libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge pull request #160 from stianst/master

Browse source 
Acct mgnmt always enabled. Rename registration to default roles.
This commit is contained in:
stianst 2014-01-17 02:07:51 -08:00
commit c0a1090733
25 changed files with 58 additions and 75 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
admin-ui/src/main/resources/META-INF/resources/admin/js/app.js
View file

@ -82,8 +82,8 @@ module.config([ '$routeProvider', function($routeProvider) {
},
controller : 'RealmSocialCtrl'
})
.when('/realms/:realm/registration-settings', {
templateUrl : 'partials/realm-registration.html',
.when('/realms/:realm/default-roles', {
templateUrl : 'partials/realm-default-roles.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
@ -95,7 +95,7 @@ module.config([ '$routeProvider', function($routeProvider) {
return RoleListLoader();
}
},
controller : 'RealmRegistrationCtrl'
controller : 'RealmDefaultRolesCtrl'
})
.when('/realms/:realm/required-credentials', {
templateUrl : 'partials/realm-credentials.html',

4
admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
View file

@ -427,9 +427,9 @@ module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm,
};
});
module.controller('RealmRegistrationCtrl', function ($scope, Realm, realm, applications, roles, Notifications, ApplicationRole, Application) {
module.controller('RealmDefaultRolesCtrl', function ($scope, Realm, realm, applications, roles, Notifications, ApplicationRole, Application) {
console.log('RealmRegistrationCtrl');
console.log('RealmDefaultRolesCtrl');
$scope.realm = realm;

2
admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-credentials.html
View file

@ -6,8 +6,8 @@
<ul class="rcue-tabs">
<li><a href="#/realms/{{realm.realm}}">General</a></li>
<li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
<li data-ng-show="realm.registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
<li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
<li class="active"><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
<li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
<li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>

2
admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-registration.html → admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-default-roles.html
View file

@ -6,8 +6,8 @@
<ul class="rcue-tabs">
<li><a href="#/realms/{{realm.realm}}">General</a></li>
<li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
<li class="active"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
<li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
<li class="active"><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
<li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
<li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>

6
admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-detail.html
View file

@ -6,8 +6,8 @@
<ul class="rcue-tabs">
<li class="active"><a href="#/realms/{{realm.realm}}">General</a></li>
<li data-ng-show="social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
<li data-ng-show="registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
<li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
<li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
<li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>
@ -61,10 +61,6 @@
<label for="verifyEmail" class="control-label">Verify email</label>
<input ng-model="realm.verifyEmail" name="verifyEmail" id="verifyEmail" onoffswitch />
</div>
<div class="form-group clearfix block">
<label for="accountManagement" class="control-label two-lines">User account management</label>
<input ng-model="realm.accountManagement" name="accountManagement" id="accountManagement" onoffswitch />
</div>
<div class="form-group clearfix block">
<label for="requireSsl" class="control-label">Require SSL</label>
<input ng-model="realm.requireSsl" name="requireSsl" id="requireSsl" onoffswitch />

2
admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-keys.html
View file

@ -6,8 +6,8 @@
<ul class="rcue-tabs">
<li><a href="#/realms/{{realm.realm}}">General</a></li>
<li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
<li data-ng-show="realm.registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
<li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
<li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
<li class="active"><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>

2
admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-smtp.html
View file

@ -6,8 +6,8 @@
<ul class="rcue-tabs">
<li><a href="#/realms/{{realm.realm}}">General</a></li>
<li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
<li data-ng-show="realm.registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
<li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
<li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
<li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>

2
admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-social.html
View file

@ -6,8 +6,8 @@
<ul class="rcue-tabs">
<li><a href="#/realms/{{realm.realm}}">General</a></li>
<li class="active" data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
<li data-ng-show="realm.registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
<li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
<li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
<li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>

2
admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-tokens.html
View file

@ -6,8 +6,8 @@
<ul class="rcue-tabs">
<li><a href="#/realms/{{realm.realm}}">General</a></li>
<li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
<li data-ng-show="realm.registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
<li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
<li class="active"><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
<li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>

2
admin-ui/src/main/resources/META-INF/resources/admin/partials/role-detail.html
View file

@ -6,8 +6,8 @@
<ul class="rcue-tabs">
<li><a href="#/realms/{{realm.realm}}">General</a></li>
<li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
<li><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
<li class="active"><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
<li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
<li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>

2
admin-ui/src/main/resources/META-INF/resources/admin/partials/role-list.html
View file

@ -6,8 +6,8 @@
<ul class="rcue-tabs">
<li><a href="#/realms/{{realm.realm}}">General</a></li>
<li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
<li data-ng-show="realm.registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
<li class="active"><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
<li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
<li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
<li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>

9
core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
View file

@ -17,7 +17,6 @@ public class RealmRepresentation {
protected Integer accessCodeLifespan;
protected Integer accessCodeLifespanUserAction;
protected Boolean enabled;
protected Boolean accountManagement;
protected Boolean sslNotRequired;
protected Boolean registrationAllowed;
protected Boolean verifyEmail;
@ -107,14 +106,6 @@ public class RealmRepresentation {
this.enabled = enabled;
}
public Boolean getAccountManagement() {
return accountManagement;
}
public void setAccountManagement(Boolean accountManagement) {
this.accountManagement = accountManagement;
}
public Boolean isSslNotRequired() {
return sslNotRequired;
}

1
examples/as7-eap-demo/testrealm.json
View file

@ -4,7 +4,6 @@
"tokenLifespan": 3000,
"accessCodeLifespan": 10,
"accessCodeLifespanUserAction": 6000,
"accountManagement": true,
"sslNotRequired": true,
"registrationAllowed": false,
"social": false,

1
examples/wildfly-demo/testrealm.json
View file

@ -4,7 +4,6 @@
"tokenLifespan": 3000,
"accessCodeLifespan": 10,
"accessCodeLifespanUserAction": 6000,
"accountManagement": true,
"sslNotRequired": true,
"registrationAllowed": false,
"social": false,

14
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -444,7 +444,19 @@ public class RealmAdapter implements RealmModel {
entity.setRealm(realm);
em.persist(entity);
em.flush();
return new UserAdapter(entity);
UserModel userModel = new UserAdapter(entity);
for (String r : getDefaultRoles()) {
grantRole(userModel, getRole(r));
}
for (ApplicationModel application : getApplications()) {
for (String r : application.getDefaultRoles()) {
application.grantRole(userModel, application.getRole(r));
}
}
return userModel;
}
@Override

16
model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java
View file

@ -516,7 +516,19 @@ public class RealmAdapter implements RealmModel {
if (user != null) throw new IllegalStateException("User already exists");
user = new User(username);
getIdm().add(user);
return new UserAdapter(user, getIdm());
UserAdapter userModel = new UserAdapter(user, getIdm());
for (String r : getDefaultRoles()) {
grantRole(userModel, getRole(r));
}
for (ApplicationModel application : getApplications()) {
for (String r : application.getDefaultRoles()) {
application.grantRole(userModel, application.getRole(r));
}
}
return userModel;
}
@Override
@ -885,7 +897,7 @@ public class RealmAdapter implements RealmModel {
@Override
public Set<SocialLinkModel> getSocialLinks(UserModel user) {
RelationshipQuery<SocialLinkRelationship> query = getRelationshipManager().createRelationshipQuery(SocialLinkRelationship.class);
query.setParameter(SocialLinkRelationship.USER, ((UserAdapter)user).getUser());
query.setParameter(SocialLinkRelationship.USER, ((UserAdapter) user).getUser());
List<SocialLinkRelationship> plSocialLinks = query.getResultList();
Set<SocialLinkModel> results = new HashSet<SocialLinkModel>();

1
services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
View file

@ -76,7 +76,6 @@ public class ApplianceBootstrap {
adminConsole.grantRole(adminUser, adminRole);
manager.enableAccountManagement(realm);
ApplicationModel accountApp = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
for (String r : accountApp.getDefaultRoles()) {
accountApp.grantRole(adminUser, accountApp.getRole(r));

27
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -78,6 +78,9 @@ public class RealmManager {
realm.setName(name);
realm.addRole(Constants.APPLICATION_ROLE);
realm.addRole(Constants.IDENTITY_REQUESTER_ROLE);
setupAccountManagement(realm);
return realm;
}
@ -125,12 +128,6 @@ public class RealmManager {
realm.updateDefaultRoles(rep.getDefaultRoles().toArray(new String[rep.getDefaultRoles().size()]));
}
if (rep.getAccountManagement() != null && rep.getAccountManagement()) {
enableAccountManagement(realm);
} else {
disableAccountManagement(realm);
}
if (rep.getSmtpServer() != null) {
realm.setSmtpConfig(new HashMap(rep.getSmtpServer()));
}
@ -144,10 +141,12 @@ public class RealmManager {
}
}
public void enableAccountManagement(RealmModel realm) {
private void setupAccountManagement(RealmModel realm) {
ApplicationModel application = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
if (application == null) {
application = realm.addApplication(Constants.ACCOUNT_APPLICATION);
application.setEnabled(true);
application.addDefaultRole(Constants.ACCOUNT_PROFILE_ROLE);
application.addDefaultRole(Constants.ACCOUNT_MANAGE_ROLE);
@ -160,14 +159,6 @@ public class RealmManager {
RoleModel applicationRole = realm.getRole(Constants.APPLICATION_ROLE);
realm.grantRole(application.getApplicationUser(), applicationRole);
}
application.setEnabled(true);
}
public void disableAccountManagement(RealmModel realm) {
ApplicationModel application = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
if (application != null) {
application.setEnabled(false); // TODO Should we delete the application instead?
}
}
public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
@ -180,7 +171,6 @@ public class RealmManager {
return realm;
}
public void importRealm(RealmRepresentation rep, RealmModel newRealm) {
newRealm.setName(rep.getRealm());
if (rep.isEnabled() != null) newRealm.setEnabled(rep.isEnabled());
@ -270,10 +260,6 @@ public class RealmManager {
}
if (rep.getAccountManagement() != null && rep.getAccountManagement()) {
enableAccountManagement(newRealm);
}
// Now that all possible users and applications are created (users, apps, and oauth clients), do role mappings and scope mappings
Map<String, ApplicationModel> appMap = newRealm.getApplicationNameMap();
@ -492,7 +478,6 @@ public class RealmManager {
}
ApplicationModel accountManagementApplication = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
rep.setAccountManagement(accountManagementApplication != null && accountManagementApplication.isEnabled());
List<String> defaultRoles = realm.getDefaultRoles();
if (!defaultRoles.isEmpty()) {

10
services/src/main/java/org/keycloak/services/resources/TokenService.java
View file

@ -339,16 +339,6 @@ public class TokenService {
realm.updateCredential(user, credentials);
}
for (String r : realm.getDefaultRoles()) {
realm.grantRole(user, realm.getRole(r));
}
for (ApplicationModel application : realm.getApplications()) {
for (String r : application.getDefaultRoles()) {
application.grantRole(user, application.getRole(r));
}
}
return processLogin(clientId, scopeParam, state, redirect, formData);
}

4
services/src/test/java/org/keycloak/test/AdapterTest.java
View file

@ -438,8 +438,8 @@ public class AdapterTest extends AbstractKeycloakTest {
RealmModel otherRealm = adapter.createRealm("other");
otherRealm.addUser("bburke");
Assert.assertEquals(1, otherRealm.getUsers().size());
Assert.assertEquals(1, otherRealm.searchForUser("u").size());
Assert.assertEquals(2, otherRealm.getUsers().size());
Assert.assertEquals(1, otherRealm.searchForUser("bu").size());
}

2
services/src/test/java/org/keycloak/test/ApplicationModelTest.java
View file

@ -68,7 +68,7 @@ public class ApplicationModelTest extends AbstractKeycloakServerTest {
public void persist() {
RealmModel persisted = manager.getRealm(realm.getId());
assertEquals(application, persisted.getApplications().get(0));
assertEquals(application, persisted.getApplicationNameMap().get("app-name"));
}
@Test

2
services/src/test/java/org/keycloak/test/ImportTest.java
View file

@ -54,7 +54,7 @@ public class ImportTest extends AbstractKeycloakTest {
Assert.assertEquals(0, realm.getSocialLinks(user).size());
List<ApplicationModel> resources = realm.getApplications();
Assert.assertEquals(2, resources.size());
Assert.assertEquals(3, resources.size());
// Test scope relationship
ApplicationModel application = realm.getApplicationNameMap().get("Application");

6
testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
View file

@ -54,12 +54,12 @@ public class ProfileTest {
user.setAttribute("key2", "value2");
ApplicationModel accountApp = appRealm.getApplicationNameMap().get(org.keycloak.models.Constants.ACCOUNT_APPLICATION);
for (String r : accountApp.getDefaultRoles()) {
accountApp.grantRole(user, accountApp.getRole(r));
}
UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
user2.setEnabled(true);
for (String r : accountApp.getDefaultRoles()) {
accountApp.deleteRoleMapping(user2, accountApp.getRole(r));
}
UserCredentialModel creds = new UserCredentialModel();
creds.setType(CredentialRepresentation.PASSWORD);
creds.setValue("password");

7
testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AccountTest.java
View file

@ -52,13 +52,14 @@ public class AccountTest {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
UserModel user = appRealm.getUser("test-user@localhost");
ApplicationModel accountApp = appRealm.getApplicationNameMap().get(org.keycloak.models.Constants.ACCOUNT_APPLICATION);
for (String r : accountApp.getDefaultRoles()) {
accountApp.grantRole(user, accountApp.getRole(r));
}
UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
user2.setEnabled(true);
for (String r : accountApp.getDefaultRoles()) {
accountApp.deleteRoleMapping(user2, accountApp.getRole(r));
}
UserCredentialModel creds = new UserCredentialModel();
creds.setType(CredentialRepresentation.PASSWORD);
creds.setValue("password");

1
testsuite/integration/src/test/resources/testrealm.json
View file

@ -7,7 +7,6 @@
"accessCodeLifespanUserAction": 600,
"sslNotRequired": true,
"registrationAllowed": true,
"accountManagement": true,
"resetPasswordAllowed": true,
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",