keycloak-aplcache
Changes
services/src/test/resources/testrealm.json 59(+32 -27)
Details
diff --git a/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
index dee8ae5..8f7d2ab 100755
--- a/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
@@ -17,8 +17,6 @@ public class ApplicationRepresentation {
protected List<CredentialRepresentation> credentials;
protected List<RoleRepresentation> roles;
protected String[] defaultRoles;
- protected List<UserRoleMappingRepresentation> roleMappings;
- protected List<ScopeMappingRepresentation> scopeMappings;
protected List<String> redirectUris;
protected List<String> webOrigins;
@@ -83,30 +81,6 @@ public class ApplicationRepresentation {
return this;
}
- public List<UserRoleMappingRepresentation> getRoleMappings() {
- return roleMappings;
- }
-
- public UserRoleMappingRepresentation roleMapping(String username) {
- UserRoleMappingRepresentation mapping = new UserRoleMappingRepresentation();
- mapping.setUsername(username);
- if (roleMappings == null) roleMappings = new ArrayList<UserRoleMappingRepresentation>();
- roleMappings.add(mapping);
- return mapping;
- }
-
- public List<ScopeMappingRepresentation> getScopeMappings() {
- return scopeMappings;
- }
-
- public ScopeMappingRepresentation scopeMapping(String username) {
- ScopeMappingRepresentation mapping = new ScopeMappingRepresentation();
- mapping.setUsername(username);
- if (scopeMappings == null) scopeMappings = new ArrayList<ScopeMappingRepresentation>();
- scopeMappings.add(mapping);
- return mapping;
- }
-
public String getAdminUrl() {
return adminUrl;
}
diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
index 7ae7dd2..c668a70 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -35,6 +35,8 @@ public class RealmRepresentation {
protected List<UserRepresentation> users;
protected List<UserRoleMappingRepresentation> roleMappings;
protected List<ScopeMappingRepresentation> scopeMappings;
+ protected Map<String, List<UserRoleMappingRepresentation>> applicationRoleMappings;
+ protected Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings;
protected List<SocialMappingRepresentation> socialMappings;
protected List<ApplicationRepresentation> applications;
protected List<OAuthClientRepresentation> oauthClients;
@@ -308,4 +310,20 @@ public class RealmRepresentation {
public void setOauthClients(List<OAuthClientRepresentation> oauthClients) {
this.oauthClients = oauthClients;
}
+
+ public Map<String, List<UserRoleMappingRepresentation>> getApplicationRoleMappings() {
+ return applicationRoleMappings;
+ }
+
+ public void setApplicationRoleMappings(Map<String, List<UserRoleMappingRepresentation>> applicationRoleMappings) {
+ this.applicationRoleMappings = applicationRoleMappings;
+ }
+
+ public Map<String, List<ScopeMappingRepresentation>> getApplicationScopeMappings() {
+ return applicationScopeMappings;
+ }
+
+ public void setApplicationScopeMappings(Map<String, List<ScopeMappingRepresentation>> applicationScopeMappings) {
+ this.applicationScopeMappings = applicationScopeMappings;
+ }
}
diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp b/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp
index 54df669..7eb5f58 100755
--- a/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp
+++ b/examples/as7-eap-demo/customer-app/src/main/webapp/customers/view.jsp
@@ -8,8 +8,9 @@
<%
String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout")
.queryParam("redirect_uri", "http://localhost:8080/customer-portal").build().toString();
+ String acctUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/account").build().toString();
%>
-<p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a></p>
+<p>Goto: <a href="http://localhost:8080/product-portal">products</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
User <b><%=request.getUserPrincipal().getName()%></b> made this request.
<h2>Customer Listing</h2>
<%
diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp b/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp
index bf1ca5a..88c6493 100755
--- a/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp
+++ b/examples/as7-eap-demo/product-app/src/main/webapp/products/view.jsp
@@ -8,9 +8,10 @@
<%
String logoutUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/tokens/logout")
.queryParam("redirect_uri", "http://localhost:8080/product-portal").build().toString();
+ String acctUri = UriBuilder.fromUri("http://localhost:8080/auth-server/rest/realms/demo/account").build().toString();
%>
-<p>Goto: <a href="http://localhost:8080/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a></p>
+<p>Goto: <a href="http://localhost:8080/customer-portal">customers</a> | <a href="<%=logoutUri%>">logout</a> | <a href="<%=acctUri%>">manage acct</a></p>
User <b><%=request.getUserPrincipal().getName()%></b> made this request.
<h2>Product Listing</h2>
<%
diff --git a/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json b/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
index 21b5f99..893ff39 100755
--- a/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
+++ b/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
@@ -1,9 +1,10 @@
{
"realm": "demo",
"enabled": true,
- "tokenLifespan": 300,
+ "tokenLifespan": 3000,
"accessCodeLifespan": 10,
- "accessCodeLifespanUserAction": 600,
+ "accessCodeLifespanUserAction": 6000,
+ "accountManagement": true,
"sslNotRequired": true,
"cookieLoginAllowed": true,
"registrationAllowed": true,
@@ -94,6 +95,14 @@
}
]
}
- ]
+ ],
+ "applicationRoleMappings": {
+ "Account": [
+ {
+ "username": "bburke@redhat.com",
+ "roles": ["manage-account"]
+ }
+ ]
+ }
}
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
index 8081979..e3c3322 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
@@ -90,32 +90,31 @@ public class ApplicationManager {
return applicationModel;
}
- public void createMappings(RealmModel realm, ApplicationRepresentation resourceRep, ApplicationModel applicationModel) {
- if (resourceRep.getRoleMappings() != null) {
- for (UserRoleMappingRepresentation mapping : resourceRep.getRoleMappings()) {
- UserModel user = realm.getUser(mapping.getUsername());
- if (user == null) {
- throw new RuntimeException("User not found");
- }
- for (String roleString : mapping.getRoles()) {
- RoleModel role = applicationModel.getRole(roleString.trim());
- if (role == null) {
- role = applicationModel.addRole(roleString.trim());
- }
- applicationModel.grantRole(user, role);
+ public void createRoleMappings(RealmModel realm, ApplicationModel applicationModel, List<UserRoleMappingRepresentation> mappings) {
+ for (UserRoleMappingRepresentation mapping : mappings) {
+ UserModel user = realm.getUser(mapping.getUsername());
+ if (user == null) {
+ throw new RuntimeException("User not found");
+ }
+ for (String roleString : mapping.getRoles()) {
+ RoleModel role = applicationModel.getRole(roleString.trim());
+ if (role == null) {
+ role = applicationModel.addRole(roleString.trim());
}
+ applicationModel.grantRole(user, role);
}
}
- if (resourceRep.getScopeMappings() != null) {
- for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) {
- UserModel user = realm.getUser(mapping.getUsername());
- for (String roleString : mapping.getRoles()) {
- RoleModel role = applicationModel.getRole(roleString.trim());
- if (role == null) {
- role = applicationModel.addRole(roleString.trim());
- }
- applicationModel.addScopeMapping(user, role.getName());
+ }
+
+ public void createScopeMappings(RealmModel realm, ApplicationModel applicationModel, List<ScopeMappingRepresentation> mappings) {
+ for (ScopeMappingRepresentation mapping : mappings) {
+ UserModel user = realm.getUser(mapping.getUsername());
+ for (String roleString : mapping.getRoles()) {
+ RoleModel role = applicationModel.getRole(roleString.trim());
+ if (role == null) {
+ role = applicationModel.addRole(roleString.trim());
}
+ applicationModel.addScopeMapping(user, role.getName());
}
}
}
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index 07bf34a..446e86d 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -241,14 +241,12 @@ public class RealmManager {
}
}
- Map<String, ApplicationModel> appMap = null;
if (rep.getApplications() != null) {
- appMap = createApplications(rep, newRealm);
+ Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
for (ApplicationModel app : appMap.values()) {
userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
}
}
-
if (rep.getOauthClients() != null) {
Map<String, OAuthClientModel> oauthMap = createOAuthClients(rep, newRealm);
for (OAuthClientModel app : oauthMap.values()) {
@@ -257,18 +255,38 @@ public class RealmManager {
}
- // Now that all possible users are created (users, apps, and oauth clients), do role mappings and scope mappings
+ if (rep.getAccountManagement() != null && rep.getAccountManagement()) {
+ enableAccountManagement(newRealm);
+ }
- if (rep.getApplications() != null) {
+ // Now that all possible users and applications are created (users, apps, and oauth clients), do role mappings and scope mappings
+
+ Map<String, ApplicationModel> appMap = newRealm.getApplicationNameMap();
+
+ if (rep.getApplicationRoleMappings() != null) {
ApplicationManager manager = new ApplicationManager(this);
- for (ApplicationRepresentation appRep : rep.getApplications()) {
- ApplicationModel model = appMap.get(appRep.getName());
- manager.createMappings(newRealm, appRep, model);
+ for (Map.Entry<String, List<UserRoleMappingRepresentation>> entry : rep.getApplicationRoleMappings().entrySet()) {
+ ApplicationModel app = appMap.get(entry.getKey());
+ if (app == null) {
+ throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
+ }
+ manager.createRoleMappings(newRealm, app, entry.getValue());
+ }
+ }
+ if (rep.getApplicationScopeMappings() != null) {
+ ApplicationManager manager = new ApplicationManager(this);
+ for (Map.Entry<String, List<ScopeMappingRepresentation>> entry : rep.getApplicationScopeMappings().entrySet()) {
+ ApplicationModel app = appMap.get(entry.getKey());
+ if (app == null) {
+ throw new RuntimeException("Unable to find application role mappings for app: " + entry.getKey());
+ }
+ manager.createScopeMappings(newRealm, app, entry.getValue());
}
}
+
if (rep.getRoleMappings() != null) {
for (UserRoleMappingRepresentation mapping : rep.getRoleMappings()) {
UserModel user = userMap.get(mapping.getUsername());
@@ -306,10 +324,6 @@ public class RealmManager {
}
}
- if (rep.getAccountManagement() != null && rep.getAccountManagement()) {
- enableAccountManagement(newRealm);
- }
-
if (rep.getSmtpServer() != null) {
newRealm.setSmtpConfig(new HashMap(rep.getSmtpServer()));
}
services/src/test/resources/testrealm.json 59(+32 -27)
diff --git a/services/src/test/resources/testrealm.json b/services/src/test/resources/testrealm.json
index d21823a..4c20b70 100755
--- a/services/src/test/resources/testrealm.json
+++ b/services/src/test/resources/testrealm.json
@@ -94,22 +94,6 @@
{
"name": "user"
}
- ],
- "roleMappings": [
- {
- "username": "wburke",
- "roles": ["user"]
- },
- {
- "username": "admin",
- "roles": ["admin"]
- }
- ],
- "scopeMappings": [
- {
- "username": "oauthclient",
- "roles": ["user"]
- }
]
},
{
@@ -122,20 +106,41 @@
{
"name": "user"
}
- ],
- "roleMappings": [
- {
- "username": "wburke",
- "roles": ["user"]
- },
- {
- "username": "admin",
- "roles": ["admin"]
- }
]
}
- ]
+ ],
+ "applicationRoleMappings": {
+ "Application": [
+ {
+ "username": "wburke",
+ "roles": ["user"]
+ },
+ {
+ "username": "admin",
+ "roles": ["admin"]
+ }
+ ],
+ "OtherApp": [
+ {
+ "username": "wburke",
+ "roles": ["user"]
+ },
+ {
+ "username": "admin",
+ "roles": ["admin"]
+ }
+ ]
+ },
+ "applicationScopeMappings": {
+ "Application": [
+ {
+ "username": "oauthclient",
+ "roles": ["user"]
+ }
+ ]
+
+ }
}
\ No newline at end of file
diff --git a/testsuite/integration/src/test/resources/testrealm.json b/testsuite/integration/src/test/resources/testrealm.json
index 66809f5..4122174 100755
--- a/testsuite/integration/src/test/resources/testrealm.json
+++ b/testsuite/integration/src/test/resources/testrealm.json
@@ -88,19 +88,23 @@
"name": "customer-admin",
"description": "Have Customer Admin privileges"
}
- ],
- "roleMappings": [
- {
- "username": "test-user@localhost",
- "roles": ["customer-user"]
- }
- ],
- "scopeMappings": [
- {
- "username": "third-party",
- "roles": ["customer-user"]
- }
]
- }
- ]
+ }
+ ],
+ "applicationRoleMappings": {
+ "test-app": [
+ {
+ "username": "test-user@localhost",
+ "roles": ["customer-user"]
+ }
+ ]
+ },
+ "applicationScopeMappings": {
+ "test-app": [
+ {
+ "username": "third-party",
+ "roles": ["customer-user"]
+ }
+ ]
+ }
}
\ No newline at end of file