keycloak-uncached
Changes
examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java 50(+28 -22)
examples/demo-template/README.md 19(+19 -0)
Details
diff --git a/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java b/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java
index 4e26fdf..d97e285 100755
--- a/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java
+++ b/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java
@@ -44,6 +44,28 @@ public class AdminClient {
}
}
+ public static String getContent(HttpEntity entity) throws IOException {
+ if (entity == null) return null;
+ InputStream is = entity.getContent();
+ try {
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ int c;
+ while ((c = is.read()) != -1) {
+ os.write(c);
+ }
+ byte[] bytes = os.toByteArray();
+ String data = new String(bytes);
+ return data;
+ } finally {
+ try {
+ is.close();
+ } catch (IOException ignored) {
+
+ }
+ }
+
+ }
+
public static AccessTokenResponse getToken(HttpServletRequest request) throws IOException {
HttpClient client = new HttpClientBuilder()
@@ -64,32 +86,14 @@ public class AdminClient {
int status = response.getStatusLine().getStatusCode();
HttpEntity entity = response.getEntity();
if (status != 200) {
- throw new IOException("Bad status: " + status);
+ String json = getContent(entity);
+ throw new IOException("Bad status: " + status + " response: " + json);
}
if (entity == null) {
throw new IOException("No Entity");
}
- InputStream is = entity.getContent();
- try {
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- int c;
- while ((c = is.read()) != -1) {
- os.write(c);
- }
- byte[] bytes = os.toByteArray();
- String json = new String(bytes);
- try {
- return JsonSerialization.readValue(json, AccessTokenResponse.class);
- } catch (IOException e) {
- throw new IOException(json, e);
- }
- } finally {
- try {
- is.close();
- } catch (IOException ignored) {
-
- }
- }
+ String json = getContent(entity);
+ return JsonSerialization.readValue(json, AccessTokenResponse.class);
} finally {
client.getConnectionManager().shutdown();
}
@@ -108,6 +112,8 @@ public class AdminClient {
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
formparams.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, res.getRefreshToken()));
formparams.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, "admin-client"));
+ UrlEncodedFormEntity form = new UrlEncodedFormEntity(formparams, "UTF-8");
+ post.setEntity(form);
HttpResponse response = client.execute(post);
boolean status = response.getStatusLine().getStatusCode() != 204;
HttpEntity entity = response.getEntity();
examples/demo-template/README.md 19(+19 -0)
diff --git a/examples/demo-template/README.md b/examples/demo-template/README.md
index 8ce7158..22a4108 100755
--- a/examples/demo-template/README.md
+++ b/examples/demo-template/README.md
@@ -15,6 +15,7 @@ machine on the network or Internet.
* **customer-app-cli** A pure CLI application that does remote login using OAuth2 browser redirects with the auth server
* **product-app** A WAR application that does remote login using OAuth2 browser redirects with the auth server
* **admin-access-app** A WAR application that does remote REST login to admin console to obtain a list of realm roles from Admin REST API
+* **angular-product-app** An Angular JS pure HTML5/Javascript application.
* **database-service** JAX-RS services authenticated by bearer tokens only. The customer and product app invoke on it to get data
* **third-party** Simple WAR that obtain a bearer token using OAuth2 using browser redirects to the auth-server.
* **third-party-cdi** Simple CDI/JSF WAR that obtain a bearer token using OAuth2 using browser redirects to the auth-server.
@@ -187,6 +188,24 @@ then using that token to access the Admin REST API.
If you are already logged in, you will not be asked for a username and password, but you will be redirected to
an oauth grant page. This page asks you if you want to grant certain permissions to the third-part app.
+Step 9: Angular JS Example
+----------------------------------
+An Angular JS example using Keycloak to secure it.
+
+[http://localhost:8080/angular-product](http://localhost:8080/angular-product)
+
+If you are already logged in, you will not be asked for a username and password, but you will be redirected to
+an oauth grant page. This page asks you if you want to grant certain permissions to the third-part app.
+
+Step 9: Pure HTML5/Javascript Example
+----------------------------------
+An pure HTML5/Javascript example using Keycloak to secure it.
+
+[http://localhost:8080/customer-portal-js](http://localhost:8080/customer-portal-js)
+
+If you are already logged in, you will not be asked for a username and password, but you will be redirected to
+an oauth grant page. This page asks you if you want to grant certain permissions to the third-part app.
+
Admin Console
==========================
diff --git a/examples/providers/federation-provider/README.md b/examples/providers/federation-provider/README.md
index bdb4a1b..b908fe7 100755
--- a/examples/providers/federation-provider/README.md
+++ b/examples/providers/federation-provider/README.md
@@ -3,14 +3,14 @@ Example User Federation Provider
This is an example of user federation backed by a simple properties file. This properties file only contains username/password
key pairs. To deploy, build this directory then take the jar and copy it to the WEB-INF/lib of the keycloak server's
-WAR file.
+WAR file. You will then have to restart the authentication server.
The ClasspathPropertiesFederationProvider is an example of a readonly provider. If you go to the Users/Federation
page of the admin console you will see this provider listed under "classpath-properties. To configure this provider you
specify a classpath to a properties file in the "path" field of the admin page for this plugin. This example includes
a "test-users.properties" within the JAR that you can use as the variable.
-The FilePropertiesFederationProvider is an exxample of a writable provider. It synchronizes changes made to
+The FilePropertiesFederationProvider is an example of a writable provider. It synchronizes changes made to
username and password with the properties file. If you go to the Users/Federation page of the admin console you will
see this provider listed under "file-properties". To configure this provider you specify a fully qualified file path to
a properties file in the "path" field of the admin page for this plugin.
\ No newline at end of file
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-list.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-list.html
index f8bf163..f6c52d8 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-list.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-list.html
@@ -5,10 +5,10 @@
</div>
<div id="content-area" class="col-md-9" role="main">
<ul class="nav nav-tabs nav-tabs-pf">
- <li class="active"><a href="">Choose realm to manage</a></li>
+ <li class="active"><a href="">Realm List</a></li>
</ul>
<div id="content">
- <h2 class="margin-top">Realms</h2>
+ <h2 class="margin-top">Choose Realm to Manage</h2>
<table class="table table-striped table-bordered">
<thead>
<tr>
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index c9355c8..9e5d039 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -229,7 +229,7 @@ public class TokenService {
}
if (!realm.isPasswordCredentialGrantAllowed()) {
- return createError("not_enabled", "Resource Owner Password Credentials Grant not enabled", Response.Status.FORBIDDEN);
+ return createError("not_enabled", "Direct Grant REST API not enabled", Response.Status.FORBIDDEN);
}
audit.event(EventType.LOGIN).detail(Details.AUTH_METHOD, "oauth_credentials").detail(Details.RESPONSE_TYPE, "token");