fix saas login/register

This commit is contained in:
Bill Burke 2013-08-07 10:13:01 -04:00
parent b1031a31f2
commit df5823f0e8
5 changed files with 67 additions and 30 deletions

View file

@ -73,7 +73,7 @@
</section> </section>
<section class="info-area"> <section class="info-area">
<h3>Info area</h3> <h3>Info area</h3>
<p>Already have an account? <a href="<%=application.getContextPath()%>/saas/saas-login.jsp">Log in</a>.</p> <p>Already have an account? <a href="<%=application.getContextPath()%>/rest/saas/loginPage.html">Log in</a>.</p>
<ul> <ul>
<li><strong>Domain:</strong> 10.0.0.1</li> <li><strong>Domain:</strong> 10.0.0.1</li>
<li><strong>Zone:</strong> Live</li> <li><strong>Zone:</strong> Live</li>

7
sdk-html/src/main/java/org/keycloak/sdk/LoginBean.java Normal file → Executable file
View file

@ -30,6 +30,8 @@ public class LoginBean {
private String socialLoginUrl; private String socialLoginUrl;
private String registrationUrl;
private String username; private String username;
private List<RequiredCredential> requiredCredentials; private List<RequiredCredential> requiredCredentials;
@ -61,6 +63,7 @@ public class LoginBean {
} }
loginAction = ((URI) request.getAttribute("KEYCLOAK_LOGIN_ACTION")).toString(); loginAction = ((URI) request.getAttribute("KEYCLOAK_LOGIN_ACTION")).toString();
registrationUrl = ((URI) request.getAttribute("KEYCLOAK_REGISTRATION_PAGE")).toString();
socialLoginUrl = ((URI) request.getAttribute("KEYCLOAK_SOCIAL_LOGIN")).toString(); socialLoginUrl = ((URI) request.getAttribute("KEYCLOAK_SOCIAL_LOGIN")).toString();
username = (String) request.getAttribute("username"); username = (String) request.getAttribute("username");
@ -119,6 +122,10 @@ public class LoginBean {
return themeUrl; return themeUrl;
} }
public String getRegistrationUrl() {
return registrationUrl;
}
public String getUsername() { public String getUsername() {
return username; return username;
} }

View file

@ -31,7 +31,7 @@
<ui:define name="info"> <ui:define name="info">
<h:panelGroup rendered="#{login.registrationAllowed}"> <h:panelGroup rendered="#{login.registrationAllowed}">
<p>No account? <a href="saas-register.html">Register</a>.</p> <p>No account? <a href="#{login.registrationUrl}">Register</a>.</p>
</h:panelGroup> </h:panelGroup>
</ui:define> </ui:define>
</ui:composition> </ui:composition>

View file

@ -18,6 +18,8 @@ import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RoleModel; import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel; import org.keycloak.services.models.UserModel;
import java.net.URI;
public abstract class AbstractLoginService { public abstract class AbstractLoginService {
@Context @Context
@ -86,6 +88,7 @@ public abstract class AbstractLoginService {
request.setAttribute(RealmModel.class.getName(), realm); request.setAttribute(RealmModel.class.getName(), realm);
request.setAttribute("KEYCLOAK_LOGIN_ACTION", TokenService.processLoginUrl(uriInfo).build(realm.getId())); request.setAttribute("KEYCLOAK_LOGIN_ACTION", TokenService.processLoginUrl(uriInfo).build(realm.getId()));
request.setAttribute("KEYCLOAK_SOCIAL_LOGIN", SocialService.redirectToProviderAuthUrl(uriInfo).build(realm.getId())); request.setAttribute("KEYCLOAK_SOCIAL_LOGIN", SocialService.redirectToProviderAuthUrl(uriInfo).build(realm.getId()));
request.setAttribute("KEYCLOAK_REGISTRATION_PAGE", URI.create("not-implemented-yet"));
// RESTEASY eats the form data, so we send via an attribute // RESTEASY eats the form data, so we send via an attribute
request.setAttribute("redirect_uri", redirect); request.setAttribute("redirect_uri", redirect);

View file

@ -93,8 +93,7 @@ public class SaasService {
public Response whoAmI(final @Context HttpHeaders headers) { public Response whoAmI(final @Context HttpHeaders headers) {
return new Transaction() { return new Transaction() {
@Override @Override
public Response callImpl() public Response callImpl() {
{
logger.info("WHOAMI start."); logger.info("WHOAMI start.");
RealmManager realmManager = new RealmManager(session); RealmManager realmManager = new RealmManager(session);
RealmModel realm = realmManager.defaultRealm(); RealmModel realm = realmManager.defaultRealm();
@ -115,8 +114,7 @@ public class SaasService {
public String isLoggedIn(final @Context HttpHeaders headers) { public String isLoggedIn(final @Context HttpHeaders headers) {
return new Transaction() { return new Transaction() {
@Override @Override
public String callImpl() public String callImpl() {
{
logger.info("WHOAMI Javascript start."); logger.info("WHOAMI Javascript start.");
RealmManager realmManager = new RealmManager(session); RealmManager realmManager = new RealmManager(session);
RealmModel realm = realmManager.defaultRealm(); RealmModel realm = realmManager.defaultRealm();
@ -145,24 +143,38 @@ public class SaasService {
@Path("admin/realms") @Path("admin/realms")
public RealmsAdminResource getRealmsAdmin(@Context final HttpHeaders headers) { public RealmsAdminResource getRealmsAdmin(@Context final HttpHeaders headers) {
return new Transaction(false) { return new Transaction(false) {
@Override @Override
protected RealmsAdminResource callImpl() { protected RealmsAdminResource callImpl() {
RealmManager realmManager = new RealmManager(session); RealmManager realmManager = new RealmManager(session);
RealmModel saasRealm = realmManager.defaultRealm(); RealmModel saasRealm = realmManager.defaultRealm();
if (saasRealm == null) throw new NotFoundException(); if (saasRealm == null) throw new NotFoundException();
UserModel admin = authManager.authenticateSaasIdentity(saasRealm, uriInfo, headers); UserModel admin = authManager.authenticateSaasIdentity(saasRealm, uriInfo, headers);
if (admin == null) { if (admin == null) {
throw new NotAuthorizedException("Bearer"); throw new NotAuthorizedException("Bearer");
} }
RoleModel creatorRole = saasRealm.getRole(SaasService.REALM_CREATOR_ROLE); RoleModel creatorRole = saasRealm.getRole(SaasService.REALM_CREATOR_ROLE);
if (!saasRealm.hasRole(admin, creatorRole)) { if (!saasRealm.hasRole(admin, creatorRole)) {
logger.warn("not a Realm creator"); logger.warn("not a Realm creator");
throw new NotAuthorizedException("Bearer"); throw new NotAuthorizedException("Bearer");
} }
return new RealmsAdminResource(admin); return new RealmsAdminResource(admin);
} }
}.call(); }.call();
}
@Path("loginPage.html")
@GET
public void loginPage() {
new Transaction() {
@Override
protected void runImpl() {
RealmManager realmManager = new RealmManager(session);
RealmModel realm = realmManager.defaultRealm();
authManager.expireSaasIdentityCookie(uriInfo);
forwardToLoginForm(realm);
}
}.run();
} }
@Path("logout") @Path("logout")
@ -171,12 +183,15 @@ public class SaasService {
new Transaction() { new Transaction() {
@Override @Override
protected void runImpl() { protected void runImpl() {
RealmManager realmManager = new RealmManager(session);
RealmModel realm = realmManager.defaultRealm();
authManager.expireSaasIdentityCookie(uriInfo); authManager.expireSaasIdentityCookie(uriInfo);
request.forward(saasLoginPath); forwardToLoginForm(realm);
} }
}.run(); }.run();
} }
@Path("logout-cookie") @Path("logout-cookie")
@GET @GET
public void logoutCookie() { public void logoutCookie() {
@ -189,6 +204,18 @@ public class SaasService {
}.run(); }.run();
} }
public final static String loginFormPath = "/sdk/login.xhtml";
protected void forwardToLoginForm(RealmModel realm) {
request.setAttribute(RealmModel.class.getName(), realm);
URI action = uriInfo.getBaseUriBuilder().path(SaasService.class).path(SaasService.class, "processLogin").build();
URI register = contextRoot(uriInfo).path(saasRegisterPath).build();
request.setAttribute("KEYCLOAK_LOGIN_ACTION", action);
request.setAttribute("KEYCLOAK_REGISTRATION_PAGE", register);
request.setAttribute("KEYCLOAK_SOCIAL_LOGIN", SocialService.redirectToProviderAuthUrl(uriInfo).build(realm.getId()));
request.forward(loginFormPath);
}
@Path("login") @Path("login")
@POST @POST
@ -210,13 +237,13 @@ public class SaasService {
if (user == null) { if (user == null) {
logger.info("Not Authenticated! Incorrect user name"); logger.info("Not Authenticated! Incorrect user name");
request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Incorrect user name."); request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Incorrect user name.");
request.forward(saasLoginPath); forwardToLoginForm(realm);
return null; return null;
} }
if (!user.isEnabled()) { if (!user.isEnabled()) {
logger.info("NAccount is disabled, contact admin."); logger.info("NAccount is disabled, contact admin.");
request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Account is disabled, contact admin."); request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Account is disabled, contact admin.");
request.forward(saasLoginPath); forwardToLoginForm(realm);
return null; return null;
} }
@ -224,14 +251,14 @@ public class SaasService {
if (!authenticated) { if (!authenticated) {
logger.info("Not Authenticated! Invalid credentials"); logger.info("Not Authenticated! Invalid credentials");
request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Invalid credentials."); request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Invalid credentials.");
request.forward(saasLoginPath); forwardToLoginForm(realm);
return null; return null;
} }
NewCookie cookie = authManager.createSaasIdentityCookie(realm, user, uriInfo); NewCookie cookie = authManager.createSaasIdentityCookie(realm, user, uriInfo);
return Response.status(302) return Response.status(302)
.cookie(cookie) .cookie(cookie)
.location(contextRoot(uriInfo).path(adminPath).build()).build(); .location(contextRoot(uriInfo).path(adminPath).build()).build();
} }
}.call(); }.call();
} }