn("not a realm creator"); throw new NotAuthorizedException("Bearer"); diff --git a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java index 7dbc9cc32f..d70546705b 100755 --- a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java +++ b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java @@ -5,11 +5,10 @@ import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.models.RealmModel; +import org.keycloak.services.models.RoleModel; import org.keycloak.services.models.UserCredentialModel; +import org.keycloak.services.models.UserModel; import org.picketlink.idm.IdentitySession; -import org.picketlink.idm.model.Role; -import org.picketlink.idm.model.SimpleUser; -import org.picketlink.idm.model.User; import javax.ws.rs.Consumes; import javax.ws.rs.ForbiddenException; @@ -49,20 +48,19 @@ public class RegistrationService { if (!defaultRealm.isRegistrationAllowed()) { throw new ForbiddenException(); } - User user = defaultRealm.getUser(newUser.getUsername()); + UserModel user = defaultRealm.getUser(newUser.getUsername()); if (user != null) { return Response.status(400).type("text/plain").entity("user exists").build(); } - user = new SimpleUser(newUser.getUsername()); - defaultRealm.addUser(user); + user = defaultRealm.addUser(newUser.getUsername()); for (CredentialRepresentation cred : newUser.getCredentials()) { UserCredentialModel credModel = new UserCredentialModel(); credModel.setType(cred.getType()); credModel.setValue(cred.getValue()); defaultRealm.updateCredential(user, credModel); } - Role realmCreator = defaultRealm.getRole(REALM_CREATOR_ROLE); + RoleModel realmCreator = defaultRealm.getRole(REALM_CREATOR_ROLE); defaultRealm.grantRole(user, realmCreator); identitySession.getTransaction().commit(); URI uri = uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(user.getLoginName()).build(); diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java index 7274dc0dc3..f1ceb54ac1 100755 --- a/services/src/main/java/org/keycloak/services/resources/TokenService.java +++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java @@ -16,9 +16,9 @@ import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.ResourceAdminManager; import org.keycloak.services.managers.TokenManager; import org.keycloak.services.models.RealmModel; +import org.keycloak.services.models.RoleModel; +import org.keycloak.services.models.UserModel; import org.picketlink.idm.IdentitySession; -import org.picketlink.idm.model.Role; -import org.picketlink.idm.model.User; import javax.ws.rs.Consumes; import javax.ws.rs.GET; @@ -125,7 +125,7 @@ public class TokenService { if (!realm.isEnabled()) { throw new NotAuthorizedException("Disabled realm"); } - User user = realm.getUser(username); + UserModel user = realm.getUser(username); if (user == null) { throw new NotAuthorizedException("No user"); } @@ -154,7 +154,7 @@ public class TokenService { if (!realm.isEnabled()) { throw new NotAuthorizedException("Disabled realm"); } - User user = realm.getUser(username); + UserModel user = realm.getUser(username); if (user == null) { throw new NotAuthorizedException("No user"); } @@ -183,7 +183,7 @@ public class TokenService { securityFailureForward("Realm not enabled."); return null; } - User client = realm.getUser(clientId); + UserModel client = realm.getUser(clientId); if (client == null) { securityFailureForward("Unknown login requester."); return null; @@ -193,7 +193,7 @@ public class TokenService { return null; } String username = formData.getFirst("username"); - User user = realm.getUser(username); + UserModel user = realm.getUser(username); if (user == null) { logger.error("Incorrect user name."); request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Incorrect user name."); @@ -216,9 +216,9 @@ public class TokenService { return processAccessCode(scopeParam, state, redirect, client, user); } - protected Response processAccessCode(String scopeParam, String state, String redirect, User client, User user) { - Role resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE); - Role identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE); + protected Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) { + RoleModel resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE); + RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE); boolean isResource = realm.hasRole(client, resourceRole); if (!isResource && !realm.hasRole(client, identityRequestRole)) { securityFailureForward("Login requester not allowed to request login."); @@ -274,7 +274,7 @@ public class TokenService { error.put("error_description", "client_id not specified"); return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build(); } - User client = realm.getUser(client_id); + UserModel client = realm.getUser(client_id); if (client == null) { logger.debug("Could not find user"); Map error = new HashMap(); @@ -332,7 +332,7 @@ public class TokenService { res.put("error_description", "Token expired"); return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res).build(); } - if (!client.getId().equals(accessCode.getClient().getId())) { + if (!client.getLoginName().equals(accessCode.getClient().getLoginName())) { Map res = new HashMap(); res.put("error", "invalid_grant"); res.put("error_description", "Auth error"); @@ -403,7 +403,7 @@ public class TokenService { securityFailureForward("Realm not enabled"); return null; } - User client = realm.getUser(clientId); + UserModel client = realm.getUser(clientId); if (client == null) { securityFailureForward("Unknown login requester."); return null; @@ -415,8 +415,8 @@ public class TokenService { return null; } - Role resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE); - Role identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE); + RoleModel resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE); + RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE); boolean isResource = realm.hasRole(client, resourceRole); if (!isResource && !realm.hasRole(client, identityRequestRole)) { securityFailureForward("Login requester not allowed to request login."); @@ -424,7 +424,7 @@ public class TokenService { return null; } - User user = authManager.authenticateIdentityCookie(realm, uriInfo, headers); + UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers); if (user != null) { logger.info(user.getLoginName() + " already logged in."); return processAccessCode(scopeParam, state, redirect, client, user); @@ -439,7 +439,7 @@ public class TokenService { public Response logout(@QueryParam("redirect_uri") String redirectUri) { // todo do we care if anybody can trigger this? - User user = authManager.authenticateIdentityCookie(realm, uriInfo, headers); + UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers); if (user != null) { logger.info("Logging out: " + user.getLoginName()); authManager.expireIdentityCookie(realm, uriInfo); @@ -491,7 +491,7 @@ public class TokenService { return location.build(); } - protected void oauthGrantPage(AccessCodeEntry accessCode, User client) { + protected void oauthGrantPage(AccessCodeEntry accessCode, UserModel client) { request.setAttribute("realmRolesRequested", accessCode.getRealmRolesRequested()); request.setAttribute("resourceRolesRequested", accessCode.getResourceRolesRequested()); request.setAttribute("client", client); diff --git a/services/src/test/java/org/keycloak/test/AdapterTest.java b/services/src/test/java/org/keycloak/test/AdapterTest.java index 8b8b5aed77..a0849012ed 100755 --- a/services/src/test/java/org/keycloak/test/AdapterTest.java +++ b/services/src/test/java/org/keycloak/test/AdapterTest.java @@ -11,20 +11,17 @@ import org.keycloak.services.managers.InstallationManager; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; +import org.keycloak.services.models.RoleModel; import org.keycloak.services.models.UserCredentialModel; +import org.keycloak.services.models.UserModel; import org.keycloak.services.models.relationships.RealmAdminRelationship; import org.keycloak.services.models.relationships.RequiredCredentialRelationship; import org.keycloak.services.models.relationships.ResourceRelationship; import org.keycloak.services.models.relationships.ScopeRelationship; -import org.keycloak.services.resources.KeycloakApplication; import org.picketlink.idm.IdentitySession; import org.picketlink.idm.IdentitySessionFactory; -import org.picketlink.idm.IdentityManager; import org.picketlink.idm.config.IdentityConfiguration; import org.picketlink.idm.config.IdentityConfigurationBuilder; -import org.picketlink.idm.credential.Credentials; -import org.picketlink.idm.credential.Password; -import org.picketlink.idm.credential.UsernamePasswordCredentials; import org.picketlink.idm.internal.DefaultIdentitySessionFactory; import org.picketlink.idm.jpa.internal.ResourceLocalJpaIdentitySessionHandler; import org.picketlink.idm.jpa.schema.CredentialObject; @@ -35,10 +32,6 @@ import org.picketlink.idm.jpa.schema.PartitionObject; import org.picketlink.idm.jpa.schema.RelationshipIdentityObject; import org.picketlink.idm.jpa.schema.RelationshipObject; import org.picketlink.idm.jpa.schema.RelationshipObjectAttribute; -import org.picketlink.idm.model.Role; -import org.picketlink.idm.model.SimpleRole; -import org.picketlink.idm.model.SimpleUser; -import org.picketlink.idm.model.User; import java.util.List; @@ -147,8 +140,7 @@ public class AdapterTest { @Test public void testCredentialValidation() throws Exception { test1CreateRealm(); - User user = new SimpleUser("bburke"); - realmModel.addUser(user); + UserModel user = realmModel.addUser("bburke"); UserCredentialModel cred = new UserCredentialModel(); cred.setType(RequiredCredentialRepresentation.PASSWORD); cred.setValue("geheim"); @@ -159,13 +151,12 @@ public class AdapterTest { @Test public void