libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #57 from patriot1burke/master

Browse source 
app password
This commit is contained in:
Bill Burke 2013-10-06 15:42:08 -07:00
commit a3945c85bc
28 changed files with 572 additions and 125 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
View file

@ -12,6 +12,7 @@ public class ApplicationRepresentation {
protected String id; protected String id;
protected String name; protected String name;
protected String adminUrl; protected String adminUrl;
protected String baseUrl;
protected boolean surrogateAuthRequired; protected boolean surrogateAuthRequired;
protected boolean useRealmMappings; protected boolean useRealmMappings;
protected boolean enabled; protected boolean enabled;
@ -113,6 +114,14 @@ public class ApplicationRepresentation {
this.adminUrl = adminUrl; this.adminUrl = adminUrl;
} }
public String getBaseUrl() {
return baseUrl;
}
public void setBaseUrl(String baseUrl) {
this.baseUrl = baseUrl;
}
public List<CredentialRepresentation> getCredentials() { public List<CredentialRepresentation> getCredentials() {
return credentials; return credentials;
} }

11
examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/app.js
View file

@ -156,6 +156,17 @@ module.config([ '$routeProvider', function($routeProvider) {
} }
}, },
controller : 'ApplicationRoleDetailCtrl' controller : 'ApplicationRoleDetailCtrl'
}).when('/realms/:realm/applications/:application/credentials', {
templateUrl : 'partials/application-credentials.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
},
application : function(ApplicationLoader) {
return ApplicationLoader();
}
},
controller : 'ApplicationCredentialsCtrl'
}).when('/realms/:realm/applications/:application/roles', { }).when('/realms/:realm/applications/:application/roles', {
templateUrl : 'partials/application-role-list.html', templateUrl : 'partials/application-role-list.html',
resolve : { resolve : {

89
examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
View file

@ -42,9 +42,6 @@ module.controller('RealmListCtrl', function($scope, Realm, Current) {
module.controller('RealmDropdownCtrl', function($scope, Realm, Current, Auth, $location) { module.controller('RealmDropdownCtrl', function($scope, Realm, Current, Auth, $location) {
// Current.realms = Realm.get(); // Current.realms = Realm.get();
$scope.current = Current; $scope.current = Current;
if (Current.realms.length > 0) {
console.log('[0]: ' + current.realms[0].realm);
}
$scope.changeRealm = function() { $scope.changeRealm = function() {
$location.url("/realms/" + $scope.current.realm.id); $location.url("/realms/" + $scope.current.realm.id);
}; };
@ -478,6 +475,92 @@ module.controller('ApplicationRoleListCtrl', function($scope, $location, realm,
}); });
}); });
function randomString(len) {
var charSet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
var randomString = '';
for (var i = 0; i < len; i++) {
var randomPoz = Math.floor(Math.random() * charSet.length);
randomString += charSet.substring(randomPoz,randomPoz+1);
}
return randomString;
}
module.controller('ApplicationCredentialsCtrl', function($scope, $location, realm, application, ApplicationCredentials, Notifications) {
$scope.realm = realm;
$scope.application = application;
var required = realm.requiredApplicationCredentials;
for (var i = 0; i < required.length; i++) {
if (required[i] == 'password') {
$scope.passwordRequired = true;
} else if (required[i] == 'totp') {
$scope.totpRequired = true;
} else if (required[i] == 'cert') {
$scope.certRequired = true;
}
}
$scope.generateTotp = function() {
$scope.totp = randomString(5) + '-' + randomString(5) + '-' + randomString(5);
}
$scope.changePassword = function() {
if ($scope.password != $scope.confirmPassword) {
Notifications.error("Password not confirmed");
$scope.password = "";
$scope.confirmPassword = "";
return;
}
var creds = [
{
type : "password",
value : $scope.password
}
];
ApplicationCredentials.update({ realm : realm.id, application : application.id }, creds,
function() {
Notifications.success('Change password successful');
$scope.password = null;
$scope.confirmPassword = null;
},
function() {
Notifications.error("Change password failed");
$scope.password = null;
$scope.confirmPassword = null;
}
);
};
$scope.changeTotp = function() {
var creds = [
{
type : "totp",
value : $scope.totp
}
];
ApplicationCredentials.update({ realm : realm.id, application : application.id }, creds,
function() {
Notifications.success('Change totp successful');
$scope.totp = null;
},
function() {
Notifications.error("Change totp failed");
$scope.totp = null;
}
);
};
$scope.$watch(function() {
return $location.path();
}, function() {
$scope.path = $location.path().substring(1).split("/");
});
});
module.controller('ApplicationRoleDetailCtrl', function($scope, realm, application, role, ApplicationRole, $location, Dialog, Notifications) { module.controller('ApplicationRoleDetailCtrl', function($scope, realm, application, role, ApplicationRole, $location, Dialog, Notifications) {

15
examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
View file

@ -111,6 +111,8 @@ module.factory('RealmRoleMapping', function($resource) {
}); });
}); });
module.factory('ApplicationRoleMapping', function($resource) { module.factory('ApplicationRoleMapping', function($resource) {
return $resource('/auth-server/rest/saas/admin/realms/:realm/users/:userId/role-mappings/applications/:application', { return $resource('/auth-server/rest/saas/admin/realms/:realm/users/:userId/role-mappings/applications/:application', {
realm : '@realm', realm : '@realm',
@ -164,6 +166,19 @@ module.factory('Application', function($resource) {
}); });
}); });
module.factory('ApplicationCredentials', function($resource) {
return $resource('/auth-server/rest/saas/admin/realms/:realm/applications/:application/credentials', {
realm : '@realm',
application : '@application'
}, {
update : {
method : 'PUT',
isArray : true
}
});
});
module.factory('Current', function($resource) { module.factory('Current', function($resource) {
return { return {

64
examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/application-credentials.html Executable file
View file

@ -0,0 +1,64 @@
<div id="wrapper" class="container">
<div class="row">
<div class="bs-sidebar col-md-3 clearfix" data-ng-include data-src="'partials/realm-menu.html'"></div>
<div id="content-area" class="col-md-9" role="main">
<div class="top-nav">
<ul class="rcue-tabs">
<li><a href="#/create/application/{{realm.id}}">New Application</a></li>
<li><a href="#/realms/{{realm.id}}/applications">Applications</a></li>
<li><a href="#/realms/{{realm.id}}/applications/{{application.id}}">Settings</a></li>
<li class="active"><a href="#/realms/{{realm.id}}/applications/{{application.id}}/credentials">Credentials</a></li>
<li><a href="#">Installation</a></li>
<li><a href="#/realms/{{realm.id}}/applications/{{application.id}}/roles">Roles</a></li>
<li><a href="#">Scope</a></li>
<li><a href="#">Sessions</a></li>
</ul>
</div>
<div id="content">
<h2 class="pull-left" data-ng-hide="create">Application <span>{{application.name}}</span> Credentials</h2>
<p class="subtitle"></p>
<form name="credentialForm" novalidate >
<fieldset data-ng-show="passwordRequired">
<legend uncollapsed><span class="text">Change Password</span></legend>
<div class="form-group">
<label for="password">New Password</label>
<div class="controls">
<input type="password" id="password" name="password" data-ng-model="password" autofocus
required>
</div>
</div>
<div class="form-group">
<label for="password">Confirm New Password</label>
<div class="controls">
<input type="password" id="confirmPassword" name="confirmPassword" data-ng-model="confirmPassword" autofocus
required>
</div>
</div>
<div class="form-group">
<button type="submit" data-ng-click="changePassword()" class="primary" ng-show="password != null">Save
</button>
</div>
</fieldset>
<fieldset data-ng-show="totpRequired">
<legend uncollapsed><span class="text">Change TOTP Key</span></legend>
<div class="form-group">
<label for="totp">New Key</label>
<div class="controls">
<input type="text" id="totp" name="totp" data-ng-model="totp" autofocus
required>
<button type="submit" data-ng-click="generateTotp()">Generate
</button>
</div>
</div>
<div class="form-group">
<label></label>
<button type="submit" data-ng-click="changeTotp()" class="primary" ng-show="totp != null">Save
</button>
</div>
</fieldset>
</form>
</div>
</div>
<div id="container-right-bg"></div>
</div>
</div>

10
examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/application-detail.html
View file

@ -7,7 +7,7 @@
<li><a href="#/create/application/{{realm.id}}">New Application</a></li> <li><a href="#/create/application/{{realm.id}}">New Application</a></li>
<li><a href="#/realms/{{realm.id}}/applications">Applications</a></li> <li><a href="#/realms/{{realm.id}}/applications">Applications</a></li>
<li class="active"><a href="#/realms/{{realm.id}}/applications/{{application.id}}">Settings</a></li> <li class="active"><a href="#/realms/{{realm.id}}/applications/{{application.id}}">Settings</a></li>
<li><a href="#">Credentials</a></li> <li><a href="#/realms/{{realm.id}}/applications/{{application.id}}/credentials">Credentials</a></li>
<li><a href="#">Installation</a></li> <li><a href="#">Installation</a></li>
<li><a href="#/realms/{{realm.id}}/applications/{{application.id}}/roles">Roles</a></li> <li><a href="#/realms/{{realm.id}}/applications/{{application.id}}/roles">Roles</a></li>
<li><a href="#">Scope</a></li> <li><a href="#">Scope</a></li>
@ -49,6 +49,14 @@
</label> </label>
</div> </div>
</div> </div>
<div class="form-group">
<label for="adminUrl" class="control-label">Base URL</label>
<div class="controls">
<input class="input-small" type="text" name="baseUrl" id="baseUrl"
data-ng-model="application.baseUrl">
</div>
</div>
<div class="form-group"> <div class="form-group">
<label for="adminUrl" class="control-label">Admin URL</label> <label for="adminUrl" class="control-label">Admin URL</label>

14
model/api/src/main/java/org/keycloak/models/ApplicationModel.java
View file

@ -8,9 +8,9 @@ import java.util.Set;
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public interface ApplicationModel { public interface ApplicationModel {
void updateResource(); void updateApplication();
UserModel getResourceUser(); UserModel getApplicationUser();
String getId(); String getId();
@ -30,6 +30,10 @@ public interface ApplicationModel {
void setManagementUrl(String url); void setManagementUrl(String url);
String getBaseUrl();
void setBaseUrl(String url);
RoleModel getRole(String name); RoleModel getRole(String name);
RoleModel addRole(String name); RoleModel addRole(String name);
@ -38,11 +42,11 @@ public interface ApplicationModel {
Set<String> getRoleMappingValues(UserModel user); Set<String> getRoleMappingValues(UserModel user);
void addScope(UserModel agent, String roleName); void addScopeMapping(UserModel agent, String roleName);
void addScope(UserModel agent, RoleModel role); void addScopeMapping(UserModel agent, RoleModel role);
Set<String> getScope(UserModel agent); Set<String> getScopeMapping(UserModel agent);
List<RoleModel> getRoleMappings(UserModel user); List<RoleModel> getRoleMappings(UserModel user);

17
model/api/src/main/java/org/keycloak/models/OAuthClientModel.java Executable file
View file

@ -0,0 +1,17 @@
package org.keycloak.models;
import org.keycloak.models.UserModel;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface OAuthClientModel {
String getId();
UserModel getOAuthAgent();
String getBaseUrl();
void setBaseUrl(String base);
}

10
model/api/src/main/java/org/keycloak/models/RealmModel.java
View file

@ -97,7 +97,7 @@ public interface RealmModel {
void updateDefaultRoles(String[] defaultRoles); void updateDefaultRoles(String[] defaultRoles);
Map<String, ApplicationModel> getResourceNameMap(); Map<String, ApplicationModel> getApplicationNameMap();
List<ApplicationModel> getApplications(); List<ApplicationModel> getApplications();
@ -109,9 +109,9 @@ public interface RealmModel {
Set<String> getRoleMappingValues(UserModel user); Set<String> getRoleMappingValues(UserModel user);
void addScope(UserModel agent, String roleName); void addScopeMapping(UserModel agent, String roleName);
Set<String> getScope(UserModel agent); Set<String> getScopeMapping(UserModel agent);
boolean isRealmAdmin(UserModel agent); boolean isRealmAdmin(UserModel agent);
@ -160,4 +160,8 @@ public interface RealmModel {
List<RoleModel> getRoleMappings(UserModel user); List<RoleModel> getRoleMappings(UserModel user);
void deleteRoleMapping(UserModel user, RoleModel role); void deleteRoleMapping(UserModel user, RoleModel role);
OAuthClientModel addOAuthClient(String name);
OAuthClientModel getOAuthClient(String name);
} }

60
model/picketlink/src/main/java/org/keycloak/models/picketlink/ApplicationAdapter.java
View file

@ -25,20 +25,20 @@ import java.util.Set;
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class ApplicationAdapter implements ApplicationModel { public class ApplicationAdapter implements ApplicationModel {
protected ApplicationData resource; protected ApplicationData applicationData;
protected RealmAdapter realm; protected RealmAdapter realm;
protected IdentityManager idm; protected IdentityManager idm;
protected PartitionManager partitionManager; protected PartitionManager partitionManager;
protected RelationshipManager relationshipManager; protected RelationshipManager relationshipManager;
public ApplicationAdapter(ApplicationData resource, RealmAdapter realm, PartitionManager partitionManager) { public ApplicationAdapter(ApplicationData applicationData, RealmAdapter realm, PartitionManager partitionManager) {
this.resource = resource; this.applicationData = applicationData;
this.realm = realm; this.realm = realm;
this.partitionManager = partitionManager; this.partitionManager = partitionManager;
} }
protected IdentityManager getIdm() { protected IdentityManager getIdm() {
if (idm == null) idm = partitionManager.createIdentityManager(resource); if (idm == null) idm = partitionManager.createIdentityManager(applicationData);
return idm; return idm;
} }
@ -48,59 +48,69 @@ public class ApplicationAdapter implements ApplicationModel {
} }
@Override @Override
public void updateResource() { public void updateApplication() {
partitionManager.update(resource); partitionManager.update(applicationData);
} }
@Override @Override
public UserAdapter getResourceUser() { public UserAdapter getApplicationUser() {
return new UserAdapter(resource.getResourceUser(), realm.getIdm()); return new UserAdapter(applicationData.getResourceUser(), realm.getIdm());
} }
@Override @Override
public String getId() { public String getId() {
// for some reason picketlink queries by name when finding partition, don't know what ID is used for now // for some reason picketlink queries by name when finding partition, don't know what ID is used for now
return resource.getName(); return applicationData.getName();
} }
@Override @Override
public String getName() { public String getName() {
return resource.getResourceName(); return applicationData.getResourceName();
} }
@Override @Override
public void setName(String name) { public void setName(String name) {
resource.setResourceName(name); applicationData.setResourceName(name);
} }
@Override @Override
public boolean isEnabled() { public boolean isEnabled() {
return resource.isEnabled(); return applicationData.isEnabled();
} }
@Override @Override
public void setEnabled(boolean enabled) { public void setEnabled(boolean enabled) {
resource.setEnabled(enabled); applicationData.setEnabled(enabled);
} }
@Override @Override
public boolean isSurrogateAuthRequired() { public boolean isSurrogateAuthRequired() {
return resource.isSurrogateAuthRequired(); return applicationData.isSurrogateAuthRequired();
} }
@Override @Override
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) { public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
resource.setSurrogateAuthRequired(surrogateAuthRequired); applicationData.setSurrogateAuthRequired(surrogateAuthRequired);
} }
@Override @Override
public String getManagementUrl() { public String getManagementUrl() {
return resource.getManagementUrl(); return applicationData.getManagementUrl();
} }
@Override @Override
public void setManagementUrl(String url) { public void setManagementUrl(String url) {
resource.setManagementUrl(url); applicationData.setManagementUrl(url);
}
@Override
public String getBaseUrl() {
return applicationData.getBaseUrl();
}
@Override
public void setBaseUrl(String url) {
applicationData.setBaseUrl(url);
} }
@Override @Override
@ -136,7 +146,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override @Override
public List<RoleModel> getRoles() { public List<RoleModel> getRoles() {
IdentityQuery<Role> query = getIdm().createIdentityQuery(Role.class); IdentityQuery<Role> query = getIdm().createIdentityQuery(Role.class);
query.setParameter(Role.PARTITION, resource); query.setParameter(Role.PARTITION, applicationData);
List<Role> roles = query.getResultList(); List<Role> roles = query.getResultList();
List<RoleModel> roleModels = new ArrayList<RoleModel>(); List<RoleModel> roleModels = new ArrayList<RoleModel>();
for (Role role : roles) { for (Role role : roles) {
@ -152,7 +162,7 @@ public class ApplicationAdapter implements ApplicationModel {
List<Grant> grants = query.getResultList(); List<Grant> grants = query.getResultList();
HashSet<String> set = new HashSet<String>(); HashSet<String> set = new HashSet<String>();
for (Grant grant : grants) { for (Grant grant : grants) {
if (grant.getRole().getPartition().getId().equals(resource.getId())) set.add(grant.getRole().getName()); if (grant.getRole().getPartition().getId().equals(applicationData.getId())) set.add(grant.getRole().getName());
} }
return set; return set;
} }
@ -164,7 +174,7 @@ public class ApplicationAdapter implements ApplicationModel {
List<Grant> grants = query.getResultList(); List<Grant> grants = query.getResultList();
List<RoleModel> set = new ArrayList<RoleModel>(); List<RoleModel> set = new ArrayList<RoleModel>();
for (Grant grant : grants) { for (Grant grant : grants) {
if (grant.getRole().getPartition().getId().equals(resource.getId())) set.add(new RoleAdapter(grant.getRole(), getIdm())); if (grant.getRole().getPartition().getId().equals(applicationData.getId())) set.add(new RoleAdapter(grant.getRole(), getIdm()));
} }
return set; return set;
} }
@ -184,16 +194,16 @@ public class ApplicationAdapter implements ApplicationModel {
@Override @Override
public void addScope(UserModel agent, String roleName) { public void addScopeMapping(UserModel agent, String roleName) {
IdentityManager idm = getIdm(); IdentityManager idm = getIdm();
Role role = SampleModel.getRole(idm,roleName); Role role = SampleModel.getRole(idm,roleName);
if (role == null) throw new RuntimeException("role not found"); if (role == null) throw new RuntimeException("role not found");
addScope(agent, new RoleAdapter(role, idm)); addScopeMapping(agent, new RoleAdapter(role, idm));
} }
@Override @Override
public void addScope(UserModel agent, RoleModel role) { public void addScopeMapping(UserModel agent, RoleModel role) {
ScopeRelationship scope = new ScopeRelationship(); ScopeRelationship scope = new ScopeRelationship();
scope.setClient(((UserAdapter)agent).getUser()); scope.setClient(((UserAdapter)agent).getUser());
scope.setScope(((RoleAdapter)role).getRole()); scope.setScope(((RoleAdapter)role).getRole());
@ -201,13 +211,13 @@ public class ApplicationAdapter implements ApplicationModel {
} }
@Override @Override
public Set<String> getScope(UserModel agent) { public Set<String> getScopeMapping(UserModel agent) {
RelationshipQuery<ScopeRelationship> query = getRelationshipManager().createRelationshipQuery(ScopeRelationship.class); RelationshipQuery<ScopeRelationship> query = getRelationshipManager().createRelationshipQuery(ScopeRelationship.class);
query.setParameter(ScopeRelationship.CLIENT, ((UserAdapter)agent).getUser()); query.setParameter(ScopeRelationship.CLIENT, ((UserAdapter)agent).getUser());
List<ScopeRelationship> scope = query.getResultList(); List<ScopeRelationship> scope = query.getResultList();
HashSet<String> set = new HashSet<String>(); HashSet<String> set = new HashSet<String>();
for (ScopeRelationship rel : scope) { for (ScopeRelationship rel : scope) {
if (rel.getScope().getPartition().getId().equals(resource.getId())) set.add(rel.getScope().getName()); if (rel.getScope().getPartition().getId().equals(applicationData.getId())) set.add(rel.getScope().getName());
} }
return set; return set;
} }

44
model/picketlink/src/main/java/org/keycloak/models/picketlink/OAuthClientAdapter.java Executable file
View file

@ -0,0 +1,44 @@
package org.keycloak.models.picketlink;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.picketlink.relationships.OAuthClientRelationship;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.RelationshipManager;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class OAuthClientAdapter implements OAuthClientModel {
protected OAuthClientRelationship delegate;
protected IdentityManager idm;
protected RelationshipManager relationshipManager;
public OAuthClientAdapter(OAuthClientRelationship delegate, IdentityManager idm, RelationshipManager relationshipManager) {
this.delegate = delegate;
this.idm = idm;
this.relationshipManager = relationshipManager;
}
@Override
public String getId() {
return delegate.getId();
}
@Override
public UserModel getOAuthAgent() {
return new UserAdapter(delegate.getOauthAgent(), idm);
}
@Override
public String getBaseUrl() {
return delegate.getBaseUrl();
}
@Override
public void setBaseUrl(String base) {
delegate.setBaseUrl(base);
relationshipManager.update(delegate);
}
}

52
model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java
View file

@ -553,7 +553,7 @@ public class RealmAdapter implements RealmModel {
* @return * @return
*/ */
@Override @Override
public Map<String, ApplicationModel> getResourceNameMap() { public Map<String, ApplicationModel> getApplicationNameMap() {
Map<String, ApplicationModel> resourceMap = new HashMap<String, ApplicationModel>(); Map<String, ApplicationModel> resourceMap = new HashMap<String, ApplicationModel>();
for (ApplicationModel resource : getApplications()) { for (ApplicationModel resource : getApplications()) {
resourceMap.put(resource.getName(), resource); resourceMap.put(resource.getName(), resource);
@ -568,10 +568,10 @@ public class RealmAdapter implements RealmModel {
*/ */
@Override @Override
public ApplicationModel getApplicationById(String id) { public ApplicationModel getApplicationById(String id) {
RelationshipQuery<ResourceRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRelationship.class); RelationshipQuery<ApplicationRelationship> query = getRelationshipManager().createRelationshipQuery(ApplicationRelationship.class);
query.setParameter(ResourceRelationship.REALM, realm.getName()); query.setParameter(ApplicationRelationship.REALM, realm.getName());
query.setParameter(ResourceRelationship.RESOURCE, id); query.setParameter(ApplicationRelationship.APPLICATION, id);
List<ResourceRelationship> results = query.getResultList(); List<ApplicationRelationship> results = query.getResultList();
if (results.size() == 0) return null; if (results.size() == 0) return null;
ApplicationData resource = partitionManager.getPartition(ApplicationData.class, id); ApplicationData resource = partitionManager.getPartition(ApplicationData.class, id);
ApplicationModel model = new ApplicationAdapter(resource, this, partitionManager); ApplicationModel model = new ApplicationAdapter(resource, this, partitionManager);
@ -581,12 +581,12 @@ public class RealmAdapter implements RealmModel {
@Override @Override
public List<ApplicationModel> getApplications() { public List<ApplicationModel> getApplications() {
RelationshipQuery<ResourceRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRelationship.class); RelationshipQuery<ApplicationRelationship> query = getRelationshipManager().createRelationshipQuery(ApplicationRelationship.class);
query.setParameter(ResourceRelationship.REALM, realm.getName()); query.setParameter(ApplicationRelationship.REALM, realm.getName());
List<ResourceRelationship> results = query.getResultList(); List<ApplicationRelationship> results = query.getResultList();
List<ApplicationModel> resources = new ArrayList<ApplicationModel>(); List<ApplicationModel> resources = new ArrayList<ApplicationModel>();
for (ResourceRelationship relationship : results) { for (ApplicationRelationship relationship : results) {
ApplicationData resource = partitionManager.getPartition(ApplicationData.class, relationship.getResource()); ApplicationData resource = partitionManager.getPartition(ApplicationData.class, relationship.getApplication());
ApplicationModel model = new ApplicationAdapter(resource, this, partitionManager); ApplicationModel model = new ApplicationAdapter(resource, this, partitionManager);
resources.add(model); resources.add(model);
} }
@ -603,13 +603,13 @@ public class RealmAdapter implements RealmModel {
applicationData.setResourceName(name); applicationData.setResourceName(name);
applicationData.setResourceUser(resourceUser); applicationData.setResourceUser(resourceUser);
partitionManager.add(applicationData); partitionManager.add(applicationData);
ResourceRelationship resourceRelationship = new ResourceRelationship(); ApplicationRelationship resourceRelationship = new ApplicationRelationship();
resourceRelationship.setRealm(realm.getName()); resourceRelationship.setRealm(realm.getName());
resourceRelationship.setResource(applicationData.getName()); resourceRelationship.setApplication(applicationData.getName());
getRelationshipManager().add(resourceRelationship); getRelationshipManager().add(resourceRelationship);
ApplicationModel resource = new ApplicationAdapter(applicationData, this, partitionManager); ApplicationModel resource = new ApplicationAdapter(applicationData, this, partitionManager);
resource.addRole("*"); resource.addRole("*");
resource.addScope(new UserAdapter(resourceUser, idm), "*"); resource.addScopeMapping(new UserAdapter(resourceUser, idm), "*");
return resource; return resource;
} }
@ -667,7 +667,7 @@ public class RealmAdapter implements RealmModel {
@Override @Override
public void addScope(UserModel agent, String roleName) { public void addScopeMapping(UserModel agent, String roleName) {
IdentityManager idm = getIdm(); IdentityManager idm = getIdm();
Role role = SampleModel.getRole(idm, roleName); Role role = SampleModel.getRole(idm, roleName);
if (role == null) throw new RuntimeException("role not found"); if (role == null) throw new RuntimeException("role not found");
@ -677,9 +677,31 @@ public class RealmAdapter implements RealmModel {
getRelationshipManager().add(scope); getRelationshipManager().add(scope);
} }
@Override
public OAuthClientModel addOAuthClient(String name) {
User client = new User(name);
getIdm().add(client);
OAuthClientRelationship rel = new OAuthClientRelationship();
rel.setOauthAgent(client);
rel.setRealm(realm.getName());
getRelationshipManager().add(rel);
return new OAuthClientAdapter(rel, getIdm(), getRelationshipManager());
}
@Override @Override
public Set<String> getScope(UserModel agent) { public OAuthClientModel getOAuthClient(String name) {
User user = findPicketlinkUser(name);
if (user == null) return null;
RelationshipQuery<OAuthClientRelationship> query = getRelationshipManager().createRelationshipQuery(OAuthClientRelationship.class);
query.setParameter(OAuthClientRelationship.OAUTH_AGENT, user);
List<OAuthClientRelationship> results = query.getResultList();
if (results.size() == 0) return null;
return new OAuthClientAdapter(results.get(0), getIdm(), getRelationshipManager());
}
@Override
public Set<String> getScopeMapping(UserModel agent) {
RelationshipQuery<ScopeRelationship> query = getRelationshipManager().createRelationshipQuery(ScopeRelationship.class); RelationshipQuery<ScopeRelationship> query = getRelationshipManager().createRelationshipQuery(ScopeRelationship.class);
query.setParameter(ScopeRelationship.CLIENT, ((UserAdapter)agent).getUser()); query.setParameter(ScopeRelationship.CLIENT, ((UserAdapter)agent).getUser());
List<ScopeRelationship> scope = query.getResultList(); List<ScopeRelationship> scope = query.getResultList();

11
model/picketlink/src/main/java/org/keycloak/models/picketlink/mappings/ApplicationData.java
View file

@ -13,6 +13,7 @@ public class ApplicationData extends AbstractPartition {
private boolean enabled; private boolean enabled;
private boolean surrogateAuthRequired; private boolean surrogateAuthRequired;
private String managementUrl; private String managementUrl;
private String baseUrl;
private User resourceUser; private User resourceUser;
public ApplicationData() { public ApplicationData() {
@ -65,4 +66,14 @@ public class ApplicationData extends AbstractPartition {
public void setManagementUrl(String managementUrl) { public void setManagementUrl(String managementUrl) {
this.managementUrl = managementUrl; this.managementUrl = managementUrl;
} }
@AttributeProperty
public String getBaseUrl() {
return baseUrl;
}
public void setBaseUrl(String baseUrl) {
this.baseUrl = baseUrl;
}
} }

10
model/picketlink/src/main/java/org/keycloak/models/picketlink/mappings/ApplicationEntity.java
View file

@ -31,6 +31,8 @@ public class ApplicationEntity implements Serializable {
private boolean surrogateAuthRequired; private boolean surrogateAuthRequired;
@AttributeValue @AttributeValue
private String managementUrl; private String managementUrl;
@AttributeValue
private String baseUrl;
@OneToOne @OneToOne
@AttributeValue @AttributeValue
@ -77,6 +79,14 @@ public class ApplicationEntity implements Serializable {
this.managementUrl = managementUrl; this.managementUrl = managementUrl;
} }
public String getBaseUrl() {
return baseUrl;
}
public void setBaseUrl(String baseUrl) {
this.baseUrl = baseUrl;
}
public AccountTypeEntity getResourceUser() { public AccountTypeEntity getResourceUser() {
return resourceUser; return resourceUser;
} }

14
model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/ResourceRelationship.java → model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/ApplicationRelationship.java
View file

@ -10,13 +10,13 @@ import org.picketlink.idm.query.AttributeParameter;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class ResourceRelationship extends AbstractAttributedType implements Relationship { public class ApplicationRelationship extends AbstractAttributedType implements Relationship {
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
public static final AttributeParameter REALM = new AttributeParameter("realm"); public static final AttributeParameter REALM = new AttributeParameter("realm");
public static final AttributeParameter RESOURCE = new AttributeParameter("resource"); public static final AttributeParameter APPLICATION = new AttributeParameter("application");
public ResourceRelationship() { public ApplicationRelationship() {
} }
@AttributeProperty @AttributeProperty
@ -30,12 +30,12 @@ public class ResourceRelationship extends AbstractAttributedType implements Rela
@AttributeProperty @AttributeProperty
public String getResource() { public String getApplication() {
return (String)getAttribute("resource").getValue(); return (String)getAttribute("application").getValue();
} }
public void setResource(String realm) { public void setApplication(String app) {
setAttribute(new Attribute<String>("resource", realm)); setAttribute(new Attribute<String>("application", app));
} }
} }

57
model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/OAuthClientRelationship.java Executable file
View file

@ -0,0 +1,57 @@
package org.keycloak.models.picketlink.relationships;
import org.picketlink.idm.model.AbstractAttributedType;
import org.picketlink.idm.model.Attribute;
import org.picketlink.idm.model.Relationship;
import org.picketlink.idm.model.annotation.AttributeProperty;
import org.picketlink.idm.model.sample.User;
import org.picketlink.idm.query.AttributeParameter;
import org.picketlink.idm.query.RelationshipQueryParameter;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class OAuthClientRelationship extends AbstractAttributedType implements Relationship {
private static final long serialVersionUID = 1L;
public static final AttributeParameter REALM = new AttributeParameter("realm");
public static final RelationshipQueryParameter OAUTH_AGENT = new RelationshipQueryParameter() {
@Override
public String getName() {
return "oauthAgent";
}
};
protected User oauthAgent;
public OAuthClientRelationship() {
}
public String getRealm() {
return (String)getAttribute("realm").getValue();
}
public void setRealm(String realm) {
setAttribute(new Attribute<String>("realm", realm));
}
public User getOauthAgent() {
return oauthAgent;
}
public void setOauthAgent(User oauthAgent) {
this.oauthAgent = oauthAgent;
}
@AttributeProperty
public String getBaseUrl() {
return (String)getAttribute("baseUrl").getValue();
}
public void setBaseUrl(String base) {
setAttribute(new Attribute<String>("baseUrl", base));
}
}

47
services/src/main/java/org/keycloak/services/managers/ResourceManager.java → services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
View file

@ -7,22 +7,23 @@ import org.keycloak.representations.idm.*;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class ResourceManager { public class ApplicationManager {
protected RealmManager realmManager; protected RealmManager realmManager;
public ResourceManager(RealmManager realmManager) { public ApplicationManager(RealmManager realmManager) {
this.realmManager = realmManager; this.realmManager = realmManager;
} }
public ApplicationModel createResource(RealmModel realm, RoleModel loginRole, ApplicationRepresentation resourceRep) { public ApplicationModel createApplication(RealmModel realm, RoleModel loginRole, ApplicationRepresentation resourceRep) {
ApplicationModel resource = realm.addApplication(resourceRep.getName()); ApplicationModel applicationModel = realm.addApplication(resourceRep.getName());
resource.setEnabled(resourceRep.isEnabled()); applicationModel.setEnabled(resourceRep.isEnabled());
resource.setManagementUrl(resourceRep.getAdminUrl()); applicationModel.setManagementUrl(resourceRep.getAdminUrl());
resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired()); applicationModel.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
resource.updateResource(); applicationModel.setBaseUrl(resourceRep.getBaseUrl());
applicationModel.updateApplication();
UserModel resourceUser = resource.getResourceUser(); UserModel resourceUser = applicationModel.getApplicationUser();
if (resourceRep.getCredentials() != null) { if (resourceRep.getCredentials() != null) {
for (CredentialRepresentation cred : resourceRep.getCredentials()) { for (CredentialRepresentation cred : resourceRep.getCredentials()) {
UserCredentialModel credential = new UserCredentialModel(); UserCredentialModel credential = new UserCredentialModel();
@ -36,7 +37,7 @@ public class ResourceManager {
if (resourceRep.getRoles() != null) { if (resourceRep.getRoles() != null) {
for (RoleRepresentation roleRep : resourceRep.getRoles()) { for (RoleRepresentation roleRep : resourceRep.getRoles()) {
RoleModel role = resource.addRole(roleRep.getName()); RoleModel role = applicationModel.addRole(roleRep.getName());
if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription()); if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
} }
} }
@ -44,9 +45,9 @@ public class ResourceManager {
for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) { for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
UserModel user = realm.getUser(mapping.getUsername()); UserModel user = realm.getUser(mapping.getUsername());
for (String roleString : mapping.getRoles()) { for (String roleString : mapping.getRoles()) {
RoleModel role = resource.getRole(roleString.trim()); RoleModel role = applicationModel.getRole(roleString.trim());
if (role == null) { if (role == null) {
role = resource.addRole(roleString.trim()); role = applicationModel.addRole(roleString.trim());
} }
realm.grantRole(user, role); realm.grantRole(user, role);
} }
@ -56,29 +57,30 @@ public class ResourceManager {
for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) { for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
UserModel user = realm.getUser(mapping.getUsername()); UserModel user = realm.getUser(mapping.getUsername());
for (String roleString : mapping.getRoles()) { for (String roleString : mapping.getRoles()) {
RoleModel role = resource.getRole(roleString.trim()); RoleModel role = applicationModel.getRole(roleString.trim());
if (role == null) { if (role == null) {
role = resource.addRole(roleString.trim()); role = applicationModel.addRole(roleString.trim());
} }
resource.addScope(user, role.getName()); applicationModel.addScopeMapping(user, role.getName());
} }
} }
} }
if (resourceRep.isUseRealmMappings()) realm.addScope(resource.getResourceUser(), "*"); if (resourceRep.isUseRealmMappings()) realm.addScopeMapping(applicationModel.getApplicationUser(), "*");
return resource; return applicationModel;
} }
public ApplicationModel createResource(RealmModel realm, ApplicationRepresentation resourceRep) { public ApplicationModel createApplication(RealmModel realm, ApplicationRepresentation resourceRep) {
RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE); RoleModel loginRole = realm.getRole(RealmManager.APPLICATION_ROLE);
return createResource(realm, loginRole, resourceRep); return createApplication(realm, loginRole, resourceRep);
} }
public void updateResource(ApplicationRepresentation rep, ApplicationModel resource) { public void updateApplication(ApplicationRepresentation rep, ApplicationModel resource) {
resource.setName(rep.getName()); resource.setName(rep.getName());
resource.setEnabled(rep.isEnabled()); resource.setEnabled(rep.isEnabled());
resource.setManagementUrl(rep.getAdminUrl()); resource.setManagementUrl(rep.getAdminUrl());
resource.setBaseUrl(rep.getBaseUrl());
resource.setSurrogateAuthRequired(rep.isSurrogateAuthRequired()); resource.setSurrogateAuthRequired(rep.isSurrogateAuthRequired());
resource.updateResource(); resource.updateApplication();
} }
@ -89,6 +91,7 @@ public class ResourceManager {
rep.setEnabled(applicationModel.isEnabled()); rep.setEnabled(applicationModel.isEnabled());
rep.setAdminUrl(applicationModel.getManagementUrl()); rep.setAdminUrl(applicationModel.getManagementUrl());
rep.setSurrogateAuthRequired(applicationModel.isSurrogateAuthRequired()); rep.setSurrogateAuthRequired(applicationModel.isSurrogateAuthRequired());
rep.setBaseUrl(applicationModel.getBaseUrl());
return rep; return rep;
} }

2
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
View file

@ -211,7 +211,7 @@ public class AuthenticationManager {
Set<String> types = new HashSet<String>(); Set<String> types = new HashSet<String>();
List<RequiredCredentialModel> requiredCredentials = null; List<RequiredCredentialModel> requiredCredentials = null;
if (realm.hasRole(user, RealmManager.RESOURCE_ROLE)) { if (realm.hasRole(user, RealmManager.APPLICATION_ROLE)) {
requiredCredentials = realm.getRequiredApplicationCredentials(); requiredCredentials = realm.getRequiredApplicationCredentials();
} else if (realm.hasRole(user, RealmManager.IDENTITY_REQUESTER_ROLE)) { } else if (realm.hasRole(user, RealmManager.IDENTITY_REQUESTER_ROLE)) {
requiredCredentials = realm.getRequiredOAuthClientCredentials(); requiredCredentials = realm.getRequiredOAuthClientCredentials();

24
services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java Executable file
View file

@ -0,0 +1,24 @@
package org.keycloak.services.managers;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class OAuthClientManager {
protected RealmModel realm;
public OAuthClientManager(RealmModel realm) {
this.realm = realm;
}
public OAuthClientModel createOAuthClient(String name) {
OAuthClientModel model = realm.addOAuthClient(name);
RoleModel role = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
realm.grantRole(model.getOAuthAgent(), role);
return model;
}
}

44
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -20,7 +20,7 @@ import java.util.concurrent.atomic.AtomicLong;
public class RealmManager { public class RealmManager {
protected static final Logger logger = Logger.getLogger(RealmManager.class); protected static final Logger logger = Logger.getLogger(RealmManager.class);
private static AtomicLong counter = new AtomicLong(1); private static AtomicLong counter = new AtomicLong(1);
public static final String RESOURCE_ROLE = "KEYCLOAK_RESOURCE"; public static final String APPLICATION_ROLE = "KEYCLOAK_APPLICATION";
public static final String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER"; public static final String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER";
public static final String WILDCARD_ROLE = "*"; public static final String WILDCARD_ROLE = "*";
@ -50,7 +50,7 @@ public class RealmManager {
RealmModel realm = identitySession.createRealm(id, name); RealmModel realm = identitySession.createRealm(id, name);
realm.setName(name); realm.setName(name);
realm.addRole(WILDCARD_ROLE); realm.addRole(WILDCARD_ROLE);
realm.addRole(RESOURCE_ROLE); realm.addRole(APPLICATION_ROLE);
realm.addRole(IDENTITY_REQUESTER_ROLE); realm.addRole(IDENTITY_REQUESTER_ROLE);
return realm; return realm;
} }
@ -74,10 +74,12 @@ public class RealmManager {
if (rep.isRegistrationAllowed() != null) realm.setRegistrationAllowed(rep.isRegistrationAllowed()); if (rep.isRegistrationAllowed() != null) realm.setRegistrationAllowed(rep.isRegistrationAllowed());
if (rep.isVerifyEmail() != null) realm.setVerifyEmail(rep.isVerifyEmail()); if (rep.isVerifyEmail() != null) realm.setVerifyEmail(rep.isVerifyEmail());
if (rep.isResetPasswordAllowed() != null) realm.setResetPasswordAllowed(rep.isResetPasswordAllowed()); if (rep.isResetPasswordAllowed() != null) realm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
if (rep.isAutomaticRegistrationAfterSocialLogin() != null) realm.setAutomaticRegistrationAfterSocialLogin(rep.isAutomaticRegistrationAfterSocialLogin()); if (rep.isAutomaticRegistrationAfterSocialLogin() != null)
realm.setAutomaticRegistrationAfterSocialLogin(rep.isAutomaticRegistrationAfterSocialLogin());
if (rep.isSslNotRequired() != null) realm.setSslNotRequired((rep.isSslNotRequired())); if (rep.isSslNotRequired() != null) realm.setSslNotRequired((rep.isSslNotRequired()));
if (rep.getAccessCodeLifespan() != null) realm.setAccessCodeLifespan(rep.getAccessCodeLifespan()); if (rep.getAccessCodeLifespan() != null) realm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
if (rep.getAccessCodeLifespanUserAction() != null) realm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction()); if (rep.getAccessCodeLifespanUserAction() != null)
realm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction());
if (rep.getTokenLifespan() != null) realm.setTokenLifespan(rep.getTokenLifespan()); if (rep.getTokenLifespan() != null) realm.setTokenLifespan(rep.getTokenLifespan());
if (rep.getRequiredOAuthClientCredentials() != null) { if (rep.getRequiredOAuthClientCredentials() != null) {
realm.updateRequiredOAuthClientCredentials(rep.getRequiredOAuthClientCredentials()); realm.updateRequiredOAuthClientCredentials(rep.getRequiredOAuthClientCredentials());
@ -113,7 +115,8 @@ public class RealmManager {
if (rep.getAccessCodeLifespan() != null) newRealm.setAccessCodeLifespan(rep.getAccessCodeLifespan()); if (rep.getAccessCodeLifespan() != null) newRealm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
else newRealm.setAccessCodeLifespan(60); else newRealm.setAccessCodeLifespan(60);
if (rep.getAccessCodeLifespanUserAction() != null) newRealm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction()); if (rep.getAccessCodeLifespanUserAction() != null)
newRealm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction());
else newRealm.setAccessCodeLifespanUserAction(300); else newRealm.setAccessCodeLifespanUserAction(300);
if (rep.isSslNotRequired() != null) newRealm.setSslNotRequired(rep.isSslNotRequired()); if (rep.isSslNotRequired() != null) newRealm.setSslNotRequired(rep.isSslNotRequired());
@ -121,7 +124,8 @@ public class RealmManager {
if (rep.isRegistrationAllowed() != null) newRealm.setRegistrationAllowed(rep.isRegistrationAllowed()); if (rep.isRegistrationAllowed() != null) newRealm.setRegistrationAllowed(rep.isRegistrationAllowed());
if (rep.isVerifyEmail() != null) newRealm.setVerifyEmail(rep.isVerifyEmail()); if (rep.isVerifyEmail() != null) newRealm.setVerifyEmail(rep.isVerifyEmail());
if (rep.isResetPasswordAllowed() != null) newRealm.setResetPasswordAllowed(rep.isResetPasswordAllowed()); if (rep.isResetPasswordAllowed() != null) newRealm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
if (rep.isAutomaticRegistrationAfterSocialLogin() != null) newRealm.setAutomaticRegistrationAfterSocialLogin(rep.isAutomaticRegistrationAfterSocialLogin()); if (rep.isAutomaticRegistrationAfterSocialLogin() != null)
newRealm.setAutomaticRegistrationAfterSocialLogin(rep.isAutomaticRegistrationAfterSocialLogin());
if (rep.getPrivateKey() == null || rep.getPublicKey() == null) { if (rep.getPrivateKey() == null || rep.getPublicKey() == null) {
generateRealmKeys(newRealm); generateRealmKeys(newRealm);
} else { } else {
@ -175,7 +179,7 @@ public class RealmManager {
} }
if (rep.getApplications() != null) { if (rep.getApplications() != null) {
createResources(rep, newRealm); createApplications(rep, newRealm);
} }
if (rep.getRoleMappings() != null) { if (rep.getRoleMappings() != null) {
@ -199,7 +203,7 @@ public class RealmManager {
role = newRealm.addRole(roleString.trim()); role = newRealm.addRole(roleString.trim());
} }
UserModel user = userMap.get(scope.getUsername()); UserModel user = userMap.get(scope.getUsername());
newRealm.addScope(user, role.getName()); newRealm.addScopeMapping(user, role.getName());
} }
} }
@ -237,18 +241,23 @@ public class RealmManager {
} }
if (userRep.getCredentials() != null) { if (userRep.getCredentials() != null) {
for (CredentialRepresentation cred : userRep.getCredentials()) { for (CredentialRepresentation cred : userRep.getCredentials()) {
UserCredentialModel credential = new UserCredentialModel(); UserCredentialModel credential = fromRepresentation(cred);
credential.setType(cred.getType());
credential.setValue(cred.getValue());
newRealm.updateCredential(user, credential); newRealm.updateCredential(user, credential);
} }
} }
return user; return user;
} }
public static UserCredentialModel fromRepresentation(CredentialRepresentation cred) {
UserCredentialModel credential = new UserCredentialModel();
credential.setType(cred.getType());
credential.setValue(cred.getValue());
return credential;
}
/** /**
* Query users based on a search string: * Query users based on a search string:
* * <p/>
* "Bill Burke" first and last name * "Bill Burke" first and last name
* "bburke@redhat.com" email * "bburke@redhat.com" email
* "Burke" lastname or username * "Burke" lastname or username
@ -309,20 +318,21 @@ public class RealmManager {
public void addRequiredCredential(RealmModel newRealm, String requiredCred) { public void addRequiredCredential(RealmModel newRealm, String requiredCred) {
newRealm.addRequiredCredential(requiredCred); newRealm.addRequiredCredential(requiredCred);
} }
public void addResourceRequiredCredential(RealmModel newRealm, String requiredCred) { public void addResourceRequiredCredential(RealmModel newRealm, String requiredCred) {
newRealm.addRequiredResourceCredential(requiredCred); newRealm.addRequiredResourceCredential(requiredCred);
} }
public void addOAuthClientRequiredCredential(RealmModel newRealm, String requiredCred) { public void addOAuthClientRequiredCredential(RealmModel newRealm, String requiredCred) {
newRealm.addRequiredOAuthClientCredential(requiredCred); newRealm.addRequiredOAuthClientCredential(requiredCred);
} }
protected void createApplications(RealmRepresentation rep, RealmModel realm) {
protected void createResources(RealmRepresentation rep, RealmModel realm) { RoleModel loginRole = realm.getRole(RealmManager.APPLICATION_ROLE);
RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE); ApplicationManager manager = new ApplicationManager(this);
ResourceManager manager = new ResourceManager(this);
for (ApplicationRepresentation resourceRep : rep.getApplications()) { for (ApplicationRepresentation resourceRep : rep.getApplications()) {
manager.createResource(realm, loginRole, resourceRep); manager.createApplication(realm, loginRole, resourceRep);
} }
} }

6
services/src/main/java/org/keycloak/services/managers/TokenManager.java
View file

@ -50,7 +50,7 @@ public class TokenManager {
Set<String> realmMapping = realm.getRoleMappingValues(user); Set<String> realmMapping = realm.getRoleMappingValues(user);
if (realmMapping != null && realmMapping.size() > 0 && (scopeMap == null || scopeMap.containsKey("realm"))) { if (realmMapping != null && realmMapping.size() > 0 && (scopeMap == null || scopeMap.containsKey("realm"))) {
Set<String> scope = realm.getScope(client); Set<String> scope = realm.getScopeMapping(client);
if (scope.size() > 0) { if (scope.size() > 0) {
Set<String> scopeRequest = null; Set<String> scopeRequest = null;
if (scopeMap != null) { if (scopeMap != null) {
@ -69,7 +69,7 @@ public class TokenManager {
for (ApplicationModel resource : realm.getApplications()) { for (ApplicationModel resource : realm.getApplications()) {
Set<String> mapping = resource.getRoleMappingValues(user); Set<String> mapping = resource.getRoleMappingValues(user);
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) { if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
Set<String> scope = resource.getScope(client); Set<String> scope = resource.getScopeMapping(client);
if (scope.size() > 0) { if (scope.size() > 0) {
Set<String> scopeRequest = null; Set<String> scopeRequest = null;
if (scopeMap != null) { if (scopeMap != null) {
@ -131,7 +131,7 @@ public class TokenManager {
} }
if (accessCodeEntry.getResourceRolesRequested().size() > 0) { if (accessCodeEntry.getResourceRolesRequested().size() > 0) {
Map<String, ApplicationModel> resourceMap = realm.getResourceNameMap(); Map<String, ApplicationModel> resourceMap = realm.getApplicationNameMap();
for (String resourceName : accessCodeEntry.getResourceRolesRequested().keySet()) { for (String resourceName : accessCodeEntry.getResourceRolesRequested().keySet()) {
ApplicationModel resource = resourceMap.get(resourceName); ApplicationModel resource = resourceMap.get(resourceName);
SkeletonKeyToken.Access access = token.addAccess(resourceName).verifyCaller(resource.isSurrogateAuthRequired()); SkeletonKeyToken.Access access = token.addAccess(resourceName).verifyCaller(resource.isSurrogateAuthRequired());

2
services/src/main/java/org/keycloak/services/resources/TokenService.java
View file

@ -451,7 +451,7 @@ public class TokenService {
return null; return null;
} }
RoleModel resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE); RoleModel resourceRole = realm.getRole(RealmManager.APPLICATION_ROLE);
RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE); RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
boolean isResource = realm.hasRole(client, resourceRole); boolean isResource = realm.hasRole(client, resourceRole);
if (!isResource && !realm.hasRole(client, identityRequestRole)) { if (!isResource && !realm.hasRole(client, identityRequestRole)) {

27
services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
View file

@ -4,9 +4,10 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger; import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.*; import org.keycloak.models.*;
import org.keycloak.representations.idm.ApplicationRepresentation; import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.managers.ApplicationManager;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceManager;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.Context; import javax.ws.rs.core.Context;
@ -38,17 +39,17 @@ public class ApplicationResource {
@PUT @PUT
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
public void update(final ApplicationRepresentation rep) { public void update(final ApplicationRepresentation rep) {
ResourceManager resourceManager = new ResourceManager(new RealmManager(session)); ApplicationManager applicationManager = new ApplicationManager(new RealmManager(session));
resourceManager.updateResource(rep, application); applicationManager.updateApplication(rep, application);
} }
@GET @GET
@NoCache @NoCache
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
public ApplicationRepresentation getResource(final @PathParam("id") String id) { public ApplicationRepresentation getApplication() {
ResourceManager resourceManager = new ResourceManager(new RealmManager(session)); ApplicationManager applicationManager = new ApplicationManager(new RealmManager(session));
return resourceManager.toRepresentation(application); return applicationManager.toRepresentation(application);
} }
@Path("roles") @Path("roles")
@ -104,4 +105,18 @@ public class ApplicationResource {
return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getId()).build()).build(); return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getId()).build()).build();
} }
@Path("credentials")
@PUT
@Consumes("application/json")
public void updateCredentials(List<CredentialRepresentation> credentials) {
logger.info("updateCredentials");
if (credentials == null) return;
for (CredentialRepresentation rep : credentials) {
UserCredentialModel cred = RealmManager.fromRepresentation(rep);
realm.updateCredential(application.getApplicationUser(), cred);
}
}
} }

8
services/src/main/java/org/keycloak/services/resources/admin/ApplicationsResource.java
View file

@ -3,8 +3,8 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger; import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.ApplicationRepresentation; import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.services.managers.ApplicationManager;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceManager;
import org.keycloak.models.ApplicationModel; import org.keycloak.models.ApplicationModel;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
@ -45,7 +45,7 @@ public class ApplicationsResource {
public List<ApplicationRepresentation> getResources() { public List<ApplicationRepresentation> getResources() {
List<ApplicationRepresentation> rep = new ArrayList<ApplicationRepresentation>(); List<ApplicationRepresentation> rep = new ArrayList<ApplicationRepresentation>();
List<ApplicationModel> applicationModels = realm.getApplications(); List<ApplicationModel> applicationModels = realm.getApplications();
ResourceManager resourceManager = new ResourceManager(new RealmManager(session)); ApplicationManager resourceManager = new ApplicationManager(new RealmManager(session));
for (ApplicationModel applicationModel : applicationModels) { for (ApplicationModel applicationModel : applicationModels) {
rep.add(resourceManager.toRepresentation(applicationModel)); rep.add(resourceManager.toRepresentation(applicationModel));
} }
@ -55,8 +55,8 @@ public class ApplicationsResource {
@POST @POST
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
public Response createResource(final @Context UriInfo uriInfo, final ApplicationRepresentation rep) { public Response createResource(final @Context UriInfo uriInfo, final ApplicationRepresentation rep) {
ResourceManager resourceManager = new ResourceManager(new RealmManager(session)); ApplicationManager resourceManager = new ApplicationManager(new RealmManager(session));
ApplicationModel applicationModel = resourceManager.createResource(realm, rep); ApplicationModel applicationModel = resourceManager.createApplication(realm, rep);
return Response.created(uriInfo.getAbsolutePathBuilder().path(applicationModel.getId()).build()).build(); return Response.created(uriInfo.getAbsolutePathBuilder().path(applicationModel.getId()).build()).build();
} }

18
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -322,4 +322,22 @@ public class UsersResource {
} }
} }
} }
@Path("{username}/credentials")
@PUT
@Consumes("application/json")
public void updateCredentials(@PathParam("username") String username, List<CredentialRepresentation> credentials) {
UserModel user = realm.getUser(username);
if (user == null) {
throw new NotFoundException();
}
if (credentials == null) return;
for (CredentialRepresentation rep : credentials) {
UserCredentialModel cred = RealmManager.fromRepresentation(rep);
realm.updateCredential(user, cred);
}
}
} }

2
services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
View file

@ -81,7 +81,7 @@ public class OAuthFlows {
} }
public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) { public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) {
RoleModel resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE); RoleModel resourceRole = realm.getRole(RealmManager.APPLICATION_ROLE);
RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE); RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
boolean isResource = realm.hasRole(client, resourceRole); boolean isResource = realm.hasRole(client, resourceRole);
if (!isResource && !realm.hasRole(client, identityRequestRole)) { if (!isResource && !realm.hasRole(client, identityRequestRole)) {

22
services/src/test/java/org/keycloak/test/AdapterTest.java
View file

@ -6,15 +6,10 @@ import org.junit.Before;
import org.junit.FixMethodOrder; import org.junit.FixMethodOrder;
import org.junit.Test; import org.junit.Test;
import org.junit.runners.MethodSorters; import org.junit.runners.MethodSorters;
import org.keycloak.models.*;
import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.OAuthClientManager;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel.RequiredAction; import org.keycloak.models.UserModel.RequiredAction;
import org.keycloak.services.resources.KeycloakApplication; import org.keycloak.services.resources.KeycloakApplication;
@ -135,6 +130,19 @@ public class AdapterTest {
Assert.assertTrue(realmModel.validatePassword(user, "geheim")); Assert.assertTrue(realmModel.validatePassword(user, "geheim"));
} }
@Test
public void testOAuthClient() throws Exception {
test1CreateRealm();
OAuthClientModel oauth = new OAuthClientManager(realmModel).createOAuthClient("oauth-client");
oauth.setBaseUrl("/foo/bar");
oauth = realmModel.getOAuthClient("oauth-client");
Assert.assertEquals("/foo/bar", oauth.getBaseUrl());
Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), RealmManager.IDENTITY_REQUESTER_ROLE));
}
@Test @Test
public void testUserSearch() throws Exception { public void testUserSearch() throws Exception {
test1CreateRealm(); test1CreateRealm();

6
services/src/test/java/org/keycloak/test/ImportTest.java
View file

@ -86,7 +86,7 @@ public class ImportTest {
UserModel user = realm.getUser("loginclient"); UserModel user = realm.getUser("loginclient");
Assert.assertNotNull(user); Assert.assertNotNull(user);
Set<String> scopes = realm.getScope(user); Set<String> scopes = realm.getScopeMapping(user);
System.out.println("Scopes size: " + scopes.size()); System.out.println("Scopes size: " + scopes.size());
Assert.assertTrue(scopes.contains("*")); Assert.assertTrue(scopes.contains("*"));
Assert.assertEquals(0, realm.getSocialLinks(user).size()); Assert.assertEquals(0, realm.getSocialLinks(user).size());
@ -97,11 +97,11 @@ public class ImportTest {
Assert.assertEquals(1, realms.size()); Assert.assertEquals(1, realms.size());
// Test scope relationship // Test scope relationship
ApplicationModel application = realm.getResourceNameMap().get("Application"); ApplicationModel application = realm.getApplicationNameMap().get("Application");
UserModel oauthClient = realm.getUser("oauthclient"); UserModel oauthClient = realm.getUser("oauthclient");
Assert.assertNotNull(application); Assert.assertNotNull(application);
Assert.assertNotNull(oauthClient); Assert.assertNotNull(oauthClient);
Set<String> appScopes = application.getScope(oauthClient); Set<String> appScopes = application.getScopeMapping(oauthClient);
Assert.assertTrue(appScopes.contains("user")); Assert.assertTrue(appScopes.contains("user"));
// Test social linking // Test social linking