diff --git a/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java b/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java index e712dd4bd1..b4058b1409 100755 --- a/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java +++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java @@ -25,6 +25,7 @@ import org.keycloak.broker.provider.FederatedIdentity; import org.keycloak.broker.provider.IdentityBrokerException; import org.keycloak.events.Errors; import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventGroup; import org.keycloak.events.EventType; import org.keycloak.jose.jws.JWSInput; import org.keycloak.models.RealmModel; @@ -32,7 +33,6 @@ import org.keycloak.models.UserSessionModel; import org.keycloak.representations.AccessTokenResponse; import org.keycloak.representations.IDToken; import org.keycloak.services.managers.AuthenticationManager; -import org.keycloak.services.managers.EventsManager; import org.keycloak.services.messages.Messages; import org.keycloak.services.resources.IdentityBrokerService; import org.keycloak.services.resources.RealmsResource; @@ -88,14 +88,14 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider + + + + + + + + + + + + + diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmEventsConfigRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmEventsConfigRepresentation.java index acadc95246..a88a75d93d 100755 --- a/core/src/main/java/org/keycloak/representations/idm/RealmEventsConfigRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/RealmEventsConfigRepresentation.java @@ -10,6 +10,7 @@ public class RealmEventsConfigRepresentation { protected boolean eventsEnabled; protected Long eventsExpiration; protected List eventsListeners; + protected List enabledEventTypes; public boolean isEventsEnabled() { return eventsEnabled; @@ -34,4 +35,12 @@ public class RealmEventsConfigRepresentation { public void setEventsListeners(List eventsListeners) { this.eventsListeners = eventsListeners; } + + public List getEnabledEventTypes() { + return enabledEventTypes; + } + + public void setEnabledEventTypes(List enabledEventTypes) { + this.enabledEventTypes = enabledEventTypes; + } } diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java index 8a4727b441..b350e3825a 100755 --- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java @@ -68,6 +68,7 @@ public class RealmRepresentation { protected Boolean eventsEnabled; protected Long eventsExpiration; protected List eventsListeners; + protected List enabledEventTypes; private List identityProviders; private List protocolMappers; private Boolean identityFederationEnabled; @@ -503,6 +504,14 @@ public class RealmRepresentation { public void setEventsListeners(List eventsListeners) { this.eventsListeners = eventsListeners; } + + public List getEnabledEventTypes() { + return enabledEventTypes; + } + + public void setEnabledEventTypes(List enabledEventTypes) { + this.enabledEventTypes = enabledEventTypes; + } public List getUserFederationProviders() { return userFederationProviders; diff --git a/events/api/src/main/java/org/keycloak/events/Details.java b/events/api/src/main/java/org/keycloak/events/Details.java index d24390c242..e0a3fc6fa0 100755 --- a/events/api/src/main/java/org/keycloak/events/Details.java +++ b/events/api/src/main/java/org/keycloak/events/Details.java @@ -13,7 +13,7 @@ public interface Details { String RESPONSE_TYPE = "response_type"; String AUTH_METHOD = "auth_method"; String IDENTITY_PROVIDER = "identity_provider"; - String IDENTITY_PROVIDER_IDENTITY = "identity_provider_identity"; + String IDENTITY_PROVIDER_USERNAME = "identity_provider_identity"; String REGISTER_METHOD = "register_method"; String USERNAME = "username"; String REMEMBER_ME = "remember_me"; @@ -23,4 +23,10 @@ public interface Details { String UPDATED_REFRESH_TOKEN_ID = "updated_refresh_token_id"; String NODE_HOST = "node_host"; String REASON = "reason"; + + String REALM = "realm"; + String REPRESENTATION = "representation"; + + String APPLICATION_CLUSTER_NODE = "application_cluster_node"; + } diff --git a/events/api/src/main/java/org/keycloak/events/Event.java b/events/api/src/main/java/org/keycloak/events/Event.java index 0099e8305b..af603339b3 100644 --- a/events/api/src/main/java/org/keycloak/events/Event.java +++ b/events/api/src/main/java/org/keycloak/events/Event.java @@ -11,6 +11,8 @@ public class Event { private long time; private EventType type; + + private EventGroup group; private String realmId; @@ -24,6 +26,8 @@ public class Event { private String error; + private String representation; + private Map details; public long getTime() { @@ -41,6 +45,14 @@ public class Event { public void setType(EventType type) { this.type = type; } + + public EventGroup getGroup() { + return group; + } + + public void setGroup(EventGroup group) { + this.group = group; + } public String getRealmId() { return realmId; @@ -90,6 +102,14 @@ public class Event { this.error = error; } + public String getRepresentation() { + return representation; + } + + public void setRepresentation(String representation) { + this.representation = representation; + } + public Map getDetails() { return details; } @@ -102,13 +122,15 @@ public class Event { Event clone = new Event(); clone.time = time; clone.type = type; + clone.group = group; clone.realmId = realmId; clone.clientId = clientId; clone.userId = userId; clone.sessionId = sessionId; clone.ipAddress = ipAddress; clone.error = error; - clone.details = details != null ? new HashMap(details) : null; + clone.details = details != null ? new HashMap<>(details) : null; + clone.representation = representation; return clone; } diff --git a/events/api/src/main/java/org/keycloak/events/EventBuilder.java b/events/api/src/main/java/org/keycloak/events/EventBuilder.java index 8ab685777e..de8fcc8c67 100644 --- a/events/api/src/main/java/org/keycloak/events/EventBuilder.java +++ b/events/api/src/main/java/org/keycloak/events/EventBuilder.java @@ -1,12 +1,17 @@ package org.keycloak.events; import org.jboss.logging.Logger; +import org.keycloak.ClientConnection; import org.keycloak.models.ClientModel; +import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; +import org.keycloak.util.JsonSerialization; +import java.io.IOException; import java.util.HashMap; +import java.util.LinkedList; import java.util.List; /** @@ -16,18 +21,47 @@ public class EventBuilder { private static final Logger log = Logger.getLogger(EventBuilder.class); + private EventStoreProvider store; private List listeners; + private RealmModel realm; private Event event; - public EventBuilder(List listeners, RealmModel realm, String ipAddress) { - this.listeners = listeners; - this.event = new Event(); + public EventBuilder(EventGroup group, RealmModel realm, KeycloakSession session, ClientConnection clientConnection) { + this.realm = realm; + + event = new Event(); + event.setGroup(group); + + if (realm.isEventsEnabled()) { + EventStoreProvider store = session.getProvider(EventStoreProvider.class); + if (store != null) { + this.store = store; + } else { + log.error("Events enabled, but no event store provider configured"); + } + } + + if (realm.getEventsListeners() != null && !realm.getEventsListeners().isEmpty()) { + this.listeners = new LinkedList<>(); + for (String id : realm.getEventsListeners()) { + EventListenerProvider listener = session.getProvider(EventListenerProvider.class, id); + if (listener != null) { + listeners.add(listener); + } else { + log.error("Event listener '" + id + "' registered, but provider not found"); + } + } + } realm(realm); - ipAddress(ipAddress); + ipAddress(clientConnection.getRemoteAddr()); } - EventBuilder() { + private EventBuilder(EventStoreProvider store, List listeners, RealmModel realm, Event event) { + this.store = store; + this.listeners = listeners; + this.realm = realm; + this.event = event; } public EventBuilder realm(RealmModel realm) { @@ -92,6 +126,18 @@ public class EventBuilder { return this; } + public EventBuilder representation(Object value) { + if (value == null || value.equals("")) { + return this; + } + try { + event.setRepresentation(JsonSerialization.writeValueAsPrettyString(value)); + } catch (IOException e) { + throw new RuntimeException(e); + } + return this; + } + public EventBuilder removeDetail(String key) { if (event.getDetails() != null) { event.getDetails().remove(key); @@ -114,27 +160,22 @@ public class EventBuilder { } public EventBuilder clone() { - EventBuilder clone = new EventBuilder(); - clone.listeners = listeners; - clone.event = event.clone(); - return clone; - } - - public EventBuilder reset() { - Event old = event; - - event = new Event(); - event.setRealmId(old.getRealmId()); - event.setIpAddress(old.getIpAddress()); - event.setClientId(old.getClientId()); - event.setUserId(old.getUserId()); - - return this; + return new EventBuilder(store, listeners, realm, event.clone()); } private void send() { event.setTime(System.currentTimeMillis()); + if (store != null) { + if (realm.getEnabledEventTypes() != null && !realm.getEnabledEventTypes().isEmpty() ? realm.getEnabledEventTypes().contains(event.getType().name()) : event.getType().isSaveByDefault()) { + try { + store.onEvent(event); + } catch (Throwable t) { + log.error("Failed to save event", t); + } + } + } + if (listeners != null) { for (EventListenerProvider l : listeners) { try { diff --git a/events/api/src/main/java/org/keycloak/events/EventGroup.java b/events/api/src/main/java/org/keycloak/events/EventGroup.java new file mode 100644 index 0000000000..f4ce2d38ee --- /dev/null +++ b/events/api/src/main/java/org/keycloak/events/EventGroup.java @@ -0,0 +1,11 @@ +package org.keycloak.events; + +/** + * @author Giriraj Sharma + */ +public enum EventGroup { + + ADMIN, + USER + +} diff --git a/events/api/src/main/java/org/keycloak/events/EventType.java b/events/api/src/main/java/org/keycloak/events/EventType.java index d66660d93e..d4638c2eb4 100755 --- a/events/api/src/main/java/org/keycloak/events/EventType.java +++ b/events/api/src/main/java/org/keycloak/events/EventType.java @@ -5,57 +5,125 @@ package org.keycloak.events; */ public enum EventType { - LOGIN, - LOGIN_ERROR, - REGISTER, - REGISTER_ERROR, - LOGOUT, - LOGOUT_ERROR, - CODE_TO_TOKEN, - CODE_TO_TOKEN_ERROR, - REFRESH_TOKEN, - VALIDATE_ACCESS_TOKEN, - VALIDATE_ACCESS_TOKEN_ERROR, - REFRESH_TOKEN_ERROR, - SOCIAL_LINK, - SOCIAL_LINK_ERROR, - REMOVE_FEDERATED_IDENTITY, - REMOVE_SOCIAL_LINK_ERROR, + LOGIN(true), + LOGIN_ERROR(true), + REGISTER(true), + REGISTER_ERROR(true), + LOGOUT(true), + LOGOUT_ERROR(true), - UPDATE_EMAIL, - UPDATE_EMAIL_ERROR, - UPDATE_PROFILE, - UPDATE_PROFILE_ERROR, - UPDATE_PASSWORD, - UPDATE_PASSWORD_ERROR, - UPDATE_TOTP, - UPDATE_TOTP_ERROR, - VERIFY_EMAIL, - VERIFY_EMAIL_ERROR, + CODE_TO_TOKEN(true), + CODE_TO_TOKEN_ERROR(true), - REMOVE_TOTP, - REMOVE_TOTP_ERROR, + REFRESH_TOKEN(false), + REFRESH_TOKEN_ERROR(false), + VALIDATE_ACCESS_TOKEN(false), + VALIDATE_ACCESS_TOKEN_ERROR(false), - SEND_VERIFY_EMAIL, - SEND_VERIFY_EMAIL_ERROR, - SEND_RESET_PASSWORD, - SEND_RESET_PASSWORD_ERROR, - RESET_PASSWORD, - RESET_PASSWORD_ERROR, + FEDERATED_IDENTITY_LINK(true), + FEDERATED_IDENTITY_LINK_ERROR(true), + REMOVE_FEDERATED_IDENTITY(true), + REMOVE_FEDERATED_IDENTITY_ERROR(true), - INVALID_SIGNATURE_ERROR, - REGISTER_NODE, - UNREGISTER_NODE, + UPDATE_EMAIL(true), + UPDATE_EMAIL_ERROR(true), + UPDATE_PROFILE(true), + UPDATE_PROFILE_ERROR(true), + UPDATE_PASSWORD(true), + UPDATE_PASSWORD_ERROR(true), + UPDATE_TOTP(true), + UPDATE_TOTP_ERROR(true), + VERIFY_EMAIL(true), + VERIFY_EMAIL_ERROR(true), - USER_INFO_REQUEST, - USER_INFO_REQUEST_ERROR, + REMOVE_TOTP(true), + REMOVE_TOTP_ERROR(true), + + SEND_VERIFY_EMAIL(true), + SEND_VERIFY_EMAIL_ERROR(true), + SEND_RESET_PASSWORD(true), + SEND_RESET_PASSWORD_ERROR(true), + RESET_PASSWORD(true), + RESET_PASSWORD_ERROR(true), + + INVALID_SIGNATURE_ERROR(false), + REGISTER_NODE(false), + UNREGISTER_NODE(false), + + USER_INFO_REQUEST(false), + USER_INFO_REQUEST_ERROR(false), + + IDENTITY_PROVIDER_LOGIN(false), + IDENTITY_PROVIDER_LOGIN_ERROR(false), + IDENTITY_PROVIDER_RESPONSE(false), + IDENTITY_PROVIDER_RESPONSE_ERROR(false), + IDENTITY_PROVIDER_RETRIEVE_TOKEN(false), + IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR(false), + IDENTITY_PROVIDER_ACCCOUNT_LINKING(false), + IDENTITY_PROVIDER_ACCCOUNT_LINKING_ERROR(false), + + VIEW_REALM(false), + CREATE_REALM(false), + UPDATE_REALM(false), + DELETE_REALM(false), + + VIEW_APPLICATIONS(false), + VIEW_APPLICATION(false), + CREATE_APPLICATION(false), + UPDATE_APPLICATION(false), + DELETE_APPLICATION(false), + + VIEW_APPLICATION_USER_SESSIONS(false), + LOGOUT_APPLICATION_USERS(false), + LOGOUT_USER(false), + + REGISTER_APPLICATION_CLUSTER_NODE(false), + UNREGISTER_APPLICATION_CLUSTER_NODE(false), + + VIEW_CLIENT_CERTIFICATE(false), + UPDATE_CLIENT_CERTIFICATE(false), + + VIEW_IDENTITY_PROVIDERS(false), + VIEW_IDENTITY_PROVIDER(false), + CREATE_IDENTITY_PROVIDER(false), + UPDATE_IDENTITY_PROVIDER(false), + DELETE_IDENTITY_PROVIDER(false), + + VIEW_OAUTH_CLIENTS(false), + VIEW_OAUTH_CLIENT(false), + CREATE_OAUTH_CLIENT(false), + UPDATE_OAUTH_CLIENT(false), + DELETE_OAUTH_CLIENT(false), + + VIEW_ROLES(false), + VIEW_ROLE(false), + CREATE_ROLE(false), + UPDATE_ROLE(false), + DELETE_ROLE(false), + + VIEW_USERS(false), + VIEW_USER(false), + CREATE_USER(false), + UPDATE_USER(false), + DELETE_USER(false), + + VIEW_USER_SESSIONS(false), + LOGOUT_USER_SESSIONS(false), + + VIEW_FEDERATION_PROVIDERS(false), + VIEW_FEDERATION_PROVIDER(false), + CREATE_FEDERATION_PROVIDER(false), + UPDATE_FEDERATION_PROVIDER(false), + DELETE_FEDERATION_PROVIDER(false); + + private boolean saveByDefault; + + EventType(boolean saveByDefault) { + this.saveByDefault = saveByDefault; + } + + public boolean isSaveByDefault() { + return saveByDefault; + } - IDENTITY_PROVIDER_LOGIN, - IDENTITY_PROVIDER_LOGIN_ERROR, - IDENTITY_PROVIDER_RESPONSE, - IDENTITY_PROVIDER_RESPONSE_ERROR, - IDENTITY_PROVIDER_RETRIEVE_TOKEN, - IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR, - IDENTITY_PROVIDER_ACCCOUNT_LINKING, - IDENTITY_PROVIDER_ACCCOUNT_LINKING_ERROR, } diff --git a/events/jpa/src/main/java/org/keycloak/events/jpa/EventEntity.java b/events/jpa/src/main/java/org/keycloak/events/jpa/EventEntity.java index 4a68bb3420..e6ca8777c0 100644 --- a/events/jpa/src/main/java/org/keycloak/events/jpa/EventEntity.java +++ b/events/jpa/src/main/java/org/keycloak/events/jpa/EventEntity.java @@ -3,6 +3,7 @@ package org.keycloak.events.jpa; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; +import javax.persistence.Lob; import javax.persistence.Table; /** @@ -21,6 +22,9 @@ public class EventEntity { @Column(name="TYPE") private String type; + + @Column(name="EVENT_GROUP") + private String group; @Column(name="REALM_ID") private String realmId; @@ -43,6 +47,10 @@ public class EventEntity { @Column(name="DETAILS_JSON", length = 2550) private String detailsJson; + @Column(name="REPRESENTATION") + @Lob + private String representation; + public String getId() { return id; } @@ -67,6 +75,14 @@ public class EventEntity { this.type = type; } + public String getGroup() { + return group; + } + + public void setGroup(String group) { + this.group = group; + } + public String getRealmId() { return realmId; } @@ -123,4 +139,11 @@ public class EventEntity { this.detailsJson = detailsJson; } + public String getRepresentation() { + return representation; + } + + public void setRepresentation(String representation) { + this.representation = representation; + } } diff --git a/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProvider.java b/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProvider.java index 40b3840055..08b432e693 100755 --- a/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProvider.java +++ b/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProvider.java @@ -4,15 +4,15 @@ import org.codehaus.jackson.map.ObjectMapper; import org.codehaus.jackson.type.TypeReference; import org.jboss.logging.Logger; import org.keycloak.events.Event; +import org.keycloak.events.EventGroup; import org.keycloak.events.EventQuery; import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventType; import javax.persistence.EntityManager; -import javax.persistence.EntityTransaction; + import java.io.IOException; import java.util.Map; -import java.util.Set; import java.util.UUID; /** @@ -26,12 +26,9 @@ public class JpaEventStoreProvider implements EventStoreProvider { private static final Logger logger = Logger.getLogger(JpaEventStoreProvider.class); private EntityManager em; - private EntityTransaction tx; - private Set includedEvents; - public JpaEventStoreProvider(EntityManager em, Set includedEvents) { + public JpaEventStoreProvider(EntityManager em) { this.em = em; - this.includedEvents = includedEvents; } @Override @@ -56,9 +53,7 @@ public class JpaEventStoreProvider implements EventStoreProvider { @Override public void onEvent(Event event) { - if (includedEvents.contains(event.getType())) { - em.persist(convert(event)); - } + em.persist(convert(event)); } @Override @@ -70,12 +65,14 @@ public class JpaEventStoreProvider implements EventStoreProvider { e.setId(UUID.randomUUID().toString()); e.setTime(o.getTime()); e.setType(o.getType().toString()); + e.setGroup(o.getGroup().toString()); e.setRealmId(o.getRealmId()); e.setClientId(o.getClientId()); e.setUserId(o.getUserId()); e.setSessionId(o.getSessionId()); e.setIpAddress(o.getIpAddress()); e.setError(o.getError()); + e.setRepresentation(o.getRepresentation()); try { e.setDetailsJson(mapper.writeValueAsString(o.getDetails())); } catch (IOException ex) { @@ -88,12 +85,14 @@ public class JpaEventStoreProvider implements EventStoreProvider { Event e = new Event(); e.setTime(o.getTime()); e.setType(EventType.valueOf(o.getType())); + e.setGroup(EventGroup.valueOf(o.getGroup())); e.setRealmId(o.getRealmId()); e.setClientId(o.getClientId()); e.setUserId(o.getUserId()); e.setSessionId(o.getSessionId()); e.setIpAddress(o.getIpAddress()); e.setError(o.getError()); + e.setRepresentation(o.getRepresentation()); try { Map details = mapper.readValue(o.getDetailsJson(), mapType); e.setDetails(details); diff --git a/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProviderFactory.java b/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProviderFactory.java index 819c58f1dc..0d95457b0f 100755 --- a/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProviderFactory.java +++ b/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProviderFactory.java @@ -18,33 +18,14 @@ public class JpaEventStoreProviderFactory implements EventStoreProviderFactory { public static final String ID = "jpa"; - private Set includedEvents = new HashSet(); - @Override public EventStoreProvider create(KeycloakSession session) { JpaConnectionProvider connection = session.getProvider(JpaConnectionProvider.class); - return new JpaEventStoreProvider(connection.getEntityManager(), includedEvents); + return new JpaEventStoreProvider(connection.getEntityManager()); } @Override public void init(Config.Scope config) { - String[] include = config.getArray("include-events"); - if (include != null) { - for (String i : include) { - includedEvents.add(EventType.valueOf(i.toUpperCase())); - } - } else { - for (EventType i : EventType.values()) { - includedEvents.add(i); - } - } - - String[] exclude = config.getArray("exclude-events"); - if (exclude != null) { - for (String e : exclude) { - includedEvents.remove(EventType.valueOf(e.toUpperCase())); - } - } } @Override diff --git a/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java b/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java index 368ef20331..50de4d7bba 100755 --- a/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java +++ b/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java @@ -3,14 +3,15 @@ package org.keycloak.events.mongo; import com.mongodb.BasicDBObject; import com.mongodb.DBCollection; import com.mongodb.DBObject; + import org.keycloak.events.Event; +import org.keycloak.events.EventGroup; import org.keycloak.events.EventQuery; import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventType; import java.util.HashMap; import java.util.Map; -import java.util.Set; /** * @author Stian Thorgersen @@ -18,11 +19,9 @@ import java.util.Set; public class MongoEventStoreProvider implements EventStoreProvider { private DBCollection events; - private Set includedEvents; - public MongoEventStoreProvider(DBCollection events, Set includedEvents) { + public MongoEventStoreProvider(DBCollection events) { this.events = events; - this.includedEvents = includedEvents; } @Override @@ -50,9 +49,7 @@ public class MongoEventStoreProvider implements EventStoreProvider { @Override public void onEvent(Event event) { - if (includedEvents.contains(event.getType())) { - events.insert(convert(event)); - } + events.insert(convert(event)); } @Override @@ -63,12 +60,14 @@ public class MongoEventStoreProvider implements EventStoreProvider { BasicDBObject e = new BasicDBObject(); e.put("time", o.getTime()); e.put("type", o.getType().toString()); + e.put("group", o.getGroup().toString()); e.put("realmId", o.getRealmId()); e.put("clientId", o.getClientId()); e.put("userId", o.getUserId()); e.put("sessionId", o.getSessionId()); e.put("ipAddress", o.getIpAddress()); e.put("error", o.getError()); + e.put("representation", o.getRepresentation()); BasicDBObject details = new BasicDBObject(); if (o.getDetails() != null) { @@ -85,12 +84,14 @@ public class MongoEventStoreProvider implements EventStoreProvider { Event e = new Event(); e.setTime(o.getLong("time")); e.setType(EventType.valueOf(o.getString("type"))); + e.setGroup(EventGroup.valueOf(o.getString("group"))); e.setRealmId(o.getString("realmId")); e.setClientId(o.getString("clientId")); e.setUserId(o.getString("userId")); e.setSessionId(o.getString("sessionId")); e.setIpAddress(o.getString("ipAddress")); e.setError(o.getString("error")); + e.setRepresentation(o.getString("representation")); BasicDBObject d = (BasicDBObject) o.get("details"); if (d != null) { diff --git a/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProviderFactory.java b/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProviderFactory.java index 517bad6c20..ecf21a4eba 100755 --- a/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProviderFactory.java +++ b/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProviderFactory.java @@ -23,8 +23,6 @@ public class MongoEventStoreProviderFactory implements EventStoreProviderFactory public static final String ID = "mongo"; - private Set includedEvents = new HashSet(); - @Override public EventStoreProvider create(KeycloakSession session) { MongoConnectionProvider connection = session.getProvider(MongoConnectionProvider.class); @@ -32,28 +30,11 @@ public class MongoEventStoreProviderFactory implements EventStoreProviderFactory DBCollection collection = connection.getDB().getCollection("events"); collection.setWriteConcern(WriteConcern.UNACKNOWLEDGED); - return new MongoEventStoreProvider(collection, includedEvents); + return new MongoEventStoreProvider(collection); } @Override public void init(Config.Scope config) { - String[] include = config.getArray("include-events"); - if (include != null) { - for (String i : include) { - includedEvents.add(EventType.valueOf(i.toUpperCase())); - } - } else { - for (EventType i : EventType.values()) { - includedEvents.add(i); - } - } - - String[] exclude = config.getArray("exclude-events"); - if (exclude != null) { - for (String e : exclude) { - includedEvents.remove(EventType.valueOf(e.toUpperCase())); - } - } } @Override diff --git a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProvider.java b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProvider.java index efe716f296..d980af3d33 100755 --- a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProvider.java +++ b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProvider.java @@ -24,7 +24,7 @@ public class MemEventStoreProvider implements EventStoreProvider { @Override public EventQuery createQuery() { - return new MemEventQuery(new LinkedList(events)); + return new MemEventQuery(new LinkedList<>(events)); } @Override @@ -59,7 +59,9 @@ public class MemEventStoreProvider implements EventStoreProvider { @Override public void onEvent(Event event) { - events.add(0, event); + if (!excludedEvents.contains(event.getType())) { + events.add(0, event); + } } @Override diff --git a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProviderFactory.java b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProviderFactory.java index a7dd5b3ddc..83fd80e1f8 100755 --- a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProviderFactory.java +++ b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProviderFactory.java @@ -34,7 +34,7 @@ public class MemEventStoreProviderFactory implements EventStoreProviderFactory { String excludes = config.get("excludes"); if (excludes != null) { - excludedEvents = new HashSet(); + excludedEvents = new HashSet<>(); for (String e : excludes.split(",")) { excludedEvents.add(EventType.valueOf(e)); } diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js index fc0ac6d7a1..e38c29cf75 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js @@ -244,6 +244,9 @@ module.config([ '$routeProvider', function($routeProvider) { resolve : { realm : function(RealmLoader) { return RealmLoader(); + }, + serverInfo : function(ServerInfoLoader) { + return ServerInfoLoader(); } }, controller : 'RealmEventsCtrl' diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js index 656ce931f9..bb7620e9e6 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js @@ -1239,6 +1239,12 @@ module.controller('RealmEventsConfigCtrl', function($scope, eventsConfig, RealmE $scope.eventListeners = serverInfo.eventListeners; + $scope.eventSelectOptions = { + 'multiple': true, + 'simple_tags': true, + 'tags': serverInfo.eventTypes + }; + var oldCopy = angular.copy($scope.eventsConfig); $scope.changed = false; @@ -1278,14 +1284,15 @@ module.controller('RealmEventsConfigCtrl', function($scope, eventsConfig, RealmE }; }); -module.controller('RealmEventsCtrl', function($scope, RealmEvents, realm) { +module.controller('RealmEventsCtrl', function($scope, RealmEvents, realm, serverInfo) { $scope.realm = realm; $scope.page = 0; - $scope.eventTypes = [{tag:'LOGIN'}, {tag:'REGISTER'}, {tag:'LOGOUT'}, {tag:'CODE_TO_TOKEN'}, {tag:'REFRESH_TOKEN'}, - {tag:'LOGIN_ERROR'}, {tag:'REGISTER_ERROR'}, {tag:'LOGOUT_ERROR'}, {tag:'CODE_TO_TOKEN_ERROR'}, {tag:'REFRESH_TOKEN_ERROR'}, - {tag:'VALIDATE_ACCESS_TOKEN'}, {tag:'VALIDATE_ACCESS_TOKEN_ERROR'}, {tag:'SOCIAL_LINK'}, {tag:'SOCIAL_LINK_ERROR'}, {tag:'REMOVE_FEDERATED_IDENTITY'}, - {tag:'REMOVE_SOCIAL_LINK_ERROR'}, {tag:'UPDATE_EMAIL'}, {tag:'UPDATE_PROFILE'}, {tag:'UPDATE_PASSWORD'}, {tag:'UPDATE_TOTP'}]; + $scope.eventSelectOptions = { + 'multiple': true, + 'simple_tags': true, + 'tags': serverInfo.eventTypes + }; $scope.query = { id : realm.realm, diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-config.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-config.html index 9ce707be65..3575e5bbbe 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-config.html +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-config.html @@ -18,6 +18,17 @@ + +
