Merge pull request #184 from patriot1burke/master
composite roles backend
This commit is contained in:
commit
b7d5830c7c
49 changed files with 1274 additions and 663 deletions
|
@ -8,6 +8,7 @@ public class RoleRepresentation {
|
|||
protected String id;
|
||||
protected String name;
|
||||
protected String description;
|
||||
protected boolean composite;
|
||||
|
||||
public RoleRepresentation() {
|
||||
}
|
||||
|
@ -40,4 +41,12 @@ public class RoleRepresentation {
|
|||
public void setDescription(String description) {
|
||||
this.description = description;
|
||||
}
|
||||
|
||||
public boolean isComposite() {
|
||||
return composite;
|
||||
}
|
||||
|
||||
public void setComposite(boolean composite) {
|
||||
this.composite = composite;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
package org.keycloak.models;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface ApplicationModel extends RoleContainerModel, RoleMapperModel, ScopeMapperModel {
|
||||
public interface ApplicationModel extends RoleContainerModel {
|
||||
void updateApplication();
|
||||
|
||||
UserModel getApplicationUser();
|
||||
|
@ -38,4 +39,10 @@ public interface ApplicationModel extends RoleContainerModel, RoleMapperModel, S
|
|||
void addDefaultRole(String name);
|
||||
|
||||
void updateDefaultRoles(String[] defaultRoles);
|
||||
|
||||
Set<RoleModel> getApplicationRoleMappings(UserModel user);
|
||||
|
||||
Set<RoleModel> getApplicationScopeMappings(UserModel user);
|
||||
|
||||
void addScope(RoleModel role);
|
||||
}
|
||||
|
|
|
@ -157,4 +157,8 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
|
|||
Map<String, String> getSocialConfig();
|
||||
|
||||
void setSocialConfig(Map<String, String> socialConfig);
|
||||
|
||||
Set<RoleModel> getRealmRoleMappings(UserModel user);
|
||||
|
||||
Set<RoleModel> getRealmScopeMappings(UserModel user);
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package org.keycloak.models;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
|
@ -13,7 +14,7 @@ public interface RoleContainerModel {
|
|||
|
||||
boolean removeRoleById(String id);
|
||||
|
||||
List<RoleModel> getRoles();
|
||||
Set<RoleModel> getRoles();
|
||||
|
||||
RoleModel getRoleById(String id);
|
||||
}
|
||||
|
|
|
@ -9,14 +9,7 @@ import java.util.Set;
|
|||
*/
|
||||
public interface RoleMapperModel {
|
||||
boolean hasRole(UserModel user, RoleModel role);
|
||||
|
||||
void grantRole(UserModel user, RoleModel role);
|
||||
|
||||
Set<String> getRoleMappingValues(UserModel user);
|
||||
|
||||
List<RoleModel> getRoleMappings(UserModel user);
|
||||
|
||||
Set<RoleModel> getRoleMappings(UserModel user);
|
||||
void deleteRoleMapping(UserModel user, RoleModel role);
|
||||
|
||||
boolean hasRole(UserModel user, String role);
|
||||
}
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
package org.keycloak.models;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
|
@ -14,4 +16,19 @@ public interface RoleModel {
|
|||
String getId();
|
||||
|
||||
void setName(String name);
|
||||
|
||||
boolean isComposite();
|
||||
|
||||
void setComposite(boolean flag);
|
||||
|
||||
void addCompositeRole(RoleModel role);
|
||||
|
||||
void removeCompositeRole(RoleModel role);
|
||||
|
||||
Set<RoleModel> getComposites();
|
||||
|
||||
RoleContainerModel getContainer();
|
||||
|
||||
boolean hasRole(RoleModel role);
|
||||
|
||||
}
|
||||
|
|
|
@ -8,13 +8,7 @@ import java.util.Set;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface ScopeMapperModel {
|
||||
void addScopeMapping(UserModel agent, String roleName);
|
||||
|
||||
Set<String> getScopeMappingValues(UserModel agent);
|
||||
|
||||
List<RoleModel> getScopeMappings(UserModel agent);
|
||||
|
||||
Set<RoleModel> getScopeMappings(UserModel agent);
|
||||
void addScopeMapping(UserModel agent, RoleModel role);
|
||||
|
||||
void deleteScopeMapping(UserModel user, RoleModel role);
|
||||
}
|
||||
|
|
|
@ -13,6 +13,17 @@ public class UserCredentialModel {
|
|||
protected String value;
|
||||
protected String device;
|
||||
|
||||
public UserCredentialModel() {
|
||||
}
|
||||
|
||||
public static UserCredentialModel password(String password) {
|
||||
UserCredentialModel model = new UserCredentialModel();
|
||||
model.setType(PASSWORD);
|
||||
model.setValue(password);
|
||||
return model;
|
||||
}
|
||||
|
||||
|
||||
public String getType() {
|
||||
return type;
|
||||
}
|
||||
|
|
|
@ -1,16 +1,22 @@
|
|||
package org.keycloak.models.jpa;
|
||||
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleContainerModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.jpa.entities.*;
|
||||
import org.keycloak.representations.idm.ApplicationMappingsRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
|
||||
import javax.persistence.EntityManager;
|
||||
import javax.persistence.TypedQuery;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
|
@ -21,8 +27,10 @@ public class ApplicationAdapter implements ApplicationModel {
|
|||
|
||||
protected EntityManager em;
|
||||
protected ApplicationEntity application;
|
||||
protected RealmModel realm;
|
||||
|
||||
public ApplicationAdapter(EntityManager em, ApplicationEntity application) {
|
||||
public ApplicationAdapter(RealmModel realm, EntityManager em, ApplicationEntity application) {
|
||||
this.realm = realm;
|
||||
this.em = em;
|
||||
this.application = application;
|
||||
}
|
||||
|
@ -94,31 +102,30 @@ public class ApplicationAdapter implements ApplicationModel {
|
|||
|
||||
@Override
|
||||
public RoleModel getRole(String name) {
|
||||
Collection<RoleEntity> roles = application.getRoles();
|
||||
if (roles == null) return null;
|
||||
for (RoleEntity role : roles) {
|
||||
if (role.getName().equals(name)) {
|
||||
return new RoleAdapter(role);
|
||||
}
|
||||
}
|
||||
return null;
|
||||
TypedQuery<ApplicationRoleEntity> query = em.createNamedQuery("getAppRoleByName", ApplicationRoleEntity.class);
|
||||
query.setParameter("name", name);
|
||||
query.setParameter("application", application);
|
||||
List<ApplicationRoleEntity> roles = query.getResultList();
|
||||
if (roles.size() == 0) return null;
|
||||
return new RoleAdapter(realm, em, roles.get(0));
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleModel addRole(String name) {
|
||||
RoleModel role = getRole(name);
|
||||
if (role != null) return role;
|
||||
RoleEntity entity = new RoleEntity();
|
||||
ApplicationRoleEntity entity = new ApplicationRoleEntity();
|
||||
entity.setName(name);
|
||||
entity.setApplication(application);
|
||||
em.persist(entity);
|
||||
application.getRoles().add(entity);
|
||||
em.flush();
|
||||
return new RoleAdapter(entity);
|
||||
return new RoleAdapter(realm, em, entity);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeRoleById(String id) {
|
||||
RoleEntity role = em.find(RoleEntity.class, id);
|
||||
ApplicationRoleEntity role = em.find(ApplicationRoleEntity.class, id);
|
||||
if (role == null) {
|
||||
return false;
|
||||
}
|
||||
|
@ -126,169 +133,71 @@ public class ApplicationAdapter implements ApplicationModel {
|
|||
application.getRoles().remove(role);
|
||||
application.getDefaultRoles().remove(role);
|
||||
|
||||
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
|
||||
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
|
||||
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
|
||||
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
|
||||
|
||||
em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
|
||||
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
|
||||
role.setApplication(null);
|
||||
em.flush();
|
||||
em.remove(role);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RoleModel> getRoles() {
|
||||
ArrayList<RoleModel> list = new ArrayList<RoleModel>();
|
||||
Collection<RoleEntity> roles = application.getRoles();
|
||||
public Set<RoleModel> getRoles() {
|
||||
Set<RoleModel> list = new HashSet<RoleModel>();
|
||||
Collection<ApplicationRoleEntity> roles = application.getRoles();
|
||||
if (roles == null) return list;
|
||||
for (RoleEntity entity : roles) {
|
||||
list.add(new RoleAdapter(entity));
|
||||
list.add(new RoleAdapter(realm, em, entity));
|
||||
}
|
||||
return list;
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleModel getRoleById(String id) {
|
||||
RoleEntity entity = em.find(RoleEntity.class, id);
|
||||
if (entity == null) return null;
|
||||
return new RoleAdapter(entity);
|
||||
return realm.getRoleById(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasRole(UserModel user, RoleModel role) {
|
||||
TypedQuery<ApplicationUserRoleMappingEntity> query = getApplicationUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role);
|
||||
return query.getResultList().size() > 0;
|
||||
public Set<RoleModel> getApplicationRoleMappings(UserModel user) {
|
||||
Set<RoleModel> roleMappings = realm.getRoleMappings(user);
|
||||
|
||||
Set<RoleModel> appRoles = new HashSet<RoleModel>();
|
||||
for (RoleModel role : roleMappings) {
|
||||
RoleContainerModel container = role.getContainer();
|
||||
if (container instanceof RealmModel) {
|
||||
} else {
|
||||
ApplicationModel app = (ApplicationModel)container;
|
||||
if (app.getId().equals(getId())) {
|
||||
appRoles.add(role);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
protected TypedQuery<ApplicationUserRoleMappingEntity> getApplicationUserRoleMappingEntityTypedQuery(UserAdapter user, RoleAdapter role) {
|
||||
TypedQuery<ApplicationUserRoleMappingEntity> query = em.createNamedQuery("userHasApplicationRole", ApplicationUserRoleMappingEntity.class);
|
||||
query.setParameter("user", ((UserAdapter)user).getUser());
|
||||
query.setParameter("role", ((RoleAdapter)role).getRole());
|
||||
query.setParameter("application", application);
|
||||
return query;
|
||||
return appRoles;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void grantRole(UserModel user, RoleModel role) {
|
||||
if (hasRole(user, role)) return;
|
||||
ApplicationUserRoleMappingEntity entity = new ApplicationUserRoleMappingEntity();
|
||||
entity.setApplication(application);
|
||||
entity.setUser(((UserAdapter) user).getUser());
|
||||
entity.setRole(((RoleAdapter)role).getRole());
|
||||
em.persist(entity);
|
||||
em.flush();
|
||||
}
|
||||
public Set<RoleModel> getApplicationScopeMappings(UserModel user) {
|
||||
Set<RoleModel> roleMappings = realm.getScopeMappings(user);
|
||||
|
||||
@Override
|
||||
public List<RoleModel> getRoleMappings(UserModel user) {
|
||||
TypedQuery<ApplicationUserRoleMappingEntity> query = em.createNamedQuery("userApplicationMappings", ApplicationUserRoleMappingEntity.class);
|
||||
query.setParameter("user", ((UserAdapter)user).getUser());
|
||||
query.setParameter("application", application);
|
||||
List<ApplicationUserRoleMappingEntity> entities = query.getResultList();
|
||||
List<RoleModel> roles = new ArrayList<RoleModel>();
|
||||
for (ApplicationUserRoleMappingEntity entity : entities) {
|
||||
roles.add(new RoleAdapter(entity.getRole()));
|
||||
Set<RoleModel> appRoles = new HashSet<RoleModel>();
|
||||
for (RoleModel role : roleMappings) {
|
||||
RoleContainerModel container = role.getContainer();
|
||||
if (container instanceof RealmModel) {
|
||||
} else {
|
||||
ApplicationModel app = (ApplicationModel)container;
|
||||
if (app.getId().equals(getId())) {
|
||||
appRoles.add(role);
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> getRoleMappingValues(UserModel user) {
|
||||
TypedQuery<ApplicationUserRoleMappingEntity> query = em.createNamedQuery("userApplicationMappings", ApplicationUserRoleMappingEntity.class);
|
||||
query.setParameter("user", ((UserAdapter)user).getUser());
|
||||
query.setParameter("application", application);
|
||||
List<ApplicationUserRoleMappingEntity> entities = query.getResultList();
|
||||
Set<String> roles = new HashSet<String>();
|
||||
for (ApplicationUserRoleMappingEntity entity : entities) {
|
||||
roles.add(entity.getRole().getName());
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void deleteRoleMapping(UserModel user, RoleModel role) {
|
||||
TypedQuery<ApplicationUserRoleMappingEntity> query = getApplicationUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role);
|
||||
List<ApplicationUserRoleMappingEntity> results = query.getResultList();
|
||||
if (results.size() == 0) return;
|
||||
for (ApplicationUserRoleMappingEntity entity : results) {
|
||||
em.remove(entity);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasRole(UserModel user, String roleName) {
|
||||
RoleModel role = getRole(roleName);
|
||||
if (role == null) return false;
|
||||
return hasRole(user, role);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addScopeMapping(UserModel agent, String roleName) {
|
||||
RoleModel role = getRole(roleName);
|
||||
if (role == null) throw new RuntimeException("role does not exist");
|
||||
addScopeMapping(agent, role);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> getScopeMappingValues(UserModel agent) {
|
||||
TypedQuery<ApplicationScopeMappingEntity> query = em.createNamedQuery("userApplicationScopeMappings", ApplicationScopeMappingEntity.class);
|
||||
query.setParameter("user", ((UserAdapter)agent).getUser());
|
||||
query.setParameter("application", application);
|
||||
List<ApplicationScopeMappingEntity> entities = query.getResultList();
|
||||
Set<String> roles = new HashSet<String>();
|
||||
for (ApplicationScopeMappingEntity entity : entities) {
|
||||
roles.add(entity.getRole().getName());
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RoleModel> getScopeMappings(UserModel agent) {
|
||||
TypedQuery<ApplicationScopeMappingEntity> query = em.createNamedQuery("userApplicationScopeMappings", ApplicationScopeMappingEntity.class);
|
||||
query.setParameter("user", ((UserAdapter)agent).getUser());
|
||||
query.setParameter("application", application);
|
||||
List<ApplicationScopeMappingEntity> entities = query.getResultList();
|
||||
List<RoleModel> roles = new ArrayList<RoleModel>();
|
||||
for (ApplicationScopeMappingEntity entity : entities) {
|
||||
roles.add(new RoleAdapter(entity.getRole()));
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addScopeMapping(UserModel agent, RoleModel role) {
|
||||
if (hasScope(agent, role)) return;
|
||||
ApplicationScopeMappingEntity entity = new ApplicationScopeMappingEntity();
|
||||
entity.setApplication(application);
|
||||
entity.setUser(((UserAdapter) agent).getUser());
|
||||
entity.setRole(((RoleAdapter)role).getRole());
|
||||
em.persist(entity);
|
||||
em.flush();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void deleteScopeMapping(UserModel user, RoleModel role) {
|
||||
TypedQuery<ApplicationScopeMappingEntity> query = getApplicationScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
|
||||
List<ApplicationScopeMappingEntity> results = query.getResultList();
|
||||
if (results.size() == 0) return;
|
||||
for (ApplicationScopeMappingEntity entity : results) {
|
||||
em.remove(entity);
|
||||
}
|
||||
}
|
||||
|
||||
public boolean hasScope(UserModel user, RoleModel role) {
|
||||
TypedQuery<ApplicationScopeMappingEntity> query = getApplicationScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
|
||||
return query.getResultList().size() > 0;
|
||||
return appRoles;
|
||||
}
|
||||
|
||||
|
||||
protected TypedQuery<ApplicationScopeMappingEntity> getApplicationScopeMappingQuery(UserAdapter user, RoleAdapter role) {
|
||||
TypedQuery<ApplicationScopeMappingEntity> query = em.createNamedQuery("userHasApplicationScope", ApplicationScopeMappingEntity.class);
|
||||
query.setParameter("user", ((UserAdapter)user).getUser());
|
||||
query.setParameter("role", ((RoleAdapter)role).getRole());
|
||||
query.setParameter("application", application);
|
||||
return query;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public List<String> getDefaultRoles() {
|
||||
|
@ -347,4 +256,17 @@ public class ApplicationAdapter implements ApplicationModel {
|
|||
}
|
||||
em.flush();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addScope(RoleModel role) {
|
||||
realm.addScopeMapping(getApplicationUser(), role);
|
||||
}
|
||||
|
||||
public boolean equals(Object o) {
|
||||
if (o == null) return false;
|
||||
if (o == this) return true;
|
||||
if (!(o instanceof ApplicationAdapter)) return false;
|
||||
ApplicationAdapter app = (ApplicationAdapter)o;
|
||||
return app.getId().equals(getId());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,18 @@
|
|||
package org.keycloak.models.jpa;
|
||||
|
||||
import org.bouncycastle.openssl.PEMWriter;
|
||||
import org.keycloak.models.RoleContainerModel;
|
||||
import org.keycloak.models.jpa.entities.ApplicationEntity;
|
||||
import org.keycloak.models.jpa.entities.CredentialEntity;
|
||||
import org.keycloak.models.jpa.entities.OAuthClientEntity;
|
||||
import org.keycloak.models.jpa.entities.RealmEntity;
|
||||
import org.keycloak.models.jpa.entities.RealmRoleEntity;
|
||||
import org.keycloak.models.jpa.entities.RequiredCredentialEntity;
|
||||
import org.keycloak.models.jpa.entities.RoleEntity;
|
||||
import org.keycloak.models.jpa.entities.SocialLinkEntity;
|
||||
import org.keycloak.models.jpa.entities.UserEntity;
|
||||
import org.keycloak.models.jpa.entities.UserRoleMappingEntity;
|
||||
import org.keycloak.models.jpa.entities.UserScopeMappingEntity;
|
||||
import org.keycloak.models.utils.Pbkdf2PasswordEncoder;
|
||||
import org.keycloak.util.PemUtils;
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
|
@ -12,7 +24,6 @@ import org.keycloak.models.RoleModel;
|
|||
import org.keycloak.models.SocialLinkModel;
|
||||
import org.keycloak.models.UserCredentialModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.jpa.entities.*;
|
||||
import org.keycloak.models.utils.TimeBasedOTP;
|
||||
|
||||
import javax.persistence.EntityManager;
|
||||
|
@ -25,6 +36,7 @@ import java.util.ArrayList;
|
|||
import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
@ -453,7 +465,7 @@ public class RealmAdapter implements RealmModel {
|
|||
|
||||
for (ApplicationModel application : getApplications()) {
|
||||
for (String r : application.getDefaultRoles()) {
|
||||
application.grantRole(userModel, application.getRole(r));
|
||||
grantRole(userModel, application.getRole(r));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -472,10 +484,8 @@ public class RealmAdapter implements RealmModel {
|
|||
}
|
||||
|
||||
private void removeUser(UserEntity user) {
|
||||
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
|
||||
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
|
||||
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
|
||||
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
|
||||
em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
|
||||
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
|
||||
em.createQuery("delete from " + SocialLinkEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
|
||||
em.remove(user);
|
||||
}
|
||||
|
@ -552,7 +562,7 @@ public class RealmAdapter implements RealmModel {
|
|||
List<ApplicationModel> list = new ArrayList<ApplicationModel>();
|
||||
if (realm.getApplications() == null) return list;
|
||||
for (ApplicationEntity entity : realm.getApplications()) {
|
||||
list.add(new ApplicationAdapter(em, entity));
|
||||
list.add(new ApplicationAdapter(this, em, entity));
|
||||
}
|
||||
return list;
|
||||
}
|
||||
|
@ -571,31 +581,41 @@ public class RealmAdapter implements RealmModel {
|
|||
realm.getApplications().add(applicationData);
|
||||
em.persist(applicationData);
|
||||
em.flush();
|
||||
ApplicationModel resource = new ApplicationAdapter(em, applicationData);
|
||||
ApplicationModel resource = new ApplicationAdapter(this, em, applicationData);
|
||||
em.flush();
|
||||
return resource;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeApplication(String id) {
|
||||
ApplicationEntity application = null;
|
||||
if (id == null) return false;
|
||||
ApplicationModel application = getApplicationById(id);
|
||||
if (application == null) return false;
|
||||
|
||||
for (RoleModel role : application.getRoles()) {
|
||||
application.removeRoleById(role.getId());
|
||||
}
|
||||
|
||||
ApplicationEntity applicationEntity = null;
|
||||
Iterator<ApplicationEntity> it = realm.getApplications().iterator();
|
||||
while (it.hasNext()) {
|
||||
ApplicationEntity ae = it.next();
|
||||
if (ae.getId().equals(id)) {
|
||||
applicationEntity = ae;
|
||||
it.remove();
|
||||
break;
|
||||
}
|
||||
}
|
||||
for (ApplicationEntity a : realm.getApplications()) {
|
||||
if (a.getId().equals(id)) {
|
||||
application = a;
|
||||
applicationEntity = a;
|
||||
}
|
||||
}
|
||||
if (application == null) {
|
||||
return false;
|
||||
}
|
||||
realm.getApplications().remove(application);
|
||||
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where application = :application").setParameter("application", application).executeUpdate();
|
||||
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where application = :application").setParameter("application", application).executeUpdate();
|
||||
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", application.getApplicationUser()).executeUpdate();
|
||||
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", application.getApplicationUser()).executeUpdate();
|
||||
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", application.getApplicationUser()).executeUpdate();
|
||||
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", application.getApplicationUser()).executeUpdate();
|
||||
removeUser(application.getApplicationUser());
|
||||
em.remove(application);
|
||||
em.remove(applicationEntity);
|
||||
removeUser(applicationEntity.getApplicationUser());
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -603,7 +623,7 @@ public class RealmAdapter implements RealmModel {
|
|||
public ApplicationModel getApplicationById(String id) {
|
||||
ApplicationEntity app = em.find(ApplicationEntity.class, id);
|
||||
if (app == null) return null;
|
||||
return new ApplicationAdapter(em, app);
|
||||
return new ApplicationAdapter(this, em, app);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -758,10 +778,8 @@ public class RealmAdapter implements RealmModel {
|
|||
@Override
|
||||
public boolean removeOAuthClient(String id) {
|
||||
OAuthClientEntity client = em.find(OAuthClientEntity.class, id);
|
||||
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
|
||||
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
|
||||
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
|
||||
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
|
||||
em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
|
||||
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
|
||||
removeUser(client.getAgent());
|
||||
em.remove(client);
|
||||
return true;
|
||||
|
@ -820,55 +838,54 @@ public class RealmAdapter implements RealmModel {
|
|||
|
||||
@Override
|
||||
public RoleModel getRole(String name) {
|
||||
Collection<RoleEntity> roles = realm.getRoles();
|
||||
if (roles == null) return null;
|
||||
for (RoleEntity role : roles) {
|
||||
if (role.getName().equals(name)) {
|
||||
return new RoleAdapter(role);
|
||||
}
|
||||
}
|
||||
return null; //To change body of implemented methods use File | Settings | File Templates.
|
||||
TypedQuery<RealmRoleEntity> query = em.createNamedQuery("getRealmRoleByName", RealmRoleEntity.class);
|
||||
query.setParameter("name", name);
|
||||
query.setParameter("realm", realm);
|
||||
List<RealmRoleEntity> roles = query.getResultList();
|
||||
if (roles.size() == 0) return null;
|
||||
return new RoleAdapter(this, em, roles.get(0));
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleModel addRole(String name) {
|
||||
RoleModel role = getRole(name);
|
||||
if (role != null) return role;
|
||||
RoleEntity entity = new RoleEntity();
|
||||
RealmRoleEntity entity = new RealmRoleEntity();
|
||||
entity.setName(name);
|
||||
em.persist(entity);
|
||||
entity.setRealm(realm);
|
||||
realm.getRoles().add(entity);
|
||||
em.persist(entity);
|
||||
em.flush();
|
||||
return new RoleAdapter(entity);
|
||||
return new RoleAdapter(this, em, entity);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeRoleById(String id) {
|
||||
RoleEntity role = em.find(RoleEntity.class, id);
|
||||
RoleModel role = getRoleById(id);
|
||||
if (role == null) return false;
|
||||
|
||||
if (role == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
RoleEntity roleEntity = ((RoleAdapter)role).getRole();
|
||||
realm.getRoles().remove(role);
|
||||
realm.getDefaultRoles().remove(role);
|
||||
|
||||
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
|
||||
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
|
||||
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
|
||||
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
|
||||
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
|
||||
em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
|
||||
|
||||
em.remove(role);
|
||||
em.remove(roleEntity);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RoleModel> getRoles() {
|
||||
ArrayList<RoleModel> list = new ArrayList<RoleModel>();
|
||||
Collection<RoleEntity> roles = realm.getRoles();
|
||||
public Set<RoleModel> getRoles() {
|
||||
Set<RoleModel> list = new HashSet<RoleModel>();
|
||||
Collection<RealmRoleEntity> roles = realm.getRoles();
|
||||
if (roles == null) return list;
|
||||
for (RoleEntity entity : roles) {
|
||||
list.add(new RoleAdapter(entity));
|
||||
list.add(new RoleAdapter(this, em, entity));
|
||||
}
|
||||
return list;
|
||||
}
|
||||
|
@ -877,28 +894,31 @@ public class RealmAdapter implements RealmModel {
|
|||
public RoleModel getRoleById(String id) {
|
||||
RoleEntity entity = em.find(RoleEntity.class, id);
|
||||
if (entity == null) return null;
|
||||
return new RoleAdapter(entity);
|
||||
return new RoleAdapter(this, em, entity);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasRole(UserModel user, RoleModel role) {
|
||||
TypedQuery<RealmUserRoleMappingEntity> query = getRealmUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role);
|
||||
return query.getResultList().size() > 0;
|
||||
Set<RoleModel> roles = getRoleMappings(user);
|
||||
if (roles.contains(role)) return true;
|
||||
|
||||
for (RoleModel mapping : roles) {
|
||||
if (mapping.hasRole(role)) return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
protected TypedQuery<RealmUserRoleMappingEntity> getRealmUserRoleMappingEntityTypedQuery(UserAdapter user, RoleAdapter role) {
|
||||
TypedQuery<RealmUserRoleMappingEntity> query = em.createNamedQuery("userHasRealmRole", RealmUserRoleMappingEntity.class);
|
||||
protected TypedQuery<UserRoleMappingEntity> getUserRoleMappingEntityTypedQuery(UserAdapter user, RoleAdapter role) {
|
||||
TypedQuery<UserRoleMappingEntity> query = em.createNamedQuery("userHasRole", UserRoleMappingEntity.class);
|
||||
query.setParameter("user", ((UserAdapter)user).getUser());
|
||||
query.setParameter("role", ((RoleAdapter) role).getRole());
|
||||
query.setParameter("realm", realm);
|
||||
return query;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void grantRole(UserModel user, RoleModel role) {
|
||||
if (hasRole(user, role)) return;
|
||||
RealmUserRoleMappingEntity entity = new RealmUserRoleMappingEntity();
|
||||
entity.setRealm(realm);
|
||||
UserRoleMappingEntity entity = new UserRoleMappingEntity();
|
||||
entity.setUser(((UserAdapter) user).getUser());
|
||||
entity.setRole(((RoleAdapter)role).getRole());
|
||||
em.persist(entity);
|
||||
|
@ -906,79 +926,69 @@ public class RealmAdapter implements RealmModel {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<RoleModel> getRoleMappings(UserModel user) {
|
||||
TypedQuery<RealmUserRoleMappingEntity> query = em.createNamedQuery("userRealmMappings", RealmUserRoleMappingEntity.class);
|
||||
query.setParameter("user", ((UserAdapter)user).getUser());
|
||||
query.setParameter("realm", realm);
|
||||
List<RealmUserRoleMappingEntity> entities = query.getResultList();
|
||||
List<RoleModel> roles = new ArrayList<RoleModel>();
|
||||
for (RealmUserRoleMappingEntity entity : entities) {
|
||||
roles.add(new RoleAdapter(entity.getRole()));
|
||||
public Set<RoleModel> getRealmRoleMappings(UserModel user) {
|
||||
Set<RoleModel> roleMappings = getRoleMappings(user);
|
||||
|
||||
Set<RoleModel> realmRoles = new HashSet<RoleModel>();
|
||||
for (RoleModel role : roleMappings) {
|
||||
RoleContainerModel container = role.getContainer();
|
||||
if (container instanceof RealmModel) {
|
||||
realmRoles.add(role);
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
return realmRoles;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public Set<String> getRoleMappingValues(UserModel user) {
|
||||
TypedQuery<RealmUserRoleMappingEntity> query = em.createNamedQuery("userRealmMappings", RealmUserRoleMappingEntity.class);
|
||||
public Set<RoleModel> getRoleMappings(UserModel user) {
|
||||
TypedQuery<UserRoleMappingEntity> query = em.createNamedQuery("userRoleMappings", UserRoleMappingEntity.class);
|
||||
query.setParameter("user", ((UserAdapter)user).getUser());
|
||||
query.setParameter("realm", realm);
|
||||
List<RealmUserRoleMappingEntity> entities = query.getResultList();
|
||||
Set<String> roles = new HashSet<String>();
|
||||
for (RealmUserRoleMappingEntity entity : entities) {
|
||||
roles.add(entity.getRole().getName());
|
||||
List<UserRoleMappingEntity> entities = query.getResultList();
|
||||
Set<RoleModel> roles = new HashSet<RoleModel>();
|
||||
for (UserRoleMappingEntity entity : entities) {
|
||||
roles.add(new RoleAdapter(this, em, entity.getRole()));
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void deleteRoleMapping(UserModel user, RoleModel role) {
|
||||
TypedQuery<RealmUserRoleMappingEntity> query = getRealmUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role);
|
||||
List<RealmUserRoleMappingEntity> results = query.getResultList();
|
||||
TypedQuery<UserRoleMappingEntity> query = getUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role);
|
||||
List<UserRoleMappingEntity> results = query.getResultList();
|
||||
if (results.size() == 0) return;
|
||||
for (RealmUserRoleMappingEntity entity : results) {
|
||||
for (UserRoleMappingEntity entity : results) {
|
||||
em.remove(entity);
|
||||
}
|
||||
em.flush();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasRole(UserModel user, String roleName) {
|
||||
RoleModel role = getRole(roleName);
|
||||
if (role == null) return false;
|
||||
return hasRole(user, role);
|
||||
public Set<RoleModel> getRealmScopeMappings(UserModel user) {
|
||||
Set<RoleModel> roleMappings = getScopeMappings(user);
|
||||
|
||||
Set<RoleModel> appRoles = new HashSet<RoleModel>();
|
||||
for (RoleModel role : roleMappings) {
|
||||
RoleContainerModel container = role.getContainer();
|
||||
if (container instanceof RealmModel) {
|
||||
if (((RealmModel)container).getId().equals(getId())) {
|
||||
appRoles.add(role);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addScopeMapping(UserModel agent, String roleName) {
|
||||
RoleModel role = getRole(roleName);
|
||||
if (role == null) throw new RuntimeException("role does not exist");
|
||||
addScopeMapping(agent, role);
|
||||
em.flush();
|
||||
return appRoles;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public Set<String> getScopeMappingValues(UserModel agent) {
|
||||
TypedQuery<RealmScopeMappingEntity> query = em.createNamedQuery("userRealmScopeMappings", RealmScopeMappingEntity.class);
|
||||
public Set<RoleModel> getScopeMappings(UserModel agent) {
|
||||
TypedQuery<UserScopeMappingEntity> query = em.createNamedQuery("userScopeMappings", UserScopeMappingEntity.class);
|
||||
query.setParameter("user", ((UserAdapter)agent).getUser());
|
||||
query.setParameter("realm", realm);
|
||||
List<RealmScopeMappingEntity> entities = query.getResultList();
|
||||
Set<String> roles = new HashSet<String>();
|
||||
for (RealmScopeMappingEntity entity : entities) {
|
||||
roles.add(entity.getRole().getName());
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RoleModel> getScopeMappings(UserModel agent) {
|
||||
TypedQuery<RealmScopeMappingEntity> query = em.createNamedQuery("userRealmScopeMappings", RealmScopeMappingEntity.class);
|
||||
query.setParameter("user", ((UserAdapter)agent).getUser());
|
||||
query.setParameter("realm", realm);
|
||||
List<RealmScopeMappingEntity> entities = query.getResultList();
|
||||
List<RoleModel> roles = new ArrayList<RoleModel>();
|
||||
for (RealmScopeMappingEntity entity : entities) {
|
||||
roles.add(new RoleAdapter(entity.getRole()));
|
||||
List<UserScopeMappingEntity> entities = query.getResultList();
|
||||
Set<RoleModel> roles = new HashSet<RoleModel>();
|
||||
for (UserScopeMappingEntity entity : entities) {
|
||||
roles.add(new RoleAdapter(this, em, entity.getRole()));
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
|
@ -986,35 +996,32 @@ public class RealmAdapter implements RealmModel {
|
|||
@Override
|
||||
public void addScopeMapping(UserModel agent, RoleModel role) {
|
||||
if (hasScope(agent, role)) return;
|
||||
RealmScopeMappingEntity entity = new RealmScopeMappingEntity();
|
||||
entity.setRealm(realm);
|
||||
UserScopeMappingEntity entity = new UserScopeMappingEntity();
|
||||
entity.setUser(((UserAdapter) agent).getUser());
|
||||
entity.setRole(((RoleAdapter)role).getRole());
|
||||
em.persist(entity);
|
||||
em.flush();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void deleteScopeMapping(UserModel user, RoleModel role) {
|
||||
TypedQuery<RealmScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
|
||||
List<RealmScopeMappingEntity> results = query.getResultList();
|
||||
TypedQuery<UserScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
|
||||
List<UserScopeMappingEntity> results = query.getResultList();
|
||||
if (results.size() == 0) return;
|
||||
for (RealmScopeMappingEntity entity : results) {
|
||||
for (UserScopeMappingEntity entity : results) {
|
||||
em.remove(entity);
|
||||
}
|
||||
}
|
||||
|
||||
public boolean hasScope(UserModel user, RoleModel role) {
|
||||
TypedQuery<RealmScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
|
||||
TypedQuery<UserScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
|
||||
return query.getResultList().size() > 0;
|
||||
}
|
||||
|
||||
|
||||
protected TypedQuery<RealmScopeMappingEntity> getRealmScopeMappingQuery(UserAdapter user, RoleAdapter role) {
|
||||
TypedQuery<RealmScopeMappingEntity> query = em.createNamedQuery("userHasRealmScope", RealmScopeMappingEntity.class);
|
||||
protected TypedQuery<UserScopeMappingEntity> getRealmScopeMappingQuery(UserAdapter user, RoleAdapter role) {
|
||||
TypedQuery<UserScopeMappingEntity> query = em.createNamedQuery("userHasScope", UserScopeMappingEntity.class);
|
||||
query.setParameter("user", ((UserAdapter)user).getUser());
|
||||
query.setParameter("role", ((RoleAdapter)role).getRole());
|
||||
query.setParameter("realm", realm);
|
||||
return query;
|
||||
}
|
||||
|
||||
|
@ -1081,4 +1088,12 @@ public class RealmAdapter implements RealmModel {
|
|||
realm.setPasswordPolicy(policy.toString());
|
||||
em.flush();
|
||||
}
|
||||
|
||||
public boolean equals(Object o) {
|
||||
if (o == null) return false;
|
||||
if (!(o instanceof RealmAdapter)) return false;
|
||||
RealmAdapter r = (RealmAdapter)o;
|
||||
return r.getId().equals(getId());
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -1,16 +1,29 @@
|
|||
package org.keycloak.models.jpa;
|
||||
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleContainerModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.jpa.entities.ApplicationRoleEntity;
|
||||
import org.keycloak.models.jpa.entities.RealmRoleEntity;
|
||||
import org.keycloak.models.jpa.entities.RoleEntity;
|
||||
|
||||
import javax.persistence.EntityManager;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class RoleAdapter implements RoleModel {
|
||||
protected RoleEntity role;
|
||||
protected EntityManager em;
|
||||
protected RealmModel realm;
|
||||
|
||||
public RoleAdapter(RoleEntity role) {
|
||||
public RoleAdapter(RealmModel realm, EntityManager em, RoleEntity role) {
|
||||
this.em = em;
|
||||
this.realm = realm;
|
||||
this.role = role;
|
||||
}
|
||||
|
||||
|
@ -46,4 +59,96 @@ public class RoleAdapter implements RoleModel {
|
|||
public void setName(String name) {
|
||||
role.setName(name);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isComposite() {
|
||||
return role.isComposite();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setComposite(boolean flag) {
|
||||
role.setComposite(flag);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addCompositeRole(RoleModel role) {
|
||||
RoleEntity entity = ((RoleAdapter)role).getRole();
|
||||
for (RoleEntity composite : getRole().getCompositeRoles()) {
|
||||
if (composite.equals(entity)) return;
|
||||
}
|
||||
getRole().getCompositeRoles().add(entity);
|
||||
em.flush();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeCompositeRole(RoleModel role) {
|
||||
RoleEntity entity = ((RoleAdapter)role).getRole();
|
||||
Iterator<RoleEntity> it = getRole().getCompositeRoles().iterator();
|
||||
while (it.hasNext()) {
|
||||
if (it.next().equals(entity)) it.remove();
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<RoleModel> getComposites() {
|
||||
Set<RoleModel> set = new HashSet<RoleModel>();
|
||||
|
||||
for (RoleEntity composite : getRole().getCompositeRoles()) {
|
||||
set.add(new RoleAdapter(realm, em, composite));
|
||||
}
|
||||
return set;
|
||||
}
|
||||
|
||||
public static boolean searchFor(RoleModel role, RoleModel composite, Set<RoleModel> visited) {
|
||||
if (visited.contains(composite)) return false;
|
||||
visited.add(composite);
|
||||
Set<RoleModel> composites = composite.getComposites();
|
||||
if (composites.contains(role)) return true;
|
||||
for (RoleModel contained : composites) {
|
||||
if (!contained.isComposite()) continue;
|
||||
if (searchFor(role, contained, visited)) return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@Override
|
||||
public boolean hasRole(RoleModel role) {
|
||||
if (this.equals(role)) return true;
|
||||
if (!isComposite()) return false;
|
||||
|
||||
Set<RoleModel> visited = new HashSet<RoleModel>();
|
||||
return searchFor(role, this, visited);
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleContainerModel getContainer() {
|
||||
if (role instanceof ApplicationRoleEntity) {
|
||||
ApplicationRoleEntity entity = (ApplicationRoleEntity)role;
|
||||
return new ApplicationAdapter(realm, em, entity.getApplication());
|
||||
} else if (role instanceof RealmRoleEntity) {
|
||||
RealmRoleEntity entity = (RealmRoleEntity)role;
|
||||
return new RealmAdapter(em, entity.getRealm());
|
||||
|
||||
}
|
||||
throw new IllegalStateException("Unknown role entity type");
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) return true;
|
||||
if (o == null || getClass() != o.getClass()) return false;
|
||||
|
||||
RoleAdapter that = (RoleAdapter) o;
|
||||
|
||||
if (!role.equals(that.role)) return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return role.hashCode();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
package org.keycloak.models.jpa.entities;
|
||||
|
||||
import javax.persistence.GeneratedValue;
|
||||
import javax.persistence.GenerationType;
|
||||
import javax.persistence.Id;
|
||||
import javax.persistence.ManyToOne;
|
||||
import javax.persistence.MappedSuperclass;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
@MappedSuperclass
|
||||
public class AbstractRoleMappingEntity {
|
||||
@Id
|
||||
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||
protected long id;
|
||||
@ManyToOne
|
||||
protected UserEntity user;
|
||||
@ManyToOne
|
||||
protected RoleEntity role;
|
||||
|
||||
public long getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
public void setId(long id) {
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
public UserEntity getUser() {
|
||||
return user;
|
||||
}
|
||||
|
||||
public void setUser(UserEntity user) {
|
||||
this.user = user;
|
||||
}
|
||||
|
||||
public RoleEntity getRole() {
|
||||
return role;
|
||||
}
|
||||
|
||||
public void setRole(RoleEntity role) {
|
||||
this.role = role;
|
||||
}
|
||||
}
|
|
@ -31,9 +31,8 @@ public class ApplicationEntity {
|
|||
@OneToOne(fetch = FetchType.EAGER)
|
||||
private UserEntity applicationUser;
|
||||
|
||||
@OneToMany(fetch = FetchType.EAGER, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
|
||||
@JoinTable(name="APPLICATION_ROLES")
|
||||
Collection<RoleEntity> roles = new ArrayList<RoleEntity>();
|
||||
@OneToMany(fetch = FetchType.EAGER, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "application")
|
||||
Collection<ApplicationRoleEntity> roles = new ArrayList<ApplicationRoleEntity>();
|
||||
|
||||
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
|
||||
@JoinTable(name="APPLICATION_DEFAULT_ROLES")
|
||||
|
@ -83,11 +82,11 @@ public class ApplicationEntity {
|
|||
this.applicationUser = applicationUser;
|
||||
}
|
||||
|
||||
public Collection<RoleEntity> getRoles() {
|
||||
public Collection<ApplicationRoleEntity> getRoles() {
|
||||
return roles;
|
||||
}
|
||||
|
||||
public void setRoles(Collection<RoleEntity> roles) {
|
||||
public void setRoles(Collection<ApplicationRoleEntity> roles) {
|
||||
this.roles = roles;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package org.keycloak.models.jpa.entities;
|
||||
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.JoinTable;
|
||||
import javax.persistence.ManyToOne;
|
||||
import javax.persistence.NamedQueries;
|
||||
import javax.persistence.NamedQuery;
|
||||
|
@ -10,14 +11,13 @@ import javax.persistence.NamedQuery;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
@NamedQueries({
|
||||
@NamedQuery(name="userHasApplicationScope", query="select m from ApplicationScopeMappingEntity m where m.user = :user and m.role = :role and m.application = :application"),
|
||||
@NamedQuery(name="userApplicationScopeMappings", query="select m from ApplicationScopeMappingEntity m where m.user = :user and m.application = :application")
|
||||
@NamedQuery(name="getAppRoleByName", query="select role from ApplicationRoleEntity role where role.name = :name and role.application = :application")
|
||||
})
|
||||
@Entity
|
||||
public class ApplicationScopeMappingEntity extends UserRoleMappingEntity {
|
||||
|
||||
public class ApplicationRoleEntity extends RoleEntity {
|
||||
@ManyToOne
|
||||
protected ApplicationEntity application;
|
||||
@JoinTable(name = "APPLICATION_ROLE")
|
||||
private ApplicationEntity application;
|
||||
|
||||
public ApplicationEntity getApplication() {
|
||||
return application;
|
|
@ -1,29 +0,0 @@
|
|||
package org.keycloak.models.jpa.entities;
|
||||
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.ManyToOne;
|
||||
import javax.persistence.NamedQueries;
|
||||
import javax.persistence.NamedQuery;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
@NamedQueries({
|
||||
@NamedQuery(name="userHasApplicationRole", query="select m from ApplicationUserRoleMappingEntity m where m.user = :user and m.role = :role and m.application = :application"),
|
||||
@NamedQuery(name="userApplicationMappings", query="select m from ApplicationUserRoleMappingEntity m where m.user = :user and m.application = :application")
|
||||
})
|
||||
@Entity
|
||||
public class ApplicationUserRoleMappingEntity extends UserRoleMappingEntity {
|
||||
|
||||
@ManyToOne
|
||||
protected ApplicationEntity application;
|
||||
|
||||
public ApplicationEntity getApplication() {
|
||||
return application;
|
||||
}
|
||||
|
||||
public void setApplication(ApplicationEntity application) {
|
||||
this.application = application;
|
||||
}
|
||||
}
|
|
@ -65,9 +65,8 @@ public class RealmEntity {
|
|||
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
|
||||
Collection<ApplicationEntity> applications = new ArrayList<ApplicationEntity>();
|
||||
|
||||
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
|
||||
@JoinTable(name="REALM_ROLES")
|
||||
Collection<RoleEntity> roles = new ArrayList<RoleEntity>();
|
||||
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
|
||||
Collection<RealmRoleEntity> roles = new ArrayList<RealmRoleEntity>();
|
||||
|
||||
@ElementCollection
|
||||
@MapKeyColumn(name="name")
|
||||
|
@ -229,17 +228,17 @@ public class RealmEntity {
|
|||
this.applications = applications;
|
||||
}
|
||||
|
||||
public Collection<RoleEntity> getRoles() {
|
||||
public Collection<RealmRoleEntity> getRoles() {
|
||||
return roles;
|
||||
}
|
||||
|
||||
public void setRoles(Collection<RoleEntity> roles) {
|
||||
public void setRoles(Collection<RealmRoleEntity> roles) {
|
||||
this.roles = roles;
|
||||
}
|
||||
|
||||
public void addRole(RoleEntity role) {
|
||||
public void addRole(RealmRoleEntity role) {
|
||||
if (roles == null) {
|
||||
roles = new ArrayList<RoleEntity>();
|
||||
roles = new ArrayList<RealmRoleEntity>();
|
||||
}
|
||||
roles.add(role);
|
||||
}
|
||||
|
|
|
@ -10,14 +10,12 @@ import javax.persistence.NamedQuery;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
@NamedQueries({
|
||||
@NamedQuery(name="userHasRealmScope", query="select m from RealmScopeMappingEntity m where m.user = :user and m.role = :role and m.realm = :realm"),
|
||||
@NamedQuery(name="userRealmScopeMappings", query="select m from RealmScopeMappingEntity m where m.user = :user and m.realm = :realm")
|
||||
@NamedQuery(name="getRealmRoleByName", query="select role from RealmRoleEntity role where role.name = :name and role.realm = :realm")
|
||||
})
|
||||
@Entity
|
||||
public class RealmScopeMappingEntity extends UserRoleMappingEntity {
|
||||
|
||||
public class RealmRoleEntity extends RoleEntity {
|
||||
@ManyToOne
|
||||
protected RealmEntity realm;
|
||||
private RealmEntity realm;
|
||||
|
||||
public RealmEntity getRealm() {
|
||||
return realm;
|
|
@ -1,29 +0,0 @@
|
|||
package org.keycloak.models.jpa.entities;
|
||||
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.ManyToOne;
|
||||
import javax.persistence.NamedQueries;
|
||||
import javax.persistence.NamedQuery;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
@NamedQueries({
|
||||
@NamedQuery(name="userHasRealmRole", query="select m from RealmUserRoleMappingEntity m where m.user = :user and m.role = :role and m.realm = :realm"),
|
||||
@NamedQuery(name="userRealmMappings", query="select m from RealmUserRoleMappingEntity m where m.user = :user and m.realm = :realm")
|
||||
})
|
||||
@Entity
|
||||
public class RealmUserRoleMappingEntity extends UserRoleMappingEntity {
|
||||
|
||||
@ManyToOne
|
||||
protected RealmEntity realm;
|
||||
|
||||
public RealmEntity getRealm() {
|
||||
return realm;
|
||||
}
|
||||
|
||||
public void setRealm(RealmEntity realm) {
|
||||
this.realm = realm;
|
||||
}
|
||||
}
|
|
@ -1,22 +1,36 @@
|
|||
package org.keycloak.models.jpa.entities;
|
||||
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.FetchType;
|
||||
import javax.persistence.GeneratedValue;
|
||||
import javax.persistence.GenerationType;
|
||||
import javax.persistence.Id;
|
||||
import javax.persistence.Inheritance;
|
||||
import javax.persistence.InheritanceType;
|
||||
import javax.persistence.JoinTable;
|
||||
import javax.persistence.ManyToMany;
|
||||
import javax.persistence.OneToMany;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
@Entity
|
||||
public class RoleEntity {
|
||||
@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
|
||||
public abstract class RoleEntity {
|
||||
@Id
|
||||
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||
@GeneratedValue(strategy = GenerationType.AUTO)
|
||||
private String id;
|
||||
|
||||
private String name;
|
||||
private String description;
|
||||
private boolean composite;
|
||||
@ManyToMany(fetch = FetchType.LAZY, cascade = {})
|
||||
//@JoinTable(name = "COMPOSITE_ROLE")
|
||||
private Collection<RoleEntity> compositeRoles = new ArrayList<RoleEntity>();
|
||||
|
||||
|
||||
public String getId() {
|
||||
return id;
|
||||
|
@ -41,4 +55,37 @@ public class RoleEntity {
|
|||
public void setDescription(String description) {
|
||||
this.description = description;
|
||||
}
|
||||
|
||||
public boolean isComposite() {
|
||||
return composite;
|
||||
}
|
||||
|
||||
public void setComposite(boolean composite) {
|
||||
this.composite = composite;
|
||||
}
|
||||
|
||||
public Collection<RoleEntity> getCompositeRoles() {
|
||||
return compositeRoles;
|
||||
}
|
||||
|
||||
public void setCompositeRoles(Collection<RoleEntity> compositeRoles) {
|
||||
this.compositeRoles = compositeRoles;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) return true;
|
||||
if (o == null || getClass() != o.getClass()) return false;
|
||||
|
||||
RoleEntity that = (RoleEntity) o;
|
||||
|
||||
if (!id.equals(that.id)) return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return id.hashCode();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,46 +1,23 @@
|
|||
package org.keycloak.models.jpa.entities;
|
||||
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.GeneratedValue;
|
||||
import javax.persistence.GenerationType;
|
||||
import javax.persistence.Id;
|
||||
import javax.persistence.ManyToOne;
|
||||
import javax.persistence.MappedSuperclass;
|
||||
import javax.persistence.NamedQueries;
|
||||
import javax.persistence.NamedQuery;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
@MappedSuperclass
|
||||
public abstract class UserRoleMappingEntity {
|
||||
@Id
|
||||
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||
protected long id;
|
||||
@ManyToOne
|
||||
protected UserEntity user;
|
||||
@ManyToOne
|
||||
protected RoleEntity role;
|
||||
@NamedQueries({
|
||||
@NamedQuery(name="userHasRole", query="select m from UserRoleMappingEntity m where m.user = :user and m.role = :role"),
|
||||
@NamedQuery(name="userRoleMappings", query="select m from UserRoleMappingEntity m where m.user = :user")
|
||||
})
|
||||
@Entity
|
||||
public class UserRoleMappingEntity extends AbstractRoleMappingEntity {
|
||||
|
||||
public long getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
public void setId(long id) {
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
public UserEntity getUser() {
|
||||
return user;
|
||||
}
|
||||
|
||||
public void setUser(UserEntity user) {
|
||||
this.user = user;
|
||||
}
|
||||
|
||||
public RoleEntity getRole() {
|
||||
return role;
|
||||
}
|
||||
|
||||
public void setRole(RoleEntity role) {
|
||||
this.role = role;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
package org.keycloak.models.jpa.entities;
|
||||
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.NamedQueries;
|
||||
import javax.persistence.NamedQuery;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
@NamedQueries({
|
||||
@NamedQuery(name="userHasScope", query="select m from UserScopeMappingEntity m where m.user = :user and m.role = :role"),
|
||||
@NamedQuery(name="userScopeMappings", query="select m from UserScopeMappingEntity m where m.user = :user")
|
||||
})
|
||||
@Entity
|
||||
public class UserScopeMappingEntity extends AbstractRoleMappingEntity {
|
||||
|
||||
}
|
|
@ -35,7 +35,7 @@
|
|||
</build>
|
||||
<modules>
|
||||
<module>api</module>
|
||||
<module>picketlink</module>
|
||||
<!-- <module>picketlink</module> -->
|
||||
<module>jpa</module>
|
||||
<!-- <module>mongo</module> -->
|
||||
</modules>
|
||||
|
|
|
@ -47,12 +47,14 @@
|
|||
<version>${project.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<!--
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-model-picketlink</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
-->
|
||||
|
||||
<!--<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
|
|
|
@ -74,11 +74,11 @@ public class ApplianceBootstrap {
|
|||
realm.updateCredential(adminUser, password);
|
||||
adminUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||
|
||||
adminConsole.grantRole(adminUser, adminRole);
|
||||
realm.grantRole(adminUser, adminRole);
|
||||
|
||||
ApplicationModel accountApp = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
|
||||
for (String r : accountApp.getDefaultRoles()) {
|
||||
accountApp.grantRole(adminUser, accountApp.getRole(r));
|
||||
realm.grantRole(adminUser, accountApp.getRole(r));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -102,7 +102,7 @@ public class ApplicationManager {
|
|||
if (role == null) {
|
||||
role = applicationModel.addRole(roleString.trim());
|
||||
}
|
||||
applicationModel.grantRole(user, role);
|
||||
realm.grantRole(user, role);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -115,7 +115,7 @@ public class ApplicationManager {
|
|||
if (role == null) {
|
||||
role = applicationModel.addRole(roleString.trim());
|
||||
}
|
||||
applicationModel.addScopeMapping(user, role.getName());
|
||||
realm.addScopeMapping(user, role);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -125,6 +125,13 @@ public class ApplicationManager {
|
|||
return createApplication(realm, loginRole, resourceRep);
|
||||
}
|
||||
|
||||
public ApplicationModel createApplication(RealmModel realm, String name) {
|
||||
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||
ApplicationModel app = realm.addApplication(name);
|
||||
realm.grantRole(app.getApplicationUser(), loginRole);
|
||||
return app;
|
||||
}
|
||||
|
||||
public void updateApplication(ApplicationRepresentation rep, ApplicationModel resource) {
|
||||
resource.setName(rep.getName());
|
||||
resource.setEnabled(rep.isEnabled());
|
||||
|
|
|
@ -9,6 +9,7 @@ import org.keycloak.jose.jws.JWSBuilder;
|
|||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RequiredCredentialModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.representations.SkeletonKeyToken;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
|
@ -250,16 +251,18 @@ public class AuthenticationManager {
|
|||
}
|
||||
|
||||
if (!user.isEnabled()) {
|
||||
logger.debug("Account is disabled, contact admin.");
|
||||
logger.debug("Account is disabled, contact admin. " + user.getLoginName());
|
||||
return AuthenticationStatus.ACCOUNT_DISABLED;
|
||||
}
|
||||
|
||||
Set<String> types = new HashSet<String>();
|
||||
|
||||
List<RequiredCredentialModel> requiredCredentials = null;
|
||||
if (realm.hasRole(user, Constants.APPLICATION_ROLE)) {
|
||||
RoleModel applicationRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||
RoleModel identityRequesterRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
|
||||
if (realm.hasRole(user, applicationRole)) {
|
||||
requiredCredentials = realm.getRequiredApplicationCredentials();
|
||||
} else if (realm.hasRole(user, Constants.IDENTITY_REQUESTER_ROLE)) {
|
||||
} else if (realm.hasRole(user, identityRequesterRole)) {
|
||||
requiredCredentials = realm.getRequiredOAuthClientCredentials();
|
||||
} else {
|
||||
requiredCredentials = realm.getRequiredCredentials();
|
||||
|
@ -289,6 +292,7 @@ public class AuthenticationManager {
|
|||
} else {
|
||||
logger.debug("validating password for user: " + user.getLoginName());
|
||||
if (!realm.validatePassword(user, password)) {
|
||||
logger.debug("invalid password for user: " + user.getLoginName());
|
||||
return AuthenticationStatus.INVALID_CREDENTIALS;
|
||||
}
|
||||
}
|
||||
|
|
112
services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java
Executable file
112
services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java
Executable file
|
@ -0,0 +1,112 @@
|
|||
package org.keycloak.services.managers;
|
||||
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RequiredCredentialModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class ModelToRepresentation {
|
||||
public static UserRepresentation toRepresentation(UserModel user) {
|
||||
UserRepresentation rep = new UserRepresentation();
|
||||
rep.setUsername(user.getLoginName());
|
||||
rep.setLastName(user.getLastName());
|
||||
rep.setFirstName(user.getFirstName());
|
||||
rep.setEmail(user.getEmail());
|
||||
rep.setEnabled(user.isEnabled());
|
||||
rep.setEmailVerified(user.isEmailVerified());
|
||||
rep.setTotp(user.isTotp());
|
||||
|
||||
List<String> reqActions = new ArrayList<String>();
|
||||
for (UserModel.RequiredAction ra : user.getRequiredActions()){
|
||||
reqActions.add(ra.name());
|
||||
}
|
||||
|
||||
rep.setRequiredActions(reqActions);
|
||||
|
||||
if (user.getAttributes() != null && !user.getAttributes().isEmpty()) {
|
||||
Map<String, String> attrs = new HashMap<String, String>();
|
||||
attrs.putAll(user.getAttributes());
|
||||
rep.setAttributes(attrs);
|
||||
}
|
||||
return rep;
|
||||
}
|
||||
|
||||
public static RoleRepresentation toRepresentation(RoleModel role) {
|
||||
RoleRepresentation rep = new RoleRepresentation();
|
||||
rep.setId(role.getId());
|
||||
rep.setName(role.getName());
|
||||
rep.setDescription(role.getDescription());
|
||||
rep.setComposite(role.isComposite());
|
||||
return rep;
|
||||
}
|
||||
|
||||
public static RealmRepresentation toRepresentation(RealmModel realm) {
|
||||
RealmRepresentation rep = new RealmRepresentation();
|
||||
rep.setId(realm.getId());
|
||||
rep.setRealm(realm.getName());
|
||||
rep.setEnabled(realm.isEnabled());
|
||||
rep.setSocial(realm.isSocial());
|
||||
rep.setUpdateProfileOnInitialSocialLogin(realm.isUpdateProfileOnInitialSocialLogin());
|
||||
rep.setSslNotRequired(realm.isSslNotRequired());
|
||||
rep.setPublicKey(realm.getPublicKeyPem());
|
||||
rep.setPrivateKey(realm.getPrivateKeyPem());
|
||||
rep.setRegistrationAllowed(realm.isRegistrationAllowed());
|
||||
rep.setVerifyEmail(realm.isVerifyEmail());
|
||||
rep.setResetPasswordAllowed(realm.isResetPasswordAllowed());
|
||||
rep.setTokenLifespan(realm.getTokenLifespan());
|
||||
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
|
||||
rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction());
|
||||
rep.setSmtpServer(realm.getSmtpConfig());
|
||||
rep.setSocialProviders(realm.getSocialConfig());
|
||||
if (realm.getPasswordPolicy() != null) {
|
||||
rep.setPasswordPolicy(realm.getPasswordPolicy().toString());
|
||||
}
|
||||
|
||||
ApplicationModel accountManagementApplication = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
|
||||
|
||||
List<String> defaultRoles = realm.getDefaultRoles();
|
||||
if (!defaultRoles.isEmpty()) {
|
||||
List<String> roleStrings = new ArrayList<String>();
|
||||
roleStrings.addAll(defaultRoles);
|
||||
rep.setDefaultRoles(roleStrings);
|
||||
}
|
||||
|
||||
List<RequiredCredentialModel> requiredCredentialModels = realm.getRequiredCredentials();
|
||||
if (requiredCredentialModels.size() > 0) {
|
||||
rep.setRequiredCredentials(new HashSet<String>());
|
||||
for (RequiredCredentialModel cred : requiredCredentialModels) {
|
||||
rep.getRequiredCredentials().add(cred.getType());
|
||||
}
|
||||
}
|
||||
List<RequiredCredentialModel> requiredResourceCredentialModels = realm.getRequiredApplicationCredentials();
|
||||
if (requiredResourceCredentialModels.size() > 0) {
|
||||
rep.setRequiredApplicationCredentials(new HashSet<String>());
|
||||
for (RequiredCredentialModel cred : requiredResourceCredentialModels) {
|
||||
rep.getRequiredApplicationCredentials().add(cred.getType());
|
||||
}
|
||||
}
|
||||
List<RequiredCredentialModel> requiredOAuthCredentialModels = realm.getRequiredOAuthClientCredentials();
|
||||
if (requiredOAuthCredentialModels.size() > 0) {
|
||||
rep.setRequiredOAuthClientCredentials(new HashSet<String>());
|
||||
for (RequiredCredentialModel cred : requiredOAuthCredentialModels) {
|
||||
rep.getRequiredOAuthClientCredentials().add(cred.getType());
|
||||
}
|
||||
}
|
||||
return rep;
|
||||
}
|
||||
}
|
|
@ -309,7 +309,7 @@ public class RealmManager {
|
|||
role = newRealm.addRole(roleString.trim());
|
||||
}
|
||||
UserModel user = userMap.get(scope.getUsername());
|
||||
newRealm.addScopeMapping(user, role.getName());
|
||||
newRealm.addScopeMapping(user, role);
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -422,93 +422,4 @@ public class RealmManager {
|
|||
}
|
||||
|
||||
|
||||
public static UserRepresentation toRepresentation(UserModel user) {
|
||||
UserRepresentation rep = new UserRepresentation();
|
||||
rep.setUsername(user.getLoginName());
|
||||
rep.setLastName(user.getLastName());
|
||||
rep.setFirstName(user.getFirstName());
|
||||
rep.setEmail(user.getEmail());
|
||||
rep.setEnabled(user.isEnabled());
|
||||
rep.setEmailVerified(user.isEmailVerified());
|
||||
rep.setTotp(user.isTotp());
|
||||
|
||||
List<String> reqActions = new ArrayList<String>();
|
||||
for (RequiredAction ra : user.getRequiredActions()){
|
||||
reqActions.add(ra.name());
|
||||
}
|
||||
|
||||
rep.setRequiredActions(reqActions);
|
||||
|
||||
if (user.getAttributes() != null && !user.getAttributes().isEmpty()) {
|
||||
Map<String, String> attrs = new HashMap<String, String>();
|
||||
attrs.putAll(user.getAttributes());
|
||||
rep.setAttributes(attrs);
|
||||
}
|
||||
return rep;
|
||||
}
|
||||
|
||||
public static RoleRepresentation toRepresentation(RoleModel role) {
|
||||
RoleRepresentation rep = new RoleRepresentation();
|
||||
rep.setId(role.getId());
|
||||
rep.setName(role.getName());
|
||||
rep.setDescription(role.getDescription());
|
||||
return rep;
|
||||
}
|
||||
|
||||
public static RealmRepresentation toRepresentation(RealmModel realm) {
|
||||
RealmRepresentation rep = new RealmRepresentation();
|
||||
rep.setId(realm.getId());
|
||||
rep.setRealm(realm.getName());
|
||||
rep.setEnabled(realm.isEnabled());
|
||||
rep.setSocial(realm.isSocial());
|
||||
rep.setUpdateProfileOnInitialSocialLogin(realm.isUpdateProfileOnInitialSocialLogin());
|
||||
rep.setSslNotRequired(realm.isSslNotRequired());
|
||||
rep.setPublicKey(realm.getPublicKeyPem());
|
||||
rep.setPrivateKey(realm.getPrivateKeyPem());
|
||||
rep.setRegistrationAllowed(realm.isRegistrationAllowed());
|
||||
rep.setVerifyEmail(realm.isVerifyEmail());
|
||||
rep.setResetPasswordAllowed(realm.isResetPasswordAllowed());
|
||||
rep.setTokenLifespan(realm.getTokenLifespan());
|
||||
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
|
||||
rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction());
|
||||
rep.setSmtpServer(realm.getSmtpConfig());
|
||||
rep.setSocialProviders(realm.getSocialConfig());
|
||||
if (realm.getPasswordPolicy() != null) {
|
||||
rep.setPasswordPolicy(realm.getPasswordPolicy().toString());
|
||||
}
|
||||
|
||||
ApplicationModel accountManagementApplication = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
|
||||
|
||||
List<String> defaultRoles = realm.getDefaultRoles();
|
||||
if (!defaultRoles.isEmpty()) {
|
||||
List<String> roleStrings = new ArrayList<String>();
|
||||
roleStrings.addAll(defaultRoles);
|
||||
rep.setDefaultRoles(roleStrings);
|
||||
}
|
||||
|
||||
List<RequiredCredentialModel> requiredCredentialModels = realm.getRequiredCredentials();
|
||||
if (requiredCredentialModels.size() > 0) {
|
||||
rep.setRequiredCredentials(new HashSet<String>());
|
||||
for (RequiredCredentialModel cred : requiredCredentialModels) {
|
||||
rep.getRequiredCredentials().add(cred.getType());
|
||||
}
|
||||
}
|
||||
List<RequiredCredentialModel> requiredResourceCredentialModels = realm.getRequiredApplicationCredentials();
|
||||
if (requiredResourceCredentialModels.size() > 0) {
|
||||
rep.setRequiredApplicationCredentials(new HashSet<String>());
|
||||
for (RequiredCredentialModel cred : requiredResourceCredentialModels) {
|
||||
rep.getRequiredApplicationCredentials().add(cred.getType());
|
||||
}
|
||||
}
|
||||
List<RequiredCredentialModel> requiredOAuthCredentialModels = realm.getRequiredOAuthClientCredentials();
|
||||
if (requiredOAuthCredentialModels.size() > 0) {
|
||||
rep.setRequiredOAuthClientCredentials(new HashSet<String>());
|
||||
for (RequiredCredentialModel cred : requiredOAuthCredentialModels) {
|
||||
rep.getRequiredOAuthClientCredentials().add(cred.getType());
|
||||
}
|
||||
}
|
||||
return rep;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -2,7 +2,6 @@ package org.keycloak.services.managers;
|
|||
|
||||
import org.jboss.resteasy.logging.Logger;
|
||||
import org.keycloak.jose.jws.JWSBuilder;
|
||||
import org.keycloak.util.JsonSerialization;
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
@ -11,10 +10,12 @@ import org.keycloak.models.UserModel;
|
|||
import org.keycloak.representations.SkeletonKeyScope;
|
||||
import org.keycloak.representations.SkeletonKeyToken;
|
||||
import org.keycloak.util.Base64Url;
|
||||
import org.keycloak.util.JsonSerialization;
|
||||
|
||||
import javax.ws.rs.core.MultivaluedMap;
|
||||
import java.io.IOException;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
@ -44,48 +45,104 @@ public class TokenManager {
|
|||
return accessCodeMap.remove(key);
|
||||
}
|
||||
|
||||
protected boolean desiresScope(SkeletonKeyScope scope, String key, String roleName) {
|
||||
if (scope == null || scope.isEmpty()) return true;
|
||||
List<String> val = scope.get(key);
|
||||
if (val == null) return false;
|
||||
return val.contains(roleName);
|
||||
|
||||
}
|
||||
|
||||
protected boolean desiresScopeGroup(SkeletonKeyScope scope, String key) {
|
||||
if (scope == null || scope.isEmpty()) return true;
|
||||
return scope.containsKey(key);
|
||||
}
|
||||
|
||||
protected boolean isEmpty(SkeletonKeyScope scope) {
|
||||
return scope == null || scope.isEmpty();
|
||||
}
|
||||
|
||||
public static void addScopes(RoleModel role, RoleModel scope, Set<RoleModel> visited, Set<RoleModel> requested) {
|
||||
if (visited.contains(scope)) return;
|
||||
visited.add(scope);
|
||||
if (role.hasRole(scope)) {
|
||||
requested.add(scope);
|
||||
return;
|
||||
}
|
||||
if (!scope.isComposite()) return;
|
||||
|
||||
for (RoleModel contained : scope.getComposites()) {
|
||||
addScopes(role, contained, visited, requested);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) {
|
||||
boolean applicationResource = realm.hasRole(client, realm.getRole(Constants.APPLICATION_ROLE));
|
||||
|
||||
AccessCodeEntry code = new AccessCodeEntry();
|
||||
SkeletonKeyScope scopeMap = null;
|
||||
if (scopeParam != null) scopeMap = decodeScope(scopeParam);
|
||||
List<RoleModel> realmRolesRequested = code.getRealmRolesRequested();
|
||||
MultivaluedMap<String, RoleModel> resourceRolesRequested = code.getResourceRolesRequested();
|
||||
Set<String> realmMapping = realm.getRoleMappingValues(user);
|
||||
|
||||
if (realmMapping != null && realmMapping.size() > 0 && (scopeMap == null || scopeMap.containsKey("realm"))) {
|
||||
Set<String> scope = realm.getScopeMappingValues(client);
|
||||
if (scope.size() > 0) {
|
||||
Set<String> scopeRequest = scopeMap != null ? new HashSet<String>(scopeMap.get("realm")) : null;
|
||||
for (String role : realmMapping) {
|
||||
if ((scopeRequest == null || scopeRequest.contains(role)) && scope.contains(role))
|
||||
realmRolesRequested.add(realm.getRole(role));
|
||||
}
|
||||
}
|
||||
}
|
||||
for (ApplicationModel resource : realm.getApplications()) {
|
||||
if (applicationResource && resource.getApplicationUser().getLoginName().equals(client.getLoginName())) {
|
||||
for (String role : resource.getRoleMappingValues(user)) {
|
||||
resourceRolesRequested.addAll(resource.getName(), resource.getRole(role));
|
||||
}
|
||||
} else {
|
||||
Set<String> mapping = resource.getRoleMappingValues(user);
|
||||
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
|
||||
Set<String> scope = resource.getScopeMappingValues(client);
|
||||
if (scope.size() > 0) {
|
||||
Set<String> scopeRequest = scopeMap != null ? new HashSet<String>(scopeMap.get(resource.getName())) : null;
|
||||
for (String role : mapping) {
|
||||
if ((scopeRequest == null || scopeRequest.contains(role)) && scope.contains(role))
|
||||
resourceRolesRequested.add(resource.getName(), resource.getRole(role));
|
||||
|
||||
Set<RoleModel> roleMappings = realm.getRoleMappings(user);
|
||||
Set<RoleModel> scopeMappings = realm.getScopeMappings(client);
|
||||
ApplicationModel clientApp = realm.getApplicationByName(client.getLoginName());
|
||||
Set<RoleModel> clientAppRoles = clientApp == null ? null : clientApp.getRoles();
|
||||
if (clientAppRoles != null) scopeMappings.addAll(clientAppRoles);
|
||||
|
||||
Set<RoleModel> requestedRoles = new HashSet<RoleModel>();
|
||||
|
||||
for (RoleModel role : roleMappings) {
|
||||
if (clientApp != null && role.getContainer().equals(clientApp)) requestedRoles.add(role);
|
||||
for (RoleModel desiredRole : scopeMappings) {
|
||||
Set<RoleModel> visited = new HashSet<RoleModel>();
|
||||
addScopes(role, desiredRole, visited, requestedRoles);
|
||||
}
|
||||
}
|
||||
|
||||
for (RoleModel role : requestedRoles) {
|
||||
if (role.getContainer() instanceof RealmModel && desiresScope(scopeMap, "realm", role.getName())) {
|
||||
realmRolesRequested.add(role);
|
||||
} else if (role.getContainer() instanceof ApplicationModel) {
|
||||
ApplicationModel app = (ApplicationModel)role.getContainer();
|
||||
if (desiresScope(scopeMap, app.getName(), role.getName())) {
|
||||
resourceRolesRequested.add(app.getName(), role);
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
Set<RoleModel> realmRoleMappings = realm.getRealmRoleMappings(user);
|
||||
|
||||
for (RoleModel role : realmRoleMappings) {
|
||||
if (!desiresScope(scopeMap, "realm", role.getName())) continue;
|
||||
for (RoleModel desiredRole : scopeMappings) {
|
||||
if (desiredRole.hasRole(role)) {
|
||||
realmRolesRequested.add(role);
|
||||
} else if (role.hasRole(desiredRole)) {
|
||||
realmRolesRequested.add(desiredRole);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for (ApplicationModel application : realm.getApplications()) {
|
||||
if (!desiresScopeGroup(scopeMap, application.getName())) continue;
|
||||
Set<RoleModel> appRoleMappings = application.getApplicationRoleMappings(user);
|
||||
for (RoleModel role : appRoleMappings) {
|
||||
if (!desiresScope(scopeMap, application.getName(), role.getName())) continue;
|
||||
for (RoleModel desiredRole : scopeMappings) {
|
||||
if (!application.getApplicationUser().getLoginName().equals(client.getLoginName())
|
||||
&& !desiredRole.hasRole(role)) continue;
|
||||
resourceRolesRequested.add(application.getName(), role);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
createToken(code, realm, client, user);
|
||||
code.setRealm(realm);
|
||||
code.setExpiration((System.currentTimeMillis() / 1000) + realm.getAccessCodeLifespan());
|
||||
|
@ -121,25 +178,48 @@ public class TokenManager {
|
|||
return token;
|
||||
}
|
||||
|
||||
protected void addComposites(SkeletonKeyToken token, RoleModel role) {
|
||||
SkeletonKeyToken.Access access = null;
|
||||
if (role.getContainer() instanceof RealmModel) {
|
||||
access = token.getRealmAccess();
|
||||
if (token.getRealmAccess() == null) {
|
||||
access = new SkeletonKeyToken.Access();
|
||||
token.setRealmAccess(access);
|
||||
} else if (token.getRealmAccess().getRoles() != null && token.getRealmAccess().isUserInRole(role.getName()))
|
||||
return;
|
||||
|
||||
} else {
|
||||
ApplicationModel app = (ApplicationModel) role.getContainer();
|
||||
access = token.getResourceAccess(app.getName());
|
||||
if (access == null) {
|
||||
access = token.addAccess(app.getName());
|
||||
if (app.isSurrogateAuthRequired()) access.verifyCaller(true);
|
||||
} else if (access.isUserInRole(role.getName())) return;
|
||||
|
||||
}
|
||||
access.addRole(role.getName());
|
||||
if (!role.isComposite()) return;
|
||||
|
||||
for (RoleModel composite : role.getComposites()) {
|
||||
addComposites(token, composite);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
protected void createToken(AccessCodeEntry accessCodeEntry, RealmModel realm, UserModel client, UserModel user) {
|
||||
|
||||
SkeletonKeyToken token = initToken(realm, client, user);
|
||||
|
||||
if (accessCodeEntry.getRealmRolesRequested().size() > 0) {
|
||||
SkeletonKeyToken.Access access = new SkeletonKeyToken.Access();
|
||||
for (RoleModel role : accessCodeEntry.getRealmRolesRequested()) {
|
||||
access.addRole(role.getName());
|
||||
addComposites(token, role);
|
||||
}
|
||||
token.setRealmAccess(access);
|
||||
}
|
||||
|
||||
if (accessCodeEntry.getResourceRolesRequested().size() > 0) {
|
||||
Map<String, ApplicationModel> resourceMap = realm.getApplicationNameMap();
|
||||
for (String resourceName : accessCodeEntry.getResourceRolesRequested().keySet()) {
|
||||
ApplicationModel resource = resourceMap.get(resourceName);
|
||||
SkeletonKeyToken.Access access = token.addAccess(resourceName).verifyCaller(resource.isSurrogateAuthRequired());
|
||||
for (RoleModel role : accessCodeEntry.getResourceRolesRequested().get(resourceName)) {
|
||||
access.addRole(role.getName());
|
||||
for (List<RoleModel> roles : accessCodeEntry.getResourceRolesRequested().values()) {
|
||||
for (RoleModel role : roles) {
|
||||
addComposites(token, role);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -169,7 +249,6 @@ public class TokenManager {
|
|||
|
||||
|
||||
public SkeletonKeyToken createAccessToken(RealmModel realm, UserModel user) {
|
||||
List<ApplicationModel> resources = realm.getApplications();
|
||||
SkeletonKeyToken token = new SkeletonKeyToken();
|
||||
token.id(RealmManager.generateId());
|
||||
token.issuedNow();
|
||||
|
@ -178,26 +257,8 @@ public class TokenManager {
|
|||
if (realm.getTokenLifespan() > 0) {
|
||||
token.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan());
|
||||
}
|
||||
|
||||
Set<String> realmMapping = realm.getRoleMappingValues(user);
|
||||
|
||||
if (realmMapping != null && realmMapping.size() > 0) {
|
||||
SkeletonKeyToken.Access access = new SkeletonKeyToken.Access();
|
||||
for (String role : realmMapping) {
|
||||
access.addRole(role);
|
||||
}
|
||||
token.setRealmAccess(access);
|
||||
}
|
||||
if (resources != null) {
|
||||
for (ApplicationModel resource : resources) {
|
||||
Set<String> mapping = resource.getRoleMappingValues(user);
|
||||
if (mapping == null) continue;
|
||||
SkeletonKeyToken.Access access = token.addAccess(resource.getName())
|
||||
.verifyCaller(resource.isSurrogateAuthRequired());
|
||||
for (String role : mapping) {
|
||||
access.addRole(role);
|
||||
}
|
||||
}
|
||||
for (RoleModel role : realm.getRoleMappings(user)) {
|
||||
addComposites(token, role);
|
||||
}
|
||||
return token;
|
||||
}
|
||||
|
|
|
@ -33,7 +33,7 @@ import org.keycloak.representations.SkeletonKeyToken;
|
|||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.services.managers.AccessCodeEntry;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.managers.ModelToRepresentation;
|
||||
import org.keycloak.services.managers.TokenManager;
|
||||
import org.keycloak.services.messages.Messages;
|
||||
import org.keycloak.services.resources.flows.Flows;
|
||||
|
@ -124,7 +124,7 @@ public class AccountService {
|
|||
if (!hasAccess(auth, Constants.ACCOUNT_PROFILE_ROLE)) {
|
||||
return Response.status(Response.Status.FORBIDDEN).build();
|
||||
}
|
||||
return Cors.add(request, Response.ok(RealmManager.toRepresentation(auth.getUser()))).auth().allowedOrigins(auth.getClient()).build();
|
||||
return Cors.add(request, Response.ok(ModelToRepresentation.toRepresentation(auth.getUser()))).auth().allowedOrigins(auth.getClient()).build();
|
||||
} else {
|
||||
return Response.notAcceptable(Variant.VariantListBuilder.newInstance().mediaTypes(MediaType.TEXT_HTML_TYPE, MediaType.APPLICATION_JSON_TYPE).build()).build();
|
||||
}
|
||||
|
@ -382,7 +382,7 @@ public class AccountService {
|
|||
|
||||
private boolean hasAccess(AuthenticationManager.Auth auth, String role) {
|
||||
UserModel client = auth.getClient();
|
||||
if (realm.hasRole(client, Constants.APPLICATION_ROLE)) {
|
||||
if (realm.hasRole(client, realm.getRole(Constants.APPLICATION_ROLE))) {
|
||||
// Tokens from cookies don't have roles
|
||||
UserModel user = auth.getUser();
|
||||
if (hasRole(user, Constants.ACCOUNT_MANAGE_ROLE) || (role != null && hasRole(user, role))) {
|
||||
|
@ -401,7 +401,7 @@ public class AccountService {
|
|||
}
|
||||
|
||||
private boolean hasRole(UserModel user, String role) {
|
||||
return application.hasRole(user, role);
|
||||
return realm.hasRole(user, application.getRole(role));
|
||||
}
|
||||
|
||||
private String getReferrer() {
|
||||
|
|
|
@ -191,7 +191,7 @@ public class AdminService {
|
|||
throw new NotFoundException();
|
||||
}
|
||||
RoleModel adminRole = adminConsole.getRole(Constants.ADMIN_CONSOLE_ADMIN_ROLE);
|
||||
if (!adminConsole.hasRole(admin, adminRole)) {
|
||||
if (!saasRealm.hasRole(admin, adminRole)) {
|
||||
logger.warn("not a Realm admin");
|
||||
throw new NotAuthorizedException("Bearer");
|
||||
}
|
||||
|
@ -308,7 +308,8 @@ public class AdminService {
|
|||
logger.debug("bad client");
|
||||
return redirectOnLoginError("invalid login data");
|
||||
}
|
||||
if (!adminConsole.hasRole(accessCode.getUser(), Constants.ADMIN_CONSOLE_ADMIN_ROLE)) {
|
||||
RoleModel adminConsoleAdminRole = adminConsole.getRole(Constants.ADMIN_CONSOLE_ADMIN_ROLE);
|
||||
if (!realm.hasRole(accessCode.getUser(), adminConsoleAdminRole)) {
|
||||
logger.debug("not allowed");
|
||||
return redirectOnLoginError("No permission to access console");
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@ import org.keycloak.models.KeycloakSession;
|
|||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.services.managers.ModelToRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
|
||||
import javax.ws.rs.*;
|
||||
|
@ -51,7 +52,7 @@ public class RealmAdminResource extends RoleContainerResource {
|
|||
@NoCache
|
||||
@Produces("application/json")
|
||||
public RealmRepresentation getRealm() {
|
||||
return RealmManager.toRepresentation(realm);
|
||||
return ModelToRepresentation.toRepresentation(realm);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ import org.keycloak.models.KeycloakSession;
|
|||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.services.managers.ModelToRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.resources.flows.Flows;
|
||||
|
||||
|
@ -59,7 +60,7 @@ public class RealmsAdminResource {
|
|||
List<RealmModel> realms = session.getRealms(admin);
|
||||
List<RealmRepresentation> reps = new ArrayList<RealmRepresentation>();
|
||||
for (RealmModel realm : realms) {
|
||||
reps.add(realmManager.toRepresentation(realm));
|
||||
reps.add(ModelToRepresentation.toRepresentation(realm));
|
||||
}
|
||||
return reps;
|
||||
}
|
||||
|
|
|
@ -5,6 +5,7 @@ import org.keycloak.models.Constants;
|
|||
import org.keycloak.models.RoleContainerModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.services.managers.ModelToRepresentation;
|
||||
import org.keycloak.services.resources.flows.Flows;
|
||||
|
||||
import javax.ws.rs.*;
|
||||
|
@ -12,7 +13,10 @@ import javax.ws.rs.core.Context;
|
|||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
|
@ -30,13 +34,11 @@ public class RoleContainerResource {
|
|||
@NoCache
|
||||
@Produces("application/json")
|
||||
public List<RoleRepresentation> getRoles() {
|
||||
List<RoleModel> roleModels = roleContainer.getRoles();
|
||||
Set<RoleModel> roleModels = roleContainer.getRoles();
|
||||
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
|
||||
for (RoleModel roleModel : roleModels) {
|
||||
if (!roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
|
||||
RoleRepresentation role = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
|
||||
role.setId(roleModel.getId());
|
||||
roles.add(role);
|
||||
roles.add(ModelToRepresentation.toRepresentation(roleModel));
|
||||
}
|
||||
}
|
||||
return roles;
|
||||
|
@ -51,9 +53,7 @@ public class RoleContainerResource {
|
|||
if (roleModel == null || roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
|
||||
throw new NotFoundException("Could not find role: " + roleName);
|
||||
}
|
||||
RoleRepresentation rep = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
|
||||
rep.setId(roleModel.getId());
|
||||
return rep;
|
||||
return ModelToRepresentation.toRepresentation(roleModel);
|
||||
}
|
||||
|
||||
@Path("roles/{role-name}")
|
||||
|
@ -79,8 +79,65 @@ public class RoleContainerResource {
|
|||
}
|
||||
role.setName(rep.getName());
|
||||
role.setDescription(rep.getDescription());
|
||||
role.setComposite(rep.isComposite());
|
||||
}
|
||||
|
||||
@Path("roles/{role-name}/composites")
|
||||
@POST
|
||||
@Consumes("application/json")
|
||||
public void addComposites(final @PathParam("role-name") String roleName, List<RoleRepresentation> roles) {
|
||||
RoleModel role = roleContainer.getRole(roleName);
|
||||
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
|
||||
throw new NotFoundException("Could not find role: " + roleName);
|
||||
}
|
||||
for (RoleRepresentation rep : roles) {
|
||||
RoleModel composite = roleContainer.getRole(rep.getName());
|
||||
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
|
||||
throw new NotFoundException("Could not find composite role: " + rep.getName());
|
||||
}
|
||||
if (!role.isComposite()) role.setComposite(true);
|
||||
role.addCompositeRole(composite);
|
||||
}
|
||||
}
|
||||
|
||||
@Path("roles/{role-name}/composites")
|
||||
@GET
|
||||
@NoCache
|
||||
@Produces("application/json")
|
||||
public Set<RoleRepresentation> getRoleComposites(final @PathParam("role-name") String roleName) {
|
||||
RoleModel role = roleContainer.getRole(roleName);
|
||||
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
|
||||
throw new NotFoundException("Could not find role: " + roleName);
|
||||
}
|
||||
if (!role.isComposite() || role.getComposites().size() == 0) return Collections.emptySet();
|
||||
|
||||
Set<RoleRepresentation> composites = new HashSet<RoleRepresentation>(role.getComposites().size());
|
||||
for (RoleModel composite : role.getComposites()) {
|
||||
composites.add(ModelToRepresentation.toRepresentation(composite));
|
||||
}
|
||||
return composites;
|
||||
}
|
||||
|
||||
|
||||
@Path("roles/{role-name}/composites")
|
||||
@DELETE
|
||||
@Consumes("application/json")
|
||||
public void deleteComposites(final @PathParam("role-name") String roleName, List<RoleRepresentation> roles) {
|
||||
RoleModel role = roleContainer.getRole(roleName);
|
||||
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
|
||||
throw new NotFoundException("Could not find role: " + roleName);
|
||||
}
|
||||
for (RoleRepresentation rep : roles) {
|
||||
RoleModel composite = roleContainer.getRole(rep.getName());
|
||||
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
|
||||
throw new NotFoundException("Could not find composite role: " + rep.getName());
|
||||
}
|
||||
role.removeCompositeRole(composite);
|
||||
}
|
||||
if (role.getComposites().size() > 0) role.setComposite(false);
|
||||
}
|
||||
|
||||
|
||||
@Path("roles")
|
||||
@POST
|
||||
@Consumes("application/json")
|
||||
|
@ -93,6 +150,7 @@ public class RoleContainerResource {
|
|||
throw new NotFoundException();
|
||||
}
|
||||
role.setDescription(rep.getDescription());
|
||||
role.setComposite(rep.isComposite());
|
||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -9,6 +9,7 @@ import org.keycloak.models.UserModel;
|
|||
import org.keycloak.representations.idm.ApplicationMappingsRepresentation;
|
||||
import org.keycloak.representations.idm.MappingsRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.services.managers.ModelToRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
|
@ -23,6 +24,7 @@ import java.util.ArrayList;
|
|||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
|
@ -44,12 +46,12 @@ public class ScopeMappedResource {
|
|||
@NoCache
|
||||
public MappingsRepresentation getScopeMappings() {
|
||||
MappingsRepresentation all = new MappingsRepresentation();
|
||||
List<RoleModel> realmMappings = realm.getScopeMappings(agent);
|
||||
Set<RoleModel> realmMappings = realm.getRealmScopeMappings(agent);
|
||||
RealmManager manager = new RealmManager(session);
|
||||
if (realmMappings.size() > 0) {
|
||||
List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>();
|
||||
for (RoleModel roleModel : realmMappings) {
|
||||
realmRep.add(manager.toRepresentation(roleModel));
|
||||
realmRep.add(ModelToRepresentation.toRepresentation(roleModel));
|
||||
}
|
||||
all.setRealmMappings(realmRep);
|
||||
}
|
||||
|
@ -58,7 +60,7 @@ public class ScopeMappedResource {
|
|||
if (applications.size() > 0) {
|
||||
Map<String, ApplicationMappingsRepresentation> appMappings = new HashMap<String, ApplicationMappingsRepresentation>();
|
||||
for (ApplicationModel app : applications) {
|
||||
List<RoleModel> roleMappings = app.getScopeMappings(agent);
|
||||
Set<RoleModel> roleMappings = app.getApplicationScopeMappings(agent);
|
||||
if (roleMappings.size() > 0) {
|
||||
ApplicationMappingsRepresentation mappings = new ApplicationMappingsRepresentation();
|
||||
mappings.setApplicationId(app.getId());
|
||||
|
@ -66,7 +68,7 @@ public class ScopeMappedResource {
|
|||
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
|
||||
mappings.setMappings(roles);
|
||||
for (RoleModel role : roleMappings) {
|
||||
roles.add(manager.toRepresentation(role));
|
||||
roles.add(ModelToRepresentation.toRepresentation(role));
|
||||
}
|
||||
appMappings.put(app.getName(), mappings);
|
||||
all.setApplicationMappings(appMappings);
|
||||
|
@ -81,11 +83,11 @@ public class ScopeMappedResource {
|
|||
@Produces("application/json")
|
||||
@NoCache
|
||||
public List<RoleRepresentation> getRealmScopeMappings() {
|
||||
List<RoleModel> realmMappings = realm.getScopeMappings(agent);
|
||||
Set<RoleModel> realmMappings = realm.getRealmScopeMappings(agent);
|
||||
List<RoleRepresentation> realmMappingsRep = new ArrayList<RoleRepresentation>();
|
||||
RealmManager manager = new RealmManager(session);
|
||||
for (RoleModel roleModel : realmMappings) {
|
||||
realmMappingsRep.add(manager.toRepresentation(roleModel));
|
||||
realmMappingsRep.add(ModelToRepresentation.toRepresentation(roleModel));
|
||||
}
|
||||
return realmMappingsRep;
|
||||
}
|
||||
|
@ -110,7 +112,7 @@ public class ScopeMappedResource {
|
|||
@Consumes("application/json")
|
||||
public void deleteRealmScopeMappings(List<RoleRepresentation> roles) {
|
||||
if (roles == null) {
|
||||
List<RoleModel> roleModels = realm.getScopeMappings(agent);
|
||||
Set<RoleModel> roleModels = realm.getRealmScopeMappings(agent);
|
||||
for (RoleModel roleModel : roleModels) {
|
||||
realm.deleteScopeMapping(agent, roleModel);
|
||||
}
|
||||
|
@ -137,10 +139,10 @@ public class ScopeMappedResource {
|
|||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
List<RoleModel> mappings = app.getScopeMappings(agent);
|
||||
Set<RoleModel> mappings = app.getApplicationScopeMappings(agent);
|
||||
List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
|
||||
for (RoleModel roleModel : mappings) {
|
||||
mapRep.add(RealmManager.toRepresentation(roleModel));
|
||||
mapRep.add(ModelToRepresentation.toRepresentation(roleModel));
|
||||
}
|
||||
return mapRep;
|
||||
}
|
||||
|
@ -160,7 +162,7 @@ public class ScopeMappedResource {
|
|||
if (roleModel == null) {
|
||||
throw new NotFoundException();
|
||||
}
|
||||
app.addScopeMapping(agent, roleModel);
|
||||
realm.addScopeMapping(agent, roleModel);
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -168,7 +170,7 @@ public class ScopeMappedResource {
|
|||
@Path("applications/{app}")
|
||||
@DELETE
|
||||
@Consumes("application/json")
|
||||
public void deleteApplicationRoleMapping(@PathParam("app") String appName, List<RoleRepresentation> roles) {
|
||||
public void deleteApplicationScopeMapping(@PathParam("app") String appName, List<RoleRepresentation> roles) {
|
||||
ApplicationModel app = realm.getApplicationByName(appName);
|
||||
|
||||
if (app == null) {
|
||||
|
@ -176,9 +178,9 @@ public class ScopeMappedResource {
|
|||
}
|
||||
|
||||
if (roles == null) {
|
||||
List<RoleModel> roleModels = app.getScopeMappings(agent);
|
||||
Set<RoleModel> roleModels = app.getApplicationScopeMappings(agent);
|
||||
for (RoleModel roleModel : roleModels) {
|
||||
app.deleteScopeMapping(agent, roleModel);
|
||||
realm.deleteScopeMapping(agent, roleModel);
|
||||
}
|
||||
|
||||
} else {
|
||||
|
@ -187,7 +189,7 @@ public class ScopeMappedResource {
|
|||
if (roleModel == null) {
|
||||
throw new NotFoundException();
|
||||
}
|
||||
app.deleteScopeMapping(agent, roleModel);
|
||||
realm.deleteScopeMapping(agent, roleModel);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -10,6 +10,7 @@ import org.keycloak.models.RoleModel;
|
|||
import org.keycloak.models.UserCredentialModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.representations.idm.*;
|
||||
import org.keycloak.services.managers.ModelToRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.resources.flows.Flows;
|
||||
|
||||
|
@ -32,6 +33,7 @@ import java.util.ArrayList;
|
|||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
|
@ -115,7 +117,7 @@ public class UsersResource {
|
|||
if (user == null || !isUser(user)) {
|
||||
throw new NotFoundException();
|
||||
}
|
||||
return new RealmManager(session).toRepresentation(user);
|
||||
return ModelToRepresentation.toRepresentation(user);
|
||||
}
|
||||
|
||||
@Path("{username}")
|
||||
|
@ -154,7 +156,7 @@ public class UsersResource {
|
|||
}
|
||||
userModels = realm.searchForUserByAttributes(attributes);
|
||||
for (UserModel user : userModels) {
|
||||
results.add(manager.toRepresentation(user));
|
||||
results.add(ModelToRepresentation.toRepresentation(user));
|
||||
}
|
||||
} else {
|
||||
userModels = realm.getUsers();
|
||||
|
@ -162,7 +164,7 @@ public class UsersResource {
|
|||
|
||||
for (UserModel user : userModels) {
|
||||
if (isUser(user)) {
|
||||
results.add(manager.toRepresentation(user));
|
||||
results.add(ModelToRepresentation.toRepresentation(user));
|
||||
}
|
||||
}
|
||||
return results;
|
||||
|
@ -183,12 +185,12 @@ public class UsersResource {
|
|||
}
|
||||
|
||||
MappingsRepresentation all = new MappingsRepresentation();
|
||||
List<RoleModel> realmMappings = realm.getRoleMappings(user);
|
||||
Set<RoleModel> realmMappings = realm.getRoleMappings(user);
|
||||
RealmManager manager = new RealmManager(session);
|
||||
if (realmMappings.size() > 0) {
|
||||
List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>();
|
||||
for (RoleModel roleModel : realmMappings) {
|
||||
realmRep.add(manager.toRepresentation(roleModel));
|
||||
realmRep.add(ModelToRepresentation.toRepresentation(roleModel));
|
||||
}
|
||||
all.setRealmMappings(realmRep);
|
||||
}
|
||||
|
@ -197,7 +199,7 @@ public class UsersResource {
|
|||
if (applications.size() > 0) {
|
||||
Map<String, ApplicationMappingsRepresentation> appMappings = new HashMap<String, ApplicationMappingsRepresentation>();
|
||||
for (ApplicationModel application : applications) {
|
||||
List<RoleModel> roleMappings = application.getRoleMappings(user);
|
||||
Set<RoleModel> roleMappings = application.getApplicationRoleMappings(user);
|
||||
if (roleMappings.size() > 0) {
|
||||
ApplicationMappingsRepresentation mappings = new ApplicationMappingsRepresentation();
|
||||
mappings.setApplicationId(application.getId());
|
||||
|
@ -205,7 +207,7 @@ public class UsersResource {
|
|||
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
|
||||
mappings.setMappings(roles);
|
||||
for (RoleModel role : roleMappings) {
|
||||
roles.add(manager.toRepresentation(role));
|
||||
roles.add(ModelToRepresentation.toRepresentation(role));
|
||||
}
|
||||
appMappings.put(application.getName(), mappings);
|
||||
all.setApplicationMappings(appMappings);
|
||||
|
@ -225,11 +227,11 @@ public class UsersResource {
|
|||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
List<RoleModel> realmMappings = realm.getRoleMappings(user);
|
||||
Set<RoleModel> realmMappings = realm.getRealmRoleMappings(user);
|
||||
List<RoleRepresentation> realmMappingsRep = new ArrayList<RoleRepresentation>();
|
||||
RealmManager manager = new RealmManager(session);
|
||||
for (RoleModel roleModel : realmMappings) {
|
||||
realmMappingsRep.add(manager.toRepresentation(roleModel));
|
||||
realmMappingsRep.add(ModelToRepresentation.toRepresentation(roleModel));
|
||||
}
|
||||
return realmMappingsRep;
|
||||
}
|
||||
|
@ -266,7 +268,7 @@ public class UsersResource {
|
|||
}
|
||||
|
||||
if (roles == null) {
|
||||
List<RoleModel> roleModels = realm.getRoleMappings(user);
|
||||
Set<RoleModel> roleModels = realm.getRealmRoleMappings(user);
|
||||
for (RoleModel roleModel : roleModels) {
|
||||
realm.deleteRoleMapping(user, roleModel);
|
||||
}
|
||||
|
@ -300,10 +302,10 @@ public class UsersResource {
|
|||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
List<RoleModel> mappings = application.getRoleMappings(user);
|
||||
Set<RoleModel> mappings = application.getApplicationRoleMappings(user);
|
||||
List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
|
||||
for (RoleModel roleModel : mappings) {
|
||||
mapRep.add(RealmManager.toRepresentation(roleModel));
|
||||
mapRep.add(ModelToRepresentation.toRepresentation(roleModel));
|
||||
}
|
||||
logger.debug("getApplicationRoleMappings.size() = {0}", mapRep.size());
|
||||
return mapRep;
|
||||
|
@ -330,7 +332,7 @@ public class UsersResource {
|
|||
if (roleModel == null) {
|
||||
throw new NotFoundException();
|
||||
}
|
||||
application.grantRole(user, roleModel);
|
||||
realm.grantRole(user, roleModel);
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -351,9 +353,13 @@ public class UsersResource {
|
|||
}
|
||||
|
||||
if (roles == null) {
|
||||
List<RoleModel> roleModels = application.getRoleMappings(user);
|
||||
Set<RoleModel> roleModels = application.getApplicationRoleMappings(user);
|
||||
for (RoleModel roleModel : roleModels) {
|
||||
application.deleteRoleMapping(user, roleModel);
|
||||
if (!(roleModel.getContainer() instanceof ApplicationModel)) {
|
||||
ApplicationModel app = (ApplicationModel)roleModel.getContainer();
|
||||
if (!app.getId().equals(application.getId())) continue;
|
||||
}
|
||||
realm.deleteRoleMapping(user, roleModel);
|
||||
}
|
||||
|
||||
} else {
|
||||
|
@ -362,7 +368,7 @@ public class UsersResource {
|
|||
if (roleModel == null) {
|
||||
throw new NotFoundException();
|
||||
}
|
||||
application.deleteRoleMapping(user, roleModel);
|
||||
realm.deleteRoleMapping(user, roleModel);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -170,7 +170,7 @@ public class AdapterTest extends AbstractKeycloakTest {
|
|||
|
||||
OAuthClientModel oauth = new OAuthClientManager(realmModel).create("oauth-client");
|
||||
oauth = realmModel.getOAuthClient("oauth-client");
|
||||
Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), Constants.IDENTITY_REQUESTER_ROLE));
|
||||
Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), realmModel.getRole(Constants.IDENTITY_REQUESTER_ROLE)));
|
||||
|
||||
|
||||
}
|
||||
|
@ -188,7 +188,7 @@ public class AdapterTest extends AbstractKeycloakTest {
|
|||
|
||||
ApplicationModel app = realmModel.addApplication("test-app");
|
||||
RoleModel appRole = app.addRole("test");
|
||||
app.grantRole(user, appRole);
|
||||
realmModel.grantRole(user, appRole);
|
||||
|
||||
SocialLinkModel socialLink = new SocialLinkModel("google", user.getLoginName());
|
||||
realmModel.addSocialLink(user, socialLink);
|
||||
|
@ -214,8 +214,8 @@ public class AdapterTest extends AbstractKeycloakTest {
|
|||
ApplicationModel app = realmModel.addApplication("test-app");
|
||||
|
||||
RoleModel appRole = app.addRole("test");
|
||||
app.grantRole(user, appRole);
|
||||
app.addScopeMapping(client.getOAuthAgent(), appRole);
|
||||
realmModel.grantRole(user, appRole);
|
||||
realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
|
||||
|
||||
RoleModel realmRole = realmModel.addRole("test");
|
||||
realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
|
||||
|
@ -242,8 +242,8 @@ public class AdapterTest extends AbstractKeycloakTest {
|
|||
ApplicationModel app = realmModel.addApplication("test-app");
|
||||
|
||||
RoleModel appRole = app.addRole("test");
|
||||
app.grantRole(user, appRole);
|
||||
app.addScopeMapping(client.getOAuthAgent(), appRole);
|
||||
realmModel.grantRole(user, appRole);
|
||||
realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
|
||||
|
||||
RoleModel realmRole = realmModel.addRole("test");
|
||||
realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
|
||||
|
@ -265,8 +265,8 @@ public class AdapterTest extends AbstractKeycloakTest {
|
|||
ApplicationModel app = realmModel.addApplication("test-app");
|
||||
|
||||
RoleModel appRole = app.addRole("test");
|
||||
app.grantRole(user, appRole);
|
||||
app.addScopeMapping(client.getOAuthAgent(), appRole);
|
||||
realmModel.grantRole(user, appRole);
|
||||
realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
|
||||
|
||||
RoleModel realmRole = realmModel.addRole("test");
|
||||
realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
|
||||
|
@ -448,7 +448,7 @@ public class AdapterTest extends AbstractKeycloakTest {
|
|||
test1CreateRealm();
|
||||
realmModel.addRole("admin");
|
||||
realmModel.addRole("user");
|
||||
List<RoleModel> roles = realmModel.getRoles();
|
||||
Set<RoleModel> roles = realmModel.getRoles();
|
||||
Assert.assertEquals(5, roles.size());
|
||||
UserModel user = realmModel.addUser("bburke");
|
||||
RoleModel role = realmModel.getRole("user");
|
||||
|
|
|
@ -7,6 +7,7 @@ import org.junit.runners.MethodSorters;
|
|||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RequiredCredentialModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.SocialLinkModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
|
@ -49,7 +50,7 @@ public class ImportTest extends AbstractKeycloakTest {
|
|||
|
||||
UserModel user = realm.getUser("loginclient");
|
||||
Assert.assertNotNull(user);
|
||||
Set<String> scopes = realm.getScopeMappingValues(user);
|
||||
Set<RoleModel> scopes = realm.getRealmScopeMappings(user);
|
||||
Assert.assertEquals(0, scopes.size());
|
||||
Assert.assertEquals(0, realm.getSocialLinks(user).size());
|
||||
|
||||
|
@ -61,8 +62,9 @@ public class ImportTest extends AbstractKeycloakTest {
|
|||
UserModel oauthClient = realm.getUser("oauthclient");
|
||||
Assert.assertNotNull(application);
|
||||
Assert.assertNotNull(oauthClient);
|
||||
Set<String> appScopes = application.getScopeMappingValues(oauthClient);
|
||||
Assert.assertTrue(appScopes.contains("user"));
|
||||
Set<RoleModel> appScopes = application.getApplicationScopeMappings(oauthClient);
|
||||
RoleModel appUserRole = application.getRole("user");
|
||||
Assert.assertTrue(appScopes.contains(appUserRole));
|
||||
|
||||
// Test social linking
|
||||
UserModel socialUser = realm.getUser("mySocialUser");
|
||||
|
|
|
@ -10,6 +10,7 @@ import org.keycloak.models.PasswordPolicy;
|
|||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.services.managers.ModelToRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.resources.KeycloakApplication;
|
||||
|
||||
|
@ -101,7 +102,7 @@ public class ModelTest extends AbstractKeycloakServerTest {
|
|||
}
|
||||
|
||||
private RealmModel importExport(RealmModel src, String copyName) {
|
||||
RealmRepresentation representation = manager.toRepresentation(src);
|
||||
RealmRepresentation representation = ModelToRepresentation.toRepresentation(src);
|
||||
RealmModel copy = manager.createRealm(copyName);
|
||||
manager.importRealm(representation, copy);
|
||||
return manager.getRealm(copy.getId());
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
|
||||
version="1.0">
|
||||
<!--
|
||||
<persistence-unit name="picketlink-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
|
||||
<provider>org.hibernate.ejb.HibernatePersistence</provider>
|
||||
|
||||
|
@ -33,23 +34,22 @@
|
|||
<property name="hibernate.format_sql" value="true" />
|
||||
</properties>
|
||||
</persistence-unit>
|
||||
-->
|
||||
|
||||
<persistence-unit name="jpa-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
|
||||
<provider>org.hibernate.ejb.HibernatePersistence</provider>
|
||||
|
||||
<class>org.keycloak.models.jpa.entities.ApplicationEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.ApplicationScopeMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.ApplicationUserRoleMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.CredentialEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.OAuthClientEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RealmEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RealmScopeMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RealmUserRoleMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RoleEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.ApplicationRoleEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RealmRoleEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.SocialLinkEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.UserEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.UserScopeMappingEntity</class>
|
||||
|
||||
<exclude-unlisted-classes>true</exclude-unlisted-classes>
|
||||
|
||||
|
|
|
@ -61,11 +61,13 @@
|
|||
<artifactId>keycloak-model-jpa</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<!--
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-model-picketlink</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
-->
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-social-core</artifactId>
|
||||
|
|
|
@ -6,18 +6,16 @@
|
|||
<provider>org.hibernate.ejb.HibernatePersistence</provider>
|
||||
|
||||
<class>org.keycloak.models.jpa.entities.ApplicationEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.ApplicationScopeMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.ApplicationUserRoleMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.CredentialEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.OAuthClientEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RealmEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RealmScopeMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RealmUserRoleMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RoleEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.ApplicationRoleEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RealmRoleEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.SocialLinkEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.UserEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.UserScopeMappingEntity</class>
|
||||
|
||||
<exclude-unlisted-classes>true</exclude-unlisted-classes>
|
||||
|
||||
|
@ -32,6 +30,7 @@
|
|||
</properties>
|
||||
</persistence-unit>
|
||||
|
||||
<!--
|
||||
<persistence-unit name="picketlink-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
|
||||
<provider>org.hibernate.ejb.HibernatePersistence</provider>
|
||||
|
||||
|
@ -63,4 +62,5 @@
|
|||
<property name="hibernate.format_sql" value="true" />
|
||||
</properties>
|
||||
</persistence-unit>
|
||||
-->
|
||||
</persistence>
|
||||
|
|
|
@ -226,6 +226,10 @@ public class OAuthClient {
|
|||
this.realm = realm;
|
||||
return this;
|
||||
}
|
||||
public OAuthClient realmPublicKey(PublicKey key) {
|
||||
this.realmPublicKey = key;
|
||||
return this;
|
||||
}
|
||||
|
||||
public OAuthClient clientId(String clientId) {
|
||||
this.clientId = clientId;
|
||||
|
|
|
@ -58,7 +58,7 @@ public class ProfileTest {
|
|||
UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
|
||||
user2.setEnabled(true);
|
||||
for (String r : accountApp.getDefaultRoles()) {
|
||||
accountApp.deleteRoleMapping(user2, accountApp.getRole(r));
|
||||
appRealm.deleteRoleMapping(user2, accountApp.getRole(r));
|
||||
}
|
||||
UserCredentialModel creds = new UserCredentialModel();
|
||||
creds.setType(CredentialRepresentation.PASSWORD);
|
||||
|
@ -66,12 +66,12 @@ public class ProfileTest {
|
|||
appRealm.updateCredential(user2, creds);
|
||||
|
||||
ApplicationModel app = appRealm.getApplicationNameMap().get("test-app");
|
||||
accountApp.addScopeMapping(app.getApplicationUser(), org.keycloak.models.Constants.ACCOUNT_PROFILE_ROLE);
|
||||
appRealm.addScopeMapping(app.getApplicationUser(), accountApp.getRole(org.keycloak.models.Constants.ACCOUNT_PROFILE_ROLE));
|
||||
|
||||
app.getApplicationUser().addWebOrigin("http://localtest.me:8081");
|
||||
|
||||
UserModel thirdParty = appRealm.getUser("third-party");
|
||||
accountApp.addScopeMapping(thirdParty, org.keycloak.models.Constants.ACCOUNT_PROFILE_ROLE);
|
||||
appRealm.addScopeMapping(thirdParty, accountApp.getRole(org.keycloak.models.Constants.ACCOUNT_PROFILE_ROLE));
|
||||
}
|
||||
});
|
||||
|
||||
|
|
|
@ -0,0 +1,277 @@
|
|||
/*
|
||||
* JBoss, Home of Professional Open Source.
|
||||
* Copyright 2012, Red Hat, Inc., and individual contributors
|
||||
* as indicated by the @author tags. See the copyright.txt file in the
|
||||
* distribution for a full listing of individual contributors.
|
||||
*
|
||||
* This is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU Lesser General Public License as
|
||||
* published by the Free Software Foundation; either version 2.1 of
|
||||
* the License, or (at your option) any later version.
|
||||
*
|
||||
* This software is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this software; if not, write to the Free
|
||||
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||
*/
|
||||
package org.keycloak.testsuite.composites;
|
||||
|
||||
import org.junit.Assert;
|
||||
import org.junit.ClassRule;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.UserCredentialModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.representations.SkeletonKeyToken;
|
||||
import org.keycloak.services.managers.ApplicationManager;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.testsuite.ApplicationServlet;
|
||||
import org.keycloak.testsuite.OAuthClient;
|
||||
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
|
||||
import org.keycloak.testsuite.pages.LoginPage;
|
||||
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
||||
import org.keycloak.testsuite.rule.WebResource;
|
||||
import org.keycloak.testsuite.rule.WebRule;
|
||||
import org.openqa.selenium.WebDriver;
|
||||
|
||||
import java.security.PublicKey;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||
*/
|
||||
public class CompositeRoleTest {
|
||||
|
||||
public static PublicKey realmPublicKey;
|
||||
@ClassRule
|
||||
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){
|
||||
@Override
|
||||
protected void configure(RealmManager manager, RealmModel adminRealm) {
|
||||
RealmModel realm = manager.createRealm("Test");
|
||||
manager.generateRealmKeys(realm);
|
||||
realmPublicKey = realm.getPublicKey();
|
||||
realm.setTokenLifespan(10000);
|
||||
realm.setAccessCodeLifespanUserAction(1000);
|
||||
realm.setAccessCodeLifespan(1000);
|
||||
realm.setSslNotRequired(true);
|
||||
realm.setEnabled(true);
|
||||
realm.addRequiredResourceCredential(UserCredentialModel.PASSWORD);
|
||||
realm.addRequiredOAuthClientCredential(UserCredentialModel.PASSWORD);
|
||||
realm.addRequiredCredential(UserCredentialModel.PASSWORD);
|
||||
final RoleModel realmRole1 = realm.addRole("REALM_ROLE_1");
|
||||
final RoleModel realmRole2 = realm.addRole("REALM_ROLE_2");
|
||||
final RoleModel realmRole3 = realm.addRole("REALM_ROLE_3");
|
||||
final RoleModel realmComposite1 = realm.addRole("REALM_COMPOSITE_1");
|
||||
realmComposite1.setComposite(true);
|
||||
realmComposite1.addCompositeRole(realmRole1);
|
||||
|
||||
final UserModel realmComposite1User = realm.addUser("REALM_COMPOSITE_1_USER");
|
||||
realmComposite1User.setEnabled(true);
|
||||
realm.updateCredential(realmComposite1User, UserCredentialModel.password("password"));
|
||||
realm.grantRole(realmComposite1User, realmComposite1);
|
||||
|
||||
final UserModel realmRole1User = realm.addUser("REALM_ROLE_1_USER");
|
||||
realmRole1User.setEnabled(true);
|
||||
realm.updateCredential(realmRole1User, UserCredentialModel.password("password"));
|
||||
realm.grantRole(realmRole1User, realmRole1);
|
||||
|
||||
final ApplicationModel realmComposite1Application = new ApplicationManager(manager).createApplication(realm, "REALM_COMPOSITE_1_APPLICATION");
|
||||
realmComposite1Application.setEnabled(true);
|
||||
realmComposite1Application.addScope(realmComposite1);
|
||||
realmComposite1Application.setBaseUrl("http://localhost:8081/app");
|
||||
realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout");
|
||||
realm.updateCredential(realmComposite1Application.getApplicationUser(), UserCredentialModel.password("password"));
|
||||
|
||||
final ApplicationModel realmRole1Application = new ApplicationManager(manager).createApplication(realm, "REALM_ROLE_1_APPLICATION");
|
||||
realmRole1Application.setEnabled(true);
|
||||
realmRole1Application.addScope(realmRole1);
|
||||
realmRole1Application.setBaseUrl("http://localhost:8081/app");
|
||||
realmRole1Application.setManagementUrl("http://localhost:8081/app/logout");
|
||||
realm.updateCredential(realmRole1Application.getApplicationUser(), UserCredentialModel.password("password"));
|
||||
|
||||
|
||||
final ApplicationModel appRoleApplication = new ApplicationManager(manager).createApplication(realm, "APP_ROLE_APPLICATION");
|
||||
appRoleApplication.setEnabled(true);
|
||||
appRoleApplication.setBaseUrl("http://localhost:8081/app");
|
||||
appRoleApplication.setManagementUrl("http://localhost:8081/app/logout");
|
||||
realm.updateCredential(appRoleApplication.getApplicationUser(), UserCredentialModel.password("password"));
|
||||
final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1");
|
||||
final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2");
|
||||
|
||||
final RoleModel realmAppCompositeRole = realm.addRole("REALM_APP_COMPOSITE_ROLE");
|
||||
realmAppCompositeRole.setComposite(true);
|
||||
realmAppCompositeRole.addCompositeRole(appRole1);
|
||||
|
||||
final UserModel realmAppCompositeUser = realm.addUser("REALM_APP_COMPOSITE_USER");
|
||||
realmAppCompositeUser.setEnabled(true);
|
||||
realm.updateCredential(realmAppCompositeUser, UserCredentialModel.password("password"));
|
||||
realm.grantRole(realmAppCompositeUser, realmAppCompositeRole);
|
||||
|
||||
final UserModel realmAppRoleUser = realm.addUser("REALM_APP_ROLE_USER");
|
||||
realmAppRoleUser.setEnabled(true);
|
||||
realm.updateCredential(realmAppRoleUser, UserCredentialModel.password("password"));
|
||||
realm.grantRole(realmAppRoleUser, appRole2);
|
||||
|
||||
final ApplicationModel appCompositeApplication = new ApplicationManager(manager).createApplication(realm, "APP_COMPOSITE_APPLICATION");
|
||||
appCompositeApplication.setEnabled(true);
|
||||
appCompositeApplication.setBaseUrl("http://localhost:8081/app");
|
||||
appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout");
|
||||
realm.updateCredential(appCompositeApplication.getApplicationUser(), UserCredentialModel.password("password"));
|
||||
final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE");
|
||||
appCompositeRole.setComposite(true);
|
||||
appCompositeApplication.addScope(appRole2);
|
||||
appCompositeRole.addCompositeRole(realmRole1);
|
||||
appCompositeRole.addCompositeRole(realmRole2);
|
||||
appCompositeRole.addCompositeRole(realmRole3);
|
||||
appCompositeRole.addCompositeRole(appRole1);
|
||||
|
||||
final UserModel appCompositeUser = realm.addUser("APP_COMPOSITE_USER");
|
||||
appCompositeUser.setEnabled(true);
|
||||
realm.updateCredential(appCompositeUser, UserCredentialModel.password("password"));
|
||||
realm.grantRole(appCompositeUser, realmAppCompositeRole);
|
||||
realm.grantRole(appCompositeUser, realmComposite1);
|
||||
|
||||
deployServlet("app", "/app", ApplicationServlet.class);
|
||||
|
||||
}
|
||||
};
|
||||
|
||||
@Rule
|
||||
public WebRule webRule = new WebRule(this);
|
||||
|
||||
@WebResource
|
||||
protected WebDriver driver;
|
||||
|
||||
@WebResource
|
||||
protected OAuthClient oauth;
|
||||
|
||||
@WebResource
|
||||
protected LoginPage loginPage;
|
||||
|
||||
@Test
|
||||
public void testAppCompositeUser() throws Exception {
|
||||
oauth.realm("Test");
|
||||
oauth.realmPublicKey(realmPublicKey);
|
||||
oauth.clientId("APP_COMPOSITE_APPLICATION");
|
||||
oauth.doLogin("APP_COMPOSITE_USER", "password");
|
||||
|
||||
String code = oauth.getCurrentQuery().get("code");
|
||||
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
||||
|
||||
Assert.assertEquals(200, response.getStatusCode());
|
||||
|
||||
Assert.assertEquals("bearer", response.getTokenType());
|
||||
|
||||
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
|
||||
|
||||
Assert.assertEquals("APP_COMPOSITE_USER", token.getSubject());
|
||||
|
||||
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
|
||||
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
||||
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
|
||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testRealmAppCompositeUser() throws Exception {
|
||||
oauth.realm("Test");
|
||||
oauth.realmPublicKey(realmPublicKey);
|
||||
oauth.clientId("APP_ROLE_APPLICATION");
|
||||
oauth.doLogin("REALM_APP_COMPOSITE_USER", "password");
|
||||
|
||||
String code = oauth.getCurrentQuery().get("code");
|
||||
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
||||
|
||||
Assert.assertEquals(200, response.getStatusCode());
|
||||
|
||||
Assert.assertEquals("bearer", response.getTokenType());
|
||||
|
||||
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
|
||||
|
||||
Assert.assertEquals("REALM_APP_COMPOSITE_USER", token.getSubject());
|
||||
|
||||
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
|
||||
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
|
||||
}
|
||||
|
||||
|
||||
|
||||
@Test
|
||||
public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
|
||||
oauth.realm("Test");
|
||||
oauth.realmPublicKey(realmPublicKey);
|
||||
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
|
||||
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
|
||||
|
||||
String code = oauth.getCurrentQuery().get("code");
|
||||
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
||||
|
||||
Assert.assertEquals(200, response.getStatusCode());
|
||||
|
||||
Assert.assertEquals("bearer", response.getTokenType());
|
||||
|
||||
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
|
||||
|
||||
Assert.assertEquals("REALM_COMPOSITE_1_USER", token.getSubject());
|
||||
|
||||
Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
|
||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
|
||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRealmOnlyWithUserCompositeAppRole() throws Exception {
|
||||
oauth.realm("Test");
|
||||
oauth.realmPublicKey(realmPublicKey);
|
||||
oauth.clientId("REALM_ROLE_1_APPLICATION");
|
||||
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
|
||||
|
||||
String code = oauth.getCurrentQuery().get("code");
|
||||
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
||||
|
||||
Assert.assertEquals(200, response.getStatusCode());
|
||||
|
||||
Assert.assertEquals("bearer", response.getTokenType());
|
||||
|
||||
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
|
||||
|
||||
Assert.assertEquals("REALM_COMPOSITE_1_USER", token.getSubject());
|
||||
|
||||
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRealmOnlyWithUserRoleAppComposite() throws Exception {
|
||||
oauth.realm("Test");
|
||||
oauth.realmPublicKey(realmPublicKey);
|
||||
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
|
||||
oauth.doLogin("REALM_ROLE_1_USER", "password");
|
||||
|
||||
String code = oauth.getCurrentQuery().get("code");
|
||||
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
||||
|
||||
Assert.assertEquals(200, response.getStatusCode());
|
||||
|
||||
Assert.assertEquals("bearer", response.getTokenType());
|
||||
|
||||
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
|
||||
|
||||
Assert.assertEquals("REALM_ROLE_1_USER", token.getSubject());
|
||||
|
||||
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
|
@ -58,7 +58,7 @@ public class AccountTest {
|
|||
UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
|
||||
user2.setEnabled(true);
|
||||
for (String r : accountApp.getDefaultRoles()) {
|
||||
accountApp.deleteRoleMapping(user2, accountApp.getRole(r));
|
||||
appRealm.deleteRoleMapping(user2, accountApp.getRole(r));
|
||||
}
|
||||
UserCredentialModel creds = new UserCredentialModel();
|
||||
creds.setType(CredentialRepresentation.PASSWORD);
|
||||
|
|
|
@ -0,0 +1,84 @@
|
|||
package org.keycloak.testsuite.rule;
|
||||
|
||||
import io.undertow.servlet.api.DeploymentInfo;
|
||||
import io.undertow.servlet.api.ServletInfo;
|
||||
import org.junit.rules.ExternalResource;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.testutils.KeycloakServer;
|
||||
import org.keycloak.util.JsonSerialization;
|
||||
|
||||
import javax.servlet.Servlet;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public abstract class AbstractKeycloakRule extends ExternalResource {
|
||||
protected KeycloakServer server;
|
||||
|
||||
protected void before() throws Throwable {
|
||||
server = new KeycloakServer();
|
||||
server.start();
|
||||
|
||||
|
||||
setupKeycloak();
|
||||
}
|
||||
|
||||
protected void setupKeycloak() {
|
||||
KeycloakSession session = server.getKeycloakSessionFactory().createSession();
|
||||
session.getTransaction().begin();
|
||||
|
||||
try {
|
||||
RealmManager manager = new RealmManager(session);
|
||||
|
||||
RealmModel adminstrationRealm = manager.getRealm(Constants.ADMIN_REALM);
|
||||
|
||||
configure(manager, adminstrationRealm);
|
||||
|
||||
session.getTransaction().commit();
|
||||
} finally {
|
||||
session.close();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
protected void configure(RealmManager manager, RealmModel adminRealm) {
|
||||
|
||||
}
|
||||
|
||||
public void deployServlet(String name, String contextPath, Class<? extends Servlet> servletClass) {
|
||||
DeploymentInfo deploymentInfo = new DeploymentInfo();
|
||||
deploymentInfo.setClassLoader(getClass().getClassLoader());
|
||||
deploymentInfo.setDeploymentName(name);
|
||||
deploymentInfo.setContextPath(contextPath);
|
||||
|
||||
ServletInfo servlet = new ServletInfo(servletClass.getSimpleName(), servletClass);
|
||||
servlet.addMapping("/*");
|
||||
|
||||
deploymentInfo.addServlet(servlet);
|
||||
server.getServer().deploy(deploymentInfo);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void after() {
|
||||
server.stop();
|
||||
}
|
||||
|
||||
public RealmRepresentation loadJson(String path) throws IOException {
|
||||
InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path);
|
||||
ByteArrayOutputStream os = new ByteArrayOutputStream();
|
||||
int c;
|
||||
while ((c = is.read()) != -1) {
|
||||
os.write(c);
|
||||
}
|
||||
byte[] bytes = os.toByteArray();
|
||||
return JsonSerialization.readValue(bytes, RealmRepresentation.class);
|
||||
}
|
||||
}
|
|
@ -41,9 +41,7 @@ import java.io.InputStream;
|
|||
/**
|
||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||
*/
|
||||
public class KeycloakRule extends ExternalResource {
|
||||
|
||||
private KeycloakServer server;
|
||||
public class KeycloakRule extends AbstractKeycloakRule {
|
||||
|
||||
private KeycloakSetup setup;
|
||||
|
||||
|
@ -54,11 +52,9 @@ public class KeycloakRule extends ExternalResource {
|
|||
this.setup = setup;
|
||||
}
|
||||
|
||||
protected void before() throws Throwable {
|
||||
server = new KeycloakServer();
|
||||
server.start();
|
||||
|
||||
server.importRealm(getClass().getResourceAsStream("/testrealm.json"));
|
||||
@Override
|
||||
protected void setupKeycloak() {
|
||||
importRealm();
|
||||
|
||||
if (setup != null) {
|
||||
configure(setup);
|
||||
|
@ -67,33 +63,8 @@ public class KeycloakRule extends ExternalResource {
|
|||
deployServlet("app", "/app", ApplicationServlet.class);
|
||||
}
|
||||
|
||||
public void deployServlet(String name, String contextPath, Class<? extends Servlet> servletClass) {
|
||||
DeploymentInfo deploymentInfo = new DeploymentInfo();
|
||||
deploymentInfo.setClassLoader(getClass().getClassLoader());
|
||||
deploymentInfo.setDeploymentName(name);
|
||||
deploymentInfo.setContextPath(contextPath);
|
||||
|
||||
ServletInfo servlet = new ServletInfo(servletClass.getSimpleName(), servletClass);
|
||||
servlet.addMapping("/*");
|
||||
|
||||
deploymentInfo.addServlet(servlet);
|
||||
server.getServer().deploy(deploymentInfo);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void after() {
|
||||
server.stop();
|
||||
}
|
||||
|
||||
public RealmRepresentation loadJson(String path) throws IOException {
|
||||
InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path);
|
||||
ByteArrayOutputStream os = new ByteArrayOutputStream();
|
||||
int c;
|
||||
while ((c = is.read()) != -1) {
|
||||
os.write(c);
|
||||
}
|
||||
byte[] bytes = os.toByteArray();
|
||||
return JsonSerialization.readValue(bytes, RealmRepresentation.class);
|
||||
protected void importRealm() {
|
||||
server.importRealm(getClass().getResourceAsStream("/testrealm.json"));
|
||||
}
|
||||
|
||||
public void configure(KeycloakSetup configurer) {
|
||||
|
@ -106,7 +77,7 @@ public class KeycloakRule extends ExternalResource {
|
|||
RealmModel adminstrationRealm = manager.getRealm(Constants.ADMIN_REALM);
|
||||
RealmModel appRealm = manager.getRealm("test");
|
||||
|
||||
configurer.config(manager, null, appRealm);
|
||||
configurer.config(manager, adminstrationRealm, appRealm);
|
||||
|
||||
session.getTransaction().commit();
|
||||
} finally {
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
|
||||
version="1.0">
|
||||
<!--
|
||||
<persistence-unit name="picketlink-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
|
||||
<provider>org.hibernate.ejb.HibernatePersistence</provider>
|
||||
|
||||
|
@ -35,22 +36,21 @@
|
|||
<property name="hibernate.format_sql" value="true" />
|
||||
</properties>
|
||||
</persistence-unit>
|
||||
-->
|
||||
<persistence-unit name="jpa-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
|
||||
<provider>org.hibernate.ejb.HibernatePersistence</provider>
|
||||
|
||||
<class>org.keycloak.models.jpa.entities.ApplicationEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.ApplicationScopeMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.ApplicationUserRoleMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.CredentialEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.OAuthClientEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RealmEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RealmScopeMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RealmUserRoleMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RoleEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.ApplicationRoleEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RealmRoleEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.SocialLinkEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.UserEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.UserScopeMappingEntity</class>
|
||||
|
||||
<exclude-unlisted-classes>true</exclude-unlisted-classes>
|
||||
|
||||
|
|
Loading…
Reference in a new issue