Merge remote-tracking branch 'upstream/master'

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/otp-policy.html

@@ -59,6 +59,15 @@
             <kc-tooltip>What should the initial counter value be?</kc-tooltip>
         </div>
 
+        <div class="form-group" data-ng-show="realm.otpPolicyType == 'totp'">
+            <label class="col-md-2 control-label" for="counter">OTP Token Period</label>
+            <div class="col-md-6">
+                <input class="form-control" type="text" id="period" name="period" data-ng-model="realm.otpPolicyPeriod">
+            </div>
+            <kc-tooltip>How many seconds should an OTP token be valid? Defaults to 30 seconds.</kc-tooltip>
+        </div>
+
+
         <div class="form-group" data-ng-show="access.manageRealm">
             <div class="col-md-10 col-md-offset-2">
                 <button kc-save data-ng-disabled="!changed">Save</button>

integration/admin-client/src/main/java/org/keycloak/admin/client/Keycloak.java

@@ -9,6 +9,12 @@ import org.keycloak.admin.client.resource.RealmsResource;
 import org.keycloak.admin.client.token.TokenManager;
 
 /**
+ * Provides a Keycloak client. By default, this implementation uses a {@link ResteasyClient RESTEasy client} with the
+ * default {@link ResteasyClientBuilder} settings. To customize the underling client, use a {@link KeycloakBuilder} to
+ * create a Keycloak client.
+ *
+ * @see KeycloakBuilder
+ *
  * @author rodrigo.sasaki@icarros.com.br
  */
 public class Keycloak {
@@ -18,9 +24,9 @@ public class Keycloak {
     private final ResteasyWebTarget target;
     private final ResteasyClient client;
 
-    private Keycloak(String serverUrl, String realm, String username, String password, String clientId, String clientSecret){
+    Keycloak(String serverUrl, String realm, String username, String password, String clientId, String clientSecret, ResteasyClient resteasyClient){
         config = new Config(serverUrl, realm, username, password, clientId, clientSecret);
-        client = new ResteasyClientBuilder().build();
+        client = resteasyClient != null ? resteasyClient : new ResteasyClientBuilder().build();
 
         tokenManager = new TokenManager(config, client);
 
@@ -30,11 +36,11 @@ public class Keycloak {
     }
 
     public static Keycloak getInstance(String serverUrl, String realm, String username, String password, String clientId, String clientSecret){
-        return new Keycloak(serverUrl, realm, username, password, clientId, clientSecret);
+        return new Keycloak(serverUrl, realm, username, password, clientId, clientSecret, null);
     }
 
     public static Keycloak getInstance(String serverUrl, String realm, String username, String password, String clientId){
-        return new Keycloak(serverUrl, realm, username, password, clientId, null);
+        return new Keycloak(serverUrl, realm, username, password, clientId, null, null);
     }
 
     public RealmsResource realms(){
@@ -49,6 +55,9 @@ public class Keycloak {
         return tokenManager;
     }
 
+    /**
+     * Closes the underlying client. After calling this method, this <code>Keycloak</code> instance cannot be reused.
+     */
     public void close() {
         client.close();
     }

integration/admin-client/src/main/java/org/keycloak/admin/client/KeycloakBuilder.java

@@ -0,0 +1,107 @@
+package org.keycloak.admin.client;
+
+import org.jboss.resteasy.client.jaxrs.ResteasyClient;
+import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
+
+/**
+ * Provides a {@link Keycloak} client builder with the ability to customize the underlying
+ * {@link ResteasyClient RESTEasy client} used to communicate with the Keycloak server.
+ *
+ * <p>Example usage with a connection pool size of 20:</p>
+ *
+ * <pre>
+ *   Keycloak keycloak = KeycloakBuilder.builder()
+ *     .serverUrl("https:/sso.example.com/auth")
+ *     .realm("realm")
+ *     .username("user")
+ *     .password("pass")
+ *     .clientId("client")
+ *     .clientSecret("secret")
+ *     .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(20).build())
+ *     .build();
+ * </pre>
+ *
+ * @author Scott Rossillo
+ * @see ResteasyClientBuilder
+ */
+public class KeycloakBuilder {
+    private String serverUrl;
+    private String realm;
+    private String username;
+    private String password;
+    private String clientId;
+    private String clientSecret;
+    private ResteasyClient resteasyClient;
+
+    public KeycloakBuilder serverUrl(String serverUrl) {
+        this.serverUrl = serverUrl;
+        return this;
+    }
+
+    public KeycloakBuilder realm(String realm) {
+        this.realm = realm;
+        return this;
+    }
+
+    public KeycloakBuilder username(String username) {
+        this.username = username;
+        return this;
+    }
+
+    public KeycloakBuilder password(String password) {
+        this.password = password;
+        return this;
+    }
+
+    public KeycloakBuilder clientId(String clientId) {
+        this.clientId = clientId;
+        return this;
+    }
+
+    public KeycloakBuilder clientSecret(String clientSecret) {
+        this.clientSecret = clientSecret;
+        return this;
+    }
+
+    public KeycloakBuilder resteasyClient(ResteasyClient resteasyClient) {
+        this.resteasyClient = resteasyClient;
+        return this;
+    }
+
+    /**
+     * Builds a new Keycloak client from this builder.
+     */
+    public Keycloak build() {
+        if (serverUrl == null) {
+            throw new IllegalStateException("serverUrl required");
+        }
+
+        if (realm == null) {
+            throw new IllegalStateException("realm required");
+        }
+
+        if (username == null) {
+            throw new IllegalStateException("username required");
+        }
+
+        if (password == null) {
+            throw new IllegalStateException("password required");
+        }
+
+        if (clientId == null) {
+            throw new IllegalStateException("clientId required");
+        }
+
+        return new Keycloak(serverUrl, realm, username, password, clientId, clientSecret, resteasyClient);
+    }
+
+    private KeycloakBuilder() {
+    }
+
+    /**
+     * Returns a new Keycloak builder.
+     */
+    public static KeycloakBuilder builder() {
+        return new KeycloakBuilder();
+    }
+}

integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequest.java

@@ -64,6 +64,12 @@ class WrappedHttpServletRequest implements Request {
     @Override
     public Cookie getCookie(String cookieName) {
 
+        javax.servlet.http.Cookie[] cookies = request.getCookies();
+
+        if (cookies == null) {
+            return null;
+        }
+
         for (javax.servlet.http.Cookie cookie : request.getCookies()) {
             if (cookie.getName().equals(cookieName)) {
                 return new Cookie(cookie.getName(), cookie.getValue(), cookie.getVersion(), cookie.getDomain(), cookie.getPath());

integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequestTest.java

@@ -24,10 +24,11 @@ public class WrappedHttpServletRequestTest {
     private static final String QUERY_PARM_2 = "code2";
 
     private WrappedHttpServletRequest request;
+    private MockHttpServletRequest mockHttpServletRequest;
 
     @Before
     public void setUp() throws Exception {
-        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+        mockHttpServletRequest = new MockHttpServletRequest();
         request = new WrappedHttpServletRequest(mockHttpServletRequest);
 
         mockHttpServletRequest.setMethod(REQUEST_METHOD);
@@ -75,6 +76,13 @@ public class WrappedHttpServletRequestTest {
         assertNotNull(request.getCookie(COOKIE_NAME));
     }
 
+    @Test
+    public void testGetCookieCookiesNull() throws Exception
+    {
+        mockHttpServletRequest.setCookies(null);
+        request.getCookie(COOKIE_NAME);
+    }
+
     @Test
     public void testGetHeader() throws Exception {
         String header = request.getHeader(HEADER_SINGLE_VALUE);

model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java

@@ -1,8 +1,23 @@
+/*
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
 package org.keycloak.migration.migrators;
 
 import java.util.List;
 
-import org.keycloak.Config;
 import org.keycloak.migration.MigrationProvider;
 import org.keycloak.migration.ModelVersion;
 import org.keycloak.models.*;
@@ -52,10 +67,14 @@ public class MigrateTo1_6_0 {
             }
 
             ClientModel adminConsoleClient = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
-            if (adminConsoleClient != null) {
+            if ((adminConsoleClient != null) && !localeMapperAdded(adminConsoleClient)) {
                 adminConsoleClient.addProtocolMapper(localeMapper);
             }
         }
     }
 
+    private boolean localeMapperAdded(ClientModel adminConsoleClient) {
+        return adminConsoleClient.getProtocolMapperByName("openid-connect", "locale") != null;
+    }
+
 }

services/src/main/java/org/keycloak/protocol/ProtocolMapperUtils.java

@@ -1,12 +1,13 @@
 package org.keycloak.protocol;
 
-import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.ProtocolMapperModel;
 import org.keycloak.models.UserModel;
-import org.keycloak.representations.AccessToken;
+import org.keycloak.protocol.oidc.OIDCLoginProtocol;
+import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
+import org.keycloak.provider.ProviderFactory;
 
 import java.lang.reflect.Method;
-import java.util.List;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -59,4 +60,25 @@ public class ProtocolMapperUtils {
 
         }
     }
+
+    /**
+     * Find the builtin locale mapper.
+     *
+     * @param session A KeycloakSession
+     * @return The builtin locale mapper.
+     */
+    public static ProtocolMapperModel findLocaleMapper(KeycloakSession session) {
+        ProtocolMapperModel found = null;
+        for (ProviderFactory p : session.getKeycloakSessionFactory().getProviderFactories(LoginProtocol.class)) {
+            LoginProtocolFactory factory = (LoginProtocolFactory) p;
+            for (ProtocolMapperModel mapper : factory.getBuiltinMappers()) {
+                if (mapper.getName().equals(OIDCLoginProtocolFactory.LOCALE) && mapper.getProtocol().equals(OIDCLoginProtocol.LOGIN_PROTOCOL)) {
+                    found = mapper;
+                    break;
+                }
+            }
+            if (found != null) break;
+        }
+        return found;
+    }
 }

services/src/main/java/org/keycloak/services/managers/RealmManager.java

@@ -1,3 +1,19 @@
+/*
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
 package org.keycloak.services.managers;
 
 import org.jboss.logging.Logger;
@@ -33,6 +49,8 @@ import org.keycloak.timer.TimerProvider;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
+import org.keycloak.models.ProtocolMapperModel;
+import org.keycloak.protocol.ProtocolMapperUtils;
 
 /**
  * Per request object
@@ -124,6 +142,9 @@ public class RealmManager implements RealmImporter {
         adminConsole.addRedirectUri(baseUrl + "/*");
         adminConsole.setFullScopeAllowed(false);
 
+        ProtocolMapperModel localeMapper = ProtocolMapperUtils.findLocaleMapper(session);
+        if (localeMapper != null) adminConsole.addProtocolMapper(localeMapper);
+
         RoleModel adminRole;
         if (realm.getName().equals(Config.getAdminRealm())) {
             adminRole = realm.getRole(AdminRoles.ADMIN);

services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java

@@ -83,12 +83,12 @@ public class KeycloakApplication extends Application {
         classes.add(JsResource.class);
         classes.add(WelcomeResource.class);
 
-        new ExportImportManager().checkExportImport(this.sessionFactory, context.getContextPath());
 
         setupDefaultRealm(context.getContextPath());
 
-        importRealms(context);
         migrateModel();
+        new ExportImportManager().checkExportImport(this.sessionFactory, context.getContextPath());
+        importRealms(context);
 
         AdminRecovery.recover(sessionFactory);