claims backend

This commit is contained in:
Bill Burke 2014-02-26 15:29:17 -05:00
parent db37053f58
commit b249809d2e
26 changed files with 738 additions and 4 deletions

View file

@ -12,7 +12,7 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class AccessToken extends JsonWebToken { public class AccessToken extends IDToken {
public static class Access { public static class Access {
@JsonProperty("roles") @JsonProperty("roles")
protected Set<String> roles; protected Set<String> roles;

View file

@ -21,6 +21,9 @@ public class AccessTokenResponse {
@JsonProperty("token_type") @JsonProperty("token_type")
protected String tokenType; protected String tokenType;
@JsonProperty("id_token")
protected String idToken;
public String getToken() { public String getToken() {
return token; return token;
} }
@ -52,4 +55,12 @@ public class AccessTokenResponse {
public void setTokenType(String tokenType) { public void setTokenType(String tokenType) {
this.tokenType = tokenType; this.tokenType = tokenType;
} }
public String getIdToken() {
return idToken;
}
public void setIdToken(String idToken) {
this.idToken = idToken;
}
} }

View file

@ -0,0 +1,306 @@
package org.keycloak.representations;
import org.codehaus.jackson.annotate.JsonProperty;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class IDToken extends JsonWebToken {
@JsonProperty("nonce")
protected String nonce;
@JsonProperty("name")
protected String name;
@JsonProperty("given_name")
protected String givenName;
@JsonProperty("family_name")
protected String familyName;
@JsonProperty("middle_name")
protected String middleName;
@JsonProperty("nickname")
protected String nickName;
@JsonProperty("preferred_username")
protected String preferredUsername;
@JsonProperty("profile")
protected String profile;
@JsonProperty("picture")
protected String picture;
@JsonProperty("website")
protected String website;
@JsonProperty("email")
protected String email;
@JsonProperty("email_verified")
protected Boolean emailVerified;
@JsonProperty("gender")
protected String gender;
@JsonProperty("birthdate")
protected String birthdate;
@JsonProperty("zoneinfo")
protected String zoneinfo;
@JsonProperty("locale")
protected String locale;
@JsonProperty("phone_number")
protected String phoneNumber;
@JsonProperty("phone_number_verified")
protected Boolean phoneNumberVerified;
@JsonProperty("address")
protected String address;
@JsonProperty("updated_at")
protected Long updatedAt;
@JsonProperty("formatted")
protected String formattedAddress;
@JsonProperty("street_address")
protected String streetAddress;
@JsonProperty("locality")
protected String locality;
@JsonProperty("region")
protected String region;
@JsonProperty("postal_code")
protected String postalCode;
@JsonProperty("country")
protected String country;
@JsonProperty("claims_locales")
protected String claimsLocales;
public String getNonce() {
return nonce;
}
public void setNonce(String nonce) {
this.nonce = nonce;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getGivenName() {
return givenName;
}
public void setGivenName(String givenName) {
this.givenName = givenName;
}
public String getFamilyName() {
return familyName;
}
public void setFamilyName(String familyName) {
this.familyName = familyName;
}
public String getMiddleName() {
return middleName;
}
public void setMiddleName(String middleName) {
this.middleName = middleName;
}
public String getNickName() {
return nickName;
}
public void setNickName(String nickName) {
this.nickName = nickName;
}
public String getPreferredUsername() {
return preferredUsername;
}
public void setPreferredUsername(String preferredUsername) {
this.preferredUsername = preferredUsername;
}
public String getProfile() {
return profile;
}
public void setProfile(String profile) {
this.profile = profile;
}
public String getPicture() {
return picture;
}
public void setPicture(String picture) {
this.picture = picture;
}
public String getWebsite() {
return website;
}
public void setWebsite(String website) {
this.website = website;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public Boolean getEmailVerified() {
return emailVerified;
}
public void setEmailVerified(Boolean emailVerified) {
this.emailVerified = emailVerified;
}
public String getGender() {
return gender;
}
public void setGender(String gender) {
this.gender = gender;
}
public String getBirthdate() {
return birthdate;
}
public void setBirthdate(String birthdate) {
this.birthdate = birthdate;
}
public String getZoneinfo() {
return zoneinfo;
}
public void setZoneinfo(String zoneinfo) {
this.zoneinfo = zoneinfo;
}
public String getLocale() {
return locale;
}
public void setLocale(String locale) {
this.locale = locale;
}
public String getPhoneNumber() {
return phoneNumber;
}
public void setPhoneNumber(String phoneNumber) {
this.phoneNumber = phoneNumber;
}
public Boolean getPhoneNumberVerified() {
return phoneNumberVerified;
}
public void setPhoneNumberVerified(Boolean phoneNumberVerified) {
this.phoneNumberVerified = phoneNumberVerified;
}
public String getAddress() {
return address;
}
public void setAddress(String address) {
this.address = address;
}
public Long getUpdatedAt() {
return updatedAt;
}
public void setUpdatedAt(Long updatedAt) {
this.updatedAt = updatedAt;
}
public String getFormattedAddress() {
return formattedAddress;
}
public void setFormattedAddress(String formattedAddress) {
this.formattedAddress = formattedAddress;
}
public String getStreetAddress() {
return streetAddress;
}
public void setStreetAddress(String streetAddress) {
this.streetAddress = streetAddress;
}
public String getLocality() {
return locality;
}
public void setLocality(String locality) {
this.locality = locality;
}
public String getRegion() {
return region;
}
public void setRegion(String region) {
this.region = region;
}
public String getPostalCode() {
return postalCode;
}
public void setPostalCode(String postalCode) {
this.postalCode = postalCode;
}
public String getCountry() {
return country;
}
public void setCountry(String country) {
this.country = country;
}
public String getClaimsLocales() {
return claimsLocales;
}
public void setClaimsLocales(String claimsLocales) {
this.claimsLocales = claimsLocales;
}
}

