Added social from IdentityBroker - not integrated with Keycloak yet and untested!
This commit is contained in:
parent
c30aed554f
commit
b77ceeac56
10 changed files with 813 additions and 1 deletions
23
pom.xml
23
pom.xml
|
@ -55,7 +55,8 @@
|
||||||
<module>core</module>
|
<module>core</module>
|
||||||
<module>services</module>
|
<module>services</module>
|
||||||
<module>integration</module>
|
<module>integration</module>
|
||||||
<module>examples</module>
|
<module>examples</module>
|
||||||
|
<module>social</module>
|
||||||
</modules>
|
</modules>
|
||||||
|
|
||||||
<dependencyManagement>
|
<dependencyManagement>
|
||||||
|
@ -176,6 +177,26 @@
|
||||||
<artifactId>hibernate-jpa-2.0-api</artifactId>
|
<artifactId>hibernate-jpa-2.0-api</artifactId>
|
||||||
<version>1.0.1.Final</version>
|
<version>1.0.1.Final</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.google.api-client</groupId>
|
||||||
|
<artifactId>google-api-client</artifactId>
|
||||||
|
<version>1.14.1-beta</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.google.http-client</groupId>
|
||||||
|
<artifactId>google-http-client-jackson</artifactId>
|
||||||
|
<version>1.14.1-beta</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.google.apis</groupId>
|
||||||
|
<artifactId>google-api-services-oauth2</artifactId>
|
||||||
|
<version>v2-rev35-1.14.1-beta</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.twitter4j</groupId>
|
||||||
|
<artifactId>twitter4j-core</artifactId>
|
||||||
|
<version>3.0.3</version>
|
||||||
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
</dependencyManagement>
|
</dependencyManagement>
|
||||||
|
|
||||||
|
|
74
social/pom.xml
Executable file
74
social/pom.xml
Executable file
|
@ -0,0 +1,74 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<project>
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.0-alpha-1</version>
|
||||||
|
<relativePath>../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<artifactId>keycloak-social</artifactId>
|
||||||
|
<name>Keycloak Social</name>
|
||||||
|
<description/>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.resteasy</groupId>
|
||||||
|
<artifactId>resteasy-jaxrs</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.resteasy</groupId>
|
||||||
|
<artifactId>jaxrs-api</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.picketlink</groupId>
|
||||||
|
<artifactId>picketlink-idm-api</artifactId>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.spec.javax.ejb</groupId>
|
||||||
|
<artifactId>jboss-ejb-api_3.2_spec</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
<version>1.0.0.Alpha2</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.google.api-client</groupId>
|
||||||
|
<artifactId>google-api-client</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.google.http-client</groupId>
|
||||||
|
<artifactId>google-http-client-jackson</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.google.apis</groupId>
|
||||||
|
<artifactId>google-api-services-oauth2</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.twitter4j</groupId>
|
||||||
|
<artifactId>twitter4j-core</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-compiler-plugin</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<source>1.6</source>
|
||||||
|
<target>1.6</target>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
|
@ -0,0 +1,50 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source.
|
||||||
|
* Copyright 2012, Red Hat, Inc., and individual contributors
|
||||||
|
* as indicated by the @author tags. See the copyright.txt file in the
|
||||||
|
* distribution for a full listing of individual contributors.
|
||||||
|
*
|
||||||
|
* This is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU Lesser General Public License as
|
||||||
|
* published by the Free Software Foundation; either version 2.1 of
|
||||||
|
* the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This software is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this software; if not, write to the Free
|
||||||
|
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
|
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
|
*/
|
||||||
|
package org.keycloak.social;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
|
||||||
|
import javax.xml.bind.annotation.XmlRootElement;
|
||||||
|
import javax.xml.bind.annotation.XmlTransient;
|
||||||
|
|
||||||
|
import org.picketlink.idm.model.User;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
|
*/
|
||||||
|
@XmlRootElement
|
||||||
|
public interface IdentityProvider {
|
||||||
|
|
||||||
|
String getId();
|
||||||
|
|
||||||
|
@XmlTransient
|
||||||
|
URI getAuthUrl(IdentityProviderCallback callback);
|
||||||
|
|
||||||
|
String getName();
|
||||||
|
|
||||||
|
@XmlTransient
|
||||||
|
boolean isCallbackHandler(IdentityProviderCallback callback);
|
||||||
|
|
||||||
|
@XmlTransient
|
||||||
|
User processCallback(IdentityProviderCallback callback);
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,113 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source.
