libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge remote-tracking branch 'upstream/master'

Browse source
This commit is contained in:
Bill Burke 2015-10-07 10:19:26 -04:00
commit a1b315adbd
9 changed files with 214 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/otp-policy.html
View file

@ -59,6 +59,15 @@
<kc-tooltip>What should the initial counter value be?</kc-tooltip>
</div>
<div class="form-group" data-ng-show="realm.otpPolicyType == 'totp'">
<label class="col-md-2 control-label" for="counter">OTP Token Period</label>
<div class="col-md-6">
<input class="form-control" type="text" id="period" name="period" data-ng-model="realm.otpPolicyPeriod">
</div>
<kc-tooltip>How many seconds should an OTP token be valid? Defaults to 30 seconds.</kc-tooltip>
</div>
<div class="form-group" data-ng-show="access.manageRealm">
<div class="col-md-10 col-md-offset-2">
<button kc-save data-ng-disabled="!changed">Save</button>

17
integration/admin-client/src/main/java/org/keycloak/admin/client/Keycloak.java
View file

@ -9,6 +9,12 @@ import org.keycloak.admin.client.resource.RealmsResource;
import org.keycloak.admin.client.token.TokenManager;
/**
* Provides a Keycloak client. By default, this implementation uses a {@link ResteasyClient RESTEasy client} with the
* default {@link ResteasyClientBuilder} settings. To customize the underling client, use a {@link KeycloakBuilder} to
* create a Keycloak client.
*
* @see KeycloakBuilder
*
* @author rodrigo.sasaki@icarros.com.br
*/
public class Keycloak {
@ -18,9 +24,9 @@ public class Keycloak {
private final ResteasyWebTarget target;
private final ResteasyClient client;
private Keycloak(String serverUrl, String realm, String username, String password, String clientId, String clientSecret){
Keycloak(String serverUrl, String realm, String username, String password, String clientId, String clientSecret, ResteasyClient resteasyClient){
config = new Config(serverUrl, realm, username, password, clientId, clientSecret);
client = new ResteasyClientBuilder().build();
client = resteasyClient != null ? resteasyClient : new ResteasyClientBuilder().build();
tokenManager = new TokenManager(config, client);
@ -30,11 +36,11 @@ public class Keycloak {
}
public static Keycloak getInstance(String serverUrl, String realm, String username, String password, String clientId, String clientSecret){
return new Keycloak(serverUrl, realm, username, password, clientId, clientSecret);
return new Keycloak(serverUrl, realm, username, password, clientId, clientSecret, null);
}
public static Keycloak getInstance(String serverUrl, String realm, String username, String password, String clientId){
return new Keycloak(serverUrl, realm, username, password, clientId, null);
return new Keycloak(serverUrl, realm, username, password, clientId, null, null);
}
public RealmsResource realms(){
@ -49,6 +55,9 @@ public class Keycloak {
return tokenManager;
}
/**
* Closes the underlying client. After calling this method, this <code>Keycloak</code> instance cannot be reused.
*/
public void close() {
client.close();
}

107
integration/admin-client/src/main/java/org/keycloak/admin/client/KeycloakBuilder.java Normal file
View file

@ -0,0 +1,107 @@
package org.keycloak.admin.client;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
/**
* Provides a {@link Keycloak} client builder with the ability to customize the underlying
* {@link ResteasyClient RESTEasy client} used to communicate with the Keycloak server.
*
* <p>Example usage with a connection pool size of 20:</p>
*
* <pre>
* Keycloak keycloak = KeycloakBuilder.builder()
* .serverUrl("https:/sso.example.com/auth")
* .realm("realm")
* .username("user")
* .password("pass")
* .clientId("client")
* .clientSecret("secret")
* .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(20).build())
* .build();
* </pre>
*
* @author Scott Rossillo
* @see ResteasyClientBuilder
*/
public class KeycloakBuilder {
private String serverUrl;
private String realm;
private String username;
private String password;
private String clientId;
private String clientSecret;
private ResteasyClient resteasyClient;
public KeycloakBuilder serverUrl(String serverUrl) {
this.serverUrl = serverUrl;
return this;
}
public KeycloakBuilder realm(String realm) {
this.realm = realm;
return this;
}
public KeycloakBuilder username(String username) {
this.username = username;
return this;
}
public KeycloakBuilder password(String password) {
this.password = password;
return this;
}
public KeycloakBuilder clientId(String clientId) {
this.clientId = clientId;
return this;
}
public KeycloakBuilder clientSecret(String clientSecret) {
this.clientSecret = clientSecret;
return this;
}
public KeycloakBuilder resteasyClient(ResteasyClient resteasyClient) {
this.resteasyClient = resteasyClient;
return this;
}
/**
* Builds a new Keycloak client from this builder.
*/
public Keycloak build() {
if (serverUrl == null) {
throw new IllegalStateException("serverUrl required");
}
if (realm == null) {
throw new IllegalStateException("realm required");
}
if (username == null) {
throw new IllegalStateException("username required");
}
if (password == null) {
throw new IllegalStateException("password required");
}
if (clientId == null) {
throw new IllegalStateException("clientId required");
}
return new Keycloak(serverUrl, realm, username, password, clientId, clientSecret, resteasyClient);
}
private KeycloakBuilder() {
}
/**
* Returns a new Keycloak builder.
*/
public static KeycloakBuilder builder() {
return new KeycloakBuilder();
}
}

6
integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequest.java
View file

@ -64,6 +64,12 @@ class WrappedHttpServletRequest implements Request {
@Override
public Cookie getCookie(String cookieName) {
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies == null) {
return null;
}
for (javax.servlet.http.Cookie cookie : request.getCookies()) {
if (cookie.getName().equals(cookieName)) {
return new Cookie(cookie.getName(), cookie.getValue(), cookie.getVersion(), cookie.getDomain(), cookie.getPath());

10
integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequestTest.java
View file

@ -24,10 +24,11 @@ public class WrappedHttpServletRequestTest {
private static final String QUERY_PARM_2 = "code2";
private WrappedHttpServletRequest request;
private MockHttpServletRequest mockHttpServletRequest;
@Before
public void setUp() throws Exception {
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
mockHttpServletRequest = new MockHttpServletRequest();
request = new WrappedHttpServletRequest(mockHttpServletRequest);
mockHttpServletRequest.setMethod(REQUEST_METHOD);
@ -75,6 +76,13 @@ public class WrappedHttpServletRequestTest {
assertNotNull(request.getCookie(COOKIE_NAME));
}
@Test
public void testGetCookieCookiesNull() throws Exception
{
mockHttpServletRequest.setCookies(null);
request.getCookie(COOKIE_NAME);
}
@Test
public void testGetHeader() throws Exception {
String header = request.getHeader(HEADER_SINGLE_VALUE);

23
model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java
View file

@ -1,8 +1,23 @@
/*
* Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.migration.migrators;
import java.util.List;
import org.keycloak.Config;
import org.keycloak.migration.MigrationProvider;
import org.keycloak.migration.ModelVersion;
import org.keycloak.models.*;
@ -52,10 +67,14 @@ public class MigrateTo1_6_0 {
}
ClientModel adminConsoleClient = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
if (adminConsoleClient != null) {
if ((adminConsoleClient != null) && !localeMapperAdded(adminConsoleClient)) {
adminConsoleClient.addProtocolMapper(localeMapper);
}
}
}
private boolean localeMapperAdded(ClientModel adminConsoleClient) {
return adminConsoleClient.getProtocolMapperByName("openid-connect", "locale") != null;
}
}

28
services/src/main/java/org/keycloak/protocol/ProtocolMapperUtils.java
View file

@ -1,12 +1,13 @@
package org.keycloak.protocol;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.provider.ProviderFactory;
import java.lang.reflect.Method;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -59,4 +60,25 @@ public class ProtocolMapperUtils {
}
}
/**
* Find the builtin locale mapper.
*
* @param session A KeycloakSession
* @return The builtin locale mapper.
*/
public static ProtocolMapperModel findLocaleMapper(KeycloakSession session) {
ProtocolMapperModel found = null;
for (ProviderFactory p : session.getKeycloakSessionFactory().getProviderFactories(LoginProtocol.class)) {
LoginProtocolFactory factory = (LoginProtocolFactory) p;
for (ProtocolMapperModel mapper : factory.getBuiltinMappers()) {
if (mapper.getName().equals(OIDCLoginProtocolFactory.LOCALE) && mapper.getProtocol().equals(OIDCLoginProtocol.LOGIN_PROTOCOL)) {
found = mapper;
break;
}
}
if (found != null) break;
}
return found;
}
}

21
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -1,3 +1,19 @@
/*
* Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.services.managers;
import org.jboss.logging.Logger;
@ -33,6 +49,8 @@ import org.keycloak.timer.TimerProvider;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.protocol.ProtocolMapperUtils;
/**
* Per request object
@ -124,6 +142,9 @@ public class RealmManager implements RealmImporter {
adminConsole.addRedirectUri(baseUrl + "/*");
adminConsole.setFullScopeAllowed(false);
ProtocolMapperModel localeMapper = ProtocolMapperUtils.findLocaleMapper(session);
if (localeMapper != null) adminConsole.addProtocolMapper(localeMapper);
RoleModel adminRole;
if (realm.getName().equals(Config.getAdminRealm())) {
adminRole = realm.getRole(AdminRoles.ADMIN);

4
services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
View file

@ -83,12 +83,12 @@ public class KeycloakApplication extends Application {
classes.add(JsResource.class);
classes.add(WelcomeResource.class);
new ExportImportManager().checkExportImport(this.sessionFactory, context.getContextPath());
setupDefaultRealm(context.getContextPath());
importRealms(context);
migrateModel();
new ExportImportManager().checkExportImport(this.sessionFactory, context.getContextPath());
importRealms(context);
AdminRecovery.recover(sessionFactory);