+ + +
+ +
+ + +
+
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events.html index 27843f3926..b6379c6a93 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events.html +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events.html @@ -31,13 +31,11 @@
- +
- -
-
+ +
+
@@ -58,7 +56,7 @@
- +
@@ -109,6 +107,16 @@ + + Representation + + + 
{{event.representation}}
+ + diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html index f468c59105..b2a90917d1 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html @@ -10,6 +10,15 @@

{{identityProvider.alias}} Provider Settings

* Required fields

+
+
+ +
+ +
+ +
+
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html index 86285a047e..ed67b7c114 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html @@ -10,6 +10,15 @@

{{identityProvider.alias}} Provider Settings

* Required fields

+
+
+ +
+ +
+ +
+
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html index 4a23349a38..214e6340a7 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html @@ -10,6 +10,15 @@

{{identityProvider.alias}} Provider Settings

* Required fields

+
+
+ +
+ +
+ +
+
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html index 4d81c6508e..1c0ed54a06 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html @@ -26,7 +26,7 @@ Name - Callback URI + Provider @@ -34,9 +34,7 @@ {{identityProvider.alias}} - - {{callbackUrl}}{{identityProvider.alias}}/endpoint - + {{identityProvider.providerId}} diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java index f74d54c0ba..f0c5ebfbd9 100755 --- a/model/api/src/main/java/org/keycloak/models/RealmModel.java +++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java @@ -236,6 +236,10 @@ public interface RealmModel extends RoleContainerModel { Set getEventsListeners(); void setEventsListeners(Set listeners); + + Set getEnabledEventTypes(); + + void setEnabledEventTypes(Set enabledEventTypes); ApplicationModel getMasterAdminApp(); diff --git a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java index 678fb3326a..50d2892c9e 100755 --- a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java +++ b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java @@ -62,6 +62,7 @@ public class RealmEntity extends AbstractIdentifiableEntity { private boolean eventsEnabled; private long eventsExpiration; private List eventsListeners = new ArrayList(); + private List enabledEventTypes = new ArrayList(); private String adminAppId; @@ -380,6 +381,14 @@ public class RealmEntity extends AbstractIdentifiableEntity { this.eventsListeners = eventsListeners; } + public List getEnabledEventTypes() { + return enabledEventTypes; + } + + public void setEnabledEventTypes(List enabledEventTypes) { + this.enabledEventTypes = enabledEventTypes; + } + public String getAdminAppId() { return adminAppId; } diff --git a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java index 1ff0b01ede..78a64ca99a 100755 --- a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java +++ b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java @@ -116,6 +116,9 @@ public class ModelToRepresentation { if (realm.getEventsListeners() != null) { rep.setEventsListeners(new LinkedList(realm.getEventsListeners())); } + if (realm.getEnabledEventTypes() != null) { + rep.setEnabledEventTypes(new LinkedList(realm.getEnabledEventTypes())); + } rep.setVerifyEmail(realm.isVerifyEmail()); rep.setResetPasswordAllowed(realm.isResetPasswordAllowed()); @@ -182,6 +185,11 @@ public class ModelToRepresentation { if (realm.getEventsListeners() != null) { rep.setEventsListeners(new LinkedList(realm.getEventsListeners())); } + + if(realm.getEnabledEventTypes() != null) { + rep.setEnabledEventTypes(new LinkedList(realm.getEnabledEventTypes())); + } + return rep; } diff --git a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index 85e724c90d..41e97c8e8d 100755 --- a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -357,6 +357,7 @@ public class RepresentationToModel { if (rep.isEventsEnabled() != null) realm.setEventsEnabled(rep.isEventsEnabled()); if (rep.getEventsExpiration() != null) realm.setEventsExpiration(rep.getEventsExpiration()); if (rep.getEventsListeners() != null) realm.setEventsListeners(new HashSet(rep.getEventsListeners())); + if (rep.getEnabledEventTypes() != null) realm.setEnabledEventTypes(new HashSet(rep.getEnabledEventTypes())); if (rep.getPasswordPolicy() != null) realm.setPasswordPolicy(new PasswordPolicy(rep.getPasswordPolicy())); diff --git a/model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java b/model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java index 5894784da2..448871b452 100755 --- a/model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java +++ b/model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java @@ -1038,6 +1038,20 @@ public class RealmAdapter implements RealmModel { realm.setEventsListeners(Collections.EMPTY_LIST); } } + + @Override + public Set getEnabledEventTypes() { + return new HashSet(realm.getEnabledEventTypes()); + } + + @Override + public void setEnabledEventTypes(Set enabledEventTypes) { + if (enabledEventTypes != null) { + realm.setEnabledEventTypes(new ArrayList(enabledEventTypes)); + } else { + realm.setEnabledEventTypes(Collections.EMPTY_LIST); + } + } @Override public ApplicationModel getMasterAdminApp() { diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java index 16c1d34d05..0cafa72535 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java @@ -806,6 +806,18 @@ public class RealmAdapter implements RealmModel { updated.setEventsListeners(listeners); } + @Override + public Set getEnabledEventTypes() { + if (updated != null) return updated.getEnabledEventTypes(); + return cached.getEnabledEventTypes(); + } + + @Override + public void setEnabledEventTypes(Set enabledEventTypes) { + getDelegateForUpdate(); + updated.setEnabledEventTypes(enabledEventTypes); + } + @Override public ApplicationModel getMasterAdminApp() { return cacheSession.getRealm(Config.getAdminRealm()).getApplicationById(cached.getMasterAdminApp()); diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java index a4ce5bb653..5bbe90565b 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java @@ -79,6 +79,7 @@ public class CachedRealm { private boolean eventsEnabled; private long eventsExpiration; private Set eventsListeners = new HashSet(); + private Set enabledEventTypes = new HashSet(); private List defaultRoles = new LinkedList(); private Map realmRoles = new HashMap(); private Map applications = new HashMap(); @@ -146,6 +147,7 @@ public class CachedRealm { eventsEnabled = model.isEventsEnabled(); eventsExpiration = model.getEventsExpiration(); eventsListeners.addAll(model.getEventsListeners()); + enabledEventTypes.addAll(model.getEnabledEventTypes()); defaultRoles.addAll(model.getDefaultRoles()); masterAdminApp = model.getMasterAdminApp().getId(); @@ -348,6 +350,10 @@ public class CachedRealm { public Set getEventsListeners() { return eventsListeners; } + + public Set getEnabledEventTypes() { + return enabledEventTypes; + } public List getUserFederationProviders() { return userFederationProviders; diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java index 132b949286..9f6245abcf 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java @@ -1139,6 +1139,17 @@ public class RealmAdapter implements RealmModel { realm.setEventsListeners(listeners); em.flush(); } + + @Override + public Set getEnabledEventTypes() { + return realm.getEnabledEventTypes(); + } + + @Override + public void setEnabledEventTypes(Set enabledEventTypes) { + realm.setEnabledEventTypes(enabledEventTypes); + em.flush(); + } @Override public ApplicationModel getMasterAdminApp() { diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java index 9fbf077855..b2a851ab1e 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java @@ -129,6 +129,11 @@ public class RealmEntity { @Column(name="VALUE") @CollectionTable(name="REALM_EVENTS_LISTENERS", joinColumns={ @JoinColumn(name="REALM_ID") }) protected Set eventsListeners = new HashSet(); + + @ElementCollection + @Column(name="VALUE") + @CollectionTable(name="REALM_ENABLED_EVENT_TYPES", joinColumns={ @JoinColumn(name="REALM_ID") }) + protected Set enabledEventTypes = new HashSet(); @OneToOne @JoinColumn(name="MASTER_ADMIN_APP") @@ -418,7 +423,15 @@ public class RealmEntity { public void setEventsListeners(Set eventsListeners) { this.eventsListeners = eventsListeners; } + + public Set getEnabledEventTypes() { + return enabledEventTypes; + } + public void setEnabledEventTypes(Set enabledEventTypes) { + this.enabledEventTypes = enabledEventTypes; + } + public ApplicationEntity getMasterAdminApp() { return masterAdminApp; } diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java index ba0c8d7b43..cff2ae58be 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java @@ -1045,6 +1045,21 @@ public class RealmAdapter extends AbstractMongoAdapter impleme updateRealm(); } + @Override + public Set getEnabledEventTypes() { + return new HashSet(realm.getEnabledEventTypes()); + } + + @Override + public void setEnabledEventTypes(Set enabledEventTypes) { + if (enabledEventTypes != null) { + realm.setEnabledEventTypes(new ArrayList(enabledEventTypes)); + } else { + realm.setEnabledEventTypes(Collections.EMPTY_LIST); + } + updateRealm(); + } + @Override public ApplicationModel getMasterAdminApp() { MongoApplicationEntity appData = getMongoStore().loadEntity(MongoApplicationEntity.class, realm.getAdminAppId(), invocationContext); diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java index 6bdae4e6ae..6c327b1a67 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java @@ -1,18 +1,9 @@ package org.keycloak.protocol.oidc; import org.jboss.logging.Logger; -import org.jboss.resteasy.annotations.cache.NoCache; -import org.jboss.resteasy.spi.HttpRequest; -import org.jboss.resteasy.spi.HttpResponse; import org.jboss.resteasy.spi.ResteasyProviderFactory; -import org.keycloak.ClientConnection; import org.keycloak.OAuth2Constants; -import org.keycloak.OAuthErrorException; -import org.keycloak.RSATokenVerifier; -import org.keycloak.events.Details; -import org.keycloak.events.Errors; import org.keycloak.events.EventBuilder; -import org.keycloak.events.EventType; import org.keycloak.jose.jwk.JWK; import org.keycloak.jose.jwk.JWKBuilder; import org.keycloak.login.LoginFormsProvider; @@ -25,8 +16,6 @@ import org.keycloak.protocol.oidc.endpoints.TokenEndpoint; import org.keycloak.protocol.oidc.endpoints.UserInfoEndpoint; import org.keycloak.protocol.oidc.endpoints.ValidateTokenEndpoint; import org.keycloak.protocol.oidc.representations.JSONWebKeySet; -import org.keycloak.representations.AccessToken; -import org.keycloak.services.ErrorResponseException; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.resources.RealmsResource; import org.keycloak.services.resources.flows.Flows; @@ -39,12 +28,8 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import javax.ws.rs.core.SecurityContext; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; -import javax.ws.rs.ext.Providers; -import java.util.HashMap; -import java.util.Map; /** * Resource class for the oauth/openid connect token service diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java index b41e9721f8..c600df720b 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java @@ -20,12 +20,12 @@ package org.keycloak.protocol.oidc.endpoints; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.HttpRequest; import org.jboss.resteasy.spi.HttpResponse; -import org.jboss.resteasy.spi.UnauthorizedException; import org.keycloak.ClientConnection; import org.keycloak.OAuthErrorException; import org.keycloak.RSATokenVerifier; import org.keycloak.events.Details; import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventGroup; import org.keycloak.events.EventType; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; @@ -36,8 +36,6 @@ import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.AccessToken; import org.keycloak.services.ErrorResponseException; import org.keycloak.services.managers.AppAuthManager; -import org.keycloak.services.managers.AuthenticationManager; -import org.keycloak.services.managers.EventsManager; import org.keycloak.services.resources.Cors; import org.keycloak.services.resources.flows.Urls; @@ -113,7 +111,7 @@ public class UserInfoEndpoint { } private Response issueUserInfo(String tokenString) { - EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder() + EventBuilder event = new EventBuilder(EventGroup.USER, realm, session, clientConnection) .event(EventType.USER_INFO_REQUEST) .detail(Details.AUTH_METHOD, Details.VALIDATE_ACCESS_TOKEN); diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index f8b9bb2d0b..023dd3d7b7 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -9,6 +9,7 @@ import org.keycloak.VerificationException; import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.events.Details; import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventGroup; import org.keycloak.events.EventType; import org.keycloak.jose.jws.JWSBuilder; import org.keycloak.login.LoginFormsProvider; @@ -181,7 +182,7 @@ public class AuthenticationManager { expireRememberMeCookie(realm, uriInfo, connection); userSession.setState(UserSessionModel.State.LOGGED_OUT); String method = userSession.getNote(KEYCLOAK_LOGOUT_PROTOCOL); - EventBuilder event = new EventsManager(realm, session, connection).createEventBuilder(); + EventBuilder event = new EventBuilder(EventGroup.USER, realm, session, connection); LoginProtocol protocol = session.getProvider(LoginProtocol.class, method); protocol.setRealm(realm) .setHttpHeaders(headers) diff --git a/services/src/main/java/org/keycloak/services/managers/EventsManager.java b/services/src/main/java/org/keycloak/services/managers/EventsManager.java deleted file mode 100755 index 6288546c7a..0000000000 --- a/services/src/main/java/org/keycloak/services/managers/EventsManager.java +++ /dev/null @@ -1,57 +0,0 @@ -package org.keycloak.services.managers; - -import org.jboss.logging.Logger; -import org.keycloak.ClientConnection; -import org.keycloak.events.EventBuilder; -import org.keycloak.events.EventListenerProvider; -import org.keycloak.events.EventStoreProvider; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; - -import java.util.LinkedList; -import java.util.List; - -/** - * @author Stian Thorgersen - */ -public class EventsManager { - - private Logger log = Logger.getLogger(EventsManager.class); - - private RealmModel realm; - private KeycloakSession session; - private ClientConnection clientConnection; - - public EventsManager(RealmModel realm, KeycloakSession session, ClientConnection clientConnection) { - this.realm = realm; - this.session = session; - this.clientConnection = clientConnection; - } - - public EventBuilder createEventBuilder() { - List listeners = new LinkedList(); - - if (realm.isEventsEnabled()) { - EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class); - if (eventStore != null) { - listeners.add(eventStore); - } else { - log.error("Events enabled, but no event store provider configured"); - } - } - - if (realm.getEventsListeners() != null) { - for (String id : realm.getEventsListeners()) { - EventListenerProvider listener = session.getProvider(EventListenerProvider.class, id); - if (listener != null) { - listeners.add(listener); - } else { - log.error("Event listener '" + id + "' registered, but provider not found"); - } - } - } - - return new EventBuilder(listeners, realm, clientConnection.getRemoteAddr()); - } - -} diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index 4da8e12ddf..138b0e4e78 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -25,6 +25,7 @@ import org.keycloak.timer.TimerProvider; import java.util.Collections; import java.util.HashSet; +import java.util.LinkedList; import java.util.List; /** @@ -161,6 +162,9 @@ public class RealmManager { if (rep.getEventsListeners() != null) { realm.setEventsListeners(new HashSet(rep.getEventsListeners())); } + if(rep.getEnabledEventTypes() != null) { + realm.setEnabledEventTypes(new HashSet(rep.getEnabledEventTypes())); + } } // Should be RealmManager moved to model/api instead of referencing methods this way? diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java index f694661a62..6a0e0b5895 100755 --- a/services/src/main/java/org/keycloak/services/resources/AccountService.java +++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java @@ -25,7 +25,6 @@ import org.jboss.logging.Logger; import org.jboss.resteasy.spi.BadRequestException; import org.jboss.resteasy.spi.HttpRequest; import org.keycloak.ClientConnection; -import org.keycloak.OAuth2Constants; import org.keycloak.account.AccountPages; import org.keycloak.account.AccountProvider; import org.keycloak.events.Details; @@ -46,7 +45,6 @@ import org.keycloak.services.managers.AppAuthManager; import org.keycloak.services.managers.Auth; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.ClientSessionCode; -import org.keycloak.services.managers.ResourceAdminManager; import org.keycloak.services.messages.Messages; import org.keycloak.services.resources.flows.Flows; import org.keycloak.services.resources.flows.OAuthRedirect; @@ -98,7 +96,7 @@ public class AccountService { } private static final EventType[] LOG_EVENTS = {EventType.LOGIN, EventType.LOGOUT, EventType.REGISTER, EventType.REMOVE_FEDERATED_IDENTITY, EventType.REMOVE_TOTP, EventType.SEND_RESET_PASSWORD, - EventType.SEND_VERIFY_EMAIL, EventType.SOCIAL_LINK, EventType.UPDATE_EMAIL, EventType.UPDATE_PASSWORD, EventType.UPDATE_PROFILE, EventType.UPDATE_TOTP, EventType.VERIFY_EMAIL}; + EventType.SEND_VERIFY_EMAIL, EventType.FEDERATED_IDENTITY_LINK, EventType.UPDATE_EMAIL, EventType.UPDATE_PASSWORD, EventType.UPDATE_PROFILE, EventType.UPDATE_TOTP, EventType.VERIFY_EMAIL}; private static final Set LOG_DETAILS = new HashSet(); static { diff --git a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java index 7a4bea5d58..3f4180186e 100755 --- a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java +++ b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java @@ -29,6 +29,7 @@ import org.keycloak.broker.provider.IdentityProviderFactory; import org.keycloak.events.Details; import org.keycloak.events.Errors; import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventGroup; import org.keycloak.events.EventType; import org.keycloak.models.ClientModel; import org.keycloak.models.ClientSessionModel; @@ -45,7 +46,6 @@ import org.keycloak.services.managers.AppAuthManager; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.AuthenticationManager.AuthResult; import org.keycloak.services.managers.ClientSessionCode; -import org.keycloak.services.managers.EventsManager; import org.keycloak.services.messages.Messages; import org.keycloak.services.resources.flows.Flows; import org.keycloak.services.resources.flows.Urls; @@ -109,7 +109,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal } public void init() { - this.event = new EventsManager(this.realmModel, this.session, this.clientConnection).createEventBuilder().event(EventType.IDENTITY_PROVIDER_LOGIN); + this.event = new EventBuilder(EventGroup.USER, realmModel, session, clientConnection).event(EventType.IDENTITY_PROVIDER_LOGIN); } @GET @@ -254,7 +254,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal this.event.event(EventType.IDENTITY_PROVIDER_LOGIN) .detail(Details.REDIRECT_URI, clientSession.getRedirectUri()) - .detail(Details.IDENTITY_PROVIDER_IDENTITY, federatedIdentity.getUsername()); + .detail(Details.IDENTITY_PROVIDER_USERNAME, federatedIdentity.getUsername()); UserModel federatedUser = this.session.users().getUserByFederatedIdentity(federatedIdentityModel, this.realmModel); @@ -514,7 +514,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal this.event.clone().user(federatedUser).event(EventType.REGISTER) .detail(Details.IDENTITY_PROVIDER, federatedIdentityModel.getIdentityProvider()) - .detail(Details.IDENTITY_PROVIDER_IDENTITY, updatedIdentity.getUsername()) + .detail(Details.IDENTITY_PROVIDER_USERNAME, updatedIdentity.getUsername()) .removeDetail("auth_method") .success(); diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java index 5b405355a6..186c0685b1 100755 --- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java +++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java @@ -29,6 +29,7 @@ import org.keycloak.email.EmailProvider; import org.keycloak.events.Details; import org.keycloak.events.Errors; import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventGroup; import org.keycloak.events.EventType; import org.keycloak.jose.jws.JWSBuilder; import org.keycloak.login.LoginFormsProvider; @@ -537,7 +538,7 @@ public class LoginActionsService { AttributeFormDataProcessor.process(formData, realm, user); event.user(user).success(); - event.reset(); + event = new EventBuilder(EventGroup.USER, realm, session, clientConnection); return processLogin(code, formData); } diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index 1f43e9af0e..a28839cd36 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -5,6 +5,7 @@ import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.ClientConnection; import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventGroup; import org.keycloak.models.ApplicationModel; import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; @@ -15,7 +16,6 @@ import org.keycloak.protocol.oidc.OIDCLoginProtocol; import org.keycloak.protocol.oidc.OIDCLoginProtocolService; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.BruteForceProtector; -import org.keycloak.services.managers.EventsManager; import org.keycloak.services.managers.RealmManager; import org.keycloak.wellknown.WellKnownProvider; @@ -91,7 +91,7 @@ public class RealmsResource { // backward compatibility RealmManager realmManager = new RealmManager(session); RealmModel realm = locateRealm(name, realmManager); - EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder(); + EventBuilder event = new EventBuilder(EventGroup.USER, realm, session, clientConnection); AuthenticationManager authManager = new AuthenticationManager(protector); LoginProtocolFactory factory = (LoginProtocolFactory)session.getKeycloakSessionFactory().getProviderFactory(LoginProtocol.class, OIDCLoginProtocol.LOGIN_PROTOCOL); @@ -107,7 +107,7 @@ public class RealmsResource { final @PathParam("protocol") String protocol) { RealmManager realmManager = new RealmManager(session); RealmModel realm = locateRealm(name, realmManager); - EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder(); + EventBuilder event = new EventBuilder(EventGroup.USER, realm, session, clientConnection); AuthenticationManager authManager = new AuthenticationManager(protector); LoginProtocolFactory factory = (LoginProtocolFactory)session.getKeycloakSessionFactory().getProviderFactory(LoginProtocol.class, protocol); @@ -129,7 +129,7 @@ public class RealmsResource { public LoginActionsService getLoginActionsService(final @PathParam("realm") String name) { RealmManager realmManager = new RealmManager(session); RealmModel realm = locateRealm(name, realmManager); - EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder(); + EventBuilder event = new EventBuilder(EventGroup.USER, realm, session, clientConnection); AuthenticationManager authManager = new AuthenticationManager(protector); LoginActionsService service = new LoginActionsService(realm, authManager, event); ResteasyProviderFactory.getInstance().injectProperties(service); @@ -142,7 +142,7 @@ public class RealmsResource { public ClientsManagementService getClientsManagementService(final @PathParam("realm") String name) { RealmManager realmManager = new RealmManager(session); RealmModel realm = locateRealm(name, realmManager); - EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder(); + EventBuilder event = new EventBuilder(EventGroup.USER, realm, session, clientConnection); ClientsManagementService service = new ClientsManagementService(realm, event); ResteasyProviderFactory.getInstance().injectProperties(service); return service; @@ -168,7 +168,7 @@ public class RealmsResource { throw new NotFoundException("account management not enabled"); } - EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder(); + EventBuilder event = new EventBuilder(EventGroup.USER, realm, session, clientConnection); AccountService accountService = new AccountService(realm, application, event); ResteasyProviderFactory.getInstance().injectProperties(accountService); //resourceContext.initResource(accountService); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java index 207d89a47c..8ed297ad8a 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java @@ -7,7 +7,6 @@ import org.jboss.resteasy.spi.HttpRequest; import org.jboss.resteasy.spi.HttpResponse; import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.ClientConnection; -import org.keycloak.Config; import org.keycloak.Version; import org.keycloak.freemarker.BrowserSecurityHeaderSetup; import org.keycloak.freemarker.FreeMarkerException; @@ -28,13 +27,10 @@ import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.resources.KeycloakApplication; import org.keycloak.services.resources.flows.Urls; -import org.keycloak.util.MimeTypeUtil; import javax.ws.rs.GET; import javax.ws.rs.Path; -import javax.ws.rs.PathParam; import javax.ws.rs.Produces; -import javax.ws.rs.core.CacheControl; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; @@ -42,7 +38,6 @@ import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; import javax.ws.rs.ext.Providers; import java.io.IOException; -import java.io.InputStream; import java.net.URI; import java.net.URISyntaxException; import java.util.HashMap; @@ -73,11 +68,6 @@ public class AdminConsole { @Context protected KeycloakSession session; - /* - @Context - protected ResourceContext resourceContext; - */ - @Context protected Providers providers; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java index 4ecdbabe27..01ad41f76f 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java @@ -8,6 +8,8 @@ import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.jboss.resteasy.spi.UnauthorizedException; import org.keycloak.ClientConnection; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventGroup; import org.keycloak.jose.jws.JWSInput; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; @@ -27,6 +29,7 @@ import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; + import java.io.IOException; /** @@ -70,9 +73,6 @@ public class AdminRoot { return base.path(AdminRoot.class); } - - - /** * Convenience path to master realm admin console * @@ -187,9 +187,11 @@ public class AdminRoot { Cors.add(request).allowedOrigins(auth.getToken()).allowedMethods("GET", "PUT", "POST", "DELETE").auth().build(response); - RealmsAdminResource adminResource = new RealmsAdminResource(auth, tokenManager); + EventBuilder event = new EventBuilder(EventGroup.ADMIN, auth.getRealm(), session, clientConnection); + event.user(auth.getUser()).client(auth.getClient()); + + RealmsAdminResource adminResource = new RealmsAdminResource(auth, tokenManager, event); ResteasyProviderFactory.getInstance().injectProperties(adminResource); - //resourceContext.initResource(adminResource); return adminResource; } @@ -211,7 +213,6 @@ public class AdminRoot { ServerInfoAdminResource adminResource = new ServerInfoAdminResource(); ResteasyProviderFactory.getInstance().injectProperties(adminResource); - //resourceContext.initResource(adminResource); return adminResource; } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java index 7df7b1ed25..0c8e21fe1a 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java @@ -5,6 +5,9 @@ import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.BadRequestException; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; +import org.keycloak.events.Details; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventType; import org.keycloak.models.ApplicationModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; @@ -40,6 +43,7 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; + import java.io.IOException; import java.util.ArrayList; import java.util.HashMap; @@ -57,8 +61,10 @@ public class ApplicationResource { protected static final Logger logger = Logger.getLogger(ApplicationResource.class); protected RealmModel realm; private RealmAuth auth; + private EventBuilder event; protected ApplicationModel application; protected KeycloakSession session; + @Context protected UriInfo uriInfo; @@ -69,11 +75,12 @@ public class ApplicationResource { return (KeycloakApplication)keycloak; } - public ApplicationResource(RealmModel realm, RealmAuth auth, ApplicationModel applicationModel, KeycloakSession session) { + public ApplicationResource(RealmModel realm, RealmAuth auth, ApplicationModel applicationModel, KeycloakSession session, EventBuilder event) { this.realm = realm; this.auth = auth; this.application = applicationModel; this.session = session; + this.event = event; auth.init(RealmAuth.Resource.APPLICATION); } @@ -98,6 +105,9 @@ public class ApplicationResource { try { RepresentationToModel.updateApplication(rep, application); + + event.event(EventType.UPDATE_APPLICATION).representation(rep).success(); + return Response.noContent().build(); } catch (ModelDuplicateException e) { return Flows.errors().exists("Application " + rep.getName() + " already exists"); @@ -116,7 +126,11 @@ public class ApplicationResource { public ApplicationRepresentation getApplication() { auth.requireView(); - return ModelToRepresentation.toRepresentation(application); + ApplicationRepresentation rep = ModelToRepresentation.toRepresentation(application); + + event.event(EventType.VIEW_APPLICATION).representation(rep).success(); + + return rep; } /** @@ -126,7 +140,7 @@ public class ApplicationResource { */ @Path("certificates/{attr}") public ClientAttributeCertificateResource getCertficateResource(@PathParam("attr") String attributePrefix) { - return new ClientAttributeCertificateResource(realm, auth, application, session, attributePrefix); + return new ClientAttributeCertificateResource(realm, auth, application, session, attributePrefix, event); } @@ -176,6 +190,9 @@ public class ApplicationResource { public void deleteApplication() { auth.requireManage(); + ApplicationRepresentation rep = getApplication(); + event.event(EventType.DELETE_APPLICATION).representation(rep).success(); + new ApplicationManager(new RealmManager(session)).removeApplication(realm, application); } @@ -228,7 +245,7 @@ public class ApplicationResource { @Path("roles") public RoleContainerResource getRoleContainerResource() { - return new RoleContainerResource(realm, auth, application); + return new RoleContainerResource(realm, auth, application, event); } /** @@ -331,6 +348,9 @@ public class ApplicationResource { UserSessionRepresentation rep = ModelToRepresentation.toRepresentation(userSession); sessions.add(rep); } + + event.event(EventType.VIEW_APPLICATION_USER_SESSIONS).representation(sessions).success(); + return sessions; } @@ -342,6 +362,9 @@ public class ApplicationResource { @POST public GlobalRequestResult logoutAll() { auth.requireManage(); + + event.event(EventType.LOGOUT_APPLICATION_USERS).success(); + return new ResourceAdminManager().logoutApplication(uriInfo.getRequestUri(), realm, application); } @@ -357,6 +380,8 @@ public class ApplicationResource { if (user == null) { throw new NotFoundException("User not found"); } + + event.event(EventType.LOGOUT_USER).success(); new ResourceAdminManager().logoutUserFromApplication(uriInfo.getRequestUri(), realm, application, user, session); } @@ -378,6 +403,10 @@ public class ApplicationResource { } if (logger.isDebugEnabled()) logger.debug("Register node: " + node); application.registerNode(node, Time.currentTime()); + + event.event(EventType.REGISTER_APPLICATION_CLUSTER_NODE) + .detail(Details.APPLICATION_CLUSTER_NODE, node) + .success(); } /** @@ -398,6 +427,10 @@ public class ApplicationResource { } application.unregisterNode(node); + + event.event(EventType.UNREGISTER_APPLICATION_CLUSTER_NODE) + .detail(Details.APPLICATION_CLUSTER_NODE, node) + .success(); } /** diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationsByIdResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationsByIdResource.java index fc93f017c3..5c840656d4 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationsByIdResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationsByIdResource.java @@ -1,5 +1,6 @@ package org.keycloak.services.resources.admin; +import org.keycloak.events.EventBuilder; import org.keycloak.models.ApplicationModel; import org.keycloak.models.RealmModel; @@ -8,8 +9,8 @@ import org.keycloak.models.RealmModel; * @version $Revision: 1 $ */ public class ApplicationsByIdResource extends ApplicationsResource { - public ApplicationsByIdResource(RealmModel realm, RealmAuth auth) { - super(realm, auth); + public ApplicationsByIdResource(RealmModel realm, RealmAuth auth, EventBuilder event) { + super(realm, auth, event); } @Override diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationsResource.java index c74a8f06ca..6bc6c2b249 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationsResource.java @@ -4,6 +4,8 @@ import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventType; import org.keycloak.models.ApplicationModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; @@ -23,6 +25,7 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; + import java.util.ArrayList; import java.util.List; @@ -36,14 +39,16 @@ public class ApplicationsResource { protected static final Logger logger = Logger.getLogger(RealmAdminResource.class); protected RealmModel realm; private RealmAuth auth; + private EventBuilder event; @Context protected KeycloakSession session; - public ApplicationsResource(RealmModel realm, RealmAuth auth) { + public ApplicationsResource(RealmModel realm, RealmAuth auth, EventBuilder event) { this.realm = realm; this.auth = auth; - + this.event = event; + auth.init(RealmAuth.Resource.APPLICATION); } @@ -71,6 +76,9 @@ public class ApplicationsResource { rep.add(app); } } + + event.event(EventType.VIEW_APPLICATIONS).representation(rep).success(); + return rep; } @@ -88,6 +96,9 @@ public class ApplicationsResource { try { ApplicationModel applicationModel = RepresentationToModel.createApplication(session, realm, rep, true); + + event.event(EventType.CREATE_APPLICATION).representation(rep).success(); + return Response.created(uriInfo.getAbsolutePathBuilder().path(getApplicationPath(applicationModel)).build()).build(); } catch (ModelDuplicateException e) { return Flows.errors().exists("Application " + rep.getName() + " already exists"); @@ -110,7 +121,7 @@ public class ApplicationsResource { if (applicationModel == null) { throw new NotFoundException("Could not find application: " + name); } - ApplicationResource applicationResource = new ApplicationResource(realm, auth, applicationModel, session); + ApplicationResource applicationResource = new ApplicationResource(realm, auth, applicationModel, session, event); ResteasyProviderFactory.getInstance().injectProperties(applicationResource); //resourceContext.initResource(applicationResource); return applicationResource; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java index 4510dc2ae6..e2f01e5a36 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java @@ -6,6 +6,8 @@ import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput; import org.jboss.resteasy.spi.BadRequestException; import org.jboss.resteasy.spi.NotAcceptableException; import org.jboss.resteasy.spi.NotFoundException; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventType; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -21,6 +23,7 @@ import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.UriInfo; + import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; @@ -39,18 +42,20 @@ import java.util.Map; * @version $Revision: 1 $ */ public class ClientAttributeCertificateResource { + public static final String PRIVATE_KEY = "private.key"; public static final String X509CERTIFICATE = "certificate"; protected RealmModel realm; private RealmAuth auth; + private EventBuilder event; protected ClientModel client; protected KeycloakSession session; protected String attributePrefix; protected String privateAttribute; protected String certificateAttribute; - public ClientAttributeCertificateResource(RealmModel realm, RealmAuth auth, ClientModel client, KeycloakSession session, String attributePrefix) { + public ClientAttributeCertificateResource(RealmModel realm, RealmAuth auth, ClientModel client, KeycloakSession session, String attributePrefix, EventBuilder event) { this.realm = realm; this.auth = auth; this.client = client; @@ -58,6 +63,7 @@ public class ClientAttributeCertificateResource { this.attributePrefix = attributePrefix; this.privateAttribute = attributePrefix + "." + PRIVATE_KEY; this.certificateAttribute = attributePrefix + "." + X509CERTIFICATE; + this.event = event; } public static class ClientKeyPairInfo { @@ -93,6 +99,9 @@ public class ClientAttributeCertificateResource { ClientKeyPairInfo info = new ClientKeyPairInfo(); info.setCertificate(client.getAttribute(certificateAttribute)); info.setPrivateKey(client.getAttribute(privateAttribute)); + + event.event(EventType.VIEW_CLIENT_CERTIFICATE).representation(info).success(); + return info; } @@ -131,6 +140,9 @@ public class ClientAttributeCertificateResource { ClientKeyPairInfo info = new ClientKeyPairInfo(); info.setCertificate(client.getAttribute(certificateAttribute)); info.setPrivateKey(client.getAttribute(privateAttribute)); + + event.event(EventType.UPDATE_CLIENT_CERTIFICATE).representation(info).success(); + return info; } @@ -188,6 +200,7 @@ public class ClientAttributeCertificateResource { info.setCertificate(certPem); } + event.event(EventType.UPDATE_CLIENT_CERTIFICATE).representation(info).success(); return info; } @@ -314,6 +327,9 @@ public class ClientAttributeCertificateResource { stream.flush(); stream.close(); byte[] rtn = stream.toByteArray(); + + event.event(EventType.VIEW_CLIENT_CERTIFICATE).representation(rtn).success(); + return rtn; } catch (Exception e) { throw new RuntimeException(e); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java index a5c0f50741..85726126e5 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java @@ -4,6 +4,8 @@ import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.IdentityProviderFactory; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventType; import org.keycloak.models.ClientIdentityProviderMappingModel; import org.keycloak.models.ClientModel; import org.keycloak.models.FederatedIdentityModel; @@ -29,6 +31,7 @@ import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; + import java.util.ArrayList; import java.util.List; @@ -43,28 +46,45 @@ public class IdentityProviderResource { private final RealmModel realm; private final KeycloakSession session; private final IdentityProviderModel identityProviderModel; + private EventBuilder event; - public IdentityProviderResource(RealmAuth auth, RealmModel realm, KeycloakSession session, IdentityProviderModel identityProviderModel) { + public IdentityProviderResource(RealmAuth auth, RealmModel realm, KeycloakSession session, IdentityProviderModel identityProviderModel, EventBuilder event) { this.realm = realm; this.session = session; this.identityProviderModel = identityProviderModel; this.auth = auth; + this.event = event; } @GET @NoCache @Produces("application/json") public IdentityProviderRepresentation getIdentityProvider() { - return ModelToRepresentation.toRepresentation(this.identityProviderModel); + IdentityProviderRepresentation rep = ModelToRepresentation.toRepresentation(this.identityProviderModel); + + event.event(EventType.VIEW_IDENTITY_PROVIDER) + .representation(rep) + .success(); + + return rep; } @DELETE @NoCache public Response delete() { this.auth.requireManage(); + + IdentityProviderRepresentation rep = getIdentityProvider(); + removeClientIdentityProviders(this.realm.getApplications(), this.identityProviderModel); removeClientIdentityProviders(this.realm.getOAuthClients(), this.identityProviderModel); + this.realm.removeIdentityProviderByAlias(this.identityProviderModel.getAlias()); + + event.event(EventType.DELETE_IDENTITY_PROVIDER) + .representation(rep) + .success(); + return Response.noContent().build(); } @@ -89,6 +109,10 @@ public class IdentityProviderResource { updateClientsAfterProviderAliasChange(this.realm.getOAuthClients(), oldProviderId, newProviderId); updateUsersAfterProviderAliasChange(this.session.users().getUsers(this.realm), oldProviderId, newProviderId); } + + event.event(EventType.UPDATE_IDENTITY_PROVIDER) + .representation(providerRep) + .success(); return Response.noContent().build(); } catch (ModelDuplicateException e) { diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java index afae00b1f6..95dd7d4089 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java @@ -8,8 +8,8 @@ import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.IdentityProviderFactory; -import org.keycloak.models.ClientIdentityProviderMappingModel; -import org.keycloak.models.ClientModel; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventType; import org.keycloak.models.IdentityProviderModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; @@ -32,6 +32,7 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; + import java.io.IOException; import java.io.InputStream; import java.util.ArrayList; @@ -48,11 +49,13 @@ public class IdentityProvidersResource { private final RealmModel realm; private final KeycloakSession session; private RealmAuth auth; + private EventBuilder event; - public IdentityProvidersResource(RealmModel realm, KeycloakSession session, RealmAuth auth) { + public IdentityProvidersResource(RealmModel realm, KeycloakSession session, RealmAuth auth, EventBuilder event) { this.realm = realm; this.session = session; this.auth = auth; + this.event = event; this.auth.init(RealmAuth.Resource.IDENTITY_PROVIDER); } @@ -65,6 +68,10 @@ public class IdentityProvidersResource { IdentityProviderFactory providerFactory = getProviderFactorytById(providerId); if (providerFactory != null) { + event.event(EventType.VIEW_IDENTITY_PROVIDERS) + .representation(providerFactory) + .success(); + return Response.ok(providerFactory).build(); } @@ -83,6 +90,11 @@ public class IdentityProvidersResource { InputStream inputStream = file.getBody(InputStream.class, null); IdentityProviderFactory providerFactory = getProviderFactorytById(providerId); Map config = providerFactory.parseConfig(inputStream); + + event.event(EventType.CREATE_IDENTITY_PROVIDER) + .representation(config) + .success(); + return config; } @@ -104,6 +116,11 @@ public class IdentityProvidersResource { } IdentityProviderFactory providerFactory = getProviderFactorytById(providerId); Map config = providerFactory.parseConfig(inputStream); + + event.event(EventType.CREATE_IDENTITY_PROVIDER) + .representation(config) + .success(); + return config; } @@ -119,6 +136,8 @@ public class IdentityProvidersResource { for (IdentityProviderModel identityProviderModel : realm.getIdentityProviders()) { representations.add(ModelToRepresentation.toRepresentation(identityProviderModel)); } + + event.event(EventType.VIEW_IDENTITY_PROVIDERS).representation(representations).success(); return representations; } @@ -131,7 +150,11 @@ public class IdentityProvidersResource { try { this.realm.addIdentityProvider(RepresentationToModel.toModel(representation)); - + + event.event(EventType.CREATE_IDENTITY_PROVIDER) + .representation(representation) + .success(); + return Response.created(uriInfo.getAbsolutePathBuilder().path(representation.getProviderId()).build()).build(); } catch (ModelDuplicateException e) { return Flows.errors().exists("Identity Provider " + representation.getAlias() + " already exists"); @@ -154,8 +177,12 @@ public class IdentityProvidersResource { throw new NotFoundException("Could not find identity provider: " + alias); } - IdentityProviderResource identityProviderResource = new IdentityProviderResource(this.auth, realm, session, identityProviderModel); + IdentityProviderResource identityProviderResource = new IdentityProviderResource(this.auth, realm, session, identityProviderModel, event); ResteasyProviderFactory.getInstance().injectProperties(identityProviderResource); + + event.event(EventType.VIEW_IDENTITY_PROVIDER) + .representation(identityProviderResource) + .success(); return identityProviderResource; } @@ -180,4 +207,4 @@ public class IdentityProvidersResource { return allProviders; } -} +} \ No newline at end of file diff --git a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java index b69fb83c29..cc455c4ce1 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java @@ -4,6 +4,8 @@ import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventType; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.OAuthClientModel; @@ -31,6 +33,7 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; + import java.io.IOException; /** @@ -43,6 +46,7 @@ public class OAuthClientResource { protected static final Logger logger = Logger.getLogger(RealmAdminResource.class); protected RealmModel realm; private RealmAuth auth; + private EventBuilder event; protected OAuthClientModel oauthClient; protected KeycloakSession session; @Context @@ -55,11 +59,12 @@ public class OAuthClientResource { return (KeycloakApplication)application; } - public OAuthClientResource(RealmModel realm, RealmAuth auth, OAuthClientModel oauthClient, KeycloakSession session) { + public OAuthClientResource(RealmModel realm, RealmAuth auth, OAuthClientModel oauthClient, KeycloakSession session, EventBuilder event) { this.realm = realm; this.auth = auth; this.oauthClient = oauthClient; this.session = session; + this.event = event; auth.init(RealmAuth.Resource.CLIENT); } @@ -84,7 +89,7 @@ public class OAuthClientResource { */ @Path("certificates/{attr}") public ClientAttributeCertificateResource getCertficateResource(@PathParam("attr") String attributePrefix) { - return new ClientAttributeCertificateResource(realm, auth, oauthClient, session, attributePrefix); + return new ClientAttributeCertificateResource(realm, auth, oauthClient, session, attributePrefix, event); } @@ -102,6 +107,8 @@ public class OAuthClientResource { try { RepresentationToModel.updateOAuthClient(session, rep, oauthClient); + event.event(EventType.UPDATE_OAUTH_CLIENT).representation(rep).success(); + return Response.noContent().build(); } catch (ModelDuplicateException e) { return Flows.errors().exists("Client " + rep.getName() + " already exists"); @@ -119,7 +126,11 @@ public class OAuthClientResource { public OAuthClientRepresentation getOAuthClient() { auth.requireView(); - return ModelToRepresentation.toRepresentation(oauthClient); + OAuthClientRepresentation rep = ModelToRepresentation.toRepresentation(oauthClient); + + event.event(EventType.VIEW_OAUTH_CLIENT).representation(rep).success(); + + return rep; } /** @@ -151,6 +162,10 @@ public class OAuthClientResource { public void deleteOAuthClient() { auth.requireManage(); + OAuthClientRepresentation rep = getOAuthClient(); + + event.event(EventType.DELETE_OAUTH_CLIENT).representation(rep).success(); + new OAuthClientManager(new RealmManager(session)).removeClient(realm, oauthClient); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsByIdResource.java b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsByIdResource.java index b7cfb1a8ec..5f19949ff0 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsByIdResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsByIdResource.java @@ -1,38 +1,17 @@ package org.keycloak.services.resources.admin; -import org.jboss.logging.Logger; -import org.jboss.resteasy.annotations.cache.NoCache; -import org.jboss.resteasy.spi.NotFoundException; -import org.jboss.resteasy.spi.ResteasyProviderFactory; +import org.keycloak.events.EventBuilder; import org.keycloak.models.KeycloakSession; -import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.OAuthClientModel; import org.keycloak.models.RealmModel; -import org.keycloak.models.utils.ModelToRepresentation; -import org.keycloak.models.utils.RepresentationToModel; -import org.keycloak.representations.idm.OAuthClientRepresentation; -import org.keycloak.services.resources.flows.Flows; - -import javax.ws.rs.Consumes; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; -import java.util.ArrayList; -import java.util.List; /** * @author Bill Burke * @version $Revision: 1 $ */ public class OAuthClientsByIdResource extends OAuthClientsResource { - public OAuthClientsByIdResource(RealmModel realm, RealmAuth auth, KeycloakSession session) { - super(realm, auth, session); + public OAuthClientsByIdResource(RealmModel realm, RealmAuth auth, KeycloakSession session, EventBuilder event) { + super(realm, auth, session, event); } @Override diff --git a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java index a2c387ccb1..4cd0ad1789 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java @@ -4,6 +4,8 @@ import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventType; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.OAuthClientModel; @@ -23,6 +25,7 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; + import java.util.ArrayList; import java.util.List; @@ -33,9 +36,9 @@ import java.util.List; public class OAuthClientsResource { protected static final Logger logger = Logger.getLogger(RealmAdminResource.class); protected RealmModel realm; - + private EventBuilder event; protected KeycloakSession session; - + /* @Context protected ResourceContext resourceContext; @@ -43,10 +46,11 @@ public class OAuthClientsResource { */ private RealmAuth auth; - public OAuthClientsResource(RealmModel realm, RealmAuth auth, KeycloakSession session) { + public OAuthClientsResource(RealmModel realm, RealmAuth auth, KeycloakSession session, EventBuilder event) { this.auth = auth; this.realm = realm; this.session = session; + this.event = event; auth.init(RealmAuth.Resource.CLIENT); } @@ -73,6 +77,9 @@ public class OAuthClientsResource { rep.add(client); } } + + event.event(EventType.VIEW_OAUTH_CLIENTS).representation(rep).success(); + return rep; } @@ -90,6 +97,8 @@ public class OAuthClientsResource { try { OAuthClientModel oauth = RepresentationToModel.createOAuthClient(session, rep, realm); + event.event(EventType.CREATE_OAUTH_CLIENT).representation(rep).success(); + return Response.created(uriInfo.getAbsolutePathBuilder().path(getClientPath(oauth)).build()).build(); } catch (ModelDuplicateException e) { return Flows.errors().exists("Client " + rep.getName() + " already exists"); @@ -114,7 +123,7 @@ public class OAuthClientsResource { if (oauth == null) { throw new NotFoundException("OAuth Client not