Details
diff --git a/forms/src/main/java/org/keycloak/forms/UrlBean.java b/forms/src/main/java/org/keycloak/forms/UrlBean.java
index f6f5f12..c3e24b1 100755
--- a/forms/src/main/java/org/keycloak/forms/UrlBean.java
+++ b/forms/src/main/java/org/keycloak/forms/UrlBean.java
@@ -52,6 +52,10 @@ public class UrlBean {
this.referrerURI = referrerURI;
}
+ protected String getRealmIdentifier() {
+ return realm.getName();
+ }
+
public RealmBean getRealm() {
return realm;
}
@@ -61,11 +65,11 @@ public class UrlBean {
}
public String getAccessUrl() {
- return Urls.accountAccessPage(baseURI, realm.getId()).toString();
+ return Urls.accountAccessPage(baseURI, getRealmIdentifier()).toString();
}
public String getAccountUrl() {
- return Urls.accountPage(baseURI, realm.getId()).toString();
+ return Urls.accountPage(baseURI, getRealmIdentifier()).toString();
}
URI getBaseURI() {
@@ -73,24 +77,24 @@ public class UrlBean {
}
public String getLoginAction() {
- return Urls.realmLoginAction(baseURI, realm.getId()).toString();
+ return Urls.realmLoginAction(baseURI, getRealmIdentifier()).toString();
}
public String getLoginUrl() {
- return Urls.realmLoginPage(baseURI, realm.getId()).toString();
+ return Urls.realmLoginPage(baseURI, getRealmIdentifier()).toString();
}
public String getPasswordUrl() {
- return Urls.accountPasswordPage(baseURI, realm.getId()).toString();
+ return Urls.accountPasswordPage(baseURI, getRealmIdentifier()).toString();
}
public String getRegistrationAction() {
if (realm.isSaas()) {
return Urls.saasRegisterAction(baseURI).toString();
} else if (socialRegistration){
- return Urls.socialRegisterAction(baseURI, realm.getId()).toString();
+ return Urls.socialRegisterAction(baseURI, getRealmIdentifier()).toString();
} else {
- return Urls.realmRegisterAction(baseURI, realm.getId()).toString();
+ return Urls.realmRegisterAction(baseURI, getRealmIdentifier()).toString();
}
}
@@ -99,48 +103,48 @@ public class UrlBean {
// TODO: saas social registration
return Urls.saasRegisterPage(baseURI).toString();
} else {
- return Urls.realmRegisterPage(baseURI, realm.getId()).toString();
+ return Urls.realmRegisterPage(baseURI, getRealmIdentifier()).toString();
}
}
public String getLoginUpdatePasswordUrl() {
- return Urls.loginActionUpdatePassword(baseURI, realm.getId()).toString();
+ return Urls.loginActionUpdatePassword(baseURI, getRealmIdentifier()).toString();
}
public String getLoginUpdateTotpUrl() {
- return Urls.loginActionUpdateTotp(baseURI, realm.getId()).toString();
+ return Urls.loginActionUpdateTotp(baseURI, getRealmIdentifier()).toString();
}
public String getLoginUpdateProfileUrl() {
- return Urls.loginActionUpdateProfile(baseURI, realm.getId()).toString();
+ return Urls.loginActionUpdateProfile(baseURI, getRealmIdentifier()).toString();
}
public String getSocialUrl() {
- return Urls.accountSocialPage(baseURI, realm.getId()).toString();
+ return Urls.accountSocialPage(baseURI, getRealmIdentifier()).toString();
}
public String getTotpUrl() {
- return Urls.accountTotpPage(baseURI, realm.getId()).toString();
+ return Urls.accountTotpPage(baseURI, getRealmIdentifier()).toString();
}
public String getTotpRemoveUrl() {
- return Urls.accountTotpRemove(baseURI, realm.getId()).toString();
+ return Urls.accountTotpRemove(baseURI, getRealmIdentifier()).toString();
}
public String getLogoutUrl() {
- return Urls.accountLogout(baseURI, realm.getId()).toString();
+ return Urls.accountLogout(baseURI, getRealmIdentifier()).toString();
}
public String getLoginPasswordResetUrl() {
- return Urls.loginPasswordReset(baseURI, realm.getId()).toString();
+ return Urls.loginPasswordReset(baseURI, getRealmIdentifier()).toString();
}
public String getLoginUsernameReminderUrl() {
- return Urls.loginUsernameReminder(baseURI, realm.getId()).toString();
+ return Urls.loginUsernameReminder(baseURI, getRealmIdentifier()).toString();
}
public String getLoginEmailVerificationUrl() {
- return Urls.loginActionEmailVerification(baseURI, realm.getId()).toString();
+ return Urls.loginActionEmailVerification(baseURI, getRealmIdentifier()).toString();
}
public String getReferrerURI() {
diff --git a/server/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/server/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
index d4f4af9..87755b6 100755
--- a/server/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
+++ b/server/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -7,14 +7,19 @@
<!-- Exclude JAVA EE of JBOSS (javax.ws..) => Add dependency javax.annotation -->
<module name="javaee.api" />
<!-- Exclude RestEasy conflict (javax.ws.rs.ext.RunDelegate) -->
+ <module name="javax.ws.rs.api"/>
+ <module name="org.codehaus.jackson.jackson-core-asl" />
<module name="org.jboss.resteasy.resteasy-atom-provider" />
<module name="org.jboss.resteasy.resteasy-cdi" />
+ <module name="org.jboss.resteasy.resteasy-crypto" />
<module name="org.jboss.resteasy.resteasy-jackson-provider" />
<module name="org.jboss.resteasy.resteasy-jaxb-provider" />
<module name="org.jboss.resteasy.resteasy-jaxrs" />
<module name="org.jboss.resteasy.resteasy-jettison-provider" />
<module name="org.jboss.resteasy.resteasy-jsapi" />
+ <module name="org.jboss.resteasy.resteasy-json-p-provider" />
<module name="org.jboss.resteasy.resteasy-multipart-provider" />
+ <module name="org.jboss.resteasy.resteasy-validator-provider-11" />
<module name="org.jboss.resteasy.resteasy-yaml-provider" />
</exclusions>
</deployment>
diff --git a/services/src/main/java/org/keycloak/services/email/EmailSender.java b/services/src/main/java/org/keycloak/services/email/EmailSender.java
index 8947ef4..ea76c3d 100755
--- a/services/src/main/java/org/keycloak/services/email/EmailSender.java
+++ b/services/src/main/java/org/keycloak/services/email/EmailSender.java
@@ -107,7 +107,7 @@ public class EmailSender {
UriBuilder builder = Urls.loginActionEmailVerificationBuilder(uriInfo.getBaseUri());
builder.queryParam("key", accessCode.getId());
- URI uri = builder.build(realm.getId());
+ URI uri = builder.build(realm.getName());
StringBuilder sb = getHeader(user);
@@ -128,7 +128,7 @@ public class EmailSender {
UriBuilder builder = Urls.loginPasswordResetBuilder(uriInfo.getBaseUri());
builder.queryParam("key", accessCode.getId());
- URI uri = builder.build(realm.getId());
+ URI uri = builder.build(realm.getName());
StringBuilder sb = getHeader(user);
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
index 27bb39e..4260d50 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
@@ -177,12 +177,12 @@ public class ApplicationManager {
public BaseAdapterConfig toInstallationRepresentation(RealmModel realmModel, ApplicationModel applicationModel, URI baseUri) {
BaseAdapterConfig rep = new BaseAdapterConfig();
- rep.setRealm(realmModel.getId());
+ rep.setRealm(realmModel.getName());
rep.setRealmKey(realmModel.getPublicKeyPem());
rep.setSslNotRequired(realmModel.isSslNotRequired());
- rep.setAuthUrl(Urls.realmLoginPage(baseUri, realmModel.getId()).toString());
- rep.setCodeUrl(Urls.realmCode(baseUri, realmModel.getId()).toString());
+ rep.setAuthUrl(Urls.realmLoginPage(baseUri, realmModel.getName()).toString());
+ rep.setCodeUrl(Urls.realmCode(baseUri, realmModel.getName()).toString());
rep.setUseResourceRoleMappings(applicationModel.getRoles().size() > 0);
rep.setResource(applicationModel.getName());
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index 4db51a7..5a8542a 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -43,7 +43,7 @@ public class AuthenticationManager {
token.id(RealmManager.generateId());
token.issuedNow();
token.principal(username);
- token.audience(realm.getId());
+ token.audience(realm.getName());
if (realm.getTokenLifespan() > 0) {
token.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan());
}
@@ -53,8 +53,7 @@ public class AuthenticationManager {
public NewCookie createLoginCookie(RealmModel realm, UserModel user, UriInfo uriInfo) {
String cookieName = KEYCLOAK_IDENTITY_COOKIE;
- URI uri = RealmsResource.realmBaseUrl(uriInfo).build(realm.getId());
- String cookiePath = uri.getRawPath();
+ String cookiePath = getIdentityCookiePath(realm, uriInfo);
return createLoginCookie(realm, user, null, cookieName, cookiePath);
}
@@ -92,13 +91,17 @@ public class AuthenticationManager {
public void expireIdentityCookie(RealmModel realm, UriInfo uriInfo) {
- URI uri = RealmsResource.realmBaseUrl(uriInfo).build(realm.getId());
logger.debug("Expiring identity cookie");
- String path = uri.getRawPath();
+ String path = getIdentityCookiePath(realm, uriInfo);
String cookieName = KEYCLOAK_IDENTITY_COOKIE;
expireCookie(cookieName, path);
}
+ protected String getIdentityCookiePath(RealmModel realm, UriInfo uriInfo) {
+ URI uri = RealmsResource.realmBaseUrl(uriInfo).build(realm.getName());
+ return uri.getRawPath();
+ }
+
public void expireSaasIdentityCookie(UriInfo uriInfo) {
URI uri = AdminService.saasCookiePath(uriInfo).build();
String cookiePath = uri.getRawPath();
@@ -163,7 +166,7 @@ public class AuthenticationManager {
String tokenString = cookie.getValue();
try {
- SkeletonKeyToken token = RSATokenVerifier.verifyToken(tokenString, realm.getPublicKey(), realm.getId());
+ SkeletonKeyToken token = RSATokenVerifier.verifyToken(tokenString, realm.getPublicKey(), realm.getName());
if (!token.isActive()) {
logger.debug("identity cookie expired");
expireIdentityCookie(realm, uriInfo);
@@ -212,7 +215,7 @@ public class AuthenticationManager {
try {
- SkeletonKeyToken token = RSATokenVerifier.verifyToken(tokenString, realm.getPublicKey(), realm.getId());
+ SkeletonKeyToken token = RSATokenVerifier.verifyToken(tokenString, realm.getPublicKey(), realm.getName());
if (!token.isActive()) {
throw new NotAuthorizedException("token_expired");
}
diff --git a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
index fa99940..f543771 100755
--- a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
@@ -85,12 +85,12 @@ public class OAuthClientManager {
public BaseAdapterConfig toInstallationRepresentation(RealmModel realmModel, OAuthClientModel model, URI baseUri) {
BaseAdapterConfig rep = new BaseAdapterConfig();
- rep.setRealm(realmModel.getId());
+ rep.setRealm(realmModel.getName());
rep.setRealmKey(realmModel.getPublicKeyPem());
rep.setSslNotRequired(realmModel.isSslNotRequired());
- rep.setAuthUrl(Urls.realmLoginPage(baseUri, realmModel.getId()).toString());
- rep.setCodeUrl(Urls.realmCode(baseUri, realmModel.getId()).toString());
+ rep.setAuthUrl(Urls.realmLoginPage(baseUri, realmModel.getName()).toString());
+ rep.setCodeUrl(Urls.realmCode(baseUri, realmModel.getName()).toString());
rep.setUseResourceRoleMappings(false);
rep.setResource(model.getOAuthAgent().getLoginName());
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index 9aea0b8..e6bd3f8 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -172,7 +172,11 @@ public class RealmManager {
}
public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
- RealmModel realm = createRealm(rep.getRealm());
+ String id = rep.getId();
+ if (id == null) {
+ id = generateId();
+ }
+ RealmModel realm = createRealm(id, rep.getRealm());
importRealm(rep, realm);
return realm;
}
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index 6a9a811..3cd575b 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -174,7 +174,7 @@ public class TokenManager {
token.id(RealmManager.generateId());
token.issuedNow();
token.principal(user.getLoginName());
- token.audience(realm.getId());
+ token.audience(realm.getName());
if (realm.getTokenLifespan() > 0) {
token.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan());
}
diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index d950b10..36f529a 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -330,10 +330,10 @@ public class AccountService {
throw new BadRequestException();
}
- URI accountUri = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getId());
+ URI accountUri = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName());
URI redirectUri = path != null ? accountUri.resolve(path) : accountUri;
- NewCookie cookie = authManager.createAccountIdentityCookie(realm, accessCode.getUser(), client, Urls.accountBase(uriInfo.getBaseUri()).build(realm.getId()));
+ NewCookie cookie = authManager.createAccountIdentityCookie(realm, accessCode.getUser(), client, Urls.accountBase(uriInfo.getBaseUri()).build(realm.getName()));
return Response.status(302).cookie(cookie).location(redirectUri).build();
} finally {
authManager.expireCookie(AbstractOAuthClient.OAUTH_TOKEN_REQUEST_STATE, uriInfo.getAbsolutePath().getRawPath());
@@ -344,7 +344,7 @@ public class AccountService {
@GET
public Response logout() {
// TODO Should use single-sign out via TokenService
- URI baseUri = Urls.accountBase(uriInfo.getBaseUri()).build(realm.getId());
+ URI baseUri = Urls.accountBase(uriInfo.getBaseUri()).build(realm.getName());
authManager.expireIdentityCookie(realm, uriInfo);
authManager.expireAccountIdentityCookie(baseUri);
return Response.status(302).location(baseUri).build();
@@ -352,12 +352,12 @@ public class AccountService {
private Response login(String path) {
JaxrsOAuthClient oauth = new JaxrsOAuthClient();
- String authUrl = Urls.realmLoginPage(uriInfo.getBaseUri(), realm.getId()).toString();
+ String authUrl = Urls.realmLoginPage(uriInfo.getBaseUri(), realm.getName()).toString();
oauth.setAuthUrl(authUrl);
oauth.setClientId(Constants.ACCOUNT_APPLICATION);
- URI accountUri = Urls.accountPageBuilder(uriInfo.getBaseUri()).path(AccountService.class, "loginRedirect").build(realm.getId());
+ URI accountUri = Urls.accountPageBuilder(uriInfo.getBaseUri()).path(AccountService.class, "loginRedirect").build(realm.getName());
String referrer = getReferrer();
if (referrer != null) {
diff --git a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
index b69cea8..8771313 100755
--- a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
@@ -126,7 +126,7 @@ public class OAuthFlows {
request.setAttribute("realmRolesRequested", accessCode.getRealmRolesRequested());
request.setAttribute("resourceRolesRequested", accessCode.getResourceRolesRequested());
request.setAttribute("client", client);
- request.setAttribute("action", TokenService.processOAuthUrl(uriInfo).build(realm.getId()).toString());
+ request.setAttribute("action", TokenService.processOAuthUrl(uriInfo).build(realm.getName()).toString());
request.setAttribute("code", accessCode.getCode());
return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode).forwardToOAuthGrant();
diff --git a/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java b/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
index 01094b4..1b699aa 100755
--- a/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
@@ -50,10 +50,10 @@ public class PublicRealmResource {
public String getRealmHtml(@PathParam("realm") String id) {
StringBuffer html = new StringBuffer();
- String authUri = TokenService.loginPageUrl(uriInfo).build(realm.getId()).toString();
- String codeUri = TokenService.accessCodeToTokenUrl(uriInfo).build(realm.getId()).toString();
- String grantUrl = TokenService.grantAccessTokenUrl(uriInfo).build(realm.getId()).toString();
- String idGrantUrl = TokenService.grantIdentityTokenUrl(uriInfo).build(realm.getId()).toString();
+ String authUri = TokenService.loginPageUrl(uriInfo).build(realm.getName()).toString();
+ String codeUri = TokenService.accessCodeToTokenUrl(uriInfo).build(realm.getName()).toString();
+ String grantUrl = TokenService.grantAccessTokenUrl(uriInfo).build(realm.getName()).toString();
+ String idGrantUrl = TokenService.grantIdentityTokenUrl(uriInfo).build(realm.getName()).toString();
html.append("<html><body><h1>Realm: ").append(realm.getName()).append("</h1>");
html.append("<p>auth: ").append(authUri).append("</p>");
@@ -74,10 +74,10 @@ public class PublicRealmResource {
rep.setPublicKeyPem(realm.getPublicKeyPem());
rep.setAdminRole(ADMIN_ROLE);
- rep.setAuthorizationUrl(TokenService.loginPageUrl(uriInfo).build(realm.getId()).toString());
- rep.setCodeUrl(TokenService.accessCodeToTokenUrl(uriInfo).build(realm.getId()).toString());
- rep.setGrantUrl(TokenService.grantAccessTokenUrl(uriInfo).build(realm.getId()).toString());
- String idGrantUrl = TokenService.grantIdentityTokenUrl(uriInfo).build(realm.getId()).toString();
+ rep.setAuthorizationUrl(TokenService.loginPageUrl(uriInfo).build(realm.getName()).toString());
+ rep.setCodeUrl(TokenService.accessCodeToTokenUrl(uriInfo).build(realm.getName()).toString());
+ rep.setGrantUrl(TokenService.grantAccessTokenUrl(uriInfo).build(realm.getName()).toString());
+ String idGrantUrl = TokenService.grantIdentityTokenUrl(uriInfo).build(realm.getName()).toString();
rep.setIdentityGrantUrl(idGrantUrl);
return rep;
}
diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
index 9b74063..2338387 100755
--- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
@@ -59,8 +59,7 @@ public class RealmsResource {
protected RealmModel locateRealm(String name, RealmManager realmManager) {
RealmModel realm = realmManager.getRealmByName(name);
if (realm == null) {
- logger.debug("realm not found");
- throw new NotFoundException();
+ throw new NotFoundException("Realm " + name + " not found");
}
return realm;
}