|
||||||
|
* Copyright 2012, Red Hat, Inc., and individual contributors
|
||||||
|
* as indicated by the @author tags. See the copyright.txt file in the
|
||||||
|
* distribution for a full listing of individual contributors.
|
||||||
|
*
|
||||||
|
* This is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU Lesser General Public License as
|
||||||
|
* published by the Free Software Foundation; either version 2.1 of
|
||||||
|
* the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This software is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this software; if not, write to the Free
|
||||||
|
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
|
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
|
*/
|
||||||
|
package org.keycloak.social;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
|
import javax.ws.rs.core.UriInfo;
|
||||||
|
|
||||||
|
import org.keycloak.social.util.UriBuilder;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
|
*/
|
||||||
|
public class IdentityProviderCallback {
|
||||||
|
|
||||||
|
private String application;
|
||||||
|
|
||||||
|
private HttpHeaders headers;
|
||||||
|
|
||||||
|
private String providerKey;
|
||||||
|
|
||||||
|
private String providerSecret;
|
||||||
|
|
||||||
|
private IdentityProviderState providerState;
|
||||||
|
|
||||||
|
private UriInfo uriInfo;
|
||||||
|
|
||||||
|
public boolean containsQueryParam(String key) {
|
||||||
|
return uriInfo.getQueryParameters().containsKey(key);
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean containsState(String key) {
|
||||||
|
return providerState.contains(key);
|
||||||
|
}
|
||||||
|
|
||||||
|
public UriBuilder createUri(String path) {
|
||||||
|
return new UriBuilder(headers, uriInfo, path);
|
||||||
|
}
|
||||||
|
|
||||||
|
public URI getProviderCallbackUrl() {
|
||||||
|
return createUri("social/" + application + "/callback").build();
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getProviderKey() {
|
||||||
|
return providerKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getProviderSecret() {
|
||||||
|
return providerSecret;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getQueryParam(String key) {
|
||||||
|
List<String> values = uriInfo.getQueryParameters().get(key);
|
||||||
|
if (!values.isEmpty()) {
|
||||||
|
return values.get(0);
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public <T> T getState(String key) {
|
||||||
|
return providerState.remove(key);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void putState(String key, Object value) {
|
||||||
|
providerState.put(key, value);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setApplication(String application) {
|
||||||
|
this.application = application;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setHeaders(HttpHeaders headers) {
|
||||||
|
this.headers = headers;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setProviderKey(String providerKey) {
|
||||||
|
this.providerKey = providerKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setProviderSecret(String providerSecret) {
|
||||||
|
this.providerSecret = providerSecret;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setProviderState(IdentityProviderState providerState) {
|
||||||
|
this.providerState = providerState;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setUriInfo(UriInfo uriInfo) {
|
||||||
|
this.uriInfo = uriInfo;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,45 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source.
|
||||||
|
* Copyright 2012, Red Hat, Inc., and individual contributors
|
||||||
|
* as indicated by the @author tags. See the copyright.txt file in the
|
||||||
|
* distribution for a full listing of individual contributors.
|
||||||
|
*
|
||||||
|
* This is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU Lesser General Public License as
|
||||||
|
* published by the Free Software Foundation; either version 2.1 of
|
||||||
|
* the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This software is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this software; if not, write to the Free
|
||||||
|
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
|
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
|
*/
|
||||||
|
package org.keycloak.social;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
|
*/
|
||||||
|
public class IdentityProviderState {
|
||||||
|
|
||||||
|
private final Map<String, Object> state = Collections.synchronizedMap(new HashMap<String, Object>());
|
||||||
|
|
||||||
|
public boolean contains(String key) {
|
||||||
|
return state.containsKey(key);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void put(String key, Object value) {
|
||||||
|
state.put(key, value);
|
||||||
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("unchecked")
|
||||||
|
public <T> T remove(String key) {
|
||||||
|
return (T) state.remove(key);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,117 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source.
|
||||||
|
* Copyright 2012, Red Hat, Inc., and individual contributors
|
||||||
|
* as indicated by the @author tags. See the copyright.txt file in the
|
||||||
|
* distribution for a full listing of individual contributors.
|
||||||
|
*
|
||||||
|
* This is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU Lesser General Public License as
|
||||||
|
* published by the Free Software Foundation; either version 2.1 of
|
||||||
|
* the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This software is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this software; if not, write to the Free
|
||||||
|
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
|
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
|
*/
|
||||||
|
package org.keycloak.social.google;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
import java.util.UUID;
|
||||||
|
|
||||||
|
import org.jboss.resteasy.logging.Logger;
|
||||||
|
import org.keycloak.social.IdentityProvider;
|
||||||
|
import org.keycloak.social.IdentityProviderCallback;
|
||||||
|
import org.picketlink.idm.model.SimpleUser;
|
||||||
|
import org.picketlink.idm.model.User;
|
||||||
|
|
||||||
|
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeTokenRequest;
|
||||||
|
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
||||||
|
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
|
||||||
|
import com.google.api.client.http.javanet.NetHttpTransport;
|
||||||
|
import com.google.api.client.json.jackson.JacksonFactory;
|
||||||
|
import com.google.api.services.oauth2.Oauth2;
|
||||||
|
import com.google.api.services.oauth2.model.Tokeninfo;
|
||||||
|
import com.google.api.services.oauth2.model.Userinfo;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
|
*/
|
||||||
|
public class GoogleProvider implements IdentityProvider {
|
||||||
|
|
||||||
|
private static final JacksonFactory JSON_FACTORY = new JacksonFactory();
|
||||||
|
|
||||||
|
private static final Logger log = Logger.getLogger(GoogleProvider.class);
|
||||||
|
|
||||||
|
private static final NetHttpTransport TRANSPORT = new NetHttpTransport();
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getId() {
|
||||||
|
return "google";
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public URI getAuthUrl(IdentityProviderCallback callback) {
|
||||||
|
String state = UUID.randomUUID().toString();
|
||||||
|
callback.putState(state, null);
|
||||||
|
|
||||||
|
return callback
|
||||||
|
.createUri("https://accounts.google.com/o/oauth2/auth")
|
||||||
|
.setQueryParam("client_id", callback.getProviderKey())
|
||||||
|
.setQueryParam("response_type", "code")
|
||||||
|
.setQueryParam("scope",
|
||||||
|
"https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email")
|
||||||
|
.setQueryParam("redirect_uri", callback.getProviderCallbackUrl().toString()).setQueryParam("state", state)
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getName() {
|
||||||
|
return "Google";
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isCallbackHandler(IdentityProviderCallback callback) {
|
||||||
|
