default groups
This commit is contained in:
parent
6989589e72
commit
98958a2bc4
17 changed files with 242 additions and 1 deletions
|
@ -37,6 +37,14 @@
|
|||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
<createTable tableName="REALM_DEFAULT_GROUPS">
|
||||
<column name="REALM_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
<column name="GROUP_ID" type="VARCHAR(36)">
|
||||
<constraints nullable="false"/>
|
||||
</column>
|
||||
</createTable>
|
||||
|
||||
<addColumn tableName="IDENTITY_PROVIDER">
|
||||
<column name="FIRST_BROKER_LOGIN_FLOW_ID" type="VARCHAR(36)">
|
||||
|
@ -58,6 +66,9 @@
|
|||
<addForeignKeyConstraint baseColumnNames="GROUP_ID" baseTableName="GROUP_ROLE_MAPPING" constraintName="FK_GROUP_ROLE_GROUP" referencedColumnNames="ID" referencedTableName="KEYCLOAK_GROUP"/>
|
||||
<addForeignKeyConstraint baseColumnNames="ROLE_ID" baseTableName="GROUP_ROLE_MAPPING" constraintName="FK_GROUP_ROLE_ROLE" referencedColumnNames="ID" referencedTableName="KEYCLOAK_ROLE"/>
|
||||
|
||||
<addUniqueConstraint columnNames="GROUP_ID" constraintName="CON_GROUP_ID_DEF_GROUPS" tableName="REALM_DEFAULT_GROUPS"/>
|
||||
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="REALM_DEFAULT_GROUPS" constraintName="FK_DEF_GROUPS_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
|
||||
<addForeignKeyConstraint baseColumnNames="GROUP_ID" baseTableName="REALM_DEFAULT_GROUPS" constraintName="FK_DEF_GROUPS_GROUP" referencedColumnNames="ID" referencedTableName="KEYCLOAK_GROUP"/>
|
||||
<addColumn tableName="CLIENT">
|
||||
<column name="REGISTRATION_TOKEN" type="VARCHAR(255)"/>
|
||||
</addColumn>
|
||||
|
|
|
@ -49,6 +49,7 @@ public class RealmRepresentation {
|
|||
protected RolesRepresentation roles;
|
||||
protected List<GroupRepresentation> groups;
|
||||
protected List<String> defaultRoles;
|
||||
protected List<String> defaultGroups;
|
||||
@Deprecated
|
||||
protected Set<String> requiredCredentials;
|
||||
protected String passwordPolicy;
|
||||
|
@ -269,6 +270,14 @@ public class RealmRepresentation {
|
|||
this.defaultRoles = defaultRoles;
|
||||
}
|
||||
|
||||
public List<String> getDefaultGroups() {
|
||||
return defaultGroups;
|
||||
}
|
||||
|
||||
public void setDefaultGroups(List<String> defaultGroups) {
|
||||
this.defaultGroups = defaultGroups;
|
||||
}
|
||||
|
||||
public String getPrivateKey() {
|
||||
return privateKey;
|
||||
}
|
||||
|
|
|
@ -47,6 +47,19 @@ public interface RealmResource {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public GroupRepresentation getGroupByPath(@PathParam("path") String path);
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("default-groups")
|
||||
public List<GroupRepresentation> getDefaultGroups();
|
||||
|
||||
@PUT
|
||||
@Path("default-groups/{groupId}")
|
||||
public void addDefaultGroup(@PathParam("groupId") String groupId);
|
||||
|
||||
@DELETE
|
||||
@Path("default-groups/{groupId}")
|
||||
public void removeDefaultGroup(@PathParam("groupId") String groupId);
|
||||
|
||||
@Path("identity-provider")
|
||||
IdentityProvidersResource identityProviders();
|
||||
|
||||
|
|
|
@ -165,6 +165,12 @@ public interface RealmModel extends RoleContainerModel {
|
|||
|
||||
void updateDefaultRoles(String[] defaultRoles);
|
||||
|
||||
List<GroupModel> getDefaultGroups();
|
||||
|
||||
void addDefaultGroup(GroupModel group);
|
||||
|
||||
void removeDefaultGroup(GroupModel group);
|
||||
|
||||
// Key is clientId
|
||||
Map<String, ClientModel> getClientNameMap();
|
||||
|
||||
|
|
|
@ -61,6 +61,7 @@ public class RealmEntity extends AbstractIdentifiableEntity {
|
|||
|
||||
// We are using names of defaultRoles (not ids)
|
||||
private List<String> defaultRoles = new ArrayList<String>();
|
||||
private List<String> defaultGroups = new ArrayList<String>();
|
||||
|
||||
private List<RequiredCredentialEntity> requiredCredentials = new ArrayList<RequiredCredentialEntity>();
|
||||
private List<UserFederationProviderEntity> userFederationProviders = new ArrayList<UserFederationProviderEntity>();
|
||||
|
