libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Changes in representations - adding role mappings under user representation

Browse source
This commit is contained in:
mposolda 2014-07-07 20:24:59 +02:00
parent 6d824231e9
commit ffc30b4c03
27 changed files with 247 additions and 463 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
View file

@ -44,11 +44,8 @@ public class RealmRepresentation {
protected Set<String> requiredCredentials;
protected String passwordPolicy;
protected List<UserRepresentation> users;
protected List<UserRoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings;
protected Map<String, List<UserRoleMappingRepresentation>> applicationRoleMappings;
protected Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings;
protected List<SocialMappingRepresentation> socialMappings;
protected List<ApplicationRepresentation> applications;
protected List<OAuthClientRepresentation> oauthClients;
protected Map<String, String> socialProviders;
@ -151,18 +148,6 @@ public class RealmRepresentation {
this.ssoSessionMaxLifespan = ssoSessionMaxLifespan;
}
public List<UserRoleMappingRepresentation> getRoleMappings() {
return roleMappings;
}
public UserRoleMappingRepresentation roleMapping(String username) {
UserRoleMappingRepresentation mapping = new UserRoleMappingRepresentation();
mapping.setUsername(username);
if (roleMappings == null) roleMappings = new ArrayList<UserRoleMappingRepresentation>();
roleMappings.add(mapping);
return mapping;
}
public List<ScopeMappingRepresentation> getScopeMappings() {
return scopeMappings;
}
@ -175,18 +160,6 @@ public class RealmRepresentation {
return mapping;
}
public List<SocialMappingRepresentation> getSocialMappings() {
return socialMappings;
}
public SocialMappingRepresentation socialMapping(String username) {
SocialMappingRepresentation mapping = new SocialMappingRepresentation();
mapping.setUsername(username);
if (socialMappings == null) socialMappings = new ArrayList<SocialMappingRepresentation>();
socialMappings.add(mapping);
return mapping;
}
public Set<String> getRequiredCredentials() {
return requiredCredentials;
}
@ -339,14 +312,6 @@ public class RealmRepresentation {
this.oauthClients = oauthClients;
}
public Map<String, List<UserRoleMappingRepresentation>> getApplicationRoleMappings() {
return applicationRoleMappings;
}
public void setApplicationRoleMappings(Map<String, List<UserRoleMappingRepresentation>> applicationRoleMappings) {
this.applicationRoleMappings = applicationRoleMappings;
}
public Map<String, List<ScopeMappingRepresentation>> getApplicationScopeMappings() {
return applicationScopeMappings;
}

44
core/src/main/java/org/keycloak/representations/idm/SocialMappingRepresentation.java
View file

@ -1,44 +0,0 @@
package org.keycloak.representations.idm;
import java.util.ArrayList;
import java.util.List;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class SocialMappingRepresentation {
protected String self; // link
protected String username;
protected List<SocialLinkRepresentation> socialLinks;
public String getSelf() {
return self;
}
public void setSelf(String self) {
this.self = self;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public List<SocialLinkRepresentation> getSocialLinks() {
return socialLinks;
}
public SocialLinkRepresentation socialLink(String socialProvider, String socialUserId, String socialUsername) {
SocialLinkRepresentation link = new SocialLinkRepresentation();
link.setSocialProvider(socialProvider);
link.setSocialUserId(socialUserId);
link.setSocialUsername(socialUsername);
if (socialLinks == null) socialLinks = new ArrayList<SocialLinkRepresentation>();
socialLinks.add(link);
return link;
}
}

27
core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java
View file

@ -24,6 +24,9 @@ public class UserRepresentation {
protected Map<String, String> attributes;
protected List<CredentialRepresentation> credentials;
protected List<String> requiredActions;
protected List<SocialLinkRepresentation> socialLinks;
protected List<String> realmRoles;
protected Map<String, List<String>> applicationRoles;
public String getSelf() {
return self;
@ -143,4 +146,28 @@ public class UserRepresentation {
public void setRequiredActions(List<String> requiredActions) {
this.requiredActions = requiredActions;
}
public List<SocialLinkRepresentation> getSocialLinks() {
return socialLinks;
}
public void setSocialLinks(List<SocialLinkRepresentation> socialLinks) {
this.socialLinks = socialLinks;
}
public List<String> getRealmRoles() {
return realmRoles;
}
public void setRealmRoles(List<String> realmRoles) {
this.realmRoles = realmRoles;
}
public Map<String, List<String>> getApplicationRoles() {
return applicationRoles;
}
public void setApplicationRoles(Map<String, List<String>> applicationRoles) {
this.applicationRoles = applicationRoles;
}
}

8
examples/cordova/example-realm.json
View file

@ -15,8 +15,12 @@
"lastName": "User",
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
"value" : "password" }
],
"realmRoles": [ "user" ],
"applicationRoles": {
"account": ["view-profile", "manage-account"]
}
}
],
"roles" : {

22
examples/cors/cors-realm.json
View file

@ -20,8 +20,12 @@
"lastName": "Burke",
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
"value" : "password" }
],
"realmRoles": [ "user" ],
"applicationRoles": {
"realm-management": [ "realm-admin" ]
}
}
],
"roles" : {
@ -32,12 +36,6 @@
}
]
},
"roleMappings": [
{
"username": "bburke@redhat.com",
"roles": ["user"]
}
],
"scopeMappings": [
{
"client": "angular-product",
@ -58,14 +56,6 @@
]
}
],
"applicationRoleMappings": {
"realm-management": [
{
"username": "bburke@redhat.com",
"roles": ["realm-admin"]
}
]
},
"applicationScopeMappings": {
"realm-management": [
{

36
examples/demo-template/testrealm.json
View file

@ -24,7 +24,11 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
],
"realmRoles": [ "user" ],
"applicationRoles": {
"account": [ "manage-account" ]
}
},
{
"username" : "admin",
@ -35,7 +39,11 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
],
"realmRoles": [ "user","admin" ],
"applicationRoles": {
"realm-management": [ "realm-admin" ]
}
}
],
"roles" : {
@ -50,16 +58,6 @@
}
]
},
"roleMappings": [
{
"username": "bburke@redhat.com",
"roles": ["user"]
},
{
"username": "admin",
"roles": ["user","admin"]
}
],
"scopeMappings": [
{
"client": "third-party",
@ -154,20 +152,6 @@
}
],
"applicationRoleMappings": {
"account": [
{
"username": "bburke@redhat.com",
"roles": ["manage-account"]
}
],
"realm-management": [
{
"username": "admin",
"roles": ["realm-admin"]
}
]
},
"applicationScopeMappings": {
"realm-management": [
{

22
examples/js-console/example-realm.json
View file

@ -15,8 +15,12 @@
"lastName": "User",
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
"value" : "password" }
],
"realmRoles": [ "user" ],
"applicationRoles": {
"account": ["view-profile", "manage-account"]
}
}
],
"roles" : {
@ -31,12 +35,6 @@
}
]
},
"roleMappings": [
{
"username": "user",
"roles": ["user"]
}
],
"scopeMappings": [
{
"client": "js-console",
@ -57,14 +55,6 @@
]
}
],
"applicationRoleMappings": {
"account": [
{
"username": "user",
"roles": ["view-profile", "manage-account"]
}
]
},
"applicationScopeMappings": {
"account": [
{

20
export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ExportImportUtils.java Normal file
View file

@ -0,0 +1,20 @@
package org.keycloak.exportimport;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.RealmRepresentation;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class ExportImportUtils {
public RealmRepresentation exportRealm(RealmModel realm, boolean includeUsers) {
return null;
}
public RealmRepresentation exportUsers(RealmModel realm, int start, int count) {
return null;
}
}

2
export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ModelImporter.java
View file

@ -243,7 +243,7 @@ public class ModelImporter {
List<UserEntity> users = this.importReader.readEntities(fileName, UserEntity.class);
for (UserEntity userEntity : users) {
RealmModel realm = session.getRealm(userEntity.getRealmId());
UserModel user = realm.addUser(userEntity.getId(), userEntity.getUsername());
UserModel user = realm.addUser(userEntity.getId(), userEntity.getUsername(), false);
// We need to remove defaultRoles here as realm.addUser is automatically adding them. We may add them later during roles mapping processing
for (RoleModel role : user.getRoleMappings()) {

2
model/api/src/main/java/org/keycloak/models/RealmModel.java
View file

@ -116,7 +116,7 @@ public interface RealmModel extends RoleContainerModel {
UserModel getUserById(String name);
UserModel addUser(String id, String username);
UserModel addUser(String id, String username, boolean addDefaultRoles);
UserModel addUser(String username);

4
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java vendored
View file

@ -411,9 +411,9 @@ public class RealmAdapter implements RealmModel {
}
@Override
public UserModel addUser(String id, String username) {
public UserModel addUser(String id, String username, boolean addDefaultRoles) {
getDelegateForUpdate();
return updated.addUser(id, username);
return updated.addUser(id, username, addDefaultRoles);
}
@Override

22
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -456,11 +456,15 @@ public class RealmAdapter implements RealmModel {
@Override
public UserModel addUser(String username) {
return this.addUser(KeycloakModelUtils.generateId(), username);
return this.addUser(KeycloakModelUtils.generateId(), username, true);
}
@Override
public UserModel addUser(String id, String username) {
public UserModel addUser(String id, String username, boolean addDefaultRoles) {
if (id == null) {
id = KeycloakModelUtils.generateId();
}
UserEntity entity = new UserEntity();
entity.setId(id);
entity.setUsername(username);
@ -469,13 +473,15 @@ public class RealmAdapter implements RealmModel {
em.flush();
UserModel userModel = new UserAdapter(this, em, entity);
for (String r : getDefaultRoles()) {
userModel.grantRole(getRole(r));
}
if (addDefaultRoles) {
for (String r : getDefaultRoles()) {
userModel.grantRole(getRole(r));
}
for (ApplicationModel application : getApplications()) {
for (String r : application.getDefaultRoles()) {
userModel.grantRole(application.getRole(r));
for (ApplicationModel application : getApplications()) {
for (String r : application.getDefaultRoles()) {
userModel.grantRole(application.getRole(r));
}
}
}

18
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
View file

@ -481,20 +481,22 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
@Override
public UserAdapter addUser(String username) {
return this.addUser(null, username);
return this.addUser(null, username, true);
}
@Override
public UserAdapter addUser(String id, String username) {
public UserAdapter addUser(String id, String username, boolean addDefaultRoles) {
UserAdapter userModel = addUserEntity(id, username);
for (String r : getDefaultRoles()) {
userModel.grantRole(getRole(r));
}
if (addDefaultRoles) {
for (String r : getDefaultRoles()) {
userModel.grantRole(getRole(r));
}
for (ApplicationModel application : getApplications()) {
for (String r : application.getDefaultRoles()) {
userModel.grantRole(application.getRole(r));
for (ApplicationModel application : getApplications()) {
for (String r : application.getDefaultRoles()) {
userModel.grantRole(application.getRole(r));
}
}
}

6
model/tests/src/test/java/org/keycloak/model/test/ImportTest.java
View file

@ -105,16 +105,14 @@ public class ImportTest extends AbstractModelTest {
// Test role mappings
UserModel admin = realm.getUser("admin");
Set<RoleModel> allRoles = admin.getRoleMappings();
Assert.assertEquals(5, allRoles.size());
Assert.assertEquals(3, allRoles.size());
Assert.assertTrue(allRoles.contains(realm.getRole("admin")));
Assert.assertTrue(allRoles.contains(application.getRole("app-admin")));
Assert.assertTrue(allRoles.contains(otherApp.getRole("otherapp-admin")));
Assert.assertTrue(allRoles.contains(accountApp.getRole(AccountRoles.VIEW_PROFILE)));
Assert.assertTrue(allRoles.contains(accountApp.getRole(AccountRoles.MANAGE_ACCOUNT)));
UserModel wburke = realm.getUser("wburke");
allRoles = wburke.getRoleMappings();
Assert.assertEquals(4, allRoles.size());
Assert.assertEquals(2, allRoles.size());
Assert.assertFalse(allRoles.contains(realm.getRole("admin")));
Assert.assertTrue(allRoles.contains(application.getRole("app-user")));
Assert.assertTrue(allRoles.contains(otherApp.getRole("otherapp-user")));

53
model/tests/src/test/resources/testcomposites.json
View file

@ -21,8 +21,9 @@
"email" : "test-user1@localhost",
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
"value" : "password" }
],
"realmRoles": [ "REALM_COMPOSITE_1" ]
},
{
"username" : "REALM_ROLE_1_USER",
@ -30,8 +31,9 @@
"email" : "test-user2@localhost",
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
"value" : "password" }
],
"realmRoles": [ "REALM_ROLE_1"]
},
{
"username" : "REALM_APP_COMPOSITE_USER",
@ -39,8 +41,9 @@
"email" : "test-user3@localhost",
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
"value" : "password" }
],
"realmRoles": [ "REALM_APP_COMPOSITE_ROLE" ]
},
{
"username" : "REALM_APP_ROLE_USER",
@ -48,8 +51,11 @@
"email" : "test-user4@localhost",
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
"value" : "password" }
],
"applicationRoles": {
"APP_ROLE_APPLICATION": [ "APP_ROLE_2" ]
}
},
{
"username" : "APP_COMPOSITE_USER",
@ -57,8 +63,9 @@
"email" : "test-user5@localhost",
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
"value" : "password" }
],
"realmRoles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"]
}
],
"oauthClients" : [
@ -68,24 +75,6 @@
"secret": "password"
}
],
"roleMappings": [
{
"username": "REALM_COMPOSITE_1_USER",
"roles": ["REALM_COMPOSITE_1"]
},
{
"username": "REALM_ROLE_1_USER",
"roles": ["REALM_ROLE_1"]
},
{
"username": "REALM_APP_COMPOSITE_USER",
"roles": ["REALM_APP_COMPOSITE_ROLE"]
},
{
"username": "APP_COMPOSITE_USER",
"roles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"]
}
],
"scopeMappings": [
{
"client": "REALM_COMPOSITE_1_APPLICATION",
@ -187,14 +176,6 @@
},
"applicationRoleMappings": {
"APP_ROLE_APPLICATION": [
{
"username": "REALM_APP_ROLE_USER",
"roles": ["APP_ROLE_2"]
}
]
},
"applicationScopeMappings": {
"APP_ROLE_APPLICATION": [
{

15
model/tests/src/test/resources/testrealm-demo.json
View file

@ -13,13 +13,12 @@
{
"username" : "bburke@redhat.com",
"enabled": true,
"attributes" : {
"email" : "bburke@redhat.com"
},
"email" : "bburke@redhat.com",
"credentials" : [
{ "type" : "Password",
"value" : "password" }
]
"value" : "password" }
],
"realmRoles": [ "user" ]
}
],
"oauthClients" : [
@ -42,12 +41,6 @@
]
},
"roleMappings": [
{
"username": "bburke@redhat.com",
"roles": ["user"]
}
],
"scopeMappings": [
{
"client": "third-party",

48
model/tests/src/test/resources/testrealm.json
View file

@ -52,7 +52,11 @@
"type": "password",
"value": "userpassword"
}
]
],
"applicationRoles": {
"Application": [ "app-user" ],
"OtherApp": [ "otherapp-user" ]
}
},
{
"username": "loginclient",
@ -72,7 +76,12 @@
"type": "password",
"value": "adminpassword"
}
]
],
"realmRoles": [ "admin" ],
"applicationRoles": {
"Application": [ "app-admin" ],
"OtherApp": [ "otherapp-admin" ]
}
},
{
"username": "mySocialUser",
@ -80,12 +89,7 @@
"authenticationLink": {
"authProvider": "picketlink",
"authUserId": "myUser1"
}
}
],
"socialMappings": [
{
"username": "mySocialUser",
},
"socialLinks": [
{
"socialProvider": "facebook",
@ -148,40 +152,12 @@
]
}
},
"roleMappings": [
{
"username": "admin",
"roles": ["admin"]
}
],
"scopeMappings": [
{
"client": "oauthclient",
"roles": ["admin"]
}
],
"applicationRoleMappings": {
"Application": [
{
"username": "wburke",
"roles": ["app-user"]
},
{
"username": "admin",
"roles": ["app-admin"]
}
],
"OtherApp": [
{
"username": "wburke",
"roles": ["otherapp-user"]
},
{
"username": "admin",
"roles": ["otherapp-admin"]
}
]
},
"applicationScopeMappings": {
"Application": [
{

25
model/tests/src/test/resources/testrealm2.json
View file

@ -20,8 +20,13 @@
"lastName": "Burke",
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
"value" : "password" }
],
"realmRoles": ["user"],
"applicationRoles": {
"account": [ "manage-account" ]
}
}
],
"roles" : {
@ -36,12 +41,6 @@
}
]
},
"roleMappings": [
{
"username": "bburke@redhat.com",
"roles": ["user"]
}
],
"scopeMappings": [
{
"client": "third-party",
@ -87,14 +86,6 @@
],
"secret": "password"
}
],
"applicationRoleMappings": {
"account": [
{
"username": "bburke@redhat.com",
"roles": ["manage-account"]
}
]
}
]
}

44
project-integrations/aerogear-ups/auth-server/src/main/webapp/WEB-INF/testrealm.json
View file

@ -22,7 +22,11 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
],
"realmRoles": [ "user" ],
"applicationRoles": {
"account": [ "manage-account" ]
}
},
{
"username" : "admin",
@ -35,7 +39,13 @@
],
"requiredActions": [
"UPDATE_PASSWORD"
]
],
"realmRoles": [ "user","admin" ],
"applicationRoles": {
"realm-management": [ "realm-admin" ],
"account": [ "manage-account" ]
}
}
],
"roles" : {
@ -50,16 +60,6 @@
}
]
},
"roleMappings": [
{
"username": "bburke@redhat.com",
"roles": ["user"]
},
{
"username": "admin",
"roles": ["user", "admin"]
}
],
"scopeMappings": [
{
"client": "unified-push-server",
@ -77,24 +77,6 @@
"/aerogear-ups/*"
]
}
],
"applicationRoleMappings": {
"account": [
{
"username": "bburke@redhat.com",
"roles": ["manage-account"]
},
{
"username": "admin",
"roles": ["manage-account"]
}
],
"realm-management": [
{
"username": "admin",
"roles": ["realm-admin"]
}
]
}
]
}

17
services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
View file

@ -115,19 +115,18 @@ public class ApplicationManager {
return applicationModel;
}
public void createRoleMappings(RealmModel realm, ApplicationModel applicationModel, List<UserRoleMappingRepresentation> mappings) {
for (UserRoleMappingRepresentation mapping : mappings) {
UserModel user = realm.getUser(mapping.getUsername());
public void createRoleMappings(ApplicationModel applicationModel, UserModel user, List<String> roleNames) {
for (String roleName : roleNames) {
if (user == null) {
throw new RuntimeException("User not found");
}
for (String roleString : mapping.getRoles()) {
RoleModel role = applicationModel.getRole(roleString.trim());
if (role == null) {
role = applicationModel.addRole(roleString.trim());
}
user.grantRole(role);
RoleModel role = applicationModel.getRole(roleName.trim());
if (role == null) {
role = applicationModel.addRole(roleName.trim());
}
user.grantRole(role);
}
}

85
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -29,7 +29,6 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.ScopeMappingRepresentation;
import org.keycloak.representations.idm.SocialLinkRepresentation;
import org.keycloak.representations.idm.SocialMappingRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserRoleMappingRepresentation;
@ -355,8 +354,6 @@ public class RealmManager {
if (rep.getAdminTheme() != null) newRealm.setAdminTheme(rep.getAdminTheme());
if (rep.getEmailTheme() != null) newRealm.setEmailTheme(rep.getEmailTheme());
Map<String, UserModel> userMap = new HashMap<String, UserModel>();
if (rep.getRequiredCredentials() != null) {
for (String requiredCred : rep.getRequiredCredentials()) {
addRequiredCredential(newRealm, requiredCred);
@ -367,13 +364,6 @@ public class RealmManager {
if (rep.getPasswordPolicy() != null) newRealm.setPasswordPolicy(new PasswordPolicy(rep.getPasswordPolicy()));
if (rep.getUsers() != null) {
for (UserRepresentation userRep : rep.getUsers()) {
UserModel user = createUser(newRealm, userRep);
userMap.put(user.getUsername(), user);
}
}
if (rep.getApplications() != null) {
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
}
@ -428,21 +418,11 @@ public class RealmManager {
createOAuthClients(rep, newRealm);
}
// Now that all possible users and applications are created (users, apps, and oauth clients), do role mappings and scope mappings
// Now that all possible roles and applications are created, create scope mappings
Map<String, ApplicationModel> appMap = newRealm.getApplicationNameMap();
if (rep.getApplicationRoleMappings() != null) {
ApplicationManager manager = new ApplicationManager(this);
for (Map.Entry<String, List<UserRoleMappingRepresentation>> entry : rep.getApplicationRoleMappings().entrySet()) {
ApplicationModel app = appMap.get(entry.getKey());
if (app == null) {
throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
}
manager.createRoleMappings(newRealm, app, entry.getValue());
}
}
if (rep.getApplicationScopeMappings() != null) {
ApplicationManager manager = new ApplicationManager(this);
for (Map.Entry<String, List<ScopeMappingRepresentation>> entry : rep.getApplicationScopeMappings().entrySet()) {
@ -454,20 +434,6 @@ public class RealmManager {
}
}
if (rep.getRoleMappings() != null) {
for (UserRoleMappingRepresentation mapping : rep.getRoleMappings()) {
UserModel user = userMap.get(mapping.getUsername());
for (String roleString : mapping.getRoles()) {
RoleModel role = newRealm.getRole(roleString.trim());
if (role == null) {
role = newRealm.addRole(roleString.trim());
}
user.grantRole(role);
}
}
}
if (rep.getScopeMappings() != null) {
for (ScopeMappingRepresentation scope : rep.getScopeMappings()) {
for (String roleString : scope.getRoles()) {
@ -482,16 +448,6 @@ public class RealmManager {
}
}
if (rep.getSocialMappings() != null) {
for (SocialMappingRepresentation socialMapping : rep.getSocialMappings()) {
UserModel user = userMap.get(socialMapping.getUsername());
for (SocialLinkRepresentation link : socialMapping.getSocialLinks()) {
SocialLinkModel mappingModel = new SocialLinkModel(link.getSocialProvider(), link.getSocialUserId(), link.getSocialUsername());
newRealm.addSocialLink(user, mappingModel);
}
}
}
if (rep.getSmtpServer() != null) {
newRealm.setSmtpConfig(new HashMap(rep.getSmtpServer()));
}
@ -510,6 +466,14 @@ public class RealmManager {
List<AuthenticationProviderModel> authProviderModels = Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER);
newRealm.setAuthenticationProviders(authProviderModels);
}
// create users and their role mappings and social mappings
if (rep.getUsers() != null) {
for (UserRepresentation userRep : rep.getUsers()) {
UserModel user = createUser(newRealm, userRep, appMap);
}
}
}
public void addComposites(RoleModel role, RoleRepresentation roleRep, RealmModel realm) {
@ -550,8 +514,8 @@ public class RealmManager {
}
public UserModel createUser(RealmModel newRealm, UserRepresentation userRep) {
UserModel user = newRealm.addUser(userRep.getUsername());
public UserModel createUser(RealmModel newRealm, UserRepresentation userRep, Map<String, ApplicationModel> appMap) {
UserModel user = newRealm.addUser(userRep.getId(), userRep.getUsername(), false);
user.setEnabled(userRep.isEnabled());
user.setEmail(userRep.getEmail());
user.setFirstName(userRep.getFirstName());
@ -577,6 +541,31 @@ public class RealmManager {
AuthenticationLinkModel authLink = new AuthenticationLinkModel(link.getAuthProvider(), link.getAuthUserId());
user.setAuthenticationLink(authLink);
}
if (userRep.getSocialLinks() != null) {
for (SocialLinkRepresentation socialLink : userRep.getSocialLinks()) {
SocialLinkModel mappingModel = new SocialLinkModel(socialLink.getSocialProvider(), socialLink.getSocialUserId(), socialLink.getSocialUsername());
newRealm.addSocialLink(user, mappingModel);
}
}
if (userRep.getRealmRoles() != null) {
for (String roleString : userRep.getRealmRoles()) {
RoleModel role = newRealm.getRole(roleString.trim());
if (role == null) {
role = newRealm.addRole(roleString.trim());
}
user.grantRole(role);
}
}
if (userRep.getApplicationRoles() != null) {
ApplicationManager manager = new ApplicationManager(this);
for (Map.Entry<String, List<String>> entry : userRep.getApplicationRoles().entrySet()) {
ApplicationModel app = appMap.get(entry.getKey());
if (app == null) {
throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
}
manager.createRoleMappings(app, user, entry.getValue());
}
}
return user;
}

23
testsuite/integration/src/test/resources/adapter-test/demorealm-relative.json
View file

@ -21,7 +21,11 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
],
"realmRoles": [ "user" ],
"applicationRoles": {
"account": [ "manage-account" ]
}
}
],
"roles" : {
@ -36,12 +40,6 @@
}
]
},
"roleMappings": [
{
"username": "bburke@redhat.com",
"roles": ["user"]
}
],
"scopeMappings": [
{
"client": "third-party",
@ -107,14 +105,5 @@
],
"secret": "password"
}
],
"applicationRoleMappings": {
"account": [
{
"username": "bburke@redhat.com",
"roles": ["manage-account"]
}
]
}
]
}

23
testsuite/integration/src/test/resources/adapter-test/demorealm.json
View file

@ -22,7 +22,11 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
],
"realmRoles": [ "user" ],
"applicationRoles": {
"account": [ "manage-account" ]
}
}
],
"roles" : {
@ -37,12 +41,6 @@
}
]
},
"roleMappings": [
{
"username": "bburke@redhat.com",
"roles": ["user"]
}
],
"scopeMappings": [
{
"client": "third-party",
@ -109,14 +107,5 @@
],
"secret": "password"
}
],
"applicationRoleMappings": {
"account": [
{
"username": "bburke@redhat.com",
"roles": ["manage-account"]
}
]
}
]
}

22
testsuite/integration/src/test/resources/admin-test/testrealm.json
View file

@ -20,8 +20,12 @@
"email" : "test-user@localhost",
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
"value" : "password" }
],
"realmRoles": [ "test-user@localhost" ],
"applicationRoles": {
"test-app": ["customer-user"]
}
}
],
"oauthClients" : [
@ -34,12 +38,6 @@
"secret": "password"
}
],
"roleMappings": [
{
"username": "test-user@localhost",
"roles": ["user"]
}
],
"scopeMappings": [
{
"client": "third-party",
@ -88,14 +86,6 @@
},
"applicationRoleMappings": {
"test-app": [
{
"username": "test-user@localhost",
"roles": ["customer-user"]
}
]
},
"applicationScopeMappings": {
"test-app": [
{

43
testsuite/integration/src/test/resources/testcomposite.json
View file

@ -22,7 +22,8 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
],
"realmRoles": [ "REALM_COMPOSITE_1" ]
},
{
"username" : "REALM_ROLE_1_USER",
@ -31,7 +32,8 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
],
"realmRoles": ["REALM_ROLE_1"]
},
{
"username" : "REALM_APP_COMPOSITE_USER",
@ -40,7 +42,8 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
],
"realmRoles": ["REALM_APP_COMPOSITE_ROLE"]
},
{
"username" : "REALM_APP_ROLE_USER",
@ -49,7 +52,10 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
],
"applicationRoles": {
"APP_ROLE_APPLICATION": [ "APP_ROLE_2" ]
}
},
{
"username" : "APP_COMPOSITE_USER",
@ -58,7 +64,8 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
],
"realmRoles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"]
}
],
"oauthClients" : [
@ -68,24 +75,6 @@
"secret": "password"
}
],
"roleMappings": [
{
"username": "REALM_COMPOSITE_1_USER",
"roles": ["REALM_COMPOSITE_1"]
},
{
"username": "REALM_ROLE_1_USER",
"roles": ["REALM_ROLE_1"]
},
{
"username": "REALM_APP_COMPOSITE_USER",
"roles": ["REALM_APP_COMPOSITE_ROLE"]
},
{
"username": "APP_COMPOSITE_USER",
"roles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"]
}
],
"scopeMappings": [
{
"client": "REALM_COMPOSITE_1_APPLICATION",
@ -199,14 +188,6 @@
},
"applicationRoleMappings": {
"APP_ROLE_APPLICATION": [
{
"username": "REALM_APP_ROLE_USER",
"roles": ["APP_ROLE_2"]
}
]
},
"applicationScopeMappings": {
"APP_ROLE_APPLICATION": [
{

23
testsuite/integration/src/test/resources/testrealm.json
View file

@ -21,8 +21,13 @@
"email" : "test-user@localhost",
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
"value" : "password" }
],
"realmRoles": ["user"],
"applicationRoles": {
"test-app": [ "customer-user" ],
"account": [ "view-profile", "manage-account" ]
}
}
],
"oauthClients" : [
@ -35,12 +40,6 @@
"secret": "password"
}
],
"roleMappings": [
{
"username": "test-user@localhost",
"roles": ["user"]
}
],
"scopeMappings": [
{
"client": "third-party",
@ -89,14 +88,6 @@
},
"applicationRoleMappings": {
"test-app": [
{
"username": "test-user@localhost",
"roles": ["customer-user"]
}
]
},
"applicationScopeMappings": {
"test-app": [
{

21
testsuite/performance-web/src/main/resources/perfrealm.json
View file

@ -21,7 +21,12 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
]
],
"realmRoles": [ "user" ],
"applicationRoles": {
"perf-app": [ "customer-user" ],
"account": [ "view-account", "manage-account" ]
}
}
],
"oauthClients" : [
@ -34,12 +39,6 @@
"secret": "password"
}
],
"roleMappings": [
{
"username": "test@localhost",
"roles": ["user"]
}
],
"scopeMappings": [
{
"client": "third-party",
@ -102,14 +101,6 @@
},
"applicationRoleMappings": {
"perf-app": [
{
"username": "test@localhost",
"roles": ["customer-user"]
}
]
},
"applicationScopeMappings": {
"perf-app": [
{