From c02d532001fccdf3a267d178f9b56f672e12adfe Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Wed, 26 Feb 2014 19:25:42 -0500 Subject: [PATCH] refactor model --- .../java/org/keycloak/login/LoginForms.java | 94 +-- .../freemarker/FreeMarkerLoginForms.java | 546 +++++++++--------- .../freemarker/model/OAuthGrantBean.java | 132 ++--- .../org/keycloak/models/ApplicationModel.java | 6 +- ...imRequesterModel.java => ClientModel.java} | 6 +- .../org/keycloak/models/OAuthClientModel.java | 5 +- .../models/jpa/ApplicationAdapter.java | 8 +- .../models/jpa/OAuthClientAdapter.java | 2 +- .../keycloak/adapters/ApplicationAdapter.java | 4 +- .../keycloak/adapters/OAuthClientAdapter.java | 2 +- .../org/keycloak/model/test/AdapterTest.java | 16 +- .../model/test/ApplicationModelTest.java | 12 +- .../model/test/CompositeRolesModelTest.java | 2 +- .../services/managers/ApplicationManager.java | 18 +- .../services/managers/ClaimManager.java | 4 +- .../managers/ModelToRepresentation.java | 4 +- .../services/managers/OAuthClientManager.java | 27 +- .../services/managers/RealmManager.java | 6 +- .../services/managers/TokenManager.java | 18 +- .../services/resources/AccountService.java | 5 +- .../resources/admin/AdminService.java | 2 +- .../resources/admin/ApplicationResource.java | 11 +- .../resources/admin/ClaimResource.java | 6 +- .../resources/admin/OAuthClientResource.java | 10 +- .../resources/admin/OAuthClientsResource.java | 2 +- .../services/resources/flows/OAuthFlows.java | 2 + .../testsuite/account/ProfileTest.java | 4 +- .../composites/CompositeRoleTest.java | 8 +- .../oauth/AuthorizationCodeTest.java | 2 +- .../testsuite/oauth/OAuthRedirectUriTest.java | 14 +- 30 files changed, 479 insertions(+), 499 deletions(-) mode change 100644 => 100755 forms/login-api/src/main/java/org/keycloak/login/LoginForms.java mode change 100644 => 100755 forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java rename model/api/src/main/java/org/keycloak/models/{ClaimRequesterModel.java => ClientModel.java} (68%) mode change 100644 => 100755 model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java diff --git a/forms/login-api/src/main/java/org/keycloak/login/LoginForms.java b/forms/login-api/src/main/java/org/keycloak/login/LoginForms.java old mode 100644 new mode 100755 index 3cce80c972..9f91751c00 --- a/forms/login-api/src/main/java/org/keycloak/login/LoginForms.java +++ b/forms/login-api/src/main/java/org/keycloak/login/LoginForms.java @@ -1,47 +1,47 @@ -package org.keycloak.login; - -import org.keycloak.models.RoleModel; -import org.keycloak.models.UserModel; - -import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; -import java.util.List; - -/** - * @author Stian Thorgersen - */ -public interface LoginForms { - - public Response createResponse(UserModel.RequiredAction action); - - public Response createLogin(); - - public Response createPasswordReset(); - - public Response createLoginTotp(); - - public Response createRegistration(); - - public Response createErrorPage(); - - public Response createOAuthGrant(); - - public LoginForms setAccessCode(String accessCodeId, String accessCode); - - public LoginForms setAccessRequest(List realmRolesRequested, MultivaluedMap resourceRolesRequested); - - public LoginForms setError(String message); - - public LoginForms setSuccess(String message); - - public LoginForms setWarning(String message); - - public LoginForms setUser(UserModel user); - - public LoginForms setClient(UserModel client); - - public LoginForms setFormData(MultivaluedMap formData); - - public LoginForms setStatus(Response.Status status); - -} +package org.keycloak.login; + +import org.keycloak.models.RoleModel; +import org.keycloak.models.UserModel; + +import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.Response; +import java.util.List; + +/** + * @author Stian Thorgersen + */ +public interface LoginForms { + + public Response createResponse(UserModel.RequiredAction action); + + public Response createLogin(); + + public Response createPasswordReset(); + + public Response createLoginTotp(); + + public Response createRegistration(); + + public Response createErrorPage(); + + public Response createOAuthGrant(); + + public LoginForms setAccessCode(String accessCodeId, String accessCode); + + public LoginForms setAccessRequest(List realmRolesRequested, MultivaluedMap resourceRolesRequested); + + public LoginForms setError(String message); + + public LoginForms setSuccess(String message); + + public LoginForms setWarning(String message); + + public LoginForms setUser(UserModel user); + + public LoginForms setClient(UserModel client); + + public LoginForms setFormData(MultivaluedMap formData); + + public LoginForms setStatus(Response.Status status); + +} diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java old mode 100644 new mode 100755 index 30b15faf2e..95f005b9f2 --- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java +++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java @@ -1,273 +1,273 @@ -package org.keycloak.login.freemarker; - -import org.jboss.logging.Logger; -import org.jboss.resteasy.spi.HttpRequest; -import org.keycloak.freemarker.FreeMarkerException; -import org.keycloak.freemarker.FreeMarkerUtil; -import org.keycloak.freemarker.Theme; -import org.keycloak.freemarker.ThemeLoader; -import org.keycloak.login.LoginForms; -import org.keycloak.login.LoginFormsPages; -import org.keycloak.login.freemarker.model.LoginBean; -import org.keycloak.login.freemarker.model.MessageBean; -import org.keycloak.login.freemarker.model.OAuthGrantBean; -import org.keycloak.login.freemarker.model.ProfileBean; -import org.keycloak.login.freemarker.model.RealmBean; -import org.keycloak.login.freemarker.model.RegisterBean; -import org.keycloak.login.freemarker.model.SocialBean; -import org.keycloak.login.freemarker.model.TotpBean; -import org.keycloak.login.freemarker.model.UrlBean; -import org.keycloak.models.RealmModel; -import org.keycloak.models.RoleModel; -import org.keycloak.models.UserModel; -import org.keycloak.services.email.EmailException; -import org.keycloak.services.email.EmailSender; -import org.keycloak.services.messages.Messages; - -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriBuilder; -import javax.ws.rs.core.UriInfo; -import java.io.IOException; -import java.net.URI; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Properties; - -/** - * @author Stian Thorgersen - */ -public class FreeMarkerLoginForms implements LoginForms { - - private static final Logger logger = Logger.getLogger(FreeMarkerLoginForms.class); - - private String message; - private String accessCodeId; - private String accessCode; - private Response.Status status = Response.Status.OK; - private List realmRolesRequested; - private MultivaluedMap resourceRolesRequested; - - public static enum MessageType {SUCCESS, WARNING, ERROR} - - private MessageType messageType = MessageType.ERROR; - - private MultivaluedMap formData; - - private RealmModel realm; - - // TODO Remove - private HttpRequest request; - - private UserModel user; - - private UserModel client; - - private UriInfo uriInfo; - - FreeMarkerLoginForms(RealmModel realm, org.jboss.resteasy.spi.HttpRequest request, UriInfo uriInfo) { - this.realm = realm; - this.request = request; - this.uriInfo = uriInfo; - } - - public Response createResponse(UserModel.RequiredAction action) { - String actionMessage; - LoginFormsPages page; - - switch (action) { - case CONFIGURE_TOTP: - actionMessage = Messages.ACTION_WARN_TOTP; - page = LoginFormsPages.LOGIN_CONFIG_TOTP; - break; - case UPDATE_PROFILE: - actionMessage = Messages.ACTION_WARN_PROFILE; - page = LoginFormsPages.LOGIN_UPDATE_PROFILE; - break; - case UPDATE_PASSWORD: - actionMessage = Messages.ACTION_WARN_PASSWD; - page = LoginFormsPages.LOGIN_UPDATE_PASSWORD; - break; - case VERIFY_EMAIL: - try { - new EmailSender(realm.getSmtpConfig()).sendEmailVerification(user, realm, accessCodeId, uriInfo); - } catch (EmailException e) { - return setError("emailSendError").createErrorPage(); - } - - actionMessage = Messages.ACTION_WARN_EMAIL; - page = LoginFormsPages.LOGIN_VERIFY_EMAIL; - break; - default: - return Response.serverError().build(); - } - - if (message == null) { - setWarning(actionMessage); - } - - return createResponse(page); - } - - private Response createResponse(LoginFormsPages page) { - MultivaluedMap queryParameterMap = uriInfo.getQueryParameters(); - - String requestURI = uriInfo.getBaseUri().getPath(); - UriBuilder uriBuilder = UriBuilder.fromUri(requestURI); - - for (String k : queryParameterMap.keySet()) { - uriBuilder.replaceQueryParam(k, queryParameterMap.get(k).toArray()); - } - - if (accessCode != null) { - uriBuilder.replaceQueryParam("code", accessCode); - } - - Map attributes = new HashMap(); - - Theme theme; - try { - theme = ThemeLoader.createTheme(realm.getLoginTheme(), Theme.Type.LOGIN); - } catch (FreeMarkerException e) { - logger.error("Failed to create theme", e); - return Response.serverError().build(); - } - - try { - attributes.put("properties", theme.getProperties()); - } catch (IOException e) { - logger.warn("Failed to load properties", e); - } - - Properties messages; - try { - messages = theme.getMessages(); - attributes.put("rb", messages); - } catch (IOException e) { - logger.warn("Failed to load messages", e); - messages = new Properties(); - } - - if (message != null) { - attributes.put("message", new MessageBean(messages.containsKey(message) ? messages.getProperty(message) : message, messageType)); - } - - URI baseUri = uriBuilder.build(); - - if (realm != null) { - attributes.put("realm", new RealmBean(realm)); - attributes.put("social", new SocialBean(realm, baseUri)); - attributes.put("url", new UrlBean(realm, theme, baseUri)); - } - - attributes.put("login", new LoginBean(formData)); - - switch (page) { - case LOGIN_CONFIG_TOTP: - attributes.put("totp", new TotpBean(user, baseUri)); - break; - case LOGIN_UPDATE_PROFILE: - attributes.put("user", new ProfileBean(user)); - break; - case REGISTER: - attributes.put("register", new RegisterBean(formData)); - break; - case OAUTH_GRANT: - attributes.put("oauth", new OAuthGrantBean(accessCode, client, realmRolesRequested, resourceRolesRequested)); - break; - } - - try { - String result = FreeMarkerUtil.processTemplate(attributes, Templates.getTemplate(page), theme); - return Response.status(status).type(MediaType.TEXT_HTML).entity(result).build(); - } catch (FreeMarkerException e) { - logger.error("Failed to process template", e); - return Response.serverError().build(); - } - } - - public Response createLogin() { - return createResponse(LoginFormsPages.LOGIN); - } - - public Response createPasswordReset() { - return createResponse(LoginFormsPages.LOGIN_RESET_PASSWORD); - } - - public Response createUsernameReminder() { - return createResponse(LoginFormsPages.LOGIN_USERNAME_REMINDER); - } - - public Response createLoginTotp() { - return createResponse(LoginFormsPages.LOGIN_TOTP); - } - - public Response createRegistration() { - return createResponse(LoginFormsPages.REGISTER); - } - - public Response createErrorPage() { - setStatus(Response.Status.INTERNAL_SERVER_ERROR); - return createResponse(LoginFormsPages.ERROR); - } - - public Response createOAuthGrant() { - return createResponse(LoginFormsPages.OAUTH_GRANT); - } - - public FreeMarkerLoginForms setError(String message) { - this.message = message; - this.messageType = MessageType.ERROR; - return this; - } - - public FreeMarkerLoginForms setSuccess(String message) { - this.message = message; - this.messageType = MessageType.SUCCESS; - return this; - } - - public FreeMarkerLoginForms setWarning(String message) { - this.message = message; - this.messageType = MessageType.WARNING; - return this; - } - - public FreeMarkerLoginForms setUser(UserModel user) { - this.user = user; - return this; - } - - public FreeMarkerLoginForms setClient(UserModel client) { - this.client = client; - return this; - } - - public FreeMarkerLoginForms setFormData(MultivaluedMap formData) { - this.formData = formData; - return this; - } - - @Override - public LoginForms setAccessCode(String accessCodeId, String accessCode) { - this.accessCodeId = accessCodeId; - this.accessCode = accessCode; - return this; - } - - @Override - public LoginForms setAccessRequest(List realmRolesRequested, MultivaluedMap resourceRolesRequested) { - this.realmRolesRequested = realmRolesRequested; - this.resourceRolesRequested = resourceRolesRequested; - return this; - } - - @Override - public LoginForms setStatus(Response.Status status) { - this.status = status; - return this; - } - -} +package org.keycloak.login.freemarker; + +import org.jboss.logging.Logger; +import org.jboss.resteasy.spi.HttpRequest; +import org.keycloak.freemarker.FreeMarkerException; +import org.keycloak.freemarker.FreeMarkerUtil; +import org.keycloak.freemarker.Theme; +import org.keycloak.freemarker.ThemeLoader; +import org.keycloak.login.LoginForms; +import org.keycloak.login.LoginFormsPages; +import org.keycloak.login.freemarker.model.LoginBean; +import org.keycloak.login.freemarker.model.MessageBean; +import org.keycloak.login.freemarker.model.OAuthGrantBean; +import org.keycloak.login.freemarker.model.ProfileBean; +import org.keycloak.login.freemarker.model.RealmBean; +import org.keycloak.login.freemarker.model.RegisterBean; +import org.keycloak.login.freemarker.model.SocialBean; +import org.keycloak.login.freemarker.model.TotpBean; +import org.keycloak.login.freemarker.model.UrlBean; +import org.keycloak.models.RealmModel; +import org.keycloak.models.RoleModel; +import org.keycloak.models.UserModel; +import org.keycloak.services.email.EmailException; +import org.keycloak.services.email.EmailSender; +import org.keycloak.services.messages.Messages; + +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.UriBuilder; +import javax.ws.rs.core.UriInfo; +import java.io.IOException; +import java.net.URI; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +/** + * @author Stian Thorgersen + */ +public class FreeMarkerLoginForms implements LoginForms { + + private static final Logger logger = Logger.getLogger(FreeMarkerLoginForms.class); + + private String message; + private String accessCodeId; + private String accessCode; + private Response.Status status = Response.Status.OK; + private List realmRolesRequested; + private MultivaluedMap resourceRolesRequested; + + public static enum MessageType {SUCCESS, WARNING, ERROR} + + private MessageType messageType = MessageType.ERROR; + + private MultivaluedMap formData; + + private RealmModel realm; + + // TODO Remove + private HttpRequest request; + + private UserModel user; + + private UserModel client; + + private UriInfo uriInfo; + + FreeMarkerLoginForms(RealmModel realm, org.jboss.resteasy.spi.HttpRequest request, UriInfo uriInfo) { + this.realm = realm; + this.request = request; + this.uriInfo = uriInfo; + } + + public Response createResponse(UserModel.RequiredAction action) { + String actionMessage; + LoginFormsPages page; + + switch (action) { + case CONFIGURE_TOTP: + actionMessage = Messages.ACTION_WARN_TOTP; + page = LoginFormsPages.LOGIN_CONFIG_TOTP; + break; + case UPDATE_PROFILE: + actionMessage = Messages.ACTION_WARN_PROFILE; + page = LoginFormsPages.LOGIN_UPDATE_PROFILE; + break; + case UPDATE_PASSWORD: + actionMessage = Messages.ACTION_WARN_PASSWD; + page = LoginFormsPages.LOGIN_UPDATE_PASSWORD; + break; + case VERIFY_EMAIL: + try { + new EmailSender(realm.getSmtpConfig()).sendEmailVerification(user, realm, accessCodeId, uriInfo); + } catch (EmailException e) { + return setError("emailSendError").createErrorPage(); + } + + actionMessage = Messages.ACTION_WARN_EMAIL; + page = LoginFormsPages.LOGIN_VERIFY_EMAIL; + break; + default: + return Response.serverError().build(); + } + + if (message == null) { + setWarning(actionMessage); + } + + return createResponse(page); + } + + private Response createResponse(LoginFormsPages page) { + MultivaluedMap queryParameterMap = uriInfo.getQueryParameters(); + + String requestURI = uriInfo.getBaseUri().getPath(); + UriBuilder uriBuilder = UriBuilder.fromUri(requestURI); + + for (String k : queryParameterMap.keySet()) { + uriBuilder.replaceQueryParam(k, queryParameterMap.get(k).toArray()); + } + + if (accessCode != null) { + uriBuilder.replaceQueryParam("code", accessCode); + } + + Map attributes = new HashMap(); + + Theme theme; + try { + theme = ThemeLoader.createTheme(realm.getLoginTheme(), Theme.Type.LOGIN); + } catch (FreeMarkerException e) { + logger.error("Failed to create theme", e); + return Response.serverError().build(); + } + + try { + attributes.put("properties", theme.getProperties()); + } catch (IOException e) { + logger.warn("Failed to load properties", e); + } + + Properties messages; + try { + messages = theme.getMessages(); + attributes.put("rb", messages); + } catch (IOException e) { + logger.warn("Failed to load messages", e); + messages = new Properties(); + } + + if (message != null) { + attributes.put("message", new MessageBean(messages.containsKey(message) ? messages.getProperty(message) : message, messageType)); + } + + URI baseUri = uriBuilder.build(); + + if (realm != null) { + attributes.put("realm", new RealmBean(realm)); + attributes.put("social", new SocialBean(realm, baseUri)); + attributes.put("url", new UrlBean(realm, theme, baseUri)); + } + + attributes.put("login", new LoginBean(formData)); + + switch (page) { + case LOGIN_CONFIG_TOTP: + attributes.put("totp", new TotpBean(user, baseUri)); + break; + case LOGIN_UPDATE_PROFILE: + attributes.put("user", new ProfileBean(user)); + break; + case REGISTER: + attributes.put("register", new RegisterBean(formData)); + break; + case OAUTH_GRANT: + attributes.put("oauth", new OAuthGrantBean(accessCode, client, realmRolesRequested, resourceRolesRequested)); + break; + } + + try { + String result = FreeMarkerUtil.processTemplate(attributes, Templates.getTemplate(page), theme); + return Response.status(status).type(MediaType.TEXT_HTML).entity(result).build(); + } catch (FreeMarkerException e) { + logger.error("Failed to process template", e); + return Response.serverError().build(); + } + } + + public Response createLogin() { + return createResponse(LoginFormsPages.LOGIN); + } + + public Response createPasswordReset() { + return createResponse(LoginFormsPages.LOGIN_RESET_PASSWORD); + } + + public Response createUsernameReminder() { + return createResponse(LoginFormsPages.LOGIN_USERNAME_REMINDER); + } + + public Response createLoginTotp() { + return createResponse(LoginFormsPages.LOGIN_TOTP); + } + + public Response createRegistration() { + return createResponse(LoginFormsPages.REGISTER); + } + + public Response createErrorPage() { + setStatus(Response.Status.INTERNAL_SERVER_ERROR); + return createResponse(LoginFormsPages.ERROR); + } + + public Response createOAuthGrant() { + return createResponse(LoginFormsPages.OAUTH_GRANT); + } + + public FreeMarkerLoginForms setError(String message) { + this.message = message; + this.messageType = MessageType.ERROR; + return this; + } + + public FreeMarkerLoginForms setSuccess(String message) { + this.message = message; + this.messageType = MessageType.SUCCESS; + return this; + } + + public FreeMarkerLoginForms setWarning(String message) { + this.message = message; + this.messageType = MessageType.WARNING; + return this; + } + + public FreeMarkerLoginForms setUser(UserModel user) { + this.user = user; + return this; + } + + public FreeMarkerLoginForms setClient(UserModel client) { + this.client = client; + return this; + } + + public FreeMarkerLoginForms setFormData(MultivaluedMap formData) { + this.formData = formData; + return this; + } + + @Override + public LoginForms setAccessCode(String accessCodeId, String accessCode) { + this.accessCodeId = accessCodeId; + this.accessCode = accessCode; + return this; + } + + @Override + public LoginForms setAccessRequest(List realmRolesRequested, MultivaluedMap resourceRolesRequested) { + this.realmRolesRequested = realmRolesRequested; + this.resourceRolesRequested = resourceRolesRequested; + return this; + } + + @Override + public LoginForms setStatus(Response.Status status) { + this.status = status; + return this; + } + +} diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java index 4c04f12a48..d18dde5ccf 100755 --- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java +++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java @@ -1,66 +1,66 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2012, Red Hat, Inc., and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.keycloak.login.freemarker.model; - -import org.keycloak.models.RoleModel; -import org.keycloak.models.UserModel; - -import javax.ws.rs.core.MultivaluedMap; -import java.util.ArrayList; -import java.util.List; - -/** - * @author Viliam Rockai - */ -public class OAuthGrantBean { - - private List realmRolesRequested; - private MultivaluedMap resourceRolesRequested; - private String code; - private UserModel client; - private String oAuthCode; - private String action; - - public OAuthGrantBean(String code, UserModel client, List realmRolesRequested, MultivaluedMap resourceRolesRequested) { - this.code = code; - this.client = client; - this.realmRolesRequested = realmRolesRequested; - this.resourceRolesRequested = resourceRolesRequested; - } - - public String getCode() { - return code; - } - - public MultivaluedMap getResourceRolesRequested() { - return resourceRolesRequested; - } - - public List getRealmRolesRequested() { - return realmRolesRequested; - } - - public String getClient() { - return client.getLoginName(); - } - -} +/* + * JBoss, Home of Professional Open Source. + * Copyright 2012, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.keycloak.login.freemarker.model; + +import org.keycloak.models.RoleModel; +import org.keycloak.models.UserModel; + +import javax.ws.rs.core.MultivaluedMap; +import java.util.ArrayList; +import java.util.List; + +/** + * @author Viliam Rockai + */ +public class OAuthGrantBean { + + private List realmRolesRequested; + private MultivaluedMap resourceRolesRequested; + private String code; + private UserModel client; + private String oAuthCode; + private String action; + + public OAuthGrantBean(String code, UserModel client, List realmRolesRequested, MultivaluedMap resourceRolesRequested) { + this.code = code; + this.client = client; + this.realmRolesRequested = realmRolesRequested; + this.resourceRolesRequested = resourceRolesRequested; + } + + public String getCode() { + return code; + } + + public MultivaluedMap getResourceRolesRequested() { + return resourceRolesRequested; + } + + public List getRealmRolesRequested() { + return realmRolesRequested; + } + + public String getClient() { + return client.getLoginName(); + } + +} diff --git a/model/api/src/main/java/org/keycloak/models/ApplicationModel.java b/model/api/src/main/java/org/keycloak/models/ApplicationModel.java index 79f14213c9..6247cdca34 100755 --- a/model/api/src/main/java/org/keycloak/models/ApplicationModel.java +++ b/model/api/src/main/java/org/keycloak/models/ApplicationModel.java @@ -7,13 +7,9 @@ import java.util.Set; * @author Bill Burke * @version $Revision: 1 $ */ -public interface ApplicationModel extends RoleContainerModel, ClaimRequesterModel { +public interface ApplicationModel extends RoleContainerModel, ClientModel { void updateApplication(); - UserModel getApplicationUser(); - - String getId(); - String getName(); void setName(String name); diff --git a/model/api/src/main/java/org/keycloak/models/ClaimRequesterModel.java b/model/api/src/main/java/org/keycloak/models/ClientModel.java similarity index 68% rename from model/api/src/main/java/org/keycloak/models/ClaimRequesterModel.java rename to model/api/src/main/java/org/keycloak/models/ClientModel.java index 3ef5cf7dd8..ab38dd3c53 100755 --- a/model/api/src/main/java/org/keycloak/models/ClaimRequesterModel.java +++ b/model/api/src/main/java/org/keycloak/models/ClientModel.java @@ -4,8 +4,12 @@ package org.keycloak.models; * @author Bill Burke * @version $Revision: 1 $ */ -public interface ClaimRequesterModel { +public interface ClientModel { long getAllowedClaimsMask(); void setAllowedClaimsMask(long mask); + + UserModel getAgent(); + + String getId(); } diff --git a/model/api/src/main/java/org/keycloak/models/OAuthClientModel.java b/model/api/src/main/java/org/keycloak/models/OAuthClientModel.java index 5d59f24fd6..e5e828416c 100755 --- a/model/api/src/main/java/org/keycloak/models/OAuthClientModel.java +++ b/model/api/src/main/java/org/keycloak/models/OAuthClientModel.java @@ -4,9 +4,6 @@ package org.keycloak.models; * @author Bill Burke * @version $Revision: 1 $ */ -public interface OAuthClientModel extends ClaimRequesterModel { - String getId(); - - UserModel getOAuthAgent(); +public interface OAuthClientModel extends ClientModel { } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java index 575ba068e9..3b43464656 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java @@ -6,17 +6,13 @@ import org.keycloak.models.RoleContainerModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserModel; import org.keycloak.models.jpa.entities.*; -import org.keycloak.representations.idm.ApplicationMappingsRepresentation; -import org.keycloak.representations.idm.RoleRepresentation; import javax.persistence.EntityManager; import javax.persistence.TypedQuery; import java.util.ArrayList; import java.util.Collection; -import java.util.HashMap; import java.util.HashSet; import java.util.List; -import java.util.Map; import java.util.Set; /** @@ -41,7 +37,7 @@ public class ApplicationAdapter implements ApplicationModel { } @Override - public UserModel getApplicationUser() { + public UserModel getAgent() { return new UserAdapter(application.getApplicationUser()); } @@ -276,7 +272,7 @@ public class ApplicationAdapter implements ApplicationModel { @Override public void addScope(RoleModel role) { - realm.addScopeMapping(getApplicationUser(), role); + realm.addScopeMapping(getAgent(), role); } public boolean equals(Object o) { diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java index aaea68ef85..6bb62ccacb 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java @@ -25,7 +25,7 @@ public class OAuthClientAdapter implements OAuthClientModel { } @Override - public UserModel getOAuthAgent() { + public UserModel getAgent() { return new UserAdapter(entity.getAgent()); } @Override diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java index 40bbfe507b..a0da211452 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java @@ -41,7 +41,7 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo } @Override - public UserAdapter getApplicationUser() { + public UserAdapter getAgent() { // This is not thread-safe. Assumption is that ApplicationAdapter instance is per-client object if (resourceUser == null) { UserEntity userEntity = getMongoStore().loadEntity(UserEntity.class, application.getResourceUserId(), invocationContext); @@ -196,7 +196,7 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo @Override public void addScope(RoleModel role) { - UserAdapter appUser = getApplicationUser(); + UserAdapter appUser = getAgent(); getMongoStore().pushItemToList(appUser.getUser(), "scopeIds", role.getId(), true, invocationContext); } diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java index e53eb44445..ea48f9154b 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java @@ -41,7 +41,7 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo } @Override - public UserModel getOAuthAgent() { + public UserModel getAgent() { // This is not thread-safe. Assumption is that OAuthClientAdapter instance is per-client object if (oauthAgent == null) { UserEntity user = getMongoStore().loadEntity(UserEntity.class, delegate.getOauthAgentId(), invocationContext); diff --git a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java index 8aa12f9b19..eb119d547c 100755 --- a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java @@ -1,7 +1,6 @@ package org.keycloak.model.test; import org.junit.Assert; -import org.junit.Before; import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.runners.MethodSorters; @@ -15,7 +14,6 @@ import org.keycloak.models.SocialLinkModel; import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserModel; import org.keycloak.representations.idm.CredentialRepresentation; -import org.keycloak.services.managers.ApplianceBootstrap; import org.keycloak.services.managers.OAuthClientManager; import org.keycloak.services.managers.RealmManager; @@ -141,7 +139,7 @@ public class AdapterTest extends AbstractModelTest { OAuthClientModel oauth = new OAuthClientManager(realmModel).create("oauth-client"); oauth = realmModel.getOAuthClient("oauth-client"); - Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), realmModel.getRole(Constants.IDENTITY_REQUESTER_ROLE))); + Assert.assertTrue(realmModel.hasRole(oauth.getAgent(), realmModel.getRole(Constants.IDENTITY_REQUESTER_ROLE))); } @@ -186,10 +184,10 @@ public class AdapterTest extends AbstractModelTest { RoleModel appRole = app.addRole("test"); realmModel.grantRole(user, appRole); - realmModel.addScopeMapping(client.getOAuthAgent(), appRole); + realmModel.addScopeMapping(client.getAgent(), appRole); RoleModel realmRole = realmModel.addRole("test"); - realmModel.addScopeMapping(app.getApplicationUser(), realmRole); + realmModel.addScopeMapping(app.getAgent(), realmRole); Assert.assertTrue(realmModel.removeApplication(app.getId())); Assert.assertFalse(realmModel.removeApplication(app.getId())); @@ -214,10 +212,10 @@ public class AdapterTest extends AbstractModelTest { RoleModel appRole = app.addRole("test"); realmModel.grantRole(user, appRole); - realmModel.addScopeMapping(client.getOAuthAgent(), appRole); + realmModel.addScopeMapping(client.getAgent(), appRole); RoleModel realmRole = realmModel.addRole("test"); - realmModel.addScopeMapping(app.getApplicationUser(), realmRole); + realmModel.addScopeMapping(app.getAgent(), realmRole); Assert.assertTrue(identitySession.removeRealm(realmModel.getId())); Assert.assertFalse(identitySession.removeRealm(realmModel.getId())); @@ -237,10 +235,10 @@ public class AdapterTest extends AbstractModelTest { RoleModel appRole = app.addRole("test"); realmModel.grantRole(user, appRole); - realmModel.addScopeMapping(client.getOAuthAgent(), appRole); + realmModel.addScopeMapping(client.getAgent(), appRole); RoleModel realmRole = realmModel.addRole("test"); - realmModel.addScopeMapping(app.getApplicationUser(), realmRole); + realmModel.addScopeMapping(app.getAgent(), realmRole); Assert.assertTrue(realmModel.removeRoleById(realmRole.getId())); Assert.assertFalse(realmModel.removeRoleById(realmRole.getId())); diff --git a/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java index 3cac5782e9..942aab901e 100755 --- a/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java @@ -37,11 +37,11 @@ public class ApplicationModelTest extends AbstractModelTest { application.addDefaultRole("role-1"); application.addDefaultRole("role-2"); - application.getApplicationUser().addRedirectUri("redirect-1"); - application.getApplicationUser().addRedirectUri("redirect-2"); + application.getAgent().addRedirectUri("redirect-1"); + application.getAgent().addRedirectUri("redirect-2"); - application.getApplicationUser().addWebOrigin("origin-1"); - application.getApplicationUser().addWebOrigin("origin-2"); + application.getAgent().addWebOrigin("origin-1"); + application.getAgent().addWebOrigin("origin-2"); application.updateApplication(); } @@ -69,8 +69,8 @@ public class ApplicationModelTest extends AbstractModelTest { Assert.assertEquals(expected.getManagementUrl(), actual.getManagementUrl()); Assert.assertEquals(expected.getDefaultRoles(), actual.getDefaultRoles()); - UserModel auser = actual.getApplicationUser(); - UserModel euser = expected.getApplicationUser(); + UserModel auser = actual.getAgent(); + UserModel euser = expected.getAgent(); Assert.assertTrue(euser.getRedirectUris().containsAll(auser.getRedirectUris())); Assert.assertTrue(euser.getWebOrigins().containsAll(auser.getWebOrigins())); diff --git a/model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java old mode 100644 new mode 100755 index ec14411199..c0ec969328 --- a/model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java @@ -60,7 +60,7 @@ public class CompositeRolesModelTest extends AbstractModelTest { ApplicationModel application = realm.getApplicationByName(applicationName); Set roleMappings = realm.getRoleMappings(user); - Set scopeMappings = realm.getScopeMappings(application.getApplicationUser()); + Set scopeMappings = realm.getScopeMappings(application.getAgent()); Set appRoles = application.getRoles(); if (appRoles != null) scopeMappings.addAll(appRoles); diff --git a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java index 7fab54df19..3bbd8e49f9 100755 --- a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java @@ -58,7 +58,7 @@ public class ApplicationManager { applicationModel.setBaseUrl(resourceRep.getBaseUrl()); applicationModel.updateApplication(); - UserModel resourceUser = applicationModel.getApplicationUser(); + UserModel resourceUser = applicationModel.getAgent(); if (resourceRep.getCredentials() != null && resourceRep.getCredentials().size() > 0) { for (CredentialRepresentation cred : resourceRep.getCredentials()) { UserCredentialModel credential = new UserCredentialModel(); @@ -136,7 +136,7 @@ public class ApplicationManager { public ApplicationModel createApplication(RealmModel realm, String name) { RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE); ApplicationModel app = realm.addApplication(name); - realm.grantRole(app.getApplicationUser(), loginRole); + realm.grantRole(app.getAgent(), loginRole); generateSecret(realm, app); return app; @@ -144,7 +144,7 @@ public class ApplicationManager { public UserCredentialModel generateSecret(RealmModel realm, ApplicationModel app) { UserCredentialModel secret = UserCredentialModel.generateSecret(); - realm.updateCredential(app.getApplicationUser(), secret); + realm.updateCredential(app.getAgent(), secret); return secret; } @@ -162,12 +162,12 @@ public class ApplicationManager { List redirectUris = rep.getRedirectUris(); if (redirectUris != null) { - resource.getApplicationUser().setRedirectUris(new HashSet(redirectUris)); + resource.getAgent().setRedirectUris(new HashSet(redirectUris)); } List webOrigins = rep.getWebOrigins(); if (webOrigins != null) { - resource.getApplicationUser().setWebOrigins(new HashSet(webOrigins)); + resource.getAgent().setWebOrigins(new HashSet(webOrigins)); } if (rep.getClaims() != null) { @@ -184,12 +184,12 @@ public class ApplicationManager { rep.setSurrogateAuthRequired(applicationModel.isSurrogateAuthRequired()); rep.setBaseUrl(applicationModel.getBaseUrl()); - Set redirectUris = applicationModel.getApplicationUser().getRedirectUris(); + Set redirectUris = applicationModel.getAgent().getRedirectUris(); if (redirectUris != null) { rep.setRedirectUris(new LinkedList(redirectUris)); } - Set webOrigins = applicationModel.getApplicationUser().getWebOrigins(); + Set webOrigins = applicationModel.getAgent().getWebOrigins(); if (webOrigins != null) { rep.setWebOrigins(new LinkedList(webOrigins)); } @@ -251,7 +251,7 @@ public class ApplicationManager { rep.setResource(applicationModel.getName()); Map creds = new HashMap(); - String cred = realmModel.getSecret(applicationModel.getApplicationUser()).getValue(); + String cred = realmModel.getSecret(applicationModel.getAgent()).getValue(); creds.put(CredentialRepresentation.SECRET, cred); rep.setCredentials(creds); @@ -266,7 +266,7 @@ public class ApplicationManager { buffer.append(" ").append(baseUri.toString()).append("\n"); buffer.append(" ").append(realmModel.isSslNotRequired()).append("\n"); buffer.append(" ").append(applicationModel.getName()).append("\n"); - String cred = realmModel.getSecret(applicationModel.getApplicationUser()).getValue(); + String cred = realmModel.getSecret(applicationModel.getAgent()).getValue(); buffer.append(" ").append(cred).append("\n"); buffer.append("\n"); return buffer.toString(); diff --git a/services/src/main/java/org/keycloak/services/managers/ClaimManager.java b/services/src/main/java/org/keycloak/services/managers/ClaimManager.java index 02e7e76c63..af1ab62d41 100755 --- a/services/src/main/java/org/keycloak/services/managers/ClaimManager.java +++ b/services/src/main/java/org/keycloak/services/managers/ClaimManager.java @@ -1,7 +1,7 @@ package org.keycloak.services.managers; import org.keycloak.models.ClaimMask; -import org.keycloak.models.ClaimRequesterModel; +import org.keycloak.models.ClientModel; import org.keycloak.representations.idm.ClaimRepresentation; /** @@ -9,7 +9,7 @@ import org.keycloak.representations.idm.ClaimRepresentation; * @version $Revision: 1 $ */ public class ClaimManager { - public static void setClaims(ClaimRequesterModel model, ClaimRepresentation rep) { + public static void setClaims(ClientModel model, ClaimRepresentation rep) { long mask = model.getAllowedClaimsMask(); if (rep.getAddress()) { mask |= ClaimMask.ADDRESS; diff --git a/services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java b/services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java index a40eb1360a..a83cf9e7bd 100755 --- a/services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java +++ b/services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java @@ -2,7 +2,7 @@ package org.keycloak.services.managers; import org.keycloak.models.ApplicationModel; import org.keycloak.models.ClaimMask; -import org.keycloak.models.ClaimRequesterModel; +import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.RealmModel; import org.keycloak.models.RequiredCredentialModel; @@ -114,7 +114,7 @@ public class ModelToRepresentation { return rep; } - public static ClaimRepresentation toRepresentation(ClaimRequesterModel model) { + public static ClaimRepresentation toRepresentation(ClientModel model) { ClaimRepresentation rep = new ClaimRepresentation(); rep.setAddress(ClaimMask.hasAddress(model.getAllowedClaimsMask())); rep.setEmail(ClaimMask.hasEmail(model.getAllowedClaimsMask())); diff --git a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java index 300eab3441..500bbadec1 100755 --- a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java +++ b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java @@ -2,7 +2,6 @@ package org.keycloak.services.managers; import org.codehaus.jackson.annotate.JsonProperty; import org.codehaus.jackson.annotate.JsonPropertyOrder; -import org.keycloak.models.ApplicationModel; import org.keycloak.models.ClaimMask; import org.keycloak.models.Constants; import org.keycloak.models.OAuthClientModel; @@ -10,11 +9,9 @@ import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserModel; -import org.keycloak.representations.adapters.config.BaseAdapterConfig; import org.keycloak.representations.adapters.config.BaseRealmConfig; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.OAuthClientRepresentation; -import org.keycloak.services.resources.flows.Urls; import java.net.URI; import java.util.HashMap; @@ -37,7 +34,7 @@ public class OAuthClientManager { public UserCredentialModel generateSecret(RealmModel realm, OAuthClientModel app) { UserCredentialModel secret = UserCredentialModel.generateSecret(); - realm.updateCredential(app.getOAuthAgent(), secret); + realm.updateCredential(app.getAgent(), secret); return secret; } @@ -45,7 +42,7 @@ public class OAuthClientManager { public OAuthClientModel create(String name) { OAuthClientModel model = realm.addOAuthClient(name); RoleModel role = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE); - realm.grantRole(model.getOAuthAgent(), role); + realm.grantRole(model.getAgent(), role); generateSecret(realm, model); return model; } @@ -53,7 +50,7 @@ public class OAuthClientManager { public OAuthClientModel create(OAuthClientRepresentation rep) { OAuthClientModel model = create(rep.getName()); update(rep, model); - UserModel resourceUser = model.getOAuthAgent(); + UserModel resourceUser = model.getAgent(); if (rep.getCredentials() != null) { for (CredentialRepresentation cred : rep.getCredentials()) { UserCredentialModel credential = new UserCredentialModel(); @@ -72,15 +69,15 @@ public class OAuthClientManager { } public void update(OAuthClientRepresentation rep, OAuthClientModel model) { - model.getOAuthAgent().setEnabled(rep.isEnabled()); + model.getAgent().setEnabled(rep.isEnabled()); List redirectUris = rep.getRedirectUris(); if (redirectUris != null) { - model.getOAuthAgent().setRedirectUris(new HashSet(redirectUris)); + model.getAgent().setRedirectUris(new HashSet(redirectUris)); } List webOrigins = rep.getWebOrigins(); if (webOrigins != null) { - model.getOAuthAgent().setWebOrigins(new HashSet(webOrigins)); + model.getAgent().setWebOrigins(new HashSet(webOrigins)); } if (rep.getClaims() != null) { @@ -91,14 +88,14 @@ public class OAuthClientManager { public static OAuthClientRepresentation toRepresentation(OAuthClientModel model) { OAuthClientRepresentation rep = new OAuthClientRepresentation(); rep.setId(model.getId()); - rep.setName(model.getOAuthAgent().getLoginName()); - rep.setEnabled(model.getOAuthAgent().isEnabled()); - Set redirectUris = model.getOAuthAgent().getRedirectUris(); + rep.setName(model.getAgent().getLoginName()); + rep.setEnabled(model.getAgent().isEnabled()); + Set redirectUris = model.getAgent().getRedirectUris(); if (redirectUris != null) { rep.setRedirectUris(new LinkedList(redirectUris)); } - Set webOrigins = model.getOAuthAgent().getWebOrigins(); + Set webOrigins = model.getAgent().getWebOrigins(); if (webOrigins != null) { rep.setWebOrigins(new LinkedList(webOrigins)); } @@ -138,10 +135,10 @@ public class OAuthClientManager { rep.setSslNotRequired(realmModel.isSslNotRequired()); rep.setAuthServerUrl(baseUri.toString()); - rep.setResource(model.getOAuthAgent().getLoginName()); + rep.setResource(model.getAgent().getLoginName()); Map creds = new HashMap(); - creds.put(CredentialRepresentation.SECRET, realmModel.getSecret(model.getOAuthAgent()).getValue()); + creds.put(CredentialRepresentation.SECRET, realmModel.getSecret(model.getAgent()).getValue()); rep.setCredentials(creds); return rep; diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index ca71051399..0ee5c389aa 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -255,7 +255,7 @@ public class RealmManager { if (rep.getApplications() != null) { Map appMap = createApplications(rep, newRealm); for (ApplicationModel app : appMap.values()) { - userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser()); + userMap.put(app.getAgent().getLoginName(), app.getAgent()); } } @@ -308,7 +308,7 @@ public class RealmManager { if (rep.getOauthClients() != null) { Map oauthMap = createOAuthClients(rep, newRealm); for (OAuthClientModel app : oauthMap.values()) { - userMap.put(app.getOAuthAgent().getLoginName(), app.getOAuthAgent()); + userMap.put(app.getAgent().getLoginName(), app.getAgent()); } } @@ -501,7 +501,7 @@ public class RealmManager { OAuthClientManager manager = new OAuthClientManager(realm); for (OAuthClientRepresentation rep : realmRep.getOauthClients()) { OAuthClientModel app = manager.create(rep); - appMap.put(app.getOAuthAgent().getLoginName(), app); + appMap.put(app.getAgent().getLoginName(), app); } return appMap; } diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java index 8b4e8a63d6..93b7c5daae 100755 --- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java +++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java @@ -7,7 +7,7 @@ import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.crypto.RSAProvider; import org.keycloak.models.ApplicationModel; import org.keycloak.models.ClaimMask; -import org.keycloak.models.ClaimRequesterModel; +import org.keycloak.models.ClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserModel; @@ -17,7 +17,6 @@ import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessTokenResponse; import org.keycloak.representations.IDToken; import org.keycloak.representations.RefreshToken; -import org.keycloak.representations.idm.ClaimRepresentation; import org.keycloak.util.Base64Url; import org.keycloak.util.JsonSerialization; @@ -25,7 +24,6 @@ import javax.ws.rs.core.MultivaluedHashMap; import javax.ws.rs.core.MultivaluedMap; import java.io.IOException; import java.io.UnsupportedEncodingException; -import java.security.PrivateKey; import java.util.HashSet; import java.util.LinkedList; import java.util.List; @@ -182,7 +180,7 @@ public class TokenManager { } } - ClaimRequesterModel claimRequesterModel = getClaimRequester(realm, client); + ClientModel claimRequesterModel = getClaimRequester(realm, client); AccessToken accessToken = initToken(realm, claimRequesterModel, client, user); accessToken.setRealmAccess(refreshToken.getRealmAccess()); @@ -194,8 +192,8 @@ public class TokenManager { return createClientAccessToken(scopeParam, realm, client, user, new LinkedList(), new MultivaluedHashMap()); } - protected ClaimRequesterModel getClaimRequester(RealmModel realm, UserModel client) { - ClaimRequesterModel model = realm.getApplicationByName(client.getLoginName()); + protected ClientModel getClaimRequester(RealmModel realm, UserModel client) { + ClientModel model = realm.getApplicationByName(client.getLoginName()); if (model != null) return model; return realm.getOAuthClient(client.getLoginName()); } @@ -208,7 +206,7 @@ public class TokenManager { Set roleMappings = realm.getRoleMappings(user); Set scopeMappings = realm.getScopeMappings(client); - ClaimRequesterModel claimRequesterModel = getClaimRequester(realm, client); + ClientModel claimRequesterModel = getClaimRequester(realm, client); ApplicationModel clientApp = realm.getApplicationByName(client.getLoginName()); Set clientAppRoles = clientApp == null ? null : clientApp.getRoles(); if (clientAppRoles != null) scopeMappings.addAll(clientAppRoles); @@ -253,7 +251,7 @@ public class TokenManager { return token; } - public void initClaims(IDToken token, ClaimRequesterModel model, UserModel user) { + public void initClaims(IDToken token, ClientModel model, UserModel user) { if (ClaimMask.hasUsername(model.getAllowedClaimsMask())) { token.setPreferredUsername(user.getLoginName()); } @@ -271,7 +269,7 @@ public class TokenManager { } } - protected IDToken initIDToken(RealmModel realm, ClaimRequesterModel claimer, UserModel client, UserModel user) { + protected IDToken initIDToken(RealmModel realm, ClientModel claimer, UserModel client, UserModel user) { IDToken token = new IDToken(); token.id(KeycloakModelUtils.generateId()); token.subject(user.getId()); @@ -288,7 +286,7 @@ public class TokenManager { - protected AccessToken initToken(RealmModel realm, ClaimRequesterModel claimer, UserModel client, UserModel user) { + protected AccessToken initToken(RealmModel realm, ClientModel claimer, UserModel client, UserModel user) { AccessToken token = new AccessToken(); token.id(KeycloakModelUtils.generateId()); token.subject(user.getId()); diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java index a3afea9b38..dd94e6f143 100755 --- a/services/src/main/java/org/keycloak/services/resources/AccountService.java +++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java @@ -27,12 +27,9 @@ import org.keycloak.account.Account; import org.keycloak.account.AccountLoader; import org.keycloak.account.AccountPages; import org.keycloak.jaxrs.JaxrsOAuthClient; -import org.keycloak.jose.jws.JWSInput; -import org.keycloak.jose.jws.crypto.RSAProvider; import org.keycloak.models.*; import org.keycloak.models.utils.TimeBasedOTP; import org.keycloak.representations.idm.CredentialRepresentation; -import org.keycloak.services.managers.AccessCodeEntry; import org.keycloak.services.managers.AppAuthManager; import org.keycloak.services.managers.Auth; import org.keycloak.services.managers.ModelToRepresentation; @@ -257,7 +254,7 @@ public class AccountService { logger.debug("realm not enabled"); throw new ForbiddenException(); } - UserModel client = application.getApplicationUser(); + UserModel client = application.getAgent(); if (!client.isEnabled() || !application.isEnabled()) { logger.debug("account management app not enabled"); throw new ForbiddenException(); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java index 7a3fad1ba2..7c1e3f56ff 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java @@ -325,7 +325,7 @@ public class AdminService { return redirectOnLoginError("realm not enabled"); } ApplicationModel adminConsole = adminRealm.getApplicationNameMap().get(Constants.ADMIN_CONSOLE_APPLICATION); - UserModel adminConsoleUser = adminConsole.getApplicationUser(); + UserModel adminConsoleUser = adminConsole.getAgent(); if (!adminConsole.isEnabled() || !adminConsoleUser.isEnabled()) { logger.debug("admin app not enabled"); return redirectOnLoginError("admin app not enabled"); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java index 3ab4f045d5..30270e5db9 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java @@ -6,7 +6,6 @@ import org.keycloak.models.ApplicationModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserCredentialModel; -import org.keycloak.representations.adapters.config.BaseAdapterConfig; import org.keycloak.representations.idm.ApplicationRepresentation; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.services.managers.ApplicationManager; @@ -138,7 +137,7 @@ public class ApplicationResource { auth.requireView(); logger.debug("getClientSecret"); - UserCredentialModel model = realm.getSecret(application.getApplicationUser()); + UserCredentialModel model = realm.getSecret(application.getAgent()); if (model == null) throw new NotFoundException("Application does not have a secret"); return ModelToRepresentation.toRepresentation(model); } @@ -146,7 +145,7 @@ public class ApplicationResource { @Path("scope-mappings") public ScopeMappedResource getScopeMappedResource() { - return new ScopeMappedResource(realm, auth, application.getApplicationUser(), session); + return new ScopeMappedResource(realm, auth, application.getAgent(), session); } @Path("roles") @@ -161,7 +160,7 @@ public class ApplicationResource { { auth.requireView(); - return application.getApplicationUser().getWebOrigins(); + return application.getAgent().getWebOrigins(); } @Path("allowed-origins") @@ -171,7 +170,7 @@ public class ApplicationResource { { auth.requireManage(); - application.getApplicationUser().setWebOrigins(allowedOrigins); + application.getAgent().setWebOrigins(allowedOrigins); } @Path("allowed-origins") @@ -182,7 +181,7 @@ public class ApplicationResource { auth.requireManage(); for (String origin : allowedOrigins) { - application.getApplicationUser().removeWebOrigin(origin); + application.getAgent().removeWebOrigin(origin); } } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClaimResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClaimResource.java index 24760ac3ec..579394eefa 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClaimResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClaimResource.java @@ -1,6 +1,6 @@ package org.keycloak.services.resources.admin; -import org.keycloak.models.ClaimRequesterModel; +import org.keycloak.models.ClientModel; import org.keycloak.representations.idm.ClaimRepresentation; import org.keycloak.services.managers.ClaimManager; import org.keycloak.services.managers.ModelToRepresentation; @@ -16,9 +16,9 @@ import javax.ws.rs.core.MediaType; * @version $Revision: 1 $ */ public class ClaimResource { - protected ClaimRequesterModel model; + protected ClientModel model; - public ClaimResource(ClaimRequesterModel model) { + public ClaimResource(ClientModel model) { this.model = model; } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java index 25da583d75..cbd6018f86 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java @@ -6,13 +6,10 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.OAuthClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.UserCredentialModel; -import org.keycloak.representations.adapters.config.BaseAdapterConfig; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.OAuthClientRepresentation; -import org.keycloak.services.managers.ApplicationManager; import org.keycloak.services.managers.ModelToRepresentation; import org.keycloak.services.managers.OAuthClientManager; -import org.keycloak.services.managers.RealmManager; import org.keycloak.services.resources.KeycloakApplication; import org.keycloak.util.JsonSerialization; @@ -29,7 +26,6 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.UriInfo; import java.io.IOException; -import java.util.List; /** * @author Bill Burke @@ -116,7 +112,7 @@ public class OAuthClientResource { logger.debug("regenerateSecret"); UserCredentialModel cred = UserCredentialModel.generateSecret(); - realm.updateCredential(oauthClient.getOAuthAgent(), cred); + realm.updateCredential(oauthClient.getAgent(), cred); CredentialRepresentation rep = ModelToRepresentation.toRepresentation(cred); return rep; } @@ -128,14 +124,14 @@ public class OAuthClientResource { auth.requireView(); logger.debug("getClientSecret"); - UserCredentialModel model = realm.getSecret(oauthClient.getOAuthAgent()); + UserCredentialModel model = realm.getSecret(oauthClient.getAgent()); if (model == null) throw new NotFoundException("Application does not have a secret"); return ModelToRepresentation.toRepresentation(model); } @Path("scope-mappings") public ScopeMappedResource getScopeMappedResource() { - return new ScopeMappedResource(realm, auth, oauthClient.getOAuthAgent(), session); + return new ScopeMappedResource(realm, auth, oauthClient.getAgent(), session); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java index 445622429a..0c0deb99dd 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java @@ -58,7 +58,7 @@ public class OAuthClientsResource { rep.add(OAuthClientManager.toRepresentation(oauth)); } else { OAuthClientRepresentation client = new OAuthClientRepresentation(); - client.setName(oauth.getOAuthAgent().getLoginName()); + client.setName(oauth.getAgent().getLoginName()); rep.add(client); } } diff --git a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java index 8524807eeb..f523fcc72a 100755 --- a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java +++ b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java @@ -24,6 +24,7 @@ package org.keycloak.services.resources.flows; import org.jboss.resteasy.logging.Logger; import org.jboss.resteasy.spi.HttpRequest; import org.keycloak.models.Constants; +import org.keycloak.models.OAuthClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.RequiredCredentialModel; import org.keycloak.models.RoleModel; @@ -127,6 +128,7 @@ public class OAuthFlows { if (!isResource && (accessCode.getRealmRolesRequested().size() > 0 || accessCode.getResourceRolesRequested().size() > 0)) { + OAuthClientModel oauthClient = realm.getOAuthClient(client.getLoginName()); accessCode.setExpiration(System.currentTimeMillis() / 1000 + realm.getAccessCodeLifespanUserAction()); return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode.getId(), accessCode.getCode()). setAccessRequest(accessCode.getRealmRolesRequested(), accessCode.getResourceRolesRequested()). diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java index 3c96873be4..044d72faea 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java @@ -65,9 +65,9 @@ public class ProfileTest { appRealm.updateCredential(user2, creds); ApplicationModel app = appRealm.getApplicationNameMap().get("test-app"); - appRealm.addScopeMapping(app.getApplicationUser(), accountApp.getRole(AccountRoles.VIEW_PROFILE)); + appRealm.addScopeMapping(app.getAgent(), accountApp.getRole(AccountRoles.VIEW_PROFILE)); - app.getApplicationUser().addWebOrigin("http://localtest.me:8081"); + app.getAgent().addWebOrigin("http://localtest.me:8081"); UserModel thirdParty = appRealm.getUser("third-party"); appRealm.addScopeMapping(thirdParty, accountApp.getRole(AccountRoles.VIEW_PROFILE)); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java index 7d6c128c96..a8540ed93b 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java @@ -86,21 +86,21 @@ public class CompositeRoleTest { realmComposite1Application.addScope(realmComposite1); realmComposite1Application.setBaseUrl("http://localhost:8081/app"); realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout"); - realm.updateCredential(realmComposite1Application.getApplicationUser(), UserCredentialModel.secret("password")); + realm.updateCredential(realmComposite1Application.getAgent(), UserCredentialModel.secret("password")); final ApplicationModel realmRole1Application = new ApplicationManager(manager).createApplication(realm, "REALM_ROLE_1_APPLICATION"); realmRole1Application.setEnabled(true); realmRole1Application.addScope(realmRole1); realmRole1Application.setBaseUrl("http://localhost:8081/app"); realmRole1Application.setManagementUrl("http://localhost:8081/app/logout"); - realm.updateCredential(realmRole1Application.getApplicationUser(), UserCredentialModel.secret("password")); + realm.updateCredential(realmRole1Application.getAgent(), UserCredentialModel.secret("password")); final ApplicationModel appRoleApplication = new ApplicationManager(manager).createApplication(realm, "APP_ROLE_APPLICATION"); appRoleApplication.setEnabled(true); appRoleApplication.setBaseUrl("http://localhost:8081/app"); appRoleApplication.setManagementUrl("http://localhost:8081/app/logout"); - realm.updateCredential(appRoleApplication.getApplicationUser(), UserCredentialModel.secret("password")); + realm.updateCredential(appRoleApplication.getAgent(), UserCredentialModel.secret("password")); final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1"); final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2"); @@ -121,7 +121,7 @@ public class CompositeRoleTest { appCompositeApplication.setEnabled(true); appCompositeApplication.setBaseUrl("http://localhost:8081/app"); appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout"); - realm.updateCredential(appCompositeApplication.getApplicationUser(), UserCredentialModel.secret("password")); + realm.updateCredential(appCompositeApplication.getAgent(), UserCredentialModel.secret("password")); final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE"); appCompositeApplication.addScope(appRole2); appCompositeRole.addCompositeRole(realmRole1); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java index f35888228f..cf7765ee4c 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java @@ -82,7 +82,7 @@ public class AuthorizationCodeTest { public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { for (ApplicationModel app : appRealm.getApplications()) { if (app.getName().equals("test-app")) { - UserModel client = app.getApplicationUser(); + UserModel client = app.getAgent(); client.addRedirectUri(oauth.getRedirectUri()); } } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java index ee60bd5b90..8e973c117b 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java @@ -48,7 +48,7 @@ public class OAuthRedirectUriTest { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { ApplicationModel app = appRealm.getApplicationNameMap().get("test-app"); - app.getApplicationUser().addRedirectUri("http://localhost:8081/app"); + app.getAgent().addRedirectUri("http://localhost:8081/app"); } }); @@ -81,7 +81,7 @@ public class OAuthRedirectUriTest { keycloakRule.configure(new KeycloakRule.KeycloakSetup() { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.getApplicationNameMap().get("test-app").getApplicationUser().addRedirectUri("http://localhost:8081/app2"); + appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app2"); } }); @@ -95,7 +95,7 @@ public class OAuthRedirectUriTest { keycloakRule.configure(new KeycloakRule.KeycloakSetup() { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.getApplicationNameMap().get("test-app").getApplicationUser().removeRedirectUri("http://localhost:8081/app2"); + appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app2"); } }); } @@ -106,7 +106,7 @@ public class OAuthRedirectUriTest { keycloakRule.configure(new KeycloakRule.KeycloakSetup() { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.getApplicationNameMap().get("test-app").getApplicationUser().removeRedirectUri("http://localhost:8081/app"); + appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app"); } }); @@ -120,7 +120,7 @@ public class OAuthRedirectUriTest { keycloakRule.configure(new KeycloakRule.KeycloakSetup() { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.getApplicationNameMap().get("test-app").getApplicationUser().addRedirectUri("http://localhost:8081/app"); + appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app"); } }); } @@ -131,7 +131,7 @@ public class OAuthRedirectUriTest { keycloakRule.configure(new KeycloakRule.KeycloakSetup() { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.getApplicationNameMap().get("test-app").getApplicationUser().removeRedirectUri("http://localhost:8081/app"); + appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app"); } }); @@ -144,7 +144,7 @@ public class OAuthRedirectUriTest { keycloakRule.configure(new KeycloakRule.KeycloakSetup() { @Override public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.getApplicationNameMap().get("test-app").getApplicationUser().addRedirectUri("http://localhost:8081/app"); + appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app"); } }); }