This commit is contained in:
Bill Burke 2013-08-10 12:43:55 -04:00
parent 993fc5c301
commit a81d03213d
36 changed files with 375 additions and 341 deletions

View file

@ -1,15 +1,13 @@
package org.keycloak.representations.idm;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ResourceRepresentation {
public class ApplicationRepresentation {
protected String self; // link
protected String id;
protected String name;
@ -70,14 +68,14 @@ public class ResourceRepresentation {
this.roles = roles;
}
public ResourceRepresentation role(RoleRepresentation role) {
public ApplicationRepresentation role(RoleRepresentation role) {
if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
this.roles.add(role);
return this;
}
public ResourceRepresentation role(String role, String description) {
public ApplicationRepresentation role(String role, String description) {
if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
this.roles.add(new RoleRepresentation(role, description));
return this;
@ -123,7 +121,7 @@ public class ResourceRepresentation {
this.credentials = credentials;
}
public ResourceRepresentation credential(String type, String value) {
public ApplicationRepresentation credential(String type, String value) {
if (this.credentials == null) credentials = new ArrayList<CredentialRepresentation>();
CredentialRepresentation cred = new CredentialRepresentation();
cred.setType(type);

View file

@ -17,16 +17,17 @@ public class RealmRepresentation {
protected boolean enabled;
protected boolean sslNotRequired;
protected boolean cookieLoginAllowed;
protected boolean registrationAllowed;
protected String privateKey;
protected String publicKey;
protected List<RoleRepresentation> roles;
protected List<String> requiredCredentials;
protected List<String> requiredResourceCredentials;
protected List<String> requiredOAuthClientCredentials;
protected Set<String> requiredCredentials;
protected Set<String> requiredApplicationCredentials;
protected Set<String> requiredOAuthClientCredentials;
protected List<UserRepresentation> users;
protected List<RoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings;
protected List<ResourceRepresentation> resources;
protected List<ApplicationRepresentation> applications;
public String getSelf() {
@ -57,14 +58,14 @@ public class RealmRepresentation {
return users;
}
public List<ResourceRepresentation> getResources() {
return resources;
public List<ApplicationRepresentation> getApplications() {
return applications;
}
public ResourceRepresentation resource(String name) {
ResourceRepresentation resource = new ResourceRepresentation();
if (resources == null) resources = new ArrayList<ResourceRepresentation>();
resources.add(resource);
public ApplicationRepresentation resource(String name) {
ApplicationRepresentation resource = new ApplicationRepresentation();
if (applications == null) applications = new ArrayList<ApplicationRepresentation>();
applications.add(resource);
resource.setName(name);
return resource;
}
@ -81,8 +82,8 @@ public class RealmRepresentation {
return user;
}
public void setResources(List<ResourceRepresentation> resources) {
this.resources = resources;
public void setApplications(List<ApplicationRepresentation> applications) {
this.applications = applications;
}
public boolean isEnabled() {
@ -141,27 +142,27 @@ public class RealmRepresentation {
return mapping;
}
public List<String> getRequiredCredentials() {
public Set<String> getRequiredCredentials() {
return requiredCredentials;
}
public void setRequiredCredentials(List<String> requiredCredentials) {
public void setRequiredCredentials(Set<String> requiredCredentials) {
this.requiredCredentials = requiredCredentials;
}
public List<String> getRequiredResourceCredentials() {
return requiredResourceCredentials;
public Set<String> getRequiredApplicationCredentials() {
return requiredApplicationCredentials;
}
public void setRequiredResourceCredentials(List<String> requiredResourceCredentials) {
this.requiredResourceCredentials = requiredResourceCredentials;
public void setRequiredApplicationCredentials(Set<String> requiredApplicationCredentials) {
this.requiredApplicationCredentials = requiredApplicationCredentials;
}
public List<String> getRequiredOAuthClientCredentials() {
public Set<String> getRequiredOAuthClientCredentials() {
return requiredOAuthClientCredentials;
}
public void setRequiredOAuthClientCredentials(List<String> requiredOAuthClientCredentials) {
public void setRequiredOAuthClientCredentials(Set<String> requiredOAuthClientCredentials) {
this.requiredOAuthClientCredentials = requiredOAuthClientCredentials;
}
@ -196,4 +197,12 @@ public class RealmRepresentation {
public void setPublicKey(String publicKey) {
this.publicKey = publicKey;
}
public boolean isRegistrationAllowed() {
return registrationAllowed;
}
public void setRegistrationAllowed(boolean registrationAllowed) {
this.registrationAllowed = registrationAllowed;
}
}

View file

@ -1,6 +1,7 @@
package org.keycloak.example.demo;
import org.jboss.resteasy.jwt.JsonSerialization;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.KeycloakSession;
@ -40,7 +41,7 @@ public class DemoApplication extends KeycloakApplication {
defaultRealm.setCookieLoginAllowed(true);
defaultRealm.setRegistrationAllowed(true);
manager.generateRealmKeys(defaultRealm);
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
RealmRepresentation rep = loadJson("META-INF/testrealm.json");

View file

@ -19,7 +19,7 @@
<class>org.picketlink.idm.jpa.model.sample.simple.OTPCredentialTypeEntity</class>
<class>org.picketlink.idm.jpa.model.sample.simple.AttributeTypeEntity</class>
<class>org.keycloak.services.models.picketlink.mappings.RealmEntity</class>
<class>org.keycloak.services.models.picketlink.mappings.ResourceEntity</class>
<class>org.keycloak.services.models.picketlink.mappings.ApplicationEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes>

View file

@ -8,7 +8,7 @@
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"requiredCredentials": [ "password" ],
"requiredResourceCredentials": [ "password" ],
"requiredApplicationCredentials": [ "password" ],
"requiredOAuthClientCredentials": [ "password" ],
"users" : [
{
@ -57,7 +57,7 @@
"roles": ["user"]
}
],
"resources": [
"applications": [
{
"name": "customer-portal",
"enabled": true,

View file

@ -27,25 +27,9 @@ module.controller('GlobalCtrl', function($scope, $http, Auth, Current, $location
$http.get('/auth-server/rest/saas/admin/realms').success(function(data) {
Current.realms = data;
var count = 0;
var showrealm = false;
var id = null;
for (var key in data) {
if (count > 0) {
showrealm = false;
break;
}
id = key;
showrealm = true;
count++;
}
if (showrealm) {
console.log('default redirect to realm: ' + id);
Current.realm = Current.realms[id];
$location.url("/realms/" + id);
} else {
//console.log('not redirecting');
if (data.length > 0) {
Current.realm = data[0];
$location.url("/realms/" + Current.realm.id);
}
});
});
@ -58,48 +42,57 @@ module.controller('RealmListCtrl', function($scope, Realm, Current) {
module.controller('RealmDropdownCtrl', function($scope, Realm, Current, Auth, $location) {
// Current.realms = Realm.get();
$scope.current = Current;
if (Current.realms.length > 0) {
console.log('[0]: ' + current.realms[0].realm);
}
$scope.changeRealm = function() {
for (var id in Current.realms) {
var val = Current.realms[id];
if (val == Current.realm) {
$location.url("/realms/" + id);
break;
}
}
$location.url("/realms/" + $scope.current.realm.id);
};
$scope.showNav = function() {
var show = false;
for (var key in Current.realms) {
if (typeof Current.realms[key] != "function") {
if (Current.realms[key] == Current.realm) {
$scope.currentRealmId = key;
}
show = true;
}
}
var show = Current.realms.length > 0;
console.log('Show dropdown? ' + show);
return Auth.loggedIn && show;
}
});
module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $location, Dialog, Notifications) {
$scope.realm = angular.copy(realm);
module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $http, $location, Dialog, Notifications) {
$scope.createRealm = !realm.id;
if ($scope.createRealm) {
$scope.realm.enabled = true;
$scope.realm.requireSsl = true;
$scope.realm.cookieLoginAllowed = true;
$scope.realm.tokenLifespan = 300;
$scope.realm.tokenLifespanUnit = 'SECONDS';
$scope.realm.accessCodeLifespan = 300;
$scope.realm.accessCodeLifespanUnit = 'SECONDS';
$scope.realm.requiredCredentials = ['password'];
$scope.realm = {
enabled: true,
requireSsl: true,
cookieLoginAllowed: true,
tokenLifespan: 300,
tokenLifespanUnit: 'SECONDS',
accessCodeLifespan: 300,
accessCodeLifespanUnit: 'SECONDS',
requiredCredentials: ['password']
};
} else {
$scope.realm.name = realm.realm;
$scope.realm.requireSsl = !$scope.realm.sslNotRequired;
$scope.realm.tokenLifespanUnit = 'SECONDS';
$scope.realm.acessCodeLifespanUnit = 'SECONDS';
if (Current.realm == null || Current.realm.id != realm.id) {
for (var i = 0; i < Current.realms.length; i++) {
if (realm.id == Current.realms[i].id) {
Current.realm = Current.realms[i];
break;
}
}
}
if (Current.realm == null || Current.realm.id != realm.id) {
console.log('should be unreachable');
return;
}
$scope.realm = angular.copy(realm);
$scope.realm.requireSsl = !realm.sslNotRequired;
$scope.realm.tokenLifespanUnit = 'SECONDS';
$scope.realm.accessCodeLifespanUnit = 'SECONDS';
}
var oldCopy = angular.copy($scope.realm);
$scope.userCredentialOptions = {
'multiple' : true,
@ -110,93 +103,47 @@ module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $lo
$scope.changed = $scope.create;
$scope.$watch('realm', function() {
if (!angular.equals($scope.realm, realm)) {
if (!angular.equals($scope.realm, oldCopy)) {
$scope.changed = true;
}
}, true);
$scope.addRole = function() {
if ($scope.newRole) {
if ($scope.realm.roles) {
for ( var i = 0; i < $scope.realm.roles.length; i++) {
if ($scope.realm.roles[i] == $scope.newRole) {
Notifications.warn("Role already exists");
$scope.newRole = null;
return;
}
}
}
if (!$scope.realm.roles) {
$scope.realm.roles = [];
}
$scope.realm.roles.push($scope.newRole);
$scope.newRole = null;
}
}
$scope.removeRole = function(role) {
Dialog.confirmDelete(role, 'role', function() {
var i = $scope.realm.roles.indexOf(role);
if (i > -1) {
$scope.realm.roles.splice(i, 1);
}
if ($scope.realm.initialRoles) {
$scope.removeInitialRole(role);
}
});
};
$scope.addInitialRole = function() {
if ($scope.newInitialRole) {
if (!$scope.realm.initialRoles) {
$scope.realm.initialRoles = [];
}
$scope.realm.initialRoles.push($scope.newInitialRole);
$scope.newInitialRole = null;
}
}
$scope.removeInitialRole = function(role) {
var i = $scope.realm.initialRoles.indexOf(role);
if (i > -1) {
$scope.realm.initialRoles.splice(i, 1);
}
};
$scope.save = function() {
if ($scope.realmForm.$valid) {
var realmCopy = {
realm: $scope.realm.name,
enabled: $scope.realm.enabled,
cookieLoginAllowed: $scope.realm.cookieLoginAllowed,
sslNotRequired: !$scope.realm.requireSsl,
tokenLifespan: $scope.realm.tokenLifespan,
accessCodeLifespan: $scope.realm.accessCodeLifespan,
requiredCredentials: $scope.realm.requiredCredentials
};
var realmCopy = angular.copy($scope.realm);
realmCopy.sslNotRequired = !realmCopy.requireSsl;
delete realmCopy["requireSsl"];
delete realmCopy["tokenLifespanUnit"];
delete realmCopy["accessCodeLifespanUnit"];
if ($scope.createRealm) {
Realm.save(realmCopy, function(data, headers) {
console.log('creating new realm');
var l = headers().location;
var id = l.substring(l.lastIndexOf("/") + 1);
var data = Realm.get(function() {
var data = Realm.query(function() {
Current.realms = data;
Current.realm = Current.realms[id];
for (var i = 0; i < Current.realms.length; i++) {
if (Current.realms[i].id == id) {
Current.realm = Current.realms[i];
}
}
});
$location.url("/realms/" + id);
Notifications.success("Created realm");
});
} else {
console.log('updating realm...');
Realm.update(realmCopy, function() {
Current.realms = Realm.get();
$scope.changed = false;
realm = angular.copy($scope.realm);
var id = realmCopy.id;
var data = Realm.query(function() {
Current.realms = data;
for (var i = 0; i < Current.realms.length; i++) {
if (Current.realms[i].id == id) {
Current.realm = Current.realms[i];
}
}
});
$location.url("/realms/" + id);
Notifications.success("Saved changes to realm");
});
}
@ -206,7 +153,7 @@ module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $lo
};
$scope.reset = function() {
$scope.realm = angular.copy(realm);
$scope.realm = angular.copy(oldCopy);
$scope.changed = false;
$scope.realmForm.showErrors = false;
};

View file

@ -132,7 +132,7 @@ module.factory('Role', function($resource) {
});
module.factory('Application', function($resource) {
return $resource('/auth-server/rest/saas/admin/realms/:realm/resources/:id', {
return $resource('/auth-server/rest/saas/admin/realms/:realm/applications/:id', {
realm : '@realm',
id : '@id'
}, {

View file

@ -22574,7 +22574,7 @@ var ngSubmitDirective = ngDirective(function(scope, element, attrs) {
* @description
* Fetches, compiles and includes an external HTML fragment.
*
* Keep in mind that Same Origin Policy applies to included resources
* Keep in mind that Same Origin Policy applies to included applications
* (e.g. ngInclude won't work for cross-domain requests on all browsers and for
* file:// access on some browsers).
*

View file

@ -13168,7 +13168,7 @@ var ngSubmitDirective = ngDirective(function(scope, element, attrs) {
* @description
* Fetches, compiles and includes an external HTML fragment.
*
* Keep in mind that Same Origin Policy applies to included resources
* Keep in mind that Same Origin Policy applies to included applications
* (e.g. ngInclude won't work for cross-domain requests on all browsers and for
* file:// access on some browsers).
*

View file

@ -5,9 +5,9 @@
<nav id="global-nav">
<div data-ng-controller="RealmDropdownCtrl" >
<ul class="nav pull-left" data-ng-show="showNav()">
<li class="divider-vertical-right"><a href="#/realms/{{currentRealmId}}">Realm</a></li>
<li class="divider-vertical-right"><a href="#/realms/{{current.realm.id}}">Realm</a></li>
</ul>
<select class="nav pull-left" data-ng-show="showNav()" ng-change="changeRealm()" ng-model="current.realm" ng-options="name for (id, name) in current.realms">
<select class="nav pull-left" data-ng-show="showNav()" ng-change="changeRealm()" ng-model="current.realm" ng-options="r.realm for r in current.realms">
</select>
<!-- <select class="nav pull-left" ng-options="r.name for r in current.realms"></select> -->
</div>

View file

@ -22,7 +22,7 @@
<label for="realmForm-name" class="control-label">Name</label>
<div class="controls">
<input class="input-xlarge" type="text" name="name" data-ng-model="realm.name" autofocus
<input class="input-xlarge" type="text" name="name" data-ng-model="realm.realm" autofocus
required>
</div>
</div>
@ -139,7 +139,6 @@
</button>
<button type="submit" data-ng-click="reset()" class="btn" data-ng-show="changed">Clear changes
</button>
<a href="#/realms" data-ng-hide="changed">View realms &#187;</a>
<button type="submit" data-ng-click="remove()" class="btn btn-danger" data-ng-hide="changed">
Delete
</button>

View file

@ -15,7 +15,7 @@
href="#/create/role/{{realm.id}}">New Role</a></li>
</ul>
</li>
<li data-ng-class="path[2] == 'resources' && 'active'"><a href="#/realms/{{realm.id}}/applications">Manage Applications</a></li>
<li data-ng-class="path[2] == 'applications' && 'active'"><a href="#/realms/{{realm.id}}/applications">Manage Applications</a></li>
<li data-ng-class="!path[2] && 'active'"><a href="#/realms/{{realm.id}}">Realm Settings</a></li>
</ul>
</nav>

View file

@ -447,7 +447,7 @@ public class OAuthAuthenticationServerValve extends FormAuthenticator implements
userSessionManagement.logout(username);
request.setUserPrincipal(null);
request.setAuthType(null);
// logout user on all declared authenticated resources
// logout user on all declared authenticated applications
logoutResources(username, admin);
redirectToWelcomePage(request, response);
}

View file

@ -206,7 +206,7 @@ public class AuthenticationManager {
List<RequiredCredentialModel> requiredCredentials = null;
if (realm.hasRole(user, RealmManager.RESOURCE_ROLE)) {
requiredCredentials = realm.getRequiredResourceCredentials();
requiredCredentials = realm.getRequiredApplicationCredentials();
} else if (realm.hasRole(user, RealmManager.IDENTITY_REQUESTER_ROLE)) {
requiredCredentials = realm.getRequiredOAuthClientCredentials();
} else {

View file

@ -1,21 +1,14 @@
package org.keycloak.services.managers;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.ResourceRepresentation;
import org.keycloak.representations.idm.RoleMappingRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.ScopeMappingRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.*;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.services.models.*;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.*;
import java.util.concurrent.atomic.AtomicLong;
/**
@ -25,6 +18,7 @@ import java.util.concurrent.atomic.AtomicLong;
* @version $Revision: 1 $
*/
public class RealmManager {
protected static final Logger logger = Logger.getLogger(RealmManager.class);
private static AtomicLong counter = new AtomicLong(1);
public static final String RESOURCE_ROLE = "KEYCLOAK_RESOURCE";
public static final String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER";
@ -72,6 +66,26 @@ public class RealmManager {
realm.setPublicKey(keyPair.getPublic());
}
public void updateRealm(RealmRepresentation rep, RealmModel realm) {
if (rep.getRealm() != null) realm.setName(rep.getRealm());
realm.setEnabled(rep.isEnabled());
realm.setCookieLoginAllowed(rep.isCookieLoginAllowed());
realm.setRegistrationAllowed(rep.isRegistrationAllowed());
realm.setSslNotRequired((rep.isSslNotRequired()));
realm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
realm.setTokenLifespan(rep.getTokenLifespan());
if (rep.getRequiredOAuthClientCredentials() != null) {
realm.updateRequiredOAuthClientCredentials(rep.getRequiredOAuthClientCredentials());
}
if (rep.getRequiredCredentials() != null) {
logger.info("updating required credentials");
realm.updateRequiredCredentials(rep.getRequiredCredentials());
}
if (rep.getRequiredApplicationCredentials() != null) {
realm.updateRequiredApplicationCredentials(rep.getRequiredApplicationCredentials());
}
}
public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
//verifyRealmRepresentation(rep);
RealmModel realm = createRealm(rep.getRealm());
@ -103,7 +117,7 @@ public class RealmManager {
}
}
if (rep.getRequiredResourceCredentials() != null) {
if (rep.getRequiredApplicationCredentials() != null) {
for (String requiredCred : rep.getRequiredCredentials()) {
addResourceRequiredCredential(newRealm, requiredCred);
}
@ -130,7 +144,7 @@ public class RealmManager {
}
}
if (rep.getResources() != null) {
if (rep.getApplications() != null) {
createResources(rep, newRealm);
}
@ -201,7 +215,7 @@ public class RealmManager {
protected void createResources(RealmRepresentation rep, RealmModel realm) {
RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE);
ResourceManager manager = new ResourceManager(this);
for (ResourceRepresentation resourceRep : rep.getResources()) {
for (ApplicationRepresentation resourceRep : rep.getApplications()) {
manager.createResource(realm, loginRole, resourceRep);
}
}
@ -226,21 +240,21 @@ public class RealmManager {
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
List<RequiredCredentialModel> requiredCredentialModels = realm.getRequiredCredentials();
if (requiredCredentialModels.size() > 0) {
rep.setRequiredCredentials(new ArrayList<String>());
rep.setRequiredCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredCredentialModels) {
rep.getRequiredCredentials().add(cred.getType());
}
}
List<RequiredCredentialModel> requiredResourceCredentialModels = realm.getRequiredResourceCredentials();
List<RequiredCredentialModel> requiredResourceCredentialModels = realm.getRequiredApplicationCredentials();
if (requiredResourceCredentialModels.size() > 0) {
rep.setRequiredResourceCredentials(new ArrayList<String>());
rep.setRequiredApplicationCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredResourceCredentialModels) {
rep.getRequiredResourceCredentials().add(cred.getType());
rep.getRequiredApplicationCredentials().add(cred.getType());
}
}
List<RequiredCredentialModel> requiredOAuthCredentialModels = realm.getRequiredOAuthClientCredentials();
if (requiredOAuthCredentialModels.size() > 0) {
rep.setRequiredOAuthClientCredentials(new ArrayList<String>());
rep.setRequiredOAuthClientCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredOAuthCredentialModels) {
rep.getRequiredOAuthClientCredentials().add(cred.getType());
}

View file

@ -6,7 +6,7 @@ import org.jboss.resteasy.logging.Logger;
import org.keycloak.TokenIdGenerator;
import org.keycloak.representations.idm.admin.LogoutAction;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.ApplicationModel;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Form;
@ -29,14 +29,14 @@ public class ResourceAdminManager {
.disableTrustManager() // todo fix this, should have a trust manager or a good default
.build();
List<ResourceModel> resources = realm.getResources();
List<ApplicationModel> resources = realm.getApplications();
logger.info("logging out " + resources.size() + " resoures.");
for (ResourceModel resource : resources) {
for (ApplicationModel resource : resources) {
logoutResource(realm, resource, user, client);
}
}
protected boolean logoutResource(RealmModel realm, ResourceModel resource, String user, ResteasyClient client) {
protected boolean logoutResource(RealmModel realm, ApplicationModel resource, String user, ResteasyClient client) {
LogoutAction adminAction = new LogoutAction(TokenIdGenerator.generateId(), System.currentTimeMillis() / 1000 + 30, resource.getName(), user);
String token = new TokenManager().encodeToken(realm, adminAction);
Form form = new Form();

View file

@ -1,18 +1,13 @@
package org.keycloak.services.managers;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.ResourceRepresentation;
import org.keycloak.representations.idm.RoleMappingRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.ScopeMappingRepresentation;
import org.keycloak.representations.idm.*;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.ApplicationModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.models.UserModel;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
@ -25,8 +20,8 @@ public class ResourceManager {
this.realmManager = realmManager;
}
public ResourceModel createResource(RealmModel realm, RoleModel loginRole, ResourceRepresentation resourceRep) {
ResourceModel resource = realm.addResource(resourceRep.getName());
public ApplicationModel createResource(RealmModel realm, RoleModel loginRole, ApplicationRepresentation resourceRep) {
ApplicationModel resource = realm.addApplication(resourceRep.getName());
resource.setEnabled(resourceRep.isEnabled());
resource.setManagementUrl(resourceRep.getAdminUrl());
resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
@ -78,12 +73,12 @@ public class ResourceManager {
return resource;
}
public ResourceModel createResource(RealmModel realm, ResourceRepresentation resourceRep) {
public ApplicationModel createResource(RealmModel realm, ApplicationRepresentation resourceRep) {
RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE);
return createResource(realm, loginRole, resourceRep);
}
public void updateResource(ResourceRepresentation rep, ResourceModel resource) {
public void updateResource(ApplicationRepresentation rep, ApplicationModel resource) {
resource.setName(rep.getName());
resource.setEnabled(rep.isEnabled());
resource.setManagementUrl(rep.getAdminUrl());
@ -92,13 +87,13 @@ public class ResourceManager {
}
public ResourceRepresentation toRepresentation(ResourceModel resourceModel) {
ResourceRepresentation rep = new ResourceRepresentation();
rep.setId(resourceModel.getId());
rep.setName(resourceModel.getName());
rep.setEnabled(resourceModel.isEnabled());
rep.setAdminUrl(resourceModel.getManagementUrl());
rep.setSurrogateAuthRequired(resourceModel.isSurrogateAuthRequired());
public ApplicationRepresentation toRepresentation(ApplicationModel applicationModel) {
ApplicationRepresentation rep = new ApplicationRepresentation();
rep.setId(applicationModel.getId());
rep.setName(applicationModel.getName());
rep.setEnabled(applicationModel.isEnabled());
rep.setAdminUrl(applicationModel.getManagementUrl());
rep.setSurrogateAuthRequired(applicationModel.isSurrogateAuthRequired());
return rep;
}

View file

@ -6,7 +6,7 @@ import org.jboss.resteasy.jwt.JsonSerialization;
import org.keycloak.representations.SkeletonKeyScope;
import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.ApplicationModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
@ -66,7 +66,7 @@ public class TokenManager {
}
}
}
for (ResourceModel resource : realm.getResources()) {
for (ApplicationModel resource : realm.getApplications()) {
Set<String> mapping = resource.getRoleMappings(user);
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
Set<String> scope = resource.getScope(client);
@ -131,9 +131,9 @@ public class TokenManager {
}
if (accessCodeEntry.getResourceRolesRequested().size() > 0) {
Map<String, ResourceModel> resourceMap = realm.getResourceNameMap();
Map<String, ApplicationModel> resourceMap = realm.getResourceNameMap();
for (String resourceName : accessCodeEntry.getResourceRolesRequested().keySet()) {
ResourceModel resource = resourceMap.get(resourceName);
ApplicationModel resource = resourceMap.get(resourceName);
SkeletonKeyToken.Access access = token.addAccess(resourceName).verifyCaller(resource.isSurrogateAuthRequired());
for (RoleModel role : accessCodeEntry.getResourceRolesRequested().get(resourceName)) {
access.addRole(role.getName());
@ -166,7 +166,7 @@ public class TokenManager {
public SkeletonKeyToken createAccessToken(RealmModel realm, UserModel user) {
List<ResourceModel> resources = realm.getResources();
List<ApplicationModel> resources = realm.getApplications();
SkeletonKeyToken token = new SkeletonKeyToken();
token.id(RealmManager.generateId());
token.issuedNow();
@ -186,7 +186,7 @@ public class TokenManager {
token.setRealmAccess(access);
}
if (resources != null) {
for (ResourceModel resource : resources) {
for (ApplicationModel resource : resources) {
Set<String> mapping = resource.getRoleMappings(user);
if (mapping == null) continue;
SkeletonKeyToken.Access access = token.addAccess(resource.getName())

View file

@ -7,7 +7,7 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ResourceModel {
public interface ApplicationModel {
void updateResource();
UserModel getResourceUser();

View file

@ -61,7 +61,6 @@ public interface RealmModel {
List<RequiredCredentialModel> getRequiredCredentials();
void addRequiredCredential(RequiredCredentialModel cred);
void addRequiredCredential(String cred);
boolean validatePassword(UserModel user, String password);
@ -80,11 +79,11 @@ public interface RealmModel {
List<RoleModel> getRoles();
Map<String, ResourceModel> getResourceNameMap();
Map<String, ApplicationModel> getResourceNameMap();
List<ResourceModel> getResources();
List<ApplicationModel> getApplications();
ResourceModel addResource(String name);
ApplicationModel addApplication(String name);
boolean hasRole(UserModel user, RoleModel role);
@ -102,19 +101,23 @@ public interface RealmModel {
RoleModel getRoleById(String id);
void addRequiredResourceCredential(RequiredCredentialModel cred);
List<RequiredCredentialModel> getRequiredResourceCredentials();
List<RequiredCredentialModel> getRequiredApplicationCredentials();
void addRequiredOAuthClientCredential(RequiredCredentialModel cred);
List<RequiredCredentialModel> getRequiredOAuthClientCredentials();
boolean hasRole(UserModel user, String role);
ResourceModel getResourceById(String id);
ApplicationModel getApplicationById(String id);
void addRequiredOAuthClientCredential(String type);
void addRequiredResourceCredential(String type);
void updateRequiredCredentials(Set<String> creds);
void updateRequiredOAuthClientCredentials(Set<String> creds);
void updateRequiredApplicationCredentials(Set<String> creds);
}

View file

@ -1,10 +1,9 @@
package org.keycloak.services.models.picketlink;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.ApplicationModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.models.picketlink.mappings.ResourceData;
import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
import org.keycloak.services.models.picketlink.mappings.ApplicationData;
import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.PartitionManager;
@ -24,14 +23,14 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ResourceAdapter implements ResourceModel {
protected ResourceData resource;
public class ApplicationAdapter implements ApplicationModel {
protected ApplicationData resource;
protected RealmAdapter realm;
protected IdentityManager idm;
protected PartitionManager partitionManager;
protected RelationshipManager relationshipManager;
public ResourceAdapter(ResourceData resource, RealmAdapter realm, PartitionManager partitionManager) {
public ApplicationAdapter(ApplicationData resource, RealmAdapter realm, PartitionManager partitionManager) {
this.resource = resource;
this.realm = realm;
this.partitionManager = partitionManager;

View file

@ -1,24 +1,21 @@
package org.keycloak.services.models.picketlink;
import org.bouncycastle.openssl.PEMWriter;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.security.PemUtils;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.KeycloakSession;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.ApplicationModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.models.picketlink.mappings.RealmData;
import org.keycloak.services.models.picketlink.mappings.ResourceData;
import org.keycloak.services.models.picketlink.relationships.OAuthClientRequiredCredentialRelationship;
import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship;
import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship;
import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
import org.keycloak.services.models.picketlink.relationships.ResourceRequiredCredentialRelationship;
import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
import org.keycloak.services.models.picketlink.mappings.ApplicationData;
import org.keycloak.services.models.picketlink.relationships.*;
import org.keycloak.services.models.picketlink.relationships.RequiredApplicationCredentialRelationship;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.PartitionManager;
import org.picketlink.idm.RelationshipManager;
@ -55,6 +52,7 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public class RealmAdapter implements RealmModel {
protected static final Logger logger = Logger.getLogger(RealmManager.class);
protected RealmData realm;
protected volatile transient PublicKey publicKey;
@ -251,28 +249,34 @@ public class RealmAdapter implements RealmModel {
@Override
public List<RequiredCredentialModel> getRequiredCredentials() {
RelationshipQuery<RequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(RequiredCredentialRelationship.class);
query.setParameter(RequiredCredentialRelationship.REALM, realm.getName());
List<RequiredCredentialRelationship> results = query.getResultList();
List<RequiredCredentialRelationship> results = getRequiredCredentialRelationships();
return getRequiredCredentialModels(results);
}
protected List<RequiredCredentialRelationship> getRequiredCredentialRelationships() {
RelationshipQuery<RequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(RequiredCredentialRelationship.class);
query.setParameter(RequiredCredentialRelationship.REALM, realm.getName());
return query.getResultList();
}
@Override
public void addRequiredResourceCredential(RequiredCredentialModel cred) {
ResourceRequiredCredentialRelationship relationship = new ResourceRequiredCredentialRelationship();
public void addRequiredApplicationCredential(RequiredCredentialModel cred) {
RequiredApplicationCredentialRelationship relationship = new RequiredApplicationCredentialRelationship();
addRequiredCredential(cred, relationship);
}
@Override
public List<RequiredCredentialModel> getRequiredResourceCredentials() {
RelationshipQuery<ResourceRequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRequiredCredentialRelationship.class);
query.setParameter(ResourceRequiredCredentialRelationship.REALM, realm.getName());
List<ResourceRequiredCredentialRelationship> results = query.getResultList();
public List<RequiredCredentialModel> getRequiredApplicationCredentials() {
List<RequiredApplicationCredentialRelationship> results = getResourceRequiredCredentialRelationships();
return getRequiredCredentialModels(results);
}
@Override
protected List<RequiredApplicationCredentialRelationship> getResourceRequiredCredentialRelationships() {
RelationshipQuery<RequiredApplicationCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(RequiredApplicationCredentialRelationship.class);
query.setParameter(RequiredApplicationCredentialRelationship.REALM, realm.getName());
return query.getResultList();
}
public void addRequiredOAuthClientCredential(RequiredCredentialModel cred) {
OAuthClientRequiredCredentialRelationship relationship = new OAuthClientRequiredCredentialRelationship();
addRequiredCredential(cred, relationship);
@ -280,15 +284,16 @@ public class RealmAdapter implements RealmModel {
@Override
public List<RequiredCredentialModel> getRequiredOAuthClientCredentials() {
RelationshipQuery<OAuthClientRequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(OAuthClientRequiredCredentialRelationship.class);
query.setParameter(ResourceRequiredCredentialRelationship.REALM, realm.getName());
List<OAuthClientRequiredCredentialRelationship> results = query.getResultList();
List<OAuthClientRequiredCredentialRelationship> results = getOAuthClientRequiredCredentialRelationships();
return getRequiredCredentialModels(results);
}
protected List<OAuthClientRequiredCredentialRelationship> getOAuthClientRequiredCredentialRelationships() {
RelationshipQuery<OAuthClientRequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(OAuthClientRequiredCredentialRelationship.class);
query.setParameter(RequiredApplicationCredentialRelationship.REALM, realm.getName());
return query.getResultList();
}
@Override
public void addRequiredCredential(RequiredCredentialModel cred) {
RequiredCredentialRelationship relationship = new RequiredCredentialRelationship();
addRequiredCredential(cred, relationship);
@ -316,6 +321,65 @@ public class RealmAdapter implements RealmModel {
getRelationshipManager().add(relationship);
}
@Override
public void updateRequiredCredentials(Set<String> creds) {
List<RequiredCredentialRelationship> relationships = getRequiredCredentialRelationships();
RelationshipManager rm = getRelationshipManager();
Set<String> already = new HashSet<String>();
for (RequiredCredentialRelationship rel : relationships) {
if (!creds.contains(rel.getCredentialType())) {
rm.remove(rel);
} else {
already.add(rel.getCredentialType());
}
}
for (String cred : creds) {
logger.info("updating cred: " + cred);
if (!already.contains(cred)) {
addRequiredCredential(cred);
}
}
}
@Override
public void updateRequiredOAuthClientCredentials(Set<String> creds) {
List<OAuthClientRequiredCredentialRelationship> relationships = getOAuthClientRequiredCredentialRelationships();
RelationshipManager rm = getRelationshipManager();
Set<String> already = new HashSet<String>();
for (RequiredCredentialRelationship rel : relationships) {
if (!creds.contains(rel.getCredentialType())) {
rm.remove(rel);
} else {
already.add(rel.getCredentialType());
}
}
for (String cred : creds) {
if (!already.contains(cred)) {
addRequiredOAuthClientCredential(cred);
}
}
}
@Override
public void updateRequiredApplicationCredentials(Set<String> creds) {
List<RequiredApplicationCredentialRelationship> relationships = getResourceRequiredCredentialRelationships();
RelationshipManager rm = getRelationshipManager();
Set<String> already = new HashSet<String>();
for (RequiredCredentialRelationship rel : relationships) {
if (!creds.contains(rel.getCredentialType())) {
rm.remove(rel);
} else {
already.add(rel.getCredentialType());
}
}
for (String cred : creds) {
if (!already.contains(cred)) {
addRequiredResourceCredential(cred);
}
}
}
@Override
public void addRequiredCredential(String type) {
RequiredCredentialModel model = initRequiredCredentialModel(type);
@ -331,7 +395,7 @@ public class RealmAdapter implements RealmModel {
@Override
public void addRequiredResourceCredential(String type) {
RequiredCredentialModel model = initRequiredCredentialModel(type);
addRequiredResourceCredential(model);
addRequiredApplicationCredential(model);
}
protected RequiredCredentialModel initRequiredCredentialModel(String type) {
@ -444,9 +508,9 @@ public class RealmAdapter implements RealmModel {
* @return
*/
@Override
public Map<String, ResourceModel> getResourceNameMap() {
Map<String, ResourceModel> resourceMap = new HashMap<String, ResourceModel>();
for (ResourceModel resource : getResources()) {
public Map<String, ApplicationModel> getResourceNameMap() {
Map<String, ApplicationModel> resourceMap = new HashMap<String, ApplicationModel>();
for (ApplicationModel resource : getApplications()) {
resourceMap.put(resource.getName(), resource);
}
return resourceMap;
@ -458,27 +522,27 @@ public class RealmAdapter implements RealmModel {
* @return
*/
@Override
public ResourceModel getResourceById(String id) {
public ApplicationModel getApplicationById(String id) {
RelationshipQuery<ResourceRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRelationship.class);
query.setParameter(ResourceRelationship.REALM, realm.getName());
query.setParameter(ResourceRelationship.RESOURCE, id);
List<ResourceRelationship> results = query.getResultList();
if (results.size() == 0) return null;
ResourceData resource = partitionManager.getPartition(ResourceData.class, id);
ResourceModel model = new ResourceAdapter(resource, this, partitionManager);
ApplicationData resource = partitionManager.getPartition(ApplicationData.class, id);
ApplicationModel model = new ApplicationAdapter(resource, this, partitionManager);
return model;
}
@Override
public List<ResourceModel> getResources() {
public List<ApplicationModel> getApplications() {
RelationshipQuery<ResourceRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRelationship.class);
query.setParameter(ResourceRelationship.REALM, realm.getName());
List<ResourceRelationship> results = query.getResultList();
List<ResourceModel> resources = new ArrayList<ResourceModel>();
List<ApplicationModel> resources = new ArrayList<ApplicationModel>();
for (ResourceRelationship relationship : results) {
ResourceData resource = partitionManager.getPartition(ResourceData.class, relationship.getResource());
ResourceModel model = new ResourceAdapter(resource, this, partitionManager);
ApplicationData resource = partitionManager.getPartition(ApplicationData.class, relationship.getResource());
ApplicationModel model = new ApplicationAdapter(resource, this, partitionManager);
resources.add(model);
}
@ -486,19 +550,19 @@ public class RealmAdapter implements RealmModel {
}
@Override
public ResourceModel addResource(String name) {
ResourceData resourceData = new ResourceData(RealmManager.generateId());
public ApplicationModel addApplication(String name) {
ApplicationData applicationData = new ApplicationData(RealmManager.generateId());
User resourceUser = new User(name);
idm.add(resourceUser);
resourceData.setResourceUser(resourceUser);
resourceData.setResourceName(name);
resourceData.setResourceUser(resourceUser);
partitionManager.add(resourceData);
applicationData.setResourceUser(resourceUser);
applicationData.setResourceName(name);
applicationData.setResourceUser(resourceUser);
partitionManager.add(applicationData);
ResourceRelationship resourceRelationship = new ResourceRelationship();
resourceRelationship.setRealm(realm.getName());
resourceRelationship.setResource(resourceData.getName());
resourceRelationship.setResource(applicationData.getName());
getRelationshipManager().add(resourceRelationship);
ResourceModel resource = new ResourceAdapter(resourceData, this, partitionManager);
ApplicationModel resource = new ApplicationAdapter(applicationData, this, partitionManager);
resource.addRole("*");
resource.addScope(new UserAdapter(resourceUser, idm), "*");
return resource;