found"); } - OAuthClientResource oAuthClientResource = new OAuthClientResource(realm, auth, oauth, session); + OAuthClientResource oAuthClientResource = new OAuthClientResource(realm, auth, oauth, session, event); ResteasyProviderFactory.getInstance().injectProperties(oAuthClientResource); //resourceContext.initResource(oAuthClientResource); return oAuthClientResource; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java index e62b4ba446..59b4d0b007 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java @@ -26,6 +26,7 @@ import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.ClientConnection; import org.keycloak.events.Event; +import org.keycloak.events.EventBuilder; import org.keycloak.events.EventQuery; import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventType; @@ -63,6 +64,7 @@ public class RealmAdminResource { protected RealmAuth auth; protected RealmModel realm; private TokenManager tokenManager; + private EventBuilder event; @Context protected KeycloakSession session; @@ -76,10 +78,11 @@ public class RealmAdminResource { @Context protected HttpHeaders headers; - public RealmAdminResource(RealmAuth auth, RealmModel realm, TokenManager tokenManager) { + public RealmAdminResource(RealmAuth auth, RealmModel realm, TokenManager tokenManager, EventBuilder event) { this.auth = auth; this.realm = realm; this.tokenManager = tokenManager; + this.event = event; auth.init(RealmAuth.Resource.REALM); } @@ -102,7 +105,7 @@ public class RealmAdminResource { */ @Path("applications") public ApplicationsResource getApplications() { - ApplicationsResource applicationsResource = new ApplicationsResource(realm, auth); + ApplicationsResource applicationsResource = new ApplicationsResource(realm, auth, event); ResteasyProviderFactory.getInstance().injectProperties(applicationsResource); //resourceContext.initResource(applicationsResource); return applicationsResource; @@ -115,7 +118,7 @@ public class RealmAdminResource { */ @Path("applications-by-id") public ApplicationsByIdResource getApplicationsById() { - ApplicationsByIdResource applicationsResource = new ApplicationsByIdResource(realm, auth); + ApplicationsByIdResource applicationsResource = new ApplicationsByIdResource(realm, auth, event); ResteasyProviderFactory.getInstance().injectProperties(applicationsResource); //resourceContext.initResource(applicationsResource); return applicationsResource; @@ -128,7 +131,7 @@ public class RealmAdminResource { */ @Path("oauth-clients") public OAuthClientsResource getOAuthClients() { - OAuthClientsResource oauth = new OAuthClientsResource(realm, auth, session); + OAuthClientsResource oauth = new OAuthClientsResource(realm, auth, session, event); ResteasyProviderFactory.getInstance().injectProperties(oauth); //resourceContext.initResource(oauth); return oauth; @@ -141,7 +144,7 @@ public class RealmAdminResource { */ @Path("oauth-clients-by-id") public OAuthClientsByIdResource getOAuthClientsById() { - OAuthClientsByIdResource oauth = new OAuthClientsByIdResource(realm, auth, session); + OAuthClientsByIdResource oauth = new OAuthClientsByIdResource(realm, auth, session, event); ResteasyProviderFactory.getInstance().injectProperties(oauth); //resourceContext.initResource(oauth); return oauth; @@ -154,7 +157,7 @@ public class RealmAdminResource { */ @Path("roles") public RoleContainerResource getRoleContainerResource() { - return new RoleContainerResource(realm, auth, realm); + return new RoleContainerResource(realm, auth, realm, event); } /** @@ -177,6 +180,9 @@ public class RealmAdminResource { CacheUserProvider cache = (CacheUserProvider)session.userStorage(); rep.setUserCacheEnabled(cache.isEnabled()); } + + event.event(EventType.VIEW_REALM).representation(rep).success(); + return rep; } else { auth.requireAny(); @@ -184,6 +190,8 @@ public class RealmAdminResource { RealmRepresentation rep = new RealmRepresentation(); rep.setRealm(realm.getName()); + event.event(EventType.VIEW_REALM).representation(rep).success(); + return rep; } } @@ -219,6 +227,8 @@ public class RealmAdminResource { usersSyncManager.refreshPeriodicSyncForProvider(session.getKeycloakSessionFactory(), session.getProvider(TimerProvider.class), fedProvider, realm.getId()); } + event.event(EventType.UPDATE_REALM).representation(rep).success(); + return Response.noContent().build(); } catch (ModelDuplicateException e) { return Flows.errors().exists("Realm " + rep.getRealm() + " already exists"); @@ -233,9 +243,13 @@ public class RealmAdminResource { public void deleteRealm() { auth.requireManage(); + RealmRepresentation rep = getRealm(); + if (!new RealmManager(session).removeRealm(realm)) { throw new NotFoundException("Realm doesn't exist"); } + + event.event(EventType.DELETE_REALM).representation(rep).success(); } /** @@ -245,7 +259,7 @@ public class RealmAdminResource { */ @Path("users") public UsersResource users() { - UsersResource users = new UsersResource(realm, auth, tokenManager); + UsersResource users = new UsersResource(realm, auth, tokenManager, event); ResteasyProviderFactory.getInstance().injectProperties(users); //resourceContext.initResource(users); return users; @@ -253,7 +267,7 @@ public class RealmAdminResource { @Path("user-federation") public UserFederationResource userFederation() { - UserFederationResource fed = new UserFederationResource(realm, auth); + UserFederationResource fed = new UserFederationResource(realm, auth, event); ResteasyProviderFactory.getInstance().injectProperties(fed); //resourceContext.initResource(fed); return fed; @@ -266,7 +280,7 @@ public class RealmAdminResource { */ @Path("roles-by-id") public RoleByIdResource rolesById() { - RoleByIdResource resource = new RoleByIdResource(realm, auth); + RoleByIdResource resource = new RoleByIdResource(realm, auth, event); ResteasyProviderFactory.getInstance().injectProperties(resource); //resourceContext.initResource(resource); return resource; @@ -473,6 +487,6 @@ public class RealmAdminResource { @Path("identity-provider") public IdentityProvidersResource getIdentityProviderResource() { - return new IdentityProvidersResource(realm, session, this.auth); + return new IdentityProvidersResource(realm, session, this.auth, event); } } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java index e434738dc1..5bf3120e38 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java @@ -6,6 +6,9 @@ import org.jboss.resteasy.plugins.providers.multipart.InputPart; import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; +import org.keycloak.events.Details; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventType; import org.keycloak.models.AdminRoles; import org.keycloak.models.ApplicationModel; import org.keycloak.models.KeycloakSession; @@ -33,6 +36,7 @@ import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; + import java.io.IOException; import java.net.URI; import java.util.ArrayList; @@ -49,10 +53,12 @@ public class RealmsAdminResource { protected static final Logger logger = Logger.getLogger(RealmsAdminResource.class); protected AdminAuth auth; protected TokenManager tokenManager; + private EventBuilder event; - public RealmsAdminResource(AdminAuth auth, TokenManager tokenManager) { + public RealmsAdminResource(AdminAuth auth, TokenManager tokenManager, EventBuilder event) { this.auth = auth; this.tokenManager = tokenManager; + this.event = event; } public static final CacheControl noCache = new CacheControl(); @@ -72,7 +78,6 @@ public class RealmsAdminResource { @Context protected KeycloakApplication keycloak; - /** * Returns a list of realms. This list is filtered based on what realms the caller is allowed to view. * @@ -135,6 +140,11 @@ public class RealmsAdminResource { URI location = AdminRoot.realmsUrl(uriInfo).path(realm.getName()).build(); logger.debugv("imported realm success, sending back: {0}", location.toString()); + + event.event(EventType.CREATE_REALM) + .representation(rep) + .success(); + return Response.created(location).build(); } catch (ModelDuplicateException e) { return Flows.errors().exists("Realm " + rep.getRealm() + " already exists"); @@ -181,6 +191,8 @@ public class RealmsAdminResource { URI location = AdminRoot.realmsUrl(uriInfo).path(realm.getName()).build(); return Response.created(location).build(); } + + event.event(EventType.CREATE_REALM).representation(rep).success(); } return Response.noContent().build(); @@ -225,7 +237,8 @@ public class RealmsAdminResource { realmAuth = new RealmAuth(auth, realm.getApplicationByName(realmManager.getRealmAdminApplicationName(auth.getRealm()))); } - RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager); + event.detail(Details.REALM, realm.getName()); + RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager, event); ResteasyProviderFactory.getInstance().injectProperties(adminResource); //resourceContext.initResource(adminResource); return adminResource; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java index 96c71f2fb3..bab2f7ef80 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java @@ -3,7 +3,10 @@ package org.keycloak.services.resources.admin; import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventType; import org.keycloak.models.ApplicationModel; +import org.keycloak.models.KeycloakSession; import org.keycloak.models.OAuthClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; @@ -18,6 +21,8 @@ import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; + import java.util.List; import java.util.Set; @@ -31,12 +36,17 @@ public class RoleByIdResource extends RoleResource { protected static final Logger logger = Logger.getLogger(RoleByIdResource.class); private final RealmModel realm; private final RealmAuth auth; + private EventBuilder event; - public RoleByIdResource(RealmModel realm, RealmAuth auth) { + @Context + protected KeycloakSession session; + + public RoleByIdResource(RealmModel realm, RealmAuth auth, EventBuilder event) { super(realm); this.realm = realm; this.auth = auth; + this.event = event; } /** @@ -52,7 +62,14 @@ public class RoleByIdResource extends RoleResource { public RoleRepresentation getRole(final @PathParam("role-id") String id) { RoleModel roleModel = getRoleModel(id); auth.requireView(); - return getRole(roleModel); + + RoleRepresentation rep = getRole(roleModel); + + event.event(EventType.VIEW_ROLE) + .representation(rep) + .success(); + + return rep; } protected RoleModel getRoleModel(String id) { @@ -85,9 +102,14 @@ public class RoleByIdResource extends RoleResource { @DELETE @NoCache public void deleteRole(final @PathParam("role-id") String id) { + RoleRepresentation rep = getRole(id); RoleModel role = getRoleModel(id); auth.requireManage(); deleteRole(role); + + event.event(EventType.DELETE_ROLE) + .representation(rep) + .success(); } /** @@ -103,6 +125,10 @@ public class RoleByIdResource extends RoleResource { RoleModel role = getRoleModel(id); auth.requireManage(); updateRole(rep, role); + + event.event(EventType.UPDATE_ROLE) + .representation(rep) + .success(); } /** @@ -118,6 +144,12 @@ public class RoleByIdResource extends RoleResource { RoleModel role = getRoleModel(id); auth.requireManage(); addComposites(roles, role); + + RoleRepresentation rep = getRole(id); + + event.event(EventType.UPDATE_ROLE) + .representation(rep) + .success(); } /** diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java index 5ee76af001..9293d5c862 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java @@ -2,6 +2,8 @@ package org.keycloak.services.resources.admin; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventType; import org.keycloak.models.ApplicationModel; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.RealmModel; @@ -22,6 +24,7 @@ import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; + import java.util.ArrayList; import java.util.List; import java.util.Set; @@ -34,12 +37,14 @@ public class RoleContainerResource extends RoleResource { private final RealmModel realm; private final RealmAuth auth; protected RoleContainerModel roleContainer; + private EventBuilder event; - public RoleContainerResource(RealmModel realm, RealmAuth auth, RoleContainerModel roleContainer) { + public RoleContainerResource(RealmModel realm, RealmAuth auth, RoleContainerModel roleContainer, EventBuilder event) { super(realm); this.realm = realm; this.auth = auth; this.roleContainer = roleContainer; + this.event = event; } /** @@ -58,6 +63,9 @@ public class RoleContainerResource extends RoleResource { for (RoleModel roleModel : roleModels) { roles.add(ModelToRepresentation.toRepresentation(roleModel)); } + + event.event(EventType.VIEW_ROLES).representation(roles).success(); + return roles; } @@ -76,6 +84,11 @@ public class RoleContainerResource extends RoleResource { try { RoleModel role = roleContainer.addRole(rep.getName()); role.setDescription(rep.getDescription()); + + event.event(EventType.CREATE_ROLE) + .representation(rep) + .success(); + return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build(); } catch (ModelDuplicateException e) { return Flows.errors().exists("Role with name " + rep.getName() + " already exists"); @@ -99,7 +112,14 @@ public class RoleContainerResource extends RoleResource { if (roleModel == null) { throw new NotFoundException("Could not find role: " + roleName); } - return getRole(roleModel); + + RoleRepresentation rep = getRole(roleModel); + + event.event(EventType.VIEW_ROLE) + .representation(rep) + .success(); + + return rep; } /** @@ -113,11 +133,16 @@ public class RoleContainerResource extends RoleResource { public void deleteRole(final @PathParam("role-name") String roleName) { auth.requireManage(); + RoleRepresentation rep = getRole(roleName); RoleModel role = roleContainer.getRole(roleName); if (role == null) { throw new NotFoundException("Could not find role: " + roleName); } deleteRole(role); + + event.event(EventType.DELETE_ROLE) + .representation(rep) + .success(); } /** @@ -139,6 +164,11 @@ public class RoleContainerResource extends RoleResource { } try { updateRole(rep, role); + + event.event(EventType.UPDATE_ROLE) + .representation(rep) + .success(); + return Response.noContent().build(); } catch (ModelDuplicateException e) { return Flows.errors().exists("Role with name " + rep.getName() + " already exists"); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java index 80ba4025c9..ec72cc146f 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java @@ -4,6 +4,7 @@ import org.keycloak.Version; import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.IdentityProviderFactory; import org.keycloak.events.EventListenerProvider; +import org.keycloak.events.EventType; import org.keycloak.exportimport.ApplicationImporter; import org.keycloak.exportimport.ApplicationImporterFactory; import org.keycloak.freemarker.Theme; @@ -16,7 +17,6 @@ import org.keycloak.protocol.LoginProtocolFactory; import org.keycloak.protocol.ProtocolMapper; import org.keycloak.provider.ProviderFactory; import org.keycloak.provider.Spi; -import org.keycloak.representations.idm.IdentityProviderRepresentation; import org.keycloak.representations.idm.ProtocolMapperRepresentation; import org.keycloak.representations.idm.ProtocolMapperTypeRepresentation; import org.keycloak.social.SocialIdentityProvider; @@ -24,7 +24,6 @@ import org.keycloak.social.SocialIdentityProvider; import javax.ws.rs.GET; import javax.ws.rs.core.Context; import java.util.Collections; -import java.util.Comparator; import java.util.Date; import java.util.HashMap; import java.util.LinkedList; @@ -60,6 +59,7 @@ public class ServerInfoAdminResource { setProviders(info); setProtocolMapperTypes(info); setBuiltinProtocolMappers(info); + setEventTypes(info); return info; } @@ -178,6 +178,15 @@ public class ServerInfoAdminResource { } } + private void setEventTypes(ServerInfoRepresentation info) { + List eventTypes = new LinkedList<>(); + for (EventType t : EventType.values()) { + eventTypes.add(t.name()); + } + Collections.sort(eventTypes); + info.setEventTypes(eventTypes); + } + public static class ServerInfoRepresentation { private String version; @@ -197,6 +206,8 @@ public class ServerInfoAdminResource { private Map> protocolMapperTypes; private Map> builtinProtocolMappers; + private List eventTypes; + public ServerInfoRepresentation() { } @@ -247,6 +258,14 @@ public class ServerInfoAdminResource { public void setBuiltinProtocolMappers(Map> builtinProtocolMappers) { this.builtinProtocolMappers = builtinProtocolMappers; } + + public List getEventTypes() { + return eventTypes; + } + + public void setEventTypes(List eventTypes) { + this.eventTypes = eventTypes; + } } } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationResource.java index 47f1b65faa..06a852316d 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationResource.java @@ -11,6 +11,8 @@ import org.keycloak.models.UserFederationProvider; import org.keycloak.models.UserFederationProviderFactory; import org.keycloak.models.UserFederationProviderModel; import org.keycloak.constants.KerberosConstants; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventType; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.provider.ProviderFactory; import org.keycloak.representations.idm.UserFederationProviderFactoryRepresentation; @@ -30,6 +32,7 @@ import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; + import java.util.LinkedList; import java.util.List; @@ -46,15 +49,18 @@ public class UserFederationResource { protected RealmAuth auth; + private EventBuilder event; + @Context protected UriInfo uriInfo; @Context protected KeycloakSession session; - public UserFederationResource(RealmModel realm, RealmAuth auth) { + public UserFederationResource(RealmModel realm, RealmAuth auth, EventBuilder event) { this.auth = auth; this.realm = realm; + this.event = event; auth.init(RealmAuth.Resource.USER); } @@ -77,6 +83,9 @@ public class UserFederationResource { rep.setOptions(((UserFederationProviderFactory)factory).getConfigurationOptions()); providers.add(rep); } + + event.event(EventType.VIEW_FEDERATION_PROVIDERS).representation(providers).success(); + return providers; } @@ -98,6 +107,9 @@ public class UserFederationResource { UserFederationProviderFactoryRepresentation rep = new UserFederationProviderFactoryRepresentation(); rep.setId(factory.getId()); rep.setOptions(((UserFederationProviderFactory)factory).getConfigurationOptions()); + + event.event(EventType.VIEW_FEDERATION_PROVIDER).representation(rep).success(); + return rep; } throw new NotFoundException("Could not find provider"); @@ -123,6 +135,10 @@ public class UserFederationResource { new UsersSyncManager().refreshPeriodicSyncForProvider(session.getKeycloakSessionFactory(), session.getProvider(TimerProvider.class), model, realm.getId()); checkKerberosCredential(model); + event.event(EventType.CREATE_FEDERATION_PROVIDER) + .representation(rep) + .success(); + return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build(); } @@ -146,6 +162,10 @@ public class UserFederationResource { realm.updateUserFederationProvider(model); new UsersSyncManager().refreshPeriodicSyncForProvider(session.getKeycloakSessionFactory(), session.getProvider(TimerProvider.class), model, realm.getId()); checkKerberosCredential(model); + + event.event(EventType.UPDATE_FEDERATION_PROVIDER) + .representation(rep) + .success(); } /** @@ -161,9 +181,16 @@ public class UserFederationResource { auth.requireView(); for (UserFederationProviderModel model : realm.getUserFederationProviders()) { if (model.getId().equals(id)) { - return ModelToRepresentation.toRepresentation(model); + UserFederationProviderRepresentation rep = ModelToRepresentation.toRepresentation(model); + + event.event(EventType.VIEW_FEDERATION_PROVIDER) + .representation(rep) + .success(); + + return rep; } } + throw new NotFoundException("could not find provider"); } @@ -176,9 +203,15 @@ public class UserFederationResource { @Path("instances/{id}") public void deleteProviderInstance(@PathParam("id") String id) { auth.requireManage(); + + UserFederationProviderRepresentation rep = getProviderInstance(id); UserFederationProviderModel model = new UserFederationProviderModel(id, null, null, -1, null, -1, -1, 0); realm.removeUserFederationProvider(model); new UsersSyncManager().removePeriodicSyncForProvider(session.getProvider(TimerProvider.class), model); + + event.event(EventType.DELETE_FEDERATION_PROVIDER) + .representation(rep) + .success(); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java index e860ea8d84..3cc0895eed 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java @@ -7,6 +7,9 @@ import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.ClientConnection; import org.keycloak.email.EmailException; import org.keycloak.email.EmailProvider; +import org.keycloak.events.Details; +import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventType; import org.keycloak.models.ApplicationModel; import org.keycloak.models.ClientModel; import org.keycloak.models.ClientSessionModel; @@ -24,7 +27,6 @@ import org.keycloak.models.UserSessionModel; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.models.utils.RepresentationToModel; import org.keycloak.protocol.oidc.OIDCLoginProtocol; -import org.keycloak.protocol.oidc.OIDCLoginProtocolService; import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.protocol.oidc.utils.RedirectUtils; import org.keycloak.representations.idm.ApplicationMappingsRepresentation; @@ -37,7 +39,6 @@ import org.keycloak.representations.idm.UserSessionRepresentation; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.ClientSessionCode; import org.keycloak.services.managers.RealmManager; -import org.keycloak.services.managers.ResourceAdminManager; import org.keycloak.services.managers.UserManager; import org.keycloak.services.resources.flows.Flows; import org.keycloak.services.resources.flows.Urls; @@ -57,6 +58,7 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; + import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; @@ -79,6 +81,8 @@ public class UsersResource { private RealmAuth auth; private TokenManager tokenManager; + + private EventBuilder event; @Context protected ClientConnection clientConnection; @@ -92,10 +96,11 @@ public class UsersResource { @Context protected HttpHeaders headers; - public UsersResource(RealmModel realm, RealmAuth auth, TokenManager tokenManager) { + public UsersResource(RealmModel realm, RealmAuth auth, TokenManager tokenManager, EventBuilder event) { this.auth = auth; this.realm = realm; this.tokenManager = tokenManager; + this.event = event; auth.init(RealmAuth.Resource.USER); } @@ -120,6 +125,10 @@ public class UsersResource { } updateUserFromRep(user, rep); + event.event(EventType.UPDATE_USER) + .representation(rep) + .success(); + if (session.getTransaction().isActive()) { session.getTransaction().commit(); } @@ -156,6 +165,10 @@ public class UsersResource { UserModel user = session.users().addUser(realm, rep.getUsername()); updateUserFromRep(user, rep); + event.event(EventType.CREATE_USER) + .representation(rep) + .success(); + if (session.getTransaction().isActive()) { session.getTransaction().commit(); } @@ -220,7 +233,14 @@ public class UsersResource { if (user == null) { throw new NotFoundException("User not found"); } - return ModelToRepresentation.toRepresentation(user); + + UserRepresentation rep = ModelToRepresentation.toRepresentation(user); + + event.event(EventType.VIEW_USER) + .representation(rep) + .success(); + + return rep; } /** @@ -245,6 +265,11 @@ public class UsersResource { UserSessionRepresentation rep = ModelToRepresentation.toRepresentation(session); reps.add(rep); } + + event.event(EventType.VIEW_USER_SESSIONS) + .representation(reps) + .success(); + return reps; } @@ -276,6 +301,11 @@ public class UsersResource { } } } + + event.event(EventType.VIEW_USER) + .representation(result) + .success(); + return result; } @@ -326,10 +356,14 @@ public class UsersResource { if (user == null) { throw new NotFoundException("User not found"); } + List userSessions = session.sessions().getUserSessions(realm, user); for (UserSessionModel userSession : userSessions) { AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers); } + + event.event(EventType.LOGOUT_USER_SESSIONS) + .success(); } /** @@ -343,6 +377,7 @@ public class UsersResource { public Response deleteUser(final @PathParam("username") String username) { auth.requireManage(); + UserRepresentation rep = getUser(username); UserModel user = session.users().getUserByUsername(username, realm); if (user == null) { throw new NotFoundException("User not found"); @@ -350,6 +385,11 @@ public class UsersResource { boolean removed = new UserManager(session).removeUser(realm, user); if (removed) { + + event.event(EventType.DELETE_USER) + .representation(rep) + .success(); + return Response.noContent().build(); } else { return Flows.errors().error("User couldn't be deleted", Response.Status.BAD_REQUEST); diff --git a/social/twitter/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java b/social/twitter/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java index e9ced5f4cd..2e908541ec 100755 --- a/social/twitter/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java +++ b/social/twitter/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java @@ -29,6 +29,7 @@ import org.keycloak.broker.provider.AuthenticationRequest; import org.keycloak.broker.provider.FederatedIdentity; import org.keycloak.broker.provider.IdentityBrokerException; import org.keycloak.events.EventBuilder; +import org.keycloak.events.EventGroup; import org.keycloak.events.EventType; import org.keycloak.models.ClientModel; import org.keycloak.models.ClientSessionModel; @@ -36,7 +37,6 @@ import org.keycloak.models.FederatedIdentityModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.services.managers.ClientSessionCode; -import org.keycloak.services.managers.EventsManager; import org.keycloak.services.messages.Messages; import org.keycloak.services.resources.flows.Flows; import org.keycloak.social.SocialIdentityProvider; @@ -156,7 +156,7 @@ public class TwitterIdentityProvider extends AbstractIdentityProvider