libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge pull request #184 from patriot1burke/master

Browse source 
composite roles backend
This commit is contained in:
Bill Burke 2014-01-30 17:36:34 -08:00
commit b7d5830c7c
49 changed files with 1274 additions and 663 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
core/src/main/java/org/keycloak/representations/idm/RoleRepresentation.java
View file

@ -8,6 +8,7 @@ public class RoleRepresentation {
protected String id; protected String id;
protected String name; protected String name;
protected String description; protected String description;
protected boolean composite;
public RoleRepresentation() { public RoleRepresentation() {
} }
@ -40,4 +41,12 @@ public class RoleRepresentation {
public void setDescription(String description) { public void setDescription(String description) {
this.description = description; this.description = description;
} }
public boolean isComposite() {
return composite;
}
public void setComposite(boolean composite) {
this.composite = composite;
}
} }

9
model/api/src/main/java/org/keycloak/models/ApplicationModel.java
View file

@ -1,12 +1,13 @@
package org.keycloak.models; package org.keycloak.models;
import java.util.List; import java.util.List;
import java.util.Set;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public interface ApplicationModel extends RoleContainerModel, RoleMapperModel, ScopeMapperModel { public interface ApplicationModel extends RoleContainerModel {
void updateApplication(); void updateApplication();
UserModel getApplicationUser(); UserModel getApplicationUser();
@ -38,4 +39,10 @@ public interface ApplicationModel extends RoleContainerModel, RoleMapperModel, S
void addDefaultRole(String name); void addDefaultRole(String name);
void updateDefaultRoles(String[] defaultRoles); void updateDefaultRoles(String[] defaultRoles);
Set<RoleModel> getApplicationRoleMappings(UserModel user);
Set<RoleModel> getApplicationScopeMappings(UserModel user);
void addScope(RoleModel role);
} }

4
model/api/src/main/java/org/keycloak/models/RealmModel.java
View file

@ -157,4 +157,8 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
Map<String, String> getSocialConfig(); Map<String, String> getSocialConfig();
void setSocialConfig(Map<String, String> socialConfig); void setSocialConfig(Map<String, String> socialConfig);
Set<RoleModel> getRealmRoleMappings(UserModel user);
Set<RoleModel> getRealmScopeMappings(UserModel user);
} }

3
model/api/src/main/java/org/keycloak/models/RoleContainerModel.java
View file

@ -1,6 +1,7 @@
package org.keycloak.models; package org.keycloak.models;
import java.util.List; import java.util.List;
import java.util.Set;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -13,7 +14,7 @@ public interface RoleContainerModel {
boolean removeRoleById(String id); boolean removeRoleById(String id);
List<RoleModel> getRoles(); Set<RoleModel> getRoles();
RoleModel getRoleById(String id); RoleModel getRoleById(String id);
} }

9
model/api/src/main/java/org/keycloak/models/RoleMapperModel.java
View file

@ -9,14 +9,7 @@ import java.util.Set;
*/ */
public interface RoleMapperModel { public interface RoleMapperModel {
boolean hasRole(UserModel user, RoleModel role); boolean hasRole(UserModel user, RoleModel role);
void grantRole(UserModel user, RoleModel role); void grantRole(UserModel user, RoleModel role);
Set<RoleModel> getRoleMappings(UserModel user);
Set<String> getRoleMappingValues(UserModel user);
List<RoleModel> getRoleMappings(UserModel user);
void deleteRoleMapping(UserModel user, RoleModel role); void deleteRoleMapping(UserModel user, RoleModel role);
boolean hasRole(UserModel user, String role);
} }

17
model/api/src/main/java/org/keycloak/models/RoleModel.java
View file

@ -1,5 +1,7 @@
package org.keycloak.models; package org.keycloak.models;
import java.util.Set;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
@ -14,4 +16,19 @@ public interface RoleModel {
String getId(); String getId();
void setName(String name); void setName(String name);
boolean isComposite();
void setComposite(boolean flag);
void addCompositeRole(RoleModel role);
void removeCompositeRole(RoleModel role);
Set<RoleModel> getComposites();
RoleContainerModel getContainer();
boolean hasRole(RoleModel role);
} }

8
model/api/src/main/java/org/keycloak/models/ScopeMapperModel.java
View file

@ -8,13 +8,7 @@ import java.util.Set;
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public interface ScopeMapperModel { public interface ScopeMapperModel {
void addScopeMapping(UserModel agent, String roleName); Set<RoleModel> getScopeMappings(UserModel agent);
Set<String> getScopeMappingValues(UserModel agent);
List<RoleModel> getScopeMappings(UserModel agent);
void addScopeMapping(UserModel agent, RoleModel role); void addScopeMapping(UserModel agent, RoleModel role);
void deleteScopeMapping(UserModel user, RoleModel role); void deleteScopeMapping(UserModel user, RoleModel role);
} }

11
model/api/src/main/java/org/keycloak/models/UserCredentialModel.java
View file

@ -13,6 +13,17 @@ public class UserCredentialModel {
protected String value; protected String value;
protected String device; protected String device;
public UserCredentialModel() {
}
public static UserCredentialModel password(String password) {
UserCredentialModel model = new UserCredentialModel();
model.setType(PASSWORD);
model.setValue(password);
return model;
}
public String getType() { public String getType() {
return type; return type;
} }

218
model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
View file

@ -1,16 +1,22 @@
package org.keycloak.models.jpa; package org.keycloak.models.jpa;
import org.keycloak.models.ApplicationModel; import org.keycloak.models.ApplicationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.jpa.entities.*; import org.keycloak.models.jpa.entities.*;
import org.keycloak.representations.idm.ApplicationMappingsRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
import javax.persistence.TypedQuery; import javax.persistence.TypedQuery;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map;
import java.util.Set; import java.util.Set;
/** /**
@ -21,8 +27,10 @@ public class ApplicationAdapter implements ApplicationModel {
protected EntityManager em; protected EntityManager em;
protected ApplicationEntity application; protected ApplicationEntity application;
protected RealmModel realm;
public ApplicationAdapter(EntityManager em, ApplicationEntity application) { public ApplicationAdapter(RealmModel realm, EntityManager em, ApplicationEntity application) {
this.realm = realm;
this.em = em; this.em = em;
this.application = application; this.application = application;
} }
@ -94,31 +102,30 @@ public class ApplicationAdapter implements ApplicationModel {
@Override @Override
public RoleModel getRole(String name) { public RoleModel getRole(String name) {
Collection<RoleEntity> roles = application.getRoles(); TypedQuery<ApplicationRoleEntity> query = em.createNamedQuery("getAppRoleByName", ApplicationRoleEntity.class);
if (roles == null) return null; query.setParameter("name", name);
for (RoleEntity role : roles) { query.setParameter("application", application);
if (role.getName().equals(name)) { List<ApplicationRoleEntity> roles = query.getResultList();
return new RoleAdapter(role); if (roles.size() == 0) return null;
} return new RoleAdapter(realm, em, roles.get(0));
}
return null;
} }
@Override @Override
public RoleModel addRole(String name) { public RoleModel addRole(String name) {
RoleModel role = getRole(name); RoleModel role = getRole(name);
if (role != null) return role; if (role != null) return role;
RoleEntity entity = new RoleEntity(); ApplicationRoleEntity entity = new ApplicationRoleEntity();
entity.setName(name); entity.setName(name);
entity.setApplication(application);
em.persist(entity); em.persist(entity);
application.getRoles().add(entity); application.getRoles().add(entity);
em.flush(); em.flush();
return new RoleAdapter(entity); return new RoleAdapter(realm, em, entity);
} }
@Override @Override
public boolean removeRoleById(String id) { public boolean removeRoleById(String id) {
RoleEntity role = em.find(RoleEntity.class, id); ApplicationRoleEntity role = em.find(ApplicationRoleEntity.class, id);
if (role == null) { if (role == null) {
return false; return false;
} }
@ -126,169 +133,71 @@ public class ApplicationAdapter implements ApplicationModel {
application.getRoles().remove(role); application.getRoles().remove(role);
application.getDefaultRoles().remove(role); application.getDefaultRoles().remove(role);
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate(); em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate(); em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate(); role.setApplication(null);
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate(); em.flush();
em.remove(role); em.remove(role);
return true; return true;
} }
@Override @Override
public List<RoleModel> getRoles() { public Set<RoleModel> getRoles() {
ArrayList<RoleModel> list = new ArrayList<RoleModel>(); Set<RoleModel> list = new HashSet<RoleModel>();
Collection<RoleEntity> roles = application.getRoles(); Collection<ApplicationRoleEntity> roles = application.getRoles();
if (roles == null) return list; if (roles == null) return list;
for (RoleEntity entity : roles) { for (RoleEntity entity : roles) {
list.add(new RoleAdapter(entity)); list.add(new RoleAdapter(realm, em, entity));
} }
return list; return list;
} }
@Override @Override
public RoleModel getRoleById(String id) { public RoleModel getRoleById(String id) {
RoleEntity entity = em.find(RoleEntity.class, id); return realm.getRoleById(id);
if (entity == null) return null;
return new RoleAdapter(entity);
} }
@Override @Override
public boolean hasRole(UserModel user, RoleModel role) { public Set<RoleModel> getApplicationRoleMappings(UserModel user) {
TypedQuery<ApplicationUserRoleMappingEntity> query = getApplicationUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role); Set<RoleModel> roleMappings = realm.getRoleMappings(user);
return query.getResultList().size() > 0;
}
protected TypedQuery<ApplicationUserRoleMappingEntity> getApplicationUserRoleMappingEntityTypedQuery(UserAdapter user, RoleAdapter role) { Set<RoleModel> appRoles = new HashSet<RoleModel>();
TypedQuery<ApplicationUserRoleMappingEntity> query = em.createNamedQuery("userHasApplicationRole", ApplicationUserRoleMappingEntity.class); for (RoleModel role : roleMappings) {
query.setParameter("user", ((UserAdapter)user).getUser()); RoleContainerModel container = role.getContainer();
query.setParameter("role", ((RoleAdapter)role).getRole()); if (container instanceof RealmModel) {
query.setParameter("application", application); } else {
return query; ApplicationModel app = (ApplicationModel)container;
} if (app.getId().equals(getId())) {
appRoles.add(role);
@Override }
public void grantRole(UserModel user, RoleModel role) { }
if (hasRole(user, role)) return;
ApplicationUserRoleMappingEntity entity = new ApplicationUserRoleMappingEntity();
entity.setApplication(application);
entity.setUser(((UserAdapter) user).getUser());
entity.setRole(((RoleAdapter)role).getRole());
em.persist(entity);
em.flush();
}
@Override
public List<RoleModel> getRoleMappings(UserModel user) {
TypedQuery<ApplicationUserRoleMappingEntity> query = em.createNamedQuery("userApplicationMappings", ApplicationUserRoleMappingEntity.class);
query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("application", application);
List<ApplicationUserRoleMappingEntity> entities = query.getResultList();
List<RoleModel> roles = new ArrayList<RoleModel>();
for (ApplicationUserRoleMappingEntity entity : entities) {
roles.add(new RoleAdapter(entity.getRole()));
} }
return roles;
return appRoles;
} }
@Override @Override
public Set<String> getRoleMappingValues(UserModel user) { public Set<RoleModel> getApplicationScopeMappings(UserModel user) {
TypedQuery<ApplicationUserRoleMappingEntity> query = em.createNamedQuery("userApplicationMappings", ApplicationUserRoleMappingEntity.class); Set<RoleModel> roleMappings = realm.getScopeMappings(user);
query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("application", application); Set<RoleModel> appRoles = new HashSet<RoleModel>();
List<ApplicationUserRoleMappingEntity> entities = query.getResultList(); for (RoleModel role : roleMappings) {
Set<String> roles = new HashSet<String>(); RoleContainerModel container = role.getContainer();
for (ApplicationUserRoleMappingEntity entity : entities) { if (container instanceof RealmModel) {
roles.add(entity.getRole().getName()); } else {
ApplicationModel app = (ApplicationModel)container;
if (app.getId().equals(getId())) {
appRoles.add(role);
}
}
} }
return roles;
}
@Override return appRoles;
public void deleteRoleMapping(UserModel user, RoleModel role) {
TypedQuery<ApplicationUserRoleMappingEntity> query = getApplicationUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role);
List<ApplicationUserRoleMappingEntity> results = query.getResultList();
if (results.size() == 0) return;
for (ApplicationUserRoleMappingEntity entity : results) {
em.remove(entity);
}
}
@Override
public boolean hasRole(UserModel user, String roleName) {
RoleModel role = getRole(roleName);
if (role == null) return false;
return hasRole(user, role);
}
@Override
public void addScopeMapping(UserModel agent, String roleName) {
RoleModel role = getRole(roleName);
if (role == null) throw new RuntimeException("role does not exist");
addScopeMapping(agent, role);
}
@Override
public Set<String> getScopeMappingValues(UserModel agent) {
TypedQuery<ApplicationScopeMappingEntity> query = em.createNamedQuery("userApplicationScopeMappings", ApplicationScopeMappingEntity.class);
query.setParameter("user", ((UserAdapter)agent).getUser());
query.setParameter("application", application);
List<ApplicationScopeMappingEntity> entities = query.getResultList();
Set<String> roles = new HashSet<String>();
for (ApplicationScopeMappingEntity entity : entities) {
roles.add(entity.getRole().getName());
}
return roles;
}
@Override
public List<RoleModel> getScopeMappings(UserModel agent) {
TypedQuery<ApplicationScopeMappingEntity> query = em.createNamedQuery("userApplicationScopeMappings", ApplicationScopeMappingEntity.class);
query.setParameter("user", ((UserAdapter)agent).getUser());
query.setParameter("application", application);
List<ApplicationScopeMappingEntity> entities = query.getResultList();
List<RoleModel> roles = new ArrayList<RoleModel>();
for (ApplicationScopeMappingEntity entity : entities) {
roles.add(new RoleAdapter(entity.getRole()));
}
return roles;
}
@Override
public void addScopeMapping(UserModel agent, RoleModel role) {
if (hasScope(agent, role)) return;
ApplicationScopeMappingEntity entity = new ApplicationScopeMappingEntity();
entity.setApplication(application);
entity.setUser(((UserAdapter) agent).getUser());
entity.setRole(((RoleAdapter)role).getRole());
em.persist(entity);
em.flush();
}
@Override
public void deleteScopeMapping(UserModel user, RoleModel role) {
TypedQuery<ApplicationScopeMappingEntity> query = getApplicationScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
List<ApplicationScopeMappingEntity> results = query.getResultList();
if (results.size() == 0) return;
for (ApplicationScopeMappingEntity entity : results) {
em.remove(entity);
}
}
public boolean hasScope(UserModel user, RoleModel role) {
TypedQuery<ApplicationScopeMappingEntity> query = getApplicationScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
return query.getResultList().size() > 0;
} }
protected TypedQuery<ApplicationScopeMappingEntity> getApplicationScopeMappingQuery(UserAdapter user, RoleAdapter role) {
TypedQuery<ApplicationScopeMappingEntity> query = em.createNamedQuery("userHasApplicationScope", ApplicationScopeMappingEntity.class);
query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("role", ((RoleAdapter)role).getRole());
query.setParameter("application", application);
return query;
}
@Override @Override
public List<String> getDefaultRoles() { public List<String> getDefaultRoles() {
@ -347,4 +256,17 @@ public class ApplicationAdapter implements ApplicationModel {
} }
em.flush(); em.flush();
} }
@Override
public void addScope(RoleModel role) {
realm.addScopeMapping(getApplicationUser(), role);
}
public boolean equals(Object o) {
if (o == null) return false;
if (o == this) return true;
if (!(o instanceof ApplicationAdapter)) return false;
ApplicationAdapter app = (ApplicationAdapter)o;
return app.getId().equals(getId());
}
} }

