keycloak-uncached
Changes
audit/jboss-logging/src/main/resources/META-INF/services/org.keycloak.audit.AuditListenerFactory 1(+0 -1)
dependencies/server-all/pom.xml 8(+4 -4)
dependencies/server-min/pom.xml 6(+3 -3)
docbook/reference/en/en-US/modules/events.xml 51(+25 -26)
events/api/pom.xml 6(+3 -3)
events/email/pom.xml 8(+4 -4)
events/email/src/main/java/org/keycloak/events/email/EmailEventListenerProviderFactory.java 14(+7 -7)
events/email/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory 1(+1 -0)
events/jboss-logging/pom.xml 8(+4 -4)
events/jboss-logging/src/main/java/org/keycloak/events/log/JBossLoggingEventListenerProvider.java 14(+7 -7)
events/jboss-logging/src/main/java/org/keycloak/events/log/JBossLoggingEventListenerProviderFactory.java 14(+7 -7)
events/jboss-logging/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory 1(+1 -0)
events/jpa/pom.xml 8(+4 -4)
events/jpa/src/main/resources/META-INF/services/org.keycloak.events.EventStoreProviderFactory 1(+1 -0)
events/mongo/pom.xml 8(+4 -4)
events/mongo/src/main/resources/META-INF/services/org.keycloak.events.EventStoreProviderFactory 1(+1 -0)
events/pom.xml 4(+2 -2)
examples/providers/audit-listener-sysout/src/main/resources/META-INF/services/org.keycloak.audit.AuditListenerFactory 1(+0 -1)
examples/providers/audit-provider-mem/src/main/resources/META-INF/services/org.keycloak.audit.AuditProviderFactory 1(+0 -1)
examples/providers/event-listener-sysout/src/main/java/org/keycloak/examples/providers/events/SysoutEventListenerProvider.java 18(+9 -9)
examples/providers/event-listener-sysout/src/main/java/org/keycloak/examples/providers/events/SysoutEventListenerProviderFactory.java 14(+7 -7)
examples/providers/event-listener-sysout/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory 1(+1 -0)
examples/providers/event-store-mem/README.md 16(+16 -0)
examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventQuery.java 14(+7 -7)
examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProvider.java 14(+7 -7)
examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventStoreProviderFactory.java 16(+8 -8)
examples/providers/event-store-mem/src/main/resources/META-INF/services/org.keycloak.events.EventStoreProviderFactory 1(+1 -0)
examples/providers/pom.xml 4(+2 -2)
export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportUtils.java 10(+5 -5)
forms/account-api/pom.xml 2(+1 -1)
forms/account-freemarker/pom.xml 2(+1 -1)
forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/FreeMarkerAccountProvider.java 14(+7 -7)
forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js 52(+26 -26)
forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-events.html 12(+6 -6)
forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-events-config.html 67(+33 -34)
forms/email-api/pom.xml 2(+1 -1)
forms/email-freemarker/pom.xml 2(+1 -1)
forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java 4(+2 -2)
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java 24(+12 -12)
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java 30(+15 -15)
pom.xml 2(+1 -1)
services/pom.xml 2(+1 -1)
services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java 20(+10 -10)
testsuite/integration/pom.xml 2(+1 -1)
testsuite/integration/README.md 2(+1 -1)
testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java 6(+3 -3)
testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionMultipleActionsTest.java 4(+2 -2)
testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionResetPasswordTest.java 4(+2 -2)
testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java 6(+3 -3)
testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java 4(+2 -2)
testsuite/integration/src/test/java/org/keycloak/testsuite/audit/AuditProviderTest.java 134(+0 -134)
testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java 134(+134 -0)
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java 2(+1 -1)
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java 4(+2 -2)
Details
diff --git a/connections/jpa/src/main/resources/META-INF/persistence.xml b/connections/jpa/src/main/resources/META-INF/persistence.xml
index dde200e..ec843ec 100755
--- a/connections/jpa/src/main/resources/META-INF/persistence.xml
+++ b/connections/jpa/src/main/resources/META-INF/persistence.xml
@@ -25,7 +25,7 @@
<class>org.keycloak.models.sessions.jpa.entities.UsernameLoginFailureEntity</class>
<!-- JpaAuditProvider -->
- <class>org.keycloak.audit.jpa.EventEntity</class>
+ <class>org.keycloak.events.jpa.EventEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes>
diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmEventsConfigRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmEventsConfigRepresentation.java
new file mode 100755
index 0000000..acadc95
--- /dev/null
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmEventsConfigRepresentation.java
@@ -0,0 +1,37 @@
+package org.keycloak.representations.idm;
+
+import java.util.List;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class RealmEventsConfigRepresentation {
+ protected boolean eventsEnabled;
+ protected Long eventsExpiration;
+ protected List<String> eventsListeners;
+
+ public boolean isEventsEnabled() {
+ return eventsEnabled;
+ }
+
+ public void setEventsEnabled(boolean eventsEnabled) {
+ this.eventsEnabled = eventsEnabled;
+ }
+
+ public Long getEventsExpiration() {
+ return eventsExpiration;
+ }
+
+ public void setEventsExpiration(Long eventsExpiration) {
+ this.eventsExpiration = eventsExpiration;
+ }
+
+ public List<String> getEventsListeners() {
+ return eventsListeners;
+ }
+
+ public void setEventsListeners(List<String> eventsListeners) {
+ this.eventsListeners = eventsListeners;
+ }
+}
diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
index dad5eac..f192ecf 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -60,9 +60,9 @@ public class RealmRepresentation {
protected String accountTheme;
protected String adminTheme;
protected String emailTheme;
- protected boolean auditEnabled;
- protected long auditExpiration;
- protected List<String> auditListeners;
+ protected boolean eventsEnabled;
+ protected long eventsExpiration;
+ protected List<String> eventsListeners;
public String getId() {
return id;
@@ -436,28 +436,28 @@ public class RealmRepresentation {
this.failureFactor = failureFactor;
}
- public boolean isAuditEnabled() {
- return auditEnabled;
+ public boolean isEventsEnabled() {
+ return eventsEnabled;
}
- public void setAuditEnabled(boolean auditEnabled) {
- this.auditEnabled = auditEnabled;
+ public void setEventsEnabled(boolean eventsEnabled) {
+ this.eventsEnabled = eventsEnabled;
}
- public long getAuditExpiration() {
- return auditExpiration;
+ public long getEventsExpiration() {
+ return eventsExpiration;
}
- public void setAuditExpiration(long auditExpiration) {
- this.auditExpiration = auditExpiration;
+ public void setEventsExpiration(long eventsExpiration) {
+ this.eventsExpiration = eventsExpiration;
}
- public List<String> getAuditListeners() {
- return auditListeners;
+ public List<String> getEventsListeners() {
+ return eventsListeners;
}
- public void setAuditListeners(List<String> auditListeners) {
- this.auditListeners = auditListeners;
+ public void setEventsListeners(List<String> eventsListeners) {
+ this.eventsListeners = eventsListeners;
}
public List<UserFederationProviderRepresentation> getUserFederationProviders() {
dependencies/server-all/pom.xml 8(+4 -4)
diff --git a/dependencies/server-all/pom.xml b/dependencies/server-all/pom.xml
index 32c7260..918d644 100755
--- a/dependencies/server-all/pom.xml
+++ b/dependencies/server-all/pom.xml
@@ -48,17 +48,17 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-jpa</artifactId>
+ <artifactId>keycloak-events-jpa</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-jboss-logging</artifactId>
+ <artifactId>keycloak-events-jboss-logging</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-email</artifactId>
+ <artifactId>keycloak-events-email</artifactId>
<version>${project.version}</version>
</dependency>
@@ -136,7 +136,7 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-mongo</artifactId>
+ <artifactId>keycloak-events-mongo</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
dependencies/server-min/pom.xml 6(+3 -3)
diff --git a/dependencies/server-min/pom.xml b/dependencies/server-min/pom.xml
index 2fcda5d..36d6a73 100755
--- a/dependencies/server-min/pom.xml
+++ b/dependencies/server-min/pom.xml
@@ -50,17 +50,17 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-api</artifactId>
+ <artifactId>keycloak-events-api</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-jpa</artifactId>
+ <artifactId>keycloak-events-jpa</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-jboss-logging</artifactId>
+ <artifactId>keycloak-events-jboss-logging</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
diff --git a/docbook/reference/en/en-US/master.xml b/docbook/reference/en/en-US/master.xml
index d5878a5..befdf48 100755
--- a/docbook/reference/en/en-US/master.xml
+++ b/docbook/reference/en/en-US/master.xml
@@ -26,7 +26,7 @@
<!ENTITY DirectAccess SYSTEM "modules/direct-access.xml">
<!ENTITY CORS SYSTEM "modules/cors.xml">
<!ENTITY Timeouts SYSTEM "modules/timeouts.xml">
- <!ENTITY Audit SYSTEM "modules/audit.xml">
+ <!ENTITY Events SYSTEM "modules/events.xml">
<!ENTITY AdminApi SYSTEM "modules/admin-rest-api.xml">
<!ENTITY UserFederation SYSTEM "modules/user-federation.xml">
<!ENTITY ExportImport SYSTEM "modules/export-import.xml">
@@ -115,7 +115,7 @@ This one is short
&CORS;
&Timeouts;
&AdminApi;
- &Audit;
+ &Events;
&UserFederation;
&ExportImport;
&ServerCache;
diff --git a/docbook/reference/en/en-US/modules/server-installation.xml b/docbook/reference/en/en-US/modules/server-installation.xml
index 9223b9f..a1a8bd6 100755
--- a/docbook/reference/en/en-US/modules/server-installation.xml
+++ b/docbook/reference/en/en-US/modules/server-installation.xml
@@ -329,7 +329,7 @@ keycloak-war-dist-all-1.0-rc-2-SNAPSHOT/
in your favourite editor, then change:
<programlisting><![CDATA[
-"audit": {
+"eventsStore": {
"provider": "jpa",
"jpa": {
"exclude-events": [ "REFRESH_TOKEN" ]
@@ -348,7 +348,7 @@ keycloak-war-dist-all-1.0-rc-2-SNAPSHOT/
to:
<programlisting><![CDATA[
-"audit": {
+"eventsStore": {
"provider": "mongo",
},
diff --git a/events/api/src/main/resources/META-INF/services/org.keycloak.provider.Spi b/events/api/src/main/resources/META-INF/services/org.keycloak.provider.Spi
new file mode 100644
index 0000000..aeedcfb
--- /dev/null
+++ b/events/api/src/main/resources/META-INF/services/org.keycloak.provider.Spi
@@ -0,0 +1,2 @@
+org.keycloak.events.EventListenerSpi
+org.keycloak.events.EventStoreSpi
\ No newline at end of file
diff --git a/events/email/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory b/events/email/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory
new file mode 100644
index 0000000..31448f3
--- /dev/null
+++ b/events/email/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory
@@ -0,0 +1 @@
+org.keycloak.events.email.EmailEventListenerProviderFactory
\ No newline at end of file
diff --git a/events/jboss-logging/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory b/events/jboss-logging/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory
new file mode 100644
index 0000000..c1ebc1f
--- /dev/null
+++ b/events/jboss-logging/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory
@@ -0,0 +1 @@
+org.keycloak.events.log.JBossLoggingEventListenerProviderFactory
\ No newline at end of file
diff --git a/events/jpa/src/main/resources/META-INF/services/org.keycloak.events.EventStoreProviderFactory b/events/jpa/src/main/resources/META-INF/services/org.keycloak.events.EventStoreProviderFactory
new file mode 100644
index 0000000..d7ae64a
--- /dev/null
+++ b/events/jpa/src/main/resources/META-INF/services/org.keycloak.events.EventStoreProviderFactory
@@ -0,0 +1 @@
+org.keycloak.events.jpa.JpaEventStoreProviderFactory
\ No newline at end of file
diff --git a/events/mongo/src/main/resources/META-INF/services/org.keycloak.events.EventStoreProviderFactory b/events/mongo/src/main/resources/META-INF/services/org.keycloak.events.EventStoreProviderFactory
new file mode 100644
index 0000000..8e3a9e1
--- /dev/null
+++ b/events/mongo/src/main/resources/META-INF/services/org.keycloak.events.EventStoreProviderFactory
@@ -0,0 +1 @@
+org.keycloak.events.mongo.MongoEventStoreProviderFactory
\ No newline at end of file
diff --git a/examples/providers/event-listener-sysout/README.md b/examples/providers/event-listener-sysout/README.md
new file mode 100644
index 0000000..1d762d7
--- /dev/null
+++ b/examples/providers/event-listener-sysout/README.md
@@ -0,0 +1,4 @@
+Example Event Listener that prints events to System.out
+=======================================================
+
+To deploy copy target/event-listener-sysout-example.jar to standalone/deployments/auth-server.war/WEB-INF/lib. Then start (or restart) the server. Once started open the admin console, select your realm, then click on Events, followed by config. Click on Listeners select box, then pick sysout from the dropdown. After this try to logout and login again to see events printed to System.out.
diff --git a/examples/providers/event-listener-sysout/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory b/examples/providers/event-listener-sysout/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory
new file mode 100644
index 0000000..636ed4e
--- /dev/null
+++ b/examples/providers/event-listener-sysout/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory
@@ -0,0 +1 @@
+org.keycloak.examples.providers.events.SysoutEventListenerProviderFactory
\ No newline at end of file
examples/providers/event-store-mem/README.md 16(+16 -0)
diff --git a/examples/providers/event-store-mem/README.md b/examples/providers/event-store-mem/README.md
new file mode 100644
index 0000000..d7d6249
--- /dev/null
+++ b/examples/providers/event-store-mem/README.md
@@ -0,0 +1,16 @@
+Example Event Store that stores events in memory
+================================================
+
+To deploy copy target/event-store-mem-example.jar to standalone/deployments/auth-server.war/WEB-INF/lib. Then edit standalone/configuration/keycloak-server.json, change:
+
+ "event-store": {
+ "provider": "jpa"
+ }
+
+to:
+
+ "event-store": {
+ "provider": "in-mem"
+ }
+
+Then start (or restart)the server. Once started open the admin console, select your realm, then click on Events, followed by config. Set the toggle for Enabled to ON. After this try to logout and login again then open the Events tab again in the admin console to view events from the in-mem provider.
diff --git a/examples/providers/event-store-mem/src/main/resources/META-INF/services/org.keycloak.events.EventStoreProviderFactory b/examples/providers/event-store-mem/src/main/resources/META-INF/services/org.keycloak.events.EventStoreProviderFactory
new file mode 100644
index 0000000..92e783c
--- /dev/null
+++ b/examples/providers/event-store-mem/src/main/resources/META-INF/services/org.keycloak.events.EventStoreProviderFactory
@@ -0,0 +1 @@
+events.MemEventStoreProviderFactory
\ No newline at end of file
examples/providers/pom.xml 4(+2 -2)
diff --git a/examples/providers/pom.xml b/examples/providers/pom.xml
index 36bb293..84c00b2 100755
--- a/examples/providers/pom.xml
+++ b/examples/providers/pom.xml
@@ -25,8 +25,8 @@
</plugins>
</build>
<modules>
- <module>audit-listener-sysout</module>
- <module>audit-provider-mem</module>
+ <module>event-listener-sysout</module>
+ <module>event-store-mem</module>
<module>federation-provider</module>
</modules>
</project>
diff --git a/export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportUtils.java b/export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportUtils.java
index a537fd7..14e3a1e 100755
--- a/export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportUtils.java
+++ b/export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportUtils.java
@@ -48,13 +48,13 @@ public class ExportUtils {
RealmRepresentation rep = ModelToRepresentation.toRepresentation(realm);
// Audit
- rep.setAuditEnabled(realm.isAuditEnabled());
- if (realm.getAuditExpiration() != 0) {
- rep.setAuditExpiration(realm.getAuditExpiration());
+ rep.setEventsEnabled(realm.isEventsEnabled());
+ if (realm.getEventsExpiration() != 0) {
+ rep.setEventsExpiration(realm.getEventsExpiration());
}
- if (realm.getAuditListeners() != null) {
- rep.setAuditListeners(new LinkedList<String>(realm.getAuditListeners()));
+ if (realm.getEventsListeners() != null) {
+ rep.setEventsListeners(new LinkedList<String>(realm.getEventsListeners()));
}
// Applications
forms/account-api/pom.xml 2(+1 -1)
diff --git a/forms/account-api/pom.xml b/forms/account-api/pom.xml
index 2248118..f972cb5 100755
--- a/forms/account-api/pom.xml
+++ b/forms/account-api/pom.xml
@@ -28,7 +28,7 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-api</artifactId>
+ <artifactId>keycloak-events-api</artifactId>
<version>${project.version}</version>
<scope>provided</scope>
</dependency>
diff --git a/forms/account-api/src/main/java/org/keycloak/account/AccountProvider.java b/forms/account-api/src/main/java/org/keycloak/account/AccountProvider.java
index f021e84..8a4a487 100644
--- a/forms/account-api/src/main/java/org/keycloak/account/AccountProvider.java
+++ b/forms/account-api/src/main/java/org/keycloak/account/AccountProvider.java
@@ -1,6 +1,6 @@
package org.keycloak.account;
-import org.keycloak.audit.Event;
+import org.keycloak.events.Event;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
@@ -37,5 +37,5 @@ public interface AccountProvider extends Provider {
AccountProvider setSessions(List<UserSessionModel> sessions);
- AccountProvider setFeatures(boolean social, boolean audit, boolean passwordUpdateSupported);
+ AccountProvider setFeatures(boolean social, boolean events, boolean passwordUpdateSupported);
}
forms/account-freemarker/pom.xml 2(+1 -1)
diff --git a/forms/account-freemarker/pom.xml b/forms/account-freemarker/pom.xml
index 9bb7b04..c0e4b96 100755
--- a/forms/account-freemarker/pom.xml
+++ b/forms/account-freemarker/pom.xml
@@ -52,7 +52,7 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-api</artifactId>
+ <artifactId>keycloak-events-api</artifactId>
<version>${project.version}</version>
<scope>provided</scope>
</dependency>
diff --git a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/FreeMarkerAccountProvider.java b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/FreeMarkerAccountProvider.java
index 6ec3416..552d59a 100755
--- a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/FreeMarkerAccountProvider.java
+++ b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/FreeMarkerAccountProvider.java
@@ -12,7 +12,7 @@ import org.keycloak.account.freemarker.model.ReferrerBean;
import org.keycloak.account.freemarker.model.SessionsBean;
import org.keycloak.account.freemarker.model.TotpBean;
import org.keycloak.account.freemarker.model.UrlBean;
-import org.keycloak.audit.Event;
+import org.keycloak.events.Event;
import org.keycloak.freemarker.BrowserSecurityHeaderSetup;
import org.keycloak.freemarker.FreeMarkerException;
import org.keycloak.freemarker.FreeMarkerUtil;
@@ -47,8 +47,8 @@ public class FreeMarkerAccountProvider implements AccountProvider {
private String[] referrer;
private List<Event> events;
private List<UserSessionModel> sessions;
- private boolean social;
- private boolean audit;
+ private boolean socialEnabled;
+ private boolean eventsEnabled;
private boolean passwordUpdateSupported;
private KeycloakSession session;
private FreeMarkerUtil freeMarker;
@@ -115,7 +115,7 @@ public class FreeMarkerAccountProvider implements AccountProvider {
attributes.put("url", new UrlBean(realm, theme, baseUri, baseQueryUri, uriInfo.getRequestUri()));
- attributes.put("features", new FeaturesBean(social, audit, passwordUpdateSupported));
+ attributes.put("features", new FeaturesBean(socialEnabled, eventsEnabled, passwordUpdateSupported));
switch (page) {
case ACCOUNT:
@@ -204,9 +204,9 @@ public class FreeMarkerAccountProvider implements AccountProvider {
}
@Override
- public AccountProvider setFeatures(boolean social, boolean audit, boolean passwordUpdateSupported) {
- this.social = social;
- this.audit = audit;
+ public AccountProvider setFeatures(boolean socialEnabled, boolean eventsEnabled, boolean passwordUpdateSupported) {
+ this.socialEnabled = socialEnabled;
+ this.eventsEnabled = eventsEnabled;
this.passwordUpdateSupported = passwordUpdateSupported;
return this;
}
diff --git a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/LogBean.java b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/LogBean.java
index 31c13a3..76fc857 100644
--- a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/LogBean.java
+++ b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/LogBean.java
@@ -1,6 +1,6 @@
package org.keycloak.account.freemarker.model;
-import org.keycloak.audit.Event;
+import org.keycloak.events.Event;
import java.util.Date;
import java.util.LinkedList;
@@ -38,7 +38,7 @@ public class LogBean {
}
public String getEvent() {
- return event.getEvent().toString().toLowerCase().replace("_", " ");
+ return event.getType().toString().toLowerCase().replace("_", " ");
}
public String getClient() {
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js
index 4c434c2..c203d39 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js
@@ -197,17 +197,17 @@ module.config([ '$routeProvider', function($routeProvider) {
},
controller : 'RealmSMTPSettingsCtrl'
})
- .when('/realms/:realm/audit', {
- templateUrl : 'partials/realm-audit.html',
+ .when('/realms/:realm/events', {
+ templateUrl : 'partials/realm-events.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
}
},
- controller : 'RealmAuditEventsCtrl'
+ controller : 'RealmEventsCtrl'
})
- .when('/realms/:realm/audit-settings', {
- templateUrl : 'partials/realm-audit-config.html',
+ .when('/realms/:realm/events-settings', {
+ templateUrl : 'partials/realm-events-config.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
@@ -215,11 +215,11 @@ module.config([ '$routeProvider', function($routeProvider) {
serverInfo : function(ServerInfoLoader) {
return ServerInfoLoader();
},
- auditConfig : function(RealmAuditLoader) {
- return RealmAuditLoader();
+ eventsConfig : function(RealmEventsConfigLoader) {
+ return RealmEventsConfigLoader();
}
},
- controller : 'RealmAuditCtrl'
+ controller : 'RealmEventsConfigCtrl'
})
.when('/create/user/:realm', {
templateUrl : 'partials/user-detail.html',
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js
index 8ce2c34..969aa9a 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js
@@ -49,8 +49,8 @@ module.controller('GlobalCtrl', function($scope, $http, Auth, WhoAmI, Current, $
return getAccess('view-users') || this.manageClients;
},
- get viewAudit() {
- return getAccess('view-audit') || this.manageClients;
+ get viewEvents() {
+ return getAccess('view-events') || this.manageClients;
},
get manageRealm() {
@@ -69,8 +69,8 @@ module.controller('GlobalCtrl', function($scope, $http, Auth, WhoAmI, Current, $
return getAccess('manage-users');
},
- get manageAudit() {
- return getAccess('manage-audit');
+ get manageEvents() {
+ return getAccess('manage-events');
}
}
@@ -957,26 +957,26 @@ module.controller('RealmSMTPSettingsCtrl', function($scope, Current, Realm, real
}
});
-module.controller('RealmAuditCtrl', function($scope, auditConfig, RealmAudit, RealmAuditEvents, realm, serverInfo, $location, Notifications, TimeUnit, Dialog) {
+module.controller('RealmEventsConfigCtrl', function($scope, eventsConfig, RealmEventsConfig, RealmEvents, realm, serverInfo, $location, Notifications, TimeUnit, Dialog) {
$scope.realm = realm;
- $scope.auditConfig = auditConfig;
+ $scope.eventsConfig = eventsConfig;
- $scope.auditConfig.expirationUnit = TimeUnit.autoUnit(auditConfig.auditExpiration);
- $scope.auditConfig.auditExpiration = TimeUnit.toUnit(auditConfig.auditExpiration, $scope.auditConfig.expirationUnit);
- $scope.$watch('auditConfig.expirationUnit', function(to, from) {
- if ($scope.auditConfig.auditExpiration) {
- $scope.auditConfig.auditExpiration = TimeUnit.convert($scope.auditConfig.auditExpiration, from, to);
+ $scope.eventsConfig.expirationUnit = TimeUnit.autoUnit(eventsConfig.eventsExpiration);
+ $scope.eventsConfig.eventsExpiration = TimeUnit.toUnit(eventsConfig.eventsExpiration, $scope.eventsConfig.expirationUnit);
+ $scope.$watch('eventsConfig.expirationUnit', function(to, from) {
+ if ($scope.eventsConfig.eventsExpiration) {
+ $scope.eventsConfig.eventsExpiration = TimeUnit.convert($scope.eventsConfig.eventsExpiration, from, to);
}
});
- $scope.auditListeners = serverInfo.auditListeners;
+ $scope.eventListeners = serverInfo.eventListeners;
- var oldCopy = angular.copy($scope.auditConfig);
+ var oldCopy = angular.copy($scope.eventsConfig);
$scope.changed = false;
- $scope.$watch('auditConfig', function() {
- if (!angular.equals($scope.auditConfig, oldCopy)) {
+ $scope.$watch('eventsConfig', function() {
+ if (!angular.equals($scope.eventsConfig, oldCopy)) {
$scope.changed = true;
}
}, true);
@@ -984,34 +984,34 @@ module.controller('RealmAuditCtrl', function($scope, auditConfig, RealmAudit, Re
$scope.save = function() {
$scope.changed = false;
- var copy = angular.copy($scope.auditConfig)
+ var copy = angular.copy($scope.eventsConfig)
delete copy['expirationUnit'];
- copy.auditExpiration = TimeUnit.toSeconds($scope.auditConfig.auditExpiration, $scope.auditConfig.expirationUnit);
+ copy.eventsExpiration = TimeUnit.toSeconds($scope.eventsConfig.eventsExpiration, $scope.eventsConfig.expirationUnit);
- RealmAudit.update({
+ RealmEventsConfig.update({
id : realm.realm
}, copy, function () {
- $location.url("/realms/" + realm.realm + "/audit-settings");
+ $location.url("/realms/" + realm.realm + "/events-settings");
Notifications.success("Your changes have been saved to the realm.");
});
};
$scope.reset = function() {
- $scope.auditConfig = angular.copy(oldCopy);
+ $scope.eventsConfig = angular.copy(oldCopy);
$scope.changed = false;
};
- $scope.clearAudit = function() {
- Dialog.confirmDelete($scope.realm.realm, 'audit events', function() {
- RealmAuditEvents.remove({ id : $scope.realm.realm }, function() {
- Notifications.success("The audit events has been cleared.");
+ $scope.clearEvents = function() {
+ Dialog.confirmDelete($scope.realm.realm, 'events', function() {
+ RealmEvents.remove({ id : $scope.realm.realm }, function() {
+ Notifications.success("The events has been cleared.");
});
});
};
});
-module.controller('RealmAuditEventsCtrl', function($scope, RealmAuditEvents, realm) {
+module.controller('RealmEventsCtrl', function($scope, RealmEvents, realm) {
$scope.realm = realm;
$scope.page = 0;
@@ -1027,7 +1027,7 @@ module.controller('RealmAuditEventsCtrl', function($scope, RealmAuditEvents, rea
delete $scope.query[i];
}
}
- $scope.events = RealmAuditEvents.query($scope.query);
+ $scope.events = RealmEvents.query($scope.query);
}
$scope.firstPage = function() {
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/loaders.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/loaders.js
index 987d8c7..30785b7 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/loaders.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/loaders.js
@@ -47,8 +47,8 @@ module.factory('RealmLoader', function(Loader, Realm, $route, $q) {
});
});
-module.factory('RealmAuditLoader', function(Loader, RealmAudit, $route, $q) {
- return Loader.get(RealmAudit, function() {
+module.factory('RealmEventsConfigLoader', function(Loader, RealmEventsConfig, $route, $q) {
+ return Loader.get(RealmEventsConfig, function() {
return {
id : $route.current.params.realm
}
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/services.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/services.js
index efed6c7..e5fbcbf 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/services.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/services.js
@@ -164,8 +164,8 @@ module.factory('Realm', function($resource) {
});
});
-module.factory('RealmAudit', function($resource) {
- return $resource(authUrl + '/admin/realms/:id/audit', {
+module.factory('RealmEventsConfig', function($resource) {
+ return $resource(authUrl + '/admin/realms/:id/events/config', {
id : '@realm'
}, {
update : {
@@ -174,8 +174,8 @@ module.factory('RealmAudit', function($resource) {
});
});
-module.factory('RealmAuditEvents', function($resource) {
- return $resource(authUrl + '/admin/realms/:id/audit/events', {
+module.factory('RealmEvents', function($resource) {
+ return $resource(authUrl + '/admin/realms/:id/events', {
id : '@realm'
});
});
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-menu.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-menu.html
index f34df5f..8415ba2 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-menu.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-menu.html
@@ -15,5 +15,5 @@
<li data-ng-show="access.viewClients" data-ng-class="(path[2] == 'oauth-clients' || path[1] == 'oauth-client') && 'active'"><a href="#/realms/{{realm.realm}}/oauth-clients">OAuth Clients</a></li>
<li data-ng-show="access.viewRealm" data-ng-class="(path[2] == 'sessions' || path[2] == 'token-settings') && 'active'"><a href="#/realms/{{realm.realm}}/sessions/realm">Sessions and Tokens</a></li>
<li data-ng-show="access.viewRealm" data-ng-class="(path[2] == 'defense') && 'active'"><a href="#/realms/{{realm.realm}}/defense/headers">Security Defenses</a></li>
- <li data-ng-show="access.viewAudit" data-ng-class="(path[2] == 'audit' || path[2] == 'audit-settings') && 'active'"><a href="#/realms/{{realm.realm}}/audit">Audit</a></li>
+ <li data-ng-show="access.viewEvents" data-ng-class="(path[2] == 'events' || path[2] == 'events-settings') && 'active'"><a href="#/realms/{{realm.realm}}/events">Events</a></li>
</ul>
\ No newline at end of file
diff --git a/forms/common-themes/src/main/resources/theme/admin/keycloak/resources/css/tables.css b/forms/common-themes/src/main/resources/theme/admin/keycloak/resources/css/tables.css
index b0a1f83..65b34d9 100644
--- a/forms/common-themes/src/main/resources/theme/admin/keycloak/resources/css/tables.css
+++ b/forms/common-themes/src/main/resources/theme/admin/keycloak/resources/css/tables.css
@@ -64,11 +64,11 @@ table tfoot tr .table-nav span {
}
-td.audit-success {
+td.events-success {
background-color: #E4F1E1 !important;
}
-td.audit-error {
+td.events-error {
background-color: #F8E7E7 !important;
}
diff --git a/forms/common-themes/src/main/resources/theme/email/keycloak/event-login_error.ftl b/forms/common-themes/src/main/resources/theme/email/keycloak/event-login_error.ftl
index 93e02be..c1227aa 100644
--- a/forms/common-themes/src/main/resources/theme/email/keycloak/event-login_error.ftl
+++ b/forms/common-themes/src/main/resources/theme/email/keycloak/event-login_error.ftl
@@ -1 +1 @@
-Your password was changed on ${event.date} from ${event.ipAddress}. If this was not you, please contact an admin.
\ No newline at end of file
+A failed login attempt was dettected to your account on ${event.date?datetime} from ${event.ipAddress}. If this was not you, please contact an admin.
\ No newline at end of file
diff --git a/forms/common-themes/src/main/resources/theme/email/keycloak/event-remove_totp.ftl b/forms/common-themes/src/main/resources/theme/email/keycloak/event-remove_totp.ftl
index 0c6a142..c62e174 100644
--- a/forms/common-themes/src/main/resources/theme/email/keycloak/event-remove_totp.ftl
+++ b/forms/common-themes/src/main/resources/theme/email/keycloak/event-remove_totp.ftl
@@ -1 +1 @@
-TOTP was removed from your account on ${event.date} from ${event.ipAddress}. If this was not you, please contact an admin.
\ No newline at end of file
+TOTP was removed from your account on ${event.date?datetime} from ${event.ipAddress}. If this was not you, please contact an admin.
\ No newline at end of file
diff --git a/forms/common-themes/src/main/resources/theme/email/keycloak/event-update_password.ftl b/forms/common-themes/src/main/resources/theme/email/keycloak/event-update_password.ftl
index 8c3a94f..696a6e6 100644
--- a/forms/common-themes/src/main/resources/theme/email/keycloak/event-update_password.ftl
+++ b/forms/common-themes/src/main/resources/theme/email/keycloak/event-update_password.ftl
@@ -1 +1 @@
-A failed login attempt was dettected to your account on ${event.date} from ${event.ipAddress}. If this was not you, please contact an admin.
\ No newline at end of file
+Your password was changed on ${event.date?datetime} from ${event.ipAddress}. If this was not you, please contact an admin.
\ No newline at end of file
diff --git a/forms/common-themes/src/main/resources/theme/email/keycloak/event-update_totp.ftl b/forms/common-themes/src/main/resources/theme/email/keycloak/event-update_totp.ftl
index a1f153c..531ae66 100644
--- a/forms/common-themes/src/main/resources/theme/email/keycloak/event-update_totp.ftl
+++ b/forms/common-themes/src/main/resources/theme/email/keycloak/event-update_totp.ftl
@@ -1 +1 @@
-TOTP was updated for your account on ${event.date} from ${event.ipAddress}. If this was not you, please contact an admin.
\ No newline at end of file
+TOTP was updated for your account on ${event.date?datetime} from ${event.ipAddress}. If this was not you, please contact an admin.
\ No newline at end of file
forms/email-api/pom.xml 2(+1 -1)
diff --git a/forms/email-api/pom.xml b/forms/email-api/pom.xml
index 30c2929..ddcc49e 100755
--- a/forms/email-api/pom.xml
+++ b/forms/email-api/pom.xml
@@ -28,7 +28,7 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-api</artifactId>
+ <artifactId>keycloak-events-api</artifactId>
<version>${project.version}</version>
<scope>provided</scope>
</dependency>
diff --git a/forms/email-api/src/main/java/org/keycloak/email/EmailProvider.java b/forms/email-api/src/main/java/org/keycloak/email/EmailProvider.java
index eb8f3e7..1d7aff3 100644
--- a/forms/email-api/src/main/java/org/keycloak/email/EmailProvider.java
+++ b/forms/email-api/src/main/java/org/keycloak/email/EmailProvider.java
@@ -1,6 +1,6 @@
package org.keycloak.email;
-import org.keycloak.audit.Event;
+import org.keycloak.events.Event;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.provider.Provider;
forms/email-freemarker/pom.xml 2(+1 -1)
diff --git a/forms/email-freemarker/pom.xml b/forms/email-freemarker/pom.xml
index 961faec..2bcd7f0 100755
--- a/forms/email-freemarker/pom.xml
+++ b/forms/email-freemarker/pom.xml
@@ -34,7 +34,7 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-api</artifactId>
+ <artifactId>keycloak-events-api</artifactId>
<version>${project.version}</version>
<scope>provided</scope>
</dependency>
diff --git a/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/beans/EventBean.java b/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/beans/EventBean.java
index efee48d..22f8b3e 100644
--- a/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/beans/EventBean.java
+++ b/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/beans/EventBean.java
@@ -1,6 +1,6 @@
package org.keycloak.email.freemarker.beans;
-import org.keycloak.audit.Event;
+import org.keycloak.events.Event;
import java.util.Date;
import java.util.LinkedList;
@@ -22,7 +22,7 @@ public class EventBean {
}
public String getEvent() {
- return event.getEvent().toString().toLowerCase().replace("_", " ");
+ return event.getType().toString().toLowerCase().replace("_", " ");
}
public String getClient() {
diff --git a/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java b/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java
index 2e965fe..7bdd361 100644
--- a/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java
+++ b/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java
@@ -1,7 +1,7 @@
package org.keycloak.email.freemarker;
import org.jboss.logging.Logger;
-import org.keycloak.audit.Event;
+import org.keycloak.events.Event;
import org.keycloak.email.EmailException;
import org.keycloak.email.EmailProvider;
import org.keycloak.email.freemarker.beans.EventBean;
@@ -56,7 +56,7 @@ public class FreeMarkerEmailProvider implements EmailProvider {
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put("event", new EventBean(event));
- send("passwordResetSubject", "event-" + event.getEvent().toString().toLowerCase() + ".ftl", attributes);
+ send("passwordResetSubject", "event-" + event.getType().toString().toLowerCase() + ".ftl", attributes);
}
@Override
diff --git a/model/api/src/main/java/org/keycloak/models/AdminRoles.java b/model/api/src/main/java/org/keycloak/models/AdminRoles.java
index 8a31eec..a988951 100755
--- a/model/api/src/main/java/org/keycloak/models/AdminRoles.java
+++ b/model/api/src/main/java/org/keycloak/models/AdminRoles.java
@@ -18,14 +18,14 @@ public class AdminRoles {
public static String VIEW_USERS = "view-users";
public static String VIEW_APPLICATIONS = "view-applications";
public static String VIEW_CLIENTS = "view-clients";
- public static String VIEW_AUDIT = "view-audit";
+ public static String VIEW_EVENTS = "view-events";
public static String MANAGE_REALM = "manage-realm";
public static String MANAGE_USERS = "manage-users";
public static String MANAGE_APPLICATIONS = "manage-applications";
public static String MANAGE_CLIENTS = "manage-clients";
- public static String MANAGE_AUDIT = "manage-audit";
+ public static String MANAGE_EVENTS = "manage-events";
- public static String[] ALL_REALM_ROLES = {VIEW_REALM, VIEW_USERS, VIEW_APPLICATIONS, VIEW_CLIENTS, VIEW_AUDIT, MANAGE_REALM, MANAGE_USERS, MANAGE_APPLICATIONS, MANAGE_CLIENTS, MANAGE_AUDIT};
+ public static String[] ALL_REALM_ROLES = {VIEW_REALM, VIEW_USERS, VIEW_APPLICATIONS, VIEW_CLIENTS, VIEW_EVENTS, MANAGE_REALM, MANAGE_USERS, MANAGE_APPLICATIONS, MANAGE_CLIENTS, MANAGE_EVENTS};
}
diff --git a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java
index fdba16a..aa06025 100755
--- a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java
+++ b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java
@@ -56,9 +56,9 @@ public class RealmEntity extends AbstractIdentifiableEntity {
private Map<String, String> smtpConfig = new HashMap<String, String>();
private Map<String, String> socialConfig = new HashMap<String, String>();
- private boolean auditEnabled;
- private long auditExpiration;
- private List<String> auditListeners = new ArrayList<String>();
+ private boolean eventsEnabled;
+ private long eventsExpiration;
+ private List<String> eventsListeners = new ArrayList<String>();
private String adminAppId;
@@ -342,28 +342,28 @@ public class RealmEntity extends AbstractIdentifiableEntity {
this.socialConfig = socialConfig;
}
- public boolean isAuditEnabled() {
- return auditEnabled;
+ public boolean isEventsEnabled() {
+ return eventsEnabled;
}
- public void setAuditEnabled(boolean auditEnabled) {
- this.auditEnabled = auditEnabled;
+ public void setEventsEnabled(boolean eventsEnabled) {
+ this.eventsEnabled = eventsEnabled;
}
- public long getAuditExpiration() {
- return auditExpiration;
+ public long getEventsExpiration() {
+ return eventsExpiration;
}
- public void setAuditExpiration(long auditExpiration) {
- this.auditExpiration = auditExpiration;
+ public void setEventsExpiration(long eventsExpiration) {
+ this.eventsExpiration = eventsExpiration;
}
- public List<String> getAuditListeners() {
- return auditListeners;
+ public List<String> getEventsListeners() {
+ return eventsListeners;
}
- public void setAuditListeners(List<String> auditListeners) {
- this.auditListeners = auditListeners;
+ public void setEventsListeners(List<String> eventsListeners) {
+ this.eventsListeners = eventsListeners;
}
public String getAdminAppId() {
diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java
index b863e32..d9fbb97 100755
--- a/model/api/src/main/java/org/keycloak/models/RealmModel.java
+++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java
@@ -197,17 +197,17 @@ public interface RealmModel extends RoleContainerModel {
boolean removeRoleById(String id);
- boolean isAuditEnabled();
+ boolean isEventsEnabled();
- void setAuditEnabled(boolean enabled);
+ void setEventsEnabled(boolean enabled);
- long getAuditExpiration();
+ long getEventsExpiration();
- void setAuditExpiration(long expiration);
+ void setEventsExpiration(long expiration);
- Set<String> getAuditListeners();
+ Set<String> getEventsListeners();
- void setAuditListeners(Set<String> listeners);
+ void setEventsListeners(Set<String> listeners);
ApplicationModel getMasterAdminApp();
diff --git a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
index 8e34e15..0697680 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
@@ -18,7 +18,7 @@ import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.representations.idm.ClaimRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.OAuthClientRepresentation;
-import org.keycloak.representations.idm.RealmAuditRepresentation;
+import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.SocialLinkRepresentation;
@@ -143,16 +143,16 @@ public class ModelToRepresentation {
return rep;
}
- public static RealmAuditRepresentation toAuditReprensetation(RealmModel realm) {
- RealmAuditRepresentation rep = new RealmAuditRepresentation();
- rep.setAuditEnabled(realm.isAuditEnabled());
+ public static RealmEventsConfigRepresentation toEventsConfigReprensetation(RealmModel realm) {
+ RealmEventsConfigRepresentation rep = new RealmEventsConfigRepresentation();
+ rep.setEventsEnabled(realm.isEventsEnabled());
- if (realm.getAuditExpiration() != 0) {
- rep.setAuditExpiration(realm.getAuditExpiration());
+ if (realm.getEventsExpiration() != 0) {
+ rep.setEventsExpiration(realm.getEventsExpiration());
}
- if (realm.getAuditListeners() != null) {
- rep.setAuditListeners(new LinkedList<String>(realm.getAuditListeners()));
+ if (realm.getEventsListeners() != null) {
+ rep.setEventsListeners(new LinkedList<String>(realm.getEventsListeners()));
}
return rep;
}
diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java
index a6256b0..04ca843 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java
@@ -70,9 +70,9 @@ public class CachedRealm {
private Map<String, String> smtpConfig = new HashMap<String, String>();
private Map<String, String> socialConfig = new HashMap<String, String>();
- private boolean auditEnabled;
- private long auditExpiration;
- private Set<String> auditListeners = new HashSet<String>();
+ private boolean eventsEnabled;
+ private long eventsExpiration;
+ private Set<String> eventsListeners = new HashSet<String>();
private List<String> defaultRoles = new LinkedList<String>();
private Map<String, String> realmRoles = new HashMap<String, String>();
private Map<String, String> applications = new HashMap<String, String>();
@@ -126,9 +126,9 @@ public class CachedRealm {
socialConfig.putAll(model.getSocialConfig());
browserSecurityHeaders.putAll(model.getBrowserSecurityHeaders());
- auditEnabled = model.isAuditEnabled();
- auditExpiration = model.getAuditExpiration();
- auditListeners.addAll(model.getAuditListeners());
+ eventsEnabled = model.isEventsEnabled();
+ eventsExpiration = model.getEventsExpiration();
+ eventsListeners.addAll(model.getEventsListeners());
defaultRoles.addAll(model.getDefaultRoles());
masterAdminApp = model.getMasterAdminApp().getId();
@@ -313,16 +313,16 @@ public class CachedRealm {
return notBefore;
}
- public boolean isAuditEnabled() {
- return auditEnabled;
+ public boolean isEventsEnabled() {
+ return eventsEnabled;
}
- public long getAuditExpiration() {
- return auditExpiration;
+ public long getEventsExpiration() {
+ return eventsExpiration;
}
- public Set<String> getAuditListeners() {
- return auditListeners;
+ public Set<String> getEventsListeners() {
+ return eventsListeners;
}
public List<UserFederationProviderModel> getUserFederationProviders() {
diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java
index fac8410..eeeda26 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java
@@ -694,39 +694,39 @@ public class RealmAdapter implements RealmModel {
}
@Override
- public boolean isAuditEnabled() {
- if (updated != null) return updated.isAuditEnabled();
- return cached.isAuditEnabled();
+ public boolean isEventsEnabled() {
+ if (updated != null) return updated.isEventsEnabled();
+ return cached.isEventsEnabled();
}
@Override
- public void setAuditEnabled(boolean enabled) {
+ public void setEventsEnabled(boolean enabled) {
getDelegateForUpdate();
- updated.setAuditEnabled(enabled);
+ updated.setEventsEnabled(enabled);
}
@Override
- public long getAuditExpiration() {
- if (updated != null) return updated.getAuditExpiration();
- return cached.getAuditExpiration();
+ public long getEventsExpiration() {
+ if (updated != null) return updated.getEventsExpiration();
+ return cached.getEventsExpiration();
}
@Override
- public void setAuditExpiration(long expiration) {
+ public void setEventsExpiration(long expiration) {
getDelegateForUpdate();
- updated.setAuditExpiration(expiration);
+ updated.setEventsExpiration(expiration);
}
@Override
- public Set<String> getAuditListeners() {
- if (updated != null) return updated.getAuditListeners();
- return cached.getAuditListeners();
+ public Set<String> getEventsListeners() {
+ if (updated != null) return updated.getEventsListeners();
+ return cached.getEventsListeners();
}
@Override
- public void setAuditListeners(Set<String> listeners) {
+ public void setEventsListeners(Set<String> listeners) {
getDelegateForUpdate();
- updated.setAuditListeners(listeners);
+ updated.setEventsListeners(listeners);
}
@Override
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
index de46f37..8429aac 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
@@ -124,15 +124,15 @@ public class RealmEntity {
@JoinTable(name="REALM_DEFAULT_ROLES", joinColumns = { @JoinColumn(name="REALM_ID")}, inverseJoinColumns = { @JoinColumn(name="ROLE_ID")})
protected Collection<RoleEntity> defaultRoles = new ArrayList<RoleEntity>();
- @Column(name="AUDIT_ENABLED")
- protected boolean auditEnabled;
- @Column(name="AUDIT_EXPIRATION")
- protected long auditExpiration;
+ @Column(name="EVENTS_ENABLED")
+ protected boolean eventsEnabled;
+ @Column(name="EVENTS_EXPIRATION")
+ protected long eventsExpiration;
@ElementCollection
@Column(name="VALUE")
- @CollectionTable(name="REALM_AUDIT_LISTENERS", joinColumns={ @JoinColumn(name="REALM_ID") })
- protected Set<String> auditListeners= new HashSet<String>();
+ @CollectionTable(name="REALM_EVENTS_LISTENERS", joinColumns={ @JoinColumn(name="REALM_ID") })
+ protected Set<String> eventsListeners = new HashSet<String>();
@OneToOne
@JoinColumn(name="MASTER_ADMIN_APP")
@@ -385,28 +385,28 @@ public class RealmEntity {
this.notBefore = notBefore;
}
- public boolean isAuditEnabled() {
- return auditEnabled;
+ public boolean isEventsEnabled() {
+ return eventsEnabled;
}
- public void setAuditEnabled(boolean auditEnabled) {
- this.auditEnabled = auditEnabled;
+ public void setEventsEnabled(boolean eventsEnabled) {
+ this.eventsEnabled = eventsEnabled;
}
- public long getAuditExpiration() {
- return auditExpiration;
+ public long getEventsExpiration() {
+ return eventsExpiration;
}
- public void setAuditExpiration(long auditExpiration) {
- this.auditExpiration = auditExpiration;
+ public void setEventsExpiration(long eventsExpiration) {
+ this.eventsExpiration = eventsExpiration;
}
- public Set<String> getAuditListeners() {
- return auditListeners;
+ public Set<String> getEventsListeners() {
+ return eventsListeners;
}
- public void setAuditListeners(Set<String> auditListeners) {
- this.auditListeners = auditListeners;
+ public void setEventsListeners(Set<String> eventsListeners) {
+ this.eventsListeners = eventsListeners;
}
public ApplicationEntity getMasterAdminApp() {
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index 612d3ec..c382ae8 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -11,13 +11,11 @@ import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.jpa.entities.ApplicationEntity;
-import org.keycloak.models.jpa.entities.AttributeMap;
import org.keycloak.models.jpa.entities.OAuthClientEntity;
import org.keycloak.models.jpa.entities.RealmAttributeEntity;
import org.keycloak.models.jpa.entities.RealmEntity;
import org.keycloak.models.jpa.entities.RequiredCredentialEntity;
import org.keycloak.models.jpa.entities.RoleEntity;
-import org.keycloak.models.jpa.entities.UserAttributeEntity;
import org.keycloak.models.jpa.entities.UserFederationProviderEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
@@ -1047,35 +1045,35 @@ public class RealmAdapter implements RealmModel {
}
@Override
- public boolean isAuditEnabled() {
- return realm.isAuditEnabled();
+ public boolean isEventsEnabled() {
+ return realm.isEventsEnabled();
}
@Override
- public void setAuditEnabled(boolean enabled) {
- realm.setAuditEnabled(enabled);
+ public void setEventsEnabled(boolean enabled) {
+ realm.setEventsEnabled(enabled);
em.flush();
}
@Override
- public long getAuditExpiration() {
- return realm.getAuditExpiration();
+ public long getEventsExpiration() {
+ return realm.getEventsExpiration();
}
@Override
- public void setAuditExpiration(long expiration) {
- realm.setAuditExpiration(expiration);
+ public void setEventsExpiration(long expiration) {
+ realm.setEventsExpiration(expiration);
em.flush();
}
@Override
- public Set<String> getAuditListeners() {
- return realm.getAuditListeners();
+ public Set<String> getEventsListeners() {
+ return realm.getEventsListeners();
}
@Override
- public void setAuditListeners(Set<String> listeners) {
- realm.setAuditListeners(listeners);
+ public void setEventsListeners(Set<String> listeners) {
+ realm.setEventsListeners(listeners);
em.flush();
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
index 0c6eda2..8455798 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
@@ -873,38 +873,38 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
}
@Override
- public boolean isAuditEnabled() {
- return realm.isAuditEnabled();
+ public boolean isEventsEnabled() {
+ return realm.isEventsEnabled();
}
@Override
- public void setAuditEnabled(boolean enabled) {
- realm.setAuditEnabled(enabled);
+ public void setEventsEnabled(boolean enabled) {
+ realm.setEventsEnabled(enabled);
updateRealm();
}
@Override
- public long getAuditExpiration() {
- return realm.getAuditExpiration();
+ public long getEventsExpiration() {
+ return realm.getEventsExpiration();
}
@Override
- public void setAuditExpiration(long expiration) {
- realm.setAuditExpiration(expiration);
+ public void setEventsExpiration(long expiration) {
+ realm.setEventsExpiration(expiration);
updateRealm();
}
@Override
- public Set<String> getAuditListeners() {
- return new HashSet<String>(realm.getAuditListeners());
+ public Set<String> getEventsListeners() {
+ return new HashSet<String>(realm.getEventsListeners());
}
@Override
- public void setAuditListeners(Set<String> listeners) {
+ public void setEventsListeners(Set<String> listeners) {
if (listeners != null) {
- realm.setAuditListeners(new ArrayList<String>(listeners));
+ realm.setEventsListeners(new ArrayList<String>(listeners));
} else {
- realm.setAuditListeners(Collections.EMPTY_LIST);
+ realm.setEventsListeners(Collections.EMPTY_LIST);
}
updateRealm();
}
pom.xml 2(+1 -1)
diff --git a/pom.xml b/pom.xml
index b78caca..609a3c8 100755
--- a/pom.xml
+++ b/pom.xml
@@ -96,11 +96,11 @@
</contributors>
<modules>
- <module>audit</module>
<module>core</module>
<module>core-jaxrs</module>
<module>connections</module>
<module>dependencies</module>
+ <module>events</module>
<module>model</module>
<module>integration</module>
<module>picketlink</module>
diff --git a/server/src/main/resources/META-INF/keycloak-server.json b/server/src/main/resources/META-INF/keycloak-server.json
index 49fc8c5..d58d1b2 100755
--- a/server/src/main/resources/META-INF/keycloak-server.json
+++ b/server/src/main/resources/META-INF/keycloak-server.json
@@ -3,7 +3,7 @@
"realm": "master"
},
- "audit": {
+ "eventsStore": {
"provider": "jpa",
"jpa": {
"exclude-events": [ "REFRESH_TOKEN" ]
services/pom.xml 2(+1 -1)
diff --git a/services/pom.xml b/services/pom.xml
index 4157583..1818194 100755
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -39,7 +39,7 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-api</artifactId>
+ <artifactId>keycloak-events-api</artifactId>
<version>${project.version}</version>
<scope>provided</scope>
</dependency>
diff --git a/services/src/main/java/org/keycloak/services/managers/BruteForceProtector.java b/services/src/main/java/org/keycloak/services/managers/BruteForceProtector.java
index 1d1a283..aa202e7 100755
--- a/services/src/main/java/org/keycloak/services/managers/BruteForceProtector.java
+++ b/services/src/main/java/org/keycloak/services/managers/BruteForceProtector.java
@@ -185,7 +185,7 @@ public class BruteForceProtector implements Runnable {
session.close();
}
} catch (Exception e) {
- logger.error("Failed processing event", e);
+ logger.error("Failed processing type", e);
}
} catch (InterruptedException e) {
break;
@@ -228,7 +228,7 @@ public class BruteForceProtector implements Runnable {
try {
FailedLogin event = new FailedLogin(realm.getId(), username, clientConnection.getRemoteAddr());
queue.offer(event);
- // wait a minimum of seconds for event to process so that a hacker
+ // wait a minimum of seconds for type to process so that a hacker
// cannot flood with failed logins and overwhelm the queue and not have notBefore updated to block next requests
// todo failure HTTP responses should be queued via async HTTP
event.latch.await(5, TimeUnit.SECONDS);
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index 2269c97..240d5cb 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -19,7 +19,7 @@ import org.keycloak.models.UserSessionProvider;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.ApplicationRepresentation;
-import org.keycloak.representations.idm.RealmAuditRepresentation;
+import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.timer.TimerProvider;
@@ -155,11 +155,11 @@ public class RealmManager {
return removed;
}
- public void updateRealmAudit(RealmAuditRepresentation rep, RealmModel realm) {
- realm.setAuditEnabled(rep.isAuditEnabled());
- realm.setAuditExpiration(rep.getAuditExpiration() != null ? rep.getAuditExpiration() : 0);
- if (rep.getAuditListeners() != null) {
- realm.setAuditListeners(new HashSet<String>(rep.getAuditListeners()));
+ public void updateRealmEventsConfig(RealmEventsConfigRepresentation rep, RealmModel realm) {
+ realm.setEventsEnabled(rep.isEventsEnabled());
+ realm.setEventsExpiration(rep.getEventsExpiration() != null ? rep.getEventsExpiration() : 0);
+ if (rep.getEventsListeners() != null) {
+ realm.setEventsListeners(new HashSet<String>(rep.getEventsListeners()));
}
}
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index 0fc5834..f88a6ca 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -3,8 +3,8 @@ package org.keycloak.services.managers;
import org.jboss.logging.Logger;
import org.keycloak.ClientConnection;
import org.keycloak.OAuthErrorException;
-import org.keycloak.audit.Audit;
-import org.keycloak.audit.Details;
+import org.keycloak.events.EventBuilder;
+import org.keycloak.events.Details;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
@@ -63,10 +63,10 @@ public class TokenManager {
return new AccessCode(realm, clientSession);
}
- public AccessToken refreshAccessToken(KeycloakSession session, UriInfo uriInfo, ClientConnection connection, RealmModel realm, ClientModel client, String encodedRefreshToken, Audit audit) throws OAuthErrorException {
+ public AccessToken refreshAccessToken(KeycloakSession session, UriInfo uriInfo, ClientConnection connection, RealmModel realm, ClientModel client, String encodedRefreshToken, EventBuilder event) throws OAuthErrorException {
RefreshToken refreshToken = verifyRefreshToken(realm, encodedRefreshToken);
- audit.user(refreshToken.getSubject()).session(refreshToken.getSessionState()).detail(Details.REFRESH_TOKEN_ID, refreshToken.getId());
+ event.user(refreshToken.getSubject()).session(refreshToken.getSessionState()).detail(Details.REFRESH_TOKEN_ID, refreshToken.getId());
UserModel user = session.users().getUserById(refreshToken.getSubject(), realm);
if (user == null) {
@@ -290,8 +290,8 @@ public class TokenManager {
return encodedToken;
}
- public AccessTokenResponseBuilder responseBuilder(RealmModel realm, ClientModel client, Audit audit) {
- return new AccessTokenResponseBuilder(realm, client, audit);
+ public AccessTokenResponseBuilder responseBuilder(RealmModel realm, ClientModel client, EventBuilder event) {
+ return new AccessTokenResponseBuilder(realm, client, event);
}
public class AccessTokenResponseBuilder {
@@ -300,12 +300,12 @@ public class TokenManager {
AccessToken accessToken;
RefreshToken refreshToken;
IDToken idToken;
- Audit audit;
+ EventBuilder event;
- public AccessTokenResponseBuilder(RealmModel realm, ClientModel client, Audit audit) {
+ public AccessTokenResponseBuilder(RealmModel realm, ClientModel client, EventBuilder event) {
this.realm = realm;
this.client = client;
- this.audit = audit;
+ this.event = event;
}
public AccessTokenResponseBuilder accessToken(AccessToken accessToken) {
@@ -379,14 +379,14 @@ public class TokenManager {
public AccessTokenResponse build() {
if (accessToken != null) {
- audit.detail(Details.TOKEN_ID, accessToken.getId());
+ event.detail(Details.TOKEN_ID, accessToken.getId());
}
if (refreshToken != null) {
- if (audit.getEvent().getDetails().containsKey(Details.REFRESH_TOKEN_ID)) {
- audit.detail(Details.UPDATED_REFRESH_TOKEN_ID, refreshToken.getId());
+ if (event.getEvent().getDetails().containsKey(Details.REFRESH_TOKEN_ID)) {
+ event.detail(Details.UPDATED_REFRESH_TOKEN_ID, refreshToken.getId());
} else {
- audit.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId());
+ event.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId());
}
}
diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index 419e641..0900be8 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -28,11 +28,11 @@ import org.keycloak.ClientConnection;
import org.keycloak.OAuth2Constants;
import org.keycloak.account.AccountPages;
import org.keycloak.account.AccountProvider;
-import org.keycloak.audit.Audit;
-import org.keycloak.audit.AuditProvider;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Event;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.EventBuilder;
+import org.keycloak.events.EventStoreProvider;
+import org.keycloak.events.Details;
+import org.keycloak.events.Event;
+import org.keycloak.events.EventType;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
@@ -92,18 +92,18 @@ public class AccountService {
private static final Logger logger = Logger.getLogger(AccountService.class);
- private static final EventType[] AUDIT_EVENTS = {EventType.LOGIN, EventType.LOGOUT, EventType.REGISTER, EventType.REMOVE_SOCIAL_LINK, EventType.REMOVE_TOTP, EventType.SEND_RESET_PASSWORD,
+ private static final EventType[] LOG_EVENTS = {EventType.LOGIN, EventType.LOGOUT, EventType.REGISTER, EventType.REMOVE_SOCIAL_LINK, EventType.REMOVE_TOTP, EventType.SEND_RESET_PASSWORD,
EventType.SEND_VERIFY_EMAIL, EventType.SOCIAL_LINK, EventType.UPDATE_EMAIL, EventType.UPDATE_PASSWORD, EventType.UPDATE_PROFILE, EventType.UPDATE_TOTP, EventType.VERIFY_EMAIL};
- private static final Set<String> AUDIT_DETAILS = new HashSet<String>();
+ private static final Set<String> LOG_DETAILS = new HashSet<String>();
static {
- AUDIT_DETAILS.add(Details.UPDATED_EMAIL);
- AUDIT_DETAILS.add(Details.EMAIL);
- AUDIT_DETAILS.add(Details.PREVIOUS_EMAIL);
- AUDIT_DETAILS.add(Details.USERNAME);
- AUDIT_DETAILS.add(Details.REMEMBER_ME);
- AUDIT_DETAILS.add(Details.REGISTER_METHOD);
- AUDIT_DETAILS.add(Details.AUTH_METHOD);
+ LOG_DETAILS.add(Details.UPDATED_EMAIL);
+ LOG_DETAILS.add(Details.EMAIL);
+ LOG_DETAILS.add(Details.PREVIOUS_EMAIL);
+ LOG_DETAILS.add(Details.USERNAME);
+ LOG_DETAILS.add(Details.REMEMBER_ME);
+ LOG_DETAILS.add(Details.REGISTER_METHOD);
+ LOG_DETAILS.add(Details.AUTH_METHOD);
}
private RealmModel realm;
@@ -125,20 +125,20 @@ public class AccountService {
private final AppAuthManager authManager;
private final ApplicationModel application;
- private Audit audit;
+ private EventBuilder event;
private AccountProvider account;
private Auth auth;
- private AuditProvider auditProvider;
+ private EventStoreProvider eventStore;
- public AccountService(RealmModel realm, ApplicationModel application, Audit audit) {
+ public AccountService(RealmModel realm, ApplicationModel application, EventBuilder event) {
this.realm = realm;
this.application = application;
- this.audit = audit;
+ this.event = event;
this.authManager = new AppAuthManager();
}
public void init() {
- auditProvider = session.getProvider(AuditProvider.class);
+ eventStore = session.getProvider(EventStoreProvider.class);
account = session.getProvider(AccountProvider.class).setRealm(realm).setUriInfo(uriInfo);
@@ -170,10 +170,10 @@ public class AccountService {
}
- boolean auditEnabled = auditProvider != null && realm.isAuditEnabled();
+ boolean eventsEnabled = eventStore != null && realm.isEventsEnabled();
// todo find out from federation if password is updatable
- account.setFeatures(realm.isSocial(), auditEnabled, true);
+ account.setFeatures(realm.isSocial(), eventsEnabled, true);
}
public static UriBuilder accountServiceBaseUrl(UriInfo uriInfo) {
@@ -282,12 +282,12 @@ public class AccountService {
@GET
public Response logPage() {
if (auth != null) {
- List<Event> events = auditProvider.createQuery().event(AUDIT_EVENTS).user(auth.getUser().getId()).maxResults(30).getResultList();
+ List<Event> events = eventStore.createQuery().type(LOG_EVENTS).user(auth.getUser().getId()).maxResults(30).getResultList();
for (Event e : events) {
if (e.getDetails() != null) {
Iterator<Map.Entry<String, String>> itr = e.getDetails().entrySet().iterator();
while (itr.hasNext()) {
- if (!AUDIT_DETAILS.contains(itr.next().getKey())) {
+ if (!LOG_DETAILS.contains(itr.next().getKey())) {
itr.remove();
}
}
@@ -353,11 +353,11 @@ public class AccountService {
user.setEmail(formData.getFirst("email"));
- audit.event(EventType.UPDATE_PROFILE).client(auth.getClient()).user(auth.getUser()).success();
+ event.event(EventType.UPDATE_PROFILE).client(auth.getClient()).user(auth.getUser()).success();
if (emailChanged) {
user.setEmailVerified(false);
- audit.clone().event(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, oldEmail).detail(Details.UPDATED_EMAIL, email).success();
+ event.clone().event(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, oldEmail).detail(Details.UPDATED_EMAIL, email).success();
}
setReferrerOnPage();
return account.setSuccess("accountUpdated").createResponse(AccountPages.ACCOUNT);
@@ -379,7 +379,7 @@ public class AccountService {
UserModel user = auth.getUser();
user.setTotp(false);
- audit.event(EventType.REMOVE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
+ event.event(EventType.REMOVE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
setReferrerOnPage();
return account.setSuccess("successTotpRemoved").createResponse(AccountPages.TOTP);
@@ -455,7 +455,7 @@ public class AccountService {
user.setTotp(true);
- audit.event(EventType.UPDATE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
+ event.event(EventType.UPDATE_TOTP).client(auth.getClient()).user(auth.getUser()).success();
setReferrerOnPage();
return account.setSuccess("successTotp").createResponse(AccountPages.TOTP);
@@ -525,7 +525,7 @@ public class AccountService {
return account.setError(ape.getMessage()).createResponse(AccountPages.PASSWORD);
}
- audit.event(EventType.UPDATE_PASSWORD).client(auth.getClient()).user(auth.getUser()).success();
+ event.event(EventType.UPDATE_PASSWORD).client(auth.getClient()).user(auth.getUser()).success();
setReferrerOnPage();
return account.setSuccess("accountPasswordUpdated").createResponse(AccountPages.PASSWORD);
@@ -588,7 +588,7 @@ public class AccountService {
logger.debugv("Social provider {0} removed successfully from user {1}", providerId, user.getUsername());
- audit.event(EventType.REMOVE_SOCIAL_LINK).client(auth.getClient()).user(auth.getUser())
+ event.event(EventType.REMOVE_SOCIAL_LINK).client(auth.getClient()).user(auth.getUser())
.detail(Details.USERNAME, link.getSocialUserId() + "@" + link.getSocialProvider())
.success();
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
index 7b41b55..fe8a11e 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
@@ -4,10 +4,10 @@ import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
-import org.keycloak.audit.AuditProvider;
-import org.keycloak.audit.Event;
-import org.keycloak.audit.EventQuery;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.EventStoreProvider;
+import org.keycloak.events.Event;
+import org.keycloak.events.EventQuery;
+import org.keycloak.events.EventType;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
@@ -19,7 +19,7 @@ import org.keycloak.models.cache.CacheUserProvider;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.adapters.action.SessionStats;
-import org.keycloak.representations.idm.RealmAuditRepresentation;
+import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.LDAPConnectionTestManager;
import org.keycloak.services.managers.UsersSyncManager;
@@ -306,62 +306,62 @@ public class RealmAdminResource {
}
/**
- * View the audit provider and how it is configured.
+ * View the events provider and how it is configured.
*
* @return
*/
@GET
@NoCache
- @Path("audit")
+ @Path("events/config")
@Produces("application/json")
- public RealmAuditRepresentation getRealmAudit() {
- auth.init(RealmAuth.Resource.AUDIT).requireView();
+ public RealmEventsConfigRepresentation getRealmEventsConfig() {
+ auth.init(RealmAuth.Resource.EVENTS).requireView();
- return ModelToRepresentation.toAuditReprensetation(realm);
+ return ModelToRepresentation.toEventsConfigReprensetation(realm);
}
/**
- * Change the audit provider and/or it's configuration
+ * Change the events provider and/or it's configuration
*
* @param rep
*/
@PUT
- @Path("audit")
+ @Path("events/config")
@Consumes("application/json")
- public void updateRealmAudit(final RealmAuditRepresentation rep) {
- auth.init(RealmAuth.Resource.AUDIT).requireManage();
+ public void updateRealmEventsConfig(final RealmEventsConfigRepresentation rep) {
+ auth.init(RealmAuth.Resource.EVENTS).requireManage();
- logger.debug("updating realm audit: " + realm.getName());
- new RealmManager(session).updateRealmAudit(rep, realm);
+ logger.debug("updating realm events config: " + realm.getName());
+ new RealmManager(session).updateRealmEventsConfig(rep, realm);
}
/**
- * Query audit events. Returns all events, or will query based on URL query parameters listed here
+ * Query events. Returns all events, or will query based on URL query parameters listed here
*
* @param client app or oauth client name
- * @param event event type
+ * @param type type type
* @param user user id
* @param ipAddress
* @param firstResult
* @param maxResults
* @return
*/
- @Path("audit/events")
+ @Path("events")
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
- public List<Event> getAudit(@QueryParam("client") String client, @QueryParam("event") String event, @QueryParam("user") String user,
- @QueryParam("ipAddress") String ipAddress, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults) {
- auth.init(RealmAuth.Resource.AUDIT).requireView();
+ public List<Event> getEvents(@QueryParam("client") String client, @QueryParam("type") String type, @QueryParam("user") String user,
+ @QueryParam("ipAddress") String ipAddress, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults) {
+ auth.init(RealmAuth.Resource.EVENTS).requireView();
- AuditProvider audit = session.getProvider(AuditProvider.class);
+ EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class);
- EventQuery query = audit.createQuery().realm(realm.getId());
+ EventQuery query = eventStore.createQuery().realm(realm.getId());
if (client != null) {
query.client(client);
}
- if (event != null) {
- query.event(EventType.valueOf(event));
+ if (type != null) {
+ query.type(EventType.valueOf(type));
}
if (user != null) {
query.user(user);
@@ -380,16 +380,16 @@ public class RealmAdminResource {
}
/**
- * Delete all audit events.
+ * Delete all events.
*
*/
- @Path("audit/events")
+ @Path("events")
@DELETE
- public void clearAudit() {
- auth.init(RealmAuth.Resource.AUDIT).requireManage();
+ public void clearEvents() {
+ auth.init(RealmAuth.Resource.EVENTS).requireManage();
- AuditProvider audit = session.getProvider(AuditProvider.class);
- audit.clear(realm.getId());
+ EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class);
+ eventStore.clear(realm.getId());
}
@Path("testLDAPConnection")
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAuth.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAuth.java
index e2ef922..641315b 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAuth.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAuth.java
@@ -13,7 +13,7 @@ public class RealmAuth {
private Resource resource;
public enum Resource {
- APPLICATION, CLIENT, USER, REALM, AUDIT
+ APPLICATION, CLIENT, USER, REALM, EVENTS
}
private AdminAuth auth;
@@ -65,8 +65,8 @@ public class RealmAuth {
return AdminRoles.VIEW_USERS;
case REALM:
return AdminRoles.VIEW_REALM;
- case AUDIT:
- return AdminRoles.VIEW_AUDIT;
+ case EVENTS:
+ return AdminRoles.VIEW_EVENTS;
default:
throw new IllegalStateException();
}
@@ -82,8 +82,8 @@ public class RealmAuth {
return AdminRoles.MANAGE_USERS;
case REALM:
return AdminRoles.MANAGE_REALM;
- case AUDIT:
- return AdminRoles.MANAGE_AUDIT;
+ case EVENTS:
+ return AdminRoles.MANAGE_EVENTS;
default:
throw new IllegalStateException();
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java
index 891e64e..391ffbb 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java
@@ -1,7 +1,7 @@
package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
-import org.keycloak.audit.AuditListener;
+import org.keycloak.events.EventListenerProvider;
import org.keycloak.freemarker.Theme;
import org.keycloak.freemarker.ThemeProvider;
import org.keycloak.models.KeycloakSession;
@@ -26,7 +26,7 @@ public class ServerInfoAdminResource {
private KeycloakSession session;
/**
- * Returns a list of themes, social providers, auth providers, and audit listeners available on this server
+ * Returns a list of themes, social providers, auth providers, and event listeners available on this server
*
* @return
*/
@@ -36,7 +36,7 @@ public class ServerInfoAdminResource {
ServerInfoRepresentation info = new ServerInfoRepresentation();
setSocialProviders(info);
setThemes(info);
- setAuditListeners(info);
+ setEventListeners(info);
return info;
}
@@ -60,12 +60,12 @@ public class ServerInfoAdminResource {
Collections.sort(info.socialProviders);
}
- private void setAuditListeners(ServerInfoRepresentation info) {
- info.auditListeners = new LinkedList<String>();
+ private void setEventListeners(ServerInfoRepresentation info) {
+ info.eventListeners = new LinkedList<String>();
- Set<String> providers = session.listProviderIds(AuditListener.class);
+ Set<String> providers = session.listProviderIds(EventListenerProvider.class);
if (providers != null) {
- info.auditListeners.addAll(providers);
+ info.eventListeners.addAll(providers);
}
}
@@ -76,7 +76,7 @@ public class ServerInfoAdminResource {
private List<String> socialProviders;
- private List<String> auditListeners;
+ private List<String> eventListeners;
public ServerInfoRepresentation() {
}
@@ -89,8 +89,8 @@ public class ServerInfoAdminResource {
return socialProviders;
}
- public List<String> getAuditListeners() {
- return auditListeners;
+ public List<String> getEventListeners() {
+ return eventListeners;
}
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index 8f0b0bf..de1cc06 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -5,7 +5,6 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.ClientConnection;
-import org.keycloak.audit.Details;
import org.keycloak.email.EmailException;
import org.keycloak.email.EmailProvider;
import org.keycloak.models.ApplicationModel;
diff --git a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
index 0b10857..d6beb17 100755
--- a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
@@ -26,9 +26,9 @@ import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.ClientConnection;
import org.keycloak.OAuth2Constants;
-import org.keycloak.audit.Audit;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.EventBuilder;
+import org.keycloak.events.Details;
+import org.keycloak.events.EventType;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
@@ -124,7 +124,7 @@ public class OAuthFlows {
return Response.status(302).location(redirectUri.build()).build();
}
- public Response processAccessCode(String scopeParam, String state, String redirect, ClientModel client, UserModel user, UserSessionModel session, Audit audit) {
+ public Response processAccessCode(String scopeParam, String state, String redirect, ClientModel client, UserModel user, UserSessionModel session, EventBuilder event) {
isTotpConfigurationRequired(user);
isEmailVerificationRequired(user);
@@ -135,7 +135,7 @@ public class OAuthFlows {
log.debugv("processAccessCode: go to oauth page?: {0}",
!isResource);
- audit.detail(Details.CODE_ID, accessCode.getCodeId());
+ event.detail(Details.CODE_ID, accessCode.getCodeId());
Set<RequiredAction> requiredActions = user.getRequiredActions();
if (!requiredActions.isEmpty()) {
@@ -143,7 +143,7 @@ public class OAuthFlows {
accessCode.setRequiredAction(action);
if (action.equals(RequiredAction.VERIFY_EMAIL)) {
- audit.clone().event(EventType.SEND_VERIFY_EMAIL).detail(Details.EMAIL, accessCode.getUser().getEmail()).success();
+ event.clone().event(EventType.SEND_VERIFY_EMAIL).detail(Details.EMAIL, accessCode.getUser().getEmail()).success();
}
return Flows.forms(this.session, realm, client, uriInfo).setAccessCode(accessCode.getCode()).setUser(user)
@@ -171,7 +171,7 @@ public class OAuthFlows {
}
if (redirect != null) {
- audit.success();
+ event.success();
accessCode.setAction(ClientSessionModel.Action.CODE_TO_TOKEN);
return redirectAccessCode(accessCode, session, state, redirect);
diff --git a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
index 8e92557..038a565 100755
--- a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
+++ b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
@@ -19,7 +19,7 @@ import org.keycloak.services.managers.UsersSyncManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.TokenManager;
import org.keycloak.services.resources.admin.AdminRoot;
-import org.keycloak.services.scheduled.ClearExpiredAuditEvents;
+import org.keycloak.services.scheduled.ClearExpiredEvents;
import org.keycloak.services.scheduled.ClearExpiredUserSessions;
import org.keycloak.services.scheduled.ScheduledTaskRunner;
import org.keycloak.services.util.JsonConfigProvider;
@@ -147,7 +147,7 @@ public class KeycloakApplication extends Application {
long interval = Config.scope("scheduled").getLong("interval", 60L) * 1000;
TimerProvider timer = sessionFactory.create().getProvider(TimerProvider.class);
- timer.schedule(new ScheduledTaskRunner(sessionFactory, new ClearExpiredAuditEvents()), interval, "ClearExpiredAuditEvents");
+ timer.schedule(new ScheduledTaskRunner(sessionFactory, new ClearExpiredEvents()), interval, "ClearExpiredEvents");
timer.schedule(new ScheduledTaskRunner(sessionFactory, new ClearExpiredUserSessions()), interval, "ClearExpiredUserSessions");
new UsersSyncManager().bootstrapPeriodic(sessionFactory, timer);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
index 3969224..04491d0 100755
--- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
@@ -6,13 +6,13 @@ import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.ClientConnection;
-import org.keycloak.audit.Audit;
+import org.keycloak.events.EventBuilder;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
-import org.keycloak.services.managers.AuditManager;
+import org.keycloak.services.managers.EventsManager;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.BruteForceProtector;
import org.keycloak.services.managers.RealmManager;
@@ -140,9 +140,9 @@ public class RealmsResource {
public TokenService getTokenService(final @PathParam("realm") String name) {
RealmManager realmManager = new RealmManager(session);
RealmModel realm = locateRealm(name, realmManager);
- Audit audit = new AuditManager(realm, session, clientConnection).createAudit();
+ EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder();
AuthenticationManager authManager = new AuthenticationManager(protector);
- TokenService tokenService = new TokenService(realm, tokenManager, audit, authManager);
+ TokenService tokenService = new TokenService(realm, tokenManager, event, authManager);
ResteasyProviderFactory.getInstance().injectProperties(tokenService);
//resourceContext.initResource(tokenService);
return tokenService;
@@ -167,8 +167,8 @@ public class RealmsResource {
throw new NotFoundException("account management not enabled");
}
- Audit audit = new AuditManager(realm, session, clientConnection).createAudit();
- AccountService accountService = new AccountService(realm, application, audit);
+ EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder();
+ AccountService accountService = new AccountService(realm, application, event);
ResteasyProviderFactory.getInstance().injectProperties(accountService);
//resourceContext.initResource(accountService);
accountService.init();
diff --git a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
index a468f75..fcd3c5d 100755
--- a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
@@ -25,10 +25,10 @@ import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.ClientConnection;
import org.keycloak.OAuth2Constants;
-import org.keycloak.audit.Audit;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Errors;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.EventBuilder;
+import org.keycloak.events.Details;
+import org.keycloak.events.Errors;
+import org.keycloak.events.EventType;
import org.keycloak.email.EmailException;
import org.keycloak.email.EmailProvider;
import org.keycloak.login.LoginFormsProvider;
@@ -94,12 +94,12 @@ public class RequiredActionsService {
private TokenManager tokenManager;
- private Audit audit;
+ private EventBuilder event;
- public RequiredActionsService(RealmModel realm, TokenManager tokenManager, Audit audit) {
+ public RequiredActionsService(RealmModel realm, TokenManager tokenManager, EventBuilder event) {
this.realm = realm;
this.tokenManager = tokenManager;
- this.audit = audit;
+ this.event = event;
}
@Path("profile")
@@ -113,7 +113,7 @@ public class RequiredActionsService {
UserModel user = getUser(accessCode);
- initAudit(accessCode);
+ initEvent(accessCode);
String error = Validation.validateUpdateProfileForm(formData);
if (error != null) {
@@ -131,10 +131,10 @@ public class RequiredActionsService {
user.removeRequiredAction(RequiredAction.UPDATE_PROFILE);
- audit.clone().event(EventType.UPDATE_PROFILE).success();
+ event.clone().event(EventType.UPDATE_PROFILE).success();
if (emailChanged) {
user.setEmailVerified(false);
- audit.clone().event(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, oldEmail).detail(Details.UPDATED_EMAIL, email).success();
+ event.clone().event(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, oldEmail).detail(Details.UPDATED_EMAIL, email).success();
}
return redirectOauth(user, accessCode);
@@ -151,7 +151,7 @@ public class RequiredActionsService {
UserModel user = getUser(accessCode);
- initAudit(accessCode);
+ initEvent(accessCode);
String totp = formData.getFirst("totp");
String totpSecret = formData.getFirst("totpSecret");
@@ -172,7 +172,7 @@ public class RequiredActionsService {
user.removeRequiredAction(RequiredAction.CONFIGURE_TOTP);
- audit.clone().event(EventType.UPDATE_TOTP).success();
+ event.clone().event(EventType.UPDATE_TOTP).success();
return redirectOauth(user, accessCode);
}
@@ -188,7 +188,7 @@ public class RequiredActionsService {
UserModel user = getUser(accessCode);
- initAudit(accessCode);
+ initEvent(accessCode);
String passwordNew = formData.getFirst("password-new");
String passwordConfirm = formData.getFirst("password-confirm");
@@ -208,7 +208,7 @@ public class RequiredActionsService {
user.removeRequiredAction(RequiredAction.UPDATE_PASSWORD);
- audit.clone().event(EventType.UPDATE_PASSWORD).success();
+ event.clone().event(EventType.UPDATE_PASSWORD).success();
// Redirect to account management to login if password reset was initiated by admin
if (accessCode.getSessionState() == null) {
@@ -230,13 +230,13 @@ public class RequiredActionsService {
UserModel user = getUser(accessCode);
- initAudit(accessCode);
+ initEvent(accessCode);
user.setEmailVerified(true);
user.removeRequiredAction(RequiredAction.VERIFY_EMAIL);
- audit.clone().event(EventType.VERIFY_EMAIL).detail(Details.EMAIL, accessCode.getUser().getEmail()).success();
+ event.clone().event(EventType.VERIFY_EMAIL).detail(Details.EMAIL, accessCode.getUser().getEmail()).success();
return redirectOauth(user, accessCode);
} else {
@@ -245,7 +245,7 @@ public class RequiredActionsService {
return unauthorized();
}
- initAudit(accessCode);
+ initEvent(accessCode);
return Flows.forms(session, realm, null, uriInfo).setAccessCode(accessCode.getCode()).setUser(accessCode.getUser())
.createResponse(RequiredAction.VERIFY_EMAIL);
@@ -290,7 +290,7 @@ public class RequiredActionsService {
"Login requester not enabled.");
}
- audit.event(EventType.SEND_RESET_PASSWORD).client(clientId)
+ event.event(EventType.SEND_RESET_PASSWORD).client(clientId)
.detail(Details.REDIRECT_URI, redirect)
.detail(Details.RESPONSE_TYPE, "code")
.detail(Details.AUTH_METHOD, "form")
@@ -302,10 +302,10 @@ public class RequiredActionsService {
}
if (user == null) {
- audit.error(Errors.USER_NOT_FOUND);
+ event.error(Errors.USER_NOT_FOUND);
} else {
UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", false);
- audit.session(userSession);
+ event.session(userSession);
AccessCode accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, session, realm, client, user, userSession);
accessCode.setRequiredAction(RequiredAction.UPDATE_PASSWORD);
@@ -319,7 +319,7 @@ public class RequiredActionsService {
this.session.getProvider(EmailProvider.class).setRealm(realm).setUser(user).sendPasswordReset(link, expiration);
- audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, accessCode.getCodeId()).success();
+ event.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, accessCode.getCodeId()).success();
} catch (EmailException e) {
logger.error("Failed to send password reset email", e);
return Flows.forms(this.session, realm, client, uriInfo).setError("emailSendError").createErrorPage();
@@ -375,17 +375,17 @@ public class RequiredActionsService {
AuthenticationManager.logout(session, realm, userSession, uriInfo, clientConnection);
return Flows.oauth(this.session, realm, request, uriInfo, clientConnection, authManager, tokenManager).redirectError(accessCode.getClient(), "access_denied", accessCode.getState(), accessCode.getRedirectUri());
}
- audit.session(userSession);
+ event.session(userSession);
- audit.success();
+ event.success();
return Flows.oauth(this.session, realm, request, uriInfo, clientConnection, authManager, tokenManager).redirectAccessCode(accessCode,
userSession, accessCode.getState(), accessCode.getRedirectUri());
}
}
- private void initAudit(AccessCode accessCode) {
- audit.event(EventType.LOGIN).client(accessCode.getClient())
+ private void initEvent(AccessCode accessCode) {
+ event.event(EventType.LOGIN).client(accessCode.getClient())
.user(accessCode.getUser())
.session(accessCode.getSessionState())
.detail(Details.CODE_ID, accessCode.getCodeId())
@@ -395,10 +395,10 @@ public class RequiredActionsService {
UserSessionModel userSession = accessCode.getSessionState() != null ? session.sessions().getUserSession(realm, accessCode.getSessionState()) : null;
if (userSession != null) {
- audit.detail(Details.AUTH_METHOD, userSession.getAuthMethod());
- audit.detail(Details.USERNAME, userSession.getLoginUsername());
+ event.detail(Details.AUTH_METHOD, userSession.getAuthMethod());
+ event.detail(Details.USERNAME, userSession.getLoginUsername());
if (userSession.isRememberMe()) {
- audit.detail(Details.REMEMBER_ME, "true");
+ event.detail(Details.REMEMBER_ME, "true");
}
}
}
diff --git a/services/src/main/java/org/keycloak/services/resources/SocialResource.java b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
index a61c60a..572b74d 100755
--- a/services/src/main/java/org/keycloak/services/resources/SocialResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
@@ -26,12 +26,11 @@ import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.ClientConnection;
import org.keycloak.OAuth2Constants;
-import org.keycloak.audit.Audit;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Errors;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.EventBuilder;
+import org.keycloak.events.Details;
+import org.keycloak.events.Errors;
+import org.keycloak.events.EventType;
import org.keycloak.jose.jws.JWSInput;
-import org.keycloak.login.LoginFormsProvider;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
@@ -42,13 +41,12 @@ import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.KeycloakModelUtils;
-import org.keycloak.services.managers.AuditManager;
+import org.keycloak.services.managers.EventsManager;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.TokenManager;
import org.keycloak.services.resources.flows.Flows;
import org.keycloak.services.resources.flows.OAuthFlows;
-import org.keycloak.services.resources.flows.OAuthRedirect;
import org.keycloak.services.resources.flows.Urls;
import org.keycloak.social.AuthCallback;
import org.keycloak.social.SocialAccessDeniedException;
@@ -124,7 +122,7 @@ public class SocialResource {
RealmManager realmManager = new RealmManager(session);
RealmModel realm = realmManager.getRealmByName(realmName);
- Audit audit = new AuditManager(realm, session, clientConnection).createAudit()
+ EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder()
.event(EventType.LOGIN)
.detail(Details.RESPONSE_TYPE, initialRequest.get(OAuth2Constants.RESPONSE_TYPE))
.detail(Details.AUTH_METHOD, authMethod);
@@ -133,7 +131,7 @@ public class SocialResource {
OAuthFlows oauth = Flows.oauth(session, realm, request, uriInfo, clientConnection, authManager, tokenManager);
if (!realm.isEnabled()) {
- audit.error(Errors.REALM_DISABLED);
+ event.error(Errors.REALM_DISABLED);
return oauth.forwardToSecurityFailure("Realm not enabled.");
}
@@ -143,15 +141,15 @@ public class SocialResource {
String state = initialRequest.get(OAuth2Constants.STATE);
String responseType = initialRequest.get(OAuth2Constants.RESPONSE_TYPE);
- audit.client(clientId).detail(Details.REDIRECT_URI, redirectUri);
+ event.client(clientId).detail(Details.REDIRECT_URI, redirectUri);
ClientModel client = realm.findClient(clientId);
if (client == null) {
- audit.error(Errors.CLIENT_NOT_FOUND);
+ event.error(Errors.CLIENT_NOT_FOUND);
return oauth.forwardToSecurityFailure("Unknown login requester.");
}
if (!client.isEnabled()) {
- audit.error(Errors.CLIENT_DISABLED);
+ event.error(Errors.CLIENT_DISABLED);
return oauth.forwardToSecurityFailure("Login requester not enabled.");
}
@@ -176,14 +174,14 @@ public class SocialResource {
queryParms.putSingle(OAuth2Constants.REDIRECT_URI, redirectUri);
queryParms.putSingle(OAuth2Constants.RESPONSE_TYPE, responseType);
- audit.error(Errors.REJECTED_BY_USER);
+ event.error(Errors.REJECTED_BY_USER);
return Flows.forms(session, realm, client, uriInfo).setQueryParams(queryParms).setWarning("Access denied").createLogin();
} catch (SocialProviderException e) {
logger.error("Failed to process social callback", e);
return oauth.forwardToSecurityFailure("Failed to process social callback");
}
- audit.detail(Details.USERNAME, socialUser.getId() + "@" + provider.getId());
+ event.detail(Details.USERNAME, socialUser.getId() + "@" + provider.getId());
try {
SocialLinkModel socialLink = new SocialLinkModel(provider.getId(), socialUser.getId(), socialUser.getUsername());
@@ -194,32 +192,32 @@ public class SocialResource {
if (userId != null) {
UserModel authenticatedUser = session.users().getUserById(userId, realm);
- audit.event(EventType.SOCIAL_LINK).user(userId);
+ event.event(EventType.SOCIAL_LINK).user(userId);
if (user != null) {
- audit.error(Errors.SOCIAL_ID_IN_USE);
+ event.error(Errors.SOCIAL_ID_IN_USE);
return oauth.forwardToSecurityFailure("This social account is already linked to other user");
}
if (!authenticatedUser.isEnabled()) {
- audit.error(Errors.USER_DISABLED);
+ event.error(Errors.USER_DISABLED);
return oauth.forwardToSecurityFailure("User is disabled");
}
if (!authenticatedUser.hasRole(realm.getApplicationByName(Constants.ACCOUNT_MANAGEMENT_APP).getRole(AccountRoles.MANAGE_ACCOUNT))) {
- audit.error(Errors.NOT_ALLOWED);
+ event.error(Errors.NOT_ALLOWED);
return oauth.forwardToSecurityFailure("Insufficient permissions to link social account");
}
if (redirectUri == null) {
- audit.error(Errors.INVALID_REDIRECT_URI);
+ event.error(Errors.INVALID_REDIRECT_URI);
return oauth.forwardToSecurityFailure("Unknown redirectUri");
}
session.users().addSocialLink(realm, authenticatedUser, socialLink);
logger.debugv("Social provider {0} linked with user {1}", provider.getId(), authenticatedUser.getUsername());
- audit.success();
+ event.success();
return Response.status(302).location(UriBuilder.fromUri(redirectUri).build()).build();
}
@@ -236,26 +234,26 @@ public class SocialResource {
session.users().addSocialLink(realm, user, socialLink);
- audit.clone().user(user).event(EventType.REGISTER)
+ event.clone().user(user).event(EventType.REGISTER)
.detail(Details.REGISTER_METHOD, "social@" + provider.getId())
.detail(Details.EMAIL, socialUser.getEmail())
.removeDetail("auth_method")
.success();
}
- audit.user(user);
+ event.user(user);
if (!user.isEnabled()) {
- audit.error(Errors.USER_DISABLED);
+ event.error(Errors.USER_DISABLED);
return oauth.forwardToSecurityFailure("Your account is not enabled.");
}
String username = socialLink.getSocialUserId() + "@" + socialLink.getSocialProvider();
UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), authMethod, false);
- audit.session(userSession);
+ event.session(userSession);
- Response response = oauth.processAccessCode(scope, state, redirectUri, client, user, userSession, audit);
+ Response response = oauth.processAccessCode(scope, state, redirectUri, client, user, userSession, event);
if (session.getTransaction().isActive()) {
session.getTransaction().commit();
}
@@ -275,7 +273,7 @@ public class SocialResource {
RealmManager realmManager = new RealmManager(session);
RealmModel realm = realmManager.getRealmByName(realmName);
- Audit audit = new AuditManager(realm, session, clientConnection).createAudit()
+ EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder()
.event(EventType.LOGIN).client(clientId)
.detail(Details.REDIRECT_URI, redirectUri)
.detail(Details.RESPONSE_TYPE, "code")
@@ -283,23 +281,23 @@ public class SocialResource {
SocialProvider provider = SocialLoader.load(providerId);
if (provider == null) {
- audit.error(Errors.SOCIAL_PROVIDER_NOT_FOUND);
+ event.error(Errors.SOCIAL_PROVIDER_NOT_FOUND);
return Flows.forms(session, realm, null, uriInfo).setError("Social provider not found").createErrorPage();
}
ClientModel client = realm.findClient(clientId);
if (client == null) {
- audit.error(Errors.CLIENT_NOT_FOUND);
+ event.error(Errors.CLIENT_NOT_FOUND);
return Flows.forms(session, realm, null, uriInfo).setError("Unknown login requester.").createErrorPage();
}
if (!client.isEnabled()) {
- audit.error(Errors.CLIENT_DISABLED);
+ event.error(Errors.CLIENT_DISABLED);
return Flows.forms(session, realm, null, uriInfo).setError("Login requester not enabled.").createErrorPage();
}
redirectUri = TokenService.verifyRedirectUri(uriInfo, redirectUri, realm, client);
if (redirectUri == null) {
- audit.error(Errors.INVALID_REDIRECT_URI);
+ event.error(Errors.INVALID_REDIRECT_URI);
return Flows.forms(session, realm, null, uriInfo).setError("Invalid redirect_uri.").createErrorPage();
}
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index 0907b16..61e47b4 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -13,10 +13,10 @@ import org.keycloak.ClientConnection;
import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException;
import org.keycloak.RSATokenVerifier;
-import org.keycloak.audit.Audit;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Errors;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.EventBuilder;
+import org.keycloak.events.Details;
+import org.keycloak.events.Errors;
+import org.keycloak.events.EventType;
import org.keycloak.login.LoginFormsProvider;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
@@ -85,7 +85,7 @@ public class TokenService {
protected RealmModel realm;
protected TokenManager tokenManager;
- private Audit audit;
+ private EventBuilder event;
protected AuthenticationManager authManager;
@Context
@@ -112,10 +112,10 @@ public class TokenService {
private ResourceAdminManager resourceAdminManager = new ResourceAdminManager();
- public TokenService(RealmModel realm, TokenManager tokenManager, Audit audit, AuthenticationManager authManager) {
+ public TokenService(RealmModel realm, TokenManager tokenManager, EventBuilder event, AuthenticationManager authManager) {
this.realm = realm;
this.tokenManager = tokenManager;
- this.audit = audit;
+ this.event = event;
this.authManager = authManager;
}
@@ -232,22 +232,22 @@ public class TokenService {
return createError("not_enabled", "Direct Grant REST API not enabled", Response.Status.FORBIDDEN);
}
- audit.event(EventType.LOGIN).detail(Details.AUTH_METHOD, "oauth_credentials").detail(Details.RESPONSE_TYPE, "token");
+ event.event(EventType.LOGIN).detail(Details.AUTH_METHOD, "oauth_credentials").detail(Details.RESPONSE_TYPE, "token");
String username = form.getFirst(AuthenticationManager.FORM_USERNAME);
if (username == null) {
- audit.error(Errors.USERNAME_MISSING);
+ event.error(Errors.USERNAME_MISSING);
throw new UnauthorizedException("No username");
}
- audit.detail(Details.USERNAME, username);
+ event.detail(Details.USERNAME, username);
UserModel user = session.users().getUserByUsername(username, realm);
- if (user != null) audit.user(user);
+ if (user != null) event.user(user);
- ClientModel client = authorizeClient(authorizationHeader, form, audit);
+ ClientModel client = authorizeClient(authorizationHeader, form, event);
if (!realm.isEnabled()) {
- audit.error(Errors.REALM_DISABLED);
+ event.error(Errors.REALM_DISABLED);
return createError("realm_disabled", "Realm is disabled", Response.Status.UNAUTHORIZED);
}
@@ -262,21 +262,21 @@ public class TokenService {
err = new HashMap<String, String>();
err.put(OAuth2Constants.ERROR, "invalid_grant");
err.put(OAuth2Constants.ERROR_DESCRIPTION, "AccountProvider temporarily disabled");
- audit.error(Errors.USER_TEMPORARILY_DISABLED);
+ event.error(Errors.USER_TEMPORARILY_DISABLED);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(err)
.build();
case ACCOUNT_DISABLED:
err = new HashMap<String, String>();
err.put(OAuth2Constants.ERROR, "invalid_grant");
err.put(OAuth2Constants.ERROR_DESCRIPTION, "AccountProvider disabled");
- audit.error(Errors.USER_DISABLED);
+ event.error(Errors.USER_DISABLED);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(err)
.build();
default:
err = new HashMap<String, String>();
err.put(OAuth2Constants.ERROR, "invalid_grant");
err.put(OAuth2Constants.ERROR_DESCRIPTION, "Invalid user credentials");
- audit.error(Errors.INVALID_USER_CREDENTIALS);
+ event.error(Errors.INVALID_USER_CREDENTIALS);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(err)
.build();
}
@@ -284,15 +284,15 @@ public class TokenService {
String scope = form.getFirst(OAuth2Constants.SCOPE);
UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "oauth_credentials", false);
- audit.session(userSession);
+ event.session(userSession);
- AccessTokenResponse res = tokenManager.responseBuilder(realm, client, audit)
+ AccessTokenResponse res = tokenManager.responseBuilder(realm, client, event)
.generateAccessToken(scope, client, user, userSession)
.generateRefreshToken()
.generateIDToken()
.build();
- audit.success();
+ event.success();
return Response.ok(res, MediaType.APPLICATION_JSON_TYPE).build();
}
@@ -311,7 +311,7 @@ public class TokenService {
if (!checkSsl()) {
return createError("https_required", "HTTPS required", Response.Status.FORBIDDEN);
}
- audit.event(EventType.VALIDATE_ACCESS_TOKEN);
+ event.event(EventType.VALIDATE_ACCESS_TOKEN);
AccessToken token = null;
try {
token = RSATokenVerifier.verifyToken(tokenString, realm.getPublicKey(), realm.getName());
@@ -319,11 +319,11 @@ public class TokenService {
Map<String, String> err = new HashMap<String, String>();
err.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_GRANT);
err.put(OAuth2Constants.ERROR_DESCRIPTION, "Token invalid");
- audit.error(Errors.INVALID_TOKEN);
+ event.error(Errors.INVALID_TOKEN);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(err)
.build();
}
- audit.user(token.getSubject()).session(token.getSessionState()).detail(Details.VALIDATE_ACCESS_TOKEN, token.getId());
+ event.user(token.getSubject()).session(token.getSessionState()).detail(Details.VALIDATE_ACCESS_TOKEN, token.getId());
if (token.isExpired()
|| token.getIssuedAt() < realm.getNotBefore()
@@ -331,7 +331,7 @@ public class TokenService {
Map<String, String> err = new HashMap<String, String>();
err.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_GRANT);
err.put(OAuth2Constants.ERROR_DESCRIPTION, "Token expired");
- audit.error(Errors.INVALID_TOKEN);
+ event.error(Errors.INVALID_TOKEN);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(err)
.build();
}
@@ -342,7 +342,7 @@ public class TokenService {
Map<String, String> err = new HashMap<String, String>();
err.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_GRANT);
err.put(OAuth2Constants.ERROR_DESCRIPTION, "User does not exist");
- audit.error(Errors.USER_NOT_FOUND);
+ event.error(Errors.USER_NOT_FOUND);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(err)
.build();
}
@@ -351,7 +351,7 @@ public class TokenService {
Map<String, String> err = new HashMap<String, String>();
err.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_GRANT);
err.put(OAuth2Constants.ERROR_DESCRIPTION, "User disabled");
- audit.error(Errors.USER_DISABLED);
+ event.error(Errors.USER_DISABLED);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(err)
.build();
}
@@ -361,7 +361,7 @@ public class TokenService {
Map<String, String> err = new HashMap<String, String>();
err.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_GRANT);
err.put(OAuth2Constants.ERROR_DESCRIPTION, "Expired session");
- audit.error(Errors.USER_SESSION_NOT_FOUND);
+ event.error(Errors.USER_SESSION_NOT_FOUND);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(err)
.build();
}
@@ -371,7 +371,7 @@ public class TokenService {
Map<String, String> err = new HashMap<String, String>();
err.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_CLIENT);
err.put(OAuth2Constants.ERROR_DESCRIPTION, "Issued for client no longer exists");
- audit.error(Errors.CLIENT_NOT_FOUND);
+ event.error(Errors.CLIENT_NOT_FOUND);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(err)
.build();
@@ -381,7 +381,7 @@ public class TokenService {
Map<String, String> err = new HashMap<String, String>();
err.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_CLIENT);
err.put(OAuth2Constants.ERROR_DESCRIPTION, "Issued for client no longer exists");
- audit.error(Errors.INVALID_TOKEN);
+ event.error(Errors.INVALID_TOKEN);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(err)
.build();
}
@@ -392,7 +392,7 @@ public class TokenService {
Map<String, String> err = new HashMap<String, String>();
err.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_SCOPE);
err.put(OAuth2Constants.ERROR_DESCRIPTION, "Role mappings have changed");
- audit.error(Errors.INVALID_TOKEN);
+ event.error(Errors.INVALID_TOKEN);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(err)
.build();
@@ -424,34 +424,34 @@ public class TokenService {
return createError("https_required", "HTTPS required", Response.Status.FORBIDDEN);
}
- audit.event(EventType.REFRESH_TOKEN);
+ event.event(EventType.REFRESH_TOKEN);
- ClientModel client = authorizeClient(authorizationHeader, form, audit);
+ ClientModel client = authorizeClient(authorizationHeader, form, event);
String refreshToken = form.getFirst(OAuth2Constants.REFRESH_TOKEN);
if (refreshToken == null) {
Map<String, String> error = new HashMap<String, String>();
error.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_REQUEST);
error.put(OAuth2Constants.ERROR_DESCRIPTION, "No refresh token");
- audit.error(Errors.INVALID_TOKEN);
+ event.error(Errors.INVALID_TOKEN);
return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
}
AccessToken accessToken;
try {
- accessToken = tokenManager.refreshAccessToken(session, uriInfo, clientConnection, realm, client, refreshToken, audit);
+ accessToken = tokenManager.refreshAccessToken(session, uriInfo, clientConnection, realm, client, refreshToken, event);
} catch (OAuthErrorException e) {
Map<String, String> error = new HashMap<String, String>();
error.put(OAuth2Constants.ERROR, e.getError());
if (e.getDescription() != null) error.put(OAuth2Constants.ERROR_DESCRIPTION, e.getDescription());
- audit.error(Errors.INVALID_TOKEN);
+ event.error(Errors.INVALID_TOKEN);
return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
}
- AccessTokenResponse res = tokenManager.responseBuilder(realm, client, audit)
+ AccessTokenResponse res = tokenManager.responseBuilder(realm, client, event)
.accessToken(accessToken)
.generateIDToken()
.generateRefreshToken().build();
- audit.success();
+ event.success();
return Cors.add(request, Response.ok(res, MediaType.APPLICATION_JSON_TYPE)).auth().allowedOrigins(client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
}
@@ -477,14 +477,14 @@ public class TokenService {
String rememberMe = formData.getFirst("rememberMe");
boolean remember = rememberMe != null && rememberMe.equalsIgnoreCase("on");
- audit.event(EventType.LOGIN).client(clientId)
+ event.event(EventType.LOGIN).client(clientId)
.detail(Details.REDIRECT_URI, redirect)
.detail(Details.RESPONSE_TYPE, "code")
.detail(Details.AUTH_METHOD, "form")
.detail(Details.USERNAME, username);
if (remember) {
- audit.detail(Details.REMEMBER_ME, "true");
+ event.detail(Details.REMEMBER_ME, "true");
}
OAuthFlows oauth = Flows.oauth(session, realm, request, uriInfo, clientConnection, authManager, tokenManager);
@@ -494,27 +494,27 @@ public class TokenService {
}
if (!realm.isEnabled()) {
- audit.error(Errors.REALM_DISABLED);
+ event.error(Errors.REALM_DISABLED);
return oauth.forwardToSecurityFailure("Realm not enabled.");
}
ClientModel client = realm.findClient(clientId);
if (client == null) {
- audit.error(Errors.CLIENT_NOT_FOUND);
+ event.error(Errors.CLIENT_NOT_FOUND);
return oauth.forwardToSecurityFailure("Unknown login requester.");
}
if (!client.isEnabled()) {
- audit.error(Errors.CLIENT_NOT_FOUND);
+ event.error(Errors.CLIENT_NOT_FOUND);
return oauth.forwardToSecurityFailure("Login requester not enabled.");
}
redirect = verifyRedirectUri(uriInfo, redirect, realm, client);
if (redirect == null) {
- audit.error(Errors.INVALID_REDIRECT_URI);
+ event.error(Errors.INVALID_REDIRECT_URI);
return oauth.forwardToSecurityFailure("Invalid redirect_uri.");
}
if (formData.containsKey("cancel")) {
- audit.error(Errors.REJECTED_BY_USER);
+ event.error(Errors.REJECTED_BY_USER);
return oauth.redirectError(client, "access_denied", state, redirect);
}
@@ -528,36 +528,36 @@ public class TokenService {
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username);
if (user != null) {
- audit.user(user);
+ event.user(user);
}
switch (status) {
case SUCCESS:
case ACTIONS_REQUIRED:
UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", remember);
- audit.session(userSession);
+ event.session(userSession);
- return oauth.processAccessCode(scopeParam, state, redirect, client, user, userSession, audit);
+ return oauth.processAccessCode(scopeParam, state, redirect, client, user, userSession, event);
case ACCOUNT_TEMPORARILY_DISABLED:
- audit.error(Errors.USER_TEMPORARILY_DISABLED);
+ event.error(Errors.USER_TEMPORARILY_DISABLED);
return Flows.forms(this.session, realm, client, uriInfo).setError(Messages.ACCOUNT_TEMPORARILY_DISABLED).setFormData(formData).createLogin();
case ACCOUNT_DISABLED:
- audit.error(Errors.USER_DISABLED);
+ event.error(Errors.USER_DISABLED);
return Flows.forms(this.session, realm, client, uriInfo).setError(Messages.ACCOUNT_DISABLED).setFormData(formData).createLogin();
case MISSING_TOTP:
return Flows.forms(this.session, realm, client, uriInfo).setFormData(formData).createLoginTotp();
case INVALID_USER:
- audit.error(Errors.USER_NOT_FOUND);
+ event.error(Errors.USER_NOT_FOUND);
return Flows.forms(this.session, realm, client, uriInfo).setError(Messages.INVALID_USER).setFormData(formData).createLogin();
default:
- audit.error(Errors.INVALID_USER_CREDENTIALS);
+ event.error(Errors.INVALID_USER_CREDENTIALS);
return Flows.forms(this.session, realm, client, uriInfo).setError(Messages.INVALID_USER).setFormData(formData).createLogin();
}
}
@Path("auth/request/login-actions")
public RequiredActionsService getRequiredActionsService() {
- RequiredActionsService service = new RequiredActionsService(realm, tokenManager, audit);
+ RequiredActionsService service = new RequiredActionsService(realm, tokenManager, event);
ResteasyProviderFactory.getInstance().injectProperties(service);
//resourceContext.initResource(service);
@@ -584,7 +584,7 @@ public class TokenService {
String username = formData.getFirst("username");
String email = formData.getFirst("email");
- audit.event(EventType.REGISTER).client(clientId)
+ event.event(EventType.REGISTER).client(clientId)
.detail(Details.REDIRECT_URI, redirect)
.detail(Details.RESPONSE_TYPE, "code")
.detail(Details.USERNAME, username)
@@ -594,28 +594,28 @@ public class TokenService {
OAuthFlows oauth = Flows.oauth(session, realm, request, uriInfo, clientConnection, authManager, tokenManager);
if (!realm.isEnabled()) {
- audit.error(Errors.REALM_DISABLED);
+ event.error(Errors.REALM_DISABLED);
return oauth.forwardToSecurityFailure("Realm not enabled");
}
ClientModel client = realm.findClient(clientId);
if (client == null) {
- audit.error(Errors.CLIENT_NOT_FOUND);
+ event.error(Errors.CLIENT_NOT_FOUND);
return oauth.forwardToSecurityFailure("Unknown login requester.");
}
if (!client.isEnabled()) {
- audit.error(Errors.CLIENT_DISABLED);
+ event.error(Errors.CLIENT_DISABLED);
return oauth.forwardToSecurityFailure("Login requester not enabled.");
}
redirect = verifyRedirectUri(uriInfo, redirect, realm, client);
if (redirect == null) {
- audit.error(Errors.INVALID_REDIRECT_URI);
+ event.error(Errors.INVALID_REDIRECT_URI);
return oauth.forwardToSecurityFailure("Invalid redirect_uri.");
}
if (!realm.isRegistrationAllowed()) {
- audit.error(Errors.REGISTRATION_DISABLED);
+ event.error(Errors.REGISTRATION_DISABLED);
return oauth.forwardToSecurityFailure("Registration not allowed");
}
@@ -631,19 +631,19 @@ public class TokenService {
}
if (error != null) {
- audit.error(Errors.INVALID_REGISTRATION);
+ event.error(Errors.INVALID_REGISTRATION);
return Flows.forms(session, realm, client, uriInfo).setError(error).setFormData(formData).createRegistration();
}
// Validate that user with this username doesn't exist in realm or any federation provider
if (session.users().getUserByUsername(username, realm) != null) {
- audit.error(Errors.USERNAME_IN_USE);
+ event.error(Errors.USERNAME_IN_USE);
return Flows.forms(session, realm, client, uriInfo).setError(Messages.USERNAME_EXISTS).setFormData(formData).createRegistration();
}
// Validate that user with this email doesn't exist in realm or any federation provider
if (session.users().getUserByEmail(email, realm) != null) {
- audit.error(Errors.EMAIL_IN_USE);
+ event.error(Errors.EMAIL_IN_USE);
return Flows.forms(session, realm, client, uriInfo).setError(Messages.EMAIL_EXISTS).setFormData(formData).createRegistration();
}
@@ -676,8 +676,8 @@ public class TokenService {
}
}
- audit.user(user).success();
- audit.reset();
+ event.user(user).success();
+ event.reset();
return processLogin(clientId, scopeParam, state, redirect, formData);
}
@@ -714,10 +714,10 @@ public class TokenService {
throw new ForbiddenException("HTTPS required");
}
- audit.event(EventType.CODE_TO_TOKEN);
+ event.event(EventType.CODE_TO_TOKEN);
if (!realm.isEnabled()) {
- audit.error(Errors.REALM_DISABLED);
+ event.error(Errors.REALM_DISABLED);
throw new UnauthorizedException("Realm not enabled");
}
@@ -726,7 +726,7 @@ public class TokenService {
Map<String, String> error = new HashMap<String, String>();
error.put(OAuth2Constants.ERROR, "invalid_request");
error.put(OAuth2Constants.ERROR_DESCRIPTION, "code not specified");
- audit.error(Errors.INVALID_CODE);
+ event.error(Errors.INVALID_CODE);
throw new BadRequestException("Code not specified", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
@@ -735,39 +735,39 @@ public class TokenService {
String[] parts = code.split("\\.");
if (parts.length == 2) {
try {
- audit.detail(Details.CODE_ID, new String(Base64Url.decode(parts[1])));
+ event.detail(Details.CODE_ID, new String(Base64Url.decode(parts[1])));
} catch (Throwable t) {
}
}
Map<String, String> res = new HashMap<String, String>();
res.put(OAuth2Constants.ERROR, "invalid_grant");
res.put(OAuth2Constants.ERROR_DESCRIPTION, "Code not found");
- audit.error(Errors.INVALID_CODE);
+ event.error(Errors.INVALID_CODE);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
- audit.detail(Details.CODE_ID, accessCode.getCodeId());
+ event.detail(Details.CODE_ID, accessCode.getCodeId());
if (!accessCode.isValid(ClientSessionModel.Action.CODE_TO_TOKEN)) {
Map<String, String> res = new HashMap<String, String>();
res.put(OAuth2Constants.ERROR, "invalid_grant");
res.put(OAuth2Constants.ERROR_DESCRIPTION, "Code is expired");
- audit.error(Errors.INVALID_CODE);
+ event.error(Errors.INVALID_CODE);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
accessCode.setAction(null);
- audit.user(accessCode.getUser());
- audit.session(accessCode.getSessionState());
+ event.user(accessCode.getUser());
+ event.session(accessCode.getSessionState());
- ClientModel client = authorizeClient(authorizationHeader, formData, audit);
+ ClientModel client = authorizeClient(authorizationHeader, formData, event);
if (!client.getClientId().equals(accessCode.getClient().getClientId())) {
Map<String, String> res = new HashMap<String, String>();
res.put(OAuth2Constants.ERROR, "invalid_grant");
res.put(OAuth2Constants.ERROR_DESCRIPTION, "Auth error");
- audit.error(Errors.INVALID_CODE);
+ event.error(Errors.INVALID_CODE);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
@@ -777,7 +777,7 @@ public class TokenService {
Map<String, String> res = new HashMap<String, String>();
res.put(OAuth2Constants.ERROR, "invalid_grant");
res.put(OAuth2Constants.ERROR_DESCRIPTION, "User not found");
- audit.error(Errors.INVALID_CODE);
+ event.error(Errors.INVALID_CODE);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
@@ -786,7 +786,7 @@ public class TokenService {
Map<String, String> res = new HashMap<String, String>();
res.put(OAuth2Constants.ERROR, "invalid_grant");
res.put(OAuth2Constants.ERROR_DESCRIPTION, "User disabled");
- audit.error(Errors.INVALID_CODE);
+ event.error(Errors.INVALID_CODE);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
@@ -797,7 +797,7 @@ public class TokenService {
Map<String, String> res = new HashMap<String, String>();
res.put(OAuth2Constants.ERROR, "invalid_grant");
res.put(OAuth2Constants.ERROR_DESCRIPTION, "Session not active");
- audit.error(Errors.INVALID_CODE);
+ event.error(Errors.INVALID_CODE);
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
@@ -810,21 +810,21 @@ public class TokenService {
Map<String, String> error = new HashMap<String, String>();
error.put(OAuth2Constants.ERROR, e.getError());
if (e.getDescription() != null) error.put(OAuth2Constants.ERROR_DESCRIPTION, e.getDescription());
- audit.error(Errors.INVALID_CODE);
+ event.error(Errors.INVALID_CODE);
return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
}
- AccessTokenResponse res = tokenManager.responseBuilder(realm, client, audit)
+ AccessTokenResponse res = tokenManager.responseBuilder(realm, client, event)
.accessToken(token)
.generateIDToken()
.generateRefreshToken().build();
- audit.success();
+ event.success();
return Cors.add(request, Response.ok(res)).auth().allowedOrigins(client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
}
- protected ClientModel authorizeClient(String authorizationHeader, MultivaluedMap<String, String> formData, Audit audit) {
+ protected ClientModel authorizeClient(String authorizationHeader, MultivaluedMap<String, String> formData, EventBuilder event) {
String client_id;
String clientSecret;
if (authorizationHeader != null) {
@@ -846,14 +846,14 @@ public class TokenService {
throw new BadRequestException("Could not find client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
- audit.client(client_id);
+ event.client(client_id);
ClientModel client = realm.findClient(client_id);
if (client == null) {
Map<String, String> error = new HashMap<String, String>();
error.put(OAuth2Constants.ERROR, "invalid_client");
error.put(OAuth2Constants.ERROR_DESCRIPTION, "Could not find client");
- audit.error(Errors.CLIENT_NOT_FOUND);
+ event.error(Errors.CLIENT_NOT_FOUND);
throw new BadRequestException("Could not find client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
@@ -861,7 +861,7 @@ public class TokenService {
Map<String, String> error = new HashMap<String, String>();
error.put(OAuth2Constants.ERROR, "invalid_client");
error.put(OAuth2Constants.ERROR_DESCRIPTION, "Client is not enabled");
- audit.error(Errors.CLIENT_DISABLED);
+ event.error(Errors.CLIENT_DISABLED);
throw new BadRequestException("Client is not enabled", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
@@ -869,7 +869,7 @@ public class TokenService {
Map<String, String> error = new HashMap<String, String>();
error.put(OAuth2Constants.ERROR, "invalid_client");
error.put(OAuth2Constants.ERROR_DESCRIPTION, "Bearer-only not allowed");
- audit.error(Errors.INVALID_CLIENT);
+ event.error(Errors.INVALID_CLIENT);
throw new BadRequestException("Bearer-only not allowed", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
@@ -877,7 +877,7 @@ public class TokenService {
if (clientSecret == null || !client.validateSecret(clientSecret)) {
Map<String, String> error = new HashMap<String, String>();
error.put(OAuth2Constants.ERROR, "unauthorized_client");
- audit.error(Errors.INVALID_CLIENT_CREDENTIALS);
+ event.error(Errors.INVALID_CLIENT_CREDENTIALS);
throw new BadRequestException("Unauthorized Client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
}
@@ -904,7 +904,7 @@ public class TokenService {
@QueryParam("redirect_uri") String redirect, final @QueryParam("client_id") String clientId,
final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state, final @QueryParam("prompt") String prompt,
final @QueryParam("login_hint") String loginHint) {
- audit.event(EventType.LOGIN).client(clientId).detail(Details.REDIRECT_URI, redirect).detail(Details.RESPONSE_TYPE, "code");
+ event.event(EventType.LOGIN).client(clientId).detail(Details.REDIRECT_URI, redirect).detail(Details.RESPONSE_TYPE, "code");
OAuthFlows oauth = Flows.oauth(session, realm, request, uriInfo, clientConnection, authManager, tokenManager);
@@ -913,30 +913,30 @@ public class TokenService {
}
if (!realm.isEnabled()) {
- audit.error(Errors.REALM_DISABLED);
+ event.error(Errors.REALM_DISABLED);
return oauth.forwardToSecurityFailure("Realm not enabled");
}
ClientModel client = realm.findClient(clientId);
if (client == null) {
- audit.error(Errors.CLIENT_NOT_FOUND);
+ event.error(Errors.CLIENT_NOT_FOUND);
return oauth.forwardToSecurityFailure("Unknown login requester.");
}
if (!client.isEnabled()) {
- audit.error(Errors.CLIENT_DISABLED);
+ event.error(Errors.CLIENT_DISABLED);
return oauth.forwardToSecurityFailure("Login requester not enabled.");
}
if ( (client instanceof ApplicationModel) && ((ApplicationModel)client).isBearerOnly()) {
- audit.error(Errors.NOT_ALLOWED);
+ event.error(Errors.NOT_ALLOWED);
return oauth.forwardToSecurityFailure("Bearer-only applications are not allowed to initiate browser login");
}
if (client.isDirectGrantsOnly()) {
- audit.error(Errors.NOT_ALLOWED);
+ event.error(Errors.NOT_ALLOWED);
return oauth.forwardToSecurityFailure("direct-grants-only clients are not allowed to initiate browser login");
}
redirect = verifyRedirectUri(uriInfo, redirect, realm, client);
if (redirect == null) {
- audit.error(Errors.INVALID_REDIRECT_URI);
+ event.error(Errors.INVALID_REDIRECT_URI);
return oauth.forwardToSecurityFailure("Invalid redirect_uri.");
}
@@ -945,8 +945,8 @@ public class TokenService {
UserModel user = authResult.getUser();
UserSessionModel session = authResult.getSession();
- audit.user(user).session(session).detail(Details.AUTH_METHOD, "sso");
- return oauth.processAccessCode(scopeParam, state, redirect, client, user, session, audit);
+ event.user(user).session(session).detail(Details.AUTH_METHOD, "sso");
+ return oauth.processAccessCode(scopeParam, state, redirect, client, user, session, event);
}
if (prompt != null && prompt.equals("none")) {
@@ -980,7 +980,7 @@ public class TokenService {
public Response registerPage(final @QueryParam("response_type") String responseType,
@QueryParam("redirect_uri") String redirect, final @QueryParam("client_id") String clientId,
final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state) {
- audit.event(EventType.REGISTER).client(clientId).detail(Details.REDIRECT_URI, redirect).detail(Details.RESPONSE_TYPE, "code");
+ event.event(EventType.REGISTER).client(clientId).detail(Details.REDIRECT_URI, redirect).detail(Details.RESPONSE_TYPE, "code");
OAuthFlows oauth = Flows.oauth(session, realm, request, uriInfo, clientConnection, authManager, tokenManager);
@@ -989,28 +989,28 @@ public class TokenService {
}
if (!realm.isEnabled()) {
- audit.error(Errors.REALM_DISABLED);
+ event.error(Errors.REALM_DISABLED);
return oauth.forwardToSecurityFailure("Realm not enabled");
}
ClientModel client = realm.findClient(clientId);
if (client == null) {
- audit.error(Errors.CLIENT_NOT_FOUND);
+ event.error(Errors.CLIENT_NOT_FOUND);
return oauth.forwardToSecurityFailure("Unknown login requester.");
}
if (!client.isEnabled()) {
- audit.error(Errors.CLIENT_DISABLED);
+ event.error(Errors.CLIENT_DISABLED);
return oauth.forwardToSecurityFailure("Login requester not enabled.");
}
redirect = verifyRedirectUri(uriInfo, redirect, realm, client);
if (redirect == null) {
- audit.error(Errors.INVALID_REDIRECT_URI);
+ event.error(Errors.INVALID_REDIRECT_URI);
return oauth.forwardToSecurityFailure("Invalid redirect_uri.");
}
if (!realm.isRegistrationAllowed()) {
- audit.error(Errors.REGISTRATION_DISABLED);
+ event.error(Errors.REGISTRATION_DISABLED);
return oauth.forwardToSecurityFailure("Registration not allowed");
}
@@ -1029,9 +1029,9 @@ public class TokenService {
@GET
@NoCache
public Response logout(final @QueryParam("redirect_uri") String redirectUri) {
- audit.event(EventType.LOGOUT);
+ event.event(EventType.LOGOUT);
if (redirectUri != null) {
- audit.detail(Details.REDIRECT_URI, redirectUri);
+ event.detail(Details.REDIRECT_URI, redirectUri);
}
// authenticate identity cookie, but ignore an access token timeout as we're logging out anyways.
AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, uriInfo, clientConnection, headers, false);
@@ -1076,15 +1076,15 @@ public class TokenService {
throw new NotAcceptableException("HTTPS required");
}
- audit.event(EventType.LOGOUT);
+ event.event(EventType.LOGOUT);
- ClientModel client = authorizeClient(authorizationHeader, form, audit);
+ ClientModel client = authorizeClient(authorizationHeader, form, event);
String refreshToken = form.getFirst(OAuth2Constants.REFRESH_TOKEN);
if (refreshToken == null) {
Map<String, String> error = new HashMap<String, String>();
error.put(OAuth2Constants.ERROR, OAuthErrorException.INVALID_REQUEST);
error.put(OAuth2Constants.ERROR_DESCRIPTION, "No refresh token");
- audit.error(Errors.INVALID_TOKEN);
+ event.error(Errors.INVALID_TOKEN);
return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
}
try {
@@ -1097,7 +1097,7 @@ public class TokenService {
Map<String, String> error = new HashMap<String, String>();
error.put(OAuth2Constants.ERROR, e.getError());
if (e.getDescription() != null) error.put(OAuth2Constants.ERROR_DESCRIPTION, e.getDescription());
- audit.error(Errors.INVALID_TOKEN);
+ event.error(Errors.INVALID_TOKEN);
return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
}
return Cors.add(request, Response.noContent()).auth().allowedOrigins(client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
@@ -1105,7 +1105,7 @@ public class TokenService {
private void logout(UserSessionModel userSession) {
authManager.logout(session, realm, userSession, uriInfo, clientConnection);
- audit.user(userSession.getUser()).session(userSession).success();
+ event.user(userSession.getUser()).session(userSession).success();
}
/**
@@ -1118,7 +1118,7 @@ public class TokenService {
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response processOAuth(final MultivaluedMap<String, String> formData) {
- audit.event(EventType.LOGIN).detail(Details.RESPONSE_TYPE, "code");
+ event.event(EventType.LOGIN).detail(Details.RESPONSE_TYPE, "code");
OAuthFlows oauth = Flows.oauth(session, realm, request, uriInfo, clientConnection, authManager, tokenManager);
@@ -1130,41 +1130,41 @@ public class TokenService {
AccessCode accessCode = AccessCode.parse(code, session, realm);
if (accessCode == null || !accessCode.isValid(ClientSessionModel.Action.OAUTH_GRANT)) {
- audit.error(Errors.INVALID_CODE);
+ event.error(Errors.INVALID_CODE);
return oauth.forwardToSecurityFailure("Invalid access code.");
}
- audit.detail(Details.CODE_ID, accessCode.getCodeId());
+ event.detail(Details.CODE_ID, accessCode.getCodeId());
String redirect = accessCode.getRedirectUri();
String state = accessCode.getState();
- audit.client(accessCode.getClient())
+ event.client(accessCode.getClient())
.user(accessCode.getUser())
.detail(Details.RESPONSE_TYPE, "code")
.detail(Details.REDIRECT_URI, redirect);
UserSessionModel userSession = session.sessions().getUserSession(realm, accessCode.getSessionState());
if (userSession != null) {
- audit.detail(Details.AUTH_METHOD, userSession.getAuthMethod());
- audit.detail(Details.USERNAME, userSession.getLoginUsername());
+ event.detail(Details.AUTH_METHOD, userSession.getAuthMethod());
+ event.detail(Details.USERNAME, userSession.getLoginUsername());
if (userSession.isRememberMe()) {
- audit.detail(Details.REMEMBER_ME, "true");
+ event.detail(Details.REMEMBER_ME, "true");
}
}
if (!AuthenticationManager.isSessionValid(realm, userSession)) {
AuthenticationManager.logout(session, realm, userSession, uriInfo, clientConnection);
- audit.error(Errors.INVALID_CODE);
+ event.error(Errors.INVALID_CODE);
return oauth.forwardToSecurityFailure("Session not active");
}
- audit.session(userSession);
+ event.session(userSession);
if (formData.containsKey("cancel")) {
- audit.error(Errors.REJECTED_BY_USER);
+ event.error(Errors.REJECTED_BY_USER);
return redirectAccessDenied(redirect, state);
}
- audit.success();
+ event.success();
accessCode.setAction(ClientSessionModel.Action.CODE_TO_TOKEN);
return oauth.redirectAccessCode(accessCode, userSession, state, redirect);
testsuite/integration/pom.xml 2(+1 -1)
diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml
index c75f38d..f7b0982 100755
--- a/testsuite/integration/pom.xml
+++ b/testsuite/integration/pom.xml
@@ -288,7 +288,7 @@
<systemPropertyVariables>
<keycloak.realm.provider>jpa</keycloak.realm.provider>
<keycloak.user.provider>jpa</keycloak.user.provider>
- <keycloak.audit.provider>jpa</keycloak.audit.provider>
+ <keycloak.eventStore.provider>jpa</keycloak.eventStore.provider>
<keycloak.userSessions.provider>jpa</keycloak.userSessions.provider>
</systemPropertyVariables>
</configuration>
testsuite/integration/README.md 2(+1 -1)
diff --git a/testsuite/integration/README.md b/testsuite/integration/README.md
index 564451f..9de055c 100644
--- a/testsuite/integration/README.md
+++ b/testsuite/integration/README.md
@@ -57,7 +57,7 @@ To start a Keycloak server with identity model data persisted in Mongo database
By default it's using database `keycloak` on localhost/27017 and it uses already existing data from this DB (no cleanup of existing data during bootstrap). Assumption is that you already have DB running on localhost/27017 . Use system properties to configure things differently:
- mvn exec:java -Pkeycloak-server -Dkeycloak.realm.provider=mongo -Dkeycloak.user.provider=mongo -Dkeycloak.audit.provider=mongo -Dkeycloak.connectionsMongo.host=localhost -Dkeycloak.connectionsMongo.port=27017 -Dkeycloak.connectionsMongo.db=keycloak -Dkeycloak.connectionsMongo.clearOnStartup=false
+ mvn exec:java -Pkeycloak-server -Dkeycloak.realm.provider=mongo -Dkeycloak.user.provider=mongo -Dkeycloak.eventStore.provider=mongo -Dkeycloak.connectionsMongo.host=localhost -Dkeycloak.connectionsMongo.port=27017 -Dkeycloak.connectionsMongo.db=keycloak -Dkeycloak.connectionsMongo.clearOnStartup=false
Note that if you are using Mongo model, it would mean that Mongo will be used for audit as well. You may need to use audit related properties for configuration of Mongo if you want to override default ones (For example keycloak.audit.mongo.host, keycloak.audit.mongo.port etc)
diff --git a/testsuite/integration/src/main/resources/META-INF/keycloak-server.json b/testsuite/integration/src/main/resources/META-INF/keycloak-server.json
index 7101a8f..6e90fa1 100755
--- a/testsuite/integration/src/main/resources/META-INF/keycloak-server.json
+++ b/testsuite/integration/src/main/resources/META-INF/keycloak-server.json
@@ -3,8 +3,8 @@
"realm": "master"
},
- "audit": {
- "provider": "${keycloak.audit.provider:jpa}"
+ "eventsStore": {
+ "provider": "${keycloak.eventStore.provider:jpa}"
},
"realm": {
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
index 5fbf669..c8a17be 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
@@ -28,9 +28,9 @@ import org.junit.ClassRule;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Event;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.Details;
+import org.keycloak.events.Event;
+import org.keycloak.events.EventType;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
@@ -370,7 +370,7 @@ public class AccountTest {
keycloakRule.update(new KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
- appRealm.setAuditEnabled(true);
+ appRealm.setEventsEnabled(true);
}
});
@@ -407,7 +407,7 @@ public class AccountTest {
Iterator<List<String>> itr = logPage.getEvents().iterator();
for (Event event : e) {
List<String> a = itr.next();
- Assert.assertEquals(event.getEvent().toString().replace('_', ' ').toLowerCase(), a.get(1));
+ Assert.assertEquals(event.getType().toString().replace('_', ' ').toLowerCase(), a.get(1));
Assert.assertEquals(event.getIpAddress(), a.get(2));
Assert.assertEquals(event.getClientId(), a.get(3));
}
@@ -417,7 +417,7 @@ public class AccountTest {
keycloakRule.update(new KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
- appRealm.setAuditEnabled(false);
+ appRealm.setEventsEnabled(false);
}
});
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
index 012cb9e..2ad03e3 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
@@ -26,9 +26,9 @@ import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Event;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.Details;
+import org.keycloak.events.Event;
+import org.keycloak.events.EventType;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.managers.RealmManager;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionMultipleActionsTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionMultipleActionsTest.java
index 4f9f740..4d16a1b 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionMultipleActionsTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionMultipleActionsTest.java
@@ -25,8 +25,8 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.Details;
+import org.keycloak.events.EventType;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.RequiredAction;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionResetPasswordTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionResetPasswordTest.java
index e357843..a512795 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionResetPasswordTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionResetPasswordTest.java
@@ -25,8 +25,8 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
-import org.keycloak.audit.Event;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.Event;
+import org.keycloak.events.EventType;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.RequiredAction;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
index dcc844c..0874c38 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
@@ -25,9 +25,9 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Event;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.Details;
+import org.keycloak.events.Event;
+import org.keycloak.events.EventType;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.CredentialRepresentation;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java
index a5a87c1..f66c88e 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java
@@ -26,8 +26,8 @@ import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.Details;
+import org.keycloak.events.EventType;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.managers.RealmManager;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java
index fa2b767..0dd893b 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java
@@ -8,11 +8,11 @@ import org.junit.Assert;
import org.junit.rules.TestRule;
import org.junit.runners.model.Statement;
import org.keycloak.Config;
-import org.keycloak.audit.AuditListener;
-import org.keycloak.audit.AuditListenerFactory;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Event;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.EventListenerProvider;
+import org.keycloak.events.EventListenerProviderFactory;
+import org.keycloak.events.Details;
+import org.keycloak.events.Event;
+import org.keycloak.events.EventType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
@@ -34,7 +34,7 @@ import java.util.concurrent.TimeUnit;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
-public class AssertEvents implements TestRule, AuditListenerFactory {
+public class AssertEvents implements TestRule, EventListenerProviderFactory {
public static String DEFAULT_CLIENT_ID = "test-app";
public static String DEFAULT_REDIRECT_URI = "http://localhost:8081/app/auth";
@@ -71,7 +71,7 @@ public class AssertEvents implements TestRule, AuditListenerFactory {
Set<String> listeners = new HashSet<String>();
listeners.add("jboss-logging");
listeners.add("assert-events");
- appRealm.setAuditListeners(listeners);
+ appRealm.setEventsListeners(listeners);
}
});
@@ -80,13 +80,13 @@ public class AssertEvents implements TestRule, AuditListenerFactory {
Event event = events.peek();
if (event != null) {
- Assert.fail("Unexpected event after test: " + event.getEvent());
+ Assert.fail("Unexpected type after test: " + event.getType());
}
} finally {
keycloak.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
- appRealm.setAuditListeners(null);
+ appRealm.setEventsListeners(null);
}
});
}
@@ -172,12 +172,12 @@ public class AssertEvents implements TestRule, AuditListenerFactory {
}
@Override
- public AuditListener create(KeycloakSession session) {
- return new AuditListener() {
+ public EventListenerProvider create(KeycloakSession session) {
+ return new EventListenerProvider() {
@Override
public void onEvent(Event event) {
if (event == null) {
- throw new RuntimeException("Added null event");
+ throw new RuntimeException("Added null type");
}
events.add(event);
}
@@ -254,7 +254,7 @@ public class AssertEvents implements TestRule, AuditListenerFactory {
}
public ExpectedEvent event(EventType e) {
- expected.setEvent(e);
+ expected.setType(e);
return this;
}
@@ -286,15 +286,15 @@ public class AssertEvents implements TestRule, AuditListenerFactory {
try {
return assertEvent(events.poll(10, TimeUnit.SECONDS));
} catch (InterruptedException e) {
- throw new AssertionError("No event received within timeout");
+ throw new AssertionError("No type received within timeout");
}
}
public Event assertEvent(Event actual) {
- if (expected.getError() != null && !expected.getEvent().toString().endsWith("_ERROR")) {
- expected.setEvent(EventType.valueOf(expected.getEvent().toString() + "_ERROR"));
+ if (expected.getError() != null && !expected.getType().toString().endsWith("_ERROR")) {
+ expected.setType(EventType.valueOf(expected.getType().toString() + "_ERROR"));
}
- Assert.assertEquals(expected.getEvent(), actual.getEvent());
+ Assert.assertEquals(expected.getType(), actual.getType());
Assert.assertEquals(expected.getRealmId(), actual.getRealmId());
Assert.assertEquals(expected.getClientId(), actual.getClientId());
Assert.assertEquals(expected.getError(), actual.getError());
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java
new file mode 100644
index 0000000..4f3a206
--- /dev/null
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java
@@ -0,0 +1,134 @@
+package org.keycloak.testsuite.events;
+
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.keycloak.events.EventStoreProvider;
+import org.keycloak.events.Event;
+import org.keycloak.events.EventType;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.testsuite.rule.KeycloakRule;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class EventStoreProviderTest {
+
+ @ClassRule
+ public static KeycloakRule kc = new KeycloakRule();
+
+ private KeycloakSession session;
+
+ private EventStoreProvider eventStore;
+
+ @Before
+ public void before() {
+ session = kc.startSession();
+ eventStore = session.getProvider(EventStoreProvider.class);
+ }
+
+ @After
+ public void after() {
+ eventStore.clear();
+ kc.stopSession(session, true);
+ }
+
+ @Test
+ public void save() {
+ eventStore.onEvent(create(EventType.LOGIN, "realmId", "clientId", "userId", "127.0.0.1", "error"));
+ }
+
+ @Test
+ public void query() {
+ long oldest = System.currentTimeMillis() - 30000;
+ long newest = System.currentTimeMillis() + 30000;
+
+ eventStore.onEvent(create(EventType.LOGIN, "realmId", "clientId", "userId", "127.0.0.1", "error"));
+ eventStore.onEvent(create(newest, EventType.REGISTER, "realmId", "clientId", "userId", "127.0.0.1", "error"));
+ eventStore.onEvent(create(newest, EventType.REGISTER, "realmId", "clientId", "userId2", "127.0.0.1", "error"));
+ eventStore.onEvent(create(EventType.LOGIN, "realmId2", "clientId", "userId", "127.0.0.1", "error"));
+ eventStore.onEvent(create(oldest, EventType.LOGIN, "realmId", "clientId2", "userId", "127.0.0.1", "error"));
+ eventStore.onEvent(create(EventType.LOGIN, "realmId", "clientId", "userId2", "127.0.0.1", "error"));
+
+ resetSession();
+
+ Assert.assertEquals(5, eventStore.createQuery().client("clientId").getResultList().size());
+ Assert.assertEquals(5, eventStore.createQuery().realm("realmId").getResultList().size());
+ Assert.assertEquals(4, eventStore.createQuery().type(EventType.LOGIN).getResultList().size());
+ Assert.assertEquals(6, eventStore.createQuery().type(EventType.LOGIN, EventType.REGISTER).getResultList().size());
+ Assert.assertEquals(4, eventStore.createQuery().user("userId").getResultList().size());
+
+ Assert.assertEquals(1, eventStore.createQuery().user("userId").type(EventType.REGISTER).getResultList().size());
+
+ Assert.assertEquals(2, eventStore.createQuery().maxResults(2).getResultList().size());
+ Assert.assertEquals(1, eventStore.createQuery().firstResult(5).getResultList().size());
+
+ Assert.assertEquals(newest, eventStore.createQuery().maxResults(1).getResultList().get(0).getTime());
+ Assert.assertEquals(oldest, eventStore.createQuery().firstResult(5).maxResults(1).getResultList().get(0).getTime());
+ }
+
+ @Test
+ public void clear() {
+ eventStore.onEvent(create(System.currentTimeMillis() - 30000, EventType.LOGIN, "realmId", "clientId", "userId", "127.0.0.1", "error"));
+ eventStore.onEvent(create(System.currentTimeMillis() - 20000, EventType.LOGIN, "realmId", "clientId", "userId", "127.0.0.1", "error"));
+ eventStore.onEvent(create(System.currentTimeMillis(), EventType.LOGIN, "realmId", "clientId", "userId", "127.0.0.1", "error"));
+ eventStore.onEvent(create(System.currentTimeMillis(), EventType.LOGIN, "realmId", "clientId", "userId", "127.0.0.1", "error"));
+ eventStore.onEvent(create(System.currentTimeMillis() - 30000, EventType.LOGIN, "realmId2", "clientId", "userId", "127.0.0.1", "error"));
+
+ resetSession();
+
+ eventStore.clear("realmId");
+
+ Assert.assertEquals(1, eventStore.createQuery().getResultList().size());
+ }
+
+ @Test
+ public void clearOld() {
+ eventStore.onEvent(create(System.currentTimeMillis() - 30000, EventType.LOGIN, "realmId", "clientId", "userId", "127.0.0.1", "error"));
+ eventStore.onEvent(create(System.currentTimeMillis() - 20000, EventType.LOGIN, "realmId", "clientId", "userId", "127.0.0.1", "error"));
+ eventStore.onEvent(create(System.currentTimeMillis(), EventType.LOGIN, "realmId", "clientId", "userId", "127.0.0.1", "error"));
+ eventStore.onEvent(create(System.currentTimeMillis(), EventType.LOGIN, "realmId", "clientId", "userId", "127.0.0.1", "error"));
+ eventStore.onEvent(create(System.currentTimeMillis() - 30000, EventType.LOGIN, "realmId2", "clientId", "userId", "127.0.0.1", "error"));
+
+ resetSession();
+
+ eventStore.clear("realmId", System.currentTimeMillis() - 10000);
+
+ Assert.assertEquals(3, eventStore.createQuery().getResultList().size());
+ }
+
+ private Event create(EventType event, String realmId, String clientId, String userId, String ipAddress, String error) {
+ return create(System.currentTimeMillis(), event, realmId, clientId, userId, ipAddress, error);
+ }
+
+ private Event create(long time, EventType event, String realmId, String clientId, String userId, String ipAddress, String error) {
+ Event e = new Event();
+ e.setTime(time);
+ e.setType(event);
+ e.setRealmId(realmId);
+ e.setClientId(clientId);
+ e.setUserId(userId);
+ e.setIpAddress(ipAddress);
+ e.setError(error);
+
+ Map<String, String> details = new HashMap<String, String>();
+ details.put("key1", "value1");
+ details.put("key2", "value2");
+
+ e.setDetails(details);
+
+ return e;
+ }
+
+ private void resetSession() {
+ kc.stopSession(session, true);
+ session = kc.startSession();
+ eventStore = session.getProvider(EventStoreProvider.class);
+ }
+
+}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
index 4447019..77f3a54 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
@@ -26,7 +26,7 @@ import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
-import org.keycloak.audit.Details;
+import org.keycloak.events.Details;
import org.keycloak.models.BrowserSecurityHeaders;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java
index b680d09..f53e85a 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java
@@ -26,7 +26,7 @@ import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
-import org.keycloak.audit.Details;
+import org.keycloak.events.Details;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
@@ -66,7 +66,7 @@ public class LoginTotpTest {
user.updateCredential(credentials);
user.setTotp(true);
- appRealm.setAuditListeners(Collections.singleton("dummy"));
+ appRealm.setEventsListeners(Collections.singleton("dummy"));
}
});
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
index 3f8bc1c..561fcd6 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
@@ -24,7 +24,7 @@ package org.keycloak.testsuite.forms;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
-import org.keycloak.audit.Details;
+import org.keycloak.events.Details;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.AppPage;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
index 429e5f9..ff76d22 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
@@ -25,7 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
-import org.keycloak.audit.Details;
+import org.keycloak.events.Details;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.RealmManager;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
index 4510565..22ec3c1 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
@@ -25,8 +25,8 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.Details;
+import org.keycloak.events.EventType;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
@@ -72,7 +72,7 @@ public class ResetPasswordTest {
creds.setValue("password");
user.updateCredential(creds);
- appRealm.setAuditListeners(Collections.singleton("dummy"));
+ appRealm.setEventsListeners(Collections.singleton("dummy"));
}
}));
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SSOTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SSOTest.java
index 4796226..30c10a7 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SSOTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SSOTest.java
@@ -26,7 +26,7 @@ import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
-import org.keycloak.audit.Details;
+import org.keycloak.events.Details;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
index d3bb915..98dd5ac 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
@@ -26,9 +26,9 @@ import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Errors;
-import org.keycloak.audit.Event;
+import org.keycloak.events.Details;
+import org.keycloak.events.Errors;
+import org.keycloak.events.Event;
import org.keycloak.enums.SslRequired;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
index 78cab61..2ca2021 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
@@ -26,7 +26,7 @@ import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
-import org.keycloak.audit.Details;
+import org.keycloak.events.Details;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.AccessCode;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
index 947551e..6985e88 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
@@ -26,8 +26,8 @@ import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Event;
+import org.keycloak.events.Details;
+import org.keycloak.events.Event;
import org.keycloak.representations.AccessToken;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.OAuthClient;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
index bc1195a..447ca75 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
@@ -26,15 +26,12 @@ import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Errors;
-import org.keycloak.audit.Event;
+import org.keycloak.events.Details;
+import org.keycloak.events.Errors;
+import org.keycloak.events.Event;
import org.keycloak.enums.SslRequired;
-import org.keycloak.models.ApplicationModel;
-import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
index 1ebf327..f59c8ef 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
@@ -4,8 +4,8 @@ import org.apache.http.HttpResponse;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Errors;
+import org.keycloak.events.Details;
+import org.keycloak.events.Errors;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.AccessToken;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java
index 7293f3c..f81b160 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java
@@ -27,9 +27,9 @@ import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Event;
-import org.keycloak.audit.EventType;
+import org.keycloak.events.Details;
+import org.keycloak.events.Event;
+import org.keycloak.events.EventType;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.UserRepresentation;
diff --git a/testsuite/tools/src/main/resources/META-INF/keycloak-server.json b/testsuite/tools/src/main/resources/META-INF/keycloak-server.json
index 654c17e..a9662a0 100755
--- a/testsuite/tools/src/main/resources/META-INF/keycloak-server.json
+++ b/testsuite/tools/src/main/resources/META-INF/keycloak-server.json
@@ -3,7 +3,7 @@
"realm": "master"
},
- "audit": {
+ "eventsStore": {
"provider": "jpa",
"jpa": {
"exclude-events": [ "REFRESH_TOKEN" ]