Merge pull request #23 from patriot1burke/master

fix saas login/register
2013-08-07 07:13:37 -07:00 · 2013-08-07 07:13:37 -07:00 · f9855075aa
commit f9855075aa
parent b1031a31f2 df5823f0e8
5 changed files with 67 additions and 30 deletions
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/saas-register.jsp
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/saas-register.jsp
@ -73,7 +73,7 @@
                    </section>
                    <section class="info-area">
                        <h3>Info area</h3>
-                        <p>Already have an account? <a href="<%=application.getContextPath()%>/saas/saas-login.jsp">Log in</a>.</p>
+                        <p>Already have an account? <a href="<%=application.getContextPath()%>/rest/saas/loginPage.html">Log in</a>.</p>
                        <ul>
                            <li><strong>Domain:</strong> 10.0.0.1</li>
                            <li><strong>Zone:</strong> Live</li>
--- a/sdk-html/src/main/java/org/keycloak/sdk/LoginBean.java
+++ b/sdk-html/src/main/java/org/keycloak/sdk/LoginBean.java
@ -30,6 +30,8 @@ public class LoginBean {

    private String socialLoginUrl;

+    private String registrationUrl;
+
    private String username;

    private List<RequiredCredential> requiredCredentials;
@ -61,6 +63,7 @@ public class LoginBean {
        }

        loginAction = ((URI) request.getAttribute("KEYCLOAK_LOGIN_ACTION")).toString();
+        registrationUrl = ((URI) request.getAttribute("KEYCLOAK_REGISTRATION_PAGE")).toString();
        socialLoginUrl = ((URI) request.getAttribute("KEYCLOAK_SOCIAL_LOGIN")).toString();

        username = (String) request.getAttribute("username");
@ -119,6 +122,10 @@ public class LoginBean {
        return themeUrl;
    }

+    public String getRegistrationUrl() {
+        return registrationUrl;
+    }
+
    public String getUsername() {
        return username;
    }
--- a/sdk-html/src/main/resources/META-INF/resources/sdk/theme/default/login.xhtml
+++ b/sdk-html/src/main/resources/META-INF/resources/sdk/theme/default/login.xhtml
@ -31,7 +31,7 @@
 	
 	<ui:define name="info">
 		<h:panelGroup rendered="#{login.registrationAllowed}">
-			<p>No account? <a href="saas-register.html">Register</a>.</p>
+			<p>No account? <a href="#{login.registrationUrl}">Register</a>.</p>
 		</h:panelGroup>	
 	</ui:define>
 </ui:composition>
--- a/services/src/main/java/org/keycloak/services/resources/AbstractLoginService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AbstractLoginService.java
@ -18,6 +18,8 @@ import org.keycloak.services.models.RealmModel;
 import org.keycloak.services.models.RoleModel;
 import org.keycloak.services.models.UserModel;

+import java.net.URI;
+
 public abstract class AbstractLoginService {

    @Context
@ -86,6 +88,7 @@ public abstract class AbstractLoginService {
        request.setAttribute(RealmModel.class.getName(), realm);
        request.setAttribute("KEYCLOAK_LOGIN_ACTION", TokenService.processLoginUrl(uriInfo).build(realm.getId()));
        request.setAttribute("KEYCLOAK_SOCIAL_LOGIN", SocialService.redirectToProviderAuthUrl(uriInfo).build(realm.getId()));
+        request.setAttribute("KEYCLOAK_REGISTRATION_PAGE", URI.create("not-implemented-yet"));

        // RESTEASY eats the form data, so we send via an attribute
        request.setAttribute("redirect_uri", redirect);
--- a/services/src/main/java/org/keycloak/services/resources/SaasService.java
+++ b/services/src/main/java/org/keycloak/services/resources/SaasService.java
@ -93,8 +93,7 @@ public class SaasService {
    public Response whoAmI(final @Context HttpHeaders headers) {
        return new Transaction() {
            @Override
-            public Response callImpl()
-            {
+            public Response callImpl() {
                logger.info("WHOAMI start.");
                RealmManager realmManager = new RealmManager(session);
                RealmModel realm = realmManager.defaultRealm();
@ -115,8 +114,7 @@ public class SaasService {
    public String isLoggedIn(final @Context HttpHeaders headers) {
        return new Transaction() {
            @Override
-            public String callImpl()
-            {
+            public String callImpl() {
                logger.info("WHOAMI Javascript start.");
                RealmManager realmManager = new RealmManager(session);
                RealmModel realm = realmManager.defaultRealm();
@ -145,24 +143,38 @@ public class SaasService {

    @Path("admin/realms")
    public RealmsAdminResource getRealmsAdmin(@Context final HttpHeaders headers) {
-       return new Transaction(false) {
-           @Override
-           protected RealmsAdminResource callImpl() {
-               RealmManager realmManager = new RealmManager(session);
-               RealmModel saasRealm = realmManager.defaultRealm();
-               if (saasRealm == null) throw new NotFoundException();
-               UserModel admin = authManager.authenticateSaasIdentity(saasRealm, uriInfo, headers);
-               if (admin == null) {
-                   throw new NotAuthorizedException("Bearer");
-               }
-               RoleModel creatorRole = saasRealm.getRole(SaasService.REALM_CREATOR_ROLE);
-               if (!saasRealm.hasRole(admin, creatorRole)) {
-                   logger.warn("not a Realm creator");
-                   throw new NotAuthorizedException("Bearer");
-               }
-               return new RealmsAdminResource(admin);
-           }
-       }.call();
+        return new Transaction(false) {
+            @Override
+            protected RealmsAdminResource callImpl() {
+                RealmManager realmManager = new RealmManager(session);
+                RealmModel saasRealm = realmManager.defaultRealm();
+                if (saasRealm == null) throw new NotFoundException();
+                UserModel admin = authManager.authenticateSaasIdentity(saasRealm, uriInfo, headers);
+                if (admin == null) {
+                    throw new NotAuthorizedException("Bearer");
+                }
+                RoleModel creatorRole = saasRealm.getRole(SaasService.REALM_CREATOR_ROLE);
+                if (!saasRealm.hasRole(admin, creatorRole)) {
+                    logger.warn("not a Realm creator");
+                    throw new NotAuthorizedException("Bearer");
+                }
+                return new RealmsAdminResource(admin);
+            }
+        }.call();
+    }
+
+    @Path("loginPage.html")
+    @GET
+    public void loginPage() {
+        new Transaction() {
+            @Override
+            protected void runImpl() {
+                RealmManager realmManager = new RealmManager(session);
+                RealmModel realm = realmManager.defaultRealm();
+                authManager.expireSaasIdentityCookie(uriInfo);
+                forwardToLoginForm(realm);
+            }
+        }.run();
    }

    @Path("logout")
@ -171,12 +183,15 @@ public class SaasService {
        new Transaction() {
            @Override
            protected void runImpl() {
+                RealmManager realmManager = new RealmManager(session);
+                RealmModel realm = realmManager.defaultRealm();
                authManager.expireSaasIdentityCookie(uriInfo);
-                request.forward(saasLoginPath);
+                forwardToLoginForm(realm);
            }
        }.run();
    }

+
    @Path("logout-cookie")
    @GET
    public void logoutCookie() {
@ -189,6 +204,18 @@ public class SaasService {
        }.run();
    }

+    public final static String loginFormPath = "/sdk/login.xhtml";
+    protected void forwardToLoginForm(RealmModel realm) {
+        request.setAttribute(RealmModel.class.getName(), realm);
+        URI action = uriInfo.getBaseUriBuilder().path(SaasService.class).path(SaasService.class, "processLogin").build();
+        URI register = contextRoot(uriInfo).path(saasRegisterPath).build();
+        request.setAttribute("KEYCLOAK_LOGIN_ACTION", action);
+        request.setAttribute("KEYCLOAK_REGISTRATION_PAGE", register);
+        request.setAttribute("KEYCLOAK_SOCIAL_LOGIN", SocialService.redirectToProviderAuthUrl(uriInfo).build(realm.getId()));
+        request.forward(loginFormPath);
+    }
+
+

    @Path("login")
    @POST
@ -210,13 +237,13 @@ public class SaasService {
                if (user == null) {
                    logger.info("Not Authenticated! Incorrect user name");
                    request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Incorrect user name.");
-                    request.forward(saasLoginPath);
+                    forwardToLoginForm(realm);
                    return null;
                }
                if (!user.isEnabled()) {
                    logger.info("NAccount is disabled, contact admin.");
                    request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Account is disabled, contact admin.");
-                    request.forward(saasLoginPath);
+                    forwardToLoginForm(realm);
                    return null;
                }

@ -224,14 +251,14 @@ public class SaasService {
                if (!authenticated) {
                    logger.info("Not Authenticated! Invalid credentials");
                    request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Invalid credentials.");
-                    request.forward(saasLoginPath);
+                    forwardToLoginForm(realm);
                    return null;
                }

                NewCookie cookie = authManager.createSaasIdentityCookie(realm, user, uriInfo);
                return Response.status(302)
-                               .cookie(cookie)
-                               .location(contextRoot(uriInfo).path(adminPath).build()).build();
+                        .cookie(cookie)
+                        .location(contextRoot(uriInfo).path(adminPath).build()).build();
            }
        }.call();
    }