243
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -1,6 +1,18 @@
package org.keycloak.models.jpa; package org.keycloak.models.jpa;
import org.bouncycastle.openssl.PEMWriter; import org.bouncycastle.openssl.PEMWriter;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.jpa.entities.ApplicationEntity;
import org.keycloak.models.jpa.entities.CredentialEntity;
import org.keycloak.models.jpa.entities.OAuthClientEntity;
import org.keycloak.models.jpa.entities.RealmEntity;
import org.keycloak.models.jpa.entities.RealmRoleEntity;
import org.keycloak.models.jpa.entities.RequiredCredentialEntity;
import org.keycloak.models.jpa.entities.RoleEntity;
import org.keycloak.models.jpa.entities.SocialLinkEntity;
import org.keycloak.models.jpa.entities.UserEntity;
import org.keycloak.models.jpa.entities.UserRoleMappingEntity;
import org.keycloak.models.jpa.entities.UserScopeMappingEntity;
import org.keycloak.models.utils.Pbkdf2PasswordEncoder; import org.keycloak.models.utils.Pbkdf2PasswordEncoder;
import org.keycloak.util.PemUtils; import org.keycloak.util.PemUtils;
import org.keycloak.models.ApplicationModel; import org.keycloak.models.ApplicationModel;
@ -12,7 +24,6 @@ import org.keycloak.models.RoleModel;
import org.keycloak.models.SocialLinkModel; import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.jpa.entities.*;
import org.keycloak.models.utils.TimeBasedOTP; import org.keycloak.models.utils.TimeBasedOTP;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
@ -25,6 +36,7 @@ import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
@ -453,7 +465,7 @@ public class RealmAdapter implements RealmModel {
for (ApplicationModel application : getApplications()) { for (ApplicationModel application : getApplications()) {
for (String r : application.getDefaultRoles()) { for (String r : application.getDefaultRoles()) {
application.grantRole(userModel, application.getRole(r)); grantRole(userModel, application.getRole(r));
} }
} }
@ -472,10 +484,8 @@ public class RealmAdapter implements RealmModel {
} }
private void removeUser(UserEntity user) { private void removeUser(UserEntity user) {
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate(); em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate(); em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.createQuery("delete from " + SocialLinkEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate(); em.createQuery("delete from " + SocialLinkEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.remove(user); em.remove(user);
} }
@ -552,7 +562,7 @@ public class RealmAdapter implements RealmModel {
List<ApplicationModel> list = new ArrayList<ApplicationModel>(); List<ApplicationModel> list = new ArrayList<ApplicationModel>();
if (realm.getApplications() == null) return list; if (realm.getApplications() == null) return list;
for (ApplicationEntity entity : realm.getApplications()) { for (ApplicationEntity entity : realm.getApplications()) {
list.add(new ApplicationAdapter(em, entity)); list.add(new ApplicationAdapter(this, em, entity));
} }
return list; return list;
} }
@ -571,31 +581,41 @@ public class RealmAdapter implements RealmModel {
realm.getApplications().add(applicationData); realm.getApplications().add(applicationData);
em.persist(applicationData); em.persist(applicationData);
em.flush(); em.flush();
ApplicationModel resource = new ApplicationAdapter(em, applicationData); ApplicationModel resource = new ApplicationAdapter(this, em, applicationData);
em.flush(); em.flush();
return resource; return resource;
} }
@Override @Override
public boolean removeApplication(String id) { public boolean removeApplication(String id) {
ApplicationEntity application = null; if (id == null) return false;
ApplicationModel application = getApplicationById(id);
if (application == null) return false;
for (RoleModel role : application.getRoles()) {
application.removeRoleById(role.getId());
}
ApplicationEntity applicationEntity = null;
Iterator<ApplicationEntity> it = realm.getApplications().iterator();
while (it.hasNext()) {
ApplicationEntity ae = it.next();
if (ae.getId().equals(id)) {
applicationEntity = ae;
it.remove();
break;
}
}
for (ApplicationEntity a : realm.getApplications()) { for (ApplicationEntity a : realm.getApplications()) {
if (a.getId().equals(id)) { if (a.getId().equals(id)) {
application = a; applicationEntity = a;
} }
} }
if (application == null) { if (application == null) {
return false; return false;
} }
realm.getApplications().remove(application); em.remove(applicationEntity);
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where application = :application").setParameter("application", application).executeUpdate(); removeUser(applicationEntity.getApplicationUser());
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where application = :application").setParameter("application", application).executeUpdate();
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", application.getApplicationUser()).executeUpdate();
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", application.getApplicationUser()).executeUpdate();
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", application.getApplicationUser()).executeUpdate();
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", application.getApplicationUser()).executeUpdate();
removeUser(application.getApplicationUser());
em.remove(application);
return true; return true;
} }
@ -603,7 +623,7 @@ public class RealmAdapter implements RealmModel {
public ApplicationModel getApplicationById(String id) { public ApplicationModel getApplicationById(String id) {
ApplicationEntity app = em.find(ApplicationEntity.class, id); ApplicationEntity app = em.find(ApplicationEntity.class, id);
if (app == null) return null; if (app == null) return null;
return new ApplicationAdapter(em, app); return new ApplicationAdapter(this, em, app);
} }
@Override @Override
@ -758,10 +778,8 @@ public class RealmAdapter implements RealmModel {
@Override @Override
public boolean removeOAuthClient(String id) { public boolean removeOAuthClient(String id) {
OAuthClientEntity client = em.find(OAuthClientEntity.class, id); OAuthClientEntity client = em.find(OAuthClientEntity.class, id);
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate(); em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate(); em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
removeUser(client.getAgent()); removeUser(client.getAgent());
em.remove(client); em.remove(client);
return true; return true;
@ -820,55 +838,54 @@ public class RealmAdapter implements RealmModel {
@Override @Override
public RoleModel getRole(String name) { public RoleModel getRole(String name) {
Collection<RoleEntity> roles = realm.getRoles(); TypedQuery<RealmRoleEntity> query = em.createNamedQuery("getRealmRoleByName", RealmRoleEntity.class);
if (roles == null) return null; query.setParameter("name", name);
for (RoleEntity role : roles) { query.setParameter("realm", realm);
if (role.getName().equals(name)) { List<RealmRoleEntity> roles = query.getResultList();
return new RoleAdapter(role); if (roles.size() == 0) return null;
} return new RoleAdapter(this, em, roles.get(0));
}
return null; //To change body of implemented methods use File | Settings | File Templates.
} }
@Override @Override
public RoleModel addRole(String name) { public RoleModel addRole(String name) {
RoleModel role = getRole(name); RoleModel role = getRole(name);
if (role != null) return role; if (role != null) return role;
RoleEntity entity = new RoleEntity(); RealmRoleEntity entity = new RealmRoleEntity();
entity.setName(name); entity.setName(name);
em.persist(entity); entity.setRealm(realm);
realm.getRoles().add(entity); realm.getRoles().add(entity);
em.persist(entity);
em.flush(); em.flush();
return new RoleAdapter(entity); return new RoleAdapter(this, em, entity);
} }
@Override @Override
public boolean removeRoleById(String id) { public boolean removeRoleById(String id) {
RoleEntity role = em.find(RoleEntity.class, id); RoleModel role = getRoleById(id);
if (role == null) return false;
if (role == null) { if (role == null) {
return false; return false;
} }
RoleEntity roleEntity = ((RoleAdapter)role).getRole();
realm.getRoles().remove(role); realm.getRoles().remove(role);
realm.getDefaultRoles().remove(role); realm.getDefaultRoles().remove(role);
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate(); em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate(); em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.remove(role); em.remove(roleEntity);
return true; return true;
} }
@Override @Override
public List<RoleModel> getRoles() { public Set<RoleModel> getRoles() {
ArrayList<RoleModel> list = new ArrayList<RoleModel>(); Set<RoleModel> list = new HashSet<RoleModel>();
Collection<RoleEntity> roles = realm.getRoles(); Collection<RealmRoleEntity> roles = realm.getRoles();
if (roles == null) return list; if (roles == null) return list;
for (RoleEntity entity : roles) { for (RoleEntity entity : roles) {
list.add(new RoleAdapter(entity)); list.add(new RoleAdapter(this, em, entity));
} }
return list; return list;
} }
@ -877,28 +894,31 @@ public class RealmAdapter implements RealmModel {
public RoleModel getRoleById(String id) { public RoleModel getRoleById(String id) {
RoleEntity entity = em.find(RoleEntity.class, id); RoleEntity entity = em.find(RoleEntity.class, id);
if (entity == null) return null; if (entity == null) return null;
return new RoleAdapter(entity); return new RoleAdapter(this, em, entity);
} }
@Override @Override
public boolean hasRole(UserModel user, RoleModel role) { public boolean hasRole(UserModel user, RoleModel role) {
TypedQuery<RealmUserRoleMappingEntity> query = getRealmUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role); Set<RoleModel> roles = getRoleMappings(user);
return query.getResultList().size() > 0; if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
return false;
} }
protected TypedQuery<RealmUserRoleMappingEntity> getRealmUserRoleMappingEntityTypedQuery(UserAdapter user, RoleAdapter role) { protected TypedQuery<UserRoleMappingEntity> getUserRoleMappingEntityTypedQuery(UserAdapter user, RoleAdapter role) {
TypedQuery<RealmUserRoleMappingEntity> query = em.createNamedQuery("userHasRealmRole", RealmUserRoleMappingEntity.class); TypedQuery<UserRoleMappingEntity> query = em.createNamedQuery("userHasRole", UserRoleMappingEntity.class);
query.setParameter("user", ((UserAdapter)user).getUser()); query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("role", ((RoleAdapter)role).getRole()); query.setParameter("role", ((RoleAdapter) role).getRole());
query.setParameter("realm", realm);
return query; return query;
} }
@Override @Override
public void grantRole(UserModel user, RoleModel role) { public void grantRole(UserModel user, RoleModel role) {
if (hasRole(user, role)) return; if (hasRole(user, role)) return;
RealmUserRoleMappingEntity entity = new RealmUserRoleMappingEntity(); UserRoleMappingEntity entity = new UserRoleMappingEntity();
entity.setRealm(realm);
entity.setUser(((UserAdapter) user).getUser()); entity.setUser(((UserAdapter) user).getUser());
entity.setRole(((RoleAdapter)role).getRole()); entity.setRole(((RoleAdapter)role).getRole());
em.persist(entity); em.persist(entity);
@ -906,79 +926,69 @@ public class RealmAdapter implements RealmModel {
} }
@Override @Override
public List<RoleModel> getRoleMappings(UserModel user) { public Set<RoleModel> getRealmRoleMappings(UserModel user) {
TypedQuery<RealmUserRoleMappingEntity> query = em.createNamedQuery("userRealmMappings", RealmUserRoleMappingEntity.class); Set<RoleModel> roleMappings = getRoleMappings(user);
query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("realm", realm); Set<RoleModel> realmRoles = new HashSet<RoleModel>();
List<RealmUserRoleMappingEntity> entities = query.getResultList(); for (RoleModel role : roleMappings) {
List<RoleModel> roles = new ArrayList<RoleModel>(); RoleContainerModel container = role.getContainer();
for (RealmUserRoleMappingEntity entity : entities) { if (container instanceof RealmModel) {
roles.add(new RoleAdapter(entity.getRole())); realmRoles.add(role);
}
} }
return roles; return realmRoles;
} }
@Override @Override
public Set<String> getRoleMappingValues(UserModel user) { public Set<RoleModel> getRoleMappings(UserModel user) {
TypedQuery<RealmUserRoleMappingEntity> query = em.createNamedQuery("userRealmMappings", RealmUserRoleMappingEntity.class); TypedQuery<UserRoleMappingEntity> query = em.createNamedQuery("userRoleMappings", UserRoleMappingEntity.class);
query.setParameter("user", ((UserAdapter)user).getUser()); query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("realm", realm); List<UserRoleMappingEntity> entities = query.getResultList();
List<RealmUserRoleMappingEntity> entities = query.getResultList(); Set<RoleModel> roles = new HashSet<RoleModel>();
Set<String> roles = new HashSet<String>(); for (UserRoleMappingEntity entity : entities) {
for (RealmUserRoleMappingEntity entity : entities) { roles.add(new RoleAdapter(this, em, entity.getRole()));
roles.add(entity.getRole().getName());
} }
return roles; return roles;
} }
@Override @Override
public void deleteRoleMapping(UserModel user, RoleModel role) { public void deleteRoleMapping(UserModel user, RoleModel role) {
TypedQuery<RealmUserRoleMappingEntity> query = getRealmUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role); TypedQuery<UserRoleMappingEntity> query = getUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role);
List<RealmUserRoleMappingEntity> results = query.getResultList(); List<UserRoleMappingEntity> results = query.getResultList();
if (results.size() == 0) return; if (results.size() == 0) return;
for (RealmUserRoleMappingEntity entity : results) { for (UserRoleMappingEntity entity : results) {
em.remove(entity); em.remove(entity);
} }
em.flush(); em.flush();
} }
@Override @Override
public boolean hasRole(UserModel user, String roleName) { public Set<RoleModel> getRealmScopeMappings(UserModel user) {
RoleModel role = getRole(roleName); Set<RoleModel> roleMappings = getScopeMappings(user);
if (role == null) return false;
return hasRole(user, role);
}
@Override Set<RoleModel> appRoles = new HashSet<RoleModel>();
public void addScopeMapping(UserModel agent, String roleName) { for (RoleModel role : roleMappings) {
RoleModel role = getRole(roleName); RoleContainerModel container = role.getContainer();
if (role == null) throw new RuntimeException("role does not exist"); if (container instanceof RealmModel) {
addScopeMapping(agent, role); if (((RealmModel)container).getId().equals(getId())) {
em.flush(); appRoles.add(role);
} }
}
@Override
public Set<String> getScopeMappingValues(UserModel agent) {
TypedQuery<RealmScopeMappingEntity> query = em.createNamedQuery("userRealmScopeMappings", RealmScopeMappingEntity.class);
query.setParameter("user", ((UserAdapter)agent).getUser());
query.setParameter("realm", realm);
List<RealmScopeMappingEntity> entities = query.getResultList();
Set<String> roles = new HashSet<String>();
for (RealmScopeMappingEntity entity : entities) {
roles.add(entity.getRole().getName());
} }
return roles;
return appRoles;
} }
@Override @Override
public List<RoleModel> getScopeMappings(UserModel agent) { public Set<RoleModel> getScopeMappings(UserModel agent) {
TypedQuery<RealmScopeMappingEntity> query = em.createNamedQuery("userRealmScopeMappings", RealmScopeMappingEntity.class); TypedQuery<UserScopeMappingEntity> query = em.createNamedQuery("userScopeMappings", UserScopeMappingEntity.class);
query.setParameter("user", ((UserAdapter)agent).getUser()); query.setParameter("user", ((UserAdapter)agent).getUser());
query.setParameter("realm", realm); List<UserScopeMappingEntity> entities = query.getResultList();
List<RealmScopeMappingEntity> entities = query.getResultList(); Set<RoleModel> roles = new HashSet<RoleModel>();
List<RoleModel> roles = new ArrayList<RoleModel>(); for (UserScopeMappingEntity entity : entities) {
for (RealmScopeMappingEntity entity : entities) { roles.add(new RoleAdapter(this, em, entity.getRole()));
roles.add(new RoleAdapter(entity.getRole()));
} }
return roles; return roles;
} }
@ -986,35 +996,32 @@ public class RealmAdapter implements RealmModel {
@Override @Override
public void addScopeMapping(UserModel agent, RoleModel role) { public void addScopeMapping(UserModel agent, RoleModel role) {
if (hasScope(agent, role)) return; if (hasScope(agent, role)) return;
RealmScopeMappingEntity entity = new RealmScopeMappingEntity(); UserScopeMappingEntity entity = new UserScopeMappingEntity();
entity.setRealm(realm);
entity.setUser(((UserAdapter) agent).getUser()); entity.setUser(((UserAdapter) agent).getUser());
entity.setRole(((RoleAdapter)role).getRole()); entity.setRole(((RoleAdapter)role).getRole());
em.persist(entity); em.persist(entity);
em.flush();
} }
@Override @Override
public void deleteScopeMapping(UserModel user, RoleModel role) { public void deleteScopeMapping(UserModel user, RoleModel role) {
TypedQuery<RealmScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role); TypedQuery<UserScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
List<RealmScopeMappingEntity> results = query.getResultList(); List<UserScopeMappingEntity> results = query.getResultList();
if (results.size() == 0) return; if (results.size() == 0) return;
for (RealmScopeMappingEntity entity : results) { for (UserScopeMappingEntity entity : results) {
em.remove(entity); em.remove(entity);
} }
} }
public boolean hasScope(UserModel user, RoleModel role) { public boolean hasScope(UserModel user, RoleModel role) {
TypedQuery<RealmScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role); TypedQuery<UserScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
return query.getResultList().size() > 0; return query.getResultList().size() > 0;
} }
protected TypedQuery<RealmScopeMappingEntity> getRealmScopeMappingQuery(UserAdapter user, RoleAdapter role) { protected TypedQuery<UserScopeMappingEntity> getRealmScopeMappingQuery(UserAdapter user, RoleAdapter role) {
TypedQuery<RealmScopeMappingEntity> query = em.createNamedQuery("userHasRealmScope", RealmScopeMappingEntity.class); TypedQuery<UserScopeMappingEntity> query = em.createNamedQuery("userHasScope", UserScopeMappingEntity.class);
query.setParameter("user", ((UserAdapter)user).getUser()); query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("role", ((RoleAdapter)role).getRole()); query.setParameter("role", ((RoleAdapter)role).getRole());
query.setParameter("realm", realm);
return query; return query;
} }
@ -1081,4 +1088,12 @@ public class RealmAdapter implements RealmModel {
realm.setPasswordPolicy(policy.toString()); realm.setPasswordPolicy(policy.toString());
em.flush(); em.flush();
} }
public boolean equals(Object o) {
if (o == null) return false;
if (!(o instanceof RealmAdapter)) return false;
RealmAdapter r = (RealmAdapter)o;
return r.getId().equals(getId());
}
} }

107
model/jpa/src/main/java/org/keycloak/models/jpa/RoleAdapter.java
View file

@ -1,16 +1,29 @@
package org.keycloak.models.jpa; package org.keycloak.models.jpa;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
import org.keycloak.models.jpa.entities.ApplicationRoleEntity;
import org.keycloak.models.jpa.entities.RealmRoleEntity;
import org.keycloak.models.jpa.entities.RoleEntity; import org.keycloak.models.jpa.entities.RoleEntity;
import javax.persistence.EntityManager;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class RoleAdapter implements RoleModel { public class RoleAdapter implements RoleModel {
protected RoleEntity role; protected RoleEntity role;
protected EntityManager em;
protected RealmModel realm;
public RoleAdapter(RoleEntity role) { public RoleAdapter(RealmModel realm, EntityManager em, RoleEntity role) {
this.em = em;
this.realm = realm;
this.role = role; this.role = role;
} }
@ -46,4 +59,96 @@ public class RoleAdapter implements RoleModel {
public void setName(String name) { public void setName(String name) {
role.setName(name); role.setName(name);
} }
@Override
public boolean isComposite() {
return role.isComposite();
}
@Override
public void setComposite(boolean flag) {
role.setComposite(flag);
}
@Override
public void addCompositeRole(RoleModel role) {
RoleEntity entity = ((RoleAdapter)role).getRole();
for (RoleEntity composite : getRole().getCompositeRoles()) {
if (composite.equals(entity)) return;
}
getRole().getCompositeRoles().add(entity);
em.flush();
}
@Override
public void removeCompositeRole(RoleModel role) {
RoleEntity entity = ((RoleAdapter)role).getRole();
Iterator<RoleEntity> it = getRole().getCompositeRoles().iterator();
while (it.hasNext()) {
if (it.next().equals(entity)) it.remove();
}
}
@Override
public Set<RoleModel> getComposites() {
Set<RoleModel> set = new HashSet<RoleModel>();
for (RoleEntity composite : getRole().getCompositeRoles()) {
set.add(new RoleAdapter(realm, em, composite));
}
return set;
}
public static boolean searchFor(RoleModel role, RoleModel composite, Set<RoleModel> visited) {
if (visited.contains(composite)) return false;
visited.add(composite);
Set<RoleModel> composites = composite.getComposites();
if (composites.contains(role)) return true;
for (RoleModel contained : composites) {
if (!contained.isComposite()) continue;
if (searchFor(role, contained, visited)) return true;
}
return false;
}
@Override
public boolean hasRole(RoleModel role) {
if (this.equals(role)) return true;
if (!isComposite()) return false;
Set<RoleModel> visited = new HashSet<RoleModel>();
return searchFor(role, this, visited);
}
@Override
public RoleContainerModel getContainer() {
if (role instanceof ApplicationRoleEntity) {
ApplicationRoleEntity entity = (ApplicationRoleEntity)role;
return new ApplicationAdapter(realm, em, entity.getApplication());
} else if (role instanceof RealmRoleEntity) {
RealmRoleEntity entity = (RealmRoleEntity)role;
return new RealmAdapter(em, entity.getRealm());
}
throw new IllegalStateException("Unknown role entity type");
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
RoleAdapter that = (RoleAdapter) o;
if (!role.equals(that.role)) return false;
return true;
}
@Override
public int hashCode() {
return role.hashCode();
}
} }

46
model/jpa/src/main/java/org/keycloak/models/jpa/entities/AbstractRoleMappingEntity.java Executable file
View file

@ -0,0 +1,46 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.ManyToOne;
import javax.persistence.MappedSuperclass;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@MappedSuperclass
public class AbstractRoleMappingEntity {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
protected long id;
@ManyToOne
protected UserEntity user;
@ManyToOne
protected RoleEntity role;
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public UserEntity getUser() {
return user;
}
public void setUser(UserEntity user) {
this.user = user;
}
public RoleEntity getRole() {
return role;
}
public void setRole(RoleEntity role) {
this.role = role;
}
}

9
model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
View file

@ -31,9 +31,8 @@ public class ApplicationEntity {
@OneToOne(fetch = FetchType.EAGER) @OneToOne(fetch = FetchType.EAGER)
private UserEntity applicationUser; private UserEntity applicationUser;
@OneToMany(fetch = FetchType.EAGER, cascade ={CascadeType.REMOVE}, orphanRemoval = true) @OneToMany(fetch = FetchType.EAGER, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "application")
@JoinTable(name="APPLICATION_ROLES") Collection<ApplicationRoleEntity> roles = new ArrayList<ApplicationRoleEntity>();
Collection<RoleEntity> roles = new ArrayList<RoleEntity>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true) @OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
@JoinTable(name="APPLICATION_DEFAULT_ROLES") @JoinTable(name="APPLICATION_DEFAULT_ROLES")
@ -83,11 +82,11 @@ public class ApplicationEntity {
this.applicationUser = applicationUser; this.applicationUser = applicationUser;
} }
public Collection<RoleEntity> getRoles() { public Collection<ApplicationRoleEntity> getRoles() {
return roles; return roles;
} }
public void setRoles(Collection<RoleEntity> roles) { public void setRoles(Collection<ApplicationRoleEntity> roles) {
this.roles = roles; this.roles = roles;
} }

10
model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationScopeMappingEntity.java → model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationRoleEntity.java
View file

@ -1,6 +1,7 @@
package org.keycloak.models.jpa.entities; package org.keycloak.models.jpa.entities;
import javax.persistence.Entity; import javax.persistence.Entity;
import javax.persistence.JoinTable;
import javax.persistence.ManyToOne; import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries; import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery; import javax.persistence.NamedQuery;
@ -10,14 +11,13 @@ import javax.persistence.NamedQuery;
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
@NamedQueries({ @NamedQueries({
@NamedQuery(name="userHasApplicationScope", query="select m from ApplicationScopeMappingEntity m where m.user = :user and m.role = :role and m.application = :application"), @NamedQuery(name="getAppRoleByName", query="select role from ApplicationRoleEntity role where role.name = :name and role.application = :application")
@NamedQuery(name="userApplicationScopeMappings", query="select m from ApplicationScopeMappingEntity m where m.user = :user and m.application = :application")
}) })
@Entity @Entity
public class ApplicationScopeMappingEntity extends UserRoleMappingEntity { public class ApplicationRoleEntity extends RoleEntity {
@ManyToOne @ManyToOne
protected ApplicationEntity application; @JoinTable(name = "APPLICATION_ROLE")
private ApplicationEntity application;
public ApplicationEntity getApplication() { public ApplicationEntity getApplication() {
return application; return application;

29
model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationUserRoleMappingEntity.java
View file

@ -1,29 +0,0 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.Entity;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@NamedQueries({
@NamedQuery(name="userHasApplicationRole", query="select m from ApplicationUserRoleMappingEntity m where m.user = :user and m.role = :role and m.application = :application"),
@NamedQuery(name="userApplicationMappings", query="select m from ApplicationUserRoleMappingEntity m where m.user = :user and m.application = :application")
})
@Entity
public class ApplicationUserRoleMappingEntity extends UserRoleMappingEntity {
@ManyToOne
protected ApplicationEntity application;
public ApplicationEntity getApplication() {
return application;
}
public void setApplication(ApplicationEntity application) {
this.application = application;
}
}

13
model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
View file

@ -65,9 +65,8 @@ public class RealmEntity {
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true) @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
Collection<ApplicationEntity> applications = new ArrayList<ApplicationEntity>(); Collection<ApplicationEntity> applications = new ArrayList<ApplicationEntity>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true) @OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
@JoinTable(name="REALM_ROLES") Collection<RealmRoleEntity> roles = new ArrayList<RealmRoleEntity>();
Collection<RoleEntity> roles = new ArrayList<RoleEntity>();
@ElementCollection @ElementCollection
@MapKeyColumn(name="name") @MapKeyColumn(name="name")
@ -229,17 +228,17 @@ public class RealmEntity {
this.applications = applications; this.applications = applications;
} }
public Collection<RoleEntity> getRoles() { public Collection<RealmRoleEntity> getRoles() {
return roles; return roles;
} }
public void setRoles(Collection<RoleEntity> roles) { public void setRoles(Collection<RealmRoleEntity> roles) {
this.roles = roles; this.roles = roles;
} }
public void addRole(RoleEntity role) { public void addRole(RealmRoleEntity role) {
if (roles == null) { if (roles == null) {
roles = new ArrayList<RoleEntity>(); roles = new ArrayList<RealmRoleEntity>();
} }
roles.add(role); roles.add(role);
} }

8
model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmScopeMappingEntity.java → model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmRoleEntity.java
View file

@ -10,14 +10,12 @@ import javax.persistence.NamedQuery;
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
@NamedQueries({ @NamedQueries({
@NamedQuery(name="userHasRealmScope", query="select m from RealmScopeMappingEntity m where m.user = :user and m.role = :role and m.realm = :realm"), @NamedQuery(name="getRealmRoleByName", query="select role from RealmRoleEntity role where role.name = :name and role.realm = :realm")
@NamedQuery(name="userRealmScopeMappings", query="select m from RealmScopeMappingEntity m where m.user = :user and m.realm = :realm")
}) })
@Entity @Entity
public class RealmScopeMappingEntity extends UserRoleMappingEntity { public class RealmRoleEntity extends RoleEntity {
@ManyToOne @ManyToOne
protected RealmEntity realm; private RealmEntity realm;
public RealmEntity getRealm() { public RealmEntity getRealm() {
return realm; return realm;

29
model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmUserRoleMappingEntity.java
View file

@ -1,29 +0,0 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.Entity;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@NamedQueries({
@NamedQuery(name="userHasRealmRole", query="select m from RealmUserRoleMappingEntity m where m.user = :user and m.role = :role and m.realm = :realm"),
@NamedQuery(name="userRealmMappings", query="select m from RealmUserRoleMappingEntity m where m.user = :user and m.realm = :realm")
})
@Entity
public class RealmUserRoleMappingEntity extends UserRoleMappingEntity {
@ManyToOne
protected RealmEntity realm;
public RealmEntity getRealm() {
return realm;
}
public void setRealm(RealmEntity realm) {
this.realm = realm;
}
}

51
model/jpa/src/main/java/org/keycloak/models/jpa/entities/RoleEntity.java
View file

@ -1,22 +1,36 @@
package org.keycloak.models.jpa.entities; package org.keycloak.models.jpa.entities;
import javax.persistence.Entity; import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue; import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType; import javax.persistence.GenerationType;
import javax.persistence.Id; import javax.persistence.Id;
import javax.persistence.Inheritance;
import javax.persistence.InheritanceType;
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
import javax.persistence.OneToMany;
import java.util.ArrayList;
import java.util.Collection;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
@Entity @Entity
public class RoleEntity { @Inheritance(strategy = InheritanceType.SINGLE_TABLE)
public abstract class RoleEntity {
@Id @Id
@GeneratedValue(strategy = GenerationType.IDENTITY) @GeneratedValue(strategy = GenerationType.AUTO)
private String id; private String id;
private String name; private String name;
private String description; private String description;
private boolean composite;
@ManyToMany(fetch = FetchType.LAZY, cascade = {})
//@JoinTable(name = "COMPOSITE_ROLE")
private Collection<RoleEntity> compositeRoles = new ArrayList<RoleEntity>();
public String getId() { public String getId() {
return id; return id;
@ -41,4 +55,37 @@ public class RoleEntity {
public void setDescription(String description) { public void setDescription(String description) {
this.description = description; this.description = description;
} }
public boolean isComposite() {
return composite;
}
public void setComposite(boolean composite) {
this.composite = composite;
}
public Collection<RoleEntity> getCompositeRoles() {
return compositeRoles;
}
public void setCompositeRoles(Collection<RoleEntity> compositeRoles) {
this.compositeRoles = compositeRoles;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
RoleEntity that = (RoleEntity) o;
if (!id.equals(that.id)) return false;
return true;
}
@Override
public int hashCode() {
return id.hashCode();
}
} }

41
model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserRoleMappingEntity.java
View file

@ -1,46 +1,23 @@
package org.keycloak.models.jpa.entities; package org.keycloak.models.jpa.entities;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue; import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType; import javax.persistence.GenerationType;
import javax.persistence.Id; import javax.persistence.Id;
import javax.persistence.ManyToOne; import javax.persistence.ManyToOne;
import javax.persistence.MappedSuperclass; import javax.persistence.MappedSuperclass;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
@MappedSuperclass @NamedQueries({
public abstract class UserRoleMappingEntity { @NamedQuery(name="userHasRole", query="select m from UserRoleMappingEntity m where m.user = :user and m.role = :role"),
@Id @NamedQuery(name="userRoleMappings", query="select m from UserRoleMappingEntity m where m.user = :user")
@GeneratedValue(strategy = GenerationType.IDENTITY) })
protected long id; @Entity
@ManyToOne public class UserRoleMappingEntity extends AbstractRoleMappingEntity {
protected UserEntity user;
@ManyToOne
protected RoleEntity role;
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public UserEntity getUser() {
return user;
}
public void setUser(UserEntity user) {
this.user = user;
}
public RoleEntity getRole() {
return role;
}
public void setRole(RoleEntity role) {
this.role = role;
}
} }

18
model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserScopeMappingEntity.java Executable file
View file

@ -0,0 +1,18 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.Entity;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@NamedQueries({
@NamedQuery(name="userHasScope", query="select m from UserScopeMappingEntity m where m.user = :user and m.role = :role"),
@NamedQuery(name="userScopeMappings", query="select m from UserScopeMappingEntity m where m.user = :user")
})
@Entity
public class UserScopeMappingEntity extends AbstractRoleMappingEntity {
}

2
model/pom.xml
View file

@ -35,7 +35,7 @@
</build> </build>
<modules> <modules>
<module>api</module> <module>api</module>
<module>picketlink</module> <!-- <module>picketlink</module> -->
<module>jpa</module> <module>jpa</module>
<!-- <module>mongo</module> --> <!-- <module>mongo</module> -->
</modules> </modules>

2
services/pom.xml
View file

@ -47,12 +47,14 @@
<version>${project.version}</version> <version>${project.version}</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<!--
<dependency> <dependency>
<groupId>org.keycloak</groupId> <groupId>org.keycloak</groupId>
<artifactId>keycloak-model-picketlink</artifactId> <artifactId>keycloak-model-picketlink</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
-->
<!--<dependency> <!--<dependency>
<groupId>org.keycloak</groupId> <groupId>org.keycloak</groupId>

4
services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
View file

@ -74,11 +74,11 @@ public class ApplianceBootstrap {
realm.updateCredential(adminUser, password); realm.updateCredential(adminUser, password);
adminUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD); adminUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
adminConsole.grantRole(adminUser, adminRole); realm.grantRole(adminUser, adminRole);
ApplicationModel accountApp = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION); ApplicationModel accountApp = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
for (String r : accountApp.getDefaultRoles()) { for (String r : accountApp.getDefaultRoles()) {
accountApp.grantRole(adminUser, accountApp.getRole(r)); realm.grantRole(adminUser, accountApp.getRole(r));
} }
} }

11
services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
View file

@ -102,7 +102,7 @@ public class ApplicationManager {
if (role == null) { if (role == null) {
role = applicationModel.addRole(roleString.trim()); role = applicationModel.addRole(roleString.trim());
} }
applicationModel.grantRole(user, role); realm.grantRole(user, role);
} }
} }
} }
@ -115,7 +115,7 @@ public class ApplicationManager {
if (role == null) { if (role == null) {
role = applicationModel.addRole(roleString.trim()); role = applicationModel.addRole(roleString.trim());
} }
applicationModel.addScopeMapping(user, role.getName()); realm.addScopeMapping(user, role);
} }
} }
} }
@ -125,6 +125,13 @@ public class ApplicationManager {
return createApplication(realm, loginRole, resourceRep); return createApplication(realm, loginRole, resourceRep);
} }
public ApplicationModel createApplication(RealmModel realm, String name) {
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
ApplicationModel app = realm.addApplication(name);
realm.grantRole(app.getApplicationUser(), loginRole);
return app;
}
public void updateApplication(ApplicationRepresentation rep, ApplicationModel resource) { public void updateApplication(ApplicationRepresentation rep, ApplicationModel resource) {
resource.setName(rep.getName()); resource.setName(rep.getName());
resource.setEnabled(rep.isEnabled()); resource.setEnabled(rep.isEnabled());

10
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
View file

@ -9,6 +9,7 @@ import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel; import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.representations.SkeletonKeyToken; import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.CredentialRepresentation;
@ -250,16 +251,18 @@ public class AuthenticationManager {
} }
if (!user.isEnabled()) { if (!user.isEnabled()) {
logger.debug("Account is disabled, contact admin."); logger.debug("Account is disabled, contact admin. " + user.getLoginName());
return AuthenticationStatus.ACCOUNT_DISABLED; return AuthenticationStatus.ACCOUNT_DISABLED;
} }
Set<String> types = new HashSet<String>(); Set<String> types = new HashSet<String>();
List<RequiredCredentialModel> requiredCredentials = null; List<RequiredCredentialModel> requiredCredentials = null;
if (realm.hasRole(user, Constants.APPLICATION_ROLE)) { RoleModel applicationRole = realm.getRole(Constants.APPLICATION_ROLE);
RoleModel identityRequesterRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
if (realm.hasRole(user, applicationRole)) {
requiredCredentials = realm.getRequiredApplicationCredentials(); requiredCredentials = realm.getRequiredApplicationCredentials();
} else if (realm.hasRole(user, Constants.IDENTITY_REQUESTER_ROLE)) { } else if (realm.hasRole(user, identityRequesterRole)) {
requiredCredentials = realm.getRequiredOAuthClientCredentials(); requiredCredentials = realm.getRequiredOAuthClientCredentials();
} else { } else {
requiredCredentials = realm.getRequiredCredentials(); requiredCredentials = realm.getRequiredCredentials();
@ -289,6 +292,7 @@ public class AuthenticationManager {
} else { } else {
logger.debug("validating password for user: " + user.getLoginName()); logger.debug("validating password for user: " + user.getLoginName());
if (!realm.validatePassword(user, password)) { if (!realm.validatePassword(user, password)) {
logger.debug("invalid password for user: " + user.getLoginName());
return AuthenticationStatus.INVALID_CREDENTIALS; return AuthenticationStatus.INVALID_CREDENTIALS;
} }
} }

112
services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java Executable file
View file

@ -0,0 +1,112 @@
package org.keycloak.services.managers;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ModelToRepresentation {
public static UserRepresentation toRepresentation(UserModel user) {
UserRepresentation rep = new UserRepresentation();
rep.setUsername(user.getLoginName());
rep.setLastName(user.getLastName());
rep.setFirstName(user.getFirstName());
rep.setEmail(user.getEmail());
rep.setEnabled(user.isEnabled());
rep.setEmailVerified(user.isEmailVerified());
rep.setTotp(user.isTotp());
List<String> reqActions = new ArrayList<String>();
for (UserModel.RequiredAction ra : user.getRequiredActions()){
reqActions.add(ra.name());
}
rep.setRequiredActions(reqActions);
if (user.getAttributes() != null && !user.getAttributes().isEmpty()) {
Map<String, String> attrs = new HashMap<String, String>();
attrs.putAll(user.getAttributes());
rep.setAttributes(attrs);
}
return rep;
}
public static RoleRepresentation toRepresentation(RoleModel role) {
RoleRepresentation rep = new RoleRepresentation();
rep.setId(role.getId());
rep.setName(role.getName());
rep.setDescription(role.getDescription());
rep.setComposite(role.isComposite());
return rep;
}
public static RealmRepresentation toRepresentation(RealmModel realm) {
RealmRepresentation rep = new RealmRepresentation();
rep.setId(realm.getId());
rep.setRealm(realm.getName());
rep.setEnabled(realm.isEnabled());
rep.setSocial(realm.isSocial());
rep.setUpdateProfileOnInitialSocialLogin(realm.isUpdateProfileOnInitialSocialLogin());
rep.setSslNotRequired(realm.isSslNotRequired());
rep.setPublicKey(realm.getPublicKeyPem());
rep.setPrivateKey(realm.getPrivateKeyPem());
rep.setRegistrationAllowed(realm.isRegistrationAllowed());
rep.setVerifyEmail(realm.isVerifyEmail());
rep.setResetPasswordAllowed(realm.isResetPasswordAllowed());
rep.setTokenLifespan(realm.getTokenLifespan());
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction());
rep.setSmtpServer(realm.getSmtpConfig());
rep.setSocialProviders(realm.getSocialConfig());
if (realm.getPasswordPolicy() != null) {
rep.setPasswordPolicy(realm.getPasswordPolicy().toString());
}
ApplicationModel accountManagementApplication = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
List<String> defaultRoles = realm.getDefaultRoles();
if (!defaultRoles.isEmpty()) {
List<String> roleStrings = new ArrayList<String>();
roleStrings.addAll(defaultRoles);
rep.setDefaultRoles(roleStrings);
}
List<RequiredCredentialModel> requiredCredentialModels = realm.getRequiredCredentials();
if (requiredCredentialModels.size() > 0) {
rep.setRequiredCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredCredentialModels) {
rep.getRequiredCredentials().add(cred.getType());
}
}
List<RequiredCredentialModel> requiredResourceCredentialModels = realm.getRequiredApplicationCredentials();
if (requiredResourceCredentialModels.size() > 0) {
rep.setRequiredApplicationCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredResourceCredentialModels) {
rep.getRequiredApplicationCredentials().add(cred.getType());
}
}
List<RequiredCredentialModel> requiredOAuthCredentialModels = realm.getRequiredOAuthClientCredentials();
if (requiredOAuthCredentialModels.size() > 0) {
rep.setRequiredOAuthClientCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredOAuthCredentialModels) {
rep.getRequiredOAuthClientCredentials().add(cred.getType());
}
}
return rep;
}
}

91
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -309,7 +309,7 @@ public class RealmManager {
role = newRealm.addRole(roleString.trim()); role = newRealm.addRole(roleString.trim());
} }
UserModel user = userMap.get(scope.getUsername()); UserModel user = userMap.get(scope.getUsername());
newRealm.addScopeMapping(user, role.getName()); newRealm.addScopeMapping(user, role);
} }
} }
@ -422,93 +422,4 @@ public class RealmManager {
} }
public static UserRepresentation toRepresentation(UserModel user) {
UserRepresentation rep = new UserRepresentation();
rep.setUsername(user.getLoginName());
rep.setLastName(user.getLastName());
rep.setFirstName(user.getFirstName());
rep.setEmail(user.getEmail());
rep.setEnabled(user.isEnabled());
rep.setEmailVerified(user.isEmailVerified());
rep.setTotp(user.isTotp());
List<String> reqActions = new ArrayList<String>();
for (RequiredAction ra : user.getRequiredActions()){
reqActions.add(ra.name());
}
rep.setRequiredActions(reqActions);
if (user.getAttributes() != null && !user.getAttributes().isEmpty()) {
Map<String, String> attrs = new HashMap<String, String>();
attrs.putAll(user.getAttributes());
rep.setAttributes(attrs);
}
return rep;
}
public static RoleRepresentation toRepresentation(RoleModel role) {
RoleRepresentation rep = new RoleRepresentation();
rep.setId(role.getId());
rep.setName(role.getName());
rep.setDescription(role.getDescription());
return rep;
}
public static RealmRepresentation toRepresentation(RealmModel realm) {
RealmRepresentation rep = new RealmRepresentation();
rep.setId(realm.getId());
rep.setRealm(realm.getName());
rep.setEnabled(realm.isEnabled());
rep.setSocial(realm.isSocial());
rep.setUpdateProfileOnInitialSocialLogin(realm.isUpdateProfileOnInitialSocialLogin());
rep.setSslNotRequired(realm.isSslNotRequired());
rep.setPublicKey(realm.getPublicKeyPem());
rep.setPrivateKey(realm.getPrivateKeyPem());
rep.setRegistrationAllowed(realm.isRegistrationAllowed());
rep.setVerifyEmail(realm.isVerifyEmail());
rep.setResetPasswordAllowed(realm.isResetPasswordAllowed());
rep.setTokenLifespan(realm.getTokenLifespan());
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction());
rep.setSmtpServer(realm.getSmtpConfig());
rep.setSocialProviders(realm.getSocialConfig());
if (realm.getPasswordPolicy() != null) {
rep.setPasswordPolicy(realm.getPasswordPolicy().toString());
}
ApplicationModel accountManagementApplication = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
List<String> defaultRoles = realm.getDefaultRoles();
if (!defaultRoles.isEmpty()) {
List<String> roleStrings = new ArrayList<String>();
roleStrings.addAll(defaultRoles);
rep.setDefaultRoles(roleStrings);
}
List<RequiredCredentialModel> requiredCredentialModels = realm.getRequiredCredentials();
if (requiredCredentialModels.size() > 0) {
rep.setRequiredCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredCredentialModels) {
rep.getRequiredCredentials().add(cred.getType());
}
}
List<RequiredCredentialModel> requiredResourceCredentialModels = realm.getRequiredApplicationCredentials();
if (requiredResourceCredentialModels.size() > 0) {
rep.setRequiredApplicationCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredResourceCredentialModels) {
rep.getRequiredApplicationCredentials().add(cred.getType());
}
}
List<RequiredCredentialModel> requiredOAuthCredentialModels = realm.getRequiredOAuthClientCredentials();
if (requiredOAuthCredentialModels.size() > 0) {
rep.setRequiredOAuthClientCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredOAuthCredentialModels) {
rep.getRequiredOAuthClientCredentials().add(cred.getType());
}
}
return rep;
}
} }

177
services/src/main/java/org/keycloak/services/managers/TokenManager.java
View file

@ -2,7 +2,6 @@ package org.keycloak.services.managers;
import org.jboss.resteasy.logging.Logger; import org.jboss.resteasy.logging.Logger;
import org.keycloak.jose.jws.JWSBuilder; import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.util.JsonSerialization;
import org.keycloak.models.ApplicationModel; import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
@ -11,10 +10,12 @@ import org.keycloak.models.UserModel;
import org.keycloak.representations.SkeletonKeyScope; import org.keycloak.representations.SkeletonKeyScope;
import org.keycloak.representations.SkeletonKeyToken; import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.util.Base64Url; import org.keycloak.util.Base64Url;
import org.keycloak.util.JsonSerialization;
import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.MultivaluedMap;
import java.io.IOException; import java.io.IOException;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -44,48 +45,104 @@ public class TokenManager {
return accessCodeMap.remove(key); return accessCodeMap.remove(key);
} }
protected boolean desiresScope(SkeletonKeyScope scope, String key, String roleName) {
if (scope == null || scope.isEmpty()) return true;
List<String> val = scope.get(key);
if (val == null) return false;
return val.contains(roleName);
}
protected boolean desiresScopeGroup(SkeletonKeyScope scope, String key) {
if (scope == null || scope.isEmpty()) return true;
return scope.containsKey(key);
}
protected boolean isEmpty(SkeletonKeyScope scope) {
return scope == null || scope.isEmpty();
}
public static void addScopes(RoleModel role, RoleModel scope, Set<RoleModel> visited, Set<RoleModel> requested) {
if (visited.contains(scope)) return;
visited.add(scope);
if (role.hasRole(scope)) {
requested.add(scope);
return;
}
if (!scope.isComposite()) return;
for (RoleModel contained : scope.getComposites()) {
addScopes(role, contained, visited, requested);
}
}
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) { public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) {
boolean applicationResource = realm.hasRole(client, realm.getRole(Constants.APPLICATION_ROLE));
AccessCodeEntry code = new AccessCodeEntry(); AccessCodeEntry code = new AccessCodeEntry();
SkeletonKeyScope scopeMap = null; SkeletonKeyScope scopeMap = null;
if (scopeParam != null) scopeMap = decodeScope(scopeParam); if (scopeParam != null) scopeMap = decodeScope(scopeParam);
List<RoleModel> realmRolesRequested = code.getRealmRolesRequested(); List<RoleModel> realmRolesRequested = code.getRealmRolesRequested();
MultivaluedMap<String, RoleModel> resourceRolesRequested = code.getResourceRolesRequested(); MultivaluedMap<String, RoleModel> resourceRolesRequested = code.getResourceRolesRequested();
Set<String> realmMapping = realm.getRoleMappingValues(user);
if (realmMapping != null && realmMapping.size() > 0 && (scopeMap == null || scopeMap.containsKey("realm"))) {
Set<String> scope = realm.getScopeMappingValues(client); Set<RoleModel> roleMappings = realm.getRoleMappings(user);
if (scope.size() > 0) { Set<RoleModel> scopeMappings = realm.getScopeMappings(client);
Set<String> scopeRequest = scopeMap != null ? new HashSet<String>(scopeMap.get("realm")) : null; ApplicationModel clientApp = realm.getApplicationByName(client.getLoginName());
for (String role : realmMapping) { Set<RoleModel> clientAppRoles = clientApp == null ? null : clientApp.getRoles();
if ((scopeRequest == null || scopeRequest.contains(role)) && scope.contains(role)) if (clientAppRoles != null) scopeMappings.addAll(clientAppRoles);
realmRolesRequested.add(realm.getRole(role));
} Set<RoleModel> requestedRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
if (clientApp != null && role.getContainer().equals(clientApp)) requestedRoles.add(role);
for (RoleModel desiredRole : scopeMappings) {
Set<RoleModel> visited = new HashSet<RoleModel>();
addScopes(role, desiredRole, visited, requestedRoles);
} }
} }
for (ApplicationModel resource : realm.getApplications()) {
if (applicationResource && resource.getApplicationUser().getLoginName().equals(client.getLoginName())) { for (RoleModel role : requestedRoles) {
for (String role : resource.getRoleMappingValues(user)) { if (role.getContainer() instanceof RealmModel && desiresScope(scopeMap, "realm", role.getName())) {
resourceRolesRequested.addAll(resource.getName(), resource.getRole(role)); realmRolesRequested.add(role);
} } else if (role.getContainer() instanceof ApplicationModel) {
} else { ApplicationModel app = (ApplicationModel)role.getContainer();
Set<String> mapping = resource.getRoleMappingValues(user); if (desiresScope(scopeMap, app.getName(), role.getName())) {
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) { resourceRolesRequested.add(app.getName(), role);
Set<String> scope = resource.getScopeMappingValues(client);
if (scope.size() > 0) {
Set<String> scopeRequest = scopeMap != null ? new HashSet<String>(scopeMap.get(resource.getName())) : null;
for (String role : mapping) {
if ((scopeRequest == null || scopeRequest.contains(role)) && scope.contains(role))
resourceRolesRequested.add(resource.getName(), resource.getRole(role));
}
}
} }
} }
} }
Set<RoleModel> realmRoleMappings = realm.getRealmRoleMappings(user);
for (RoleModel role : realmRoleMappings) {
if (!desiresScope(scopeMap, "realm", role.getName())) continue;
for (RoleModel desiredRole : scopeMappings) {
if (desiredRole.hasRole(role)) {
realmRolesRequested.add(role);
} else if (role.hasRole(desiredRole)) {
realmRolesRequested.add(desiredRole);
}
}
}
for (ApplicationModel application : realm.getApplications()) {
if (!desiresScopeGroup(scopeMap, application.getName())) continue;
Set<RoleModel> appRoleMappings = application.getApplicationRoleMappings(user);
for (RoleModel role : appRoleMappings) {
if (!desiresScope(scopeMap, application.getName(), role.getName())) continue;
for (RoleModel desiredRole : scopeMappings) {
if (!application.getApplicationUser().getLoginName().equals(client.getLoginName())
&& !desiredRole.hasRole(role)) continue;
resourceRolesRequested.add(application.getName(), role);
}
}
}
createToken(code, realm, client, user); createToken(code, realm, client, user);
code.setRealm(realm); code.setRealm(realm);
code.setExpiration((System.currentTimeMillis() / 1000) + realm.getAccessCodeLifespan()); code.setExpiration((System.currentTimeMillis() / 1000) + realm.getAccessCodeLifespan());
@ -121,25 +178,48 @@ public class TokenManager {
return token; return token;
} }
protected void addComposites(SkeletonKeyToken token, RoleModel role) {
SkeletonKeyToken.Access access = null;
if (role.getContainer() instanceof RealmModel) {
access = token.getRealmAccess();
if (token.getRealmAccess() == null) {
access = new SkeletonKeyToken.Access();
token.setRealmAccess(access);
} else if (token.getRealmAccess().getRoles() != null && token.getRealmAccess().isUserInRole(role.getName()))
return;
} else {
ApplicationModel app = (ApplicationModel) role.getContainer();
access = token.getResourceAccess(app.getName());
if (access == null) {
access = token.addAccess(app.getName());
if (app.isSurrogateAuthRequired()) access.verifyCaller(true);
} else if (access.isUserInRole(role.getName())) return;
}
access.addRole(role.getName());
if (!role.isComposite()) return;
for (RoleModel composite : role.getComposites()) {
addComposites(token, composite);
}
}
protected void createToken(AccessCodeEntry accessCodeEntry, RealmModel realm, UserModel client, UserModel user) { protected void createToken(AccessCodeEntry accessCodeEntry, RealmModel realm, UserModel client, UserModel user) {
SkeletonKeyToken token = initToken(realm, client, user); SkeletonKeyToken token = initToken(realm, client, user);
if (accessCodeEntry.getRealmRolesRequested().size() > 0) { if (accessCodeEntry.getRealmRolesRequested().size() > 0) {
SkeletonKeyToken.Access access = new SkeletonKeyToken.Access();
for (RoleModel role : accessCodeEntry.getRealmRolesRequested()) { for (RoleModel role : accessCodeEntry.getRealmRolesRequested()) {
access.addRole(role.getName()); addComposites(token, role);
} }
token.setRealmAccess(access);
} }
if (accessCodeEntry.getResourceRolesRequested().size() > 0) { if (accessCodeEntry.getResourceRolesRequested().size() > 0) {
Map<String, ApplicationModel> resourceMap = realm.getApplicationNameMap(); for (List<RoleModel> roles : accessCodeEntry.getResourceRolesRequested().values()) {
for (String resourceName : accessCodeEntry.getResourceRolesRequested().keySet()) { for (RoleModel role : roles) {
ApplicationModel resource = resourceMap.get(resourceName); addComposites(token, role);
SkeletonKeyToken.Access access = token.addAccess(resourceName).verifyCaller(resource.isSurrogateAuthRequired());
for (RoleModel role : accessCodeEntry.getResourceRolesRequested().get(resourceName)) {
access.addRole(role.getName());
} }
} }
} }
@ -169,7 +249,6 @@ public class TokenManager {
public SkeletonKeyToken createAccessToken(RealmModel realm, UserModel user) { public SkeletonKeyToken createAccessToken(RealmModel realm, UserModel user) {
List<ApplicationModel> resources = realm.getApplications();
SkeletonKeyToken token = new SkeletonKeyToken(); SkeletonKeyToken token = new SkeletonKeyToken();
token.id(RealmManager.generateId()); token.id(RealmManager.generateId());
token.issuedNow(); token.issuedNow();
@ -178,26 +257,8 @@ public class TokenManager {
if (realm.getTokenLifespan() > 0) { if (realm.getTokenLifespan() > 0) {
token.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan()); token.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan());
} }
for (RoleModel role : realm.getRoleMappings(user)) {
Set<String> realmMapping = realm.getRoleMappingValues(user); addComposites(token, role);
if (realmMapping != null && realmMapping.size() > 0) {
SkeletonKeyToken.Access access = new SkeletonKeyToken.Access();
for (String role : realmMapping) {
access.addRole(role);
}
token.setRealmAccess(access);
}
if (resources != null) {
for (ApplicationModel resource : resources) {
Set<String> mapping = resource.getRoleMappingValues(user);
if (mapping == null) continue;
SkeletonKeyToken.Access access = token.addAccess(resource.getName())
.verifyCaller(resource.isSurrogateAuthRequired());
for (String role : mapping) {
access.addRole(role);
}
}
} }
return token; return token;
} }

8
services/src/main/java/org/keycloak/services/resources/AccountService.java
View file

@ -33,7 +33,7 @@ import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.AccessCodeEntry; import org.keycloak.services.managers.AccessCodeEntry;
import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.TokenManager; import org.keycloak.services.managers.TokenManager;
import org.keycloak.services.messages.Messages; import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.flows.Flows; import org.keycloak.services.resources.flows.Flows;
@ -124,7 +124,7 @@ public class AccountService {
if (!hasAccess(auth, Constants.ACCOUNT_PROFILE_ROLE)) { if (!hasAccess(auth, Constants.ACCOUNT_PROFILE_ROLE)) {
return Response.status(Response.Status.FORBIDDEN).build(); return Response.status(Response.Status.FORBIDDEN).build();
} }
return Cors.add(request, Response.ok(RealmManager.toRepresentation(auth.getUser()))).auth().allowedOrigins(auth.getClient()).build(); return Cors.add(request, Response.ok(ModelToRepresentation.toRepresentation(auth.getUser()))).auth().allowedOrigins(auth.getClient()).build();
} else { } else {
return Response.notAcceptable(Variant.VariantListBuilder.newInstance().mediaTypes(MediaType.TEXT_HTML_TYPE, MediaType.APPLICATION_JSON_TYPE).build()).build(); return Response.notAcceptable(Variant.VariantListBuilder.newInstance().mediaTypes(MediaType.TEXT_HTML_TYPE, MediaType.APPLICATION_JSON_TYPE).build()).build();
} }
@ -382,7 +382,7 @@ public class AccountService {
private boolean hasAccess(AuthenticationManager.Auth auth, String role) { private boolean hasAccess(AuthenticationManager.Auth auth, String role) {
UserModel client = auth.getClient(); UserModel client = auth.getClient();
if (realm.hasRole(client, Constants.APPLICATION_ROLE)) { if (realm.hasRole(client, realm.getRole(Constants.APPLICATION_ROLE))) {
// Tokens from cookies don't have roles // Tokens from cookies don't have roles
UserModel user = auth.getUser(); UserModel user = auth.getUser();
if (hasRole(user, Constants.ACCOUNT_MANAGE_ROLE) || (role != null && hasRole(user, role))) { if (hasRole(user, Constants.ACCOUNT_MANAGE_ROLE) || (role != null && hasRole(user, role))) {
@ -401,7 +401,7 @@ public class AccountService {
} }
private boolean hasRole(UserModel user, String role) { private boolean hasRole(UserModel user, String role) {
return application.hasRole(user, role); return realm.hasRole(user, application.getRole(role));
} }
private String getReferrer() { private String getReferrer() {

5
services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
View file

@ -191,7 +191,7 @@ public class AdminService {
throw new NotFoundException(); throw new NotFoundException();
} }
RoleModel adminRole = adminConsole.getRole(Constants.ADMIN_CONSOLE_ADMIN_ROLE); RoleModel adminRole = adminConsole.getRole(Constants.ADMIN_CONSOLE_ADMIN_ROLE);
if (!adminConsole.hasRole(admin, adminRole)) { if (!saasRealm.hasRole(admin, adminRole)) {
logger.warn("not a Realm admin"); logger.warn("not a Realm admin");
throw new NotAuthorizedException("Bearer"); throw new NotAuthorizedException("Bearer");
} }
@ -308,7 +308,8 @@ public class AdminService {
logger.debug("bad client"); logger.debug("bad client");
return redirectOnLoginError("invalid login data"); return redirectOnLoginError("invalid login data");
} }
if (!adminConsole.hasRole(accessCode.getUser(), Constants.ADMIN_CONSOLE_ADMIN_ROLE)) { RoleModel adminConsoleAdminRole = adminConsole.getRole(Constants.ADMIN_CONSOLE_ADMIN_ROLE);
if (!realm.hasRole(accessCode.getUser(), adminConsoleAdminRole)) {
logger.debug("not allowed"); logger.debug("not allowed");
return redirectOnLoginError("No permission to access console"); return redirectOnLoginError("No permission to access console");
} }

3
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
View file

@ -6,6 +6,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import javax.ws.rs.*; import javax.ws.rs.*;
@ -51,7 +52,7 @@ public class RealmAdminResource extends RoleContainerResource {
@NoCache @NoCache
@Produces("application/json") @Produces("application/json")
public RealmRepresentation getRealm() { public RealmRepresentation getRealm() {
return RealmManager.toRepresentation(realm); return ModelToRepresentation.toRepresentation(realm);
} }

3
services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
View file

@ -9,6 +9,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.flows.Flows; import org.keycloak.services.resources.flows.Flows;
@ -59,7 +60,7 @@ public class RealmsAdminResource {
List<RealmModel> realms = session.getRealms(admin); List<RealmModel> realms = session.getRealms(admin);
List<RealmRepresentation> reps = new ArrayList<RealmRepresentation>(); List<RealmRepresentation> reps = new ArrayList<RealmRepresentation>();
for (RealmModel realm : realms) { for (RealmModel realm : realms) {
reps.add(realmManager.toRepresentation(realm)); reps.add(ModelToRepresentation.toRepresentation(realm));
} }
return reps; return reps;
} }

