libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

Merge pull request #246 from patriot1burke/master

Browse source 
Use ClientModel wherever possible
This commit is contained in:
Bill Burke 2014-02-26 22:05:22 -05:00
commit 9dbd19f715
48 changed files with 611 additions and 368 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
forms/login-api/src/main/java/org/keycloak/login/LoginForms.java
View file

@ -1,5 +1,6 @@
package org.keycloak.login;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@ -38,7 +39,7 @@ public interface LoginForms {
public LoginForms setUser(UserModel user);
public LoginForms setClient(UserModel client);
public LoginForms setClient(ClientModel client);
public LoginForms setFormData(MultivaluedMap<String, String> formData);

5
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java
View file

@ -17,6 +17,7 @@ import org.keycloak.login.freemarker.model.RegisterBean;
import org.keycloak.login.freemarker.model.SocialBean;
import org.keycloak.login.freemarker.model.TotpBean;
import org.keycloak.login.freemarker.model.UrlBean;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@ -63,7 +64,7 @@ public class FreeMarkerLoginForms implements LoginForms {
private UserModel user;
private UserModel client;
private ClientModel client;
private UriInfo uriInfo;
@ -240,7 +241,7 @@ public class FreeMarkerLoginForms implements LoginForms {
return this;
}
public FreeMarkerLoginForms setClient(UserModel client) {
public FreeMarkerLoginForms setClient(ClientModel client) {
this.client = client;
return this;
}

7
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java
View file

@ -21,6 +21,7 @@
*/
package org.keycloak.login.freemarker.model;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@ -36,11 +37,11 @@ public class OAuthGrantBean {
private List<RoleModel> realmRolesRequested;
private MultivaluedMap<String, RoleModel> resourceRolesRequested;
private String code;
private UserModel client;
private ClientModel client;
private String oAuthCode;
private String action;
public OAuthGrantBean(String code, UserModel client, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
public OAuthGrantBean(String code, ClientModel client, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
this.code = code;
this.client = client;
this.realmRolesRequested = realmRolesRequested;
@ -60,7 +61,7 @@ public class OAuthGrantBean {
}
public String getClient() {
return client.getLoginName();
return client.getAgent().getLoginName();
}
}

6
model/api/src/main/java/org/keycloak/models/ApplicationModel.java
View file

@ -14,10 +14,6 @@ public interface ApplicationModel extends RoleContainerModel, ClientModel {
void setName(String name);
boolean isEnabled();
void setEnabled(boolean enabled);
boolean isSurrogateAuthRequired();
void setSurrogateAuthRequired(boolean surrogateAuthRequired);
@ -38,7 +34,7 @@ public interface ApplicationModel extends RoleContainerModel, ClientModel {
Set<RoleModel> getApplicationRoleMappings(UserModel user);
Set<RoleModel> getApplicationScopeMappings(UserModel user);
Set<RoleModel> getApplicationScopeMappings(ClientModel client);
void addScope(RoleModel role);

27
model/api/src/main/java/org/keycloak/models/ClientModel.java
View file

@ -1,15 +1,38 @@
package org.keycloak.models;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ClientModel {
String getId();
UserModel getAgent();
long getAllowedClaimsMask();
void setAllowedClaimsMask(long mask);
UserModel getAgent();
Set<String> getWebOrigins();
String getId();
void setWebOrigins(Set<String> webOrigins);
void addWebOrigin(String webOrigin);
void removeWebOrigin(String webOrigin);
Set<String> getRedirectUris();
void setRedirectUris(Set<String> redirectUris);
void addRedirectUri(String redirectUri);
void removeRedirectUri(String redirectUri);
boolean isEnabled();
void setEnabled(boolean enabled);
}

6
model/api/src/main/java/org/keycloak/models/RealmModel.java
View file

@ -107,6 +107,8 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
void updateDefaultRoles(String[] defaultRoles);
ClientModel findClient(String clientId);
Map<String, ApplicationModel> getApplicationNameMap();
List<ApplicationModel> getApplications();
@ -173,7 +175,7 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
Set<RoleModel> getRealmRoleMappings(UserModel user);
Set<RoleModel> getRealmScopeMappings(UserModel user);
Set<RoleModel> getRealmScopeMappings(ClientModel client);
String getLoginTheme();
@ -193,5 +195,5 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
*/
UserCredentialModel getSecret(UserModel user);
boolean hasScope(UserModel user, RoleModel role);
boolean hasScope(ClientModel client, RoleModel role);
}

6
model/api/src/main/java/org/keycloak/models/ScopeMapperModel.java
View file

@ -8,7 +8,7 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public interface ScopeMapperModel {
Set<RoleModel> getScopeMappings(UserModel agent);
void addScopeMapping(UserModel agent, RoleModel role);
void deleteScopeMapping(UserModel user, RoleModel role);
Set<RoleModel> getScopeMappings(ClientModel client);
void addScopeMapping(ClientModel client, RoleModel role);
void deleteScopeMapping(ClientModel client, RoleModel role);
}

16
model/api/src/main/java/org/keycloak/models/UserModel.java
View file

@ -37,22 +37,6 @@ public interface UserModel {
void removeRequiredAction(RequiredAction action);
Set<String> getWebOrigins();
void setWebOrigins(Set<String> webOrigins);
void addWebOrigin(String webOrigin);
void removeWebOrigin(String webOrigin);
Set<String> getRedirectUris();
void setRedirectUris(Set<String> redirectUris);
void addRedirectUri(String redirectUri);
void removeRedirectUri(String redirectUri);
String getFirstName();
void setFirstName(String firstName);

114
model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
View file

@ -1,6 +1,7 @@
package org.keycloak.models.jpa;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
@ -22,13 +23,13 @@ import java.util.Set;
public class ApplicationAdapter implements ApplicationModel {
protected EntityManager em;
protected ApplicationEntity application;
protected ApplicationEntity entity;
protected RealmModel realm;
public ApplicationAdapter(RealmModel realm, EntityManager em, ApplicationEntity application) {
public ApplicationAdapter(RealmModel realm, EntityManager em, ApplicationEntity entity) {
this.realm = realm;
this.em = em;
this.application = application;
this.entity = entity;
}
@Override
@ -38,79 +39,79 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public UserModel getAgent() {
return new UserAdapter(application.getApplicationUser());
return new UserAdapter(entity.getApplicationUser());
}
@Override
public String getId() {
return application.getId();
return entity.getId();
}
@Override
public String getName() {
return application.getName();
return entity.getName();
}
@Override
public void setName(String name) {
application.setName(name);
entity.setName(name);
}
@Override
public boolean isEnabled() {
return application.isEnabled();
return entity.isEnabled();
}
@Override
public void setEnabled(boolean enabled) {
application.setEnabled(enabled);
entity.setEnabled(enabled);
}
@Override
public long getAllowedClaimsMask() {
return application.getAllowedClaimsMask();
return entity.getAllowedClaimsMask();
}
@Override
public void setAllowedClaimsMask(long mask) {
application.setAllowedClaimsMask(mask);
entity.setAllowedClaimsMask(mask);
}
@Override
public boolean isSurrogateAuthRequired() {
return application.isSurrogateAuthRequired();
return entity.isSurrogateAuthRequired();
}
@Override
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
application.setSurrogateAuthRequired(surrogateAuthRequired);
entity.setSurrogateAuthRequired(surrogateAuthRequired);
}
@Override
public String getManagementUrl() {
return application.getManagementUrl();
return entity.getManagementUrl();
}
@Override
public void setManagementUrl(String url) {
application.setManagementUrl(url);
entity.setManagementUrl(url);
}
@Override
public String getBaseUrl() {
return application.getBaseUrl();
return entity.getBaseUrl();
}
@Override
public void setBaseUrl(String url) {
application.setBaseUrl(url);
entity.setBaseUrl(url);
}
@Override
public RoleModel getRole(String name) {
TypedQuery<ApplicationRoleEntity> query = em.createNamedQuery("getAppRoleByName", ApplicationRoleEntity.class);
query.setParameter("name", name);
query.setParameter("application", application);
query.setParameter("application", entity);
List<ApplicationRoleEntity> roles = query.getResultList();
if (roles.size() == 0) return null;
return new RoleAdapter(realm, em, roles.get(0));
@ -120,13 +121,13 @@ public class ApplicationAdapter implements ApplicationModel {
public RoleModel addRole(String name) {
RoleModel role = getRole(name);
if (role != null) return role;
ApplicationRoleEntity entity = new ApplicationRoleEntity();
entity.setName(name);
entity.setApplication(application);
em.persist(entity);
application.getRoles().add(entity);
ApplicationRoleEntity roleEntity = new ApplicationRoleEntity();
roleEntity.setName(name);
roleEntity.setApplication(entity);
em.persist(roleEntity);
entity.getRoles().add(roleEntity);
em.flush();
return new RoleAdapter(realm, em, entity);
return new RoleAdapter(realm, em, roleEntity);
}
@Override
@ -138,8 +139,8 @@ public class ApplicationAdapter implements ApplicationModel {
ApplicationRoleEntity role = (ApplicationRoleEntity)roleAdapter.getRole();
application.getRoles().remove(role);
application.getDefaultRoles().remove(role);
entity.getRoles().remove(role);
entity.getDefaultRoles().remove(role);
em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
@ -153,7 +154,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public Set<RoleModel> getRoles() {
Set<RoleModel> list = new HashSet<RoleModel>();
Collection<ApplicationRoleEntity> roles = application.getRoles();
Collection<ApplicationRoleEntity> roles = entity.getRoles();
if (roles == null) return list;
for (RoleEntity entity : roles) {
list.add(new RoleAdapter(realm, em, entity));
@ -168,7 +169,7 @@ public class ApplicationAdapter implements ApplicationModel {
// Check if it's application role and belongs to this application
if (entity == null || !(entity instanceof ApplicationRoleEntity)) return null;
ApplicationRoleEntity appRoleEntity = (ApplicationRoleEntity)entity;
return (appRoleEntity.getApplication().equals(this.application)) ? new RoleAdapter(this.realm, em, appRoleEntity) : null;
return (appRoleEntity.getApplication().equals(this.entity)) ? new RoleAdapter(this.realm, em, appRoleEntity) : null;
}
@Override
@ -191,8 +192,8 @@ public class ApplicationAdapter implements ApplicationModel {
}
@Override
public Set<RoleModel> getApplicationScopeMappings(UserModel user) {
Set<RoleModel> roleMappings = realm.getScopeMappings(user);
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> roleMappings = realm.getScopeMappings(client);
Set<RoleModel> appRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
@ -214,7 +215,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public List<String> getDefaultRoles() {
Collection<RoleEntity> entities = application.getDefaultRoles();
Collection<RoleEntity> entities = entity.getDefaultRoles();
List<String> roles = new ArrayList<String>();
if (entities == null) return roles;
for (RoleEntity entity : entities) {
@ -229,7 +230,7 @@ public class ApplicationAdapter implements ApplicationModel {
if (role == null) {
role = addRole(name);
}
Collection<RoleEntity> entities = application.getDefaultRoles();
Collection<RoleEntity> entities = entity.getDefaultRoles();
for (RoleEntity entity : entities) {
if (entity.getId().equals(role.getId())) {
return;
@ -248,7 +249,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public void updateDefaultRoles(String[] defaultRoles) {
Collection<RoleEntity> entities = application.getDefaultRoles();
Collection<RoleEntity> entities = entity.getDefaultRoles();
Set<String> already = new HashSet<String>();
List<RoleEntity> remove = new ArrayList<RoleEntity>();
for (RoleEntity rel : entities) {
@ -272,7 +273,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public void addScope(RoleModel role) {
realm.addScopeMapping(getAgent(), role);
realm.addScopeMapping(this, role);
}
public boolean equals(Object o) {
@ -286,4 +287,49 @@ public class ApplicationAdapter implements ApplicationModel {
public String toString() {
return getName();
}
@Override
public Set<String> getWebOrigins() {
Set<String> result = new HashSet<String>();
result.addAll(entity.getWebOrigins());
return result;
}
@Override
public void setWebOrigins(Set<String> webOrigins) {
entity.setWebOrigins(webOrigins);
}
@Override
public void addWebOrigin(String webOrigin) {
entity.getWebOrigins().add(webOrigin);
}
@Override
public void removeWebOrigin(String webOrigin) {
entity.getWebOrigins().remove(webOrigin);
}
@Override
public Set<String> getRedirectUris() {
Set<String> result = new HashSet<String>();
result.addAll(entity.getRedirectUris());
return result;
}
@Override
public void setRedirectUris(Set<String> redirectUris) {
entity.setRedirectUris(redirectUris);
}
@Override
public void addRedirectUri(String redirectUri) {
entity.getRedirectUris().add(redirectUri);
}
@Override
public void removeRedirectUri(String redirectUri) {
entity.getRedirectUris().remove(redirectUri);
}
}

58
model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java
View file

@ -4,6 +4,9 @@ import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.jpa.entities.OAuthClientEntity;
import java.util.HashSet;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
@ -24,6 +27,16 @@ public class OAuthClientAdapter implements OAuthClientModel {
return entity.getId();
}
@Override
public boolean isEnabled() {
return getAgent().isEnabled();
}
@Override
public void setEnabled(boolean enabled) {
getAgent().setEnabled(enabled);
}
@Override
public UserModel getAgent() {
return new UserAdapter(entity.getAgent());
@ -38,6 +51,51 @@ public class OAuthClientAdapter implements OAuthClientModel {
entity.setAllowedClaimsMask(mask);
}
@Override
public Set<String> getWebOrigins() {
Set<String> result = new HashSet<String>();
result.addAll(entity.getWebOrigins());
return result;
}
@Override
public void setWebOrigins(Set<String> webOrigins) {
entity.setWebOrigins(webOrigins);
}
@Override
public void addWebOrigin(String webOrigin) {
entity.getWebOrigins().add(webOrigin);
}
@Override
public void removeWebOrigin(String webOrigin) {
entity.getWebOrigins().remove(webOrigin);
}
@Override
public Set<String> getRedirectUris() {
Set<String> result = new HashSet<String>();
result.addAll(entity.getRedirectUris());
return result;
}
@Override
public void setRedirectUris(Set<String> redirectUris) {
entity.setRedirectUris(redirectUris);
}
@Override
public void addRedirectUri(String redirectUri) {
entity.getRedirectUris().add(redirectUri);
}
@Override
public void removeRedirectUri(String redirectUri) {
entity.getRedirectUris().remove(redirectUri);
}
}

30
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -1,5 +1,6 @@
package org.keycloak.models.jpa;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.jpa.entities.ApplicationEntity;
import org.keycloak.models.jpa.entities.CredentialEntity;
@ -558,6 +559,13 @@ public class RealmAdapter implements RealmModel {
em.flush();
}
@Override
public ClientModel findClient(String clientId) {
ClientModel model = getApplicationByName(clientId);
if (model != null) return model;
return getOAuthClient(clientId);
}
@Override
public Map<String, ApplicationModel> getApplicationNameMap() {
Map<String, ApplicationModel> map = new HashMap<String, ApplicationModel>();
@ -926,8 +934,8 @@ public class RealmAdapter implements RealmModel {
}
@Override
public boolean hasScope(UserModel user, RoleModel role) {
Set<RoleModel> roles = getScopeMappings(user);
public boolean hasScope(ClientModel client, RoleModel role) {
Set<RoleModel> roles = getScopeMappings(client);
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
@ -996,8 +1004,8 @@ public class RealmAdapter implements RealmModel {
}
@Override
public Set<RoleModel> getRealmScopeMappings(UserModel user) {
Set<RoleModel> roleMappings = getScopeMappings(user);
public Set<RoleModel> getRealmScopeMappings(ClientModel client) {
Set<RoleModel> roleMappings = getScopeMappings(client);
Set<RoleModel> appRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
@ -1014,9 +1022,9 @@ public class RealmAdapter implements RealmModel {
@Override
public Set<RoleModel> getScopeMappings(UserModel agent) {
public Set<RoleModel> getScopeMappings(ClientModel client) {
TypedQuery<UserScopeMappingEntity> query = em.createNamedQuery("userScopeMappings", UserScopeMappingEntity.class);
query.setParameter("user", ((UserAdapter)agent).getUser());
query.setParameter("user", ((UserAdapter)client.getAgent()).getUser());
List<UserScopeMappingEntity> entities = query.getResultList();
Set<RoleModel> roles = new HashSet<RoleModel>();
for (UserScopeMappingEntity entity : entities) {
@ -1026,8 +1034,9 @@ public class RealmAdapter implements RealmModel {
}
@Override
public void addScopeMapping(UserModel agent, RoleModel role) {
if (hasScope(agent, role)) return;
public void addScopeMapping(ClientModel client, RoleModel role) {
UserModel agent = client.getAgent();
if (hasScope(client, role)) return;
UserScopeMappingEntity entity = new UserScopeMappingEntity();
entity.setUser(((UserAdapter) agent).getUser());
entity.setRole(((RoleAdapter)role).getRole());
@ -1035,8 +1044,9 @@ public class RealmAdapter implements RealmModel {
}
@Override
public void deleteScopeMapping(UserModel user, RoleModel role) {
TypedQuery<UserScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
public void deleteScopeMapping(ClientModel client, RoleModel role) {
UserModel agent = client.getAgent();
TypedQuery<UserScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) agent, (RoleAdapter) role);
List<UserScopeMappingEntity> results = query.getResultList();
if (results.size() == 0) return;
for (UserScopeMappingEntity entity : results) {

43
model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java
View file

@ -99,49 +99,6 @@ public class UserAdapter implements UserModel {
user.getRequiredActions().remove(action);
}
@Override
public Set<String> getWebOrigins() {
Set<String> result = new HashSet<String>();
result.addAll(user.getWebOrigins());
return result;
}
@Override
public void setWebOrigins(Set<String> webOrigins) {
user.setWebOrigins(webOrigins);
}
@Override
public void addWebOrigin(String webOrigin) {
user.getWebOrigins().add(webOrigin);
}
@Override
public void removeWebOrigin(String webOrigin) {
user.getWebOrigins().remove(webOrigin);
}
@Override
public Set<String> getRedirectUris() {
Set<String> result = new HashSet<String>();
result.addAll(user.getRedirectUris());
return result;
}
@Override
public void setRedirectUris(Set<String> redirectUris) {
user.setRedirectUris(redirectUris);
}
@Override
public void addRedirectUri(String redirectUri) {
user.getRedirectUris().add(redirectUri);
}
@Override
public void removeRedirectUri(String redirectUri) {
user.getRedirectUris().remove(redirectUri);
}
@Override
public String getFirstName() {

30
model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
View file

@ -1,6 +1,8 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
@ -11,6 +13,8 @@ import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.hibernate.annotations.GenericGenerator;
@ -35,6 +39,14 @@ public class ApplicationEntity {
@OneToOne(fetch = FetchType.EAGER)
private UserEntity applicationUser;
@ElementCollection
@CollectionTable
protected Set<String> webOrigins = new HashSet<String>();
@ElementCollection
@CollectionTable
protected Set<String> redirectUris = new HashSet<String>();
@OneToMany(fetch = FetchType.EAGER, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "application")
Collection<ApplicationRoleEntity> roles = new ArrayList<ApplicationRoleEntity>();
@ -128,4 +140,22 @@ public class ApplicationEntity {
public void setAllowedClaimsMask(long allowedClaimsMask) {
this.allowedClaimsMask = allowedClaimsMask;
}
public Set<String> getWebOrigins() {
return webOrigins;
}
public void setWebOrigins(Set<String> webOrigins) {
this.webOrigins = webOrigins;
}
public Set<String> getRedirectUris() {
return redirectUris;
}
public void setRedirectUris(Set<String> redirectUris) {
this.redirectUris = redirectUris;
}
}

32
model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java
View file

@ -1,5 +1,7 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.CollectionTable;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
@ -11,6 +13,9 @@ import javax.persistence.OneToOne;
import org.hibernate.annotations.GenericGenerator;
import java.util.HashSet;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
@ -30,6 +35,15 @@ public class OAuthClientEntity {
private String name;
private long allowedClaimsMask;
@ElementCollection
@CollectionTable
protected Set<String> webOrigins = new HashSet<String>();
@ElementCollection
@CollectionTable
protected Set<String> redirectUris = new HashSet<String>();
@OneToOne(fetch = FetchType.EAGER)
private UserEntity agent;
@ -72,4 +86,22 @@ public class OAuthClientEntity {
this.allowedClaimsMask = allowedClaimsMask;
}
public Set<String> getWebOrigins() {
return webOrigins;
}
public void setWebOrigins(Set<String> webOrigins) {
this.webOrigins = webOrigins;
}
public Set<String> getRedirectUris() {
return redirectUris;
}
public void setRedirectUris(Set<String> redirectUris) {
this.redirectUris = redirectUris;
}
}

24
model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java
View file

@ -60,14 +60,6 @@ public class UserEntity {
@CollectionTable
protected Set<UserModel.RequiredAction> requiredActions = new HashSet<UserModel.RequiredAction>();
@ElementCollection
@CollectionTable
protected Set<String> webOrigins = new HashSet<String>();
@ElementCollection
@CollectionTable
protected Set<String> redirectUris = new HashSet<String>();
@OneToMany(cascade = CascadeType.REMOVE, orphanRemoval = true)
protected Collection<CredentialEntity> credentials = new ArrayList<CredentialEntity>();
@ -151,22 +143,6 @@ public class UserEntity {
this.requiredActions = requiredActions;
}
public Set<String> getWebOrigins() {
return webOrigins;
}
public void setWebOrigins(Set<String> webOrigins) {
this.webOrigins = webOrigins;
}
public Set<String> getRedirectUris() {
return redirectUris;
}
public void setRedirectUris(Set<String> redirectUris) {
this.redirectUris = redirectUris;
}
public RealmEntity getRealm() {
return realm;
}

58
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
View file

@ -3,6 +3,7 @@ package org.keycloak.models.mongo.keycloak.adapters;
import com.mongodb.DBObject;
import com.mongodb.QueryBuilder;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.mongo.api.AbstractMongoIdentifiableEntity;
@ -201,9 +202,9 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo
}
@Override
public Set<RoleModel> getApplicationScopeMappings(UserModel user) {
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> result = new HashSet<RoleModel>();
List<RoleEntity> roles = MongoModelUtils.getAllScopesOfUser(user, invocationContext);
List<RoleEntity> roles = MongoModelUtils.getAllScopesOfUser(client.getAgent(), invocationContext);
for (RoleEntity role : roles) {
if (getId().equals(role.getApplicationId())) {
@ -247,4 +248,57 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo
public AbstractMongoIdentifiableEntity getMongoEntity() {
return application;
}
@Override
public Set<String> getWebOrigins() {
Set<String> result = new HashSet<String>();
if (application.getWebOrigins() != null) {
result.addAll(application.getWebOrigins());
}
return result;
}
@Override
public void setWebOrigins(Set<String> webOrigins) {
List<String> result = new ArrayList<String>();
result.addAll(webOrigins);
application.setWebOrigins(result);
}
@Override
public void addWebOrigin(String webOrigin) {
getMongoStore().pushItemToList(application, "webOrigins", webOrigin, true, invocationContext);
}
@Override
public void removeWebOrigin(String webOrigin) {
getMongoStore().pullItemFromList(application, "webOrigins", webOrigin, invocationContext);
}
@Override
public Set<String> getRedirectUris() {
Set<String> result = new HashSet<String>();
if (application.getRedirectUris() != null) {
result.addAll(application.getRedirectUris());
}
return result;
}
@Override
public void setRedirectUris(Set<String> redirectUris) {
List<String> result = new ArrayList<String>();
result.addAll(redirectUris);
application.setRedirectUris(result);
}
@Override
public void addRedirectUri(String redirectUri) {
getMongoStore().pushItemToList(application, "redirectUris", redirectUri, true, invocationContext);
}
@Override
public void removeRedirectUri(String redirectUri) {
getMongoStore().pullItemFromList(application, "redirectUris", redirectUri, invocationContext);
}
}

68
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java
View file

@ -7,6 +7,11 @@ import org.keycloak.models.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.mongo.keycloak.entities.OAuthClientEntity;
import org.keycloak.models.mongo.keycloak.entities.UserEntity;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@ -40,6 +45,16 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo
delegate.setAllowedClaimsMask(mask);
}
@Override
public boolean isEnabled() {
return getAgent().isEnabled();
}
@Override
public void setEnabled(boolean enabled) {
getAgent().setEnabled(enabled);
}
@Override
public UserModel getAgent() {
// This is not thread-safe. Assumption is that OAuthClientAdapter instance is per-client object
@ -54,4 +69,57 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo
public AbstractMongoIdentifiableEntity getMongoEntity() {
return delegate;
}
@Override
public Set<String> getWebOrigins() {
Set<String> result = new HashSet<String>();
if (delegate.getWebOrigins() != null) {
result.addAll(delegate.getWebOrigins());
}
return result;
}
@Override
public void setWebOrigins(Set<String> webOrigins) {
List<String> result = new ArrayList<String>();
result.addAll(webOrigins);
delegate.setWebOrigins(result);
}
@Override
public void addWebOrigin(String webOrigin) {
getMongoStore().pushItemToList(delegate, "webOrigins", webOrigin, true, invocationContext);
}
@Override
public void removeWebOrigin(String webOrigin) {
getMongoStore().pullItemFromList(delegate, "webOrigins", webOrigin, invocationContext);
}
@Override
public Set<String> getRedirectUris() {
Set<String> result = new HashSet<String>();
if (delegate.getRedirectUris() != null) {
result.addAll(delegate.getRedirectUris());
}
return result;
}
@Override
public void setRedirectUris(Set<String> redirectUris) {
List<String> result = new ArrayList<String>();
result.addAll(redirectUris);
delegate.setRedirectUris(result);
}
@Override
public void addRedirectUri(String redirectUri) {
getMongoStore().pushItemToList(delegate, "redirectUris", redirectUri, true, invocationContext);
}
@Override
public void removeRedirectUri(String redirectUri) {
getMongoStore().pullItemFromList(delegate, "redirectUris", redirectUri, invocationContext);
}
}

29
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
View file

@ -4,6 +4,7 @@ import com.mongodb.DBObject;
import com.mongodb.QueryBuilder;
import org.jboss.logging.Logger;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
@ -485,6 +486,14 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
updateRealm();
}
@Override
public ClientModel findClient(String clientId) {
ClientModel model = getApplicationByName(clientId);
if (model != null) return model;
return getOAuthClient(clientId);
}
@Override
public ApplicationModel getApplicationById(String id) {
ApplicationEntity appData = getMongoStore().loadEntity(ApplicationEntity.class, id, invocationContext);
@ -607,9 +616,9 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
}
@Override
public Set<RoleModel> getScopeMappings(UserModel user) {
public Set<RoleModel> getScopeMappings(ClientModel client) {
Set<RoleModel> result = new HashSet<RoleModel>();
List<RoleEntity> roles = MongoModelUtils.getAllScopesOfUser(user, invocationContext);
List<RoleEntity> roles = MongoModelUtils.getAllScopesOfUser(client.getAgent(), invocationContext);
for (RoleEntity role : roles) {
if (getId().equals(role.getRealmId())) {
@ -623,8 +632,8 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
}
@Override
public Set<RoleModel> getRealmScopeMappings(UserModel user) {
Set<RoleModel> allScopes = getScopeMappings(user);
public Set<RoleModel> getRealmScopeMappings(ClientModel client) {
Set<RoleModel> allScopes = getScopeMappings(client);
// Filter to retrieve just realm roles TODO: Maybe improve to avoid filter programmatically... Maybe have separate fields for realmRoles and appRoles on user?
Set<RoleModel> realmRoles = new HashSet<RoleModel>();
@ -639,8 +648,8 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
}
@Override
public boolean hasScope(UserModel user, RoleModel role) {
Set<RoleModel> roles = getScopeMappings(user);
public boolean hasScope(ClientModel client, RoleModel role) {
Set<RoleModel> roles = getScopeMappings(client);
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
@ -651,14 +660,14 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
@Override
public void addScopeMapping(UserModel agent, RoleModel role) {
UserEntity userEntity = ((UserAdapter)agent).getUser();
public void addScopeMapping(ClientModel client, RoleModel role) {
UserEntity userEntity = ((UserAdapter)client.getAgent()).getUser();
getMongoStore().pushItemToList(userEntity, "scopeIds", role.getId(), true, invocationContext);
}
@Override
public void deleteScopeMapping(UserModel user, RoleModel role) {
UserEntity userEntity = ((UserAdapter)user).getUser();
public void deleteScopeMapping(ClientModel client, RoleModel role) {
UserEntity userEntity = ((UserAdapter)client.getAgent()).getUser();
getMongoStore().pullItemFromList(userEntity, "scopeIds", role.getId(), invocationContext);
}

53
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java
View file

@ -124,59 +124,6 @@ public class UserAdapter extends AbstractAdapter implements UserModel {
return user;
}
@Override
public Set<String> getWebOrigins() {
Set<String> result = new HashSet<String>();
if (user.getWebOrigins() != null) {
result.addAll(user.getWebOrigins());
}
return result;
}
@Override
public void setWebOrigins(Set<String> webOrigins) {
List<String> result = new ArrayList<String>();
result.addAll(webOrigins);
user.setWebOrigins(result);
updateUser();
}
@Override
public void addWebOrigin(String webOrigin) {
getMongoStore().pushItemToList(user, "webOrigins", webOrigin, true, invocationContext);
}
@Override
public void removeWebOrigin(String webOrigin) {
getMongoStore().pullItemFromList(user, "webOrigins", webOrigin, invocationContext);
}
@Override
public Set<String> getRedirectUris() {
Set<String> result = new HashSet<String>();
if (user.getRedirectUris() != null) {
result.addAll(user.getRedirectUris());
}
return result;
}
@Override
public void setRedirectUris(Set<String> redirectUris) {
List<String> result = new ArrayList<String>();
result.addAll(redirectUris);
user.setRedirectUris(result);
updateUser();
}
@Override
public void addRedirectUri(String redirectUri) {
getMongoStore().pushItemToList(user, "redirectUris", redirectUri, true, invocationContext);
}
@Override
public void removeRedirectUri(String redirectUri) {
getMongoStore().pullItemFromList(user, "redirectUris", redirectUri, invocationContext);
}
@Override
public Set<RequiredAction> getRequiredActions() {

23
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java
View file

@ -26,6 +26,9 @@ public class ApplicationEntity extends AbstractMongoIdentifiableEntity implement
private String resourceUserId;
private String realmId;
private long allowedClaimsMask;
private List<String> webOrigins;
private List<String> redirectUris;
// We are using names of defaultRoles (not ids)
private List<String> defaultRoles = new ArrayList<String>();
@ -84,6 +87,26 @@ public class ApplicationEntity extends AbstractMongoIdentifiableEntity implement
this.resourceUserId = resourceUserId;
}
@MongoField
public List<String> getWebOrigins() {
return webOrigins;
}
public void setWebOrigins(List<String> webOrigins) {
this.webOrigins = webOrigins;
}
@MongoField
public List<String> getRedirectUris() {
return redirectUris;
}
public void setRedirectUris(List<String> redirectUris) {
this.redirectUris = redirectUris;
}
@MongoField
public long getAllowedClaimsMask() {
return allowedClaimsMask;

24
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java
View file

@ -6,6 +6,8 @@ import org.keycloak.models.mongo.api.MongoEntity;
import org.keycloak.models.mongo.api.MongoField;
import org.keycloak.models.mongo.api.context.MongoStoreInvocationContext;
import java.util.List;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@ -17,6 +19,8 @@ public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implement
private String oauthAgentId;
private String realmId;
private long allowedClaimsMask;
private List<String> webOrigins;
private List<String> redirectUris;
@MongoField
public String getName() {
@ -54,6 +58,26 @@ public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implement
this.allowedClaimsMask = allowedClaimsMask;
}
@MongoField
public List<String> getWebOrigins() {
return webOrigins;
}
public void setWebOrigins(List<String> webOrigins) {
this.webOrigins = webOrigins;
}
@MongoField
public List<String> getRedirectUris() {
return redirectUris;
}
public void setRedirectUris(List<String> redirectUris) {
this.redirectUris = redirectUris;
}
@Override
public void afterRemove(MongoStoreInvocationContext context) {
// Remove user of this oauthClient

20
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java
View file

@ -30,8 +30,6 @@ public class UserEntity extends AbstractMongoIdentifiableEntity implements Mongo
private List<String> scopeIds;
private Map<String, String> attributes;
private List<String> webOrigins;
private List<String> redirectUris;
private List<UserModel.RequiredAction> requiredActions;
private List<CredentialEntity> credentials = new ArrayList<CredentialEntity>();
private List<SocialLinkEntity> socialLinks;
@ -135,24 +133,6 @@ public class UserEntity extends AbstractMongoIdentifiableEntity implements Mongo
this.attributes = attributes;
}
@MongoField
public List<String> getWebOrigins() {
return webOrigins;
}
public void setWebOrigins(List<String> webOrigins) {
this.webOrigins = webOrigins;
}
@MongoField
public List<String> getRedirectUris() {
return redirectUris;
}
public void setRedirectUris(List<String> redirectUris) {
this.redirectUris = redirectUris;
}
@MongoField
public List<UserModel.RequiredAction> getRequiredActions() {
return requiredActions;

12
model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
View file

@ -184,10 +184,10 @@ public class AdapterTest extends AbstractModelTest {
RoleModel appRole = app.addRole("test");
realmModel.grantRole(user, appRole);
realmModel.addScopeMapping(client.getAgent(), appRole);
realmModel.addScopeMapping(client, appRole);
RoleModel realmRole = realmModel.addRole("test");
realmModel.addScopeMapping(app.getAgent(), realmRole);
realmModel.addScopeMapping(app, realmRole);
Assert.assertTrue(realmModel.removeApplication(app.getId()));
Assert.assertFalse(realmModel.removeApplication(app.getId()));
@ -212,10 +212,10 @@ public class AdapterTest extends AbstractModelTest {
RoleModel appRole = app.addRole("test");
realmModel.grantRole(user, appRole);
realmModel.addScopeMapping(client.getAgent(), appRole);
realmModel.addScopeMapping(client, appRole);
RoleModel realmRole = realmModel.addRole("test");
realmModel.addScopeMapping(app.getAgent(), realmRole);
realmModel.addScopeMapping(app, realmRole);
Assert.assertTrue(identitySession.removeRealm(realmModel.getId()));
Assert.assertFalse(identitySession.removeRealm(realmModel.getId()));
@ -235,10 +235,10 @@ public class AdapterTest extends AbstractModelTest {
RoleModel appRole = app.addRole("test");
realmModel.grantRole(user, appRole);
realmModel.addScopeMapping(client.getAgent(), appRole);
realmModel.addScopeMapping(client, appRole);
RoleModel realmRole = realmModel.addRole("test");
realmModel.addScopeMapping(app.getAgent(), realmRole);
realmModel.addScopeMapping(app, realmRole);
Assert.assertTrue(realmModel.removeRoleById(realmRole.getId()));
Assert.assertFalse(realmModel.removeRoleById(realmRole.getId()));

15
model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java
View file

@ -37,11 +37,11 @@ public class ApplicationModelTest extends AbstractModelTest {
application.addDefaultRole("role-1");
application.addDefaultRole("role-2");
application.getAgent().addRedirectUri("redirect-1");
application.getAgent().addRedirectUri("redirect-2");
application.addRedirectUri("redirect-1");
application.addRedirectUri("redirect-2");
application.getAgent().addWebOrigin("origin-1");
application.getAgent().addWebOrigin("origin-2");
application.addWebOrigin("origin-1");
application.addWebOrigin("origin-2");
application.updateApplication();
}
@ -69,11 +69,8 @@ public class ApplicationModelTest extends AbstractModelTest {
Assert.assertEquals(expected.getManagementUrl(), actual.getManagementUrl());
Assert.assertEquals(expected.getDefaultRoles(), actual.getDefaultRoles());
UserModel auser = actual.getAgent();
UserModel euser = expected.getAgent();
Assert.assertTrue(euser.getRedirectUris().containsAll(auser.getRedirectUris()));
Assert.assertTrue(euser.getWebOrigins().containsAll(auser.getWebOrigins()));
Assert.assertTrue(expected.getRedirectUris().containsAll(actual.getRedirectUris()));
Assert.assertTrue(expected.getWebOrigins().containsAll(actual.getWebOrigins()));
}
public static void assertEquals(List<RoleModel> expected, List<RoleModel> actual) {

