keycloak-memoizeit
Changes
integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthAuthenticationServerValve.java 2(+1 -1)
services/src/main/java/org/keycloak/services/models/picketlink/mappings/ApplicationData.java 6(+3 -3)
services/src/main/java/org/keycloak/services/models/picketlink/mappings/ApplicationEntity.java 4(+2 -2)
Details
diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
index 53fb2c7..e2e5f48 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -17,16 +17,17 @@ public class RealmRepresentation {
protected boolean enabled;
protected boolean sslNotRequired;
protected boolean cookieLoginAllowed;
+ protected boolean registrationAllowed;
protected String privateKey;
protected String publicKey;
protected List<RoleRepresentation> roles;
- protected List<String> requiredCredentials;
- protected List<String> requiredResourceCredentials;
- protected List<String> requiredOAuthClientCredentials;
+ protected Set<String> requiredCredentials;
+ protected Set<String> requiredApplicationCredentials;
+ protected Set<String> requiredOAuthClientCredentials;
protected List<UserRepresentation> users;
protected List<RoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings;
- protected List<ResourceRepresentation> resources;
+ protected List<ApplicationRepresentation> applications;
public String getSelf() {
@@ -57,14 +58,14 @@ public class RealmRepresentation {
return users;
}
- public List<ResourceRepresentation> getResources() {
- return resources;
+ public List<ApplicationRepresentation> getApplications() {
+ return applications;
}
- public ResourceRepresentation resource(String name) {
- ResourceRepresentation resource = new ResourceRepresentation();
- if (resources == null) resources = new ArrayList<ResourceRepresentation>();
- resources.add(resource);
+ public ApplicationRepresentation resource(String name) {
+ ApplicationRepresentation resource = new ApplicationRepresentation();
+ if (applications == null) applications = new ArrayList<ApplicationRepresentation>();
+ applications.add(resource);
resource.setName(name);
return resource;
}
@@ -81,8 +82,8 @@ public class RealmRepresentation {
return user;
}
- public void setResources(List<ResourceRepresentation> resources) {
- this.resources = resources;
+ public void setApplications(List<ApplicationRepresentation> applications) {
+ this.applications = applications;
}
public boolean isEnabled() {
@@ -141,27 +142,27 @@ public class RealmRepresentation {
return mapping;
}
- public List<String> getRequiredCredentials() {
+ public Set<String> getRequiredCredentials() {
return requiredCredentials;
}
- public void setRequiredCredentials(List<String> requiredCredentials) {
+ public void setRequiredCredentials(Set<String> requiredCredentials) {
this.requiredCredentials = requiredCredentials;
}
- public List<String> getRequiredResourceCredentials() {
- return requiredResourceCredentials;
+ public Set<String> getRequiredApplicationCredentials() {
+ return requiredApplicationCredentials;
}
- public void setRequiredResourceCredentials(List<String> requiredResourceCredentials) {
- this.requiredResourceCredentials = requiredResourceCredentials;
+ public void setRequiredApplicationCredentials(Set<String> requiredApplicationCredentials) {
+ this.requiredApplicationCredentials = requiredApplicationCredentials;
}
- public List<String> getRequiredOAuthClientCredentials() {
+ public Set<String> getRequiredOAuthClientCredentials() {
return requiredOAuthClientCredentials;
}
- public void setRequiredOAuthClientCredentials(List<String> requiredOAuthClientCredentials) {
+ public void setRequiredOAuthClientCredentials(Set<String> requiredOAuthClientCredentials) {
this.requiredOAuthClientCredentials = requiredOAuthClientCredentials;
}
@@ -196,4 +197,12 @@ public class RealmRepresentation {
public void setPublicKey(String publicKey) {
this.publicKey = publicKey;
}
+
+ public boolean isRegistrationAllowed() {
+ return registrationAllowed;
+ }
+
+ public void setRegistrationAllowed(boolean registrationAllowed) {
+ this.registrationAllowed = registrationAllowed;
+ }
}
diff --git a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
index eab7b1e..faf899e 100755
--- a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
+++ b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
@@ -1,6 +1,7 @@
package org.keycloak.example.demo;
import org.jboss.resteasy.jwt.JsonSerialization;
+import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.KeycloakSession;
@@ -40,7 +41,7 @@ public class DemoApplication extends KeycloakApplication {
defaultRealm.setCookieLoginAllowed(true);
defaultRealm.setRegistrationAllowed(true);
manager.generateRealmKeys(defaultRealm);
- defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
+ defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
diff --git a/examples/as7-eap-demo/server/src/main/resources/META-INF/persistence.xml b/examples/as7-eap-demo/server/src/main/resources/META-INF/persistence.xml
index e0dc722..ad40046 100755
--- a/examples/as7-eap-demo/server/src/main/resources/META-INF/persistence.xml
+++ b/examples/as7-eap-demo/server/src/main/resources/META-INF/persistence.xml
@@ -19,7 +19,7 @@
<class>org.picketlink.idm.jpa.model.sample.simple.OTPCredentialTypeEntity</class>
<class>org.picketlink.idm.jpa.model.sample.simple.AttributeTypeEntity</class>
<class>org.keycloak.services.models.picketlink.mappings.RealmEntity</class>
- <class>org.keycloak.services.models.picketlink.mappings.ResourceEntity</class>
+ <class>org.keycloak.services.models.picketlink.mappings.ApplicationEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes>
diff --git a/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json b/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
index 63f93fc..2fa8a91 100755
--- a/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
+++ b/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
@@ -8,7 +8,7 @@
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"requiredCredentials": [ "password" ],
- "requiredResourceCredentials": [ "password" ],
+ "requiredApplicationCredentials": [ "password" ],
"requiredOAuthClientCredentials": [ "password" ],
"users" : [
{
@@ -57,7 +57,7 @@
"roles": ["user"]
}
],
- "resources": [
+ "applications": [
{
"name": "customer-portal",
"enabled": true,
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
index b60633d..b01fd77 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
@@ -27,25 +27,9 @@ module.controller('GlobalCtrl', function($scope, $http, Auth, Current, $location
$http.get('/auth-server/rest/saas/admin/realms').success(function(data) {
Current.realms = data;
- var count = 0;
- var showrealm = false;
- var id = null;
- for (var key in data) {
- if (count > 0) {
- showrealm = false;
- break;
- }
- id = key;
- showrealm = true;
- count++;
- }
-
- if (showrealm) {
- console.log('default redirect to realm: ' + id);
- Current.realm = Current.realms[id];
- $location.url("/realms/" + id);
- } else {
- //console.log('not redirecting');
+ if (data.length > 0) {
+ Current.realm = data[0];
+ $location.url("/realms/" + Current.realm.id);
}
});
});
@@ -58,49 +42,58 @@ module.controller('RealmListCtrl', function($scope, Realm, Current) {
module.controller('RealmDropdownCtrl', function($scope, Realm, Current, Auth, $location) {
// Current.realms = Realm.get();
$scope.current = Current;
+ if (Current.realms.length > 0) {
+ console.log('[0]: ' + current.realms[0].realm);
+ }
$scope.changeRealm = function() {
- for (var id in Current.realms) {
- var val = Current.realms[id];
- if (val == Current.realm) {
- $location.url("/realms/" + id);
- break;
- }
- }
+ $location.url("/realms/" + $scope.current.realm.id);
};
$scope.showNav = function() {
- var show = false;
- for (var key in Current.realms) {
- if (typeof Current.realms[key] != "function") {
- if (Current.realms[key] == Current.realm) {
- $scope.currentRealmId = key;
- }
- show = true;
- }
- }
+ var show = Current.realms.length > 0;
+ console.log('Show dropdown? ' + show);
return Auth.loggedIn && show;
}
});
-module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $location, Dialog, Notifications) {
- $scope.realm = angular.copy(realm);
+module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $http, $location, Dialog, Notifications) {
$scope.createRealm = !realm.id;
if ($scope.createRealm) {
- $scope.realm.enabled = true;
- $scope.realm.requireSsl = true;
- $scope.realm.cookieLoginAllowed = true;
- $scope.realm.tokenLifespan = 300;
- $scope.realm.tokenLifespanUnit = 'SECONDS';
- $scope.realm.accessCodeLifespan = 300;
- $scope.realm.accessCodeLifespanUnit = 'SECONDS';
- $scope.realm.requiredCredentials = ['password'];
+ $scope.realm = {
+ enabled: true,
+ requireSsl: true,
+ cookieLoginAllowed: true,
+ tokenLifespan: 300,
+ tokenLifespanUnit: 'SECONDS',
+ accessCodeLifespan: 300,
+ accessCodeLifespanUnit: 'SECONDS',
+ requiredCredentials: ['password']
+
+ };
} else {
- $scope.realm.name = realm.realm;
- $scope.realm.requireSsl = !$scope.realm.sslNotRequired;
+ if (Current.realm == null || Current.realm.id != realm.id) {
+ for (var i = 0; i < Current.realms.length; i++) {
+ if (realm.id == Current.realms[i].id) {
+ Current.realm = Current.realms[i];
+ break;
+ }
+ }
+ }
+ if (Current.realm == null || Current.realm.id != realm.id) {
+ console.log('should be unreachable');
+ return;
+ }
+ $scope.realm = angular.copy(realm);
+ $scope.realm.requireSsl = !realm.sslNotRequired;
$scope.realm.tokenLifespanUnit = 'SECONDS';
- $scope.realm.acessCodeLifespanUnit = 'SECONDS';
+ $scope.realm.accessCodeLifespanUnit = 'SECONDS';
+
}
+ var oldCopy = angular.copy($scope.realm);
+
+
+
$scope.userCredentialOptions = {
'multiple' : true,
'simple_tags' : true,
@@ -110,93 +103,47 @@ module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $lo
$scope.changed = $scope.create;
$scope.$watch('realm', function() {
- if (!angular.equals($scope.realm, realm)) {
+ if (!angular.equals($scope.realm, oldCopy)) {
$scope.changed = true;
}
}, true);
- $scope.addRole = function() {
- if ($scope.newRole) {
- if ($scope.realm.roles) {
- for ( var i = 0; i < $scope.realm.roles.length; i++) {
- if ($scope.realm.roles[i] == $scope.newRole) {
- Notifications.warn("Role already exists");
- $scope.newRole = null;
- return;
- }
- }
- }
-
- if (!$scope.realm.roles) {
- $scope.realm.roles = [];
- }
-
- $scope.realm.roles.push($scope.newRole);
- $scope.newRole = null;
- }
- }
-
- $scope.removeRole = function(role) {
- Dialog.confirmDelete(role, 'role', function() {
- var i = $scope.realm.roles.indexOf(role);
- if (i > -1) {
- $scope.realm.roles.splice(i, 1);
- }
-
- if ($scope.realm.initialRoles) {
- $scope.removeInitialRole(role);
- }
- });
- };
-
- $scope.addInitialRole = function() {
- if ($scope.newInitialRole) {
- if (!$scope.realm.initialRoles) {
- $scope.realm.initialRoles = [];
- }
-
- $scope.realm.initialRoles.push($scope.newInitialRole);
- $scope.newInitialRole = null;
- }
- }
-
- $scope.removeInitialRole = function(role) {
- var i = $scope.realm.initialRoles.indexOf(role);
- if (i > -1) {
- $scope.realm.initialRoles.splice(i, 1);
- }
- };
-
$scope.save = function() {
if ($scope.realmForm.$valid) {
- var realmCopy = {
- realm: $scope.realm.name,
- enabled: $scope.realm.enabled,
- cookieLoginAllowed: $scope.realm.cookieLoginAllowed,
- sslNotRequired: !$scope.realm.requireSsl,
- tokenLifespan: $scope.realm.tokenLifespan,
- accessCodeLifespan: $scope.realm.accessCodeLifespan,
- requiredCredentials: $scope.realm.requiredCredentials
-
- };
-
+ var realmCopy = angular.copy($scope.realm);
+ realmCopy.sslNotRequired = !realmCopy.requireSsl;
+ delete realmCopy["requireSsl"];
+ delete realmCopy["tokenLifespanUnit"];
+ delete realmCopy["accessCodeLifespanUnit"];
if ($scope.createRealm) {
Realm.save(realmCopy, function(data, headers) {
+ console.log('creating new realm');
var l = headers().location;
var id = l.substring(l.lastIndexOf("/") + 1);
-
- var data = Realm.get(function() {
+ var data = Realm.query(function() {
Current.realms = data;
- Current.realm = Current.realms[id];
+ for (var i = 0; i < Current.realms.length; i++) {
+ if (Current.realms[i].id == id) {
+ Current.realm = Current.realms[i];
+ }
+ }
});
$location.url("/realms/" + id);
Notifications.success("Created realm");
});
} else {
+ console.log('updating realm...');
Realm.update(realmCopy, function() {
- Current.realms = Realm.get();
- $scope.changed = false;
- realm = angular.copy($scope.realm);
+ var id = realmCopy.id;
+ var data = Realm.query(function() {
+ Current.realms = data;
+ for (var i = 0; i < Current.realms.length; i++) {
+ if (Current.realms[i].id == id) {
+ Current.realm = Current.realms[i];
+ }
+ }
+ });
+ $location.url("/realms/" + id);
Notifications.success("Saved changes to realm");
});
}
@@ -206,7 +153,7 @@ module.controller('RealmDetailCtrl', function($scope, Current, Realm, realm, $lo
};
$scope.reset = function() {
- $scope.realm = angular.copy(realm);
+ $scope.realm = angular.copy(oldCopy);
$scope.changed = false;
$scope.realmForm.showErrors = false;
};
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
index 4d54235..b3cd88f 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
@@ -132,7 +132,7 @@ module.factory('Role', function($resource) {
});
module.factory('Application', function($resource) {
- return $resource('/auth-server/rest/saas/admin/realms/:realm/resources/:id', {
+ return $resource('/auth-server/rest/saas/admin/realms/:realm/applications/:id', {
realm : '@realm',
id : '@id'
}, {
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/lib/angular/angular.js b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/lib/angular/angular.js
index a860c85..ccebef3 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/lib/angular/angular.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/lib/angular/angular.js
@@ -13168,7 +13168,7 @@ var ngSubmitDirective = ngDirective(function(scope, element, attrs) {
* @description
* Fetches, compiles and includes an external HTML fragment.
*
- * Keep in mind that Same Origin Policy applies to included resources
+ * Keep in mind that Same Origin Policy applies to included applications
* (e.g. ngInclude won't work for cross-domain requests on all browsers and for
* file:// access on some browsers).
*
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/lib/angular/angular-scenario.js b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/lib/angular/angular-scenario.js
index f0e5c7d..65e1a3e 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/lib/angular/angular-scenario.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/lib/angular/angular-scenario.js
@@ -22574,7 +22574,7 @@ var ngSubmitDirective = ngDirective(function(scope, element, attrs) {
* @description
* Fetches, compiles and includes an external HTML fragment.
*
- * Keep in mind that Same Origin Policy applies to included resources
+ * Keep in mind that Same Origin Policy applies to included applications
* (e.g. ngInclude won't work for cross-domain requests on all browsers and for
* file:// access on some browsers).
*
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/menu.html b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/menu.html
index e12ec4a..e10cd0c 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/menu.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/menu.html
@@ -5,9 +5,9 @@
<nav id="global-nav">
<div data-ng-controller="RealmDropdownCtrl" >
<ul class="nav pull-left" data-ng-show="showNav()">
- <li class="divider-vertical-right"><a href="#/realms/{{currentRealmId}}">Realm</a></li>
+ <li class="divider-vertical-right"><a href="#/realms/{{current.realm.id}}">Realm</a></li>
</ul>
- <select class="nav pull-left" data-ng-show="showNav()" ng-change="changeRealm()" ng-model="current.realm" ng-options="name for (id, name) in current.realms">
+ <select class="nav pull-left" data-ng-show="showNav()" ng-change="changeRealm()" ng-model="current.realm" ng-options="r.realm for r in current.realms">
</select>
<!-- <select class="nav pull-left" ng-options="r.name for r in current.realms"></select> -->
</div>
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-detail.html b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-detail.html
index d49b1cb..14d76e0 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-detail.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-detail.html
@@ -22,7 +22,7 @@
<label for="realmForm-name" class="control-label">Name</label>
<div class="controls">
- <input class="input-xlarge" type="text" name="name" data-ng-model="realm.name" autofocus
+ <input class="input-xlarge" type="text" name="name" data-ng-model="realm.realm" autofocus
required>
</div>
</div>
@@ -139,7 +139,6 @@
</button>
<button type="submit" data-ng-click="reset()" class="btn" data-ng-show="changed">Clear changes
</button>
- <a href="#/realms" data-ng-hide="changed">View realms »</a>
<button type="submit" data-ng-click="remove()" class="btn btn-danger" data-ng-hide="changed">
Delete
</button>
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-menu.html b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-menu.html
index 977de65..fc10132 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-menu.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-menu.html
@@ -15,7 +15,7 @@
href="#/create/role/{{realm.id}}">New Role</a></li>
</ul>
</li>
- <li data-ng-class="path[2] == 'resources' && 'active'"><a href="#/realms/{{realm.id}}/applications">Manage Applications</a></li>
+ <li data-ng-class="path[2] == 'applications' && 'active'"><a href="#/realms/{{realm.id}}/applications">Manage Applications</a></li>
<li data-ng-class="!path[2] && 'active'"><a href="#/realms/{{realm.id}}">Realm Settings</a></li>
</ul>
</nav>
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthAuthenticationServerValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthAuthenticationServerValve.java
index 66621df..d51c79d 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthAuthenticationServerValve.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthAuthenticationServerValve.java
@@ -447,7 +447,7 @@ public class OAuthAuthenticationServerValve extends FormAuthenticator implements
userSessionManagement.logout(username);
request.setUserPrincipal(null);
request.setAuthType(null);
- // logout user on all declared authenticated resources
+ // logout user on all declared authenticated applications
logoutResources(username, admin);
redirectToWelcomePage(request, response);
}
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index 705a7ab..7ecc27a 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -206,7 +206,7 @@ public class AuthenticationManager {
List<RequiredCredentialModel> requiredCredentials = null;
if (realm.hasRole(user, RealmManager.RESOURCE_ROLE)) {
- requiredCredentials = realm.getRequiredResourceCredentials();
+ requiredCredentials = realm.getRequiredApplicationCredentials();
} else if (realm.hasRole(user, RealmManager.IDENTITY_REQUESTER_ROLE)) {
requiredCredentials = realm.getRequiredOAuthClientCredentials();
} else {
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index 4eaa529..ce311aa 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -1,21 +1,14 @@
package org.keycloak.services.managers;
-import org.keycloak.representations.idm.CredentialRepresentation;
-import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.representations.idm.ResourceRepresentation;
-import org.keycloak.representations.idm.RoleMappingRepresentation;
-import org.keycloak.representations.idm.RoleRepresentation;
-import org.keycloak.representations.idm.ScopeMappingRepresentation;
-import org.keycloak.representations.idm.UserRepresentation;
+import org.jboss.resteasy.logging.Logger;
+import org.keycloak.representations.idm.*;
+import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.services.models.*;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
import java.util.concurrent.atomic.AtomicLong;
/**
@@ -25,6 +18,7 @@ import java.util.concurrent.atomic.AtomicLong;
* @version $Revision: 1 $
*/
public class RealmManager {
+ protected static final Logger logger = Logger.getLogger(RealmManager.class);
private static AtomicLong counter = new AtomicLong(1);
public static final String RESOURCE_ROLE = "KEYCLOAK_RESOURCE";
public static final String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER";
@@ -72,6 +66,26 @@ public class RealmManager {
realm.setPublicKey(keyPair.getPublic());
}
+ public void updateRealm(RealmRepresentation rep, RealmModel realm) {
+ if (rep.getRealm() != null) realm.setName(rep.getRealm());
+ realm.setEnabled(rep.isEnabled());
+ realm.setCookieLoginAllowed(rep.isCookieLoginAllowed());
+ realm.setRegistrationAllowed(rep.isRegistrationAllowed());
+ realm.setSslNotRequired((rep.isSslNotRequired()));
+ realm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
+ realm.setTokenLifespan(rep.getTokenLifespan());
+ if (rep.getRequiredOAuthClientCredentials() != null) {
+ realm.updateRequiredOAuthClientCredentials(rep.getRequiredOAuthClientCredentials());
+ }
+ if (rep.getRequiredCredentials() != null) {
+ logger.info("updating required credentials");
+ realm.updateRequiredCredentials(rep.getRequiredCredentials());
+ }
+ if (rep.getRequiredApplicationCredentials() != null) {
+ realm.updateRequiredApplicationCredentials(rep.getRequiredApplicationCredentials());
+ }
+ }
+
public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
//verifyRealmRepresentation(rep);
RealmModel realm = createRealm(rep.getRealm());
@@ -103,7 +117,7 @@ public class RealmManager {
}
}
- if (rep.getRequiredResourceCredentials() != null) {
+ if (rep.getRequiredApplicationCredentials() != null) {
for (String requiredCred : rep.getRequiredCredentials()) {
addResourceRequiredCredential(newRealm, requiredCred);
}
@@ -130,7 +144,7 @@ public class RealmManager {
}
}
- if (rep.getResources() != null) {
+ if (rep.getApplications() != null) {
createResources(rep, newRealm);
}
@@ -201,7 +215,7 @@ public class RealmManager {
protected void createResources(RealmRepresentation rep, RealmModel realm) {
RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE);
ResourceManager manager = new ResourceManager(this);
- for (ResourceRepresentation resourceRep : rep.getResources()) {
+ for (ApplicationRepresentation resourceRep : rep.getApplications()) {
manager.createResource(realm, loginRole, resourceRep);
}
}
@@ -226,21 +240,21 @@ public class RealmManager {
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
List<RequiredCredentialModel> requiredCredentialModels = realm.getRequiredCredentials();
if (requiredCredentialModels.size() > 0) {
- rep.setRequiredCredentials(new ArrayList<String>());
+ rep.setRequiredCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredCredentialModels) {
rep.getRequiredCredentials().add(cred.getType());
}
}
- List<RequiredCredentialModel> requiredResourceCredentialModels = realm.getRequiredResourceCredentials();
+ List<RequiredCredentialModel> requiredResourceCredentialModels = realm.getRequiredApplicationCredentials();
if (requiredResourceCredentialModels.size() > 0) {
- rep.setRequiredResourceCredentials(new ArrayList<String>());
+ rep.setRequiredApplicationCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredResourceCredentialModels) {
- rep.getRequiredResourceCredentials().add(cred.getType());
+ rep.getRequiredApplicationCredentials().add(cred.getType());
}
}
List<RequiredCredentialModel> requiredOAuthCredentialModels = realm.getRequiredOAuthClientCredentials();
if (requiredOAuthCredentialModels.size() > 0) {
- rep.setRequiredOAuthClientCredentials(new ArrayList<String>());
+ rep.setRequiredOAuthClientCredentials(new HashSet<String>());
for (RequiredCredentialModel cred : requiredOAuthCredentialModels) {
rep.getRequiredOAuthClientCredentials().add(cred.getType());
}
diff --git a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
index 0f1760c..fb1d342 100755
--- a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
@@ -6,7 +6,7 @@ import org.jboss.resteasy.logging.Logger;
import org.keycloak.TokenIdGenerator;
import org.keycloak.representations.idm.admin.LogoutAction;
import org.keycloak.services.models.RealmModel;
-import org.keycloak.services.models.ResourceModel;
+import org.keycloak.services.models.ApplicationModel;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Form;
@@ -29,14 +29,14 @@ public class ResourceAdminManager {
.disableTrustManager() // todo fix this, should have a trust manager or a good default
.build();
- List<ResourceModel> resources = realm.getResources();
+ List<ApplicationModel> resources = realm.getApplications();
logger.info("logging out " + resources.size() + " resoures.");
- for (ResourceModel resource : resources) {
+ for (ApplicationModel resource : resources) {
logoutResource(realm, resource, user, client);
}
}
- protected boolean logoutResource(RealmModel realm, ResourceModel resource, String user, ResteasyClient client) {
+ protected boolean logoutResource(RealmModel realm, ApplicationModel resource, String user, ResteasyClient client) {
LogoutAction adminAction = new LogoutAction(TokenIdGenerator.generateId(), System.currentTimeMillis() / 1000 + 30, resource.getName(), user);
String token = new TokenManager().encodeToken(realm, adminAction);
Form form = new Form();
diff --git a/services/src/main/java/org/keycloak/services/managers/ResourceManager.java b/services/src/main/java/org/keycloak/services/managers/ResourceManager.java
index e1c2ebb..85c2a7a 100755
--- a/services/src/main/java/org/keycloak/services/managers/ResourceManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ResourceManager.java
@@ -1,18 +1,13 @@
package org.keycloak.services.managers;
-import org.keycloak.representations.idm.CredentialRepresentation;
-import org.keycloak.representations.idm.ResourceRepresentation;
-import org.keycloak.representations.idm.RoleMappingRepresentation;
-import org.keycloak.representations.idm.RoleRepresentation;
-import org.keycloak.representations.idm.ScopeMappingRepresentation;
+import org.keycloak.representations.idm.*;
+import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.services.models.RealmModel;
-import org.keycloak.services.models.ResourceModel;
+import org.keycloak.services.models.ApplicationModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.models.UserModel;
-import java.util.List;
-
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
@@ -25,8 +20,8 @@ public class ResourceManager {
this.realmManager = realmManager;
}
- public ResourceModel createResource(RealmModel realm, RoleModel loginRole, ResourceRepresentation resourceRep) {
- ResourceModel resource = realm.addResource(resourceRep.getName());
+ public ApplicationModel createResource(RealmModel realm, RoleModel loginRole, ApplicationRepresentation resourceRep) {
+ ApplicationModel resource = realm.addApplication(resourceRep.getName());
resource.setEnabled(resourceRep.isEnabled());
resource.setManagementUrl(resourceRep.getAdminUrl());
resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
@@ -78,12 +73,12 @@ public class ResourceManager {
return resource;
}
- public ResourceModel createResource(RealmModel realm, ResourceRepresentation resourceRep) {
+ public ApplicationModel createResource(RealmModel realm, ApplicationRepresentation resourceRep) {
RoleModel loginRole = realm.getRole(RealmManager.RESOURCE_ROLE);
return createResource(realm, loginRole, resourceRep);
}
- public void updateResource(ResourceRepresentation rep, ResourceModel resource) {
+ public void updateResource(ApplicationRepresentation rep, ApplicationModel resource) {
resource.setName(rep.getName());
resource.setEnabled(rep.isEnabled());
resource.setManagementUrl(rep.getAdminUrl());
@@ -92,13 +87,13 @@ public class ResourceManager {
}
- public ResourceRepresentation toRepresentation(ResourceModel resourceModel) {
- ResourceRepresentation rep = new ResourceRepresentation();
- rep.setId(resourceModel.getId());
- rep.setName(resourceModel.getName());
- rep.setEnabled(resourceModel.isEnabled());
- rep.setAdminUrl(resourceModel.getManagementUrl());
- rep.setSurrogateAuthRequired(resourceModel.isSurrogateAuthRequired());
+ public ApplicationRepresentation toRepresentation(ApplicationModel applicationModel) {
+ ApplicationRepresentation rep = new ApplicationRepresentation();
+ rep.setId(applicationModel.getId());
+ rep.setName(applicationModel.getName());
+ rep.setEnabled(applicationModel.isEnabled());
+ rep.setAdminUrl(applicationModel.getManagementUrl());
+ rep.setSurrogateAuthRequired(applicationModel.isSurrogateAuthRequired());
return rep;
}
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index 6072c51..9557cb7 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -6,7 +6,7 @@ import org.jboss.resteasy.jwt.JsonSerialization;
import org.keycloak.representations.SkeletonKeyScope;
import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.services.models.RealmModel;
-import org.keycloak.services.models.ResourceModel;
+import org.keycloak.services.models.ApplicationModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
@@ -66,7 +66,7 @@ public class TokenManager {
}
}
}
- for (ResourceModel resource : realm.getResources()) {
+ for (ApplicationModel resource : realm.getApplications()) {
Set<String> mapping = resource.getRoleMappings(user);
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
Set<String> scope = resource.getScope(client);
@@ -131,9 +131,9 @@ public class TokenManager {
}
if (accessCodeEntry.getResourceRolesRequested().size() > 0) {
- Map<String, ResourceModel> resourceMap = realm.getResourceNameMap();
+ Map<String, ApplicationModel> resourceMap = realm.getResourceNameMap();
for (String resourceName : accessCodeEntry.getResourceRolesRequested().keySet()) {
- ResourceModel resource = resourceMap.get(resourceName);
+ ApplicationModel resource = resourceMap.get(resourceName);
SkeletonKeyToken.Access access = token.addAccess(resourceName).verifyCaller(resource.isSurrogateAuthRequired());
for (RoleModel role : accessCodeEntry.getResourceRolesRequested().get(resourceName)) {
access.addRole(role.getName());
@@ -166,7 +166,7 @@ public class TokenManager {
public SkeletonKeyToken createAccessToken(RealmModel realm, UserModel user) {
- List<ResourceModel> resources = realm.getResources();
+ List<ApplicationModel> resources = realm.getApplications();
SkeletonKeyToken token = new SkeletonKeyToken();
token.id(RealmManager.generateId());
token.issuedNow();
@@ -186,7 +186,7 @@ public class TokenManager {
token.setRealmAccess(access);
}
if (resources != null) {
- for (ResourceModel resource : resources) {
+ for (ApplicationModel resource : resources) {
Set<String> mapping = resource.getRoleMappings(user);
if (mapping == null) continue;
SkeletonKeyToken.Access access = token.addAccess(resource.getName())
diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java b/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java
index 86100f0..0885b97 100755
--- a/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java
+++ b/services/src/main/java/org/keycloak/services/models/picketlink/RealmAdapter.java
@@ -1,24 +1,21 @@
package org.keycloak.services.models.picketlink;
import org.bouncycastle.openssl.PEMWriter;
+import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.security.PemUtils;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.KeycloakSession;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
-import org.keycloak.services.models.ResourceModel;
+import org.keycloak.services.models.ApplicationModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.models.picketlink.mappings.RealmData;
-import org.keycloak.services.models.picketlink.mappings.ResourceData;
-import org.keycloak.services.models.picketlink.relationships.OAuthClientRequiredCredentialRelationship;
-import org.keycloak.services.models.picketlink.relationships.RealmAdminRelationship;
-import org.keycloak.services.models.picketlink.relationships.RequiredCredentialRelationship;
-import org.keycloak.services.models.picketlink.relationships.ResourceRelationship;
-import org.keycloak.services.models.picketlink.relationships.ResourceRequiredCredentialRelationship;
-import org.keycloak.services.models.picketlink.relationships.ScopeRelationship;
+import org.keycloak.services.models.picketlink.mappings.ApplicationData;
+import org.keycloak.services.models.picketlink.relationships.*;
+import org.keycloak.services.models.picketlink.relationships.RequiredApplicationCredentialRelationship;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.PartitionManager;
import org.picketlink.idm.RelationshipManager;
@@ -55,6 +52,7 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public class RealmAdapter implements RealmModel {
+ protected static final Logger logger = Logger.getLogger(RealmManager.class);
protected RealmData realm;
protected volatile transient PublicKey publicKey;
@@ -251,28 +249,34 @@ public class RealmAdapter implements RealmModel {
@Override
public List<RequiredCredentialModel> getRequiredCredentials() {
+ List<RequiredCredentialRelationship> results = getRequiredCredentialRelationships();
+ return getRequiredCredentialModels(results);
+ }
+
+ protected List<RequiredCredentialRelationship> getRequiredCredentialRelationships() {
RelationshipQuery<RequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(RequiredCredentialRelationship.class);
query.setParameter(RequiredCredentialRelationship.REALM, realm.getName());
- List<RequiredCredentialRelationship> results = query.getResultList();
- return getRequiredCredentialModels(results);
+ return query.getResultList();
}
- @Override
- public void addRequiredResourceCredential(RequiredCredentialModel cred) {
- ResourceRequiredCredentialRelationship relationship = new ResourceRequiredCredentialRelationship();
+ public void addRequiredApplicationCredential(RequiredCredentialModel cred) {
+ RequiredApplicationCredentialRelationship relationship = new RequiredApplicationCredentialRelationship();
addRequiredCredential(cred, relationship);
}
@Override
- public List<RequiredCredentialModel> getRequiredResourceCredentials() {
- RelationshipQuery<ResourceRequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRequiredCredentialRelationship.class);
- query.setParameter(ResourceRequiredCredentialRelationship.REALM, realm.getName());
- List<ResourceRequiredCredentialRelationship> results = query.getResultList();
+ public List<RequiredCredentialModel> getRequiredApplicationCredentials() {
+ List<RequiredApplicationCredentialRelationship> results = getResourceRequiredCredentialRelationships();
return getRequiredCredentialModels(results);
}
- @Override
+ protected List<RequiredApplicationCredentialRelationship> getResourceRequiredCredentialRelationships() {
+ RelationshipQuery<RequiredApplicationCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(RequiredApplicationCredentialRelationship.class);
+ query.setParameter(RequiredApplicationCredentialRelationship.REALM, realm.getName());
+ return query.getResultList();
+ }
+
public void addRequiredOAuthClientCredential(RequiredCredentialModel cred) {
OAuthClientRequiredCredentialRelationship relationship = new OAuthClientRequiredCredentialRelationship();
addRequiredCredential(cred, relationship);
@@ -280,15 +284,16 @@ public class RealmAdapter implements RealmModel {
@Override
public List<RequiredCredentialModel> getRequiredOAuthClientCredentials() {
- RelationshipQuery<OAuthClientRequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(OAuthClientRequiredCredentialRelationship.class);
- query.setParameter(ResourceRequiredCredentialRelationship.REALM, realm.getName());
- List<OAuthClientRequiredCredentialRelationship> results = query.getResultList();
+ List<OAuthClientRequiredCredentialRelationship> results = getOAuthClientRequiredCredentialRelationships();
return getRequiredCredentialModels(results);
}
+ protected List<OAuthClientRequiredCredentialRelationship> getOAuthClientRequiredCredentialRelationships() {
+ RelationshipQuery<OAuthClientRequiredCredentialRelationship> query = getRelationshipManager().createRelationshipQuery(OAuthClientRequiredCredentialRelationship.class);
+ query.setParameter(RequiredApplicationCredentialRelationship.REALM, realm.getName());
+ return query.getResultList();
+ }
-
- @Override
public void addRequiredCredential(RequiredCredentialModel cred) {
RequiredCredentialRelationship relationship = new RequiredCredentialRelationship();
addRequiredCredential(cred, relationship);
@@ -317,6 +322,65 @@ public class RealmAdapter implements RealmModel {
}
@Override
+ public void updateRequiredCredentials(Set<String> creds) {
+ List<RequiredCredentialRelationship> relationships = getRequiredCredentialRelationships();
+ RelationshipManager rm = getRelationshipManager();
+ Set<String> already = new HashSet<String>();
+ for (RequiredCredentialRelationship rel : relationships) {
+ if (!creds.contains(rel.getCredentialType())) {
+ rm.remove(rel);
+ } else {
+ already.add(rel.getCredentialType());
+ }
+ }
+ for (String cred : creds) {
+ logger.info("updating cred: " + cred);
+ if (!already.contains(cred)) {
+ addRequiredCredential(cred);
+ }
+ }
+ }
+
+ @Override
+ public void updateRequiredOAuthClientCredentials(Set<String> creds) {
+ List<OAuthClientRequiredCredentialRelationship> relationships = getOAuthClientRequiredCredentialRelationships();
+ RelationshipManager rm = getRelationshipManager();
+ Set<String> already = new HashSet<String>();
+ for (RequiredCredentialRelationship rel : relationships) {
+ if (!creds.contains(rel.getCredentialType())) {
+ rm.remove(rel);
+ } else {
+ already.add(rel.getCredentialType());
+ }
+ }
+ for (String cred : creds) {
+ if (!already.contains(cred)) {
+ addRequiredOAuthClientCredential(cred);
+ }
+ }
+ }
+
+ @Override
+ public void updateRequiredApplicationCredentials(Set<String> creds) {
+ List<RequiredApplicationCredentialRelationship> relationships = getResourceRequiredCredentialRelationships();
+ RelationshipManager rm = getRelationshipManager();
+ Set<String> already = new HashSet<String>();
+ for (RequiredCredentialRelationship rel : relationships) {
+ if (!creds.contains(rel.getCredentialType())) {
+ rm.remove(rel);
+ } else {
+ already.add(rel.getCredentialType());
+ }
+ }
+ for (String cred : creds) {
+ if (!already.contains(cred)) {
+ addRequiredResourceCredential(cred);
+ }
+ }
+ }
+
+
+ @Override
public void addRequiredCredential(String type) {
RequiredCredentialModel model = initRequiredCredentialModel(type);
addRequiredCredential(model);
@@ -331,7 +395,7 @@ public class RealmAdapter implements RealmModel {
@Override
public void addRequiredResourceCredential(String type) {
RequiredCredentialModel model = initRequiredCredentialModel(type);
- addRequiredResourceCredential(model);
+ addRequiredApplicationCredential(model);
}
protected RequiredCredentialModel initRequiredCredentialModel(String type) {
@@ -444,9 +508,9 @@ public class RealmAdapter implements RealmModel {
* @return
*/
@Override
- public Map<String, ResourceModel> getResourceNameMap() {
- Map<String, ResourceModel> resourceMap = new HashMap<String, ResourceModel>();
- for (ResourceModel resource : getResources()) {
+ public Map<String, ApplicationModel> getResourceNameMap() {
+ Map<String, ApplicationModel> resourceMap = new HashMap<String, ApplicationModel>();
+ for (ApplicationModel resource : getApplications()) {
resourceMap.put(resource.getName(), resource);
}
return resourceMap;
@@ -458,27 +522,27 @@ public class RealmAdapter implements RealmModel {
* @return
*/
@Override
- public ResourceModel getResourceById(String id) {
+ public ApplicationModel getApplicationById(String id) {
RelationshipQuery<ResourceRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRelationship.class);
query.setParameter(ResourceRelationship.REALM, realm.getName());
query.setParameter(ResourceRelationship.RESOURCE, id);
List<ResourceRelationship> results = query.getResultList();
if (results.size() == 0) return null;
- ResourceData resource = partitionManager.getPartition(ResourceData.class, id);
- ResourceModel model = new ResourceAdapter(resource, this, partitionManager);
+ ApplicationData resource = partitionManager.getPartition(ApplicationData.class, id);
+ ApplicationModel model = new ApplicationAdapter(resource, this, partitionManager);
return model;
}
@Override
- public List<ResourceModel> getResources() {
+ public List<ApplicationModel> getApplications() {
RelationshipQuery<ResourceRelationship> query = getRelationshipManager().createRelationshipQuery(ResourceRelationship.class);
query.setParameter(ResourceRelationship.REALM, realm.getName());
List<ResourceRelationship> results = query.getResultList();
- List<ResourceModel> resources = new ArrayList<ResourceModel>();
+ List<ApplicationModel> resources = new ArrayList<ApplicationModel>();
for (ResourceRelationship relationship : results) {
- ResourceData resource = partitionManager.getPartition(ResourceData.class, relationship.getResource());
- ResourceModel model = new ResourceAdapter(resource, this, partitionManager);
+ ApplicationData resource = partitionManager.getPartition(ApplicationData.class, relationship.getResource());
+ ApplicationModel model = new ApplicationAdapter(resource, this, partitionManager);
resources.add(model);
}
@@ -486,19 +550,19 @@ public class RealmAdapter implements RealmModel {
}
@Override
- public ResourceModel addResource(String name) {
- ResourceData resourceData = new ResourceData(RealmManager.generateId());
+ public ApplicationModel addApplication(String name) {
+ ApplicationData applicationData = new ApplicationData(RealmManager.generateId());
User resourceUser = new User(name);
idm.add(resourceUser);
- resourceData.setResourceUser(resourceUser);
- resourceData.setResourceName(name);
- resourceData.setResourceUser(resourceUser);
- partitionManager.add(resourceData);
+ applicationData.setResourceUser(resourceUser);
+ applicationData.setResourceName(name);
+ applicationData.setResourceUser(resourceUser);
+ partitionManager.add(applicationData);
ResourceRelationship resourceRelationship = new ResourceRelationship();
resourceRelationship.setRealm(realm.getName());
- resourceRelationship.setResource(resourceData.getName());
+ resourceRelationship.setResource(applicationData.getName());
getRelationshipManager().add(resourceRelationship);
- ResourceModel resource = new ResourceAdapter(resourceData, this, partitionManager);
+ ApplicationModel resource = new ApplicationAdapter(applicationData, this, partitionManager);
resource.addRole("*");
resource.addScope(new UserAdapter(resourceUser, idm), "*");
return resource;
diff --git a/services/src/main/java/org/keycloak/services/models/RealmModel.java b/services/src/main/java/org/keycloak/services/models/RealmModel.java
index f63b942..b2a504d 100755
--- a/services/src/main/java/org/keycloak/services/models/RealmModel.java
+++ b/services/src/main/java/org/keycloak/services/models/RealmModel.java
@@ -61,7 +61,6 @@ public interface RealmModel {
List<RequiredCredentialModel> getRequiredCredentials();
- void addRequiredCredential(RequiredCredentialModel cred);
void addRequiredCredential(String cred);
boolean validatePassword(UserModel user, String password);
@@ -80,11 +79,11 @@ public interface RealmModel {
List<RoleModel> getRoles();
- Map<String, ResourceModel> getResourceNameMap();
+ Map<String, ApplicationModel> getResourceNameMap();
- List<ResourceModel> getResources();
+ List<ApplicationModel> getApplications();
- ResourceModel addResource(String name);
+ ApplicationModel addApplication(String name);
boolean hasRole(UserModel user, RoleModel role);
@@ -102,19 +101,23 @@ public interface RealmModel {
RoleModel getRoleById(String id);
- void addRequiredResourceCredential(RequiredCredentialModel cred);
- List<RequiredCredentialModel> getRequiredResourceCredentials();
+ List<RequiredCredentialModel> getRequiredApplicationCredentials();
- void addRequiredOAuthClientCredential(RequiredCredentialModel cred);
List<RequiredCredentialModel> getRequiredOAuthClientCredentials();
boolean hasRole(UserModel user, String role);
- ResourceModel getResourceById(String id);
+ ApplicationModel getApplicationById(String id);
void addRequiredOAuthClientCredential(String type);
void addRequiredResourceCredential(String type);
+
+ void updateRequiredCredentials(Set<String> creds);
+
+ void updateRequiredOAuthClientCredentials(Set<String> creds);
+
+ void updateRequiredApplicationCredentials(Set<String> creds);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
index 564aa50..539d34b 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
@@ -7,17 +7,13 @@ import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.RealmModel;
-import org.keycloak.services.models.RequiredCredentialModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
-import org.keycloak.services.resources.PublicRealmResource;
import org.keycloak.services.resources.Transaction;
import javax.ws.rs.Consumes;
-import javax.ws.rs.ForbiddenException;
import javax.ws.rs.GET;
import javax.ws.rs.InternalServerErrorException;
-import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
@@ -25,15 +21,10 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -49,9 +40,9 @@ public class RealmAdminResource {
this.realm = realm;
}
- @Path("resources")
- public RealmResourcesResource getResources() {
- return new RealmResourcesResource(admin, realm);
+ @Path("applications")
+ public ApplicationsResource getResources() {
+ return new ApplicationsResource(admin, realm);
}
@GET
@@ -86,6 +77,19 @@ public class RealmAdminResource {
}.call();
}
+ @PUT
+ @Consumes("application/json")
+ public void updateRealm(final RealmRepresentation rep) {
+ new Transaction() {
+ @Override
+ protected void runImpl() {
+ logger.info("updating realm: " + rep.getRealm());
+ new RealmManager(session).updateRealm(rep, realm);
+ }
+ }.run();
+
+ }
+
@Path("roles/{id}")
@GET
@NoCache
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
index 015f150..fd5485a 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
@@ -28,6 +28,7 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import java.net.URI;
+import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -52,18 +53,18 @@ public class RealmsAdminResource {
@GET
@NoCache
@Produces("application/json")
- public Response getRealms() {
+ public List<RealmRepresentation> getRealms() {
return new Transaction() {
@Override
- protected Response callImpl() {
+ protected List<RealmRepresentation> callImpl() {
logger.info(("getRealms()"));
+ RealmManager realmManager = new RealmManager(session);
List<RealmModel> realms = session.getRealms(admin);
- Map<String, String> map = new HashMap<String, String>();
+ List<RealmRepresentation> reps = new ArrayList<RealmRepresentation>();
for (RealmModel realm : realms) {
- map.put(realm.getId(), realm.getName());
+ reps.add(realmManager.toRepresentation(realm));
}
- return Response.ok(new GenericEntity<Map<String, String>>(map){})
- .cacheControl(noCache).build();
+ return reps;
}
}.call();
}
diff --git a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
index c16e420..980487c 100755
--- a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
+++ b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
@@ -6,8 +6,8 @@ import org.keycloak.services.managers.TokenManager;
import org.keycloak.services.models.KeycloakSessionFactory;
import org.keycloak.services.models.picketlink.PicketlinkKeycloakSession;
import org.keycloak.services.models.picketlink.PicketlinkKeycloakSessionFactory;
+import org.keycloak.services.models.picketlink.mappings.ApplicationEntity;
import org.keycloak.services.models.picketlink.mappings.RealmEntity;
-import org.keycloak.services.models.picketlink.mappings.ResourceEntity;
import org.keycloak.social.SocialRequestManager;
import org.picketlink.idm.PartitionManager;
import org.picketlink.idm.config.IdentityConfigurationBuilder;
@@ -98,7 +98,7 @@ public class KeycloakApplication extends Application {
OTPCredentialTypeEntity.class,
AttributeTypeEntity.class,
RealmEntity.class,
- ResourceEntity.class
+ ApplicationEntity.class
)
.supportGlobalRelationship(org.picketlink.idm.model.Relationship.class)
.addContextInitializer(new JPAContextInitializer(null) {
diff --git a/services/src/test/java/org/keycloak/test/AdapterTest.java b/services/src/test/java/org/keycloak/test/AdapterTest.java
index 25ef03d..ad191dd 100755
--- a/services/src/test/java/org/keycloak/test/AdapterTest.java
+++ b/services/src/test/java/org/keycloak/test/AdapterTest.java
@@ -18,7 +18,9 @@ import org.keycloak.services.models.UserCredentialModel;
import org.keycloak.services.resources.KeycloakApplication;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import java.util.StringTokenizer;
/**
@@ -89,8 +91,14 @@ public class AdapterTest {
public void test2RequiredCredential() throws Exception {
test1CreateRealm();
realmModel.addRequiredCredential(CredentialRepresentation.PASSWORD);
- realmModel.addRequiredCredential(CredentialRepresentation.TOTP);
List<RequiredCredentialModel> storedCreds = realmModel.getRequiredCredentials();
+ Assert.assertEquals(1, storedCreds.size());
+
+ Set<String> creds = new HashSet<String>();
+ creds.add(CredentialRepresentation.PASSWORD);
+ creds.add(CredentialRepresentation.TOTP);
+ realmModel.updateRequiredCredentials(creds);
+ storedCreds = realmModel.getRequiredCredentials();
Assert.assertEquals(2, storedCreds.size());
boolean totp = false;
boolean password = false;
diff --git a/services/src/test/java/org/keycloak/test/ImportTest.java b/services/src/test/java/org/keycloak/test/ImportTest.java
index 02218d8..727aa08 100755
--- a/services/src/test/java/org/keycloak/test/ImportTest.java
+++ b/services/src/test/java/org/keycloak/test/ImportTest.java
@@ -6,18 +6,18 @@ import org.junit.Before;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
+import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.KeycloakSession;
import org.keycloak.services.models.KeycloakSessionFactory;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
-import org.keycloak.services.models.ResourceModel;
+import org.keycloak.services.models.ApplicationModel;
import org.keycloak.services.models.RoleModel;
import org.keycloak.services.models.UserModel;
import org.keycloak.services.resources.KeycloakApplication;
import org.keycloak.services.resources.SaasService;
-import org.keycloak.services.resources.SaasService;
import java.util.List;
import java.util.Set;
@@ -59,7 +59,7 @@ public class ImportTest {
defaultRealm.setCookieLoginAllowed(true);
defaultRealm.setRegistrationAllowed(true);
manager.generateRealmKeys(defaultRealm);
- defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
+ defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
UserModel admin = defaultRealm.addUser("admin");
defaultRealm.grantRole(admin, role);
@@ -78,7 +78,7 @@ public class ImportTest {
Set<String> scopes = realm.getScope(user);
System.out.println("Scopes size: " + scopes.size());
Assert.assertTrue(scopes.contains("*"));
- List<ResourceModel> resources = realm.getResources();
+ List<ApplicationModel> resources = realm.getApplications();
Assert.assertEquals(2, resources.size());
List<RealmModel> realms = identitySession.getRealms(admin);
Assert.assertEquals(1, realms.size());
@@ -96,7 +96,7 @@ public class ImportTest {
defaultRealm.setCookieLoginAllowed(true);
defaultRealm.setRegistrationAllowed(true);
manager.generateRealmKeys(defaultRealm);
- defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
+ defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
UserModel admin = defaultRealm.addUser("admin");
defaultRealm.grantRole(admin, role);
diff --git a/services/src/test/java/org/keycloak/test/InstallationManager.java b/services/src/test/java/org/keycloak/test/InstallationManager.java
index 63e5d1d..18a2cc4 100755
--- a/services/src/test/java/org/keycloak/test/InstallationManager.java
+++ b/services/src/test/java/org/keycloak/test/InstallationManager.java
@@ -1,5 +1,6 @@
package org.keycloak.test;
+import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.models.RealmModel;
import org.keycloak.services.models.RequiredCredentialModel;
@@ -21,7 +22,7 @@ public class InstallationManager {
defaultRealm.setCookieLoginAllowed(true);
defaultRealm.setRegistrationAllowed(true);
manager.generateRealmKeys(defaultRealm);
- defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD);
+ defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
}
diff --git a/services/src/test/resources/META-INF/persistence.xml b/services/src/test/resources/META-INF/persistence.xml
index e89967b..0c8ed9e 100755
--- a/services/src/test/resources/META-INF/persistence.xml
+++ b/services/src/test/resources/META-INF/persistence.xml
@@ -19,7 +19,7 @@
<class>org.picketlink.idm.jpa.model.sample.simple.OTPCredentialTypeEntity</class>
<class>org.picketlink.idm.jpa.model.sample.simple.AttributeTypeEntity</class>
<class>org.keycloak.services.models.picketlink.mappings.RealmEntity</class>
- <class>org.keycloak.services.models.picketlink.mappings.ResourceEntity</class>
+ <class>org.keycloak.services.models.picketlink.mappings.ApplicationEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes>
diff --git a/services/src/test/resources/testrealm.json b/services/src/test/resources/testrealm.json
index 4750169..6ec29bf 100755
--- a/services/src/test/resources/testrealm.json
+++ b/services/src/test/resources/testrealm.json
@@ -4,7 +4,7 @@
"tokenLifespan": 6000,
"accessCodeLifespan": 30,
"requiredCredentials": [ "password" ],
- "requiredResourceCredentials": [ "password" ],
+ "requiredApplicationCredentials": [ "password" ],
"requiredOAuthClientCredentials": [ "password" ],
"users": [
{
@@ -63,7 +63,7 @@
"roles": ["*"]
}
],
- "resources": [
+ "applications": [
{
"name": "Application",
"enabled": true,
diff --git a/services/src/test/resources/testrealm-demo.json b/services/src/test/resources/testrealm-demo.json
index e7d4580..d8497a8 100755
--- a/services/src/test/resources/testrealm-demo.json
+++ b/services/src/test/resources/testrealm-demo.json
@@ -8,7 +8,7 @@
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"requiredCredentials": [ "password" ],
- "requiredResourceCredentials": [ "password" ],
+ "requiredApplicationCredentials": [ "password" ],
"requiredOAuthClientCredentials": [ "password" ],
"users" : [
{
@@ -57,7 +57,7 @@
"roles": ["user"]
}
],
- "resources": [
+ "applications": [
{
"name": "customer-portal",
"enabled": true,