keycloak-aplcache
Changes
core/src/main/java/org/keycloak/representations/idm/UserFederationProviderRepresentation.java 9(+9 -0)
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java 8(+4 -4)
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java 15(+14 -1)
model/picketlink/src/main/java/org/keycloak/models/picketlink/mappings/ApplicationData.java 89(+0 -89)
model/picketlink/src/main/java/org/keycloak/models/picketlink/mappings/ApplicationEntity.java 101(+0 -101)
model/picketlink/src/main/java/org/keycloak/models/picketlink/mappings/RealmEntity.java 204(+0 -204)
model/picketlink/src/main/java/org/keycloak/models/picketlink/PicketlinkKeycloakSession.java 119(+0 -119)
model/picketlink/src/main/java/org/keycloak/models/picketlink/PicketlinkKeycloakSessionFactory.java 31(+0 -31)
model/picketlink/src/main/java/org/keycloak/models/picketlink/PicketlinkKeycloakTransaction.java 41(+0 -41)
model/picketlink/src/main/java/org/keycloak/models/picketlink/PicketlinkModelProvider.java 82(+0 -82)
model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/ApplicationRelationship.java 41(+0 -41)
model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/OAuthClientRelationship.java 57(+0 -57)
model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/OAuthClientRequiredCredentialRelationship.java 8(+0 -8)
model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/RealmAdminRelationship.java 45(+0 -45)
model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/RealmListingRelationship.java 26(+0 -26)
model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/RequiredApplicationCredentialRelationship.java 8(+0 -8)
model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/RequiredCredentialRelationship.java 81(+0 -81)
model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/ScopeRelationship.java 51(+0 -51)
Details
diff --git a/connections/jpa/src/main/resources/META-INF/persistence.xml b/connections/jpa/src/main/resources/META-INF/persistence.xml
index 2463c4c..e2c80de 100755
--- a/connections/jpa/src/main/resources/META-INF/persistence.xml
+++ b/connections/jpa/src/main/resources/META-INF/persistence.xml
@@ -9,7 +9,7 @@
<class>org.keycloak.models.jpa.entities.RealmEntity</class>
<class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class>
<class>org.keycloak.models.jpa.entities.AuthenticationProviderEntity</class>
- <class>org.keycloak.models.jpa.entities.FederationProviderEntity</class>
+ <class>org.keycloak.models.jpa.entities.UserFederationProviderEntity</class>
<class>org.keycloak.models.jpa.entities.RoleEntity</class>
<class>org.keycloak.models.jpa.entities.SocialLinkEntity</class>
<class>org.keycloak.models.jpa.entities.AuthenticationLinkEntity</class>
diff --git a/core/src/main/java/org/keycloak/representations/idm/UserFederationProviderRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/UserFederationProviderRepresentation.java
index 90efd17..76541f9 100755
--- a/core/src/main/java/org/keycloak/representations/idm/UserFederationProviderRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/UserFederationProviderRepresentation.java
@@ -10,6 +10,7 @@ public class UserFederationProviderRepresentation {
private String id;
private String providerName;
private Map<String, String> config;
+ private int priority;
public String getId() {
return id;
@@ -36,6 +37,14 @@ public class UserFederationProviderRepresentation {
this.config = config;
}
+ public int getPriority() {
+ return priority;
+ }
+
+ public void setPriority(int priority) {
+ this.priority = priority;
+ }
+
@Override
public boolean equals(Object o) {
if (this == o) return true;
diff --git a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java
index 061cfe4..1690757 100755
--- a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java
+++ b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java
@@ -51,7 +51,7 @@ public class RealmEntity extends AbstractIdentifiableEntity {
private List<RequiredCredentialEntity> requiredCredentials = new ArrayList<RequiredCredentialEntity>();
private List<AuthenticationProviderEntity> authenticationProviders = new ArrayList<AuthenticationProviderEntity>();
- private List<FederationProviderEntity> federationProviders = new ArrayList<FederationProviderEntity>();
+ private List<UserFederationProviderEntity> userFederationProviders = new ArrayList<UserFederationProviderEntity>();
private Map<String, String> smtpConfig = new HashMap<String, String>();
private Map<String, String> socialConfig = new HashMap<String, String>();
@@ -383,11 +383,11 @@ public class RealmEntity extends AbstractIdentifiableEntity {
this.adminAppId = adminAppId;
}
- public List<FederationProviderEntity> getFederationProviders() {
- return federationProviders;
+ public List<UserFederationProviderEntity> getUserFederationProviders() {
+ return userFederationProviders;
}
- public void setFederationProviders(List<FederationProviderEntity> federationProviders) {
- this.federationProviders = federationProviders;
+ public void setUserFederationProviders(List<UserFederationProviderEntity> userFederationProviders) {
+ this.userFederationProviders = userFederationProviders;
}
}
diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java
index 1884dec..cc3a9b6 100755
--- a/model/api/src/main/java/org/keycloak/models/RealmModel.java
+++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java
@@ -167,6 +167,8 @@ public interface RealmModel extends RoleContainerModel {
List<UserFederationProviderModel> getUserFederationProviders();
+ UserFederationProviderModel addUserFederationProvider(String providerName, Map<String, String> config, int priority);
+ void removeUserFederationProvider(UserFederationProviderModel provider);
void setUserFederationProviders(List<UserFederationProviderModel> providers);
String getLoginTheme();
diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationProviderModel.java b/model/api/src/main/java/org/keycloak/models/UserFederationProviderModel.java
index 35fd727..a682c54 100755
--- a/model/api/src/main/java/org/keycloak/models/UserFederationProviderModel.java
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationProviderModel.java
@@ -12,10 +12,11 @@ public class UserFederationProviderModel {
private String id;
private String providerName;
private Map<String, String> config = new HashMap<String, String>();
+ private int priority;
public UserFederationProviderModel() {};
- public UserFederationProviderModel(String id, String providerName, Map<String, String> config) {
+ public UserFederationProviderModel(String id, String providerName, Map<String, String> config, int priority) {
this.id = id;
this.providerName = providerName;
if (config != null) {
@@ -42,4 +43,12 @@ public class UserFederationProviderModel {
public void setConfig(Map<String, String> config) {
this.config = config;
}
+
+ public int getPriority() {
+ return priority;
+ }
+
+ public void setPriority(int priority) {
+ this.priority = priority;
+ }
}
diff --git a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
index 6b3ec2d..06c6630 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@@ -1,702 +1,702 @@
-package org.keycloak.models.utils;
-
-import net.iharder.Base64;
-import org.jboss.logging.Logger;
-import org.keycloak.models.ApplicationModel;
-import org.keycloak.models.AuthenticationLinkModel;
-import org.keycloak.models.AuthenticationProviderModel;
-import org.keycloak.models.ClaimMask;
-import org.keycloak.models.ClientModel;
-import org.keycloak.models.UserFederationProviderModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.OAuthClientModel;
-import org.keycloak.models.PasswordPolicy;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.RoleModel;
-import org.keycloak.models.SocialLinkModel;
-import org.keycloak.models.UserCredentialModel;
-import org.keycloak.models.UserCredentialValueModel;
-import org.keycloak.models.UserModel;
-import org.keycloak.representations.idm.UserFederationProviderRepresentation;
-import org.keycloak.representations.idm.ApplicationRepresentation;
-import org.keycloak.representations.idm.AuthenticationLinkRepresentation;
-import org.keycloak.representations.idm.AuthenticationProviderRepresentation;
-import org.keycloak.representations.idm.ClaimRepresentation;
-import org.keycloak.representations.idm.CredentialRepresentation;
-import org.keycloak.representations.idm.OAuthClientRepresentation;
-import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.representations.idm.RoleRepresentation;
-import org.keycloak.representations.idm.ScopeMappingRepresentation;
-import org.keycloak.representations.idm.SocialLinkRepresentation;
-import org.keycloak.representations.idm.UserRepresentation;
-
-import java.io.IOException;
-import java.net.URI;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-public class RepresentationToModel {
-
- private static Logger logger = Logger.getLogger(RepresentationToModel.class);
-
- public static void importRealm(KeycloakSession session, RealmRepresentation rep, RealmModel newRealm) {
- newRealm.setName(rep.getRealm());
- if (rep.isEnabled() != null) newRealm.setEnabled(rep.isEnabled());
- if (rep.isSocial() != null) newRealm.setSocial(rep.isSocial());
- if (rep.isBruteForceProtected() != null) newRealm.setBruteForceProtected(rep.isBruteForceProtected());
- if (rep.getMaxFailureWaitSeconds() != null) newRealm.setMaxFailureWaitSeconds(rep.getMaxFailureWaitSeconds());
- if (rep.getMinimumQuickLoginWaitSeconds() != null) newRealm.setMinimumQuickLoginWaitSeconds(rep.getMinimumQuickLoginWaitSeconds());
- if (rep.getWaitIncrementSeconds() != null) newRealm.setWaitIncrementSeconds(rep.getWaitIncrementSeconds());
- if (rep.getQuickLoginCheckMilliSeconds() != null) newRealm.setQuickLoginCheckMilliSeconds(rep.getQuickLoginCheckMilliSeconds());
- if (rep.getMaxDeltaTimeSeconds() != null) newRealm.setMaxDeltaTimeSeconds(rep.getMaxDeltaTimeSeconds());
- if (rep.getFailureFactor() != null) newRealm.setFailureFactor(rep.getFailureFactor());
-
- if (rep.getNotBefore() != null) newRealm.setNotBefore(rep.getNotBefore());
-
- if (rep.getAccessTokenLifespan() != null) newRealm.setAccessTokenLifespan(rep.getAccessTokenLifespan());
- else newRealm.setAccessTokenLifespan(300);
-
- if (rep.getSsoSessionIdleTimeout() != null) newRealm.setSsoSessionIdleTimeout(rep.getSsoSessionIdleTimeout());
- else newRealm.setSsoSessionIdleTimeout(600);
- if (rep.getSsoSessionMaxLifespan() != null) newRealm.setSsoSessionMaxLifespan(rep.getSsoSessionMaxLifespan());
- else newRealm.setSsoSessionMaxLifespan(36000);
-
- if (rep.getAccessCodeLifespan() != null) newRealm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
- else newRealm.setAccessCodeLifespan(60);
-
- if (rep.getAccessCodeLifespanUserAction() != null)
- newRealm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction());
- else newRealm.setAccessCodeLifespanUserAction(300);
-
- if (rep.isSslNotRequired() != null) newRealm.setSslNotRequired(rep.isSslNotRequired());
- if (rep.isPasswordCredentialGrantAllowed() != null) newRealm.setPasswordCredentialGrantAllowed(rep.isPasswordCredentialGrantAllowed());
- if (rep.isRegistrationAllowed() != null) newRealm.setRegistrationAllowed(rep.isRegistrationAllowed());
- if (rep.isRememberMe() != null) newRealm.setRememberMe(rep.isRememberMe());
- if (rep.isVerifyEmail() != null) newRealm.setVerifyEmail(rep.isVerifyEmail());
- if (rep.isResetPasswordAllowed() != null) newRealm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
- if (rep.isUpdateProfileOnInitialSocialLogin() != null)
- newRealm.setUpdateProfileOnInitialSocialLogin(rep.isUpdateProfileOnInitialSocialLogin());
- if (rep.getPrivateKey() == null || rep.getPublicKey() == null) {
- KeycloakModelUtils.generateRealmKeys(newRealm);
- } else {
- newRealm.setPrivateKeyPem(rep.getPrivateKey());
- newRealm.setPublicKeyPem(rep.getPublicKey());
- }
- if (rep.getLoginTheme() != null) newRealm.setLoginTheme(rep.getLoginTheme());
- if (rep.getAccountTheme() != null) newRealm.setAccountTheme(rep.getAccountTheme());
- if (rep.getAdminTheme() != null) newRealm.setAdminTheme(rep.getAdminTheme());
- if (rep.getEmailTheme() != null) newRealm.setEmailTheme(rep.getEmailTheme());
-
- if (rep.getRequiredCredentials() != null) {
- for (String requiredCred : rep.getRequiredCredentials()) {
- addRequiredCredential(newRealm, requiredCred);
- }
- } else {
- addRequiredCredential(newRealm, CredentialRepresentation.PASSWORD);
- }
-
- if (rep.getPasswordPolicy() != null) newRealm.setPasswordPolicy(new PasswordPolicy(rep.getPasswordPolicy()));
-
- if (rep.getApplications() != null) {
- Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
- }
-
- if (rep.getRoles() != null) {
- if (rep.getRoles().getRealm() != null) { // realm roles
- for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
- createRole(newRealm, roleRep);
- }
- }
- if (rep.getRoles().getApplication() != null) {
- for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
- ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
- if (app == null) {
- throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
- }
- for (RoleRepresentation roleRep : entry.getValue()) {
- // Application role may already exists (for example if it is defaultRole)
- RoleModel role = roleRep.getId()!=null ? app.addRole(roleRep.getId(), roleRep.getName()) : app.addRole(roleRep.getName());
- role.setDescription(roleRep.getDescription());
- }
- }
- }
- // now that all roles are created, re-iterate and set up composites
- if (rep.getRoles().getRealm() != null) { // realm roles
- for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
- RoleModel role = newRealm.getRole(roleRep.getName());
- addComposites(role, roleRep, newRealm);
- }
- }
- if (rep.getRoles().getApplication() != null) {
- for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
- ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
- if (app == null) {
- throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
- }
- for (RoleRepresentation roleRep : entry.getValue()) {
- RoleModel role = app.getRole(roleRep.getName());
- addComposites(role, roleRep, newRealm);
- }
- }
- }
- }
-
- // Setup realm default roles
- if (rep.getDefaultRoles() != null) {
- for (String roleString : rep.getDefaultRoles()) {
- newRealm.addDefaultRole(roleString.trim());
- }
- }
- // Setup application default roles
- if (rep.getApplications() != null) {
- for (ApplicationRepresentation resourceRep : rep.getApplications()) {
- if (resourceRep.getDefaultRoles() != null) {
- ApplicationModel appModel = newRealm.getApplicationByName(resourceRep.getName());
- appModel.updateDefaultRoles(resourceRep.getDefaultRoles());
- }
- }
- }
-
- if (rep.getOauthClients() != null) {
- createOAuthClients(rep, newRealm);
- }
-
-
- // Now that all possible roles and applications are created, create scope mappings
-
- Map<String, ApplicationModel> appMap = newRealm.getApplicationNameMap();
-
- if (rep.getApplicationScopeMappings() != null) {
-
- for (Map.Entry<String, List<ScopeMappingRepresentation>> entry : rep.getApplicationScopeMappings().entrySet()) {
- ApplicationModel app = appMap.get(entry.getKey());
- if (app == null) {
- throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
- }
- createApplicationScopeMappings(newRealm, app, entry.getValue());
- }
- }
-
- if (rep.getScopeMappings() != null) {
- for (ScopeMappingRepresentation scope : rep.getScopeMappings()) {
- ClientModel client = newRealm.findClient(scope.getClient());
- for (String roleString : scope.getRoles()) {
- RoleModel role = newRealm.getRole(roleString.trim());
- if (role == null) {
- role = newRealm.addRole(roleString.trim());
- }
- client.addScopeMapping(role);
- }
-
- }
- }
-
- if (rep.getSmtpServer() != null) {
- newRealm.setSmtpConfig(new HashMap(rep.getSmtpServer()));
- }
-
- if (rep.getSocialProviders() != null) {
- newRealm.setSocialConfig(new HashMap(rep.getSocialProviders()));
- }
- if (rep.getLdapServer() != null) {
- newRealm.setLdapServerConfig(new HashMap(rep.getLdapServer()));
- }
-
- if (rep.getAuthenticationProviders() != null) {
- List<AuthenticationProviderModel> authProviderModels = convertAuthenticationProviders(rep.getAuthenticationProviders());
- newRealm.setAuthenticationProviders(authProviderModels);
- } else {
- List<AuthenticationProviderModel> authProviderModels = Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER);
- newRealm.setAuthenticationProviders(authProviderModels);
- }
-
- if (rep.getUserFederationProviders() != null) {
- List<UserFederationProviderModel> providerModels = convertFederationProviders(rep.getUserFederationProviders());
- newRealm.setUserFederationProviders(providerModels);
- }
-
- // create users and their role mappings and social mappings
-
- if (rep.getUsers() != null) {
- for (UserRepresentation userRep : rep.getUsers()) {
- UserModel user = createUser(session, newRealm, userRep, appMap);
- }
- }
- }
-
- public static void updateRealm(RealmRepresentation rep, RealmModel realm) {
- if (rep.getRealm() != null) {
- realm.setName(rep.getRealm());
- }
- if (rep.isEnabled() != null) realm.setEnabled(rep.isEnabled());
- if (rep.isSocial() != null) realm.setSocial(rep.isSocial());
- if (rep.isBruteForceProtected() != null) realm.setBruteForceProtected(rep.isBruteForceProtected());
- if (rep.getMaxFailureWaitSeconds() != null) realm.setMaxFailureWaitSeconds(rep.getMaxFailureWaitSeconds());
- if (rep.getMinimumQuickLoginWaitSeconds() != null) realm.setMinimumQuickLoginWaitSeconds(rep.getMinimumQuickLoginWaitSeconds());
- if (rep.getWaitIncrementSeconds() != null) realm.setWaitIncrementSeconds(rep.getWaitIncrementSeconds());
- if (rep.getQuickLoginCheckMilliSeconds() != null) realm.setQuickLoginCheckMilliSeconds(rep.getQuickLoginCheckMilliSeconds());
- if (rep.getMaxDeltaTimeSeconds() != null) realm.setMaxDeltaTimeSeconds(rep.getMaxDeltaTimeSeconds());
- if (rep.getFailureFactor() != null) realm.setFailureFactor(rep.getFailureFactor());
- if (rep.isPasswordCredentialGrantAllowed() != null) realm.setPasswordCredentialGrantAllowed(rep.isPasswordCredentialGrantAllowed());
- if (rep.isRegistrationAllowed() != null) realm.setRegistrationAllowed(rep.isRegistrationAllowed());
- if (rep.isRememberMe() != null) realm.setRememberMe(rep.isRememberMe());
- if (rep.isVerifyEmail() != null) realm.setVerifyEmail(rep.isVerifyEmail());
- if (rep.isResetPasswordAllowed() != null) realm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
- if (rep.isUpdateProfileOnInitialSocialLogin() != null)
- realm.setUpdateProfileOnInitialSocialLogin(rep.isUpdateProfileOnInitialSocialLogin());
- if (rep.isSslNotRequired() != null) realm.setSslNotRequired((rep.isSslNotRequired()));
- if (rep.getAccessCodeLifespan() != null) realm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
- if (rep.getAccessCodeLifespanUserAction() != null)
- realm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction());
- if (rep.getNotBefore() != null) realm.setNotBefore(rep.getNotBefore());
- if (rep.getAccessTokenLifespan() != null) realm.setAccessTokenLifespan(rep.getAccessTokenLifespan());
- if (rep.getSsoSessionIdleTimeout() != null) realm.setSsoSessionIdleTimeout(rep.getSsoSessionIdleTimeout());
- if (rep.getSsoSessionMaxLifespan() != null) realm.setSsoSessionMaxLifespan(rep.getSsoSessionMaxLifespan());
