Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
a1b315adbd
9 changed files with 214 additions and 13 deletions
|
@ -59,6 +59,15 @@
|
||||||
<kc-tooltip>What should the initial counter value be?</kc-tooltip>
|
<kc-tooltip>What should the initial counter value be?</kc-tooltip>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div class="form-group" data-ng-show="realm.otpPolicyType == 'totp'">
|
||||||
|
<label class="col-md-2 control-label" for="counter">OTP Token Period</label>
|
||||||
|
<div class="col-md-6">
|
||||||
|
<input class="form-control" type="text" id="period" name="period" data-ng-model="realm.otpPolicyPeriod">
|
||||||
|
</div>
|
||||||
|
<kc-tooltip>How many seconds should an OTP token be valid? Defaults to 30 seconds.</kc-tooltip>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
<div class="form-group" data-ng-show="access.manageRealm">
|
<div class="form-group" data-ng-show="access.manageRealm">
|
||||||
<div class="col-md-10 col-md-offset-2">
|
<div class="col-md-10 col-md-offset-2">
|
||||||
<button kc-save data-ng-disabled="!changed">Save</button>
|
<button kc-save data-ng-disabled="!changed">Save</button>
|
||||||
|
|
|
@ -9,6 +9,12 @@ import org.keycloak.admin.client.resource.RealmsResource;
|
||||||
import org.keycloak.admin.client.token.TokenManager;
|
import org.keycloak.admin.client.token.TokenManager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Provides a Keycloak client. By default, this implementation uses a {@link ResteasyClient RESTEasy client} with the
|
||||||
|
* default {@link ResteasyClientBuilder} settings. To customize the underling client, use a {@link KeycloakBuilder} to
|
||||||
|
* create a Keycloak client.
|
||||||
|
*
|
||||||
|
* @see KeycloakBuilder
|
||||||
|
*
|
||||||
* @author rodrigo.sasaki@icarros.com.br
|
* @author rodrigo.sasaki@icarros.com.br
|
||||||
*/
|
*/
|
||||||
public class Keycloak {
|
public class Keycloak {
|
||||||
|
@ -18,9 +24,9 @@ public class Keycloak {
|
||||||
private final ResteasyWebTarget target;
|
private final ResteasyWebTarget target;
|
||||||
private final ResteasyClient client;
|
private final ResteasyClient client;
|
||||||
|
|
||||||
private Keycloak(String serverUrl, String realm, String username, String password, String clientId, String clientSecret){
|
Keycloak(String serverUrl, String realm, String username, String password, String clientId, String clientSecret, ResteasyClient resteasyClient){
|
||||||
config = new Config(serverUrl, realm, username, password, clientId, clientSecret);
|
config = new Config(serverUrl, realm, username, password, clientId, clientSecret);
|
||||||
client = new ResteasyClientBuilder().build();
|
client = resteasyClient != null ? resteasyClient : new ResteasyClientBuilder().build();
|
||||||
|
|
||||||
tokenManager = new TokenManager(config, client);
|
tokenManager = new TokenManager(config, client);
|
||||||
|
|
||||||
|
@ -30,11 +36,11 @@ public class Keycloak {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Keycloak getInstance(String serverUrl, String realm, String username, String password, String clientId, String clientSecret){
|
public static Keycloak getInstance(String serverUrl, String realm, String username, String password, String clientId, String clientSecret){
|
||||||
return new Keycloak(serverUrl, realm, username, password, clientId, clientSecret);
|
return new Keycloak(serverUrl, realm, username, password, clientId, clientSecret, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Keycloak getInstance(String serverUrl, String realm, String username, String password, String clientId){
|
public static Keycloak getInstance(String serverUrl, String realm, String username, String password, String clientId){
|
||||||
return new Keycloak(serverUrl, realm, username, password, clientId, null);
|
return new Keycloak(serverUrl, realm, username, password, clientId, null, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
public RealmsResource realms(){
|
public RealmsResource realms(){
|
||||||
|
@ -49,6 +55,9 @@ public class Keycloak {
|
||||||
return tokenManager;
|
return tokenManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Closes the underlying client. After calling this method, this <code>Keycloak</code> instance cannot be reused.
|
||||||
|
*/
|
||||||
public void close() {
|
public void close() {
|
||||||
client.close();
|
client.close();
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,107 @@
|
||||||
|
package org.keycloak.admin.client;
|
||||||
|
|
||||||
|
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
|
||||||
|
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Provides a {@link Keycloak} client builder with the ability to customize the underlying
|
||||||
|
* {@link ResteasyClient RESTEasy client} used to communicate with the Keycloak server.
|
||||||
|
*
|
||||||
|
* <p>Example usage with a connection pool size of 20:</p>
|
||||||
|
*
|
||||||
|
* <pre>
|
||||||
|
* Keycloak keycloak = KeycloakBuilder.builder()
|
||||||
|
* .serverUrl("https:/sso.example.com/auth")
|
||||||
|
* .realm("realm")
|
||||||
|
* .username("user")
|
||||||
|
* .password("pass")
|
||||||
|
* .clientId("client")
|
||||||
|
* .clientSecret("secret")
|
||||||
|
* .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(20).build())
|
||||||
|
* .build();
|
||||||
|
* </pre>
|
||||||
|
*
|
||||||
|
* @author Scott Rossillo
|
||||||
|
* @see ResteasyClientBuilder
|
||||||
|
*/
|
||||||
|
public class KeycloakBuilder {
|
||||||
|
private String serverUrl;
|
||||||
|
private String realm;
|
||||||
|
private String username;
|
||||||
|
private String password;
|
||||||
|
private String clientId;
|
||||||
|
private String clientSecret;
|
||||||
|
private ResteasyClient resteasyClient;
|
||||||
|
|
||||||
|
public KeycloakBuilder serverUrl(String serverUrl) {
|
||||||
|
this.serverUrl = serverUrl;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeycloakBuilder realm(String realm) {
|
||||||
|
this.realm = realm;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeycloakBuilder username(String username) {
|
||||||
|
this.username = username;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeycloakBuilder password(String password) {
|
||||||
|
this.password = password;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeycloakBuilder clientId(String clientId) {
|
||||||
|
this.clientId = clientId;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeycloakBuilder clientSecret(String clientSecret) {
|
||||||
|
this.clientSecret = clientSecret;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeycloakBuilder resteasyClient(ResteasyClient resteasyClient) {
|
||||||
|
this.resteasyClient = resteasyClient;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Builds a new Keycloak client from this builder.
|
||||||
|
*/
|
||||||
|
public Keycloak build() {
|
||||||
|
if (serverUrl == null) {
|
||||||
|
throw new IllegalStateException("serverUrl required");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (realm == null) {
|
||||||
|
throw new IllegalStateException("realm required");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (username == null) {
|
||||||
|
throw new IllegalStateException("username required");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (password == null) {
|
||||||
|
throw new IllegalStateException("password required");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (clientId == null) {
|
||||||
|
throw new IllegalStateException("clientId required");
|
||||||
|
}
|
||||||
|
|
||||||
|
return new Keycloak(serverUrl, realm, username, password, clientId, clientSecret, resteasyClient);
|
||||||
|
}
|
||||||
|
|
||||||
|
private KeycloakBuilder() {
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a new Keycloak builder.