2
model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java
View file

@ -60,7 +60,7 @@ public class CompositeRolesModelTest extends AbstractModelTest {
ApplicationModel application = realm.getApplicationByName(applicationName);
Set<RoleModel> roleMappings = realm.getRoleMappings(user);
Set<RoleModel> scopeMappings = realm.getScopeMappings(application.getAgent());
Set<RoleModel> scopeMappings = realm.getScopeMappings(application);
Set<RoleModel> appRoles = application.getRoles();
if (appRoles != null) scopeMappings.addAll(appRoles);

5
model/tests/src/test/java/org/keycloak/model/test/ImportTest.java
View file

@ -6,6 +6,7 @@ import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
@ -47,8 +48,6 @@ public class ImportTest extends AbstractModelTest {
UserModel user = realm.getUser("loginclient");
Assert.assertNotNull(user);
Set<RoleModel> scopes = realm.getRealmScopeMappings(user);
Assert.assertEquals(0, scopes.size());
Assert.assertEquals(0, realm.getSocialLinks(user).size());
List<ApplicationModel> resources = realm.getApplications();
@ -103,7 +102,7 @@ public class ImportTest extends AbstractModelTest {
// Test scope relationship
UserModel oauthClient = realm.getUser("oauthclient");
ClientModel oauthClient = realm.findClient("oauthclient");
Assert.assertNotNull(oauthClient);
Set<RoleModel> allScopes = realm.getScopeMappings(oauthClient);
Assert.assertEquals(2, allScopes.size());

47
model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java
View file

@ -2,6 +2,8 @@ package org.keycloak.model.test;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.RequiredAction;
@ -19,15 +21,9 @@ public class UserModelTest extends AbstractModelTest {
user.setLastName("last-name");
user.setEmail("email");
user.addRedirectUri("redirect-1");
user.addRedirectUri("redirect-2");
user.addRequiredAction(RequiredAction.CONFIGURE_TOTP);
user.addRequiredAction(RequiredAction.UPDATE_PASSWORD);
user.addWebOrigin("origin-1");
user.addWebOrigin("origin-2");
UserModel persisted = realmManager.getRealm(realm.getId()).getUser("user");
assertEquals(user, persisted);
@ -39,21 +35,38 @@ public class UserModelTest extends AbstractModelTest {
@Test
public void webOriginSetTest() {
RealmModel realm = realmManager.createRealm("original");
UserModel user = realm.addUser("user");
ClientModel client = realm.addApplication("user");
Assert.assertTrue(user.getWebOrigins().isEmpty());
Assert.assertTrue(client.getWebOrigins().isEmpty());
user.addWebOrigin("origin-1");
Assert.assertEquals(1, user.getWebOrigins().size());
client.addWebOrigin("origin-1");
Assert.assertEquals(1, client.getWebOrigins().size());
user.addWebOrigin("origin-2");
Assert.assertEquals(2, user.getWebOrigins().size());
client.addWebOrigin("origin-2");
Assert.assertEquals(2, client.getWebOrigins().size());
user.removeWebOrigin("origin-2");
Assert.assertEquals(1, user.getWebOrigins().size());
client.removeWebOrigin("origin-2");
Assert.assertEquals(1, client.getWebOrigins().size());
client.removeWebOrigin("origin-1");
Assert.assertTrue(client.getWebOrigins().isEmpty());
client = realm.addOAuthClient("oauthclient2");
Assert.assertTrue(client.getWebOrigins().isEmpty());
client.addWebOrigin("origin-1");
Assert.assertEquals(1, client.getWebOrigins().size());
client.addWebOrigin("origin-2");
Assert.assertEquals(2, client.getWebOrigins().size());
client.removeWebOrigin("origin-2");
Assert.assertEquals(1, client.getWebOrigins().size());
client.removeWebOrigin("origin-1");
Assert.assertTrue(client.getWebOrigins().isEmpty());
user.removeWebOrigin("origin-1");
Assert.assertTrue(user.getWebOrigins().isEmpty());
}
@Test
@ -101,9 +114,7 @@ public class UserModelTest extends AbstractModelTest {
Assert.assertEquals(expected.getLoginName(), actual.getLoginName());
Assert.assertEquals(expected.getFirstName(), actual.getFirstName());
Assert.assertEquals(expected.getLastName(), actual.getLastName());
Assert.assertArrayEquals(expected.getRedirectUris().toArray(), actual.getRedirectUris().toArray());
Assert.assertArrayEquals(expected.getRequiredActions().toArray(), actual.getRequiredActions().toArray());
Assert.assertArrayEquals(expected.getWebOrigins().toArray(), actual.getWebOrigins().toArray());
}
}

7
services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java
View file

@ -1,5 +1,6 @@
package org.keycloak.services.managers;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@ -29,7 +30,7 @@ public class AccessCodeEntry {
protected AccessToken token;
protected UserModel user;
protected Set<RequiredAction> requiredActions;
protected UserModel client;
protected ClientModel client;
protected List<RoleModel> realmRolesRequested = new ArrayList<RoleModel>();
MultivaluedMap<String, RoleModel> resourceRolesRequested = new MultivaluedHashMap<String, RoleModel>();
@ -73,11 +74,11 @@ public class AccessCodeEntry {
this.token = token;
}
public UserModel getClient() {
public ClientModel getClient() {
return client;
}
public void setClient(UserModel client) {
public void setClient(ClientModel client) {
this.client = client;
}

13
services/src/main/java/org/keycloak/services/managers/AppAuthManager.java Normal file → Executable file
View file

@ -9,6 +9,7 @@ import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.AccessToken;
@ -66,7 +67,7 @@ public class AppAuthManager extends AuthenticationManager {
throw new BadRequestException();
}
if (!client.getLoginName().equals(accessCode.getClient().getLoginName())) {
if (!client.getLoginName().equals(accessCode.getClient().getAgent().getLoginName())) {
logger.debug("bad client");
throw new BadRequestException();
}
@ -74,7 +75,7 @@ public class AppAuthManager extends AuthenticationManager {
return createLoginCookie(realm, accessCode.getUser(), accessCode.getClient(), cookieName, uri.getRawPath(), false);
}
public NewCookie createRefreshCookie(RealmModel realm, UserModel user, UserModel client, URI uri) {
public NewCookie createRefreshCookie(RealmModel realm, UserModel user, ClientModel client, URI uri) {
return createLoginCookie(realm, user, client, cookieName, uri.getRawPath(), false);
}
@ -117,9 +118,9 @@ public class AppAuthManager extends AuthenticationManager {
return null;
}
UserModel client = null;
ClientModel client = null;
if (token.getIssuedFor() != null) {
client = realm.getUser(token.getIssuedFor());
client = realm.findClient(token.getIssuedFor());
if (client == null || !client.isEnabled()) {
logger.info("Unknown client in cookie");
expireCookie(cookie.getName(), cookie.getPath());
@ -158,9 +159,9 @@ public class AppAuthManager extends AuthenticationManager {
throw new NotAuthorizedException("invalid_user");
}
UserModel client = null;
ClientModel client = null;
if (token.getIssuedFor() != null) {
client = realm.getUser(token.getIssuedFor());
client = realm.findClient(token.getIssuedFor());
if (client == null || !client.isEnabled()) {
throw new NotAuthorizedException("invalid_user");
}

17
services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
View file

@ -5,6 +5,7 @@ import org.codehaus.jackson.annotate.JsonPropertyOrder;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@ -73,13 +74,13 @@ public class ApplicationManager {
if (resourceRep.getRedirectUris() != null) {
for (String redirectUri : resourceRep.getRedirectUris()) {
resourceUser.addRedirectUri(redirectUri);
applicationModel.addRedirectUri(redirectUri);
}
}
if (resourceRep.getWebOrigins() != null) {
for (String webOrigin : resourceRep.getWebOrigins()) {
logger.debug("Application: {0} webOrigin: {1}", resourceUser.getLoginName(), webOrigin);
resourceUser.addWebOrigin(webOrigin);
applicationModel.addWebOrigin(webOrigin);
}
}
@ -117,13 +118,13 @@ public class ApplicationManager {
public void createScopeMappings(RealmModel realm, ApplicationModel applicationModel, List<ScopeMappingRepresentation> mappings) {
for (ScopeMappingRepresentation mapping : mappings) {
UserModel user = realm.getUser(mapping.getUsername());
for (String roleString : mapping.getRoles()) {
RoleModel role = applicationModel.getRole(roleString.trim());
if (role == null) {
role = applicationModel.addRole(roleString.trim());
}
realm.addScopeMapping(user, role);
ClientModel client = realm.findClient(mapping.getUsername());
realm.addScopeMapping(client, role);
}
}
}
@ -162,12 +163,12 @@ public class ApplicationManager {
List<String> redirectUris = rep.getRedirectUris();
if (redirectUris != null) {
resource.getAgent().setRedirectUris(new HashSet<String>(redirectUris));
resource.setRedirectUris(new HashSet<String>(redirectUris));
}
List<String> webOrigins = rep.getWebOrigins();
if (webOrigins != null) {
resource.getAgent().setWebOrigins(new HashSet<String>(webOrigins));
resource.setWebOrigins(new HashSet<String>(webOrigins));
}
if (rep.getClaims() != null) {
@ -184,12 +185,12 @@ public class ApplicationManager {
rep.setSurrogateAuthRequired(applicationModel.isSurrogateAuthRequired());
rep.setBaseUrl(applicationModel.getBaseUrl());
Set<String> redirectUris = applicationModel.getAgent().getRedirectUris();
Set<String> redirectUris = applicationModel.getRedirectUris();
if (redirectUris != null) {
rep.setRedirectUris(new LinkedList<String>(redirectUris));
}
Set<String> webOrigins = applicationModel.getAgent().getWebOrigins();
Set<String> webOrigins = applicationModel.getWebOrigins();
if (webOrigins != null) {
rep.setWebOrigins(new LinkedList<String>(webOrigins));
}

9
services/src/main/java/org/keycloak/services/managers/Auth.java Normal file → Executable file
View file

@ -1,5 +1,6 @@
package org.keycloak.services.managers;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.AccessToken;
@ -13,9 +14,9 @@ public class Auth {
private final RealmModel realm;
private final AccessToken token;
private final UserModel user;
private final UserModel client;
private final ClientModel client;
public Auth(RealmModel realm, UserModel user, UserModel client) {
public Auth(RealmModel realm, UserModel user, ClientModel client) {
this.cookie = true;
this.realm = realm;
this.token = null;
@ -24,7 +25,7 @@ public class Auth {
this.client = client;
}
public Auth(AccessToken token, UserModel user, UserModel client) {
public Auth(AccessToken token, UserModel user, ClientModel client) {
this.cookie = false;
this.token = token;
this.realm = null;
@ -45,7 +46,7 @@ public class Auth {
return user;
}
public UserModel getClient() {
public ClientModel getClient() {
return client;
}

5
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
View file

@ -6,6 +6,7 @@ import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
@ -56,10 +57,10 @@ public class AuthenticationManager {
return createLoginCookie(realm, user, null, cookieName, cookiePath, rememberMe);
}
protected NewCookie createLoginCookie(RealmModel realm, UserModel user, UserModel client, String cookieName, String cookiePath, boolean rememberMe) {
protected NewCookie createLoginCookie(RealmModel realm, UserModel user, ClientModel client, String cookieName, String cookiePath, boolean rememberMe) {
AccessToken identityToken = createIdentityToken(realm, user);
if (client != null) {
identityToken.issuedFor(client.getLoginName());
identityToken.issuedFor(client.getAgent().getLoginName());
}
String encoded = encodeToken(realm, identityToken);
boolean secureOnly = !realm.isSslNotRequired();

8
services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
View file

@ -72,12 +72,12 @@ public class OAuthClientManager {
model.getAgent().setEnabled(rep.isEnabled());
List<String> redirectUris = rep.getRedirectUris();
if (redirectUris != null) {
model.getAgent().setRedirectUris(new HashSet<String>(redirectUris));
model.setRedirectUris(new HashSet<String>(redirectUris));
}
List<String> webOrigins = rep.getWebOrigins();
if (webOrigins != null) {
model.getAgent().setWebOrigins(new HashSet<String>(webOrigins));
model.setWebOrigins(new HashSet<String>(webOrigins));
}
if (rep.getClaims() != null) {
@ -90,12 +90,12 @@ public class OAuthClientManager {
rep.setId(model.getId());
rep.setName(model.getAgent().getLoginName());
rep.setEnabled(model.getAgent().isEnabled());
Set<String> redirectUris = model.getAgent().getRedirectUris();
Set<String> redirectUris = model.getRedirectUris();
if (redirectUris != null) {
rep.setRedirectUris(new LinkedList<String>(redirectUris));
}
Set<String> webOrigins = model.getAgent().getWebOrigins();
Set<String> webOrigins = model.getWebOrigins();
if (webOrigins != null) {
rep.setWebOrigins(new LinkedList<String>(webOrigins));
}

4
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -4,6 +4,7 @@ import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
@ -361,7 +362,8 @@ public class RealmManager {
role = newRealm.addRole(roleString.trim());
}
UserModel user = userMap.get(scope.getUsername());
newRealm.addScopeMapping(user, role);
ClientModel client = newRealm.findClient(user.getLoginName());
newRealm.addScopeMapping(client, role);
}
}

28
services/src/main/java/org/keycloak/services/managers/TokenManager.java
View file

@ -87,13 +87,13 @@ public class TokenManager {
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) {
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, ClientModel client, UserModel user) {
AccessCodeEntry code = createAccessCodeEntry(scopeParam, state, redirect, realm, client, user);
accessCodeMap.put(code.getId(), code);
return code;
}
private AccessCodeEntry createAccessCodeEntry(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) {
private AccessCodeEntry createAccessCodeEntry(String scopeParam, String state, String redirect, RealmModel realm, ClientModel client, UserModel user) {
AccessCodeEntry code = new AccessCodeEntry();
List<RoleModel> realmRolesRequested = code.getRealmRolesRequested();
MultivaluedMap<String, RoleModel> resourceRolesRequested = code.getResourceRolesRequested();
@ -117,7 +117,7 @@ public class TokenManager {
return code;
}
public AccessToken refreshAccessToken(RealmModel realm, UserModel client, String encodedRefreshToken) throws OAuthErrorException {
public AccessToken refreshAccessToken(RealmModel realm, ClientModel client, String encodedRefreshToken) throws OAuthErrorException {
JWSInput jws = new JWSInput(encodedRefreshToken);
RefreshToken refreshToken = null;
try {
@ -142,7 +142,7 @@ public class TokenManager {
}
ApplicationModel clientApp = realm.getApplicationByName(client.getLoginName());
ApplicationModel clientApp = (client instanceof ApplicationModel) ? (ApplicationModel)client : null;
if (refreshToken.getRealmAccess() != null) {
@ -180,15 +180,14 @@ public class TokenManager {
}
}
ClientModel claimRequesterModel = getClaimRequester(realm, client);
AccessToken accessToken = initToken(realm, claimRequesterModel, client, user);
AccessToken accessToken = initToken(realm, client, user);
accessToken.setRealmAccess(refreshToken.getRealmAccess());
accessToken.setResourceAccess(refreshToken.getResourceAccess());
return accessToken;
}
public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, UserModel client, UserModel user) {
public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, ClientModel client, UserModel user) {
return createClientAccessToken(scopeParam, realm, client, user, new LinkedList<RoleModel>(), new MultivaluedHashMap<String, RoleModel>());
}
@ -199,15 +198,14 @@ public class TokenManager {
}
public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, UserModel client, UserModel user, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, ClientModel client, UserModel user, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
AccessScope scopeMap = null;
if (scopeParam != null) scopeMap = decodeScope(scopeParam);
Set<RoleModel> roleMappings = realm.getRoleMappings(user);
Set<RoleModel> scopeMappings = realm.getScopeMappings(client);
ClientModel claimRequesterModel = getClaimRequester(realm, client);
ApplicationModel clientApp = realm.getApplicationByName(client.getLoginName());
ApplicationModel clientApp = (client instanceof ApplicationModel) ? (ApplicationModel)client : null;
Set<RoleModel> clientAppRoles = clientApp == null ? null : clientApp.getRoles();
if (clientAppRoles != null) scopeMappings.addAll(clientAppRoles);
@ -233,7 +231,7 @@ public class TokenManager {
}
}
AccessToken token = initToken(realm, claimRequesterModel, client, user);
AccessToken token = initToken(realm, client, user);
if (realmRolesRequested.size() > 0) {
for (RoleModel role : realmRolesRequested) {
@ -286,13 +284,13 @@ public class TokenManager {
protected AccessToken initToken(RealmModel realm, ClientModel claimer, UserModel client, UserModel user) {
protected AccessToken initToken(RealmModel realm, ClientModel client, UserModel user) {
AccessToken token = new AccessToken();
token.id(KeycloakModelUtils.generateId());
token.subject(user.getId());
token.audience(realm.getName());
token.issuedNow();
token.issuedFor(client.getLoginName());
token.issuedFor(client.getAgent().getLoginName());
token.issuer(realm.getName());
if (realm.getAccessTokenLifespan() > 0) {
token.expiration((System.currentTimeMillis() / 1000) + realm.getAccessTokenLifespan());
@ -301,7 +299,7 @@ public class TokenManager {
if (allowedOrigins != null) {
token.setAllowedOrigins(allowedOrigins);
}
initClaims(token, claimer, user);
initClaims(token, client, user);
return token;
}
@ -385,7 +383,7 @@ public class TokenManager {
return this;
}
public AccessTokenResponseBuilder generateAccessToken(String scopeParam, UserModel client, UserModel user) {
public AccessTokenResponseBuilder generateAccessToken(String scopeParam, ClientModel client, UserModel user) {
accessToken = createClientAccessToken(scopeParam, realm, client, user);
return this;
}

3
services/src/main/java/org/keycloak/services/resources/Cors.java
View file

@ -7,6 +7,7 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.ResponseBuilder;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.models.ClientModel;
import org.keycloak.models.UserModel;
/**
@ -52,7 +53,7 @@ public class Cors {
return this;
}
public Cors allowedOrigins(UserModel client) {
public Cors allowedOrigins(ClientModel client) {
if (client != null) {
allowedOrigins = client.getWebOrigins();
}

3
services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
View file

@ -26,6 +26,7 @@ import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.login.LoginForms;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
@ -244,7 +245,7 @@ public class RequiredActionsService {
String redirect = uriInfo.getQueryParameters().getFirst("redirect_uri");
String clientId = uriInfo.getQueryParameters().getFirst("client_id");
UserModel client = realm.getUser(clientId);
ClientModel client = realm.findClient(clientId);
if (client == null) {
return Flows.oauth(realm, request, uriInfo, authManager, tokenManager).forwardToSecurityFailure(
"Unknown login requester.");

5
services/src/main/java/org/keycloak/services/resources/SocialResource.java
View file

@ -24,6 +24,7 @@ package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.SocialLinkModel;
@ -117,7 +118,7 @@ public class SocialResource {
String clientId = requestData.getClientAttributes().get("clientId");
UserModel client = realm.getUser(clientId);
ClientModel client = realm.findClient(clientId);
if (client == null) {
return oauth.forwardToSecurityFailure("Unknown login requester.");
}
@ -192,7 +193,7 @@ public class SocialResource {
SocialProviderConfig config = new SocialProviderConfig(key, secret, callbackUri);
UserModel client = realm.getUser(clientId);
ClientModel client = realm.findClient(clientId);
if (client == null) {
logger.warn("Unknown login requester: " + clientId);
return Flows.forms(realm, request, uriInfo).setError("Unknown login requester.").createErrorPage();

29
services/src/main/java/org/keycloak/services/resources/TokenService.java
View file

@ -8,6 +8,7 @@ import org.keycloak.OAuthErrorException;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakTransaction;
@ -137,7 +138,7 @@ public class TokenService {
throw new NotAcceptableException("HTTPS required");
}
UserModel client = authorizeClient(authorizationHeader);
ClientModel client = authorizeClient(authorizationHeader);
String username = form.getFirst(AuthenticationManager.FORM_USERNAME);
@ -176,7 +177,7 @@ public class TokenService {
throw new NotAcceptableException("HTTPS required");
}
UserModel client = authorizeClient(authorizationHeader);
ClientModel client = authorizeClient(authorizationHeader);
String refreshToken = form.getFirst("refresh_token");
AccessToken accessToken = null;
try {
@ -211,7 +212,7 @@ public class TokenService {
if (!realm.isEnabled()) {
return oauth.forwardToSecurityFailure("Realm not enabled.");
}
UserModel client = realm.getUser(clientId);
ClientModel client = realm.findClient(clientId);
if (client == null) {
return oauth.forwardToSecurityFailure("Unknown login requester.");
}
@ -282,7 +283,7 @@ public class TokenService {
logger.warn("Realm not enabled");
return oauth.forwardToSecurityFailure("Realm not enabled");
}
UserModel client = realm.getUser(clientId);
ClientModel client = realm.findClient(clientId);
if (client == null) {
logger.warn("Unknown login requester.");
return oauth.forwardToSecurityFailure("Unknown login requester.");
@ -355,7 +356,7 @@ public class TokenService {
throw new NotAuthorizedException("Realm not enabled");
}
UserModel client = authorizeClient(authorizationHeader);
ClientModel client = authorizeClient(authorizationHeader);
String code = formData.getFirst("code");
if (code == null) {
@ -403,7 +404,7 @@ public class TokenService {
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
if (!client.getLoginName().equals(accessCode.getClient().getLoginName())) {
if (!client.getAgent().getLoginName().equals(accessCode.getClient().getAgent().getLoginName())) {
Map<String, String> res = new HashMap<String, String>();
res.put("error", "invalid_grant");
res.put("error_description", "Auth error");
@ -419,7 +420,7 @@ public class TokenService {
return Cors.add(request, Response.ok(res)).allowedOrigins(client).allowedMethods("POST").build();
}
protected UserModel authorizeClient(String authorizationHeader) {
protected ClientModel authorizeClient(String authorizationHeader) {
if (authorizationHeader == null) {
throw new NotAuthorizedException("No Authorization header to authenticate client", "Basic realm=\"" + realm.getName() + "\"");
}
@ -431,7 +432,7 @@ public class TokenService {
String client_id = usernameSecret[0];
String clientSecret = usernameSecret[1];
UserModel client = realm.getUser(client_id);
ClientModel client = realm.findClient(client_id);
if (client == null) {
Map<String, String> error = new HashMap<String, String>();
error.put("error", "invalid_client");
@ -446,7 +447,7 @@ public class TokenService {
throw new BadRequestException("Client is not enabled", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
if (!realm.validateSecret(client, clientSecret)) {
if (!realm.validateSecret(client.getAgent(), clientSecret)) {
Map<String, String> error = new HashMap<String, String>();
error.put("error", "unauthorized_client");
throw new BadRequestException("Unauthorized Client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
@ -470,7 +471,7 @@ public class TokenService {
logger.warn("Realm not enabled");
return oauth.forwardToSecurityFailure("Realm not enabled");
}
UserModel client = realm.getUser(clientId);
ClientModel client = realm.findClient(clientId);
if (client == null) {
logger.warn("Unknown login requester: " + clientId);
return oauth.forwardToSecurityFailure("Unknown login requester.");
@ -488,8 +489,8 @@ public class TokenService {
logger.info("Checking roles...");
RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
boolean isResource = realm.hasRole(client, resourceRole);
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
boolean isResource = realm.hasRole(client.getAgent(), resourceRole);
if (!isResource && !realm.hasRole(client.getAgent(), identityRequestRole)) {
logger.warn("Login requester not allowed to request login.");
return oauth.forwardToSecurityFailure("Login requester not allowed to request login.");
}
@ -523,7 +524,7 @@ public class TokenService {
logger.warn("Realm not enabled");
return oauth.forwardToSecurityFailure("Realm not enabled");
}
UserModel client = realm.getUser(clientId);
ClientModel client = realm.findClient(clientId);
if (client == null) {
logger.warn("Unknown login requester.");
return oauth.forwardToSecurityFailure("Unknown login requester.");
@ -615,7 +616,7 @@ public class TokenService {
return location.build();
}
public static String verifyRedirectUri(String redirectUri, UserModel client) {
public static String verifyRedirectUri(String redirectUri, ClientModel client) {
if (redirectUri == null) {
return client.getRedirectUris().size() == 1 ? client.getRedirectUris().iterator().next() : null;
} else if (client.getRedirectUris().isEmpty()) {

8
services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
View file

@ -145,7 +145,7 @@ public class ApplicationResource {
@Path("scope-mappings")
public ScopeMappedResource getScopeMappedResource() {
return new ScopeMappedResource(realm, auth, application.getAgent(), session);
return new ScopeMappedResource(realm, auth, application, session);
}
@Path("roles")
@ -160,7 +160,7 @@ public class ApplicationResource {
{
auth.requireView();
return application.getAgent().getWebOrigins();
return application.getWebOrigins();
}
@Path("allowed-origins")
@ -170,7 +170,7 @@ public class ApplicationResource {
{
auth.requireManage();
application.getAgent().setWebOrigins(allowedOrigins);
application.setWebOrigins(allowedOrigins);
}
@Path("allowed-origins")
@ -181,7 +181,7 @@ public class ApplicationResource {
auth.requireManage();
for (String origin : allowedOrigins) {
application.getAgent().removeWebOrigin(origin);
application.removeWebOrigin(origin);
}
}

2
services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java
View file

@ -131,7 +131,7 @@ public class OAuthClientResource {
@Path("scope-mappings")
public ScopeMappedResource getScopeMappedResource() {
return new ScopeMappedResource(realm, auth, oauthClient.getAgent(), session);
return new ScopeMappedResource(realm, auth, oauthClient, session);
}

