keycloak-uncached
Changes
integration/adapter-core/src/main/java/org/keycloak/adapters/config/AdapterConfigLoader.java 17(+17 -0)
integration/adapter-core/src/main/java/org/keycloak/adapters/config/OAuthClientConfigLoader.java 4(+4 -0)
Details
diff --git a/core/src/main/java/org/keycloak/AbstractOAuthClient.java b/core/src/main/java/org/keycloak/AbstractOAuthClient.java
index 9b15f77..aa65ad9 100755
--- a/core/src/main/java/org/keycloak/AbstractOAuthClient.java
+++ b/core/src/main/java/org/keycloak/AbstractOAuthClient.java
@@ -17,6 +17,7 @@ public class AbstractOAuthClient {
protected KeyStore truststore;
protected String authUrl;
protected String codeUrl;
+ protected String scope;
protected String stateCookieName = OAUTH_TOKEN_REQUEST_STATE;
protected String stateCookiePath;
protected boolean isSecure;
@@ -68,6 +69,14 @@ public class AbstractOAuthClient {
this.codeUrl = codeUrl;
}
+ public String getScope() {
+ return scope;
+ }
+
+ public void setScope(String scope) {
+ this.scope = scope;
+ }
+
public String getStateCookieName() {
return stateCookieName;
}
diff --git a/core/src/main/java/org/keycloak/adapters/ResourceMetadata.java b/core/src/main/java/org/keycloak/adapters/ResourceMetadata.java
index dc79ff1..dd340b4 100755
--- a/core/src/main/java/org/keycloak/adapters/ResourceMetadata.java
+++ b/core/src/main/java/org/keycloak/adapters/ResourceMetadata.java
@@ -14,6 +14,7 @@ public class ResourceMetadata {
protected String clientKeyPassword;
protected KeyStore truststore;
protected PublicKey realmKey;
+ protected String scope;
public String getResourceName() {
return resourceName;
@@ -78,4 +79,12 @@ public class ResourceMetadata {
public void setRealmKey(PublicKey realmKey) {
this.realmKey = realmKey;
}
+
+ public String getScope() {
+ return scope;
+ }
+
+ public void setScope(String scope) {
+ this.scope = scope;
+ }
}
diff --git a/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java b/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java
index fb3a319..46117de 100755
--- a/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java
+++ b/core/src/main/java/org/keycloak/representations/adapters/config/AdapterConfig.java
@@ -13,7 +13,7 @@ import org.codehaus.jackson.annotate.JsonPropertyOrder;
"resource", "credentials",
"use-resource-role-mappings",
"enable-cors", "cors-max-age", "cors-allowed-methods",
- "expose-token", "bearer-only",
+ "expose-token", "bearer-only", "scope",
"connection-pool-size",
"allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password",
"client-keystore", "client-keystore-password", "client-key-password"
diff --git a/core/src/main/java/org/keycloak/representations/adapters/config/BaseAdapterConfig.java b/core/src/main/java/org/keycloak/representations/adapters/config/BaseAdapterConfig.java
index 498ec38..5ab9a72 100755
--- a/core/src/main/java/org/keycloak/representations/adapters/config/BaseAdapterConfig.java
+++ b/core/src/main/java/org/keycloak/representations/adapters/config/BaseAdapterConfig.java
@@ -2,6 +2,7 @@ package org.keycloak.representations.adapters.config;
import org.codehaus.jackson.annotate.JsonProperty;
import org.codehaus.jackson.annotate.JsonPropertyOrder;
+import org.keycloak.representations.SkeletonKeyScope;
import java.util.HashMap;
import java.util.Map;
@@ -16,7 +17,7 @@ import java.util.Map;
"resource", "credentials",
"use-resource-role-mappings",
"enable-cors", "cors-max-age", "cors-allowed-methods",
- "expose-token", "bearer-only"})
+ "expose-token", "bearer-only", "scope"})
public class BaseAdapterConfig extends BaseRealmConfig {
@JsonProperty("resource")
protected String resource;
@@ -36,6 +37,9 @@ public class BaseAdapterConfig extends BaseRealmConfig {
protected boolean bearerOnly;
@JsonProperty("credentials")
protected Map<String, String> credentials = new HashMap<String, String>();
+ @JsonProperty("scope")
+ protected SkeletonKeyScope scope;
+
public boolean isUseResourceRoleMappings() {
return useResourceRoleMappings;
@@ -108,4 +112,12 @@ public class BaseAdapterConfig extends BaseRealmConfig {
public void setCredentials(Map<String, String> credentials) {
this.credentials = credentials;
}
+
+ public SkeletonKeyScope getScope() {
+ return scope;
+ }
+
+ public void setScope(SkeletonKeyScope scope) {
+ this.scope = scope;
+ }
}
diff --git a/examples/as7-eap-demo/third-party/src/main/webapp/WEB-INF/keycloak.json b/examples/as7-eap-demo/third-party/src/main/webapp/WEB-INF/keycloak.json
index 72f466d..7241bce 100644
--- a/examples/as7-eap-demo/third-party/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/as7-eap-demo/third-party/src/main/webapp/WEB-INF/keycloak.json
@@ -5,5 +5,8 @@
"ssl-not-required" : true,
"credentials" : {
"password" : "password"
+ },
+ "scope": {
+ "realm": [ "user" ]
}
}
\ No newline at end of file
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/config/AdapterConfigLoader.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/config/AdapterConfigLoader.java
index d93f430..8733ff9 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/config/AdapterConfigLoader.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/config/AdapterConfigLoader.java
@@ -2,7 +2,10 @@ package org.keycloak.adapters.config;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.map.annotate.JsonSerialize;
+import org.keycloak.representations.SkeletonKeyScope;
+import org.keycloak.util.Base64Url;
import org.keycloak.util.EnvUtil;
+import org.keycloak.util.JsonSerialization;
import org.keycloak.util.PemUtils;
import org.keycloak.adapters.ResourceMetadata;
import org.keycloak.representations.adapters.config.AdapterConfig;
@@ -64,6 +67,11 @@ public class AdapterConfigLoader {
resourceMetadata.setClientKeyPassword(clientKeyPassword);
resourceMetadata.setTruststore(this.truststore);
+ if (adapterConfig.getScope() != null) {
+ String scope = encodeScope(adapterConfig.getScope());
+ resourceMetadata.setScope(scope);
+ }
+
}
public AdapterConfig getAdapterConfig() {
@@ -119,4 +127,13 @@ public class AdapterConfigLoader {
}
}
}
+
+ protected String encodeScope(SkeletonKeyScope scope) {
+ try {
+ byte[] scopeBytes = JsonSerialization.writeValueAsBytes(scope);
+ return Base64Url.encode(scopeBytes);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
}
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/config/OAuthClientConfigLoader.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/config/OAuthClientConfigLoader.java
index 32f824e..98101b2 100644
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/config/OAuthClientConfigLoader.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/config/OAuthClientConfigLoader.java
@@ -30,5 +30,9 @@ public abstract class OAuthClientConfigLoader extends RealmConfigurationLoader {
oauthClient.setAuthUrl(adapterConfig.getAuthUrl());
oauthClient.setCodeUrl(adapterConfig.getCodeUrl());
oauthClient.setTruststore(truststore);
+ if (adapterConfig.getScope() != null) {
+ String scope = encodeScope(adapterConfig.getScope());
+ oauthClient.setScope(scope);
+ }
}
}
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java
index 8d21b67..4394472 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java
@@ -138,12 +138,15 @@ public class ServletOAuthLogin {
if (port != 443) secureUrl.port(port);
url = secureUrl.build().toString();
}
- return realmInfo.getAuthUrl().clone()
+ KeycloakUriBuilder uriBuilder = realmInfo.getAuthUrl().clone()
.queryParam("client_id", realmInfo.getMetadata().getResourceName())
.queryParam("redirect_uri", url)
.queryParam("state", state)
- .queryParam("login", "true")
- .build().toString();
+ .queryParam("login", "true");
+ if (realmInfo.getMetadata().getScope() != null) {
+ uriBuilder.queryParam("scope", realmInfo.getMetadata().getScope());
+ }
+ return uriBuilder.build().toString();
}
protected static final AtomicLong counter = new AtomicLong();
diff --git a/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java b/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java
index 8e0f640..1858caa 100755
--- a/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java
+++ b/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java
@@ -18,6 +18,7 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import java.net.URI;
+import java.net.URL;
/**
* Helper code to obtain oauth access tokens via browser redirects
@@ -87,11 +88,15 @@ public class JaxrsOAuthClient extends AbstractOAuthClient {
state += "#" + path;
}
- URI url = UriBuilder.fromUri(authUrl)
+ UriBuilder uriBuilder = UriBuilder.fromUri(authUrl)
.queryParam("client_id", clientId)
.queryParam("redirect_uri", redirectUri)
- .queryParam("state", state)
- .build();
+ .queryParam("state", state);
+ if (scope != null) {
+ uriBuilder.queryParam("scope", scope);
+ }
+ URI url = uriBuilder.build();
+
NewCookie cookie = new NewCookie(getStateCookieName(), state, getStateCookiePath(uriInfo), null, null, -1, isSecure, true);
logger.debug("NewCookie: " + cookie.toString());
logger.debug("Oauth Redirect to: " + url);
diff --git a/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java b/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java
index 8799bab..c8259c4 100755
--- a/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java
+++ b/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java
@@ -84,11 +84,15 @@ public class ServletOAuthClient extends AbstractOAuthClient {
public void redirect(String redirectUri, HttpServletRequest request, HttpServletResponse response) throws IOException {
String state = getStateCode();
- URI url = KeycloakUriBuilder.fromUri(authUrl)
+ KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(authUrl)
.queryParam("client_id", clientId)
.queryParam("redirect_uri", redirectUri)
- .queryParam("state", state)
- .build();
+ .queryParam("state", state);
+ if (scope != null) {
+ uriBuilder.queryParam("scope", scope);
+ }
+ URI url = uriBuilder.build();
+
String stateCookiePath = this.stateCookiePath;
if (stateCookiePath == null) stateCookiePath = request.getContextPath();
if (stateCookiePath.equals("")) stateCookiePath = "/";