72
services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
View file

@ -5,6 +5,7 @@ import org.keycloak.models.Constants;
import org.keycloak.models.RoleContainerModel; import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.resources.flows.Flows; import org.keycloak.services.resources.flows.Flows;
import javax.ws.rs.*; import javax.ws.rs.*;
@ -12,7 +13,10 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo; import javax.ws.rs.core.UriInfo;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Set;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -30,13 +34,11 @@ public class RoleContainerResource {
@NoCache @NoCache
@Produces("application/json") @Produces("application/json")
public List<RoleRepresentation> getRoles() { public List<RoleRepresentation> getRoles() {
List<RoleModel> roleModels = roleContainer.getRoles(); Set<RoleModel> roleModels = roleContainer.getRoles();
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>(); List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : roleModels) { for (RoleModel roleModel : roleModels) {
if (!roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) { if (!roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
RoleRepresentation role = new RoleRepresentation(roleModel.getName(), roleModel.getDescription()); roles.add(ModelToRepresentation.toRepresentation(roleModel));
role.setId(roleModel.getId());
roles.add(role);
} }
} }
return roles; return roles;
@ -51,9 +53,7 @@ public class RoleContainerResource {
if (roleModel == null || roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) { if (roleModel == null || roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException("Could not find role: " + roleName); throw new NotFoundException("Could not find role: " + roleName);
} }
RoleRepresentation rep = new RoleRepresentation(roleModel.getName(), roleModel.getDescription()); return ModelToRepresentation.toRepresentation(roleModel);
rep.setId(roleModel.getId());
return rep;
} }
@Path("roles/{role-name}") @Path("roles/{role-name}")
@ -79,8 +79,65 @@ public class RoleContainerResource {
} }
role.setName(rep.getName()); role.setName(rep.getName());
role.setDescription(rep.getDescription()); role.setDescription(rep.getDescription());
role.setComposite(rep.isComposite());
} }
@Path("roles/{role-name}/composites")
@POST
@Consumes("application/json")
public void addComposites(final @PathParam("role-name") String roleName, List<RoleRepresentation> roles) {
RoleModel role = roleContainer.getRole(roleName);
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException("Could not find role: " + roleName);
}
for (RoleRepresentation rep : roles) {
RoleModel composite = roleContainer.getRole(rep.getName());
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException("Could not find composite role: " + rep.getName());
}
if (!role.isComposite()) role.setComposite(true);
role.addCompositeRole(composite);
}
}
@Path("roles/{role-name}/composites")
@GET
@NoCache
@Produces("application/json")
public Set<RoleRepresentation> getRoleComposites(final @PathParam("role-name") String roleName) {
RoleModel role = roleContainer.getRole(roleName);
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException("Could not find role: " + roleName);
}
if (!role.isComposite() || role.getComposites().size() == 0) return Collections.emptySet();
Set<RoleRepresentation> composites = new HashSet<RoleRepresentation>(role.getComposites().size());
for (RoleModel composite : role.getComposites()) {
composites.add(ModelToRepresentation.toRepresentation(composite));
}
return composites;
}
@Path("roles/{role-name}/composites")
@DELETE
@Consumes("application/json")
public void deleteComposites(final @PathParam("role-name") String roleName, List<RoleRepresentation> roles) {
RoleModel role = roleContainer.getRole(roleName);
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException("Could not find role: " + roleName);
}
for (RoleRepresentation rep : roles) {
RoleModel composite = roleContainer.getRole(rep.getName());
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException("Could not find composite role: " + rep.getName());
}
role.removeCompositeRole(composite);
}
if (role.getComposites().size() > 0) role.setComposite(false);
}
@Path("roles") @Path("roles")
@POST @POST
@Consumes("application/json") @Consumes("application/json")
@ -93,6 +150,7 @@ public class RoleContainerResource {
throw new NotFoundException(); throw new NotFoundException();
} }
role.setDescription(rep.getDescription()); role.setDescription(rep.getDescription());
role.setComposite(rep.isComposite());
return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build(); return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build();
} }
} }

30
services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
View file

@ -9,6 +9,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.ApplicationMappingsRepresentation; import org.keycloak.representations.idm.ApplicationMappingsRepresentation;
import org.keycloak.representations.idm.MappingsRepresentation; import org.keycloak.representations.idm.MappingsRepresentation;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
@ -23,6 +24,7 @@ import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -44,12 +46,12 @@ public class ScopeMappedResource {
@NoCache @NoCache
public MappingsRepresentation getScopeMappings() { public MappingsRepresentation getScopeMappings() {
MappingsRepresentation all = new MappingsRepresentation(); MappingsRepresentation all = new MappingsRepresentation();
List<RoleModel> realmMappings = realm.getScopeMappings(agent); Set<RoleModel> realmMappings = realm.getRealmScopeMappings(agent);
RealmManager manager = new RealmManager(session); RealmManager manager = new RealmManager(session);
if (realmMappings.size() > 0) { if (realmMappings.size() > 0) {
List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>(); List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : realmMappings) { for (RoleModel roleModel : realmMappings) {
realmRep.add(manager.toRepresentation(roleModel)); realmRep.add(ModelToRepresentation.toRepresentation(roleModel));
} }
all.setRealmMappings(realmRep); all.setRealmMappings(realmRep);
} }
@ -58,7 +60,7 @@ public class ScopeMappedResource {
if (applications.size() > 0) { if (applications.size() > 0) {
Map<String, ApplicationMappingsRepresentation> appMappings = new HashMap<String, ApplicationMappingsRepresentation>(); Map<String, ApplicationMappingsRepresentation> appMappings = new HashMap<String, ApplicationMappingsRepresentation>();
for (ApplicationModel app : applications) { for (ApplicationModel app : applications) {
List<RoleModel> roleMappings = app.getScopeMappings(agent); Set<RoleModel> roleMappings = app.getApplicationScopeMappings(agent);
if (roleMappings.size() > 0) { if (roleMappings.size() > 0) {
ApplicationMappingsRepresentation mappings = new ApplicationMappingsRepresentation(); ApplicationMappingsRepresentation mappings = new ApplicationMappingsRepresentation();
mappings.setApplicationId(app.getId()); mappings.setApplicationId(app.getId());
@ -66,7 +68,7 @@ public class ScopeMappedResource {
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>(); List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
mappings.setMappings(roles); mappings.setMappings(roles);
for (RoleModel role : roleMappings) { for (RoleModel role : roleMappings) {
roles.add(manager.toRepresentation(role)); roles.add(ModelToRepresentation.toRepresentation(role));
} }
appMappings.put(app.getName(), mappings); appMappings.put(app.getName(), mappings);
all.setApplicationMappings(appMappings); all.setApplicationMappings(appMappings);
@ -81,11 +83,11 @@ public class ScopeMappedResource {
@Produces("application/json") @Produces("application/json")
@NoCache @NoCache
public List<RoleRepresentation> getRealmScopeMappings() { public List<RoleRepresentation> getRealmScopeMappings() {
List<RoleModel> realmMappings = realm.getScopeMappings(agent); Set<RoleModel> realmMappings = realm.getRealmScopeMappings(agent);
List<RoleRepresentation> realmMappingsRep = new ArrayList<RoleRepresentation>(); List<RoleRepresentation> realmMappingsRep = new ArrayList<RoleRepresentation>();
RealmManager manager = new RealmManager(session); RealmManager manager = new RealmManager(session);
for (RoleModel roleModel : realmMappings) { for (RoleModel roleModel : realmMappings) {
realmMappingsRep.add(manager.toRepresentation(roleModel)); realmMappingsRep.add(ModelToRepresentation.toRepresentation(roleModel));
} }
return realmMappingsRep; return realmMappingsRep;
} }
@ -110,7 +112,7 @@ public class ScopeMappedResource {
@Consumes("application/json") @Consumes("application/json")
public void deleteRealmScopeMappings(List<RoleRepresentation> roles) { public void deleteRealmScopeMappings(List<RoleRepresentation> roles) {
if (roles == null) { if (roles == null) {
List<RoleModel> roleModels = realm.getScopeMappings(agent); Set<RoleModel> roleModels = realm.getRealmScopeMappings(agent);
for (RoleModel roleModel : roleModels) { for (RoleModel roleModel : roleModels) {
realm.deleteScopeMapping(agent, roleModel); realm.deleteScopeMapping(agent, roleModel);
} }
@ -137,10 +139,10 @@ public class ScopeMappedResource {
throw new NotFoundException(); throw new NotFoundException();
} }
List<RoleModel> mappings = app.getScopeMappings(agent); Set<RoleModel> mappings = app.getApplicationScopeMappings(agent);
List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>(); List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : mappings) { for (RoleModel roleModel : mappings) {
mapRep.add(RealmManager.toRepresentation(roleModel)); mapRep.add(ModelToRepresentation.toRepresentation(roleModel));
} }
return mapRep; return mapRep;
} }
@ -160,7 +162,7 @@ public class ScopeMappedResource {
if (roleModel == null) { if (roleModel == null) {
throw new NotFoundException(); throw new NotFoundException();
} }
app.addScopeMapping(agent, roleModel); realm.addScopeMapping(agent, roleModel);
} }
} }
@ -168,7 +170,7 @@ public class ScopeMappedResource {
@Path("applications/{app}") @Path("applications/{app}")
@DELETE @DELETE
@Consumes("application/json") @Consumes("application/json")
public void deleteApplicationRoleMapping(@PathParam("app") String appName, List<RoleRepresentation> roles) { public void deleteApplicationScopeMapping(@PathParam("app") String appName, List<RoleRepresentation> roles) {
ApplicationModel app = realm.getApplicationByName(appName); ApplicationModel app = realm.getApplicationByName(appName);
if (app == null) { if (app == null) {
@ -176,9 +178,9 @@ public class ScopeMappedResource {
} }
if (roles == null) { if (roles == null) {
List<RoleModel> roleModels = app.getScopeMappings(agent); Set<RoleModel> roleModels = app.getApplicationScopeMappings(agent);
for (RoleModel roleModel : roleModels) { for (RoleModel roleModel : roleModels) {
app.deleteScopeMapping(agent, roleModel); realm.deleteScopeMapping(agent, roleModel);
} }
} else { } else {
@ -187,7 +189,7 @@ public class ScopeMappedResource {
if (roleModel == null) { if (roleModel == null) {
throw new NotFoundException(); throw new NotFoundException();
} }
app.deleteScopeMapping(agent, roleModel); realm.deleteScopeMapping(agent, roleModel);
} }
} }
} }

38
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -10,6 +10,7 @@ import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.*; import org.keycloak.representations.idm.*;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.flows.Flows; import org.keycloak.services.resources.flows.Flows;
@ -32,6 +33,7 @@ import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -115,7 +117,7 @@ public class UsersResource {
if (user == null || !isUser(user)) { if (user == null || !isUser(user)) {
throw new NotFoundException(); throw new NotFoundException();
} }
return new RealmManager(session).toRepresentation(user); return ModelToRepresentation.toRepresentation(user);
} }
@Path("{username}") @Path("{username}")
@ -154,7 +156,7 @@ public class UsersResource {
} }
userModels = realm.searchForUserByAttributes(attributes); userModels = realm.searchForUserByAttributes(attributes);
for (UserModel user : userModels) { for (UserModel user : userModels) {
results.add(manager.toRepresentation(user)); results.add(ModelToRepresentation.toRepresentation(user));
} }
} else { } else {
userModels = realm.getUsers(); userModels = realm.getUsers();
@ -162,7 +164,7 @@ public class UsersResource {
for (UserModel user : userModels) { for (UserModel user : userModels) {
if (isUser(user)) { if (isUser(user)) {
results.add(manager.toRepresentation(user)); results.add(ModelToRepresentation.toRepresentation(user));
} }
} }
return results; return results;
@ -183,12 +185,12 @@ public class UsersResource {
} }
MappingsRepresentation all = new MappingsRepresentation(); MappingsRepresentation all = new MappingsRepresentation();
List<RoleModel> realmMappings = realm.getRoleMappings(user); Set<RoleModel> realmMappings = realm.getRoleMappings(user);
RealmManager manager = new RealmManager(session); RealmManager manager = new RealmManager(session);
if (realmMappings.size() > 0) { if (realmMappings.size() > 0) {
List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>(); List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : realmMappings) { for (RoleModel roleModel : realmMappings) {
realmRep.add(manager.toRepresentation(roleModel)); realmRep.add(ModelToRepresentation.toRepresentation(roleModel));
} }
all.setRealmMappings(realmRep); all.setRealmMappings(realmRep);
} }
@ -197,7 +199,7 @@ public class UsersResource {
if (applications.size() > 0) { if (applications.size() > 0) {
Map<String, ApplicationMappingsRepresentation> appMappings = new HashMap<String, ApplicationMappingsRepresentation>(); Map<String, ApplicationMappingsRepresentation> appMappings = new HashMap<String, ApplicationMappingsRepresentation>();
for (ApplicationModel application : applications) { for (ApplicationModel application : applications) {
List<RoleModel> roleMappings = application.getRoleMappings(user); Set<RoleModel> roleMappings = application.getApplicationRoleMappings(user);
if (roleMappings.size() > 0) { if (roleMappings.size() > 0) {
ApplicationMappingsRepresentation mappings = new ApplicationMappingsRepresentation(); ApplicationMappingsRepresentation mappings = new ApplicationMappingsRepresentation();
mappings.setApplicationId(application.getId()); mappings.setApplicationId(application.getId());
@ -205,7 +207,7 @@ public class UsersResource {
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>(); List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
mappings.setMappings(roles); mappings.setMappings(roles);
for (RoleModel role : roleMappings) { for (RoleModel role : roleMappings) {
roles.add(manager.toRepresentation(role)); roles.add(ModelToRepresentation.toRepresentation(role));
} }
appMappings.put(application.getName(), mappings); appMappings.put(application.getName(), mappings);
all.setApplicationMappings(appMappings); all.setApplicationMappings(appMappings);
@ -225,11 +227,11 @@ public class UsersResource {
throw new NotFoundException(); throw new NotFoundException();
} }
List<RoleModel> realmMappings = realm.getRoleMappings(user); Set<RoleModel> realmMappings = realm.getRealmRoleMappings(user);
List<RoleRepresentation> realmMappingsRep = new ArrayList<RoleRepresentation>(); List<RoleRepresentation> realmMappingsRep = new ArrayList<RoleRepresentation>();
RealmManager manager = new RealmManager(session); RealmManager manager = new RealmManager(session);
for (RoleModel roleModel : realmMappings) { for (RoleModel roleModel : realmMappings) {
realmMappingsRep.add(manager.toRepresentation(roleModel)); realmMappingsRep.add(ModelToRepresentation.toRepresentation(roleModel));
} }
return realmMappingsRep; return realmMappingsRep;
} }
@ -266,7 +268,7 @@ public class UsersResource {
} }
if (roles == null) { if (roles == null) {
List<RoleModel> roleModels = realm.getRoleMappings(user); Set<RoleModel> roleModels = realm.getRealmRoleMappings(user);
for (RoleModel roleModel : roleModels) { for (RoleModel roleModel : roleModels) {
realm.deleteRoleMapping(user, roleModel); realm.deleteRoleMapping(user, roleModel);
} }
@ -300,10 +302,10 @@ public class UsersResource {
throw new NotFoundException(); throw new NotFoundException();
} }
List<RoleModel> mappings = application.getRoleMappings(user); Set<RoleModel> mappings = application.getApplicationRoleMappings(user);
List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>(); List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : mappings) { for (RoleModel roleModel : mappings) {
mapRep.add(RealmManager.toRepresentation(roleModel)); mapRep.add(ModelToRepresentation.toRepresentation(roleModel));
} }
logger.debug("getApplicationRoleMappings.size() = {0}", mapRep.size()); logger.debug("getApplicationRoleMappings.size() = {0}", mapRep.size());
return mapRep; return mapRep;
@ -330,7 +332,7 @@ public class UsersResource {
if (roleModel == null) { if (roleModel == null) {
throw new NotFoundException(); throw new NotFoundException();
} }
application.grantRole(user, roleModel); realm.grantRole(user, roleModel);
} }
} }
@ -351,9 +353,13 @@ public class UsersResource {
} }
if (roles == null) { if (roles == null) {
List<RoleModel> roleModels = application.getRoleMappings(user); Set<RoleModel> roleModels = application.getApplicationRoleMappings(user);
for (RoleModel roleModel : roleModels) { for (RoleModel roleModel : roleModels) {
application.deleteRoleMapping(user, roleModel); if (!(roleModel.getContainer() instanceof ApplicationModel)) {
ApplicationModel app = (ApplicationModel)roleModel.getContainer();
if (!app.getId().equals(application.getId())) continue;
}
realm.deleteRoleMapping(user, roleModel);
} }
} else { } else {
@ -362,7 +368,7 @@ public class UsersResource {
if (roleModel == null) { if (roleModel == null) {
throw new NotFoundException(); throw new NotFoundException();
} }
application.deleteRoleMapping(user, roleModel); realm.deleteRoleMapping(user, roleModel);
} }
} }
} }

18
services/src/test/java/org/keycloak/test/AdapterTest.java
View file

@ -170,7 +170,7 @@ public class AdapterTest extends AbstractKeycloakTest {
OAuthClientModel oauth = new OAuthClientManager(realmModel).create("oauth-client"); OAuthClientModel oauth = new OAuthClientManager(realmModel).create("oauth-client");
oauth = realmModel.getOAuthClient("oauth-client"); oauth = realmModel.getOAuthClient("oauth-client");
Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), Constants.IDENTITY_REQUESTER_ROLE)); Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), realmModel.getRole(Constants.IDENTITY_REQUESTER_ROLE)));
} }
@ -188,7 +188,7 @@ public class AdapterTest extends AbstractKeycloakTest {
ApplicationModel app = realmModel.addApplication("test-app"); ApplicationModel app = realmModel.addApplication("test-app");
RoleModel appRole = app.addRole("test"); RoleModel appRole = app.addRole("test");
app.grantRole(user, appRole); realmModel.grantRole(user, appRole);
SocialLinkModel socialLink = new SocialLinkModel("google", user.getLoginName()); SocialLinkModel socialLink = new SocialLinkModel("google", user.getLoginName());
realmModel.addSocialLink(user, socialLink); realmModel.addSocialLink(user, socialLink);
@ -214,8 +214,8 @@ public class AdapterTest extends AbstractKeycloakTest {
ApplicationModel app = realmModel.addApplication("test-app"); ApplicationModel app = realmModel.addApplication("test-app");
RoleModel appRole = app.addRole("test"); RoleModel appRole = app.addRole("test");
app.grantRole(user, appRole); realmModel.grantRole(user, appRole);
app.addScopeMapping(client.getOAuthAgent(), appRole); realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
RoleModel realmRole = realmModel.addRole("test"); RoleModel realmRole = realmModel.addRole("test");
realmModel.addScopeMapping(app.getApplicationUser(), realmRole); realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
@ -242,8 +242,8 @@ public class AdapterTest extends AbstractKeycloakTest {
ApplicationModel app = realmModel.addApplication("test-app"); ApplicationModel app = realmModel.addApplication("test-app");
RoleModel appRole = app.addRole("test"); RoleModel appRole = app.addRole("test");
app.grantRole(user, appRole); realmModel.grantRole(user, appRole);
app.addScopeMapping(client.getOAuthAgent(), appRole); realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
RoleModel realmRole = realmModel.addRole("test"); RoleModel realmRole = realmModel.addRole("test");
realmModel.addScopeMapping(app.getApplicationUser(), realmRole); realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
@ -265,8 +265,8 @@ public class AdapterTest extends AbstractKeycloakTest {
ApplicationModel app = realmModel.addApplication("test-app"); ApplicationModel app = realmModel.addApplication("test-app");
RoleModel appRole = app.addRole("test"); RoleModel appRole = app.addRole("test");
app.grantRole(user, appRole); realmModel.grantRole(user, appRole);
app.addScopeMapping(client.getOAuthAgent(), appRole); realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
RoleModel realmRole = realmModel.addRole("test"); RoleModel realmRole = realmModel.addRole("test");
realmModel.addScopeMapping(app.getApplicationUser(), realmRole); realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
@ -448,7 +448,7 @@ public class AdapterTest extends AbstractKeycloakTest {
test1CreateRealm(); test1CreateRealm();
realmModel.addRole("admin"); realmModel.addRole("admin");
realmModel.addRole("user"); realmModel.addRole("user");
List<RoleModel> roles = realmModel.getRoles(); Set<RoleModel> roles = realmModel.getRoles();
Assert.assertEquals(5, roles.size()); Assert.assertEquals(5, roles.size());
UserModel user = realmModel.addUser("bburke"); UserModel user = realmModel.addUser("bburke");
RoleModel role = realmModel.getRole("user"); RoleModel role = realmModel.getRole("user");

8
services/src/test/java/org/keycloak/test/ImportTest.java
View file

@ -7,6 +7,7 @@ import org.junit.runners.MethodSorters;
import org.keycloak.models.ApplicationModel; import org.keycloak.models.ApplicationModel;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel; import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.SocialLinkModel; import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
@ -49,7 +50,7 @@ public class ImportTest extends AbstractKeycloakTest {
UserModel user = realm.getUser("loginclient"); UserModel user = realm.getUser("loginclient");
Assert.assertNotNull(user); Assert.assertNotNull(user);
Set<String> scopes = realm.getScopeMappingValues(user); Set<RoleModel> scopes = realm.getRealmScopeMappings(user);
Assert.assertEquals(0, scopes.size()); Assert.assertEquals(0, scopes.size());
Assert.assertEquals(0, realm.getSocialLinks(user).size()); Assert.assertEquals(0, realm.getSocialLinks(user).size());
@ -61,8 +62,9 @@ public class ImportTest extends AbstractKeycloakTest {
UserModel oauthClient = realm.getUser("oauthclient"); UserModel oauthClient = realm.getUser("oauthclient");
Assert.assertNotNull(application); Assert.assertNotNull(application);
Assert.assertNotNull(oauthClient); Assert.assertNotNull(oauthClient);
Set<String> appScopes = application.getScopeMappingValues(oauthClient); Set<RoleModel> appScopes = application.getApplicationScopeMappings(oauthClient);
Assert.assertTrue(appScopes.contains("user")); RoleModel appUserRole = application.getRole("user");
Assert.assertTrue(appScopes.contains(appUserRole));
// Test social linking // Test social linking
UserModel socialUser = realm.getUser("mySocialUser"); UserModel socialUser = realm.getUser("mySocialUser");

3
services/src/test/java/org/keycloak/test/ModelTest.java
View file

@ -10,6 +10,7 @@ import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication; import org.keycloak.services.resources.KeycloakApplication;
@ -101,7 +102,7 @@ public class ModelTest extends AbstractKeycloakServerTest {
} }
private RealmModel importExport(RealmModel src, String copyName) { private RealmModel importExport(RealmModel src, String copyName) {
RealmRepresentation representation = manager.toRepresentation(src); RealmRepresentation representation = ModelToRepresentation.toRepresentation(src);
RealmModel copy = manager.createRealm(copyName); RealmModel copy = manager.createRealm(copyName);
manager.importRealm(representation, copy); manager.importRealm(representation, copy);
return manager.getRealm(copy.getId()); return manager.getRealm(copy.getId());

10
services/src/test/resources/META-INF/persistence.xml
View file

@ -2,6 +2,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
version="1.0"> version="1.0">
<!--
<persistence-unit name="picketlink-keycloak-identity-store" transaction-type="RESOURCE_LOCAL"> <persistence-unit name="picketlink-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider> <provider>org.hibernate.ejb.HibernatePersistence</provider>
@ -33,23 +34,22 @@
<property name="hibernate.format_sql" value="true" /> <property name="hibernate.format_sql" value="true" />
</properties> </properties>
</persistence-unit> </persistence-unit>
-->
<persistence-unit name="jpa-keycloak-identity-store" transaction-type="RESOURCE_LOCAL"> <persistence-unit name="jpa-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider> <provider>org.hibernate.ejb.HibernatePersistence</provider>
<class>org.keycloak.models.jpa.entities.ApplicationEntity</class> <class>org.keycloak.models.jpa.entities.ApplicationEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationScopeMappingEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationUserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.CredentialEntity</class> <class>org.keycloak.models.jpa.entities.CredentialEntity</class>
<class>org.keycloak.models.jpa.entities.OAuthClientEntity</class> <class>org.keycloak.models.jpa.entities.OAuthClientEntity</class>
<class>org.keycloak.models.jpa.entities.RealmEntity</class> <class>org.keycloak.models.jpa.entities.RealmEntity</class>
<class>org.keycloak.models.jpa.entities.RealmScopeMappingEntity</class>
<class>org.keycloak.models.jpa.entities.RealmUserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class> <class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class>
<class>org.keycloak.models.jpa.entities.RoleEntity</class> <class>org.keycloak.models.jpa.entities.ApplicationRoleEntity</class>
<class>org.keycloak.models.jpa.entities.RealmRoleEntity</class>
<class>org.keycloak.models.jpa.entities.SocialLinkEntity</class> <class>org.keycloak.models.jpa.entities.SocialLinkEntity</class>
<class>org.keycloak.models.jpa.entities.UserEntity</class> <class>org.keycloak.models.jpa.entities.UserEntity</class>
<class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class> <class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.UserScopeMappingEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes> <exclude-unlisted-classes>true</exclude-unlisted-classes>

2
testsuite/integration/pom.xml
View file

@ -61,11 +61,13 @@
<artifactId>keycloak-model-jpa</artifactId> <artifactId>keycloak-model-jpa</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
</dependency> </dependency>
<!--
<dependency> <dependency>
<groupId>org.keycloak</groupId> <groupId>org.keycloak</groupId>
<artifactId>keycloak-model-picketlink</artifactId> <artifactId>keycloak-model-picketlink</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
</dependency> </dependency>
-->
<dependency> <dependency>
<groupId>org.keycloak</groupId> <groupId>org.keycloak</groupId>
<artifactId>keycloak-social-core</artifactId> <artifactId>keycloak-social-core</artifactId>

10
testsuite/integration/src/main/resources/META-INF/persistence.xml
View file

@ -6,18 +6,16 @@
<provider>org.hibernate.ejb.HibernatePersistence</provider> <provider>org.hibernate.ejb.HibernatePersistence</provider>
<class>org.keycloak.models.jpa.entities.ApplicationEntity</class> <class>org.keycloak.models.jpa.entities.ApplicationEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationScopeMappingEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationUserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.CredentialEntity</class> <class>org.keycloak.models.jpa.entities.CredentialEntity</class>
<class>org.keycloak.models.jpa.entities.OAuthClientEntity</class> <class>org.keycloak.models.jpa.entities.OAuthClientEntity</class>
<class>org.keycloak.models.jpa.entities.RealmEntity</class> <class>org.keycloak.models.jpa.entities.RealmEntity</class>
<class>org.keycloak.models.jpa.entities.RealmScopeMappingEntity</class>
<class>org.keycloak.models.jpa.entities.RealmUserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class> <class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class>
<class>org.keycloak.models.jpa.entities.RoleEntity</class> <class>org.keycloak.models.jpa.entities.ApplicationRoleEntity</class>
<class>org.keycloak.models.jpa.entities.RealmRoleEntity</class>
<class>org.keycloak.models.jpa.entities.SocialLinkEntity</class> <class>org.keycloak.models.jpa.entities.SocialLinkEntity</class>
<class>org.keycloak.models.jpa.entities.UserEntity</class> <class>org.keycloak.models.jpa.entities.UserEntity</class>
<class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class> <class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.UserScopeMappingEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes> <exclude-unlisted-classes>true</exclude-unlisted-classes>
@ -32,6 +30,7 @@
</properties> </properties>
</persistence-unit> </persistence-unit>
<!--
<persistence-unit name="picketlink-keycloak-identity-store" transaction-type="RESOURCE_LOCAL"> <persistence-unit name="picketlink-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider> <provider>org.hibernate.ejb.HibernatePersistence</provider>
@ -63,4 +62,5 @@
<property name="hibernate.format_sql" value="true" /> <property name="hibernate.format_sql" value="true" />
</properties> </properties>
</persistence-unit> </persistence-unit>
-->
</persistence> </persistence>

4
testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
View file

@ -226,6 +226,10 @@ public class OAuthClient {
this.realm = realm; this.realm = realm;
return this; return this;
} }
public OAuthClient realmPublicKey(PublicKey key) {
this.realmPublicKey = key;
return this;
}
public OAuthClient clientId(String clientId) { public OAuthClient clientId(String clientId) {
this.clientId = clientId; this.clientId = clientId;

6
testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
View file

@ -58,7 +58,7 @@ public class ProfileTest {
UserModel user2 = appRealm.addUser("test-user-no-access@localhost"); UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
user2.setEnabled(true); user2.setEnabled(true);
for (String r : accountApp.getDefaultRoles()) { for (String r : accountApp.getDefaultRoles()) {
accountApp.deleteRoleMapping(user2, accountApp.getRole(r)); appRealm.deleteRoleMapping(user2, accountApp.getRole(r));
} }
UserCredentialModel creds = new UserCredentialModel(); UserCredentialModel creds = new UserCredentialModel();
creds.setType(CredentialRepresentation.PASSWORD); creds.setType(CredentialRepresentation.PASSWORD);
@ -66,12 +66,12 @@ public class ProfileTest {
appRealm.updateCredential(user2, creds); appRealm.updateCredential(user2, creds);
ApplicationModel app = appRealm.getApplicationNameMap().get("test-app"); ApplicationModel app = appRealm.getApplicationNameMap().get("test-app");
accountApp.addScopeMapping(app.getApplicationUser(), org.keycloak.models.Constants.ACCOUNT_PROFILE_ROLE); appRealm.addScopeMapping(app.getApplicationUser(), accountApp.getRole(org.keycloak.models.Constants.ACCOUNT_PROFILE_ROLE));
app.getApplicationUser().addWebOrigin("http://localtest.me:8081"); app.getApplicationUser().addWebOrigin("http://localtest.me:8081");
UserModel thirdParty = appRealm.getUser("third-party"); UserModel thirdParty = appRealm.getUser("third-party");
accountApp.addScopeMapping(thirdParty, org.keycloak.models.Constants.ACCOUNT_PROFILE_ROLE); appRealm.addScopeMapping(thirdParty, accountApp.getRole(org.keycloak.models.Constants.ACCOUNT_PROFILE_ROLE));
} }
}); });

277
testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java Executable file
View file

@ -0,0 +1,277 @@
/*
* JBoss, Home of Professional Open Source.
* Copyright 2012, Red Hat, Inc., and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.keycloak.testsuite.composites;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.services.managers.ApplicationManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.ApplicationServlet;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;
import java.security.PublicKey;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class CompositeRoleTest {
public static PublicKey realmPublicKey;
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){
@Override
protected void configure(RealmManager manager, RealmModel adminRealm) {
RealmModel realm = manager.createRealm("Test");
manager.generateRealmKeys(realm);
realmPublicKey = realm.getPublicKey();
realm.setTokenLifespan(10000);
realm.setAccessCodeLifespanUserAction(1000);
realm.setAccessCodeLifespan(1000);
realm.setSslNotRequired(true);
realm.setEnabled(true);
realm.addRequiredResourceCredential(UserCredentialModel.PASSWORD);
realm.addRequiredOAuthClientCredential(UserCredentialModel.PASSWORD);
realm.addRequiredCredential(UserCredentialModel.PASSWORD);
final RoleModel realmRole1 = realm.addRole("REALM_ROLE_1");
final RoleModel realmRole2 = realm.addRole("REALM_ROLE_2");
final RoleModel realmRole3 = realm.addRole("REALM_ROLE_3");
final RoleModel realmComposite1 = realm.addRole("REALM_COMPOSITE_1");
realmComposite1.setComposite(true);
realmComposite1.addCompositeRole(realmRole1);
final UserModel realmComposite1User = realm.addUser("REALM_COMPOSITE_1_USER");
realmComposite1User.setEnabled(true);
realm.updateCredential(realmComposite1User, UserCredentialModel.password("password"));
realm.grantRole(realmComposite1User, realmComposite1);
final UserModel realmRole1User = realm.addUser("REALM_ROLE_1_USER");
realmRole1User.setEnabled(true);
realm.updateCredential(realmRole1User, UserCredentialModel.password("password"));
realm.grantRole(realmRole1User, realmRole1);
final ApplicationModel realmComposite1Application = new ApplicationManager(manager).createApplication(realm, "REALM_COMPOSITE_1_APPLICATION");
realmComposite1Application.setEnabled(true);
realmComposite1Application.addScope(realmComposite1);
realmComposite1Application.setBaseUrl("http://localhost:8081/app");
realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout");
realm.updateCredential(realmComposite1Application.getApplicationUser(), UserCredentialModel.password("password"));
final ApplicationModel realmRole1Application = new ApplicationManager(manager).createApplication(realm, "REALM_ROLE_1_APPLICATION");
realmRole1Application.setEnabled(true);
realmRole1Application.addScope(realmRole1);
realmRole1Application.setBaseUrl("http://localhost:8081/app");
realmRole1Application.setManagementUrl("http://localhost:8081/app/logout");
realm.updateCredential(realmRole1Application.getApplicationUser(), UserCredentialModel.password("password"));
final ApplicationModel appRoleApplication = new ApplicationManager(manager).createApplication(realm, "APP_ROLE_APPLICATION");
appRoleApplication.setEnabled(true);
appRoleApplication.setBaseUrl("http://localhost:8081/app");
appRoleApplication.setManagementUrl("http://localhost:8081/app/logout");
realm.updateCredential(appRoleApplication.getApplicationUser(), UserCredentialModel.password("password"));
final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1");
final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2");
final RoleModel realmAppCompositeRole = realm.addRole("REALM_APP_COMPOSITE_ROLE");
realmAppCompositeRole.setComposite(true);
realmAppCompositeRole.addCompositeRole(appRole1);
final UserModel realmAppCompositeUser = realm.addUser("REALM_APP_COMPOSITE_USER");
realmAppCompositeUser.setEnabled(true);
realm.updateCredential(realmAppCompositeUser, UserCredentialModel.password("password"));
realm.grantRole(realmAppCompositeUser, realmAppCompositeRole);
final UserModel realmAppRoleUser = realm.addUser("REALM_APP_ROLE_USER");
realmAppRoleUser.setEnabled(true);
realm.updateCredential(realmAppRoleUser, UserCredentialModel.password("password"));
realm.grantRole(realmAppRoleUser, appRole2);
final ApplicationModel appCompositeApplication = new ApplicationManager(manager).createApplication(realm, "APP_COMPOSITE_APPLICATION");
appCompositeApplication.setEnabled(true);
appCompositeApplication.setBaseUrl("http://localhost:8081/app");
appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout");
realm.updateCredential(appCompositeApplication.getApplicationUser(), UserCredentialModel.password("password"));
final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE");
appCompositeRole.setComposite(true);
appCompositeApplication.addScope(appRole2);
appCompositeRole.addCompositeRole(realmRole1);
appCompositeRole.addCompositeRole(realmRole2);
appCompositeRole.addCompositeRole(realmRole3);
appCompositeRole.addCompositeRole(appRole1);
final UserModel appCompositeUser = realm.addUser("APP_COMPOSITE_USER");
appCompositeUser.setEnabled(true);
realm.updateCredential(appCompositeUser, UserCredentialModel.password("password"));
realm.grantRole(appCompositeUser, realmAppCompositeRole);
realm.grantRole(appCompositeUser, realmComposite1);
deployServlet("app", "/app", ApplicationServlet.class);
}
};
@Rule
public WebRule webRule = new WebRule(this);
@WebResource
protected WebDriver driver;
@WebResource
protected OAuthClient oauth;
@WebResource
protected LoginPage loginPage;
@Test
public void testAppCompositeUser() throws Exception {
oauth.realm("Test");
oauth.realmPublicKey(realmPublicKey);
oauth.clientId("APP_COMPOSITE_APPLICATION");
oauth.doLogin("APP_COMPOSITE_USER", "password");
String code = oauth.getCurrentQuery().get("code");
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType());
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals("APP_COMPOSITE_USER", token.getSubject());
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
}
@Test
public void testRealmAppCompositeUser() throws Exception {
oauth.realm("Test");
oauth.realmPublicKey(realmPublicKey);
oauth.clientId("APP_ROLE_APPLICATION");
oauth.doLogin("REALM_APP_COMPOSITE_USER", "password");
String code = oauth.getCurrentQuery().get("code");
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType());
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals("REALM_APP_COMPOSITE_USER", token.getSubject());
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
}
@Test
public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
oauth.realm("Test");
oauth.realmPublicKey(realmPublicKey);
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
String code = oauth.getCurrentQuery().get("code");
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType());
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals("REALM_COMPOSITE_1_USER", token.getSubject());
Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
}
@Test
public void testRealmOnlyWithUserCompositeAppRole() throws Exception {
oauth.realm("Test");
oauth.realmPublicKey(realmPublicKey);
oauth.clientId("REALM_ROLE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
String code = oauth.getCurrentQuery().get("code");
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType());
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals("REALM_COMPOSITE_1_USER", token.getSubject());
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
}
@Test
public void testRealmOnlyWithUserRoleAppComposite() throws Exception {
oauth.realm("Test");
oauth.realmPublicKey(realmPublicKey);
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_ROLE_1_USER", "password");
String code = oauth.getCurrentQuery().get("code");
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType());
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals("REALM_ROLE_1_USER", token.getSubject());
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
}
}

2
testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AccountTest.java
View file

@ -58,7 +58,7 @@ public class AccountTest {
UserModel user2 = appRealm.addUser("test-user-no-access@localhost"); UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
user2.setEnabled(true); user2.setEnabled(true);
for (String r : accountApp.getDefaultRoles()) { for (String r : accountApp.getDefaultRoles()) {
accountApp.deleteRoleMapping(user2, accountApp.getRole(r)); appRealm.deleteRoleMapping(user2, accountApp.getRole(r));
} }
UserCredentialModel creds = new UserCredentialModel(); UserCredentialModel creds = new UserCredentialModel();
creds.setType(CredentialRepresentation.PASSWORD); creds.setType(CredentialRepresentation.PASSWORD);

84
testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java Executable file
View file

@ -0,0 +1,84 @@
package org.keycloak.testsuite.rule;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.ServletInfo;
import org.junit.rules.ExternalResource;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testutils.KeycloakServer;
import org.keycloak.util.JsonSerialization;
import javax.servlet.Servlet;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public abstract class AbstractKeycloakRule extends ExternalResource {
protected KeycloakServer server;
protected void before() throws Throwable {
server = new KeycloakServer();
server.start();
setupKeycloak();
}
protected void setupKeycloak() {
KeycloakSession session = server.getKeycloakSessionFactory().createSession();
session.getTransaction().begin();
try {
RealmManager manager = new RealmManager(session);
RealmModel adminstrationRealm = manager.getRealm(Constants.ADMIN_REALM);
configure(manager, adminstrationRealm);
session.getTransaction().commit();
} finally {
session.close();
}
}
protected void configure(RealmManager manager, RealmModel adminRealm) {
}
public void deployServlet(String name, String contextPath, Class<? extends Servlet> servletClass) {
DeploymentInfo deploymentInfo = new DeploymentInfo();
deploymentInfo.setClassLoader(getClass().getClassLoader());
deploymentInfo.setDeploymentName(name);
deploymentInfo.setContextPath(contextPath);
ServletInfo servlet = new ServletInfo(servletClass.getSimpleName(), servletClass);
servlet.addMapping("/*");
deploymentInfo.addServlet(servlet);
server.getServer().deploy(deploymentInfo);
}
@Override
protected void after() {
server.stop();
}
public RealmRepresentation loadJson(String path) throws IOException {
InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path);
ByteArrayOutputStream os = new ByteArrayOutputStream();
int c;
while ((c = is.read()) != -1) {
os.write(c);
}
byte[] bytes = os.toByteArray();
return JsonSerialization.readValue(bytes, RealmRepresentation.class);
}
}

43
testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java
View file

@ -41,9 +41,7 @@ import java.io.InputStream;
/** /**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a> * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/ */
public class KeycloakRule extends ExternalResource { public class KeycloakRule extends AbstractKeycloakRule {
private KeycloakServer server;
private KeycloakSetup setup; private KeycloakSetup setup;
@ -54,11 +52,9 @@ public class KeycloakRule extends ExternalResource {
this.setup = setup; this.setup = setup;
} }
protected void before() throws Throwable { @Override
server = new KeycloakServer(); protected void setupKeycloak() {
server.start(); importRealm();
server.importRealm(getClass().getResourceAsStream("/testrealm.json"));
if (setup != null) { if (setup != null) {
configure(setup); configure(setup);
@ -67,33 +63,8 @@ public class KeycloakRule extends ExternalResource {
deployServlet("app", "/app", ApplicationServlet.class); deployServlet("app", "/app", ApplicationServlet.class);
} }
public void deployServlet(String name, String contextPath, Class<? extends Servlet> servletClass) { protected void importRealm() {
DeploymentInfo deploymentInfo = new DeploymentInfo(); server.importRealm(getClass().getResourceAsStream("/testrealm.json"));
deploymentInfo.setClassLoader(getClass().getClassLoader());
deploymentInfo.setDeploymentName(name);
deploymentInfo.setContextPath(contextPath);
ServletInfo servlet = new ServletInfo(servletClass.getSimpleName(), servletClass);
servlet.addMapping("/*");
deploymentInfo.addServlet(servlet);
server.getServer().deploy(deploymentInfo);
}
@Override
protected void after() {
server.stop();
}
public RealmRepresentation loadJson(String path) throws IOException {
InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path);
ByteArrayOutputStream os = new ByteArrayOutputStream();
int c;
while ((c = is.read()) != -1) {
os.write(c);
}
byte[] bytes = os.toByteArray();
return JsonSerialization.readValue(bytes, RealmRepresentation.class);
} }
public void configure(KeycloakSetup configurer) { public void configure(KeycloakSetup configurer) {
@ -106,7 +77,7 @@ public class KeycloakRule extends ExternalResource {
RealmModel adminstrationRealm = manager.getRealm(Constants.ADMIN_REALM); RealmModel adminstrationRealm = manager.getRealm(Constants.ADMIN_REALM);
RealmModel appRealm = manager.getRealm("test"); RealmModel appRealm = manager.getRealm("test");
configurer.config(manager, null, appRealm); configurer.config(manager, adminstrationRealm, appRealm);
session.getTransaction().commit(); session.getTransaction().commit();
} finally { } finally {

10
testsuite/performance/src/test/resources/META-INF/persistence.xml
View file

@ -2,6 +2,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
version="1.0"> version="1.0">
<!--
<persistence-unit name="picketlink-keycloak-identity-store" transaction-type="RESOURCE_LOCAL"> <persistence-unit name="picketlink-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider> <provider>org.hibernate.ejb.HibernatePersistence</provider>
@ -35,22 +36,21 @@
<property name="hibernate.format_sql" value="true" /> <property name="hibernate.format_sql" value="true" />
</properties> </properties>
</persistence-unit> </persistence-unit>
-->
<persistence-unit name="jpa-keycloak-identity-store" transaction-type="RESOURCE_LOCAL"> <persistence-unit name="jpa-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider> <provider>org.hibernate.ejb.HibernatePersistence</provider>
<class>org.keycloak.models.jpa.entities.ApplicationEntity</class> <class>org.keycloak.models.jpa.entities.ApplicationEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationScopeMappingEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationUserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.CredentialEntity</class> <class>org.keycloak.models.jpa.entities.CredentialEntity</class>
<class>org.keycloak.models.jpa.entities.OAuthClientEntity</class> <class>org.keycloak.models.jpa.entities.OAuthClientEntity</class>
<class>org.keycloak.models.jpa.entities.RealmEntity</class> <class>org.keycloak.models.jpa.entities.RealmEntity</class>
<class>org.keycloak.models.jpa.entities.RealmScopeMappingEntity</class>
<class>org.keycloak.models.jpa.entities.RealmUserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class> <class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class>
<class>org.keycloak.models.jpa.entities.RoleEntity</class> <class>org.keycloak.models.jpa.entities.ApplicationRoleEntity</class>
<class>org.keycloak.models.jpa.entities.RealmRoleEntity</class>
<class>org.keycloak.models.jpa.entities.SocialLinkEntity</class> <class>org.keycloak.models.jpa.entities.SocialLinkEntity</class>
<class>org.keycloak.models.jpa.entities.UserEntity</class> <class>org.keycloak.models.jpa.entities.UserEntity</class>
<class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class> <class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.UserScopeMappingEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes> <exclude-unlisted-classes>true</exclude-unlisted-classes>