keycloak-memoizeit
Changes
examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java 34(+4 -30)
services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSession.java 69(+69 -0)
services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSessionFactory.java 27(+27 -0)
services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakTransaction.java 40(+40 -0)
services/src/main/java/org/keycloak/services/models/picketlink/relationships/RealmAdminRelationship.java 2(+1 -1)
services/src/main/java/org/keycloak/services/models/picketlink/relationships/RequiredCredentialRelationship.java 2(+1 -1)
services/src/main/java/org/keycloak/services/models/picketlink/relationships/ResourceRelationship.java 2(+1 -1)
Details
diff --git a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
index 8e9242c..1d81d72 100755
--- a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
+++ b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
@@ -3,40 +3,15 @@ package org.keycloak.example.demo;
import org.jboss.resteasy.jwt.JsonSerialization;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
+import org.keycloak.services.models.KeycloakSession;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
-import org.keycloak.services.models.relationships.RealmAdminRelationship;
-import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
-import org.keycloak.services.models.relationships.ResourceRelationship;
-import org.keycloak.services.models.relationships.ScopeRelationship;
import org.keycloak.services.resources.KeycloakApplication;
import org.keycloak.services.resources.RegistrationService;
-import org.picketlink.idm.IdentitySession;
-import org.picketlink.idm.IdentitySessionFactory;
-import org.picketlink.idm.config.IdentityConfiguration;
-import org.picketlink.idm.config.IdentityConfigurationBuilder;
-import org.picketlink.idm.internal.DefaultIdentitySessionFactory;
-import org.picketlink.idm.jpa.internal.ResourceLocalJpaIdentitySessionHandler;
-import org.picketlink.idm.jpa.schema.CredentialObject;
-import org.picketlink.idm.jpa.schema.CredentialObjectAttribute;
-import org.picketlink.idm.jpa.schema.IdentityObject;
-import org.picketlink.idm.jpa.schema.IdentityObjectAttribute;
-import org.picketlink.idm.jpa.schema.PartitionObject;
-import org.picketlink.idm.jpa.schema.RelationshipIdentityObject;
-import org.picketlink.idm.jpa.schema.RelationshipObject;
-import org.picketlink.idm.jpa.schema.RelationshipObjectAttribute;
-import org.picketlink.idm.model.Realm;
-import org.picketlink.idm.model.SimpleRole;
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Application;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.util.HashSet;
-import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
@@ -45,7 +20,7 @@ public class DemoApplication extends KeycloakApplication {
public DemoApplication() {
super();
- IdentitySession session = factory.createIdentitySession();
+ KeycloakSession session = factory.createSession();
session.getTransaction().begin();
RealmManager realmManager = new RealmManager(session);
if (realmManager.defaultRealm() == null) {
@@ -55,8 +30,8 @@ public class DemoApplication extends KeycloakApplication {
}
public void install(RealmManager manager) {
- RealmModel defaultRealm = manager.createRealm(Realm.DEFAULT_REALM, Realm.DEFAULT_REALM);
- defaultRealm.setName(Realm.DEFAULT_REALM);
+ RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
+ defaultRealm.setName(RealmModel.DEFAULT_REALM);
defaultRealm.setEnabled(true);
defaultRealm.setTokenLifespan(300);
defaultRealm.setAccessCodeLifespan(60);
@@ -64,7 +39,6 @@ public class DemoApplication extends KeycloakApplication {
defaultRealm.setCookieLoginAllowed(true);
defaultRealm.setRegistrationAllowed(true);
manager.generateRealmKeys(defaultRealm);
- defaultRealm.updateRealm();
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE);
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index 4a71d09..e9a9f71 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -8,17 +8,13 @@ import org.keycloak.representations.idm.RoleMappingRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.ScopeMappingRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.services.models.KeycloakSession;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.models.ResourceModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.models.UserModel;
-import org.picketlink.idm.IdentityManager;
-import org.picketlink.idm.IdentitySession;
-import org.picketlink.idm.model.Realm;
-import org.picketlink.idm.model.SimpleAgent;
-import org.picketlink.idm.model.SimpleRole;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
@@ -45,22 +41,18 @@ public class RealmManager {
return counter.getAndIncrement() + "-" + System.currentTimeMillis();
}
- protected IdentitySession identitySession;
+ protected KeycloakSession identitySession;
- public RealmManager(IdentitySession identitySession) {
+ public RealmManager(KeycloakSession identitySession) {
this.identitySession = identitySession;
}
public RealmModel defaultRealm() {
- return getRealm(Realm.DEFAULT_REALM);
+ return getRealm(RealmModel.DEFAULT_REALM);
}
public RealmModel getRealm(String id) {
- Realm existing = identitySession.findRealm(id);
- if (existing == null) {
- return null;
- }
- return new RealmModel(existing, identitySession);
+ return identitySession.getRealm(id);
}
public RealmModel createRealm(String name) {
@@ -68,14 +60,11 @@ public class RealmManager {
}
public RealmModel createRealm(String id, String name) {
- Realm newRealm = identitySession.createRealm(id);
- IdentityManager idm = identitySession.createIdentityManager(newRealm);
- SimpleAgent agent = new SimpleAgent(RealmModel.REALM_AGENT_ID);
- idm.add(agent);
- RealmModel realm = new RealmModel(newRealm, identitySession);
- idm.add(new SimpleRole(WILDCARD_ROLE));
- idm.add(new SimpleRole(RESOURCE_ROLE));
- idm.add(new SimpleRole(IDENTITY_REQUESTER_ROLE));
+ RealmModel realm =identitySession.createRealm(id, name);
+ realm.setName(name);
+ realm.addRole(WILDCARD_ROLE);
+ realm.addRole(RESOURCE_ROLE);
+ realm.addRole(IDENTITY_REQUESTER_ROLE);
return realm;
}
@@ -88,7 +77,6 @@ public class RealmManager {
}
realm.setPrivateKey(keyPair.getPrivate());
realm.setPublicKey(keyPair.getPublic());
- realm.updateRealm();
}
public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
@@ -96,7 +84,6 @@ public class RealmManager {
RealmModel realm = createRealm(rep.getRealm());
importRealm(rep, realm);
realm.addRealmAdmin(realmCreator);
- realm.updateRealm();
return realm;
}
@@ -115,9 +102,6 @@ public class RealmManager {
newRealm.setPublicKeyPem(rep.getPublicKey());
}
- newRealm.updateRealm();
-
-
Map<String, UserModel> userMap = new HashMap<String, UserModel>();
for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) {
@@ -292,5 +276,4 @@ public class RealmManager {
}
}
}
-
}
diff --git a/services/src/main/java/org/keycloak/services/models/KeycloakSession.java b/services/src/main/java/org/keycloak/services/models/KeycloakSession.java
index d245db9..dd65e03 100755
--- a/services/src/main/java/org/keycloak/services/models/KeycloakSession.java
+++ b/services/src/main/java/org/keycloak/services/models/KeycloakSession.java
@@ -7,5 +7,10 @@ package org.keycloak.services.models;
public interface KeycloakSession {
KeycloakTransaction getTransaction();
+ RealmModel createRealm(String name);
+ RealmModel createRealm(String id, String name);
+ RealmModel getRealm(String id);
+ void deleteRealm(RealmModel realm);
+
void close();
}
diff --git a/services/src/main/java/org/keycloak/services/models/KeycloakSessionFactory.java b/services/src/main/java/org/keycloak/services/models/KeycloakSessionFactory.java
index 28b326e..e582b40 100755
--- a/services/src/main/java/org/keycloak/services/models/KeycloakSessionFactory.java
+++ b/services/src/main/java/org/keycloak/services/models/KeycloakSessionFactory.java
@@ -5,4 +5,6 @@ package org.keycloak.services.models;
* @version $Revision: 1 $
*/
public interface KeycloakSessionFactory {
+ KeycloakSession createSession();
+ void close();
}
diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSession.java b/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSession.java
new file mode 100755
index 0000000..9a49b59
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSession.java
@@ -0,0 +1,69 @@
+package org.keycloak.services.models.picketlink;
+
+import org.jboss.resteasy.spi.NotImplementedYetException;
+import org.keycloak.services.models.KeycloakSession;
+import org.keycloak.services.models.KeycloakTransaction;
+import org.keycloak.services.models.RealmModel;
+import org.picketlink.idm.IdentityManager;
+import org.picketlink.idm.IdentitySession;
+import org.picketlink.idm.model.Realm;
+import org.picketlink.idm.model.SimpleAgent;
+
+import java.util.concurrent.atomic.AtomicLong;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class PicketlinkKeycloakSession implements KeycloakSession {
+ protected IdentitySession session;
+
+ private static AtomicLong counter = new AtomicLong(1);
+ public static String generateId() {
+ return counter.getAndIncrement() + "-" + System.currentTimeMillis();
+ }
+
+ public PicketlinkKeycloakSession(IdentitySession session) {
+ this.session = session;
+ }
+
+ @Override
+ public KeycloakTransaction getTransaction() {
+ return new PicketlinkKeycloakTransaction(session.getTransaction());
+ }
+
+ @Override
+ public RealmAdapter createRealm(String name) {
+ return createRealm(generateId(), name);
+ }
+
+ @Override
+ public RealmAdapter createRealm(String id, String name) {
+ Realm newRealm = session.createRealm(id);
+ IdentityManager idm = session.createIdentityManager(newRealm);
+ SimpleAgent agent = new SimpleAgent(RealmAdapter.REALM_AGENT_ID);
+ idm.add(agent);
+ RealmAdapter realm = new RealmAdapter(newRealm, session);
+ return realm;
+ }
+
+ @Override
+ public RealmAdapter getRealm(String id) {
+ Realm existing = session.findRealm(id);
+ if (existing == null) {
+ return null;
+ }
+ return new RealmAdapter(existing, session);
+ }
+
+ @Override
+ public void deleteRealm(RealmModel realm) {
+ throw new NotImplementedYetException();
+
+ }
+
+ @Override
+ public void close() {
+ session.close();
+ }
+}
diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSessionFactory.java b/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSessionFactory.java
new file mode 100755
index 0000000..f74038a
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakSessionFactory.java
@@ -0,0 +1,27 @@
+package org.keycloak.services.models.picketlink;
+
+import org.keycloak.services.models.KeycloakSession;
+import org.keycloak.services.models.KeycloakSessionFactory;
+import org.picketlink.idm.IdentitySessionFactory;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class PicketlinkKeycloakSessionFactory implements KeycloakSessionFactory {
+ protected IdentitySessionFactory factory;
+
+ public PicketlinkKeycloakSessionFactory(IdentitySessionFactory factory) {
+ this.factory = factory;
+ }
+
+ @Override
+ public KeycloakSession createSession() {
+ return new PicketlinkKeycloakSession(factory.createIdentitySession());
+ }
+
+ @Override
+ public void close() {
+ factory.close();
+ }
+}
diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakTransaction.java b/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakTransaction.java
new file mode 100755
index 0000000..1abb4f0
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/PicketlinkKeycloakTransaction.java
@@ -0,0 +1,40 @@
+package org.keycloak.services.models.picketlink;
+
+import org.keycloak.services.models.KeycloakTransaction;
+import org.picketlink.idm.IdentityTransaction;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class PicketlinkKeycloakTransaction implements KeycloakTransaction{
+ protected IdentityTransaction transaction;
+
+ public PicketlinkKeycloakTransaction(IdentityTransaction transaction) {
+ this.transaction = transaction;
+ }
+
+ public void begin() {
+ transaction.begin();
+ }
+
+ public void setRollbackOnly() {
+ transaction.setRollbackOnly();
+ }
+
+ public boolean isActive() {
+ return transaction.isActive();
+ }
+
+ public boolean getRollbackOnly() {
+ return transaction.getRollbackOnly();
+ }
+
+ public void commit() {
+ transaction.commit();
+ }
+
+ public void rollback() {
+ transaction.rollback();
+ }
+}
diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java b/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java
new file mode 100755
index 0000000..61f90b2
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java
@@ -0,0 +1,479 @@
+package org.keycloak.services.models.picketlink;
+
+import org.bouncycastle.openssl.PEMWriter;
+import org.jboss.resteasy.security.PemUtils;
+import org.keycloak.representations.idm.RequiredCredentialRepresentation;
+import org.keycloak.services.managers.RealmManager;
+import org.keycloak.services.models.RealmModel;
+import org.keycloak.services.models.RequiredCredentialModel;
+import org.keycloak.services.models.ResourceModel;
+import org.keycloak.services.models.RoleModel;
+import org.keycloak.services.models.UserCredentialModel;
+import org.keycloak.services.models.UserModel;
+import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship;
+import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship;
+import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
+import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
+import org.picketlink.idm.IdentityManager;
+import org.picketlink.idm.IdentitySession;
+import org.picketlink.idm.credential.Credentials;
+import org.picketlink.idm.credential.Password;
+import org.picketlink.idm.credential.TOTPCredential;
+import org.picketlink.idm.credential.TOTPCredentials;
+import org.picketlink.idm.credential.UsernamePasswordCredentials;
+import org.picketlink.idm.credential.X509CertificateCredentials;
+import org.picketlink.idm.model.Agent;
+import org.picketlink.idm.model.Attribute;
+import org.picketlink.idm.model.Grant;
+import org.picketlink.idm.model.Realm;
+import org.picketlink.idm.model.Role;
+import org.picketlink.idm.model.SimpleRole;
+import org.picketlink.idm.model.SimpleUser;
+import org.picketlink.idm.model.Tier;
+import org.picketlink.idm.model.User;
+import org.picketlink.idm.query.IdentityQuery;
+import org.picketlink.idm.query.RelationshipQuery;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * Meant to be a per-request object
+ *
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class RealmAdapter implements RealmModel {
+ public static final String REALM_AGENT_ID = "_realm_";
+ public static final String REALM_NAME = "name";
+ public static final String REALM_ACCESS_CODE_LIFESPAN = "accessCodeLifespan";
+ public static final String REALM_TOKEN_LIFESPAN = "tokenLifespan";
+ public static final String REALM_PRIVATE_KEY = "privateKey";
+ public static final String REALM_PUBLIC_KEY = "publicKey";
+ public static final String REALM_IS_SSL_NOT_REQUIRED = "isSSLNotRequired";
+ public static final String REALM_IS_COOKIE_LOGIN_ALLOWED = "isCookieLoginAllowed";
+ public static final String REALM_IS_REGISTRATION_ALLOWED = "isRegistrationAllowed";
+
+ protected Realm realm;
+ protected Agent realmAgent;
+ protected IdentitySession identitySession;
+ protected volatile transient PublicKey publicKey;
+ protected volatile transient PrivateKey privateKey;
+ protected IdentityManager idm;
+
+ public RealmAdapter(Realm realm, IdentitySession session) {
+ this.realm = realm;
+ this.identitySession = session;
+ realmAgent = getIdm().getAgent(REALM_AGENT_ID);
+ }
+
+ protected IdentityManager getIdm() {
+ if (idm == null) idm = identitySession.createIdentityManager(realm);
+ return idm;
+ }
+
+ protected void updateRealm() {
+ getIdm().update(realmAgent);
+ }
+
+ @Override
+ public String getId() {
+ return realm.getId();
+ }
+
+ @Override
+ public String getName() {
+ return (String) realmAgent.getAttribute(REALM_NAME).getValue();
+ }
+
+ @Override
+ public void setName(String name) {
+ realmAgent.setAttribute(new Attribute<String>(REALM_NAME, name));
+ updateRealm();
+ }
+
+ @Override
+ public boolean isEnabled() {
+ return realmAgent.isEnabled();
+ }
+
+ @Override
+ public void setEnabled(boolean enabled) {
+ realmAgent.setEnabled(enabled);
+ updateRealm();
+ }
+
+ @Override
+ public boolean isSslNotRequired() {
+ return (Boolean) realmAgent.getAttribute(REALM_IS_SSL_NOT_REQUIRED).getValue();
+ }
+
+ @Override
+ public void setSslNotRequired(boolean sslNotRequired) {
+ realmAgent.setAttribute(new Attribute<Boolean>(REALM_IS_SSL_NOT_REQUIRED, sslNotRequired));
+ updateRealm();
+ }
+
+ @Override
+ public boolean isCookieLoginAllowed() {
+ return (Boolean) realmAgent.getAttribute(REALM_IS_COOKIE_LOGIN_ALLOWED).getValue();
+ }
+
+ @Override
+ public void setCookieLoginAllowed(boolean cookieLoginAllowed) {
+ realmAgent.setAttribute(new Attribute<Boolean>(REALM_IS_COOKIE_LOGIN_ALLOWED, cookieLoginAllowed));
+ updateRealm();
+ }
+
+ @Override
+ public boolean isRegistrationAllowed() {
+ return (Boolean) realmAgent.getAttribute(REALM_IS_REGISTRATION_ALLOWED).getValue();
+ }
+
+ @Override
+ public void setRegistrationAllowed(boolean registrationAllowed) {
+ realmAgent.setAttribute(new Attribute<Boolean>(REALM_IS_REGISTRATION_ALLOWED, registrationAllowed));
+ updateRealm();
+ }
+
+ @Override
+ public int getTokenLifespan() {
+ return (Integer) realmAgent.getAttribute(REALM_TOKEN_LIFESPAN).getValue();
+ }
+
+ @Override
+ public void setTokenLifespan(int tokenLifespan) {
+ realmAgent.setAttribute(new Attribute<Integer>(REALM_TOKEN_LIFESPAN, tokenLifespan));
+ updateRealm();
+ }
+
+ @Override
+ public int getAccessCodeLifespan() {
+ return (Integer) realmAgent.getAttribute(REALM_ACCESS_CODE_LIFESPAN).getValue();
+ }
+
+ @Override
+ public void setAccessCodeLifespan(int accessCodeLifespan) {
+ realmAgent.setAttribute(new Attribute<Integer>(REALM_ACCESS_CODE_LIFESPAN, accessCodeLifespan));
+ updateRealm();
+ }
+
+ @Override
+ public String getPublicKeyPem() {
+ return (String) realmAgent.getAttribute(REALM_PUBLIC_KEY).getValue();
+ }
+
+ @Override
+ public void setPublicKeyPem(String publicKeyPem) {
+ realmAgent.setAttribute(new Attribute<String>(REALM_PUBLIC_KEY, publicKeyPem));
+ this.publicKey = null;
+ updateRealm();
+ }
+
+ @Override
+ public String getPrivateKeyPem() {
+ return (String) realmAgent.getAttribute(REALM_PRIVATE_KEY).getValue();
+ }
+
+ @Override
+ public void setPrivateKeyPem(String privateKeyPem) {
+ realmAgent.setAttribute(new Attribute<String>(REALM_PRIVATE_KEY, privateKeyPem));
+ this.privateKey = null;
+ updateRealm();
+ }
+
+ @Override
+ public PublicKey getPublicKey() {
+ if (publicKey != null) return publicKey;
+ String pem = getPublicKeyPem();
+ if (pem != null) {
+ try {
+ publicKey = PemUtils.decodePublicKey(pem);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+ return publicKey;
+ }
+
+ @Override
+ public void setPublicKey(PublicKey publicKey) {
+ this.publicKey = publicKey;
+ StringWriter writer = new StringWriter();
+ PEMWriter pemWriter = new PEMWriter(writer);
+ try {
+ pemWriter.writeObject(publicKey);
+ pemWriter.flush();
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ String s = writer.toString();
+ setPublicKeyPem(PemUtils.removeBeginEnd(s));
+ }
+
+ @Override
+ public PrivateKey getPrivateKey() {
+ if (privateKey != null) return privateKey;
+ String pem = getPrivateKeyPem();
+ if (pem != null) {
+ try {
+ privateKey = PemUtils.decodePrivateKey(pem);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+ return privateKey;
+ }
+
+ @Override
+ public void setPrivateKey(PrivateKey privateKey) {
+ this.privateKey = privateKey;
+ StringWriter writer = new StringWriter();
+ PEMWriter pemWriter = new PEMWriter(writer);
+ try {
+ pemWriter.writeObject(privateKey);
+ pemWriter.flush();
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ String s = writer.toString();
+ setPrivateKeyPem(PemUtils.removeBeginEnd(s));
+ }
+
+ @Override
+ public List<RequiredCredentialModel> getRequiredCredentials() {
+ IdentityManager idm = getIdm();
+ Agent realmAgent = idm.getAgent(REALM_AGENT_ID);
+ RelationshipQuery<RequiredCredentialRelationship> query = idm.createRelationshipQuery(RequiredCredentialRelationship.class);
+ query.setParameter(RequiredCredentialRelationship.REALM_AGENT, realmAgent);
+ List<RequiredCredentialRelationship> results = query.getResultList();
+ List<RequiredCredentialModel> rtn = new ArrayList<RequiredCredentialModel>();
+ for (RequiredCredentialRelationship relationship : results) {
+ RequiredCredentialModel model = new RequiredCredentialModel();
+ model.setInput(relationship.isInput());
+ model.setSecret(relationship.isSecret());
+ model.setType(relationship.getCredentialType());
+ rtn.add(model);
+ }
+ return rtn;
+ }
+
+ @Override
+ public void addRequiredCredential(RequiredCredentialModel cred) {
+ IdentityManager idm = getIdm();
+ Agent realmAgent = idm.getAgent(REALM_AGENT_ID);
+ RequiredCredentialRelationship relationship = new RequiredCredentialRelationship();
+ relationship.setCredentialType(cred.getType());
+ relationship.setInput(cred.isInput());
+ relationship.setSecret(cred.isSecret());
+ relationship.setRealmAgent(realmAgent);
+ idm.add(relationship);
+ }
+
+ @Override
+ public boolean validatePassword(UserModel user, String password) {
+ UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user.getLoginName(), new Password(password));
+ getIdm().validateCredentials(creds);
+ return creds.getStatus() == Credentials.Status.VALID;
+ }
+
+ @Override
+ public boolean validateTOTP(UserModel user, String password, String token) {
+ TOTPCredentials creds = new TOTPCredentials();
+ creds.setToken(token);
+ creds.setUsername(user.getLoginName());
+ creds.setPassword(new Password(password));
+ getIdm().validateCredentials(creds);
+ return creds.getStatus() == Credentials.Status.VALID;
+ }
+
+ @Override
+ public void updateCredential(UserModel user, UserCredentialModel cred) {
+ IdentityManager idm = getIdm();
+ if (cred.getType().equals(RequiredCredentialRepresentation.PASSWORD)) {
+ Password password = new Password(cred.getValue());
+ idm.updateCredential(((UserAdapter)user).getUser(), password);
+ } else if (cred.getType().equals(RequiredCredentialRepresentation.TOTP)) {
+ TOTPCredential totp = new TOTPCredential(cred.getValue());
+ idm.updateCredential(((UserAdapter)user).getUser(), totp);
+ } else if (cred.getType().equals(RequiredCredentialRepresentation.CLIENT_CERT)) {
+ X509Certificate cert = null;
+ try {
+ cert = org.keycloak.PemUtils.decodeCertificate(cred.getValue());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ X509CertificateCredentials creds = new X509CertificateCredentials(cert);
+ idm.updateCredential(((UserAdapter)user).getUser(), creds);
+ }
+ }
+
+ @Override
+ public UserAdapter getUser(String name) {
+ User user = getIdm().getUser(name);
+ if (user == null) return null;
+ return new UserAdapter(user, getIdm());
+ }
+
+ @Override
+ public UserAdapter addUser(String username) {
+ User user = getIdm().getUser(username);
+ if (user != null) throw new IllegalStateException("User already exists");
+ user = new SimpleUser(username);
+ getIdm().add(user);
+ return new UserAdapter(user, getIdm());
+ }
+
+ @Override
+ public RoleAdapter getRole(String name) {
+ Role role = getIdm().getRole(name);
+ if (role == null) return null;
+ return new RoleAdapter(role, getIdm());
+ }
+
+ @Override
+ public RoleAdapter addRole(String name) {
+ Role role = new SimpleRole(name);
+ getIdm().add(role);
+ return new RoleAdapter(role, getIdm());
+ }
+
+ @Override
+ public List<RoleModel> getRoles() {
+ IdentityManager idm = getIdm();
+ IdentityQuery<Role> query = idm.createIdentityQuery(Role.class);
+ query.setParameter(Role.PARTITION, realm);
+ List<Role> roles = query.getResultList();
+ List<RoleModel> roleModels = new ArrayList<RoleModel>();
+ for (Role role : roles) {
+ roleModels.add(new RoleAdapter(role, idm));
+ }
+ return roleModels;
+ }
+
+
+ /**
+ * Key name, value resource
+ *
+ * @return
+ */
+ @Override
+ public Map<String, ResourceModel> getResourceMap() {
+ Map<String, ResourceModel> resourceMap = new HashMap<String, ResourceModel>();
+ for (ResourceModel resource : getResources()) {
+ resourceMap.put(resource.getName(), resource);
+ }
+ return resourceMap;
+ }
+
+ @Override
+ public List<ResourceModel> getResources() {
+ IdentityManager idm = getIdm();
+ RelationshipQuery<ResourceRelationship> query = idm.createRelationshipQuery(ResourceRelationship.class);
+ query.setParameter(ResourceRelationship.REALM_AGENT, realmAgent);
+ List<ResourceRelationship> results = query.getResultList();
+ List<ResourceModel> resources = new ArrayList<ResourceModel>();
+ for (ResourceRelationship relationship : results) {
+ Tier resourceTier = identitySession.findTier(relationship.getResourceId());
+ ResourceModel model = new ResourceAdapter(resourceTier,relationship, this, identitySession);
+ resources.add(model);
+ }
+
+ return resources;
+ }
+
+ @Override
+ public ResourceModel addResource(String name) {
+ Tier newTier = identitySession.createTier(RealmManager.generateId());
+ IdentityManager idm = getIdm();
+ ResourceRelationship relationship = new ResourceRelationship();
+ relationship.setResourceName(name);
+ relationship.setRealmAgent(realmAgent);
+ relationship.setResourceId(newTier.getId());
+ relationship.setManagementUrl(""); // Picketlink doesn't like null attribute values
+ User resourceUser = new SimpleUser(name);
+ idm.add(resourceUser);
+ relationship.setResourceUser(resourceUser);
+ idm.add(relationship);
+ ResourceModel resource = new ResourceAdapter(newTier, relationship, this, identitySession);
+ resource.addRole("*");
+ resource.addScope(new UserAdapter(resourceUser, idm), "*");
+ return resource;
+ }
+
+ @Override
+ public boolean hasRole(UserModel user, RoleModel role) {
+ return getIdm().hasRole(((UserAdapter)user).getUser(), ((RoleAdapter)role).getRole());
+ }
+
+ @Override
+ public void grantRole(UserModel user, RoleModel role) {
+ getIdm().grantRole(((UserAdapter)user).getUser(), ((RoleAdapter)role).getRole());
+ }
+
+ @Override
+ public Set<String> getRoleMappings(UserModel user) {
+ RelationshipQuery<Grant> query = getIdm().createRelationshipQuery(Grant.class);
+ query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser());
+ List<Grant> grants = query.getResultList();
+ HashSet<String> set = new HashSet<String>();
+ for (Grant grant : grants) {
+ if (grant.getRole().getPartition().getId().equals(realm.getId())) set.add(grant.getRole().getName());
+ }
+ return set;
+ }
+
+ @Override
+ public void addScope(UserModel agent, String roleName) {
+ IdentityManager idm = getIdm();
+ Role role = idm.getRole(roleName);
+ if (role == null) throw new RuntimeException("role not found");
+ ScopeRelationship scope = new ScopeRelationship();
+ scope.setClient(((UserAdapter)agent).getUser());
+ scope.setScope(role);
+ idm.add(scope);
+
+ }
+
+
+ @Override
+ public Set<String> getScope(UserModel agent) {
+ RelationshipQuery<ScopeRelationship> query = getIdm().createRelationshipQuery(ScopeRelationship.class);
+ query.setParameter(ScopeRelationship.CLIENT, ((UserAdapter)agent).getUser());
+ List<ScopeRelationship> scope = query.getResultList();
+ HashSet<String> set = new HashSet<String>();
+ for (ScopeRelationship rel : scope) {
+ if (rel.getScope().getPartition().getId().equals(realm.getId())) set.add(rel.getScope().getName());
+ }
+ return set;
+ }
+
+ @Override
+ public boolean isRealmAdmin(UserModel agent) {
+ RealmAdapter realmModel = (RealmAdapter)new RealmManager(new PicketlinkKeycloakSession(identitySession)).defaultRealm();
+ IdentityManager idm = realmModel.getIdm();
+ RelationshipQuery<RealmAdminRelationship> query = idm.createRelationshipQuery(RealmAdminRelationship.class);
+ query.setParameter(RealmAdminRelationship.REALM, realm.getId());
+ query.setParameter(RealmAdminRelationship.ADMIN, ((UserAdapter)agent).getUser());
+ List<RealmAdminRelationship> results = query.getResultList();
+ return results.size() > 0;
+ }
+
+ @Override
+ public void addRealmAdmin(UserModel agent) {
+ RealmAdapter realmModel = (RealmAdapter)new RealmManager(new PicketlinkKeycloakSession(identitySession)).defaultRealm();
+ RealmAdminRelationship relationship = new RealmAdminRelationship();
+ relationship.setAdmin(((UserAdapter)agent).getUser());
+ relationship.setRealm(realm.getId());
+ idm.add(relationship);
+ }
+}
diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/ResourceAdapter.java b/services/src/main/java/org/keycloak/services/models/picketlink/ResourceAdapter.java
new file mode 100755
index 0000000..2e39356
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/ResourceAdapter.java
@@ -0,0 +1,165 @@
+package org.keycloak.services.models.picketlink;
+
+import org.keycloak.services.models.ResourceModel;
+import org.keycloak.services.models.RoleModel;
+import org.keycloak.services.models.UserModel;
+import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
+import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
+import org.picketlink.idm.IdentityManager;
+import org.picketlink.idm.IdentitySession;
+import org.picketlink.idm.model.Grant;
+import org.picketlink.idm.model.Role;
+import org.picketlink.idm.model.SimpleRole;
+import org.picketlink.idm.model.Tier;
+import org.picketlink.idm.query.IdentityQuery;
+import org.picketlink.idm.query.RelationshipQuery;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class ResourceAdapter implements ResourceModel {
+ protected Tier tier;
+ protected ResourceRelationship agent;
+ protected RealmAdapter realm;
+ protected IdentitySession identitySession;
+ protected IdentityManager idm;
+
+ public ResourceAdapter(Tier tier, ResourceRelationship agent, RealmAdapter realm, IdentitySession session) {
+ this.tier = tier;
+ this.agent = agent;
+ this.realm = realm;
+ this.identitySession = session;
+ }
+
+ protected IdentityManager getIdm() {
+ if (idm == null) idm = identitySession.createIdentityManager(tier);
+ return idm;
+ }
+
+ @Override
+ public void updateResource() {
+ getIdm().update(agent);
+ }
+
+ @Override
+ public UserAdapter getResourceUser() {
+ return new UserAdapter(agent.getResourceUser(), realm.getIdm());
+ }
+
+ @Override
+ public String getId() {
+ return tier.getId();
+ }
+
+ @Override
+ public String getName() {
+ return agent.getResourceName();
+ }
+
+ @Override
+ public void setName(String name) {
+ agent.setResourceName(name);
+ }
+
+ @Override
+ public boolean isEnabled() {
+ return agent.getEnabled();
+ }
+
+ @Override
+ public void setEnabled(boolean enabled) {
+ agent.setEnabled(enabled);
+ }
+
+ @Override
+ public boolean isSurrogateAuthRequired() {
+ return agent.getSurrogateAuthRequired();
+ }
+
+ @Override
+ public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
+ agent.setSurrogateAuthRequired(surrogateAuthRequired);
+ }
+
+ @Override
+ public String getManagementUrl() {
+ return agent.getManagementUrl();
+ }
+
+ @Override
+ public void setManagementUrl(String url) {
+ agent.setManagementUrl(url);
+ }
+
+ @Override
+ public RoleAdapter getRole(String name) {
+ Role role = getIdm().getRole(name);
+ if (role == null) return null;
+ return new RoleAdapter(role, getIdm());
+ }
+
+ @Override
+ public RoleAdapter addRole(String name) {
+ Role role = new SimpleRole(name);
+ getIdm().add(role);
+ return new RoleAdapter(role, getIdm());
+ }
+
+ @Override
+ public List<RoleModel> getRoles() {
+ IdentityQuery<Role> query = getIdm().createIdentityQuery(Role.class);
+ query.setParameter(Role.PARTITION, tier);
+ List<Role> roles = query.getResultList();
+ List<RoleModel> roleModels = new ArrayList<RoleModel>();
+ for (Role role : roles) {
+ roleModels.add(new RoleAdapter(role, idm));
+ }
+ return roleModels;
+ }
+
+ @Override
+ public Set<String> getRoleMappings(UserModel user) {
+ RelationshipQuery<Grant> query = getIdm().createRelationshipQuery(Grant.class);
+ query.setParameter(Grant.ASSIGNEE, ((UserAdapter)user).getUser());
+ List<Grant> grants = query.getResultList();
+ HashSet<String> set = new HashSet<String>();
+ for (Grant grant : grants) {
+ if (grant.getRole().getPartition().getId().equals(tier.getId())) set.add(grant.getRole().getName());
+ }
+ return set;
+ }
+
+ @Override
+ public void addScope(UserModel agent, String roleName) {
+ IdentityManager idm = getIdm();
+ Role role = idm.getRole(roleName);
+ if (role == null) throw new RuntimeException("role not found");
+ addScope(agent, new RoleAdapter(role, idm));
+
+ }
+
+ @Override
+ public void addScope(UserModel agent, RoleModel role) {
+ ScopeRelationship scope = new ScopeRelationship();
+ scope.setClient(((UserAdapter)agent).getUser());
+ scope.setScope(((RoleAdapter)role).getRole());
+ }
+
+ @Override
+ public Set<String> getScope(UserModel agent) {
+ RelationshipQuery<ScopeRelationship> query = getIdm().createRelationshipQuery(ScopeRelationship.class);
+ query.setParameter(ScopeRelationship.CLIENT, ((UserAdapter)agent).getUser());
+ List<ScopeRelationship> scope = query.getResultList();
+ HashSet<String> set = new HashSet<String>();
+ for (ScopeRelationship rel : scope) {
+ if (rel.getScope().getPartition().getId().equals(tier.getId())) set.add(rel.getScope().getName());
+ }
+ return set;
+ }
+}
diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/RoleAdapter.java b/services/src/main/java/org/keycloak/services/models/picketlink/RoleAdapter.java
new file mode 100755
index 0000000..0934bc5
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/RoleAdapter.java
@@ -0,0 +1,49 @@
+package org.keycloak.services.models.picketlink;
+
+import org.keycloak.services.models.RoleModel;
+import org.picketlink.idm.IdentityManager;
+import org.picketlink.idm.model.Attribute;
+import org.picketlink.idm.model.Role;
+
+import java.io.Serializable;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class RoleAdapter implements RoleModel {
+ protected Role role;
+ protected IdentityManager idm;
+
+ public RoleAdapter(Role role, IdentityManager idm) {
+ this.role = role;
+ this.idm = idm;
+ }
+
+ protected Role getRole() {
+ return role;
+ }
+
+ @Override
+ public String getName() {
+ return role.getName();
+ }
+
+ @Override
+ public String getDescription() {
+ Attribute<Serializable> description = role.getAttribute("description");
+ if (description == null) return null;
+ return (String) description.getValue();
+ }
+
+ @Override
+ public void setDescription(String description) {
+ if (description == null) {
+ role.removeAttribute("description");
+ } else {
+ role.setAttribute(new Attribute<String>("description", description));
+ }
+ idm.update(role);
+ }
+
+}
diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/UserAdapter.java b/services/src/main/java/org/keycloak/services/models/picketlink/UserAdapter.java
new file mode 100755
index 0000000..2fa9a20
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/UserAdapter.java
@@ -0,0 +1,71 @@
+package org.keycloak.services.models.picketlink;
+
+import org.keycloak.services.models.UserModel;
+import org.picketlink.idm.IdentityManager;
+import org.picketlink.idm.model.Attribute;
+import org.picketlink.idm.model.User;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class UserAdapter implements UserModel {
+ protected User user;
+ protected IdentityManager idm;
+
+ public UserAdapter(User user, IdentityManager idm) {
+ this.user = user;
+ this.idm = idm;
+ }
+
+ protected User getUser() {
+ return user;
+ }
+
+ @Override
+ public String getLoginName() {
+ return user.getLoginName();
+ }
+
+ @Override
+ public boolean isEnabled() {
+ return user.isEnabled();
+ }
+
+ @Override
+ public void setEnabled(boolean enabled) {
+ user.setEnabled(enabled);
+ idm.update(user);
+ }
+
+ @Override
+ public void setAttribute(String name, String value) {
+ user.setAttribute(new Attribute<String>(name, value));
+ idm.update(user);
+ }
+
+ @Override
+ public void removeAttribute(String name) {
+ user.removeAttribute(name);
+ idm.update(user);
+ }
+
+ @Override
+ public String getAttribute(String name) {
+ Attribute<String> attribute = user.getAttribute(name);
+ if (attribute == null || attribute.getValue() == null) return null;
+ return attribute.getValue().toString();
+ }
+
+ @Override
+ public Map<String, String> getAttributes() {
+ Map<String, String> attributes = new HashMap<String, String>();
+ for (Attribute attribute : user.getAttributes()) {
+ if (attribute.getValue() != null) attributes.put(attribute.getName(), attribute.getValue().toString());
+ }
+ return attributes;
+ }
+}
diff --git a/services/src/main/java/org/keycloak/services/models/RealmModel.java b/services/src/main/java/org/keycloak/services/models/RealmModel.java
index b633d45..fa01607 100755
--- a/services/src/main/java/org/keycloak/services/models/RealmModel.java
+++ b/services/src/main/java/org/keycloak/services/models/RealmModel.java
@@ -1,421 +1,101 @@
package org.keycloak.services.models;
-import org.bouncycastle.openssl.PEMWriter;
-import org.jboss.resteasy.security.PemUtils;
-import org.keycloak.representations.idm.RequiredCredentialRepresentation;
-import org.keycloak.services.managers.RealmManager;
-import org.keycloak.services.models.relationships.RealmAdminRelationship;
-import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
-import org.keycloak.services.models.relationships.ResourceRelationship;
-import org.keycloak.services.models.relationships.ScopeRelationship;
-import org.picketlink.idm.IdentityManager;
-import org.picketlink.idm.IdentitySession;
-import org.picketlink.idm.credential.Credentials;
-import org.picketlink.idm.credential.Password;
-import org.picketlink.idm.credential.TOTPCredential;
-import org.picketlink.idm.credential.TOTPCredentials;
-import org.picketlink.idm.credential.UsernamePasswordCredentials;
-import org.picketlink.idm.credential.X509CertificateCredentials;
-import org.picketlink.idm.model.Agent;
-import org.picketlink.idm.model.Attribute;
-import org.picketlink.idm.model.Grant;
-import org.picketlink.idm.model.Realm;
-import org.picketlink.idm.model.Role;
-import org.picketlink.idm.model.SimpleRole;
-import org.picketlink.idm.model.SimpleUser;
-import org.picketlink.idm.model.Tier;
-import org.picketlink.idm.model.User;
-import org.picketlink.idm.query.IdentityQuery;
-import org.picketlink.idm.query.RelationshipQuery;
-
-import java.io.IOException;
-import java.io.StringWriter;
import java.security.PrivateKey;
import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
- * Meant to be a per-request object
- *
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
-public class RealmModel {
- public static final String DEFAULT_REALM = "default";
- public static final String REALM_AGENT_ID = "_realm_";
- public static final String REALM_NAME = "name";
- public static final String REALM_ACCESS_CODE_LIFESPAN = "accessCodeLifespan";
- public static final String REALM_TOKEN_LIFESPAN = "tokenLifespan";
- public static final String REALM_PRIVATE_KEY = "privateKey";
- public static final String REALM_PUBLIC_KEY = "publicKey";
- public static final String REALM_IS_SSL_NOT_REQUIRED = "isSSLNotRequired";
- public static final String REALM_IS_COOKIE_LOGIN_ALLOWED = "isCookieLoginAllowed";
- public static final String REALM_IS_REGISTRATION_ALLOWED = "isRegistrationAllowed";
-
- protected Realm realm;
- protected Agent realmAgent;
- protected IdentitySession identitySession;
- protected volatile transient PublicKey publicKey;
- protected volatile transient PrivateKey privateKey;
- protected IdentityManager idm;
-
- public RealmModel(Realm realm, IdentitySession session) {
- this.realm = realm;
- this.identitySession = session;
- realmAgent = getIdm().getAgent(REALM_AGENT_ID);
- }
-
- protected IdentityManager getIdm() {
- if (idm == null) idm = identitySession.createIdentityManager(realm);
- return idm;
- }
-
- public void updateRealm() {
- getIdm().update(realmAgent);
- }
-
- public String getId() {
- return realm.getId();
- }
-
- public String getName() {
- return (String) realmAgent.getAttribute(REALM_NAME).getValue();
- }
-
- public void setName(String name) {
- realmAgent.setAttribute(new Attribute<String>(REALM_NAME, name));
- }
-
- public boolean isEnabled() {
- return realmAgent.isEnabled();
- }
-
- public void setEnabled(boolean enabled) {
- realmAgent.setEnabled(enabled);
- }
-
- public boolean isSslNotRequired() {
- return (Boolean) realmAgent.getAttribute(REALM_IS_SSL_NOT_REQUIRED).getValue();
- }
-
- public void setSslNotRequired(boolean sslNotRequired) {
- realmAgent.setAttribute(new Attribute<Boolean>(REALM_IS_SSL_NOT_REQUIRED, sslNotRequired));
- }
-
- public boolean isCookieLoginAllowed() {
- return (Boolean) realmAgent.getAttribute(REALM_IS_COOKIE_LOGIN_ALLOWED).getValue();
- }
-
- public void setCookieLoginAllowed(boolean cookieLoginAllowed) {
- realmAgent.setAttribute(new Attribute<Boolean>(REALM_IS_COOKIE_LOGIN_ALLOWED, cookieLoginAllowed));
- }
-
- public boolean isRegistrationAllowed() {
- return (Boolean) realmAgent.getAttribute(REALM_IS_REGISTRATION_ALLOWED).getValue();
- }
-
- public void setRegistrationAllowed(boolean registrationAllowed) {
- realmAgent.setAttribute(new Attribute<Boolean>(REALM_IS_REGISTRATION_ALLOWED, registrationAllowed));
- }
-
- public int getTokenLifespan() {
- return (Integer) realmAgent.getAttribute(REALM_TOKEN_LIFESPAN).getValue();
- }
-
- public void setTokenLifespan(int tokenLifespan) {
- realmAgent.setAttribute(new Attribute<Integer>(REALM_TOKEN_LIFESPAN, tokenLifespan));
- }
-
- public int getAccessCodeLifespan() {
- return (Integer) realmAgent.getAttribute(REALM_ACCESS_CODE_LIFESPAN).getValue();
- }
-
- public void setAccessCodeLifespan(int accessCodeLifespan) {
- realmAgent.setAttribute(new Attribute<Integer>(REALM_ACCESS_CODE_LIFESPAN, accessCodeLifespan));
- }
-
- public String getPublicKeyPem() {
- return (String) realmAgent.getAttribute(REALM_PUBLIC_KEY).getValue();
- }
-
- public void setPublicKeyPem(String publicKeyPem) {
- realmAgent.setAttribute(new Attribute<String>(REALM_PUBLIC_KEY, publicKeyPem));
- this.publicKey = null;
- }
-
- public String getPrivateKeyPem() {
- return (String) realmAgent.getAttribute(REALM_PRIVATE_KEY).getValue();
- }
-
- public void setPrivateKeyPem(String privateKeyPem) {
- realmAgent.setAttribute(new Attribute<String>(REALM_PRIVATE_KEY, privateKeyPem));
- this.privateKey = null;
- }
-
- public PublicKey getPublicKey() {
- if (publicKey != null) return publicKey;
- String pem = getPublicKeyPem();
- if (pem != null) {
- try {
- publicKey = PemUtils.decodePublicKey(pem);
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
- return publicKey;
- }
-
- public void setPublicKey(PublicKey publicKey) {
- this.publicKey = publicKey;
- StringWriter writer = new StringWriter();
- PEMWriter pemWriter = new PEMWriter(writer);
- try {
- pemWriter.writeObject(publicKey);
- pemWriter.flush();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- String s = writer.toString();
- setPublicKeyPem(PemUtils.removeBeginEnd(s));
- }
-
- public PrivateKey getPrivateKey() {
- if (privateKey != null) return privateKey;
- String pem = getPrivateKeyPem();
- if (pem != null) {
- try {
- privateKey = PemUtils.decodePrivateKey(pem);
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
- return privateKey;
- }
-
- public void setPrivateKey(PrivateKey privateKey) {
- this.privateKey = privateKey;
- StringWriter writer = new StringWriter();
- PEMWriter pemWriter = new PEMWriter(writer);
- try {
- pemWriter.writeObject(privateKey);
- pemWriter.flush();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- String s = writer.toString();
- setPrivateKeyPem(PemUtils.removeBeginEnd(s));
- }
-
- public List<RequiredCredentialModel> getRequiredCredentials() {
- IdentityManager idm = getIdm();
- Agent realmAgent = idm.getAgent(REALM_AGENT_ID);
- RelationshipQuery<RequiredCredentialRelationship> query = idm.createRelationshipQuery(RequiredCredentialRelationship.class);
- query.setParameter(RequiredCredentialRelationship.REALM_AGENT, realmAgent);
- List<RequiredCredentialRelationship> results = query.getResultList();
- List<RequiredCredentialModel> rtn = new ArrayList<RequiredCredentialModel>();
- for (RequiredCredentialRelationship relationship : results) {
- RequiredCredentialModel model = new RequiredCredentialModel();
- model.setInput(relationship.isInput());
- model.setSecret(relationship.isSecret());
- model.setType(relationship.getCredentialType());
- rtn.add(model);
- }
- return rtn;
- }
-
- public void addRequiredCredential(RequiredCredentialModel cred) {
- IdentityManager idm = getIdm();
- Agent realmAgent = idm.getAgent(REALM_AGENT_ID);
- RequiredCredentialRelationship relationship = new RequiredCredentialRelationship();
- relationship.setCredentialType(cred.getType());
- relationship.setInput(cred.isInput());
- relationship.setSecret(cred.isSecret());
- relationship.setRealmAgent(realmAgent);
- idm.add(relationship);
- }
-
- public boolean validatePassword(UserModel user, String password) {
- UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user.getLoginName(), new Password(password));
- getIdm().validateCredentials(creds);
- return creds.getStatus() == Credentials.Status.VALID;
- }
-
- public boolean validateTOTP(UserModel user, String password, String token) {
- TOTPCredentials creds = new TOTPCredentials();
- creds.setToken(token);
- creds.setUsername(user.getLoginName());
- creds.setPassword(new Password(password));
- getIdm().validateCredentials(creds);
- return creds.getStatus() == Credentials.Status.VALID;
- }
-
- public void updateCredential(UserModel user, UserCredentialModel cred) {
- IdentityManager idm = getIdm();
- if (cred.getType().equals(RequiredCredentialRepresentation.PASSWORD)) {
- Password password = new Password(cred.getValue());
- idm.updateCredential(user.getUser(), password);
- } else if (cred.getType().equals(RequiredCredentialRepresentation.TOTP)) {
- TOTPCredential totp = new TOTPCredential(cred.getValue());
- idm.updateCredential(user.getUser(), totp);
- } else if (cred.getType().equals(RequiredCredentialRepresentation.CLIENT_CERT)) {
- X509Certificate cert = null;
- try {
- cert = org.keycloak.PemUtils.decodeCertificate(cred.getValue());
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- X509CertificateCredentials creds = new X509CertificateCredentials(cert);
- idm.updateCredential(user.getUser(), creds);
- }
- }
-
- public UserModel getUser(String name) {
- User user = getIdm().getUser(name);
- if (user == null) return null;
- return new UserModel(user, getIdm());
- }
-
- public UserModel addUser(String username) {
- User user = getIdm().getUser(username);
- if (user != null) throw new IllegalStateException("User already exists");
- user = new SimpleUser(username);
- getIdm().add(user);
- return new UserModel(user, getIdm());
- }
-
- public RoleModel getRole(String name) {
- Role role = getIdm().getRole(name);
- if (role == null) return null;
- return new RoleModel(role, getIdm());
- }
-
- public RoleModel addRole(String name) {
- Role role = new SimpleRole(name);
- getIdm().add(role);
- return new RoleModel(role, getIdm());
- }
-
- public List<RoleModel> getRoles() {
- IdentityManager idm = getIdm();
- IdentityQuery<Role> query = idm.createIdentityQuery(Role.class);
- query.setParameter(Role.PARTITION, realm);
- List<Role> roles = query.getResultList();
- List<RoleModel> roleModels = new ArrayList<RoleModel>();
- for (Role role : roles) {
- roleModels.add(new RoleModel(role, idm));
- }
- return roleModels;
- }
-
-
- /**
- * Key name, value resource
- *
- * @return
- */
- public Map<String, ResourceModel> getResourceMap() {
- Map<String, ResourceModel> resourceMap = new HashMap<String, ResourceModel>();
- for (ResourceModel resource : getResources()) {
- resourceMap.put(resource.getName(), resource);
- }
- return resourceMap;
- }
-
- public List<ResourceModel> getResources() {
- IdentityManager idm = getIdm();
- RelationshipQuery<ResourceRelationship> query = idm.createRelationshipQuery(ResourceRelationship.class);
- query.setParameter(ResourceRelationship.REALM_AGENT, realmAgent);
- List<ResourceRelationship> results = query.getResultList();
- List<ResourceModel> resources = new ArrayList<ResourceModel>();
- for (ResourceRelationship relationship : results) {
- Tier resourceTier = identitySession.findTier(relationship.getResourceId());
- ResourceModel model = new ResourceModel(resourceTier,relationship, this, identitySession);
- resources.add(model);
- }
-
- return resources;
- }
-
- public ResourceModel addResource(String name) {
- Tier newTier = identitySession.createTier(RealmManager.generateId());
- IdentityManager idm = getIdm();
- ResourceRelationship relationship = new ResourceRelationship();
- relationship.setResourceName(name);
- relationship.setRealmAgent(realmAgent);
- relationship.setResourceId(newTier.getId());
- relationship.setManagementUrl(""); // Picketlink doesn't like null attribute values
- User resourceUser = new SimpleUser(name);
- idm.add(resourceUser);
- relationship.setResourceUser(resourceUser);
- idm.add(relationship);
- ResourceModel resource = new ResourceModel(newTier, relationship, this, identitySession);
- resource.addRole("*");
- resource.addScope(new UserModel(resourceUser, idm), "*");
- return resource;
- }
-
- public boolean hasRole(UserModel user, RoleModel role) {
- return getIdm().hasRole(user.getUser(), role.getRole());
- }
-
- public void grantRole(UserModel user, RoleModel role) {
- getIdm().grantRole(user.getUser(), role.getRole());
- }
-
- public Set<String> getRoleMappings(UserModel user) {
- RelationshipQuery<Grant> query = getIdm().createRelationshipQuery(Grant.class);
- query.setParameter(Grant.ASSIGNEE, user.getUser());
- List<Grant> grants = query.getResultList();
- HashSet<String> set = new HashSet<String>();
- for (Grant grant : grants) {
- if (grant.getRole().getPartition().getId().equals(realm.getId())) set.add(grant.getRole().getName());
- }
- return set;
- }
-
- public void addScope(UserModel agent, String roleName) {
- IdentityManager idm = getIdm();
- Role role = idm.getRole(roleName);
- if (role == null) throw new RuntimeException("role not found");
- ScopeRelationship scope = new ScopeRelationship();
- scope.setClient(agent.getUser());
- scope.setScope(role);
- idm.add(scope);
-
- }
-
-
- public Set<String> getScope(UserModel agent) {
- RelationshipQuery<ScopeRelationship> query = getIdm().createRelationshipQuery(ScopeRelationship.class);
- query.setParameter(ScopeRelationship.CLIENT, agent.getUser());
- List<ScopeRelationship> scope = query.getResultList();
- HashSet<String> set = new HashSet<String>();
- for (ScopeRelationship rel : scope) {
- if (rel.getScope().getPartition().getId().equals(realm.getId())) set.add(rel.getScope().getName());
- }
- return set;
- }
-
- public boolean isRealmAdmin(UserModel agent) {
- IdentityManager idm = new RealmManager(identitySession).defaultRealm().getIdm();
- RelationshipQuery<RealmAdminRelationship> query = idm.createRelationshipQuery(RealmAdminRelationship.class);
- query.setParameter(RealmAdminRelationship.REALM, realm.getId());
- query.setParameter(RealmAdminRelationship.ADMIN, agent.getUser());
- List<RealmAdminRelationship> results = query.getResultList();
- return results.size() > 0;
- }
-
- public void addRealmAdmin(UserModel agent) {
- IdentityManager idm = new RealmManager(identitySession).defaultRealm().getIdm();
- RealmAdminRelationship relationship = new RealmAdminRelationship();
- relationship.setAdmin(agent.getUser());
- relationship.setRealm(realm.getId());
- idm.add(relationship);
- }
+public interface RealmModel {
+ String DEFAULT_REALM = "default";
+
+ String getId();
+
+ String getName();
+
+ void setName(String name);
+
+ boolean isEnabled();
+
+ void setEnabled(boolean enabled);
+
+ boolean isSslNotRequired();
+
+ void setSslNotRequired(boolean sslNotRequired);
+
+ boolean isCookieLoginAllowed();
+
+ void setCookieLoginAllowed(boolean cookieLoginAllowed);
+
+ boolean isRegistrationAllowed();
+
+ void setRegistrationAllowed(boolean registrationAllowed);
+
+ int getTokenLifespan();
+
+ void setTokenLifespan(int tokenLifespan);
+
+ int getAccessCodeLifespan();
+
+ void setAccessCodeLifespan(int accessCodeLifespan);
+
+ String getPublicKeyPem();
+
+ void setPublicKeyPem(String publicKeyPem);
+
+ String getPrivateKeyPem();
+
+ void setPrivateKeyPem(String privateKeyPem);
+
+ PublicKey getPublicKey();
+
+ void setPublicKey(PublicKey publicKey);
+
+ PrivateKey getPrivateKey();
+
+ void setPrivateKey(PrivateKey privateKey);
+
+ List<RequiredCredentialModel> getRequiredCredentials();
+
+ void addRequiredCredential(RequiredCredentialModel cred);
+
+ boolean validatePassword(UserModel user, String password);
+
+ boolean validateTOTP(UserModel user, String password, String token);
+
+ void updateCredential(UserModel user, UserCredentialModel cred);
+
+ UserModel getUser(String name);
+
+ UserModel addUser(String username);
+
+ RoleModel getRole(String name);
+
+ RoleModel addRole(String name);
+
+ List<RoleModel> getRoles();
+
+ Map<String, ResourceModel> getResourceMap();
+
+ List<ResourceModel> getResources();
+
+ ResourceModel addResource(String name);
+
+ boolean hasRole(UserModel user, RoleModel role);
+
+ void grantRole(UserModel user, RoleModel role);
+
+ Set<String> getRoleMappings(UserModel user);
+
+ void addScope(UserModel agent, String roleName);
+
+ Set<String> getScope(UserModel agent);
+
+ boolean isRealmAdmin(UserModel agent);
+
+ void addRealmAdmin(UserModel agent);
}
diff --git a/services/src/main/java/org/keycloak/services/models/ResourceModel.java b/services/src/main/java/org/keycloak/services/models/ResourceModel.java
index 2874e60..e5cffc9 100755
--- a/services/src/main/java/org/keycloak/services/models/ResourceModel.java
+++ b/services/src/main/java/org/keycloak/services/models/ResourceModel.java
@@ -1,144 +1,46 @@
-package org.keycloak.services.models;
-
-import org.keycloak.services.models.relationships.ResourceRelationship;
-import org.keycloak.services.models.relationships.ScopeRelationship;
-import org.picketlink.idm.IdentityManager;
-import org.picketlink.idm.IdentitySession;
-import org.picketlink.idm.model.Grant;
-import org.picketlink.idm.model.Role;
-import org.picketlink.idm.model.SimpleRole;
-import org.picketlink.idm.model.Tier;
-import org.picketlink.idm.query.IdentityQuery;
-import org.picketlink.idm.query.RelationshipQuery;
-
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-/**
- * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
- * @version $Revision: 1 $
- */
-public class ResourceModel {
- protected Tier tier;
- protected ResourceRelationship agent;
- protected RealmModel realm;
- protected IdentitySession identitySession;
- protected IdentityManager idm;
-
- public ResourceModel(Tier tier, ResourceRelationship agent, RealmModel realm, IdentitySession session) {
- this.tier = tier;
- this.agent = agent;
- this.realm = realm;
- this.identitySession = session;
- }
-
- protected IdentityManager getIdm() {
- if (idm == null) idm = identitySession.createIdentityManager(tier);
- return idm;
- }
-
- public void updateResource() {
- getIdm().update(agent);
- }
-
- public UserModel getResourceUser() {
- return new UserModel(agent.getResourceUser(), realm.getIdm());
- }
-
- public String getId() {
- return tier.getId();
- }
-
- public String getName() {
- return agent.getResourceName();
- }
-
- public void setName(String name) {
- agent.setResourceName(name);
- }
-
- public boolean isEnabled() {
- return agent.getEnabled();
- }
-
- public void setEnabled(boolean enabled) {
- agent.setEnabled(enabled);
- }
-
- public boolean isSurrogateAuthRequired() {
- return agent.getSurrogateAuthRequired();
- }
-
- public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
- agent.setSurrogateAuthRequired(surrogateAuthRequired);
- }
-
- public String getManagementUrl() {
- return agent.getManagementUrl();
- }
-
- public void setManagementUrl(String url) {
- agent.setManagementUrl(url);
- }
-
- public RoleModel getRole(String name) {
- Role role = getIdm().getRole(name);
- if (role == null) return null;
- return new RoleModel(role, getIdm());
- }
-
- public RoleModel addRole(String name) {
- Role role = new SimpleRole(name);
- getIdm().add(role);
- return new RoleModel(role, getIdm());
- }
-
- public List<RoleModel> getRoles() {
- IdentityQuery<Role> query = getIdm().createIdentityQuery(Role.class);
- query.setParameter(Role.PARTITION, tier);
- List<Role> roles = query.getResultList();
- List<RoleModel> roleModels = new ArrayList<RoleModel>();
- for (Role role : roles) {
- roleModels.add(new RoleModel(role, idm));
- }
- return roleModels;
- }
-
- public Set<String> getRoleMappings(UserModel user) {
- RelationshipQuery<Grant> query = getIdm().createRelationshipQuery(Grant.class);
- query.setParameter(Grant.ASSIGNEE, user.getUser());
- List<Grant> grants = query.getResultList();
- HashSet<String> set = new HashSet<String>();
- for (Grant grant : grants) {
- if (grant.getRole().getPartition().getId().equals(tier.getId())) set.add(grant.getRole().getName());
- }
- return set;
- }
-
- public void addScope(UserModel agent, String roleName) {
- IdentityManager idm = getIdm();
- Role role = idm.getRole(roleName);
- if (role == null) throw new RuntimeException("role not found");
- addScope(agent, role);
-
- }
-
- public void addScope(UserModel agent, Role role) {
- ScopeRelationship scope = new ScopeRelationship();
- scope.setClient(agent.getUser());
- scope.setScope(role);
- }
-
- public Set<String> getScope(UserModel agent) {
- RelationshipQuery<ScopeRelationship> query = getIdm().createRelationshipQuery(ScopeRelationship.class);
- query.setParameter(ScopeRelationship.CLIENT, agent.getUser());
- List<ScopeRelationship> scope = query.getResultList();
- HashSet<String> set = new HashSet<String>();
- for (ScopeRelationship rel : scope) {
- if (rel.getScope().getPartition().getId().equals(tier.getId())) set.add(rel.getScope().getName());
- }
- return set;
- }
-}
+package org.keycloak.services.models;
+
+import java.util.List;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public interface ResourceModel {
+ void updateResource();
+
+ UserModel getResourceUser();
+
+ String getId();
+
+ String getName();
+
+ void setName(String name);
+
+ boolean isEnabled();
+
+ void setEnabled(boolean enabled);
+
+ boolean isSurrogateAuthRequired();
+
+ void setSurrogateAuthRequired(boolean surrogateAuthRequired);
+
+ String getManagementUrl();
+
+ void setManagementUrl(String url);
+
+ RoleModel getRole(String name);
+
+ RoleModel addRole(String name);
+
+ List<RoleModel> getRoles();
+
+ Set<String> getRoleMappings(UserModel user);
+
+ void addScope(UserModel agent, String roleName);
+
+ void addScope(UserModel agent, RoleModel role);
+
+ Set<String> getScope(UserModel agent);
+}
diff --git a/services/src/main/java/org/keycloak/services/models/RoleModel.java b/services/src/main/java/org/keycloak/services/models/RoleModel.java
index 5fcea7c..674dc62 100755
--- a/services/src/main/java/org/keycloak/services/models/RoleModel.java
+++ b/services/src/main/java/org/keycloak/services/models/RoleModel.java
@@ -1,45 +1,13 @@
package org.keycloak.services.models;
-import org.picketlink.idm.IdentityManager;
-import org.picketlink.idm.model.Attribute;
-import org.picketlink.idm.model.Role;
-
-import java.io.Serializable;
-
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
-public class RoleModel {
- protected Role role;
- protected IdentityManager idm;
-
- public RoleModel(Role role, IdentityManager idm) {
- this.role = role;
- this.idm = idm;
- }
-
- protected Role getRole() {
- return role;
- }
-
- public String getName() {
- return role.getName();
- }
-
- public String getDescription() {
- Attribute<Serializable> description = role.getAttribute("description");
- if (description == null) return null;
- return (String) description.getValue();
- }
+public interface RoleModel {
+ String getName();
- public void setDescription(String description) {
- if (description == null) {
- role.removeAttribute("description");
- } else {
- role.setAttribute(new Attribute<String>("description", description));
- }
- idm.update(role);
- }
+ String getDescription();
+ void setDescription(String description);
}
diff --git a/services/src/main/java/org/keycloak/services/models/UserModel.java b/services/src/main/java/org/keycloak/services/models/UserModel.java
index 7491f3c..bac22c7 100755
--- a/services/src/main/java/org/keycloak/services/models/UserModel.java
+++ b/services/src/main/java/org/keycloak/services/models/UserModel.java
@@ -1,63 +1,23 @@
package org.keycloak.services.models;
-import org.picketlink.idm.IdentityManager;
-import org.picketlink.idm.model.Attribute;
-import org.picketlink.idm.model.User;
-
-import java.util.HashMap;
import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
-public class UserModel {
- protected User user;
- protected IdentityManager idm;
-
- public UserModel(User user, IdentityManager idm) {
- this.user = user;
- this.idm = idm;
- }
-
- protected User getUser() {
- return user;
- }
-
- public String getLoginName() {
- return user.getLoginName();
- }
-
- public boolean isEnabled() {
- return user.isEnabled();
- }
-
- public void setEnabled(boolean enabled) {
- user.setEnabled(enabled);
- idm.update(user);
- }
-
- public void setAttribute(String name, String value) {
- user.setAttribute(new Attribute<String>(name, value));
- idm.update(user);
- }
-
- public void removeAttribute(String name) {
- user.removeAttribute(name);
- idm.update(user);
- }
-
- public String getAttribute(String name) {
- Attribute<String> attribute = user.getAttribute(name);
- if (attribute == null || attribute.getValue() == null) return null;
- return attribute.getValue().toString();
- }
-
- public Map<String, String> getAttributes() {
- Map<String, String> attributes = new HashMap<String, String>();
- for (Attribute attribute : user.getAttributes()) {
- if (attribute.getValue() != null) attributes.put(attribute.getName(), attribute.getValue().toString());
- }
- return attributes;
- }
+public interface UserModel {
+ String getLoginName();
+
+ boolean isEnabled();
+
+ void setEnabled(boolean enabled);
+
+ void setAttribute(String name, String value);
+
+ void removeAttribute(String name);
+
+ String getAttribute(String name);
+
+ Map<String, String> getAttributes();
}
diff --git a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
index fb423f0..2c6f49a 100755
--- a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
+++ b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
@@ -1,12 +1,14 @@
package org.keycloak.services.resources;
import org.keycloak.SkeletonKeyContextResolver;
-import org.keycloak.services.filters.IdentitySessionFilter;
+import org.keycloak.services.filters.KeycloakSessionFilter;
import org.keycloak.services.managers.TokenManager;
-import org.keycloak.services.models.relationships.RealmAdminRelationship;
-import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
-import org.keycloak.services.models.relationships.ResourceRelationship;
-import org.keycloak.services.models.relationships.ScopeRelationship;
+import org.keycloak.services.models.KeycloakSessionFactory;
+import org.keycloak.services.models.picketlink.PicketlinkKeycloakSessionFactory;
+import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship;
+import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship;
+import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
+import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
import org.picketlink.idm.IdentitySessionFactory;
import org.picketlink.idm.config.IdentityConfiguration;
import org.picketlink.idm.config.IdentityConfigurationBuilder;
@@ -34,18 +36,18 @@ public class KeycloakApplication extends Application {
protected Set<Object> singletons = new HashSet<Object>();
protected Set<Class<?>> classes = new HashSet<Class<?>>();
- protected IdentitySessionFactory factory;
+ protected KeycloakSessionFactory factory;
public KeycloakApplication() {
- this.factory = createFactory();
- IdentitySessionFilter filter = new IdentitySessionFilter(factory);
+ this.factory = new PicketlinkKeycloakSessionFactory(createFactory());
+ KeycloakSessionFilter filter = new KeycloakSessionFilter(factory);
singletons.add(new RealmsResource(new TokenManager()));
singletons.add(filter);
classes.add(SkeletonKeyContextResolver.class);
classes.add(RegistrationService.class);
}
- public IdentitySessionFactory getFactory() {
+ public KeycloakSessionFactory getFactory() {
return factory;
}
diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
index a0ab19e..da94d73 100755
--- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
@@ -5,10 +5,10 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.TokenManager;
+import org.keycloak.services.models.KeycloakSession;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
-import org.picketlink.idm.IdentitySession;
import javax.ws.rs.Consumes;
import javax.ws.rs.NotAuthorizedException;
@@ -39,7 +39,7 @@ public class RealmsResource {
protected HttpHeaders headers;
@Context
- protected IdentitySession identitySession;
+ protected KeycloakSession identitySession;
@Context
ResourceContext resourceContext;
diff --git a/services/src/main/java/org/keycloak/services/resources/RealmSubResource.java b/services/src/main/java/org/keycloak/services/resources/RealmSubResource.java
index 4221f12..63f0f8b 100755
--- a/services/src/main/java/org/keycloak/services/resources/RealmSubResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/RealmSubResource.java
@@ -2,8 +2,8 @@ package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.PublishedRealmRepresentation;
+import org.keycloak.services.models.KeycloakSession;
import org.keycloak.services.models.RealmModel;
-import org.picketlink.idm.IdentitySession;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
@@ -25,7 +25,7 @@ public class RealmSubResource {
protected UriInfo uriInfo;
@Context
- protected IdentitySession identitySession;
+ protected KeycloakSession identitySession;
protected RealmModel realm;
diff --git a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java
index d705467..18b06ff 100755
--- a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java
+++ b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java
@@ -4,11 +4,11 @@ import org.jboss.resteasy.logging.Logger;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.RealmManager;
+import org.keycloak.services.models.KeycloakSession;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RoleModel;
-import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.models.UserModel;
-import org.picketlink.idm.IdentitySession;
+import org.keycloak.services.models.UserCredentialModel;
import javax.ws.rs.Consumes;
import javax.ws.rs.ForbiddenException;
@@ -33,7 +33,7 @@ public class RegistrationService {
protected UriInfo uriInfo;
@Context
- protected IdentitySession identitySession;
+ protected KeycloakSession identitySession;
@POST
@Consumes(MediaType.APPLICATION_JSON)
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index f1ceb54..f307e68 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -15,10 +15,10 @@ import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.services.managers.TokenManager;
+import org.keycloak.services.models.KeycloakSession;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
-import org.picketlink.idm.IdentitySession;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
@@ -58,7 +58,7 @@ public class TokenService {
@Context
protected HttpHeaders headers;
@Context
- protected IdentitySession identitySession;
+ protected KeycloakSession identitySession;
@Context
HttpRequest request;
@Context
diff --git a/services/src/test/java/org/keycloak/test/AdapterTest.java b/services/src/test/java/org/keycloak/test/AdapterTest.java
index a084901..ee0d2d7 100755
--- a/services/src/test/java/org/keycloak/test/AdapterTest.java
+++ b/services/src/test/java/org/keycloak/test/AdapterTest.java
@@ -7,18 +7,19 @@ import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
-import org.keycloak.services.managers.InstallationManager;
import org.keycloak.services.managers.RealmManager;
+import org.keycloak.services.models.KeycloakSession;
+import org.keycloak.services.models.KeycloakSessionFactory;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.models.RoleModel;
-import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.models.UserModel;
-import org.keycloak.services.models.relationships.RealmAdminRelationship;
-import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
-import org.keycloak.services.models.relationships.ResourceRelationship;
-import org.keycloak.services.models.relationships.ScopeRelationship;
-import org.picketlink.idm.IdentitySession;
+import org.keycloak.services.models.UserCredentialModel;
+import org.keycloak.services.models.picketlink.PicketlinkKeycloakSessionFactory;
+import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship;
+import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship;
+import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
+import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
import org.picketlink.idm.IdentitySessionFactory;
import org.picketlink.idm.config.IdentityConfiguration;
import org.picketlink.idm.config.IdentityConfigurationBuilder;
@@ -41,16 +42,16 @@ import java.util.List;
*/
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
public class AdapterTest {
- private IdentitySessionFactory factory;
- private IdentitySession IdentitySession;
+ private KeycloakSessionFactory factory;
+ private KeycloakSession identitySession;
private RealmManager adapter;
private RealmModel realmModel;
@Before
public void before() throws Exception {
- factory = createFactory();
- IdentitySession = factory.createIdentitySession();
- adapter = new RealmManager(IdentitySession);
+ factory = new PicketlinkKeycloakSessionFactory(createFactory());
+ identitySession = factory.createSession();
+ adapter = new RealmManager(identitySession);
}
public static IdentitySessionFactory createFactory() {
@@ -79,7 +80,7 @@ public class AdapterTest {
@After
public void after() throws Exception {
- IdentitySession.close();
+ identitySession.close();
factory.close();
}
@@ -99,7 +100,6 @@ public class AdapterTest {
realmModel.setPrivateKeyPem("0234234");
realmModel.setPublicKeyPem("0234234");
realmModel.setTokenLifespan(1000);
- realmModel.updateRealm();
System.out.println(realmModel.getId());
realmModel = adapter.getRealm(realmModel.getId());
diff --git a/services/src/test/java/org/keycloak/test/ImportTest.java b/services/src/test/java/org/keycloak/test/ImportTest.java
index 5742fa7..d18b93a 100755
--- a/services/src/test/java/org/keycloak/test/ImportTest.java
+++ b/services/src/test/java/org/keycloak/test/ImportTest.java
@@ -8,15 +8,17 @@ import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
+import org.keycloak.services.models.KeycloakSession;
+import org.keycloak.services.models.KeycloakSessionFactory;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.models.UserModel;
-import org.keycloak.services.models.relationships.RealmAdminRelationship;
-import org.keycloak.services.models.relationships.RequiredCredentialRelationship;
-import org.keycloak.services.models.relationships.ResourceRelationship;
-import org.keycloak.services.models.relationships.ScopeRelationship;
+import org.keycloak.services.models.picketlink.PicketlinkKeycloakSessionFactory;
+import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship;
+import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship;
+import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
+import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
import org.keycloak.services.resources.RegistrationService;
-import org.picketlink.idm.IdentitySession;
import org.picketlink.idm.IdentitySessionFactory;
import org.picketlink.idm.config.IdentityConfiguration;
import org.picketlink.idm.config.IdentityConfigurationBuilder;
@@ -40,15 +42,15 @@ import java.util.Set;
*/
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
public class ImportTest {
- private IdentitySessionFactory factory;
- private IdentitySession identitySession;
+ private KeycloakSessionFactory factory;
+ private KeycloakSession identitySession;
private RealmManager manager;
private RealmModel realmModel;
@Before
public void before() throws Exception {
- factory = createFactory();
- identitySession = factory.createIdentitySession();
+ factory = new PicketlinkKeycloakSessionFactory(createFactory());
+ identitySession = factory.createSession();
manager = new RealmManager(identitySession);
}
@@ -93,7 +95,6 @@ public class ImportTest {
defaultRealm.setCookieLoginAllowed(true);
defaultRealm.setRegistrationAllowed(true);
manager.generateRealmKeys(defaultRealm);
- defaultRealm.updateRealm();
defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE);
diff --git a/services/src/test/java/org/keycloak/test/RealmCreationTest.java b/services/src/test/java/org/keycloak/test/RealmCreationTest.java
index 88cbe49..a79acb8 100755
--- a/services/src/test/java/org/keycloak/test/RealmCreationTest.java
+++ b/services/src/test/java/org/keycloak/test/RealmCreationTest.java
@@ -12,8 +12,8 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RequiredCredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.AuthenticationManager;
-import org.keycloak.services.managers.InstallationManager;
import org.keycloak.services.managers.RealmManager;
+import org.keycloak.services.models.KeycloakSession;
import org.keycloak.services.resources.KeycloakApplication;
import org.picketlink.idm.IdentitySession;
import org.picketlink.idm.model.Realm;
@@ -43,7 +43,7 @@ public class RealmCreationTest {
deployment.setApplicationClass(KeycloakApplication.class.getName());
EmbeddedContainer.start(deployment);
KeycloakApplication application = (KeycloakApplication) deployment.getApplication();
- IdentitySession IdentitySession = application.getFactory().createIdentitySession();
+ KeycloakSession IdentitySession = application.getFactory().createSession();
RealmManager manager = new RealmManager(IdentitySession);
new InstallationManager().install(manager);
client = new ResteasyClientBuilder().build();