View file

@ -9,17 +9,17 @@ import org.picketlink.idm.model.sample.User;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ResourceData extends AbstractPartition {
public class ApplicationData extends AbstractPartition {
private String resourceName;
private boolean enabled;
private boolean surrogateAuthRequired;
private String managementUrl;
private User resourceUser;
public ResourceData() {
public ApplicationData() {
super(null);
}
public ResourceData(String name) {
public ApplicationData(String name) {
super(name);
}

View file

@ -15,9 +15,9 @@ import java.io.Serializable;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@IdentityManaged(ResourceData.class)
@IdentityManaged(ApplicationData.class)
@Entity
public class ResourceEntity implements Serializable {
public class ApplicationEntity implements Serializable {
@OneToOne
@Id
@OwnerReference

View file

@ -4,5 +4,5 @@ package org.keycloak.services.models.picketlink.relationships;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ResourceRequiredCredentialRelationship extends RequiredCredentialRelationship {
public class RequiredApplicationCredentialRelationship extends RequiredCredentialRelationship {
}

View file

@ -6,8 +6,8 @@ import org.keycloak.services.managers.TokenManager;
import org.keycloak.services.models.KeycloakSessionFactory;
import org.keycloak.services.models.picketlink.PicketlinkKeycloakSession;
import org.keycloak.services.models.picketlink.PicketlinkKeycloakSessionFactory;
import org.keycloak.services.models.picketlink.mappings.ApplicationEntity;
import org.keycloak.services.models.picketlink.mappings.RealmEntity;
import org.keycloak.services.models.picketlink.mappings.ResourceEntity;
import org.keycloak.social.SocialRequestManager;
import org.picketlink.idm.PartitionManager;
import org.picketlink.idm.config.IdentityConfigurationBuilder;
@ -98,7 +98,7 @@ public class KeycloakApplication extends Application {
OTPCredentialTypeEntity.class,
AttributeTypeEntity.class,
RealmEntity.class,
ResourceEntity.class
ApplicationEntity.class
)
.supportGlobalRelationship(org.picketlink.idm.model.Relationship.class)
.addContextInitializer(new JPAContextInitializer(null) {

View file

@ -2,53 +2,45 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.ResourceRepresentation;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.ApplicationModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.resources.Transaction;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.util.ArrayList;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class RealmResourceResource {
public class ApplicationResource {
protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
protected UserModel admin;
protected RealmModel realm;
protected ResourceModel resourceModel;
protected ApplicationModel applicationModel;
public RealmResourceResource(UserModel admin, RealmModel realm, ResourceModel resourceModel) {
public ApplicationResource(UserModel admin, RealmModel realm, ApplicationModel applicationModel) {
this.admin = admin;
this.realm = realm;
this.resourceModel = resourceModel;
this.applicationModel = applicationModel;
}
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public void update(final ResourceRepresentation rep) {
public void update(final ApplicationRepresentation rep) {
new Transaction() {
@Override
protected void runImpl() {
ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
resourceManager.updateResource(rep, resourceModel);
resourceManager.updateResource(rep, applicationModel);
}
}.run();
}
@ -57,12 +49,12 @@ public class RealmResourceResource {
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public ResourceRepresentation getResource(final @PathParam("id") String id) {
public ApplicationRepresentation getResource(final @PathParam("id") String id) {
return new Transaction() {
@Override
protected ResourceRepresentation callImpl() {
protected ApplicationRepresentation callImpl() {
ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
return resourceManager.toRepresentation(resourceModel);
return resourceManager.toRepresentation(applicationModel);
}
}.call();
}

View file

@ -2,11 +2,11 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.ResourceRepresentation;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.ApplicationModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.resources.Transaction;
@ -14,7 +14,6 @@ import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
@ -29,12 +28,12 @@ import java.util.List;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class RealmResourcesResource {
public class ApplicationsResource {
protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
protected UserModel admin;
protected RealmModel realm;
public RealmResourcesResource(UserModel admin, RealmModel realm) {
public ApplicationsResource(UserModel admin, RealmModel realm) {
this.admin = admin;
this.realm = realm;
}
@ -42,15 +41,15 @@ public class RealmResourcesResource {
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public List<ResourceRepresentation> getResources() {
public List<ApplicationRepresentation> getResources() {
return new Transaction() {
@Override
protected List<ResourceRepresentation> callImpl() {
List<ResourceRepresentation> rep = new ArrayList<ResourceRepresentation>();
List<ResourceModel> resourceModels = realm.getResources();
protected List<ApplicationRepresentation> callImpl() {
List<ApplicationRepresentation> rep = new ArrayList<ApplicationRepresentation>();
List<ApplicationModel> applicationModels = realm.getApplications();
ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
for (ResourceModel resourceModel : resourceModels) {
rep.add(resourceManager.toRepresentation(resourceModel));
for (ApplicationModel applicationModel : applicationModels) {
rep.add(resourceManager.toRepresentation(applicationModel));
}
return rep;
}
@ -59,27 +58,27 @@ public class RealmResourcesResource {
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response createResource(final @Context UriInfo uriInfo, final ResourceRepresentation rep) {
public Response createResource(final @Context UriInfo uriInfo, final ApplicationRepresentation rep) {
return new Transaction() {
@Override
protected Response callImpl() {
ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
ResourceModel resourceModel = resourceManager.createResource(realm, rep);
return Response.created(uriInfo.getAbsolutePathBuilder().path(resourceModel.getId()).build()).build();
ApplicationModel applicationModel = resourceManager.createResource(realm, rep);
return Response.created(uriInfo.getAbsolutePathBuilder().path(applicationModel.getId()).build()).build();
}
}.call();
}
@Path("{id}")
public RealmResourceResource getResource(final @PathParam("id") String id) {
public ApplicationResource getResource(final @PathParam("id") String id) {
return new Transaction(false) {
@Override
protected RealmResourceResource callImpl() {
ResourceModel resourceModel = realm.getResourceById(id);
if (resourceModel == null) {
protected ApplicationResource callImpl() {
ApplicationModel applicationModel = realm.getApplicationById(id);
if (applicationModel == null) {
throw new NotFoundException();
}
return new RealmResourceResource(admin, realm, resourceModel);
return new ApplicationResource(admin, realm, applicationModel);
}
}.call();

View file

@ -7,17 +7,13 @@ import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.resources.PublicRealmResource;
import org.keycloak.services.resources.Transaction;
import javax.ws.rs.Consumes;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.GET;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
@ -25,15 +21,10 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -49,9 +40,9 @@ public class RealmAdminResource {
this.realm = realm;
}
@Path("resources")
public RealmResourcesResource getResources() {
return new RealmResourcesResource(admin, realm);
@Path("applications")
public ApplicationsResource getResources() {
return new ApplicationsResource(admin, realm);
}
@GET
@ -86,6 +77,19 @@ public class RealmAdminResource {
}.call();
}
@PUT
@Consumes("application/json")
public void updateRealm(final RealmRepresentation rep) {
new Transaction() {
@Override
protected void runImpl() {
logger.info("updating realm: " + rep.getRealm());
new RealmManager(session).updateRealm(rep, realm);
}
}.run();
}
@Path("roles/{id}")
@GET
@NoCache

View file

@ -28,6 +28,7 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import java.net.URI;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -52,18 +53,18 @@ public class RealmsAdminResource {
@GET
@NoCache
@Produces("application/json")
public Response getRealms() {
public List<RealmRepresentation> getRealms() {
return new Transaction() {
@Override
protected Response callImpl() {
protected List<RealmRepresentation> callImpl() {
logger.info(("getRealms()"));
RealmManager realmManager = new RealmManager(session);
List<RealmModel> realms = session.getRealms(admin);
Map<String, String> map = new HashMap<String, String>();
List<RealmRepresentation> reps = new ArrayList<RealmRepresentation>();
for (RealmModel realm : realms) {
map.put(realm.getId(), realm.getName());
reps.add(realmManager.toRepresentation(realm));
}
return Response.ok(new GenericEntity<Map<String, String>>(map){})
.cacheControl(noCache).build();
return reps;
}
}.call();
}

View file

@ -18,7 +18,9 @@ import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.resources.KeycloakApplication;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
/**
@ -89,8 +91,14 @@ public class AdapterTest {
public void test2RequiredCredential() throws Exception {
test1CreateRealm();
realmModel.addRequiredCredential(CredentialRepresentation.PASSWORD);
realmModel.addRequiredCredential(CredentialRepresentation.TOTP);
List<RequiredCredentialModel> storedCreds = realmModel.getRequiredCredentials();
Assert.assertEquals(1, storedCreds.size());
Set<String> creds = new HashSet<String>();
creds.add(CredentialRepresentation.PASSWORD);
creds.add(CredentialRepresentation.TOTP);
realmModel.updateRequiredCredentials(creds);
storedCreds = realmModel.getRequiredCredentials();
Assert.assertEquals(2, storedCreds.size());
boolean totp = false;
boolean password = false;

View file

@ -6,18 +6,18 @@ import org.junit.Before;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.KeycloakSession;
import org.keycloak.services.models.KeycloakSessionFactory;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.ApplicationModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.resources.KeycloakApplication;
import org.keycloak.services.resources.SaasService;
import org.keycloak.services.resources.SaasService;
import java.util.List;
import java.util.Set;
@ -59,7 +59,7 @@ public class ImportTest {
defaultRealm.setCookieLoginAllowed(true);
defaultRealm.setRegistrationAllowed(true);
manager.generateRealmKeys(defaultRealm);
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
UserModel admin = defaultRealm.addUser("admin");
defaultRealm.grantRole(admin, role);
@ -78,7 +78,7 @@ public class ImportTest {
Set<String> scopes = realm.getScope(user);
System.out.println("Scopes size: " + scopes.size());
Assert.assertTrue(scopes.contains("*"));
List<ResourceModel> resources = realm.getResources();
List<ApplicationModel> resources = realm.getApplications();
Assert.assertEquals(2, resources.size());
List<RealmModel> realms = identitySession.getRealms(admin);
Assert.assertEquals(1, realms.size());
@ -96,7 +96,7 @@ public class ImportTest {
defaultRealm.setCookieLoginAllowed(true);
defaultRealm.setRegistrationAllowed(true);
manager.generateRealmKeys(defaultRealm);
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
UserModel admin = defaultRealm.addUser("admin");
defaultRealm.grantRole(admin, role);

View file

@ -1,5 +1,6 @@
package org.keycloak.test;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
@ -21,7 +22,7 @@ public class InstallationManager {
defaultRealm.setCookieLoginAllowed(true);
defaultRealm.setRegistrationAllowed(true);
manager.generateRealmKeys(defaultRealm);
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
}

View file

@ -19,7 +19,7 @@
<class>org.picketlink.idm.jpa.model.sample.simple.OTPCredentialTypeEntity</class>
<class>org.picketlink.idm.jpa.model.sample.simple.AttributeTypeEntity</class>
<class>org.keycloak.services.models.picketlink.mappings.RealmEntity</class>
<class>org.keycloak.services.models.picketlink.mappings.ResourceEntity</class>
<class>org.keycloak.services.models.picketlink.mappings.ApplicationEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes>

View file

@ -8,7 +8,7 @@
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"requiredCredentials": [ "password" ],
"requiredResourceCredentials": [ "password" ],
"requiredApplicationCredentials": [ "password" ],
"requiredOAuthClientCredentials": [ "password" ],
"users" : [
{
@ -57,7 +57,7 @@
"roles": ["user"]
}
],
"resources": [
"applications": [
{
"name": "customer-portal",
"enabled": true,

View file

@ -4,7 +4,7 @@
"tokenLifespan": 6000,
"accessCodeLifespan": 30,
"requiredCredentials": [ "password" ],
"requiredResourceCredentials": [ "password" ],
"requiredApplicationCredentials": [ "password" ],
"requiredOAuthClientCredentials": [ "password" ],
"users": [
{
@ -63,7 +63,7 @@
"roles": ["*"]
}
],
"resources": [
"applications": [
{
"name": "Application",
"enabled": true,