keycloak-uncached
Changes
examples/cordova/example-realm.json 8(+6 -2)
examples/cors/cors-realm.json 22(+6 -16)
examples/demo-template/testrealm.json 36(+10 -26)
examples/js-console/example-realm.json 22(+6 -16)
export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ExportImportUtils.java 20(+20 -0)
export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ModelImporter.java 2(+1 -1)
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java 4(+2 -2)
model/tests/src/test/resources/testrealm.json 48(+12 -36)
Details
diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
index 68ba134..4b5380d 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -44,11 +44,8 @@ public class RealmRepresentation {
protected Set<String> requiredCredentials;
protected String passwordPolicy;
protected List<UserRepresentation> users;
- protected List<UserRoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings;
- protected Map<String, List<UserRoleMappingRepresentation>> applicationRoleMappings;
protected Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings;
- protected List<SocialMappingRepresentation> socialMappings;
protected List<ApplicationRepresentation> applications;
protected List<OAuthClientRepresentation> oauthClients;
protected Map<String, String> socialProviders;
@@ -151,18 +148,6 @@ public class RealmRepresentation {
this.ssoSessionMaxLifespan = ssoSessionMaxLifespan;
}
- public List<UserRoleMappingRepresentation> getRoleMappings() {
- return roleMappings;
- }
-
- public UserRoleMappingRepresentation roleMapping(String username) {
- UserRoleMappingRepresentation mapping = new UserRoleMappingRepresentation();
- mapping.setUsername(username);
- if (roleMappings == null) roleMappings = new ArrayList<UserRoleMappingRepresentation>();
- roleMappings.add(mapping);
- return mapping;
- }
-
public List<ScopeMappingRepresentation> getScopeMappings() {
return scopeMappings;
}
@@ -175,18 +160,6 @@ public class RealmRepresentation {
return mapping;
}
- public List<SocialMappingRepresentation> getSocialMappings() {
- return socialMappings;
- }
-
- public SocialMappingRepresentation socialMapping(String username) {
- SocialMappingRepresentation mapping = new SocialMappingRepresentation();
- mapping.setUsername(username);
- if (socialMappings == null) socialMappings = new ArrayList<SocialMappingRepresentation>();
- socialMappings.add(mapping);
- return mapping;
- }
-
public Set<String> getRequiredCredentials() {
return requiredCredentials;
}
@@ -339,14 +312,6 @@ public class RealmRepresentation {
this.oauthClients = oauthClients;
}
- public Map<String, List<UserRoleMappingRepresentation>> getApplicationRoleMappings() {
- return applicationRoleMappings;
- }
-
- public void setApplicationRoleMappings(Map<String, List<UserRoleMappingRepresentation>> applicationRoleMappings) {
- this.applicationRoleMappings = applicationRoleMappings;
- }
-
public Map<String, List<ScopeMappingRepresentation>> getApplicationScopeMappings() {
return applicationScopeMappings;
}
diff --git a/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java
index 43aa368..abc7846 100755
--- a/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java
@@ -24,6 +24,9 @@ public class UserRepresentation {
protected Map<String, String> attributes;
protected List<CredentialRepresentation> credentials;
protected List<String> requiredActions;
+ protected List<SocialLinkRepresentation> socialLinks;
+ protected List<String> realmRoles;
+ protected Map<String, List<String>> applicationRoles;
public String getSelf() {
return self;
@@ -143,4 +146,28 @@ public class UserRepresentation {
public void setRequiredActions(List<String> requiredActions) {
this.requiredActions = requiredActions;
}
+
+ public List<SocialLinkRepresentation> getSocialLinks() {
+ return socialLinks;
+ }
+
+ public void setSocialLinks(List<SocialLinkRepresentation> socialLinks) {
+ this.socialLinks = socialLinks;
+ }
+
+ public List<String> getRealmRoles() {
+ return realmRoles;
+ }
+
+ public void setRealmRoles(List<String> realmRoles) {
+ this.realmRoles = realmRoles;
+ }
+
+ public Map<String, List<String>> getApplicationRoles() {
+ return applicationRoles;
+ }
+
+ public void setApplicationRoles(Map<String, List<String>> applicationRoles) {
+ this.applicationRoles = applicationRoles;
+ }
}
examples/cordova/example-realm.json 8(+6 -2)
diff --git a/examples/cordova/example-realm.json b/examples/cordova/example-realm.json
index 37e899e..05ad905 100755
--- a/examples/cordova/example-realm.json
+++ b/examples/cordova/example-realm.json
@@ -15,8 +15,12 @@
"lastName": "User",
"credentials" : [
{ "type" : "password",
- "value" : "password" }
- ]
+ "value" : "password" }
+ ],
+ "realmRoles": [ "user" ],
+ "applicationRoles": {
+ "account": ["view-profile", "manage-account"]
+ }
}
],
"roles" : {
examples/cors/cors-realm.json 22(+6 -16)
diff --git a/examples/cors/cors-realm.json b/examples/cors/cors-realm.json
index 9b3da42..1dd5503 100755
--- a/examples/cors/cors-realm.json
+++ b/examples/cors/cors-realm.json
@@ -20,8 +20,12 @@
"lastName": "Burke",
"credentials" : [
{ "type" : "password",
- "value" : "password" }
- ]
+ "value" : "password" }
+ ],
+ "realmRoles": [ "user" ],
+ "applicationRoles": {
+ "realm-management": [ "realm-admin" ]
+ }
}
],
"roles" : {
@@ -32,12 +36,6 @@
}
]
},
- "roleMappings": [
- {
- "username": "bburke@redhat.com",
- "roles": ["user"]
- }
- ],
"scopeMappings": [
{
"client": "angular-product",
@@ -58,14 +56,6 @@
]
}
],
- "applicationRoleMappings": {
- "realm-management": [
- {
- "username": "bburke@redhat.com",
- "roles": ["realm-admin"]
- }
- ]
- },
"applicationScopeMappings": {
"realm-management": [
{
examples/demo-template/testrealm.json 36(+10 -26)
diff --git a/examples/demo-template/testrealm.json b/examples/demo-template/testrealm.json
index f4ff956..f321333 100755
--- a/examples/demo-template/testrealm.json
+++ b/examples/demo-template/testrealm.json
@@ -24,7 +24,11 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
- ]
+ ],
+ "realmRoles": [ "user" ],
+ "applicationRoles": {
+ "account": [ "manage-account" ]
+ }
},
{
"username" : "admin",
@@ -35,7 +39,11 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
- ]
+ ],
+ "realmRoles": [ "user","admin" ],
+ "applicationRoles": {
+ "realm-management": [ "realm-admin" ]
+ }
}
],
"roles" : {
@@ -50,16 +58,6 @@
}
]
},
- "roleMappings": [
- {
- "username": "bburke@redhat.com",
- "roles": ["user"]
- },
- {
- "username": "admin",
- "roles": ["user","admin"]
- }
- ],
"scopeMappings": [
{
"client": "third-party",
@@ -154,20 +152,6 @@
}
],
- "applicationRoleMappings": {
- "account": [
- {
- "username": "bburke@redhat.com",
- "roles": ["manage-account"]
- }
- ],
- "realm-management": [
- {
- "username": "admin",
- "roles": ["realm-admin"]
- }
- ]
- },
"applicationScopeMappings": {
"realm-management": [
{
examples/js-console/example-realm.json 22(+6 -16)
diff --git a/examples/js-console/example-realm.json b/examples/js-console/example-realm.json
index 42d291e..ab43028 100755
--- a/examples/js-console/example-realm.json
+++ b/examples/js-console/example-realm.json
@@ -15,8 +15,12 @@
"lastName": "User",
"credentials" : [
{ "type" : "password",
- "value" : "password" }
- ]
+ "value" : "password" }
+ ],
+ "realmRoles": [ "user" ],
+ "applicationRoles": {
+ "account": ["view-profile", "manage-account"]
+ }
}
],
"roles" : {
@@ -31,12 +35,6 @@
}
]
},
- "roleMappings": [
- {
- "username": "user",
- "roles": ["user"]
- }
- ],
"scopeMappings": [
{
"client": "js-console",
@@ -57,14 +55,6 @@
]
}
],
- "applicationRoleMappings": {
- "account": [
- {
- "username": "user",
- "roles": ["view-profile", "manage-account"]
- }
- ]
- },
"applicationScopeMappings": {
"account": [
{
diff --git a/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ExportImportUtils.java b/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ExportImportUtils.java
new file mode 100644
index 0000000..cbdf36d
--- /dev/null
+++ b/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ExportImportUtils.java
@@ -0,0 +1,20 @@
+package org.keycloak.exportimport;
+
+import org.keycloak.models.RealmModel;
+import org.keycloak.representations.idm.RealmRepresentation;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class ExportImportUtils {
+
+ public RealmRepresentation exportRealm(RealmModel realm, boolean includeUsers) {
+
+ return null;
+ }
+
+ public RealmRepresentation exportUsers(RealmModel realm, int start, int count) {
+
+ return null;
+ }
+}
diff --git a/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ModelImporter.java b/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ModelImporter.java
index c187bb8..697aab7 100755
--- a/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ModelImporter.java
+++ b/export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ModelImporter.java
@@ -243,7 +243,7 @@ public class ModelImporter {
List<UserEntity> users = this.importReader.readEntities(fileName, UserEntity.class);
for (UserEntity userEntity : users) {
RealmModel realm = session.getRealm(userEntity.getRealmId());
- UserModel user = realm.addUser(userEntity.getId(), userEntity.getUsername());
+ UserModel user = realm.addUser(userEntity.getId(), userEntity.getUsername(), false);
// We need to remove defaultRoles here as realm.addUser is automatically adding them. We may add them later during roles mapping processing
for (RoleModel role : user.getRoleMappings()) {
diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java
index f669968..7106454 100755
--- a/model/api/src/main/java/org/keycloak/models/RealmModel.java
+++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java
@@ -116,7 +116,7 @@ public interface RealmModel extends RoleContainerModel {
UserModel getUserById(String name);
- UserModel addUser(String id, String username);
+ UserModel addUser(String id, String username, boolean addDefaultRoles);
UserModel addUser(String username);
diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java
index 2b7a41e..2c973f3 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java
@@ -411,9 +411,9 @@ public class RealmAdapter implements RealmModel {
}
@Override
- public UserModel addUser(String id, String username) {
+ public UserModel addUser(String id, String username, boolean addDefaultRoles) {
getDelegateForUpdate();
- return updated.addUser(id, username);
+ return updated.addUser(id, username, addDefaultRoles);
}
@Override
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index 390dea4..23602ec 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -456,11 +456,15 @@ public class RealmAdapter implements RealmModel {
@Override
public UserModel addUser(String username) {
- return this.addUser(KeycloakModelUtils.generateId(), username);
+ return this.addUser(KeycloakModelUtils.generateId(), username, true);
}
@Override
- public UserModel addUser(String id, String username) {
+ public UserModel addUser(String id, String username, boolean addDefaultRoles) {
+ if (id == null) {
+ id = KeycloakModelUtils.generateId();
+ }
+
UserEntity entity = new UserEntity();
entity.setId(id);
entity.setUsername(username);
@@ -469,13 +473,15 @@ public class RealmAdapter implements RealmModel {
em.flush();
UserModel userModel = new UserAdapter(this, em, entity);
- for (String r : getDefaultRoles()) {
- userModel.grantRole(getRole(r));
- }
+ if (addDefaultRoles) {
+ for (String r : getDefaultRoles()) {
+ userModel.grantRole(getRole(r));
+ }
- for (ApplicationModel application : getApplications()) {
- for (String r : application.getDefaultRoles()) {
- userModel.grantRole(application.getRole(r));
+ for (ApplicationModel application : getApplications()) {
+ for (String r : application.getDefaultRoles()) {
+ userModel.grantRole(application.getRole(r));
+ }
}
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
index 0b75af0..50886e7 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
@@ -481,20 +481,22 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
@Override
public UserAdapter addUser(String username) {
- return this.addUser(null, username);
+ return this.addUser(null, username, true);
}
@Override
- public UserAdapter addUser(String id, String username) {
+ public UserAdapter addUser(String id, String username, boolean addDefaultRoles) {
UserAdapter userModel = addUserEntity(id, username);
- for (String r : getDefaultRoles()) {
- userModel.grantRole(getRole(r));
- }
+ if (addDefaultRoles) {
+ for (String r : getDefaultRoles()) {
+ userModel.grantRole(getRole(r));
+ }
- for (ApplicationModel application : getApplications()) {
- for (String r : application.getDefaultRoles()) {
- userModel.grantRole(application.getRole(r));
+ for (ApplicationModel application : getApplications()) {
+ for (String r : application.getDefaultRoles()) {
+ userModel.grantRole(application.getRole(r));
+ }
}
}
diff --git a/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java b/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java
index dd7d12e..a2a0c39 100755
--- a/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java
@@ -105,16 +105,14 @@ public class ImportTest extends AbstractModelTest {
// Test role mappings
UserModel admin = realm.getUser("admin");
Set<RoleModel> allRoles = admin.getRoleMappings();
- Assert.assertEquals(5, allRoles.size());
+ Assert.assertEquals(3, allRoles.size());
Assert.assertTrue(allRoles.contains(realm.getRole("admin")));
Assert.assertTrue(allRoles.contains(application.getRole("app-admin")));
Assert.assertTrue(allRoles.contains(otherApp.getRole("otherapp-admin")));
- Assert.assertTrue(allRoles.contains(accountApp.getRole(AccountRoles.VIEW_PROFILE)));
- Assert.assertTrue(allRoles.contains(accountApp.getRole(AccountRoles.MANAGE_ACCOUNT)));
UserModel wburke = realm.getUser("wburke");
allRoles = wburke.getRoleMappings();
- Assert.assertEquals(4, allRoles.size());
+ Assert.assertEquals(2, allRoles.size());
Assert.assertFalse(allRoles.contains(realm.getRole("admin")));
Assert.assertTrue(allRoles.contains(application.getRole("app-user")));
Assert.assertTrue(allRoles.contains(otherApp.getRole("otherapp-user")));
diff --git a/model/tests/src/test/resources/testcomposites.json b/model/tests/src/test/resources/testcomposites.json
index 9b08784..4a851b5 100755
--- a/model/tests/src/test/resources/testcomposites.json
+++ b/model/tests/src/test/resources/testcomposites.json
@@ -21,8 +21,9 @@
"email" : "test-user1@localhost",
"credentials" : [
{ "type" : "password",
- "value" : "password" }
- ]
+ "value" : "password" }
+ ],
+ "realmRoles": [ "REALM_COMPOSITE_1" ]
},
{
"username" : "REALM_ROLE_1_USER",
@@ -30,8 +31,9 @@
"email" : "test-user2@localhost",
"credentials" : [
{ "type" : "password",
- "value" : "password" }
- ]
+ "value" : "password" }
+ ],
+ "realmRoles": [ "REALM_ROLE_1"]
},
{
"username" : "REALM_APP_COMPOSITE_USER",
@@ -39,8 +41,9 @@
"email" : "test-user3@localhost",
"credentials" : [
{ "type" : "password",
- "value" : "password" }
- ]
+ "value" : "password" }
+ ],
+ "realmRoles": [ "REALM_APP_COMPOSITE_ROLE" ]
},
{
"username" : "REALM_APP_ROLE_USER",
@@ -48,8 +51,11 @@
"email" : "test-user4@localhost",
"credentials" : [
{ "type" : "password",
- "value" : "password" }
- ]
+ "value" : "password" }
+ ],
+ "applicationRoles": {
+ "APP_ROLE_APPLICATION": [ "APP_ROLE_2" ]
+ }
},
{
"username" : "APP_COMPOSITE_USER",
@@ -57,8 +63,9 @@
"email" : "test-user5@localhost",
"credentials" : [
{ "type" : "password",
- "value" : "password" }
- ]
+ "value" : "password" }
+ ],
+ "realmRoles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"]
}
],
"oauthClients" : [
@@ -68,24 +75,6 @@
"secret": "password"
}
],
- "roleMappings": [
- {
- "username": "REALM_COMPOSITE_1_USER",
- "roles": ["REALM_COMPOSITE_1"]
- },
- {
- "username": "REALM_ROLE_1_USER",
- "roles": ["REALM_ROLE_1"]
- },
- {
- "username": "REALM_APP_COMPOSITE_USER",
- "roles": ["REALM_APP_COMPOSITE_ROLE"]
- },
- {
- "username": "APP_COMPOSITE_USER",
- "roles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"]
- }
- ],
"scopeMappings": [
{
"client": "REALM_COMPOSITE_1_APPLICATION",
@@ -187,14 +176,6 @@
},
- "applicationRoleMappings": {
- "APP_ROLE_APPLICATION": [
- {
- "username": "REALM_APP_ROLE_USER",
- "roles": ["APP_ROLE_2"]
- }
- ]
- },
"applicationScopeMappings": {
"APP_ROLE_APPLICATION": [
{
model/tests/src/test/resources/testrealm.json 48(+12 -36)
diff --git a/model/tests/src/test/resources/testrealm.json b/model/tests/src/test/resources/testrealm.json
index 4ab4ebf..1e9ff54 100755
--- a/model/tests/src/test/resources/testrealm.json
+++ b/model/tests/src/test/resources/testrealm.json
@@ -52,7 +52,11 @@
"type": "password",
"value": "userpassword"
}
- ]
+ ],
+ "applicationRoles": {
+ "Application": [ "app-user" ],
+ "OtherApp": [ "otherapp-user" ]
+ }
},
{
"username": "loginclient",
@@ -72,7 +76,12 @@
"type": "password",
"value": "adminpassword"
}
- ]
+ ],
+ "realmRoles": [ "admin" ],
+ "applicationRoles": {
+ "Application": [ "app-admin" ],
+ "OtherApp": [ "otherapp-admin" ]
+ }
},
{
"username": "mySocialUser",
@@ -80,12 +89,7 @@
"authenticationLink": {
"authProvider": "picketlink",
"authUserId": "myUser1"
- }
- }
- ],
- "socialMappings": [
- {
- "username": "mySocialUser",
+ },
"socialLinks": [
{
"socialProvider": "facebook",
@@ -148,40 +152,12 @@
]
}
},
- "roleMappings": [
- {
- "username": "admin",
- "roles": ["admin"]
- }
- ],
"scopeMappings": [
{
"client": "oauthclient",
"roles": ["admin"]
}
],
- "applicationRoleMappings": {
- "Application": [
- {
- "username": "wburke",
- "roles": ["app-user"]
- },
- {
- "username": "admin",
- "roles": ["app-admin"]
- }
- ],
- "OtherApp": [
- {
- "username": "wburke",
- "roles": ["otherapp-user"]
- },
- {
- "username": "admin",
- "roles": ["otherapp-admin"]
- }
- ]
- },
"applicationScopeMappings": {
"Application": [
{
diff --git a/model/tests/src/test/resources/testrealm2.json b/model/tests/src/test/resources/testrealm2.json
index ff9e3bc..08073c1 100755
--- a/model/tests/src/test/resources/testrealm2.json
+++ b/model/tests/src/test/resources/testrealm2.json
@@ -20,8 +20,13 @@
"lastName": "Burke",
"credentials" : [
{ "type" : "password",
- "value" : "password" }
- ]
+ "value" : "password" }
+ ],
+ "realmRoles": ["user"],
+ "applicationRoles": {
+ "account": [ "manage-account" ]
+ }
+
}
],
"roles" : {
@@ -36,12 +41,6 @@
}
]
},
- "roleMappings": [
- {
- "username": "bburke@redhat.com",
- "roles": ["user"]
- }
- ],
"scopeMappings": [
{
"client": "third-party",
@@ -87,14 +86,6 @@
],
"secret": "password"
}
- ],
- "applicationRoleMappings": {
- "account": [
- {
- "username": "bburke@redhat.com",
- "roles": ["manage-account"]
- }
- ]
- }
+ ]
}
diff --git a/model/tests/src/test/resources/testrealm-demo.json b/model/tests/src/test/resources/testrealm-demo.json
index 90d348c..5d5d828 100755
--- a/model/tests/src/test/resources/testrealm-demo.json
+++ b/model/tests/src/test/resources/testrealm-demo.json
@@ -13,13 +13,12 @@
{
"username" : "bburke@redhat.com",
"enabled": true,
- "attributes" : {
- "email" : "bburke@redhat.com"
- },
+ "email" : "bburke@redhat.com",
"credentials" : [
{ "type" : "Password",
- "value" : "password" }
- ]
+ "value" : "password" }
+ ],
+ "realmRoles": [ "user" ]
}
],
"oauthClients" : [
@@ -42,12 +41,6 @@
]
},
- "roleMappings": [
- {
- "username": "bburke@redhat.com",
- "roles": ["user"]
- }
- ],
"scopeMappings": [
{
"client": "third-party",
diff --git a/project-integrations/aerogear-ups/auth-server/src/main/webapp/WEB-INF/testrealm.json b/project-integrations/aerogear-ups/auth-server/src/main/webapp/WEB-INF/testrealm.json
index 7243991..5b442b0 100755
--- a/project-integrations/aerogear-ups/auth-server/src/main/webapp/WEB-INF/testrealm.json
+++ b/project-integrations/aerogear-ups/auth-server/src/main/webapp/WEB-INF/testrealm.json
@@ -22,7 +22,11 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
- ]
+ ],
+ "realmRoles": [ "user" ],
+ "applicationRoles": {
+ "account": [ "manage-account" ]
+ }
},
{
"username" : "admin",
@@ -35,7 +39,13 @@
],
"requiredActions": [
"UPDATE_PASSWORD"
- ]
+ ],
+ "realmRoles": [ "user","admin" ],
+ "applicationRoles": {
+ "realm-management": [ "realm-admin" ],
+ "account": [ "manage-account" ]
+ }
+
}
],
"roles" : {
@@ -50,16 +60,6 @@
}
]
},
- "roleMappings": [
- {
- "username": "bburke@redhat.com",
- "roles": ["user"]
- },
- {
- "username": "admin",
- "roles": ["user", "admin"]
- }
- ],
"scopeMappings": [
{
"client": "unified-push-server",
@@ -77,24 +77,6 @@
"/aerogear-ups/*"
]
}
- ],
- "applicationRoleMappings": {
- "account": [
- {
- "username": "bburke@redhat.com",
- "roles": ["manage-account"]
- },
- {
- "username": "admin",
- "roles": ["manage-account"]
- }
- ],
- "realm-management": [
- {
- "username": "admin",
- "roles": ["realm-admin"]
- }
- ]
- }
+ ]
}
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
index af861d4..49a1ab5 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
@@ -115,19 +115,18 @@ public class ApplicationManager {
return applicationModel;
}
- public void createRoleMappings(RealmModel realm, ApplicationModel applicationModel, List<UserRoleMappingRepresentation> mappings) {
- for (UserRoleMappingRepresentation mapping : mappings) {
- UserModel user = realm.getUser(mapping.getUsername());
+ public void createRoleMappings(ApplicationModel applicationModel, UserModel user, List<String> roleNames) {
+ for (String roleName : roleNames) {
if (user == null) {
throw new RuntimeException("User not found");
}
- for (String roleString : mapping.getRoles()) {
- RoleModel role = applicationModel.getRole(roleString.trim());
- if (role == null) {
- role = applicationModel.addRole(roleString.trim());
- }
- user.grantRole(role);
+
+ RoleModel role = applicationModel.getRole(roleName.trim());
+ if (role == null) {
+ role = applicationModel.addRole(roleName.trim());
}
+ user.grantRole(role);
+
}
}
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index aba6233..fd2c61f 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -29,7 +29,6 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.ScopeMappingRepresentation;
import org.keycloak.representations.idm.SocialLinkRepresentation;
-import org.keycloak.representations.idm.SocialMappingRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserRoleMappingRepresentation;
@@ -355,8 +354,6 @@ public class RealmManager {
if (rep.getAdminTheme() != null) newRealm.setAdminTheme(rep.getAdminTheme());
if (rep.getEmailTheme() != null) newRealm.setEmailTheme(rep.getEmailTheme());
- Map<String, UserModel> userMap = new HashMap<String, UserModel>();
-
if (rep.getRequiredCredentials() != null) {
for (String requiredCred : rep.getRequiredCredentials()) {
addRequiredCredential(newRealm, requiredCred);
@@ -367,13 +364,6 @@ public class RealmManager {
if (rep.getPasswordPolicy() != null) newRealm.setPasswordPolicy(new PasswordPolicy(rep.getPasswordPolicy()));
- if (rep.getUsers() != null) {
- for (UserRepresentation userRep : rep.getUsers()) {
- UserModel user = createUser(newRealm, userRep);
- userMap.put(user.getUsername(), user);
- }
- }
-
if (rep.getApplications() != null) {
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
}
@@ -428,20 +418,10 @@ public class RealmManager {
createOAuthClients(rep, newRealm);
}
- // Now that all possible users and applications are created (users, apps, and oauth clients), do role mappings and scope mappings
- Map<String, ApplicationModel> appMap = newRealm.getApplicationNameMap();
+ // Now that all possible roles and applications are created, create scope mappings
- if (rep.getApplicationRoleMappings() != null) {
- ApplicationManager manager = new ApplicationManager(this);
- for (Map.Entry<String, List<UserRoleMappingRepresentation>> entry : rep.getApplicationRoleMappings().entrySet()) {
- ApplicationModel app = appMap.get(entry.getKey());
- if (app == null) {
- throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
- }
- manager.createRoleMappings(newRealm, app, entry.getValue());
- }
- }
+ Map<String, ApplicationModel> appMap = newRealm.getApplicationNameMap();
if (rep.getApplicationScopeMappings() != null) {
ApplicationManager manager = new ApplicationManager(this);
@@ -454,20 +434,6 @@ public class RealmManager {
}
}
-
- if (rep.getRoleMappings() != null) {
- for (UserRoleMappingRepresentation mapping : rep.getRoleMappings()) {
- UserModel user = userMap.get(mapping.getUsername());
- for (String roleString : mapping.getRoles()) {
- RoleModel role = newRealm.getRole(roleString.trim());
- if (role == null) {
- role = newRealm.addRole(roleString.trim());
- }
- user.grantRole(role);
- }
- }
- }
-
if (rep.getScopeMappings() != null) {
for (ScopeMappingRepresentation scope : rep.getScopeMappings()) {
for (String roleString : scope.getRoles()) {
@@ -482,16 +448,6 @@ public class RealmManager {
}
}
- if (rep.getSocialMappings() != null) {
- for (SocialMappingRepresentation socialMapping : rep.getSocialMappings()) {
- UserModel user = userMap.get(socialMapping.getUsername());
- for (SocialLinkRepresentation link : socialMapping.getSocialLinks()) {
- SocialLinkModel mappingModel = new SocialLinkModel(link.getSocialProvider(), link.getSocialUserId(), link.getSocialUsername());
- newRealm.addSocialLink(user, mappingModel);
- }
- }
- }
-
if (rep.getSmtpServer() != null) {
newRealm.setSmtpConfig(new HashMap(rep.getSmtpServer()));
}
@@ -510,6 +466,14 @@ public class RealmManager {
List<AuthenticationProviderModel> authProviderModels = Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER);
newRealm.setAuthenticationProviders(authProviderModels);
}
+
+ // create users and their role mappings and social mappings
+
+ if (rep.getUsers() != null) {
+ for (UserRepresentation userRep : rep.getUsers()) {
+ UserModel user = createUser(newRealm, userRep, appMap);
+ }
+ }
}
public void addComposites(RoleModel role, RoleRepresentation roleRep, RealmModel realm) {
@@ -550,8 +514,8 @@ public class RealmManager {
}
- public UserModel createUser(RealmModel newRealm, UserRepresentation userRep) {
- UserModel user = newRealm.addUser(userRep.getUsername());
+ public UserModel createUser(RealmModel newRealm, UserRepresentation userRep, Map<String, ApplicationModel> appMap) {
+ UserModel user = newRealm.addUser(userRep.getId(), userRep.getUsername(), false);
user.setEnabled(userRep.isEnabled());
user.setEmail(userRep.getEmail());
user.setFirstName(userRep.getFirstName());
@@ -577,6 +541,31 @@ public class RealmManager {
AuthenticationLinkModel authLink = new AuthenticationLinkModel(link.getAuthProvider(), link.getAuthUserId());
user.setAuthenticationLink(authLink);
}
+ if (userRep.getSocialLinks() != null) {
+ for (SocialLinkRepresentation socialLink : userRep.getSocialLinks()) {
+ SocialLinkModel mappingModel = new SocialLinkModel(socialLink.getSocialProvider(), socialLink.getSocialUserId(), socialLink.getSocialUsername());
+ newRealm.addSocialLink(user, mappingModel);
+ }
+ }
+ if (userRep.getRealmRoles() != null) {
+ for (String roleString : userRep.getRealmRoles()) {
+ RoleModel role = newRealm.getRole(roleString.trim());
+ if (role == null) {
+ role = newRealm.addRole(roleString.trim());
+ }
+ user.grantRole(role);
+ }
+ }
+ if (userRep.getApplicationRoles() != null) {
+ ApplicationManager manager = new ApplicationManager(this);
+ for (Map.Entry<String, List<String>> entry : userRep.getApplicationRoles().entrySet()) {
+ ApplicationModel app = appMap.get(entry.getKey());
+ if (app == null) {
+ throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
+ }
+ manager.createRoleMappings(app, user, entry.getValue());
+ }
+ }
return user;
}
diff --git a/testsuite/integration/src/test/resources/adapter-test/demorealm.json b/testsuite/integration/src/test/resources/adapter-test/demorealm.json
index d27b3ec..68b3c6d 100755
--- a/testsuite/integration/src/test/resources/adapter-test/demorealm.json
+++ b/testsuite/integration/src/test/resources/adapter-test/demorealm.json
@@ -22,7 +22,11 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
- ]
+ ],
+ "realmRoles": [ "user" ],
+ "applicationRoles": {
+ "account": [ "manage-account" ]
+ }
}
],
"roles" : {
@@ -37,12 +41,6 @@
}
]
},
- "roleMappings": [
- {
- "username": "bburke@redhat.com",
- "roles": ["user"]
- }
- ],
"scopeMappings": [
{
"client": "third-party",
@@ -109,14 +107,5 @@
],
"secret": "password"
}
- ],
- "applicationRoleMappings": {
- "account": [
- {
- "username": "bburke@redhat.com",
- "roles": ["manage-account"]
- }
- ]
- }
-
+ ]
}
diff --git a/testsuite/integration/src/test/resources/adapter-test/demorealm-relative.json b/testsuite/integration/src/test/resources/adapter-test/demorealm-relative.json
index 80132e0..c1855c6 100755
--- a/testsuite/integration/src/test/resources/adapter-test/demorealm-relative.json
+++ b/testsuite/integration/src/test/resources/adapter-test/demorealm-relative.json
@@ -21,7 +21,11 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
- ]
+ ],
+ "realmRoles": [ "user" ],
+ "applicationRoles": {
+ "account": [ "manage-account" ]
+ }
}
],
"roles" : {
@@ -36,12 +40,6 @@
}
]
},
- "roleMappings": [
- {
- "username": "bburke@redhat.com",
- "roles": ["user"]
- }
- ],
"scopeMappings": [
{
"client": "third-party",
@@ -107,14 +105,5 @@
],
"secret": "password"
}
- ],
- "applicationRoleMappings": {
- "account": [
- {
- "username": "bburke@redhat.com",
- "roles": ["manage-account"]
- }
- ]
- }
-
+ ]
}
diff --git a/testsuite/integration/src/test/resources/admin-test/testrealm.json b/testsuite/integration/src/test/resources/admin-test/testrealm.json
index b703f75..b83c437 100755
--- a/testsuite/integration/src/test/resources/admin-test/testrealm.json
+++ b/testsuite/integration/src/test/resources/admin-test/testrealm.json
@@ -20,8 +20,12 @@
"email" : "test-user@localhost",
"credentials" : [
{ "type" : "password",
- "value" : "password" }
- ]
+ "value" : "password" }
+ ],
+ "realmRoles": [ "test-user@localhost" ],
+ "applicationRoles": {
+ "test-app": ["customer-user"]
+ }
}
],
"oauthClients" : [
@@ -34,12 +38,6 @@
"secret": "password"
}
],
- "roleMappings": [
- {
- "username": "test-user@localhost",
- "roles": ["user"]
- }
- ],
"scopeMappings": [
{
"client": "third-party",
@@ -88,14 +86,6 @@
},
- "applicationRoleMappings": {
- "test-app": [
- {
- "username": "test-user@localhost",
- "roles": ["customer-user"]
- }
- ]
- },
"applicationScopeMappings": {
"test-app": [
{
diff --git a/testsuite/integration/src/test/resources/testcomposite.json b/testsuite/integration/src/test/resources/testcomposite.json
index 6e01de3..4b5e4c5 100755
--- a/testsuite/integration/src/test/resources/testcomposite.json
+++ b/testsuite/integration/src/test/resources/testcomposite.json
@@ -22,7 +22,8 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
- ]
+ ],
+ "realmRoles": [ "REALM_COMPOSITE_1" ]
},
{
"username" : "REALM_ROLE_1_USER",
@@ -31,7 +32,8 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
- ]
+ ],
+ "realmRoles": ["REALM_ROLE_1"]
},
{
"username" : "REALM_APP_COMPOSITE_USER",
@@ -40,7 +42,8 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
- ]
+ ],
+ "realmRoles": ["REALM_APP_COMPOSITE_ROLE"]
},
{
"username" : "REALM_APP_ROLE_USER",
@@ -49,7 +52,10 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
- ]
+ ],
+ "applicationRoles": {
+ "APP_ROLE_APPLICATION": [ "APP_ROLE_2" ]
+ }
},
{
"username" : "APP_COMPOSITE_USER",
@@ -58,7 +64,8 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
- ]
+ ],
+ "realmRoles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"]
}
],
"oauthClients" : [
@@ -68,24 +75,6 @@
"secret": "password"
}
],
- "roleMappings": [
- {
- "username": "REALM_COMPOSITE_1_USER",
- "roles": ["REALM_COMPOSITE_1"]
- },
- {
- "username": "REALM_ROLE_1_USER",
- "roles": ["REALM_ROLE_1"]
- },
- {
- "username": "REALM_APP_COMPOSITE_USER",
- "roles": ["REALM_APP_COMPOSITE_ROLE"]
- },
- {
- "username": "APP_COMPOSITE_USER",
- "roles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"]
- }
- ],
"scopeMappings": [
{
"client": "REALM_COMPOSITE_1_APPLICATION",
@@ -199,14 +188,6 @@
},
- "applicationRoleMappings": {
- "APP_ROLE_APPLICATION": [
- {
- "username": "REALM_APP_ROLE_USER",
- "roles": ["APP_ROLE_2"]
- }
- ]
- },
"applicationScopeMappings": {
"APP_ROLE_APPLICATION": [
{
diff --git a/testsuite/integration/src/test/resources/testrealm.json b/testsuite/integration/src/test/resources/testrealm.json
index 8c889e0..b937db3 100755
--- a/testsuite/integration/src/test/resources/testrealm.json
+++ b/testsuite/integration/src/test/resources/testrealm.json
@@ -21,8 +21,13 @@
"email" : "test-user@localhost",
"credentials" : [
{ "type" : "password",
- "value" : "password" }
- ]
+ "value" : "password" }
+ ],
+ "realmRoles": ["user"],
+ "applicationRoles": {
+ "test-app": [ "customer-user" ],
+ "account": [ "view-profile", "manage-account" ]
+ }
}
],
"oauthClients" : [
@@ -35,12 +40,6 @@
"secret": "password"
}
],
- "roleMappings": [
- {
- "username": "test-user@localhost",
- "roles": ["user"]
- }
- ],
"scopeMappings": [
{
"client": "third-party",
@@ -89,14 +88,6 @@
},
- "applicationRoleMappings": {
- "test-app": [
- {
- "username": "test-user@localhost",
- "roles": ["customer-user"]
- }
- ]
- },
"applicationScopeMappings": {
"test-app": [
{
diff --git a/testsuite/performance-web/src/main/resources/perfrealm.json b/testsuite/performance-web/src/main/resources/perfrealm.json
index 78d31ea..dc4c959 100644
--- a/testsuite/performance-web/src/main/resources/perfrealm.json
+++ b/testsuite/performance-web/src/main/resources/perfrealm.json
@@ -21,7 +21,12 @@
"credentials" : [
{ "type" : "password",
"value" : "password" }
- ]
+ ],
+ "realmRoles": [ "user" ],
+ "applicationRoles": {
+ "perf-app": [ "customer-user" ],
+ "account": [ "view-account", "manage-account" ]
+ }
}
],
"oauthClients" : [
@@ -34,12 +39,6 @@
"secret": "password"
}
],
- "roleMappings": [
- {
- "username": "test@localhost",
- "roles": ["user"]
- }
- ],
"scopeMappings": [
{
"client": "third-party",
@@ -102,14 +101,6 @@
},
- "applicationRoleMappings": {
- "perf-app": [
- {
- "username": "test@localhost",
- "roles": ["customer-user"]
- }
- ]
- },
"applicationScopeMappings": {
"perf-app": [
{