keycloak-aplcache
Changes
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html 14(+2 -12)
forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-authentication.html 1(+1 -0)
forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-realm.html 1(+0 -1)
model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/ClientSessionAdapter.java 454(+227 -227)
model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/ClientSessionEntity.java 280(+140 -140)
model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java 602(+301 -301)
model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/ClientSessionAdapter.java 378(+189 -189)
model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/entities/ClientSessionEntity.java 304(+152 -152)
model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/ClientSessionAdapter.java 446(+223 -223)
model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/entities/MongoClientSessionEntity.java 304(+152 -152)
services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordForm.java 9(+5 -4)
Details
diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml
index fa92731..8c00cb6 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml
@@ -9,7 +9,7 @@
<delete tableName="USER_SESSION"/>
<addColumn tableName="CLIENT_SESSION">
<column name="CURRENT_ACTION" type="VARCHAR(36)">
- <constraints nullable="false"/>
+ <constraints nullable="true"/>
</column>
</addColumn>
<!-- OAUTH_GRANT,
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
index f31a009..7bf810c 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
@@ -273,15 +273,6 @@ module.config([ '$routeProvider', function($routeProvider) {
},
controller : 'RealmDefaultRolesCtrl'
})
- .when('/realms/:realm/required-credentials', {
- templateUrl : resourceUrl + '/partials/realm-credentials.html',
- resolve : {
- realm : function(RealmLoader) {
- return RealmLoader();
- }
- },
- controller : 'RealmRequiredCredentialsCtrl'
- })
.when('/realms/:realm/smtp-settings', {
templateUrl : resourceUrl + '/partials/realm-smtp.html',
resolve : {
@@ -1063,6 +1054,15 @@ module.config([ '$routeProvider', function($routeProvider) {
},
controller : 'RequiredActionsCtrl'
})
+ .when('/realms/:realm/authentication/password-policy', {
+ templateUrl : resourceUrl + '/partials/password-policy.html',
+ resolve : {
+ realm : function(RealmLoader) {
+ return RealmLoader();
+ }
+ },
+ controller : 'RealmPasswordPolicyCtrl'
+ })
.when('/server-info', {
templateUrl : resourceUrl + '/partials/server-info.html'
})
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
index a9c7580..8d4fbc7 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
@@ -371,8 +371,8 @@ module.controller('RealmCacheCtrl', function($scope, Current, Realm, realm, serv
genericRealmUpdate($scope, Current, Realm, realm, serverInfo, $http, $location, Dialog, Notifications, "/realms/" + realm.realm + "/cache-settings");
});
-module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm, $http, $location, Dialog, Notifications, PasswordPolicy) {
- console.log('RealmRequiredCredentialsCtrl');
+module.controller('RealmPasswordPolicyCtrl', function($scope, Realm, realm, $http, $location, Dialog, Notifications, PasswordPolicy) {
+ console.log('RealmPasswordPolicyCtrl');
$scope.realm = realm;
@@ -395,12 +395,6 @@ module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm,
$scope.policy.splice(index, 1);
}
- $scope.userCredentialOptions = {
- 'multiple' : true,
- 'simple_tags' : true,
- 'tags' : ['password', 'totp', 'cert', 'kerberos']
- };
-
$scope.changed = false;
$scope.$watch('realm', function() {
@@ -420,7 +414,7 @@ module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm,
$scope.changed = false;
Realm.update($scope.realm, function () {
- $location.url("/realms/" + realm.realm + "/required-credentials");
+ $location.url("/realms/" + realm.realm + "/authentication/password-policy");
Notifications.success("Your changes have been saved to the realm.");
oldCopy = angular.copy($scope.realm);
oldPolicy = angular.copy($scope.policy);
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-authentication.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-authentication.html
index 6fba9f1..d5c54bd 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-authentication.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-authentication.html
@@ -1,4 +1,5 @@
<ul class="nav nav-tabs">
<li ng-class="{active: path[3] == 'flows'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/authentication/flows">Authenticators</a></li>
<li ng-class="{active: path[3] == 'required-actions'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/authentication/required-actions">Required Actions</a></li>
+ <li ng-class="{active: path[3] == 'password-policy'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/authentication/password-policy">Password Policy</a></li>
</ul>
\ No newline at end of file
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-realm.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-realm.html
old mode 100644
new mode 100755
index 78be9a3..6cd2f2b
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-realm.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-realm.html
@@ -1,7 +1,6 @@
<ul class="nav nav-tabs">
<li ng-class="{active: !path[2]}"><a href="#/realms/{{realm.realm}}">General</a></li>
<li ng-class="{active: path[2] == 'login-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/login-settings">Login</a></li>
- <li ng-class="{active: path[2] == 'required-credentials'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
<li ng-class="{active: path[2] == 'keys-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>
<li ng-class="{active: path[2] == 'smtp-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/smtp-settings">Email</a></li>
<li ng-class="{active: path[2] == 'theme-settings'}" data-ng-show="access.viewRealm"><a href="#/realms/{{realm.realm}}/theme-settings">Themes</a></li>
diff --git a/model/api/src/main/java/org/keycloak/models/ClientSessionModel.java b/model/api/src/main/java/org/keycloak/models/ClientSessionModel.java
index cd724ef..0a9744c 100755
--- a/model/api/src/main/java/org/keycloak/models/ClientSessionModel.java
+++ b/model/api/src/main/java/org/keycloak/models/ClientSessionModel.java
@@ -1,93 +1,93 @@
-package org.keycloak.models;
-
-import java.util.Map;
-import java.util.Set;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public interface ClientSessionModel {
-
- public String getId();
- public RealmModel getRealm();
- public ClientModel getClient();
-
- public UserSessionModel getUserSession();
- public void setUserSession(UserSessionModel userSession);
-
- public String getRedirectUri();
- public void setRedirectUri(String uri);
-
- public int getTimestamp();
-
- public void setTimestamp(int timestamp);
-
- public String getAction();
-
- public void setAction(String action);
-
- public Set<String> getRoles();
- public void setRoles(Set<String> roles);
-
- public Set<String> getProtocolMappers();
- public void setProtocolMappers(Set<String> protocolMappers);
-
- public Map<String, ExecutionStatus> getExecutionStatus();
- public void setExecutionStatus(String authenticator, ExecutionStatus status);
- public void clearExecutionStatus();
- public UserModel getAuthenticatedUser();
- public void setAuthenticatedUser(UserModel user);
-
-
-
- /**
- * Authentication request type, i.e. OAUTH, SAML 2.0, SAML 1.1, etc.
- *
- * @return
- */
- public String getAuthMethod();
- public void setAuthMethod(String method);
-
- public String getNote(String name);
- public void setNote(String name, String value);
- public void removeNote(String name);
-
- /**
- * These are notes you want applied to the UserSessionModel when the client session is attached to it.
- *
- * @param name
- * @param value
- */
- public void setUserSessionNote(String name, String value);
-
- /**
- * These are notes you want applied to the UserSessionModel when the client session is attached to it.
- *
- * @return
- */
- public Map<String, String> getUserSessionNotes();
-
- public void clearUserSessionNotes();
-
- public static enum Action {
- OAUTH_GRANT,
- CODE_TO_TOKEN,
- VERIFY_EMAIL,
- UPDATE_PROFILE,
- CONFIGURE_TOTP,
- UPDATE_PASSWORD,
- RECOVER_PASSWORD,
- AUTHENTICATE,
- SOCIAL_CALLBACK,
- LOGGED_OUT
- }
-
- public enum ExecutionStatus {
- FAILED,
- SUCCESS,
- SETUP_REQUIRED,
- ATTEMPTED,
- SKIPPED,
- CHALLENGED
- }
-}
+package org.keycloak.models;
+
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public interface ClientSessionModel {
+
+ public String getId();
+ public RealmModel getRealm();
+ public ClientModel getClient();
+
+ public UserSessionModel getUserSession();
+ public void setUserSession(UserSessionModel userSession);
+
+ public String getRedirectUri();
+ public void setRedirectUri(String uri);
+
+ public int getTimestamp();
+
+ public void setTimestamp(int timestamp);
+
+ public String getAction();
+
+ public void setAction(String action);
+
+ public Set<String> getRoles();
+ public void setRoles(Set<String> roles);
+
+ public Set<String> getProtocolMappers();
+ public void setProtocolMappers(Set<String> protocolMappers);
+
+ public Map<String, ExecutionStatus> getExecutionStatus();
+ public void setExecutionStatus(String authenticator, ExecutionStatus status);
+ public void clearExecutionStatus();
+ public UserModel getAuthenticatedUser();
+ public void setAuthenticatedUser(UserModel user);
+
+
+
+ /**
+ * Authentication request type, i.e. OAUTH, SAML 2.0, SAML 1.1, etc.
+ *
+ * @return
+ */
+ public String getAuthMethod();
+ public void setAuthMethod(String method);
+
+ public String getNote(String name);
+ public void setNote(String name, String value);
+ public void removeNote(String name);
+
+ /**
+ * These are notes you want applied to the UserSessionModel when the client session is attached to it.
+ *
+ * @param name
+ * @param value
+ */
+ public void setUserSessionNote(String name, String value);
+
+ /**
+ * These are notes you want applied to the UserSessionModel when the client session is attached to it.
+ *
+ * @return
+ */
+ public Map<String, String> getUserSessionNotes();
+
+ public void clearUserSessionNotes();
+
+ public static enum Action {
+ OAUTH_GRANT,
+ CODE_TO_TOKEN,
+ VERIFY_EMAIL,
+ UPDATE_PROFILE,
+ CONFIGURE_TOTP,
+ UPDATE_PASSWORD,
+ RECOVER_PASSWORD,
+ AUTHENTICATE,
+ SOCIAL_CALLBACK,
+ LOGGED_OUT
+ }
+
+ public enum ExecutionStatus {
+ FAILED,
+ SUCCESS,
+ SETUP_REQUIRED,
+ ATTEMPTED,
+ SKIPPED,
+ CHALLENGED
+ }
+}
diff --git a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/ClientSessionAdapter.java b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/ClientSessionAdapter.java
index a00b539..32a2df6 100755
--- a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/ClientSessionAdapter.java
+++ b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/ClientSessionAdapter.java
@@ -1,227 +1,227 @@
-package org.keycloak.models.sessions.infinispan;
-
-import org.infinispan.Cache;
-import org.keycloak.models.ClientModel;
-import org.keycloak.models.ClientSessionModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserModel;
-import org.keycloak.models.UserSessionModel;
-import org.keycloak.models.sessions.infinispan.entities.ClientSessionEntity;
-import org.keycloak.models.sessions.infinispan.entities.SessionEntity;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class ClientSessionAdapter implements ClientSessionModel {
-
- private KeycloakSession session;
- private InfinispanUserSessionProvider provider;
- private Cache<String, SessionEntity> cache;
- private RealmModel realm;
- private ClientSessionEntity entity;
-
- public ClientSessionAdapter(KeycloakSession session, InfinispanUserSessionProvider provider, Cache<String, SessionEntity> cache, RealmModel realm, ClientSessionEntity entity) {
- this.session = session;
- this.provider = provider;
- this.cache = cache;
- this.realm = realm;
- this.entity = entity;
- }
-
- @Override
- public String getId() {
- return entity.getId();
- }
-
- @Override
- public RealmModel getRealm() {
- return realm;
- }
-
- @Override
- public ClientModel getClient() {
- return realm.getClientById(entity.getClient());
- }
-
- @Override
- public UserSessionModel getUserSession() {
- return entity.getUserSession() != null ? provider.getUserSession(realm, entity.getUserSession()) : null;
- }
-
- @Override
- public void setUserSession(UserSessionModel userSession) {
- if (userSession == null) {
- if (entity.getUserSession() != null) {
- provider.dettachSession(getUserSession(), this);
- }
- entity.setUserSession(null);
- } else {
- if (entity.getUserSession() != null) {
- if (entity.getUserSession().equals(userSession.getId())) {
- return;
- } else {
- provider.dettachSession(userSession, this);
- }
- } else {
- provider.attachSession(userSession, this);
- }
-
- entity.setUserSession(userSession.getId());
- }
- update();
- }
-
- @Override
- public String getRedirectUri() {
- return entity.getRedirectUri();
- }
-
- @Override
- public void setRedirectUri(String uri) {
- entity.setRedirectUri(uri);
- update();
- }
-
- @Override
- public int getTimestamp() {
- return entity.getTimestamp();
- }
-
- @Override
- public void setTimestamp(int timestamp) {
- entity.setTimestamp(timestamp);
- update();
- }
-
- @Override
- public String getAction() {
- return entity.getAction();
- }
-
- @Override
- public void setAction(String action) {
- entity.setAction(action);
- update();
- }
-
- @Override
- public Set<String> getRoles() {
- return entity.getRoles();
- }
-
- @Override
- public void setRoles(Set<String> roles) {
- entity.setRoles(roles);
- update();
- }
-
- @Override
- public Set<String> getProtocolMappers() {
- return entity.getProtocolMappers();
- }
-
- @Override
- public void setProtocolMappers(Set<String> protocolMappers) {
- entity.setProtocolMappers(protocolMappers);
- update();
- }
-
- @Override
- public String getAuthMethod() {
- return entity.getAuthMethod();
- }
-
- @Override
- public void setAuthMethod(String authMethod) {
- entity.setAuthMethod(authMethod);
- update();
- }
-
- @Override
- public String getNote(String name) {
- return entity.getNotes() != null ? entity.getNotes().get(name) : null;
- }
-
- @Override
- public void setNote(String name, String value) {
- if (entity.getNotes() == null) {
- entity.setNotes(new HashMap<String, String>());
- }
- entity.getNotes().put(name, value);
- update();
- }
-
- @Override
- public void removeNote(String name) {
- if (entity.getNotes() != null) {
- entity.getNotes().remove(name);
- update();
- }
- }
-
- @Override
- public void setUserSessionNote(String name, String value) {
- if (entity.getUserSessionNotes() == null) {
- entity.setUserSessionNotes(new HashMap<String, String>());
- }
- entity.getNotes().put(name, value);
- update();
-
- }
-
- @Override
- public Map<String, String> getUserSessionNotes() {
- if (entity.getUserSessionNotes() == null) {
- return Collections.EMPTY_MAP;
- }
- HashMap<String, String> copy = new HashMap<>();
- copy.putAll(entity.getUserSessionNotes());
- return copy;
- }
-
- @Override
- public void clearUserSessionNotes() {
- entity.setUserSessionNotes(new HashMap<String, String>());
- update();
-
- }
-
- void update() {
- provider.getTx().replace(cache, entity.getId(), entity);
- }
- @Override
- public Map<String, ExecutionStatus> getExecutionStatus() {
- return entity.getAuthenticatorStatus();
- }
-
- @Override
- public void setExecutionStatus(String authenticator, ExecutionStatus status) {
- entity.getAuthenticatorStatus().put(authenticator, status);
- update();
-
- }
-
- @Override
- public void clearExecutionStatus() {
- entity.getAuthenticatorStatus().clear();
- update();
- }
-
- @Override
- public UserModel getAuthenticatedUser() {
- return session.users().getUserById(entity.getAuthUserId(), realm); }
-
- @Override
- public void setAuthenticatedUser(UserModel user) {
- entity.setAuthUserId(user.getId());
- update();
-
- }
-
-}
+package org.keycloak.models.sessions.infinispan;
+
+import org.infinispan.Cache;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.ClientSessionModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.UserSessionModel;
+import org.keycloak.models.sessions.infinispan.entities.ClientSessionEntity;
+import org.keycloak.models.sessions.infinispan.entities.SessionEntity;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class ClientSessionAdapter implements ClientSessionModel {
+
+ private KeycloakSession session;
+ private InfinispanUserSessionProvider provider;
+ private Cache<String, SessionEntity> cache;
+ private RealmModel realm;
+ private ClientSessionEntity entity;
+
+ public ClientSessionAdapter(KeycloakSession session, InfinispanUserSessionProvider provider, Cache<String, SessionEntity> cache, RealmModel realm, ClientSessionEntity entity) {
+ this.session = session;
+ this.provider = provider;
+ this.cache = cache;
+ this.realm = realm;
+ this.entity = entity;
+ }
+
+ @Override
+ public String getId() {
+ return entity.getId();
+ }
+
+ @Override
+ public RealmModel getRealm() {
+ return realm;
+ }
+
+ @Override
+ public ClientModel getClient() {
+ return realm.getClientById(entity.getClient());
+ }
+
+ @Override
+ public UserSessionModel getUserSession() {
+ return entity.getUserSession() != null ? provider.getUserSession(realm, entity.getUserSession()) : null;
+ }
+
+ @Override
+ public void setUserSession(UserSessionModel userSession) {
+ if (userSession == null) {
+ if (entity.getUserSession() != null) {
+ provider.dettachSession(getUserSession(), this);
+ }
+ entity.setUserSession(null);
+ } else {
+ if (entity.getUserSession() != null) {
+ if (entity.getUserSession().equals(userSession.getId())) {
+ return;
+ } else {
+ provider.dettachSession(userSession, this);
+ }
+ } else {
+ provider.attachSession(userSession, this);
+ }
+
+ entity.setUserSession(userSession.getId());
+ }
+ update();
+ }
+
+ @Override
+ public String getRedirectUri() {
+ return entity.getRedirectUri();
+ }
+
+ @Override
+ public void setRedirectUri(String uri) {
+ entity.setRedirectUri(uri);
+ update();
+ }
+
+ @Override
+ public int getTimestamp() {
+ return entity.getTimestamp();
+ }
+
+ @Override
+ public void setTimestamp(int timestamp) {
+ entity.setTimestamp(timestamp);
+ update();
+ }
+
+ @Override
+ public String getAction() {
+ return entity.getAction();
+ }
+
+ @Override
+ public void setAction(String action) {
+ entity.setAction(action);
+ update();
+ }
+
+ @Override
+ public Set<String> getRoles() {
+ return entity.getRoles();
+ }
+
+ @Override
+ public void setRoles(Set<String> roles) {
+ entity.setRoles(roles);
+ update();
+ }
+
+ @Override
+ public Set<String> getProtocolMappers() {
+ return entity.getProtocolMappers();
+ }
+
+ @Override
+ public void setProtocolMappers(Set<String> protocolMappers) {
+ entity.setProtocolMappers(protocolMappers);
+ update();
+ }
+
+ @Override
+ public String getAuthMethod() {
+ return entity.getAuthMethod();
+ }
+
+ @Override
+ public void setAuthMethod(String authMethod) {
+ entity.setAuthMethod(authMethod);
+ update();
+ }
+
+ @Override
+ public String getNote(String name) {
+ return entity.getNotes() != null ? entity.getNotes().get(name) : null;
+ }
+
+ @Override
+ public void setNote(String name, String value) {
+ if (entity.getNotes() == null) {
+ entity.setNotes(new HashMap<String, String>());
+ }
+ entity.getNotes().put(name, value);
+ update();
+ }
+
+ @Override
+ public void removeNote(String name) {
+ if (entity.getNotes() != null) {
+ entity.getNotes().remove(name);
+ update();
+ }
+ }
+
+ @Override
+ public void setUserSessionNote(String name, String value) {
+ if (entity.getUserSessionNotes() == null) {
+ entity.setUserSessionNotes(new HashMap<String, String>());
+ }
+ entity.getNotes().put(name, value);
+ update();
+
+ }
+
+ @Override
+ public Map<String, String> getUserSessionNotes() {
+ if (entity.getUserSessionNotes() == null) {
+ return Collections.EMPTY_MAP;
+ }
+ HashMap<String, String> copy = new HashMap<>();
+ copy.putAll(entity.getUserSessionNotes());
+ return copy;
+ }
+
+ @Override
+ public void clearUserSessionNotes() {
+ entity.setUserSessionNotes(new HashMap<String, String>());
+ update();
+
+ }
+
+ void update() {
+ provider.getTx().replace(cache, entity.getId(), entity);
+ }
+ @Override
+ public Map<String, ExecutionStatus> getExecutionStatus() {
+ return entity.getAuthenticatorStatus();
+ }
+
+ @Override
+ public void setExecutionStatus(String authenticator, ExecutionStatus status) {
+ entity.getAuthenticatorStatus().put(authenticator, status);
+ update();
+
+ }
+
+ @Override
+ public void clearExecutionStatus() {
+ entity.getAuthenticatorStatus().clear();
+ update();
+ }
+
+ @Override
+ public UserModel getAuthenticatedUser() {
+ return session.users().getUserById(entity.getAuthUserId(), realm); }
+
+ @Override
+ public void setAuthenticatedUser(UserModel user) {
+ entity.setAuthUserId(user.getId());
+ update();
+
+ }
+
+}
diff --git a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/ClientSessionEntity.java b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/ClientSessionEntity.java
index a00e805..f8be1e8 100755
--- a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/ClientSessionEntity.java
+++ b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/ClientSessionEntity.java
@@ -1,140 +1,140 @@
-package org.keycloak.models.sessions.infinispan.entities;
-
-import org.keycloak.models.ClientSessionModel;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class ClientSessionEntity extends SessionEntity {
-
- private String client;
-
- private String userSession;
-
- private String authMethod;
-
- private String redirectUri;
-
- private String state;
-
- private int timestamp;
-
- private String action;
-
- private Set<String> roles;
- private Set<String> protocolMappers;
- private Map<String, String> notes;
- private Map<String, String> userSessionNotes;
- private Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus = new HashMap<>();
- private String authUserId;
-
- public String getClient() {
- return client;
- }
-
- public void setClient(String client) {
- this.client = client;
- }
-
- public String getUserSession() {
- return userSession;
- }
-
- public void setUserSession(String userSession) {
- this.userSession = userSession;
- }
-
- public String getAuthMethod() {
- return authMethod;
- }
-
- public void setAuthMethod(String authMethod) {
- this.authMethod = authMethod;
- }
-
- public String getRedirectUri() {
- return redirectUri;
- }
-
- public void setRedirectUri(String redirectUri) {
- this.redirectUri = redirectUri;
- }
-
- public String getState() {
- return state;
- }
-
- public void setState(String state) {
- this.state = state;
- }
-
- public int getTimestamp() {
- return timestamp;
- }
-
- public void setTimestamp(int timestamp) {
- this.timestamp = timestamp;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public Set<String> getRoles() {
- return roles;
- }
-
- public void setRoles(Set<String> roles) {
- this.roles = roles;
- }
-
- public Set<String> getProtocolMappers() {
- return protocolMappers;
- }
-
- public void setProtocolMappers(Set<String> protocolMappers) {
- this.protocolMappers = protocolMappers;
- }
-
- public Map<String, String> getNotes() {
- return notes;
- }
-
- public void setNotes(Map<String, String> notes) {
- this.notes = notes;
- }
-
- public Map<String, ClientSessionModel.ExecutionStatus> getAuthenticatorStatus() {
- return authenticatorStatus;
- }
-
- public void setAuthenticatorStatus(Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus) {
- this.authenticatorStatus = authenticatorStatus;
- }
-
- public String getAuthUserId() {
- return authUserId;
- }
-
- public void setAuthUserId(String authUserId) {
- this.authUserId = authUserId;
- }
-
- public Map<String, String> getUserSessionNotes() {
- return userSessionNotes;
- }
-
- public void setUserSessionNotes(Map<String, String> userSessionNotes) {
- this.userSessionNotes = userSessionNotes;
- }
-
-
-}
+package org.keycloak.models.sessions.infinispan.entities;
+
+import org.keycloak.models.ClientSessionModel;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class ClientSessionEntity extends SessionEntity {
+
+ private String client;
+
+ private String userSession;
+
+ private String authMethod;
+
+ private String redirectUri;
+
+ private String state;
+
+ private int timestamp;
+
+ private String action;
+
+ private Set<String> roles;
+ private Set<String> protocolMappers;
+ private Map<String, String> notes;
+ private Map<String, String> userSessionNotes;
+ private Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus = new HashMap<>();
+ private String authUserId;
+
+ public String getClient() {
+ return client;
+ }
+
+ public void setClient(String client) {
+ this.client = client;
+ }
+
+ public String getUserSession() {
+ return userSession;
+ }
+
+ public void setUserSession(String userSession) {
+ this.userSession = userSession;
+ }
+
+ public String getAuthMethod() {
+ return authMethod;
+ }
+
+ public void setAuthMethod(String authMethod) {
+ this.authMethod = authMethod;
+ }
+
+ public String getRedirectUri() {
+ return redirectUri;
+ }
+
+ public void setRedirectUri(String redirectUri) {
+ this.redirectUri = redirectUri;
+ }
+
+ public String getState() {
+ return state;
+ }
+
+ public void setState(String state) {
+ this.state = state;
+ }
+
+ public int getTimestamp() {
+ return timestamp;
+ }
+
+ public void setTimestamp(int timestamp) {
+ this.timestamp = timestamp;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public Set<String> getRoles() {
+ return roles;
+ }
+
+ public void setRoles(Set<String> roles) {
+ this.roles = roles;
+ }
+
+ public Set<String> getProtocolMappers() {
+ return protocolMappers;
+ }
+
+ public void setProtocolMappers(Set<String> protocolMappers) {
+ this.protocolMappers = protocolMappers;
+ }
+
+ public Map<String, String> getNotes() {
+ return notes;
+ }
+
+ public void setNotes(Map<String, String> notes) {
+ this.notes = notes;
+ }
+
+ public Map<String, ClientSessionModel.ExecutionStatus> getAuthenticatorStatus() {
+ return authenticatorStatus;
+ }
+
+ public void setAuthenticatorStatus(Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus) {
+ this.authenticatorStatus = authenticatorStatus;
+ }
+
+ public String getAuthUserId() {
+ return authUserId;
+ }
+
+ public void setAuthUserId(String authUserId) {
+ this.authUserId = authUserId;
+ }
+
+ public Map<String, String> getUserSessionNotes() {
+ return userSessionNotes;
+ }
+
+ public void setUserSessionNotes(Map<String, String> userSessionNotes) {
+ this.userSessionNotes = userSessionNotes;
+ }
+
+
+}
diff --git a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java
index a6b3016..979e610 100755
--- a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java
+++ b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java
@@ -1,301 +1,301 @@
-package org.keycloak.models.sessions.jpa;
-
-import org.keycloak.models.ClientModel;
-import org.keycloak.models.ClientSessionModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserModel;
-import org.keycloak.models.UserSessionModel;
-import org.keycloak.models.sessions.jpa.entities.ClientSessionAuthStatusEntity;
-import org.keycloak.models.sessions.jpa.entities.ClientSessionEntity;
-import org.keycloak.models.sessions.jpa.entities.ClientSessionNoteEntity;
-import org.keycloak.models.sessions.jpa.entities.ClientSessionProtocolMapperEntity;
-import org.keycloak.models.sessions.jpa.entities.ClientSessionRoleEntity;
-import org.keycloak.models.sessions.jpa.entities.ClientUserSessionNoteEntity;
-import org.keycloak.models.sessions.jpa.entities.UserSessionEntity;
-
-import javax.persistence.EntityManager;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class ClientSessionAdapter implements ClientSessionModel {
-
- private KeycloakSession session;
- private ClientSessionEntity entity;
- private EntityManager em;
- private RealmModel realm;
-
- public ClientSessionAdapter(KeycloakSession session, EntityManager em, RealmModel realm, ClientSessionEntity entity) {
- this.session = session;
- this.em = em;
- this.realm = realm;
- this.entity = entity;
- }
-
- @Override
- public RealmModel getRealm() {
- return session.realms().getRealm(entity.getRealmId());
- }
-
- @Override
- public void setNote(String name, String value) {
- for (ClientSessionNoteEntity attr : entity.getNotes()) {
- if (attr.getName().equals(name)) {
- attr.setValue(value);
- return;
- }
- }
- ClientSessionNoteEntity attr = new ClientSessionNoteEntity();
- attr.setName(name);
- attr.setValue(value);
- attr.setClientSession(entity);
- em.persist(attr);
- entity.getNotes().add(attr);
- }
-
- @Override
- public void removeNote(String name) {
- Iterator<ClientSessionNoteEntity> it = entity.getNotes().iterator();
- while (it.hasNext()) {
- ClientSessionNoteEntity attr = it.next();
- if (attr.getName().equals(name)) {
- it.remove();
- em.remove(attr);
- }
- }
- }
-
- @Override
- public String getNote(String name) {
- for (ClientSessionNoteEntity attr : entity.getNotes()) {
- if (attr.getName().equals(name)) {
- return attr.getValue();
- }
- }
- return null;
- }
-
- @Override
- public void setUserSessionNote(String name, String value) {
- for (ClientUserSessionNoteEntity attr : entity.getUserSessionNotes()) {
- if (attr.getName().equals(name)) {
- attr.setValue(value);
- return;
- }
- }
- ClientUserSessionNoteEntity attr = new ClientUserSessionNoteEntity();
- attr.setName(name);
- attr.setValue(value);
- attr.setClientSession(entity);
- em.persist(attr);
- entity.getUserSessionNotes().add(attr);
-
- }
-
- @Override
- public Map<String, String> getUserSessionNotes() {
- Map<String, String> copy = new HashMap<>();
- for (ClientUserSessionNoteEntity attr : entity.getUserSessionNotes()) {
- copy.put(attr.getName(), attr.getValue());
- }
- return copy;
- }
-
- @Override
- public void clearUserSessionNotes() {
- Iterator<ClientUserSessionNoteEntity> it = entity.getUserSessionNotes().iterator();
- while (it.hasNext()) {
- ClientUserSessionNoteEntity attr = it.next();
- it.remove();
- em.remove(attr);
- }
-
- }
-
- @Override
- public String getId() {
- return entity.getId();
- }
-
- @Override
- public ClientModel getClient() {
- return realm.getClientById(entity.getClientId());
- }
-
- public ClientSessionEntity getEntity() {
- return entity;
- }
-
- @Override
- public void setUserSession(UserSessionModel userSession) {
- if (userSession == null) {
- if (entity.getSession() != null) {
- entity.getSession().getClientSessions().remove(entity);
- }
- entity.setSession(null);
- } else {
- UserSessionAdapter adapter = (UserSessionAdapter) userSession;
- UserSessionEntity userSessionEntity = adapter.getEntity();
- entity.setSession(userSessionEntity);
- userSessionEntity.getClientSessions().add(entity);
- }
- }
-
- @Override
- public void setRedirectUri(String uri) {
- entity.setRedirectUri(uri);
- }
-
- @Override
- public void setRoles(Set<String> roles) {
- if (roles != null) {
- for (String r : roles) {
- ClientSessionRoleEntity roleEntity = new ClientSessionRoleEntity();
- roleEntity.setClientSession(entity);
- roleEntity.setRoleId(r);
- em.persist(roleEntity);
-
- entity.getRoles().add(roleEntity);
- }
- } else {
- if (entity.getRoles() != null) {
- for (ClientSessionRoleEntity r : entity.getRoles()) {
- em.remove(r);
- }
- entity.getRoles().clear();
- }
- }
- }
-
- @Override
- public String getAuthMethod() {
- return entity.getAuthMethod();
- }
-
- @Override
- public void setAuthMethod(String method) {
- entity.setAuthMethod(method);
- }
-
- @Override
- public UserSessionModel getUserSession() {
- if (entity.getSession() == null) return null;
- return new UserSessionAdapter(session, em, realm, entity.getSession());
- }
-
- @Override
- public String getRedirectUri() {
- return entity.getRedirectUri();
- }
-
- @Override
- public int getTimestamp() {
- return entity.getTimestamp();
- }
-
- @Override
- public void setTimestamp(int timestamp) {
- entity.setTimestamp(timestamp);
- }
-
- @Override
- public String getAction() {
- return entity.getAction();
- }
-
- @Override
- public void setAction(String action) {
- entity.setAction(action);
- }
-
- @Override
- public Set<String> getRoles() {
- Set<String> roles = new HashSet<String>();
- if (entity.getRoles() != null) {
- for (ClientSessionRoleEntity e : entity.getRoles()) {
- roles.add(e.getRoleId());
- }
- }
- return roles;
- }
-
- @Override
- public Set<String> getProtocolMappers() {
- Set<String> protMappers = new HashSet<String>();
- if (entity.getProtocolMappers() != null) {
- for (ClientSessionProtocolMapperEntity e : entity.getProtocolMappers()) {
- protMappers.add(e.getProtocolMapperId());
- }
- }
- return protMappers;
- }
-
- @Override
- public void setProtocolMappers(Set<String> protocolMappers) {
- if (protocolMappers != null) {
- for (String pm : protocolMappers) {
- ClientSessionProtocolMapperEntity protMapperEntity = new ClientSessionProtocolMapperEntity();
- protMapperEntity.setClientSession(entity);
- protMapperEntity.setProtocolMapperId(pm);
- em.persist(protMapperEntity);
-
- entity.getProtocolMappers().add(protMapperEntity);
- }
- } else {
- if (entity.getProtocolMappers() != null) {
- for (ClientSessionProtocolMapperEntity pm : entity.getProtocolMappers()) {
- em.remove(pm);
- }
- entity.getProtocolMappers().clear();
- }
- }
- }
-
- @Override
- public Map<String, ExecutionStatus> getExecutionStatus() {
- Map<String, ExecutionStatus> result = new HashMap<>();
- for (ClientSessionAuthStatusEntity status : entity.getAuthanticatorStatus()) {
- result.put(status.getAuthenticator(), status.getStatus());
- }
- return result;
- }
-
- @Override
- public void setExecutionStatus(String authenticator, ExecutionStatus status) {
- ClientSessionAuthStatusEntity authStatus = new ClientSessionAuthStatusEntity();
- authStatus.setAuthenticator(authenticator);
- authStatus.setClientSession(entity);
- authStatus.setStatus(status);
- em.persist(authStatus);
- entity.getAuthanticatorStatus().add(authStatus);
- em.flush();
-
-
- }
-
- @Override
- public void clearExecutionStatus() {
- Iterator<ClientSessionAuthStatusEntity> iterator = entity.getAuthanticatorStatus().iterator();
- while (iterator.hasNext()) {
- ClientSessionAuthStatusEntity authStatus = iterator.next();
- iterator.remove();
- em.remove(authStatus);
- }
- }
-
- @Override
- public UserModel getAuthenticatedUser() {
- return session.users().getUserById(entity.getUserId(), realm);
- }
-
- @Override
- public void setAuthenticatedUser(UserModel user) {
- entity.setUserId(user.getId());
- }
-}
+package org.keycloak.models.sessions.jpa;
+
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.ClientSessionModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.UserSessionModel;
+import org.keycloak.models.sessions.jpa.entities.ClientSessionAuthStatusEntity;
+import org.keycloak.models.sessions.jpa.entities.ClientSessionEntity;
+import org.keycloak.models.sessions.jpa.entities.ClientSessionNoteEntity;
+import org.keycloak.models.sessions.jpa.entities.ClientSessionProtocolMapperEntity;
+import org.keycloak.models.sessions.jpa.entities.ClientSessionRoleEntity;
+import org.keycloak.models.sessions.jpa.entities.ClientUserSessionNoteEntity;
+import org.keycloak.models.sessions.jpa.entities.UserSessionEntity;
+
+import javax.persistence.EntityManager;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class ClientSessionAdapter implements ClientSessionModel {
+
+ private KeycloakSession session;
+ private ClientSessionEntity entity;
+ private EntityManager em;
+ private RealmModel realm;
+
+ public ClientSessionAdapter(KeycloakSession session, EntityManager em, RealmModel realm, ClientSessionEntity entity) {
+ this.session = session;
+ this.em = em;
+ this.realm = realm;
+ this.entity = entity;
+ }
+
+ @Override
+ public RealmModel getRealm() {
+ return session.realms().getRealm(entity.getRealmId());
+ }
+
+ @Override
+ public void setNote(String name, String value) {
+ for (ClientSessionNoteEntity attr : entity.getNotes()) {
+ if (attr.getName().equals(name)) {
+ attr.setValue(value);
+ return;
+ }
+ }
+ ClientSessionNoteEntity attr = new ClientSessionNoteEntity();
+ attr.setName(name);
+ attr.setValue(value);
+ attr.setClientSession(entity);
+ em.persist(attr);
+ entity.getNotes().add(attr);
+ }
+
+ @Override
+ public void removeNote(String name) {
+ Iterator<ClientSessionNoteEntity> it = entity.getNotes().iterator();
+ while (it.hasNext()) {
+ ClientSessionNoteEntity attr = it.next();
+ if (attr.getName().equals(name)) {
+ it.remove();
+ em.remove(attr);
+ }
+ }
+ }
+
+ @Override
+ public String getNote(String name) {
+ for (ClientSessionNoteEntity attr : entity.getNotes()) {
+ if (attr.getName().equals(name)) {
+ return attr.getValue();
+ }
+ }
+ return null;
+ }
+
+ @Override
+ public void setUserSessionNote(String name, String value) {
+ for (ClientUserSessionNoteEntity attr : entity.getUserSessionNotes()) {
+ if (attr.getName().equals(name)) {
+ attr.setValue(value);
+ return;
+ }
+ }
+ ClientUserSessionNoteEntity attr = new ClientUserSessionNoteEntity();
+ attr.setName(name);
+ attr.setValue(value);
+ attr.setClientSession(entity);
+ em.persist(attr);
+ entity.getUserSessionNotes().add(attr);
+
+ }
+
+ @Override
+ public Map<String, String> getUserSessionNotes() {
+ Map<String, String> copy = new HashMap<>();
+ for (ClientUserSessionNoteEntity attr : entity.getUserSessionNotes()) {
+ copy.put(attr.getName(), attr.getValue());
+ }
+ return copy;
+ }
+
+ @Override
+ public void clearUserSessionNotes() {
+ Iterator<ClientUserSessionNoteEntity> it = entity.getUserSessionNotes().iterator();
+ while (it.hasNext()) {
+ ClientUserSessionNoteEntity attr = it.next();
+ it.remove();
+ em.remove(attr);
+ }
+
+ }
+
+ @Override
+ public String getId() {
+ return entity.getId();
+ }
+
+ @Override
+ public ClientModel getClient() {
+ return realm.getClientById(entity.getClientId());
+ }
+
+ public ClientSessionEntity getEntity() {
+ return entity;
+ }
+
+ @Override
+ public void setUserSession(UserSessionModel userSession) {
+ if (userSession == null) {
+ if (entity.getSession() != null) {
+ entity.getSession().getClientSessions().remove(entity);
+ }
+ entity.setSession(null);
+ } else {
+ UserSessionAdapter adapter = (UserSessionAdapter) userSession;
+ UserSessionEntity userSessionEntity = adapter.getEntity();
+ entity.setSession(userSessionEntity);
+ userSessionEntity.getClientSessions().add(entity);
+ }
+ }
+
+ @Override
+ public void setRedirectUri(String uri) {
+ entity.setRedirectUri(uri);
+ }
+
+ @Override
+ public void setRoles(Set<String> roles) {
+ if (roles != null) {
+ for (String r : roles) {
+ ClientSessionRoleEntity roleEntity = new ClientSessionRoleEntity();
+ roleEntity.setClientSession(entity);
+ roleEntity.setRoleId(r);
+ em.persist(roleEntity);
+
+ entity.getRoles().add(roleEntity);
+ }
+ } else {
+ if (entity.getRoles() != null) {
+ for (ClientSessionRoleEntity r : entity.getRoles()) {
+ em.remove(r);
+ }
+ entity.getRoles().clear();
+ }
+ }
+ }
+
+ @Override
+ public String getAuthMethod() {
+ return entity.getAuthMethod();
+ }
+
+ @Override
+ public void setAuthMethod(String method) {
+ entity.setAuthMethod(method);
+ }
+
+ @Override
+ public UserSessionModel getUserSession() {
+ if (entity.getSession() == null) return null;
+ return new UserSessionAdapter(session, em, realm, entity.getSession());
+ }
+
+ @Override
+ public String getRedirectUri() {
+ return entity.getRedirectUri();
+ }
+
+ @Override
+ public int getTimestamp() {
+ return entity.getTimestamp();
+ }
+
+ @Override
+ public void setTimestamp(int timestamp) {
+ entity.setTimestamp(timestamp);
+ }
+
+ @Override
+ public String getAction() {
+ return entity.getAction();
+ }
+
+ @Override
+ public void setAction(String action) {
+ entity.setAction(action);
+ }
+
+ @Override
+ public Set<String> getRoles() {
+ Set<String> roles = new HashSet<String>();
+ if (entity.getRoles() != null) {
+ for (ClientSessionRoleEntity e : entity.getRoles()) {
+ roles.add(e.getRoleId());
+ }
+ }
+ return roles;
+ }
+
+ @Override
+ public Set<String> getProtocolMappers() {
+ Set<String> protMappers = new HashSet<String>();
+ if (entity.getProtocolMappers() != null) {
+ for (ClientSessionProtocolMapperEntity e : entity.getProtocolMappers()) {
+ protMappers.add(e.getProtocolMapperId());
+ }
+ }
+ return protMappers;
+ }
+
+ @Override
+ public void setProtocolMappers(Set<String> protocolMappers) {
+ if (protocolMappers != null) {
+ for (String pm : protocolMappers) {
+ ClientSessionProtocolMapperEntity protMapperEntity = new ClientSessionProtocolMapperEntity();
+ protMapperEntity.setClientSession(entity);
+ protMapperEntity.setProtocolMapperId(pm);
+ em.persist(protMapperEntity);
+
+ entity.getProtocolMappers().add(protMapperEntity);
+ }
+ } else {
+ if (entity.getProtocolMappers() != null) {
+ for (ClientSessionProtocolMapperEntity pm : entity.getProtocolMappers()) {
+ em.remove(pm);
+ }
+ entity.getProtocolMappers().clear();
+ }
+ }
+ }
+
+ @Override
+ public Map<String, ExecutionStatus> getExecutionStatus() {
+ Map<String, ExecutionStatus> result = new HashMap<>();
+ for (ClientSessionAuthStatusEntity status : entity.getAuthanticatorStatus()) {
+ result.put(status.getAuthenticator(), status.getStatus());
+ }
+ return result;
+ }
+
+ @Override
+ public void setExecutionStatus(String authenticator, ExecutionStatus status) {
+ ClientSessionAuthStatusEntity authStatus = new ClientSessionAuthStatusEntity();
+ authStatus.setAuthenticator(authenticator);
+ authStatus.setClientSession(entity);
+ authStatus.setStatus(status);
+ em.persist(authStatus);
+ entity.getAuthanticatorStatus().add(authStatus);
+ em.flush();
+
+
+ }
+
+ @Override
+ public void clearExecutionStatus() {
+ Iterator<ClientSessionAuthStatusEntity> iterator = entity.getAuthanticatorStatus().iterator();
+ while (iterator.hasNext()) {
+ ClientSessionAuthStatusEntity authStatus = iterator.next();
+ iterator.remove();
+ em.remove(authStatus);
+ }
+ }
+
+ @Override
+ public UserModel getAuthenticatedUser() {
+ return session.users().getUserById(entity.getUserId(), realm);
+ }
+
+ @Override
+ public void setAuthenticatedUser(UserModel user) {
+ entity.setUserId(user.getId());
+ }
+}
diff --git a/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/ClientSessionAdapter.java b/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/ClientSessionAdapter.java
index 3053a9d..2c344f6 100755
--- a/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/ClientSessionAdapter.java
+++ b/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/ClientSessionAdapter.java
@@ -1,189 +1,189 @@
-package org.keycloak.models.sessions.mem;
-
-import org.keycloak.models.ClientModel;
-import org.keycloak.models.ClientSessionModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserModel;
-import org.keycloak.models.UserSessionModel;
-import org.keycloak.models.sessions.mem.entities.ClientSessionEntity;
-import org.keycloak.models.sessions.mem.entities.UserSessionEntity;
-
-import java.util.Map;
-import java.util.Set;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class ClientSessionAdapter implements ClientSessionModel {
-
- private KeycloakSession session;
- private MemUserSessionProvider provider;
- private RealmModel realm;
- private ClientSessionEntity entity;
-
- public ClientSessionAdapter(KeycloakSession session, MemUserSessionProvider provider, RealmModel realm, ClientSessionEntity entity) {
- this.session = session;
- this.provider = provider;
- this.realm = realm;
- this.entity = entity;
- }
-
- @Override
- public String getId() {
- return entity.getId();
- }
-
- @Override
- public RealmModel getRealm() {
- return session.realms().getRealm(entity.getRealmId());
- }
-
- public ClientSessionEntity getEntity() {
- return entity;
- }
-
- @Override
- public ClientModel getClient() {
- return realm.getClientById(entity.getClientId());
- }
-
- @Override
- public UserSessionModel getUserSession() {
- if (entity.getSession() == null) return null;
- return new UserSessionAdapter(session, provider, realm, entity.getSession());
- }
-
- @Override
- public void setUserSession(UserSessionModel userSession) {
- if (userSession == null) {
- if (entity.getSession() != null) {
- entity.getSession().getClientSessions().remove(entity);
- }
- entity.setSession(null);
- } else {
- UserSessionAdapter adapter = (UserSessionAdapter) userSession;
- UserSessionEntity userSessionEntity = adapter.getEntity();
- entity.setSession(userSessionEntity);
- userSessionEntity.getClientSessions().add(entity);
- }
- }
-
- @Override
- public void setRedirectUri(String uri) {
- entity.setRedirectUri(uri);
- }
-
- @Override
- public void setRoles(Set<String> roles) {
- entity.setRoles(roles);
- }
-
- @Override
- public String getRedirectUri() {
- return entity.getRedirectUri();
- }
-
- @Override
- public int getTimestamp() {
- return entity.getTimestamp();
- }
-
- @Override
- public void setTimestamp(int timestamp) {
- entity.setTimestamp(timestamp);
- }
-
- @Override
- public String getAction() {
- return entity.getAction();
- }
-
- @Override
- public void setAction(String action) {
- entity.setAction(action);
- }
-
- @Override
- public Set<String> getRoles() {
- return entity.getRoles();
- }
-
- @Override
- public Set<String> getProtocolMappers() {
- return entity.getProtocolMappers();
- }
-
- @Override
- public void setProtocolMappers(Set<String> protocolMappers) {
- entity.setProtocolMappers(protocolMappers);
- }
-
- @Override
- public String getNote(String name) {
- return entity.getNotes().get(name);
- }
-
- @Override
- public void setNote(String name, String value) {
- entity.getNotes().put(name, value);
-
- }
-
- @Override
- public void removeNote(String name) {
- entity.getNotes().remove(name);
-
- }
-
- @Override
- public void setUserSessionNote(String name, String value) {
- entity.getUserSessionNotes().put(name, value);
- }
-
- @Override
- public Map<String, String> getUserSessionNotes() {
- return entity.getUserSessionNotes();
- }
-
- @Override
- public String getAuthMethod() {
- return entity.getAuthMethod();
- }
-
- @Override
- public void setAuthMethod(String method) {
- entity.setAuthMethod(method);
- }
-
- @Override
- public Map<String, ExecutionStatus> getExecutionStatus() {
- return entity.getAuthenticatorStatus();
- }
-
- @Override
- public void setExecutionStatus(String authenticator, ExecutionStatus status) {
- entity.getAuthenticatorStatus().put(authenticator, status);
-
- }
-
- @Override
- public void clearExecutionStatus() {
- entity.getAuthenticatorStatus().clear();
- }
-
- @Override
- public void clearUserSessionNotes() {
- entity.getUserSessionNotes().clear();
- }
-
- @Override
- public UserModel getAuthenticatedUser() {
- return session.users().getUserById(entity.getAuthUserId(), realm); }
-
- @Override
- public void setAuthenticatedUser(UserModel user) {
- entity.setAuthUserId(user.getId());
-
- }
-}
+package org.keycloak.models.sessions.mem;
+
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.ClientSessionModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.UserSessionModel;
+import org.keycloak.models.sessions.mem.entities.ClientSessionEntity;
+import org.keycloak.models.sessions.mem.entities.UserSessionEntity;
+
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class ClientSessionAdapter implements ClientSessionModel {
+
+ private KeycloakSession session;
+ private MemUserSessionProvider provider;
+ private RealmModel realm;
+ private ClientSessionEntity entity;
+
+ public ClientSessionAdapter(KeycloakSession session, MemUserSessionProvider provider, RealmModel realm, ClientSessionEntity entity) {
+ this.session = session;
+ this.provider = provider;
+ this.realm = realm;
+ this.entity = entity;
+ }
+
+ @Override
+ public String getId() {
+ return entity.getId();
+ }
+
+ @Override
+ public RealmModel getRealm() {
+ return session.realms().getRealm(entity.getRealmId());
+ }
+
+ public ClientSessionEntity getEntity() {
+ return entity;
+ }
+
+ @Override
+ public ClientModel getClient() {
+ return realm.getClientById(entity.getClientId());
+ }
+
+ @Override
+ public UserSessionModel getUserSession() {
+ if (entity.getSession() == null) return null;
+ return new UserSessionAdapter(session, provider, realm, entity.getSession());
+ }
+
+ @Override
+ public void setUserSession(UserSessionModel userSession) {
+ if (userSession == null) {
+ if (entity.getSession() != null) {
+ entity.getSession().getClientSessions().remove(entity);
+ }
+ entity.setSession(null);
+ } else {
+ UserSessionAdapter adapter = (UserSessionAdapter) userSession;
+ UserSessionEntity userSessionEntity = adapter.getEntity();
+ entity.setSession(userSessionEntity);
+ userSessionEntity.getClientSessions().add(entity);
+ }
+ }
+
+ @Override
+ public void setRedirectUri(String uri) {
+ entity.setRedirectUri(uri);
+ }
+
+ @Override
+ public void setRoles(Set<String> roles) {
+ entity.setRoles(roles);
+ }
+
+ @Override
+ public String getRedirectUri() {
+ return entity.getRedirectUri();
+ }
+
+ @Override
+ public int getTimestamp() {
+ return entity.getTimestamp();
+ }
+
+ @Override
+ public void setTimestamp(int timestamp) {
+ entity.setTimestamp(timestamp);
+ }
+
+ @Override
+ public String getAction() {
+ return entity.getAction();
+ }
+
+ @Override
+ public void setAction(String action) {
+ entity.setAction(action);
+ }
+
+ @Override
+ public Set<String> getRoles() {
+ return entity.getRoles();
+ }
+
+ @Override
+ public Set<String> getProtocolMappers() {
+ return entity.getProtocolMappers();
+ }
+
+ @Override
+ public void setProtocolMappers(Set<String> protocolMappers) {
+ entity.setProtocolMappers(protocolMappers);
+ }
+
+ @Override
+ public String getNote(String name) {
+ return entity.getNotes().get(name);
+ }
+
+ @Override
+ public void setNote(String name, String value) {
+ entity.getNotes().put(name, value);
+
+ }
+
+ @Override
+ public void removeNote(String name) {
+ entity.getNotes().remove(name);
+
+ }
+
+ @Override
+ public void setUserSessionNote(String name, String value) {
+ entity.getUserSessionNotes().put(name, value);
+ }
+
+ @Override
+ public Map<String, String> getUserSessionNotes() {
+ return entity.getUserSessionNotes();
+ }
+
+ @Override
+ public String getAuthMethod() {
+ return entity.getAuthMethod();
+ }
+
+ @Override
+ public void setAuthMethod(String method) {
+ entity.setAuthMethod(method);
+ }
+
+ @Override
+ public Map<String, ExecutionStatus> getExecutionStatus() {
+ return entity.getAuthenticatorStatus();
+ }
+
+ @Override
+ public void setExecutionStatus(String authenticator, ExecutionStatus status) {
+ entity.getAuthenticatorStatus().put(authenticator, status);
+
+ }
+
+ @Override
+ public void clearExecutionStatus() {
+ entity.getAuthenticatorStatus().clear();
+ }
+
+ @Override
+ public void clearUserSessionNotes() {
+ entity.getUserSessionNotes().clear();
+ }
+
+ @Override
+ public UserModel getAuthenticatedUser() {
+ return session.users().getUserById(entity.getAuthUserId(), realm); }
+
+ @Override
+ public void setAuthenticatedUser(UserModel user) {
+ entity.setAuthUserId(user.getId());
+
+ }
+}
diff --git a/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/entities/ClientSessionEntity.java b/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/entities/ClientSessionEntity.java
index 7c6fb22..056e5a2 100755
--- a/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/entities/ClientSessionEntity.java
+++ b/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/entities/ClientSessionEntity.java
@@ -1,152 +1,152 @@
-package org.keycloak.models.sessions.mem.entities;
-
-import org.keycloak.models.ClientSessionModel;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class ClientSessionEntity {
-
- private String id;
- private String clientId;
- private String realmId;
- private Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus = new HashMap<>();
- private String authUserId;
-
- private UserSessionEntity session;
-
- private String redirectUri;
- private String authMethod;
-
- private int timestamp;
- private String action;
- private Set<String> roles;
- private Set<String> protocolMappers;
- private Map<String, String> notes = new HashMap<>();
- private Map<String, String> userSessionNotes = new HashMap<>();
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
- public String getClientId() {
- return clientId;
- }
-
- public void setClientId(String clientId) {
- this.clientId = clientId;
- }
-
- public String getRealmId() {
- return realmId;
- }
-
- public void setRealmId(String realmId) {
- this.realmId = realmId;
- }
-
- public UserSessionEntity getSession() {
- return session;
- }
-
- public void setSession(UserSessionEntity session) {
- this.session = session;
- }
-
- public String getRedirectUri() {
- return redirectUri;
- }
-
- public void setRedirectUri(String redirectUri) {
- this.redirectUri = redirectUri;
- }
-
- public int getTimestamp() {
- return timestamp;
- }
-
- public void setTimestamp(int timestamp) {
- this.timestamp = timestamp;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public Set<String> getRoles() {
- return roles;
- }
-
- public void setRoles(Set<String> roles) {
- this.roles = roles;
- }
-
- public Set<String> getProtocolMappers() {
- return protocolMappers;
- }
-
- public void setProtocolMappers(Set<String> protocolMappers) {
- this.protocolMappers = protocolMappers;
- }
-
- public Map<String, String> getNotes() {
- return notes;
- }
-
- public String getAuthMethod() {
- return authMethod;
- }
-
- public void setAuthMethod(String authMethod) {
- this.authMethod = authMethod;
- }
-
- public String getAuthUserId() {
- return authUserId;
- }
-
- public void setAuthUserId(String authUserId) {
- this.authUserId = authUserId;
- }
-
- public Map<String, ClientSessionModel.ExecutionStatus> getAuthenticatorStatus() {
- return authenticatorStatus;
- }
-
- public void setAuthenticatorStatus(Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus) {
- this.authenticatorStatus = authenticatorStatus;
- }
-
- public Map<String, String> getUserSessionNotes() {
- return userSessionNotes;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) return true;
- if (!(o instanceof ClientSessionEntity)) return false;
-
- ClientSessionEntity that = (ClientSessionEntity) o;
-
- if (id != null ? !id.equals(that.id) : that.id != null) return false;
-
- return true;
- }
-
- @Override
- public int hashCode() {
- return id != null ? id.hashCode() : 0;
- }
-}
+package org.keycloak.models.sessions.mem.entities;
+
+import org.keycloak.models.ClientSessionModel;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class ClientSessionEntity {
+
+ private String id;
+ private String clientId;
+ private String realmId;
+ private Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus = new HashMap<>();
+ private String authUserId;
+
+ private UserSessionEntity session;
+
+ private String redirectUri;
+ private String authMethod;
+
+ private int timestamp;
+ private String action;
+ private Set<String> roles;
+ private Set<String> protocolMappers;
+ private Map<String, String> notes = new HashMap<>();
+ private Map<String, String> userSessionNotes = new HashMap<>();
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+ public String getClientId() {
+ return clientId;
+ }
+
+ public void setClientId(String clientId) {
+ this.clientId = clientId;
+ }
+
+ public String getRealmId() {
+ return realmId;
+ }
+
+ public void setRealmId(String realmId) {
+ this.realmId = realmId;
+ }
+
+ public UserSessionEntity getSession() {
+ return session;
+ }
+
+ public void setSession(UserSessionEntity session) {
+ this.session = session;
+ }
+
+ public String getRedirectUri() {
+ return redirectUri;
+ }
+
+ public void setRedirectUri(String redirectUri) {
+ this.redirectUri = redirectUri;
+ }
+
+ public int getTimestamp() {
+ return timestamp;
+ }
+
+ public void setTimestamp(int timestamp) {
+ this.timestamp = timestamp;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public Set<String> getRoles() {
+ return roles;
+ }
+
+ public void setRoles(Set<String> roles) {
+ this.roles = roles;
+ }
+
+ public Set<String> getProtocolMappers() {
+ return protocolMappers;
+ }
+
+ public void setProtocolMappers(Set<String> protocolMappers) {
+ this.protocolMappers = protocolMappers;
+ }
+
+ public Map<String, String> getNotes() {
+ return notes;
+ }
+
+ public String getAuthMethod() {
+ return authMethod;
+ }
+
+ public void setAuthMethod(String authMethod) {
+ this.authMethod = authMethod;
+ }
+
+ public String getAuthUserId() {
+ return authUserId;
+ }
+
+ public void setAuthUserId(String authUserId) {
+ this.authUserId = authUserId;
+ }
+
+ public Map<String, ClientSessionModel.ExecutionStatus> getAuthenticatorStatus() {
+ return authenticatorStatus;
+ }
+
+ public void setAuthenticatorStatus(Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus) {
+ this.authenticatorStatus = authenticatorStatus;
+ }
+
+ public Map<String, String> getUserSessionNotes() {
+ return userSessionNotes;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (!(o instanceof ClientSessionEntity)) return false;
+
+ ClientSessionEntity that = (ClientSessionEntity) o;
+
+ if (id != null ? !id.equals(that.id) : that.id != null) return false;
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ return id != null ? id.hashCode() : 0;
+ }
+}
diff --git a/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/ClientSessionAdapter.java b/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/ClientSessionAdapter.java
index 4ad1d51..1313d36 100755
--- a/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/ClientSessionAdapter.java
+++ b/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/ClientSessionAdapter.java
@@ -1,223 +1,223 @@
-package org.keycloak.models.sessions.mongo;
-
-import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
-import org.keycloak.models.ClientModel;
-import org.keycloak.models.ClientSessionModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserModel;
-import org.keycloak.models.UserSessionModel;
-import org.keycloak.models.sessions.mongo.entities.MongoClientSessionEntity;
-import org.keycloak.models.sessions.mongo.entities.MongoUserSessionEntity;
-
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class ClientSessionAdapter extends AbstractMongoAdapter<MongoClientSessionEntity> implements ClientSessionModel {
-
- private KeycloakSession session;
- private MongoUserSessionProvider provider;
- private RealmModel realm;
- private MongoClientSessionEntity entity;
-
- public ClientSessionAdapter(KeycloakSession session, MongoUserSessionProvider provider, RealmModel realm, MongoClientSessionEntity entity, MongoStoreInvocationContext invContext) {
- super(invContext);
- this.session = session;
- this.provider = provider;
- this.realm = realm;
- this.entity = entity;
- }
-
- @Override
- public String getId() {
- return entity.getId();
- }
-
- @Override
- public RealmModel getRealm() {
- return session.realms().getRealm(entity.getRealmId());
- }
-
- @Override
- public ClientModel getClient() {
- return realm.getClientById(entity.getClientId());
- }
-
- @Override
- public UserSessionModel getUserSession() {
- if (entity.getSessionId() == null) return null;
- return provider.getUserSession(realm, entity.getSessionId());
- }
-
- @Override
- public void setUserSession(UserSessionModel userSession) {
- if (userSession == null) {
- if (entity.getSessionId() != null) {
- MongoUserSessionEntity userSessionEntity = provider.getUserSessionEntity(realm, entity.getSessionId());
- provider.getMongoStore().pullItemFromList(userSessionEntity, "clientSessions", entity.getSessionId(), invocationContext);
- }
- entity.setSessionId(null);
- } else {
- MongoUserSessionEntity userSessionEntity = provider.getUserSessionEntity(realm, userSession.getId());
- entity.setSessionId(userSessionEntity.getId());
- updateMongoEntity();
-
- provider.getMongoStore().pushItemToList(userSessionEntity, "clientSessions", entity.getId(), true, invocationContext);
- }
- }
-
- @Override
- public void setRedirectUri(String uri) {
- entity.setRedirectUri(uri);
- updateMongoEntity();
- }
-
- @Override
- public void setRoles(Set<String> roles) {
- if (roles == null) {
- entity.setRoles(null);
- } else {
- List<String> list = new LinkedList<String>();
- list.addAll(roles);
- entity.setRoles(list);
- }
- updateMongoEntity();
- }
-
- @Override
- public String getRedirectUri() {
- return entity.getRedirectUri();
- }
-
- @Override
- public int getTimestamp() {
- return entity.getTimestamp();
- }
-
- @Override
- public void setTimestamp(int timestamp) {
- entity.setTimestamp(timestamp);
- updateMongoEntity();
- }
-
- @Override
- public String getAction() {
- return entity.getAction();
- }
-
- @Override
- public void setAction(String action) {
- entity.setAction(action);
- updateMongoEntity();
- }
-
- @Override
- public Set<String> getRoles() {
- return entity.getRoles() != null ? new HashSet<String>(entity.getRoles()) : null;
- }
-
- @Override
- public Set<String> getProtocolMappers() {
- return entity.getProtocolMappers() != null ? new HashSet<String>(entity.getProtocolMappers()) : null;
- }
-
- @Override
- public void setProtocolMappers(Set<String> protocolMappers) {
- if (protocolMappers == null) {
- entity.setProtocolMappers(null);
- } else {
- List<String> list = new LinkedList<String>();
- list.addAll(protocolMappers);
- entity.setProtocolMappers(list);
- }
- updateMongoEntity();
- }
-
- @Override
- public String getNote(String name) {
- return entity.getNotes().get(name);
- }
-
- @Override
- public void setNote(String name, String value) {
- entity.getNotes().put(name, value);
- updateMongoEntity();
- }
-
- @Override
- public void removeNote(String name) {
- entity.getNotes().remove(name);
- updateMongoEntity();
- }
-
- @Override
- public void setUserSessionNote(String name, String value) {
- entity.getUserSessionNotes().put(name, value);
- updateMongoEntity();
- }
-
- @Override
- public Map<String, String> getUserSessionNotes() {
- Map<String, String> copy = new HashMap<>();
- copy.putAll(entity.getUserSessionNotes());
- return copy;
- }
-
- @Override
- public Map<String, ExecutionStatus> getExecutionStatus() {
- return entity.getAuthenticatorStatus();
- }
-
- @Override
- public void setExecutionStatus(String authenticator, ExecutionStatus status) {
- entity.getAuthenticatorStatus().put(authenticator, status);
- updateMongoEntity();
-
- }
-
- @Override
- public void clearExecutionStatus() {
- entity.getAuthenticatorStatus().clear();
- updateMongoEntity();
- }
-
- @Override
- public void clearUserSessionNotes() {
- entity.getUserSessionNotes().clear();
- }
-
- @Override
- public UserModel getAuthenticatedUser() {
- return session.users().getUserById(entity.getAuthUserId(), realm);
- }
-
- @Override
- public void setAuthenticatedUser(UserModel user) {
- entity.setAuthUserId(user.getId());
- updateMongoEntity();
-
- }
-
- @Override
- public String getAuthMethod() {
- return entity.getAuthMethod();
- }
-
- @Override
- public void setAuthMethod(String method) {
- entity.setAuthMethod(method);
- updateMongoEntity();
- }
-
- @Override
- protected MongoClientSessionEntity getMongoEntity() {
- return entity;
- }
-}
+package org.keycloak.models.sessions.mongo;
+
+import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.ClientSessionModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.UserSessionModel;
+import org.keycloak.models.sessions.mongo.entities.MongoClientSessionEntity;
+import org.keycloak.models.sessions.mongo.entities.MongoUserSessionEntity;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class ClientSessionAdapter extends AbstractMongoAdapter<MongoClientSessionEntity> implements ClientSessionModel {
+
+ private KeycloakSession session;
+ private MongoUserSessionProvider provider;
+ private RealmModel realm;
+ private MongoClientSessionEntity entity;
+
+ public ClientSessionAdapter(KeycloakSession session, MongoUserSessionProvider provider, RealmModel realm, MongoClientSessionEntity entity, MongoStoreInvocationContext invContext) {
+ super(invContext);
+ this.session = session;
+ this.provider = provider;
+ this.realm = realm;
+ this.entity = entity;
+ }
+
+ @Override
+ public String getId() {
+ return entity.getId();
+ }
+
+ @Override
+ public RealmModel getRealm() {
+ return session.realms().getRealm(entity.getRealmId());
+ }
+
+ @Override
+ public ClientModel getClient() {
+ return realm.getClientById(entity.getClientId());
+ }
+
+ @Override
+ public UserSessionModel getUserSession() {
+ if (entity.getSessionId() == null) return null;
+ return provider.getUserSession(realm, entity.getSessionId());
+ }
+
+ @Override
+ public void setUserSession(UserSessionModel userSession) {
+ if (userSession == null) {
+ if (entity.getSessionId() != null) {
+ MongoUserSessionEntity userSessionEntity = provider.getUserSessionEntity(realm, entity.getSessionId());
+ provider.getMongoStore().pullItemFromList(userSessionEntity, "clientSessions", entity.getSessionId(), invocationContext);
+ }
+ entity.setSessionId(null);
+ } else {
+ MongoUserSessionEntity userSessionEntity = provider.getUserSessionEntity(realm, userSession.getId());
+ entity.setSessionId(userSessionEntity.getId());
+ updateMongoEntity();
+
+ provider.getMongoStore().pushItemToList(userSessionEntity, "clientSessions", entity.getId(), true, invocationContext);
+ }
+ }
+
+ @Override
+ public void setRedirectUri(String uri) {
+ entity.setRedirectUri(uri);
+ updateMongoEntity();
+ }
+
+ @Override
+ public void setRoles(Set<String> roles) {
+ if (roles == null) {
+ entity.setRoles(null);
+ } else {
+ List<String> list = new LinkedList<String>();
+ list.addAll(roles);
+ entity.setRoles(list);
+ }
+ updateMongoEntity();
+ }
+
+ @Override
+ public String getRedirectUri() {
+ return entity.getRedirectUri();
+ }
+
+ @Override
+ public int getTimestamp() {
+ return entity.getTimestamp();
+ }
+
+ @Override
+ public void setTimestamp(int timestamp) {
+ entity.setTimestamp(timestamp);
+ updateMongoEntity();
+ }
+
+ @Override
+ public String getAction() {
+ return entity.getAction();
+ }
+
+ @Override
+ public void setAction(String action) {
+ entity.setAction(action);
+ updateMongoEntity();
+ }
+
+ @Override
+ public Set<String> getRoles() {
+ return entity.getRoles() != null ? new HashSet<String>(entity.getRoles()) : null;
+ }
+
+ @Override
+ public Set<String> getProtocolMappers() {
+ return entity.getProtocolMappers() != null ? new HashSet<String>(entity.getProtocolMappers()) : null;
+ }
+
+ @Override
+ public void setProtocolMappers(Set<String> protocolMappers) {
+ if (protocolMappers == null) {
+ entity.setProtocolMappers(null);
+ } else {
+ List<String> list = new LinkedList<String>();
+ list.addAll(protocolMappers);
+ entity.setProtocolMappers(list);
+ }
+ updateMongoEntity();
+ }
+
+ @Override
+ public String getNote(String name) {
+ return entity.getNotes().get(name);
+ }
+
+ @Override
+ public void setNote(String name, String value) {
+ entity.getNotes().put(name, value);
+ updateMongoEntity();
+ }
+
+ @Override
+ public void removeNote(String name) {
+ entity.getNotes().remove(name);
+ updateMongoEntity();
+ }
+
+ @Override
+ public void setUserSessionNote(String name, String value) {
+ entity.getUserSessionNotes().put(name, value);
+ updateMongoEntity();
+ }
+
+ @Override
+ public Map<String, String> getUserSessionNotes() {
+ Map<String, String> copy = new HashMap<>();
+ copy.putAll(entity.getUserSessionNotes());
+ return copy;
+ }
+
+ @Override
+ public Map<String, ExecutionStatus> getExecutionStatus() {
+ return entity.getAuthenticatorStatus();
+ }
+
+ @Override
+ public void setExecutionStatus(String authenticator, ExecutionStatus status) {
+ entity.getAuthenticatorStatus().put(authenticator, status);
+ updateMongoEntity();
+
+ }
+
+ @Override
+ public void clearExecutionStatus() {
+ entity.getAuthenticatorStatus().clear();
+ updateMongoEntity();
+ }
+
+ @Override
+ public void clearUserSessionNotes() {
+ entity.getUserSessionNotes().clear();
+ }
+
+ @Override
+ public UserModel getAuthenticatedUser() {
+ return session.users().getUserById(entity.getAuthUserId(), realm);
+ }
+
+ @Override
+ public void setAuthenticatedUser(UserModel user) {
+ entity.setAuthUserId(user.getId());
+ updateMongoEntity();
+
+ }
+
+ @Override
+ public String getAuthMethod() {
+ return entity.getAuthMethod();
+ }
+
+ @Override
+ public void setAuthMethod(String method) {
+ entity.setAuthMethod(method);
+ updateMongoEntity();
+ }
+
+ @Override
+ protected MongoClientSessionEntity getMongoEntity() {
+ return entity;
+ }
+}
diff --git a/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/entities/MongoClientSessionEntity.java b/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/entities/MongoClientSessionEntity.java
index de7bed3..a8dc6a1 100755
--- a/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/entities/MongoClientSessionEntity.java
+++ b/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/entities/MongoClientSessionEntity.java
@@ -1,152 +1,152 @@
-package org.keycloak.models.sessions.mongo.entities;
-
-import org.keycloak.connections.mongo.api.MongoCollection;
-import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
-import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
-import org.keycloak.models.ClientSessionModel;
-import org.keycloak.models.entities.AbstractIdentifiableEntity;
-
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-@MongoCollection(collectionName = "clientSessions")
-public class MongoClientSessionEntity extends AbstractIdentifiableEntity implements MongoIdentifiableEntity {
-
- private String id;
- private String clientId;
- private String realmId;
- private String sessionId;
-
- private String redirectUri;
- private String authMethod;
-
- private int timestamp;
- private String action;
- private List<String> roles;
- private List<String> protocolMappers;
- private Map<String, String> notes = new HashMap<String, String>();
- private Map<String, String> userSessionNotes = new HashMap<String, String>();
- private Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus = new HashMap<>();
- private String authUserId;
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
- public String getClientId() {
- return clientId;
- }
-
- public void setClientId(String clientId) {
- this.clientId = clientId;
- }
-
- public String getRealmId() {
- return realmId;
- }
-
- public void setRealmId(String realmId) {
- this.realmId = realmId;
- }
-
- public String getRedirectUri() {
- return redirectUri;
- }
-
- public void setRedirectUri(String redirectUri) {
- this.redirectUri = redirectUri;
- }
-
- public String getAuthMethod() {
- return authMethod;
- }
-
- public void setAuthMethod(String authMethod) {
- this.authMethod = authMethod;
- }
-
- public int getTimestamp() {
- return timestamp;
- }
-
- public void setTimestamp(int timestamp) {
- this.timestamp = timestamp;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public List<String> getRoles() {
- return roles;
- }
-
- public void setRoles(List<String> roles) {
- this.roles = roles;
- }
-
- public List<String> getProtocolMappers() {
- return protocolMappers;
- }
-
- public void setProtocolMappers(List<String> protocolMappers) {
- this.protocolMappers = protocolMappers;
- }
-
- public Map<String, String> getNotes() {
- return notes;
- }
-
- public void setNotes(Map<String, String> notes) {
- this.notes = notes;
- }
-
- public Map<String, String> getUserSessionNotes() {
- return userSessionNotes;
- }
-
- public void setUserSessionNotes(Map<String, String> userSessionNotes) {
- this.userSessionNotes = userSessionNotes;
- }
-
- public String getSessionId() {
- return sessionId;
- }
-
- public void setSessionId(String sessionId) {
- this.sessionId = sessionId;
- }
-
- public Map<String, ClientSessionModel.ExecutionStatus> getAuthenticatorStatus() {
- return authenticatorStatus;
- }
-
- public void setAuthenticatorStatus(Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus) {
- this.authenticatorStatus = authenticatorStatus;
- }
-
- public String getAuthUserId() {
- return authUserId;
- }
-
- public void setAuthUserId(String authUserId) {
- this.authUserId = authUserId;
- }
-
- @Override
- public void afterRemove(MongoStoreInvocationContext context) {
- }
-
-}
+package org.keycloak.models.sessions.mongo.entities;
+
+import org.keycloak.connections.mongo.api.MongoCollection;
+import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
+import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
+import org.keycloak.models.ClientSessionModel;
+import org.keycloak.models.entities.AbstractIdentifiableEntity;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+@MongoCollection(collectionName = "clientSessions")
+public class MongoClientSessionEntity extends AbstractIdentifiableEntity implements MongoIdentifiableEntity {
+
+ private String id;
+ private String clientId;
+ private String realmId;
+ private String sessionId;
+
+ private String redirectUri;
+ private String authMethod;
+
+ private int timestamp;
+ private String action;
+ private List<String> roles;
+ private List<String> protocolMappers;
+ private Map<String, String> notes = new HashMap<String, String>();
+ private Map<String, String> userSessionNotes = new HashMap<String, String>();
+ private Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus = new HashMap<>();
+ private String authUserId;
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+ public String getClientId() {
+ return clientId;
+ }
+
+ public void setClientId(String clientId) {
+ this.clientId = clientId;
+ }
+
+ public String getRealmId() {
+ return realmId;
+ }
+
+ public void setRealmId(String realmId) {
+ this.realmId = realmId;
+ }
+
+ public String getRedirectUri() {
+ return redirectUri;
+ }
+
+ public void setRedirectUri(String redirectUri) {
+ this.redirectUri = redirectUri;
+ }
+
+ public String getAuthMethod() {
+ return authMethod;
+ }
+
+ public void setAuthMethod(String authMethod) {
+ this.authMethod = authMethod;
+ }
+
+ public int getTimestamp() {
+ return timestamp;
+ }
+
+ public void setTimestamp(int timestamp) {
+ this.timestamp = timestamp;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public List<String> getRoles() {
+ return roles;
+ }
+
+ public void setRoles(List<String> roles) {
+ this.roles = roles;
+ }
+
+ public List<String> getProtocolMappers() {
+ return protocolMappers;
+ }
+
+ public void setProtocolMappers(List<String> protocolMappers) {
+ this.protocolMappers = protocolMappers;
+ }
+
+ public Map<String, String> getNotes() {
+ return notes;
+ }
+
+ public void setNotes(Map<String, String> notes) {
+ this.notes = notes;
+ }
+
+ public Map<String, String> getUserSessionNotes() {
+ return userSessionNotes;
+ }
+
+ public void setUserSessionNotes(Map<String, String> userSessionNotes) {
+ this.userSessionNotes = userSessionNotes;
+ }
+
+ public String getSessionId() {
+ return sessionId;
+ }
+
+ public void setSessionId(String sessionId) {
+ this.sessionId = sessionId;
+ }
+
+ public Map<String, ClientSessionModel.ExecutionStatus> getAuthenticatorStatus() {
+ return authenticatorStatus;
+ }
+
+ public void setAuthenticatorStatus(Map<String, ClientSessionModel.ExecutionStatus> authenticatorStatus) {
+ this.authenticatorStatus = authenticatorStatus;
+ }
+
+ public String getAuthUserId() {
+ return authUserId;
+ }
+
+ public void setAuthUserId(String authUserId) {
+ this.authUserId = authUserId;
+ }
+
+ @Override
+ public void afterRemove(MongoStoreInvocationContext context) {
+ }
+
+}
diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordForm.java b/services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordForm.java
index 2c25bac..0f7a076 100755
--- a/services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordForm.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordForm.java
@@ -41,15 +41,16 @@ public class UsernamePasswordForm extends AbstractFormAuthenticator implements A
context.forceChallenge(response);
return;
}
- if (!validateUser(context, formData)) {
- return;
- }
- if (!validatePassword(context, formData)) {
+ if (!validateForm(context, formData)) {
return;
}
context.success();
}
+ protected boolean validateForm(AuthenticatorContext context, MultivaluedMap<String, String> formData) {
+ return validateUser(context, formData) && validatePassword(context, formData);
+ }
+
@Override
public void authenticate(AuthenticatorContext context) {
if (REGISTRATION_FORM_ACTION.equals(context.getAction()) && context.getUser() != null) {
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java
index e29649f..e938732 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java
@@ -1,310 +1,310 @@
-package org.keycloak.protocol.oidc.endpoints;
-
-import org.jboss.logging.Logger;
-import org.jboss.resteasy.spi.HttpRequest;
-import org.keycloak.ClientConnection;
-import org.keycloak.OAuth2Constants;
-import org.keycloak.authentication.AuthenticationProcessor;
-import org.keycloak.constants.AdapterConstants;
-import org.keycloak.events.Details;
-import org.keycloak.events.Errors;
-import org.keycloak.events.EventBuilder;
-import org.keycloak.events.EventType;
-import org.keycloak.login.LoginFormsProvider;
-import org.keycloak.models.AuthenticationFlowModel;
-import org.keycloak.models.ClientModel;
-import org.keycloak.models.ClientSessionModel;
-import org.keycloak.models.IdentityProviderModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.utils.DefaultAuthenticationFlows;
-import org.keycloak.models.utils.KeycloakModelUtils;
-import org.keycloak.protocol.oidc.OIDCLoginProtocol;
-import org.keycloak.protocol.oidc.utils.RedirectUtils;
-import org.keycloak.services.ErrorPageException;
-import org.keycloak.services.managers.AuthenticationManager;
-import org.keycloak.services.managers.ClientSessionCode;
-import org.keycloak.services.messages.Messages;
-import org.keycloak.services.Urls;
-
-import javax.ws.rs.GET;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-import java.util.List;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class AuthorizationEndpoint {
-
- private static final Logger logger = Logger.getLogger(AuthorizationEndpoint.class);
- public static final String CODE_AUTH_TYPE = "code";
-
- private enum Action {
- REGISTER, CODE
- }
-
- @Context
- private KeycloakSession session;
-
- @Context
- private HttpRequest request;
-
- @Context
- private HttpHeaders headers;
-
- @Context
- private UriInfo uriInfo;
-
- @Context
- private ClientConnection clientConnection;
-
- private final AuthenticationManager authManager;
- private final RealmModel realm;
- private final EventBuilder event;
-
- private ClientModel client;
- private ClientSessionModel clientSession;
-
- private Action action;
-
- private String clientId;
- private String redirectUri;
- private String redirectUriParam;
- private String responseType;
- private String state;
- private String scope;
- private String loginHint;
- private String prompt;
- private String idpHint;
-
- private String legacyResponseType;
-
- public AuthorizationEndpoint(AuthenticationManager authManager, RealmModel realm, EventBuilder event) {
- this.authManager = authManager;
- this.realm = realm;
- this.event = event;
- event.event(EventType.LOGIN);
- }
-
- @GET
- public Response build() {
- MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
-
- clientId = params.getFirst(OIDCLoginProtocol.CLIENT_ID_PARAM);
- responseType = params.getFirst(OIDCLoginProtocol.RESPONSE_TYPE_PARAM);
- redirectUriParam = params.getFirst(OIDCLoginProtocol.REDIRECT_URI_PARAM);
- state = params.getFirst(OIDCLoginProtocol.STATE_PARAM);
- scope = params.getFirst(OIDCLoginProtocol.SCOPE_PARAM);
- loginHint = params.getFirst(OIDCLoginProtocol.LOGIN_HINT_PARAM);
- prompt = params.getFirst(OIDCLoginProtocol.PROMPT_PARAM);
- idpHint = params.getFirst(AdapterConstants.KC_IDP_HINT);
-
- checkSsl();
- checkRealm();
- checkClient();
- checkResponseType();
- checkRedirectUri();
-
- createClientSession();
-
- switch (action) {
- case REGISTER:
- return buildRegister();
- case CODE:
- return buildAuthorizationCodeAuthorizationResponse();
- }
-
- throw new RuntimeException("Unknown action " + action);
- }
-
- /**
- * @deprecated
- */
- public AuthorizationEndpoint legacy(String legacyResponseType) {
- logger.warnv("Invoking deprecated endpoint {0}", uriInfo.getRequestUri());
- this.legacyResponseType = legacyResponseType;
- return this;
- }
-
- public AuthorizationEndpoint register() {
- event.event(EventType.REGISTER);
- action = Action.REGISTER;
-
- if (!realm.isRegistrationAllowed()) {
- throw new ErrorPageException(session, Messages.REGISTRATION_NOT_ALLOWED);
- }
-
- return this;
- }
-
- private void checkSsl() {
- if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
- event.error(Errors.SSL_REQUIRED);
- throw new ErrorPageException(session, Messages.HTTPS_REQUIRED);
- }
- }
-
- private void checkRealm() {
- if (!realm.isEnabled()) {
- event.error(Errors.REALM_DISABLED);
- throw new ErrorPageException(session, Messages.REALM_NOT_ENABLED);
- }
- }
-
- private void checkClient() {
- if (clientId == null) {
- event.error(Errors.INVALID_REQUEST);
- throw new ErrorPageException(session, Messages.MISSING_PARAMETER, OIDCLoginProtocol.CLIENT_ID_PARAM );
- }
-
- event.client(clientId);
-
- client = realm.getClientByClientId(clientId);
- if (client == null) {
- event.error(Errors.CLIENT_NOT_FOUND);
- throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND );
- }
-
- if (client.isBearerOnly()) {
- event.error(Errors.NOT_ALLOWED);
- throw new ErrorPageException(session, Messages.BEARER_ONLY );
- }
-
- if (client.isDirectGrantsOnly()) {
- event.error(Errors.NOT_ALLOWED);
- throw new ErrorPageException(session, Messages.DIRECT_GRANTS_ONLY);
- }
-
- session.getContext().setClient(client);
- }
-
- private void checkResponseType() {
- if (responseType == null) {
- if (legacyResponseType != null) {
- responseType = legacyResponseType;
- } else {
- event.error(Errors.INVALID_REQUEST);
- throw new ErrorPageException(session, Messages.MISSING_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM );
- }
- }
-
- event.detail(Details.RESPONSE_TYPE, responseType);
-
- if (responseType.equals(OAuth2Constants.CODE)) {
- if (action == null) {
- action = Action.CODE;
- }
- } else {
- event.error(Errors.INVALID_REQUEST);
- throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM );
- }
- }
-
- private void checkRedirectUri() {
- event.detail(Details.REDIRECT_URI, redirectUriParam);
-
- redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, redirectUriParam, realm, client);
- if (redirectUri == null) {
- event.error(Errors.INVALID_REDIRECT_URI);
- throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.REDIRECT_URI_PARAM);
- }
- }
-
- private void createClientSession() {
- clientSession = session.sessions().createClientSession(realm, client);
- clientSession.setAuthMethod(OIDCLoginProtocol.LOGIN_PROTOCOL);
- clientSession.setRedirectUri(redirectUri);
- clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE.name());
- clientSession.setNote(ClientSessionCode.ACTION_KEY, KeycloakModelUtils.generateCodeSecret());
- clientSession.setNote(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, responseType);
- clientSession.setNote(OIDCLoginProtocol.REDIRECT_URI_PARAM, redirectUriParam);
- clientSession.setNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
-
- if (state != null) clientSession.setNote(OIDCLoginProtocol.STATE_PARAM, state);
- if (scope != null) clientSession.setNote(OIDCLoginProtocol.SCOPE_PARAM, scope);
- if (loginHint != null) clientSession.setNote(OIDCLoginProtocol.LOGIN_HINT_PARAM, loginHint);
- if (prompt != null) clientSession.setNote(OIDCLoginProtocol.PROMPT_PARAM, prompt);
- if (idpHint != null) clientSession.setNote(AdapterConstants.KC_IDP_HINT, idpHint);
- }
-
- private Response buildAuthorizationCodeAuthorizationResponse() {
- String accessCode = new ClientSessionCode(realm, clientSession).getCode();
-
- if (idpHint != null && !"".equals(idpHint)) {
- IdentityProviderModel identityProviderModel = realm.getIdentityProviderByAlias(idpHint);
-
- if (identityProviderModel == null) {
- return session.getProvider(LoginFormsProvider.class)
- .setError(Messages.IDENTITY_PROVIDER_NOT_FOUND, idpHint)
- .createErrorPage();
- }
- return buildRedirectToIdentityProvider(idpHint, accessCode);
- }
-
- return browserAuthentication(accessCode);
- }
-
- protected Response browserAuthentication(String accessCode) {
- List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
- for (IdentityProviderModel identityProvider : identityProviders) {
- if (identityProvider.isAuthenticateByDefault()) {
- return buildRedirectToIdentityProvider(identityProvider.getAlias(), accessCode);
- }
- }
- clientSession.setNote(Details.AUTH_TYPE, CODE_AUTH_TYPE);
-
- AuthenticationFlowModel flow = realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW);
- String flowId = flow.getId();
- AuthenticationProcessor processor = new AuthenticationProcessor();
- processor.setClientSession(clientSession)
- .setFlowId(flowId)
- .setConnection(clientConnection)
- .setEventBuilder(event)
- .setProtector(authManager.getProtector())
- .setRealm(realm)
- .setSession(session)
- .setUriInfo(uriInfo)
- .setRequest(request);
-
- Response challenge = null;
- try {
- challenge = processor.authenticateOnly();
- } catch (Exception e) {
- return processor.handleBrowserException(e);
- }
-
- if (challenge != null && prompt != null && prompt.equals("none")) {
- if (processor.isUserSessionCreated()) {
- session.sessions().removeUserSession(realm, processor.getUserSession());
- }
- OIDCLoginProtocol oauth = new OIDCLoginProtocol(session, realm, uriInfo, headers, event);
- return oauth.cancelLogin(clientSession);
- }
-
- if (challenge == null) {
- return processor.finishAuthentication();
- } else {
- return challenge;
- }
- }
-
- private Response buildRegister() {
- authManager.expireIdentityCookie(realm, uriInfo, clientConnection);
-
- return session.getProvider(LoginFormsProvider.class)
- .setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode())
- .createRegistration();
- }
-
- private Response buildRedirectToIdentityProvider(String providerId, String accessCode) {
- logger.debug("Automatically redirect to identity provider: " + providerId);
- return Response.temporaryRedirect(
- Urls.identityProviderAuthnRequest(this.uriInfo.getBaseUri(), providerId, this.realm.getName(), accessCode))
- .build();
- }
-
+package org.keycloak.protocol.oidc.endpoints;
+
+import org.jboss.logging.Logger;
+import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.ClientConnection;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.authentication.AuthenticationProcessor;
+import org.keycloak.constants.AdapterConstants;
+import org.keycloak.events.Details;
+import org.keycloak.events.Errors;
+import org.keycloak.events.EventBuilder;
+import org.keycloak.events.EventType;
+import org.keycloak.login.LoginFormsProvider;
+import org.keycloak.models.AuthenticationFlowModel;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.ClientSessionModel;
+import org.keycloak.models.IdentityProviderModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.utils.DefaultAuthenticationFlows;
+import org.keycloak.models.utils.KeycloakModelUtils;
+import org.keycloak.protocol.oidc.OIDCLoginProtocol;
+import org.keycloak.protocol.oidc.utils.RedirectUtils;
+import org.keycloak.services.ErrorPageException;
+import org.keycloak.services.managers.AuthenticationManager;
+import org.keycloak.services.managers.ClientSessionCode;
+import org.keycloak.services.messages.Messages;
+import org.keycloak.services.Urls;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class AuthorizationEndpoint {
+
+ private static final Logger logger = Logger.getLogger(AuthorizationEndpoint.class);
+ public static final String CODE_AUTH_TYPE = "code";
+
+ private enum Action {
+ REGISTER, CODE
+ }
+
+ @Context
+ private KeycloakSession session;
+
+ @Context
+ private HttpRequest request;
+
+ @Context
+ private HttpHeaders headers;
+
+ @Context
+ private UriInfo uriInfo;
+
+ @Context
+ private ClientConnection clientConnection;
+
+ private final AuthenticationManager authManager;
+ private final RealmModel realm;
+ private final EventBuilder event;
+
+ private ClientModel client;
+ private ClientSessionModel clientSession;
+
+ private Action action;
+
+ private String clientId;
+ private String redirectUri;
+ private String redirectUriParam;
+ private String responseType;
+ private String state;
+ private String scope;
+ private String loginHint;
+ private String prompt;
+ private String idpHint;
+
+ private String legacyResponseType;
+
+ public AuthorizationEndpoint(AuthenticationManager authManager, RealmModel realm, EventBuilder event) {
+ this.authManager = authManager;
+ this.realm = realm;
+ this.event = event;
+ event.event(EventType.LOGIN);
+ }
+
+ @GET
+ public Response build() {
+ MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
+
+ clientId = params.getFirst(OIDCLoginProtocol.CLIENT_ID_PARAM);
+ responseType = params.getFirst(OIDCLoginProtocol.RESPONSE_TYPE_PARAM);
+ redirectUriParam = params.getFirst(OIDCLoginProtocol.REDIRECT_URI_PARAM);
+ state = params.getFirst(OIDCLoginProtocol.STATE_PARAM);
+ scope = params.getFirst(OIDCLoginProtocol.SCOPE_PARAM);
+ loginHint = params.getFirst(OIDCLoginProtocol.LOGIN_HINT_PARAM);
+ prompt = params.getFirst(OIDCLoginProtocol.PROMPT_PARAM);
+ idpHint = params.getFirst(AdapterConstants.KC_IDP_HINT);
+
+ checkSsl();
+ checkRealm();
+ checkClient();
+ checkResponseType();
+ checkRedirectUri();
+
+ createClientSession();
+
+ switch (action) {
+ case REGISTER:
+ return buildRegister();
+ case CODE:
+ return buildAuthorizationCodeAuthorizationResponse();
+ }
+
+ throw new RuntimeException("Unknown action " + action);
+ }
+
+ /**
+ * @deprecated
+ */
+ public AuthorizationEndpoint legacy(String legacyResponseType) {
+ logger.warnv("Invoking deprecated endpoint {0}", uriInfo.getRequestUri());
+ this.legacyResponseType = legacyResponseType;
+ return this;
+ }
+
+ public AuthorizationEndpoint register() {
+ event.event(EventType.REGISTER);
+ action = Action.REGISTER;
+
+ if (!realm.isRegistrationAllowed()) {
+ throw new ErrorPageException(session, Messages.REGISTRATION_NOT_ALLOWED);
+ }
+
+ return this;
+ }
+
+ private void checkSsl() {
+ if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
+ event.error(Errors.SSL_REQUIRED);
+ throw new ErrorPageException(session, Messages.HTTPS_REQUIRED);
+ }
+ }
+
+ private void checkRealm() {
+ if (!realm.isEnabled()) {
+ event.error(Errors.REALM_DISABLED);
+ throw new ErrorPageException(session, Messages.REALM_NOT_ENABLED);
+ }
+ }
+
+ private void checkClient() {
+ if (clientId == null) {
+ event.error(Errors.INVALID_REQUEST);
+ throw new ErrorPageException(session, Messages.MISSING_PARAMETER, OIDCLoginProtocol.CLIENT_ID_PARAM );
+ }
+
+ event.client(clientId);
+
+ client = realm.getClientByClientId(clientId);
+ if (client == null) {
+ event.error(Errors.CLIENT_NOT_FOUND);
+ throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND );
+ }
+
+ if (client.isBearerOnly()) {
+ event.error(Errors.NOT_ALLOWED);
+ throw new ErrorPageException(session, Messages.BEARER_ONLY );
+ }
+
+ if (client.isDirectGrantsOnly()) {
+ event.error(Errors.NOT_ALLOWED);
+ throw new ErrorPageException(session, Messages.DIRECT_GRANTS_ONLY);
+ }
+
+ session.getContext().setClient(client);
+ }
+
+ private void checkResponseType() {
+ if (responseType == null) {
+ if (legacyResponseType != null) {
+ responseType = legacyResponseType;
+ } else {
+ event.error(Errors.INVALID_REQUEST);
+ throw new ErrorPageException(session, Messages.MISSING_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM );
+ }
+ }
+
+ event.detail(Details.RESPONSE_TYPE, responseType);
+
+ if (responseType.equals(OAuth2Constants.CODE)) {
+ if (action == null) {
+ action = Action.CODE;
+ }
+ } else {
+ event.error(Errors.INVALID_REQUEST);
+ throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM );
+ }
+ }
+
+ private void checkRedirectUri() {
+ event.detail(Details.REDIRECT_URI, redirectUriParam);
+
+ redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, redirectUriParam, realm, client);
+ if (redirectUri == null) {
+ event.error(Errors.INVALID_REDIRECT_URI);
+ throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.REDIRECT_URI_PARAM);
+ }
+ }
+
+ private void createClientSession() {
+ clientSession = session.sessions().createClientSession(realm, client);
+ clientSession.setAuthMethod(OIDCLoginProtocol.LOGIN_PROTOCOL);
+ clientSession.setRedirectUri(redirectUri);
+ clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE.name());
+ clientSession.setNote(ClientSessionCode.ACTION_KEY, KeycloakModelUtils.generateCodeSecret());
+ clientSession.setNote(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, responseType);
+ clientSession.setNote(OIDCLoginProtocol.REDIRECT_URI_PARAM, redirectUriParam);
+ clientSession.setNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
+
+ if (state != null) clientSession.setNote(OIDCLoginProtocol.STATE_PARAM, state);
+ if (scope != null) clientSession.setNote(OIDCLoginProtocol.SCOPE_PARAM, scope);
+ if (loginHint != null) clientSession.setNote(OIDCLoginProtocol.LOGIN_HINT_PARAM, loginHint);
+ if (prompt != null) clientSession.setNote(OIDCLoginProtocol.PROMPT_PARAM, prompt);
+ if (idpHint != null) clientSession.setNote(AdapterConstants.KC_IDP_HINT, idpHint);
+ }
+
+ private Response buildAuthorizationCodeAuthorizationResponse() {
+ String accessCode = new ClientSessionCode(realm, clientSession).getCode();
+
+ if (idpHint != null && !"".equals(idpHint)) {
+ IdentityProviderModel identityProviderModel = realm.getIdentityProviderByAlias(idpHint);
+
+ if (identityProviderModel == null) {
+ return session.getProvider(LoginFormsProvider.class)
+ .setError(Messages.IDENTITY_PROVIDER_NOT_FOUND, idpHint)
+ .createErrorPage();
+ }
+ return buildRedirectToIdentityProvider(idpHint, accessCode);
+ }
+
+ return browserAuthentication(accessCode);
+ }
+
+ protected Response browserAuthentication(String accessCode) {
+ List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
+ for (IdentityProviderModel identityProvider : identityProviders) {
+ if (identityProvider.isAuthenticateByDefault()) {
+ return buildRedirectToIdentityProvider(identityProvider.getAlias(), accessCode);
+ }
+ }
+ clientSession.setNote(Details.AUTH_TYPE, CODE_AUTH_TYPE);
+
+ AuthenticationFlowModel flow = realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW);
+ String flowId = flow.getId();
+ AuthenticationProcessor processor = new AuthenticationProcessor();
+ processor.setClientSession(clientSession)
+ .setFlowId(flowId)
+ .setConnection(clientConnection)
+ .setEventBuilder(event)
+ .setProtector(authManager.getProtector())
+ .setRealm(realm)
+ .setSession(session)
+ .setUriInfo(uriInfo)
+ .setRequest(request);
+
+ Response challenge = null;
+ try {
+ challenge = processor.authenticateOnly();
+ } catch (Exception e) {
+ return processor.handleBrowserException(e);
+ }
+
+ if (challenge != null && prompt != null && prompt.equals("none")) {
+ if (processor.isUserSessionCreated()) {
+ session.sessions().removeUserSession(realm, processor.getUserSession());
+ }
+ OIDCLoginProtocol oauth = new OIDCLoginProtocol(session, realm, uriInfo, headers, event);
+ return oauth.cancelLogin(clientSession);
+ }
+
+ if (challenge == null) {
+ return processor.finishAuthentication();
+ } else {
+ return challenge;
+ }
+ }
+
+ private Response buildRegister() {
+ authManager.expireIdentityCookie(realm, uriInfo, clientConnection);
+
+ return session.getProvider(LoginFormsProvider.class)
+ .setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode())
+ .createRegistration();
+ }
+
+ private Response buildRedirectToIdentityProvider(String providerId, String accessCode) {
+ logger.debug("Automatically redirect to identity provider: " + providerId);
+ return Response.temporaryRedirect(
+ Urls.identityProviderAuthnRequest(this.uriInfo.getBaseUri(), providerId, this.realm.getName(), accessCode))
+ .build();
+ }
+
}
\ No newline at end of file
diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
index d921cf1..20023c6 100755
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
@@ -358,37 +358,24 @@ public class LoginActionsService {
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response processRegister(@QueryParam("code") String code) {
- MultivaluedMap<String, String> formData = request.getDecodedFormParameters();
event.event(EventType.REGISTER);
- if (!checkSsl()) {
- event.error(Errors.SSL_REQUIRED);
- return ErrorPage.error(session, Messages.HTTPS_REQUIRED);
- }
-
- if (!realm.isEnabled()) {
- event.error(Errors.REALM_DISABLED);
- return ErrorPage.error(session, Messages.REALM_NOT_ENABLED);
+ Checks checks = new Checks();
+ if (!checks.check(code, ClientSessionModel.Action.AUTHENTICATE.name())) {
+ return checks.response;
}
- if (!realm.isRegistrationAllowed()) {
+ if (!realm.isRegistrationAllowed()) {
event.error(Errors.REGISTRATION_DISABLED);
return ErrorPage.error(session, Messages.REGISTRATION_NOT_ALLOWED);
}
- ClientSessionCode clientCode = ClientSessionCode.parse(code, session, realm);
- if (clientCode == null) {
- event.error(Errors.INVALID_CODE);
- return ErrorPage.error(session, Messages.INVALID_CODE);
- }
- if (!clientCode.isValid(ClientSessionModel.Action.AUTHENTICATE.name())) {
- event.error(Errors.INVALID_CODE);
- return ErrorPage.error(session, Messages.INVALID_CODE);
- }
+ MultivaluedMap<String, String> formData = request.getDecodedFormParameters();
String username = formData.getFirst(Validation.FIELD_USERNAME);
String email = formData.getFirst(Validation.FIELD_EMAIL);
if (realm.isRegistrationEmailAsUsername()) {
username = email;
formData.putSingle(AuthenticationManager.FORM_USERNAME, username);
}
+ ClientSessionCode clientCode = checks.clientCode;
ClientSessionModel clientSession = clientCode.getClientSession();
event.client(clientSession.getClient())
.detail(Details.REDIRECT_URI, clientSession.getRedirectUri())
@@ -397,23 +384,6 @@ public class LoginActionsService {
.detail(Details.EMAIL, email)
.detail(Details.REGISTER_METHOD, "form");
- if (!realm.isEnabled()) {
- event.error(Errors.REALM_DISABLED);
- return ErrorPage.error(session, Messages.REALM_NOT_ENABLED);
- }
- ClientModel client = clientSession.getClient();
- if (client == null) {
- event.error(Errors.CLIENT_NOT_FOUND);
- return ErrorPage.error(session, Messages.UNKNOWN_LOGIN_REQUESTER);
- }
-
- if (!client.isEnabled()) {
- event.error(Errors.CLIENT_DISABLED);
- return ErrorPage.error(session, Messages.LOGIN_REQUESTER_NOT_ENABLED);
- }
-
- session.getContext().setClient(client);
-
List<String> requiredCredentialTypes = new LinkedList<>();
boolean passwordRequired = isPasswordRequired();
if (passwordRequired) {