Merge pull request #720 from patriot1burke/master
token service refactoring
This commit is contained in:
Bill Burke
commit
a6ae8d08ac
19 changed files with 66 additions and 247 deletions
|
|
@ -1,4 +1,4 @@
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.protocol.oidc;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
|
|
@ -7,7 +7,6 @@ import org.jboss.resteasy.spi.BadRequestException;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.HttpResponse;
|
import org.jboss.resteasy.spi.HttpResponse;
|
||||||
import org.jboss.resteasy.spi.NotAcceptableException;
|
import org.jboss.resteasy.spi.NotAcceptableException;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
|
||||||
import org.jboss.resteasy.spi.UnauthorizedException;
|
import org.jboss.resteasy.spi.UnauthorizedException;
|
||||||
import org.keycloak.ClientConnection;
|
import org.keycloak.ClientConnection;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
|
|
@ -27,8 +26,6 @@ import org.keycloak.models.OAuthClientModel;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.UserSessionModel;
|
import org.keycloak.models.UserSessionModel;
|
||||||
import org.keycloak.protocol.LoginProtocol;
|
|
||||||
import org.keycloak.protocol.oidc.OpenIDConnect;
|
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.representations.AccessTokenResponse;
|
import org.keycloak.representations.AccessTokenResponse;
|
||||||
import org.keycloak.representations.RefreshToken;
|
import org.keycloak.representations.RefreshToken;
|
||||||
|
|
@ -37,6 +34,8 @@ import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus;
|
import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus;
|
||||||
import org.keycloak.services.managers.ClientSessionCode;
|
import org.keycloak.services.managers.ClientSessionCode;
|
||||||
import org.keycloak.services.managers.TokenManager;
|
import org.keycloak.services.managers.TokenManager;
|
||||||
|
import org.keycloak.services.resources.Cors;
|
||||||
|
import org.keycloak.services.resources.RealmsResource;
|
||||||
import org.keycloak.services.resources.flows.Flows;
|
import org.keycloak.services.resources.flows.Flows;
|
||||||
import org.keycloak.services.resources.flows.Urls;
|
import org.keycloak.services.resources.flows.Urls;
|
||||||
import org.keycloak.util.Base64Url;
|
import org.keycloak.util.Base64Url;
|
||||||
|
|
@ -72,9 +71,9 @@ import java.util.Set;
|
||||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class TokenService {
|
public class OpenIDConnectService {
|
||||||
|
|
||||||
protected static final Logger logger = Logger.getLogger(TokenService.class);
|
protected static final Logger logger = Logger.getLogger(OpenIDConnectService.class);
|
||||||
|
|
||||||
protected RealmModel realm;
|
protected RealmModel realm;
|
||||||
protected TokenManager tokenManager;
|
protected TokenManager tokenManager;
|
||||||
|
|
@ -103,7 +102,7 @@ public class TokenService {
|
||||||
protected ResourceContext resourceContext;
|
protected ResourceContext resourceContext;
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public TokenService(RealmModel realm, TokenManager tokenManager, EventBuilder event, AuthenticationManager authManager) {
|
public OpenIDConnectService(RealmModel realm, TokenManager tokenManager, EventBuilder event, AuthenticationManager authManager) {
|
||||||
this.realm = realm;
|
this.realm = realm;
|
||||||
this.tokenManager = tokenManager;
|
this.tokenManager = tokenManager;
|
||||||
this.event = event;
|
this.event = event;
|
||||||
|
|
@ -127,12 +126,12 @@ public class TokenService {
|
||||||
|
|
||||||
public static UriBuilder accessCodeToTokenUrl(UriBuilder baseUriBuilder) {
|
public static UriBuilder accessCodeToTokenUrl(UriBuilder baseUriBuilder) {
|
||||||
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
||||||
return uriBuilder.path(TokenService.class, "accessCodeToToken");
|
return uriBuilder.path(OpenIDConnectService.class, "accessCodeToToken");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder validateAccessTokenUrl(UriBuilder baseUriBuilder) {
|
public static UriBuilder validateAccessTokenUrl(UriBuilder baseUriBuilder) {
|
||||||
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
||||||
return uriBuilder.path(TokenService.class, "validateAccessToken");
|
return uriBuilder.path(OpenIDConnectService.class, "validateAccessToken");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder grantAccessTokenUrl(UriInfo uriInfo) {
|
public static UriBuilder grantAccessTokenUrl(UriInfo uriInfo) {
|
||||||
|
|
@ -143,7 +142,7 @@ public class TokenService {
|
||||||
|
|
||||||
public static UriBuilder grantAccessTokenUrl(UriBuilder baseUriBuilder) {
|
public static UriBuilder grantAccessTokenUrl(UriBuilder baseUriBuilder) {
|
||||||
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
||||||
return uriBuilder.path(TokenService.class, "grantAccessToken");
|
return uriBuilder.path(OpenIDConnectService.class, "grantAccessToken");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder loginPageUrl(UriInfo uriInfo) {
|
public static UriBuilder loginPageUrl(UriInfo uriInfo) {
|
||||||
|
|
@ -153,7 +152,7 @@ public class TokenService {
|
||||||
|
|
||||||
public static UriBuilder loginPageUrl(UriBuilder baseUriBuilder) {
|
public static UriBuilder loginPageUrl(UriBuilder baseUriBuilder) {
|
||||||
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
||||||
return uriBuilder.path(TokenService.class, "loginPage");
|
return uriBuilder.path(OpenIDConnectService.class, "loginPage");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder logoutUrl(UriInfo uriInfo) {
|
public static UriBuilder logoutUrl(UriInfo uriInfo) {
|
||||||
|
|
@ -163,12 +162,12 @@ public class TokenService {
|
||||||
|
|
||||||
public static UriBuilder logoutUrl(UriBuilder baseUriBuilder) {
|
public static UriBuilder logoutUrl(UriBuilder baseUriBuilder) {
|
||||||
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
||||||
return uriBuilder.path(TokenService.class, "logout");
|
return uriBuilder.path(OpenIDConnectService.class, "logout");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder refreshUrl(UriBuilder baseUriBuilder) {
|
public static UriBuilder refreshUrl(UriBuilder baseUriBuilder) {
|
||||||
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
||||||
return uriBuilder.path(TokenService.class, "refreshAccessToken");
|
return uriBuilder.path(OpenIDConnectService.class, "refreshAccessToken");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1,171 +0,0 @@
|
||||||
package org.keycloak.services.managers;
|
|
||||||
|
|
||||||
import org.keycloak.OAuthErrorException;
|
|
||||||
import org.keycloak.jose.jws.Algorithm;
|
|
||||||
import org.keycloak.jose.jws.crypto.RSAProvider;
|
|
||||||
import org.keycloak.models.ClientModel;
|
|
||||||
import org.keycloak.models.ClientSessionModel;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.models.RoleModel;
|
|
||||||
import org.keycloak.models.UserModel;
|
|
||||||
import org.keycloak.models.UserModel.RequiredAction;
|
|
||||||
import org.keycloak.util.Base64Url;
|
|
||||||
import org.keycloak.util.Time;
|
|
||||||
|
|
||||||
import java.nio.ByteBuffer;
|
|
||||||
import java.security.MessageDigest;
|
|
||||||
import java.security.Signature;
|
|
||||||
import java.util.HashSet;
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
|
||||||
* @version $Revision: 1 $
|
|
||||||
*/
|
|
||||||
public class AccessCode {
|
|
||||||
|
|
||||||
private final RealmModel realm;
|
|
||||||
private final ClientSessionModel clientSession;
|
|
||||||
|
|
||||||
public AccessCode(RealmModel realm, ClientSessionModel clientSession) {
|
|
||||||
this.realm = realm;
|
|
||||||
this.clientSession = clientSession;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static AccessCode parse(String code, KeycloakSession session, RealmModel realm) {
|
|
||||||
try {
|
|
||||||
String[] parts = code.split("\\.");
|
|
||||||
String id = new String(Base64Url.decode(parts[1]));
|
|
||||||
|
|
||||||
ClientSessionModel clientSession = session.sessions().getClientSession(realm, id);
|
|
||||||
if (clientSession == null) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
String hash = createSignatureHash(realm, clientSession);
|
|
||||||
if (!hash.equals(parts[0])) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
return new AccessCode(realm, clientSession);
|
|
||||||
} catch (RuntimeException e) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getCodeId() {
|
|
||||||
return clientSession.getId();
|
|
||||||
}
|
|
||||||
|
|
||||||
public UserModel getUser() {
|
|
||||||
return clientSession.getUserSession().getUser();
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getSessionState() {
|
|
||||||
return clientSession.getUserSession().getId();
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean isValid(RequiredAction requiredAction) {
|
|
||||||
return isValid(convertToAction(requiredAction));
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean isValid(ClientSessionModel.Action requestedAction) {
|
|
||||||
ClientSessionModel.Action action = clientSession.getAction();
|
|
||||||
if (action == null) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
int timestamp = clientSession.getTimestamp();
|
|
||||||
|
|
||||||
if (!action.equals(requestedAction)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
int lifespan = action.equals(ClientSessionModel.Action.CODE_TO_TOKEN) ? realm.getAccessCodeLifespan() : realm.getAccessCodeLifespanUserAction();
|
|
||||||
return timestamp + lifespan > Time.currentTime();
|
|
||||||
}
|
|
||||||
|
|
||||||
public Set<RoleModel> getRequestedRoles() {
|
|
||||||
Set<RoleModel> requestedRoles = new HashSet<RoleModel>();
|
|
||||||
for (String roleId : clientSession.getRoles()) {
|
|
||||||
RoleModel role = realm.getRoleById(roleId);
|
|
||||||
if (role == null) {
|
|
||||||
new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid role " + roleId);
|
|
||||||
}
|
|
||||||
requestedRoles.add(realm.getRoleById(roleId));
|
|
||||||
}
|
|
||||||
return requestedRoles;
|
|
||||||
}
|
|
||||||
|
|
||||||
public ClientModel getClient() {
|
|
||||||
return clientSession.getClient();
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getState() {
|
|
||||||
throw new RuntimeException("REFACTORING, TODO REMOVE ACCESS CODE");
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getRedirectUri() {
|
|
||||||
return clientSession.getRedirectUri();
|
|
||||||
}
|
|
||||||
|
|
||||||
public ClientSessionModel.Action getAction() {
|
|
||||||
return clientSession.getAction();
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setAction(ClientSessionModel.Action action) {
|
|
||||||
clientSession.setAction(action);
|
|
||||||
clientSession.setTimestamp(Time.currentTime());
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setRequiredAction(RequiredAction requiredAction) {
|
|
||||||
setAction(convertToAction(requiredAction));
|
|
||||||
}
|
|
||||||
|
|
||||||
private ClientSessionModel.Action convertToAction(RequiredAction requiredAction) {
|
|
||||||
switch (requiredAction) {
|
|
||||||
case CONFIGURE_TOTP:
|
|
||||||
return ClientSessionModel.Action.CONFIGURE_TOTP;
|
|
||||||
case UPDATE_PASSWORD:
|
|
||||||
return ClientSessionModel.Action.UPDATE_PASSWORD;
|
|
||||||
case UPDATE_PROFILE:
|
|
||||||
return ClientSessionModel.Action.UPDATE_PROFILE;
|
|
||||||
case VERIFY_EMAIL:
|
|
||||||
return ClientSessionModel.Action.VERIFY_EMAIL;
|
|
||||||
default:
|
|
||||||
throw new IllegalArgumentException("Unknown required action " + requiredAction);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getCode() {
|
|
||||||
String hash = createSignatureHash(realm, clientSession);
|
|
||||||
|
|
||||||
StringBuilder sb = new StringBuilder();
|
|
||||||
sb.append(hash);
|
|
||||||
sb.append(".");
|
|
||||||
sb.append(Base64Url.encode(clientSession.getId().getBytes()));
|
|
||||||
|
|
||||||
return sb.toString();
|
|
||||||
}
|
|
||||||
|
|
||||||
private static String createSignatureHash(RealmModel realm, ClientSessionModel clientSession) {
|
|
||||||
try {
|
|
||||||
Signature signature = Signature.getInstance(RSAProvider.getJavaAlgorithm(Algorithm.RS256));
|
|
||||||
signature.initSign(realm.getPrivateKey());
|
|
||||||
signature.update(clientSession.getId().getBytes());
|
|
||||||
signature.update(ByteBuffer.allocate(4).putInt(clientSession.getTimestamp()));
|
|
||||||
if (clientSession.getAction() != null) {
|
|
||||||
signature.update(clientSession.getAction().toString().getBytes());
|
|
||||||
}
|
|
||||||
byte[] sign = signature.sign();
|
|
||||||
|
|
||||||
MessageDigest digest = MessageDigest.getInstance("sha-1");
|
|
||||||
digest.update(sign);
|
|
||||||
return Base64Url.encode(digest.digest());
|
|
||||||
} catch (Exception e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
@ -48,6 +48,7 @@ import org.keycloak.models.UserSessionModel;
|
||||||
import org.keycloak.models.utils.ModelToRepresentation;
|
import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
import org.keycloak.models.utils.TimeBasedOTP;
|
import org.keycloak.models.utils.TimeBasedOTP;
|
||||||
import org.keycloak.protocol.oidc.OpenIDConnect;
|
import org.keycloak.protocol.oidc.OpenIDConnect;
|
||||||
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
import org.keycloak.services.ForbiddenException;
|
import org.keycloak.services.ForbiddenException;
|
||||||
|
|
@ -794,7 +795,7 @@ public class AccountService {
|
||||||
ApplicationModel application = realm.getApplicationByName(referrer);
|
ApplicationModel application = realm.getApplicationByName(referrer);
|
||||||
if (application != null) {
|
if (application != null) {
|
||||||
if (referrerUri != null) {
|
if (referrerUri != null) {
|
||||||
referrerUri = TokenService.verifyRedirectUri(uriInfo, referrerUri, realm, application);
|
referrerUri = OpenIDConnectService.verifyRedirectUri(uriInfo, referrerUri, realm, application);
|
||||||
} else {
|
} else {
|
||||||
referrerUri = ResolveRelative.resolveRelativeUri(uriInfo.getRequestUri(), application.getBaseUrl());
|
referrerUri = ResolveRelative.resolveRelativeUri(uriInfo.getRequestUri(), application.getBaseUrl());
|
||||||
}
|
}
|
||||||
|
|
@ -805,7 +806,7 @@ public class AccountService {
|
||||||
} else if (referrerUri != null) {
|
} else if (referrerUri != null) {
|
||||||
ClientModel client = realm.getOAuthClient(referrer);
|
ClientModel client = realm.getOAuthClient(referrer);
|
||||||
if (client != null) {
|
if (client != null) {
|
||||||
referrerUri = TokenService.verifyRedirectUri(uriInfo, referrerUri, realm, application);
|
referrerUri = OpenIDConnectService.verifyRedirectUri(uriInfo, referrerUri, realm, application);
|
||||||
|
|
||||||
if (referrerUri != null) {
|
if (referrerUri != null) {
|
||||||
return new String[]{referrer, referrerUri};
|
return new String[]{referrer, referrerUri};
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,7 @@ public class KeycloakApplication extends Application {
|
||||||
|
|
||||||
singletons.add(new ServerVersionResource());
|
singletons.add(new ServerVersionResource());
|
||||||
singletons.add(new RealmsResource(tokenManager));
|
singletons.add(new RealmsResource(tokenManager));
|
||||||
singletons.add(new SocialResource(tokenManager));
|
singletons.add(new SocialResource());
|
||||||
singletons.add(new AdminRoot(tokenManager));
|
singletons.add(new AdminRoot(tokenManager));
|
||||||
classes.add(SkeletonKeyContextResolver.class);
|
classes.add(SkeletonKeyContextResolver.class);
|
||||||
classes.add(QRCodeResource.class);
|
classes.add(QRCodeResource.class);
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,6 @@ package org.keycloak.services.resources;
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.keycloak.ClientConnection;
|
import org.keycloak.ClientConnection;
|
||||||
import org.keycloak.OAuth2Constants;
|
|
||||||
import org.keycloak.events.EventBuilder;
|
import org.keycloak.events.EventBuilder;
|
||||||
import org.keycloak.events.Details;
|
import org.keycloak.events.Details;
|
||||||
import org.keycloak.events.Errors;
|
import org.keycloak.events.Errors;
|
||||||
|
|
@ -45,6 +44,7 @@ import org.keycloak.models.UserSessionModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import org.keycloak.models.utils.TimeBasedOTP;
|
import org.keycloak.models.utils.TimeBasedOTP;
|
||||||
import org.keycloak.protocol.LoginProtocol;
|
import org.keycloak.protocol.LoginProtocol;
|
||||||
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.representations.PasswordToken;
|
import org.keycloak.representations.PasswordToken;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
|
|
@ -120,7 +120,7 @@ public class LoginActionsService {
|
||||||
|
|
||||||
public static UriBuilder processLoginUrl(UriBuilder baseUriBuilder) {
|
public static UriBuilder processLoginUrl(UriBuilder baseUriBuilder) {
|
||||||
UriBuilder uriBuilder = loginActionsBaseUrl(baseUriBuilder);
|
UriBuilder uriBuilder = loginActionsBaseUrl(baseUriBuilder);
|
||||||
return uriBuilder.path(TokenService.class, "processLogin");
|
return uriBuilder.path(OpenIDConnectService.class, "processLogin");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder processOAuthUrl(UriInfo uriInfo) {
|
public static UriBuilder processOAuthUrl(UriInfo uriInfo) {
|
||||||
|
|
@ -130,7 +130,7 @@ public class LoginActionsService {
|
||||||
|
|
||||||
public static UriBuilder processOAuthUrl(UriBuilder baseUriBuilder) {
|
public static UriBuilder processOAuthUrl(UriBuilder baseUriBuilder) {
|
||||||
UriBuilder uriBuilder = loginActionsBaseUrl(baseUriBuilder);
|
UriBuilder uriBuilder = loginActionsBaseUrl(baseUriBuilder);
|
||||||
return uriBuilder.path(TokenService.class, "processOAuth");
|
return uriBuilder.path(OpenIDConnectService.class, "processOAuth");
|
||||||
}
|
}
|
||||||
|
|
||||||
public LoginActionsService(RealmModel realm, AuthenticationManager authManager, EventBuilder event) {
|
public LoginActionsService(RealmModel realm, AuthenticationManager authManager, EventBuilder event) {
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@ import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.jboss.resteasy.spi.HttpResponse;
|
import org.jboss.resteasy.spi.HttpResponse;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.representations.idm.PublishedRealmRepresentation;
|
import org.keycloak.representations.idm.PublishedRealmRepresentation;
|
||||||
import org.keycloak.services.resources.admin.AdminRoot;
|
import org.keycloak.services.resources.admin.AdminRoot;
|
||||||
|
|
||||||
|
|
@ -67,7 +68,7 @@ public class PublicRealmResource {
|
||||||
public static PublishedRealmRepresentation realmRep(RealmModel realm, UriInfo uriInfo) {
|
public static PublishedRealmRepresentation realmRep(RealmModel realm, UriInfo uriInfo) {
|
||||||
PublishedRealmRepresentation rep = new PublishedRealmRepresentation();
|
PublishedRealmRepresentation rep = new PublishedRealmRepresentation();
|
||||||
rep.setRealm(realm.getName());
|
rep.setRealm(realm.getName());
|
||||||
rep.setTokenServiceUrl(TokenService.tokenServiceBaseUrl(uriInfo).build(realm.getName()).toString());
|
rep.setTokenServiceUrl(OpenIDConnectService.tokenServiceBaseUrl(uriInfo).build(realm.getName()).toString());
|
||||||
rep.setAccountServiceUrl(AccountService.accountServiceBaseUrl(uriInfo).build(realm.getName()).toString());
|
rep.setAccountServiceUrl(AccountService.accountServiceBaseUrl(uriInfo).build(realm.getName()).toString());
|
||||||
rep.setAdminApiUrl(uriInfo.getBaseUriBuilder().path(AdminRoot.class).build().toString());
|
rep.setAdminApiUrl(uriInfo.getBaseUriBuilder().path(AdminRoot.class).build().toString());
|
||||||
rep.setPublicKeyPem(realm.getPublicKeyPem());
|
rep.setPublicKeyPem(realm.getPublicKeyPem());
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
|
||||||
import org.jboss.resteasy.spi.BadRequestException;
|
import org.jboss.resteasy.spi.BadRequestException;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
|
|
@ -13,6 +12,7 @@ import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.Constants;
|
import org.keycloak.models.Constants;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.services.managers.EventsManager;
|
import org.keycloak.services.managers.EventsManager;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.BruteForceProtector;
|
import org.keycloak.services.managers.BruteForceProtector;
|
||||||
|
|
@ -94,8 +94,6 @@ public class RealmsResource {
|
||||||
public Response getLoginStatusIframe(final @PathParam("realm") String name,
|
public Response getLoginStatusIframe(final @PathParam("realm") String name,
|
||||||
@QueryParam("client_id") String client_id,
|
@QueryParam("client_id") String client_id,
|
||||||
@QueryParam("origin") String origin) {
|
@QueryParam("origin") String origin) {
|
||||||
AuthenticationManager auth = new AuthenticationManager();
|
|
||||||
|
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel realm = locateRealm(name, realmManager);
|
RealmModel realm = locateRealm(name, realmManager);
|
||||||
ClientModel client = realm.findClient(client_id);
|
ClientModel client = realm.findClient(client_id);
|
||||||
|
|
@ -114,7 +112,7 @@ public class RealmsResource {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for (String r : TokenService.resolveValidRedirects(uriInfo, client.getRedirectUris())) {
|
for (String r : OpenIDConnectService.resolveValidRedirects(uriInfo, client.getRedirectUris())) {
|
||||||
int i = r.indexOf('/', 8);
|
int i = r.indexOf('/', 8);
|
||||||
if (i != -1) {
|
if (i != -1) {
|
||||||
r = r.substring(0, i);
|
r = r.substring(0, i);
|
||||||
|
|
@ -145,12 +143,12 @@ public class RealmsResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("{realm}/tokens")
|
@Path("{realm}/tokens")
|
||||||
public TokenService getTokenService(final @PathParam("realm") String name) {
|
public OpenIDConnectService getTokenService(final @PathParam("realm") String name) {
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
RealmModel realm = locateRealm(name, realmManager);
|
RealmModel realm = locateRealm(name, realmManager);
|
||||||
EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder();
|
EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder();
|
||||||
AuthenticationManager authManager = new AuthenticationManager(protector);
|
AuthenticationManager authManager = new AuthenticationManager(protector);
|
||||||
TokenService tokenService = new TokenService(realm, tokenManager, event, authManager);
|
OpenIDConnectService tokenService = new OpenIDConnectService(realm, tokenManager, event, authManager);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(tokenService);
|
ResteasyProviderFactory.getInstance().injectProperties(tokenService);
|
||||||
//resourceContext.initResource(tokenService);
|
//resourceContext.initResource(tokenService);
|
||||||
return tokenService;
|
return tokenService;
|
||||||
|
|
|
||||||
|
|
@ -95,12 +95,6 @@ public class SocialResource {
|
||||||
@Context
|
@Context
|
||||||
protected ClientConnection clientConnection;
|
protected ClientConnection clientConnection;
|
||||||
|
|
||||||
private TokenManager tokenManager;
|
|
||||||
|
|
||||||
public SocialResource(TokenManager tokenManager) {
|
|
||||||
this.tokenManager = tokenManager;
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@Path("callback")
|
@Path("callback")
|
||||||
public Response callback(@QueryParam("state") String encodedState) throws URISyntaxException, IOException {
|
public Response callback(@QueryParam("state") String encodedState) throws URISyntaxException, IOException {
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@ import org.keycloak.services.managers.ApplicationManager;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.resources.KeycloakApplication;
|
import org.keycloak.services.resources.KeycloakApplication;
|
||||||
import org.keycloak.services.resources.TokenService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
|
|
||||||
import javax.activation.FileTypeMap;
|
import javax.activation.FileTypeMap;
|
||||||
import javax.activation.MimetypesFileTypeMap;
|
import javax.activation.MimetypesFileTypeMap;
|
||||||
|
|
@ -256,7 +256,7 @@ public class AdminConsole {
|
||||||
URI redirect = AdminRoot.adminConsoleUrl(uriInfo).path("index.html").build(realm.getName());
|
URI redirect = AdminRoot.adminConsoleUrl(uriInfo).path("index.html").build(realm.getName());
|
||||||
|
|
||||||
return Response.status(302).location(
|
return Response.status(302).location(
|
||||||
TokenService.logoutUrl(uriInfo).queryParam("redirect_uri", redirect.toString()).build(realm.getName())
|
OpenIDConnectService.logoutUrl(uriInfo).queryParam("redirect_uri", redirect.toString()).build(realm.getName())
|
||||||
).build();
|
).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -23,10 +23,10 @@ package org.keycloak.services.resources.flows;
|
||||||
|
|
||||||
import org.keycloak.services.resources.AccountService;
|
import org.keycloak.services.resources.AccountService;
|
||||||
import org.keycloak.services.resources.LoginActionsService;
|
import org.keycloak.services.resources.LoginActionsService;
|
||||||
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.services.resources.RealmsResource;
|
import org.keycloak.services.resources.RealmsResource;
|
||||||
import org.keycloak.services.resources.SocialResource;
|
import org.keycloak.services.resources.SocialResource;
|
||||||
import org.keycloak.services.resources.ThemeResource;
|
import org.keycloak.services.resources.ThemeResource;
|
||||||
import org.keycloak.services.resources.TokenService;
|
|
||||||
|
|
||||||
import javax.ws.rs.core.UriBuilder;
|
import javax.ws.rs.core.UriBuilder;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
|
|
@ -137,11 +137,11 @@ public class Urls {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static URI realmLoginPage(URI baseUri, String realmId) {
|
public static URI realmLoginPage(URI baseUri, String realmId) {
|
||||||
return tokenBase(baseUri).path(TokenService.class, "loginPage").build(realmId);
|
return tokenBase(baseUri).path(OpenIDConnectService.class, "loginPage").build(realmId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder realmLogout(URI baseUri) {
|
public static UriBuilder realmLogout(URI baseUri) {
|
||||||
return tokenBase(baseUri).path(TokenService.class, "logout");
|
return tokenBase(baseUri).path(OpenIDConnectService.class, "logout");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static URI realmRegisterAction(URI baseUri, String realmId) {
|
public static URI realmRegisterAction(URI baseUri, String realmId) {
|
||||||
|
|
@ -149,11 +149,11 @@ public class Urls {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static URI realmRegisterPage(URI baseUri, String realmId) {
|
public static URI realmRegisterPage(URI baseUri, String realmId) {
|
||||||
return tokenBase(baseUri).path(TokenService.class, "registerPage").build(realmId);
|
return tokenBase(baseUri).path(OpenIDConnectService.class, "registerPage").build(realmId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static URI realmInstalledAppUrnCallback(URI baseUri, String realmId) {
|
public static URI realmInstalledAppUrnCallback(URI baseUri, String realmId) {
|
||||||
return tokenBase(baseUri).path(TokenService.class, "installedAppUrnCallback").build(realmId);
|
return tokenBase(baseUri).path(OpenIDConnectService.class, "installedAppUrnCallback").build(realmId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static URI realmOauthAction(URI baseUri, String realmId) {
|
public static URI realmOauthAction(URI baseUri, String realmId) {
|
||||||
|
|
@ -161,7 +161,7 @@ public class Urls {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static URI realmCode(URI baseUri, String realmId) {
|
public static URI realmCode(URI baseUri, String realmId) {
|
||||||
return tokenBase(baseUri).path(TokenService.class, "accessCodeToToken").build(realmId);
|
return tokenBase(baseUri).path(OpenIDConnectService.class, "accessCodeToToken").build(realmId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder socialBase(URI baseUri) {
|
public static UriBuilder socialBase(URI baseUri) {
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,7 @@ import org.keycloak.jose.jws.JWSInput;
|
||||||
import org.keycloak.jose.jws.crypto.RSAProvider;
|
import org.keycloak.jose.jws.crypto.RSAProvider;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.representations.RefreshToken;
|
import org.keycloak.representations.RefreshToken;
|
||||||
import org.keycloak.services.resources.TokenService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.util.BasicAuthHelper;
|
import org.keycloak.util.BasicAuthHelper;
|
||||||
import org.keycloak.util.PemUtils;
|
import org.keycloak.util.PemUtils;
|
||||||
import org.openqa.selenium.By;
|
import org.openqa.selenium.By;
|
||||||
|
|
@ -278,7 +278,7 @@ public class OAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void openLogout() {
|
public void openLogout() {
|
||||||
UriBuilder b = TokenService.logoutUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(baseUrl));
|
||||||
if (redirectUri != null) {
|
if (redirectUri != null) {
|
||||||
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
|
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
|
||||||
}
|
}
|
||||||
|
|
@ -290,7 +290,7 @@ public class OAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getLoginFormUrl() {
|
public String getLoginFormUrl() {
|
||||||
UriBuilder b = TokenService.loginPageUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri(baseUrl));
|
||||||
if (responseType != null) {
|
if (responseType != null) {
|
||||||
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
|
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
|
||||||
}
|
}
|
||||||
|
|
@ -307,12 +307,12 @@ public class OAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getAccessTokenUrl() {
|
public String getAccessTokenUrl() {
|
||||||
UriBuilder b = TokenService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OpenIDConnectService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl));
|
||||||
return b.build(realm).toString();
|
return b.build(realm).toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getLogoutUrl(String redirectUri, String sessionState) {
|
public String getLogoutUrl(String redirectUri, String sessionState) {
|
||||||
UriBuilder b = TokenService.logoutUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(baseUrl));
|
||||||
if (redirectUri != null) {
|
if (redirectUri != null) {
|
||||||
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
|
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
|
||||||
}
|
}
|
||||||
|
|
@ -323,12 +323,12 @@ public class OAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getResourceOwnerPasswordCredentialGrantUrl() {
|
public String getResourceOwnerPasswordCredentialGrantUrl() {
|
||||||
UriBuilder b = TokenService.grantAccessTokenUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OpenIDConnectService.grantAccessTokenUrl(UriBuilder.fromUri(baseUrl));
|
||||||
return b.build(realm).toString();
|
return b.build(realm).toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getRefreshTokenUrl() {
|
public String getRefreshTokenUrl() {
|
||||||
UriBuilder b = TokenService.refreshUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OpenIDConnectService.refreshUrl(UriBuilder.fromUri(baseUrl));
|
||||||
return b.build(realm).toString();
|
return b.build(realm).toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -40,7 +40,7 @@ import org.keycloak.representations.adapters.action.SessionStats;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.managers.TokenManager;
|
import org.keycloak.services.managers.TokenManager;
|
||||||
import org.keycloak.services.resources.TokenService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.services.resources.admin.AdminRoot;
|
import org.keycloak.services.resources.admin.AdminRoot;
|
||||||
import org.keycloak.testsuite.OAuthClient;
|
import org.keycloak.testsuite.OAuthClient;
|
||||||
import org.keycloak.testsuite.pages.LoginPage;
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
|
|
@ -72,7 +72,7 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public class AdapterTest {
|
public class AdapterTest {
|
||||||
|
|
||||||
public static final String LOGIN_URL = TokenService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
||||||
public static PublicKey realmPublicKey;
|
public static PublicKey realmPublicKey;
|
||||||
@ClassRule
|
@ClassRule
|
||||||
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
||||||
|
|
@ -168,7 +168,7 @@ public class AdapterTest {
|
||||||
|
|
||||||
// test logout
|
// test logout
|
||||||
|
|
||||||
String logoutUri = TokenService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/customer-portal").build("demo").toString();
|
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/customer-portal").build("demo").toString();
|
||||||
driver.navigate().to(logoutUri);
|
driver.navigate().to(logoutUri);
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
|
@ -355,7 +355,7 @@ public class AdapterTest {
|
||||||
public void testBadUser() throws Exception {
|
public void testBadUser() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
Client client = ClientBuilder.newClient();
|
||||||
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI uri = TokenService.grantAccessTokenUrl(builder).build("demo");
|
URI uri = OpenIDConnectService.grantAccessTokenUrl(builder).build("demo");
|
||||||
WebTarget target = client.target(uri);
|
WebTarget target = client.target(uri);
|
||||||
String header = BasicAuthHelper.createHeader("customer-portal", "password");
|
String header = BasicAuthHelper.createHeader("customer-portal", "password");
|
||||||
Form form = new Form();
|
Form form = new Form();
|
||||||
|
|
@ -408,7 +408,7 @@ public class AdapterTest {
|
||||||
|
|
||||||
// test logout
|
// test logout
|
||||||
|
|
||||||
String logoutUri = TokenService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/secure-portal").build("demo").toString();
|
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/secure-portal").build("demo").toString();
|
||||||
driver.navigate().to(logoutUri);
|
driver.navigate().to(logoutUri);
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,7 @@ import org.keycloak.representations.adapters.action.SessionStats;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.managers.TokenManager;
|
import org.keycloak.services.managers.TokenManager;
|
||||||
import org.keycloak.services.resources.TokenService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.services.resources.admin.AdminRoot;
|
import org.keycloak.services.resources.admin.AdminRoot;
|
||||||
import org.keycloak.testsuite.OAuthClient;
|
import org.keycloak.testsuite.OAuthClient;
|
||||||
import org.keycloak.testsuite.pages.LoginPage;
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
|
|
@ -67,7 +67,7 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public class RelativeUriAdapterTest {
|
public class RelativeUriAdapterTest {
|
||||||
|
|
||||||
public static final String LOGIN_URL = TokenService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
||||||
public static PublicKey realmPublicKey;
|
public static PublicKey realmPublicKey;
|
||||||
@ClassRule
|
@ClassRule
|
||||||
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){
|
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){
|
||||||
|
|
@ -148,7 +148,7 @@ public class RelativeUriAdapterTest {
|
||||||
|
|
||||||
// test logout
|
// test logout
|
||||||
|
|
||||||
String logoutUri = TokenService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "/customer-portal").build("demo").toString();
|
.queryParam(OAuth2Constants.REDIRECT_URI, "/customer-portal").build("demo").toString();
|
||||||
driver.navigate().to(logoutUri);
|
driver.navigate().to(logoutUri);
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.resources.TokenService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.testsuite.AssertEvents;
|
import org.keycloak.testsuite.AssertEvents;
|
||||||
import org.keycloak.testsuite.OAuthClient;
|
import org.keycloak.testsuite.OAuthClient;
|
||||||
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
|
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
|
||||||
|
|
@ -266,10 +266,10 @@ public class AccessTokenTest {
|
||||||
public void testValidateAccessToken() throws Exception {
|
public void testValidateAccessToken() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
Client client = ClientBuilder.newClient();
|
||||||
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI grantUri = TokenService.grantAccessTokenUrl(builder).build("test");
|
URI grantUri = OpenIDConnectService.grantAccessTokenUrl(builder).build("test");
|
||||||
WebTarget grantTarget = client.target(grantUri);
|
WebTarget grantTarget = client.target(grantUri);
|
||||||
builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI validateUri = TokenService.validateAccessTokenUrl(builder).build("test");
|
URI validateUri = OpenIDConnectService.validateAccessTokenUrl(builder).build("test");
|
||||||
WebTarget validateTarget = client.target(validateUri);
|
WebTarget validateTarget = client.target(validateUri);
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
@ -297,7 +297,7 @@ public class AccessTokenTest {
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI logoutUri = TokenService.logoutUrl(builder).build("test");
|
URI logoutUri = OpenIDConnectService.logoutUrl(builder).build("test");
|
||||||
String header = BasicAuthHelper.createHeader("test-app", "password");
|
String header = BasicAuthHelper.createHeader("test-app", "password");
|
||||||
Form form = new Form();
|
Form form = new Form();
|
||||||
form.param("refresh_token", tokenResponse.getRefreshToken());
|
form.param("refresh_token", tokenResponse.getRefreshToken());
|
||||||
|
|
@ -323,7 +323,7 @@ public class AccessTokenTest {
|
||||||
public void testGrantAccessToken() throws Exception {
|
public void testGrantAccessToken() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
Client client = ClientBuilder.newClient();
|
||||||
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI grantUri = TokenService.grantAccessTokenUrl(builder).build("test");
|
URI grantUri = OpenIDConnectService.grantAccessTokenUrl(builder).build("test");
|
||||||
WebTarget grantTarget = client.target(grantUri);
|
WebTarget grantTarget = client.target(grantUri);
|
||||||
|
|
||||||
{ // test checkSsl
|
{ // test checkSsl
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,6 @@
|
||||||
package org.keycloak.testsuite.oauth;
|
package org.keycloak.testsuite.oauth;
|
||||||
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Before;
|
|
||||||
import org.junit.ClassRule;
|
import org.junit.ClassRule;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
@ -32,7 +31,6 @@ import org.keycloak.events.Errors;
|
||||||
import org.keycloak.events.EventType;
|
import org.keycloak.events.EventType;
|
||||||
import org.keycloak.models.Constants;
|
import org.keycloak.models.Constants;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.services.managers.AccessCode;
|
|
||||||
import org.keycloak.services.managers.ClientSessionCode;
|
import org.keycloak.services.managers.ClientSessionCode;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.testsuite.AssertEvents;
|
import org.keycloak.testsuite.AssertEvents;
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserSessionModel;
|
import org.keycloak.models.UserSessionModel;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.representations.RefreshToken;
|
import org.keycloak.representations.RefreshToken;
|
||||||
import org.keycloak.services.resources.TokenService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.testsuite.AssertEvents;
|
import org.keycloak.testsuite.AssertEvents;
|
||||||
import org.keycloak.testsuite.OAuthClient;
|
import org.keycloak.testsuite.OAuthClient;
|
||||||
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
|
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
|
||||||
|
|
@ -93,7 +93,7 @@ public class RefreshTokenTest {
|
||||||
public void nullRefreshToken() throws Exception {
|
public void nullRefreshToken() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
Client client = ClientBuilder.newClient();
|
||||||
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI uri = TokenService.refreshUrl(builder).build("test");
|
URI uri = OpenIDConnectService.refreshUrl(builder).build("test");
|
||||||
WebTarget target = client.target(uri);
|
WebTarget target = client.target(uri);
|
||||||
|
|
||||||
org.keycloak.representations.AccessTokenResponse tokenResponse = null;
|
org.keycloak.representations.AccessTokenResponse tokenResponse = null;
|
||||||
|
|
@ -337,10 +337,10 @@ public class RefreshTokenTest {
|
||||||
public void testCheckSsl() throws Exception {
|
public void testCheckSsl() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
Client client = ClientBuilder.newClient();
|
||||||
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI grantUri = TokenService.grantAccessTokenUrl(builder).build("test");
|
URI grantUri = OpenIDConnectService.grantAccessTokenUrl(builder).build("test");
|
||||||
WebTarget grantTarget = client.target(grantUri);
|
WebTarget grantTarget = client.target(grantUri);
|
||||||
builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI uri = TokenService.refreshUrl(builder).build("test");
|
URI uri = OpenIDConnectService.refreshUrl(builder).build("test");
|
||||||
WebTarget refreshTarget = client.target(uri);
|
WebTarget refreshTarget = client.target(uri);
|
||||||
|
|
||||||
String refreshToken = null;
|
String refreshToken = null;
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,7 @@ import org.junit.Test;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.adapters.HttpClientBuilder;
|
import org.keycloak.adapters.HttpClientBuilder;
|
||||||
import org.keycloak.services.resources.LoginActionsService;
|
import org.keycloak.services.resources.LoginActionsService;
|
||||||
import org.keycloak.services.resources.TokenService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.testsuite.Constants;
|
import org.keycloak.testsuite.Constants;
|
||||||
import org.keycloak.testsuite.OAuthClient;
|
import org.keycloak.testsuite.OAuthClient;
|
||||||
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
|
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
|
||||||
|
|
@ -136,7 +136,7 @@ public class AccessTokenPerfTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getLoginFormUrl(String state) {
|
public String getLoginFormUrl(String state) {
|
||||||
UriBuilder b = TokenService.loginPageUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri(baseUrl));
|
||||||
if (responseType != null) {
|
if (responseType != null) {
|
||||||
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
|
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
|
||||||
}
|
}
|
||||||
|
|
@ -204,7 +204,7 @@ public class AccessTokenPerfTest {
|
||||||
|
|
||||||
String authorization = BasicAuthHelper.createHeader(clientId, "password");
|
String authorization = BasicAuthHelper.createHeader(clientId, "password");
|
||||||
|
|
||||||
String res = client.target(TokenService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl)).build(realm)).request()
|
String res = client.target(OpenIDConnectService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl)).build(realm)).request()
|
||||||
.header(HttpHeaders.AUTHORIZATION, authorization)
|
.header(HttpHeaders.AUTHORIZATION, authorization)
|
||||||
.post(Entity.form(form), String.class);
|
.post(Entity.form(form), String.class);
|
||||||
count.incrementAndGet();
|
count.incrementAndGet();
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,6 @@ import org.keycloak.Config;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserSessionModel;
|
import org.keycloak.models.UserSessionModel;
|
||||||
import org.keycloak.services.managers.AccessCode;
|
|
||||||
import org.keycloak.services.managers.ClientSessionCode;
|
import org.keycloak.services.managers.ClientSessionCode;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.testsuite.ApplicationServlet;
|
import org.keycloak.testsuite.ApplicationServlet;
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ import org.keycloak.jose.jws.JWSInput;
|
||||||
import org.keycloak.jose.jws.crypto.RSAProvider;
|
import org.keycloak.jose.jws.crypto.RSAProvider;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.representations.RefreshToken;
|
import org.keycloak.representations.RefreshToken;
|
||||||
import org.keycloak.services.resources.TokenService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.util.BasicAuthHelper;
|
import org.keycloak.util.BasicAuthHelper;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
@ -199,7 +199,7 @@ public class OAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getLoginFormUrl() {
|
public String getLoginFormUrl() {
|
||||||
UriBuilder b = TokenService.loginPageUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri(baseUrl));
|
||||||
if (responseType != null) {
|
if (responseType != null) {
|
||||||
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
|
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
|
||||||
}
|
}
|
||||||
|
|
@ -216,12 +216,12 @@ public class OAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getAccessTokenUrl() {
|
public String getAccessTokenUrl() {
|
||||||
UriBuilder b = TokenService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OpenIDConnectService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl));
|
||||||
return b.build(realm).toString();
|
return b.build(realm).toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getLogoutUrl(String redirectUri, String sessionState) {
|
public String getLogoutUrl(String redirectUri, String sessionState) {
|
||||||
UriBuilder b = TokenService.logoutUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(baseUrl));
|
||||||
if (redirectUri != null) {
|
if (redirectUri != null) {
|
||||||
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
|
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
|
||||||
}
|
}
|
||||||
|
|
@ -232,12 +232,12 @@ public class OAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getResourceOwnerPasswordCredentialGrantUrl() {
|
public String getResourceOwnerPasswordCredentialGrantUrl() {
|
||||||
UriBuilder b = TokenService.grantAccessTokenUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OpenIDConnectService.grantAccessTokenUrl(UriBuilder.fromUri(baseUrl));
|
||||||
return b.build(realm).toString();
|
return b.build(realm).toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getRefreshTokenUrl() {
|
public String getRefreshTokenUrl() {
|
||||||
UriBuilder b = TokenService.refreshUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OpenIDConnectService.refreshUrl(UriBuilder.fromUri(baseUrl));
|
||||||
return b.build(realm).toString();
|
return b.build(realm).toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue