Merge pull request #184 from patriot1burke/master

composite roles backend
This commit is contained in:
Bill Burke 2014-01-30 17:36:34 -08:00
commit b7d5830c7c
49 changed files with 1274 additions and 663 deletions

View file

@ -8,6 +8,7 @@ public class RoleRepresentation {
protected String id;
protected String name;
protected String description;
protected boolean composite;
public RoleRepresentation() {
}
@ -40,4 +41,12 @@ public class RoleRepresentation {
public void setDescription(String description) {
this.description = description;
}
public boolean isComposite() {
return composite;
}
public void setComposite(boolean composite) {
this.composite = composite;
}
}

View file

@ -1,12 +1,13 @@
package org.keycloak.models;
import java.util.List;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ApplicationModel extends RoleContainerModel, RoleMapperModel, ScopeMapperModel {
public interface ApplicationModel extends RoleContainerModel {
void updateApplication();
UserModel getApplicationUser();
@ -38,4 +39,10 @@ public interface ApplicationModel extends RoleContainerModel, RoleMapperModel, S
void addDefaultRole(String name);
void updateDefaultRoles(String[] defaultRoles);
Set<RoleModel> getApplicationRoleMappings(UserModel user);
Set<RoleModel> getApplicationScopeMappings(UserModel user);
void addScope(RoleModel role);
}

View file

@ -157,4 +157,8 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
Map<String, String> getSocialConfig();
void setSocialConfig(Map<String, String> socialConfig);
Set<RoleModel> getRealmRoleMappings(UserModel user);
Set<RoleModel> getRealmScopeMappings(UserModel user);
}

View file

@ -1,6 +1,7 @@
package org.keycloak.models;
import java.util.List;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -13,7 +14,7 @@ public interface RoleContainerModel {
boolean removeRoleById(String id);
List<RoleModel> getRoles();
Set<RoleModel> getRoles();
RoleModel getRoleById(String id);
}

View file

@ -9,14 +9,7 @@ import java.util.Set;
*/
public interface RoleMapperModel {
boolean hasRole(UserModel user, RoleModel role);
void grantRole(UserModel user, RoleModel role);
Set<String> getRoleMappingValues(UserModel user);
List<RoleModel> getRoleMappings(UserModel user);
Set<RoleModel> getRoleMappings(UserModel user);
void deleteRoleMapping(UserModel user, RoleModel role);
boolean hasRole(UserModel user, String role);
}

View file

@ -1,5 +1,7 @@
package org.keycloak.models;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
@ -14,4 +16,19 @@ public interface RoleModel {
String getId();
void setName(String name);
boolean isComposite();
void setComposite(boolean flag);
void addCompositeRole(RoleModel role);
void removeCompositeRole(RoleModel role);
Set<RoleModel> getComposites();
RoleContainerModel getContainer();
boolean hasRole(RoleModel role);
}

View file

@ -8,13 +8,7 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public interface ScopeMapperModel {
void addScopeMapping(UserModel agent, String roleName);
Set<String> getScopeMappingValues(UserModel agent);
List<RoleModel> getScopeMappings(UserModel agent);
Set<RoleModel> getScopeMappings(UserModel agent);
void addScopeMapping(UserModel agent, RoleModel role);
void deleteScopeMapping(UserModel user, RoleModel role);
}

View file

@ -13,6 +13,17 @@ public class UserCredentialModel {
protected String value;
protected String device;
public UserCredentialModel() {
}
public static UserCredentialModel password(String password) {
UserCredentialModel model = new UserCredentialModel();
model.setType(PASSWORD);
model.setValue(password);
return model;
}
public String getType() {
return type;
}

View file

@ -1,16 +1,22 @@
package org.keycloak.models.jpa;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.jpa.entities.*;
import org.keycloak.representations.idm.ApplicationMappingsRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
@ -21,8 +27,10 @@ public class ApplicationAdapter implements ApplicationModel {
protected EntityManager em;
protected ApplicationEntity application;
protected RealmModel realm;
public ApplicationAdapter(EntityManager em, ApplicationEntity application) {
public ApplicationAdapter(RealmModel realm, EntityManager em, ApplicationEntity application) {
this.realm = realm;
this.em = em;
this.application = application;
}
@ -94,31 +102,30 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public RoleModel getRole(String name) {
Collection<RoleEntity> roles = application.getRoles();
if (roles == null) return null;
for (RoleEntity role : roles) {
if (role.getName().equals(name)) {
return new RoleAdapter(role);
}
}
return null;
TypedQuery<ApplicationRoleEntity> query = em.createNamedQuery("getAppRoleByName", ApplicationRoleEntity.class);
query.setParameter("name", name);
query.setParameter("application", application);
List<ApplicationRoleEntity> roles = query.getResultList();
if (roles.size() == 0) return null;
return new RoleAdapter(realm, em, roles.get(0));
}
@Override
public RoleModel addRole(String name) {
RoleModel role = getRole(name);
if (role != null) return role;
RoleEntity entity = new RoleEntity();
ApplicationRoleEntity entity = new ApplicationRoleEntity();
entity.setName(name);
entity.setApplication(application);
em.persist(entity);
application.getRoles().add(entity);
em.flush();
return new RoleAdapter(entity);
return new RoleAdapter(realm, em, entity);
}
@Override
public boolean removeRoleById(String id) {
RoleEntity role = em.find(RoleEntity.class, id);
ApplicationRoleEntity role = em.find(ApplicationRoleEntity.class, id);
if (role == null) {
return false;
}
@ -126,169 +133,71 @@ public class ApplicationAdapter implements ApplicationModel {
application.getRoles().remove(role);
application.getDefaultRoles().remove(role);
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
role.setApplication(null);
em.flush();
em.remove(role);
return true;
}
@Override
public List<RoleModel> getRoles() {
ArrayList<RoleModel> list = new ArrayList<RoleModel>();
Collection<RoleEntity> roles = application.getRoles();
public Set<RoleModel> getRoles() {
Set<RoleModel> list = new HashSet<RoleModel>();
Collection<ApplicationRoleEntity> roles = application.getRoles();
if (roles == null) return list;
for (RoleEntity entity : roles) {
list.add(new RoleAdapter(entity));
list.add(new RoleAdapter(realm, em, entity));
}
return list;
}
@Override
public RoleModel getRoleById(String id) {
RoleEntity entity = em.find(RoleEntity.class, id);
if (entity == null) return null;
return new RoleAdapter(entity);
return realm.getRoleById(id);
}
@Override
public boolean hasRole(UserModel user, RoleModel role) {
TypedQuery<ApplicationUserRoleMappingEntity> query = getApplicationUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role);
return query.getResultList().size() > 0;
public Set<RoleModel> getApplicationRoleMappings(UserModel user) {
Set<RoleModel> roleMappings = realm.getRoleMappings(user);
Set<RoleModel> appRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
RoleContainerModel container = role.getContainer();
if (container instanceof RealmModel) {
} else {
ApplicationModel app = (ApplicationModel)container;
if (app.getId().equals(getId())) {
appRoles.add(role);
}
}
}
protected TypedQuery<ApplicationUserRoleMappingEntity> getApplicationUserRoleMappingEntityTypedQuery(UserAdapter user, RoleAdapter role) {
TypedQuery<ApplicationUserRoleMappingEntity> query = em.createNamedQuery("userHasApplicationRole", ApplicationUserRoleMappingEntity.class);
query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("role", ((RoleAdapter)role).getRole());
query.setParameter("application", application);
return query;
return appRoles;
}
@Override
public void grantRole(UserModel user, RoleModel role) {
if (hasRole(user, role)) return;
ApplicationUserRoleMappingEntity entity = new ApplicationUserRoleMappingEntity();
entity.setApplication(application);
entity.setUser(((UserAdapter) user).getUser());
entity.setRole(((RoleAdapter)role).getRole());
em.persist(entity);
em.flush();
}
public Set<RoleModel> getApplicationScopeMappings(UserModel user) {
Set<RoleModel> roleMappings = realm.getScopeMappings(user);
@Override
public List<RoleModel> getRoleMappings(UserModel user) {
TypedQuery<ApplicationUserRoleMappingEntity> query = em.createNamedQuery("userApplicationMappings", ApplicationUserRoleMappingEntity.class);
query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("application", application);
List<ApplicationUserRoleMappingEntity> entities = query.getResultList();
List<RoleModel> roles = new ArrayList<RoleModel>();
for (ApplicationUserRoleMappingEntity entity : entities) {
roles.add(new RoleAdapter(entity.getRole()));
Set<RoleModel> appRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
RoleContainerModel container = role.getContainer();
if (container instanceof RealmModel) {
} else {
ApplicationModel app = (ApplicationModel)container;
if (app.getId().equals(getId())) {
appRoles.add(role);
}
return roles;
}
@Override
public Set<String> getRoleMappingValues(UserModel user) {
TypedQuery<ApplicationUserRoleMappingEntity> query = em.createNamedQuery("userApplicationMappings", ApplicationUserRoleMappingEntity.class);
query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("application", application);
List<ApplicationUserRoleMappingEntity> entities = query.getResultList();
Set<String> roles = new HashSet<String>();
for (ApplicationUserRoleMappingEntity entity : entities) {
roles.add(entity.getRole().getName());
}
return roles;
}
@Override
public void deleteRoleMapping(UserModel user, RoleModel role) {
TypedQuery<ApplicationUserRoleMappingEntity> query = getApplicationUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role);
List<ApplicationUserRoleMappingEntity> results = query.getResultList();
if (results.size() == 0) return;
for (ApplicationUserRoleMappingEntity entity : results) {
em.remove(entity);
}
}
@Override
public boolean hasRole(UserModel user, String roleName) {
RoleModel role = getRole(roleName);
if (role == null) return false;
return hasRole(user, role);
}
@Override
public void addScopeMapping(UserModel agent, String roleName) {
RoleModel role = getRole(roleName);
if (role == null) throw new RuntimeException("role does not exist");
addScopeMapping(agent, role);
}
@Override
public Set<String> getScopeMappingValues(UserModel agent) {
TypedQuery<ApplicationScopeMappingEntity> query = em.createNamedQuery("userApplicationScopeMappings", ApplicationScopeMappingEntity.class);
query.setParameter("user", ((UserAdapter)agent).getUser());
query.setParameter("application", application);
List<ApplicationScopeMappingEntity> entities = query.getResultList();
Set<String> roles = new HashSet<String>();
for (ApplicationScopeMappingEntity entity : entities) {
roles.add(entity.getRole().getName());
}
return roles;
}
@Override
public List<RoleModel> getScopeMappings(UserModel agent) {
TypedQuery<ApplicationScopeMappingEntity> query = em.createNamedQuery("userApplicationScopeMappings", ApplicationScopeMappingEntity.class);
query.setParameter("user", ((UserAdapter)agent).getUser());
query.setParameter("application", application);
List<ApplicationScopeMappingEntity> entities = query.getResultList();
List<RoleModel> roles = new ArrayList<RoleModel>();
for (ApplicationScopeMappingEntity entity : entities) {
roles.add(new RoleAdapter(entity.getRole()));
}
return roles;
}
@Override
public void addScopeMapping(UserModel agent, RoleModel role) {
if (hasScope(agent, role)) return;
ApplicationScopeMappingEntity entity = new ApplicationScopeMappingEntity();
entity.setApplication(application);
entity.setUser(((UserAdapter) agent).getUser());
entity.setRole(((RoleAdapter)role).getRole());
em.persist(entity);
em.flush();
}
@Override
public void deleteScopeMapping(UserModel user, RoleModel role) {
TypedQuery<ApplicationScopeMappingEntity> query = getApplicationScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
List<ApplicationScopeMappingEntity> results = query.getResultList();
if (results.size() == 0) return;
for (ApplicationScopeMappingEntity entity : results) {
em.remove(entity);
}
}
public boolean hasScope(UserModel user, RoleModel role) {
TypedQuery<ApplicationScopeMappingEntity> query = getApplicationScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
return query.getResultList().size() > 0;
return appRoles;
}
protected TypedQuery<ApplicationScopeMappingEntity> getApplicationScopeMappingQuery(UserAdapter user, RoleAdapter role) {
TypedQuery<ApplicationScopeMappingEntity> query = em.createNamedQuery("userHasApplicationScope", ApplicationScopeMappingEntity.class);
query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("role", ((RoleAdapter)role).getRole());
query.setParameter("application", application);
return query;
}
@Override
public List<String> getDefaultRoles() {
@ -347,4 +256,17 @@ public class ApplicationAdapter implements ApplicationModel {
}
em.flush();
}
@Override
public void addScope(RoleModel role) {
realm.addScopeMapping(getApplicationUser(), role);
}
public boolean equals(Object o) {
if (o == null) return false;
if (o == this) return true;
if (!(o instanceof ApplicationAdapter)) return false;
ApplicationAdapter app = (ApplicationAdapter)o;
return app.getId().equals(getId());
}
}

View file

@ -1,6 +1,18 @@
package org.keycloak.models.jpa;
import org.bouncycastle.openssl.PEMWriter;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.jpa.entities.ApplicationEntity;
import org.keycloak.models.jpa.entities.CredentialEntity;
import org.keycloak.models.jpa.entities.OAuthClientEntity;
import org.keycloak.models.jpa.entities.RealmEntity;
import org.keycloak.models.jpa.entities.RealmRoleEntity;
import org.keycloak.models.jpa.entities.RequiredCredentialEntity;
import org.keycloak.models.jpa.entities.RoleEntity;
import org.keycloak.models.jpa.entities.SocialLinkEntity;
import org.keycloak.models.jpa.entities.UserEntity;
import org.keycloak.models.jpa.entities.UserRoleMappingEntity;
import org.keycloak.models.jpa.entities.UserScopeMappingEntity;
import org.keycloak.models.utils.Pbkdf2PasswordEncoder;
import org.keycloak.util.PemUtils;
import org.keycloak.models.ApplicationModel;
@ -12,7 +24,6 @@ import org.keycloak.models.RoleModel;
import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.jpa.entities.*;
import org.keycloak.models.utils.TimeBasedOTP;
import javax.persistence.EntityManager;
@ -25,6 +36,7 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
@ -453,7 +465,7 @@ public class RealmAdapter implements RealmModel {
for (ApplicationModel application : getApplications()) {
for (String r : application.getDefaultRoles()) {
application.grantRole(userModel, application.getRole(r));
grantRole(userModel, application.getRole(r));
}
}
@ -472,10 +484,8 @@ public class RealmAdapter implements RealmModel {
}
private void removeUser(UserEntity user) {
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.createQuery("delete from " + SocialLinkEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.remove(user);
}
@ -552,7 +562,7 @@ public class RealmAdapter implements RealmModel {
List<ApplicationModel> list = new ArrayList<ApplicationModel>();
if (realm.getApplications() == null) return list;
for (ApplicationEntity entity : realm.getApplications()) {
list.add(new ApplicationAdapter(em, entity));
list.add(new ApplicationAdapter(this, em, entity));
}
return list;
}
@ -571,31 +581,41 @@ public class RealmAdapter implements RealmModel {
realm.getApplications().add(applicationData);
em.persist(applicationData);
em.flush();
ApplicationModel resource = new ApplicationAdapter(em, applicationData);
ApplicationModel resource = new ApplicationAdapter(this, em, applicationData);
em.flush();
return resource;
}
@Override
public boolean removeApplication(String id) {
ApplicationEntity application = null;
if (id == null) return false;
ApplicationModel application = getApplicationById(id);
if (application == null) return false;
for (RoleModel role : application.getRoles()) {
application.removeRoleById(role.getId());
}
ApplicationEntity applicationEntity = null;
Iterator<ApplicationEntity> it = realm.getApplications().iterator();
while (it.hasNext()) {
ApplicationEntity ae = it.next();
if (ae.getId().equals(id)) {
applicationEntity = ae;
it.remove();
break;
}
}
for (ApplicationEntity a : realm.getApplications()) {
if (a.getId().equals(id)) {
application = a;
applicationEntity = a;
}
}
if (application == null) {
return false;
}
realm.getApplications().remove(application);
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where application = :application").setParameter("application", application).executeUpdate();
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where application = :application").setParameter("application", application).executeUpdate();
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", application.getApplicationUser()).executeUpdate();
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", application.getApplicationUser()).executeUpdate();
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", application.getApplicationUser()).executeUpdate();
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", application.getApplicationUser()).executeUpdate();
removeUser(application.getApplicationUser());
em.remove(application);
em.remove(applicationEntity);
removeUser(applicationEntity.getApplicationUser());
return true;
}
@ -603,7 +623,7 @@ public class RealmAdapter implements RealmModel {
public ApplicationModel getApplicationById(String id) {
ApplicationEntity app = em.find(ApplicationEntity.class, id);
if (app == null) return null;
return new ApplicationAdapter(em, app);
return new ApplicationAdapter(this, em, app);
}
@Override
@ -758,10 +778,8 @@ public class RealmAdapter implements RealmModel {
@Override
public boolean removeOAuthClient(String id) {
OAuthClientEntity client = em.find(OAuthClientEntity.class, id);
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
removeUser(client.getAgent());
em.remove(client);
return true;
@ -820,55 +838,54 @@ public class RealmAdapter implements RealmModel {
@Override
public RoleModel getRole(String name) {
Collection<RoleEntity> roles = realm.getRoles();
if (roles == null) return null;
for (RoleEntity role : roles) {
if (role.getName().equals(name)) {
return new RoleAdapter(role);
}
}
return null; //To change body of implemented methods use File | Settings | File Templates.
TypedQuery<RealmRoleEntity> query = em.createNamedQuery("getRealmRoleByName", RealmRoleEntity.class);
query.setParameter("name", name);
query.setParameter("realm", realm);
List<RealmRoleEntity> roles = query.getResultList();
if (roles.size() == 0) return null;
return new RoleAdapter(this, em, roles.get(0));
}
@Override
public RoleModel addRole(String name) {
RoleModel role = getRole(name);
if (role != null) return role;
RoleEntity entity = new RoleEntity();
RealmRoleEntity entity = new RealmRoleEntity();
entity.setName(name);
em.persist(entity);
entity.setRealm(realm);
realm.getRoles().add(entity);
em.persist(entity);
em.flush();
return new RoleAdapter(entity);
return new RoleAdapter(this, em, entity);
}
@Override
public boolean removeRoleById(String id) {
RoleEntity role = em.find(RoleEntity.class, id);
RoleModel role = getRoleById(id);
if (role == null) return false;
if (role == null) {
return false;
}
RoleEntity roleEntity = ((RoleAdapter)role).getRole();
realm.getRoles().remove(role);
realm.getDefaultRoles().remove(role);
em.createQuery("delete from " + ApplicationScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + ApplicationUserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + RealmScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + RealmUserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
em.remove(role);
em.remove(roleEntity);
return true;
}
@Override
public List<RoleModel> getRoles() {
ArrayList<RoleModel> list = new ArrayList<RoleModel>();
Collection<RoleEntity> roles = realm.getRoles();
public Set<RoleModel> getRoles() {
Set<RoleModel> list = new HashSet<RoleModel>();
Collection<RealmRoleEntity> roles = realm.getRoles();
if (roles == null) return list;
for (RoleEntity entity : roles) {
list.add(new RoleAdapter(entity));
list.add(new RoleAdapter(this, em, entity));
}
return list;
}
@ -877,28 +894,31 @@ public class RealmAdapter implements RealmModel {
public RoleModel getRoleById(String id) {
RoleEntity entity = em.find(RoleEntity.class, id);
if (entity == null) return null;
return new RoleAdapter(entity);
return new RoleAdapter(this, em, entity);
}
@Override
public boolean hasRole(UserModel user, RoleModel role) {
TypedQuery<RealmUserRoleMappingEntity> query = getRealmUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role);
return query.getResultList().size() > 0;
Set<RoleModel> roles = getRoleMappings(user);
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
return false;
}
protected TypedQuery<RealmUserRoleMappingEntity> getRealmUserRoleMappingEntityTypedQuery(UserAdapter user, RoleAdapter role) {
TypedQuery<RealmUserRoleMappingEntity> query = em.createNamedQuery("userHasRealmRole", RealmUserRoleMappingEntity.class);
protected TypedQuery<UserRoleMappingEntity> getUserRoleMappingEntityTypedQuery(UserAdapter user, RoleAdapter role) {
TypedQuery<UserRoleMappingEntity> query = em.createNamedQuery("userHasRole", UserRoleMappingEntity.class);
query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("role", ((RoleAdapter) role).getRole());
query.setParameter("realm", realm);
return query;
}
@Override
public void grantRole(UserModel user, RoleModel role) {
if (hasRole(user, role)) return;
RealmUserRoleMappingEntity entity = new RealmUserRoleMappingEntity();
entity.setRealm(realm);
UserRoleMappingEntity entity = new UserRoleMappingEntity();
entity.setUser(((UserAdapter) user).getUser());
entity.setRole(((RoleAdapter)role).getRole());
em.persist(entity);
@ -906,79 +926,69 @@ public class RealmAdapter implements RealmModel {
}
@Override
public List<RoleModel> getRoleMappings(UserModel user) {
TypedQuery<RealmUserRoleMappingEntity> query = em.createNamedQuery("userRealmMappings", RealmUserRoleMappingEntity.class);
query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("realm", realm);
List<RealmUserRoleMappingEntity> entities = query.getResultList();
List<RoleModel> roles = new ArrayList<RoleModel>();
for (RealmUserRoleMappingEntity entity : entities) {
roles.add(new RoleAdapter(entity.getRole()));
public Set<RoleModel> getRealmRoleMappings(UserModel user) {
Set<RoleModel> roleMappings = getRoleMappings(user);
Set<RoleModel> realmRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
RoleContainerModel container = role.getContainer();
if (container instanceof RealmModel) {
realmRoles.add(role);
}
return roles;
}
return realmRoles;
}
@Override
public Set<String> getRoleMappingValues(UserModel user) {
TypedQuery<RealmUserRoleMappingEntity> query = em.createNamedQuery("userRealmMappings", RealmUserRoleMappingEntity.class);
public Set<RoleModel> getRoleMappings(UserModel user) {
TypedQuery<UserRoleMappingEntity> query = em.createNamedQuery("userRoleMappings", UserRoleMappingEntity.class);
query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("realm", realm);
List<RealmUserRoleMappingEntity> entities = query.getResultList();
Set<String> roles = new HashSet<String>();
for (RealmUserRoleMappingEntity entity : entities) {
roles.add(entity.getRole().getName());
List<UserRoleMappingEntity> entities = query.getResultList();
Set<RoleModel> roles = new HashSet<RoleModel>();
for (UserRoleMappingEntity entity : entities) {
roles.add(new RoleAdapter(this, em, entity.getRole()));
}
return roles;
}
@Override
public void deleteRoleMapping(UserModel user, RoleModel role) {
TypedQuery<RealmUserRoleMappingEntity> query = getRealmUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role);
List<RealmUserRoleMappingEntity> results = query.getResultList();
TypedQuery<UserRoleMappingEntity> query = getUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role);
List<UserRoleMappingEntity> results = query.getResultList();
if (results.size() == 0) return;
for (RealmUserRoleMappingEntity entity : results) {
for (UserRoleMappingEntity entity : results) {
em.remove(entity);
}
em.flush();
}
@Override
public boolean hasRole(UserModel user, String roleName) {
RoleModel role = getRole(roleName);
if (role == null) return false;
return hasRole(user, role);
public Set<RoleModel> getRealmScopeMappings(UserModel user) {
Set<RoleModel> roleMappings = getScopeMappings(user);
Set<RoleModel> appRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
RoleContainerModel container = role.getContainer();
if (container instanceof RealmModel) {
if (((RealmModel)container).getId().equals(getId())) {
appRoles.add(role);
}
}
}
@Override
public void addScopeMapping(UserModel agent, String roleName) {
RoleModel role = getRole(roleName);
if (role == null) throw new RuntimeException("role does not exist");
addScopeMapping(agent, role);
em.flush();
return appRoles;
}
@Override
public Set<String> getScopeMappingValues(UserModel agent) {
TypedQuery<RealmScopeMappingEntity> query = em.createNamedQuery("userRealmScopeMappings", RealmScopeMappingEntity.class);
public Set<RoleModel> getScopeMappings(UserModel agent) {
TypedQuery<UserScopeMappingEntity> query = em.createNamedQuery("userScopeMappings", UserScopeMappingEntity.class);
query.setParameter("user", ((UserAdapter)agent).getUser());
query.setParameter("realm", realm);
List<RealmScopeMappingEntity> entities = query.getResultList();
Set<String> roles = new HashSet<String>();
for (RealmScopeMappingEntity entity : entities) {
roles.add(entity.getRole().getName());
}
return roles;
}
@Override
public List<RoleModel> getScopeMappings(UserModel agent) {
TypedQuery<RealmScopeMappingEntity> query = em.createNamedQuery("userRealmScopeMappings", RealmScopeMappingEntity.class);
query.setParameter("user", ((UserAdapter)agent).getUser());
query.setParameter("realm", realm);
List<RealmScopeMappingEntity> entities = query.getResultList();
List<RoleModel> roles = new ArrayList<RoleModel>();
for (RealmScopeMappingEntity entity : entities) {
roles.add(new RoleAdapter(entity.getRole()));
List<UserScopeMappingEntity> entities = query.getResultList();
Set<RoleModel> roles = new HashSet<RoleModel>();
for (UserScopeMappingEntity entity : entities) {
roles.add(new RoleAdapter(this, em, entity.getRole()));
}
return roles;
}
@ -986,35 +996,32 @@ public class RealmAdapter implements RealmModel {
@Override
public void addScopeMapping(UserModel agent, RoleModel role) {
if (hasScope(agent, role)) return;
RealmScopeMappingEntity entity = new RealmScopeMappingEntity();
entity.setRealm(realm);
UserScopeMappingEntity entity = new UserScopeMappingEntity();
entity.setUser(((UserAdapter) agent).getUser());
entity.setRole(((RoleAdapter)role).getRole());
em.persist(entity);
em.flush();
}
@Override
public void deleteScopeMapping(UserModel user, RoleModel role) {
TypedQuery<RealmScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
List<RealmScopeMappingEntity> results = query.getResultList();
TypedQuery<UserScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
List<UserScopeMappingEntity> results = query.getResultList();
if (results.size() == 0) return;
for (RealmScopeMappingEntity entity : results) {
for (UserScopeMappingEntity entity : results) {
em.remove(entity);
}
}
public boolean hasScope(UserModel user, RoleModel role) {
TypedQuery<RealmScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
TypedQuery<UserScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
return query.getResultList().size() > 0;
}
protected TypedQuery<RealmScopeMappingEntity> getRealmScopeMappingQuery(UserAdapter user, RoleAdapter role) {
TypedQuery<RealmScopeMappingEntity> query = em.createNamedQuery("userHasRealmScope", RealmScopeMappingEntity.class);
protected TypedQuery<UserScopeMappingEntity> getRealmScopeMappingQuery(UserAdapter user, RoleAdapter role) {
TypedQuery<UserScopeMappingEntity> query = em.createNamedQuery("userHasScope", UserScopeMappingEntity.class);
query.setParameter("user", ((UserAdapter)user).getUser());
query.setParameter("role", ((RoleAdapter)role).getRole());
query.setParameter("realm", realm);
return query;
}
@ -1081,4 +1088,12 @@ public class RealmAdapter implements RealmModel {
realm.setPasswordPolicy(policy.toString());
em.flush();
}
public boolean equals(Object o) {
if (o == null) return false;
if (!(o instanceof RealmAdapter)) return false;
RealmAdapter r = (RealmAdapter)o;
return r.getId().equals(getId());
}
}

View file

@ -1,16 +1,29 @@
package org.keycloak.models.jpa;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.jpa.entities.ApplicationRoleEntity;
import org.keycloak.models.jpa.entities.RealmRoleEntity;
import org.keycloak.models.jpa.entities.RoleEntity;
import javax.persistence.EntityManager;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class RoleAdapter implements RoleModel {
protected RoleEntity role;
protected EntityManager em;
protected RealmModel realm;
public RoleAdapter(RoleEntity role) {
public RoleAdapter(RealmModel realm, EntityManager em, RoleEntity role) {
this.em = em;
this.realm = realm;
this.role = role;
}
@ -46,4 +59,96 @@ public class RoleAdapter implements RoleModel {
public void setName(String name) {
role.setName(name);
}
@Override
public boolean isComposite() {
return role.isComposite();
}
@Override
public void setComposite(boolean flag) {
role.setComposite(flag);
}
@Override
public void addCompositeRole(RoleModel role) {
RoleEntity entity = ((RoleAdapter)role).getRole();
for (RoleEntity composite : getRole().getCompositeRoles()) {
if (composite.equals(entity)) return;
}
getRole().getCompositeRoles().add(entity);
em.flush();
}
@Override
public void removeCompositeRole(RoleModel role) {
RoleEntity entity = ((RoleAdapter)role).getRole();
Iterator<RoleEntity> it = getRole().getCompositeRoles().iterator();
while (it.hasNext()) {
if (it.next().equals(entity)) it.remove();
}
}
@Override
public Set<RoleModel> getComposites() {
Set<RoleModel> set = new HashSet<RoleModel>();
for (RoleEntity composite : getRole().getCompositeRoles()) {
set.add(new RoleAdapter(realm, em, composite));
}
return set;
}
public static boolean searchFor(RoleModel role, RoleModel composite, Set<RoleModel> visited) {
if (visited.contains(composite)) return false;
visited.add(composite);
Set<RoleModel> composites = composite.getComposites();
if (composites.contains(role)) return true;
for (RoleModel contained : composites) {
if (!contained.isComposite()) continue;
if (searchFor(role, contained, visited)) return true;
}
return false;
}
@Override
public boolean hasRole(RoleModel role) {
if (this.equals(role)) return true;
if (!isComposite()) return false;
Set<RoleModel> visited = new HashSet<RoleModel>();
return searchFor(role, this, visited);
}
@Override
public RoleContainerModel getContainer() {
if (role instanceof ApplicationRoleEntity) {
ApplicationRoleEntity entity = (ApplicationRoleEntity)role;
return new ApplicationAdapter(realm, em, entity.getApplication());
} else if (role instanceof RealmRoleEntity) {
RealmRoleEntity entity = (RealmRoleEntity)role;
return new RealmAdapter(em, entity.getRealm());
}
throw new IllegalStateException("Unknown role entity type");
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
RoleAdapter that = (RoleAdapter) o;
if (!role.equals(that.role)) return false;
return true;
}
@Override
public int hashCode() {
return role.hashCode();
}
}

View file

@ -0,0 +1,46 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.ManyToOne;
import javax.persistence.MappedSuperclass;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@MappedSuperclass
public class AbstractRoleMappingEntity {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
protected long id;
@ManyToOne
protected UserEntity user;
@ManyToOne
protected RoleEntity role;
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public UserEntity getUser() {
return user;
}
public void setUser(UserEntity user) {
this.user = user;
}
public RoleEntity getRole() {
return role;
}
public void setRole(RoleEntity role) {
this.role = role;
}
}

View file

@ -31,9 +31,8 @@ public class ApplicationEntity {
@OneToOne(fetch = FetchType.EAGER)
private UserEntity applicationUser;
@OneToMany(fetch = FetchType.EAGER, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
@JoinTable(name="APPLICATION_ROLES")
Collection<RoleEntity> roles = new ArrayList<RoleEntity>();
@OneToMany(fetch = FetchType.EAGER, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "application")
Collection<ApplicationRoleEntity> roles = new ArrayList<ApplicationRoleEntity>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
@JoinTable(name="APPLICATION_DEFAULT_ROLES")
@ -83,11 +82,11 @@ public class ApplicationEntity {
this.applicationUser = applicationUser;
}
public Collection<RoleEntity> getRoles() {
public Collection<ApplicationRoleEntity> getRoles() {
return roles;
}
public void setRoles(Collection<RoleEntity> roles) {
public void setRoles(Collection<ApplicationRoleEntity> roles) {
this.roles = roles;
}

View file

@ -1,6 +1,7 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.Entity;
import javax.persistence.JoinTable;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
@ -10,14 +11,13 @@ import javax.persistence.NamedQuery;
* @version $Revision: 1 $
*/
@NamedQueries({
@NamedQuery(name="userHasApplicationScope", query="select m from ApplicationScopeMappingEntity m where m.user = :user and m.role = :role and m.application = :application"),
@NamedQuery(name="userApplicationScopeMappings", query="select m from ApplicationScopeMappingEntity m where m.user = :user and m.application = :application")
@NamedQuery(name="getAppRoleByName", query="select role from ApplicationRoleEntity role where role.name = :name and role.application = :application")
})
@Entity
public class ApplicationScopeMappingEntity extends UserRoleMappingEntity {
public class ApplicationRoleEntity extends RoleEntity {
@ManyToOne
protected ApplicationEntity application;
@JoinTable(name = "APPLICATION_ROLE")
private ApplicationEntity application;
public ApplicationEntity getApplication() {
return application;

View file

@ -1,29 +0,0 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.Entity;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@NamedQueries({
@NamedQuery(name="userHasApplicationRole", query="select m from ApplicationUserRoleMappingEntity m where m.user = :user and m.role = :role and m.application = :application"),
@NamedQuery(name="userApplicationMappings", query="select m from ApplicationUserRoleMappingEntity m where m.user = :user and m.application = :application")
})
@Entity
public class ApplicationUserRoleMappingEntity extends UserRoleMappingEntity {
@ManyToOne
protected ApplicationEntity application;
public ApplicationEntity getApplication() {
return application;
}
public void setApplication(ApplicationEntity application) {
this.application = application;
}
}

View file

@ -65,9 +65,8 @@ public class RealmEntity {
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
Collection<ApplicationEntity> applications = new ArrayList<ApplicationEntity>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
@JoinTable(name="REALM_ROLES")
Collection<RoleEntity> roles = new ArrayList<RoleEntity>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
Collection<RealmRoleEntity> roles = new ArrayList<RealmRoleEntity>();
@ElementCollection
@MapKeyColumn(name="name")
@ -229,17 +228,17 @@ public class RealmEntity {
this.applications = applications;
}
public Collection<RoleEntity> getRoles() {
public Collection<RealmRoleEntity> getRoles() {
return roles;
}
public void setRoles(Collection<RoleEntity> roles) {
public void setRoles(Collection<RealmRoleEntity> roles) {
this.roles = roles;
}
public void addRole(RoleEntity role) {
public void addRole(RealmRoleEntity role) {
if (roles == null) {
roles = new ArrayList<RoleEntity>();
roles = new ArrayList<RealmRoleEntity>();
}
roles.add(role);
}

View file

@ -10,14 +10,12 @@ import javax.persistence.NamedQuery;
* @version $Revision: 1 $
*/
@NamedQueries({
@NamedQuery(name="userHasRealmScope", query="select m from RealmScopeMappingEntity m where m.user = :user and m.role = :role and m.realm = :realm"),
@NamedQuery(name="userRealmScopeMappings", query="select m from RealmScopeMappingEntity m where m.user = :user and m.realm = :realm")
@NamedQuery(name="getRealmRoleByName", query="select role from RealmRoleEntity role where role.name = :name and role.realm = :realm")
})
@Entity
public class RealmScopeMappingEntity extends UserRoleMappingEntity {
public class RealmRoleEntity extends RoleEntity {
@ManyToOne
protected RealmEntity realm;
private RealmEntity realm;
public RealmEntity getRealm() {
return realm;

View file

@ -1,29 +0,0 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.Entity;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@NamedQueries({
@NamedQuery(name="userHasRealmRole", query="select m from RealmUserRoleMappingEntity m where m.user = :user and m.role = :role and m.realm = :realm"),
@NamedQuery(name="userRealmMappings", query="select m from RealmUserRoleMappingEntity m where m.user = :user and m.realm = :realm")
})
@Entity
public class RealmUserRoleMappingEntity extends UserRoleMappingEntity {
@ManyToOne
protected RealmEntity realm;
public RealmEntity getRealm() {
return realm;
}
public void setRealm(RealmEntity realm) {
this.realm = realm;
}
}

View file

@ -1,22 +1,36 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Inheritance;
import javax.persistence.InheritanceType;
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
import javax.persistence.OneToMany;
import java.util.ArrayList;
import java.util.Collection;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@Entity
public class RoleEntity {
@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
public abstract class RoleEntity {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@GeneratedValue(strategy = GenerationType.AUTO)
private String id;
private String name;
private String description;
private boolean composite;
@ManyToMany(fetch = FetchType.LAZY, cascade = {})
//@JoinTable(name = "COMPOSITE_ROLE")
private Collection<RoleEntity> compositeRoles = new ArrayList<RoleEntity>();
public String getId() {
return id;
@ -41,4 +55,37 @@ public class RoleEntity {
public void setDescription(String description) {
this.description = description;
}
public boolean isComposite() {
return composite;
}
public void setComposite(boolean composite) {
this.composite = composite;
}
public Collection<RoleEntity> getCompositeRoles() {
return compositeRoles;
}
public void setCompositeRoles(Collection<RoleEntity> compositeRoles) {
this.compositeRoles = compositeRoles;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
RoleEntity that = (RoleEntity) o;
if (!id.equals(that.id)) return false;
return true;
}
@Override
public int hashCode() {
return id.hashCode();
}
}

View file

@ -1,46 +1,23 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.ManyToOne;
import javax.persistence.MappedSuperclass;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@MappedSuperclass
public abstract class UserRoleMappingEntity {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
protected long id;
@ManyToOne
protected UserEntity user;
@ManyToOne
protected RoleEntity role;
@NamedQueries({
@NamedQuery(name="userHasRole", query="select m from UserRoleMappingEntity m where m.user = :user and m.role = :role"),
@NamedQuery(name="userRoleMappings", query="select m from UserRoleMappingEntity m where m.user = :user")
})
@Entity
public class UserRoleMappingEntity extends AbstractRoleMappingEntity {
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public UserEntity getUser() {
return user;
}
public void setUser(UserEntity user) {
this.user = user;
}
public RoleEntity getRole() {
return role;
}
public void setRole(RoleEntity role) {
this.role = role;
}
}

View file

@ -0,0 +1,18 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.Entity;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@NamedQueries({
@NamedQuery(name="userHasScope", query="select m from UserScopeMappingEntity m where m.user = :user and m.role = :role"),
@NamedQuery(name="userScopeMappings", query="select m from UserScopeMappingEntity m where m.user = :user")
})
@Entity
public class UserScopeMappingEntity extends AbstractRoleMappingEntity {
}

View file

@ -35,7 +35,7 @@
</build>
<modules>
<module>api</module>
<module>picketlink</module>
<!-- <module>picketlink</module> -->
<module>jpa</module>
<!-- <module>mongo</module> -->
</modules>

View file

@ -47,12 +47,14 @@
<version>${project.version}</version>
<scope>test</scope>
</dependency>
<!--
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-model-picketlink</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
-->
<!--<dependency>
<groupId>org.keycloak</groupId>

View file

@ -74,11 +74,11 @@ public class ApplianceBootstrap {
realm.updateCredential(adminUser, password);
adminUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
adminConsole.grantRole(adminUser, adminRole);
realm.grantRole(adminUser, adminRole);
ApplicationModel accountApp = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
for (String r : accountApp.getDefaultRoles()) {
accountApp.grantRole(adminUser, accountApp.getRole(r));
realm.grantRole(adminUser, accountApp.getRole(r));
}
}

View file

@ -102,7 +102,7 @@ public class ApplicationManager {
if (role == null) {
role = applicationModel.addRole(roleString.trim());
}
applicationModel.grantRole(user, role);
realm.grantRole(user, role);
}
}
}
@ -115,7 +115,7 @@ public class ApplicationManager {
if (role == null) {
role = applicationModel.addRole(roleString.trim());
}
applicationModel.addScopeMapping(user, role.getName());
realm.addScopeMapping(user, role);
}
}
}
@ -125,6 +125,13 @@ public class ApplicationManager {
return createApplication(realm, loginRole, resourceRep);
}
public ApplicationModel createApplication(RealmModel realm, String name) {
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
ApplicationModel app = realm.addApplication(name);
realm.grantRole(app.getApplicationUser(), loginRole);
return app;
}
public void updateApplication(ApplicationRepresentation rep, ApplicationModel resource) {
resource.setName(rep.getName());
resource.setEnabled(rep.isEnabled());

View file

@ -9,6 +9,7 @@ import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.representations.idm.CredentialRepresentation;
@ -250,16 +251,18 @@ public class AuthenticationManager {
}
if (!user.isEnabled()) {
logger.debug("Account is disabled, contact admin.");
logger.debug("Account is disabled, contact admin. " + user.getLoginName());
return AuthenticationStatus.ACCOUNT_DISABLED;
}
Set<String> types = new HashSet<String>();
List<RequiredCredentialModel> requiredCredentials = null;
if (realm.hasRole(user, Constants.APPLICATION_ROLE)) {
RoleModel applicationRole = realm.getRole(Constants.APPLICATION_ROLE);
RoleModel identityRequesterRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
if (realm.hasRole(user, applicationRole)) {
requiredCredentials = realm.getRequiredApplicationCredentials();
} else if (realm.hasRole(user, Constants.IDENTITY_REQUESTER_ROLE)) {
} else if (realm.hasRole(user, identityRequesterRole)) {
requiredCredentials = realm.getRequiredOAuthClientCredentials();
} else {
requiredCredentials = realm.getRequiredCredentials();
@ -289,6 +292,7 @@ public class AuthenticationManager {
} else {
logger.debug("validating password for user: " + user.getLoginName());
if (!realm.validatePassword(user, password)) {
logger.debug("invalid password for user: " + user.getLoginName());
return AuthenticationStatus.INVALID_CREDENTIALS;
}
}

View file

@ -0,0 +1,112 @@
package org.keycloak.services.managers;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ModelToRepresentation {
public static UserRepresentation toRepresentation(UserModel user) {
UserRepresentation rep = new UserRepresentation();
rep.setUsername(user.getLoginName());
rep.setLastName(user.getLastName());
rep.setFirstName(user.getFirstName());
rep.setEmail(user.getEmail());
rep.setEnabled(user.isEnabled());
rep.setEmailVerified(user.isEmailVerified());
rep.setTotp(user.isTotp());
List<String> reqActions = new ArrayList<String>();
for (UserModel.RequiredAction ra : user.getRequiredActions()){
reqActions.add(ra.name());
}
rep.setRequiredActions(reqActions);
if (user.getAttributes() != null && !user.getAttributes().isEmpty()) {
Map<String, String> attrs = new HashMap<String, String>();
attrs.putAll(user.getAttributes());
rep.setAttributes(attrs);
}
return rep;
}
public static RoleRepresentation toRepresentation(RoleModel role) {
RoleRepresentation rep = new RoleRepresentation();
rep.setId(role.getId());
rep.setName(role.getName());
rep.setDescription(role.getDescription());
rep.setComposite(role.isComposite());
return rep;
}
public static RealmRepresentation toRepresentation(RealmModel realm) {
RealmRepresentation rep = new RealmRepresentation();
rep.setId(realm.getId());
rep.setRealm(realm.getName());
rep.setEnabled(realm.isEnabled());
rep.setSocial(realm.isSocial());
rep.setUpdateProfileOnInitialSocialLogin(realm.isUpdateProfileOnInitialSocialLogin());
rep.setSslNotRequired(realm.isSslNotRequired());
rep.setPublicKey(realm.getPublicKeyPem());
rep.setPrivateKey(realm.getPrivateKeyPem());
rep.setRegistrationAllowed(realm.isRegistrationAllowed());
rep.setVerifyEmail(realm.isVerifyEmail());
rep.setResetPasswordAllowed(realm.isResetPasswordAllowed());
rep.setTokenLifespan(realm.getTokenLifespan());
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction());
rep.setSmtpServer(realm.getSmtpConfig());
rep.setSocialProviders(realm.getSocialConfig());
if (realm.getPasswordPolicy() != null) {
rep.setPasswordPolicy(realm.getPasswordPolicy().toString());
}
ApplicationModel accountManagementApplication = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
List<String> defaultRoles = realm.getDefaultRoles();
if (!defaultRoles.isEmpty()) {
List<String> roleStrings = new ArrayList<String>();
roleStrings.addAll(defaultRoles);
rep.setDefaultRoles(roleStrings);
}
List<RequiredCredentialModel> requiredCredentialModels = realm.getRequiredCredentials();
if (requiredCredentialModels.size() > 0) {
rep.setRequiredCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredCredentialModels) {
rep.getRequiredCredentials().add(cred.getType());
}
}
List<RequiredCredentialModel> requiredResourceCredentialModels = realm.getRequiredApplicationCredentials();
if (requiredResourceCredentialModels.size() > 0) {
rep.setRequiredApplicationCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredResourceCredentialModels) {
rep.getRequiredApplicationCredentials().add(cred.getType());
}
}
List<RequiredCredentialModel> requiredOAuthCredentialModels = realm.getRequiredOAuthClientCredentials();
if (requiredOAuthCredentialModels.size() > 0) {
rep.setRequiredOAuthClientCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredOAuthCredentialModels) {
rep.getRequiredOAuthClientCredentials().add(cred.getType());
}
}
return rep;
}
}

View file

@ -309,7 +309,7 @@ public class RealmManager {
role = newRealm.addRole(roleString.trim());
}
UserModel user = userMap.get(scope.getUsername());
newRealm.addScopeMapping(user, role.getName());
newRealm.addScopeMapping(user, role);
}
}
@ -422,93 +422,4 @@ public class RealmManager {
}
public static UserRepresentation toRepresentation(UserModel user) {
UserRepresentation rep = new UserRepresentation();
rep.setUsername(user.getLoginName());
rep.setLastName(user.getLastName());
rep.setFirstName(user.getFirstName());
rep.setEmail(user.getEmail());
rep.setEnabled(user.isEnabled());
rep.setEmailVerified(user.isEmailVerified());
rep.setTotp(user.isTotp());
List<String> reqActions = new ArrayList<String>();
for (RequiredAction ra : user.getRequiredActions()){
reqActions.add(ra.name());
}
rep.setRequiredActions(reqActions);
if (user.getAttributes() != null && !user.getAttributes().isEmpty()) {
Map<String, String> attrs = new HashMap<String, String>();
attrs.putAll(user.getAttributes());
rep.setAttributes(attrs);
}
return rep;
}
public static RoleRepresentation toRepresentation(RoleModel role) {
RoleRepresentation rep = new RoleRepresentation();
rep.setId(role.getId());
rep.setName(role.getName());
rep.setDescription(role.getDescription());
return rep;
}
public static RealmRepresentation toRepresentation(RealmModel realm) {
RealmRepresentation rep = new RealmRepresentation();
rep.setId(realm.getId());
rep.setRealm(realm.getName());
rep.setEnabled(realm.isEnabled());
rep.setSocial(realm.isSocial());
rep.setUpdateProfileOnInitialSocialLogin(realm.isUpdateProfileOnInitialSocialLogin());
rep.setSslNotRequired(realm.isSslNotRequired());
rep.setPublicKey(realm.getPublicKeyPem());
rep.setPrivateKey(realm.getPrivateKeyPem());
rep.setRegistrationAllowed(realm.isRegistrationAllowed());
rep.setVerifyEmail(realm.isVerifyEmail());
rep.setResetPasswordAllowed(realm.isResetPasswordAllowed());
rep.setTokenLifespan(realm.getTokenLifespan());
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction());
rep.setSmtpServer(realm.getSmtpConfig());
rep.setSocialProviders(realm.getSocialConfig());
if (realm.getPasswordPolicy() != null) {
rep.setPasswordPolicy(realm.getPasswordPolicy().toString());
}
ApplicationModel accountManagementApplication = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
List<String> defaultRoles = realm.getDefaultRoles();
if (!defaultRoles.isEmpty()) {
List<String> roleStrings = new ArrayList<String>();
roleStrings.addAll(defaultRoles);
rep.setDefaultRoles(roleStrings);
}
List<RequiredCredentialModel> requiredCredentialModels = realm.getRequiredCredentials();
if (requiredCredentialModels.size() > 0) {
rep.setRequiredCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredCredentialModels) {
rep.getRequiredCredentials().add(cred.getType());
}
}
List<RequiredCredentialModel> requiredResourceCredentialModels = realm.getRequiredApplicationCredentials();
if (requiredResourceCredentialModels.size() > 0) {
rep.setRequiredApplicationCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredResourceCredentialModels) {
rep.getRequiredApplicationCredentials().add(cred.getType());
}
}
List<RequiredCredentialModel> requiredOAuthCredentialModels = realm.getRequiredOAuthClientCredentials();
if (requiredOAuthCredentialModels.size() > 0) {
rep.setRequiredOAuthClientCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredOAuthCredentialModels) {
rep.getRequiredOAuthClientCredentials().add(cred.getType());
}
}
return rep;
}
}

View file

@ -2,7 +2,6 @@ package org.keycloak.services.managers;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.util.JsonSerialization;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
@ -11,10 +10,12 @@ import org.keycloak.models.UserModel;
import org.keycloak.representations.SkeletonKeyScope;
import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.util.Base64Url;
import org.keycloak.util.JsonSerialization;
import javax.ws.rs.core.MultivaluedMap;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
@ -44,48 +45,104 @@ public class TokenManager {
return accessCodeMap.remove(key);
}
protected boolean desiresScope(SkeletonKeyScope scope, String key, String roleName) {
if (scope == null || scope.isEmpty()) return true;
List<String> val = scope.get(key);
if (val == null) return false;
return val.contains(roleName);
}
protected boolean desiresScopeGroup(SkeletonKeyScope scope, String key) {
if (scope == null || scope.isEmpty()) return true;
return scope.containsKey(key);
}
protected boolean isEmpty(SkeletonKeyScope scope) {
return scope == null || scope.isEmpty();
}
public static void addScopes(RoleModel role, RoleModel scope, Set<RoleModel> visited, Set<RoleModel> requested) {
if (visited.contains(scope)) return;
visited.add(scope);
if (role.hasRole(scope)) {
requested.add(scope);
return;
}
if (!scope.isComposite()) return;
for (RoleModel contained : scope.getComposites()) {
addScopes(role, contained, visited, requested);
}
}
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) {
boolean applicationResource = realm.hasRole(client, realm.getRole(Constants.APPLICATION_ROLE));
AccessCodeEntry code = new AccessCodeEntry();
SkeletonKeyScope scopeMap = null;
if (scopeParam != null) scopeMap = decodeScope(scopeParam);
List<RoleModel> realmRolesRequested = code.getRealmRolesRequested();
MultivaluedMap<String, RoleModel> resourceRolesRequested = code.getResourceRolesRequested();
Set<String> realmMapping = realm.getRoleMappingValues(user);
if (realmMapping != null && realmMapping.size() > 0 && (scopeMap == null || scopeMap.containsKey("realm"))) {
Set<String> scope = realm.getScopeMappingValues(client);
if (scope.size() > 0) {
Set<String> scopeRequest = scopeMap != null ? new HashSet<String>(scopeMap.get("realm")) : null;
for (String role : realmMapping) {
if ((scopeRequest == null || scopeRequest.contains(role)) && scope.contains(role))
realmRolesRequested.add(realm.getRole(role));
}
}
}
for (ApplicationModel resource : realm.getApplications()) {
if (applicationResource && resource.getApplicationUser().getLoginName().equals(client.getLoginName())) {
for (String role : resource.getRoleMappingValues(user)) {
resourceRolesRequested.addAll(resource.getName(), resource.getRole(role));
}
} else {
Set<String> mapping = resource.getRoleMappingValues(user);
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
Set<String> scope = resource.getScopeMappingValues(client);
if (scope.size() > 0) {
Set<String> scopeRequest = scopeMap != null ? new HashSet<String>(scopeMap.get(resource.getName())) : null;
for (String role : mapping) {
if ((scopeRequest == null || scopeRequest.contains(role)) && scope.contains(role))
resourceRolesRequested.add(resource.getName(), resource.getRole(role));
Set<RoleModel> roleMappings = realm.getRoleMappings(user);
Set<RoleModel> scopeMappings = realm.getScopeMappings(client);
ApplicationModel clientApp = realm.getApplicationByName(client.getLoginName());
Set<RoleModel> clientAppRoles = clientApp == null ? null : clientApp.getRoles();
if (clientAppRoles != null) scopeMappings.addAll(clientAppRoles);
Set<RoleModel> requestedRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
if (clientApp != null && role.getContainer().equals(clientApp)) requestedRoles.add(role);
for (RoleModel desiredRole : scopeMappings) {
Set<RoleModel> visited = new HashSet<RoleModel>();
addScopes(role, desiredRole, visited, requestedRoles);
}
}
for (RoleModel role : requestedRoles) {
if (role.getContainer() instanceof RealmModel && desiresScope(scopeMap, "realm", role.getName())) {
realmRolesRequested.add(role);
} else if (role.getContainer() instanceof ApplicationModel) {
ApplicationModel app = (ApplicationModel)role.getContainer();
if (desiresScope(scopeMap, app.getName(), role.getName())) {
resourceRolesRequested.add(app.getName(), role);
}
}
}
Set<RoleModel> realmRoleMappings = realm.getRealmRoleMappings(user);
for (RoleModel role : realmRoleMappings) {
if (!desiresScope(scopeMap, "realm", role.getName())) continue;
for (RoleModel desiredRole : scopeMappings) {
if (desiredRole.hasRole(role)) {
realmRolesRequested.add(role);
} else if (role.hasRole(desiredRole)) {
realmRolesRequested.add(desiredRole);
}
}
}
for (ApplicationModel application : realm.getApplications()) {
if (!desiresScopeGroup(scopeMap, application.getName())) continue;
Set<RoleModel> appRoleMappings = application.getApplicationRoleMappings(user);
for (RoleModel role : appRoleMappings) {
if (!desiresScope(scopeMap, application.getName(), role.getName())) continue;
for (RoleModel desiredRole : scopeMappings) {
if (!application.getApplicationUser().getLoginName().equals(client.getLoginName())
&& !desiredRole.hasRole(role)) continue;
resourceRolesRequested.add(application.getName(), role);
}
}
}
createToken(code, realm, client, user);
code.setRealm(realm);
code.setExpiration((System.currentTimeMillis() / 1000) + realm.getAccessCodeLifespan());
@ -121,25 +178,48 @@ public class TokenManager {
return token;
}
protected void addComposites(SkeletonKeyToken token, RoleModel role) {
SkeletonKeyToken.Access access = null;
if (role.getContainer() instanceof RealmModel) {
access = token.getRealmAccess();
if (token.getRealmAccess() == null) {
access = new SkeletonKeyToken.Access();
token.setRealmAccess(access);
} else if (token.getRealmAccess().getRoles() != null && token.getRealmAccess().isUserInRole(role.getName()))
return;
} else {
ApplicationModel app = (ApplicationModel) role.getContainer();
access = token.getResourceAccess(app.getName());
if (access == null) {
access = token.addAccess(app.getName());
if (app.isSurrogateAuthRequired()) access.verifyCaller(true);
} else if (access.isUserInRole(role.getName())) return;
}
access.addRole(role.getName());
if (!role.isComposite()) return;
for (RoleModel composite : role.getComposites()) {
addComposites(token, composite);
}
}
protected void createToken(AccessCodeEntry accessCodeEntry, RealmModel realm, UserModel client, UserModel user) {
SkeletonKeyToken token = initToken(realm, client, user);
if (accessCodeEntry.getRealmRolesRequested().size() > 0) {
SkeletonKeyToken.Access access = new SkeletonKeyToken.Access();
for (RoleModel role : accessCodeEntry.getRealmRolesRequested()) {
access.addRole(role.getName());
addComposites(token, role);
}
token.setRealmAccess(access);
}
if (accessCodeEntry.getResourceRolesRequested().size() > 0) {
Map<String, ApplicationModel> resourceMap = realm.getApplicationNameMap();
for (String resourceName : accessCodeEntry.getResourceRolesRequested().keySet()) {
ApplicationModel resource = resourceMap.get(resourceName);
SkeletonKeyToken.Access access = token.addAccess(resourceName).verifyCaller(resource.isSurrogateAuthRequired());
for (RoleModel role : accessCodeEntry.getResourceRolesRequested().get(resourceName)) {
access.addRole(role.getName());
for (List<RoleModel> roles : accessCodeEntry.getResourceRolesRequested().values()) {
for (RoleModel role : roles) {
addComposites(token, role);
}
}
}
@ -169,7 +249,6 @@ public class TokenManager {
public SkeletonKeyToken createAccessToken(RealmModel realm, UserModel user) {
List<ApplicationModel> resources = realm.getApplications();
SkeletonKeyToken token = new SkeletonKeyToken();
token.id(RealmManager.generateId());
token.issuedNow();
@ -178,26 +257,8 @@ public class TokenManager {
if (realm.getTokenLifespan() > 0) {
token.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan());
}
Set<String> realmMapping = realm.getRoleMappingValues(user);
if (realmMapping != null && realmMapping.size() > 0) {
SkeletonKeyToken.Access access = new SkeletonKeyToken.Access();
for (String role : realmMapping) {
access.addRole(role);
}
token.setRealmAccess(access);
}
if (resources != null) {
for (ApplicationModel resource : resources) {
Set<String> mapping = resource.getRoleMappingValues(user);
if (mapping == null) continue;
SkeletonKeyToken.Access access = token.addAccess(resource.getName())
.verifyCaller(resource.isSurrogateAuthRequired());
for (String role : mapping) {
access.addRole(role);
}
}
for (RoleModel role : realm.getRoleMappings(user)) {
addComposites(token, role);
}
return token;
}

View file

@ -33,7 +33,7 @@ import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.AccessCodeEntry;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.TokenManager;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.flows.Flows;
@ -124,7 +124,7 @@ public class AccountService {
if (!hasAccess(auth, Constants.ACCOUNT_PROFILE_ROLE)) {
return Response.status(Response.Status.FORBIDDEN).build();
}
return Cors.add(request, Response.ok(RealmManager.toRepresentation(auth.getUser()))).auth().allowedOrigins(auth.getClient()).build();
return Cors.add(request, Response.ok(ModelToRepresentation.toRepresentation(auth.getUser()))).auth().allowedOrigins(auth.getClient()).build();
} else {
return Response.notAcceptable(Variant.VariantListBuilder.newInstance().mediaTypes(MediaType.TEXT_HTML_TYPE, MediaType.APPLICATION_JSON_TYPE).build()).build();
}
@ -382,7 +382,7 @@ public class AccountService {
private boolean hasAccess(AuthenticationManager.Auth auth, String role) {
UserModel client = auth.getClient();
if (realm.hasRole(client, Constants.APPLICATION_ROLE)) {
if (realm.hasRole(client, realm.getRole(Constants.APPLICATION_ROLE))) {
// Tokens from cookies don't have roles
UserModel user = auth.getUser();
if (hasRole(user, Constants.ACCOUNT_MANAGE_ROLE) || (role != null && hasRole(user, role))) {
@ -401,7 +401,7 @@ public class AccountService {
}
private boolean hasRole(UserModel user, String role) {
return application.hasRole(user, role);
return realm.hasRole(user, application.getRole(role));
}
private String getReferrer() {

View file

@ -191,7 +191,7 @@ public class AdminService {
throw new NotFoundException();
}
RoleModel adminRole = adminConsole.getRole(Constants.ADMIN_CONSOLE_ADMIN_ROLE);
if (!adminConsole.hasRole(admin, adminRole)) {
if (!saasRealm.hasRole(admin, adminRole)) {
logger.warn("not a Realm admin");
throw new NotAuthorizedException("Bearer");
}
@ -308,7 +308,8 @@ public class AdminService {
logger.debug("bad client");
return redirectOnLoginError("invalid login data");
}
if (!adminConsole.hasRole(accessCode.getUser(), Constants.ADMIN_CONSOLE_ADMIN_ROLE)) {
RoleModel adminConsoleAdminRole = adminConsole.getRole(Constants.ADMIN_CONSOLE_ADMIN_ROLE);
if (!realm.hasRole(accessCode.getUser(), adminConsoleAdminRole)) {
logger.debug("not allowed");
return redirectOnLoginError("No permission to access console");
}

View file

@ -6,6 +6,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.RealmManager;
import javax.ws.rs.*;
@ -51,7 +52,7 @@ public class RealmAdminResource extends RoleContainerResource {
@NoCache
@Produces("application/json")
public RealmRepresentation getRealm() {
return RealmManager.toRepresentation(realm);
return ModelToRepresentation.toRepresentation(realm);
}

View file

@ -9,6 +9,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.flows.Flows;
@ -59,7 +60,7 @@ public class RealmsAdminResource {
List<RealmModel> realms = session.getRealms(admin);
List<RealmRepresentation> reps = new ArrayList<RealmRepresentation>();
for (RealmModel realm : realms) {
reps.add(realmManager.toRepresentation(realm));
reps.add(ModelToRepresentation.toRepresentation(realm));
}
return reps;
}

View file

@ -5,6 +5,7 @@ import org.keycloak.models.Constants;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.resources.flows.Flows;
import javax.ws.rs.*;
@ -12,7 +13,10 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -30,13 +34,11 @@ public class RoleContainerResource {
@NoCache
@Produces("application/json")
public List<RoleRepresentation> getRoles() {
List<RoleModel> roleModels = roleContainer.getRoles();
Set<RoleModel> roleModels = roleContainer.getRoles();
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : roleModels) {
if (!roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
RoleRepresentation role = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
role.setId(roleModel.getId());
roles.add(role);
roles.add(ModelToRepresentation.toRepresentation(roleModel));
}
}
return roles;
@ -51,9 +53,7 @@ public class RoleContainerResource {
if (roleModel == null || roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException("Could not find role: " + roleName);
}
RoleRepresentation rep = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
rep.setId(roleModel.getId());
return rep;
return ModelToRepresentation.toRepresentation(roleModel);
}
@Path("roles/{role-name}")
@ -79,8 +79,65 @@ public class RoleContainerResource {
}
role.setName(rep.getName());
role.setDescription(rep.getDescription());
role.setComposite(rep.isComposite());
}
@Path("roles/{role-name}/composites")
@POST
@Consumes("application/json")
public void addComposites(final @PathParam("role-name") String roleName, List<RoleRepresentation> roles) {
RoleModel role = roleContainer.getRole(roleName);
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException("Could not find role: " + roleName);
}
for (RoleRepresentation rep : roles) {
RoleModel composite = roleContainer.getRole(rep.getName());
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException("Could not find composite role: " + rep.getName());
}
if (!role.isComposite()) role.setComposite(true);
role.addCompositeRole(composite);
}
}
@Path("roles/{role-name}/composites")
@GET
@NoCache
@Produces("application/json")
public Set<RoleRepresentation> getRoleComposites(final @PathParam("role-name") String roleName) {
RoleModel role = roleContainer.getRole(roleName);
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException("Could not find role: " + roleName);
}
if (!role.isComposite() || role.getComposites().size() == 0) return Collections.emptySet();
Set<RoleRepresentation> composites = new HashSet<RoleRepresentation>(role.getComposites().size());
for (RoleModel composite : role.getComposites()) {
composites.add(ModelToRepresentation.toRepresentation(composite));
}
return composites;
}
@Path("roles/{role-name}/composites")
@DELETE
@Consumes("application/json")
public void deleteComposites(final @PathParam("role-name") String roleName, List<RoleRepresentation> roles) {
RoleModel role = roleContainer.getRole(roleName);
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException("Could not find role: " + roleName);
}
for (RoleRepresentation rep : roles) {
RoleModel composite = roleContainer.getRole(rep.getName());
if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException("Could not find composite role: " + rep.getName());
}
role.removeCompositeRole(composite);
}
if (role.getComposites().size() > 0) role.setComposite(false);
}
@Path("roles")
@POST
@Consumes("application/json")
@ -93,6 +150,7 @@ public class RoleContainerResource {
throw new NotFoundException();
}
role.setDescription(rep.getDescription());
role.setComposite(rep.isComposite());
return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build();
}
}

View file

@ -9,6 +9,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.ApplicationMappingsRepresentation;
import org.keycloak.representations.idm.MappingsRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.RealmManager;
import javax.ws.rs.Consumes;
@ -23,6 +24,7 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -44,12 +46,12 @@ public class ScopeMappedResource {
@NoCache
public MappingsRepresentation getScopeMappings() {
MappingsRepresentation all = new MappingsRepresentation();
List<RoleModel> realmMappings = realm.getScopeMappings(agent);
Set<RoleModel> realmMappings = realm.getRealmScopeMappings(agent);
RealmManager manager = new RealmManager(session);
if (realmMappings.size() > 0) {
List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : realmMappings) {
realmRep.add(manager.toRepresentation(roleModel));
realmRep.add(ModelToRepresentation.toRepresentation(roleModel));
}
all.setRealmMappings(realmRep);
}
@ -58,7 +60,7 @@ public class ScopeMappedResource {
if (applications.size() > 0) {
Map<String, ApplicationMappingsRepresentation> appMappings = new HashMap<String, ApplicationMappingsRepresentation>();
for (ApplicationModel app : applications) {
List<RoleModel> roleMappings = app.getScopeMappings(agent);
Set<RoleModel> roleMappings = app.getApplicationScopeMappings(agent);
if (roleMappings.size() > 0) {
ApplicationMappingsRepresentation mappings = new ApplicationMappingsRepresentation();
mappings.setApplicationId(app.getId());
@ -66,7 +68,7 @@ public class ScopeMappedResource {
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
mappings.setMappings(roles);
for (RoleModel role : roleMappings) {
roles.add(manager.toRepresentation(role));
roles.add(ModelToRepresentation.toRepresentation(role));
}
appMappings.put(app.getName(), mappings);
all.setApplicationMappings(appMappings);
@ -81,11 +83,11 @@ public class ScopeMappedResource {
@Produces("application/json")
@NoCache
public List<RoleRepresentation> getRealmScopeMappings() {
List<RoleModel> realmMappings = realm.getScopeMappings(agent);
Set<RoleModel> realmMappings = realm.getRealmScopeMappings(agent);
List<RoleRepresentation> realmMappingsRep = new ArrayList<RoleRepresentation>();
RealmManager manager = new RealmManager(session);
for (RoleModel roleModel : realmMappings) {
realmMappingsRep.add(manager.toRepresentation(roleModel));
realmMappingsRep.add(ModelToRepresentation.toRepresentation(roleModel));
}
return realmMappingsRep;
}
@ -110,7 +112,7 @@ public class ScopeMappedResource {
@Consumes("application/json")
public void deleteRealmScopeMappings(List<RoleRepresentation> roles) {
if (roles == null) {
List<RoleModel> roleModels = realm.getScopeMappings(agent);
Set<RoleModel> roleModels = realm.getRealmScopeMappings(agent);
for (RoleModel roleModel : roleModels) {
realm.deleteScopeMapping(agent, roleModel);
}
@ -137,10 +139,10 @@ public class ScopeMappedResource {
throw new NotFoundException();
}
List<RoleModel> mappings = app.getScopeMappings(agent);
Set<RoleModel> mappings = app.getApplicationScopeMappings(agent);
List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : mappings) {
mapRep.add(RealmManager.toRepresentation(roleModel));
mapRep.add(ModelToRepresentation.toRepresentation(roleModel));
}
return mapRep;
}
@ -160,7 +162,7 @@ public class ScopeMappedResource {
if (roleModel == null) {
throw new NotFoundException();
}
app.addScopeMapping(agent, roleModel);
realm.addScopeMapping(agent, roleModel);
}
}
@ -168,7 +170,7 @@ public class ScopeMappedResource {
@Path("applications/{app}")
@DELETE
@Consumes("application/json")
public void deleteApplicationRoleMapping(@PathParam("app") String appName, List<RoleRepresentation> roles) {
public void deleteApplicationScopeMapping(@PathParam("app") String appName, List<RoleRepresentation> roles) {
ApplicationModel app = realm.getApplicationByName(appName);
if (app == null) {
@ -176,9 +178,9 @@ public class ScopeMappedResource {
}
if (roles == null) {
List<RoleModel> roleModels = app.getScopeMappings(agent);
Set<RoleModel> roleModels = app.getApplicationScopeMappings(agent);
for (RoleModel roleModel : roleModels) {
app.deleteScopeMapping(agent, roleModel);
realm.deleteScopeMapping(agent, roleModel);
}
} else {
@ -187,7 +189,7 @@ public class ScopeMappedResource {
if (roleModel == null) {
throw new NotFoundException();
}
app.deleteScopeMapping(agent, roleModel);
realm.deleteScopeMapping(agent, roleModel);
}
}
}

View file

@ -10,6 +10,7 @@ import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.*;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.flows.Flows;
@ -32,6 +33,7 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -115,7 +117,7 @@ public class UsersResource {
if (user == null || !isUser(user)) {
throw new NotFoundException();
}
return new RealmManager(session).toRepresentation(user);
return ModelToRepresentation.toRepresentation(user);
}
@Path("{username}")
@ -154,7 +156,7 @@ public class UsersResource {
}
userModels = realm.searchForUserByAttributes(attributes);
for (UserModel user : userModels) {
results.add(manager.toRepresentation(user));
results.add(ModelToRepresentation.toRepresentation(user));
}
} else {
userModels = realm.getUsers();
@ -162,7 +164,7 @@ public class UsersResource {
for (UserModel user : userModels) {
if (isUser(user)) {
results.add(manager.toRepresentation(user));
results.add(ModelToRepresentation.toRepresentation(user));
}
}
return results;
@ -183,12 +185,12 @@ public class UsersResource {
}
MappingsRepresentation all = new MappingsRepresentation();
List<RoleModel> realmMappings = realm.getRoleMappings(user);
Set<RoleModel> realmMappings = realm.getRoleMappings(user);
RealmManager manager = new RealmManager(session);
if (realmMappings.size() > 0) {
List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : realmMappings) {
realmRep.add(manager.toRepresentation(roleModel));
realmRep.add(ModelToRepresentation.toRepresentation(roleModel));
}
all.setRealmMappings(realmRep);
}
@ -197,7 +199,7 @@ public class UsersResource {
if (applications.size() > 0) {
Map<String, ApplicationMappingsRepresentation> appMappings = new HashMap<String, ApplicationMappingsRepresentation>();
for (ApplicationModel application : applications) {
List<RoleModel> roleMappings = application.getRoleMappings(user);
Set<RoleModel> roleMappings = application.getApplicationRoleMappings(user);
if (roleMappings.size() > 0) {
ApplicationMappingsRepresentation mappings = new ApplicationMappingsRepresentation();
mappings.setApplicationId(application.getId());
@ -205,7 +207,7 @@ public class UsersResource {
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
mappings.setMappings(roles);
for (RoleModel role : roleMappings) {
roles.add(manager.toRepresentation(role));
roles.add(ModelToRepresentation.toRepresentation(role));
}
appMappings.put(application.getName(), mappings);
all.setApplicationMappings(appMappings);
@ -225,11 +227,11 @@ public class UsersResource {
throw new NotFoundException();
}
List<RoleModel> realmMappings = realm.getRoleMappings(user);
Set<RoleModel> realmMappings = realm.getRealmRoleMappings(user);
List<RoleRepresentation> realmMappingsRep = new ArrayList<RoleRepresentation>();
RealmManager manager = new RealmManager(session);
for (RoleModel roleModel : realmMappings) {
realmMappingsRep.add(manager.toRepresentation(roleModel));
realmMappingsRep.add(ModelToRepresentation.toRepresentation(roleModel));
}
return realmMappingsRep;
}
@ -266,7 +268,7 @@ public class UsersResource {
}
if (roles == null) {
List<RoleModel> roleModels = realm.getRoleMappings(user);
Set<RoleModel> roleModels = realm.getRealmRoleMappings(user);
for (RoleModel roleModel : roleModels) {
realm.deleteRoleMapping(user, roleModel);
}
@ -300,10 +302,10 @@ public class UsersResource {
throw new NotFoundException();
}
List<RoleModel> mappings = application.getRoleMappings(user);
Set<RoleModel> mappings = application.getApplicationRoleMappings(user);
List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : mappings) {
mapRep.add(RealmManager.toRepresentation(roleModel));
mapRep.add(ModelToRepresentation.toRepresentation(roleModel));
}
logger.debug("getApplicationRoleMappings.size() = {0}", mapRep.size());
return mapRep;
@ -330,7 +332,7 @@ public class UsersResource {
if (roleModel == null) {
throw new NotFoundException();
}
application.grantRole(user, roleModel);
realm.grantRole(user, roleModel);
}
}
@ -351,9 +353,13 @@ public class UsersResource {
}
if (roles == null) {
List<RoleModel> roleModels = application.getRoleMappings(user);
Set<RoleModel> roleModels = application.getApplicationRoleMappings(user);
for (RoleModel roleModel : roleModels) {
application.deleteRoleMapping(user, roleModel);
if (!(roleModel.getContainer() instanceof ApplicationModel)) {
ApplicationModel app = (ApplicationModel)roleModel.getContainer();
if (!app.getId().equals(application.getId())) continue;
}
realm.deleteRoleMapping(user, roleModel);
}
} else {
@ -362,7 +368,7 @@ public class UsersResource {
if (roleModel == null) {
throw new NotFoundException();
}
application.deleteRoleMapping(user, roleModel);
realm.deleteRoleMapping(user, roleModel);
}
}
}

View file

@ -170,7 +170,7 @@ public class AdapterTest extends AbstractKeycloakTest {
OAuthClientModel oauth = new OAuthClientManager(realmModel).create("oauth-client");
oauth = realmModel.getOAuthClient("oauth-client");
Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), Constants.IDENTITY_REQUESTER_ROLE));
Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), realmModel.getRole(Constants.IDENTITY_REQUESTER_ROLE)));
}
@ -188,7 +188,7 @@ public class AdapterTest extends AbstractKeycloakTest {
ApplicationModel app = realmModel.addApplication("test-app");
RoleModel appRole = app.addRole("test");
app.grantRole(user, appRole);
realmModel.grantRole(user, appRole);
SocialLinkModel socialLink = new SocialLinkModel("google", user.getLoginName());
realmModel.addSocialLink(user, socialLink);
@ -214,8 +214,8 @@ public class AdapterTest extends AbstractKeycloakTest {
ApplicationModel app = realmModel.addApplication("test-app");
RoleModel appRole = app.addRole("test");
app.grantRole(user, appRole);
app.addScopeMapping(client.getOAuthAgent(), appRole);
realmModel.grantRole(user, appRole);
realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
RoleModel realmRole = realmModel.addRole("test");
realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
@ -242,8 +242,8 @@ public class AdapterTest extends AbstractKeycloakTest {
ApplicationModel app = realmModel.addApplication("test-app");
RoleModel appRole = app.addRole("test");
app.grantRole(user, appRole);
app.addScopeMapping(client.getOAuthAgent(), appRole);
realmModel.grantRole(user, appRole);
realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
RoleModel realmRole = realmModel.addRole("test");
realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
@ -265,8 +265,8 @@ public class AdapterTest extends AbstractKeycloakTest {
ApplicationModel app = realmModel.addApplication("test-app");
RoleModel appRole = app.addRole("test");
app.grantRole(user, appRole);
app.addScopeMapping(client.getOAuthAgent(), appRole);
realmModel.grantRole(user, appRole);
realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
RoleModel realmRole = realmModel.addRole("test");
realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
@ -448,7 +448,7 @@ public class AdapterTest extends AbstractKeycloakTest {
test1CreateRealm();
realmModel.addRole("admin");
realmModel.addRole("user");
List<RoleModel> roles = realmModel.getRoles();
Set<RoleModel> roles = realmModel.getRoles();
Assert.assertEquals(5, roles.size());
UserModel user = realmModel.addUser("bburke");
RoleModel role = realmModel.getRole("user");

View file

@ -7,6 +7,7 @@ import org.junit.runners.MethodSorters;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.RealmRepresentation;
@ -49,7 +50,7 @@ public class ImportTest extends AbstractKeycloakTest {
UserModel user = realm.getUser("loginclient");
Assert.assertNotNull(user);
Set<String> scopes = realm.getScopeMappingValues(user);
Set<RoleModel> scopes = realm.getRealmScopeMappings(user);
Assert.assertEquals(0, scopes.size());
Assert.assertEquals(0, realm.getSocialLinks(user).size());
@ -61,8 +62,9 @@ public class ImportTest extends AbstractKeycloakTest {
UserModel oauthClient = realm.getUser("oauthclient");
Assert.assertNotNull(application);
Assert.assertNotNull(oauthClient);
Set<String> appScopes = application.getScopeMappingValues(oauthClient);
Assert.assertTrue(appScopes.contains("user"));
Set<RoleModel> appScopes = application.getApplicationScopeMappings(oauthClient);
RoleModel appUserRole = application.getRole("user");
Assert.assertTrue(appScopes.contains(appUserRole));
// Test social linking
UserModel socialUser = realm.getUser("mySocialUser");

View file

@ -10,6 +10,7 @@ import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication;
@ -101,7 +102,7 @@ public class ModelTest extends AbstractKeycloakServerTest {
}
private RealmModel importExport(RealmModel src, String copyName) {
RealmRepresentation representation = manager.toRepresentation(src);
RealmRepresentation representation = ModelToRepresentation.toRepresentation(src);
RealmModel copy = manager.createRealm(copyName);
manager.importRealm(representation, copy);
return manager.getRealm(copy.getId());

View file

@ -2,6 +2,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
version="1.0">
<!--
<persistence-unit name="picketlink-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider>
@ -33,23 +34,22 @@
<property name="hibernate.format_sql" value="true" />
</properties>
</persistence-unit>
-->
<persistence-unit name="jpa-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider>
<class>org.keycloak.models.jpa.entities.ApplicationEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationScopeMappingEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationUserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.CredentialEntity</class>
<class>org.keycloak.models.jpa.entities.OAuthClientEntity</class>
<class>org.keycloak.models.jpa.entities.RealmEntity</class>
<class>org.keycloak.models.jpa.entities.RealmScopeMappingEntity</class>
<class>org.keycloak.models.jpa.entities.RealmUserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class>
<class>org.keycloak.models.jpa.entities.RoleEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationRoleEntity</class>
<class>org.keycloak.models.jpa.entities.RealmRoleEntity</class>
<class>org.keycloak.models.jpa.entities.SocialLinkEntity</class>
<class>org.keycloak.models.jpa.entities.UserEntity</class>
<class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.UserScopeMappingEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes>

View file

@ -61,11 +61,13 @@
<artifactId>keycloak-model-jpa</artifactId>
<version>${project.version}</version>
</dependency>
<!--
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-model-picketlink</artifactId>
<version>${project.version}</version>
</dependency>
-->
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-social-core</artifactId>

View file

@ -6,18 +6,16 @@
<provider>org.hibernate.ejb.HibernatePersistence</provider>
<class>org.keycloak.models.jpa.entities.ApplicationEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationScopeMappingEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationUserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.CredentialEntity</class>
<class>org.keycloak.models.jpa.entities.OAuthClientEntity</class>
<class>org.keycloak.models.jpa.entities.RealmEntity</class>
<class>org.keycloak.models.jpa.entities.RealmScopeMappingEntity</class>
<class>org.keycloak.models.jpa.entities.RealmUserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class>
<class>org.keycloak.models.jpa.entities.RoleEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationRoleEntity</class>
<class>org.keycloak.models.jpa.entities.RealmRoleEntity</class>
<class>org.keycloak.models.jpa.entities.SocialLinkEntity</class>
<class>org.keycloak.models.jpa.entities.UserEntity</class>
<class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.UserScopeMappingEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes>
@ -32,6 +30,7 @@
</properties>
</persistence-unit>
<!--
<persistence-unit name="picketlink-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider>
@ -63,4 +62,5 @@
<property name="hibernate.format_sql" value="true" />
</properties>
</persistence-unit>
-->
</persistence>

View file

@ -226,6 +226,10 @@ public class OAuthClient {
this.realm = realm;
return this;
}
public OAuthClient realmPublicKey(PublicKey key) {
this.realmPublicKey = key;
return this;
}
public OAuthClient clientId(String clientId) {
this.clientId = clientId;

View file

@ -58,7 +58,7 @@ public class ProfileTest {
UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
user2.setEnabled(true);
for (String r : accountApp.getDefaultRoles()) {
accountApp.deleteRoleMapping(user2, accountApp.getRole(r));
appRealm.deleteRoleMapping(user2, accountApp.getRole(r));
}
UserCredentialModel creds = new UserCredentialModel();
creds.setType(CredentialRepresentation.PASSWORD);
@ -66,12 +66,12 @@ public class ProfileTest {
appRealm.updateCredential(user2, creds);
ApplicationModel app = appRealm.getApplicationNameMap().get("test-app");
accountApp.addScopeMapping(app.getApplicationUser(), org.keycloak.models.Constants.ACCOUNT_PROFILE_ROLE);
appRealm.addScopeMapping(app.getApplicationUser(), accountApp.getRole(org.keycloak.models.Constants.ACCOUNT_PROFILE_ROLE));
app.getApplicationUser().addWebOrigin("http://localtest.me:8081");
UserModel thirdParty = appRealm.getUser("third-party");
accountApp.addScopeMapping(thirdParty, org.keycloak.models.Constants.ACCOUNT_PROFILE_ROLE);
appRealm.addScopeMapping(thirdParty, accountApp.getRole(org.keycloak.models.Constants.ACCOUNT_PROFILE_ROLE));
}
});

View file

@ -0,0 +1,277 @@
/*
* JBoss, Home of Professional Open Source.
* Copyright 2012, Red Hat, Inc., and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.keycloak.testsuite.composites;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.services.managers.ApplicationManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.ApplicationServlet;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;
import java.security.PublicKey;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class CompositeRoleTest {
public static PublicKey realmPublicKey;
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){
@Override
protected void configure(RealmManager manager, RealmModel adminRealm) {
RealmModel realm = manager.createRealm("Test");
manager.generateRealmKeys(realm);
realmPublicKey = realm.getPublicKey();
realm.setTokenLifespan(10000);
realm.setAccessCodeLifespanUserAction(1000);
realm.setAccessCodeLifespan(1000);
realm.setSslNotRequired(true);
realm.setEnabled(true);
realm.addRequiredResourceCredential(UserCredentialModel.PASSWORD);
realm.addRequiredOAuthClientCredential(UserCredentialModel.PASSWORD);
realm.addRequiredCredential(UserCredentialModel.PASSWORD);
final RoleModel realmRole1 = realm.addRole("REALM_ROLE_1");
final RoleModel realmRole2 = realm.addRole("REALM_ROLE_2");
final RoleModel realmRole3 = realm.addRole("REALM_ROLE_3");
final RoleModel realmComposite1 = realm.addRole("REALM_COMPOSITE_1");
realmComposite1.setComposite(true);
realmComposite1.addCompositeRole(realmRole1);
final UserModel realmComposite1User = realm.addUser("REALM_COMPOSITE_1_USER");
realmComposite1User.setEnabled(true);
realm.updateCredential(realmComposite1User, UserCredentialModel.password("password"));
realm.grantRole(realmComposite1User, realmComposite1);
final UserModel realmRole1User = realm.addUser("REALM_ROLE_1_USER");
realmRole1User.setEnabled(true);
realm.updateCredential(realmRole1User, UserCredentialModel.password("password"));
realm.grantRole(realmRole1User, realmRole1);
final ApplicationModel realmComposite1Application = new ApplicationManager(manager).createApplication(realm, "REALM_COMPOSITE_1_APPLICATION");
realmComposite1Application.setEnabled(true);
realmComposite1Application.addScope(realmComposite1);
realmComposite1Application.setBaseUrl("http://localhost:8081/app");
realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout");
realm.updateCredential(realmComposite1Application.getApplicationUser(), UserCredentialModel.password("password"));
final ApplicationModel realmRole1Application = new ApplicationManager(manager).createApplication(realm, "REALM_ROLE_1_APPLICATION");
realmRole1Application.setEnabled(true);
realmRole1Application.addScope(realmRole1);
realmRole1Application.setBaseUrl("http://localhost:8081/app");
realmRole1Application.setManagementUrl("http://localhost:8081/app/logout");
realm.updateCredential(realmRole1Application.getApplicationUser(), UserCredentialModel.password("password"));
final ApplicationModel appRoleApplication = new ApplicationManager(manager).createApplication(realm, "APP_ROLE_APPLICATION");
appRoleApplication.setEnabled(true);
appRoleApplication.setBaseUrl("http://localhost:8081/app");
appRoleApplication.setManagementUrl("http://localhost:8081/app/logout");
realm.updateCredential(appRoleApplication.getApplicationUser(), UserCredentialModel.password("password"));
final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1");
final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2");
final RoleModel realmAppCompositeRole = realm.addRole("REALM_APP_COMPOSITE_ROLE");
realmAppCompositeRole.setComposite(true);
realmAppCompositeRole.addCompositeRole(appRole1);
final UserModel realmAppCompositeUser = realm.addUser("REALM_APP_COMPOSITE_USER");
realmAppCompositeUser.setEnabled(true);
realm.updateCredential(realmAppCompositeUser, UserCredentialModel.password("password"));
realm.grantRole(realmAppCompositeUser, realmAppCompositeRole);
final UserModel realmAppRoleUser = realm.addUser("REALM_APP_ROLE_USER");
realmAppRoleUser.setEnabled(true);
realm.updateCredential(realmAppRoleUser, UserCredentialModel.password("password"));
realm.grantRole(realmAppRoleUser, appRole2);
final ApplicationModel appCompositeApplication = new ApplicationManager(manager).createApplication(realm, "APP_COMPOSITE_APPLICATION");
appCompositeApplication.setEnabled(true);
appCompositeApplication.setBaseUrl("http://localhost:8081/app");
appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout");
realm.updateCredential(appCompositeApplication.getApplicationUser(), UserCredentialModel.password("password"));
final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE");
appCompositeRole.setComposite(true);
appCompositeApplication.addScope(appRole2);
appCompositeRole.addCompositeRole(realmRole1);
appCompositeRole.addCompositeRole(realmRole2);
appCompositeRole.addCompositeRole(realmRole3);
appCompositeRole.addCompositeRole(appRole1);
final UserModel appCompositeUser = realm.addUser("APP_COMPOSITE_USER");
appCompositeUser.setEnabled(true);
realm.updateCredential(appCompositeUser, UserCredentialModel.password("password"));
realm.grantRole(appCompositeUser, realmAppCompositeRole);
realm.grantRole(appCompositeUser, realmComposite1);
deployServlet("app", "/app", ApplicationServlet.class);
}
};
@Rule
public WebRule webRule = new WebRule(this);
@WebResource
protected WebDriver driver;
@WebResource
protected OAuthClient oauth;
@WebResource
protected LoginPage loginPage;
@Test
public void testAppCompositeUser() throws Exception {
oauth.realm("Test");
oauth.realmPublicKey(realmPublicKey);
oauth.clientId("APP_COMPOSITE_APPLICATION");
oauth.doLogin("APP_COMPOSITE_USER", "password");
String code = oauth.getCurrentQuery().get("code");
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType());
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals("APP_COMPOSITE_USER", token.getSubject());
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
}
@Test
public void testRealmAppCompositeUser() throws Exception {
oauth.realm("Test");
oauth.realmPublicKey(realmPublicKey);
oauth.clientId("APP_ROLE_APPLICATION");
oauth.doLogin("REALM_APP_COMPOSITE_USER", "password");
String code = oauth.getCurrentQuery().get("code");
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType());
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals("REALM_APP_COMPOSITE_USER", token.getSubject());
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
}
@Test
public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
oauth.realm("Test");
oauth.realmPublicKey(realmPublicKey);
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
String code = oauth.getCurrentQuery().get("code");
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType());
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals("REALM_COMPOSITE_1_USER", token.getSubject());
Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
}
@Test
public void testRealmOnlyWithUserCompositeAppRole() throws Exception {
oauth.realm("Test");
oauth.realmPublicKey(realmPublicKey);
oauth.clientId("REALM_ROLE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
String code = oauth.getCurrentQuery().get("code");
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType());
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals("REALM_COMPOSITE_1_USER", token.getSubject());
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
}
@Test
public void testRealmOnlyWithUserRoleAppComposite() throws Exception {
oauth.realm("Test");
oauth.realmPublicKey(realmPublicKey);
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_ROLE_1_USER", "password");
String code = oauth.getCurrentQuery().get("code");
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType());
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals("REALM_ROLE_1_USER", token.getSubject());
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
}
}

View file

@ -58,7 +58,7 @@ public class AccountTest {
UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
user2.setEnabled(true);
for (String r : accountApp.getDefaultRoles()) {
accountApp.deleteRoleMapping(user2, accountApp.getRole(r));
appRealm.deleteRoleMapping(user2, accountApp.getRole(r));
}
UserCredentialModel creds = new UserCredentialModel();
creds.setType(CredentialRepresentation.PASSWORD);

View file

@ -0,0 +1,84 @@
package org.keycloak.testsuite.rule;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.ServletInfo;
import org.junit.rules.ExternalResource;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testutils.KeycloakServer;
import org.keycloak.util.JsonSerialization;
import javax.servlet.Servlet;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public abstract class AbstractKeycloakRule extends ExternalResource {
protected KeycloakServer server;
protected void before() throws Throwable {
server = new KeycloakServer();
server.start();
setupKeycloak();
}
protected void setupKeycloak() {
KeycloakSession session = server.getKeycloakSessionFactory().createSession();
session.getTransaction().begin();
try {
RealmManager manager = new RealmManager(session);
RealmModel adminstrationRealm = manager.getRealm(Constants.ADMIN_REALM);
configure(manager, adminstrationRealm);
session.getTransaction().commit();
} finally {
session.close();
}
}
protected void configure(RealmManager manager, RealmModel adminRealm) {
}
public void deployServlet(String name, String contextPath, Class<? extends Servlet> servletClass) {
DeploymentInfo deploymentInfo = new DeploymentInfo();
deploymentInfo.setClassLoader(getClass().getClassLoader());
deploymentInfo.setDeploymentName(name);
deploymentInfo.setContextPath(contextPath);
ServletInfo servlet = new ServletInfo(servletClass.getSimpleName(), servletClass);
servlet.addMapping("/*");
deploymentInfo.addServlet(servlet);
server.getServer().deploy(deploymentInfo);
}
@Override
protected void after() {
server.stop();
}
public RealmRepresentation loadJson(String path) throws IOException {
InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path);
ByteArrayOutputStream os = new ByteArrayOutputStream();
int c;
while ((c = is.read()) != -1) {
os.write(c);
}
byte[] bytes = os.toByteArray();
return JsonSerialization.readValue(bytes, RealmRepresentation.class);
}
}

View file

@ -41,9 +41,7 @@ import java.io.InputStream;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class KeycloakRule extends ExternalResource {
private KeycloakServer server;
public class KeycloakRule extends AbstractKeycloakRule {
private KeycloakSetup setup;
@ -54,11 +52,9 @@ public class KeycloakRule extends ExternalResource {
this.setup = setup;
}
protected void before() throws Throwable {
server = new KeycloakServer();
server.start();
server.importRealm(getClass().getResourceAsStream("/testrealm.json"));
@Override
protected void setupKeycloak() {
importRealm();
if (setup != null) {
configure(setup);
@ -67,33 +63,8 @@ public class KeycloakRule extends ExternalResource {
deployServlet("app", "/app", ApplicationServlet.class);
}
public void deployServlet(String name, String contextPath, Class<? extends Servlet> servletClass) {
DeploymentInfo deploymentInfo = new DeploymentInfo();
deploymentInfo.setClassLoader(getClass().getClassLoader());
deploymentInfo.setDeploymentName(name);
deploymentInfo.setContextPath(contextPath);
ServletInfo servlet = new ServletInfo(servletClass.getSimpleName(), servletClass);
servlet.addMapping("/*");
deploymentInfo.addServlet(servlet);
server.getServer().deploy(deploymentInfo);
}
@Override
protected void after() {
server.stop();
}
public RealmRepresentation loadJson(String path) throws IOException {
InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path);
ByteArrayOutputStream os = new ByteArrayOutputStream();
int c;
while ((c = is.read()) != -1) {
os.write(c);
}
byte[] bytes = os.toByteArray();
return JsonSerialization.readValue(bytes, RealmRepresentation.class);
protected void importRealm() {
server.importRealm(getClass().getResourceAsStream("/testrealm.json"));
}
public void configure(KeycloakSetup configurer) {
@ -106,7 +77,7 @@ public class KeycloakRule extends ExternalResource {
RealmModel adminstrationRealm = manager.getRealm(Constants.ADMIN_REALM);
RealmModel appRealm = manager.getRealm("test");
configurer.config(manager, null, appRealm);
configurer.config(manager, adminstrationRealm, appRealm);
session.getTransaction().commit();
} finally {

View file

@ -2,6 +2,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
version="1.0">
<!--
<persistence-unit name="picketlink-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider>
@ -35,22 +36,21 @@
<property name="hibernate.format_sql" value="true" />
</properties>
</persistence-unit>
-->
<persistence-unit name="jpa-keycloak-identity-store" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider>
<class>org.keycloak.models.jpa.entities.ApplicationEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationScopeMappingEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationUserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.CredentialEntity</class>
<class>org.keycloak.models.jpa.entities.OAuthClientEntity</class>
<class>org.keycloak.models.jpa.entities.RealmEntity</class>
<class>org.keycloak.models.jpa.entities.RealmScopeMappingEntity</class>
<class>org.keycloak.models.jpa.entities.RealmUserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class>
<class>org.keycloak.models.jpa.entities.RoleEntity</class>
<class>org.keycloak.models.jpa.entities.ApplicationRoleEntity</class>
<class>org.keycloak.models.jpa.entities.RealmRoleEntity</class>
<class>org.keycloak.models.jpa.entities.SocialLinkEntity</class>
<class>org.keycloak.models.jpa.entities.UserEntity</class>
<class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class>
<class>org.keycloak.models.jpa.entities.UserScopeMappingEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes>