Details
diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
index c520fd3..3b9b4d1 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -33,6 +33,7 @@ public class RealmRepresentation {
protected Set<String> requiredApplicationCredentials;
protected Set<String> requiredOAuthClientCredentials;
protected List<UserRepresentation> users;
+ protected List<UserRepresentation> clients;
protected List<UserRoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings;
protected List<SocialMappingRepresentation> socialMappings;
@@ -68,6 +69,10 @@ public class RealmRepresentation {
return users;
}
+ public List<UserRepresentation> getClients() {
+ return clients;
+ }
+
public List<ApplicationRepresentation> getApplications() {
return applications;
}
@@ -84,6 +89,10 @@ public class RealmRepresentation {
this.users = users;
}
+ public void setClients(List<UserRepresentation> clients) {
+ this.clients = clients;
+ }
+
public UserRepresentation user(String username) {
UserRepresentation user = new UserRepresentation();
user.setUsername(username);
diff --git a/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json b/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
index 284a4be..c30c963 100755
--- a/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
+++ b/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
@@ -26,7 +26,9 @@
{ "type" : "password",
"value" : "password" }
]
- },
+ }
+ ],
+ "clients" : [
{
"username" : "third-party",
"enabled": true,
@@ -50,10 +52,6 @@
{
"username": "bburke@redhat.com",
"roles": ["user"]
- },
- {
- "username": "third-party",
- "roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
}
],
"scopeMappings": [
@@ -88,4 +86,4 @@
]
}
]
-}
\ No newline at end of file
+}
diff --git a/examples/as7-eap-dev/server/src/main/resources/META-INF/testrealm.json b/examples/as7-eap-dev/server/src/main/resources/META-INF/testrealm.json
index 41fe13e..b289fcf 100755
--- a/examples/as7-eap-dev/server/src/main/resources/META-INF/testrealm.json
+++ b/examples/as7-eap-dev/server/src/main/resources/META-INF/testrealm.json
@@ -26,7 +26,9 @@
{ "type" : "password",
"value" : "password" }
]
- },
+ }
+ ],
+ "clients" : [
{
"username" : "third-party",
"enabled": true,
@@ -50,10 +52,6 @@
{
"username": "bburke@redhat.com",
"roles": ["user"]
- },
- {
- "username": "third-party",
- "roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
}
],
"scopeMappings": [
@@ -89,4 +87,4 @@
]
}
]
-}
\ No newline at end of file
+}
diff --git a/model/api/src/main/java/org/keycloak/models/Constants.java b/model/api/src/main/java/org/keycloak/models/Constants.java
index b02c9c2..53f0813 100755
--- a/model/api/src/main/java/org/keycloak/models/Constants.java
+++ b/model/api/src/main/java/org/keycloak/models/Constants.java
@@ -5,11 +5,12 @@ package org.keycloak.models;
* @version $Revision: 1 $
*/
public interface Constants {
+ String INTERNAL_ROLE = "KEYCLOAK_";
String ADMIN_REALM = "Keycloak Administration";
String ADMIN_CONSOLE_APPLICATION = "Admin Console";
String ADMIN_CONSOLE_ADMIN_ROLE = "admin";
- String APPLICATION_ROLE = "KEYCLOAK_APPLICATION";
- String IDENTITY_REQUESTER_ROLE = "KEYCLOAK_IDENTITY_REQUESTER";
+ String APPLICATION_ROLE = INTERNAL_ROLE + "_APPLICATION";
+ String IDENTITY_REQUESTER_ROLE = INTERNAL_ROLE + "_IDENTITY_REQUESTER";
String WILDCARD_ROLE = "*";
String ACCOUNT_APPLICATION = "Account";
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index 5775422..416d5eb 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -661,7 +661,6 @@ public class RealmAdapter implements RealmModel {
builder.append(attribute).append(" like '%").append(entry.getValue().toLowerCase()).append("%'");
}
String q = builder.toString();
- System.out.println(q);
TypedQuery<UserEntity> query = em.createQuery(q, UserEntity.class);
List<UserEntity> results = query.getResultList();
List<UserModel> users = new ArrayList<UserModel>();
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index 10832ad..d042270 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -224,6 +224,14 @@ public class RealmManager {
}
}
+ if (rep.getClients() != null) {
+ for (UserRepresentation clientRep : rep.getClients()) {
+ UserModel client = createUser(newRealm, clientRep);
+ newRealm.grantRole(client, newRealm.getRole(Constants.IDENTITY_REQUESTER_ROLE));
+ userMap.put(client.getLoginName(), client);
+ }
+ }
+
if (rep.getRoles() != null) {
for (RoleRepresentation roleRep : rep.getRoles()) {
createRole(newRealm, roleRep);
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
index c0c0a5f..1ab393f 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
@@ -1,6 +1,7 @@
package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
+import org.keycloak.models.Constants;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.RoleRepresentation;
@@ -39,9 +40,11 @@ public class RoleContainerResource {
List<RoleModel> roleModels = roleContainer.getRoles();
List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : roleModels) {
- RoleRepresentation role = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
- role.setId(roleModel.getId());
- roles.add(role);
+ if (!roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
+ RoleRepresentation role = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
+ role.setId(roleModel.getId());
+ roles.add(role);
+ }
}
return roles;
}
@@ -52,7 +55,7 @@ public class RoleContainerResource {
@Produces("application/json")
public RoleRepresentation getRole(final @PathParam("id") String id) {
RoleModel roleModel = roleContainer.getRoleById(id);
- if (roleModel == null) {
+ if (roleModel == null || roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException();
}
RoleRepresentation rep = new RoleRepresentation(roleModel.getName(), roleModel.getDescription());
@@ -65,7 +68,7 @@ public class RoleContainerResource {
@Consumes("application/json")
public void updateRole(final @PathParam("id") String id, final RoleRepresentation rep) {
RoleModel role = roleContainer.getRoleById(id);
- if (role == null) {
+ if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new NotFoundException();
}
role.setName(rep.getName());
@@ -76,7 +79,7 @@ public class RoleContainerResource {
@POST
@Consumes("application/json")
public Response createRole(final @Context UriInfo uriInfo, final RoleRepresentation rep) {
- if (roleContainer.getRole(rep.getName()) != null) {
+ if (roleContainer.getRole(rep.getName()) != null || rep.getName().startsWith(Constants.INTERNAL_ROLE)) {
throw new InternalServerErrorException(); // todo appropriate status here.
}
RoleModel role = roleContainer.addRole(rep.getName());
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index 029d4c9..46a0438 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -3,6 +3,7 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@@ -98,7 +99,7 @@ public class UsersResource {
@Produces("application/json")
public UserRepresentation getUser(final @PathParam("username") String username) {
UserModel user = realm.getUser(username);
- if (user == null) {
+ if (user == null || !isUser(user)) {
throw new NotFoundException();
}
return new RealmManager(session).toRepresentation(user);
@@ -117,7 +118,9 @@ public class UsersResource {
if (search != null) {
List<UserModel> userModels = manager.searchUsers(search, realm);
for (UserModel user : userModels) {
- results.add(manager.toRepresentation(user));
+ if (isUser(user)) {
+ results.add(manager.toRepresentation(user));
+ }
}
} else {
Map<String, String> attributes = new HashMap<String, String>();
@@ -142,6 +145,10 @@ public class UsersResource {
return results;
}
+ private boolean isUser(UserModel user) {
+ return !realm.hasRole(user, realm.getRole(Constants.IDENTITY_REQUESTER_ROLE)) && !realm.hasRole(user, realm.getRole(Constants.APPLICATION_ROLE));
+ }
+
@Path("{username}/role-mappings")
@GET
@Produces("application/json")
diff --git a/services/src/test/resources/testrealm-demo.json b/services/src/test/resources/testrealm-demo.json
index 92d23ea..75173d7 100755
--- a/services/src/test/resources/testrealm-demo.json
+++ b/services/src/test/resources/testrealm-demo.json
@@ -23,7 +23,9 @@
{ "type" : "Password",
"value" : "password" }
]
- },
+ }
+ ],
+ "clients" : [
{
"username" : "third-party",
"enabled": true,
@@ -47,10 +49,6 @@
{
"username": "bburke@redhat.com",
"roles": ["user"]
- },
- {
- "username": "third-party",
- "roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
}
],
"scopeMappings": [
@@ -87,4 +85,4 @@
]
}
]
-}
\ No newline at end of file
+}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
index 15f1cbf..b504852 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
@@ -63,7 +63,7 @@ public class AccessTokenTest {
Assert.assertEquals(200, response.getStatusCode());
- Assert.assertTrue(response.getExpiresIn() <= 300 && response.getExpiresIn() >= 250);
+ Assert.assertTrue(response.getExpiresIn() <= 600 && response.getExpiresIn() >= 550);
Assert.assertEquals("bearer", response.getTokenType());
diff --git a/testsuite/integration/src/test/resources/testrealm.json b/testsuite/integration/src/test/resources/testrealm.json
index f4ef0c5..6ed4949 100755
--- a/testsuite/integration/src/test/resources/testrealm.json
+++ b/testsuite/integration/src/test/resources/testrealm.json
@@ -2,8 +2,8 @@
"id": "test",
"realm": "test",
"enabled": true,
- "tokenLifespan": 300,
- "accessCodeLifespan": 10,
+ "tokenLifespan": 600,
+ "accessCodeLifespan": 600,
"accessCodeLifespanUserAction": 600,
"sslNotRequired": true,
"cookieLoginAllowed": true,
@@ -30,7 +30,9 @@
{ "type" : "password",
"value" : "password" }
]
- },
+ }
+ ],
+ "clients" : [
{
"username" : "third-party",
"enabled": true,
@@ -54,10 +56,6 @@
{
"username": "test-user@localhost",
"roles": ["user"]
- },
- {
- "username": "third-party",
- "roles": ["KEYCLOAK_IDENTITY_REQUESTER"]
}
],
"scopeMappings": [