- if (rep.getRequiredCredentials() != null) {
- realm.updateRequiredCredentials(rep.getRequiredCredentials());
- }
- if (rep.getLoginTheme() != null) realm.setLoginTheme(rep.getLoginTheme());
- if (rep.getAccountTheme() != null) realm.setAccountTheme(rep.getAccountTheme());
- if (rep.getAdminTheme() != null) realm.setAdminTheme(rep.getAdminTheme());
- if (rep.getEmailTheme() != null) realm.setEmailTheme(rep.getEmailTheme());
-
- if (rep.getPasswordPolicy() != null) realm.setPasswordPolicy(new PasswordPolicy(rep.getPasswordPolicy()));
-
- if (rep.getDefaultRoles() != null) {
- realm.updateDefaultRoles(rep.getDefaultRoles().toArray(new String[rep.getDefaultRoles().size()]));
- }
-
- if (rep.getSmtpServer() != null) {
- realm.setSmtpConfig(new HashMap(rep.getSmtpServer()));
- }
-
- if (rep.getSocialProviders() != null) {
- realm.setSocialConfig(new HashMap(rep.getSocialProviders()));
- }
-
- if (rep.getLdapServer() != null) {
- realm.setLdapServerConfig(new HashMap(rep.getLdapServer()));
- }
- if (rep.getAuthenticationProviders() != null) {
- List<AuthenticationProviderModel> authProviderModels = convertAuthenticationProviders(rep.getAuthenticationProviders());
- realm.setAuthenticationProviders(authProviderModels);
- }
-
- if (rep.getUserFederationProviders() != null) {
- List<UserFederationProviderModel> providerModels = convertFederationProviders(rep.getUserFederationProviders());
- realm.setUserFederationProviders(providerModels);
- }
-
- if ("GENERATE".equals(rep.getPublicKey())) {
- KeycloakModelUtils.generateRealmKeys(realm);
- }
- }
-
- // Basic realm stuff
-
- public static void addRequiredCredential(RealmModel newRealm, String requiredCred) {
- newRealm.addRequiredCredential(requiredCred);
- }
-
-
- private static List<AuthenticationProviderModel> convertAuthenticationProviders(List<AuthenticationProviderRepresentation> authenticationProviders) {
- List<AuthenticationProviderModel> result = new ArrayList<AuthenticationProviderModel>();
-
- for (AuthenticationProviderRepresentation representation : authenticationProviders) {
- AuthenticationProviderModel model = new AuthenticationProviderModel(representation.getProviderName(),
- representation.isPasswordUpdateSupported(), representation.getConfig());
- result.add(model);
- }
- return result;
- }
-
- private static List<UserFederationProviderModel> convertFederationProviders(List<UserFederationProviderRepresentation> providers) {
- List<UserFederationProviderModel> result = new ArrayList<UserFederationProviderModel>();
-
- for (UserFederationProviderRepresentation representation : providers) {
- UserFederationProviderModel model = new UserFederationProviderModel(representation.getId(), representation.getProviderName(),
- representation.getConfig());
- result.add(model);
- }
- return result;
- }
-
- // Roles
-
- public static void createRole(RealmModel newRealm, RoleRepresentation roleRep) {
- RoleModel role = roleRep.getId()!=null ? newRealm.addRole(roleRep.getId(), roleRep.getName()) : newRealm.addRole(roleRep.getName());
- if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
- }
-
- private static void addComposites(RoleModel role, RoleRepresentation roleRep, RealmModel realm) {
- if (roleRep.getComposites() == null) return;
- if (roleRep.getComposites().getRealm() != null) {
- for (String roleStr : roleRep.getComposites().getRealm()) {
- RoleModel realmRole = realm.getRole(roleStr);
- if (realmRole == null) throw new RuntimeException("Unable to find composite realm role: " + roleStr);
- role.addCompositeRole(realmRole);
- }
- }
- if (roleRep.getComposites().getApplication() != null) {
- for (Map.Entry<String, List<String>> entry : roleRep.getComposites().getApplication().entrySet()) {
- ApplicationModel app = realm.getApplicationByName(entry.getKey());
- if (app == null) {
- throw new RuntimeException("App doesn't exist in role definitions: " + roleRep.getName());
- }
- for (String roleStr : entry.getValue()) {
- RoleModel appRole = app.getRole(roleStr);
- if (appRole == null) throw new RuntimeException("Unable to find composite app role: " + roleStr);
- role.addCompositeRole(appRole);
- }
-
- }
-
- }
-
- }
-
- // APPLICATIONS
-
- private static Map<String, ApplicationModel> createApplications(RealmRepresentation rep, RealmModel realm) {
- Map<String, ApplicationModel> appMap = new HashMap<String, ApplicationModel>();
- for (ApplicationRepresentation resourceRep : rep.getApplications()) {
- ApplicationModel app = createApplication(realm, resourceRep, false);
- appMap.put(app.getName(), app);
- }
- return appMap;
- }
-
- /**
- * Does not create scope or role mappings!
- *
- * @param realm
- * @param resourceRep
- * @return
- */
- public static ApplicationModel createApplication(RealmModel realm, ApplicationRepresentation resourceRep, boolean addDefaultRoles) {
- logger.debug("************ CREATE APPLICATION: {0}" + resourceRep.getName());
- ApplicationModel applicationModel = resourceRep.getId()!=null ? realm.addApplication(resourceRep.getId(), resourceRep.getName()) : realm.addApplication(resourceRep.getName());
- if (resourceRep.isEnabled() != null) applicationModel.setEnabled(resourceRep.isEnabled());
- applicationModel.setManagementUrl(resourceRep.getAdminUrl());
- if (resourceRep.isSurrogateAuthRequired() != null)
- applicationModel.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
- applicationModel.setBaseUrl(resourceRep.getBaseUrl());
- if (resourceRep.isBearerOnly() != null) applicationModel.setBearerOnly(resourceRep.isBearerOnly());
- if (resourceRep.isPublicClient() != null) applicationModel.setPublicClient(resourceRep.isPublicClient());
- applicationModel.updateApplication();
-
- if (resourceRep.getNotBefore() != null) {
- applicationModel.setNotBefore(resourceRep.getNotBefore());
- }
-
- applicationModel.setSecret(resourceRep.getSecret());
- if (applicationModel.getSecret() == null) {
- KeycloakModelUtils.generateSecret(applicationModel);
- }
-
-
- if (resourceRep.getRedirectUris() != null) {
- for (String redirectUri : resourceRep.getRedirectUris()) {
- applicationModel.addRedirectUri(redirectUri);
- }
- }
- if (resourceRep.getWebOrigins() != null) {
- for (String webOrigin : resourceRep.getWebOrigins()) {
- logger.debugv("Application: {0} webOrigin: {1}", resourceRep.getName(), webOrigin);
- applicationModel.addWebOrigin(webOrigin);
- }
- } else {
- // add origins from redirect uris
- if (resourceRep.getRedirectUris() != null) {
- Set<String> origins = new HashSet<String>();
- for (String redirectUri : resourceRep.getRedirectUris()) {
- logger.info("add redirectUri to origin: " + redirectUri);
- if (redirectUri.startsWith("http:")) {
- URI uri = URI.create(redirectUri);
- String origin = uri.getScheme() + "://" + uri.getHost();
- if (uri.getPort() != -1) {
- origin += ":" + uri.getPort();
- }
- logger.debugv("adding default application origin: {0}" , origin);
- origins.add(origin);
- }
- }
- if (origins.size() > 0) {
- applicationModel.setWebOrigins(origins);
- }
- }
- }
-
- if (addDefaultRoles && resourceRep.getDefaultRoles() != null) {
- applicationModel.updateDefaultRoles(resourceRep.getDefaultRoles());
- }
-
- if (resourceRep.getClaims() != null) {
- setClaims(applicationModel, resourceRep.getClaims());
- } else {
- applicationModel.setAllowedClaimsMask(ClaimMask.USERNAME);
- }
-
- return applicationModel;
- }
-
- public static void updateApplication(ApplicationRepresentation rep, ApplicationModel resource) {
- if (rep.getName() != null) resource.setName(rep.getName());
- if (rep.isEnabled() != null) resource.setEnabled(rep.isEnabled());
- if (rep.isBearerOnly() != null) resource.setBearerOnly(rep.isBearerOnly());
- if (rep.isPublicClient() != null) resource.setPublicClient(rep.isPublicClient());
- if (rep.getAdminUrl() != null) resource.setManagementUrl(rep.getAdminUrl());
- if (rep.getBaseUrl() != null) resource.setBaseUrl(rep.getBaseUrl());
- if (rep.isSurrogateAuthRequired() != null) resource.setSurrogateAuthRequired(rep.isSurrogateAuthRequired());
- resource.updateApplication();
-
- if (rep.getNotBefore() != null) {
- resource.setNotBefore(rep.getNotBefore());
- }
- if (rep.getDefaultRoles() != null) {
- resource.updateDefaultRoles(rep.getDefaultRoles());
- }
-
- List<String> redirectUris = rep.getRedirectUris();
- if (redirectUris != null) {
- resource.setRedirectUris(new HashSet<String>(redirectUris));
- }
-
- List<String> webOrigins = rep.getWebOrigins();
- if (webOrigins != null) {
- resource.setWebOrigins(new HashSet<String>(webOrigins));
- }
-
- if (rep.getClaims() != null) {
- setClaims(resource, rep.getClaims());
- }
- }
-
- public static void setClaims(ClientModel model, ClaimRepresentation rep) {
- long mask = model.getAllowedClaimsMask();
- if (rep.getAddress()) {
- mask |= ClaimMask.ADDRESS;
- } else {
- mask &= ~ClaimMask.ADDRESS;
- }
- if (rep.getEmail()) {
- mask |= ClaimMask.EMAIL;
- } else {
- mask &= ~ClaimMask.EMAIL;
- }
- if (rep.getGender()) {
- mask |= ClaimMask.GENDER;
- } else {
- mask &= ~ClaimMask.GENDER;
- }
- if (rep.getLocale()) {
- mask |= ClaimMask.LOCALE;
- } else {
- mask &= ~ClaimMask.LOCALE;
- }
- if (rep.getName()) {
- mask |= ClaimMask.NAME;
- } else {
- mask &= ~ClaimMask.NAME;
- }
- if (rep.getPhone()) {
- mask |= ClaimMask.PHONE;
- } else {
- mask &= ~ClaimMask.PHONE;
- }
- if (rep.getPicture()) {
- mask |= ClaimMask.PICTURE;
- } else {
- mask &= ~ClaimMask.PICTURE;
- }
- if (rep.getProfile()) {
- mask |= ClaimMask.PROFILE;
- } else {
- mask &= ~ClaimMask.PROFILE;
- }
- if (rep.getUsername()) {
- mask |= ClaimMask.USERNAME;
- } else {
- mask &= ~ClaimMask.USERNAME;
- }
- if (rep.getWebsite()) {
- mask |= ClaimMask.WEBSITE;
