libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

refactor model

Browse source
This commit is contained in:
Bill Burke 2014-02-26 19:25:42 -05:00
parent 0f67feb9dd
commit c02d532001
30 changed files with 479 additions and 499 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
forms/login-api/src/main/java/org/keycloak/login/LoginForms.java Normal file → Executable file
View file

0
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java Normal file → Executable file
View file

6
model/api/src/main/java/org/keycloak/models/ApplicationModel.java
View file

@ -7,13 +7,9 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ApplicationModel extends RoleContainerModel, ClaimRequesterModel {
public interface ApplicationModel extends RoleContainerModel, ClientModel {
void updateApplication();
UserModel getApplicationUser();
String getId();
String getName();
void setName(String name);

6
model/api/src/main/java/org/keycloak/models/ClaimRequesterModel.java → model/api/src/main/java/org/keycloak/models/ClientModel.java
View file

@ -4,8 +4,12 @@ package org.keycloak.models;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ClaimRequesterModel {
public interface ClientModel {
long getAllowedClaimsMask();
void setAllowedClaimsMask(long mask);
UserModel getAgent();
String getId();
}

5
model/api/src/main/java/org/keycloak/models/OAuthClientModel.java
View file

@ -4,9 +4,6 @@ package org.keycloak.models;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface OAuthClientModel extends ClaimRequesterModel {
String getId();
UserModel getOAuthAgent();
public interface OAuthClientModel extends ClientModel {
}

8
model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
View file

@ -6,17 +6,13 @@ import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.jpa.entities.*;
import org.keycloak.representations.idm.ApplicationMappingsRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
@ -41,7 +37,7 @@ public class ApplicationAdapter implements ApplicationModel {
}
@Override
public UserModel getApplicationUser() {
public UserModel getAgent() {
return new UserAdapter(application.getApplicationUser());
}
@ -276,7 +272,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public void addScope(RoleModel role) {
realm.addScopeMapping(getApplicationUser(), role);
realm.addScopeMapping(getAgent(), role);
}
public boolean equals(Object o) {

2
model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java
View file

@ -25,7 +25,7 @@ public class OAuthClientAdapter implements OAuthClientModel {
}
@Override
public UserModel getOAuthAgent() {
public UserModel getAgent() {
return new UserAdapter(entity.getAgent());
}
@Override

4
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
View file

@ -41,7 +41,7 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo
}
@Override
public UserAdapter getApplicationUser() {
public UserAdapter getAgent() {
// This is not thread-safe. Assumption is that ApplicationAdapter instance is per-client object
if (resourceUser == null) {
UserEntity userEntity = getMongoStore().loadEntity(UserEntity.class, application.getResourceUserId(), invocationContext);
@ -196,7 +196,7 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo
@Override
public void addScope(RoleModel role) {
UserAdapter appUser = getApplicationUser();
UserAdapter appUser = getAgent();
getMongoStore().pushItemToList(appUser.getUser(), "scopeIds", role.getId(), true, invocationContext);
}

2
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java
View file

@ -41,7 +41,7 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo
}
@Override
public UserModel getOAuthAgent() {
public UserModel getAgent() {
// This is not thread-safe. Assumption is that OAuthClientAdapter instance is per-client object
if (oauthAgent == null) {
UserEntity user = getMongoStore().loadEntity(UserEntity.class, delegate.getOauthAgentId(), invocationContext);

16
model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
View file

@ -1,7 +1,6 @@
package org.keycloak.model.test;
import org.junit.Assert;
import org.junit.Before;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
@ -15,7 +14,6 @@ import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.ApplianceBootstrap;
import org.keycloak.services.managers.OAuthClientManager;
import org.keycloak.services.managers.RealmManager;
@ -141,7 +139,7 @@ public class AdapterTest extends AbstractModelTest {
OAuthClientModel oauth = new OAuthClientManager(realmModel).create("oauth-client");
oauth = realmModel.getOAuthClient("oauth-client");
Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), realmModel.getRole(Constants.IDENTITY_REQUESTER_ROLE)));
Assert.assertTrue(realmModel.hasRole(oauth.getAgent(), realmModel.getRole(Constants.IDENTITY_REQUESTER_ROLE)));
}
@ -186,10 +184,10 @@ public class AdapterTest extends AbstractModelTest {
RoleModel appRole = app.addRole("test");
realmModel.grantRole(user, appRole);
realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
realmModel.addScopeMapping(client.getAgent(), appRole);
RoleModel realmRole = realmModel.addRole("test");
realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
realmModel.addScopeMapping(app.getAgent(), realmRole);
Assert.assertTrue(realmModel.removeApplication(app.getId()));
Assert.assertFalse(realmModel.removeApplication(app.getId()));
@ -214,10 +212,10 @@ public class AdapterTest extends AbstractModelTest {
RoleModel appRole = app.addRole("test");
realmModel.grantRole(user, appRole);
realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
realmModel.addScopeMapping(client.getAgent(), appRole);
RoleModel realmRole = realmModel.addRole("test");
realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
realmModel.addScopeMapping(app.getAgent(), realmRole);
Assert.assertTrue(identitySession.removeRealm(realmModel.getId()));
Assert.assertFalse(identitySession.removeRealm(realmModel.getId()));
@ -237,10 +235,10 @@ public class AdapterTest extends AbstractModelTest {
RoleModel appRole = app.addRole("test");
realmModel.grantRole(user, appRole);
realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
realmModel.addScopeMapping(client.getAgent(), appRole);
RoleModel realmRole = realmModel.addRole("test");
realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
realmModel.addScopeMapping(app.getAgent(), realmRole);
Assert.assertTrue(realmModel.removeRoleById(realmRole.getId()));
Assert.assertFalse(realmModel.removeRoleById(realmRole.getId()));

12
model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java
View file

@ -37,11 +37,11 @@ public class ApplicationModelTest extends AbstractModelTest {
application.addDefaultRole("role-1");
application.addDefaultRole("role-2");
application.getApplicationUser().addRedirectUri("redirect-1");
application.getApplicationUser().addRedirectUri("redirect-2");
application.getAgent().addRedirectUri("redirect-1");
application.getAgent().addRedirectUri("redirect-2");
application.getApplicationUser().addWebOrigin("origin-1");
application.getApplicationUser().addWebOrigin("origin-2");
application.getAgent().addWebOrigin("origin-1");
application.getAgent().addWebOrigin("origin-2");
application.updateApplication();
}
@ -69,8 +69,8 @@ public class ApplicationModelTest extends AbstractModelTest {
Assert.assertEquals(expected.getManagementUrl(), actual.getManagementUrl());
Assert.assertEquals(expected.getDefaultRoles(), actual.getDefaultRoles());
UserModel auser = actual.getApplicationUser();
UserModel euser = expected.getApplicationUser();
UserModel auser = actual.getAgent();
UserModel euser = expected.getAgent();
Assert.assertTrue(euser.getRedirectUris().containsAll(auser.getRedirectUris()));
Assert.assertTrue(euser.getWebOrigins().containsAll(auser.getWebOrigins()));

2
model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java Normal file → Executable file
View file

@ -60,7 +60,7 @@ public class CompositeRolesModelTest extends AbstractModelTest {
ApplicationModel application = realm.getApplicationByName(applicationName);
Set<RoleModel> roleMappings = realm.getRoleMappings(user);
Set<RoleModel> scopeMappings = realm.getScopeMappings(application.getApplicationUser());
Set<RoleModel> scopeMappings = realm.getScopeMappings(application.getAgent());
Set<RoleModel> appRoles = application.getRoles();
if (appRoles != null) scopeMappings.addAll(appRoles);

18
services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
View file

@ -58,7 +58,7 @@ public class ApplicationManager {
applicationModel.setBaseUrl(resourceRep.getBaseUrl());
applicationModel.updateApplication();
UserModel resourceUser = applicationModel.getApplicationUser();
UserModel resourceUser = applicationModel.getAgent();
if (resourceRep.getCredentials() != null && resourceRep.getCredentials().size() > 0) {
for (CredentialRepresentation cred : resourceRep.getCredentials()) {
UserCredentialModel credential = new UserCredentialModel();
@ -136,7 +136,7 @@ public class ApplicationManager {
public ApplicationModel createApplication(RealmModel realm, String name) {
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
ApplicationModel app = realm.addApplication(name);
realm.grantRole(app.getApplicationUser(), loginRole);
realm.grantRole(app.getAgent(), loginRole);
generateSecret(realm, app);
return app;
@ -144,7 +144,7 @@ public class ApplicationManager {
public UserCredentialModel generateSecret(RealmModel realm, ApplicationModel app) {
UserCredentialModel secret = UserCredentialModel.generateSecret();
realm.updateCredential(app.getApplicationUser(), secret);
realm.updateCredential(app.getAgent(), secret);
return secret;
}
@ -162,12 +162,12 @@ public class ApplicationManager {
List<String> redirectUris = rep.getRedirectUris();
if (redirectUris != null) {
resource.getApplicationUser().setRedirectUris(new HashSet<String>(redirectUris));
resource.getAgent().setRedirectUris(new HashSet<String>(redirectUris));
}
List<String> webOrigins = rep.getWebOrigins();
if (webOrigins != null) {
resource.getApplicationUser().setWebOrigins(new HashSet<String>(webOrigins));
resource.getAgent().setWebOrigins(new HashSet<String>(webOrigins));
}
if (rep.getClaims() != null) {
@ -184,12 +184,12 @@ public class ApplicationManager {
rep.setSurrogateAuthRequired(applicationModel.isSurrogateAuthRequired());
rep.setBaseUrl(applicationModel.getBaseUrl());
Set<String> redirectUris = applicationModel.getApplicationUser().getRedirectUris();
Set<String> redirectUris = applicationModel.getAgent().getRedirectUris();
if (redirectUris != null) {
rep.setRedirectUris(new LinkedList<String>(redirectUris));
}
Set<String> webOrigins = applicationModel.getApplicationUser().getWebOrigins();
Set<String> webOrigins = applicationModel.getAgent().getWebOrigins();
if (webOrigins != null) {
rep.setWebOrigins(new LinkedList<String>(webOrigins));
}
@ -251,7 +251,7 @@ public class ApplicationManager {
rep.setResource(applicationModel.getName());
Map<String, String> creds = new HashMap<String, String>();
String cred = realmModel.getSecret(applicationModel.getApplicationUser()).getValue();
String cred = realmModel.getSecret(applicationModel.getAgent()).getValue();
creds.put(CredentialRepresentation.SECRET, cred);
rep.setCredentials(creds);
@ -266,7 +266,7 @@ public class ApplicationManager {
buffer.append(" <auth-server-url>").append(baseUri.toString()).append("</auth-server-url>\n");
buffer.append(" <ssl-not-required>").append(realmModel.isSslNotRequired()).append("</ssl-not-required>\n");
buffer.append(" <resource>").append(applicationModel.getName()).append("</resource>\n");
String cred = realmModel.getSecret(applicationModel.getApplicationUser()).getValue();
String cred = realmModel.getSecret(applicationModel.getAgent()).getValue();
buffer.append(" <credential name=\"secret\">").append(cred).append("</credential>\n");
buffer.append("</secure-deployment>\n");
return buffer.toString();

4
services/src/main/java/org/keycloak/services/managers/ClaimManager.java
View file

@ -1,7 +1,7 @@
package org.keycloak.services.managers;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.ClaimRequesterModel;
import org.keycloak.models.ClientModel;
import org.keycloak.representations.idm.ClaimRepresentation;
/**
@ -9,7 +9,7 @@ import org.keycloak.representations.idm.ClaimRepresentation;
* @version $Revision: 1 $
*/
public class ClaimManager {
public static void setClaims(ClaimRequesterModel model, ClaimRepresentation rep) {
public static void setClaims(ClientModel model, ClaimRepresentation rep) {
long mask = model.getAllowedClaimsMask();
if (rep.getAddress()) {
mask |= ClaimMask.ADDRESS;

4
services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java
View file

@ -2,7 +2,7 @@ package org.keycloak.services.managers;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.ClaimRequesterModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
@ -114,7 +114,7 @@ public class ModelToRepresentation {
return rep;
}
public static ClaimRepresentation toRepresentation(ClaimRequesterModel model) {
public static ClaimRepresentation toRepresentation(ClientModel model) {
ClaimRepresentation rep = new ClaimRepresentation();
rep.setAddress(ClaimMask.hasAddress(model.getAllowedClaimsMask()));
rep.setEmail(ClaimMask.hasEmail(model.getAllowedClaimsMask()));

27
services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
View file

@ -2,7 +2,6 @@ package org.keycloak.services.managers;
import org.codehaus.jackson.annotate.JsonProperty;
import org.codehaus.jackson.annotate.JsonPropertyOrder;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.Constants;
import org.keycloak.models.OAuthClientModel;
@ -10,11 +9,9 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.adapters.config.BaseAdapterConfig;
import org.keycloak.representations.adapters.config.BaseRealmConfig;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.OAuthClientRepresentation;
import org.keycloak.services.resources.flows.Urls;
import java.net.URI;
import java.util.HashMap;
@ -37,7 +34,7 @@ public class OAuthClientManager {
public UserCredentialModel generateSecret(RealmModel realm, OAuthClientModel app) {
UserCredentialModel secret = UserCredentialModel.generateSecret();
realm.updateCredential(app.getOAuthAgent(), secret);
realm.updateCredential(app.getAgent(), secret);
return secret;
}
@ -45,7 +42,7 @@ public class OAuthClientManager {
public OAuthClientModel create(String name) {
OAuthClientModel model = realm.addOAuthClient(name);
RoleModel role = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
realm.grantRole(model.getOAuthAgent(), role);
realm.grantRole(model.getAgent(), role);
generateSecret(realm, model);
return model;
}
@ -53,7 +50,7 @@ public class OAuthClientManager {
public OAuthClientModel create(OAuthClientRepresentation rep) {
OAuthClientModel model = create(rep.getName());
update(rep, model);
UserModel resourceUser = model.getOAuthAgent();
UserModel resourceUser = model.getAgent();
if (rep.getCredentials() != null) {
for (CredentialRepresentation cred : rep.getCredentials()) {
UserCredentialModel credential = new UserCredentialModel();
@ -72,15 +69,15 @@ public class OAuthClientManager {
}
public void update(OAuthClientRepresentation rep, OAuthClientModel model) {
model.getOAuthAgent().setEnabled(rep.isEnabled());
model.getAgent().setEnabled(rep.isEnabled());
List<String> redirectUris = rep.getRedirectUris();
if (redirectUris != null) {
model.getOAuthAgent().setRedirectUris(new HashSet<String>(redirectUris));
model.getAgent().setRedirectUris(new HashSet<String>(redirectUris));
}
List<String> webOrigins = rep.getWebOrigins();
if (webOrigins != null) {
model.getOAuthAgent().setWebOrigins(new HashSet<String>(webOrigins));
model.getAgent().setWebOrigins(new HashSet<String>(webOrigins));
}
if (rep.getClaims() != null) {
@ -91,14 +88,14 @@ public class OAuthClientManager {
public static OAuthClientRepresentation toRepresentation(OAuthClientModel model) {
OAuthClientRepresentation rep = new OAuthClientRepresentation();
rep.setId(model.getId());
rep.setName(model.getOAuthAgent().getLoginName());
rep.setEnabled(model.getOAuthAgent().isEnabled());
Set<String> redirectUris = model.getOAuthAgent().getRedirectUris();
rep.setName(model.getAgent().getLoginName());
rep.setEnabled(model.getAgent().isEnabled());
Set<String> redirectUris = model.getAgent().getRedirectUris();
if (redirectUris != null) {
rep.setRedirectUris(new LinkedList<String>(redirectUris));
}
Set<String> webOrigins = model.getOAuthAgent().getWebOrigins();
Set<String> webOrigins = model.getAgent().getWebOrigins();
if (webOrigins != null) {
rep.setWebOrigins(new LinkedList<String>(webOrigins));
}
@ -138,10 +135,10 @@ public class OAuthClientManager {
rep.setSslNotRequired(realmModel.isSslNotRequired());
rep.setAuthServerUrl(baseUri.toString());
rep.setResource(model.getOAuthAgent().getLoginName());
rep.setResource(model.getAgent().getLoginName());
Map<String, String> creds = new HashMap<String, String>();
creds.put(CredentialRepresentation.SECRET, realmModel.getSecret(model.getOAuthAgent()).getValue());
creds.put(CredentialRepresentation.SECRET, realmModel.getSecret(model.getAgent()).getValue());
rep.setCredentials(creds);
return rep;

6
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -255,7 +255,7 @@ public class RealmManager {
if (rep.getApplications() != null) {
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
for (ApplicationModel app : appMap.values()) {
userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
userMap.put(app.getAgent().getLoginName(), app.getAgent());
}
}
@ -308,7 +308,7 @@ public class RealmManager {
if (rep.getOauthClients() != null) {
Map<String, OAuthClientModel> oauthMap = createOAuthClients(rep, newRealm);
for (OAuthClientModel app : oauthMap.values()) {
userMap.put(app.getOAuthAgent().getLoginName(), app.getOAuthAgent());
userMap.put(app.getAgent().getLoginName(), app.getAgent());
}
}
@ -501,7 +501,7 @@ public class RealmManager {
OAuthClientManager manager = new OAuthClientManager(realm);
for (OAuthClientRepresentation rep : realmRep.getOauthClients()) {
OAuthClientModel app = manager.create(rep);
appMap.put(app.getOAuthAgent().getLoginName(), app);
appMap.put(app.getAgent().getLoginName(), app);
}
return appMap;
}

18
services/src/main/java/org/keycloak/services/managers/TokenManager.java
View file

@ -7,7 +7,7 @@ import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClaimMask;
import org.keycloak.models.ClaimRequesterModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@ -17,7 +17,6 @@ import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.IDToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.ClaimRepresentation;
import org.keycloak.util.Base64Url;
import org.keycloak.util.JsonSerialization;
@ -25,7 +24,6 @@ import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.PrivateKey;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
@ -182,7 +180,7 @@ public class TokenManager {
}
}
ClaimRequesterModel claimRequesterModel = getClaimRequester(realm, client);
ClientModel claimRequesterModel = getClaimRequester(realm, client);
AccessToken accessToken = initToken(realm, claimRequesterModel, client, user);
accessToken.setRealmAccess(refreshToken.getRealmAccess());
@ -194,8 +192,8 @@ public class TokenManager {
return createClientAccessToken(scopeParam, realm, client, user, new LinkedList<RoleModel>(), new MultivaluedHashMap<String, RoleModel>());
}
protected ClaimRequesterModel getClaimRequester(RealmModel realm, UserModel client) {
ClaimRequesterModel model = realm.getApplicationByName(client.getLoginName());
protected ClientModel getClaimRequester(RealmModel realm, UserModel client) {
ClientModel model = realm.getApplicationByName(client.getLoginName());
if (model != null) return model;
return realm.getOAuthClient(client.getLoginName());
}
@ -208,7 +206,7 @@ public class TokenManager {
Set<RoleModel> roleMappings = realm.getRoleMappings(user);
Set<RoleModel> scopeMappings = realm.getScopeMappings(client);
ClaimRequesterModel claimRequesterModel = getClaimRequester(realm, client);
ClientModel claimRequesterModel = getClaimRequester(realm, client);
ApplicationModel clientApp = realm.getApplicationByName(client.getLoginName());
Set<RoleModel> clientAppRoles = clientApp == null ? null : clientApp.getRoles();
if (clientAppRoles != null) scopeMappings.addAll(clientAppRoles);
@ -253,7 +251,7 @@ public class TokenManager {
return token;
}
public void initClaims(IDToken token, ClaimRequesterModel model, UserModel user) {
public void initClaims(IDToken token, ClientModel model, UserModel user) {
if (ClaimMask.hasUsername(model.getAllowedClaimsMask())) {
token.setPreferredUsername(user.getLoginName());
}
@ -271,7 +269,7 @@ public class TokenManager {
}
}
protected IDToken initIDToken(RealmModel realm, ClaimRequesterModel claimer, UserModel client, UserModel user) {
protected IDToken initIDToken(RealmModel realm, ClientModel claimer, UserModel client, UserModel user) {
IDToken token = new IDToken();
token.id(KeycloakModelUtils.generateId());
token.subject(user.getId());
@ -288,7 +286,7 @@ public class TokenManager {
protected AccessToken initToken(RealmModel realm, ClaimRequesterModel claimer, UserModel client, UserModel user) {
protected AccessToken initToken(RealmModel realm, ClientModel claimer, UserModel client, UserModel user) {
AccessToken token = new AccessToken();
token.id(KeycloakModelUtils.generateId());
token.subject(user.getId());

5
services/src/main/java/org/keycloak/services/resources/AccountService.java
View file

@ -27,12 +27,9 @@ import org.keycloak.account.Account;
import org.keycloak.account.AccountLoader;
import org.keycloak.account.AccountPages;
import org.keycloak.jaxrs.JaxrsOAuthClient;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.models.*;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.AccessCodeEntry;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.managers.ModelToRepresentation;
@ -257,7 +254,7 @@ public class AccountService {
logger.debug("realm not enabled");
throw new ForbiddenException();
}
UserModel client = application.getApplicationUser();
UserModel client = application.getAgent();
if (!client.isEnabled() || !application.isEnabled()) {
logger.debug("account management app not enabled");
throw new ForbiddenException();

2
services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
View file

@ -325,7 +325,7 @@ public class AdminService {
return redirectOnLoginError("realm not enabled");
}
ApplicationModel adminConsole = adminRealm.getApplicationNameMap().get(Constants.ADMIN_CONSOLE_APPLICATION);
UserModel adminConsoleUser = adminConsole.getApplicationUser();
UserModel adminConsoleUser = adminConsole.getAgent();
if (!adminConsole.isEnabled() || !adminConsoleUser.isEnabled()) {
logger.debug("admin app not enabled");
return redirectOnLoginError("admin app not enabled");

11
services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
View file

@ -6,7 +6,6 @@ import org.keycloak.models.ApplicationModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.representations.adapters.config.BaseAdapterConfig;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.ApplicationManager;
@ -138,7 +137,7 @@ public class ApplicationResource {
auth.requireView();
logger.debug("getClientSecret");
UserCredentialModel model = realm.getSecret(application.getApplicationUser());
UserCredentialModel model = realm.getSecret(application.getAgent());
if (model == null) throw new NotFoundException("Application does not have a secret");
return ModelToRepresentation.toRepresentation(model);
}
@ -146,7 +145,7 @@ public class ApplicationResource {
@Path("scope-mappings")
public ScopeMappedResource getScopeMappedResource() {
return new ScopeMappedResource(realm, auth, application.getApplicationUser(), session);
return new ScopeMappedResource(realm, auth, application.getAgent(), session);
}
@Path("roles")
@ -161,7 +160,7 @@ public class ApplicationResource {
{
auth.requireView();
return application.getApplicationUser().getWebOrigins();
return application.getAgent().getWebOrigins();
}
@Path("allowed-origins")
@ -171,7 +170,7 @@ public class ApplicationResource {
{
auth.requireManage();
application.getApplicationUser().setWebOrigins(allowedOrigins);
application.getAgent().setWebOrigins(allowedOrigins);
}
@Path("allowed-origins")
@ -182,7 +181,7 @@ public class ApplicationResource {
auth.requireManage();
for (String origin : allowedOrigins) {
application.getApplicationUser().removeWebOrigin(origin);
application.getAgent().removeWebOrigin(origin);
}
}

6
services/src/main/java/org/keycloak/services/resources/admin/ClaimResource.java
View file

@ -1,6 +1,6 @@
package org.keycloak.services.resources.admin;
import org.keycloak.models.ClaimRequesterModel;
import org.keycloak.models.ClientModel;
import org.keycloak.representations.idm.ClaimRepresentation;
import org.keycloak.services.managers.ClaimManager;
import org.keycloak.services.managers.ModelToRepresentation;
@ -16,9 +16,9 @@ import javax.ws.rs.core.MediaType;
* @version $Revision: 1 $
*/
public class ClaimResource {
protected ClaimRequesterModel model;
protected ClientModel model;
public ClaimResource(ClaimRequesterModel model) {
public ClaimResource(ClientModel model) {
this.model = model;
}

10
services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java
View file

@ -6,13 +6,10 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.representations.adapters.config.BaseAdapterConfig;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.OAuthClientRepresentation;
import org.keycloak.services.managers.ApplicationManager;
import org.keycloak.services.managers.ModelToRepresentation;
import org.keycloak.services.managers.OAuthClientManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication;
import org.keycloak.util.JsonSerialization;
@ -29,7 +26,6 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -116,7 +112,7 @@ public class OAuthClientResource {
logger.debug("regenerateSecret");
UserCredentialModel cred = UserCredentialModel.generateSecret();
realm.updateCredential(oauthClient.getOAuthAgent(), cred);
realm.updateCredential(oauthClient.getAgent(), cred);
CredentialRepresentation rep = ModelToRepresentation.toRepresentation(cred);
return rep;
}
@ -128,14 +124,14 @@ public class OAuthClientResource {
auth.requireView();
logger.debug("getClientSecret");
UserCredentialModel model = realm.getSecret(oauthClient.getOAuthAgent());
UserCredentialModel model = realm.getSecret(oauthClient.getAgent());
if (model == null) throw new NotFoundException("Application does not have a secret");
return ModelToRepresentation.toRepresentation(model);
}
@Path("scope-mappings")
public ScopeMappedResource getScopeMappedResource() {
return new ScopeMappedResource(realm, auth, oauthClient.getOAuthAgent(), session);
return new ScopeMappedResource(realm, auth, oauthClient.getAgent(), session);
}

2
services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java
View file

@ -58,7 +58,7 @@ public class OAuthClientsResource {
rep.add(OAuthClientManager.toRepresentation(oauth));
} else {
OAuthClientRepresentation client = new OAuthClientRepresentation();
client.setName(oauth.getOAuthAgent().getLoginName());
client.setName(oauth.getAgent().getLoginName());
rep.add(client);
}
}

2
services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
View file

@ -24,6 +24,7 @@ package org.keycloak.services.resources.flows;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.models.Constants;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
@ -127,6 +128,7 @@ public class OAuthFlows {
if (!isResource
&& (accessCode.getRealmRolesRequested().size() > 0 || accessCode.getResourceRolesRequested().size() > 0)) {
OAuthClientModel oauthClient = realm.getOAuthClient(client.getLoginName());
accessCode.setExpiration(System.currentTimeMillis() / 1000 + realm.getAccessCodeLifespanUserAction());
return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode.getId(), accessCode.getCode()).
setAccessRequest(accessCode.getRealmRolesRequested(), accessCode.getResourceRolesRequested()).

4
testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
View file

@ -65,9 +65,9 @@ public class ProfileTest {
appRealm.updateCredential(user2, creds);
ApplicationModel app = appRealm.getApplicationNameMap().get("test-app");
appRealm.addScopeMapping(app.getApplicationUser(), accountApp.getRole(AccountRoles.VIEW_PROFILE));
appRealm.addScopeMapping(app.getAgent(), accountApp.getRole(AccountRoles.VIEW_PROFILE));
app.getApplicationUser().addWebOrigin("http://localtest.me:8081");
app.getAgent().addWebOrigin("http://localtest.me:8081");
UserModel thirdParty = appRealm.getUser("third-party");
appRealm.addScopeMapping(thirdParty, accountApp.getRole(AccountRoles.VIEW_PROFILE));

8
testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
View file

@ -86,21 +86,21 @@ public class CompositeRoleTest {
realmComposite1Application.addScope(realmComposite1);
realmComposite1Application.setBaseUrl("http://localhost:8081/app");
realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout");
realm.updateCredential(realmComposite1Application.getApplicationUser(), UserCredentialModel.secret("password"));
realm.updateCredential(realmComposite1Application.getAgent(), UserCredentialModel.secret("password"));
final ApplicationModel realmRole1Application = new ApplicationManager(manager).createApplication(realm, "REALM_ROLE_1_APPLICATION");
realmRole1Application.setEnabled(true);
realmRole1Application.addScope(realmRole1);
realmRole1Application.setBaseUrl("http://localhost:8081/app");
realmRole1Application.setManagementUrl("http://localhost:8081/app/logout");
realm.updateCredential(realmRole1Application.getApplicationUser(), UserCredentialModel.secret("password"));
realm.updateCredential(realmRole1Application.getAgent(), UserCredentialModel.secret("password"));
final ApplicationModel appRoleApplication = new ApplicationManager(manager).createApplication(realm, "APP_ROLE_APPLICATION");
appRoleApplication.setEnabled(true);
appRoleApplication.setBaseUrl("http://localhost:8081/app");
appRoleApplication.setManagementUrl("http://localhost:8081/app/logout");
realm.updateCredential(appRoleApplication.getApplicationUser(), UserCredentialModel.secret("password"));
realm.updateCredential(appRoleApplication.getAgent(), UserCredentialModel.secret("password"));
final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1");
final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2");
@ -121,7 +121,7 @@ public class CompositeRoleTest {
appCompositeApplication.setEnabled(true);
appCompositeApplication.setBaseUrl("http://localhost:8081/app");
appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout");
realm.updateCredential(appCompositeApplication.getApplicationUser(), UserCredentialModel.secret("password"));
realm.updateCredential(appCompositeApplication.getAgent(), UserCredentialModel.secret("password"));
final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE");
appCompositeApplication.addScope(appRole2);
appCompositeRole.addCompositeRole(realmRole1);

2
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
View file

@ -82,7 +82,7 @@ public class AuthorizationCodeTest {
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
for (ApplicationModel app : appRealm.getApplications()) {
if (app.getName().equals("test-app")) {
UserModel client = app.getApplicationUser();
UserModel client = app.getAgent();
client.addRedirectUri(oauth.getRedirectUri());
}
}

14
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java
View file

@ -48,7 +48,7 @@ public class OAuthRedirectUriTest {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
ApplicationModel app = appRealm.getApplicationNameMap().get("test-app");
app.getApplicationUser().addRedirectUri("http://localhost:8081/app");
app.getAgent().addRedirectUri("http://localhost:8081/app");
}
});
@ -81,7 +81,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.getApplicationNameMap().get("test-app").getApplicationUser().addRedirectUri("http://localhost:8081/app2");
appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app2");
}
});
@ -95,7 +95,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.getApplicationNameMap().get("test-app").getApplicationUser().removeRedirectUri("http://localhost:8081/app2");
appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app2");
}
});
}
@ -106,7 +106,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.getApplicationNameMap().get("test-app").getApplicationUser().removeRedirectUri("http://localhost:8081/app");
appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app");
}
});
@ -120,7 +120,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.getApplicationNameMap().get("test-app").getApplicationUser().addRedirectUri("http://localhost:8081/app");
appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app");
}
});
}
@ -131,7 +131,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.getApplicationNameMap().get("test-app").getApplicationUser().removeRedirectUri("http://localhost:8081/app");
appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app");
}
});
@ -144,7 +144,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.getApplicationNameMap().get("test-app").getApplicationUser().addRedirectUri("http://localhost:8081/app");
appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app");
}
});
}