View file

@ -18,6 +18,7 @@ public class ApplicationRepresentation {
protected String[] defaultRoles; protected String[] defaultRoles;
protected List<String> redirectUris; protected List<String> redirectUris;
protected List<String> webOrigins; protected List<String> webOrigins;
protected ClaimRepresentation claims;
public String getId() { public String getId() {
return id; return id;
@ -107,4 +108,12 @@ public class ApplicationRepresentation {
public void setDefaultRoles(String[] defaultRoles) { public void setDefaultRoles(String[] defaultRoles) {
this.defaultRoles = defaultRoles; this.defaultRoles = defaultRoles;
} }
public ClaimRepresentation getClaims() {
return claims;
}
public void setClaims(ClaimRepresentation claims) {
this.claims = claims;
}
} }

View file

@ -0,0 +1,98 @@
package org.keycloak.representations.idm;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ClaimRepresentation {
protected boolean name;
protected boolean username;
protected boolean profile;
protected boolean picture;
protected boolean website;
protected boolean email;
protected boolean gender;
protected boolean locale;
protected boolean address;
protected boolean phone;
public boolean getName() {
return name;
}
public void setName(boolean name) {
this.name = name;
}
public boolean getUsername() {
return username;
}
public void setUsername(boolean username) {
this.username = username;
}
public boolean getProfile() {
return profile;
}
public void setProfile(boolean profile) {
this.profile = profile;
}
public boolean getPicture() {
return picture;
}
public void setPicture(boolean picture) {
this.picture = picture;
}
public boolean getWebsite() {
return website;
}
public void setWebsite(boolean website) {
this.website = website;
}
public boolean getEmail() {
return email;
}
public void setEmail(boolean email) {
this.email = email;
}
public boolean getGender() {
return gender;
}
public void setGender(boolean gender) {
this.gender = gender;
}
public boolean getLocale() {
return locale;
}
public void setLocale(boolean locale) {
this.locale = locale;
}
public boolean getAddress() {
return address;
}
public void setAddress(boolean address) {
this.address = address;
}
public boolean getPhone() {
return phone;
}
public void setPhone(boolean phone) {
this.phone = phone;
}
}

View file

@ -14,6 +14,7 @@ public class OAuthClientRepresentation {
protected List<String> webOrigins; protected List<String> webOrigins;
protected boolean enabled; protected boolean enabled;
protected List<CredentialRepresentation> credentials; protected List<CredentialRepresentation> credentials;
protected ClaimRepresentation claims;
public String getId() { public String getId() {
return id; return id;
@ -70,4 +71,12 @@ public class OAuthClientRepresentation {
public void setCredentials(List<CredentialRepresentation> credentials) { public void setCredentials(List<CredentialRepresentation> credentials) {
this.credentials = credentials; this.credentials = credentials;
} }
public ClaimRepresentation getClaims() {
return claims;
}
public void setClaims(ClaimRepresentation claims) {
this.claims = claims;
}
} }

View file

@ -31,6 +31,10 @@
Password and TOTP support (via Google Authenticator). Client cert auth coming soon. Password and TOTP support (via Google Authenticator). Client cert auth coming soon.
</listitem> </listitem>
<listitem>
Pluggable theme and style support for user facing screens.
</listitem>
<listitem> <listitem>
OAuth Bearer token auth for REST Services OAuth Bearer token auth for REST Services
</listitem> </listitem>
@ -60,7 +64,7 @@
Deployable as a WAR, appliance, or on Openshift. Deployable as a WAR, appliance, or on Openshift.
</listitem> </listitem>
<listitem> <listitem>
Supports JBoss AS7, EAP 6.x, and Wildfly applications. Plans to support Node.js, RAILS, GRAILS, and other non-Java application Supports JBoss AS7, EAP 6.x, and Wildfly applications. Plans to support Node.js, RAILS, GRAILS, and other non-Java deployments
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</para> </para>

View file

@ -7,7 +7,7 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public interface ApplicationModel extends RoleContainerModel { public interface ApplicationModel extends RoleContainerModel, ClaimRequesterModel {
void updateApplication(); void updateApplication();
UserModel getApplicationUser(); UserModel getApplicationUser();
@ -45,4 +45,5 @@ public interface ApplicationModel extends RoleContainerModel {
Set<RoleModel> getApplicationScopeMappings(UserModel user); Set<RoleModel> getApplicationScopeMappings(UserModel user);
void addScope(RoleModel role); void addScope(RoleModel role);
} }

View file

@ -0,0 +1,50 @@
package org.keycloak.models;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ClaimMask {
public static final long NAME = 0x01l;
public static final long USERNAME = 0x02l;
public static final long PROFILE = 0x04l;
public static final long PICTURE = 0x08l;
public static final long WEBSITE = 0x10l;
public static final long EMAIL = 0x20l;
public static final long GENDER = 0x40l;
public static final long LOCALE = 0x80l;
public static final long ADDRESS = 0x100l;
public static final long PHONE = 0x200l;
public static boolean hasName(long mask) {
return (mask & NAME) > 0;
}
public static boolean hasUsername(long mask) {
return (mask & USERNAME) > 0;
}
public static boolean hasProfile(long mask) {
return (mask & PROFILE) > 0;
}
public static boolean hasPicture(long mask) {
return (mask & PICTURE) > 0;
}
public static boolean hasWebsite(long mask) {
return (mask & WEBSITE) > 0;
}
public static boolean hasEmail(long mask) {
return (mask & EMAIL) > 0;
}
public static boolean hasGender(long mask) {
return (mask & GENDER) > 0;
}
public static boolean hasLocale(long mask) {
return (mask & LOCALE) > 0;
}
public static boolean hasAddress(long mask) {
return (mask & ADDRESS) > 0;
}
public static boolean hasPhone(long mask) {
return (mask & PHONE) > 0;
}
}

View file

@ -0,0 +1,11 @@
package org.keycloak.models;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ClaimRequesterModel {
long getAllowedClaimsMask();
void setAllowedClaimsMask(long mask);
}

View file

@ -4,8 +4,9 @@ package org.keycloak.models;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public interface OAuthClientModel { public interface OAuthClientModel extends ClaimRequesterModel {
String getId(); String getId();
UserModel getOAuthAgent(); UserModel getOAuthAgent();
} }

View file

@ -70,6 +70,16 @@ public class ApplicationAdapter implements ApplicationModel {
application.setEnabled(enabled); application.setEnabled(enabled);
} }
@Override
public long getAllowedClaimsMask() {
return application.getAllowedClaimsMask();
}
@Override
public void setAllowedClaimsMask(long mask) {
application.setAllowedClaimsMask(mask);
}
@Override @Override
public boolean isSurrogateAuthRequired() { public boolean isSurrogateAuthRequired() {
return application.isSurrogateAuthRequired(); return application.isSurrogateAuthRequired();

View file

@ -28,5 +28,16 @@ public class OAuthClientAdapter implements OAuthClientModel {
public UserModel getOAuthAgent() { public UserModel getOAuthAgent() {
return new UserAdapter(entity.getAgent()); return new UserAdapter(entity.getAgent());
} }
@Override
public long getAllowedClaimsMask() {
return entity.getAllowedClaimsMask();
}
@Override
public void setAllowedClaimsMask(long mask) {
entity.setAllowedClaimsMask(mask);
}
} }

View file

@ -30,6 +30,7 @@ public class ApplicationEntity {
private boolean surrogateAuthRequired; private boolean surrogateAuthRequired;
private String baseUrl; private String baseUrl;
private String managementUrl; private String managementUrl;
private long allowedClaimsMask;
@OneToOne(fetch = FetchType.EAGER) @OneToOne(fetch = FetchType.EAGER)
private UserEntity applicationUser; private UserEntity applicationUser;
@ -119,4 +120,12 @@ public class ApplicationEntity {
public void setRealm(RealmEntity realm) { public void setRealm(RealmEntity realm) {
this.realm = realm; this.realm = realm;
} }
public long getAllowedClaimsMask() {
return allowedClaimsMask;
}
public void setAllowedClaimsMask(long allowedClaimsMask) {
this.allowedClaimsMask = allowedClaimsMask;
}
} }

View file

@ -28,6 +28,7 @@ public class OAuthClientEntity {
private String id; private String id;
private String name; private String name;
private long allowedClaimsMask;
@OneToOne(fetch = FetchType.EAGER) @OneToOne(fetch = FetchType.EAGER)
private UserEntity agent; private UserEntity agent;
@ -62,4 +63,13 @@ public class OAuthClientEntity {
public void setRealm(RealmEntity realm) { public void setRealm(RealmEntity realm) {
this.realm = realm; this.realm = realm;
} }
public long getAllowedClaimsMask() {
return allowedClaimsMask;
}
public void setAllowedClaimsMask(long allowedClaimsMask) {
this.allowedClaimsMask = allowedClaimsMask;
}
} }

View file

@ -109,6 +109,17 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo
return application.getBaseUrl(); return application.getBaseUrl();
} }
@Override
public long getAllowedClaimsMask() {
return application.getAllowedClaimsMask();
}
@Override
public void setAllowedClaimsMask(long mask) {
application.setAllowedClaimsMask(mask);
}
@Override @Override
public RoleAdapter getRole(String name) { public RoleAdapter getRole(String name) {
DBObject query = new QueryBuilder() DBObject query = new QueryBuilder()

View file

@ -30,6 +30,16 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo
return delegate.getId(); return delegate.getId();
} }
@Override
public long getAllowedClaimsMask() {
return delegate.getAllowedClaimsMask();
}
@Override
public void setAllowedClaimsMask(long mask) {
delegate.setAllowedClaimsMask(mask);
}
@Override @Override
public UserModel getOAuthAgent() { public UserModel getOAuthAgent() {
// This is not thread-safe. Assumption is that OAuthClientAdapter instance is per-client object // This is not thread-safe. Assumption is that OAuthClientAdapter instance is per-client object

View file

@ -25,6 +25,7 @@ public class ApplicationEntity extends AbstractMongoIdentifiableEntity implement
private String resourceUserId; private String resourceUserId;
private String realmId; private String realmId;
private long allowedClaimsMask;
// We are using names of defaultRoles (not ids) // We are using names of defaultRoles (not ids)
private List<String> defaultRoles = new ArrayList<String>(); private List<String> defaultRoles = new ArrayList<String>();
@ -83,6 +84,15 @@ public class ApplicationEntity extends AbstractMongoIdentifiableEntity implement
this.resourceUserId = resourceUserId; this.resourceUserId = resourceUserId;
} }
@MongoField
public long getAllowedClaimsMask() {
return allowedClaimsMask;
}
public void setAllowedClaimsMask(long allowedClaimsMask) {
this.allowedClaimsMask = allowedClaimsMask;
}
@MongoField @MongoField
public String getRealmId() { public String getRealmId() {
return realmId; return realmId;

View file

@ -16,6 +16,7 @@ public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implement
private String oauthAgentId; private String oauthAgentId;
private String realmId; private String realmId;
private long allowedClaimsMask;
@MongoField @MongoField
public String getName() { public String getName() {
@ -44,6 +45,15 @@ public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implement
this.realmId = realmId; this.realmId = realmId;
} }
@MongoField
public long getAllowedClaimsMask() {
return allowedClaimsMask;
}
public void setAllowedClaimsMask(long allowedClaimsMask) {
this.allowedClaimsMask = allowedClaimsMask;
}
@Override @Override
public void afterRemove(MongoStoreInvocationContext context) { public void afterRemove(MongoStoreInvocationContext context) {
// Remove user of this oauthClient // Remove user of this oauthClient

View file

@ -4,6 +4,7 @@ import org.codehaus.jackson.annotate.JsonProperty;
import org.codehaus.jackson.annotate.JsonPropertyOrder; import org.codehaus.jackson.annotate.JsonPropertyOrder;
import org.jboss.resteasy.logging.Logger; import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.ApplicationModel; import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
@ -89,6 +90,12 @@ public class ApplicationManager {
applicationModel.updateDefaultRoles(resourceRep.getDefaultRoles()); applicationModel.updateDefaultRoles(resourceRep.getDefaultRoles());
} }
if (resourceRep.getClaims() != null) {
ClaimManager.setClaims(applicationModel, resourceRep.getClaims());
} else {
applicationModel.setAllowedClaimsMask(ClaimMask.USERNAME);
}
return applicationModel; return applicationModel;
} }
@ -162,6 +169,10 @@ public class ApplicationManager {
if (webOrigins != null) { if (webOrigins != null) {
resource.getApplicationUser().setWebOrigins(new HashSet<String>(webOrigins)); resource.getApplicationUser().setWebOrigins(new HashSet<String>(webOrigins));
} }
if (rep.getClaims() != null) {
ClaimManager.setClaims(resource, rep.getClaims());
}
} }
public ApplicationRepresentation toRepresentation(ApplicationModel applicationModel) { public ApplicationRepresentation toRepresentation(ApplicationModel applicationModel) {

View file

@ -0,0 +1,66 @@
package org.keycloak.services.managers;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.ClaimRequesterModel;
import org.keycloak.representations.idm.ClaimRepresentation;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ClaimManager {
public static void setClaims(ClaimRequesterModel model, ClaimRepresentation rep) {
long mask = model.getAllowedClaimsMask();
if (rep.getAddress()) {
mask |= ClaimMask.ADDRESS;
} else {
mask &= ~ClaimMask.ADDRESS;
}
if (rep.getEmail()) {
mask |= ClaimMask.EMAIL;
} else {
mask &= ~ClaimMask.EMAIL;
}
if (rep.getGender()) {
mask |= ClaimMask.GENDER;
} else {
mask &= ~ClaimMask.GENDER;
}
if (rep.getLocale()) {
mask |= ClaimMask.LOCALE;
} else {
mask &= ~ClaimMask.LOCALE;
}
if (rep.getName()) {
mask |= ClaimMask.NAME;
} else {
mask &= ~ClaimMask.NAME;
}
if (rep.getPhone()) {
mask |= ClaimMask.PHONE;
} else {
mask &= ~ClaimMask.PHONE;
}
if (rep.getPicture()) {
mask |= ClaimMask.PICTURE;
} else {
mask &= ~ClaimMask.PICTURE;
}
if (rep.getProfile()) {
mask |= ClaimMask.PROFILE;
} else {
mask &= ~ClaimMask.PROFILE;
}
if (rep.getUsername()) {
mask |= ClaimMask.USERNAME;
} else {
mask &= ~ClaimMask.USERNAME;
}
if (rep.getWebsite()) {
mask |= ClaimMask.WEBSITE;
} else {
mask &= ~ClaimMask.WEBSITE;
}
model.setAllowedClaimsMask(mask);
}
}

View file

@ -1,12 +1,15 @@
package org.keycloak.services.managers; package org.keycloak.services.managers;
import org.keycloak.models.ApplicationModel; import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.ClaimRequesterModel;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel; import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.ClaimRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
@ -110,4 +113,19 @@ public class ModelToRepresentation {
rep.setValue(cred.getValue()); rep.setValue(cred.getValue());
return rep; return rep;
} }
public static ClaimRepresentation toRepresentation(ClaimRequesterModel model) {
ClaimRepresentation rep = new ClaimRepresentation();
rep.setAddress(ClaimMask.hasAddress(model.getAllowedClaimsMask()));
rep.setEmail(ClaimMask.hasEmail(model.getAllowedClaimsMask()));
rep.setGender(ClaimMask.hasGender(model.getAllowedClaimsMask()));
rep.setLocale(ClaimMask.hasLocale(model.getAllowedClaimsMask()));
rep.setName(ClaimMask.hasName(model.getAllowedClaimsMask()));
rep.setPhone(ClaimMask.hasPhone(model.getAllowedClaimsMask()));
rep.setPicture(ClaimMask.hasPicture(model.getAllowedClaimsMask()));
rep.setProfile(ClaimMask.hasProfile(model.getAllowedClaimsMask()));
rep.setWebsite(ClaimMask.hasWebsite(model.getAllowedClaimsMask()));
rep.setUsername(ClaimMask.hasUsername(model.getAllowedClaimsMask()));
return rep;
}
} }

View file

@ -3,6 +3,7 @@ package org.keycloak.services.managers;
import org.codehaus.jackson.annotate.JsonProperty; import org.codehaus.jackson.annotate.JsonProperty;
import org.codehaus.jackson.annotate.JsonPropertyOrder; import org.codehaus.jackson.annotate.JsonPropertyOrder;
import org.keycloak.models.ApplicationModel; import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.OAuthClientModel; import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
@ -61,6 +62,12 @@ public class OAuthClientManager {
realm.updateCredential(resourceUser, credential); realm.updateCredential(resourceUser, credential);
} }
} }
if (rep.getClaims() != null) {
ClaimManager.setClaims(model, rep.getClaims());
} else {
model.setAllowedClaimsMask(ClaimMask.USERNAME);
}
return model; return model;
} }
@ -75,6 +82,10 @@ public class OAuthClientManager {
if (webOrigins != null) { if (webOrigins != null) {
model.getOAuthAgent().setWebOrigins(new HashSet<String>(webOrigins)); model.getOAuthAgent().setWebOrigins(new HashSet<String>(webOrigins));
} }
if (rep.getClaims() != null) {
ClaimManager.setClaims(model, rep.getClaims());
}
} }
public static OAuthClientRepresentation toRepresentation(OAuthClientModel model) { public static OAuthClientRepresentation toRepresentation(OAuthClientModel model) {

View file

@ -56,6 +56,11 @@ public class ApplicationResource extends RoleContainerResource {
this.session = session; this.session = session;
} }
@Path("claims")
public ClaimResource getClaimResource() {
return new ClaimResource(application);
}
@PUT @PUT
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
public void update(final ApplicationRepresentation rep) { public void update(final ApplicationRepresentation rep) {

View file

@ -0,0 +1,36 @@
package org.keycloak.services.resources.admin;
import org.keycloak.models.ClaimRequesterModel;
import org.keycloak.representations.idm.ClaimRepresentation;
import org.keycloak.services.managers.ClaimManager;
import org.keycloak.services.managers.ModelToRepresentation;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ClaimResource {
protected ClaimRequesterModel model;
public ClaimResource(ClaimRequesterModel model) {
this.model = model;
}
@GET
@Produces(MediaType.APPLICATION_JSON)
public ClaimRepresentation getClaims() {
return ModelToRepresentation.toRepresentation(model);
}
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public void updateClaims(ClaimRepresentation rep) {
ClaimManager.setClaims(model, rep);
}
}

View file

@ -56,6 +56,12 @@ public class OAuthClientResource {
this.session = session; this.session = session;
} }
@Path("claims")
public ClaimResource getClaimResource() {
return new ClaimResource(oauthClient);
}
@PUT @PUT
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)
public void update(final OAuthClientRepresentation rep) { public void update(final OAuthClientRepresentation rep) {