return callback.containsQueryParam("state") && callback.containsState(callback.getQueryParam("state"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public User processCallback(IdentityProviderCallback callback) {
|
||||||
|
String code = callback.getQueryParam("code");
|
||||||
|
|
||||||
|
try {
|
||||||
|
GoogleTokenResponse tokenResponse = new GoogleAuthorizationCodeTokenRequest(TRANSPORT, JSON_FACTORY,
|
||||||
|
callback.getProviderKey(), callback.getProviderSecret(), code, callback.getProviderCallbackUrl().toString())
|
||||||
|
.execute();
|
||||||
|
|
||||||
|
GoogleCredential credential = new GoogleCredential.Builder().setJsonFactory(JSON_FACTORY).setTransport(TRANSPORT)
|
||||||
|
.setClientSecrets(callback.getProviderKey(), callback.getProviderSecret()).build()
|
||||||
|
.setFromTokenResponse(tokenResponse);
|
||||||
|
|
||||||
|
Oauth2 oauth2 = new Oauth2.Builder(TRANSPORT, JSON_FACTORY, credential).build();
|
||||||
|
|
||||||
|
Tokeninfo tokenInfo = oauth2.tokeninfo().setAccessToken(credential.getAccessToken()).execute();
|
||||||
|
|
||||||
|
if (tokenInfo.containsKey("error")) {
|
||||||
|
throw new RuntimeException("error");
|
||||||
|
}
|
||||||
|
|
||||||
|
Userinfo userInfo = oauth2.userinfo().get().execute();
|
||||||
|
User user = new SimpleUser(userInfo.getEmail());
|
||||||
|
user.setFirstName(userInfo.getGivenName());
|
||||||
|
user.setLastName(userInfo.getFamilyName());
|
||||||
|
user.setEmail(userInfo.getEmail());
|
||||||
|
|
||||||
|
return user;
|
||||||
|
} catch (Exception e) {
|
||||||
|
log.error("Failed to process callback", e);
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,211 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source.
|
||||||
|
* Copyright 2012, Red Hat, Inc., and individual contributors
|
||||||
|
* as indicated by the @author tags. See the copyright.txt file in the
|
||||||
|
* distribution for a full listing of individual contributors.
|
||||||
|
*
|
||||||
|
* This is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU Lesser General Public License as
|
||||||
|
* published by the Free Software Foundation; either version 2.1 of
|
||||||
|
* the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This software is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this software; if not, write to the Free
|
||||||
|
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
|
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
|
*/
|
||||||
|
package org.keycloak.social.resources;
|
||||||
|
|
||||||
|
import java.io.Serializable;
|
||||||
|
import java.net.URI;
|
||||||
|
import java.net.URISyntaxException;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Iterator;
|
||||||
|
import java.util.LinkedList;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import javax.imageio.spi.ServiceRegistry;
|
||||||
|
import javax.ws.rs.GET;
|
||||||
|
import javax.ws.rs.Path;
|
||||||
|
import javax.ws.rs.PathParam;
|
||||||
|
import javax.ws.rs.Produces;
|
||||||
|
import javax.ws.rs.core.Context;
|
||||||
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
import javax.ws.rs.core.UriInfo;
|
||||||
|
|
||||||
|
import org.keycloak.social.IdentityProvider;
|
||||||
|
import org.keycloak.social.IdentityProviderCallback;
|
||||||
|
import org.keycloak.social.IdentityProviderState;
|
||||||
|
import org.keycloak.social.util.UriBuilder;
|
||||||
|
import org.picketlink.idm.model.Attribute;
|
||||||
|
import org.picketlink.idm.model.User;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
|
*/
|
||||||
|
@Path("social")
|
||||||
|
public class SocialResource {
|
||||||
|
|
||||||
|
// TODO This is just temporary - need to either save state variables somewhere they can be flushed after a timeout, or
|
||||||
|
// alternatively they could be saved in http session, but that is probably not a good idea
|
||||||
|
private static final Map<String, IdentityProviderState> states = new HashMap<String, IdentityProviderState>();
|
||||||
|
|
||||||
|
private static synchronized IdentityProviderState getProviderState(IdentityProvider provider) {
|
||||||
|
IdentityProviderState s = states.get(provider.getId());
|
||||||
|
if (s == null) {
|
||||||
|
s = new IdentityProviderState();
|
||||||
|
states.put(provider.getId(), s);
|
||||||
|
}
|
||||||
|
return s;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Context
|
||||||
|
private HttpHeaders headers;
|
||||||
|
|
||||||
|
@Context
|
||||||
|
private UriInfo uriInfo;
