Move Admin REST extension to main repository (#4231)
This commit is contained in:
parent
bf5d37a03c
commit
cf3a4346ef
24 changed files with 7 additions and 1346 deletions
|
@ -93,7 +93,7 @@ export default class ListingPage extends CommonElements {
|
||||||
|
|
||||||
searchItem(searchValue: string, wait = true) {
|
searchItem(searchValue: string, wait = true) {
|
||||||
if (wait) {
|
if (wait) {
|
||||||
const searchUrl = `/admin/realms/master/*${searchValue}*`;
|
const searchUrl = `/admin/realms/master/**/*${searchValue}*`;
|
||||||
cy.intercept(searchUrl).as("search");
|
cy.intercept(searchUrl).as("search");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -44,7 +44,7 @@ export default class GroupPage extends PageObject {
|
||||||
|
|
||||||
protected search(searchField: string, searchValue: string, wait: boolean) {
|
protected search(searchField: string, searchValue: string, wait: boolean) {
|
||||||
if (wait) {
|
if (wait) {
|
||||||
const searchUrl = `/admin/realms/master/*${searchValue}*`;
|
const searchUrl = `/admin/realms/master/**/*${searchValue}*`;
|
||||||
cy.intercept(searchUrl).as("search");
|
cy.intercept(searchUrl).as("search");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -72,7 +72,7 @@ export default function AuthenticationSection() {
|
||||||
const flowsRequest = await fetch(
|
const flowsRequest = await fetch(
|
||||||
`${addTrailingSlash(
|
`${addTrailingSlash(
|
||||||
adminClient.baseUrl
|
adminClient.baseUrl
|
||||||
)}admin/realms/${realm}/admin-ui-authentication-management/flows`,
|
)}admin/realms/${realm}/ui-ext/authentication-management/flows`,
|
||||||
{
|
{
|
||||||
method: "GET",
|
method: "GET",
|
||||||
headers: getAuthorizationHeaders(await adminClient.getAccessToken()),
|
headers: getAuthorizationHeaders(await adminClient.getAccessToken()),
|
||||||
|
|
|
@ -41,7 +41,7 @@ const fetchEndpoint = async ({
|
||||||
search,
|
search,
|
||||||
endpoint,
|
endpoint,
|
||||||
}: Query): Promise<any> =>
|
}: Query): Promise<any> =>
|
||||||
fetchAdminUI(adminClient, `/admin-ui-${endpoint}/${type}/${id}`, {
|
fetchAdminUI(adminClient, `/ui-ext/${endpoint}/${type}/${id}`, {
|
||||||
first: (first || 0).toString(),
|
first: (first || 0).toString(),
|
||||||
max: (max || 10).toString(),
|
max: (max || 10).toString(),
|
||||||
search: search || "",
|
search: search || "",
|
||||||
|
@ -81,7 +81,7 @@ export const findUsers = ({
|
||||||
}: UserQuery): Promise<BruteUser[]> =>
|
}: UserQuery): Promise<BruteUser[]> =>
|
||||||
fetchAdminUI(
|
fetchAdminUI(
|
||||||
adminClient,
|
adminClient,
|
||||||
"admin-ui-brute-force-user",
|
"ui-ext/brute-force-user",
|
||||||
query as Record<string, string>
|
query as Record<string, string>
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
@ -71,7 +71,7 @@ export const GroupTable = ({ refresh: viewRefresh }: GroupTableProps) => {
|
||||||
} else {
|
} else {
|
||||||
groupsData = await fetchAdminUI<GroupRepresentation[]>(
|
groupsData = await fetchAdminUI<GroupRepresentation[]>(
|
||||||
adminClient,
|
adminClient,
|
||||||
"admin-ui-groups",
|
"ui-ext/groups",
|
||||||
{
|
{
|
||||||
...params,
|
...params,
|
||||||
global: "false",
|
global: "false",
|
||||||
|
|
|
@ -153,7 +153,7 @@ export const GroupTree = ({ refresh: viewRefresh }: GroupTreeProps) => {
|
||||||
() =>
|
() =>
|
||||||
fetchAdminUI<GroupRepresentation[]>(
|
fetchAdminUI<GroupRepresentation[]>(
|
||||||
adminClient,
|
adminClient,
|
||||||
"admin-ui-groups",
|
"ui-ext/groups",
|
||||||
Object.assign(
|
Object.assign(
|
||||||
{
|
{
|
||||||
first: `${first}`,
|
first: `${first}`,
|
||||||
|
|
|
@ -1,33 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest;
|
|
||||||
|
|
||||||
import org.keycloak.Config;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.services.resources.admin.AdminEventBuilder;
|
|
||||||
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider;
|
|
||||||
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory;
|
|
||||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
|
|
||||||
|
|
||||||
public final class AuthenticationManagementProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider {
|
|
||||||
public AdminRealmResourceProvider create(KeycloakSession session) {
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void init(Config.Scope config) {
|
|
||||||
}
|
|
||||||
|
|
||||||
public void postInit(KeycloakSessionFactory factory) {
|
|
||||||
}
|
|
||||||
|
|
||||||
public void close() {
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getId() {
|
|
||||||
return "admin-ui-authentication-management";
|
|
||||||
}
|
|
||||||
|
|
||||||
public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
|
||||||
return new AuthenticationManagementResource(session, realm, auth);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,115 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest;
|
|
||||||
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Objects;
|
|
||||||
import java.util.stream.Collectors;
|
|
||||||
import java.util.stream.Stream;
|
|
||||||
import javax.ws.rs.Consumes;
|
|
||||||
import javax.ws.rs.DefaultValue;
|
|
||||||
import javax.ws.rs.GET;
|
|
||||||
import javax.ws.rs.Path;
|
|
||||||
import javax.ws.rs.PathParam;
|
|
||||||
import javax.ws.rs.Produces;
|
|
||||||
import javax.ws.rs.QueryParam;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.Operation;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.media.Content;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.media.Schema;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
|
||||||
import org.keycloak.admin.ui.rest.model.Authentication;
|
|
||||||
import org.keycloak.admin.ui.rest.model.AuthenticationMapper;
|
|
||||||
import org.keycloak.models.AuthenticationFlowModel;
|
|
||||||
import org.keycloak.models.ClientModel;
|
|
||||||
import org.keycloak.models.IdentityProviderModel;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.models.utils.DefaultAuthenticationFlows;
|
|
||||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
|
|
||||||
|
|
||||||
|
|
||||||
public class AuthenticationManagementResource extends RoleMappingResource {
|
|
||||||
private final KeycloakSession session;
|
|
||||||
|
|
||||||
private RealmModel realm;
|
|
||||||
private AdminPermissionEvaluator auth;
|
|
||||||
|
|
||||||
public AuthenticationManagementResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth) {
|
|
||||||
super(realm, auth);
|
|
||||||
this.realm = realm;
|
|
||||||
this.auth = auth;
|
|
||||||
this.session = session;
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Path("/flows")
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "List all authentication flows for this realm",
|
|
||||||
description = "This endpoint returns all the authentication flows and lists if there they are used."
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = Authentication.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final List<Authentication> listIdentityProviders() {
|
|
||||||
auth.realm().requireViewAuthenticationFlows();
|
|
||||||
|
|
||||||
return realm.getAuthenticationFlowsStream()
|
|
||||||
.filter(flow -> flow.isTopLevel() && !Objects.equals(flow.getAlias(), DefaultAuthenticationFlows.SAML_ECP_FLOW))
|
|
||||||
.map(flow -> AuthenticationMapper.convertToModel(flow, realm))
|
|
||||||
.collect(Collectors.toList());
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Path("/{type}/{id}")
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "List all clients or identity providers that this flow is used by",
|
|
||||||
description = "List all the clients or identity providers this flow is used by as a paginated list"
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = String.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final List<String> listUsed(@PathParam("id") String id, @PathParam("type") String type, @QueryParam("first") @DefaultValue("0") long first,
|
|
||||||
@QueryParam("max") @DefaultValue("10") long max, @QueryParam("search") @DefaultValue("") String search) {
|
|
||||||
auth.realm().requireViewAuthenticationFlows();
|
|
||||||
|
|
||||||
final AuthenticationFlowModel flow = realm.getAuthenticationFlowsStream().filter(f -> id.equals(f.getId())).collect(Collectors.toList()).get(0);
|
|
||||||
|
|
||||||
if ("clients".equals(type)) {
|
|
||||||
final Stream<ClientModel> clients = realm.getClientsStream();
|
|
||||||
return clients.filter(
|
|
||||||
c -> c.getAuthenticationFlowBindingOverrides().get("browser") != null && c.getAuthenticationFlowBindingOverrides()
|
|
||||||
.get("browser").equals(flow.getId()) || c.getAuthenticationFlowBindingOverrides()
|
|
||||||
.get("direct_grant") != null && c.getAuthenticationFlowBindingOverrides().get("direct_grant").equals(flow.getId()))
|
|
||||||
.map(ClientModel::getClientId).filter(f -> f.contains(search))
|
|
||||||
.skip("".equals(search) ? first : 0).limit(max).collect(Collectors.toList());
|
|
||||||
}
|
|
||||||
|
|
||||||
if ("idp".equals(type)) {
|
|
||||||
final Stream<IdentityProviderModel> identityProviders = realm.getIdentityProvidersStream();
|
|
||||||
return identityProviders.filter(idp -> idp.getFirstBrokerLoginFlowId().equals(flow.getId()))
|
|
||||||
.map(IdentityProviderModel::getAlias).filter(f -> f.contains(search))
|
|
||||||
.skip("".equals(search) ? first : 0).limit(max).collect(Collectors.toList());
|
|
||||||
}
|
|
||||||
|
|
||||||
throw new IllegalArgumentException("Invalid type");
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,35 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest;
|
|
||||||
|
|
||||||
import org.keycloak.Config;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.services.resources.admin.AdminEventBuilder;
|
|
||||||
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider;
|
|
||||||
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory;
|
|
||||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
|
|
||||||
|
|
||||||
public final class AvailableRoleMappingProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider {
|
|
||||||
public AdminRealmResourceProvider create(KeycloakSession session) {
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void init(Config.Scope config) {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
public void postInit(KeycloakSessionFactory factory) {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
public void close() {
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getId() {
|
|
||||||
return "admin-ui-available-roles";
|
|
||||||
}
|
|
||||||
|
|
||||||
public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
|
||||||
return new AvailableRoleMappingResource(session, realm, auth);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,183 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest;
|
|
||||||
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Objects;
|
|
||||||
import java.util.function.Predicate;
|
|
||||||
import javax.ws.rs.Consumes;
|
|
||||||
import javax.ws.rs.DefaultValue;
|
|
||||||
import javax.ws.rs.ForbiddenException;
|
|
||||||
import javax.ws.rs.GET;
|
|
||||||
import javax.ws.rs.NotFoundException;
|
|
||||||
import javax.ws.rs.Path;
|
|
||||||
import javax.ws.rs.PathParam;
|
|
||||||
import javax.ws.rs.Produces;
|
|
||||||
import javax.ws.rs.QueryParam;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.Operation;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.media.Content;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.media.Schema;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
|
||||||
import org.keycloak.admin.ui.rest.model.ClientRole;
|
|
||||||
import org.keycloak.models.ClientModel;
|
|
||||||
import org.keycloak.models.ClientScopeModel;
|
|
||||||
import org.keycloak.models.GroupModel;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.models.RoleModel;
|
|
||||||
import org.keycloak.models.UserModel;
|
|
||||||
import org.keycloak.models.UserProvider;
|
|
||||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
|
|
||||||
|
|
||||||
public class AvailableRoleMappingResource extends RoleMappingResource {
|
|
||||||
private final KeycloakSession session;
|
|
||||||
private final RealmModel realm;
|
|
||||||
private final AdminPermissionEvaluator auth;
|
|
||||||
|
|
||||||
public AvailableRoleMappingResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth) {
|
|
||||||
super(realm, auth);
|
|
||||||
this.realm = realm;
|
|
||||||
this.auth = auth;
|
|
||||||
this.session = session;
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Path("/clientScopes/{id}")
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "List all composite client roles for this client scope",
|
|
||||||
description = "This endpoint returns all the client role mapping for a specific client scope"
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = ClientRole.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final List<ClientRole> listCompositeClientScopeRoleMappings(@PathParam("id") String id, @QueryParam("first")
|
|
||||||
@DefaultValue("0") long first, @QueryParam("max") @DefaultValue("10") long max, @QueryParam("search") @DefaultValue("") String search) {
|
|
||||||
ClientScopeModel scopeModel = this.realm.getClientScopeById(id);
|
|
||||||
if (scopeModel == null) {
|
|
||||||
throw new NotFoundException("Could not find client scope");
|
|
||||||
} else {
|
|
||||||
this.auth.clients().requireView(scopeModel);
|
|
||||||
return this.mapping(((Predicate<RoleModel>) scopeModel::hasDirectScope).negate(), first, max, search);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Path("/clients/{id}")
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "List all composite client roles for this client",
|
|
||||||
description = "This endpoint returns all the client role mapping for a specific client"
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = ClientRole.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final List<ClientRole> listCompositeClientRoleMappings(@PathParam("id") String id, @QueryParam("first")
|
|
||||||
@DefaultValue("0") long first, @QueryParam("max") @DefaultValue("10") long max, @QueryParam("search") @DefaultValue("") String search) {
|
|
||||||
ClientModel client = this.realm.getClientById(id);
|
|
||||||
if (client == null) {
|
|
||||||
throw new NotFoundException("Could not find client");
|
|
||||||
} else {
|
|
||||||
this.auth.clients().requireView(client);
|
|
||||||
return this.mapping(((Predicate<RoleModel>) client::hasDirectScope).negate(), first, max, search);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Path("/groups/{id}")
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "List all composite client roles for this group",
|
|
||||||
description = "This endpoint returns all the client role mapping for a specific group"
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = ClientRole.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final List<ClientRole> listCompositeGroupRoleMappings(@PathParam("id") String id, @QueryParam("first")
|
|
||||||
@DefaultValue("0") long first, @QueryParam("max") @DefaultValue("10") long max, @QueryParam("search") @DefaultValue("") String search) {
|
|
||||||
GroupModel group = this.realm.getGroupById(id);
|
|
||||||
if (group == null) {
|
|
||||||
throw new NotFoundException("Could not find group");
|
|
||||||
} else {
|
|
||||||
this.auth.groups().requireView(group);
|
|
||||||
return this.mapping(((Predicate<RoleModel>) group::hasDirectRole).negate(), first, max, search);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Path("/users/{id}")
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "List all composite client roles for this user",
|
|
||||||
description = "This endpoint returns all the client role mapping for a specific user"
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = ClientRole.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final List<ClientRole> listCompositeUserRoleMappings(@PathParam("id") String id, @QueryParam("first") @DefaultValue("0") long first,
|
|
||||||
@QueryParam("max") @DefaultValue("10") long max, @QueryParam("search") @DefaultValue("") String search) {
|
|
||||||
UserProvider users = Objects.requireNonNull(session).users();
|
|
||||||
UserModel userModel = users.getUserById(this.realm, id);
|
|
||||||
if (userModel == null) {
|
|
||||||
if (auth.users().canQuery()) throw new NotFoundException("User not found");
|
|
||||||
else throw new ForbiddenException();
|
|
||||||
}
|
|
||||||
|
|
||||||
this.auth.users().requireView(userModel);
|
|
||||||
return this.mapping(((Predicate<RoleModel>) userModel::hasDirectRole).negate(), first, max, search);
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Path("/roles/{id}")
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "List all composite client roles",
|
|
||||||
description = "This endpoint returns all the client role"
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = ClientRole.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final List<ClientRole> listCompositeRoleMappings(@QueryParam("first") @DefaultValue("0") long first,
|
|
||||||
@QueryParam("max") @DefaultValue("10") long max, @QueryParam("search") @DefaultValue("") String search) {
|
|
||||||
return this.mapping(o -> true, first, max, search);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,35 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest;
|
|
||||||
|
|
||||||
import org.keycloak.Config;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.services.resources.admin.AdminEventBuilder;
|
|
||||||
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider;
|
|
||||||
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory;
|
|
||||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
|
|
||||||
|
|
||||||
public final class BruteForceUsersProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider {
|
|
||||||
public AdminRealmResourceProvider create(KeycloakSession session) {
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void init(Config.Scope config) {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
public void postInit(KeycloakSessionFactory factory) {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
public void close() {
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getId() {
|
|
||||||
return "admin-ui-brute-force-user";
|
|
||||||
}
|
|
||||||
|
|
||||||
public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
|
||||||
return new BruteForceUsersResource(session, realm, auth);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,218 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest;
|
|
||||||
|
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Set;
|
|
||||||
import java.util.stream.Stream;
|
|
||||||
import javax.ws.rs.Consumes;
|
|
||||||
import javax.ws.rs.DefaultValue;
|
|
||||||
import javax.ws.rs.GET;
|
|
||||||
import javax.ws.rs.Path;
|
|
||||||
import javax.ws.rs.Produces;
|
|
||||||
import javax.ws.rs.QueryParam;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.Operation;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.media.Content;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.media.Schema;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.keycloak.admin.ui.rest.model.BruteUser;
|
|
||||||
import org.keycloak.common.util.Time;
|
|
||||||
import org.keycloak.models.Constants;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.models.UserLoginFailureModel;
|
|
||||||
import org.keycloak.models.UserModel;
|
|
||||||
import org.keycloak.models.utils.ModelToRepresentation;
|
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
|
||||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
|
|
||||||
import org.keycloak.services.resources.admin.permissions.UserPermissionEvaluator;
|
|
||||||
import org.keycloak.utils.SearchQueryUtils;
|
|
||||||
|
|
||||||
public class BruteForceUsersResource {
|
|
||||||
private static final Logger logger = Logger.getLogger(BruteForceUsersResource.class);
|
|
||||||
private static final String SEARCH_ID_PARAMETER = "id:";
|
|
||||||
private final KeycloakSession session;
|
|
||||||
private final RealmModel realm;
|
|
||||||
private final AdminPermissionEvaluator auth;
|
|
||||||
|
|
||||||
public BruteForceUsersResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth) {
|
|
||||||
this.realm = realm;
|
|
||||||
this.auth = auth;
|
|
||||||
this.session = session;
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "Find all users and add if they are locked by brute force protection",
|
|
||||||
description = "Same endpoint as the users search but added brute force protection status."
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = BruteUser.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final Stream<BruteUser> searchUser(@QueryParam("search") String search,
|
|
||||||
@QueryParam("lastName") String last,
|
|
||||||
@QueryParam("firstName") String first,
|
|
||||||
@QueryParam("email") String email,
|
|
||||||
@QueryParam("username") String username,
|
|
||||||
@QueryParam("emailVerified") Boolean emailVerified,
|
|
||||||
@QueryParam("idpAlias") String idpAlias,
|
|
||||||
@QueryParam("idpUserId") String idpUserId,
|
|
||||||
@QueryParam("first") @DefaultValue("-1") Integer firstResult,
|
|
||||||
@QueryParam("max") @DefaultValue("" + Constants.DEFAULT_MAX_RESULTS) Integer maxResults,
|
|
||||||
@QueryParam("enabled") Boolean enabled,
|
|
||||||
@QueryParam("briefRepresentation") Boolean briefRepresentation,
|
|
||||||
@QueryParam("exact") Boolean exact,
|
|
||||||
@QueryParam("q") String searchQuery) {
|
|
||||||
final UserPermissionEvaluator userPermissionEvaluator = auth.users();
|
|
||||||
userPermissionEvaluator.requireQuery();
|
|
||||||
|
|
||||||
Map<String, String> searchAttributes = searchQuery == null
|
|
||||||
? Collections.emptyMap()
|
|
||||||
: SearchQueryUtils.getFields(searchQuery);
|
|
||||||
|
|
||||||
Stream<UserModel> userModels = Stream.empty();
|
|
||||||
if (search != null) {
|
|
||||||
if (search.startsWith(SEARCH_ID_PARAMETER)) {
|
|
||||||
UserModel userModel =
|
|
||||||
session.users().getUserById(realm, search.substring(SEARCH_ID_PARAMETER.length()).trim());
|
|
||||||
if (userModel != null) {
|
|
||||||
userModels = Stream.of(userModel);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
Map<String, String> attributes = new HashMap<>();
|
|
||||||
attributes.put(UserModel.SEARCH, search.trim());
|
|
||||||
if (enabled != null) {
|
|
||||||
attributes.put(UserModel.ENABLED, enabled.toString());
|
|
||||||
}
|
|
||||||
return searchForUser(attributes, realm, userPermissionEvaluator, briefRepresentation, firstResult,
|
|
||||||
maxResults, false);
|
|
||||||
}
|
|
||||||
} else if (last != null || first != null || email != null || username != null || emailVerified != null
|
|
||||||
|| idpAlias != null || idpUserId != null || enabled != null || exact != null || !searchAttributes.isEmpty()) {
|
|
||||||
Map<String, String> attributes = new HashMap<>();
|
|
||||||
if (last != null) {
|
|
||||||
attributes.put(UserModel.LAST_NAME, last);
|
|
||||||
}
|
|
||||||
if (first != null) {
|
|
||||||
attributes.put(UserModel.FIRST_NAME, first);
|
|
||||||
}
|
|
||||||
if (email != null) {
|
|
||||||
attributes.put(UserModel.EMAIL, email);
|
|
||||||
}
|
|
||||||
if (username != null) {
|
|
||||||
attributes.put(UserModel.USERNAME, username);
|
|
||||||
}
|
|
||||||
if (emailVerified != null) {
|
|
||||||
attributes.put(UserModel.EMAIL_VERIFIED, emailVerified.toString());
|
|
||||||
}
|
|
||||||
if (idpAlias != null) {
|
|
||||||
attributes.put(UserModel.IDP_ALIAS, idpAlias);
|
|
||||||
}
|
|
||||||
if (idpUserId != null) {
|
|
||||||
attributes.put(UserModel.IDP_USER_ID, idpUserId);
|
|
||||||
}
|
|
||||||
if (enabled != null) {
|
|
||||||
attributes.put(UserModel.ENABLED, enabled.toString());
|
|
||||||
}
|
|
||||||
if (exact != null) {
|
|
||||||
attributes.put(UserModel.EXACT, exact.toString());
|
|
||||||
}
|
|
||||||
|
|
||||||
attributes.putAll(searchAttributes);
|
|
||||||
|
|
||||||
return searchForUser(attributes, realm, userPermissionEvaluator, briefRepresentation, firstResult,
|
|
||||||
maxResults, true);
|
|
||||||
} else {
|
|
||||||
return searchForUser(new HashMap<>(), realm, userPermissionEvaluator, briefRepresentation,
|
|
||||||
firstResult, maxResults, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
return toRepresentation(realm, userPermissionEvaluator, briefRepresentation, userModels);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
private Stream<BruteUser> searchForUser(Map<String, String> attributes, RealmModel realm, UserPermissionEvaluator usersEvaluator, Boolean briefRepresentation, Integer firstResult, Integer maxResults, Boolean includeServiceAccounts) {
|
|
||||||
session.setAttribute(UserModel.INCLUDE_SERVICE_ACCOUNT, includeServiceAccounts);
|
|
||||||
|
|
||||||
if (!auth.users().canView()) {
|
|
||||||
Set<String> groupModels = auth.groups().getGroupsWithViewPermission();
|
|
||||||
|
|
||||||
if (!groupModels.isEmpty()) {
|
|
||||||
session.setAttribute(UserModel.GROUPS, groupModels);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Stream<UserModel> userModels = session.users().searchForUserStream(realm, attributes, firstResult, maxResults);
|
|
||||||
return toRepresentation(realm, usersEvaluator, briefRepresentation, userModels);
|
|
||||||
}
|
|
||||||
|
|
||||||
private Stream<BruteUser> toRepresentation(RealmModel realm, UserPermissionEvaluator usersEvaluator,
|
|
||||||
Boolean briefRepresentation, Stream<UserModel> userModels) {
|
|
||||||
boolean briefRepresentationB = briefRepresentation != null && briefRepresentation;
|
|
||||||
boolean canViewGlobal = usersEvaluator.canView();
|
|
||||||
|
|
||||||
usersEvaluator.grantIfNoPermission(session.getAttribute(UserModel.GROUPS) != null);
|
|
||||||
return userModels.filter(user -> canViewGlobal || usersEvaluator.canView(user)).map(user -> {
|
|
||||||
UserRepresentation userRep = briefRepresentationB ?
|
|
||||||
ModelToRepresentation.toBriefRepresentation(user) :
|
|
||||||
ModelToRepresentation.toRepresentation(session, realm, user);
|
|
||||||
userRep.setAccess(usersEvaluator.getAccess(user));
|
|
||||||
return userRep;
|
|
||||||
}).map(this::getBruteForceStatus);
|
|
||||||
}
|
|
||||||
|
|
||||||
private BruteUser getBruteForceStatus(UserRepresentation user) {
|
|
||||||
BruteUser bruteUser = new BruteUser(user);
|
|
||||||
Map<String, Object> data = new HashMap<>();
|
|
||||||
data.put("disabled", false);
|
|
||||||
data.put("numFailures", 0);
|
|
||||||
data.put("lastFailure", 0);
|
|
||||||
data.put("lastIPFailure", "n/a");
|
|
||||||
if (!realm.isBruteForceProtected())
|
|
||||||
bruteUser.setBruteForceStatus(data);
|
|
||||||
|
|
||||||
UserLoginFailureModel model = session.loginFailures().getUserLoginFailure(realm, user.getId());
|
|
||||||
if (model == null) {
|
|
||||||
bruteUser.setBruteForceStatus(data);
|
|
||||||
return bruteUser;
|
|
||||||
}
|
|
||||||
|
|
||||||
boolean disabled;
|
|
||||||
disabled = isTemporarilyDisabled(session, realm, user);
|
|
||||||
if (disabled) {
|
|
||||||
data.put("disabled", true);
|
|
||||||
}
|
|
||||||
|
|
||||||
data.put("numFailures", model.getNumFailures());
|
|
||||||
data.put("lastFailure", model.getLastFailure());
|
|
||||||
data.put("lastIPFailure", model.getLastIPFailure());
|
|
||||||
bruteUser.setBruteForceStatus(data);
|
|
||||||
|
|
||||||
return bruteUser;
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean isTemporarilyDisabled(KeycloakSession session, RealmModel realm, UserRepresentation user) {
|
|
||||||
UserLoginFailureModel failure = session.loginFailures().getUserLoginFailure(realm, user.getId());
|
|
||||||
if (failure != null) {
|
|
||||||
int currTime = (int)(Time.currentTimeMillis() / 1000L);
|
|
||||||
int failedLoginNotBefore = failure.getFailedLoginNotBefore();
|
|
||||||
if (currTime < failedLoginNotBefore) {
|
|
||||||
logger.debugv("Current: {0} notBefore: {1}", currTime, failedLoginNotBefore);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,35 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest;
|
|
||||||
|
|
||||||
import org.keycloak.Config;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.services.resources.admin.AdminEventBuilder;
|
|
||||||
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider;
|
|
||||||
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory;
|
|
||||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
|
|
||||||
|
|
||||||
public final class EffectiveRoleMappingProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider {
|
|
||||||
public AdminRealmResourceProvider create(KeycloakSession session) {
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void init(Config.Scope config) {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
public void postInit(KeycloakSessionFactory factory) {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
public void close() {
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getId() {
|
|
||||||
return "admin-ui-effective-roles";
|
|
||||||
}
|
|
||||||
|
|
||||||
public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
|
||||||
return new EffectiveRoleMappingResource(session, realm, auth);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,170 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest;
|
|
||||||
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.stream.Collectors;
|
|
||||||
import javax.ws.rs.Consumes;
|
|
||||||
import javax.ws.rs.ForbiddenException;
|
|
||||||
import javax.ws.rs.GET;
|
|
||||||
import javax.ws.rs.NotFoundException;
|
|
||||||
import javax.ws.rs.Path;
|
|
||||||
import javax.ws.rs.PathParam;
|
|
||||||
import javax.ws.rs.Produces;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.Operation;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.media.Content;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.media.Schema;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
|
||||||
import org.keycloak.admin.ui.rest.model.ClientRole;
|
|
||||||
import org.keycloak.models.ClientModel;
|
|
||||||
import org.keycloak.models.ClientScopeModel;
|
|
||||||
import org.keycloak.models.GroupModel;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.models.UserModel;
|
|
||||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
|
|
||||||
|
|
||||||
public class EffectiveRoleMappingResource extends RoleMappingResource {
|
|
||||||
private KeycloakSession session;
|
|
||||||
private RealmModel realm;
|
|
||||||
private AdminPermissionEvaluator auth;
|
|
||||||
|
|
||||||
public EffectiveRoleMappingResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth) {
|
|
||||||
super(realm, auth);
|
|
||||||
this.realm = realm;
|
|
||||||
this.auth = auth;
|
|
||||||
this.session = session;
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Path("/clientScopes/{id}")
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "List all effective roles for this client scope",
|
|
||||||
description = "This endpoint returns all the client role mapping for a specific client scope"
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = ClientRole.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final List<ClientRole> listCompositeClientScopeRoleMappings(@PathParam("id") String id) {
|
|
||||||
ClientScopeModel clientScope = this.realm.getClientScopeById(id);
|
|
||||||
if (clientScope == null) {
|
|
||||||
throw new NotFoundException("Could not find client scope");
|
|
||||||
}
|
|
||||||
|
|
||||||
this.auth.clients().requireView(clientScope);
|
|
||||||
return this.mapping(clientScope::hasScope).collect(Collectors.toList());
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Path("/clients/{id}")
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "List all effective roles for this client",
|
|
||||||
description = "This endpoint returns all the client role mapping for a specific client"
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = ClientRole.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final List<ClientRole> listCompositeClientsRoleMappings(@PathParam("id") String id) {
|
|
||||||
ClientModel client = this.realm.getClientById(id);
|
|
||||||
if (client == null) {
|
|
||||||
throw new NotFoundException("Could not find client");
|
|
||||||
}
|
|
||||||
auth.clients().requireView(client);
|
|
||||||
return mapping(client::hasScope).collect(Collectors.toList());
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Path("/groups/{id}")
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "List all effective roles for this group",
|
|
||||||
description = "This endpoint returns all the client role mapping for a specific group"
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = ClientRole.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final List<ClientRole> listCompositeGroupsRoleMappings(@PathParam("id") String id) {
|
|
||||||
GroupModel group = this.realm.getGroupById(id);
|
|
||||||
if (group == null) {
|
|
||||||
throw new NotFoundException("Could not find group");
|
|
||||||
}
|
|
||||||
|
|
||||||
return mapping(group::hasRole).collect(Collectors.toList());
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Path("/users/{id}")
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "List all effective roles for this users",
|
|
||||||
description = "This endpoint returns all the client role mapping for a specific users"
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = ClientRole.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final List<ClientRole> listCompositeUsersRoleMappings(@PathParam("id") String id) {
|
|
||||||
UserModel user = session.users().getUserById(this.realm, id);
|
|
||||||
if (user == null) {
|
|
||||||
if (auth.users().canQuery()) throw new NotFoundException("User not found");
|
|
||||||
else throw new ForbiddenException();
|
|
||||||
}
|
|
||||||
|
|
||||||
return mapping(user::hasRole).collect(Collectors.toList());
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Path("/roles/{id}")
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "List all effective roles for this realm role",
|
|
||||||
description = "This endpoint returns all the client role mapping for a specific realm role"
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = ClientRole.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final List<ClientRole> listCompositeRealmRoleMappings() {
|
|
||||||
return mapping(o -> true).collect(Collectors.toList());
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,97 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest;
|
|
||||||
|
|
||||||
import static org.keycloak.models.utils.ModelToRepresentation.toRepresentation;
|
|
||||||
|
|
||||||
import java.util.stream.Collectors;
|
|
||||||
import java.util.stream.Stream;
|
|
||||||
import javax.ws.rs.Consumes;
|
|
||||||
import javax.ws.rs.DefaultValue;
|
|
||||||
import javax.ws.rs.GET;
|
|
||||||
import javax.ws.rs.Produces;
|
|
||||||
import javax.ws.rs.QueryParam;
|
|
||||||
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.Operation;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.media.Content;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.media.Schema;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
|
|
||||||
import org.keycloak.models.GroupModel;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.models.utils.ModelToRepresentation;
|
|
||||||
import org.keycloak.representations.idm.GroupRepresentation;
|
|
||||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
|
|
||||||
import org.keycloak.utils.StringUtil;
|
|
||||||
|
|
||||||
public class GroupsResource {
|
|
||||||
private final KeycloakSession session;
|
|
||||||
private final RealmModel realm;
|
|
||||||
private final AdminPermissionEvaluator auth;
|
|
||||||
|
|
||||||
public GroupsResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth) {
|
|
||||||
super();
|
|
||||||
this.realm = realm;
|
|
||||||
this.auth = auth;
|
|
||||||
this.session = session;
|
|
||||||
}
|
|
||||||
|
|
||||||
@GET
|
|
||||||
@Consumes({"application/json"})
|
|
||||||
@Produces({"application/json"})
|
|
||||||
@Operation(
|
|
||||||
summary = "List all groups with fine grained authorisation",
|
|
||||||
description = "This endpoint returns a list of groups with fine grained authorisation"
|
|
||||||
)
|
|
||||||
@APIResponse(
|
|
||||||
responseCode = "200",
|
|
||||||
description = "",
|
|
||||||
content = {@Content(
|
|
||||||
schema = @Schema(
|
|
||||||
implementation = GroupRepresentation.class,
|
|
||||||
type = SchemaType.ARRAY
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
)
|
|
||||||
public final Stream<GroupRepresentation> listGroups(@QueryParam("search") @DefaultValue("") final String search, @QueryParam("first")
|
|
||||||
@DefaultValue("0") int first, @QueryParam("max") @DefaultValue("10") int max, @QueryParam("global") @DefaultValue("true") boolean global,
|
|
||||||
@QueryParam("exact") @DefaultValue("false") boolean exact) {
|
|
||||||
this.auth.groups().requireList();
|
|
||||||
final Stream<GroupModel> stream;
|
|
||||||
if (!"".equals(search)) {
|
|
||||||
if (global) {
|
|
||||||
stream = session.groups().searchForGroupByNameStream(realm, search, exact, first, max);
|
|
||||||
} else {
|
|
||||||
stream = this.realm.getTopLevelGroupsStream().filter(g -> g.getName().contains(search)).skip(first).limit(max);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
stream = this.realm.getTopLevelGroupsStream(first, max);
|
|
||||||
}
|
|
||||||
return stream.map(g -> toGroupHierarchy(g, search, exact));
|
|
||||||
}
|
|
||||||
|
|
||||||
private GroupRepresentation toGroupHierarchy(GroupModel group, final String search, boolean exact) {
|
|
||||||
GroupRepresentation rep = toRepresentation(group, true);
|
|
||||||
rep.setAccess(auth.groups().getAccess(group));
|
|
||||||
rep.setSubGroups(group.getSubGroupsStream().filter(g ->
|
|
||||||
groupMatchesSearchOrIsPathElement(
|
|
||||||
g, search
|
|
||||||
)
|
|
||||||
).map(subGroup ->
|
|
||||||
ModelToRepresentation.toGroupHierarchy(
|
|
||||||
subGroup, true, search, exact
|
|
||||||
)
|
|
||||||
).collect(Collectors.toList()));
|
|
||||||
|
|
||||||
return rep;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static boolean groupMatchesSearchOrIsPathElement(GroupModel group, String search) {
|
|
||||||
if (StringUtil.isBlank(search)) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
if (group.getName().contains(search)) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return group.getSubGroupsStream().findAny().isPresent();
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,35 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest;
|
|
||||||
|
|
||||||
import org.keycloak.Config;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.services.resources.admin.AdminEventBuilder;
|
|
||||||
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider;
|
|
||||||
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory;
|
|
||||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
|
|
||||||
|
|
||||||
public final class GroupsResourceProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider {
|
|
||||||
public AdminRealmResourceProvider create(KeycloakSession session) {
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void init(Config.Scope config) {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
public void postInit(KeycloakSessionFactory factory) {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
public void close() {
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getId() {
|
|
||||||
return "admin-ui-groups";
|
|
||||||
}
|
|
||||||
|
|
||||||
public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
|
|
||||||
return new GroupsResource(session, realm, auth);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,33 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest;
|
|
||||||
|
|
||||||
import static org.keycloak.admin.ui.rest.model.RoleMapper.convertToModel;
|
|
||||||
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.function.Predicate;
|
|
||||||
import java.util.stream.Collectors;
|
|
||||||
import java.util.stream.Stream;
|
|
||||||
import org.keycloak.admin.ui.rest.model.ClientRole;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
import org.keycloak.models.RoleContainerModel;
|
|
||||||
import org.keycloak.models.RoleModel;
|
|
||||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
|
|
||||||
|
|
||||||
public abstract class RoleMappingResource {
|
|
||||||
private final RealmModel realm;
|
|
||||||
private final AdminPermissionEvaluator auth;
|
|
||||||
|
|
||||||
public RoleMappingResource(RealmModel realm, AdminPermissionEvaluator auth) {
|
|
||||||
this.realm = realm;
|
|
||||||
this.auth = auth;
|
|
||||||
}
|
|
||||||
|
|
||||||
public final Stream<ClientRole> mapping(Predicate<RoleModel> predicate) {
|
|
||||||
return realm.getClientsStream().flatMap(RoleContainerModel::getRolesStream).filter(predicate)
|
|
||||||
.filter(auth.roles()::canMapClientScope).map(roleModel -> convertToModel(roleModel, realm.getClientsStream()));
|
|
||||||
}
|
|
||||||
|
|
||||||
public final List<ClientRole> mapping(Predicate<RoleModel> predicate, long first, long max, final String search) {
|
|
||||||
return mapping(predicate).filter(clientRole -> clientRole.getClient().contains(search) || clientRole.getRole().contains(search))
|
|
||||||
.skip(first).limit(max).collect(Collectors.toList());
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,80 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest.model;
|
|
||||||
|
|
||||||
import java.util.Objects;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.media.Schema;
|
|
||||||
|
|
||||||
public class Authentication {
|
|
||||||
|
|
||||||
@Schema(required = true)
|
|
||||||
private String id;
|
|
||||||
|
|
||||||
@Schema(required = true)
|
|
||||||
private String alias;
|
|
||||||
|
|
||||||
@Schema(required = true)
|
|
||||||
private boolean builtIn;
|
|
||||||
|
|
||||||
private UsedBy usedBy;
|
|
||||||
|
|
||||||
private String description;
|
|
||||||
|
|
||||||
public UsedBy getUsedBy() {
|
|
||||||
return usedBy;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setUsedBy( UsedBy usedBy) {
|
|
||||||
this.usedBy = usedBy;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getId() {
|
|
||||||
return id;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setId(String id) {
|
|
||||||
this.id = id;
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean isBuiltIn() {
|
|
||||||
return builtIn;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setBuiltIn(boolean builtIn) {
|
|
||||||
this.builtIn = builtIn;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getAlias() {
|
|
||||||
return alias;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setAlias(String alias) {
|
|
||||||
this.alias = alias;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getDescription() {
|
|
||||||
return description;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setDescription(String description) {
|
|
||||||
this.description = description;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean equals(Object o) {
|
|
||||||
if (this == o)
|
|
||||||
return true;
|
|
||||||
if (o == null || getClass() != o.getClass())
|
|
||||||
return false;
|
|
||||||
Authentication that = (Authentication) o;
|
|
||||||
return builtIn == that.builtIn && Objects.equals(usedBy, that.usedBy) && Objects.equals(id, that.id) && Objects.equals(alias,
|
|
||||||
that.alias) && Objects.equals(description, that.description);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public int hashCode() {
|
|
||||||
return Objects.hash(usedBy, id, builtIn, alias, description);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override public String toString() {
|
|
||||||
return "Authentication{" + "usedBy=" + usedBy + ", id='" + id + '\'' + ", buildIn=" + builtIn + ", alias='" + alias + '\'' + ", description='" + description + '\'' + '}';
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,51 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest.model;
|
|
||||||
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.stream.Collectors;
|
|
||||||
import java.util.stream.Stream;
|
|
||||||
import org.keycloak.models.AuthenticationFlowModel;
|
|
||||||
import org.keycloak.models.ClientModel;
|
|
||||||
import org.keycloak.models.IdentityProviderModel;
|
|
||||||
import org.keycloak.models.RealmModel;
|
|
||||||
|
|
||||||
public class AuthenticationMapper {
|
|
||||||
private static final int MAX_USED_BY = 9;
|
|
||||||
|
|
||||||
public static Authentication convertToModel(AuthenticationFlowModel flow, RealmModel realm) {
|
|
||||||
|
|
||||||
final Stream<IdentityProviderModel> identityProviders = realm.getIdentityProvidersStream();
|
|
||||||
final Stream<ClientModel> clients = realm.getClientsStream();
|
|
||||||
|
|
||||||
final Authentication authentication = new Authentication();
|
|
||||||
authentication.setId(flow.getId());
|
|
||||||
authentication.setAlias(flow.getAlias());
|
|
||||||
authentication.setBuiltIn(flow.isBuiltIn());
|
|
||||||
authentication.setDescription(flow.getDescription());
|
|
||||||
|
|
||||||
final List<String> usedByIdp = identityProviders.filter(idp -> idp.getFirstBrokerLoginFlowId().equals(flow.getId()))
|
|
||||||
.map(IdentityProviderModel::getAlias).limit(MAX_USED_BY).collect(Collectors.toList());
|
|
||||||
if (!usedByIdp.isEmpty()) {
|
|
||||||
authentication.setUsedBy(new UsedBy(UsedBy.UsedByType.SPECIFIC_PROVIDERS, usedByIdp));
|
|
||||||
}
|
|
||||||
|
|
||||||
final List<String> usedClients = clients.filter(
|
|
||||||
c -> c.getAuthenticationFlowBindingOverrides().get("browser") != null && c.getAuthenticationFlowBindingOverrides()
|
|
||||||
.get("browser").equals(flow.getId()) || c.getAuthenticationFlowBindingOverrides()
|
|
||||||
.get("direct_grant") != null && c.getAuthenticationFlowBindingOverrides().get("direct_grant").equals(flow.getId()))
|
|
||||||
.map(ClientModel::getClientId).limit(MAX_USED_BY).collect(Collectors.toList());
|
|
||||||
|
|
||||||
if (!usedClients.isEmpty()) {
|
|
||||||
authentication.setUsedBy(new UsedBy(UsedBy.UsedByType.SPECIFIC_CLIENTS, usedClients));
|
|
||||||
}
|
|
||||||
|
|
||||||
final List<String> useAsDefault = Stream.of(realm.getBrowserFlow(), realm.getRegistrationFlow(), realm.getDirectGrantFlow(),
|
|
||||||
realm.getResetCredentialsFlow(), realm.getClientAuthenticationFlow(), realm.getDockerAuthenticationFlow())
|
|
||||||
.filter(f -> flow.getAlias().equals(f.getAlias())).map(AuthenticationFlowModel::getAlias).collect(Collectors.toList());
|
|
||||||
|
|
||||||
if (!useAsDefault.isEmpty()) {
|
|
||||||
authentication.setUsedBy(new UsedBy(UsedBy.UsedByType.DEFAULT, useAsDefault));
|
|
||||||
}
|
|
||||||
|
|
||||||
return authentication;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,48 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest.model;
|
|
||||||
|
|
||||||
import java.util.Map;
|
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
|
||||||
|
|
||||||
public class BruteUser extends UserRepresentation {
|
|
||||||
|
|
||||||
Map<String, Object> bruteForceStatus;
|
|
||||||
|
|
||||||
public BruteUser(UserRepresentation user) {
|
|
||||||
this.id = user.getId();
|
|
||||||
this.origin = user.getOrigin();
|
|
||||||
this.createdTimestamp = user.getCreatedTimestamp();
|
|
||||||
this.username = user.getUsername();
|
|
||||||
this.enabled = user.isEnabled();
|
|
||||||
this.totp = user.isTotp();
|
|
||||||
this.emailVerified = user.isEmailVerified();
|
|
||||||
this.firstName = user.getFirstName();
|
|
||||||
this.lastName = user.getLastName();
|
|
||||||
this.email = user.getEmail();
|
|
||||||
this.federationLink = user.getFederationLink();
|
|
||||||
this.serviceAccountClientId = user.getServiceAccountClientId();
|
|
||||||
|
|
||||||
this.attributes = user.getAttributes();
|
|
||||||
this.credentials = user.getCredentials();
|
|
||||||
this.disableableCredentialTypes = user.getDisableableCredentialTypes();
|
|
||||||
this.requiredActions = user.getRequiredActions();
|
|
||||||
this.federatedIdentities = user.getFederatedIdentities();
|
|
||||||
this.realmRoles = user.getRealmRoles();
|
|
||||||
this.clientRoles = user.getClientRoles();
|
|
||||||
this.clientConsents = user.getClientConsents();
|
|
||||||
this.notBefore = user.getNotBefore();
|
|
||||||
|
|
||||||
this.applicationRoles = user.getApplicationRoles();
|
|
||||||
this.socialLinks = user.getSocialLinks();
|
|
||||||
|
|
||||||
this.groups = user.getGroups();
|
|
||||||
this.setAccess(user.getAccess());
|
|
||||||
}
|
|
||||||
|
|
||||||
public Map<String, Object> getBruteForceStatus() {
|
|
||||||
return bruteForceStatus;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setBruteForceStatus(Map<String, Object> bruteForceStatus) {
|
|
||||||
this.bruteForceStatus = bruteForceStatus;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,83 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest.model;
|
|
||||||
|
|
||||||
import java.util.Objects;
|
|
||||||
import org.eclipse.microprofile.openapi.annotations.media.Schema;
|
|
||||||
|
|
||||||
public final class ClientRole {
|
|
||||||
@Schema(required = true)
|
|
||||||
private final String id;
|
|
||||||
@Schema(required = true)
|
|
||||||
private final String role;
|
|
||||||
@Schema(required = true)
|
|
||||||
private String client;
|
|
||||||
@Schema(required = true)
|
|
||||||
private String clientId;
|
|
||||||
private String description;
|
|
||||||
|
|
||||||
public String getId() {
|
|
||||||
return this.id;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getRole() {
|
|
||||||
return this.role;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getClient() {
|
|
||||||
return this.client;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setClient(String client) {
|
|
||||||
this.client = client;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getClientId() {
|
|
||||||
return this.clientId;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setClientId(String clientId) {
|
|
||||||
this.clientId = clientId;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getDescription() {
|
|
||||||
return this.description;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setDescription(String description) {
|
|
||||||
this.description = description;
|
|
||||||
}
|
|
||||||
|
|
||||||
public ClientRole(String id, String role, String description) {
|
|
||||||
this.id = id;
|
|
||||||
this.role = role;
|
|
||||||
this.description = description;
|
|
||||||
}
|
|
||||||
|
|
||||||
public ClientRole(String id, String role, String client, String clientId, String description) {
|
|
||||||
this.id = id;
|
|
||||||
this.role = role;
|
|
||||||
this.client = client;
|
|
||||||
this.clientId = clientId;
|
|
||||||
this.description = description;
|
|
||||||
}
|
|
||||||
|
|
||||||
public ClientRole copy(String id, String role, String client, String clientId, String description) {
|
|
||||||
return new ClientRole(id, role, client, clientId, description);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override public String toString() {
|
|
||||||
return "ClientRole{" + "id='" + id + '\'' + ", role='" + role + '\'' + ", client='" + client + '\'' + ", clientId='" + clientId + '\'' + ", description='" + description + '\'' + '}';
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override public boolean equals(Object o) {
|
|
||||||
if (this == o)
|
|
||||||
return true;
|
|
||||||
if (o == null || getClass() != o.getClass())
|
|
||||||
return false;
|
|
||||||
ClientRole that = (ClientRole) o;
|
|
||||||
return id.equals(that.id) && role.equals(that.role) && client.equals(that.client) && clientId.equals(that.clientId);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override public int hashCode() {
|
|
||||||
return Objects.hash(id, role, client, clientId);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,17 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest.model;
|
|
||||||
|
|
||||||
import java.util.stream.Stream;
|
|
||||||
import org.keycloak.models.ClientModel;
|
|
||||||
import org.keycloak.models.RoleModel;
|
|
||||||
|
|
||||||
public class RoleMapper {
|
|
||||||
|
|
||||||
public static ClientRole convertToModel(RoleModel roleModel, Stream<ClientModel> clients) {
|
|
||||||
ClientRole clientRole = new ClientRole(roleModel.getId(), roleModel.getName(), roleModel.getDescription());
|
|
||||||
ClientModel clientModel = clients.filter(c -> roleModel.getContainerId().equals(c.getId())).findFirst()
|
|
||||||
.orElseThrow(() -> new IllegalArgumentException("Could not find referenced client"));
|
|
||||||
clientRole.setClientId(clientModel.getId());
|
|
||||||
clientRole.setClient(clientModel.getClientId());
|
|
||||||
return clientRole;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,49 +0,0 @@
|
||||||
package org.keycloak.admin.ui.rest.model;
|
|
||||||
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Objects;
|
|
||||||
|
|
||||||
public class UsedBy {
|
|
||||||
public UsedBy(UsedByType type, List<String> values) {
|
|
||||||
this.type = type;
|
|
||||||
this.values = values;
|
|
||||||
}
|
|
||||||
|
|
||||||
public enum UsedByType {
|
|
||||||
SPECIFIC_CLIENTS, SPECIFIC_PROVIDERS, DEFAULT
|
|
||||||
}
|
|
||||||
|
|
||||||
private UsedByType type;
|
|
||||||
private List<String> values;
|
|
||||||
|
|
||||||
public UsedByType getType() {
|
|
||||||
return type;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setType(UsedByType type) {
|
|
||||||
this.type = type;
|
|
||||||
}
|
|
||||||
|
|
||||||
public List<String> getValues() {
|
|
||||||
return values;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setValues(List<String> values) {
|
|
||||||
this.values = values;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean equals(Object o) {
|
|
||||||
if (this == o)
|
|
||||||
return true;
|
|
||||||
if (o == null || getClass() != o.getClass())
|
|
||||||
return false;
|
|
||||||
UsedBy usedBy = (UsedBy) o;
|
|
||||||
return type == usedBy.type && Objects.equals(values, usedBy.values);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public int hashCode() {
|
|
||||||
return Objects.hash(type, values);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,22 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright 2022 Red Hat, Inc. and/or its affiliates
|
|
||||||
# and other contributors as indicated by the @author tags.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
#
|
|
||||||
|
|
||||||
org.keycloak.admin.ui.rest.AvailableRoleMappingProvider
|
|
||||||
org.keycloak.admin.ui.rest.EffectiveRoleMappingProvider
|
|
||||||
org.keycloak.admin.ui.rest.GroupsResourceProvider
|
|
||||||
org.keycloak.admin.ui.rest.AuthenticationManagementProvider
|
|
||||||
org.keycloak.admin.ui.rest.BruteForceUsersProvider
|
|
Loading…
Reference in a new issue