keycloak-memoizeit
Changes
services/src/main/java/org/keycloak/services/models/picketlink/relationships/OAuthClientRequiredCredentialRelationship.java 8(+8 -0)
services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRelationship.java 1(+1 -0)
services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRequiredCredentialRelationship.java 8(+8 -0)
services/src/test/resources/testrealm.json 18(+17 -1)
Details
diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
index 0fedfad..896c1c9 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -21,6 +21,8 @@ public class RealmRepresentation {
protected String publicKey;
protected List<RoleRepresentation> roles;
protected List<RequiredCredentialRepresentation> requiredCredentials;
+ protected List<RequiredCredentialRepresentation> requiredResourceCredentials;
+ protected List<RequiredCredentialRepresentation> requiredOAuthClientCredentials;
protected List<UserRepresentation> users;
protected List<RoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings;
@@ -147,6 +149,22 @@ public class RealmRepresentation {
this.requiredCredentials = requiredCredentials;
}
+ public List<RequiredCredentialRepresentation> getRequiredResourceCredentials() {
+ return requiredResourceCredentials;
+ }
+
+ public void setRequiredResourceCredentials(List<RequiredCredentialRepresentation> requiredResourceCredentials) {
+ this.requiredResourceCredentials = requiredResourceCredentials;
+ }
+
+ public List<RequiredCredentialRepresentation> getRequiredOAuthClientCredentials() {
+ return requiredOAuthClientCredentials;
+ }
+
+ public void setRequiredOAuthClientCredentials(List<RequiredCredentialRepresentation> requiredOAuthClientCredentials) {
+ this.requiredOAuthClientCredentials = requiredOAuthClientCredentials;
+ }
+
public int getAccessCodeLifespan() {
return accessCodeLifespan;
}
diff --git a/core/src/main/java/org/keycloak/representations/idm/ResourceRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/ResourceRepresentation.java
index 84d499f..6cf9de6 100755
--- a/core/src/main/java/org/keycloak/representations/idm/ResourceRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/ResourceRepresentation.java
@@ -11,10 +11,12 @@ import java.util.Set;
*/
public class ResourceRepresentation {
protected String self; // link
+ protected String id;
protected String name;
protected String adminUrl;
protected boolean surrogateAuthRequired;
protected boolean useRealmMappings;
+ protected boolean enabled;
protected List<CredentialRepresentation> credentials;
protected List<RoleRepresentation> roles;
protected List<RoleMappingRepresentation> roleMappings;
@@ -28,6 +30,14 @@ public class ResourceRepresentation {
this.self = self;
}
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
public String getName() {
return name;
}
@@ -36,6 +46,14 @@ public class ResourceRepresentation {
this.name = name;
}
+ public boolean isEnabled() {
+ return enabled;
+ }
+
+ public void setEnabled(boolean enabled) {
+ this.enabled = enabled;
+ }
+
public boolean isSurrogateAuthRequired() {
return surrogateAuthRequired;
}
@@ -52,6 +70,13 @@ public class ResourceRepresentation {
this.roles = roles;
}
+ public ResourceRepresentation role(RoleRepresentation role) {
+ if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
+ this.roles.add(role);
+ return this;
+ }
+
+
public ResourceRepresentation role(String role, String description) {
if (this.roles == null) this.roles = new ArrayList<RoleRepresentation>();
this.roles.add(new RoleRepresentation(role, description));
diff --git a/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json b/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
index b81aad6..642af04 100755
--- a/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
+++ b/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
@@ -14,6 +14,20 @@
"secret" : true
}
],
+ "requiredResourceCredentials" : [
+ {
+ "type" : "Password",
+ "input" : true,
+ "secret" : true
+ }
+ ],
+ "requiredOAuthClientCredentials" : [
+ {
+ "type" : "Password",
+ "input" : true,
+ "secret" : true
+ }
+ ],
"users" : [
{
"username" : "bburke@redhat.com",
@@ -58,6 +72,7 @@
"resources" : [
{
"name" : "customer-portal",
+ "enabled" : true,
"adminUrl" : "http://localhost:8080/customer-portal/j_admin_request",
"useRealmMappings" : true,
"credentials" : [
@@ -67,6 +82,7 @@
},
{
"name" : "product-portal",
+ "enabled" : true,
"adminUrl" : "http://localhost:8080/product-portal/j_admin_request",
"useRealmMappings" : true,
"credentials" : [
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
index a3ed7c2..c8474fd 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
@@ -4,6 +4,7 @@ var module = angular.module('keycloak.controllers', [ 'keycloak.services' ]);
var realmslist = {};
+
module.controller('GlobalCtrl', function($scope, $http, Auth, $location, Notifications) {
$scope.addMessage = function() {
Notifications.success("test");
@@ -152,20 +153,30 @@ module.controller('ApplicationDetailCtrl', function($scope, application, Applica
});
-module.controller('RealmListCtrl', function($scope, Realm) {
+module.controller('RealmListCtrl', function($scope, Realm, Current) {
$scope.realms = Realm.get();
- realmslist = $scope.realms;
+ Current.realms = $scope.realms;
});
-module.controller('RealmDropdownCtrl', function($scope, Realm) {
+module.controller('RealmDropdownCtrl', function($scope, Realm, Current, $location) {
console.log('test log writing');
- realmslist = Realm.get();
- $scope.realmslist = function() {
- return realmslist;
+ Current.realms = Realm.get();
+ $scope.current = Current;
+ $scope.changeRealm = function() {
+ console.log('select box changed');
+ for (var id in Current.realms) {
+ var val = Current.realms[id];
+ console.log('checking: ' + val);
+ if (val == Current.realm) {
+ console.log("redirect to: /realms/" + id);
+ $location.url("/realms/" + id);
+ break;
+ }
+ }
};
});
-module.controller('RealmDetailCtrl', function($scope, Realm, realm, $location, Dialog, Notifications) {
+module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $location, Dialog, Notifications) {
$scope.realm = angular.copy(realm);
$scope.createRealm = !realm.id;
@@ -260,13 +271,21 @@ module.controller('RealmDetailCtrl', function($scope, Realm, realm, $location, D
Realm.save(realmCopy, function(data, headers) {
var l = headers().location;
var id = l.substring(l.lastIndexOf("/") + 1);
- realmslist = Realm.get();
- $location.url("/realms/" + id);
+
+ var data = Realm.get(function() {
+ Current.realms = data;
+ Current.realm = Current.realms[id];
+ console.log('Current.realms[id]: ' + Current.realms[id]);
+ console.log('data[id]: ' + data[id]);
+ console.log('Current.realm.name: ' + Current.realm.name);
+
+ });
+ $location.url("/realms/" + id);
Notifications.success("Created realm");
});
} else {
Realm.update(realmCopy, function() {
- realmslist = Realm.get();
+ Current.realms = Realm.get();
$scope.changed = false;
realm = angular.copy($scope.realm);
Notifications.success("Saved changes to realm");
@@ -290,7 +309,7 @@ module.controller('RealmDetailCtrl', function($scope, Realm, realm, $location, D
$scope.remove = function() {
Dialog.confirmDelete($scope.realm.name, 'realm', function() {
Realm.remove($scope.realm, function() {
- realmslist = Realm.get();
+ Current.realms = Realm.get();
$location.url("/realms");
Notifications.success("Deleted realm");
});
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
index ba3a26a..02995c8 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
@@ -157,4 +157,11 @@ module.factory('Role', function($resource) {
method : 'PUT'
}
});
+});
+
+module.factory('Current', function($resource) {
+ return {
+ realm : null,
+ realms : {}
+ };
});
\ No newline at end of file
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/menu.html b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/menu.html
index effc324..6d6423d 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/menu.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/menu.html
@@ -3,32 +3,36 @@
<div class="container">
<div class="nav-collapse">
<nav id="global-nav">
- <div data-ng-controller="RealmDropdownCtrl">
+ <div data-ng-controller="RealmDropdownCtrl" > <!--
<ul class="nav pull-left" data-ng-show="auth.loggedIn">
<li class="dropdown"><a data-toggle="dropdown" class="dropdown-toggle" href="#"> Realms <i class="caret"></i></a>
<ul class="dropdown-menu">
- <li ng-repeat="(id, name) in realmslist()"><a href="#/realms/{{id}}">{{name}}</a>
+ <li ng-repeat="(id, name) in current.realms"><a href="#/realms/{{id}}">{{name}}</a>
</li>
</ul>
</li>
- </ul>
+ </ul> -->
+ <h3 data-ng-show="auth.loggedIn"><span class="gray pull-left">Realm: </span></h3>
+ <select class="nav pull-left" data-ng-show="auth.loggedIn" ng-change="changeRealm()" ng-model="current.realm" ng-options="name for (id, name) in current.realms">
+ </select>
+ <!-- <select class="nav pull-left" ng-options="r.name for r in current.realms"></select> -->
</div>
- <ul class="nav">
- <li class="divider-vertical-left" data-ng-class="path[0] == 'realms' && 'active'"
- data-ng-show="auth.loggedIn"><a href="#/create/realm">New Realm</a></li>
- </ul>
<ul class="nav pull-right" data-ng-hide="auth.loggedIn">
<li><a href="/auth-server/saas/saas-login.jsp">Login</a></li>
<li><a href="/auth-server/saas/saas-register.jsp">Register</a></li>
</ul>
<ul class="nav pull-right" data-ng-show="auth.loggedIn">
- <li class="dropdown"><a data-toggle="dropdown" class="dropdown-toggle" href="#"><i
+ <li class="divider-vertical-left dropdown"><a data-toggle="dropdown" class="dropdown-toggle" href="#"><i
class="icon-user icon-gray"></i> Welcome: <b>{{auth.user.displayName}}</b> <i class="caret"></i></a>
<ul class="dropdown-menu">
<li><a href="/auth-server/rest/saas/logout">Sign Out</a></li>
</ul>
</li>
</ul>
+ <ul class="nav pull-right" data-ng-show="auth.loggedIn">
+ <li class="divider-vertical-left" data-ng-class="path[0] == 'realms' && 'active'"
+ data-ng-show="auth.loggedIn"><a href="#/create/realm">New Realm</a></li>
+ </ul>
</nav>
</div>
</div>
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-detail.html b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-detail.html
index 7a841a1..a10e742 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-detail.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-detail.html
@@ -7,7 +7,7 @@
<h1 data-ng-show="createRealm"><span class="gray">New Realm</span></h1>
<h1 data-ng-hide="createRealm">
- <span class="gray">{{realm.realm}}</span>
+ <span class="gray">Realm Settings</span>
</h1>
<div data-ng-show="realmForm.showErrors && realmForm.$error.required" class="alert alert-error">Please fill
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-menu.html b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-menu.html
index d72e57a..bfdbbe5 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-menu.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-menu.html
@@ -1,21 +1,11 @@
<div data-ng-hide="createRealm">
<nav id="local-nav">
<ul class="nav nav-list">
- <li>
- <div>
- <span class="toggle">Realm: </span> {{realm.realm}}
- </div>
- <ul>
- <li>
- <ul class="sub-items">
- <li data-ng-class="!path[2] && 'active'"><a href="#/realms/{{realm.id}}">Settings</a>
- </li>
- <li data-ng-class="path[2] == 'users' && 'active'"><a href="#/realms/{{realm.id}}/users">Users</a>
- </li>
- <li data-ng-class="path[2] == 'roles' && 'active'"><a href="#/realms/{{realm.id}}/roles">Roles</a></li>
- </ul>
- </li>
- </ul>
+ <li data-ng-class="!path[2] && 'active'"><a href="#/realms/{{realm.id}}">Realm Settings</a>
+ </li>
+ <li data-ng-class="path[2] == 'users' && 'active'"><a href="#/realms/{{realm.id}}/users">Realm Users</a>
+ </li>
+ <li data-ng-class="path[2] == 'roles' && 'active'"><a href="#/realms/{{realm.id}}/roles">Realm Roles</a></li>
</ul>
</nav>
</div>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-detail.html b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-detail.html
index 39686d6..a2ea839 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-detail.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-detail.html
@@ -7,7 +7,7 @@
<h1 data-ng-show="create"><span class="gray">New Role</span></h1>
<h1 data-ng-hide="create">
- <span class="gray">Role {{role.name}}</span>
+ <span class="gray">Realm Role {{role.name}}</span>
</h1>
<div data-ng-show="roleForm.showErrors && roleForm.$error.required" class="alert alert-error">Please fill in
@@ -49,7 +49,6 @@
</button>
<button type="submit" data-ng-click="reset()" class="btn" data-ng-show="changed">Clear changes
</button>
- <a href="#/realms/{{realm.id}}/users" data-ng-hide="changed">View users »</a>
<button type="submit" data-ng-click="remove()" class="btn btn-danger" data-ng-hide="changed">
Delete
</button>
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-list.html b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-list.html
index 1693cb1..107f6fd 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-list.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-list.html
@@ -7,7 +7,7 @@
<a class="btn btn-small pull-right" href="#/create/role/{{realm.id}}">Add Role</a>
<h1>
- <span class="gray">{{realm.realm}}</span> roles
+ <span class="gray">Realm Roles</span>
</h1>
<table class="table table-striped table-bordered">
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/saas-login.jsp b/examples/as7-eap-demo/server/src/main/webapp/saas/saas-login.jsp
index ee004a8..e11fc81 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/saas-login.jsp
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/saas-login.jsp
@@ -67,7 +67,7 @@
</section>
<section class="info-area">
<h3>Info area</h3>
- <p>Does not have an account? <a href="saas-register.html">Register</a>.</p>
+ <p>Does not have an account? <a href="<%=application.getContextPath()%>/saas/saas-register.jsp">Register</a>.</p>
<ul>
<li><strong>Domain:</strong> 10.0.0.1</li>
<li><strong>Zone:</strong> Live</li>
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/saas-register.jsp b/examples/as7-eap-demo/server/src/main/webapp/saas/saas-register.jsp
index ed61648..b95d171 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/saas-register.jsp
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/saas-register.jsp
@@ -73,7 +73,7 @@
</section>
<section class="info-area">
<h3>Info area</h3>
- <p>Already have an account? <a href="saas-login.html">Log in</a>.</p>
+ <p>Already have an account? <a href="<%=application.getContextPath()%>/saas/saas-login.jsp">Log in</a>.</p>
<ul>
<li><strong>Domain:</strong> 10.0.0.1</li>
<li><strong>Zone:</strong> Live</li>
diff --git a/sdk-html/src/main/resources/META-INF/resources/sdk/theme/saas/login.xhtml b/sdk-html/src/main/resources/META-INF/resources/sdk/theme/saas/login.xhtml
old mode 100644
new mode 100755
index d9618f0..c1cc362
--- a/sdk-html/src/main/resources/META-INF/resources/sdk/theme/saas/login.xhtml
+++ b/sdk-html/src/main/resources/META-INF/resources/sdk/theme/saas/login.xhtml
@@ -51,7 +51,7 @@
<section class="info-area">
<h3>Info area</h3>
<p>
- Does not have an account? <a href="saas-register.html">Register</a>.
+ No account? <a href="saas-register.html">Register</a>.
</p>
<ul>
<li><strong>Domain:</strong> 10.0.0.1</li>
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index dc8b79f..02c87eb 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -23,6 +23,7 @@ import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.UriInfo;
import java.net.URI;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
/**
@@ -203,7 +204,15 @@ public class AuthenticationManager {
public boolean authenticateForm(RealmModel realm, UserModel user, MultivaluedMap<String, String> formData) {
Set<String> types = new HashSet<String>();
- for (RequiredCredentialModel credential : realm.getRequiredCredentials()) {
+ List<RequiredCredentialModel> requiredCredentials = null;
+ if (realm.hasRole(user, RealmManager.RESOURCE_ROLE)) {
+ requiredCredentials = realm.getResourceRequiredCredentials();
+ } else if (realm.hasRole(user, RealmManager.IDENTITY_REQUESTER_ROLE)) {
+ requiredCredentials = realm.getOAuthClientRequiredCredentials();
+ } else {
+ requiredCredentials = realm.getRequiredCredentials();
+ }
+ for (RequiredCredentialModel credential : requiredCredentials) {
types.add(credential.getType());
}
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index cca1795..56d65ca 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -110,6 +110,20 @@ public class RealmManager {
}
}
+ if (rep.getRequiredResourceCredentials() != null) {
+ for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) {
+ addResourceRequiredCredential(newRealm, requiredCred);
+ }
+ }
+
+ if (rep.getRequiredOAuthClientCredentials() != null) {
+ for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) {
+ addOAuthClientRequiredCredential(newRealm, requiredCred);
+ }
+ }
+
+
+
if (rep.getUsers() != null) {
for (UserRepresentation userRep : rep.getUsers()) {
UserModel user = createUser(newRealm, userRep);
@@ -180,68 +194,42 @@ public class RealmManager {
}
public void addRequiredCredential(RealmModel newRealm, RequiredCredentialRepresentation requiredCred) {
+ RequiredCredentialModel credential = initializeCred(requiredCred);
+ newRealm.addRequiredCredential(credential);
+ }
+ public void addResourceRequiredCredential(RealmModel newRealm, RequiredCredentialRepresentation requiredCred) {
+ RequiredCredentialModel credential = initializeCred(requiredCred);
+ newRealm.addResourceRequiredCredential(credential);
+ }
+ public void addOAuthClientRequiredCredential(RealmModel newRealm, RequiredCredentialRepresentation requiredCred) {
+ RequiredCredentialModel credential = initializeCred(requiredCred);
+ newRealm.addOAuthClientRequiredCredential(credential);
+ }
+
+
+
+ private RequiredCredentialModel initializeCred(RequiredCredentialRepresentation requiredCred) {
RequiredCredentialModel credential = new RequiredCredentialModel();
credential.setType(requiredCred.getType());
credential.setInput(requiredCred.isInput());
credential.setSecret(requiredCred.isSecret());
- newRealm.addRequiredCredential(credential);
+ return credential;
}
protected void createResources(RealmRepresentation rep, RealmModel realm) {
RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE);
+ ResourceManager manager = new ResourceManager(this);
for (ResourceRepresentation resourceRep : rep.getResources()) {
- createResource(realm, loginRole, resourceRep);
+ manager.createResource(realm, loginRole, resourceRep);
}
}
- public void createResource(RealmModel realm, RoleModel loginRole, ResourceRepresentation resourceRep) {
- ResourceModel resource = realm.addResource(resourceRep.getName());
- resource.setManagementUrl(resourceRep.getAdminUrl());
- resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
- resource.updateResource();
-
- UserModel resourceUser = resource.getResourceUser();
- if (resourceRep.getCredentials() != null) {
- for (CredentialRepresentation cred : resourceRep.getCredentials()) {
- UserCredentialModel credential = new UserCredentialModel();
- credential.setType(cred.getType());
- credential.setValue(cred.getValue());
- realm.updateCredential(resourceUser, credential);
- }
- }
- realm.grantRole(resourceUser, loginRole);
-
-
- if (resourceRep.getRoles() != null) {
- for (RoleRepresentation roleRep : resourceRep.getRoles()) {
- RoleModel role = resource.addRole(roleRep.getName());
- if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
- }
- }
- if (resourceRep.getRoleMappings() != null) {
- for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
- UserModel user = realm.getUser(mapping.getUsername());
- for (String roleString : mapping.getRoles()) {
- RoleModel role = resource.getRole(roleString.trim());
- if (role == null) {
- role = resource.addRole(roleString.trim());
- }
- realm.grantRole(user, role);
- }
- }
- }
- if (resourceRep.getScopeMappings() != null) {
- for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
- UserModel user = realm.getUser(mapping.getUsername());
- for (String roleString : mapping.getRoles()) {
- RoleModel role = resource.getRole(roleString.trim());
- if (role == null) {
- role = resource.addRole(roleString.trim());
- }
- resource.addScope(user, role.getName());
- }
- }
- }
- if (resourceRep.isUseRealmMappings()) realm.addScope(resource.getResourceUser(), "*");
+ public RoleRepresentation toRepresentation(RoleModel role) {
+ RoleRepresentation rep = new RoleRepresentation();
+ rep.setId(role.getId());
+ rep.setName(role.getName());
+ rep.setDescription(role.getDescription());
+ return rep;
}
+
}
diff --git a/services/src/main/java/org/keycloak/services/managers/ResourceManager.java b/services/src/main/java/org/keycloak/services/managers/ResourceManager.java
new file mode 100755
index 0000000..e1c2ebb
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/managers/ResourceManager.java
@@ -0,0 +1,105 @@
+package org.keycloak.services.managers;
+
+import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.representations.idm.ResourceRepresentation;
+import org.keycloak.representations.idm.RoleMappingRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.ScopeMappingRepresentation;
+import org.keycloak.services.models.RealmModel;
+import org.keycloak.services.models.ResourceModel;
+import org.keycloak.services.models.RoleModel;
+import org.keycloak.services.models.UserCredentialModel;
+import org.keycloak.services.models.UserModel;
+
+import java.util.List;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class ResourceManager {
+
+ protected RealmManager realmManager;
+
+ public ResourceManager(RealmManager realmManager) {
+ this.realmManager = realmManager;
+ }
+
+ public ResourceModel createResource(RealmModel realm, RoleModel loginRole, ResourceRepresentation resourceRep) {
+ ResourceModel resource = realm.addResource(resourceRep.getName());
+ resource.setEnabled(resourceRep.isEnabled());
+ resource.setManagementUrl(resourceRep.getAdminUrl());
+ resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
+ resource.updateResource();
+
+ UserModel resourceUser = resource.getResourceUser();
+ if (resourceRep.getCredentials() != null) {
+ for (CredentialRepresentation cred : resourceRep.getCredentials()) {
+ UserCredentialModel credential = new UserCredentialModel();
+ credential.setType(cred.getType());
+ credential.setValue(cred.getValue());
+ realm.updateCredential(resourceUser, credential);
+ }
+ }
+ realm.grantRole(resourceUser, loginRole);
+
+
+ if (resourceRep.getRoles() != null) {
+ for (RoleRepresentation roleRep : resourceRep.getRoles()) {
+ RoleModel role = resource.addRole(roleRep.getName());
+ if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
+ }
+ }
+ if (resourceRep.getRoleMappings() != null) {
+ for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
+ UserModel user = realm.getUser(mapping.getUsername());
+ for (String roleString : mapping.getRoles()) {
+ RoleModel role = resource.getRole(roleString.trim());
+ if (role == null) {
+ role = resource.addRole(roleString.trim());
+ }
+ realm.grantRole(user, role);
+ }
+ }
+ }
+ if (resourceRep.getScopeMappings() != null) {
+ for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
+ UserModel user = realm.getUser(mapping.getUsername());
+ for (String roleString : mapping.getRoles()) {
+ RoleModel role = resource.getRole(roleString.trim());
+ if (role == null) {
+ role = resource.addRole(roleString.trim());
+ }
+ resource.addScope(user, role.getName());
+ }
+ }
+ }
+ if (resourceRep.isUseRealmMappings()) realm.addScope(resource.getResourceUser(), "*");
+ return resource;
+ }
+
+ public ResourceModel createResource(RealmModel realm, ResourceRepresentation resourceRep) {
+ RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE);
+ return createResource(realm, loginRole, resourceRep);
+ }
+
+ public void updateResource(ResourceRepresentation rep, ResourceModel resource) {
+ resource.setName(rep.getName());
+ resource.setEnabled(rep.isEnabled());
+ resource.setManagementUrl(rep.getAdminUrl());
+ resource.setSurrogateAuthRequired(rep.isSurrogateAuthRequired());
+ resource.updateResource();
+
+ }
+
+ public ResourceRepresentation toRepresentation(ResourceModel resourceModel) {
+ ResourceRepresentation rep = new ResourceRepresentation();
+ rep.setId(resourceModel.getId());
+ rep.setName(resourceModel.getName());
+ rep.setEnabled(resourceModel.isEnabled());
+ rep.setAdminUrl(resourceModel.getManagementUrl());
+ rep.setSurrogateAuthRequired(resourceModel.isSurrogateAuthRequired());
+ return rep;
+
+ }
+}
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index 121de14..6072c51 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -9,14 +9,10 @@ import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
-import org.keycloak.services.resources.RealmsResource;
import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.NewCookie;
-import javax.ws.rs.core.UriInfo;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
-import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -135,7 +131,7 @@ public class TokenManager {
}
if (accessCodeEntry.getResourceRolesRequested().size() > 0) {
- Map<String, ResourceModel> resourceMap = realm.getResourceMap();
+ Map<String, ResourceModel> resourceMap = realm.getResourceNameMap();
for (String resourceName : accessCodeEntry.getResourceRolesRequested().keySet()) {
ResourceModel resource = resourceMap.get(resourceName);
SkeletonKeyToken.Access access = token.addAccess(resourceName).verifyCaller(resource.isSurrogateAuthRequired());
diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java b/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java
index bb7c2b2..fe023f7 100755
--- a/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java
@@ -13,9 +13,11 @@ import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.models.picketlink.mappings.RealmData;
import org.keycloak.services.models.picketlink.mappings.ResourceData;
+import org.keycloak.services.models.picketlink.relationships.OAuthClientRequiredCredentialRelationship;
import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship;
import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship;
import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
+import org.keycloak.services.models.picketlink.relationships.ResourceRequiredCredentialRelationship;
import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.PartitionManager;
@@ -252,6 +254,48 @@ public class RealmAdapter implements RealmModel {
RelationshipQuery<RequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(RequiredCredentialRelationship.class);
query.setParameter(RequiredCredentialRelationship.REALM, realm.getName());
List<RequiredCredentialRelationship> results = query.getResultList();
+ return getRequiredCredentialModels(results);
+ }
+
+
+ @Override
+ public void addResourceRequiredCredential(RequiredCredentialModel cred) {
+ ResourceRequiredCredentialRelationship relationship = new ResourceRequiredCredentialRelationship();
+ addRequiredCredential(cred, relationship);
+ }
+
+ @Override
+ public List<RequiredCredentialModel> getResourceRequiredCredentials() {
+ RelationshipQuery<ResourceRequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRequiredCredentialRelationship.class);
+ query.setParameter(ResourceRequiredCredentialRelationship.REALM, realm.getName());
+ List<ResourceRequiredCredentialRelationship> results = query.getResultList();
+ return getRequiredCredentialModels(results);
+ }
+
+ @Override
+ public void addOAuthClientRequiredCredential(RequiredCredentialModel cred) {
+ OAuthClientRequiredCredentialRelationship relationship = new OAuthClientRequiredCredentialRelationship();
+ addRequiredCredential(cred, relationship);
+ }
+
+ @Override
+ public List<RequiredCredentialModel> getOAuthClientRequiredCredentials() {
+ RelationshipQuery<OAuthClientRequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(OAuthClientRequiredCredentialRelationship.class);
+ query.setParameter(ResourceRequiredCredentialRelationship.REALM, realm.getName());
+ List<OAuthClientRequiredCredentialRelationship> results = query.getResultList();
+ return getRequiredCredentialModels(results);
+ }
+
+
+
+ @Override
+ public void addRequiredCredential(RequiredCredentialModel cred) {
+ RequiredCredentialRelationship relationship = new RequiredCredentialRelationship();
+ addRequiredCredential(cred, relationship);
+ }
+
+
+ protected List<RequiredCredentialModel> getRequiredCredentialModels(List<? extends RequiredCredentialRelationship> results) {
List<RequiredCredentialModel> rtn = new ArrayList<RequiredCredentialModel>();
for (RequiredCredentialRelationship relationship : results) {
RequiredCredentialModel model = new RequiredCredentialModel();
@@ -262,10 +306,7 @@ public class RealmAdapter implements RealmModel {
}
return rtn;
}
-
- @Override
- public void addRequiredCredential(RequiredCredentialModel cred) {
- RequiredCredentialRelationship relationship = new RequiredCredentialRelationship();
+ protected void addRequiredCredential(RequiredCredentialModel cred, RequiredCredentialRelationship relationship) {
relationship.setCredentialType(cred.getType());
relationship.setInput(cred.isInput());
relationship.setSecret(cred.isSecret());
@@ -375,7 +416,7 @@ public class RealmAdapter implements RealmModel {
* @return
*/
@Override
- public Map<String, ResourceModel> getResourceMap() {
+ public Map<String, ResourceModel> getResourceNameMap() {
Map<String, ResourceModel> resourceMap = new HashMap<String, ResourceModel>();
for (ResourceModel resource : getResources()) {
resourceMap.put(resource.getName(), resource);
@@ -383,6 +424,24 @@ public class RealmAdapter implements RealmModel {
return resourceMap;
}
+ /**
+ * Makes sure that the resource returned is owned by the realm
+ *
+ * @return
+ */
+ @Override
+ public ResourceModel getResourceById(String id) {
+ RelationshipQuery<ResourceRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRelationship.class);
+ query.setParameter(ResourceRelationship.REALM, realm.getName());
+ query.setParameter(ResourceRelationship.RESOURCE, id);
+ List<ResourceRelationship> results = query.getResultList();
+ if (results.size() == 0) return null;
+ ResourceData resource = partitionManager.getPartition(ResourceData.class, id);
+ ResourceModel model = new ResourceAdapter(resource, this, partitionManager);
+ return model;
+ }
+
+
@Override
public List<ResourceModel> getResources() {
RelationshipQuery<ResourceRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRelationship.class);
@@ -423,6 +482,13 @@ public class RealmAdapter implements RealmModel {
}
@Override
+ public boolean hasRole(UserModel user, String role) {
+ RoleModel roleModel = getRole(role);
+ return hasRole(user, roleModel);
+ }
+
+
+ @Override
public void grantRole(UserModel user, RoleModel role) {
SampleModel.grantRole(getRelationshipManager(), ((UserAdapter) user).getUser(), ((RoleAdapter) role).getRole());
}
diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/relationships/OAuthClientRequiredCredentialRelationship.java b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/OAuthClientRequiredCredentialRelationship.java
new file mode 100755
index 0000000..f14c808
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/OAuthClientRequiredCredentialRelationship.java
@@ -0,0 +1,8 @@
+package org.keycloak.services.models.picketlink.relationships;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class OAuthClientRequiredCredentialRelationship extends RequiredCredentialRelationship {
+}
diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRelationship.java b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRelationship.java
index 429ea25..3c48b97 100755
--- a/services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRelationship.java
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRelationship.java
@@ -14,6 +14,7 @@ public class ResourceRelationship extends AbstractAttributedType implements Rela
private static final long serialVersionUID = 1L;
public static final AttributeParameter REALM = new AttributeParameter("realm");
+ public static final AttributeParameter RESOURCE = new AttributeParameter("resource");
public ResourceRelationship() {
}
diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRequiredCredentialRelationship.java b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRequiredCredentialRelationship.java
new file mode 100755
index 0000000..5df352e
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRequiredCredentialRelationship.java
@@ -0,0 +1,8 @@
+package org.keycloak.services.models.picketlink.relationships;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class ResourceRequiredCredentialRelationship extends RequiredCredentialRelationship {
+}
diff --git a/services/src/main/java/org/keycloak/services/models/RealmModel.java b/services/src/main/java/org/keycloak/services/models/RealmModel.java
index abb7e1d..404f837 100755
--- a/services/src/main/java/org/keycloak/services/models/RealmModel.java
+++ b/services/src/main/java/org/keycloak/services/models/RealmModel.java
@@ -79,7 +79,7 @@ public interface RealmModel {
List<RoleModel> getRoles();
- Map<String, ResourceModel> getResourceMap();
+ Map<String, ResourceModel> getResourceNameMap();
List<ResourceModel> getResources();
@@ -100,4 +100,16 @@ public interface RealmModel {
void addRealmAdmin(UserModel agent);
RoleModel getRoleById(String id);
+
+ void addResourceRequiredCredential(RequiredCredentialModel cred);
+
+ List<RequiredCredentialModel> getResourceRequiredCredentials();
+
+ void addOAuthClientRequiredCredential(RequiredCredentialModel cred);
+
+ List<RequiredCredentialModel> getOAuthClientRequiredCredentials();
+
+ boolean hasRole(UserModel user, String role);
+
+ ResourceModel getResourceById(String id);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
index 255d59a..bf2a7ca 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
@@ -1,5 +1,6 @@
package org.keycloak.services.resources.admin;
+import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
@@ -47,7 +48,13 @@ public class RealmAdminResource {
this.realm = realm;
}
+ @Path("resources")
+ public RealmResourcesResource getResources() {
+ return new RealmResourcesResource(admin, realm);
+ }
+
@GET
+ @NoCache
@Produces("application/json")
public RealmRepresentation getRealm() {
return new Transaction() {
@@ -70,6 +77,7 @@ public class RealmAdminResource {
@Path("roles")
@GET
+ @NoCache
@Produces("application/json")
public List<RoleRepresentation> getRoles() {
return new Transaction() {
@@ -88,6 +96,7 @@ public class RealmAdminResource {
@Path("roles/{id}")
@GET
+ @NoCache
@Produces("application/json")
public RoleRepresentation getRole(final @PathParam("id") String id) {
return new Transaction() {
@@ -147,6 +156,7 @@ public class RealmAdminResource {
@Path("users")
@GET
+ @NoCache
@Produces("application/json")
public List<UserRepresentation> getUsers() {
return null;
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmResourceResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmResourceResource.java
new file mode 100755
index 0000000..5f91f64
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmResourceResource.java
@@ -0,0 +1,69 @@
+package org.keycloak.services.resources.admin;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+import org.jboss.resteasy.logging.Logger;
+import org.keycloak.representations.idm.ResourceRepresentation;
+import org.keycloak.services.managers.RealmManager;
+import org.keycloak.services.managers.ResourceManager;
+import org.keycloak.services.models.RealmModel;
+import org.keycloak.services.models.ResourceModel;
+import org.keycloak.services.models.UserModel;
+import org.keycloak.services.resources.Transaction;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.NotFoundException;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class RealmResourceResource {
+ protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
+ protected UserModel admin;
+ protected RealmModel realm;
+ protected ResourceModel resourceModel;
+
+ public RealmResourceResource(UserModel admin, RealmModel realm, ResourceModel resourceModel) {
+ this.admin = admin;
+ this.realm = realm;
+ this.resourceModel = resourceModel;
+ }
+
+ @PUT
+ @Consumes(MediaType.APPLICATION_JSON)
+ public void update(final ResourceRepresentation rep) {
+ new Transaction() {
+ @Override
+ protected void runImpl() {
+ ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
+ resourceManager.updateResource(rep, resourceModel);
+ }
+ }.run();
+ }
+
+
+ @GET
+ @NoCache
+ @Produces(MediaType.APPLICATION_JSON)
+ public ResourceRepresentation getResource(final @PathParam("id") String id) {
+ return new Transaction() {
+ @Override
+ protected ResourceRepresentation callImpl() {
+ ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
+ return resourceManager.toRepresentation(resourceModel);
+ }
+ }.call();
+ }
+}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmResourcesResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmResourcesResource.java
new file mode 100755
index 0000000..99e69db
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmResourcesResource.java
@@ -0,0 +1,88 @@
+package org.keycloak.services.resources.admin;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+import org.jboss.resteasy.logging.Logger;
+import org.keycloak.representations.idm.ResourceRepresentation;
+import org.keycloak.services.managers.RealmManager;
+import org.keycloak.services.managers.ResourceManager;
+import org.keycloak.services.models.RealmModel;
+import org.keycloak.services.models.ResourceModel;
+import org.keycloak.services.models.UserModel;
+import org.keycloak.services.resources.Transaction;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.NotFoundException;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class RealmResourcesResource {
+ protected static final Logger logger = Logger.getLogger(RealmAdminResource.class);
+ protected UserModel admin;
+ protected RealmModel realm;
+
+ public RealmResourcesResource(UserModel admin, RealmModel realm) {
+ this.admin = admin;
+ this.realm = realm;
+ }
+
+ @GET
+ @Produces(MediaType.APPLICATION_JSON)
+ @NoCache
+ public List<ResourceRepresentation> getResources() {
+ return new Transaction() {
+ @Override
+ protected List<ResourceRepresentation> callImpl() {
+ List<ResourceRepresentation> rep = new ArrayList<ResourceRepresentation>();
+ List<ResourceModel> resourceModels = realm.getResources();
+ ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
+ for (ResourceModel resourceModel : resourceModels) {
+ rep.add(resourceManager.toRepresentation(resourceModel));
+ }
+ return rep;
+ }
+ }.call();
+ }
+
+ @POST
+ @Consumes(MediaType.APPLICATION_JSON)
+ public Response createResource(final @Context UriInfo uriInfo, final ResourceRepresentation rep) {
+ return new Transaction() {
+ @Override
+ protected Response callImpl() {
+ ResourceManager resourceManager = new ResourceManager(new RealmManager(session));
+ ResourceModel resourceModel = resourceManager.createResource(realm, rep);
+ return Response.created(uriInfo.getAbsolutePathBuilder().path(resourceModel.getId()).build()).build();
+ }
+ }.call();
+ }
+
+ @Path("{id}")
+ public RealmResourceResource getResource(final @PathParam("id") String id) {
+ return new Transaction() {
+ @Override
+ protected RealmResourceResource callImpl() {
+ ResourceModel resourceModel = realm.getResourceById(id);
+ if (resourceModel == null) {
+ throw new NotFoundException();
+ }
+ return new RealmResourceResource(admin, realm, resourceModel);
+ }
+ }.call();
+
+ }
+
+}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
index 7980877..015f150 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
@@ -1,5 +1,6 @@
package org.keycloak.services.resources.admin;
+import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
@@ -49,6 +50,7 @@ public class RealmsAdminResource {
}
@GET
+ @NoCache
@Produces("application/json")
public Response getRealms() {
return new Transaction() {
diff --git a/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java b/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
index bef77ff..ab12f38 100755
--- a/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
@@ -1,5 +1,6 @@
package org.keycloak.services.resources;
+import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.PublishedRealmRepresentation;
import org.keycloak.services.models.KeycloakSession;
@@ -37,6 +38,7 @@ public class PublicRealmResource {
}
@GET
+ @NoCache
@Produces("application/json")
public PublishedRealmRepresentation getRealm(@PathParam("realm") String id) {
return new Transaction() {
@@ -47,6 +49,7 @@ public class PublicRealmResource {
}
@GET
+ @NoCache
@Path("html")
@Produces("text/html")
public String getRealmHtml(@PathParam("realm") String id) {
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index ba4d265..4f295fe 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -1,5 +1,6 @@
package org.keycloak.services.resources;
+import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.jose.jws.JWSBuilder;
import org.jboss.resteasy.jose.jws.JWSInput;
import org.jboss.resteasy.jose.jws.crypto.RSAProvider;
@@ -381,6 +382,7 @@ public class TokenService extends AbstractLoginService {
@Path("logout")
@GET
+ @NoCache
public Response logout(final @QueryParam("redirect_uri") String redirectUri) {
return new Transaction() {
protected Response callImpl() {
services/src/test/resources/testrealm.json 18(+17 -1)
diff --git a/services/src/test/resources/testrealm.json b/services/src/test/resources/testrealm.json
index a8d0cbf..7239086 100755
--- a/services/src/test/resources/testrealm.json
+++ b/services/src/test/resources/testrealm.json
@@ -10,6 +10,20 @@
"secret" : true
}
],
+ "requiredResourceCredentials" : [
+ {
+ "type" : "Password",
+ "input" : true,
+ "secret" : true
+ }
+ ],
+ "requiredOAuthClientCredentials" : [
+ {
+ "type" : "Password",
+ "input" : true,
+ "secret" : true
+ }
+ ],
"users" : [
{
"username" : "wburke",
@@ -62,6 +76,7 @@
"resources" : [
{
"name" : "Application",
+ "enabled" : true,
"roles" : [
{ "name" : "admin" },
{ "name" : "user" }
@@ -83,8 +98,9 @@
}
]
},
- {
+ {
"name" : "OtherApp",
+ "enabled" : true,
"roles" : [
{ "name" : "admin" },
{ "name" : "user" }