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Path("{application}/callback")
|
||||||
|
public Response callback(@PathParam("application") String application) throws URISyntaxException {
|
||||||
|
String realm = null; // TODO Get realm for application
|
||||||
|
|
||||||
|
IdentityProviderCallback callback = new IdentityProviderCallback();
|
||||||
|
callback.setApplication(application);
|
||||||
|
callback.setHeaders(headers);
|
||||||
|
callback.setUriInfo(uriInfo);
|
||||||
|
|
||||||
|
Iterator<IdentityProvider> itr = ServiceRegistry.lookupProviders(IdentityProvider.class);
|
||||||
|
|
||||||
|
for (IdentityProvider provider = itr.next(); itr.hasNext();) {
|
||||||
|
callback.setProviderState(getProviderState(provider));
|
||||||
|
|
||||||
|
if (provider.isCallbackHandler(callback)) {
|
||||||
|
User user = provider.processCallback(callback);
|
||||||
|
if (user == null) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
String providerUsername = user.getLoginName();
|
||||||
|
String providerUsernameKey = provider.getId() + ".username";
|
||||||
|
|
||||||
|
user.setAttribute(new Attribute<String>(providerUsernameKey, user.getLoginName()));
|
||||||
|
|
||||||
|
User existingUser = getUser(realm, user.getLoginName());
|
||||||
|
|
||||||
|
if (existingUser != null) {
|
||||||
|
user = mergeUser(user, existingUser);
|
||||||
|
|
||||||
|
updateUser(realm, user);
|
||||||
|
} else {
|
||||||
|
if (user.getEmail() != null && getUser(realm, user.getEmail()) == null) {
|
||||||
|
user.setLoginName(user.getEmail());
|
||||||
|
} else if (getUser(realm, user.getLoginName()) != null) {
|
||||||
|
for (int i = 0;; i++) {
|
||||||
|
if (getUser(realm, providerUsername + i) == null) {
|
||||||
|
user.setLoginName(providerUsername + i);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
createUser(realm, user);
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO Get bearer token etc and redirect to application callback url
|
||||||
|
URI uri = null;
|
||||||
|
return Response.seeOther(uri).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return redirectToLogin(application, "login_failed");
|
||||||
|
}
|
||||||
|
|
||||||
|
private void createUser(String realm, User user) {
|
||||||
|
// TODO Save user in IDM
|
||||||
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Path("providers")
|
||||||
|
public List<IdentityProvider> getProviders() {
|
||||||
|
List<IdentityProvider> providers = new LinkedList<IdentityProvider>();
|
||||||
|
Iterator<IdentityProvider> itr = ServiceRegistry.lookupProviders(IdentityProvider.class);
|
||||||
|
while (itr.hasNext()) {
|
||||||
|
providers.add(itr.next());
|
||||||
|
}
|
||||||
|
return providers;
|
||||||
|
}
|
||||||
|
|
||||||
|
private User getUser(String realm, String username) {
|
||||||
|
// TODO Get user from IDM
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
private User mergeUser(User source, User destination) {
|
||||||
|
if (source.getEmail() != null) {
|
||||||
|
destination.setEmail(source.getEmail());
|
||||||
|
}
|
||||||
|
|
||||||
|
if (source.getFirstName() != null) {
|
||||||
|
destination.setFirstName(source.getFirstName());
|
||||||
|
}
|
||||||
|
|
||||||
|
if (source.getLastName() != null) {
|
||||||
|
destination.setLastName(source.getLastName());
|
||||||
|
}
|
||||||
|
|
||||||
|
for (Attribute<? extends Serializable> attribute : source.getAttributes()) {
|
||||||
|
destination.setAttribute(attribute);
|
||||||
|
}
|
||||||
|
|
||||||
|
return destination;
|
||||||
|
}
|
||||||
|
|
||||||
|
private Response redirectToLogin(String application, String error) {
|
||||||
|
URI uri = new UriBuilder(headers, uriInfo, "login?application=" + application + "&error=login_failed").build();
|
||||||
|
return Response.seeOther(uri).build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Path("{application}/auth/{provider}")
|
||||||
|
@Produces(MediaType.TEXT_HTML)
|
||||||
|
public Response redirectToProviderAuth(@PathParam("application") String application,
|
||||||
|
@PathParam("provider") String providerId) {
|
||||||
|
Iterator<IdentityProvider> itr = ServiceRegistry.lookupProviders(IdentityProvider.class);
|
||||||
|
|
||||||
|
IdentityProvider provider;
|
||||||
|
for (provider = itr.next(); itr.hasNext() && !provider.getId().equals(providerId);) {
|
||||||
|
}
|
||||||
|
|
||||||
|
if (provider == null) {
|
||||||
|
