libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

client to protocol mapping model

Browse source
This commit is contained in:
Bill Burke 2015-02-15 17:01:34 -05:00
parent 2fb97f058b
commit ebd9bae1ee
15 changed files with 200 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.Beta1.xml
View file

@ -63,6 +63,14 @@
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="CLIENT_PROTOCOL_CLAIM_MAPPING">
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="MAPPING_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<addColumn tableName="CLIENT">
<column name="FRONTCHANNEL_LOGOUT" type="BOOLEAN" defaultValueBoolean="false"/>
</addColumn>
@ -78,6 +86,8 @@
<addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="IDENTITY_PROVIDER_CONFIG" constraintName="FKDC4897CF864C4E43" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER"/>
<addForeignKeyConstraint baseColumnNames="INTERNAL_ID" baseTableName="CLIENT_ALLOWED_IDENTITY_PROVIDER" constraintName="FK_7CELWNIBJI49AVXSRTUF6XJ12" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER"/>
<addUniqueConstraint columnNames="INTERNAL_ID,CLIENT_ID" constraintName="UK_7CAELWNIBJI49AVXSRTUF6XJ12" tableName="CLIENT_ALLOWED_IDENTITY_PROVIDER"/>
<addForeignKeyConstraint baseColumnNames="MAPPING_ID" baseTableName="CLIENT_PROTOCOL_CLAIM_MAPPING" constraintName="FK_CPCM" referencedColumnNames="ID" referencedTableName="PROTOCOL_CLAIM_MAPPING"/>
<addUniqueConstraint columnNames="CLIENT_ID,MAPPING_ID" constraintName="UK_CPCM" tableName="CLIENT_PROTOCOL_CLAIM_MAPPING"/>
<addUniqueConstraint columnNames="PROVIDER_NONIMAL_ID" constraintName="UK_2DAELWNIBJI49AVXSRTUF6XJ33" tableName="IDENTITY_PROVIDER"/>
</changeSet>
</databaseChangeLog>

10
core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
View file

@ -2,6 +2,7 @@ package org.keycloak.representations.idm;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -29,6 +30,7 @@ public class ApplicationRepresentation {
protected Integer nodeReRegistrationTimeout;
protected Map<String, Integer> registeredNodes;
protected List<String> allowedIdentityProviders;
protected Set<String> protocolClaimMappings;
public String getId() {
return id;
@ -197,4 +199,12 @@ public class ApplicationRepresentation {
public void setAllowedIdentityProviders(List<String> allowedIdentityProviders) {
this.allowedIdentityProviders = allowedIdentityProviders;
}
public Set<String> getProtocolClaimMappings() {
return protocolClaimMappings;
}
public void setProtocolClaimMappings(Set<String> protocolClaimMappings) {
this.protocolClaimMappings = protocolClaimMappings;
}
}

10
core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java
View file

@ -2,6 +2,7 @@ package org.keycloak.representations.idm;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -23,6 +24,7 @@ public class OAuthClientRepresentation {
protected Boolean fullScopeAllowed;
protected Boolean frontchannelLogout;
protected List<String> allowedIdentityProviders;
protected Set<String> protocolClaimMappings;
public String getId() {
@ -144,4 +146,12 @@ public class OAuthClientRepresentation {
public void setAllowedIdentityProviders(List<String> allowedIdentityProviders) {
this.allowedIdentityProviders = allowedIdentityProviders;
}
public Set<String> getProtocolClaimMappings() {
return protocolClaimMappings;
}
public void setProtocolClaimMappings(Set<String> protocolClaimMappings) {
this.protocolClaimMappings = protocolClaimMappings;
}
}

9
model/api/src/main/java/org/keycloak/models/ClientModel.java
View file

@ -104,10 +104,7 @@ public interface ClientModel {
boolean hasIdentityProvider(String providerId);
/*
Set<ProtocolClaimMapping> getClaimMappings();
ProtocolClaimMapping getClaimMapping(String protocolClaim);
ProtocolClaimMapping addClaimMapping(String assertion, String protocol, ClaimTypeModel claimType);
void removeClaimMapping(ProtocolClaimMapping mapping);
*/
Set<ProtocolClaimMappingModel> getProtocolClaimMappings();
void addProtocolClaimMappings(Set<String> mappingIds);
void removeProtocolClaimMappings(Set<String> mappingIds);
}

11
model/api/src/main/java/org/keycloak/models/entities/ClientEntity.java
View file

@ -2,8 +2,10 @@ package org.keycloak.models.entities;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@ -28,6 +30,7 @@ public class ClientEntity extends AbstractIdentifiableEntity {
private List<String> redirectUris = new ArrayList<String>();
private List<String> scopeIds = new ArrayList<String>();
private List<String> allowedIdentityProviders = new ArrayList<String>();
private Set<String> protocolClaimMappings = new HashSet<String>();
public String getName() {
return name;
@ -148,4 +151,12 @@ public class ClientEntity extends AbstractIdentifiableEntity {
public void setAllowedIdentityProviders(List<String> allowedIdentityProviders) {
this.allowedIdentityProviders = allowedIdentityProviders;
}
public Set<String> getProtocolClaimMappings() {
return protocolClaimMappings;
}
public void setProtocolClaimMappings(Set<String> protocolClaimMappings) {
this.protocolClaimMappings = protocolClaimMappings;
}
}

11
model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
View file

@ -265,6 +265,12 @@ public class ModelToRepresentation {
rep.setAllowedIdentityProviders(applicationModel.getAllowedIdentityProviders());
}
if (!applicationModel.getProtocolClaimMappings().isEmpty()) {
Set<String> mappings = new HashSet<String>();
for (ProtocolClaimMappingModel model : applicationModel.getProtocolClaimMappings()) mappings.add(model.getId());
rep.setProtocolClaimMappings(mappings);
}
return rep;
}
@ -294,6 +300,11 @@ public class ModelToRepresentation {
rep.setAllowedIdentityProviders(model.getAllowedIdentityProviders());
}
if (!model.getProtocolClaimMappings().isEmpty()) {
Set<String> mappings = new HashSet<String>();
for (ProtocolClaimMappingModel mappingMoel : model.getProtocolClaimMappings()) mappings.add(mappingMoel.getId());
rep.setProtocolClaimMappings(mappings);
}
return rep;
}

9
model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -460,6 +460,10 @@ public class RepresentationToModel {
applicationModel.setAllowedClaimsMask(ClaimMask.ALL);
}
if (resourceRep.getProtocolClaimMappings() != null) {
applicationModel.addProtocolClaimMappings(resourceRep.getProtocolClaimMappings());
}
return applicationModel;
}
@ -632,6 +636,11 @@ public class RepresentationToModel {
if (rep.getAllowedIdentityProviders() != null) {
model.updateAllowedIdentityProviders(rep.getAllowedIdentityProviders());
}
if (rep.getProtocolClaimMappings() != null) {
model.addProtocolClaimMappings(rep.getProtocolClaimMappings());
}
}
// Scope mappings

20
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ClientAdapter.java vendored
View file

@ -1,6 +1,7 @@
package org.keycloak.models.cache;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
@ -278,4 +279,23 @@ public abstract class ClientAdapter implements ClientModel {
if (updatedClient != null) return updatedClient.hasIdentityProvider(providerId);
return cachedClient.hasIdentityProvider(providerId);
}
@Override
public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
if (updatedClient != null) return updatedClient.getProtocolClaimMappings();
return cachedClient.getProtocolClaimMappings(); }
@Override
public void addProtocolClaimMappings(Set<String> mappingIds) {
getDelegateForUpdate();
updatedClient.addProtocolClaimMappings(mappingIds);
}
@Override
public void removeProtocolClaimMappings(Set<String> mappingIds) {
getDelegateForUpdate();
updatedClient.removeProtocolClaimMappings(mappingIds);
}
}

11
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedClient.java vendored
View file

@ -1,6 +1,7 @@
package org.keycloak.models.cache.entities;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
@ -35,6 +36,7 @@ public class CachedClient {
protected Set<String> scope = new HashSet<String>();
protected Set<String> webOrigins = new HashSet<String>();
private List<String> allowedIdentityProviders = new ArrayList<String>();
private Set<ProtocolClaimMappingModel> protocolClaimMappings = new HashSet<ProtocolClaimMappingModel>();
public CachedClient(RealmCache cache, RealmProvider delegate, RealmModel realm, ClientModel model) {
id = model.getId();
@ -56,6 +58,7 @@ public class CachedClient {
scope.add(role.getId());
}
this.allowedIdentityProviders = model.getAllowedIdentityProviders();
protocolClaimMappings.addAll(model.getProtocolClaimMappings());
}
public String getId() {
@ -122,10 +125,6 @@ public class CachedClient {
return frontchannelLogout;
}
public void setFrontchannelLogout(boolean frontchannelLogout) {
this.frontchannelLogout = frontchannelLogout;
}
public List<String> getAllowedIdentityProviders() {
return this.allowedIdentityProviders;
}
@ -137,4 +136,8 @@ public class CachedClient {
return this.allowedIdentityProviders.contains(providerId);
}
public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
return protocolClaimMappings;
}
}

52
model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java
View file

@ -1,11 +1,13 @@
package org.keycloak.models.jpa;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.jpa.entities.ClientEntity;
import org.keycloak.models.jpa.entities.IdentityProviderEntity;
import org.keycloak.models.jpa.entities.ProtocolClaimMappingEntity;
import org.keycloak.models.jpa.entities.RoleEntity;
import org.keycloak.models.jpa.entities.ScopeMappingEntity;
@ -15,6 +17,7 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
@ -352,4 +355,53 @@ public abstract class ClientAdapter implements ClientModel {
}
return false;
}
@Override
public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
Set<ProtocolClaimMappingModel> mappings = new HashSet<ProtocolClaimMappingModel>();
for (ProtocolClaimMappingEntity entity : this.entity.getProtocolClaimMappings()) {
ProtocolClaimMappingModel mapping = new ProtocolClaimMappingModel();
mapping.setId(entity.getId());
mapping.setProtocol(entity.getProtocol());
mapping.setProtocolClaim(entity.getProtocolClaim());
mapping.setAppliedByDefault(entity.isAppliedByDefault());
mapping.setSource(ProtocolClaimMappingModel.Source.valueOf(entity.getSource()));
mapping.setSourceAttribute(entity.getSourceAttribute());
mappings.add(mapping);
}
return mappings;
}
@Override
public void addProtocolClaimMappings(Set<String> mappings) {
Collection<ProtocolClaimMappingEntity> entities = entity.getProtocolClaimMappings();
Set<String> already = new HashSet<String>();
for (ProtocolClaimMappingEntity rel : entities) {
already.add(rel.getId());
}
for (String providerId : mappings) {
if (!already.contains(providerId)) {
ProtocolClaimMappingEntity mapping = em.find(ProtocolClaimMappingEntity.class, providerId);
if (mapping != null) {
entities.add(mapping);
}
}
}
em.flush();
}
@Override
public void removeProtocolClaimMappings(Set<String> mappings) {
Collection<ProtocolClaimMappingEntity> entities = entity.getProtocolClaimMappings();
List<ProtocolClaimMappingEntity> remove = new LinkedList<ProtocolClaimMappingEntity>();
for (ProtocolClaimMappingEntity rel : entities) {
if (mappings.contains(rel.getId())) remove.add(rel);
}
for (ProtocolClaimMappingEntity entity : remove) {
entities.remove(entity);
}
em.flush();
}
}

2
model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java
View file

@ -93,7 +93,7 @@ public class JpaRealmProvider implements RealmProvider {
adapter.removeOAuthClient(oauth.getId());
}
em.remove(realm);
em.remove(realm);
return true;
}

13
model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java
View file

@ -1,5 +1,6 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
@ -76,6 +77,10 @@ public abstract class ClientEntity {
@JoinTable(name="CLIENT_ALLOWED_IDENTITY_PROVIDER", joinColumns = { @JoinColumn(name="CLIENT_ID")}, inverseJoinColumns = { @JoinColumn(name="INTERNAL_ID")})
Collection<IdentityProviderEntity> allowedIdentityProviders = new ArrayList<IdentityProviderEntity>();
@OneToMany(cascade ={CascadeType.REMOVE})
@JoinTable(name="CLIENT_PROTOCOL_CLAIM_MAPPING", joinColumns = { @JoinColumn(name="CLIENT_ID")}, inverseJoinColumns = { @JoinColumn(name="MAPPING_ID")})
Collection<ProtocolClaimMappingEntity> protocolClaimMappings = new ArrayList<ProtocolClaimMappingEntity>();
public RealmEntity getRealm() {
return realm;
}
@ -195,4 +200,12 @@ public abstract class ClientEntity {
public void setAllowedIdentityProviders(Collection<IdentityProviderEntity> allowedIdentityProviders) {
this.allowedIdentityProviders = allowedIdentityProviders;
}
public Collection<ProtocolClaimMappingEntity> getProtocolClaimMappings() {
return protocolClaimMappings;
}
public void setProtocolClaimMappings(Collection<ProtocolClaimMappingEntity> protocolClaimMappings) {
this.protocolClaimMappings = protocolClaimMappings;
}
}

2
model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java
View file

@ -138,4 +138,6 @@ public class IdentityProviderEntity {
public void setConfig(Map<String, String> config) {
this.config = config;
}
}

17
model/jpa/src/main/java/org/keycloak/models/jpa/entities/ProtocolClaimMappingEntity.java
View file

@ -95,4 +95,21 @@ public class ProtocolClaimMappingEntity {
public void setRealm(RealmEntity realm) {
this.realm = realm;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
ProtocolClaimMappingEntity that = (ProtocolClaimMappingEntity) o;
if (!id.equals(that.id)) return false;
return true;
}
@Override
public int hashCode() {
return id.hashCode();
}
}

24
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java
View file

@ -4,6 +4,7 @@ import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
@ -291,6 +292,29 @@ public abstract class ClientAdapter<T extends MongoIdentifiableEntity> extends A
return copy;
}
@Override
public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
Set<ProtocolClaimMappingModel> result = new HashSet<ProtocolClaimMappingModel>();
for (String id : getMongoEntityAsClient().getProtocolClaimMappings()) {
ProtocolClaimMappingModel model = getRealm().getProtocolClaimMappingById(id);
if (model != null) result.add(model);
}
return result;
}
@Override
public void addProtocolClaimMappings(Set<String> mappingIds) {
getMongoEntityAsClient().getProtocolClaimMappings().addAll(mappingIds);
updateMongoEntity();
}
@Override
public void removeProtocolClaimMappings(Set<String> mappingIds) {
getMongoEntityAsClient().getProtocolClaimMappings().removeAll(mappingIds);
updateMongoEntity();
}
@Override
public void updateAllowedIdentityProviders(List<String> identityProviders) {
List<String> providerIds = new ArrayList<String>();