- } else {
- mask &= ~ClaimMask.WEBSITE;
- }
- model.setAllowedClaimsMask(mask);
- }
-
- // OAuth clients
-
- private static void createOAuthClients(RealmRepresentation realmRep, RealmModel realm) {
- for (OAuthClientRepresentation rep : realmRep.getOauthClients()) {
- createOAuthClient(rep, realm);
- }
- }
-
- public static OAuthClientModel createOAuthClient(String id, String name, RealmModel realm) {
- OAuthClientModel model = id!=null ? realm.addOAuthClient(id, name) : realm.addOAuthClient(name);
- KeycloakModelUtils.generateSecret(model);
- return model;
- }
-
- public static OAuthClientModel createOAuthClient(OAuthClientRepresentation rep, RealmModel realm) {
- OAuthClientModel model = createOAuthClient(rep.getId(), rep.getName(), realm);
- updateOAuthClient(rep, model);
- return model;
- }
-
- public static void updateOAuthClient(OAuthClientRepresentation rep, OAuthClientModel model) {
- if (rep.getName() != null) model.setClientId(rep.getName());
- if (rep.isEnabled() != null) model.setEnabled(rep.isEnabled());
- if (rep.isPublicClient() != null) model.setPublicClient(rep.isPublicClient());
- if (rep.isDirectGrantsOnly() != null) model.setDirectGrantsOnly(rep.isDirectGrantsOnly());
- if (rep.getClaims() != null) {
- setClaims(model, rep.getClaims());
- }
- if (rep.getNotBefore() != null) {
- model.setNotBefore(rep.getNotBefore());
- }
- if (rep.getSecret() != null) model.setSecret(rep.getSecret());
- List<String> redirectUris = rep.getRedirectUris();
- if (redirectUris != null) {
- model.setRedirectUris(new HashSet<String>(redirectUris));
- }
-
- List<String> webOrigins = rep.getWebOrigins();
- if (webOrigins != null) {
- model.setWebOrigins(new HashSet<String>(webOrigins));
- }
-
- if (rep.getClaims() != null) {
- setClaims(model, rep.getClaims());
- }
-
- if (rep.getNotBefore() != null) {
- model.setNotBefore(rep.getNotBefore());
- }
-
- }
-
- // Scope mappings
-
- public static void createApplicationScopeMappings(RealmModel realm, ApplicationModel applicationModel, List<ScopeMappingRepresentation> mappings) {
- for (ScopeMappingRepresentation mapping : mappings) {
- ClientModel client = realm.findClient(mapping.getClient());
- for (String roleString : mapping.getRoles()) {
- RoleModel role = applicationModel.getRole(roleString.trim());
- if (role == null) {
- role = applicationModel.addRole(roleString.trim());
- }
- client.addScopeMapping(role);
- }
- }
- }
-
- // Users
-
- public static UserModel createUser(KeycloakSession session, RealmModel newRealm, UserRepresentation userRep, Map<String, ApplicationModel> appMap) {
- UserModel user = session.users().addUser(newRealm, userRep.getId(), userRep.getUsername(), false);
- user.setEnabled(userRep.isEnabled());
- user.setEmail(userRep.getEmail());
- user.setFirstName(userRep.getFirstName());
- user.setLastName(userRep.getLastName());
- user.setFederationLink(userRep.getFederationLink());
- if (userRep.getAttributes() != null) {
- for (Map.Entry<String, String> entry : userRep.getAttributes().entrySet()) {
- user.setAttribute(entry.getKey(), entry.getValue());
- }
- }
- if (userRep.getRequiredActions() != null) {
- for (String requiredAction : userRep.getRequiredActions()) {
- user.addRequiredAction(UserModel.RequiredAction.valueOf(requiredAction));
- }
- }
- if (userRep.getCredentials() != null) {
- for (CredentialRepresentation cred : userRep.getCredentials()) {
- updateCredential(user, cred);
- }
- }
- if (userRep.getAuthenticationLink() != null) {
- AuthenticationLinkRepresentation link = userRep.getAuthenticationLink();
- AuthenticationLinkModel authLink = new AuthenticationLinkModel(link.getAuthProvider(), link.getAuthUserId());
- user.setAuthenticationLink(authLink);
- }
- if (userRep.getSocialLinks() != null) {
- for (SocialLinkRepresentation socialLink : userRep.getSocialLinks()) {
- SocialLinkModel mappingModel = new SocialLinkModel(socialLink.getSocialProvider(), socialLink.getSocialUserId(), socialLink.getSocialUsername());
- session.users().addSocialLink(newRealm, user, mappingModel);
- }
- }
- if (userRep.getRealmRoles() != null) {
- for (String roleString : userRep.getRealmRoles()) {
- RoleModel role = newRealm.getRole(roleString.trim());
- if (role == null) {
- role = newRealm.addRole(roleString.trim());
- }
- user.grantRole(role);
- }
- }
- if (userRep.getApplicationRoles() != null) {
- for (Map.Entry<String, List<String>> entry : userRep.getApplicationRoles().entrySet()) {
- ApplicationModel app = appMap.get(entry.getKey());
- if (app == null) {
- throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
- }
- createApplicationRoleMappings(app, user, entry.getValue());
- }
- }
- return user;
- }
-
- // Detect if it is "plain-text" or "hashed" representation and update model according to it
- private static void updateCredential(UserModel user, CredentialRepresentation cred) {
- if (cred.getValue() != null) {
- UserCredentialModel plainTextCred = convertCredential(cred);
- user.updateCredential(plainTextCred);
- } else {
- UserCredentialValueModel hashedCred = new UserCredentialValueModel();
- hashedCred.setType(cred.getType());
- hashedCred.setDevice(cred.getDevice());
- hashedCred.setHashIterations(cred.getHashIterations());
- try {
- hashedCred.setSalt(Base64.decode(cred.getSalt()));
- } catch (IOException ioe) {
- throw new RuntimeException(ioe);
- }
- hashedCred.setValue(cred.getHashedSaltedValue());
- user.updateCredentialDirectly(hashedCred);
- }
- }
-
- public static UserCredentialModel convertCredential(CredentialRepresentation cred) {
- UserCredentialModel credential = new UserCredentialModel();
- credential.setType(cred.getType());
- credential.setValue(cred.getValue());
- return credential;
- }
-
- // Role mappings
-
- public static void createApplicationRoleMappings(ApplicationModel applicationModel, UserModel user, List<String> roleNames) {
- if (user == null) {
- throw new RuntimeException("User not found");
- }
-
- for (String roleName : roleNames) {
- RoleModel role = applicationModel.getRole(roleName.trim());
- if (role == null) {
- role = applicationModel.addRole(roleName.trim());
- }
- user.grantRole(role);
-
- }
- }
-
-}
+package org.keycloak.models.utils;
+
+import net.iharder.Base64;
+import org.jboss.logging.Logger;
+import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.AuthenticationLinkModel;
+import org.keycloak.models.AuthenticationProviderModel;
+import org.keycloak.models.ClaimMask;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.UserFederationProviderModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.OAuthClientModel;
+import org.keycloak.models.PasswordPolicy;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleModel;
+import org.keycloak.models.SocialLinkModel;
+import org.keycloak.models.UserCredentialModel;
+import org.keycloak.models.UserCredentialValueModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.representations.idm.UserFederationProviderRepresentation;
+import org.keycloak.representations.idm.ApplicationRepresentation;
+import org.keycloak.representations.idm.AuthenticationLinkRepresentation;
+import org.keycloak.representations.idm.AuthenticationProviderRepresentation;
+import org.keycloak.representations.idm.ClaimRepresentation;
+import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.representations.idm.OAuthClientRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.ScopeMappingRepresentation;
+import org.keycloak.representations.idm.SocialLinkRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
+
+import java.io.IOException;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+public class RepresentationToModel {
+
+ private static Logger logger = Logger.getLogger(RepresentationToModel.class);
+
+ public static void importRealm(KeycloakSession session, RealmRepresentation rep, RealmModel newRealm) {
+ newRealm.setName(rep.getRealm());
+ if (rep.isEnabled() != null) newRealm.setEnabled(rep.isEnabled());
+ if (rep.isSocial() != null) newRealm.setSocial(rep.isSocial());
+ if (rep.isBruteForceProtected() != null) newRealm.setBruteForceProtected(rep.isBruteForceProtected());
+ if (rep.getMaxFailureWaitSeconds() != null) newRealm.setMaxFailureWaitSeconds(rep.getMaxFailureWaitSeconds());
+ if (rep.getMinimumQuickLoginWaitSeconds() != null) newRealm.setMinimumQuickLoginWaitSeconds(rep.getMinimumQuickLoginWaitSeconds());
+ if (rep.getWaitIncrementSeconds() != null) newRealm.setWaitIncrementSeconds(rep.getWaitIncrementSeconds());
+ if (rep.getQuickLoginCheckMilliSeconds() != null) newRealm.setQuickLoginCheckMilliSeconds(rep.getQuickLoginCheckMilliSeconds());
+ if (rep.getMaxDeltaTimeSeconds() != null) newRealm.setMaxDeltaTimeSeconds(rep.getMaxDeltaTimeSeconds());
+ if (rep.getFailureFactor() != null) newRealm.setFailureFactor(rep.getFailureFactor());
+
+ if (rep.getNotBefore() != null) newRealm.setNotBefore(rep.getNotBefore());
+
+ if (rep.getAccessTokenLifespan() != null) newRealm.setAccessTokenLifespan(rep.getAccessTokenLifespan());
+ else newRealm.setAccessTokenLifespan(300);
+
+ if (rep.getSsoSessionIdleTimeout() != null) newRealm.setSsoSessionIdleTimeout(rep.getSsoSessionIdleTimeout());
+ else newRealm.setSsoSessionIdleTimeout(600);
+ if (rep.getSsoSessionMaxLifespan() != null) newRealm.setSsoSessionMaxLifespan(rep.getSsoSessionMaxLifespan());
+ else newRealm.setSsoSessionMaxLifespan(36000);
+
+ if (rep.getAccessCodeLifespan() != null) newRealm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
+ else newRealm.setAccessCodeLifespan(60);
+
+ if (rep.getAccessCodeLifespanUserAction() != null)
+ newRealm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction());
+ else newRealm.setAccessCodeLifespanUserAction(300);
+
+ if (rep.isSslNotRequired() != null) newRealm.setSslNotRequired(rep.isSslNotRequired());
+ if (rep.isPasswordCredentialGrantAllowed() != null) newRealm.setPasswordCredentialGrantAllowed(rep.isPasswordCredentialGrantAllowed());
+ if (rep.isRegistrationAllowed() != null) newRealm.setRegistrationAllowed(rep.isRegistrationAllowed());
+ if (rep.isRememberMe() != null) newRealm.setRememberMe(rep.isRememberMe());
+ if (rep.isVerifyEmail() != null) newRealm.setVerifyEmail(rep.isVerifyEmail());
+ if (rep.isResetPasswordAllowed() != null) newRealm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
+ if (rep.isUpdateProfileOnInitialSocialLogin() != null)
+ newRealm.setUpdateProfileOnInitialSocialLogin(rep.isUpdateProfileOnInitialSocialLogin());
+ if (rep.getPrivateKey() == null || rep.getPublicKey() == null) {
+ KeycloakModelUtils.generateRealmKeys(newRealm);
+ } else {
+ newRealm.setPrivateKeyPem(rep.getPrivateKey());
+ newRealm.setPublicKeyPem(rep.getPublicKey());
+ }
+ if (rep.getLoginTheme() != null) newRealm.setLoginTheme(rep.getLoginTheme());
+ if (rep.getAccountTheme() != null) newRealm.setAccountTheme(rep.getAccountTheme());
+ if (rep.getAdminTheme() != null) newRealm.setAdminTheme(rep.getAdminTheme());
+ if (rep.getEmailTheme() != null) newRealm.setEmailTheme(rep.getEmailTheme());
+
+ if (rep.getRequiredCredentials() != null) {
+ for (String requiredCred : rep.getRequiredCredentials()) {
+ addRequiredCredential(newRealm, requiredCred);
+ }
+ } else {
+ addRequiredCredential(newRealm, CredentialRepresentation.PASSWORD);
+ }
+
+ if (rep.getPasswordPolicy() != null) newRealm.setPasswordPolicy(new PasswordPolicy(rep.getPasswordPolicy()));
+
+ if (rep.getApplications() != null) {
+ Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
+ }
+
+ if (rep.getRoles() != null) {
+ if (rep.getRoles().getRealm() != null) { // realm roles
+ for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
+ createRole(newRealm, roleRep);
+ }
+ }
+ if (rep.getRoles().getApplication() != null) {
+ for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
+ ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
+ if (app == null) {
+ throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
+ }
+ for (RoleRepresentation roleRep : entry.getValue()) {
+ // Application role may already exists (for example if it is defaultRole)
+ RoleModel role = roleRep.getId()!=null ? app.addRole(roleRep.getId(), roleRep.getName()) : app.addRole(roleRep.getName());
+ role.setDescription(roleRep.getDescription());
+ }
+ }
+ }
+ // now that all roles are created, re-iterate and set up composites
+ if (rep.getRoles().getRealm() != null) { // realm roles
+ for (RoleRepresentation roleRep : rep.getRoles().getRealm()) {
+ RoleModel role = newRealm.getRole(roleRep.getName());
+ addComposites(role, roleRep, newRealm);
+ }
+ }
+ if (rep.getRoles().getApplication() != null) {
+ for (Map.Entry<String, List<RoleRepresentation>> entry : rep.getRoles().getApplication().entrySet()) {
+ ApplicationModel app = newRealm.getApplicationByName(entry.getKey());
+ if (app == null) {
+ throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
+ }
+ for (RoleRepresentation roleRep : entry.getValue()) {
+ RoleModel role = app.getRole(roleRep.getName());
+ addComposites(role, roleRep, newRealm);
+ }
+ }
+ }
+ }
+
+ // Setup realm default roles
+ if (rep.getDefaultRoles() != null) {
+ for (String roleString : rep.getDefaultRoles()) {
+ newRealm.addDefaultRole(roleString.trim());
+ }
+ }
+ // Setup application default roles
+ if (rep.getApplications() != null) {
+ for (ApplicationRepresentation resourceRep : rep.getApplications()) {
+ if (resourceRep.getDefaultRoles() != null) {
+ ApplicationModel appModel = newRealm.getApplicationByName(resourceRep.getName());
+ appModel.updateDefaultRoles(resourceRep.getDefaultRoles());
+ }
+ }
+ }
+
+ if (rep.getOauthClients() != null) {
+ createOAuthClients(rep, newRealm);
+ }
+
+
+ // Now that all possible roles and applications are created, create scope mappings
+
+ Map<String, ApplicationModel> appMap = newRealm.getApplicationNameMap();
+
+ if (rep.getApplicationScopeMappings() != null) {
+
+ for (Map.Entry<String, List<ScopeMappingRepresentation>> entry : rep.getApplicationScopeMappings().entrySet()) {
+ ApplicationModel app = appMap.get(entry.getKey());
+ if (app == null) {
+ throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
+ }
+ createApplicationScopeMappings(newRealm, app, entry.getValue());
+ }
+ }
+
+ if (rep.getScopeMappings() != null) {
+ for (ScopeMappingRepresentation scope : rep.getScopeMappings()) {
+ ClientModel client = newRealm.findClient(scope.getClient());
+ for (String roleString : scope.getRoles()) {
+ RoleModel role = newRealm.getRole(roleString.trim());
+ if (role == null) {
+ role = newRealm.addRole(roleString.trim());
+ }
+ client.addScopeMapping(role);
+ }
+
+ }
+ }
+
+ if (rep.getSmtpServer() != null) {
+ newRealm.setSmtpConfig(new HashMap(rep.getSmtpServer()));
+ }
+
+ if (rep.getSocialProviders() != null) {
+ newRealm.setSocialConfig(new HashMap(rep.getSocialProviders()));
+ }
+ if (rep.getLdapServer() != null) {
+ newRealm.setLdapServerConfig(new HashMap(rep.getLdapServer()));
+ }
+
+ if (rep.getAuthenticationProviders() != null) {
+ List<AuthenticationProviderModel> authProviderModels = convertAuthenticationProviders(rep.getAuthenticationProviders());
+ newRealm.setAuthenticationProviders(authProviderModels);
+ } else {
+ List<AuthenticationProviderModel> authProviderModels = Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER);
+ newRealm.setAuthenticationProviders(authProviderModels);
+ }
+
+ if (rep.getUserFederationProviders() != null) {
+ List<UserFederationProviderModel> providerModels = convertFederationProviders(rep.getUserFederationProviders());
+ newRealm.setUserFederationProviders(providerModels);
+ }
+
+ // create users and their role mappings and social mappings
+
+ if (rep.getUsers() != null) {
+ for (UserRepresentation userRep : rep.getUsers()) {
+ UserModel user = createUser(session, newRealm, userRep, appMap);
+ }
+ }
+ }
+
+ public static void updateRealm(RealmRepresentation rep, RealmModel realm) {
+ if (rep.getRealm() != null) {
+ realm.setName(rep.getRealm());
+ }
+ if (rep.isEnabled() != null) realm.setEnabled(rep.isEnabled());
+ if (rep.isSocial() != null) realm.setSocial(rep.isSocial());
+ if (rep.isBruteForceProtected() != null) realm.setBruteForceProtected(rep.isBruteForceProtected());
+ if (rep.getMaxFailureWaitSeconds() != null) realm.setMaxFailureWaitSeconds(rep.getMaxFailureWaitSeconds());
+ if (rep.getMinimumQuickLoginWaitSeconds() != null) realm.setMinimumQuickLoginWaitSeconds(rep.getMinimumQuickLoginWaitSeconds());
+ if (rep.getWaitIncrementSeconds() != null) realm.setWaitIncrementSeconds(rep.getWaitIncrementSeconds());
+ if (rep.getQuickLoginCheckMilliSeconds() != null) realm.setQuickLoginCheckMilliSeconds(rep.getQuickLoginCheckMilliSeconds());
+ if (rep.getMaxDeltaTimeSeconds() != null) realm.setMaxDeltaTimeSeconds(rep.getMaxDeltaTimeSeconds());
+ if (rep.getFailureFactor() != null) realm.setFailureFactor(rep.getFailureFactor());
+ if (rep.isPasswordCredentialGrantAllowed() != null) realm.setPasswordCredentialGrantAllowed(rep.isPasswordCredentialGrantAllowed());
+ if (rep.isRegistrationAllowed() != null) realm.setRegistrationAllowed(rep.isRegistrationAllowed());
+ if (rep.isRememberMe() != null) realm.setRememberMe(rep.isRememberMe());
+ if (rep.isVerifyEmail() != null) realm.setVerifyEmail(rep.isVerifyEmail());
+ if (rep.isResetPasswordAllowed() != null) realm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
+ if (rep.isUpdateProfileOnInitialSocialLogin() != null)
+ realm.setUpdateProfileOnInitialSocialLogin(rep.isUpdateProfileOnInitialSocialLogin());
+ if (rep.isSslNotRequired() != null) realm.setSslNotRequired((rep.isSslNotRequired()));
+ if (rep.getAccessCodeLifespan() != null) realm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
+ if (rep.getAccessCodeLifespanUserAction() != null)
+ realm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction());
+ if (rep.getNotBefore() != null) realm.setNotBefore(rep.getNotBefore());
+ if (rep.getAccessTokenLifespan() != null) realm.setAccessTokenLifespan(rep.getAccessTokenLifespan());
+ if (rep.getSsoSessionIdleTimeout() != null) realm.setSsoSessionIdleTimeout(rep.getSsoSessionIdleTimeout());
+ if (rep.getSsoSessionMaxLifespan() != null) realm.setSsoSessionMaxLifespan(rep.getSsoSessionMaxLifespan());
+ if (rep.getRequiredCredentials() != null) {
+ realm.updateRequiredCredentials(rep.getRequiredCredentials());
+ }
+ if (rep.getLoginTheme() != null) realm.setLoginTheme(rep.getLoginTheme());
+ if (rep.getAccountTheme() != null) realm.setAccountTheme(rep.getAccountTheme());
+ if (rep.getAdminTheme() != null) realm.setAdminTheme(rep.getAdminTheme());
+ if (rep.getEmailTheme() != null) realm.setEmailTheme(rep.getEmailTheme());
+
+ if (rep.getPasswordPolicy() != null) realm.setPasswordPolicy(new PasswordPolicy(rep.getPasswordPolicy()));
+
+ if (rep.getDefaultRoles() != null) {
+ realm.updateDefaultRoles(rep.getDefaultRoles().toArray(new String[rep.getDefaultRoles().size()]));
+ }
+
+ if (rep.getSmtpServer() != null) {
+ realm.setSmtpConfig(new HashMap(rep.getSmtpServer()));
+ }
+
+ if (rep.getSocialProviders() != null) {
+ realm.setSocialConfig(new HashMap(rep.getSocialProviders()));
+ }
+
+ if (rep.getLdapServer() != null) {
+ realm.setLdapServerConfig(new HashMap(rep.getLdapServer()));
+ }
+ if (rep.getAuthenticationProviders() != null) {
+ List<AuthenticationProviderModel> authProviderModels = convertAuthenticationProviders(rep.getAuthenticationProviders());
+ realm.setAuthenticationProviders(authProviderModels);
+ }
+
+ if (rep.getUserFederationProviders() != null) {
+ List<UserFederationProviderModel> providerModels = convertFederationProviders(rep.getUserFederationProviders());
+ realm.setUserFederationProviders(providerModels);
+ }
+
+ if ("GENERATE".equals(rep.getPublicKey())) {
+ KeycloakModelUtils.generateRealmKeys(realm);
+ }
+ }
+
+ // Basic realm stuff
+
+ public static void addRequiredCredential(RealmModel newRealm, String requiredCred) {
+ newRealm.addRequiredCredential(requiredCred);
+ }
+
+
+ private static List<AuthenticationProviderModel> convertAuthenticationProviders(List<AuthenticationProviderRepresentation> authenticationProviders) {
+ List<AuthenticationProviderModel> result = new ArrayList<AuthenticationProviderModel>();
+
+ for (AuthenticationProviderRepresentation representation : authenticationProviders) {
+ AuthenticationProviderModel model = new AuthenticationProviderModel(representation.getProviderName(),
+ representation.isPasswordUpdateSupported(), representation.getConfig());
+ result.add(model);
+ }
+ return result;
+ }
+
+ private static List<UserFederationProviderModel> convertFederationProviders(List<UserFederationProviderRepresentation> providers) {
+ List<UserFederationProviderModel> result = new ArrayList<UserFederationProviderModel>();
+
+ for (UserFederationProviderRepresentation representation : providers) {
+ UserFederationProviderModel model = new UserFederationProviderModel(representation.getId(), representation.getProviderName(),
+ representation.getConfig(), representation.getPriority());
+ result.add(model);
+ }
+ return result;
+ }
+
+ // Roles
+
+ public static void createRole(RealmModel newRealm, RoleRepresentation roleRep) {
+ RoleModel role = roleRep.getId()!=null ? newRealm.addRole(roleRep.getId(), roleRep.getName()) : newRealm.addRole(roleRep.getName());
+ if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
+ }
+
+ private static void addComposites(RoleModel role, RoleRepresentation roleRep, RealmModel realm) {
+ if (roleRep.getComposites() == null) return;
+ if (roleRep.getComposites().getRealm() != null) {
+ for (String roleStr : roleRep.getComposites().getRealm()) {
+ RoleModel realmRole = realm.getRole(roleStr);
+ if (realmRole == null) throw new RuntimeException("Unable to find composite realm role: " + roleStr);
+ role.addCompositeRole(realmRole);
+ }
+ }
+ if (roleRep.getComposites().getApplication() != null) {
+ for (Map.Entry<String, List<String>> entry : roleRep.getComposites().getApplication().entrySet()) {
+ ApplicationModel app = realm.getApplicationByName(entry.getKey());
+ if (app == null) {
+ throw new RuntimeException("App doesn't exist in role definitions: " + roleRep.getName());
+ }
+ for (String roleStr : entry.getValue()) {
+ RoleModel appRole = app.getRole(roleStr);
+ if (appRole == null) throw new RuntimeException("Unable to find composite app role: " + roleStr);
+ role.addCompositeRole(appRole);
+ }
+
+ }
+
+ }
+
+ }
+
+ // APPLICATIONS
+
+ private static Map<String, ApplicationModel> createApplications(RealmRepresentation rep, RealmModel realm) {
+ Map<String, ApplicationModel> appMap = new HashMap<String, ApplicationModel>();
+ for (ApplicationRepresentation resourceRep : rep.getApplications()) {
+ ApplicationModel app = createApplication(realm, resourceRep, false);
+ appMap.put(app.getName(), app);
+ }
+ return appMap;
+ }
+
+ /**
+ * Does not create scope or role mappings!
+ *
+ * @param realm
+ * @param resourceRep
+ * @return
+ */
+ public static ApplicationModel createApplication(RealmModel realm, ApplicationRepresentation resourceRep, boolean addDefaultRoles) {
+ logger.debug("************ CREATE APPLICATION: {0}" + resourceRep.getName());
+ ApplicationModel applicationModel = resourceRep.getId()!=null ? realm.addApplication(resourceRep.getId(), resourceRep.getName()) : realm.addApplication(resourceRep.getName());
+ if (resourceRep.isEnabled() != null) applicationModel.setEnabled(resourceRep.isEnabled());
+ applicationModel.setManagementUrl(resourceRep.getAdminUrl());
+ if (resourceRep.isSurrogateAuthRequired() != null)
+ applicationModel.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
+ applicationModel.setBaseUrl(resourceRep.getBaseUrl());
+ if (resourceRep.isBearerOnly() != null) applicationModel.setBearerOnly(resourceRep.isBearerOnly());
+ if (resourceRep.isPublicClient() != null) applicationModel.setPublicClient(resourceRep.isPublicClient());
+ applicationModel.updateApplication();
+
+ if (resourceRep.getNotBefore() != null) {
+ applicationModel.setNotBefore(resourceRep.getNotBefore());
+ }
+
+ applicationModel.setSecret(resourceRep.getSecret());
+ if (applicationModel.getSecret() == null) {
+ KeycloakModelUtils.generateSecret(applicationModel);
+ }
+
+
+ if (resourceRep.getRedirectUris() != null) {
+ for (String redirectUri : resourceRep.getRedirectUris()) {
+ applicationModel.addRedirectUri(redirectUri);
+ }
+ }
+ if (resourceRep.getWebOrigins() != null) {
+ for (String webOrigin : resourceRep.getWebOrigins()) {
+ logger.debugv("Application: {0} webOrigin: {1}", resourceRep.getName(), webOrigin);
+ applicationModel.addWebOrigin(webOrigin);
+ }
+ } else {
+ // add origins from redirect uris
+ if (resourceRep.getRedirectUris() != null) {
+ Set<String> origins = new HashSet<String>();
+ for (String redirectUri : resourceRep.getRedirectUris()) {
+ logger.info("add redirectUri to origin: " + redirectUri);
+ if (redirectUri.startsWith("http:")) {
+ URI uri = URI.create(redirectUri);
+ String origin = uri.getScheme() + "://" + uri.getHost();
+ if (uri.getPort() != -1) {
+ origin += ":" + uri.getPort();
+ }
+ logger.debugv("adding default application origin: {0}" , origin);
+ origins.add(origin);
+ }
+ }
+ if (origins.size() > 0) {
+ applicationModel.setWebOrigins(origins);
+ }
+ }
+ }
+
+ if (addDefaultRoles && resourceRep.getDefaultRoles() != null) {
+ applicationModel.updateDefaultRoles(resourceRep.getDefaultRoles());
+ }
+
+ if (resourceRep.getClaims() != null) {
+ setClaims(applicationModel, resourceRep.getClaims());
+ } else {
+ applicationModel.setAllowedClaimsMask(ClaimMask.USERNAME);
+ }
+
+ return applicationModel;
+ }
+
+ public static void updateApplication(ApplicationRepresentation rep, ApplicationModel resource) {
+ if (rep.getName() != null) resource.setName(rep.getName());
+ if (rep.isEnabled() != null) resource.setEnabled(rep.isEnabled());
+ if (rep.isBearerOnly() != null) resource.setBearerOnly(rep.isBearerOnly());
+ if (rep.isPublicClient() != null) resource.setPublicClient(rep.isPublicClient());
+ if (rep.getAdminUrl() != null) resource.setManagementUrl(rep.getAdminUrl());
+ if (rep.getBaseUrl() != null) resource.setBaseUrl(rep.getBaseUrl());
+ if (rep.isSurrogateAuthRequired() != null) resource.setSurrogateAuthRequired(rep.isSurrogateAuthRequired());
+ resource.updateApplication();
+
+ if (rep.getNotBefore() != null) {
+ resource.setNotBefore(rep.getNotBefore());
+ }
+ if (rep.getDefaultRoles() != null) {
+ resource.updateDefaultRoles(rep.getDefaultRoles());
+ }
+
+ List<String> redirectUris = rep.getRedirectUris();
+ if (redirectUris != null) {
+ resource.setRedirectUris(new HashSet<String>(redirectUris));
+ }
+
+ List<String> webOrigins = rep.getWebOrigins();
+ if (webOrigins != null) {
+ resource.setWebOrigins(new HashSet<String>(webOrigins));
+ }
+
+ if (rep.getClaims() != null) {
+ setClaims(resource, rep.getClaims());
+ }
+ }
+
+ public static void setClaims(ClientModel model, ClaimRepresentation rep) {
+ long mask = model.getAllowedClaimsMask();
+ if (rep.getAddress()) {
+ mask |= ClaimMask.ADDRESS;
+ } else {
+ mask &= ~ClaimMask.ADDRESS;
+ }
+ if (rep.getEmail()) {
+ mask |= ClaimMask.EMAIL;
+ } else {
+ mask &= ~ClaimMask.EMAIL;
+ }
+ if (rep.getGender()) {
+ mask |= ClaimMask.GENDER;
+ } else {
+ mask &= ~ClaimMask.GENDER;
+ }
+ if (rep.getLocale()) {
+ mask |= ClaimMask.LOCALE;
+ } else {
+ mask &= ~ClaimMask.LOCALE;
+ }
+ if (rep.getName()) {
+ mask |= ClaimMask.NAME;
+ } else {
+ mask &= ~ClaimMask.NAME;
+ }
+ if (rep.getPhone()) {
+ mask |= ClaimMask.PHONE;
+ } else {
+ mask &= ~ClaimMask.PHONE;
+ }
+ if (rep.getPicture()) {
+ mask |= ClaimMask.PICTURE;
+ } else {
+ mask &= ~ClaimMask.PICTURE;
+ }
+ if (rep.getProfile()) {
+ mask |= ClaimMask.PROFILE;
+ } else {
+ mask &= ~ClaimMask.PROFILE;
+ }
+ if (rep.getUsername()) {
+ mask |= ClaimMask.USERNAME;
+ } else {
+ mask &= ~ClaimMask.USERNAME;
+ }
+ if (rep.getWebsite()) {
+ mask |= ClaimMask.WEBSITE;
+ } else {
+ mask &= ~ClaimMask.WEBSITE;
+ }
+ model.setAllowedClaimsMask(mask);
+ }
+
+ // OAuth clients
+
+ private static void createOAuthClients(RealmRepresentation realmRep, RealmModel realm) {
+ for (OAuthClientRepresentation rep : realmRep.getOauthClients()) {
+ createOAuthClient(rep, realm);
+ }
+ }
+
+ public static OAuthClientModel createOAuthClient(String id, String name, RealmModel realm) {
+ OAuthClientModel model = id!=null ? realm.addOAuthClient(id, name) : realm.addOAuthClient(name);
+ KeycloakModelUtils.generateSecret(model);
+ return model;
+ }
+
+ public static OAuthClientModel createOAuthClient(OAuthClientRepresentation rep, RealmModel realm) {
+ OAuthClientModel model = createOAuthClient(rep.getId(), rep.getName(), realm);
+ updateOAuthClient(rep, model);
+ return model;
+ }
+
+ public static void updateOAuthClient(OAuthClientRepresentation rep, OAuthClientModel model) {
+ if (rep.getName() != null) model.setClientId(rep.getName());
+ if (rep.isEnabled() != null) model.setEnabled(rep.isEnabled());
+ if (rep.isPublicClient() != null) model.setPublicClient(rep.isPublicClient());
+ if (rep.isDirectGrantsOnly() != null) model.setDirectGrantsOnly(rep.isDirectGrantsOnly());
+ if (rep.getClaims() != null) {
+ setClaims(model, rep.getClaims());
+ }
+ if (rep.getNotBefore() != null) {
+ model.setNotBefore(rep.getNotBefore());
+ }
+ if (rep.getSecret() != null) model.setSecret(rep.getSecret());
+ List<String> redirectUris = rep.getRedirectUris();
+ if (redirectUris != null) {
+ model.setRedirectUris(new HashSet<String>(redirectUris));
+ }
+
+ List<String> webOrigins = rep.getWebOrigins();
+ if (webOrigins != null) {
+ model.setWebOrigins(new HashSet<String>(webOrigins));
+ }
+
+ if (rep.getClaims() != null) {
+ setClaims(model, rep.getClaims());
+ }
+
+ if (rep.getNotBefore() != null) {
+ model.setNotBefore(rep.getNotBefore());
+ }
+
+ }
+
+ // Scope mappings
+
+ public static void createApplicationScopeMappings(RealmModel realm, ApplicationModel applicationModel, List<ScopeMappingRepresentation> mappings) {
+ for (ScopeMappingRepresentation mapping : mappings) {
+ ClientModel client = realm.findClient(mapping.getClient());
+ for (String roleString : mapping.getRoles()) {
+ RoleModel role = applicationModel.getRole(roleString.trim());
+ if (role == null) {
+ role = applicationModel.addRole(roleString.trim());
+ }
+ client.addScopeMapping(role);
+ }
+ }
+ }
+
+ // Users
+
+ public static UserModel createUser(KeycloakSession session, RealmModel newRealm, UserRepresentation userRep, Map<String, ApplicationModel> appMap) {
+ UserModel user = session.users().addUser(newRealm, userRep.getId(), userRep.getUsername(), false);
+ user.setEnabled(userRep.isEnabled());
+ user.setEmail(userRep.getEmail());
+ user.setFirstName(userRep.getFirstName());
+ user.setLastName(userRep.getLastName());
+ user.setFederationLink(userRep.getFederationLink());
+ if (userRep.getAttributes() != null) {
+ for (Map.Entry<String, String> entry : userRep.getAttributes().entrySet()) {
+ user.setAttribute(entry.getKey(), entry.getValue());
+ }
+ }
+ if (userRep.getRequiredActions() != null) {
+ for (String requiredAction : userRep.getRequiredActions()) {
+ user.addRequiredAction(UserModel.RequiredAction.valueOf(requiredAction));
+ }
+ }
+ if (userRep.getCredentials() != null) {
+ for (CredentialRepresentation cred : userRep.getCredentials()) {
+ updateCredential(user, cred);
+ }
+ }
+ if (userRep.getAuthenticationLink() != null) {
+ AuthenticationLinkRepresentation link = userRep.getAuthenticationLink();
+ AuthenticationLinkModel authLink = new AuthenticationLinkModel(link.getAuthProvider(), link.getAuthUserId());
+ user.setAuthenticationLink(authLink);
+ }
+ if (userRep.getSocialLinks() != null) {
+ for (SocialLinkRepresentation socialLink : userRep.getSocialLinks()) {
+ SocialLinkModel mappingModel = new SocialLinkModel(socialLink.getSocialProvider(), socialLink.getSocialUserId(), socialLink.getSocialUsername());
+ session.users().addSocialLink(newRealm, user, mappingModel);
+ }
+ }
+ if (userRep.getRealmRoles() != null) {
+ for (String roleString : userRep.getRealmRoles()) {
+ RoleModel role = newRealm.getRole(roleString.trim());
+ if (role == null) {
+ role = newRealm.addRole(roleString.trim());
+ }
+ user.grantRole(role);
+ }
+ }
+ if (userRep.getApplicationRoles() != null) {
+ for (Map.Entry<String, List<String>> entry : userRep.getApplicationRoles().entrySet()) {
+ ApplicationModel app = appMap.get(entry.getKey());
+ if (app == null) {
+ throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
+ }
+ createApplicationRoleMappings(app, user, entry.getValue());
+ }
+ }
+ return user;
+ }
+
+ // Detect if it is "plain-text" or "hashed" representation and update model according to it
+ private static void updateCredential(UserModel user, CredentialRepresentation cred) {
+ if (cred.getValue() != null) {
+ UserCredentialModel plainTextCred = convertCredential(cred);
+ user.updateCredential(plainTextCred);
+ } else {
+ UserCredentialValueModel hashedCred = new UserCredentialValueModel();
+ hashedCred.setType(cred.getType());
+ hashedCred.setDevice(cred.getDevice());
+ hashedCred.setHashIterations(cred.getHashIterations());
+ try {
+ hashedCred.setSalt(Base64.decode(cred.getSalt()));
+ } catch (IOException ioe) {
+ throw new RuntimeException(ioe);
+ }
+ hashedCred.setValue(cred.getHashedSaltedValue());
+ user.updateCredentialDirectly(hashedCred);
+ }
+ }
+
+ public static UserCredentialModel convertCredential(CredentialRepresentation cred) {
+ UserCredentialModel credential = new UserCredentialModel();
+ credential.setType(cred.getType());
+ credential.setValue(cred.getValue());
+ return credential;
+ }
+
+ // Role mappings
+
+ public static void createApplicationRoleMappings(ApplicationModel applicationModel, UserModel user, List<String> roleNames) {
+ if (user == null) {
+ throw new RuntimeException("User not found");
+ }
+
+ for (String roleName : roleNames) {
+ RoleModel role = applicationModel.getRole(roleName.trim());
+ if (role == null) {
+ role = applicationModel.addRole(roleName.trim());
+ }
+ user.grantRole(role);
+
+ }
+ }
+
+}
diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java
index c8748fe..83befd2 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java
@@ -65,7 +65,7 @@ public class CachedRealm {
private List<RequiredCredentialModel> requiredCredentials = new ArrayList<RequiredCredentialModel>();
private List<AuthenticationProviderModel> authenticationProviders = new ArrayList<AuthenticationProviderModel>();
- private List<UserFederationProviderModel> federationProviders = new ArrayList<UserFederationProviderModel>();
+ private List<UserFederationProviderModel> userFederationProviders = new ArrayList<UserFederationProviderModel>();
private Map<String, String> smtpConfig = new HashMap<String, String>();
private Map<String, String> socialConfig = new HashMap<String, String>();
@@ -122,7 +122,7 @@ public class CachedRealm {
requiredCredentials = model.getRequiredCredentials();
authenticationProviders = model.getAuthenticationProviders();
- federationProviders = model.getUserFederationProviders();
+ userFederationProviders = model.getUserFederationProviders();
smtpConfig.putAll(model.getSmtpConfig());
socialConfig.putAll(model.getSocialConfig());
@@ -331,7 +331,7 @@ public class CachedRealm {
return auditListeners;
}
- public List<UserFederationProviderModel> getFederationProviders() {
- return federationProviders;
+ public List<UserFederationProviderModel> getUserFederationProviders() {
+ return userFederationProviders;
}
}
diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java
index 4d9bf61..6353b50 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java
@@ -608,7 +608,7 @@ public class RealmAdapter implements RealmModel {
@Override
public List<UserFederationProviderModel> getUserFederationProviders() {
if (updated != null) return updated.getUserFederationProviders();
- return cached.getFederationProviders();
+ return cached.getUserFederationProviders();
}
@Override
@@ -618,6 +618,19 @@ public class RealmAdapter implements RealmModel {
}
@Override
+ public UserFederationProviderModel addUserFederationProvider(String providerName, Map<String, String> config, int priority) {
+ getDelegateForUpdate();
+ return updated.addUserFederationProvider(providerName, config, priority);
+ }
+
+ @Override
+ public void removeUserFederationProvider(UserFederationProviderModel provider) {
+ getDelegateForUpdate();
+ updated.removeUserFederationProvider(provider);
+
+ }
+
+ @Override
public String getLoginTheme() {
if (updated != null) return updated.getLoginTheme();
return cached.getLoginTheme();
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
index b7af403..eef663a 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
@@ -117,7 +117,7 @@ public class RealmEntity {
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
@JoinTable(name="FED_PROVIDERS")
- List<FederationProviderEntity> federationProviders = new ArrayList<FederationProviderEntity>();
+ List<UserFederationProviderEntity> userFederationProviders = new ArrayList<UserFederationProviderEntity>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
@JoinTable(name="REALM_APPLICATION", joinColumns={ @JoinColumn(name="APPLICATION_ID") }, inverseJoinColumns={ @JoinColumn(name="REALM_ID") })
@@ -513,12 +513,12 @@ public class RealmEntity {
this.masterAdminApp = masterAdminApp;
}
- public List<FederationProviderEntity> getFederationProviders() {
- return federationProviders;
+ public List<UserFederationProviderEntity> getUserFederationProviders() {
+ return userFederationProviders;
}
- public void setFederationProviders(List<FederationProviderEntity> federationProviders) {
- this.federationProviders = federationProviders;
+ public void setUserFederationProviders(List<UserFederationProviderEntity> userFederationProviders) {
+ this.userFederationProviders = userFederationProviders;
}
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index e65e377..2103f3f 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -3,8 +3,9 @@ package org.keycloak.models.jpa;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.AuthenticationProviderModel;
import org.keycloak.models.ClientModel;
+import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel;
-import org.keycloak.models.jpa.entities.FederationProviderEntity;
+import org.keycloak.models.jpa.entities.UserFederationProviderEntity;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.PasswordPolicy;
@@ -30,6 +31,7 @@ import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
+import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -728,62 +730,105 @@ public class RealmAdapter implements RealmModel {
@Override
public List<UserFederationProviderModel> getUserFederationProviders() {
- List<FederationProviderEntity> entities = realm.getFederationProviders();
- List<FederationProviderEntity> copy = new ArrayList<FederationProviderEntity>();
- for (FederationProviderEntity entity : entities) {
+ List<UserFederationProviderEntity> entities = realm.getUserFederationProviders();
+ List<UserFederationProviderEntity> copy = new ArrayList<UserFederationProviderEntity>();
+ for (UserFederationProviderEntity entity : entities) {
copy.add(entity);
}
- Collections.sort(copy, new Comparator<FederationProviderEntity>() {
+ Collections.sort(copy, new Comparator<UserFederationProviderEntity>() {
@Override
- public int compare(FederationProviderEntity o1, FederationProviderEntity o2) {
+ public int compare(UserFederationProviderEntity o1, UserFederationProviderEntity o2) {
return o1.getPriority() - o2.getPriority();
}
});
List<UserFederationProviderModel> result = new ArrayList<UserFederationProviderModel>();
- for (FederationProviderEntity entity : copy) {
- result.add(new UserFederationProviderModel(entity.getId(), entity.getProviderName(), entity.getConfig()));
+ for (UserFederationProviderEntity entity : copy) {
+ result.add(new UserFederationProviderModel(entity.getId(), entity.getProviderName(), entity.getConfig(), entity.getPriority()));
}
return result;
}
@Override
+ public UserFederationProviderModel addUserFederationProvider(String providerName, Map<String, String> config, int priority) {
+ String id = KeycloakModelUtils.generateId();
+ UserFederationProviderEntity entity = new UserFederationProviderEntity();
+ entity.setId(id);
+ entity.setRealm(realm);
+ entity.setProviderName(providerName);
+ entity.setConfig(config);
+ entity.setPriority(priority);
+ em.persist(entity);
+ realm.getUserFederationProviders().add(entity);
+ em.flush();
+ return new UserFederationProviderModel(entity.getId(), providerName, config, priority);
+ }
+
+ @Override
+ public void removeUserFederationProvider(UserFederationProviderModel provider) {
+ UserFederationProviderEntity entity = null;
+ Iterator<UserFederationProviderEntity> it = realm.getUserFederationProviders().iterator();
+ while (it.hasNext()) {
+ if (entity.getId().equals(provider.getId())) {
+ it.remove();
+ em.remove(entity);
+ return;
+ }
+ }
+ }
+
+ @Override
public void setUserFederationProviders(List<UserFederationProviderModel> providers) {
- List<FederationProviderEntity> newEntities = new ArrayList<FederationProviderEntity>();
- int counter = 1;
- for (UserFederationProviderModel model : providers) {
- FederationProviderEntity entity = new FederationProviderEntity();
- entity.setId(KeycloakModelUtils.generateId());
- entity.setRealm(realm);
- entity.setProviderName(model.getProviderName());
- entity.setConfig(model.getConfig());
- entity.setPriority(counter++);
- newEntities.add(entity);
+
+ Iterator<UserFederationProviderEntity> it = realm.getUserFederationProviders().iterator();
+ while (it.hasNext()) {
+ UserFederationProviderEntity entity = it.next();
+ boolean found = false;
+ for (UserFederationProviderModel model : providers) {
+ if (entity.getId().equals(model.getId())) {
+ entity.setConfig(model.getConfig());
+ entity.setPriority(model.getPriority());
+ entity.setProviderName(model.getProviderName());
+ entity.setPriority(model.getPriority());
+ found = true;
+ break;
+ }
+
+ }
+ if (found) continue;
+ it.remove();
+ em.remove(entity);
}
- // Remove all existing first
- Collection<FederationProviderEntity> existing = realm.getFederationProviders();
- Collection<FederationProviderEntity> copy = new ArrayList<FederationProviderEntity>(existing);
- for (FederationProviderEntity apToRemove : copy) {
- existing.remove(apToRemove);
- em.remove(apToRemove);
+ List<UserFederationProviderModel> add = new LinkedList<UserFederationProviderModel>();
+ for (UserFederationProviderModel model : providers) {
+ boolean found = false;
+ for (UserFederationProviderEntity entity : realm.getUserFederationProviders()) {
+ if (entity.getId().equals(model.getId())) {
+ found = true;
+ break;
+ }
+ }
+ if (!found) add.add(model);
}
- em.flush();
+ for (UserFederationProviderModel model : providers) {
+ UserFederationProviderEntity entity = new UserFederationProviderEntity();
+ if (model.getId() != null) entity.setId(model.getId());
+ else entity.setId(KeycloakModelUtils.generateId());
+ entity.setConfig(model.getConfig());
+ entity.setPriority(model.getPriority());
+ entity.setProviderName(model.getProviderName());
+ entity.setPriority(model.getPriority());
+ em.persist(entity);
+ realm.getUserFederationProviders().add(entity);
- // Now create all new providers
- for (FederationProviderEntity apToAdd : newEntities) {
- existing.add(apToAdd);
- em.persist(apToAdd);
}
-
- em.flush();
}
-
@Override
public RoleModel getRole(String name) {
TypedQuery<RoleEntity> query = em.createNamedQuery("getRealmRoleByName", RoleEntity.class);
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
index 2e563f5..2ce26cb 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
@@ -8,7 +8,7 @@ import org.keycloak.models.ApplicationModel;
import org.keycloak.models.AuthenticationProviderModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.UserFederationProviderModel;
-import org.keycloak.models.entities.FederationProviderEntity;
+import org.keycloak.models.entities.UserFederationProviderEntity;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.OAuthClientModel;
@@ -29,8 +29,11 @@ import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
+import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -790,12 +793,51 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
realm.setAuthenticationProviders(entities);
updateRealm();
}
+
+ @Override
+ public UserFederationProviderModel addUserFederationProvider(String providerName, Map<String, String> config, int priority) {
+ UserFederationProviderEntity entity = new UserFederationProviderEntity();
+ entity.setId(KeycloakModelUtils.generateId());
+ entity.setPriority(priority);
+ entity.setProviderName(providerName);
+ entity.setConfig(config);
+ realm.getUserFederationProviders().add(entity);
+ updateRealm();
+
+ return new UserFederationProviderModel(entity.getId(), providerName, config, priority);
+ }
+
+ @Override
+ public void removeUserFederationProvider(UserFederationProviderModel provider) {
+ Iterator<UserFederationProviderEntity> it = realm.getUserFederationProviders().iterator();
+ while (it.hasNext()) {
+ UserFederationProviderEntity entity = it.next();
+ if (entity.getId().equals(provider.getId())) {
+ it.remove();
+ }
+ }
+ updateRealm();
+ }
+
@Override
public List<UserFederationProviderModel> getUserFederationProviders() {
- List<FederationProviderEntity> entities = realm.getFederationProviders();
- List<UserFederationProviderModel> result = new ArrayList<UserFederationProviderModel>();
- for (FederationProviderEntity entity : entities) {
- result.add(new UserFederationProviderModel(entity.getId(), entity.getProviderName(), entity.getConfig()));
+ List<UserFederationProviderEntity> entities = realm.getUserFederationProviders();
+ List<UserFederationProviderEntity> copy = new LinkedList<UserFederationProviderEntity>();
+ for (UserFederationProviderEntity entity : entities) {
+ copy.add(entity);
+
+ }
+ Collections.sort(copy, new Comparator<UserFederationProviderEntity>() {
+
+ @Override
+ public int compare(UserFederationProviderEntity o1, UserFederationProviderEntity o2) {
+ return o1.getPriority() - o2.getPriority();
+ }
+
+ });
+ List<UserFederationProviderModel> result = new LinkedList<UserFederationProviderModel>();
+ for (UserFederationProviderEntity entity : copy) {
+ result.add(new UserFederationProviderModel(entity.getId(), entity.getProviderName(), entity.getConfig(), entity.getPriority()));
}
return result;
@@ -803,16 +845,18 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
@Override
public void setUserFederationProviders(List<UserFederationProviderModel> providers) {
- List<FederationProviderEntity> entities = new ArrayList<FederationProviderEntity>();
+ List<UserFederationProviderEntity> entities = new LinkedList<UserFederationProviderEntity>();
for (UserFederationProviderModel model : providers) {
- FederationProviderEntity entity = new FederationProviderEntity();
- entity.setId(KeycloakModelUtils.generateId());
+ UserFederationProviderEntity entity = new UserFederationProviderEntity();
+ if (model.getId() != null) entity.setId(model.getId());
+ else entity.setId(KeycloakModelUtils.generateId());
entity.setProviderName(model.getProviderName());
entity.setConfig(model.getConfig());
+ entity.setPriority(model.getPriority());
entities.add(entity);
}
- realm.setFederationProviders(entities);
+ realm.setUserFederationProviders(entities);
updateRealm();
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/FederationProvidersIntegrationTest.java
index 353aae2..d638db4 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/FederationProvidersIntegrationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/FederationProvidersIntegrationTest.java
@@ -61,8 +61,7 @@ public class FederationProvidersIntegrationTest {
ldapConfig.put(LDAPConstants.VENDOR, ldapServer.getVendor());
- UserFederationProviderModel ldapProvider = new UserFederationProviderModel(null, LDAPFederationProviderFactory.PROVIDER_NAME, ldapConfig);
- appRealm.setUserFederationProviders(Arrays.asList(ldapProvider));
+ appRealm.addUserFederationProvider(LDAPFederationProviderFactory.PROVIDER_NAME, ldapConfig, 0);
// Configure LDAP
ldapRule.getEmbeddedServer().setupLdapInRealm(appRealm);