return redirectToLogin(application, "invalid_provider");
|
||||||
|
}
|
||||||
|
|
||||||
|
IdentityProviderCallback callback = new IdentityProviderCallback();
|
||||||
|
callback.setApplication(application);
|
||||||
|
callback.setHeaders(headers);
|
||||||
|
callback.setUriInfo(uriInfo);
|
||||||
|
callback.setProviderKey(null); // TODO Get provider key
|
||||||
|
callback.setProviderSecret(null); // TODO Get provider secret
|
||||||
|
|
||||||
|
URI authUrl = provider.getAuthUrl(callback);
|
||||||
|
if (authUrl != null) {
|
||||||
|
return Response.seeOther(authUrl).build();
|
||||||
|
} else {
|
||||||
|
return redirectToLogin(application, "invalid_provider");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void updateUser(String realm, User user) {
|
||||||
|
// TODO Update user in IDM
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,94 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source.
|
||||||
|
* Copyright 2012, Red Hat, Inc., and individual contributors
|
||||||
|
* as indicated by the @author tags. See the copyright.txt file in the
|
||||||
|
* distribution for a full listing of individual contributors.
|
||||||
|
*
|
||||||
|
* This is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU Lesser General Public License as
|
||||||
|
* published by the Free Software Foundation; either version 2.1 of
|
||||||
|
* the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This software is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this software; if not, write to the Free
|
||||||
|
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
|
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
|
*/
|
||||||
|
package org.keycloak.social.twitter;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
|
||||||
|
import org.jboss.resteasy.logging.Logger;
|
||||||
|
import org.keycloak.social.IdentityProvider;
|
||||||
|
import org.keycloak.social.IdentityProviderCallback;
|
||||||
|
import org.picketlink.idm.model.SimpleUser;
|
||||||
|
import org.picketlink.idm.model.User;
|
||||||
|
|
||||||
|
import twitter4j.Twitter;
|
||||||
|
import twitter4j.TwitterFactory;
|
||||||
|
import twitter4j.auth.RequestToken;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
|
*/
|
||||||
|
public class TwitterProvider implements IdentityProvider {
|
||||||
|
|
||||||
|
private static final Logger log = Logger.getLogger(TwitterProvider.class);
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getId() {
|
||||||
|
return "twitter";
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public URI getAuthUrl(IdentityProviderCallback callback) {
|
||||||
|
try {
|
||||||
|
Twitter twitter = new TwitterFactory().getInstance();
|
||||||
|
twitter.setOAuthConsumer(callback.getProviderKey(), callback.getProviderSecret());
|
||||||
|
|
||||||
|
RequestToken requestToken = twitter.getOAuthRequestToken();
|
||||||
|
callback.putState(requestToken.getToken(), requestToken);
|
||||||
|
return callback.createUri(requestToken.getAuthenticationURL()).build();
|
||||||
|
} catch (Exception e) {
|
||||||
|
log.error("Failed to retrieve login url", e);
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getName() {
|
||||||
|
return "Twitter";
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isCallbackHandler(IdentityProviderCallback callback) {
|
||||||
|
return callback.containsQueryParam("oauth_token") && callback.containsState(callback.getQueryParam("oauth_token"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public User processCallback(IdentityProviderCallback callback) {
|
||||||
|
try {
|
||||||
|
Twitter twitter = new TwitterFactory().getInstance();
|
||||||
|
twitter.setOAuthConsumer(callback.getProviderKey(), callback.getProviderSecret());
|
||||||
|
|
||||||
|
String verifier = callback.getQueryParam("oauth_verifier");
|
||||||
|
RequestToken requestToken = callback.getState(callback.getQueryParam("oauth_token"));
|
||||||
|
|
||||||
|
twitter.getOAuthAccessToken(requestToken, verifier);
|
||||||
|
twitter4j.User twitterUser = twitter.verifyCredentials();
|
||||||
|
|
||||||
|
User user = new SimpleUser(String.valueOf(twitterUser.getScreenName()));
|
||||||
|
user.setFirstName(twitterUser.getName());
|
||||||
|
return user;
|
||||||
|
} catch (Exception e) {
|
||||||
|
log.error("Failed to process callback", e);
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,85 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source.
