keycloak-uncached
Changes
examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java 23(+4 -19)
examples/pom.xml 1(+1 -0)
model/picketlink/src/main/java/org/keycloak/models/picketlink/PicketlinkKeycloakSession.java 16(+12 -4)
Details
diff --git a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
index 2103030..b9bbc82 100755
--- a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
+++ b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
@@ -1,13 +1,12 @@
package org.keycloak.example.demo;
import org.jboss.resteasy.jwt.JsonSerialization;
-import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.services.managers.ApplianceBootstrap;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.resources.KeycloakApplication;
-import org.keycloak.services.resources.SaasService;
import javax.servlet.ServletContext;
import javax.ws.rs.core.Context;
@@ -24,27 +23,13 @@ public class DemoApplication extends KeycloakApplication {
super(servletContext);
KeycloakSession session = factory.createSession();
session.getTransaction().begin();
- RealmManager realmManager = new RealmManager(session);
- if (realmManager.defaultRealm() == null) {
- install(realmManager);
- }
+ ApplianceBootstrap bootstrap = new ApplianceBootstrap();
+ bootstrap.bootstrap(session);
+ install(new RealmManager(session));
session.getTransaction().commit();
}
public void install(RealmManager manager) {
- RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
- defaultRealm.setName(RealmModel.DEFAULT_REALM);
- defaultRealm.setEnabled(true);
- defaultRealm.setTokenLifespan(300);
- defaultRealm.setAccessCodeLifespan(60);
- defaultRealm.setSslNotRequired(true);
- defaultRealm.setCookieLoginAllowed(true);
- defaultRealm.setRegistrationAllowed(true);
- manager.generateRealmKeys(defaultRealm);
- defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
- defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
- defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
-
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
RealmModel realm = manager.createRealm("demo", rep.getRealm());
manager.importRealm(rep, realm);
diff --git a/examples/as7-eap-dev/server/src/main/java/org/keycloak/example/demo/DemoApplication.java b/examples/as7-eap-dev/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
index 2103030..2f512e2 100755
--- a/examples/as7-eap-dev/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
+++ b/examples/as7-eap-dev/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
@@ -1,19 +1,19 @@
package org.keycloak.example.demo;
import org.jboss.resteasy.jwt.JsonSerialization;
-import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.services.managers.ApplianceBootstrap;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.resources.KeycloakApplication;
-import org.keycloak.services.resources.SaasService;
import javax.servlet.ServletContext;
import javax.ws.rs.core.Context;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
@@ -24,27 +24,13 @@ public class DemoApplication extends KeycloakApplication {
super(servletContext);
KeycloakSession session = factory.createSession();
session.getTransaction().begin();
- RealmManager realmManager = new RealmManager(session);
- if (realmManager.defaultRealm() == null) {
- install(realmManager);
- }
+ ApplianceBootstrap bootstrap = new ApplianceBootstrap();
+ bootstrap.bootstrap(session);
+ install(new RealmManager(session));
session.getTransaction().commit();
}
public void install(RealmManager manager) {
- RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
- defaultRealm.setName(RealmModel.DEFAULT_REALM);
- defaultRealm.setEnabled(true);
- defaultRealm.setTokenLifespan(300);
- defaultRealm.setAccessCodeLifespan(60);
- defaultRealm.setSslNotRequired(true);
- defaultRealm.setCookieLoginAllowed(true);
- defaultRealm.setRegistrationAllowed(true);
- manager.generateRealmKeys(defaultRealm);
- defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
- defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
- defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
-
RealmRepresentation rep = loadJson("META-INF/testrealm.json");
RealmModel realm = manager.createRealm("demo", rep.getRealm());
manager.importRealm(rep, realm);
examples/pom.xml 1(+1 -0)
diff --git a/examples/pom.xml b/examples/pom.xml
index d491f21..664977a 100755
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -35,5 +35,6 @@
</build>
<modules>
<module>as7-eap-demo</module>
+ <module>as7-eap-dev</module>
</modules>
</project>
diff --git a/forms/src/main/java/org/keycloak/forms/RealmBean.java b/forms/src/main/java/org/keycloak/forms/RealmBean.java
index c922638..7b5e6b2 100755
--- a/forms/src/main/java/org/keycloak/forms/RealmBean.java
+++ b/forms/src/main/java/org/keycloak/forms/RealmBean.java
@@ -21,6 +21,7 @@
*/
package org.keycloak.forms;
+import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
/**
@@ -35,7 +36,7 @@ public class RealmBean {
public RealmBean(RealmModel realmModel) {
realm = realmModel;
- saas = RealmModel.DEFAULT_REALM.equals(realmModel.getName());
+ saas = Constants.ADMIN_REALM.equals(realmModel.getId());
}
public String getId() {
diff --git a/model/api/src/main/java/org/keycloak/models/Constants.java b/model/api/src/main/java/org/keycloak/models/Constants.java
new file mode 100755
index 0000000..ada97fd
--- /dev/null
+++ b/model/api/src/main/java/org/keycloak/models/Constants.java
@@ -0,0 +1,14 @@
+package org.keycloak.models;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public interface Constants {
+ String ADMIN_REALM = "Keycloak Adminstration";
+ String ADMIN_CONSOLE_APPLICATION = "Admin Console";
+ String ADMIN_CONSOLE_ADMIN_ROLE = "admin";
+ String APPLICATION_ROLE = "KEYCLOAK_APPLICATION";
+ String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER";
+ String WILDCARD_ROLE = "*";
+}
diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java
index d308660..c2300ef 100755
--- a/model/api/src/main/java/org/keycloak/models/RealmModel.java
+++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java
@@ -11,7 +11,6 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMapperModel {
- String DEFAULT_REALM = "default";
String getId();
@@ -97,11 +96,6 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
ApplicationModel addApplication(String name);
- boolean isRealmAdmin(UserModel agent);
-
- void addRealmAdmin(UserModel agent);
-
-
List<RequiredCredentialModel> getRequiredApplicationCredentials();
diff --git a/model/picketlink/src/main/java/org/keycloak/models/picketlink/ApplicationAdapter.java b/model/picketlink/src/main/java/org/keycloak/models/picketlink/ApplicationAdapter.java
index 184feb3..8ad09eb 100755
--- a/model/picketlink/src/main/java/org/keycloak/models/picketlink/ApplicationAdapter.java
+++ b/model/picketlink/src/main/java/org/keycloak/models/picketlink/ApplicationAdapter.java
@@ -71,6 +71,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public void setName(String name) {
applicationData.setResourceName(name);
+ updateApplication();
}
@Override
@@ -81,6 +82,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public void setEnabled(boolean enabled) {
applicationData.setEnabled(enabled);
+ updateApplication();
}
@Override
@@ -91,6 +93,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
applicationData.setSurrogateAuthRequired(surrogateAuthRequired);
+ updateApplication();
}
@Override
@@ -101,6 +104,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public void setManagementUrl(String url) {
applicationData.setManagementUrl(url);
+ updateApplication();
}
@Override
@@ -111,6 +115,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public void setBaseUrl(String url) {
applicationData.setBaseUrl(url);
+ updateApplication();
}
@Override
diff --git a/model/picketlink/src/main/java/org/keycloak/models/picketlink/PicketlinkKeycloakSession.java b/model/picketlink/src/main/java/org/keycloak/models/picketlink/PicketlinkKeycloakSession.java
index 8e2a75d..7d17339 100755
--- a/model/picketlink/src/main/java/org/keycloak/models/picketlink/PicketlinkKeycloakSession.java
+++ b/model/picketlink/src/main/java/org/keycloak/models/picketlink/PicketlinkKeycloakSession.java
@@ -6,6 +6,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.picketlink.mappings.RealmData;
import org.keycloak.models.picketlink.relationships.RealmAdminRelationship;
+import org.keycloak.models.picketlink.relationships.RealmListingRelationship;
import org.keycloak.models.utils.KeycloakSessionUtils;
import org.picketlink.idm.PartitionManager;
import org.picketlink.idm.RelationshipManager;
@@ -56,18 +57,24 @@ public class PicketlinkKeycloakSession implements KeycloakSession {
newRealm.setId(id);
newRealm.setRealmName(name);
partitionManager.add(newRealm);
+ RealmListingRelationship rel = new RealmListingRelationship();
+ // picketlink beta 6 uses Realm name for lookup! Don't forget!
+ rel.setRealm(newRealm.getName());
+ partitionManager.createRelationshipManager().add(rel);
+
RealmAdapter realm = new RealmAdapter(this, newRealm, partitionManager);
return realm;
}
@Override
public List<RealmModel> getRealms(UserModel admin) {
+ // todo ability to assign realm management to a specific admin
+ // currently each admin is allowed to access all realms so just do a big query
RelationshipManager relationshipManager = partitionManager.createRelationshipManager();
- RelationshipQuery<RealmAdminRelationship> query = relationshipManager.createRelationshipQuery(RealmAdminRelationship.class);
- query.setParameter(RealmAdminRelationship.ADMIN, ((UserAdapter)admin).getUser());
- List<RealmAdminRelationship> results = query.getResultList();
+ RelationshipQuery<RealmListingRelationship> query = relationshipManager.createRelationshipQuery(RealmListingRelationship.class);
+ List<RealmListingRelationship> results = query.getResultList();
List<RealmModel> realmModels = new ArrayList<RealmModel>();
- for (RealmAdminRelationship relationship : results) {
+ for (RealmListingRelationship relationship : results) {
String realmName = relationship.getRealm();
RealmModel model = getRealm(realmName);
if (model == null) {
@@ -81,6 +88,7 @@ public class PicketlinkKeycloakSession implements KeycloakSession {
@Override
public RealmAdapter getRealm(String id) {
+ // picketlink beta 6 uses Realm name for lookup! Don't forget!
RealmData existing = partitionManager.getPartition(RealmData.class, id);
if (existing == null) {
return null;
diff --git a/model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java b/model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java
index d5412ce..c6959f0 100755
--- a/model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java
+++ b/model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java
@@ -754,23 +754,6 @@ public class RealmAdapter implements RealmModel {
}
@Override
- public boolean isRealmAdmin(UserModel agent) {
- RelationshipQuery<RealmAdminRelationship> query = getRelationshipManager().createRelationshipQuery(RealmAdminRelationship.class);
- query.setParameter(RealmAdminRelationship.REALM, realm.getName());
- query.setParameter(RealmAdminRelationship.ADMIN, ((UserAdapter)agent).getUser());
- List<RealmAdminRelationship> results = query.getResultList();
- return results.size() > 0;
- }
-
- @Override
- public void addRealmAdmin(UserModel agent) {
- RealmAdminRelationship relationship = new RealmAdminRelationship();
- relationship.setAdmin(((UserAdapter)agent).getUser());
- relationship.setRealm(realm.getName());
- getRelationshipManager().add(relationship);
- }
-
- @Override
public List<RoleModel> getDefaultRoles() {
List<RoleModel> defaultRoleModels = new ArrayList<RoleModel>();
if (realm.getDefaultRoles() != null) {
diff --git a/model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/RealmListingRelationship.java b/model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/RealmListingRelationship.java
new file mode 100755
index 0000000..26636e6
--- /dev/null
+++ b/model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/RealmListingRelationship.java
@@ -0,0 +1,28 @@
+package org.keycloak.models.picketlink.relationships;
+
+import org.picketlink.idm.model.AbstractAttributedType;
+import org.picketlink.idm.model.Attribute;
+import org.picketlink.idm.model.Relationship;
+import org.picketlink.idm.model.sample.User;
+import org.picketlink.idm.query.AttributeParameter;
+import org.picketlink.idm.query.RelationshipQueryParameter;
+
+/**
+ * Picketlink doesn't allow you to query for all partitions, thus this stupid relationship...
+ *
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class RealmListingRelationship extends AbstractAttributedType implements Relationship {
+ private static final long serialVersionUID = 1L;
+
+ public static final AttributeParameter REALM = new AttributeParameter("realm");
+
+ public String getRealm() {
+ return (String)getAttribute("realm").getValue();
+ }
+
+ public void setRealm(String realm) {
+ setAttribute(new Attribute<String>("realm", realm));
+ }
+}
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
index 216339b..e6d3cbb 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
@@ -2,7 +2,6 @@ package org.keycloak.services.managers;
import org.keycloak.models.*;
import org.keycloak.representations.idm.CredentialRepresentation;
-import org.keycloak.services.resources.SaasService;
import java.util.UUID;
@@ -13,17 +12,14 @@ import java.util.UUID;
public class ApplianceBootstrap {
- public static final String ADMIN_REALM = "Keycloak Adminstration";
- public static final String ADMIN_CONSOLE = "Admin Console";
-
public void initKeycloakAdminRealm(RealmModel realm) {
}
public void bootstrap(KeycloakSession session) {
RealmManager manager = new RealmManager(session);
- RealmModel realm = manager.createRealm(ADMIN_REALM, "Keycloak Adminstration");
- realm.setName("Keycloak Adminstration");
+ RealmModel realm = manager.createRealm(Constants.ADMIN_REALM, Constants.ADMIN_REALM);
+ realm.setName(Constants.ADMIN_REALM);
realm.setEnabled(true);
realm.addRequiredCredential(CredentialRepresentation.PASSWORD);
realm.addRequiredOAuthClientCredential(CredentialRepresentation.PASSWORD);
@@ -36,16 +32,16 @@ public class ApplianceBootstrap {
manager.generateRealmKeys(realm);
initKeycloakAdminRealm(realm);
- ApplicationModel adminConsole = realm.addApplication(ADMIN_CONSOLE);
+ ApplicationModel adminConsole = realm.addApplication(Constants.ADMIN_CONSOLE_APPLICATION);
adminConsole.setEnabled(true);
UserCredentialModel adminConsolePassword = new UserCredentialModel();
adminConsolePassword.setType(UserCredentialModel.PASSWORD);
adminConsolePassword.setValue(UUID.randomUUID().toString()); // just a random password as we'll never access it
realm.updateCredential(adminConsole.getApplicationUser(), adminConsolePassword);
- RoleModel applicationRole = realm.getRole(RealmManager.APPLICATION_ROLE);
+ RoleModel applicationRole = realm.getRole(Constants.APPLICATION_ROLE);
realm.grantRole(adminConsole.getApplicationUser(), applicationRole);
- RoleModel adminRole = adminConsole.addRole("admin");
+ RoleModel adminRole = adminConsole.addRole(Constants.ADMIN_CONSOLE_ADMIN_ROLE);
UserModel adminUser = realm.addUser("admin");
adminUser.setEnabled(true);
@@ -53,7 +49,7 @@ public class ApplianceBootstrap {
password.setType(UserCredentialModel.PASSWORD);
password.setValue("admin");
realm.updateCredential(adminUser, password);
- adminUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
+ //adminUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
adminConsole.grantRole(adminUser, adminRole);
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
index 46d3b6c..7156f89 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
@@ -70,7 +70,7 @@ public class ApplicationManager {
}
public ApplicationModel createApplication(RealmModel realm, ApplicationRepresentation resourceRep) {
- RoleModel loginRole = realm.getRole(RealmManager.APPLICATION_ROLE);
+ RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
return createApplication(realm, loginRole, resourceRep);
}
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index 00893f9..b48d710 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -7,6 +7,7 @@ import org.jboss.resteasy.spi.HttpResponse;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
+import org.keycloak.models.Constants;
import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.models.RealmModel;
@@ -33,18 +34,6 @@ public class AuthenticationManager {
public static final String FORM_USERNAME = "username";
public static final String KEYCLOAK_IDENTITY_COOKIE = "KEYCLOAK_IDENTITY";
- /**
- * Grabs token from headers, authenticates, authorizes
- *
- * @param realm
- * @param headers
- * @return
- */
- public boolean isRealmAdmin(RealmModel realm, HttpHeaders headers) {
- UserModel user = authenticateBearerToken(realm, headers);
- return realm.isRealmAdmin(user);
- }
-
public SkeletonKeyToken createIdentityToken(RealmModel realm, String username) {
SkeletonKeyToken token = new SkeletonKeyToken();
token.id(RealmManager.generateId());
@@ -211,9 +200,9 @@ public class AuthenticationManager {
Set<String> types = new HashSet<String>();
List<RequiredCredentialModel> requiredCredentials = null;
- if (realm.hasRole(user, RealmManager.APPLICATION_ROLE)) {
+ if (realm.hasRole(user, Constants.APPLICATION_ROLE)) {
requiredCredentials = realm.getRequiredApplicationCredentials();
- } else if (realm.hasRole(user, RealmManager.IDENTITY_REQUESTER_ROLE)) {
+ } else if (realm.hasRole(user, Constants.IDENTITY_REQUESTER_ROLE)) {
requiredCredentials = realm.getRequiredOAuthClientCredentials();
} else {
requiredCredentials = realm.getRequiredCredentials();
diff --git a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
index 22ef50e..0b10d61 100755
--- a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
@@ -1,5 +1,6 @@
package org.keycloak.services.managers;
+import org.keycloak.models.Constants;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@@ -18,7 +19,7 @@ public class OAuthClientManager {
public OAuthClientModel create(String name) {
OAuthClientModel model = realm.addOAuthClient(name);
- RoleModel role = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
+ RoleModel role = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
realm.grantRole(model.getOAuthAgent(), role);
return model;
}
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index c683290..af6d4db 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -20,9 +20,6 @@ import java.util.concurrent.atomic.AtomicLong;
public class RealmManager {
protected static final Logger logger = Logger.getLogger(RealmManager.class);
private static AtomicLong counter = new AtomicLong(1);
- public static final String APPLICATION_ROLE = "KEYCLOAK_APPLICATION";
- public static final String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER";
- public static final String WILDCARD_ROLE = "*";
public static String generateId() {
return counter.getAndIncrement() + "-" + System.currentTimeMillis();
@@ -34,8 +31,8 @@ public class RealmManager {
this.identitySession = identitySession;
}
- public RealmModel defaultRealm() {
- return getRealm(RealmModel.DEFAULT_REALM);
+ public RealmModel getKeycloakAdminstrationRealm() {
+ return getRealm(Constants.ADMIN_REALM);
}
public RealmModel getRealm(String id) {
@@ -49,9 +46,9 @@ public class RealmManager {
public RealmModel createRealm(String id, String name) {
RealmModel realm = identitySession.createRealm(id, name);
realm.setName(name);
- realm.addRole(WILDCARD_ROLE);
- realm.addRole(APPLICATION_ROLE);
- realm.addRole(IDENTITY_REQUESTER_ROLE);
+ realm.addRole(Constants.WILDCARD_ROLE);
+ realm.addRole(Constants.APPLICATION_ROLE);
+ realm.addRole(Constants.IDENTITY_REQUESTER_ROLE);
return realm;
}
@@ -99,7 +96,6 @@ public class RealmManager {
//verifyRealmRepresentation(rep);
RealmModel realm = createRealm(rep.getRealm());
importRealm(rep, realm);
- realm.addRealmAdmin(realmCreator);
return realm;
}
@@ -329,7 +325,7 @@ public class RealmManager {
protected void createApplications(RealmRepresentation rep, RealmModel realm) {
- RoleModel loginRole = realm.getRole(RealmManager.APPLICATION_ROLE);
+ RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
ApplicationManager manager = new ApplicationManager(this);
for (ApplicationRepresentation resourceRep : rep.getApplications()) {
manager.createApplication(realm, loginRole, resourceRep);
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index 19da5e3..47ed94d 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -3,12 +3,9 @@ package org.keycloak.services.managers;
import org.jboss.resteasy.jose.Base64Url;
import org.jboss.resteasy.jose.jws.JWSBuilder;
import org.jboss.resteasy.jwt.JsonSerialization;
+import org.keycloak.models.*;
import org.keycloak.representations.SkeletonKeyScope;
import org.keycloak.representations.SkeletonKeyToken;
-import org.keycloak.models.ApplicationModel;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.RoleModel;
-import org.keycloak.models.UserModel;
import javax.ws.rs.core.MultivaluedMap;
import java.io.IOException;
@@ -55,7 +52,7 @@ public class TokenManager {
Set<String> scopeRequest = null;
if (scopeMap != null) {
scopeRequest.addAll(scopeMap.get("realm"));
- if (scopeRequest.contains(RealmManager.WILDCARD_ROLE)) scopeRequest = null;
+ if (scopeRequest.contains(Constants.WILDCARD_ROLE)) scopeRequest = null;
}
for (String role : realmMapping) {
if (
@@ -74,7 +71,7 @@ public class TokenManager {
Set<String> scopeRequest = null;
if (scopeMap != null) {
scopeRequest.addAll(scopeMap.get(resource.getName()));
- if (scopeRequest.contains(RealmManager.WILDCARD_ROLE)) scopeRequest = null;
+ if (scopeRequest.contains(Constants.WILDCARD_ROLE)) scopeRequest = null;
}
for (String role : mapping) {
if (
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
index b64fcfe..15089f6 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
@@ -78,9 +78,6 @@ public class RealmsAdminResource {
RealmManager realmManager = new RealmManager(session);
RealmModel realm = realmManager.getRealm(id);
if (realm == null) throw new NotFoundException();
- if (!realm.isRealmAdmin(admin)) {
- throw new ForbiddenException();
- }
RealmAdminResource adminResource = new RealmAdminResource(admin, realm);
resourceContext.initResource(adminResource);
diff --git a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
index 5981dcb..06c0a06 100755
--- a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
@@ -26,9 +26,9 @@ import java.util.Set;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.models.Constants;
import org.keycloak.services.managers.AccessCodeEntry;
import org.keycloak.services.managers.AuthenticationManager;
-import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.TokenManager;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@@ -81,8 +81,8 @@ public class OAuthFlows {
}
public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) {
- RoleModel resourceRole = realm.getRole(RealmManager.APPLICATION_ROLE);
- RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
+ RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
+ RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
boolean isResource = realm.hasRole(client, resourceRole);
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
return forwardToSecurityFailure("Login requester not allowed to request login.");
diff --git a/services/src/main/java/org/keycloak/services/resources/SaasService.java b/services/src/main/java/org/keycloak/services/resources/SaasService.java
index 01aef1b..0b2c08d 100755
--- a/services/src/main/java/org/keycloak/services/resources/SaasService.java
+++ b/services/src/main/java/org/keycloak/services/resources/SaasService.java
@@ -6,24 +6,17 @@ import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.jboss.resteasy.spi.NotImplementedYetException;
import org.keycloak.models.*;
-import org.keycloak.representations.idm.CredentialRepresentation;
-import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.admin.RealmsAdminResource;
import org.keycloak.services.resources.flows.Flows;
-import org.keycloak.services.validation.Validation;
import javax.ws.rs.*;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.*;
-import java.net.URI;
-import java.util.LinkedList;
-import java.util.List;
-
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
@@ -87,7 +80,7 @@ public class SaasService {
public Response keepalive(final @Context HttpHeaders headers) {
logger.debug("keepalive");
RealmManager realmManager = new RealmManager(session);
- RealmModel realm = realmManager.defaultRealm();
+ RealmModel realm = getAdminstrationRealm(realmManager);
if (realm == null)
throw new NotFoundException();
UserModel user = authManager.authenticateSaasIdentityCookie(realm, uriInfo, headers);
@@ -104,14 +97,15 @@ public class SaasService {
@NoCache
public Response whoAmI(final @Context HttpHeaders headers) {
RealmManager realmManager = new RealmManager(session);
- RealmModel realm = realmManager.defaultRealm();
+ RealmModel realm = getAdminstrationRealm(realmManager);
if (realm == null)
throw new NotFoundException();
UserModel user = authManager.authenticateSaasIdentityCookie(realm, uriInfo, headers);
if (user == null) {
return Response.status(401).build();
}
- return Response.ok(new WhoAmI(user.getLoginName(), user.getFirstName() + " " + user.getLastName())).build();
+ // keycloak is bootstrapped with an admin user with no first/last name, so use login name as display name
+ return Response.ok(new WhoAmI(user.getLoginName(), user.getLoginName())).build();
}
@Path("isLoggedIn.js")
@@ -121,7 +115,7 @@ public class SaasService {
public String isLoggedIn(final @Context HttpHeaders headers) {
logger.debug("WHOAMI Javascript start.");
RealmManager realmManager = new RealmManager(session);
- RealmModel realm = realmManager.defaultRealm();
+ RealmModel realm = getAdminstrationRealm(realmManager);
if (realm == null) {
return "var keycloakCookieLoggedIn = false;";
@@ -145,16 +139,20 @@ public class SaasService {
@Path("admin/realms")
public RealmsAdminResource getRealmsAdmin(@Context final HttpHeaders headers) {
RealmManager realmManager = new RealmManager(session);
- RealmModel saasRealm = realmManager.defaultRealm();
+ RealmModel saasRealm = getAdminstrationRealm(realmManager);
if (saasRealm == null)
throw new NotFoundException();
UserModel admin = authManager.authenticateSaasIdentity(saasRealm, uriInfo, headers);
if (admin == null) {
throw new NotAuthorizedException("Bearer");
}
- RoleModel creatorRole = saasRealm.getRole(SaasService.REALM_CREATOR_ROLE);
- if (!saasRealm.hasRole(admin, creatorRole)) {
- logger.warn("not a Realm creator");
+ ApplicationModel adminConsole = saasRealm.getApplicationNameMap().get(Constants.ADMIN_CONSOLE_APPLICATION);
+ if (adminConsole == null) {
+ throw new NotFoundException();
+ }
+ RoleModel adminRole = adminConsole.getRole(Constants.ADMIN_CONSOLE_ADMIN_ROLE);
+ if (!adminConsole.hasRole(admin, adminRole)) {
+ logger.warn("not a Realm admin");
throw new NotAuthorizedException("Bearer");
}
RealmsAdminResource adminResource = new RealmsAdminResource(admin);
@@ -167,29 +165,18 @@ public class SaasService {
@NoCache
public Response loginPage() {
RealmManager realmManager = new RealmManager(session);
- RealmModel realm = realmManager.defaultRealm();
+ RealmModel realm = getAdminstrationRealm(realmManager);
authManager.expireSaasIdentityCookie(uriInfo);
return Flows.forms(realm, request, uriInfo).forwardToLogin();
}
- @Path("registrations")
- @GET
- @NoCache
- public Response registerPage() {
- RealmManager realmManager = new RealmManager(session);
- RealmModel realm = realmManager.defaultRealm();
- authManager.expireSaasIdentityCookie(uriInfo);
-
- return Flows.forms(realm, request, uriInfo).forwardToRegistration();
- }
-
@Path("logout")
@GET
@NoCache
public Response logout() {
RealmManager realmManager = new RealmManager(session);
- RealmModel realm = realmManager.defaultRealm();
+ RealmModel realm = getAdminstrationRealm(realmManager);
authManager.expireSaasIdentityCookie(uriInfo);
return Flows.forms(realm, request, uriInfo).forwardToLogin();
@@ -209,7 +196,7 @@ public class SaasService {
public Response processLogin(final MultivaluedMap<String, String> formData) {
logger.info("processLogin start");
RealmManager realmManager = new RealmManager(session);
- RealmModel realm = realmManager.defaultRealm();
+ RealmModel realm = getAdminstrationRealm(realmManager);
if (realm == null)
throw new NotFoundException();
@@ -236,91 +223,7 @@ public class SaasService {
}
}
- @Path("registrations")
- @POST
- @Consumes(MediaType.APPLICATION_JSON)
- public Response register(final UserRepresentation newUser) {
- RealmManager realmManager = new RealmManager(session);
- RealmModel defaultRealm = realmManager.defaultRealm();
- UserModel user = registerMe(defaultRealm, newUser);
- if (user == null) {
- return Response.status(400).type("text/plain").entity("Already exists").build();
- }
- URI uri = uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(user.getLoginName()).build();
- return Response.created(uri).build();
- }
-
- @Path("registrations")
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- public Response processRegister(final MultivaluedMap<String, String> formData) {
- RealmManager realmManager = new RealmManager(session);
- RealmModel defaultRealm = realmManager.defaultRealm();
-
- List<String> requiredCredentialTypes = new LinkedList<String>();
- for (RequiredCredentialModel m : defaultRealm.getRequiredCredentials()) {
- requiredCredentialTypes.add(m.getType());
- }
-
- String error = Validation.validateRegistrationForm(formData, requiredCredentialTypes);
- if (error != null) {
- return Flows.forms(defaultRealm, request, uriInfo).setError(error).setFormData(formData)
- .forwardToRegistration();
- }
-
- UserRepresentation newUser = new UserRepresentation();
- newUser.setUsername(formData.getFirst("username"));
- newUser.setEmail(formData.getFirst("email"));
-
- newUser.setFirstName(formData.getFirst("firstName"));
- newUser.setLastName(formData.getFirst("lastName"));
-
- if (requiredCredentialTypes.contains(CredentialRepresentation.PASSWORD)) {
- newUser.credential(CredentialRepresentation.PASSWORD, formData.getFirst("password"));
- }
-
- if (requiredCredentialTypes.contains(CredentialRepresentation.TOTP)) {
- newUser.credential(CredentialRepresentation.TOTP, formData.getFirst("password"));
- }
-
- UserModel user = registerMe(defaultRealm, newUser);
- if (user == null) {
- return Flows.forms(defaultRealm, request, uriInfo).setError(Messages.USERNAME_EXISTS)
- .setFormData(formData).forwardToRegistration();
-
- }
- NewCookie cookie = authManager.createSaasIdentityCookie(defaultRealm, user, uriInfo);
- return Response.status(302).location(contextRoot(uriInfo).path(adminPath).build()).cookie(cookie).build();
- }
-
- protected UserModel registerMe(RealmModel defaultRealm, UserRepresentation newUser) {
- if (!defaultRealm.isEnabled()) {
- throw new ForbiddenException();
- }
- if (!defaultRealm.isRegistrationAllowed()) {
- throw new ForbiddenException();
- }
- UserModel user = defaultRealm.getUser(newUser.getUsername());
- if (user != null) {
- return null;
- }
-
- user = defaultRealm.addUser(newUser.getUsername());
- user.setFirstName(newUser.getFirstName());
- user.setLastName(newUser.getLastName());
- user.setEmail(newUser.getEmail());
- for (CredentialRepresentation cred : newUser.getCredentials()) {
- UserCredentialModel credModel = new UserCredentialModel();
- credModel.setType(cred.getType());
- credModel.setValue(cred.getValue());
- defaultRealm.updateCredential(user, credModel);
- }
-
- for (RoleModel role : defaultRealm.getDefaultRoles()) {
- defaultRealm.grantRole(user, role);
- }
-
- return user;
+ protected RealmModel getAdminstrationRealm(RealmManager realmManager) {
+ return realmManager.getKeycloakAdminstrationRealm();
}
-
}
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index ae4c014..d3322d4 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -15,7 +15,6 @@ import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.AccessCodeEntry;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus;
-import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.services.managers.TokenManager;
import org.keycloak.services.messages.Messages;
@@ -176,6 +175,7 @@ public class TokenService {
public Response processLogin(@QueryParam("client_id") final String clientId, @QueryParam("scope") final String scopeParam,
@QueryParam("state") final String state, @QueryParam("redirect_uri") final String redirect,
final MultivaluedMap<String, String> formData) {
+ logger.info("TokenService.processLogin");
OAuthFlows oauth = Flows.oauth(realm, request, uriInfo, authManager, tokenManager);
if (!realm.isEnabled()) {
@@ -451,8 +451,8 @@ public class TokenService {
return null;
}
- RoleModel resourceRole = realm.getRole(RealmManager.APPLICATION_ROLE);
- RoleModel identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE);
+ RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
+ RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
boolean isResource = realm.hasRole(client, resourceRole);
if (!isResource && !realm.hasRole(client, identityRequestRole)) {
oauth.forwardToSecurityFailure("Login requester not allowed to request login.");
diff --git a/services/src/test/java/org/keycloak/test/AdapterTest.java b/services/src/test/java/org/keycloak/test/AdapterTest.java
index 41aa8e1..7342e5e 100755
--- a/services/src/test/java/org/keycloak/test/AdapterTest.java
+++ b/services/src/test/java/org/keycloak/test/AdapterTest.java
@@ -1,17 +1,15 @@
package org.keycloak.test;
-import org.junit.After;
import org.junit.Assert;
-import org.junit.Before;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.models.*;
import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.services.managers.ApplianceBootstrap;
import org.keycloak.services.managers.OAuthClientManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.models.UserModel.RequiredAction;
-import org.keycloak.services.resources.KeycloakApplication;
import org.keycloak.test.common.AbstractKeycloakTest;
import org.keycloak.test.common.SessionFactoryTestContext;
@@ -35,7 +33,7 @@ public class AdapterTest extends AbstractKeycloakTest {
@Test
public void installTest() throws Exception {
- new InstallationManager().install(getRealmManager());
+ new ApplianceBootstrap().bootstrap(identitySession);
}
@@ -79,6 +77,48 @@ public class AdapterTest extends AbstractKeycloakTest {
}
@Test
+ public void testRealmListing() throws Exception {
+ realmModel = getRealmManager().createRealm("JUGGLER");
+ realmModel.setAccessCodeLifespan(100);
+ realmModel.setAccessCodeLifespanUserAction(600);
+ realmModel.setCookieLoginAllowed(true);
+ realmModel.setEnabled(true);
+ realmModel.setName("JUGGLER");
+ realmModel.setPrivateKeyPem("0234234");
+ realmModel.setPublicKeyPem("0234234");
+ realmModel.setTokenLifespan(1000);
+ realmModel.setAutomaticRegistrationAfterSocialLogin(true);
+ realmModel.addDefaultRole("foo");
+
+ System.out.println(realmModel.getId());
+ realmModel = getRealmManager().getRealm(realmModel.getId());
+ Assert.assertNotNull(realmModel);
+ Assert.assertEquals(realmModel.getAccessCodeLifespan(), 100);
+ Assert.assertEquals(600, realmModel.getAccessCodeLifespanUserAction());
+ Assert.assertEquals(realmModel.getTokenLifespan(), 1000);
+ Assert.assertEquals(realmModel.isEnabled(), true);
+ Assert.assertEquals(realmModel.getName(), "JUGGLER");
+ Assert.assertEquals(realmModel.getPrivateKeyPem(), "0234234");
+ Assert.assertEquals(realmModel.getPublicKeyPem(), "0234234");
+ Assert.assertEquals(realmModel.isAutomaticRegistrationAfterSocialLogin(), true);
+ Assert.assertEquals(1, realmModel.getDefaultRoles().size());
+ Assert.assertEquals("foo", realmModel.getDefaultRoles().get(0).getName());
+
+ String id = realmModel.getId();
+ System.out.println("id: " + id);
+
+ identitySession.getTransaction().commit();
+ identitySession.close();
+ identitySession = factory.createSession();
+ identitySession.getTransaction().begin();
+ realmManager = new RealmManager(identitySession);
+ List<RealmModel> realms = identitySession.getRealms(null);
+ System.out.println("num realms: " + realms.size());
+ Assert.assertEquals(realms.size(), 1);
+ }
+
+
+ @Test
public void test2RequiredCredential() throws Exception {
test1CreateRealm();
realmModel.addRequiredCredential(CredentialRepresentation.PASSWORD);
@@ -126,7 +166,7 @@ public class AdapterTest extends AbstractKeycloakTest {
oauth.setBaseUrl("/foo/bar");
oauth = realmModel.getOAuthClient("oauth-client");
Assert.assertEquals("/foo/bar", oauth.getBaseUrl());
- Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), RealmManager.IDENTITY_REQUESTER_ROLE));
+ Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), Constants.IDENTITY_REQUESTER_ROLE));
}
diff --git a/services/src/test/java/org/keycloak/test/common/AbstractKeycloakTest.java b/services/src/test/java/org/keycloak/test/common/AbstractKeycloakTest.java
old mode 100644
new mode 100755
index baaa9f6..0656f98
--- a/services/src/test/java/org/keycloak/test/common/AbstractKeycloakTest.java
+++ b/services/src/test/java/org/keycloak/test/common/AbstractKeycloakTest.java
@@ -24,9 +24,9 @@ public abstract class AbstractKeycloakTest {
protected static final SessionFactoryTestContext[] TEST_CONTEXTS;
private final SessionFactoryTestContext testContext;
- private KeycloakSessionFactory factory;
- private KeycloakSession identitySession;
- private RealmManager realmManager;
+ protected KeycloakSessionFactory factory;
+ protected KeycloakSession identitySession;
+ protected RealmManager realmManager;
// STATIC METHODS
diff --git a/services/src/test/java/org/keycloak/test/ImportTest.java b/services/src/test/java/org/keycloak/test/ImportTest.java
index 33348ed..febdc39 100755
--- a/services/src/test/java/org/keycloak/test/ImportTest.java
+++ b/services/src/test/java/org/keycloak/test/ImportTest.java
@@ -39,26 +39,9 @@ public class ImportTest extends AbstractKeycloakTest {
@Test
public void install() throws Exception {
RealmManager manager = getRealmManager();
- RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
- defaultRealm.setName(RealmModel.DEFAULT_REALM);
- defaultRealm.setEnabled(true);
- defaultRealm.setTokenLifespan(300);
- defaultRealm.setAccessCodeLifespan(60);
- defaultRealm.setAccessCodeLifespanUserAction(600);
- defaultRealm.setSslNotRequired(false);
- defaultRealm.setCookieLoginAllowed(true);
- defaultRealm.setRegistrationAllowed(true);
- defaultRealm.setAutomaticRegistrationAfterSocialLogin(false);
- manager.generateRealmKeys(defaultRealm);
- defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
- RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
- UserModel admin = defaultRealm.addUser("admin");
- defaultRealm.grantRole(admin, role);
-
RealmRepresentation rep = AbstractKeycloakServerTest.loadJson("testrealm.json");
RealmModel realm = manager.createRealm("demo", rep.getRealm());
manager.importRealm(rep, realm);
- realm.addRealmAdmin(admin);
Assert.assertTrue(realm.isVerifyEmail());
@@ -81,8 +64,6 @@ public class ImportTest extends AbstractKeycloakTest {
List<ApplicationModel> resources = realm.getApplications();
Assert.assertEquals(2, resources.size());
- List<RealmModel> realms = getIdentitySession().getRealms(admin);
- Assert.assertEquals(1, realms.size());
// Test scope relationship
ApplicationModel application = realm.getApplicationNameMap().get("Application");
@@ -118,26 +99,9 @@ public class ImportTest extends AbstractKeycloakTest {
@Test
public void install2() throws Exception {
RealmManager manager = getRealmManager();
- RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
- defaultRealm.setName(RealmModel.DEFAULT_REALM);
- defaultRealm.setEnabled(true);
- defaultRealm.setTokenLifespan(300);
- defaultRealm.setAccessCodeLifespan(60);
- defaultRealm.setAccessCodeLifespanUserAction(600);
- defaultRealm.setSslNotRequired(false);
- defaultRealm.setCookieLoginAllowed(true);
- defaultRealm.setRegistrationAllowed(true);
- defaultRealm.setAutomaticRegistrationAfterSocialLogin(false);
- manager.generateRealmKeys(defaultRealm);
- defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
- RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
- UserModel admin = defaultRealm.addUser("admin");
- defaultRealm.grantRole(admin, role);
-
RealmRepresentation rep = AbstractKeycloakServerTest.loadJson("testrealm-demo.json");
RealmModel realm = manager.createRealm("demo", rep.getRealm());
manager.importRealm(rep, realm);
- realm.addRealmAdmin(admin);
Assert.assertTrue(realm.isAutomaticRegistrationAfterSocialLogin());
Assert.assertEquals(600, realm.getAccessCodeLifespanUserAction());
diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java b/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java
old mode 100644
new mode 100755
index 6dd52b7..b7f2318
--- a/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java
+++ b/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java
@@ -37,17 +37,12 @@ import org.jboss.resteasy.jwt.JsonSerialization;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer;
import org.jboss.resteasy.spi.ResteasyDeployment;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.KeycloakSessionFactory;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.RoleModel;
-import org.keycloak.models.UserModel;
-import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.models.*;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.filters.KeycloakSessionServletFilter;
+import org.keycloak.services.managers.ApplianceBootstrap;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication;
-import org.keycloak.services.resources.SaasService;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -211,24 +206,11 @@ public class KeycloakServer {
try {
RealmManager manager = new RealmManager(session);
- if (manager.getRealm(RealmModel.DEFAULT_REALM) != null) {
+ if (manager.getRealm(Constants.ADMIN_REALM) != null) {
return;
}
- RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
- defaultRealm.setName(RealmModel.DEFAULT_REALM);
- defaultRealm.setEnabled(true);
- defaultRealm.setTokenLifespan(300);
- defaultRealm.setAccessCodeLifespan(60);
- defaultRealm.setAccessCodeLifespanUserAction(600);
- defaultRealm.setSslNotRequired(true);
- defaultRealm.setCookieLoginAllowed(true);
- defaultRealm.setRegistrationAllowed(true);
- manager.generateRealmKeys(defaultRealm);
- defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
- defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
- defaultRealm.addDefaultRole(SaasService.REALM_CREATOR_ROLE);
-
+ new ApplianceBootstrap().bootstrap(session);
session.getTransaction().commit();
} finally {
session.close();
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java
index 7de8741..010b1cc 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java
@@ -32,6 +32,7 @@ import javax.servlet.Servlet;
import org.jboss.resteasy.jwt.JsonSerialization;
import org.junit.rules.ExternalResource;
+import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.RealmRepresentation;
@@ -104,10 +105,10 @@ public class KeycloakRule extends ExternalResource {
try {
RealmManager manager = new RealmManager(session);
- RealmModel defaultRealm = manager.getRealm(RealmModel.DEFAULT_REALM);
+ RealmModel adminstrationRealm = manager.getRealm(Constants.ADMIN_REALM);
RealmModel appRealm = manager.getRealm("test");
- configurer.config(manager, defaultRealm, appRealm);
+ configurer.config(manager, null, appRealm);
session.getTransaction().commit();
} finally {
@@ -117,7 +118,7 @@ public class KeycloakRule extends ExternalResource {
public interface KeycloakSetup {
- void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm);
+ void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm);
}