diff --git a/apps/admin-ui/cypress/support/pages/admin-ui/ListingPage.ts b/apps/admin-ui/cypress/support/pages/admin-ui/ListingPage.ts index f78034f687..b0dae38dbe 100644 --- a/apps/admin-ui/cypress/support/pages/admin-ui/ListingPage.ts +++ b/apps/admin-ui/cypress/support/pages/admin-ui/ListingPage.ts @@ -93,7 +93,7 @@ export default class ListingPage extends CommonElements { searchItem(searchValue: string, wait = true) { if (wait) { - const searchUrl = `/admin/realms/master/*${searchValue}*`; + const searchUrl = `/admin/realms/master/**/*${searchValue}*`; cy.intercept(searchUrl).as("search"); } diff --git a/apps/admin-ui/cypress/support/pages/admin-ui/manage/groups/GroupPage.ts b/apps/admin-ui/cypress/support/pages/admin-ui/manage/groups/GroupPage.ts index 3f23866c1b..cc3688d072 100644 --- a/apps/admin-ui/cypress/support/pages/admin-ui/manage/groups/GroupPage.ts +++ b/apps/admin-ui/cypress/support/pages/admin-ui/manage/groups/GroupPage.ts @@ -44,7 +44,7 @@ export default class GroupPage extends PageObject { protected search(searchField: string, searchValue: string, wait: boolean) { if (wait) { - const searchUrl = `/admin/realms/master/*${searchValue}*`; + const searchUrl = `/admin/realms/master/**/*${searchValue}*`; cy.intercept(searchUrl).as("search"); } diff --git a/apps/admin-ui/src/authentication/AuthenticationSection.tsx b/apps/admin-ui/src/authentication/AuthenticationSection.tsx index faad004f73..1cc4253146 100644 --- a/apps/admin-ui/src/authentication/AuthenticationSection.tsx +++ b/apps/admin-ui/src/authentication/AuthenticationSection.tsx @@ -72,7 +72,7 @@ export default function AuthenticationSection() { const flowsRequest = await fetch( `${addTrailingSlash( adminClient.baseUrl - )}admin/realms/${realm}/admin-ui-authentication-management/flows`, + )}admin/realms/${realm}/ui-ext/authentication-management/flows`, { method: "GET", headers: getAuthorizationHeaders(await adminClient.getAccessToken()), diff --git a/apps/admin-ui/src/components/role-mapping/resource.ts b/apps/admin-ui/src/components/role-mapping/resource.ts index f914805343..befba1945c 100644 --- a/apps/admin-ui/src/components/role-mapping/resource.ts +++ b/apps/admin-ui/src/components/role-mapping/resource.ts @@ -41,7 +41,7 @@ const fetchEndpoint = async ({ search, endpoint, }: Query): Promise => - fetchAdminUI(adminClient, `/admin-ui-${endpoint}/${type}/${id}`, { + fetchAdminUI(adminClient, `/ui-ext/${endpoint}/${type}/${id}`, { first: (first || 0).toString(), max: (max || 10).toString(), search: search || "", @@ -81,7 +81,7 @@ export const findUsers = ({ }: UserQuery): Promise => fetchAdminUI( adminClient, - "admin-ui-brute-force-user", + "ui-ext/brute-force-user", query as Record ); diff --git a/apps/admin-ui/src/groups/GroupTable.tsx b/apps/admin-ui/src/groups/GroupTable.tsx index 2246621721..3295b5e32a 100644 --- a/apps/admin-ui/src/groups/GroupTable.tsx +++ b/apps/admin-ui/src/groups/GroupTable.tsx @@ -71,7 +71,7 @@ export const GroupTable = ({ refresh: viewRefresh }: GroupTableProps) => { } else { groupsData = await fetchAdminUI( adminClient, - "admin-ui-groups", + "ui-ext/groups", { ...params, global: "false", diff --git a/apps/admin-ui/src/groups/components/GroupTree.tsx b/apps/admin-ui/src/groups/components/GroupTree.tsx index 58799153f5..a53579fe8d 100644 --- a/apps/admin-ui/src/groups/components/GroupTree.tsx +++ b/apps/admin-ui/src/groups/components/GroupTree.tsx @@ -153,7 +153,7 @@ export const GroupTree = ({ refresh: viewRefresh }: GroupTreeProps) => { () => fetchAdminUI( adminClient, - "admin-ui-groups", + "ui-ext/groups", Object.assign( { first: `${first}`, diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/AuthenticationManagementProvider.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/AuthenticationManagementProvider.java deleted file mode 100644 index 1ec3760495..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/AuthenticationManagementProvider.java +++ /dev/null @@ -1,33 +0,0 @@ -package org.keycloak.admin.ui.rest; - -import org.keycloak.Config; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.RealmModel; -import org.keycloak.services.resources.admin.AdminEventBuilder; -import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider; -import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; - -public final class AuthenticationManagementProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider { - public AdminRealmResourceProvider create(KeycloakSession session) { - return this; - } - - public void init(Config.Scope config) { - } - - public void postInit(KeycloakSessionFactory factory) { - } - - public void close() { - } - - public String getId() { - return "admin-ui-authentication-management"; - } - - public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { - return new AuthenticationManagementResource(session, realm, auth); - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/AuthenticationManagementResource.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/AuthenticationManagementResource.java deleted file mode 100644 index b2b6eec074..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/AuthenticationManagementResource.java +++ /dev/null @@ -1,115 +0,0 @@ -package org.keycloak.admin.ui.rest; - -import java.util.List; -import java.util.Objects; -import java.util.stream.Collectors; -import java.util.stream.Stream; -import javax.ws.rs.Consumes; -import javax.ws.rs.DefaultValue; -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import org.eclipse.microprofile.openapi.annotations.Operation; -import org.eclipse.microprofile.openapi.annotations.enums.SchemaType; -import org.eclipse.microprofile.openapi.annotations.media.Content; -import org.eclipse.microprofile.openapi.annotations.media.Schema; -import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; -import org.keycloak.admin.ui.rest.model.Authentication; -import org.keycloak.admin.ui.rest.model.AuthenticationMapper; -import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.ClientModel; -import org.keycloak.models.IdentityProviderModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; -import org.keycloak.models.utils.DefaultAuthenticationFlows; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; - - -public class AuthenticationManagementResource extends RoleMappingResource { - private final KeycloakSession session; - - private RealmModel realm; - private AdminPermissionEvaluator auth; - - public AuthenticationManagementResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth) { - super(realm, auth); - this.realm = realm; - this.auth = auth; - this.session = session; - } - - @GET - @Path("/flows") - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "List all authentication flows for this realm", - description = "This endpoint returns all the authentication flows and lists if there they are used." - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = Authentication.class, - type = SchemaType.ARRAY - ) - )} - ) - public final List listIdentityProviders() { - auth.realm().requireViewAuthenticationFlows(); - - return realm.getAuthenticationFlowsStream() - .filter(flow -> flow.isTopLevel() && !Objects.equals(flow.getAlias(), DefaultAuthenticationFlows.SAML_ECP_FLOW)) - .map(flow -> AuthenticationMapper.convertToModel(flow, realm)) - .collect(Collectors.toList()); - - } - - - @GET - @Path("/{type}/{id}") - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "List all clients or identity providers that this flow is used by", - description = "List all the clients or identity providers this flow is used by as a paginated list" - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = String.class, - type = SchemaType.ARRAY - ) - )} - ) - public final List listUsed(@PathParam("id") String id, @PathParam("type") String type, @QueryParam("first") @DefaultValue("0") long first, - @QueryParam("max") @DefaultValue("10") long max, @QueryParam("search") @DefaultValue("") String search) { - auth.realm().requireViewAuthenticationFlows(); - - final AuthenticationFlowModel flow = realm.getAuthenticationFlowsStream().filter(f -> id.equals(f.getId())).collect(Collectors.toList()).get(0); - - if ("clients".equals(type)) { - final Stream clients = realm.getClientsStream(); - return clients.filter( - c -> c.getAuthenticationFlowBindingOverrides().get("browser") != null && c.getAuthenticationFlowBindingOverrides() - .get("browser").equals(flow.getId()) || c.getAuthenticationFlowBindingOverrides() - .get("direct_grant") != null && c.getAuthenticationFlowBindingOverrides().get("direct_grant").equals(flow.getId())) - .map(ClientModel::getClientId).filter(f -> f.contains(search)) - .skip("".equals(search) ? first : 0).limit(max).collect(Collectors.toList()); - } - - if ("idp".equals(type)) { - final Stream identityProviders = realm.getIdentityProvidersStream(); - return identityProviders.filter(idp -> idp.getFirstBrokerLoginFlowId().equals(flow.getId())) - .map(IdentityProviderModel::getAlias).filter(f -> f.contains(search)) - .skip("".equals(search) ? first : 0).limit(max).collect(Collectors.toList()); - } - - throw new IllegalArgumentException("Invalid type"); - } -} \ No newline at end of file diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingProvider.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingProvider.java deleted file mode 100644 index d5ad193da4..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingProvider.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.keycloak.admin.ui.rest; - -import org.keycloak.Config; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.RealmModel; -import org.keycloak.services.resources.admin.AdminEventBuilder; -import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider; -import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; - -public final class AvailableRoleMappingProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider { - public AdminRealmResourceProvider create(KeycloakSession session) { - return this; - } - - public void init(Config.Scope config) { - - } - - public void postInit(KeycloakSessionFactory factory) { - - } - - public void close() { - } - - public String getId() { - return "admin-ui-available-roles"; - } - - public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { - return new AvailableRoleMappingResource(session, realm, auth); - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingResource.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingResource.java deleted file mode 100644 index 6f85dd81eb..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingResource.java +++ /dev/null @@ -1,183 +0,0 @@ -package org.keycloak.admin.ui.rest; - -import java.util.List; -import java.util.Objects; -import java.util.function.Predicate; -import javax.ws.rs.Consumes; -import javax.ws.rs.DefaultValue; -import javax.ws.rs.ForbiddenException; -import javax.ws.rs.GET; -import javax.ws.rs.NotFoundException; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import org.eclipse.microprofile.openapi.annotations.Operation; -import org.eclipse.microprofile.openapi.annotations.enums.SchemaType; -import org.eclipse.microprofile.openapi.annotations.media.Content; -import org.eclipse.microprofile.openapi.annotations.media.Schema; -import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; -import org.keycloak.admin.ui.rest.model.ClientRole; -import org.keycloak.models.ClientModel; -import org.keycloak.models.ClientScopeModel; -import org.keycloak.models.GroupModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; -import org.keycloak.models.RoleModel; -import org.keycloak.models.UserModel; -import org.keycloak.models.UserProvider; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; - -public class AvailableRoleMappingResource extends RoleMappingResource { - private final KeycloakSession session; - private final RealmModel realm; - private final AdminPermissionEvaluator auth; - - public AvailableRoleMappingResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth) { - super(realm, auth); - this.realm = realm; - this.auth = auth; - this.session = session; - } - - @GET - @Path("/clientScopes/{id}") - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "List all composite client roles for this client scope", - description = "This endpoint returns all the client role mapping for a specific client scope" - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = ClientRole.class, - type = SchemaType.ARRAY - ) - )} - ) - public final List listCompositeClientScopeRoleMappings(@PathParam("id") String id, @QueryParam("first") - @DefaultValue("0") long first, @QueryParam("max") @DefaultValue("10") long max, @QueryParam("search") @DefaultValue("") String search) { - ClientScopeModel scopeModel = this.realm.getClientScopeById(id); - if (scopeModel == null) { - throw new NotFoundException("Could not find client scope"); - } else { - this.auth.clients().requireView(scopeModel); - return this.mapping(((Predicate) scopeModel::hasDirectScope).negate(), first, max, search); - } - } - - @GET - @Path("/clients/{id}") - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "List all composite client roles for this client", - description = "This endpoint returns all the client role mapping for a specific client" - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = ClientRole.class, - type = SchemaType.ARRAY - ) - )} - ) - public final List listCompositeClientRoleMappings(@PathParam("id") String id, @QueryParam("first") - @DefaultValue("0") long first, @QueryParam("max") @DefaultValue("10") long max, @QueryParam("search") @DefaultValue("") String search) { - ClientModel client = this.realm.getClientById(id); - if (client == null) { - throw new NotFoundException("Could not find client"); - } else { - this.auth.clients().requireView(client); - return this.mapping(((Predicate) client::hasDirectScope).negate(), first, max, search); - } - } - - @GET - @Path("/groups/{id}") - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "List all composite client roles for this group", - description = "This endpoint returns all the client role mapping for a specific group" - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = ClientRole.class, - type = SchemaType.ARRAY - ) - )} - ) - public final List listCompositeGroupRoleMappings(@PathParam("id") String id, @QueryParam("first") - @DefaultValue("0") long first, @QueryParam("max") @DefaultValue("10") long max, @QueryParam("search") @DefaultValue("") String search) { - GroupModel group = this.realm.getGroupById(id); - if (group == null) { - throw new NotFoundException("Could not find group"); - } else { - this.auth.groups().requireView(group); - return this.mapping(((Predicate) group::hasDirectRole).negate(), first, max, search); - } - } - - @GET - @Path("/users/{id}") - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "List all composite client roles for this user", - description = "This endpoint returns all the client role mapping for a specific user" - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = ClientRole.class, - type = SchemaType.ARRAY - ) - )} - ) - public final List listCompositeUserRoleMappings(@PathParam("id") String id, @QueryParam("first") @DefaultValue("0") long first, - @QueryParam("max") @DefaultValue("10") long max, @QueryParam("search") @DefaultValue("") String search) { - UserProvider users = Objects.requireNonNull(session).users(); - UserModel userModel = users.getUserById(this.realm, id); - if (userModel == null) { - if (auth.users().canQuery()) throw new NotFoundException("User not found"); - else throw new ForbiddenException(); - } - - this.auth.users().requireView(userModel); - return this.mapping(((Predicate) userModel::hasDirectRole).negate(), first, max, search); - } - - @GET - @Path("/roles/{id}") - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "List all composite client roles", - description = "This endpoint returns all the client role" - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = ClientRole.class, - type = SchemaType.ARRAY - ) - )} - ) - public final List listCompositeRoleMappings(@QueryParam("first") @DefaultValue("0") long first, - @QueryParam("max") @DefaultValue("10") long max, @QueryParam("search") @DefaultValue("") String search) { - return this.mapping(o -> true, first, max, search); - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersProvider.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersProvider.java deleted file mode 100644 index 4e9bd03ec2..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersProvider.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.keycloak.admin.ui.rest; - -import org.keycloak.Config; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.RealmModel; -import org.keycloak.services.resources.admin.AdminEventBuilder; -import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider; -import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; - -public final class BruteForceUsersProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider { - public AdminRealmResourceProvider create(KeycloakSession session) { - return this; - } - - public void init(Config.Scope config) { - - } - - public void postInit(KeycloakSessionFactory factory) { - - } - - public void close() { - } - - public String getId() { - return "admin-ui-brute-force-user"; - } - - public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { - return new BruteForceUsersResource(session, realm, auth); - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java deleted file mode 100644 index 8131865990..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java +++ /dev/null @@ -1,218 +0,0 @@ -package org.keycloak.admin.ui.rest; - -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; -import java.util.Set; -import java.util.stream.Stream; -import javax.ws.rs.Consumes; -import javax.ws.rs.DefaultValue; -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import org.eclipse.microprofile.openapi.annotations.Operation; -import org.eclipse.microprofile.openapi.annotations.enums.SchemaType; -import org.eclipse.microprofile.openapi.annotations.media.Content; -import org.eclipse.microprofile.openapi.annotations.media.Schema; -import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; -import org.jboss.logging.Logger; -import org.keycloak.admin.ui.rest.model.BruteUser; -import org.keycloak.common.util.Time; -import org.keycloak.models.Constants; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserLoginFailureModel; -import org.keycloak.models.UserModel; -import org.keycloak.models.utils.ModelToRepresentation; -import org.keycloak.representations.idm.UserRepresentation; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; -import org.keycloak.services.resources.admin.permissions.UserPermissionEvaluator; -import org.keycloak.utils.SearchQueryUtils; - -public class BruteForceUsersResource { - private static final Logger logger = Logger.getLogger(BruteForceUsersResource.class); - private static final String SEARCH_ID_PARAMETER = "id:"; - private final KeycloakSession session; - private final RealmModel realm; - private final AdminPermissionEvaluator auth; - - public BruteForceUsersResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth) { - this.realm = realm; - this.auth = auth; - this.session = session; - } - - @GET - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "Find all users and add if they are locked by brute force protection", - description = "Same endpoint as the users search but added brute force protection status." - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = BruteUser.class, - type = SchemaType.ARRAY - ) - )} - ) - public final Stream searchUser(@QueryParam("search") String search, - @QueryParam("lastName") String last, - @QueryParam("firstName") String first, - @QueryParam("email") String email, - @QueryParam("username") String username, - @QueryParam("emailVerified") Boolean emailVerified, - @QueryParam("idpAlias") String idpAlias, - @QueryParam("idpUserId") String idpUserId, - @QueryParam("first") @DefaultValue("-1") Integer firstResult, - @QueryParam("max") @DefaultValue("" + Constants.DEFAULT_MAX_RESULTS) Integer maxResults, - @QueryParam("enabled") Boolean enabled, - @QueryParam("briefRepresentation") Boolean briefRepresentation, - @QueryParam("exact") Boolean exact, - @QueryParam("q") String searchQuery) { - final UserPermissionEvaluator userPermissionEvaluator = auth.users(); - userPermissionEvaluator.requireQuery(); - - Map searchAttributes = searchQuery == null - ? Collections.emptyMap() - : SearchQueryUtils.getFields(searchQuery); - - Stream userModels = Stream.empty(); - if (search != null) { - if (search.startsWith(SEARCH_ID_PARAMETER)) { - UserModel userModel = - session.users().getUserById(realm, search.substring(SEARCH_ID_PARAMETER.length()).trim()); - if (userModel != null) { - userModels = Stream.of(userModel); - } - } else { - Map attributes = new HashMap<>(); - attributes.put(UserModel.SEARCH, search.trim()); - if (enabled != null) { - attributes.put(UserModel.ENABLED, enabled.toString()); - } - return searchForUser(attributes, realm, userPermissionEvaluator, briefRepresentation, firstResult, - maxResults, false); - } - } else if (last != null || first != null || email != null || username != null || emailVerified != null - || idpAlias != null || idpUserId != null || enabled != null || exact != null || !searchAttributes.isEmpty()) { - Map attributes = new HashMap<>(); - if (last != null) { - attributes.put(UserModel.LAST_NAME, last); - } - if (first != null) { - attributes.put(UserModel.FIRST_NAME, first); - } - if (email != null) { - attributes.put(UserModel.EMAIL, email); - } - if (username != null) { - attributes.put(UserModel.USERNAME, username); - } - if (emailVerified != null) { - attributes.put(UserModel.EMAIL_VERIFIED, emailVerified.toString()); - } - if (idpAlias != null) { - attributes.put(UserModel.IDP_ALIAS, idpAlias); - } - if (idpUserId != null) { - attributes.put(UserModel.IDP_USER_ID, idpUserId); - } - if (enabled != null) { - attributes.put(UserModel.ENABLED, enabled.toString()); - } - if (exact != null) { - attributes.put(UserModel.EXACT, exact.toString()); - } - - attributes.putAll(searchAttributes); - - return searchForUser(attributes, realm, userPermissionEvaluator, briefRepresentation, firstResult, - maxResults, true); - } else { - return searchForUser(new HashMap<>(), realm, userPermissionEvaluator, briefRepresentation, - firstResult, maxResults, false); - } - - return toRepresentation(realm, userPermissionEvaluator, briefRepresentation, userModels); - - } - - private Stream searchForUser(Map attributes, RealmModel realm, UserPermissionEvaluator usersEvaluator, Boolean briefRepresentation, Integer firstResult, Integer maxResults, Boolean includeServiceAccounts) { - session.setAttribute(UserModel.INCLUDE_SERVICE_ACCOUNT, includeServiceAccounts); - - if (!auth.users().canView()) { - Set groupModels = auth.groups().getGroupsWithViewPermission(); - - if (!groupModels.isEmpty()) { - session.setAttribute(UserModel.GROUPS, groupModels); - } - } - - Stream userModels = session.users().searchForUserStream(realm, attributes, firstResult, maxResults); - return toRepresentation(realm, usersEvaluator, briefRepresentation, userModels); - } - - private Stream toRepresentation(RealmModel realm, UserPermissionEvaluator usersEvaluator, - Boolean briefRepresentation, Stream userModels) { - boolean briefRepresentationB = briefRepresentation != null && briefRepresentation; - boolean canViewGlobal = usersEvaluator.canView(); - - usersEvaluator.grantIfNoPermission(session.getAttribute(UserModel.GROUPS) != null); - return userModels.filter(user -> canViewGlobal || usersEvaluator.canView(user)).map(user -> { - UserRepresentation userRep = briefRepresentationB ? - ModelToRepresentation.toBriefRepresentation(user) : - ModelToRepresentation.toRepresentation(session, realm, user); - userRep.setAccess(usersEvaluator.getAccess(user)); - return userRep; - }).map(this::getBruteForceStatus); - } - - private BruteUser getBruteForceStatus(UserRepresentation user) { - BruteUser bruteUser = new BruteUser(user); - Map data = new HashMap<>(); - data.put("disabled", false); - data.put("numFailures", 0); - data.put("lastFailure", 0); - data.put("lastIPFailure", "n/a"); - if (!realm.isBruteForceProtected()) - bruteUser.setBruteForceStatus(data); - - UserLoginFailureModel model = session.loginFailures().getUserLoginFailure(realm, user.getId()); - if (model == null) { - bruteUser.setBruteForceStatus(data); - return bruteUser; - } - - boolean disabled; - disabled = isTemporarilyDisabled(session, realm, user); - if (disabled) { - data.put("disabled", true); - } - - data.put("numFailures", model.getNumFailures()); - data.put("lastFailure", model.getLastFailure()); - data.put("lastIPFailure", model.getLastIPFailure()); - bruteUser.setBruteForceStatus(data); - - return bruteUser; - } - - public boolean isTemporarilyDisabled(KeycloakSession session, RealmModel realm, UserRepresentation user) { - UserLoginFailureModel failure = session.loginFailures().getUserLoginFailure(realm, user.getId()); - if (failure != null) { - int currTime = (int)(Time.currentTimeMillis() / 1000L); - int failedLoginNotBefore = failure.getFailedLoginNotBefore(); - if (currTime < failedLoginNotBefore) { - logger.debugv("Current: {0} notBefore: {1}", currTime, failedLoginNotBefore); - return true; - } - } - - return false; - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/EffectiveRoleMappingProvider.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/EffectiveRoleMappingProvider.java deleted file mode 100644 index 479a75fd6b..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/EffectiveRoleMappingProvider.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.keycloak.admin.ui.rest; - -import org.keycloak.Config; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.RealmModel; -import org.keycloak.services.resources.admin.AdminEventBuilder; -import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider; -import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; - -public final class EffectiveRoleMappingProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider { - public AdminRealmResourceProvider create(KeycloakSession session) { - return this; - } - - public void init(Config.Scope config) { - - } - - public void postInit(KeycloakSessionFactory factory) { - - } - - public void close() { - } - - public String getId() { - return "admin-ui-effective-roles"; - } - - public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { - return new EffectiveRoleMappingResource(session, realm, auth); - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/EffectiveRoleMappingResource.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/EffectiveRoleMappingResource.java deleted file mode 100644 index 2c4528e2fd..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/EffectiveRoleMappingResource.java +++ /dev/null @@ -1,170 +0,0 @@ -package org.keycloak.admin.ui.rest; - -import java.util.List; -import java.util.stream.Collectors; -import javax.ws.rs.Consumes; -import javax.ws.rs.ForbiddenException; -import javax.ws.rs.GET; -import javax.ws.rs.NotFoundException; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import org.eclipse.microprofile.openapi.annotations.Operation; -import org.eclipse.microprofile.openapi.annotations.enums.SchemaType; -import org.eclipse.microprofile.openapi.annotations.media.Content; -import org.eclipse.microprofile.openapi.annotations.media.Schema; -import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; -import org.keycloak.admin.ui.rest.model.ClientRole; -import org.keycloak.models.ClientModel; -import org.keycloak.models.ClientScopeModel; -import org.keycloak.models.GroupModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserModel; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; - -public class EffectiveRoleMappingResource extends RoleMappingResource { - private KeycloakSession session; - private RealmModel realm; - private AdminPermissionEvaluator auth; - - public EffectiveRoleMappingResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth) { - super(realm, auth); - this.realm = realm; - this.auth = auth; - this.session = session; - } - - @GET - @Path("/clientScopes/{id}") - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "List all effective roles for this client scope", - description = "This endpoint returns all the client role mapping for a specific client scope" - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = ClientRole.class, - type = SchemaType.ARRAY - ) - )} - ) - public final List listCompositeClientScopeRoleMappings(@PathParam("id") String id) { - ClientScopeModel clientScope = this.realm.getClientScopeById(id); - if (clientScope == null) { - throw new NotFoundException("Could not find client scope"); - } - - this.auth.clients().requireView(clientScope); - return this.mapping(clientScope::hasScope).collect(Collectors.toList()); - } - - @GET - @Path("/clients/{id}") - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "List all effective roles for this client", - description = "This endpoint returns all the client role mapping for a specific client" - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = ClientRole.class, - type = SchemaType.ARRAY - ) - )} - ) - public final List listCompositeClientsRoleMappings(@PathParam("id") String id) { - ClientModel client = this.realm.getClientById(id); - if (client == null) { - throw new NotFoundException("Could not find client"); - } - auth.clients().requireView(client); - return mapping(client::hasScope).collect(Collectors.toList()); - } - - @GET - @Path("/groups/{id}") - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "List all effective roles for this group", - description = "This endpoint returns all the client role mapping for a specific group" - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = ClientRole.class, - type = SchemaType.ARRAY - ) - )} - ) - public final List listCompositeGroupsRoleMappings(@PathParam("id") String id) { - GroupModel group = this.realm.getGroupById(id); - if (group == null) { - throw new NotFoundException("Could not find group"); - } - - return mapping(group::hasRole).collect(Collectors.toList()); - } - - @GET - @Path("/users/{id}") - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "List all effective roles for this users", - description = "This endpoint returns all the client role mapping for a specific users" - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = ClientRole.class, - type = SchemaType.ARRAY - ) - )} - ) - public final List listCompositeUsersRoleMappings(@PathParam("id") String id) { - UserModel user = session.users().getUserById(this.realm, id); - if (user == null) { - if (auth.users().canQuery()) throw new NotFoundException("User not found"); - else throw new ForbiddenException(); - } - - return mapping(user::hasRole).collect(Collectors.toList()); - } - - @GET - @Path("/roles/{id}") - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "List all effective roles for this realm role", - description = "This endpoint returns all the client role mapping for a specific realm role" - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = ClientRole.class, - type = SchemaType.ARRAY - ) - )} - ) - public final List listCompositeRealmRoleMappings() { - return mapping(o -> true).collect(Collectors.toList()); - } - -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/GroupsResource.