|
||||||
|
* Copyright 2012, Red Hat, Inc., and individual contributors
|
||||||
|
* as indicated by the @author tags. See the copyright.txt file in the
|
||||||
|
* distribution for a full listing of individual contributors.
|
||||||
|
*
|
||||||
|
* This is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU Lesser General Public License as
|
||||||
|
* published by the Free Software Foundation; either version 2.1 of
|
||||||
|
* the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This software is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this software; if not, write to the Free
|
||||||
|
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
|
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
|
*/
|
||||||
|
package org.keycloak.social.util;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
import java.net.URISyntaxException;
|
||||||
|
|
||||||
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
|
import javax.ws.rs.core.UriInfo;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
|
*/
|
||||||
|
public class UriBuilder {
|
||||||
|
|
||||||
|
private final javax.ws.rs.core.UriBuilder b;
|
||||||
|
|
||||||
|
private String fragment;
|
||||||
|
|
||||||
|
public UriBuilder(HttpHeaders headers, UriInfo uriInfo, String path) {
|
||||||
|
if (path.contains("#")) {
|
||||||
|
String t = path;
|
||||||
|
path = t.substring(0, t.indexOf('#'));
|
||||||
|
fragment = t.substring(t.indexOf('#'));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (path.contains("://")) {
|
||||||
|
b = javax.ws.rs.core.UriBuilder.fromUri(path);
|
||||||
|
} else {
|
||||||
|
URI absolutePath = uriInfo.getAbsolutePath();
|
||||||
|
|
||||||
|
if (headers.getRequestHeaders().containsKey("x-forwarded-proto")) {
|
||||||
|
String scheme = headers.getRequestHeaders().get("x-forwarded-proto").get(0);
|
||||||
|
try {
|
||||||
|
absolutePath = new URI(absolutePath.toString().replaceFirst(".*://", scheme + "://"));
|
||||||
|
} catch (URISyntaxException e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (path.startsWith("/")) {
|
||||||
|
b = javax.ws.rs.core.UriBuilder.fromUri(absolutePath.resolve(path));
|
||||||
|
} else {
|
||||||
|
URI uri = absolutePath;
|
||||||
|
String p = uri.getPath();
|
||||||
|
p = p.substring(0, p.indexOf('/', 1) + 1);
|
||||||
|
uri = uri.resolve(p + path);
|
||||||
|
b = javax.ws.rs.core.UriBuilder.fromUri(uri);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public URI build() {
|
||||||
|
URI uri = b.build();
|
||||||
|
if (fragment != null) {
|
||||||
|
uri = uri.resolve(fragment);
|
||||||
|
}
|
||||||
|
return uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
public UriBuilder setQueryParam(String name, String value) {
|
||||||
|
b.replaceQueryParam(name, value);
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,2 @@
|
||||||
|
org.keycloak.social.google.GoogleProvider
|
||||||
|
org.keycloak.social.twitter.TwitterProvider
|
Loading…
Reference in a new issue