keycloak-aplcache
Changes
examples/demo-template/testrealm.json 21(+3 -18)
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java 2(+1 -1)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java 45(+23 -22)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java 44(+25 -19)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java 27(+18 -9)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java 37(+28 -9)
Details
diff --git a/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
index 601bce5..695afef 100755
--- a/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
@@ -14,7 +14,7 @@ public class ApplicationRepresentation {
protected String baseUrl;
protected boolean surrogateAuthRequired;
protected boolean enabled;
- protected List<CredentialRepresentation> credentials;
+ protected String secret;
protected String[] defaultRoles;
protected List<String> redirectUris;
protected List<String> webOrigins;
@@ -68,21 +68,12 @@ public class ApplicationRepresentation {
this.baseUrl = baseUrl;
}
- public List<CredentialRepresentation> getCredentials() {
- return credentials;
+ public String getSecret() {
+ return secret;
}
- public void setCredentials(List<CredentialRepresentation> credentials) {
- this.credentials = credentials;
- }
-
- public ApplicationRepresentation credential(String type, String value) {
- if (this.credentials == null) credentials = new ArrayList<CredentialRepresentation>();
- CredentialRepresentation cred = new CredentialRepresentation();
- cred.setType(type);
- cred.setValue(value);
- credentials.add(cred);
- return this;
+ public void setSecret(String secret) {
+ this.secret = secret;
}
public List<String> getRedirectUris() {
diff --git a/core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java
index cfd33dd..cbe3fb8 100755
--- a/core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java
@@ -13,7 +13,7 @@ public class OAuthClientRepresentation {
protected List<String> redirectUris;
protected List<String> webOrigins;
protected boolean enabled;
- protected List<CredentialRepresentation> credentials;
+ protected String secret;
protected ClaimRepresentation claims;
public String getId() {
@@ -64,12 +64,12 @@ public class OAuthClientRepresentation {
this.webOrigins = webOrigins;
}
- public List<CredentialRepresentation> getCredentials() {
- return credentials;
+ public String getSecret() {
+ return secret;
}
- public void setCredentials(List<CredentialRepresentation> credentials) {
- this.credentials = credentials;
+ public void setSecret(String secret) {
+ this.secret = secret;
}
public ClaimRepresentation getClaims() {
examples/demo-template/testrealm.json 21(+3 -18)
diff --git a/examples/demo-template/testrealm.json b/examples/demo-template/testrealm.json
index 5bcd82b..05addb5 100755
--- a/examples/demo-template/testrealm.json
+++ b/examples/demo-template/testrealm.json
@@ -62,35 +62,20 @@
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
}
],
"oauthClients": [
{
"name": "third-party",
"enabled": true,
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
}
],
"applicationRoleMappings": {
diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java
index 1324bfd..94fdf8f 100755
--- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java
+++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java
@@ -61,7 +61,7 @@ public class OAuthGrantBean {
}
public String getClient() {
- return client.getAgent().getLoginName();
+ return client.getClientId();
}
}
diff --git a/model/api/src/main/java/org/keycloak/models/ClientModel.java b/model/api/src/main/java/org/keycloak/models/ClientModel.java
index 7efae1a..cc7eaff 100755
--- a/model/api/src/main/java/org/keycloak/models/ClientModel.java
+++ b/model/api/src/main/java/org/keycloak/models/ClientModel.java
@@ -7,9 +7,19 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public interface ClientModel {
+ /**
+ * Internal database key
+ *
+ * @return
+ */
String getId();
- UserModel getAgent();
+ /**
+ * String exposed to outside world
+ *
+ * @return
+ */
+ String getClientId();
long getAllowedClaimsMask();
@@ -35,4 +45,8 @@ public interface ClientModel {
boolean isEnabled();
void setEnabled(boolean enabled);
+
+ boolean validateSecret(String secret);
+ String getSecret();
+ public void setSecret(String secret);
}
diff --git a/model/api/src/main/java/org/keycloak/models/Constants.java b/model/api/src/main/java/org/keycloak/models/Constants.java
index 9dfe1e4..d243bd1 100755
--- a/model/api/src/main/java/org/keycloak/models/Constants.java
+++ b/model/api/src/main/java/org/keycloak/models/Constants.java
@@ -9,8 +9,6 @@ public interface Constants {
String ADMIN_CONSOLE_APPLICATION = "admin-console";
String INTERNAL_ROLE = "KEYCLOAK_";
- String APPLICATION_ROLE = INTERNAL_ROLE + "_APPLICATION";
- String IDENTITY_REQUESTER_ROLE = INTERNAL_ROLE + "_IDENTITY_REQUESTER";
String ACCOUNT_MANAGEMENT_APP = "account";
}
diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java
index 3f96f4f..af9ef69 100755
--- a/model/api/src/main/java/org/keycloak/models/RealmModel.java
+++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java
@@ -117,24 +117,11 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
boolean removeApplication(String id);
- List<RequiredCredentialModel> getRequiredApplicationCredentials();
-
-
- List<RequiredCredentialModel> getRequiredOAuthClientCredentials();
-
ApplicationModel getApplicationById(String id);
ApplicationModel getApplicationByName(String name);
- void addRequiredOAuthClientCredential(String type);
-
- void addRequiredResourceCredential(String type);
-
void updateRequiredCredentials(Set<String> creds);
- void updateRequiredOAuthClientCredentials(Set<String> creds);
-
- void updateRequiredApplicationCredentials(Set<String> creds);
-
UserModel getUserBySocialLink(SocialLinkModel socialLink);
Set<SocialLinkModel> getSocialLinks(UserModel user);
@@ -185,15 +172,5 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
void setAccountTheme(String name);
- boolean validateSecret(UserModel user, String secret);
-
- /**
- * Secrets can be viewed. They are used by confidential Applications and OAuth clients
- *
- * @param user
- * @return
- */
- UserCredentialModel getSecret(UserModel user);
-
boolean hasScope(ClientModel client, RoleModel role);
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
index 1b9b86e..69c30ec 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
@@ -20,16 +20,17 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
-public class ApplicationAdapter implements ApplicationModel {
+public class ApplicationAdapter extends ClientAdapter implements ApplicationModel {
protected EntityManager em;
- protected ApplicationEntity entity;
+ protected ApplicationEntity applicationEntity;
protected RealmModel realm;
- public ApplicationAdapter(RealmModel realm, EntityManager em, ApplicationEntity entity) {
+ public ApplicationAdapter(RealmModel realm, EntityManager em, ApplicationEntity applicationEntity) {
+ super(applicationEntity);
this.realm = realm;
this.em = em;
- this.entity = entity;
+ this.applicationEntity = applicationEntity;
}
@Override
@@ -38,16 +39,6 @@ public class ApplicationAdapter implements ApplicationModel {
}
@Override
- public UserModel getAgent() {
- return new UserAdapter(entity.getApplicationUser());
- }
-
- @Override
- public String getId() {
- return entity.getId();
- }
-
- @Override
public String getName() {
return entity.getName();
}
@@ -57,54 +48,35 @@ public class ApplicationAdapter implements ApplicationModel {
entity.setName(name);
}
- @Override
- public boolean isEnabled() {
- return entity.isEnabled();
- }
-
- @Override
- public void setEnabled(boolean enabled) {
- entity.setEnabled(enabled);
- }
-
- @Override
- public long getAllowedClaimsMask() {
- return entity.getAllowedClaimsMask();
- }
-
- @Override
- public void setAllowedClaimsMask(long mask) {
- entity.setAllowedClaimsMask(mask);
- }
@Override
public boolean isSurrogateAuthRequired() {
- return entity.isSurrogateAuthRequired();
+ return applicationEntity.isSurrogateAuthRequired();
}
@Override
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
- entity.setSurrogateAuthRequired(surrogateAuthRequired);
+ applicationEntity.setSurrogateAuthRequired(surrogateAuthRequired);
}
@Override
public String getManagementUrl() {
- return entity.getManagementUrl();
+ return applicationEntity.getManagementUrl();
}
@Override
public void setManagementUrl(String url) {
- entity.setManagementUrl(url);
+ applicationEntity.setManagementUrl(url);
}
@Override
public String getBaseUrl() {
- return entity.getBaseUrl();
+ return applicationEntity.getBaseUrl();
}
@Override
public void setBaseUrl(String url) {
- entity.setBaseUrl(url);
+ applicationEntity.setBaseUrl(url);
}
@Override
@@ -123,9 +95,9 @@ public class ApplicationAdapter implements ApplicationModel {
if (role != null) return role;
ApplicationRoleEntity roleEntity = new ApplicationRoleEntity();
roleEntity.setName(name);
- roleEntity.setApplication(entity);
+ roleEntity.setApplication(applicationEntity);
em.persist(roleEntity);
- entity.getRoles().add(roleEntity);
+ applicationEntity.getRoles().add(roleEntity);
em.flush();
return new RoleAdapter(realm, em, roleEntity);
}
@@ -139,10 +111,10 @@ public class ApplicationAdapter implements ApplicationModel {
ApplicationRoleEntity role = (ApplicationRoleEntity)roleAdapter.getRole();
- entity.getRoles().remove(role);
- entity.getDefaultRoles().remove(role);
+ applicationEntity.getRoles().remove(role);
+ applicationEntity.getDefaultRoles().remove(role);
- em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
+ em.createQuery("delete from " + ScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
role.setApplication(null);
em.flush();
@@ -154,7 +126,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public Set<RoleModel> getRoles() {
Set<RoleModel> list = new HashSet<RoleModel>();
- Collection<ApplicationRoleEntity> roles = entity.getRoles();
+ Collection<ApplicationRoleEntity> roles = applicationEntity.getRoles();
if (roles == null) return list;
for (RoleEntity entity : roles) {
list.add(new RoleAdapter(realm, em, entity));
@@ -215,7 +187,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public List<String> getDefaultRoles() {
- Collection<RoleEntity> entities = entity.getDefaultRoles();
+ Collection<RoleEntity> entities = applicationEntity.getDefaultRoles();
List<String> roles = new ArrayList<String>();
if (entities == null) return roles;
for (RoleEntity entity : entities) {
@@ -230,7 +202,7 @@ public class ApplicationAdapter implements ApplicationModel {
if (role == null) {
role = addRole(name);
}
- Collection<RoleEntity> entities = entity.getDefaultRoles();
+ Collection<RoleEntity> entities = applicationEntity.getDefaultRoles();
for (RoleEntity entity : entities) {
if (entity.getId().equals(role.getId())) {
return;
@@ -249,7 +221,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public void updateDefaultRoles(String[] defaultRoles) {
- Collection<RoleEntity> entities = entity.getDefaultRoles();
+ Collection<RoleEntity> entities = applicationEntity.getDefaultRoles();
Set<String> already = new HashSet<String>();
List<RoleEntity> remove = new ArrayList<RoleEntity>();
for (RoleEntity rel : entities) {
@@ -287,49 +259,4 @@ public class ApplicationAdapter implements ApplicationModel {
public String toString() {
return getName();
}
-
- @Override
- public Set<String> getWebOrigins() {
- Set<String> result = new HashSet<String>();
- result.addAll(entity.getWebOrigins());
- return result;
- }
-
- @Override
- public void setWebOrigins(Set<String> webOrigins) {
- entity.setWebOrigins(webOrigins);
- }
-
- @Override
- public void addWebOrigin(String webOrigin) {
- entity.getWebOrigins().add(webOrigin);
- }
-
- @Override
- public void removeWebOrigin(String webOrigin) {
- entity.getWebOrigins().remove(webOrigin);
- }
-
- @Override
- public Set<String> getRedirectUris() {
- Set<String> result = new HashSet<String>();
- result.addAll(entity.getRedirectUris());
- return result;
- }
-
- @Override
- public void setRedirectUris(Set<String> redirectUris) {
- entity.setRedirectUris(redirectUris);
- }
-
- @Override
- public void addRedirectUri(String redirectUri) {
- entity.getRedirectUris().add(redirectUri);
- }
-
- @Override
- public void removeRedirectUri(String redirectUri) {
- entity.getRedirectUris().remove(redirectUri);
- }
-
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java
new file mode 100755
index 0000000..2ec95ec
--- /dev/null
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java
@@ -0,0 +1,96 @@
+package org.keycloak.models.jpa;
+
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.jpa.entities.ClientEntity;
+import org.keycloak.models.jpa.entities.OAuthClientEntity;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class ClientAdapter implements ClientModel {
+ protected ClientEntity entity;
+
+ public ClientAdapter(ClientEntity entity) {
+ this.entity = entity;
+ }
+
+ public ClientEntity getEntity() {
+ return entity;
+ }
+
+ public String getId() {
+ return entity.getId();
+ }
+
+ public String getClientId() {
