keycloak-aplcache
Changes
core/pom.xml 1(+1 -0)
distribution/modules/build.xml 4(+4 -0)
integration/as7-eap6/adapter/pom.xml 4(+4 -0)
integration/undertow/pom.xml 4(+4 -0)
server/pom.xml 4(+4 -0)
Details
core/pom.xml 1(+1 -0)
diff --git a/core/pom.xml b/core/pom.xml
index 49d2275..011fa2a 100755
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -21,6 +21,7 @@
<dependency>
<groupId>net.iharder</groupId>
<artifactId>base64</artifactId>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
distribution/modules/build.xml 4(+4 -0)
diff --git a/distribution/modules/build.xml b/distribution/modules/build.xml
index 9ec84de..4b273e8 100755
--- a/distribution/modules/build.xml
+++ b/distribution/modules/build.xml
@@ -43,6 +43,10 @@
~ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-->
+ <module-def name="net.iharder.base64">
+ <maven-resource group="net.iharder" artifact="base64"/>
+ </module-def>
+
<module-def name="org.bouncycastle">
<maven-resource group="org.bouncycastle" artifact="bcprov-jdk16"/>
</module-def>
diff --git a/distribution/modules/src/main/resources/modules/net/iharder/base64/main/module.xml b/distribution/modules/src/main/resources/modules/net/iharder/base64/main/module.xml
new file mode 100755
index 0000000..5f39dcf
--- /dev/null
+++ b/distribution/modules/src/main/resources/modules/net/iharder/base64/main/module.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ JBoss, Home of Professional Open Source.
+ ~ Copyright 2010, Red Hat, Inc., and individual contributors
+ ~ as indicated by the @author tags. See the copyright.txt file in the
+ ~ distribution for a full listing of individual contributors.
+ ~
+ ~ This is free software; you can redistribute it and/or modify it
+ ~ under the terms of the GNU Lesser General Public License as
+ ~ published by the Free Software Foundation; either version 2.1 of
+ ~ the License, or (at your option) any later version.
+ ~
+ ~ This software is distributed in the hope that it will be useful,
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ ~ Lesser General Public License for more details.
+ ~
+ ~ You should have received a copy of the GNU Lesser General Public
+ ~ License along with this software; if not, write to the Free
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ -->
+
+<module xmlns="urn:jboss:module:1.1" name="net.iharder.base64">
+ <resources>
+ <!-- Insert resources here -->
+ </resources>
+ <dependencies>
+ <module name="javax.api"/>
+ </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-core/main/module.xml b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-core/main/module.xml
index a58f092..095e419 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-core/main/module.xml
+++ b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-core/main/module.xml
@@ -31,6 +31,7 @@
<module name="org.codehaus.jackson.jackson-mapper-asl"/>
<module name="org.codehaus.jackson.jackson-xc"/>
<module name="org.bouncycastle"/>
+ <module name="net.iharder.base64"/>
<module name="javax.api"/>
</dependencies>
integration/as7-eap6/adapter/pom.xml 4(+4 -0)
diff --git a/integration/as7-eap6/adapter/pom.xml b/integration/as7-eap6/adapter/pom.xml
index 35423e3..f4421de 100755
--- a/integration/as7-eap6/adapter/pom.xml
+++ b/integration/as7-eap6/adapter/pom.xml
@@ -29,6 +29,10 @@
<version>${keycloak.apache.httpcomponents.version}</version>
</dependency>
<dependency>
+ <groupId>net.iharder</groupId>
+ <artifactId>base64</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
</dependency>
diff --git a/integration/servlet-oauth-client/pom.xml b/integration/servlet-oauth-client/pom.xml
index 9311ed2..67163af 100755
--- a/integration/servlet-oauth-client/pom.xml
+++ b/integration/servlet-oauth-client/pom.xml
@@ -41,6 +41,10 @@
<artifactId>jackson-mapper-asl</artifactId>
</dependency>
<dependency>
+ <groupId>net.iharder</groupId>
+ <artifactId>base64</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.0_spec</artifactId>
<scope>provided</scope>
integration/undertow/pom.xml 4(+4 -0)
diff --git a/integration/undertow/pom.xml b/integration/undertow/pom.xml
index 1781ef3..8012c35 100755
--- a/integration/undertow/pom.xml
+++ b/integration/undertow/pom.xml
@@ -35,6 +35,10 @@
<version>${keycloak.apache.httpcomponents.version}</version>
</dependency>
<dependency>
+ <groupId>net.iharder</groupId>
+ <artifactId>base64</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
</dependency>
server/pom.xml 4(+4 -0)
diff --git a/server/pom.xml b/server/pom.xml
index f07ec2a..3293918 100755
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -20,6 +20,10 @@
<artifactId>bcprov-jdk16</artifactId>
</dependency>
<dependency>
+ <groupId>net.iharder</groupId>
+ <artifactId>base64</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<version>${project.version}</version>
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index e447ab1..87d4025 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -3,7 +3,6 @@ package org.keycloak.services.managers;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.models.ApplicationModel;
-import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@@ -15,7 +14,6 @@ import org.keycloak.util.JsonSerialization;
import javax.ws.rs.core.MultivaluedMap;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
-import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
@@ -62,7 +60,7 @@ public class TokenManager {
return scope == null || scope.isEmpty();
}
- public static void addScopes(RoleModel role, RoleModel scope, Set<RoleModel> visited, Set<RoleModel> requested) {
+ public static void applyScope(RoleModel role, RoleModel scope, Set<RoleModel> visited, Set<RoleModel> requested) {
if (visited.contains(scope)) return;
visited.add(scope);
if (role.hasRole(scope)) {
@@ -72,7 +70,7 @@ public class TokenManager {
if (!scope.isComposite()) return;
for (RoleModel contained : scope.getComposites()) {
- addScopes(role, contained, visited, requested);
+ applyScope(role, contained, visited, requested);
}
}
@@ -98,7 +96,7 @@ public class TokenManager {
if (clientApp != null && role.getContainer().equals(clientApp)) requestedRoles.add(role);
for (RoleModel desiredRole : scopeMappings) {
Set<RoleModel> visited = new HashSet<RoleModel>();
- addScopes(role, desiredRole, visited, requestedRoles);
+ applyScope(role, desiredRole, visited, requestedRoles);
}
}
@@ -114,35 +112,6 @@ public class TokenManager {
}
}
-
-
-
- Set<RoleModel> realmRoleMappings = realm.getRealmRoleMappings(user);
-
- for (RoleModel role : realmRoleMappings) {
- if (!desiresScope(scopeMap, "realm", role.getName())) continue;
- for (RoleModel desiredRole : scopeMappings) {
- if (desiredRole.hasRole(role)) {
- realmRolesRequested.add(role);
- } else if (role.hasRole(desiredRole)) {
- realmRolesRequested.add(desiredRole);
- }
- }
- }
-
- for (ApplicationModel application : realm.getApplications()) {
- if (!desiresScopeGroup(scopeMap, application.getName())) continue;
- Set<RoleModel> appRoleMappings = application.getApplicationRoleMappings(user);
- for (RoleModel role : appRoleMappings) {
- if (!desiresScope(scopeMap, application.getName(), role.getName())) continue;
- for (RoleModel desiredRole : scopeMappings) {
- if (!application.getApplicationUser().getLoginName().equals(client.getLoginName())
- && !desiredRole.hasRole(role)) continue;
- resourceRolesRequested.add(application.getName(), role);
- }
- }
- }
-
createToken(code, realm, client, user);
code.setRealm(realm);
code.setExpiration((System.currentTimeMillis() / 1000) + realm.getAccessCodeLifespan());