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/GroupsResource.java deleted file mode 100644 index ef3fe85f53..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/GroupsResource.java +++ /dev/null @@ -1,97 +0,0 @@ -package org.keycloak.admin.ui.rest; - -import static org.keycloak.models.utils.ModelToRepresentation.toRepresentation; - -import java.util.stream.Collectors; -import java.util.stream.Stream; -import javax.ws.rs.Consumes; -import javax.ws.rs.DefaultValue; -import javax.ws.rs.GET; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; - -import org.eclipse.microprofile.openapi.annotations.Operation; -import org.eclipse.microprofile.openapi.annotations.enums.SchemaType; -import org.eclipse.microprofile.openapi.annotations.media.Content; -import org.eclipse.microprofile.openapi.annotations.media.Schema; -import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; -import org.keycloak.models.GroupModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; -import org.keycloak.models.utils.ModelToRepresentation; -import org.keycloak.representations.idm.GroupRepresentation; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; -import org.keycloak.utils.StringUtil; - -public class GroupsResource { - private final KeycloakSession session; - private final RealmModel realm; - private final AdminPermissionEvaluator auth; - - public GroupsResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth) { - super(); - this.realm = realm; - this.auth = auth; - this.session = session; - } - - @GET - @Consumes({"application/json"}) - @Produces({"application/json"}) - @Operation( - summary = "List all groups with fine grained authorisation", - description = "This endpoint returns a list of groups with fine grained authorisation" - ) - @APIResponse( - responseCode = "200", - description = "", - content = {@Content( - schema = @Schema( - implementation = GroupRepresentation.class, - type = SchemaType.ARRAY - ) - )} - ) - public final Stream listGroups(@QueryParam("search") @DefaultValue("") final String search, @QueryParam("first") - @DefaultValue("0") int first, @QueryParam("max") @DefaultValue("10") int max, @QueryParam("global") @DefaultValue("true") boolean global, - @QueryParam("exact") @DefaultValue("false") boolean exact) { - this.auth.groups().requireList(); - final Stream stream; - if (!"".equals(search)) { - if (global) { - stream = session.groups().searchForGroupByNameStream(realm, search, exact, first, max); - } else { - stream = this.realm.getTopLevelGroupsStream().filter(g -> g.getName().contains(search)).skip(first).limit(max); - } - } else { - stream = this.realm.getTopLevelGroupsStream(first, max); - } - return stream.map(g -> toGroupHierarchy(g, search, exact)); - } - - private GroupRepresentation toGroupHierarchy(GroupModel group, final String search, boolean exact) { - GroupRepresentation rep = toRepresentation(group, true); - rep.setAccess(auth.groups().getAccess(group)); - rep.setSubGroups(group.getSubGroupsStream().filter(g -> - groupMatchesSearchOrIsPathElement( - g, search - ) - ).map(subGroup -> - ModelToRepresentation.toGroupHierarchy( - subGroup, true, search, exact - ) - ).collect(Collectors.toList())); - - return rep; - } - - private static boolean groupMatchesSearchOrIsPathElement(GroupModel group, String search) { - if (StringUtil.isBlank(search)) { - return true; - } - if (group.getName().contains(search)) { - return true; - } - return group.getSubGroupsStream().findAny().isPresent(); - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/GroupsResourceProvider.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/GroupsResourceProvider.java deleted file mode 100644 index d0947c7393..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/GroupsResourceProvider.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.keycloak.admin.ui.rest; - -import org.keycloak.Config; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.RealmModel; -import org.keycloak.services.resources.admin.AdminEventBuilder; -import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider; -import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; - -public final class GroupsResourceProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider { - public AdminRealmResourceProvider create(KeycloakSession session) { - return this; - } - - public void init(Config.Scope config) { - - } - - public void postInit(KeycloakSessionFactory factory) { - - } - - public void close() { - } - - public String getId() { - return "admin-ui-groups"; - } - - public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { - return new GroupsResource(session, realm, auth); - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/RoleMappingResource.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/RoleMappingResource.java deleted file mode 100644 index 939c105ab9..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/RoleMappingResource.java +++ /dev/null @@ -1,33 +0,0 @@ -package org.keycloak.admin.ui.rest; - -import static org.keycloak.admin.ui.rest.model.RoleMapper.convertToModel; - -import java.util.List; -import java.util.function.Predicate; -import java.util.stream.Collectors; -import java.util.stream.Stream; -import org.keycloak.admin.ui.rest.model.ClientRole; -import org.keycloak.models.RealmModel; -import org.keycloak.models.RoleContainerModel; -import org.keycloak.models.RoleModel; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; - -public abstract class RoleMappingResource { - private final RealmModel realm; - private final AdminPermissionEvaluator auth; - - public RoleMappingResource(RealmModel realm, AdminPermissionEvaluator auth) { - this.realm = realm; - this.auth = auth; - } - - public final Stream mapping(Predicate predicate) { - return realm.getClientsStream().flatMap(RoleContainerModel::getRolesStream).filter(predicate) - .filter(auth.roles()::canMapClientScope).map(roleModel -> convertToModel(roleModel, realm.getClientsStream())); - } - - public final List mapping(Predicate predicate, long first, long max, final String search) { - return mapping(predicate).filter(clientRole -> clientRole.getClient().contains(search) || clientRole.getRole().contains(search)) - .skip(first).limit(max).collect(Collectors.toList()); - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/Authentication.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/Authentication.java deleted file mode 100644 index 1154e3a00f..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/Authentication.java +++ /dev/null @@ -1,80 +0,0 @@ -package org.keycloak.admin.ui.rest.model; - -import java.util.Objects; -import org.eclipse.microprofile.openapi.annotations.media.Schema; - -public class Authentication { - - @Schema(required = true) - private String id; - - @Schema(required = true) - private String alias; - - @Schema(required = true) - private boolean builtIn; - - private UsedBy usedBy; - - private String description; - - public UsedBy getUsedBy() { - return usedBy; - } - - public void setUsedBy( UsedBy usedBy) { - this.usedBy = usedBy; - } - - public String getId() { - return id; - } - - public void setId(String id) { - this.id = id; - } - - public boolean isBuiltIn() { - return builtIn; - } - - public void setBuiltIn(boolean builtIn) { - this.builtIn = builtIn; - } - - public String getAlias() { - return alias; - } - - public void setAlias(String alias) { - this.alias = alias; - } - - public String getDescription() { - return description; - } - - public void setDescription(String description) { - this.description = description; - } - - @Override - public boolean equals(Object o) { - if (this == o) - return true; - if (o == null || getClass() != o.getClass()) - return false; - Authentication that = (Authentication) o; - return builtIn == that.builtIn && Objects.equals(usedBy, that.usedBy) && Objects.equals(id, that.id) && Objects.equals(alias, - that.alias) && Objects.equals(description, that.description); - } - - @Override - public int hashCode() { - return Objects.hash(usedBy, id, builtIn, alias, description); - } - - @Override public String toString() { - return "Authentication{" + "usedBy=" + usedBy + ", id='" + id + '\'' + ", buildIn=" + builtIn + ", alias='" + alias + '\'' + ", description='" + description + '\'' + '}'; - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/AuthenticationMapper.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/AuthenticationMapper.java deleted file mode 100644 index 25871befc8..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/AuthenticationMapper.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.keycloak.admin.ui.rest.model; - -import java.util.List; -import java.util.stream.Collectors; -import java.util.stream.Stream; -import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.ClientModel; -import org.keycloak.models.IdentityProviderModel; -import org.keycloak.models.RealmModel; - -public class AuthenticationMapper { - private static final int MAX_USED_BY = 9; - - public static Authentication convertToModel(AuthenticationFlowModel flow, RealmModel realm) { - - final Stream identityProviders = realm.getIdentityProvidersStream(); - final Stream clients = realm.getClientsStream(); - - final Authentication authentication = new Authentication(); - authentication.setId(flow.getId()); - authentication.setAlias(flow.getAlias()); - authentication.setBuiltIn(flow.isBuiltIn()); - authentication.setDescription(flow.getDescription()); - - final List usedByIdp = identityProviders.filter(idp -> idp.getFirstBrokerLoginFlowId().equals(flow.getId())) - .map(IdentityProviderModel::getAlias).limit(MAX_USED_BY).collect(Collectors.toList()); - if (!usedByIdp.isEmpty()) { - authentication.setUsedBy(new UsedBy(UsedBy.UsedByType.SPECIFIC_PROVIDERS, usedByIdp)); - } - - final List usedClients = clients.filter( - c -> c.getAuthenticationFlowBindingOverrides().get("browser") != null && c.getAuthenticationFlowBindingOverrides() - .get("browser").equals(flow.getId()) || c.getAuthenticationFlowBindingOverrides() - .get("direct_grant") != null && c.getAuthenticationFlowBindingOverrides().get("direct_grant").equals(flow.getId())) - .map(ClientModel::getClientId).limit(MAX_USED_BY).collect(Collectors.toList()); - - if (!usedClients.isEmpty()) { - authentication.setUsedBy(new UsedBy(UsedBy.UsedByType.SPECIFIC_CLIENTS, usedClients)); - } - - final List useAsDefault = Stream.of(realm.getBrowserFlow(), realm.getRegistrationFlow(), realm.getDirectGrantFlow(), - realm.getResetCredentialsFlow(), realm.getClientAuthenticationFlow(), realm.getDockerAuthenticationFlow()) - .filter(f -> flow.getAlias().equals(f.getAlias())).map(AuthenticationFlowModel::getAlias).collect(Collectors.toList()); - - if (!useAsDefault.isEmpty()) { - authentication.setUsedBy(new UsedBy(UsedBy.UsedByType.DEFAULT, useAsDefault)); - } - - return authentication; - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/BruteUser.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/BruteUser.java deleted file mode 100644 index abfe7d4a80..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/BruteUser.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.keycloak.admin.ui.rest.model; - -import java.util.Map; -import org.keycloak.representations.idm.UserRepresentation; - -public class BruteUser extends UserRepresentation { - - Map bruteForceStatus; - - public BruteUser(UserRepresentation user) { - this.id = user.getId(); - this.origin = user.getOrigin(); - this.createdTimestamp = user.getCreatedTimestamp(); - this.username = user.getUsername(); - this.enabled = user.isEnabled(); - this.totp = user.isTotp(); - this.emailVerified = user.isEmailVerified(); - this.firstName = user.getFirstName(); - this.lastName = user.getLastName(); - this.email = user.getEmail(); - this.federationLink = user.getFederationLink(); - this.serviceAccountClientId = user.getServiceAccountClientId(); - - this.attributes = user.getAttributes(); - this.credentials = user.getCredentials(); - this.disableableCredentialTypes = user.getDisableableCredentialTypes(); - this.requiredActions = user.getRequiredActions(); - this.federatedIdentities = user.getFederatedIdentities(); - this.realmRoles = user.getRealmRoles(); - this.clientRoles = user.getClientRoles(); - this.clientConsents = user.getClientConsents(); - this.notBefore = user.getNotBefore(); - - this.applicationRoles = user.getApplicationRoles(); - this.socialLinks = user.getSocialLinks(); - - this.groups = user.getGroups(); - this.setAccess(user.getAccess()); - } - - public Map getBruteForceStatus() { - return bruteForceStatus; - } - - public void setBruteForceStatus(Map bruteForceStatus) { - this.bruteForceStatus = bruteForceStatus; - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/ClientRole.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/ClientRole.java deleted file mode 100644 index 6cc655c345..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/ClientRole.java +++ /dev/null @@ -1,83 +0,0 @@ -package org.keycloak.admin.ui.rest.model; - -import java.util.Objects; -import org.eclipse.microprofile.openapi.annotations.media.Schema; - -public final class ClientRole { - @Schema(required = true) - private final String id; - @Schema(required = true) - private final String role; - @Schema(required = true) - private String client; - @Schema(required = true) - private String clientId; - private String description; - - public String getId() { - return this.id; - } - - public String getRole() { - return this.role; - } - - public String getClient() { - return this.client; - } - - public void setClient(String client) { - this.client = client; - } - - public String getClientId() { - return this.clientId; - } - - public void setClientId(String clientId) { - this.clientId = clientId; - } - - public String getDescription() { - return this.description; - } - - public void setDescription(String description) { - this.description = description; - } - - public ClientRole(String id, String role, String description) { - this.id = id; - this.role = role; - this.description = description; - } - - public ClientRole(String id, String role, String client, String clientId, String description) { - this.id = id; - this.role = role; - this.client = client; - this.clientId = clientId; - this.description = description; - } - - public ClientRole copy(String id, String role, String client, String clientId, String description) { - return new ClientRole(id, role, client, clientId, description); - } - - @Override public String toString() { - return "ClientRole{" + "id='" + id + '\'' + ", role='" + role + '\'' + ", client='" + client + '\'' + ", clientId='" + clientId + '\'' + ", description='" + description + '\'' + '}'; - } - - @Override public boolean equals(Object o) { - if (this == o) - return true; - if (o == null || getClass() != o.getClass()) - return false; - ClientRole that = (ClientRole) o; - return id.equals(that.id) && role.equals(that.role) && client.equals(that.client) && clientId.equals(that.clientId); - } - - @Override public int hashCode() { - return Objects.hash(id, role, client, clientId); - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/RoleMapper.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/RoleMapper.java deleted file mode 100644 index e72adf3460..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/RoleMapper.java +++ /dev/null @@ -1,17 +0,0 @@ -package org.keycloak.admin.ui.rest.model; - -import java.util.stream.Stream; -import org.keycloak.models.ClientModel; -import org.keycloak.models.RoleModel; - -public class RoleMapper { - - public static ClientRole convertToModel(RoleModel roleModel, Stream clients) { - ClientRole clientRole = new ClientRole(roleModel.getId(), roleModel.getName(), roleModel.getDescription()); - ClientModel clientModel = clients.filter(c -> roleModel.getContainerId().equals(c.getId())).findFirst() - .orElseThrow(() -> new IllegalArgumentException("Could not find referenced client")); - clientRole.setClientId(clientModel.getId()); - clientRole.setClient(clientModel.getClientId()); - return clientRole; - } -} diff --git a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/UsedBy.java b/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/UsedBy.java deleted file mode 100644 index 854894902d..0000000000 --- a/keycloak-theme/src/main/java/org/keycloak/admin/ui/rest/model/UsedBy.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.keycloak.admin.ui.rest.model; - -import java.util.List; -import java.util.Objects; - -public class UsedBy { - public UsedBy(UsedByType type, List values) { - this.type = type; - this.values = values; - } - - public enum UsedByType { - SPECIFIC_CLIENTS, SPECIFIC_PROVIDERS, DEFAULT - } - - private UsedByType type; - private List values; - - public UsedByType getType() { - return type; - } - - public void setType(UsedByType type) { - this.type = type; - } - - public List getValues() { - return values; - } - - public void setValues(List values) { - this.values = values; - } - - @Override - public boolean equals(Object o) { - if (this == o) - return true; - if (o == null || getClass() != o.getClass()) - return false; - UsedBy usedBy = (UsedBy) o; - return type == usedBy.type && Objects.equals(values, usedBy.values); - } - - @Override - public int hashCode() { - return Objects.hash(type, values); - } -} diff --git a/keycloak-theme/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory b/keycloak-theme/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory deleted file mode 100644 index 0f4c89524d..0000000000 --- a/keycloak-theme/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory +++ /dev/null @@ -1,22 +0,0 @@ -# -# Copyright 2022 Red Hat, Inc. and/or its affiliates -# and other contributors as indicated by the @author tags. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -org.keycloak.admin.ui.rest.AvailableRoleMappingProvider -org.keycloak.admin.ui.rest.EffectiveRoleMappingProvider -org.keycloak.admin.ui.rest.GroupsResourceProvider -org.keycloak.admin.ui.rest.AuthenticationManagementProvider -org.keycloak.admin.ui.rest.BruteForceUsersProvider \ No newline at end of file