@ -629,6 +630,14 @@ public class RealmEntity extends AbstractIdentifiableEntity {
|
|||
public void setClientAuthenticationFlow(String clientAuthenticationFlow) {
|
||||
this.clientAuthenticationFlow = clientAuthenticationFlow;
|
||||
}
|
||||
|
||||
public List<String> getDefaultGroups() {
|
||||
return defaultGroups;
|
||||
}
|
||||
|
||||
public void setDefaultGroups(List<String> defaultGroups) {
|
||||
this.defaultGroups = defaultGroups;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -239,6 +239,14 @@ public class ModelToRepresentation {
|
|||
roleStrings.addAll(defaultRoles);
|
||||
rep.setDefaultRoles(roleStrings);
|
||||
}
|
||||
List<GroupModel> defaultGroups = realm.getDefaultGroups();
|
||||
if (!defaultGroups.isEmpty()) {
|
||||
List<String> groupPaths = new LinkedList<>();
|
||||
for (GroupModel group : defaultGroups) {
|
||||
groupPaths.add(ModelToRepresentation.buildGroupPath(group));
|
||||
}
|
||||
rep.setDefaultGroups(groupPaths);
|
||||
}
|
||||
|
||||
List<RequiredCredentialModel> requiredCredentialModels = realm.getRequiredCredentials();
|
||||
if (requiredCredentialModels.size() > 0) {
|
||||
|
|
|
@ -315,6 +315,13 @@ public class RepresentationToModel {
|
|||
|
||||
if (rep.getGroups() != null) {
|
||||
importGroups(newRealm, rep);
|
||||
if (rep.getDefaultGroups() != null) {
|
||||
for (String path : rep.getDefaultGroups()) {
|
||||
GroupModel found = KeycloakModelUtils.findGroupByPath(newRealm, path);
|
||||
if (found == null) throw new RuntimeException("default group in realm rep doesn't exist: " + path);
|
||||
newRealm.addDefaultGroup(found);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -480,6 +480,30 @@ public class RealmAdapter implements RealmModel {
|
|||
return cacheSession.getRoleById(id, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<GroupModel> getDefaultGroups() {
|
||||
List<GroupModel> defaultGroups = new LinkedList<>();
|
||||
for (String id : cached.getDefaultGroups()) {
|
||||
defaultGroups.add(cacheSession.getGroupById(id, this));
|
||||
}
|
||||
return defaultGroups;
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addDefaultGroup(GroupModel group) {
|
||||
getDelegateForUpdate();
|
||||
updated.addDefaultGroup(group);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeDefaultGroup(GroupModel group) {
|
||||
getDelegateForUpdate();
|
||||
updated.removeDefaultGroup(group);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> getDefaultRoles() {
|
||||
if (updated != null) return updated.getDefaultRoles();
|
||||
|
|
|
@ -107,6 +107,7 @@ public class CachedRealm implements Serializable {
|
|||
protected Set<String> adminEnabledEventOperations = new HashSet<String>();
|
||||
protected boolean adminEventsDetailsEnabled;
|
||||
private List<String> defaultRoles = new LinkedList<String>();
|
||||
private List<String> defaultGroups = new LinkedList<String>();
|
||||
private Set<String> groups = new HashSet<String>();
|
||||
private Map<String, String> realmRoles = new HashMap<String, String>();
|
||||
private Map<String, String> clients = new HashMap<String, String>();
|
||||
|
@ -229,6 +230,10 @@ public class CachedRealm implements Serializable {
|
|||
requiredActionProvidersByAlias.put(action.getAlias(), action);
|
||||
}
|
||||
|
||||
for (GroupModel group : model.getDefaultGroups()) {
|
||||
defaultGroups.add(group.getId());
|
||||
}
|
||||
|
||||
browserFlow = model.getBrowserFlow();
|
||||
registrationFlow = model.getRegistrationFlow();
|
||||
directGrantFlow = model.getDirectGrantFlow();
|
||||
|
@ -516,4 +521,8 @@ public class CachedRealm implements Serializable {
|
|||
public Set<String> getGroups() {
|
||||
return groups;
|
||||
}
|
||||
|
||||
public List<String> getDefaultGroups() {
|
||||
return defaultGroups;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -71,6 +71,10 @@ public class JpaUserProvider implements UserProvider {
|
|||
userModel.grantRole(application.getRole(r));
|
||||
}
|
||||
}
|
||||
|
||||
for (GroupModel g : realm.getDefaultGroups()) {
|
||||
userModel.joinGroup(g);
|
||||
}
|
||||
}
|
||||
for (RequiredActionProviderModel r : realm.getRequiredActionProviders()) {
|
||||
if (r.isEnabled() && r.isDefaultAction()) {
|
||||
|
|
|
@ -647,6 +647,44 @@ public class RealmAdapter implements RealmModel {
|
|||
em.flush();
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<GroupModel> getDefaultGroups() {
|
||||
Collection<GroupEntity> entities = realm.getDefaultGroups();
|
||||
List<GroupModel> defaultGroups = new LinkedList<>();
|
||||
for (GroupEntity entity : entities) {
|
||||
defaultGroups.add(session.realms().getGroupById(entity.getId(), this));
|
||||
}
|
||||
return defaultGroups;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addDefaultGroup(GroupModel group) {
|
||||
Collection<GroupEntity> entities = realm.getDefaultGroups();
|
||||
for (GroupEntity entity : entities) {
|
||||
if (entity.getId().equals(group.getId())) return;
|
||||
}
|
||||
GroupEntity groupEntity = GroupAdapter.toEntity(group, em);
|
||||
realm.getDefaultGroups().add(groupEntity);
|
||||
em.flush();
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeDefaultGroup(GroupModel group) {
|
||||
GroupEntity found = null;
|
||||
for (GroupEntity defaultGroup : realm.getDefaultGroups()) {
|
||||
if (defaultGroup.getId().equals(group.getId())) {
|
||||
found = defaultGroup;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (found != null) {
|
||||
realm.getDefaultGroups().remove(found);
|
||||
em.flush();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, ClientModel> getClientNameMap() {
|
||||
Map<String, ClientModel> map = new HashMap<String, ClientModel>();
|
||||
|
@ -2002,6 +2040,7 @@ public class RealmAdapter implements RealmModel {
|
|||
if (!groupEntity.getRealm().getId().equals(getId())) {
|
||||
return false;
|
||||
}
|
||||
realm.getDefaultRoles().remove(groupEntity);
|
||||
for (GroupModel subGroup : group.getSubGroups()) {
|
||||
removeGroup(subGroup);
|
||||
}
|
||||
|
|
|
@ -92,7 +92,7 @@ public class GroupEntity {
|
|||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) return true;
|
||||
if (o == null || getClass() != o.getClass()) return false;
|
||||
if (o == null) return false;
|
||||
|
||||
GroupEntity that = (GroupEntity) o;
|
||||
|
||||
|
|
|
@ -143,6 +143,10 @@ public class RealmEntity {
|
|||
@JoinTable(name="REALM_DEFAULT_ROLES", joinColumns = { @JoinColumn(name="REALM_ID")}, inverseJoinColumns = { @JoinColumn(name="ROLE_ID")})
|
||||
protected Collection<RoleEntity> defaultRoles = new ArrayList<RoleEntity>();
|
||||
|
||||
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
|
||||
@JoinTable(name="REALM_DEFAULT_GROUPS", joinColumns = { @JoinColumn(name="REALM_ID")}, inverseJoinColumns = { @JoinColumn(name="GROUP_ID")})
|
||||
protected Collection<GroupEntity> defaultGroups = new ArrayList<>();
|
||||
|
||||
@Column(name="EVENTS_ENABLED")
|
||||
protected boolean eventsEnabled;
|
||||
@Column(name="EVENTS_EXPIRATION")
|
||||
|
@ -426,6 +430,14 @@ public class RealmEntity {
|
|||
this.defaultRoles = defaultRoles;
|
||||
}
|
||||
|
||||
public Collection<GroupEntity> getDefaultGroups() {
|
||||
return defaultGroups;
|
||||
}
|
||||
|
||||
public void setDefaultGroups(Collection<GroupEntity> defaultGroups) {
|
||||
this.defaultGroups = defaultGroups;
|
||||
}
|
||||
|
||||
public String getPasswordPolicy() {
|
||||
return passwordPolicy;
|
||||
}
|
||||
|
|
|
@ -300,6 +300,9 @@ public class MongoUserProvider implements UserProvider {
|
|||
userModel.grantRole(application.getRole(r));
|
||||
}
|
||||
}
|
||||
for (GroupModel g : realm.getDefaultGroups()) {
|
||||
userModel.joinGroup(g);
|
||||
}
|
||||
}
|
||||
|
||||
if (addDefaultRequiredActions) {
|
||||
|
|
|
@ -681,6 +681,9 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
|
||||
@Override
|
||||
public boolean removeGroup(GroupModel group) {
|
||||
if (realm.getDefaultGroups() != null) {
|
||||
getMongoStore().pullItemFromList(realm, "defaultGroups", group.getId(), invocationContext);
|
||||
}
|
||||
for (GroupModel subGroup : group.getSubGroups()) {
|
||||
removeGroup(subGroup);
|
||||
}
|
||||
|
@ -689,6 +692,8 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
return getMongoStore().removeEntity(MongoGroupEntity.class, group.getId(), invocationContext);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@Override
|
||||
public List<String> getDefaultRoles() {
|
||||
return realm.getDefaultRoles();
|
||||
|
@ -720,6 +725,27 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
updateRealm();
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<GroupModel> getDefaultGroups() {
|
||||
List<GroupModel> defaultGroups = new LinkedList<>();
|
||||
for (String id : realm.getDefaultGroups()) {
|
||||
defaultGroups.add(session.realms().getGroupById(id, this));
|
||||
}
|
||||
return defaultGroups;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addDefaultGroup(GroupModel group) {
|
||||
getMongoStore().pushItemToList(realm, "defaultGroups", group.getId(), true, invocationContext);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeDefaultGroup(GroupModel group) {
|
||||
getMongoStore().pullItemFromList(realm, "defaultGroups", group.getId(), invocationContext);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public ClientModel getClientById(String id) {
|
||||
return model.getClientById(id, this);
|
||||
|
|
|
@ -634,6 +634,48 @@ public class RealmAdminResource {
|
|||
return new IdentityProvidersResource(realm, session, this.auth, adminEvent);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get group hierarchy. Only name and ids are returned.
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
@GET
|
||||
@NoCache
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("default-groups")
|
||||
public List<GroupRepresentation> getDefaultGroups() {
|
||||
this.auth.requireView();
|
||||
List<GroupRepresentation> defaults = new LinkedList<>();
|
||||
for (GroupModel group : realm.getDefaultGroups()) {
|
||||
defaults.add(ModelToRepresentation.toRepresentation(group, false));
|
||||
}
|
||||
return defaults;
|
||||
}
|
||||
@PUT
|
||||
@NoCache
|
||||
@Path("default-groups/{groupId}")
|
||||
public void addDefaultGroup(@PathParam("groupId") String groupId) {
|
||||
this.auth.requireManage();
|
||||
GroupModel group = realm.getGroupById(groupId);
|
||||
if (group == null) {
|
||||
throw new NotFoundException("Group not found");
|
||||
}
|
||||
realm.addDefaultGroup(group);
|
||||
}
|
||||
|
||||
@DELETE
|
||||
@NoCache
|
||||
@Path("default-groups/{groupId}")
|
||||
public void removeDefaultGroup(@PathParam("groupId") String groupId) {
|
||||
this.auth.requireManage();
|
||||
GroupModel group = realm.getGroupById(groupId);
|
||||
if (group == null) {
|
||||
throw new NotFoundException("Group not found");
|
||||
}
|
||||
realm.removeDefaultGroup(group);
|
||||
}
|
||||
|
||||
|
||||
@Path("groups")
|
||||
public GroupsResource getGroups() {
|
||||
GroupsResource resource = new GroupsResource(realm, session, this.auth, adminEvent);
|
||||
|
|
|
@ -180,6 +180,25 @@ public class GroupTest {
|
|||
Assert.assertTrue(token.getRealmAccess().getRoles().contains("level2Role"));
|
||||
Assert.assertTrue(token.getRealmAccess().getRoles().contains("level3Role"));
|
||||
|
||||
realm.addDefaultGroup(level3Group.getId());
|
||||
|
||||
List<GroupRepresentation> defaultGroups = realm.getDefaultGroups();
|
||||
Assert.assertEquals(1, defaultGroups.size());
|
||||
Assert.assertEquals(defaultGroups.get(0).getId(), level3Group.getId());
|
||||
|
||||
UserRepresentation newUser = new UserRepresentation();
|
||||
newUser.setUsername("groupUser");
|
||||
newUser.setEmail("group@group.com");
|
||||
response = realm.users().create(newUser);
|
||||
response.close();
|
||||
newUser = realm.users().search("groupUser", -1, -1).get(0);
|
||||
membership = realm.users().get(newUser.getId()).groups();
|
||||
Assert.assertEquals(1, membership.size());
|
||||
Assert.assertEquals("level3", membership.get(0).getName());
|
||||
|
||||
realm.removeDefaultGroup(level3Group.getId());
|
||||
defaultGroups = realm.getDefaultGroups();
|
||||
Assert.assertEquals(0, defaultGroups.size());
|
||||
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue