refactor
This commit is contained in:
Bill Burke
parent
993fc5c301
commit
a81d03213d
36 changed files with 375 additions and 341 deletions
|
|
@ -1,15 +1,13 @@
|
|||
package org.keycloak.representations.idm;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class ResourceRepresentation {
|
||||
public class ApplicationRepresentation {
|
||||
protected String self; // link
|
||||
protected String id;
|
||||
protected String name;
|
||||
|
|
@ -70,14 +68,14 @@ public class ResourceRepresentation {
|
|||
this.roles = roles;
|
||||
}
|
||||
|
||||
public ResourceRepresentation role(RoleRepresentation role) {
|
||||
public ApplicationRepresentation role(RoleRepresentation role) {
|
||||
if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
|
||||
this.roles.add(role);
|
||||
return this;
|
||||
}
|
||||
|
||||
|
||||
public ResourceRepresentation role(String role, String description) {
|
||||
public ApplicationRepresentation role(String role, String description) {
|
||||
if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
|
||||
this.roles.add(new RoleRepresentation(role, description));
|
||||
return this;
|
||||
|
|
@ -123,7 +121,7 @@ public class ResourceRepresentation {
|
|||
this.credentials = credentials;
|
||||
}
|
||||
|
||||
public ResourceRepresentation credential(String type, String value) {
|
||||
public ApplicationRepresentation credential(String type, String value) {
|
||||
if (this.credentials == null) credentials = new ArrayList<CredentialRepresentation>();
|
||||
CredentialRepresentation cred = new CredentialRepresentation();
|
||||
cred.setType(type);
|
||||
|
|
@ -17,16 +17,17 @@ public class RealmRepresentation {
|
|||
protected boolean enabled;
|
||||
protected boolean sslNotRequired;
|
||||
protected boolean cookieLoginAllowed;
|
||||
protected boolean registrationAllowed;
|
||||
protected String privateKey;
|
||||
protected String publicKey;
|
||||
protected List<RoleRepresentation> roles;
|
||||
protected List<String> requiredCredentials;
|
||||
protected List<String> requiredResourceCredentials;
|
||||
protected List<String> requiredOAuthClientCredentials;
|
||||
protected Set<String> requiredCredentials;
|
||||
protected Set<String> requiredApplicationCredentials;
|
||||
protected Set<String> requiredOAuthClientCredentials;
|
||||
protected List<UserRepresentation> users;
|
||||
protected List<RoleMappingRepresentation> roleMappings;
|
||||
protected List<ScopeMappingRepresentation> scopeMappings;
|
||||
protected List<ResourceRepresentation> resources;
|
||||
protected List<ApplicationRepresentation> applications;
|
||||
|
||||
|
||||
public String getSelf() {
|
||||
|
|
@ -57,14 +58,14 @@ public class RealmRepresentation {
|
|||
return users;
|
||||
}
|
||||
|
||||
public List<ResourceRepresentation> getResources() {
|
||||
return resources;
|
||||
public List<ApplicationRepresentation> getApplications() {
|
||||
return applications;
|
||||
}
|
||||
|
||||
public ResourceRepresentation resource(String name) {
|
||||
ResourceRepresentation resource = new ResourceRepresentation();
|
||||
if (resources == null) resources = new ArrayList<ResourceRepresentation>();
|
||||
resources.add(resource);
|
||||
public ApplicationRepresentation resource(String name) {
|
||||
ApplicationRepresentation resource = new ApplicationRepresentation();
|
||||
if (applications == null) applications = new ArrayList<ApplicationRepresentation>();
|
||||
applications.add(resource);
|
||||
resource.setName(name);
|
||||
return resource;
|
||||
}
|
||||
|
|
@ -81,8 +82,8 @@ public class RealmRepresentation {
|
|||
return user;
|
||||
}
|
||||
|
||||
public void setResources(List<ResourceRepresentation> resources) {
|
||||
this.resources = resources;
|
||||
public void setApplications(List<ApplicationRepresentation> applications) {
|
||||
this.applications = applications;
|
||||
}
|
||||
|
||||
public boolean isEnabled() {
|
||||
|
|
@ -141,27 +142,27 @@ public class RealmRepresentation {
|
|||
return mapping;
|
||||
}
|
||||
|
||||
public List<String> getRequiredCredentials() {
|
||||
public Set<String> getRequiredCredentials() {
|
||||
return requiredCredentials;
|
||||
}
|
||||
|
||||
public void setRequiredCredentials(List<String> requiredCredentials) {
|
||||
public void setRequiredCredentials(Set<String> requiredCredentials) {
|
||||
this.requiredCredentials = requiredCredentials;
|
||||
}
|
||||
|
||||
public List<String> getRequiredResourceCredentials() {
|
||||
return requiredResourceCredentials;
|
||||
public Set<String> getRequiredApplicationCredentials() {
|
||||
return requiredApplicationCredentials;
|
||||
}
|
||||
|
||||
public void setRequiredResourceCredentials(List<String> requiredResourceCredentials) {
|
||||
this.requiredResourceCredentials = requiredResourceCredentials;
|
||||
public void setRequiredApplicationCredentials(Set<String> requiredApplicationCredentials) {
|
||||
this.requiredApplicationCredentials = requiredApplicationCredentials;
|
||||
}
|
||||
|
||||
public List<String> getRequiredOAuthClientCredentials() {
|
||||
public Set<String> getRequiredOAuthClientCredentials() {
|
||||
return requiredOAuthClientCredentials;
|
||||
}
|
||||
|
||||
public void setRequiredOAuthClientCredentials(List<String> requiredOAuthClientCredentials) {
|
||||
public void setRequiredOAuthClientCredentials(Set<String> requiredOAuthClientCredentials) {
|
||||
this.requiredOAuthClientCredentials = requiredOAuthClientCredentials;
|
||||
}
|
||||
|
||||
|
|
@ -196,4 +197,12 @@ public class RealmRepresentation {
|
|||
public void setPublicKey(String publicKey) {
|
||||
this.publicKey = publicKey;
|
||||
}
|
||||
|
||||
public boolean isRegistrationAllowed() {
|
||||
return registrationAllowed;
|
||||
}
|
||||
|
||||
public void setRegistrationAllowed(boolean registrationAllowed) {
|
||||
this.registrationAllowed = registrationAllowed;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package org.keycloak.example.demo;
|
||||
|
||||
import org.jboss.resteasy.jwt.JsonSerialization;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
|
|
@ -40,7 +41,7 @@ public class DemoApplication extends KeycloakApplication {
|
|||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
|
||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
||||
|
||||
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
<class>org.picketlink.idm.jpa.model.sample.simple.OTPCredentialTypeEntity</class>
|
||||
<class>org.picketlink.idm.jpa.model.sample.simple.AttributeTypeEntity</class>
|
||||
<class>org.keycloak.services.models.picketlink.mappings.RealmEntity</class>
|
||||
<class>org.keycloak.services.models.picketlink.mappings.ResourceEntity</class>
|
||||
<class>org.keycloak.services.models.picketlink.mappings.ApplicationEntity</class>
|
||||
|
||||
<exclude-unlisted-classes>true</exclude-unlisted-classes>
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
|
||||
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||
"requiredCredentials": [ "password" ],
|
||||
"requiredResourceCredentials": [ "password" ],
|
||||
"requiredApplicationCredentials": [ "password" ],
|
||||
"requiredOAuthClientCredentials": [ "password" ],
|
||||
"users" : [
|
||||
{
|
||||
|
|
@ -57,7 +57,7 @@
|
|||
"roles": ["user"]
|
||||
}
|
||||
],
|
||||
"resources": [
|
||||
"applications": [
|
||||
{
|
||||
"name": "customer-portal",
|
||||
"enabled": true,
|
||||
|
|
|
|||
|
|
@ -27,25 +27,9 @@ module.controller('GlobalCtrl', function($scope, $http, Auth, Current, $location
|
|||
|
||||
$http.get('/auth-server/rest/saas/admin/realms').success(function(data) {
|
||||
Current.realms = data;
|
||||
var count = 0;
|
||||
var showrealm = false;
|
||||
var id = null;
|
||||
for (var key in data) {
|
||||
if (count > 0) {
|
||||
showrealm = false;
|
||||
break;
|
||||
}
|
||||
id = key;
|
||||
showrealm = true;
|
||||
count++;
|
||||
}
|
||||
|
||||
if (showrealm) {
|
||||
console.log('default redirect to realm: ' + id);
|
||||
Current.realm = Current.realms[id];
|
||||
$location.url("/realms/" + id);
|
||||
} else {
|
||||
//console.log('not redirecting');
|
||||
if (data.length > 0) {
|
||||
Current.realm = data[0];
|
||||
$location.url("/realms/" + Current.realm.id);
|
||||
}
|
||||
});
|
||||
});
|
||||
|
|
@ -58,49 +42,58 @@ module.controller('RealmListCtrl', function($scope, Realm, Current) {
|
|||
module.controller('RealmDropdownCtrl', function($scope, Realm, Current, Auth, $location) {
|
||||
// Current.realms = Realm.get();
|
||||
$scope.current = Current;
|
||||
if (Current.realms.length > 0) {
|
||||
console.log('[0]: ' + current.realms[0].realm);
|
||||
}
|
||||
$scope.changeRealm = function() {
|
||||
for (var id in Current.realms) {
|
||||
var val = Current.realms[id];
|
||||
if (val == Current.realm) {
|
||||
$location.url("/realms/" + id);
|
||||
break;
|
||||
}
|
||||
}
|
||||
$location.url("/realms/" + $scope.current.realm.id);
|
||||
};
|
||||
$scope.showNav = function() {
|
||||
var show = false;
|
||||
for (var key in Current.realms) {
|
||||
if (typeof Current.realms[key] != "function") {
|
||||
if (Current.realms[key] == Current.realm) {
|
||||
$scope.currentRealmId = key;
|
||||
}
|
||||
show = true;
|
||||
}
|
||||
}
|
||||
var show = Current.realms.length > 0;
|
||||
console.log('Show dropdown? ' + show);
|
||||
return Auth.loggedIn && show;
|
||||
}
|
||||
});
|
||||
|
||||
module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $location, Dialog, Notifications) {
|
||||
$scope.realm = angular.copy(realm);
|
||||
module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $http, $location, Dialog, Notifications) {
|
||||
$scope.createRealm = !realm.id;
|
||||
|
||||
if ($scope.createRealm) {
|
||||
$scope.realm.enabled = true;
|
||||
$scope.realm.requireSsl = true;
|
||||
$scope.realm.cookieLoginAllowed = true;
|
||||
$scope.realm.tokenLifespan = 300;
|
||||
$scope.realm.tokenLifespanUnit = 'SECONDS';
|
||||
$scope.realm.accessCodeLifespan = 300;
|
||||
$scope.realm.accessCodeLifespanUnit = 'SECONDS';
|
||||
$scope.realm.requiredCredentials = ['password'];
|
||||
$scope.realm = {
|
||||
enabled: true,
|
||||
requireSsl: true,
|
||||
cookieLoginAllowed: true,
|
||||
tokenLifespan: 300,
|
||||
tokenLifespanUnit: 'SECONDS',
|
||||
accessCodeLifespan: 300,
|
||||
accessCodeLifespanUnit: 'SECONDS',
|
||||
requiredCredentials: ['password']
|
||||
|
||||
};
|
||||
} else {
|
||||
$scope.realm.name = realm.realm;
|
||||
$scope.realm.requireSsl = !$scope.realm.sslNotRequired;
|
||||
if (Current.realm == null || Current.realm.id != realm.id) {
|
||||
for (var i = 0; i < Current.realms.length; i++) {
|
||||
if (realm.id == Current.realms[i].id) {
|
||||
Current.realm = Current.realms[i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (Current.realm == null || Current.realm.id != realm.id) {
|
||||
console.log('should be unreachable');
|
||||
return;
|
||||
}
|
||||
$scope.realm = angular.copy(realm);
|
||||
$scope.realm.requireSsl = !realm.sslNotRequired;
|
||||
$scope.realm.tokenLifespanUnit = 'SECONDS';
|
||||
$scope.realm.acessCodeLifespanUnit = 'SECONDS';
|
||||
$scope.realm.accessCodeLifespanUnit = 'SECONDS';
|
||||
|
||||
}
|
||||
|
||||
var oldCopy = angular.copy($scope.realm);
|
||||
|
||||
|
||||
|
||||
$scope.userCredentialOptions = {
|
||||
'multiple' : true,
|
||||
'simple_tags' : true,
|
||||
|
|
@ -110,93 +103,47 @@ module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $lo
|
|||
$scope.changed = $scope.create;
|
||||
|
||||
$scope.$watch('realm', function() {
|
||||
if (!angular.equals($scope.realm, realm)) {
|
||||
if (!angular.equals($scope.realm, oldCopy)) {
|
||||
$scope.changed = true;
|
||||
}
|
||||
}, true);
|
||||
|
||||
$scope.addRole = function() {
|
||||
if ($scope.newRole) {
|
||||
if ($scope.realm.roles) {
|
||||
for ( var i = 0; i < $scope.realm.roles.length; i++) {
|
||||
if ($scope.realm.roles[i] == $scope.newRole) {
|
||||
Notifications.warn("Role already exists");
|
||||
$scope.newRole = null;
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!$scope.realm.roles) {
|
||||
$scope.realm.roles = [];
|
||||
}
|
||||
|
||||
$scope.realm.roles.push($scope.newRole);
|
||||
$scope.newRole = null;
|
||||
}
|
||||
}
|
||||
|
||||
$scope.removeRole = function(role) {
|
||||
Dialog.confirmDelete(role, 'role', function() {
|
||||
var i = $scope.realm.roles.indexOf(role);
|
||||
if (i > -1) {
|
||||
$scope.realm.roles.splice(i, 1);
|
||||
}
|
||||
|
||||
if ($scope.realm.initialRoles) {
|
||||
$scope.removeInitialRole(role);
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
$scope.addInitialRole = function() {
|
||||
if ($scope.newInitialRole) {
|
||||
if (!$scope.realm.initialRoles) {
|
||||
$scope.realm.initialRoles = [];
|
||||
}
|
||||
|
||||
$scope.realm.initialRoles.push($scope.newInitialRole);
|
||||
$scope.newInitialRole = null;
|
||||
}
|
||||
}
|
||||
|
||||
$scope.removeInitialRole = function(role) {
|
||||
var i = $scope.realm.initialRoles.indexOf(role);
|
||||
if (i > -1) {
|
||||
$scope.realm.initialRoles.splice(i, 1);
|
||||
}
|
||||
};
|
||||
|
||||
$scope.save = function() {
|
||||
if ($scope.realmForm.$valid) {
|
||||
var realmCopy = {
|
||||
realm: $scope.realm.name,
|
||||
enabled: $scope.realm.enabled,
|
||||
cookieLoginAllowed: $scope.realm.cookieLoginAllowed,
|
||||
sslNotRequired: !$scope.realm.requireSsl,
|
||||
tokenLifespan: $scope.realm.tokenLifespan,
|
||||
accessCodeLifespan: $scope.realm.accessCodeLifespan,
|
||||
requiredCredentials: $scope.realm.requiredCredentials
|
||||
|
||||
};
|
||||
|
||||
var realmCopy = angular.copy($scope.realm);
|
||||
realmCopy.sslNotRequired = !realmCopy.requireSsl;
|
||||
delete realmCopy["requireSsl"];
|
||||
delete realmCopy["tokenLifespanUnit"];
|
||||
delete realmCopy["accessCodeLifespanUnit"];
|
||||
if ($scope.createRealm) {
|
||||
Realm.save(realmCopy, function(data, headers) {
|
||||
console.log('creating new realm');
|
||||
var l = headers().location;
|
||||
var id = l.substring(l.lastIndexOf("/") + 1);
|
||||
|
||||
var data = Realm.get(function() {
|
||||
var data = Realm.query(function() {
|
||||
Current.realms = data;
|
||||
Current.realm = Current.realms[id];
|
||||
for (var i = 0; i < Current.realms.length; i++) {
|
||||
if (Current.realms[i].id == id) {
|
||||
Current.realm = Current.realms[i];
|
||||
}
|
||||
}
|
||||
});
|
||||
$location.url("/realms/" + id);
|
||||
Notifications.success("Created realm");
|
||||
});
|
||||
} else {
|
||||
console.log('updating realm...');
|
||||
Realm.update(realmCopy, function() {
|
||||
Current.realms = Realm.get();
|
||||
$scope.changed = false;
|
||||
realm = angular.copy($scope.realm);
|
||||
var id = realmCopy.id;
|
||||
var data = Realm.query(function() {
|
||||
Current.realms = data;
|
||||
for (var i = 0; i < Current.realms.length; i++) {
|
||||
if (Current.realms[i].id == id) {
|
||||
Current.realm = Current.realms[i];
|
||||
}
|
||||
}
|
||||
});
|
||||
$location.url("/realms/" + id);
|
||||
Notifications.success("Saved changes to realm");
|
||||
});
|
||||
}
|
||||
|
|
@ -206,7 +153,7 @@ module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $lo
|
|||
};
|
||||
|
||||
$scope.reset = function() {
|
||||
$scope.realm = angular.copy(realm);
|
||||
$scope.realm = angular.copy(oldCopy);
|
||||
$scope.changed = false;
|
||||
$scope.realmForm.showErrors = false;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -132,7 +132,7 @@ module.factory('Role', function($resource) {
|
|||
});
|
||||
|
||||
module.factory('Application', function($resource) {
|
||||
return $resource('/auth-server/rest/saas/admin/realms/:realm/resources/:id', {
|
||||
return $resource('/auth-server/rest/saas/admin/realms/:realm/applications/:id', {
|
||||
realm : '@realm',
|
||||
id : '@id'
|
||||
}, {
|
||||
|
|
|
|||
|
|
@ -22574,7 +22574,7 @@ var ngSubmitDirective = ngDirective(function(scope, element, attrs) {
|
|||
* @description
|
||||
* Fetches, compiles and includes an external HTML fragment.
|
||||
*
|
||||
* Keep in mind that Same Origin Policy applies to included resources
|
||||
* Keep in mind that Same Origin Policy applies to included applications
|
||||
* (e.g. ngInclude won't work for cross-domain requests on all browsers and for
|
||||
* file:// access on some browsers).
|
||||
*
|
||||
|
|
|
|||
|
|
@ -13168,7 +13168,7 @@ var ngSubmitDirective = ngDirective(function(scope, element, attrs) {
|
|||
* @description
|
||||
* Fetches, compiles and includes an external HTML fragment.
|
||||
*
|
||||
* Keep in mind that Same Origin Policy applies to included resources
|
||||
* Keep in mind that Same Origin Policy applies to included applications
|
||||
* (e.g. ngInclude won't work for cross-domain requests on all browsers and for
|
||||
* file:// access on some browsers).
|
||||
*
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@
|
|||
<nav id="global-nav">
|
||||
<div data-ng-controller="RealmDropdownCtrl" >
|
||||
<ul class="nav pull-left" data-ng-show="showNav()">
|
||||
<li class="divider-vertical-right"><a href="#/realms/{{currentRealmId}}">Realm</a></li>
|
||||
<li class="divider-vertical-right"><a href="#/realms/{{current.realm.id}}">Realm</a></li>
|
||||
</ul>
|
||||
<select class="nav pull-left" data-ng-show="showNav()" ng-change="changeRealm()" ng-model="current.realm" ng-options="name for (id, name) in current.realms">
|
||||
<select class="nav pull-left" data-ng-show="showNav()" ng-change="changeRealm()" ng-model="current.realm" ng-options="r.realm for r in current.realms">
|
||||
</select>
|
||||
<!-- <select class="nav pull-left" ng-options="r.name for r in current.realms"></select> -->
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
<label for="realmForm-name" class="control-label">Name</label>
|
||||
|
||||
<div class="controls">
|
||||
<input class="input-xlarge" type="text" name="name" data-ng-model="realm.name" autofocus
|
||||
<input class="input-xlarge" type="text" name="name" data-ng-model="realm.realm" autofocus
|
||||
required>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -139,7 +139,6 @@
|
|||
</button>
|
||||
<button type="submit" data-ng-click="reset()" class="btn" data-ng-show="changed">Clear changes
|
||||
</button>
|
||||
<a href="#/realms" data-ng-hide="changed">View realms »</a>
|
||||
<button type="submit" data-ng-click="remove()" class="btn btn-danger" data-ng-hide="changed">
|
||||
Delete
|
||||
</button>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
href="#/create/role/{{realm.id}}">New Role</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li data-ng-class="path[2] == 'resources' && 'active'"><a href="#/realms/{{realm.id}}/applications">Manage Applications</a></li>
|
||||
<li data-ng-class="path[2] == 'applications' && 'active'"><a href="#/realms/{{realm.id}}/applications">Manage Applications</a></li>
|
||||
<li data-ng-class="!path[2] && 'active'"><a href="#/realms/{{realm.id}}">Realm Settings</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
|
|||
|
|
@ -447,7 +447,7 @@ public class OAuthAuthenticationServerValve extends FormAuthenticator implements
|
|||
userSessionManagement.logout(username);
|
||||
request.setUserPrincipal(null);
|
||||
request.setAuthType(null);
|
||||
// logout user on all declared authenticated resources
|
||||
// logout user on all declared authenticated applications
|
||||
logoutResources(username, admin);
|
||||
redirectToWelcomePage(request, response);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -206,7 +206,7 @@ public class AuthenticationManager {
|
|||
|
||||
List<RequiredCredentialModel> requiredCredentials = null;
|
||||
if (realm.hasRole(user, RealmManager.RESOURCE_ROLE)) {
|
||||
requiredCredentials = realm.getRequiredResourceCredentials();
|
||||
requiredCredentials = realm.getRequiredApplicationCredentials();
|
||||
} else if (realm.hasRole(user, RealmManager.IDENTITY_REQUESTER_ROLE)) {
|
||||
requiredCredentials = realm.getRequiredOAuthClientCredentials();
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -1,21 +1,14 @@
|
|||
package org.keycloak.services.managers;
|
||||
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.ResourceRepresentation;
|
||||
import org.keycloak.representations.idm.RoleMappingRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.ScopeMappingRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.jboss.resteasy.logging.Logger;
|
||||
import org.keycloak.representations.idm.*;
|
||||
import org.keycloak.representations.idm.ApplicationRepresentation;
|
||||
import org.keycloak.services.models.*;
|
||||
|
||||
import java.security.KeyPair;
|
||||
import java.security.KeyPairGenerator;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.*;
|
||||
import java.util.concurrent.atomic.AtomicLong;
|
||||
|
||||
/**
|
||||
|
|
@ -25,6 +18,7 @@ import java.util.concurrent.atomic.AtomicLong;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RealmManager {
|
||||
protected static final Logger logger = Logger.getLogger(RealmManager.class);
|
||||
private static AtomicLong counter = new AtomicLong(1);
|
||||
public static final String RESOURCE_ROLE = "KEYCLOAK_RESOURCE";
|
||||
public static final String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER";
|
||||
|
|
@ -72,6 +66,26 @@ public class RealmManager {
|
|||
realm.setPublicKey(keyPair.getPublic());
|
||||
}
|
||||
|
||||
public void updateRealm(RealmRepresentation rep, RealmModel realm) {
|
||||
if (rep.getRealm() != null) realm.setName(rep.getRealm());
|
||||
realm.setEnabled(rep.isEnabled());
|
||||
realm.setCookieLoginAllowed(rep.isCookieLoginAllowed());
|
||||
realm.setRegistrationAllowed(rep.isRegistrationAllowed());
|
||||
realm.setSslNotRequired((rep.isSslNotRequired()));
|
||||
realm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
|
||||
realm.setTokenLifespan(rep.getTokenLifespan());
|
||||
if (rep.getRequiredOAuthClientCredentials() != null) {
|
||||
realm.updateRequiredOAuthClientCredentials(rep.getRequiredOAuthClientCredentials());
|
||||
}
|
||||
if (rep.getRequiredCredentials() != null) {
|
||||
logger.info("updating required credentials");
|
||||
realm.updateRequiredCredentials(rep.getRequiredCredentials());
|
||||
}
|
||||
if (rep.getRequiredApplicationCredentials() != null) {
|
||||
realm.updateRequiredApplicationCredentials(rep.getRequiredApplicationCredentials());
|
||||
}
|
||||
}
|
||||
|
||||
public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
|
||||
//verifyRealmRepresentation(rep);
|
||||
RealmModel realm = createRealm(rep.getRealm());
|
||||
|
|
@ -103,7 +117,7 @@ public class RealmManager {
|
|||
}
|
||||
}
|
||||
|
||||
if (rep.getRequiredResourceCredentials() != null) {
|
||||
if (rep.getRequiredApplicationCredentials() != null) {
|
||||
for (String requiredCred : rep.getRequiredCredentials()) {
|
||||
addResourceRequiredCredential(newRealm, requiredCred);
|
||||
}
|
||||
|
|
@ -130,7 +144,7 @@ public class RealmManager {
|
|||
}
|
||||
}
|
||||
|
||||
if (rep.getResources() != null) {
|
||||
if (rep.getApplications() != null) {
|
||||
createResources(rep, newRealm);
|
||||
}
|
||||
|
||||
|
|
@ -201,7 +215,7 @@ public class RealmManager {
|
|||
protected void createResources(RealmRepresentation rep, RealmModel realm) {
|
||||
RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE);
|
||||
ResourceManager manager = new ResourceManager(this);
|
||||
for (ResourceRepresentation resourceRep : rep.getResources()) {
|
||||
for (ApplicationRepresentation resourceRep : rep.getApplications()) {
|
||||
manager.createResource(realm, loginRole, resourceRep);
|
||||
}
|
||||
}
|
||||
|
|
@ -226,21 +240,21 @@ public class RealmManager {
|
|||
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
|
||||
List<RequiredCredentialModel> requiredCredentialModels = realm.getRequiredCredentials();
|
||||
if (requiredCredentialModels.size() > 0) {
|
||||
rep.setRequiredCredentials(new ArrayList<String>());
|
||||
rep.setRequiredCredentials(new HashSet<String>());
|
||||
for (RequiredCredentialModel cred : requiredCredentialModels) {
|
||||
rep.getRequiredCredentials().add(cred.getType());
|
||||
}
|
||||
}
|
||||
List<RequiredCredentialModel> requiredResourceCredentialModels = realm.getRequiredResourceCredentials();
|
||||
List<RequiredCredentialModel> requiredResourceCredentialModels = realm.getRequiredApplicationCredentials();
|
||||
if (requiredResourceCredentialModels.size() > 0) {
|
||||
rep.setRequiredResourceCredentials(new ArrayList<String>());
|
||||
rep.setRequiredApplicationCredentials(new HashSet<String>());
|
||||
for (RequiredCredentialModel cred : requiredResourceCredentialModels) {
|
||||
rep.getRequiredResourceCredentials().add(cred.getType());
|
||||
rep.getRequiredApplicationCredentials().add(cred.getType());
|
||||
}
|
||||
}
|
||||
List<RequiredCredentialModel> requiredOAuthCredentialModels = realm.getRequiredOAuthClientCredentials();
|
||||
if (requiredOAuthCredentialModels.size() > 0) {
|
||||
rep.setRequiredOAuthClientCredentials(new ArrayList<String>());
|
||||
rep.setRequiredOAuthClientCredentials(new HashSet<String>());
|
||||
for (RequiredCredentialModel cred : requiredOAuthCredentialModels) {
|
||||
rep.getRequiredOAuthClientCredentials().add(cred.getType());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import org.jboss.resteasy.logging.Logger;
|
|||
import org.keycloak.TokenIdGenerator;
|
||||
import org.keycloak.representations.idm.admin.LogoutAction;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.keycloak.services.models.ApplicationModel;
|
||||
|
||||
import javax.ws.rs.client.Entity;
|
||||
import javax.ws.rs.core.Form;
|
||||
|
|
@ -29,14 +29,14 @@ public class ResourceAdminManager {
|
|||
.disableTrustManager() // todo fix this, should have a trust manager or a good default
|
||||
.build();
|
||||
|
||||
List<ResourceModel> resources = realm.getResources();
|
||||
List<ApplicationModel> resources = realm.getApplications();
|
||||
logger.info("logging out " + resources.size() + " resoures.");
|
||||
for (ResourceModel resource : resources) {
|
||||
for (ApplicationModel resource : resources) {
|
||||
logoutResource(realm, resource, user, client);
|
||||
}
|
||||
}
|
||||
|
||||
protected boolean logoutResource(RealmModel realm, ResourceModel resource, String user, ResteasyClient client) {
|
||||
protected boolean logoutResource(RealmModel realm, ApplicationModel resource, String user, ResteasyClient client) {
|
||||
LogoutAction adminAction = new LogoutAction(TokenIdGenerator.generateId(), System.currentTimeMillis() / 1000 + 30, resource.getName(), user);
|
||||
String token = new TokenManager().encodeToken(realm, adminAction);
|
||||
Form form = new Form();
|
||||
|
|
|
|||
|
|
@ -1,18 +1,13 @@
|
|||
package org.keycloak.services.managers;
|
||||
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.ResourceRepresentation;
|
||||
import org.keycloak.representations.idm.RoleMappingRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.ScopeMappingRepresentation;
|
||||
import org.keycloak.representations.idm.*;
|
||||
import org.keycloak.representations.idm.ApplicationRepresentation;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.keycloak.services.models.ApplicationModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.UserCredentialModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
|
|
@ -25,8 +20,8 @@ public class ResourceManager {
|
|||
this.realmManager = realmManager;
|
||||
}
|
||||
|
||||
public ResourceModel createResource(RealmModel realm, RoleModel loginRole, ResourceRepresentation resourceRep) {
|
||||
ResourceModel resource = realm.addResource(resourceRep.getName());
|
||||
public ApplicationModel createResource(RealmModel realm, RoleModel loginRole, ApplicationRepresentation resourceRep) {
|
||||
ApplicationModel resource = realm.addApplication(resourceRep.getName());
|
||||
resource.setEnabled(resourceRep.isEnabled());
|
||||
resource.setManagementUrl(resourceRep.getAdminUrl());
|
||||
resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
|
||||
|
|
@ -78,12 +73,12 @@ public class ResourceManager {
|
|||
return resource;
|
||||
}
|
||||
|
||||
public ResourceModel createResource(RealmModel realm, ResourceRepresentation resourceRep) {
|
||||
public ApplicationModel createResource(RealmModel realm, ApplicationRepresentation resourceRep) {
|
||||
RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE);
|
||||
return createResource(realm, loginRole, resourceRep);
|
||||
}
|
||||
|
||||
public void updateResource(ResourceRepresentation rep, ResourceModel resource) {
|
||||
public void updateResource(ApplicationRepresentation rep, ApplicationModel resource) {
|
||||
resource.setName(rep.getName());
|
||||
resource.setEnabled(rep.isEnabled());
|
||||
resource.setManagementUrl(rep.getAdminUrl());
|
||||
|
|
@ -92,13 +87,13 @@ public class ResourceManager {
|
|||
|
||||
}
|
||||
|
||||
public ResourceRepresentation toRepresentation(ResourceModel resourceModel) {
|
||||
ResourceRepresentation rep = new ResourceRepresentation();
|
||||
rep.setId(resourceModel.getId());
|
||||
rep.setName(resourceModel.getName());
|
||||
rep.setEnabled(resourceModel.isEnabled());
|
||||
rep.setAdminUrl(resourceModel.getManagementUrl());
|
||||
rep.setSurrogateAuthRequired(resourceModel.isSurrogateAuthRequired());
|
||||
public ApplicationRepresentation toRepresentation(ApplicationModel applicationModel) {
|
||||
ApplicationRepresentation rep = new ApplicationRepresentation();
|
||||
rep.setId(applicationModel.getId());
|
||||
rep.setName(applicationModel.getName());
|
||||
rep.setEnabled(applicationModel.isEnabled());
|
||||
rep.setAdminUrl(applicationModel.getManagementUrl());
|
||||
rep.setSurrogateAuthRequired(applicationModel.isSurrogateAuthRequired());
|
||||
return rep;
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import org.jboss.resteasy.jwt.JsonSerialization;
|
|||
import org.keycloak.representations.SkeletonKeyScope;
|
||||
import org.keycloak.representations.SkeletonKeyToken;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.keycloak.services.models.ApplicationModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
|
||||
|
|
@ -66,7 +66,7 @@ public class TokenManager {
|
|||
}
|
||||
}
|
||||
}
|
||||
for (ResourceModel resource : realm.getResources()) {
|
||||
for (ApplicationModel resource : realm.getApplications()) {
|
||||
Set<String> mapping = resource.getRoleMappings(user);
|
||||
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
|
||||
Set<String> scope = resource.getScope(client);
|
||||
|
|
@ -131,9 +131,9 @@ public class TokenManager {
|
|||
}
|
||||
|
||||
if (accessCodeEntry.getResourceRolesRequested().size() > 0) {
|
||||
Map<String, ResourceModel> resourceMap = realm.getResourceNameMap();
|
||||
Map<String, ApplicationModel> resourceMap = realm.getResourceNameMap();
|
||||
for (String resourceName : accessCodeEntry.getResourceRolesRequested().keySet()) {
|
||||
ResourceModel resource = resourceMap.get(resourceName);
|
||||
ApplicationModel resource = resourceMap.get(resourceName);
|
||||
SkeletonKeyToken.Access access = token.addAccess(resourceName).verifyCaller(resource.isSurrogateAuthRequired());
|
||||
for (RoleModel role : accessCodeEntry.getResourceRolesRequested().get(resourceName)) {
|
||||
access.addRole(role.getName());
|
||||
|
|
@ -166,7 +166,7 @@ public class TokenManager {
|
|||
|
||||
|
||||
public SkeletonKeyToken createAccessToken(RealmModel realm, UserModel user) {
|
||||
List<ResourceModel> resources = realm.getResources();
|
||||
List<ApplicationModel> resources = realm.getApplications();
|
||||
SkeletonKeyToken token = new SkeletonKeyToken();
|
||||
token.id(RealmManager.generateId());
|
||||
token.issuedNow();
|
||||
|
|
@ -186,7 +186,7 @@ public class TokenManager {
|
|||
token.setRealmAccess(access);
|
||||
}
|
||||
if (resources != null) {
|
||||
for (ResourceModel resource : resources) {
|
||||
for (ApplicationModel resource : resources) {
|
||||
Set<String> mapping = resource.getRoleMappings(user);
|
||||
if (mapping == null) continue;
|
||||
SkeletonKeyToken.Access access = token.addAccess(resource.getName())
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ import java.util.Set;
|
|||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface ResourceModel {
|
||||
public interface ApplicationModel {
|
||||
void updateResource();
|
||||
|
||||
UserModel getResourceUser();
|
||||
|
|
@ -61,7 +61,6 @@ public interface RealmModel {
|
|||
|
||||
List<RequiredCredentialModel> getRequiredCredentials();
|
||||
|
||||
void addRequiredCredential(RequiredCredentialModel cred);
|
||||
void addRequiredCredential(String cred);
|
||||
|
||||
boolean validatePassword(UserModel user, String password);
|
||||
|
|
@ -80,11 +79,11 @@ public interface RealmModel {
|
|||
|
||||
List<RoleModel> getRoles();
|
||||
|
||||
Map<String, ResourceModel> getResourceNameMap();
|
||||
Map<String, ApplicationModel> getResourceNameMap();
|
||||
|
||||
List<ResourceModel> getResources();
|
||||
List<ApplicationModel> getApplications();
|
||||
|
||||
ResourceModel addResource(String name);
|
||||
ApplicationModel addApplication(String name);
|
||||
|
||||
boolean hasRole(UserModel user, RoleModel role);
|
||||
|
||||
|
|
@ -102,19 +101,23 @@ public interface RealmModel {
|
|||
|
||||
RoleModel getRoleById(String id);
|
||||
|
||||
void addRequiredResourceCredential(RequiredCredentialModel cred);
|
||||
|
||||
List<RequiredCredentialModel> getRequiredResourceCredentials();
|
||||
List<RequiredCredentialModel> getRequiredApplicationCredentials();
|
||||
|
||||
void addRequiredOAuthClientCredential(RequiredCredentialModel cred);
|
||||
|
||||
List<RequiredCredentialModel> getRequiredOAuthClientCredentials();
|
||||
|
||||
boolean hasRole(UserModel user, String role);
|
||||
|
||||
ResourceModel getResourceById(String id);
|
||||
ApplicationModel getApplicationById(String id);
|
||||
|
||||
void addRequiredOAuthClientCredential(String type);
|
||||
|
||||
void addRequiredResourceCredential(String type);
|
||||
|
||||
void updateRequiredCredentials(Set<String> creds);
|
||||
|
||||
void updateRequiredOAuthClientCredentials(Set<String> creds);
|
||||
|
||||
void updateRequiredApplicationCredentials(Set<String> creds);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +1,9 @@
|
|||
package org.keycloak.services.models.picketlink;
|
||||
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.keycloak.services.models.ApplicationModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.keycloak.services.models.picketlink.mappings.ResourceData;
|
||||
import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.picketlink.mappings.ApplicationData;
|
||||
import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.PartitionManager;
|
||||
|
|
@ -24,14 +23,14 @@ import java.util.Set;
|
|||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class ResourceAdapter implements ResourceModel {
|
||||
protected ResourceData resource;
|
||||
public class ApplicationAdapter implements ApplicationModel {
|
||||
protected ApplicationData resource;
|
||||
protected RealmAdapter realm;
|
||||
protected IdentityManager idm;
|
||||
protected PartitionManager partitionManager;
|
||||
protected RelationshipManager relationshipManager;
|
||||
|
||||
public ResourceAdapter(ResourceData resource, RealmAdapter realm, PartitionManager partitionManager) {
|
||||
public ApplicationAdapter(ApplicationData resource, RealmAdapter realm, PartitionManager partitionManager) {
|
||||
this.resource = resource;
|
||||
this.realm = realm;
|
||||
this.partitionManager = partitionManager;
|
||||
|
|
@ -1,24 +1,21 @@
|
|||
package org.keycloak.services.models.picketlink;
|
||||
|
||||
import org.bouncycastle.openssl.PEMWriter;
|
||||
import org.jboss.resteasy.logging.Logger;
|
||||
import org.jboss.resteasy.security.PemUtils;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.keycloak.services.models.ApplicationModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.UserCredentialModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.keycloak.services.models.picketlink.mappings.RealmData;
|
||||
import org.keycloak.services.models.picketlink.mappings.ResourceData;
|
||||
import org.keycloak.services.models.picketlink.relationships.OAuthClientRequiredCredentialRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.ResourceRequiredCredentialRelationship;
|
||||
import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
|
||||
import org.keycloak.services.models.picketlink.mappings.ApplicationData;
|
||||
import org.keycloak.services.models.picketlink.relationships.*;
|
||||
import org.keycloak.services.models.picketlink.relationships.RequiredApplicationCredentialRelationship;
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.PartitionManager;
|
||||
import org.picketlink.idm.RelationshipManager;
|
||||
|
|
@ -55,6 +52,7 @@ import java.util.Set;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RealmAdapter implements RealmModel {
|
||||
protected static final Logger logger = Logger.getLogger(RealmManager.class);
|
||||
|
||||
protected RealmData realm;
|
||||
protected volatile transient PublicKey publicKey;
|
||||
|
|
@ -251,28 +249,34 @@ public class RealmAdapter implements RealmModel {
|
|||
|
||||
@Override
|
||||
public List<RequiredCredentialModel> getRequiredCredentials() {
|
||||
RelationshipQuery<RequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(RequiredCredentialRelationship.class);
|
||||
query.setParameter(RequiredCredentialRelationship.REALM, realm.getName());
|
||||
List<RequiredCredentialRelationship> results = query.getResultList();
|
||||
List<RequiredCredentialRelationship> results = getRequiredCredentialRelationships();
|
||||
return getRequiredCredentialModels(results);
|
||||
}
|
||||
|
||||
protected List<RequiredCredentialRelationship> getRequiredCredentialRelationships() {
|
||||
RelationshipQuery<RequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(RequiredCredentialRelationship.class);
|
||||
query.setParameter(RequiredCredentialRelationship.REALM, realm.getName());
|
||||
return query.getResultList();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addRequiredResourceCredential(RequiredCredentialModel cred) {
|
||||
ResourceRequiredCredentialRelationship relationship = new ResourceRequiredCredentialRelationship();
|
||||
|
||||
public void addRequiredApplicationCredential(RequiredCredentialModel cred) {
|
||||
RequiredApplicationCredentialRelationship relationship = new RequiredApplicationCredentialRelationship();
|
||||
addRequiredCredential(cred, relationship);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RequiredCredentialModel> getRequiredResourceCredentials() {
|
||||
RelationshipQuery<ResourceRequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRequiredCredentialRelationship.class);
|
||||
query.setParameter(ResourceRequiredCredentialRelationship.REALM, realm.getName());
|
||||
List<ResourceRequiredCredentialRelationship> results = query.getResultList();
|
||||
public List<RequiredCredentialModel> getRequiredApplicationCredentials() {
|
||||
List<RequiredApplicationCredentialRelationship> results = getResourceRequiredCredentialRelationships();
|
||||
return getRequiredCredentialModels(results);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected List<RequiredApplicationCredentialRelationship> getResourceRequiredCredentialRelationships() {
|
||||
RelationshipQuery<RequiredApplicationCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(RequiredApplicationCredentialRelationship.class);
|
||||
query.setParameter(RequiredApplicationCredentialRelationship.REALM, realm.getName());
|
||||
return query.getResultList();
|
||||
}
|
||||
|
||||
public void addRequiredOAuthClientCredential(RequiredCredentialModel cred) {
|
||||
OAuthClientRequiredCredentialRelationship relationship = new OAuthClientRequiredCredentialRelationship();
|
||||
addRequiredCredential(cred, relationship);
|
||||
|
|
@ -280,15 +284,16 @@ public class RealmAdapter implements RealmModel {
|
|||
|
||||
@Override
|
||||
public List<RequiredCredentialModel> getRequiredOAuthClientCredentials() {
|
||||
RelationshipQuery<OAuthClientRequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(OAuthClientRequiredCredentialRelationship.class);
|
||||
query.setParameter(ResourceRequiredCredentialRelationship.REALM, realm.getName());
|
||||
List<OAuthClientRequiredCredentialRelationship> results = query.getResultList();
|
||||
List<OAuthClientRequiredCredentialRelationship> results = getOAuthClientRequiredCredentialRelationships();
|
||||
return getRequiredCredentialModels(results);
|
||||
}
|
||||
|
||||
protected List<OAuthClientRequiredCredentialRelationship> getOAuthClientRequiredCredentialRelationships() {
|
||||
RelationshipQuery<OAuthClientRequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(OAuthClientRequiredCredentialRelationship.class);
|
||||
query.setParameter(RequiredApplicationCredentialRelationship.REALM, realm.getName());
|
||||
return query.getResultList();
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void addRequiredCredential(RequiredCredentialModel cred) {
|
||||
RequiredCredentialRelationship relationship = new RequiredCredentialRelationship();
|
||||
addRequiredCredential(cred, relationship);
|
||||
|
|
@ -316,6 +321,65 @@ public class RealmAdapter implements RealmModel {
|
|||
getRelationshipManager().add(relationship);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateRequiredCredentials(Set<String> creds) {
|
||||
List<RequiredCredentialRelationship> relationships = getRequiredCredentialRelationships();
|
||||
RelationshipManager rm = getRelationshipManager();
|
||||
Set<String> already = new HashSet<String>();
|
||||
for (RequiredCredentialRelationship rel : relationships) {
|
||||
if (!creds.contains(rel.getCredentialType())) {
|
||||
rm.remove(rel);
|
||||
} else {
|
||||
already.add(rel.getCredentialType());
|
||||
}
|
||||
}
|
||||
for (String cred : creds) {
|
||||
logger.info("updating cred: " + cred);
|
||||
if (!already.contains(cred)) {
|
||||
addRequiredCredential(cred);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateRequiredOAuthClientCredentials(Set<String> creds) {
|
||||
List<OAuthClientRequiredCredentialRelationship> relationships = getOAuthClientRequiredCredentialRelationships();
|
||||
RelationshipManager rm = getRelationshipManager();
|
||||
Set<String> already = new HashSet<String>();
|
||||
for (RequiredCredentialRelationship rel : relationships) {
|
||||
if (!creds.contains(rel.getCredentialType())) {
|
||||
rm.remove(rel);
|
||||
} else {
|
||||
already.add(rel.getCredentialType());
|
||||
}
|
||||
}
|
||||
for (String cred : creds) {
|
||||
if (!already.contains(cred)) {
|
||||
addRequiredOAuthClientCredential(cred);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateRequiredApplicationCredentials(Set<String> creds) {
|
||||
List<RequiredApplicationCredentialRelationship> relationships = getResourceRequiredCredentialRelationships();
|
||||
RelationshipManager rm = getRelationshipManager();
|
||||
Set<String> already = new HashSet<String>();
|
||||
for (RequiredCredentialRelationship rel : relationships) {
|
||||
if (!creds.contains(rel.getCredentialType())) {
|
||||
rm.remove(rel);
|
||||
} else {
|
||||
already.add(rel.getCredentialType());
|
||||
}
|
||||
}
|
||||
for (String cred : creds) {
|
||||
if (!already.contains(cred)) {
|
||||
addRequiredResourceCredential(cred);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void addRequiredCredential(String type) {
|
||||
RequiredCredentialModel model = initRequiredCredentialModel(type);
|
||||
|
|
@ -331,7 +395,7 @@ public class RealmAdapter implements RealmModel {
|
|||
@Override
|
||||
public void addRequiredResourceCredential(String type) {
|
||||
RequiredCredentialModel model = initRequiredCredentialModel(type);
|
||||
addRequiredResourceCredential(model);
|
||||
addRequiredApplicationCredential(model);
|
||||
}
|
||||
|
||||
protected RequiredCredentialModel initRequiredCredentialModel(String type) {
|
||||
|
|
@ -444,9 +508,9 @@ public class RealmAdapter implements RealmModel {
|
|||
* @return
|
||||
*/
|
||||
@Override
|
||||
public Map<String, ResourceModel> getResourceNameMap() {
|
||||
Map<String, ResourceModel> resourceMap = new HashMap<String, ResourceModel>();
|
||||
for (ResourceModel resource : getResources()) {
|
||||
public Map<String, ApplicationModel> getResourceNameMap() {
|
||||
Map<String, ApplicationModel> resourceMap = new HashMap<String, ApplicationModel>();
|
||||
for (ApplicationModel resource : getApplications()) {
|
||||
resourceMap.put(resource.getName(), resource);
|
||||
}
|
||||
return resourceMap;
|
||||
|
|
@ -458,27 +522,27 @@ public class RealmAdapter implements RealmModel {
|
|||
* @return
|
||||
*/
|
||||
@Override
|
||||
public ResourceModel getResourceById(String id) {
|
||||
public ApplicationModel getApplicationById(String id) {
|
||||
RelationshipQuery<ResourceRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRelationship.class);
|
||||
query.setParameter(ResourceRelationship.REALM, realm.getName());
|
||||
query.setParameter(ResourceRelationship.RESOURCE, id);
|
||||
List<ResourceRelationship> results = query.getResultList();
|
||||
if (results.size() == 0) return null;
|
||||
ResourceData resource = partitionManager.getPartition(ResourceData.class, id);
|
||||
ResourceModel model = new ResourceAdapter(resource, this, partitionManager);
|
||||
ApplicationData resource = partitionManager.getPartition(ApplicationData.class, id);
|
||||
ApplicationModel model = new ApplicationAdapter(resource, this, partitionManager);
|
||||
return model;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public List<ResourceModel> getResources() {
|
||||
public List<ApplicationModel> getApplications() {
|
||||
RelationshipQuery<ResourceRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRelationship.class);
|
||||
query.setParameter(ResourceRelationship.REALM, realm.getName());
|
||||
List<ResourceRelationship> results = query.getResultList();
|
||||
List<ResourceModel> resources = new ArrayList<ResourceModel>();
|
||||
List<ApplicationModel> resources = new ArrayList<ApplicationModel>();
|
||||
for (ResourceRelationship relationship : results) {
|
||||
ResourceData resource = partitionManager.getPartition(ResourceData.class, relationship.getResource());
|
||||
ResourceModel model = new ResourceAdapter(resource, this, partitionManager);
|
||||
ApplicationData resource = partitionManager.getPartition(ApplicationData.class, relationship.getResource());
|
||||
ApplicationModel model = new ApplicationAdapter(resource, this, partitionManager);
|
||||
resources.add(model);
|
||||
}
|
||||
|
||||
|
|
@ -486,19 +550,19 @@ public class RealmAdapter implements RealmModel {
|
|||
}
|
||||
|
||||
@Override
|
||||
public ResourceModel addResource(String name) {
|
||||
ResourceData resourceData = new ResourceData(RealmManager.generateId());
|
||||
public ApplicationModel addApplication(String name) {
|
||||
ApplicationData applicationData = new ApplicationData(RealmManager.generateId());
|
||||
User resourceUser = new User(name);
|
||||
idm.add(resourceUser);
|
||||
resourceData.setResourceUser(resourceUser);
|
||||
resourceData.setResourceName(name);
|
||||
resourceData.setResourceUser(resourceUser);
|
||||
partitionManager.add(resourceData);
|
||||
applicationData.setResourceUser(resourceUser);
|
||||
applicationData.setResourceName(name);
|
||||
applicationData.setResourceUser(resourceUser);
|
||||
partitionManager.add(applicationData);
|
||||
ResourceRelationship resourceRelationship = new ResourceRelationship();
|
||||
resourceRelationship.setRealm(realm.getName());
|
||||
resourceRelationship.setResource(resourceData.getName());
|
||||
resourceRelationship.setResource(applicationData.getName());
|
||||
getRelationshipManager().add(resourceRelationship);
|
||||
ResourceModel resource = new ResourceAdapter(resourceData, this, partitionManager);
|
||||
ApplicationModel resource = new ApplicationAdapter(applicationData, this, partitionManager);
|
||||
resource.addRole("*");
|
||||
resource.addScope(new UserAdapter(resourceUser, idm), "*");
|
||||
return resource;
|
||||
|
|
|
|||
|
|
@ -9,17 +9,17 @@ import org.picketlink.idm.model.sample.User;
|
|||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class ResourceData extends AbstractPartition {
|
||||
public class ApplicationData extends AbstractPartition {
|
||||
private String resourceName;
|
||||
private boolean enabled;
|
||||
private boolean surrogateAuthRequired;
|
||||
private String managementUrl;
|
||||
private User resourceUser;
|
||||
|
||||
public ResourceData() {
|
||||
public ApplicationData() {
|
||||
super(null);
|
||||
}
|
||||
public ResourceData(String name) {
|
||||
public ApplicationData(String name) {
|
||||
super(name);
|
||||
}
|
||||
|
||||
|
|
@ -15,9 +15,9 @@ import java.io.Serializable;
|
|||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
@IdentityManaged(ResourceData.class)
|
||||
@IdentityManaged(ApplicationData.class)
|
||||
@Entity
|
||||
public class ResourceEntity implements Serializable {
|
||||
public class ApplicationEntity implements Serializable {
|
||||
@OneToOne
|
||||
@Id
|
||||
@OwnerReference
|
||||
|
|
@ -4,5 +4,5 @@ package org.keycloak.services.models.picketlink.relationships;
|
|||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class ResourceRequiredCredentialRelationship extends RequiredCredentialRelationship {
|
||||
public class RequiredApplicationCredentialRelationship extends RequiredCredentialRelationship {
|
||||
}
|
||||
|
|
@ -6,8 +6,8 @@ import org.keycloak.services.managers.TokenManager;
|
|||
import org.keycloak.services.models.KeycloakSessionFactory;
|
||||
import org.keycloak.services.models.picketlink.PicketlinkKeycloakSession;
|
||||
import org.keycloak.services.models.picketlink.PicketlinkKeycloakSessionFactory;
|
||||
import org.keycloak.services.models.picketlink.mappings.ApplicationEntity;
|
||||
import org.keycloak.services.models.picketlink.mappings.RealmEntity;
|
||||
import org.keycloak.services.models.picketlink.mappings.ResourceEntity;
|
||||
import org.keycloak.social.SocialRequestManager;
|
||||
import org.picketlink.idm.PartitionManager;
|
||||
import org.picketlink.idm.config.IdentityConfigurationBuilder;
|
||||
|
|
@ -98,7 +98,7 @@ public class KeycloakApplication extends Application {
|
|||
OTPCredentialTypeEntity.class,
|
||||
AttributeTypeEntity.class,
|
||||
RealmEntity.class,
|
||||
ResourceEntity.class
|
||||
ApplicationEntity.class
|
||||
)
|
||||
.supportGlobalRelationship(org.picketlink.idm.model.Relationship.class)
|
||||
.addContextInitializer(new JPAContextInitializer(null) {
|
||||
|
|
|
|||
|
|
@ -2,53 +2,45 @@ package org.keycloak.services.resources.admin;
|
|||
|
||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.jboss.resteasy.logging.Logger;
|
||||
import org.keycloak.representations.idm.ResourceRepresentation;
|
||||
import org.keycloak.representations.idm.ApplicationRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.managers.ResourceManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.keycloak.services.models.ApplicationModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.keycloak.services.resources.Transaction;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.NotFoundException;
|
||||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.PUT;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.PathParam;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RealmResourceResource {
|
||||
public class ApplicationResource {
|
||||
protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
|
||||
protected UserModel admin;
|
||||
protected RealmModel realm;
|
||||
protected ResourceModel resourceModel;
|
||||
protected ApplicationModel applicationModel;
|
||||
|
||||
public RealmResourceResource(UserModel admin, RealmModel realm, ResourceModel resourceModel) {
|
||||
public ApplicationResource(UserModel admin, RealmModel realm, ApplicationModel applicationModel) {
|
||||
this.admin = admin;
|
||||
this.realm = realm;
|
||||
this.resourceModel = resourceModel;
|
||||
this.applicationModel = applicationModel;
|
||||
}
|
||||
|
||||
@PUT
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
public void update(final ResourceRepresentation rep) {
|
||||
public void update(final ApplicationRepresentation rep) {
|
||||
new Transaction() {
|
||||
@Override
|
||||
protected void runImpl() {
|
||||
ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
|
||||
resourceManager.updateResource(rep, resourceModel);
|
||||
resourceManager.updateResource(rep, applicationModel);
|
||||
}
|
||||
}.run();
|
||||
}
|
||||
|
|
@ -57,12 +49,12 @@ public class RealmResourceResource {
|
|||
@GET
|
||||
@NoCache
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public ResourceRepresentation getResource(final @PathParam("id") String id) {
|
||||
public ApplicationRepresentation getResource(final @PathParam("id") String id) {
|
||||
return new Transaction() {
|
||||
@Override
|
||||
protected ResourceRepresentation callImpl() {
|
||||
protected ApplicationRepresentation callImpl() {
|
||||
ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
|
||||
return resourceManager.toRepresentation(resourceModel);
|
||||
return resourceManager.toRepresentation(applicationModel);
|
||||
}
|
||||
}.call();
|
||||
}
|
||||
|
|
@ -2,11 +2,11 @@ package org.keycloak.services.resources.admin;
|
|||
|
||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.jboss.resteasy.logging.Logger;
|
||||
import org.keycloak.representations.idm.ResourceRepresentation;
|
||||
import org.keycloak.representations.idm.ApplicationRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.managers.ResourceManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.keycloak.services.models.ApplicationModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.keycloak.services.resources.Transaction;
|
||||
|
||||
|
|
@ -14,7 +14,6 @@ import javax.ws.rs.Consumes;
|
|||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.NotFoundException;
|
||||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.PUT;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.PathParam;
|
||||
import javax.ws.rs.Produces;
|
||||
|
|
@ -29,12 +28,12 @@ import java.util.List;
|
|||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RealmResourcesResource {
|
||||
public class ApplicationsResource {
|
||||
protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
|
||||
protected UserModel admin;
|
||||
protected RealmModel realm;
|
||||
|
||||
public RealmResourcesResource(UserModel admin, RealmModel realm) {
|
||||
public ApplicationsResource(UserModel admin, RealmModel realm) {
|
||||
this.admin = admin;
|
||||
this.realm = realm;
|
||||
}
|
||||
|
|
@ -42,15 +41,15 @@ public class RealmResourcesResource {
|
|||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@NoCache
|
||||
public List<ResourceRepresentation> getResources() {
|
||||
public List<ApplicationRepresentation> getResources() {
|
||||
return new Transaction() {
|
||||
@Override
|
||||
protected List<ResourceRepresentation> callImpl() {
|
||||
List<ResourceRepresentation> rep = new ArrayList<ResourceRepresentation>();
|
||||
List<ResourceModel> resourceModels = realm.getResources();
|
||||
protected List<ApplicationRepresentation> callImpl() {
|
||||
List<ApplicationRepresentation> rep = new ArrayList<ApplicationRepresentation>();
|
||||
List<ApplicationModel> applicationModels = realm.getApplications();
|
||||
ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
|
||||
for (ResourceModel resourceModel : resourceModels) {
|
||||
rep.add(resourceManager.toRepresentation(resourceModel));
|
||||
for (ApplicationModel applicationModel : applicationModels) {
|
||||
rep.add(resourceManager.toRepresentation(applicationModel));
|
||||
}
|
||||
return rep;
|
||||
}
|
||||
|
|
@ -59,27 +58,27 @@ public class RealmResourcesResource {
|
|||
|
||||
@POST
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
public Response createResource(final @Context UriInfo uriInfo, final ResourceRepresentation rep) {
|
||||
public Response createResource(final @Context UriInfo uriInfo, final ApplicationRepresentation rep) {
|
||||
return new Transaction() {
|
||||
@Override
|
||||
protected Response callImpl() {
|
||||
ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
|
||||
ResourceModel resourceModel = resourceManager.createResource(realm, rep);
|
||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(resourceModel.getId()).build()).build();
|
||||
ApplicationModel applicationModel = resourceManager.createResource(realm, rep);
|
||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(applicationModel.getId()).build()).build();
|
||||
}
|
||||
}.call();
|
||||
}
|
||||
|
||||
@Path("{id}")
|
||||
public RealmResourceResource getResource(final @PathParam("id") String id) {
|
||||
public ApplicationResource getResource(final @PathParam("id") String id) {
|
||||
return new Transaction(false) {
|
||||
@Override
|
||||
protected RealmResourceResource callImpl() {
|
||||
ResourceModel resourceModel = realm.getResourceById(id);
|
||||
if (resourceModel == null) {
|
||||
protected ApplicationResource callImpl() {
|
||||
ApplicationModel applicationModel = realm.getApplicationById(id);
|
||||
if (applicationModel == null) {
|
||||
throw new NotFoundException();
|
||||
}
|
||||
return new RealmResourceResource(admin, realm, resourceModel);
|
||||
return new ApplicationResource(admin, realm, applicationModel);
|
||||
}
|
||||
}.call();
|
||||
|
||||
|
|
@ -7,17 +7,13 @@ import org.keycloak.representations.idm.RoleRepresentation;
|
|||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.keycloak.services.resources.PublicRealmResource;
|
||||
import org.keycloak.services.resources.Transaction;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.ForbiddenException;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.InternalServerErrorException;
|
||||
import javax.ws.rs.NotAuthorizedException;
|
||||
import javax.ws.rs.NotFoundException;
|
||||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.PUT;
|
||||
|
|
@ -25,15 +21,10 @@ import javax.ws.rs.Path;
|
|||
import javax.ws.rs.PathParam;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.HttpHeaders;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.UriBuilder;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
|
|
@ -49,9 +40,9 @@ public class RealmAdminResource {
|
|||
this.realm = realm;
|
||||
}
|
||||
|
||||
@Path("resources")
|
||||
public RealmResourcesResource getResources() {
|
||||
return new RealmResourcesResource(admin, realm);
|
||||
@Path("applications")
|
||||
public ApplicationsResource getResources() {
|
||||
return new ApplicationsResource(admin, realm);
|
||||
}
|
||||
|
||||
@GET
|
||||
|
|
@ -86,6 +77,19 @@ public class RealmAdminResource {
|
|||
}.call();
|
||||
}
|
||||
|
||||
@PUT
|
||||
@Consumes("application/json")
|
||||
public void updateRealm(final RealmRepresentation rep) {
|
||||
new Transaction() {
|
||||
@Override
|
||||
protected void runImpl() {
|
||||
logger.info("updating realm: " + rep.getRealm());
|
||||
new RealmManager(session).updateRealm(rep, realm);
|
||||
}
|
||||
}.run();
|
||||
|
||||
}
|
||||
|
||||
@Path("roles/{id}")
|
||||
@GET
|
||||
@NoCache
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import javax.ws.rs.core.Response;
|
|||
import javax.ws.rs.core.UriBuilder;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
import java.net.URI;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
|
@ -52,18 +53,18 @@ public class RealmsAdminResource {
|
|||
@GET
|
||||
@NoCache
|
||||
@Produces("application/json")
|
||||
public Response getRealms() {
|
||||
public List<RealmRepresentation> getRealms() {
|
||||
return new Transaction() {
|
||||
@Override
|
||||
protected Response callImpl() {
|
||||
protected List<RealmRepresentation> callImpl() {
|
||||
logger.info(("getRealms()"));
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
List<RealmModel> realms = session.getRealms(admin);
|
||||
Map<String, String> map = new HashMap<String, String>();
|
||||
List<RealmRepresentation> reps = new ArrayList<RealmRepresentation>();
|
||||
for (RealmModel realm : realms) {
|
||||
map.put(realm.getId(), realm.getName());
|
||||
reps.add(realmManager.toRepresentation(realm));
|
||||
}
|
||||
return Response.ok(new GenericEntity<Map<String, String>>(map){})
|
||||
.cacheControl(noCache).build();
|
||||
return reps;
|
||||
}
|
||||
}.call();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,7 +18,9 @@ import org.keycloak.services.models.UserCredentialModel;
|
|||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.StringTokenizer;
|
||||
|
||||
/**
|
||||
|
|
@ -89,8 +91,14 @@ public class AdapterTest {
|
|||
public void test2RequiredCredential() throws Exception {
|
||||
test1CreateRealm();
|
||||
realmModel.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||
realmModel.addRequiredCredential(CredentialRepresentation.TOTP);
|
||||
List<RequiredCredentialModel> storedCreds = realmModel.getRequiredCredentials();
|
||||
Assert.assertEquals(1, storedCreds.size());
|
||||
|
||||
Set<String> creds = new HashSet<String>();
|
||||
creds.add(CredentialRepresentation.PASSWORD);
|
||||
creds.add(CredentialRepresentation.TOTP);
|
||||
realmModel.updateRequiredCredentials(creds);
|
||||
storedCreds = realmModel.getRequiredCredentials();
|
||||
Assert.assertEquals(2, storedCreds.size());
|
||||
boolean totp = false;
|
||||
boolean password = false;
|
||||
|
|
|
|||
|
|
@ -6,18 +6,18 @@ import org.junit.Before;
|
|||
import org.junit.FixMethodOrder;
|
||||
import org.junit.Test;
|
||||
import org.junit.runners.MethodSorters;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.KeycloakSession;
|
||||
import org.keycloak.services.models.KeycloakSessionFactory;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
import org.keycloak.services.models.ResourceModel;
|
||||
import org.keycloak.services.models.ApplicationModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
import org.keycloak.services.resources.SaasService;
|
||||
import org.keycloak.services.resources.SaasService;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
|
@ -59,7 +59,7 @@ public class ImportTest {
|
|||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
|
||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||
RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
||||
UserModel admin = defaultRealm.addUser("admin");
|
||||
defaultRealm.grantRole(admin, role);
|
||||
|
|
@ -78,7 +78,7 @@ public class ImportTest {
|
|||
Set<String> scopes = realm.getScope(user);
|
||||
System.out.println("Scopes size: " + scopes.size());
|
||||
Assert.assertTrue(scopes.contains("*"));
|
||||
List<ResourceModel> resources = realm.getResources();
|
||||
List<ApplicationModel> resources = realm.getApplications();
|
||||
Assert.assertEquals(2, resources.size());
|
||||
List<RealmModel> realms = identitySession.getRealms(admin);
|
||||
Assert.assertEquals(1, realms.size());
|
||||
|
|
@ -96,7 +96,7 @@ public class ImportTest {
|
|||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
|
||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||
RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
||||
UserModel admin = defaultRealm.addUser("admin");
|
||||
defaultRealm.grantRole(admin, role);
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
package org.keycloak.test;
|
||||
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RequiredCredentialModel;
|
||||
|
|
@ -21,7 +22,7 @@ public class InstallationManager {
|
|||
defaultRealm.setCookieLoginAllowed(true);
|
||||
defaultRealm.setRegistrationAllowed(true);
|
||||
manager.generateRealmKeys(defaultRealm);
|
||||
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
|
||||
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
|
||||
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
<class>org.picketlink.idm.jpa.model.sample.simple.OTPCredentialTypeEntity</class>
|
||||
<class>org.picketlink.idm.jpa.model.sample.simple.AttributeTypeEntity</class>
|
||||
<class>org.keycloak.services.models.picketlink.mappings.RealmEntity</class>
|
||||
<class>org.keycloak.services.models.picketlink.mappings.ResourceEntity</class>
|
||||
<class>org.keycloak.services.models.picketlink.mappings.ApplicationEntity</class>
|
||||
|
||||
<exclude-unlisted-classes>true</exclude-unlisted-classes>
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
|
||||
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||
"requiredCredentials": [ "password" ],
|
||||
"requiredResourceCredentials": [ "password" ],
|
||||
"requiredApplicationCredentials": [ "password" ],
|
||||
"requiredOAuthClientCredentials": [ "password" ],
|
||||
"users" : [
|
||||
{
|
||||
|
|
@ -57,7 +57,7 @@
|
|||
"roles": ["user"]
|
||||
}
|
||||
],
|
||||
"resources": [
|
||||
"applications": [
|
||||
{
|
||||
"name": "customer-portal",
|
||||
"enabled": true,
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
"tokenLifespan": 6000,
|
||||
"accessCodeLifespan": 30,
|
||||
"requiredCredentials": [ "password" ],
|
||||
"requiredResourceCredentials": [ "password" ],
|
||||
"requiredApplicationCredentials": [ "password" ],
|
||||
"requiredOAuthClientCredentials": [ "password" ],
|
||||
"users": [
|
||||
{
|
||||
|
|
@ -63,7 +63,7 @@
|
|||
"roles": ["*"]
|
||||
}
|
||||
],
|
||||
"resources": [
|
||||
"applications": [
|
||||
{
|
||||
"name": "Application",
|
||||
"enabled": true,
|
||||
|
|
|
|||
Loading…
Reference in a new issue