keycloak-developers
Changes
integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequest.java 6(+6 -0)
Details
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/otp-policy.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/otp-policy.html
index 6f08e96..85ad20b 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/otp-policy.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/otp-policy.html
@@ -59,6 +59,15 @@
<kc-tooltip>What should the initial counter value be?</kc-tooltip>
</div>
+ <div class="form-group" data-ng-show="realm.otpPolicyType == 'totp'">
+ <label class="col-md-2 control-label" for="counter">OTP Token Period</label>
+ <div class="col-md-6">
+ <input class="form-control" type="text" id="period" name="period" data-ng-model="realm.otpPolicyPeriod">
+ </div>
+ <kc-tooltip>How many seconds should an OTP token be valid? Defaults to 30 seconds.</kc-tooltip>
+ </div>
+
+
<div class="form-group" data-ng-show="access.manageRealm">
<div class="col-md-10 col-md-offset-2">
<button kc-save data-ng-disabled="!changed">Save</button>
diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/Keycloak.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/Keycloak.java
index 6d6c7be..431a646 100755
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/Keycloak.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/Keycloak.java
@@ -9,6 +9,12 @@ import org.keycloak.admin.client.resource.RealmsResource;
import org.keycloak.admin.client.token.TokenManager;
/**
+ * Provides a Keycloak client. By default, this implementation uses a {@link ResteasyClient RESTEasy client} with the
+ * default {@link ResteasyClientBuilder} settings. To customize the underling client, use a {@link KeycloakBuilder} to
+ * create a Keycloak client.
+ *
+ * @see KeycloakBuilder
+ *
* @author rodrigo.sasaki@icarros.com.br
*/
public class Keycloak {
@@ -18,9 +24,9 @@ public class Keycloak {
private final ResteasyWebTarget target;
private final ResteasyClient client;
- private Keycloak(String serverUrl, String realm, String username, String password, String clientId, String clientSecret){
+ Keycloak(String serverUrl, String realm, String username, String password, String clientId, String clientSecret, ResteasyClient resteasyClient){
config = new Config(serverUrl, realm, username, password, clientId, clientSecret);
- client = new ResteasyClientBuilder().build();
+ client = resteasyClient != null ? resteasyClient : new ResteasyClientBuilder().build();
tokenManager = new TokenManager(config, client);
@@ -30,11 +36,11 @@ public class Keycloak {
}
public static Keycloak getInstance(String serverUrl, String realm, String username, String password, String clientId, String clientSecret){
- return new Keycloak(serverUrl, realm, username, password, clientId, clientSecret);
+ return new Keycloak(serverUrl, realm, username, password, clientId, clientSecret, null);
}
public static Keycloak getInstance(String serverUrl, String realm, String username, String password, String clientId){
- return new Keycloak(serverUrl, realm, username, password, clientId, null);
+ return new Keycloak(serverUrl, realm, username, password, clientId, null, null);
}
public RealmsResource realms(){
@@ -49,6 +55,9 @@ public class Keycloak {
return tokenManager;
}
+ /**
+ * Closes the underlying client. After calling this method, this <code>Keycloak</code> instance cannot be reused.
+ */
public void close() {
client.close();
}
diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/KeycloakBuilder.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/KeycloakBuilder.java
new file mode 100644
index 0000000..c4a1c33
--- /dev/null
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/KeycloakBuilder.java
@@ -0,0 +1,107 @@
+package org.keycloak.admin.client;
+
+import org.jboss.resteasy.client.jaxrs.ResteasyClient;
+import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
+
+/**
+ * Provides a {@link Keycloak} client builder with the ability to customize the underlying
+ * {@link ResteasyClient RESTEasy client} used to communicate with the Keycloak server.
+ *
+ * <p>Example usage with a connection pool size of 20:</p>
+ *
+ * <pre>
+ * Keycloak keycloak = KeycloakBuilder.builder()
+ * .serverUrl("https:/sso.example.com/auth")
+ * .realm("realm")
+ * .username("user")
+ * .password("pass")
+ * .clientId("client")
+ * .clientSecret("secret")
+ * .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(20).build())
+ * .build();
+ * </pre>
+ *
+ * @author Scott Rossillo
+ * @see ResteasyClientBuilder
+ */
+public class KeycloakBuilder {
+ private String serverUrl;
+ private String realm;
+ private String username;
+ private String password;
+ private String clientId;
+ private String clientSecret;
+ private ResteasyClient resteasyClient;
+
+ public KeycloakBuilder serverUrl(String serverUrl) {
+ this.serverUrl = serverUrl;
+ return this;
+ }
+
+ public KeycloakBuilder realm(String realm) {
+ this.realm = realm;
+ return this;
+ }
+
+ public KeycloakBuilder username(String username) {
+ this.username = username;
+ return this;
+ }
+
+ public KeycloakBuilder password(String password) {
+ this.password = password;
+ return this;
+ }
+
+ public KeycloakBuilder clientId(String clientId) {
+ this.clientId = clientId;
+ return this;
+ }
+
+ public KeycloakBuilder clientSecret(String clientSecret) {
+ this.clientSecret = clientSecret;
+ return this;
+ }
+
+ public KeycloakBuilder resteasyClient(ResteasyClient resteasyClient) {
+ this.resteasyClient = resteasyClient;
+ return this;
+ }
+
+ /**
+ * Builds a new Keycloak client from this builder.
+ */
+ public Keycloak build() {
+ if (serverUrl == null) {
+ throw new IllegalStateException("serverUrl required");
+ }
+
+ if (realm == null) {
+ throw new IllegalStateException("realm required");
+ }
+
+ if (username == null) {
+ throw new IllegalStateException("username required");
+ }
+
+ if (password == null) {
+ throw new IllegalStateException("password required");
+ }
+
+ if (clientId == null) {
+ throw new IllegalStateException("clientId required");
+ }
+
+ return new Keycloak(serverUrl, realm, username, password, clientId, clientSecret, resteasyClient);
+ }
+
+ private KeycloakBuilder() {
+ }
+
+ /**
+ * Returns a new Keycloak builder.
+ */
+ public static KeycloakBuilder builder() {
+ return new KeycloakBuilder();
+ }
+}
diff --git a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequest.java b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequest.java
index e2e5ba4..c72888f 100755
--- a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequest.java
+++ b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequest.java
@@ -64,6 +64,12 @@ class WrappedHttpServletRequest implements Request {
@Override
public Cookie getCookie(String cookieName) {
+ javax.servlet.http.Cookie[] cookies = request.getCookies();
+
+ if (cookies == null) {
+ return null;
+ }
+
for (javax.servlet.http.Cookie cookie : request.getCookies()) {
if (cookie.getName().equals(cookieName)) {
return new Cookie(cookie.getName(), cookie.getValue(), cookie.getVersion(), cookie.getDomain(), cookie.getPath());
diff --git a/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequestTest.java b/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequestTest.java
index 91ec35b..80d682e 100644
--- a/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequestTest.java
+++ b/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletRequestTest.java
@@ -24,10 +24,11 @@ public class WrappedHttpServletRequestTest {
private static final String QUERY_PARM_2 = "code2";
private WrappedHttpServletRequest request;
+ private MockHttpServletRequest mockHttpServletRequest;
@Before
public void setUp() throws Exception {
- MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+ mockHttpServletRequest = new MockHttpServletRequest();
request = new WrappedHttpServletRequest(mockHttpServletRequest);
mockHttpServletRequest.setMethod(REQUEST_METHOD);
@@ -76,6 +77,13 @@ public class WrappedHttpServletRequestTest {
}
@Test
+ public void testGetCookieCookiesNull() throws Exception
+ {
+ mockHttpServletRequest.setCookies(null);
+ request.getCookie(COOKIE_NAME);
+ }
+
+ @Test
public void testGetHeader() throws Exception {
String header = request.getHeader(HEADER_SINGLE_VALUE);
assertNotNull(header);
diff --git a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java
index 6712c08..d668ae0 100644
--- a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java
+++ b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java
@@ -1,8 +1,23 @@
+/*
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.keycloak.migration.migrators;
import java.util.List;
-import org.keycloak.Config;
import org.keycloak.migration.MigrationProvider;
import org.keycloak.migration.ModelVersion;
import org.keycloak.models.*;
@@ -52,10 +67,14 @@ public class MigrateTo1_6_0 {
}
ClientModel adminConsoleClient = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
- if (adminConsoleClient != null) {
+ if ((adminConsoleClient != null) && !localeMapperAdded(adminConsoleClient)) {
adminConsoleClient.addProtocolMapper(localeMapper);
}
}
}
+ private boolean localeMapperAdded(ClientModel adminConsoleClient) {
+ return adminConsoleClient.getProtocolMapperByName("openid-connect", "locale") != null;
+ }
+
}
diff --git a/services/src/main/java/org/keycloak/protocol/ProtocolMapperUtils.java b/services/src/main/java/org/keycloak/protocol/ProtocolMapperUtils.java
index 829e863..c1a9938 100755
--- a/services/src/main/java/org/keycloak/protocol/ProtocolMapperUtils.java
+++ b/services/src/main/java/org/keycloak/protocol/ProtocolMapperUtils.java
@@ -1,12 +1,13 @@
package org.keycloak.protocol;
-import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserModel;
-import org.keycloak.representations.AccessToken;
+import org.keycloak.protocol.oidc.OIDCLoginProtocol;
+import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
+import org.keycloak.provider.ProviderFactory;
import java.lang.reflect.Method;
-import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -59,4 +60,25 @@ public class ProtocolMapperUtils {
}
}
+
+ /**
+ * Find the builtin locale mapper.
+ *
+ * @param session A KeycloakSession
+ * @return The builtin locale mapper.
+ */
+ public static ProtocolMapperModel findLocaleMapper(KeycloakSession session) {
+ ProtocolMapperModel found = null;
+ for (ProviderFactory p : session.getKeycloakSessionFactory().getProviderFactories(LoginProtocol.class)) {
+ LoginProtocolFactory factory = (LoginProtocolFactory) p;
+ for (ProtocolMapperModel mapper : factory.getBuiltinMappers()) {
+ if (mapper.getName().equals(OIDCLoginProtocolFactory.LOCALE) && mapper.getProtocol().equals(OIDCLoginProtocol.LOGIN_PROTOCOL)) {
+ found = mapper;
+ break;
+ }
+ }
+ if (found != null) break;
+ }
+ return found;
+ }
}
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index 958cd3e..06c19ac 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.keycloak.services.managers;
import org.jboss.logging.Logger;
@@ -33,6 +49,8 @@ import org.keycloak.timer.TimerProvider;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
+import org.keycloak.models.ProtocolMapperModel;
+import org.keycloak.protocol.ProtocolMapperUtils;
/**
* Per request object
@@ -124,6 +142,9 @@ public class RealmManager implements RealmImporter {
adminConsole.addRedirectUri(baseUrl + "/*");
adminConsole.setFullScopeAllowed(false);
+ ProtocolMapperModel localeMapper = ProtocolMapperUtils.findLocaleMapper(session);
+ if (localeMapper != null) adminConsole.addProtocolMapper(localeMapper);
+
RoleModel adminRole;
if (realm.getName().equals(Config.getAdminRealm())) {
adminRole = realm.getRole(AdminRoles.ADMIN);
@@ -194,7 +215,7 @@ public class RealmManager implements RealmImporter {
if(rep.getEnabledEventTypes() != null) {
realm.setEnabledEventTypes(new HashSet<String>(rep.getEnabledEventTypes()));
}
-
+
realm.setAdminEventsEnabled(rep.isAdminEventsEnabled());
realm.setAdminEventsDetailsEnabled(rep.isAdminEventsDetailsEnabled());
}
diff --git a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
index ab55ef3..28818d8 100755
--- a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
+++ b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
@@ -83,12 +83,12 @@ public class KeycloakApplication extends Application {
classes.add(JsResource.class);
classes.add(WelcomeResource.class);
- new ExportImportManager().checkExportImport(this.sessionFactory, context.getContextPath());
setupDefaultRealm(context.getContextPath());
- importRealms(context);
migrateModel();
+ new ExportImportManager().checkExportImport(this.sessionFactory, context.getContextPath());
+ importRealms(context);
AdminRecovery.recover(sessionFactory);