diff --git a/common/src/main/java/org/keycloak/common/Profile.java b/common/src/main/java/org/keycloak/common/Profile.java index a07c56668c..f8e85327ad 100755 --- a/common/src/main/java/org/keycloak/common/Profile.java +++ b/common/src/main/java/org/keycloak/common/Profile.java @@ -116,6 +116,7 @@ public class Profile { OID4VC_VCI("Support for the OID4VCI protocol as part of OID4VC.", Type.EXPERIMENTAL), DECLARATIVE_UI("declarative ui spi", Type.EXPERIMENTAL), + ORGANIZATION("Organization support within realms", Type.EXPERIMENTAL), ; private final Type type; diff --git a/server-spi-private/src/main/java/org/keycloak/organization/OrganizationSpi.java b/server-spi-private/src/main/java/org/keycloak/organization/OrganizationSpi.java new file mode 100644 index 0000000000..2c27c4f899 --- /dev/null +++ b/server-spi-private/src/main/java/org/keycloak/organization/OrganizationSpi.java @@ -0,0 +1,53 @@ +/* + * Copyright 2024 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.organization; + +import org.keycloak.common.Profile; +import org.keycloak.provider.Provider; +import org.keycloak.provider.ProviderFactory; +import org.keycloak.provider.Spi; + +public class OrganizationSpi implements Spi { + + public static final String NAME = "organization"; + + @Override + public boolean isInternal() { + return true; + } + + @Override + public String getName() { + return NAME; + } + + @Override + public Class getProviderClass() { + return OrganizationProvider.class; + } + + @Override + public Class getProviderFactoryClass() { + return OrganizationProviderFactory.class; + } + + @Override + public boolean isEnabled() { + return Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION); + } + +} diff --git a/server-spi-private/src/main/resources/META-INF/services/org.keycloak.provider.Spi b/server-spi-private/src/main/resources/META-INF/services/org.keycloak.provider.Spi index 4cd835ea3a..610d789fb0 100755 --- a/server-spi-private/src/main/resources/META-INF/services/org.keycloak.provider.Spi +++ b/server-spi-private/src/main/resources/META-INF/services/org.keycloak.provider.Spi @@ -97,4 +97,5 @@ org.keycloak.services.cors.CorsSpi org.keycloak.userprofile.UserProfileSpi org.keycloak.device.DeviceRepresentationSpi org.keycloak.health.LoadBalancerCheckSpi -org.keycloak.cookie.CookieSpi \ No newline at end of file +org.keycloak.cookie.CookieSpi +org.keycloak.organization.OrganizationSpi diff --git a/server-spi/src/main/java/org/keycloak/models/OrganizationModel.java b/server-spi/src/main/java/org/keycloak/models/OrganizationModel.java new file mode 100644 index 0000000000..3e688b8bf0 --- /dev/null +++ b/server-spi/src/main/java/org/keycloak/models/OrganizationModel.java @@ -0,0 +1,31 @@ +/* + * Copyright 2024 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.models; + +public interface OrganizationModel { + + String getId(); + + void setName(String name); + + String getName(); + + void setDomainName(String domainName); + + String getDomainName(); +} diff --git a/server-spi/src/main/java/org/keycloak/organization/OrganizationProvider.java b/server-spi/src/main/java/org/keycloak/organization/OrganizationProvider.java new file mode 100644 index 0000000000..4b3f68a745 --- /dev/null +++ b/server-spi/src/main/java/org/keycloak/organization/OrganizationProvider.java @@ -0,0 +1,104 @@ +/* + * Copyright 2024 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.organization; + +import java.util.stream.Stream; +import org.keycloak.models.ModelDuplicateException; +import org.keycloak.models.OrganizationModel; +import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; +import org.keycloak.provider.Provider; + +public interface OrganizationProvider extends Provider { + + /** + * Creates a new organization with given {@code name} to the given realm. + * The internal ID of the organization will be created automatically. + * @param realm Realm owning this organization. + * @param name String name of the organization. + * @throws ModelDuplicateException If there is already an organization with the given name + * @return Model of the created organization. + */ + default OrganizationModel createOrganization(RealmModel realm, String name) { + return createOrganization(realm, null, name); + } + + /** + * Creates a new organization with given {@code id} and {@code name} to the given realm. + * @param realm Realm owning this organization. + * @param id Id of the organization. + * @param name String name of the organization. + * @throws ModelDuplicateException If there is already an organization with the given id or name + * @return Model of the created organization. + */ + OrganizationModel createOrganization(RealmModel realm, String id, String name); + + /** + * Removes the given organization from the given realm. + * + * @param realm Realm. + * @param organization Organization to be removed. + * @return true if the organization was removed, false if group doesn't exist or doesn't belong to the given realm + */ + boolean removeOrganization(RealmModel realm, OrganizationModel organization); + + /** + * Removes all organizations from the given realm. + * @param realm Realm. + */ + void removeOrganizations(RealmModel realm); + + /** + * Returns the organizations of the given realm as a stream. + * @param realm Realm. + * @return Stream of the organizations. Never returns {@code null}. + */ + default Stream getOrganizationsStream(RealmModel realm) { + return getOrganizationsStream(realm, null, null); + } + + /** + * Returns the organizations of the given realm as a stream. + * @param realm Realm. + * @param first First result to return. Ignored if negative or {@code null}. + * @param max Maximum number of results to return. Ignored if negative or {@code null}. + * @return Stream of the roles. Never returns {@code null}. + */ + Stream getOrganizationsStream(RealmModel realm, Integer first, Integer max); + + /** + * Obtains users that belong to the given organization. + * + * @param realm a reference to the realm. + * @param organization a reference to the organization. + * @return a non-null {@link Stream} of users that belong to the organization. + */ + default Stream getMembersStream(RealmModel realm, OrganizationModel organization) { + return getMembersStream(realm, organization, null, null); + } + + /** + * Obtains users that belong to the given organization. + * + * @param realm a reference to the realm. + * @param organization a reference to the organization. + * @param first first result to return. Ignored if negative, zero, or {@code null}. + * @param max maximum number of results to return. Ignored if negative or {@code null}. + * @return a non-null {@link Stream} of users that belong to the organization. + */ + Stream getMembersStream(RealmModel realm, OrganizationModel group, Integer first, Integer max); +} diff --git a/server-spi/src/main/java/org/keycloak/organization/OrganizationProviderFactory.java b/server-spi/src/main/java/org/keycloak/organization/OrganizationProviderFactory.java new file mode 100644 index 0000000000..749b9facd1 --- /dev/null +++ b/server-spi/src/main/java/org/keycloak/organization/OrganizationProviderFactory.java @@ -0,0 +1,22 @@ +/* + * Copyright 2024 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.organization; + +import org.keycloak.provider.ProviderFactory; + +public interface OrganizationProviderFactory extends ProviderFactory { +}