31
services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
View file

@ -2,6 +2,7 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@ -33,13 +34,13 @@ import java.util.Set;
public class ScopeMappedResource {
protected RealmModel realm;
private RealmAuth auth;
protected UserModel agent;
protected ClientModel client;
protected KeycloakSession session;
public ScopeMappedResource(RealmModel realm, RealmAuth auth, UserModel account, KeycloakSession session) {
public ScopeMappedResource(RealmModel realm, RealmAuth auth, ClientModel client, KeycloakSession session) {
this.realm = realm;
this.auth = auth;
this.agent = account;
this.client = client;
this.session = session;
}
@ -50,7 +51,7 @@ public class ScopeMappedResource {
auth.requireView();
MappingsRepresentation all = new MappingsRepresentation();
Set<RoleModel> realmMappings = realm.getRealmScopeMappings(agent);
Set<RoleModel> realmMappings = realm.getRealmScopeMappings(client);
RealmManager manager = new RealmManager(session);
if (realmMappings.size() > 0) {
List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>();
@ -64,7 +65,7 @@ public class ScopeMappedResource {
if (applications.size() > 0) {
Map<String, ApplicationMappingsRepresentation> appMappings = new HashMap<String, ApplicationMappingsRepresentation>();
for (ApplicationModel app : applications) {
Set<RoleModel> roleMappings = app.getApplicationScopeMappings(agent);
Set<RoleModel> roleMappings = app.getApplicationScopeMappings(client);
if (roleMappings.size() > 0) {
ApplicationMappingsRepresentation mappings = new ApplicationMappingsRepresentation();
mappings.setApplicationId(app.getId());
@ -89,7 +90,7 @@ public class ScopeMappedResource {
public List<RoleRepresentation> getRealmScopeMappings() {
auth.requireView();
Set<RoleModel> realmMappings = realm.getRealmScopeMappings(agent);
Set<RoleModel> realmMappings = realm.getRealmScopeMappings(client);
List<RoleRepresentation> realmMappingsRep = new ArrayList<RoleRepresentation>();
RealmManager manager = new RealmManager(session);
for (RoleModel roleModel : realmMappings) {
@ -109,7 +110,7 @@ public class ScopeMappedResource {
if (roleModel == null) {
throw new NotFoundException();
}
realm.addScopeMapping(agent, roleModel);
realm.addScopeMapping(client, roleModel);
}
@ -122,9 +123,9 @@ public class ScopeMappedResource {
auth.requireManage();
if (roles == null) {
Set<RoleModel> roleModels = realm.getRealmScopeMappings(agent);
Set<RoleModel> roleModels = realm.getRealmScopeMappings(client);
for (RoleModel roleModel : roleModels) {
realm.deleteScopeMapping(agent, roleModel);
realm.deleteScopeMapping(client, roleModel);
}
} else {
@ -133,7 +134,7 @@ public class ScopeMappedResource {
if (roleModel == null) {
throw new NotFoundException();
}
realm.deleteScopeMapping(agent, roleModel);
realm.deleteScopeMapping(client, roleModel);
}
}
}
@ -151,7 +152,7 @@ public class ScopeMappedResource {
throw new NotFoundException();
}
Set<RoleModel> mappings = app.getApplicationScopeMappings(agent);
Set<RoleModel> mappings = app.getApplicationScopeMappings(client);
List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : mappings) {
mapRep.add(ModelToRepresentation.toRepresentation(roleModel));
@ -176,7 +177,7 @@ public class ScopeMappedResource {
if (roleModel == null) {
throw new NotFoundException();
}
realm.addScopeMapping(agent, roleModel);
realm.addScopeMapping(client, roleModel);
}
}
@ -194,9 +195,9 @@ public class ScopeMappedResource {
}
if (roles == null) {
Set<RoleModel> roleModels = app.getApplicationScopeMappings(agent);
Set<RoleModel> roleModels = app.getApplicationScopeMappings(client);
for (RoleModel roleModel : roleModels) {
realm.deleteScopeMapping(agent, roleModel);
realm.deleteScopeMapping(client, roleModel);
}
} else {
@ -205,7 +206,7 @@ public class ScopeMappedResource {
if (roleModel == null) {
throw new NotFoundException();
}
realm.deleteScopeMapping(agent, roleModel);
realm.deleteScopeMapping(client, roleModel);
}
}
}

3
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -3,6 +3,7 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
@ -467,7 +468,7 @@ public class UsersResource {
String state = null;
String scope = null;
UserModel client = realm.getUser(clientId);
ClientModel client = realm.findClient(clientId);
if (client == null || !client.isEnabled()) {
return Flows.errors().error("Account management not enabled", Response.Status.INTERNAL_SERVER_ERROR);
}

13
services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
View file

@ -23,6 +23,7 @@ package org.keycloak.services.resources.flows;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
@ -88,7 +89,7 @@ public class OAuthFlows {
return location.build();
}
public Response redirectError(UserModel client, String error, String state, String redirect) {
public Response redirectError(ClientModel client, String error, String state, String redirect) {
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam("error", error);
if (state != null) {
redirectUri.queryParam("state", state);
@ -97,19 +98,19 @@ public class OAuthFlows {
return Response.status(302).location(redirectUri.build()).build();
}
public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) {
public Response processAccessCode(String scopeParam, String state, String redirect, ClientModel client, UserModel user) {
return processAccessCode(scopeParam, state, redirect, client, user, false);
}
public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user, boolean rememberMe) {
public Response processAccessCode(String scopeParam, String state, String redirect, ClientModel client, UserModel user, boolean rememberMe) {
isTotpConfigurationRequired(user);
isEmailVerificationRequired(user);
RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
boolean isResource = realm.hasRole(client, resourceRole);
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
boolean isResource = realm.hasRole(client.getAgent(), resourceRole);
if (!isResource && !realm.hasRole(client.getAgent(), identityRequestRole)) {
return forwardToSecurityFailure("Login requester not allowed to request login.");
}
AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user);
@ -128,7 +129,7 @@ public class OAuthFlows {
if (!isResource
&& (accessCode.getRealmRolesRequested().size() > 0 || accessCode.getResourceRolesRequested().size() > 0)) {
OAuthClientModel oauthClient = realm.getOAuthClient(client.getLoginName());
OAuthClientModel oauthClient = realm.getOAuthClient(client.getAgent().getLoginName());
accessCode.setExpiration(System.currentTimeMillis() / 1000 + realm.getAccessCodeLifespanUserAction());
return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode.getId(), accessCode.getCode()).
setAccessRequest(accessCode.getRealmRolesRequested(), accessCode.getResourceRolesRequested()).

7
testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
View file

@ -12,6 +12,7 @@ import org.junit.Rule;
import org.junit.Test;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
@ -65,11 +66,11 @@ public class ProfileTest {
appRealm.updateCredential(user2, creds);
ApplicationModel app = appRealm.getApplicationNameMap().get("test-app");
appRealm.addScopeMapping(app.getAgent(), accountApp.getRole(AccountRoles.VIEW_PROFILE));
appRealm.addScopeMapping(app, accountApp.getRole(AccountRoles.VIEW_PROFILE));
app.getAgent().addWebOrigin("http://localtest.me:8081");
app.addWebOrigin("http://localtest.me:8081");
UserModel thirdParty = appRealm.getUser("third-party");
ClientModel thirdParty = appRealm.findClient("third-party");
appRealm.addScopeMapping(thirdParty, accountApp.getRole(AccountRoles.VIEW_PROFILE));
}
});

3
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
View file

@ -82,8 +82,7 @@ public class AuthorizationCodeTest {
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
for (ApplicationModel app : appRealm.getApplications()) {
if (app.getName().equals("test-app")) {
UserModel client = app.getAgent();
client.addRedirectUri(oauth.getRedirectUri());
app.addRedirectUri(oauth.getRedirectUri());
}
}
}

14
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java
View file

@ -48,7 +48,7 @@ public class OAuthRedirectUriTest {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
ApplicationModel app = appRealm.getApplicationNameMap().get("test-app");
app.getAgent().addRedirectUri("http://localhost:8081/app");
app.addRedirectUri("http://localhost:8081/app");
}
});
@ -81,7 +81,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app2");
appRealm.getApplicationNameMap().get("test-app").addRedirectUri("http://localhost:8081/app2");
}
});
@ -95,7 +95,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app2");
appRealm.getApplicationNameMap().get("test-app").removeRedirectUri("http://localhost:8081/app2");
}
});
}
@ -106,7 +106,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app");
appRealm.getApplicationNameMap().get("test-app").removeRedirectUri("http://localhost:8081/app");
}
});
@ -120,7 +120,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app");
appRealm.getApplicationNameMap().get("test-app").addRedirectUri("http://localhost:8081/app");
}
});
}
@ -131,7 +131,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app");
appRealm.getApplicationNameMap().get("test-app").removeRedirectUri("http://localhost:8081/app");
}
});
@ -144,7 +144,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app");
appRealm.getApplicationNameMap().get("test-app").addRedirectUri("http://localhost:8081/app");
}
});
}

4
testsuite/performance/src/test/java/org/keycloak/testsuite/performance/ReadUsersWorker.java
View file

@ -3,6 +3,7 @@ package org.keycloak.testsuite.performance;
import org.apache.jmeter.samplers.SampleResult;
import org.apache.jorphan.logging.LoggingManager;
import org.apache.log.Logger;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.SocialLinkModel;
@ -95,7 +96,8 @@ public class ReadUsersWorker implements Worker {
// Read scopes of user in realm
if (readScopes) {
realm.getScopeMappings(user);
ClientModel client = realm.findClient(username);
realm.getScopeMappings(client);
}
// Validate password (shoould be same as username)