testRoles() throws Exception { test1CreateRealm(); - realmModel.addRole(new SimpleRole("admin")); - realmModel.addRole(new SimpleRole("user")); - List roles = realmModel.getRoles(); + realmModel.addRole("admin"); + realmModel.addRole("user"); + List roles = realmModel.getRoles(); Assert.assertEquals(5, roles.size()); - SimpleUser user = new SimpleUser("bburke"); - realmModel.addUser(user); - Role role = realmModel.getRole("user"); + UserModel user = realmModel.addUser("bburke"); + RoleModel role = realmModel.getRole("user"); realmModel.grantRole(user, role); Assert.assertTrue(realmModel.hasRole(user, role)); } diff --git a/services/src/test/java/org/keycloak/test/ImportTest.java b/services/src/test/java/org/keycloak/test/ImportTest.java index 850708f461..5742fa75e9 100755 --- a/services/src/test/java/org/keycloak/test/ImportTest.java +++ b/services/src/test/java/org/keycloak/test/ImportTest.java @@ -10,6 +10,7 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; +import org.keycloak.services.models.UserModel; import org.keycloak.services.models.relationships.RealmAdminRelationship; import org.keycloak.services.models.relationships.RequiredCredentialRelationship; import org.keycloak.services.models.relationships.ResourceRelationship; @@ -30,8 +31,6 @@ import org.picketlink.idm.jpa.schema.RelationshipIdentityObject; import org.picketlink.idm.jpa.schema.RelationshipObject; import org.picketlink.idm.jpa.schema.RelationshipObjectAttribute; import org.picketlink.idm.model.Realm; -import org.picketlink.idm.model.SimpleRole; -import org.picketlink.idm.model.User; import java.util.Set; @@ -96,13 +95,13 @@ public class ImportTest { manager.generateRealmKeys(defaultRealm); defaultRealm.updateRealm(); defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD); - defaultRealm.addRole(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE)); + defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE); RealmRepresentation rep = KeycloakTestBase.loadJson("testrealm.json"); RealmModel realm = manager.createRealm("demo", rep.getRealm()); manager.importRealm(rep, realm); - User user = realm.getUser("loginclient"); + UserModel user = realm.getUser("loginclient"); Assert.assertNotNull(user); Set scopes = realm.getScope(user); System.out.println("Scopes size: " + scopes.size()); diff --git a/services/src/test/java/org/keycloak/test/RealmKeyGenerator.java b/services/src/test/java/org/keycloak/test/RealmKeyGenerator.java index 4f034d41cd..8d9d281706 100755 --- a/services/src/test/java/org/keycloak/test/RealmKeyGenerator.java +++ b/services/src/test/java/org/keycloak/test/RealmKeyGenerator.java @@ -3,14 +3,12 @@ package org.keycloak.test; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMWriter; import org.jboss.resteasy.security.PemUtils; -import org.keycloak.services.models.RealmModel; import java.io.IOException; import java.io.StringWriter; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; -import java.security.PublicKey; import java.security.Security; /** diff --git a/social/pom.xml b/social/pom.xml index 435b8e399a..f91a7c7733 100755 --- a/social/pom.xml +++ b/social/pom.xml @@ -27,14 +27,14 @@ org.picketlink picketlink-idm-api - + org.jboss.spec.javax.ejb jboss-ejb-api_3.2_spec - 1.0.0.Alpha2 + 1.0.0.Alpha2 provided - + com.google.api-client google-api-client @@ -47,11 +47,11 @@ com.google.apis google-api-services-oauth2 - + org.twitter4j twitter4j-core - + diff --git a/ui/pom.xml b/ui/pom.xml index db4e42d52d..41da085c66 100755 --- a/ui/pom.xml +++ b/ui/pom.xml @@ -1,22 +1,22 @@ - - keycloak-parent - org.keycloak - 1.0-alpha-1 - ../pom.xml - - 4.0.0 + + keycloak-parent + org.keycloak + 1.0-alpha-1 + ../pom.xml + + 4.0.0 - keycloak-ui - Keycloak UI - + keycloak-ui + Keycloak UI + - - - org.jboss.resteasy - jaxrs-api - provided - - + + + org.jboss.resteasy + jaxrs-api + provided + + diff --git a/ui/src/main/resources/META-INF/resources/ui/index.html b/ui/src/main/resources/META-INF/resources/ui/index.html old mode 100644 new mode 100755 index 80579c5cff..b4636e53dc --- a/ui/src/main/resources/META-INF/resources/ui/index.html +++ b/ui/src/main/resources/META-INF/resources/ui/index.html @@ -2,49 +2,49 @@ - -Keycloak + + Keycloak - - - - + + + + - + - + - - - + + + - - - - + + + + -
    -
    {{notification.message}}
    +
    +
    {{notification.message}}
    +
    + +
    +
    + +
    + +
    +
    - -
    -
    -
    - -
    - -
    - -
    - Loading... -
    +
    + Loading...
    +
    diff --git a/ui/src/main/resources/META-INF/resources/ui/partials/application-detail.html b/ui/src/main/resources/META-INF/resources/ui/partials/application-detail.html old mode 100644 new mode 100755 index fa3948e28c..10a6a04050 --- a/ui/src/main/resources/META-INF/resources/ui/partials/application-detail.html +++ b/ui/src/main/resources/META-INF/resources/ui/partials/application-detail.html @@ -2,14 +2,17 @@
    - +

    New Application

    +

    {{application.name}} configuration

    -
    Please fill in all required fields
    +
    + Please fill in all required fields +

    * Required fields

    @@ -17,64 +20,86 @@ Settings
    - - + +
    - -
    - - -
    - + +
    + + +
    +
    +
    - +
    - Roles - -
    - -
    - {{r}} - -
    - - -
    -
    -
    + Roles -
    - -
    - {{r}} - -
    - -
    -
    -
    -
    +
    + + +
    + {{r}} + +
    + + +
    +
    +
    + +
    + + +
    + {{r}} + +
    + +
    +
    +
    +
    - - + +
    - - + + View applications » - +
    diff --git a/ui/src/main/resources/META-INF/resources/ui/partials/application-list.html b/ui/src/main/resources/META-INF/resources/ui/partials/application-list.html old mode 100644 new mode 100755 index fa5fe4ea82..aebf74b10e --- a/ui/src/main/resources/META-INF/resources/ui/partials/application-list.html +++ b/ui/src/main/resources/META-INF/resources/ui/partials/application-list.html @@ -12,9 +12,9 @@ - - - + + + diff --git a/ui/src/main/resources/META-INF/resources/ui/partials/application-menu.html b/ui/src/main/resources/META-INF/resources/ui/partials/application-menu.html old mode 100644 new mode 100755 index ca94f973da..e5ebac35fc --- a/ui/src/main/resources/META-INF/resources/ui/partials/application-menu.html +++ b/ui/src/main/resources/META-INF/resources/ui/partials/application-menu.html @@ -6,10 +6,12 @@ diff --git a/ui/src/main/resources/META-INF/resources/ui/partials/menu.html b/ui/src/main/resources/META-INF/resources/ui/partials/menu.html old mode 100644 new mode 100755 index 330f6ee6fb..1dfe4eac67 --- a/ui/src/main/resources/META-INF/resources/ui/partials/menu.html +++ b/ui/src/main/resources/META-INF/resources/ui/partials/menu.html @@ -4,9 +4,12 @@
    diff --git a/ui/src/main/resources/META-INF/resources/ui/partials/provider/google-help.html b/ui/src/main/resources/META-INF/resources/ui/partials/provider/google-help.html old mode 100644 new mode 100755 index aa4baed5c1..5a45c6c66b --- a/ui/src/main/resources/META-INF/resources/ui/partials/provider/google-help.html +++ b/ui/src/main/resources/META-INF/resources/ui/partials/provider/google-help.html @@ -1,12 +1,16 @@