|
||||||
|
*/
|
||||||
|
public static KeycloakBuilder builder() {
|
||||||
|
return new KeycloakBuilder();
|
||||||
|
}
|
||||||
|
}
|
|
@ -64,6 +64,12 @@ class WrappedHttpServletRequest implements Request {
|
||||||
@Override
|
@Override
|
||||||
public Cookie getCookie(String cookieName) {
|
public Cookie getCookie(String cookieName) {
|
||||||
|
|
||||||
|
javax.servlet.http.Cookie[] cookies = request.getCookies();
|
||||||
|
|
||||||
|
if (cookies == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
for (javax.servlet.http.Cookie cookie : request.getCookies()) {
|
for (javax.servlet.http.Cookie cookie : request.getCookies()) {
|
||||||
if (cookie.getName().equals(cookieName)) {
|
if (cookie.getName().equals(cookieName)) {
|
||||||
return new Cookie(cookie.getName(), cookie.getValue(), cookie.getVersion(), cookie.getDomain(), cookie.getPath());
|
return new Cookie(cookie.getName(), cookie.getValue(), cookie.getVersion(), cookie.getDomain(), cookie.getPath());
|
||||||
|
|
|
@ -24,10 +24,11 @@ public class WrappedHttpServletRequestTest {
|
||||||
private static final String QUERY_PARM_2 = "code2";
|
private static final String QUERY_PARM_2 = "code2";
|
||||||
|
|
||||||
private WrappedHttpServletRequest request;
|
private WrappedHttpServletRequest request;
|
||||||
|
private MockHttpServletRequest mockHttpServletRequest;
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void setUp() throws Exception {
|
public void setUp() throws Exception {
|
||||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
mockHttpServletRequest = new MockHttpServletRequest();
|
||||||
request = new WrappedHttpServletRequest(mockHttpServletRequest);
|
request = new WrappedHttpServletRequest(mockHttpServletRequest);
|
||||||
|
|
||||||
mockHttpServletRequest.setMethod(REQUEST_METHOD);
|
mockHttpServletRequest.setMethod(REQUEST_METHOD);
|
||||||
|
@ -75,6 +76,13 @@ public class WrappedHttpServletRequestTest {
|
||||||
assertNotNull(request.getCookie(COOKIE_NAME));
|
assertNotNull(request.getCookie(COOKIE_NAME));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGetCookieCookiesNull() throws Exception
|
||||||
|
{
|
||||||
|
mockHttpServletRequest.setCookies(null);
|
||||||
|
request.getCookie(COOKIE_NAME);
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testGetHeader() throws Exception {
|
public void testGetHeader() throws Exception {
|
||||||
String header = request.getHeader(HEADER_SINGLE_VALUE);
|
String header = request.getHeader(HEADER_SINGLE_VALUE);
|
||||||
|
|
|
@ -1,8 +1,23 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.migration.migrators;
|
package org.keycloak.migration.migrators;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.keycloak.Config;
|
|
||||||
import org.keycloak.migration.MigrationProvider;
|
import org.keycloak.migration.MigrationProvider;
|
||||||
import org.keycloak.migration.ModelVersion;
|
import org.keycloak.migration.ModelVersion;
|
||||||
import org.keycloak.models.*;
|
import org.keycloak.models.*;
|
||||||
|
@ -52,10 +67,14 @@ public class MigrateTo1_6_0 {
|
||||||
}
|
}
|
||||||
|
|
||||||
ClientModel adminConsoleClient = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
|
ClientModel adminConsoleClient = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
|
||||||
if (adminConsoleClient != null) {
|
if ((adminConsoleClient != null) && !localeMapperAdded(adminConsoleClient)) {
|
||||||
adminConsoleClient.addProtocolMapper(localeMapper);
|
adminConsoleClient.addProtocolMapper(localeMapper);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private boolean localeMapperAdded(ClientModel adminConsoleClient) {
|
||||||
|
return adminConsoleClient.getProtocolMapperByName("openid-connect", "locale") != null;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,12 +1,13 @@
|
||||||
package org.keycloak.protocol;
|
package org.keycloak.protocol;
|
||||||
|
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.ProtocolMapperModel;
|
import org.keycloak.models.ProtocolMapperModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||||
|
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
|
||||||
|
import org.keycloak.provider.ProviderFactory;
|
||||||
|
|
||||||
import java.lang.reflect.Method;
|
import java.lang.reflect.Method;
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
|
@ -59,4 +60,25 @@ public class ProtocolMapperUtils {
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Find the builtin locale mapper.
|
||||||
|
*
|
||||||
|
* @param session A KeycloakSession
|
||||||
|
* @return The builtin locale mapper.
|
||||||
|
*/
|
||||||
|
public static ProtocolMapperModel findLocaleMapper(KeycloakSession session) {
|
||||||
|
ProtocolMapperModel found = null;
|
||||||
|
for (ProviderFactory p : session.getKeycloakSessionFactory().getProviderFactories(LoginProtocol.class)) {
|
||||||
|
LoginProtocolFactory factory = (LoginProtocolFactory) p;
|
||||||
|
for (ProtocolMapperModel mapper : factory.getBuiltinMappers()) {
|
||||||
|
if (mapper.getName().equals(OIDCLoginProtocolFactory.LOCALE) && mapper.getProtocol().equals(OIDCLoginProtocol.LOGIN_PROTOCOL)) {
|
||||||
|
found = mapper;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (found != null) break;
|
||||||
|
}
|
||||||
|
return found;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,19 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
package org.keycloak.services.managers;
|
package org.keycloak.services.managers;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
|
@ -33,6 +49,8 @@ import org.keycloak.timer.TimerProvider;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import org.keycloak.models.ProtocolMapperModel;
|
||||||
|
import org.keycloak.protocol.ProtocolMapperUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Per request object
|
* Per request object
|
||||||
|
@ -124,6 +142,9 @@ public class RealmManager implements RealmImporter {
|
||||||
adminConsole.addRedirectUri(baseUrl + "/*");
|
adminConsole.addRedirectUri(baseUrl + "/*");
|
||||||
adminConsole.setFullScopeAllowed(false);
|
adminConsole.setFullScopeAllowed(false);
|
||||||
|
|
||||||
|
ProtocolMapperModel localeMapper = ProtocolMapperUtils.findLocaleMapper(session);
|
||||||
|
if (localeMapper != null) adminConsole.addProtocolMapper(localeMapper);
|
||||||
|
|
||||||
RoleModel adminRole;
|
RoleModel adminRole;
|
||||||
if (realm.getName().equals(Config.getAdminRealm())) {
|
if (realm.getName().equals(Config.getAdminRealm())) {
|
||||||
adminRole = realm.getRole(AdminRoles.ADMIN);
|
adminRole = realm.getRole(AdminRoles.ADMIN);
|
||||||
|
@ -194,7 +215,7 @@ public class RealmManager implements RealmImporter {
|
||||||
if(rep.getEnabledEventTypes() != null) {
|
if(rep.getEnabledEventTypes() != null) {
|
||||||
realm.setEnabledEventTypes(new HashSet<String>(rep.getEnabledEventTypes()));
|
realm.setEnabledEventTypes(new HashSet<String>(rep.getEnabledEventTypes()));
|
||||||
}
|
}
|
||||||
|
|
||||||
realm.setAdminEventsEnabled(rep.isAdminEventsEnabled());
|
realm.setAdminEventsEnabled(rep.isAdminEventsEnabled());
|
||||||
realm.setAdminEventsDetailsEnabled(rep.isAdminEventsDetailsEnabled());
|
realm.setAdminEventsDetailsEnabled(rep.isAdminEventsDetailsEnabled());
|
||||||
}
|
}
|
||||||
|
|
|
@ -83,12 +83,12 @@ public class KeycloakApplication extends Application {
|
||||||
classes.add(JsResource.class);
|
classes.add(JsResource.class);
|
||||||
classes.add(WelcomeResource.class);
|
classes.add(WelcomeResource.class);
|
||||||
|
|
||||||
new ExportImportManager().checkExportImport(this.sessionFactory, context.getContextPath());
|
|
||||||
|
|
||||||
setupDefaultRealm(context.getContextPath());
|
setupDefaultRealm(context.getContextPath());
|
||||||
|
|
||||||
importRealms(context);
|
|
||||||
migrateModel();
|
migrateModel();
|
||||||
|
new ExportImportManager().checkExportImport(this.sessionFactory, context.getContextPath());
|
||||||
|
importRealms(context);
|
||||||
|
|
||||||
AdminRecovery.recover(sessionFactory);
|
AdminRecovery.recover(sessionFactory);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue