From ffc30b4c0315059399041e7723c412c4c6171677 Mon Sep 17 00:00:00 2001 From: mposolda Date: Mon, 7 Jul 2014 20:24:59 +0200 Subject: [PATCH] Changes in representations - adding role mappings under user representation --- .../idm/RealmRepresentation.java | 35 -------- .../idm/SocialMappingRepresentation.java | 44 ---------- .../idm/UserRepresentation.java | 27 ++++++ examples/cordova/example-realm.json | 8 +- examples/cors/cors-realm.json | 22 ++--- examples/demo-template/testrealm.json | 36 +++----- examples/js-console/example-realm.json | 22 ++--- .../exportimport/ExportImportUtils.java | 20 +++++ .../keycloak/exportimport/ModelImporter.java | 2 +- .../java/org/keycloak/models/RealmModel.java | 2 +- .../keycloak/models/cache/RealmAdapter.java | 4 +- .../org/keycloak/models/jpa/RealmAdapter.java | 22 +++-- .../mongo/keycloak/adapters/RealmAdapter.java | 18 ++-- .../org/keycloak/model/test/ImportTest.java | 6 +- .../src/test/resources/testcomposites.json | 53 ++++-------- .../src/test/resources/testrealm-demo.json | 15 +--- model/tests/src/test/resources/testrealm.json | 48 +++-------- .../tests/src/test/resources/testrealm2.json | 25 ++---- .../src/main/webapp/WEB-INF/testrealm.json | 44 +++------- .../services/managers/ApplicationManager.java | 17 ++-- .../services/managers/RealmManager.java | 85 ++++++++----------- .../adapter-test/demorealm-relative.json | 23 ++--- .../resources/adapter-test/demorealm.json | 23 ++--- .../test/resources/admin-test/testrealm.json | 22 ++--- .../src/test/resources/testcomposite.json | 43 +++------- .../src/test/resources/testrealm.json | 23 ++--- .../src/main/resources/perfrealm.json | 21 ++--- 27 files changed, 247 insertions(+), 463 deletions(-) delete mode 100644 core/src/main/java/org/keycloak/representations/idm/SocialMappingRepresentation.java create mode 100644 export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ExportImportUtils.java diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java index 68ba134664..4b5380d8fc 100755 --- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java @@ -44,11 +44,8 @@ public class RealmRepresentation { protected Set requiredCredentials; protected String passwordPolicy; protected List users; - protected List roleMappings; protected List scopeMappings; - protected Map> applicationRoleMappings; protected Map> applicationScopeMappings; - protected List socialMappings; protected List applications; protected List oauthClients; protected Map socialProviders; @@ -151,18 +148,6 @@ public class RealmRepresentation { this.ssoSessionMaxLifespan = ssoSessionMaxLifespan; } - public List getRoleMappings() { - return roleMappings; - } - - public UserRoleMappingRepresentation roleMapping(String username) { - UserRoleMappingRepresentation mapping = new UserRoleMappingRepresentation(); - mapping.setUsername(username); - if (roleMappings == null) roleMappings = new ArrayList(); - roleMappings.add(mapping); - return mapping; - } - public List getScopeMappings() { return scopeMappings; } @@ -175,18 +160,6 @@ public class RealmRepresentation { return mapping; } - public List getSocialMappings() { - return socialMappings; - } - - public SocialMappingRepresentation socialMapping(String username) { - SocialMappingRepresentation mapping = new SocialMappingRepresentation(); - mapping.setUsername(username); - if (socialMappings == null) socialMappings = new ArrayList(); - socialMappings.add(mapping); - return mapping; - } - public Set getRequiredCredentials() { return requiredCredentials; } @@ -339,14 +312,6 @@ public class RealmRepresentation { this.oauthClients = oauthClients; } - public Map> getApplicationRoleMappings() { - return applicationRoleMappings; - } - - public void setApplicationRoleMappings(Map> applicationRoleMappings) { - this.applicationRoleMappings = applicationRoleMappings; - } - public Map> getApplicationScopeMappings() { return applicationScopeMappings; } diff --git a/core/src/main/java/org/keycloak/representations/idm/SocialMappingRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/SocialMappingRepresentation.java deleted file mode 100644 index c4d852c00b..0000000000 --- a/core/src/main/java/org/keycloak/representations/idm/SocialMappingRepresentation.java +++ /dev/null @@ -1,44 +0,0 @@ -package org.keycloak.representations.idm; - -import java.util.ArrayList; -import java.util.List; - -/** - * @author Marek Posolda - */ -public class SocialMappingRepresentation { - - protected String self; // link - protected String username; - protected List socialLinks; - - public String getSelf() { - return self; - } - - public void setSelf(String self) { - this.self = self; - } - - public String getUsername() { - return username; - } - - public void setUsername(String username) { - this.username = username; - } - - public List getSocialLinks() { - return socialLinks; - } - - public SocialLinkRepresentation socialLink(String socialProvider, String socialUserId, String socialUsername) { - SocialLinkRepresentation link = new SocialLinkRepresentation(); - link.setSocialProvider(socialProvider); - link.setSocialUserId(socialUserId); - link.setSocialUsername(socialUsername); - if (socialLinks == null) socialLinks = new ArrayList(); - socialLinks.add(link); - return link; - } -} diff --git a/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java index 43aa368f7a..abc78466f2 100755 --- a/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java @@ -24,6 +24,9 @@ public class UserRepresentation { protected Map attributes; protected List credentials; protected List requiredActions; + protected List socialLinks; + protected List realmRoles; + protected Map> applicationRoles; public String getSelf() { return self; @@ -143,4 +146,28 @@ public class UserRepresentation { public void setRequiredActions(List requiredActions) { this.requiredActions = requiredActions; } + + public List getSocialLinks() { + return socialLinks; + } + + public void setSocialLinks(List socialLinks) { + this.socialLinks = socialLinks; + } + + public List getRealmRoles() { + return realmRoles; + } + + public void setRealmRoles(List realmRoles) { + this.realmRoles = realmRoles; + } + + public Map> getApplicationRoles() { + return applicationRoles; + } + + public void setApplicationRoles(Map> applicationRoles) { + this.applicationRoles = applicationRoles; + } } diff --git a/examples/cordova/example-realm.json b/examples/cordova/example-realm.json index 37e899e2a2..05ad90511a 100755 --- a/examples/cordova/example-realm.json +++ b/examples/cordova/example-realm.json @@ -15,8 +15,12 @@ "lastName": "User", "credentials" : [ { "type" : "password", - "value" : "password" } - ] + "value" : "password" } + ], + "realmRoles": [ "user" ], + "applicationRoles": { + "account": ["view-profile", "manage-account"] + } } ], "roles" : { diff --git a/examples/cors/cors-realm.json b/examples/cors/cors-realm.json index 9b3da42c0a..1dd55035a0 100755 --- a/examples/cors/cors-realm.json +++ b/examples/cors/cors-realm.json @@ -20,8 +20,12 @@ "lastName": "Burke", "credentials" : [ { "type" : "password", - "value" : "password" } - ] + "value" : "password" } + ], + "realmRoles": [ "user" ], + "applicationRoles": { + "realm-management": [ "realm-admin" ] + } } ], "roles" : { @@ -32,12 +36,6 @@ } ] }, - "roleMappings": [ - { - "username": "bburke@redhat.com", - "roles": ["user"] - } - ], "scopeMappings": [ { "client": "angular-product", @@ -58,14 +56,6 @@ ] } ], - "applicationRoleMappings": { - "realm-management": [ - { - "username": "bburke@redhat.com", - "roles": ["realm-admin"] - } - ] - }, "applicationScopeMappings": { "realm-management": [ { diff --git a/examples/demo-template/testrealm.json b/examples/demo-template/testrealm.json index f4ff956604..f3213334d6 100755 --- a/examples/demo-template/testrealm.json +++ b/examples/demo-template/testrealm.json @@ -24,7 +24,11 @@ "credentials" : [ { "type" : "password", "value" : "password" } - ] + ], + "realmRoles": [ "user" ], + "applicationRoles": { + "account": [ "manage-account" ] + } }, { "username" : "admin", @@ -35,7 +39,11 @@ "credentials" : [ { "type" : "password", "value" : "password" } - ] + ], + "realmRoles": [ "user","admin" ], + "applicationRoles": { + "realm-management": [ "realm-admin" ] + } } ], "roles" : { @@ -50,16 +58,6 @@ } ] }, - "roleMappings": [ - { - "username": "bburke@redhat.com", - "roles": ["user"] - }, - { - "username": "admin", - "roles": ["user","admin"] - } - ], "scopeMappings": [ { "client": "third-party", @@ -154,20 +152,6 @@ } ], - "applicationRoleMappings": { - "account": [ - { - "username": "bburke@redhat.com", - "roles": ["manage-account"] - } - ], - "realm-management": [ - { - "username": "admin", - "roles": ["realm-admin"] - } - ] - }, "applicationScopeMappings": { "realm-management": [ { diff --git a/examples/js-console/example-realm.json b/examples/js-console/example-realm.json index 42d291e008..ab43028824 100755 --- a/examples/js-console/example-realm.json +++ b/examples/js-console/example-realm.json @@ -15,8 +15,12 @@ "lastName": "User", "credentials" : [ { "type" : "password", - "value" : "password" } - ] + "value" : "password" } + ], + "realmRoles": [ "user" ], + "applicationRoles": { + "account": ["view-profile", "manage-account"] + } } ], "roles" : { @@ -31,12 +35,6 @@ } ] }, - "roleMappings": [ - { - "username": "user", - "roles": ["user"] - } - ], "scopeMappings": [ { "client": "js-console", @@ -57,14 +55,6 @@ ] } ], - "applicationRoleMappings": { - "account": [ - { - "username": "user", - "roles": ["view-profile", "manage-account"] - } - ] - }, "applicationScopeMappings": { "account": [ { diff --git a/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ExportImportUtils.java b/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ExportImportUtils.java new file mode 100644 index 0000000000..cbdf36de15 --- /dev/null +++ b/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ExportImportUtils.java @@ -0,0 +1,20 @@ +package org.keycloak.exportimport; + +import org.keycloak.models.RealmModel; +import org.keycloak.representations.idm.RealmRepresentation; + +/** + * @author Marek Posolda + */ +public class ExportImportUtils { + + public RealmRepresentation exportRealm(RealmModel realm, boolean includeUsers) { + + return null; + } + + public RealmRepresentation exportUsers(RealmModel realm, int start, int count) { + + return null; + } +} diff --git a/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ModelImporter.java b/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ModelImporter.java index c187bb85eb..697aab7476 100755 --- a/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ModelImporter.java +++ b/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ModelImporter.java @@ -243,7 +243,7 @@ public class ModelImporter { List users = this.importReader.readEntities(fileName, UserEntity.class); for (UserEntity userEntity : users) { RealmModel realm = session.getRealm(userEntity.getRealmId()); - UserModel user = realm.addUser(userEntity.getId(), userEntity.getUsername()); + UserModel user = realm.addUser(userEntity.getId(), userEntity.getUsername(), false); // We need to remove defaultRoles here as realm.addUser is automatically adding them. We may add them later during roles mapping processing for (RoleModel role : user.getRoleMappings()) { diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java index f669968ba0..7106454aec 100755 --- a/model/api/src/main/java/org/keycloak/models/RealmModel.java +++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java @@ -116,7 +116,7 @@ public interface RealmModel extends RoleContainerModel { UserModel getUserById(String name); - UserModel addUser(String id, String username); + UserModel addUser(String id, String username, boolean addDefaultRoles); UserModel addUser(String username); diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java index 2b7a41e7fe..2c973f3c16 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java @@ -411,9 +411,9 @@ public class RealmAdapter implements RealmModel { } @Override - public UserModel addUser(String id, String username) { + public UserModel addUser(String id, String username, boolean addDefaultRoles) { getDelegateForUpdate(); - return updated.addUser(id, username); + return updated.addUser(id, username, addDefaultRoles); } @Override diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java index 390dea4854..23602ec49c 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java @@ -456,11 +456,15 @@ public class RealmAdapter implements RealmModel { @Override public UserModel addUser(String username) { - return this.addUser(KeycloakModelUtils.generateId(), username); + return this.addUser(KeycloakModelUtils.generateId(), username, true); } @Override - public UserModel addUser(String id, String username) { + public UserModel addUser(String id, String username, boolean addDefaultRoles) { + if (id == null) { + id = KeycloakModelUtils.generateId(); + } + UserEntity entity = new UserEntity(); entity.setId(id); entity.setUsername(username); @@ -469,13 +473,15 @@ public class RealmAdapter implements RealmModel { em.flush(); UserModel userModel = new UserAdapter(this, em, entity); - for (String r : getDefaultRoles()) { - userModel.grantRole(getRole(r)); - } + if (addDefaultRoles) { + for (String r : getDefaultRoles()) { + userModel.grantRole(getRole(r)); + } - for (ApplicationModel application : getApplications()) { - for (String r : application.getDefaultRoles()) { - userModel.grantRole(application.getRole(r)); + for (ApplicationModel application : getApplications()) { + for (String r : application.getDefaultRoles()) { + userModel.grantRole(application.getRole(r)); + } } } diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java index 0b75af0f0d..50886e77a7 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java @@ -481,20 +481,22 @@ public class RealmAdapter extends AbstractMongoAdapter impleme @Override public UserAdapter addUser(String username) { - return this.addUser(null, username); + return this.addUser(null, username, true); } @Override - public UserAdapter addUser(String id, String username) { + public UserAdapter addUser(String id, String username, boolean addDefaultRoles) { UserAdapter userModel = addUserEntity(id, username); - for (String r : getDefaultRoles()) { - userModel.grantRole(getRole(r)); - } + if (addDefaultRoles) { + for (String r : getDefaultRoles()) { + userModel.grantRole(getRole(r)); + } - for (ApplicationModel application : getApplications()) { - for (String r : application.getDefaultRoles()) { - userModel.grantRole(application.getRole(r)); + for (ApplicationModel application : getApplications()) { + for (String r : application.getDefaultRoles()) { + userModel.grantRole(application.getRole(r)); + } } } diff --git a/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java b/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java index dd7d12e63d..a2a0c394e7 100755 --- a/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java @@ -105,16 +105,14 @@ public class ImportTest extends AbstractModelTest { // Test role mappings UserModel admin = realm.getUser("admin"); Set allRoles = admin.getRoleMappings(); - Assert.assertEquals(5, allRoles.size()); + Assert.assertEquals(3, allRoles.size()); Assert.assertTrue(allRoles.contains(realm.getRole("admin"))); Assert.assertTrue(allRoles.contains(application.getRole("app-admin"))); Assert.assertTrue(allRoles.contains(otherApp.getRole("otherapp-admin"))); - Assert.assertTrue(allRoles.contains(accountApp.getRole(AccountRoles.VIEW_PROFILE))); - Assert.assertTrue(allRoles.contains(accountApp.getRole(AccountRoles.MANAGE_ACCOUNT))); UserModel wburke = realm.getUser("wburke"); allRoles = wburke.getRoleMappings(); - Assert.assertEquals(4, allRoles.size()); + Assert.assertEquals(2, allRoles.size()); Assert.assertFalse(allRoles.contains(realm.getRole("admin"))); Assert.assertTrue(allRoles.contains(application.getRole("app-user"))); Assert.assertTrue(allRoles.contains(otherApp.getRole("otherapp-user"))); diff --git a/model/tests/src/test/resources/testcomposites.json b/model/tests/src/test/resources/testcomposites.json index 9b0878447e..4a851b514f 100755 --- a/model/tests/src/test/resources/testcomposites.json +++ b/model/tests/src/test/resources/testcomposites.json @@ -21,8 +21,9 @@ "email" : "test-user1@localhost", "credentials" : [ { "type" : "password", - "value" : "password" } - ] + "value" : "password" } + ], + "realmRoles": [ "REALM_COMPOSITE_1" ] }, { "username" : "REALM_ROLE_1_USER", @@ -30,8 +31,9 @@ "email" : "test-user2@localhost", "credentials" : [ { "type" : "password", - "value" : "password" } - ] + "value" : "password" } + ], + "realmRoles": [ "REALM_ROLE_1"] }, { "username" : "REALM_APP_COMPOSITE_USER", @@ -39,8 +41,9 @@ "email" : "test-user3@localhost", "credentials" : [ { "type" : "password", - "value" : "password" } - ] + "value" : "password" } + ], + "realmRoles": [ "REALM_APP_COMPOSITE_ROLE" ] }, { "username" : "REALM_APP_ROLE_USER", @@ -48,8 +51,11 @@ "email" : "test-user4@localhost", "credentials" : [ { "type" : "password", - "value" : "password" } - ] + "value" : "password" } + ], + "applicationRoles": { + "APP_ROLE_APPLICATION": [ "APP_ROLE_2" ] + } }, { "username" : "APP_COMPOSITE_USER", @@ -57,8 +63,9 @@ "email" : "test-user5@localhost", "credentials" : [ { "type" : "password", - "value" : "password" } - ] + "value" : "password" } + ], + "realmRoles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"] } ], "oauthClients" : [ @@ -68,24 +75,6 @@ "secret": "password" } ], - "roleMappings": [ - { - "username": "REALM_COMPOSITE_1_USER", - "roles": ["REALM_COMPOSITE_1"] - }, - { - "username": "REALM_ROLE_1_USER", - "roles": ["REALM_ROLE_1"] - }, - { - "username": "REALM_APP_COMPOSITE_USER", - "roles": ["REALM_APP_COMPOSITE_ROLE"] - }, - { - "username": "APP_COMPOSITE_USER", - "roles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"] - } - ], "scopeMappings": [ { "client": "REALM_COMPOSITE_1_APPLICATION", @@ -187,14 +176,6 @@ }, - "applicationRoleMappings": { - "APP_ROLE_APPLICATION": [ - { - "username": "REALM_APP_ROLE_USER", - "roles": ["APP_ROLE_2"] - } - ] - }, "applicationScopeMappings": { "APP_ROLE_APPLICATION": [ { diff --git a/model/tests/src/test/resources/testrealm-demo.json b/model/tests/src/test/resources/testrealm-demo.json index 90d348c13c..5d5d828d1e 100755 --- a/model/tests/src/test/resources/testrealm-demo.json +++ b/model/tests/src/test/resources/testrealm-demo.json @@ -13,13 +13,12 @@ { "username" : "bburke@redhat.com", "enabled": true, - "attributes" : { - "email" : "bburke@redhat.com" - }, + "email" : "bburke@redhat.com", "credentials" : [ { "type" : "Password", - "value" : "password" } - ] + "value" : "password" } + ], + "realmRoles": [ "user" ] } ], "oauthClients" : [ @@ -42,12 +41,6 @@ ] }, - "roleMappings": [ - { - "username": "bburke@redhat.com", - "roles": ["user"] - } - ], "scopeMappings": [ { "client": "third-party", diff --git a/model/tests/src/test/resources/testrealm.json b/model/tests/src/test/resources/testrealm.json index 4ab4ebf15e..1e9ff544ac 100755 --- a/model/tests/src/test/resources/testrealm.json +++ b/model/tests/src/test/resources/testrealm.json @@ -52,7 +52,11 @@ "type": "password", "value": "userpassword" } - ] + ], + "applicationRoles": { + "Application": [ "app-user" ], + "OtherApp": [ "otherapp-user" ] + } }, { "username": "loginclient", @@ -72,7 +76,12 @@ "type": "password", "value": "adminpassword" } - ] + ], + "realmRoles": [ "admin" ], + "applicationRoles": { + "Application": [ "app-admin" ], + "OtherApp": [ "otherapp-admin" ] + } }, { "username": "mySocialUser", @@ -80,12 +89,7 @@ "authenticationLink": { "authProvider": "picketlink", "authUserId": "myUser1" - } - } - ], - "socialMappings": [ - { - "username": "mySocialUser", + }, "socialLinks": [ { "socialProvider": "facebook", @@ -148,40 +152,12 @@ ] } }, - "roleMappings": [ - { - "username": "admin", - "roles": ["admin"] - } - ], "scopeMappings": [ { "client": "oauthclient", "roles": ["admin"] } ], - "applicationRoleMappings": { - "Application": [ - { - "username": "wburke", - "roles": ["app-user"] - }, - { - "username": "admin", - "roles": ["app-admin"] - } - ], - "OtherApp": [ - { - "username": "wburke", - "roles": ["otherapp-user"] - }, - { - "username": "admin", - "roles": ["otherapp-admin"] - } - ] - }, "applicationScopeMappings": { "Application": [ { diff --git a/model/tests/src/test/resources/testrealm2.json b/model/tests/src/test/resources/testrealm2.json index ff9e3bcc67..08073c10a6 100755 --- a/model/tests/src/test/resources/testrealm2.json +++ b/model/tests/src/test/resources/testrealm2.json @@ -20,8 +20,13 @@ "lastName": "Burke", "credentials" : [ { "type" : "password", - "value" : "password" } - ] + "value" : "password" } + ], + "realmRoles": ["user"], + "applicationRoles": { + "account": [ "manage-account" ] + } + } ], "roles" : { @@ -36,12 +41,6 @@ } ] }, - "roleMappings": [ - { - "username": "bburke@redhat.com", - "roles": ["user"] - } - ], "scopeMappings": [ { "client": "third-party", @@ -87,14 +86,6 @@ ], "secret": "password" } - ], - "applicationRoleMappings": { - "account": [ - { - "username": "bburke@redhat.com", - "roles": ["manage-account"] - } - ] - } + ] } diff --git a/project-integrations/aerogear-ups/auth-server/src/main/webapp/WEB-INF/testrealm.json b/project-integrations/aerogear-ups/auth-server/src/main/webapp/WEB-INF/testrealm.json index 7243991277..5b442b0b14 100755 --- a/project-integrations/aerogear-ups/auth-server/src/main/webapp/WEB-INF/testrealm.json +++ b/project-integrations/aerogear-ups/auth-server/src/main/webapp/WEB-INF/testrealm.json @@ -22,7 +22,11 @@ "credentials" : [ { "type" : "password", "value" : "password" } - ] + ], + "realmRoles": [ "user" ], + "applicationRoles": { + "account": [ "manage-account" ] + } }, { "username" : "admin", @@ -35,7 +39,13 @@ ], "requiredActions": [ "UPDATE_PASSWORD" - ] + ], + "realmRoles": [ "user","admin" ], + "applicationRoles": { + "realm-management": [ "realm-admin" ], + "account": [ "manage-account" ] + } + } ], "roles" : { @@ -50,16 +60,6 @@ } ] }, - "roleMappings": [ - { - "username": "bburke@redhat.com", - "roles": ["user"] - }, - { - "username": "admin", - "roles": ["user", "admin"] - } - ], "scopeMappings": [ { "client": "unified-push-server", @@ -77,24 +77,6 @@ "/aerogear-ups/*" ] } - ], - "applicationRoleMappings": { - "account": [ - { - "username": "bburke@redhat.com", - "roles": ["manage-account"] - }, - { - "username": "admin", - "roles": ["manage-account"] - } - ], - "realm-management": [ - { - "username": "admin", - "roles": ["realm-admin"] - } - ] - } + ] } diff --git a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java index af861d4d27..49a1ab5f99 100755 --- a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java @@ -115,19 +115,18 @@ public class ApplicationManager { return applicationModel; } - public void createRoleMappings(RealmModel realm, ApplicationModel applicationModel, List mappings) { - for (UserRoleMappingRepresentation mapping : mappings) { - UserModel user = realm.getUser(mapping.getUsername()); + public void createRoleMappings(ApplicationModel applicationModel, UserModel user, List roleNames) { + for (String roleName : roleNames) { if (user == null) { throw new RuntimeException("User not found"); } - for (String roleString : mapping.getRoles()) { - RoleModel role = applicationModel.getRole(roleString.trim()); - if (role == null) { - role = applicationModel.addRole(roleString.trim()); - } - user.grantRole(role); + + RoleModel role = applicationModel.getRole(roleName.trim()); + if (role == null) { + role = applicationModel.addRole(roleName.trim()); } + user.grantRole(role); + } } diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index aba62335cd..fd2c61fc0d 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -29,7 +29,6 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.ScopeMappingRepresentation; import org.keycloak.representations.idm.SocialLinkRepresentation; -import org.keycloak.representations.idm.SocialMappingRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRoleMappingRepresentation; @@ -355,8 +354,6 @@ public class RealmManager { if (rep.getAdminTheme() != null) newRealm.setAdminTheme(rep.getAdminTheme()); if (rep.getEmailTheme() != null) newRealm.setEmailTheme(rep.getEmailTheme()); - Map userMap = new HashMap(); - if (rep.getRequiredCredentials() != null) { for (String requiredCred : rep.getRequiredCredentials()) { addRequiredCredential(newRealm, requiredCred); @@ -367,13 +364,6 @@ public class RealmManager { if (rep.getPasswordPolicy() != null) newRealm.setPasswordPolicy(new PasswordPolicy(rep.getPasswordPolicy())); - if (rep.getUsers() != null) { - for (UserRepresentation userRep : rep.getUsers()) { - UserModel user = createUser(newRealm, userRep); - userMap.put(user.getUsername(), user); - } - } - if (rep.getApplications() != null) { Map appMap = createApplications(rep, newRealm); } @@ -428,21 +418,11 @@ public class RealmManager { createOAuthClients(rep, newRealm); } - // Now that all possible users and applications are created (users, apps, and oauth clients), do role mappings and scope mappings + + // Now that all possible roles and applications are created, create scope mappings Map appMap = newRealm.getApplicationNameMap(); - if (rep.getApplicationRoleMappings() != null) { - ApplicationManager manager = new ApplicationManager(this); - for (Map.Entry> entry : rep.getApplicationRoleMappings().entrySet()) { - ApplicationModel app = appMap.get(entry.getKey()); - if (app == null) { - throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey()); - } - manager.createRoleMappings(newRealm, app, entry.getValue()); - } - } - if (rep.getApplicationScopeMappings() != null) { ApplicationManager manager = new ApplicationManager(this); for (Map.Entry> entry : rep.getApplicationScopeMappings().entrySet()) { @@ -454,20 +434,6 @@ public class RealmManager { } } - - if (rep.getRoleMappings() != null) { - for (UserRoleMappingRepresentation mapping : rep.getRoleMappings()) { - UserModel user = userMap.get(mapping.getUsername()); - for (String roleString : mapping.getRoles()) { - RoleModel role = newRealm.getRole(roleString.trim()); - if (role == null) { - role = newRealm.addRole(roleString.trim()); - } - user.grantRole(role); - } - } - } - if (rep.getScopeMappings() != null) { for (ScopeMappingRepresentation scope : rep.getScopeMappings()) { for (String roleString : scope.getRoles()) { @@ -482,16 +448,6 @@ public class RealmManager { } } - if (rep.getSocialMappings() != null) { - for (SocialMappingRepresentation socialMapping : rep.getSocialMappings()) { - UserModel user = userMap.get(socialMapping.getUsername()); - for (SocialLinkRepresentation link : socialMapping.getSocialLinks()) { - SocialLinkModel mappingModel = new SocialLinkModel(link.getSocialProvider(), link.getSocialUserId(), link.getSocialUsername()); - newRealm.addSocialLink(user, mappingModel); - } - } - } - if (rep.getSmtpServer() != null) { newRealm.setSmtpConfig(new HashMap(rep.getSmtpServer())); } @@ -510,6 +466,14 @@ public class RealmManager { List authProviderModels = Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER); newRealm.setAuthenticationProviders(authProviderModels); } + + // create users and their role mappings and social mappings + + if (rep.getUsers() != null) { + for (UserRepresentation userRep : rep.getUsers()) { + UserModel user = createUser(newRealm, userRep, appMap); + } + } } public void addComposites(RoleModel role, RoleRepresentation roleRep, RealmModel realm) { @@ -550,8 +514,8 @@ public class RealmManager { } - public UserModel createUser(RealmModel newRealm, UserRepresentation userRep) { - UserModel user = newRealm.addUser(userRep.getUsername()); + public UserModel createUser(RealmModel newRealm, UserRepresentation userRep, Map appMap) { + UserModel user = newRealm.addUser(userRep.getId(), userRep.getUsername(), false); user.setEnabled(userRep.isEnabled()); user.setEmail(userRep.getEmail()); user.setFirstName(userRep.getFirstName()); @@ -577,6 +541,31 @@ public class RealmManager { AuthenticationLinkModel authLink = new AuthenticationLinkModel(link.getAuthProvider(), link.getAuthUserId()); user.setAuthenticationLink(authLink); } + if (userRep.getSocialLinks() != null) { + for (SocialLinkRepresentation socialLink : userRep.getSocialLinks()) { + SocialLinkModel mappingModel = new SocialLinkModel(socialLink.getSocialProvider(), socialLink.getSocialUserId(), socialLink.getSocialUsername()); + newRealm.addSocialLink(user, mappingModel); + } + } + if (userRep.getRealmRoles() != null) { + for (String roleString : userRep.getRealmRoles()) { + RoleModel role = newRealm.getRole(roleString.trim()); + if (role == null) { + role = newRealm.addRole(roleString.trim()); + } + user.grantRole(role); + } + } + if (userRep.getApplicationRoles() != null) { + ApplicationManager manager = new ApplicationManager(this); + for (Map.Entry> entry : userRep.getApplicationRoles().entrySet()) { + ApplicationModel app = appMap.get(entry.getKey()); + if (app == null) { + throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey()); + } + manager.createRoleMappings(app, user, entry.getValue()); + } + } return user; } diff --git a/testsuite/integration/src/test/resources/adapter-test/demorealm-relative.json b/testsuite/integration/src/test/resources/adapter-test/demorealm-relative.json index 80132e0093..c1855c65f7 100755 --- a/testsuite/integration/src/test/resources/adapter-test/demorealm-relative.json +++ b/testsuite/integration/src/test/resources/adapter-test/demorealm-relative.json @@ -21,7 +21,11 @@ "credentials" : [ { "type" : "password", "value" : "password" } - ] + ], + "realmRoles": [ "user" ], + "applicationRoles": { + "account": [ "manage-account" ] + } } ], "roles" : { @@ -36,12 +40,6 @@ } ] }, - "roleMappings": [ - { - "username": "bburke@redhat.com", - "roles": ["user"] - } - ], "scopeMappings": [ { "client": "third-party", @@ -107,14 +105,5 @@ ], "secret": "password" } - ], - "applicationRoleMappings": { - "account": [ - { - "username": "bburke@redhat.com", - "roles": ["manage-account"] - } - ] - } - + ] } diff --git a/testsuite/integration/src/test/resources/adapter-test/demorealm.json b/testsuite/integration/src/test/resources/adapter-test/demorealm.json index d27b3ece6c..68b3c6df92 100755 --- a/testsuite/integration/src/test/resources/adapter-test/demorealm.json +++ b/testsuite/integration/src/test/resources/adapter-test/demorealm.json @@ -22,7 +22,11 @@ "credentials" : [ { "type" : "password", "value" : "password" } - ] + ], + "realmRoles": [ "user" ], + "applicationRoles": { + "account": [ "manage-account" ] + } } ], "roles" : { @@ -37,12 +41,6 @@ } ] }, - "roleMappings": [ - { - "username": "bburke@redhat.com", - "roles": ["user"] - } - ], "scopeMappings": [ { "client": "third-party", @@ -109,14 +107,5 @@ ], "secret": "password" } - ], - "applicationRoleMappings": { - "account": [ - { - "username": "bburke@redhat.com", - "roles": ["manage-account"] - } - ] - } - + ] } diff --git a/testsuite/integration/src/test/resources/admin-test/testrealm.json b/testsuite/integration/src/test/resources/admin-test/testrealm.json index b703f751c2..b83c437346 100755 --- a/testsuite/integration/src/test/resources/admin-test/testrealm.json +++ b/testsuite/integration/src/test/resources/admin-test/testrealm.json @@ -20,8 +20,12 @@ "email" : "test-user@localhost", "credentials" : [ { "type" : "password", - "value" : "password" } - ] + "value" : "password" } + ], + "realmRoles": [ "test-user@localhost" ], + "applicationRoles": { + "test-app": ["customer-user"] + } } ], "oauthClients" : [ @@ -34,12 +38,6 @@ "secret": "password" } ], - "roleMappings": [ - { - "username": "test-user@localhost", - "roles": ["user"] - } - ], "scopeMappings": [ { "client": "third-party", @@ -88,14 +86,6 @@ }, - "applicationRoleMappings": { - "test-app": [ - { - "username": "test-user@localhost", - "roles": ["customer-user"] - } - ] - }, "applicationScopeMappings": { "test-app": [ { diff --git a/testsuite/integration/src/test/resources/testcomposite.json b/testsuite/integration/src/test/resources/testcomposite.json index 6e01de3dd0..4b5e4c57aa 100755 --- a/testsuite/integration/src/test/resources/testcomposite.json +++ b/testsuite/integration/src/test/resources/testcomposite.json @@ -22,7 +22,8 @@ "credentials" : [ { "type" : "password", "value" : "password" } - ] + ], + "realmRoles": [ "REALM_COMPOSITE_1" ] }, { "username" : "REALM_ROLE_1_USER", @@ -31,7 +32,8 @@ "credentials" : [ { "type" : "password", "value" : "password" } - ] + ], + "realmRoles": ["REALM_ROLE_1"] }, { "username" : "REALM_APP_COMPOSITE_USER", @@ -40,7 +42,8 @@ "credentials" : [ { "type" : "password", "value" : "password" } - ] + ], + "realmRoles": ["REALM_APP_COMPOSITE_ROLE"] }, { "username" : "REALM_APP_ROLE_USER", @@ -49,7 +52,10 @@ "credentials" : [ { "type" : "password", "value" : "password" } - ] + ], + "applicationRoles": { + "APP_ROLE_APPLICATION": [ "APP_ROLE_2" ] + } }, { "username" : "APP_COMPOSITE_USER", @@ -58,7 +64,8 @@ "credentials" : [ { "type" : "password", "value" : "password" } - ] + ], + "realmRoles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"] } ], "oauthClients" : [ @@ -68,24 +75,6 @@ "secret": "password" } ], - "roleMappings": [ - { - "username": "REALM_COMPOSITE_1_USER", - "roles": ["REALM_COMPOSITE_1"] - }, - { - "username": "REALM_ROLE_1_USER", - "roles": ["REALM_ROLE_1"] - }, - { - "username": "REALM_APP_COMPOSITE_USER", - "roles": ["REALM_APP_COMPOSITE_ROLE"] - }, - { - "username": "APP_COMPOSITE_USER", - "roles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"] - } - ], "scopeMappings": [ { "client": "REALM_COMPOSITE_1_APPLICATION", @@ -199,14 +188,6 @@ }, - "applicationRoleMappings": { - "APP_ROLE_APPLICATION": [ - { - "username": "REALM_APP_ROLE_USER", - "roles": ["APP_ROLE_2"] - } - ] - }, "applicationScopeMappings": { "APP_ROLE_APPLICATION": [ { diff --git a/testsuite/integration/src/test/resources/testrealm.json b/testsuite/integration/src/test/resources/testrealm.json index 8c889e0d9b..b937db3126 100755 --- a/testsuite/integration/src/test/resources/testrealm.json +++ b/testsuite/integration/src/test/resources/testrealm.json @@ -21,8 +21,13 @@ "email" : "test-user@localhost", "credentials" : [ { "type" : "password", - "value" : "password" } - ] + "value" : "password" } + ], + "realmRoles": ["user"], + "applicationRoles": { + "test-app": [ "customer-user" ], + "account": [ "view-profile", "manage-account" ] + } } ], "oauthClients" : [ @@ -35,12 +40,6 @@ "secret": "password" } ], - "roleMappings": [ - { - "username": "test-user@localhost", - "roles": ["user"] - } - ], "scopeMappings": [ { "client": "third-party", @@ -89,14 +88,6 @@ }, - "applicationRoleMappings": { - "test-app": [ - { - "username": "test-user@localhost", - "roles": ["customer-user"] - } - ] - }, "applicationScopeMappings": { "test-app": [ { diff --git a/testsuite/performance-web/src/main/resources/perfrealm.json b/testsuite/performance-web/src/main/resources/perfrealm.json index 78d31ea3e4..dc4c959b57 100644 --- a/testsuite/performance-web/src/main/resources/perfrealm.json +++ b/testsuite/performance-web/src/main/resources/perfrealm.json @@ -21,7 +21,12 @@ "credentials" : [ { "type" : "password", "value" : "password" } - ] + ], + "realmRoles": [ "user" ], + "applicationRoles": { + "perf-app": [ "customer-user" ], + "account": [ "view-account", "manage-account" ] + } } ], "oauthClients" : [ @@ -34,12 +39,6 @@ "secret": "password" } ], - "roleMappings": [ - { - "username": "test@localhost", - "roles": ["user"] - } - ], "scopeMappings": [ { "client": "third-party", @@ -102,14 +101,6 @@ }, - "applicationRoleMappings": { - "perf-app": [ - { - "username": "test@localhost", - "roles": ["customer-user"] - } - ] - }, "applicationScopeMappings": { "perf-app": [ {