    - Open https://code.google.com/apis/console/. From the + Open https://code.google.com/apis/console/. From + the drop-down menu select Create.

    -

    Use any name that you'd like, click Create Project, select API Access and click on Create an OAuth 2.0 client ID.

    +

    Use any name that you'd like, click Create Project, select API Access and click on Create an OAuth + 2.0 client ID.

    -

    Use any product name you'd like and leave the other fields empty, then click Next. On the next page select Web application - as the application type. Click more options next to Your site or hostname. Fill in the form with the following values:

    +

    Use any product name you'd like and leave the other fields empty, then click Next. On the next page select Web + application + as the application type. Click more options next to Your site or hostname. Fill in the form with the + following values:

    • Authorized Redirect URIs: {{callbackUrl}}
      • @@ -17,14 +21,18 @@
      +
      - +
      +
      - +
      diff --git a/ui/src/main/resources/META-INF/resources/ui/partials/provider/twitter-help.html b/ui/src/main/resources/META-INF/resources/ui/partials/provider/twitter-help.html old mode 100644 new mode 100755 index 1c6114bd27..4ce76219a4 --- a/ui/src/main/resources/META-INF/resources/ui/partials/provider/twitter-help.html +++ b/ui/src/main/resources/META-INF/resources/ui/partials/provider/twitter-help.html @@ -1,5 +1,6 @@

      - Open https://dev.twitter.com/apps. Click on Create a new + Open https://dev.twitter.com/apps. Click on Create a + new application.

      @@ -18,21 +19,26 @@
      +
      - +
      +
      - +

      - Now click on Settings and tick the box Allow this application to be used to Sign in with Twitter, and click on Update - this Twitter application's settings. + Now click on Settings and tick the box Allow this application to be used to Sign in with Twitter, and + click on Update + this Twitter application's settings.

      diff --git a/ui/src/main/resources/META-INF/resources/ui/partials/realm-detail.html b/ui/src/main/resources/META-INF/resources/ui/partials/realm-detail.html old mode 100644 new mode 100755 index 479bf83b61..daa4f47c25 --- a/ui/src/main/resources/META-INF/resources/ui/partials/realm-detail.html +++ b/ui/src/main/resources/META-INF/resources/ui/partials/realm-detail.html @@ -5,92 +5,118 @@

      New Realm

      +

      {{realm.name}} configuration

      - -
      Please fill in all required fields
      + +
      Please fill + in all required fields +

      * Required fields

      Settings - -
      - - -
      - -
      - - -
      - -
      - - -
      - -
      - - -
      - -
      - -
      - - -
      -
      -
      - -
      - Roles - -
      - -
      - {{r}} - -
      - - -
      -
      -
      -
      - -
      - {{r}} - -
      - -
      -
      -
      +
      + + +
      + +
      + + +
      + +
      + + +
      + +
      + + +
      + +
      + + +
      + + +
      +
      +
      + +
      + Roles + +
      + + +
      + {{r}} + +
      + + +
      +
      +
      + +
      + + +
      + {{r}} + +
      + +
      +
      +
      - - + +
      - - + + View realms » - +
      - +
      diff --git a/ui/src/main/resources/META-INF/resources/ui/partials/realm-list.html b/ui/src/main/resources/META-INF/resources/ui/partials/realm-list.html old mode 100644 new mode 100755 index 344838e6e4..cf058bf36e --- a/ui/src/main/resources/META-INF/resources/ui/partials/realm-list.html +++ b/ui/src/main/resources/META-INF/resources/ui/partials/realm-list.html @@ -5,16 +5,16 @@
      Add Realm - +

      Realms

    Application
    Application
    {{application.name}}
    - - - + + + diff --git a/ui/src/main/resources/META-INF/resources/ui/partials/realm-menu.html b/ui/src/main/resources/META-INF/resources/ui/partials/realm-menu.html old mode 100644 new mode 100755 index ac8e0be45d..a70c236c59 --- a/ui/src/main/resources/META-INF/resources/ui/partials/realm-menu.html +++ b/ui/src/main/resources/META-INF/resources/ui/partials/realm-menu.html @@ -9,8 +9,10 @@ {{r.name}} diff --git a/ui/src/main/resources/META-INF/resources/ui/partials/role-mapping.html b/ui/src/main/resources/META-INF/resources/ui/partials/role-mapping.html old mode 100644 new mode 100755 index c65ed91094..1649e1417f --- a/ui/src/main/resources/META-INF/resources/ui/partials/role-mapping.html +++ b/ui/src/main/resources/META-INF/resources/ui/partials/role-mapping.html @@ -1,46 +1,50 @@
    -
    - - -
    +
    + -
    -

    - {{realm.name}} role mapping -

    +
    - +
    +

    + {{realm.name}} role mapping +

    -
    - + -
    Realm
    Realm
    {{r.name}}
    - - - - - - - - - - - - - - - - -
    UsernameFirstnameLastnameEmail
    {{user.userId}}{{user.firstName}}{{user.lastName}}{{user.email}}
    -
    -
    +
    + -
    -
    + + + + + + + + + + + + + + + + + +
    UsernameFirstnameLastnameEmail
    {{user.userId}}{{user.firstName}}{{user.lastName}}{{user.email}} + +
    +
    + + +
    + \ No newline at end of file diff --git a/ui/src/main/resources/META-INF/resources/ui/partials/user-detail.html b/ui/src/main/resources/META-INF/resources/ui/partials/user-detail.html old mode 100644 new mode 100755 index fcb95b4913..67af006519 --- a/ui/src/main/resources/META-INF/resources/ui/partials/user-detail.html +++ b/ui/src/main/resources/META-INF/resources/ui/partials/user-detail.html @@ -5,11 +5,14 @@

    New User

    +

    {{user.userId}} configuration

    -
    Please fill in all required fields
    +
    Please fill in + all required fields +

    * Required fields

    @@ -17,21 +20,26 @@ Details
    +
    - +
    +
    - Invalid email + Invalid email
    +
    @@ -39,6 +47,7 @@
    +
    @@ -46,8 +55,10 @@
    +
    - +
    @@ -57,10 +68,10 @@ - - - - + + + + @@ -70,17 +81,25 @@
    - - + +
    - - + + View users » - +
    - +
    diff --git a/ui/src/main/resources/META-INF/resources/ui/partials/user-list.html b/ui/src/main/resources/META-INF/resources/ui/partials/user-list.html old mode 100644 new mode 100755 index d5aec2cd55..43957a735a --- a/ui/src/main/resources/META-INF/resources/ui/partials/user-list.html +++ b/ui/src/main/resources/META-INF/resources/ui/partials/user-list.html @@ -6,26 +6,26 @@
    Add User -

    - {{realm.name}} users -

    +

    + {{realm.name}} users +

    -
    NameValue
    NameValue
    - - - - - - - - - - - - - - -
    UsernameFirstnameLastnameEmail
    {{user.userId}}{{user.firstName}}{{user.lastName}}{{user.email}}
    + + + + + + + + + + + + + + + +
    UsernameFirstnameLastnameEmail
    {{user.userId}}{{user.firstName}}{{user.lastName}}{{user.email}}