+ return entity.getName();
+ }
+
+ public boolean isEnabled() {
+ return entity.isEnabled();
+ }
+
+ public void setEnabled(boolean enabled) {
+ entity.setEnabled(enabled);
+ }
+
+ public long getAllowedClaimsMask() {
+ return entity.getAllowedClaimsMask();
+ }
+
+ public void setAllowedClaimsMask(long mask) {
+ entity.setAllowedClaimsMask(mask);
+ }
+
+ public Set<String> getWebOrigins() {
+ Set<String> result = new HashSet<String>();
+ result.addAll(entity.getWebOrigins());
+ return result;
+ }
+
+ public void setWebOrigins(Set<String> webOrigins) {
+ entity.setWebOrigins(webOrigins);
+ }
+
+ public void addWebOrigin(String webOrigin) {
+ entity.getWebOrigins().add(webOrigin);
+ }
+
+ public void removeWebOrigin(String webOrigin) {
+ entity.getWebOrigins().remove(webOrigin);
+ }
+
+ public Set<String> getRedirectUris() {
+ Set<String> result = new HashSet<String>();
+ result.addAll(entity.getRedirectUris());
+ return result;
+ }
+
+ public void setRedirectUris(Set<String> redirectUris) {
+ entity.setRedirectUris(redirectUris);
+ }
+
+ public void addRedirectUri(String redirectUri) {
+ entity.getRedirectUris().add(redirectUri);
+ }
+
+ public void removeRedirectUri(String redirectUri) {
+ entity.getRedirectUris().remove(redirectUri);
+ }
+
+ public String getSecret() {
+ return entity.getSecret();
+ }
+
+ public void setSecret(String secret) {
+ entity.setSecret(secret);
+ }
+
+ public boolean validateSecret(String secret) {
+ return secret.equals(entity.getSecret());
+ }
+}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
index e5ab951..1481857 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
@@ -23,29 +23,14 @@ import org.hibernate.annotations.GenericGenerator;
* @version $Revision: 1 $
*/
@Entity
-public class ApplicationEntity {
- @Id
- @GenericGenerator(name="keycloak_generator", strategy="org.keycloak.models.jpa.utils.JpaIdGenerator")
- @GeneratedValue(generator = "keycloak_generator")
- private String id;
-
- private String name;
- private boolean enabled;
+public class ApplicationEntity extends ClientEntity {
+
private boolean surrogateAuthRequired;
private String baseUrl;
private String managementUrl;
- private long allowedClaimsMask;
-
- @OneToOne(fetch = FetchType.EAGER)
- private UserEntity applicationUser;
-
- @ElementCollection
- @CollectionTable
- protected Set<String> webOrigins = new HashSet<String>();
- @ElementCollection
- @CollectionTable
- protected Set<String> redirectUris = new HashSet<String>();
+ @ManyToOne()
+ private RealmEntity realm;
@OneToMany(fetch = FetchType.EAGER, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "application")
Collection<ApplicationRoleEntity> roles = new ArrayList<ApplicationRoleEntity>();
@@ -54,21 +39,6 @@ public class ApplicationEntity {
@JoinTable(name="ApplicationDefaultRoles")
Collection<RoleEntity> defaultRoles = new ArrayList<RoleEntity>();
- @ManyToOne()
- private RealmEntity realm;
-
- public String getId() {
- return id;
- }
-
- public boolean isEnabled() {
- return enabled;
- }
-
- public void setEnabled(boolean enabled) {
- this.enabled = enabled;
- }
-
public boolean isSurrogateAuthRequired() {
return surrogateAuthRequired;
}
@@ -93,14 +63,6 @@ public class ApplicationEntity {
this.managementUrl = managementUrl;
}
- public UserEntity getApplicationUser() {
- return applicationUser;
- }
-
- public void setApplicationUser(UserEntity applicationUser) {
- this.applicationUser = applicationUser;
- }
-
public Collection<ApplicationRoleEntity> getRoles() {
return roles;
}
@@ -109,14 +71,6 @@ public class ApplicationEntity {
this.roles = roles;
}
- public String getName() {
- return name;
- }
-
- public void setName(String name) {
- this.name = name;
- }
-
public Collection<RoleEntity> getDefaultRoles() {
return defaultRoles;
}
@@ -133,29 +87,6 @@ public class ApplicationEntity {
this.realm = realm;
}
- public long getAllowedClaimsMask() {
- return allowedClaimsMask;
- }
-
- public void setAllowedClaimsMask(long allowedClaimsMask) {
- this.allowedClaimsMask = allowedClaimsMask;
- }
-
- public Set<String> getWebOrigins() {
- return webOrigins;
- }
-
- public void setWebOrigins(Set<String> webOrigins) {
- this.webOrigins = webOrigins;
- }
-
- public Set<String> getRedirectUris() {
- return redirectUris;
- }
-
- public void setRedirectUris(Set<String> redirectUris) {
- this.redirectUris = redirectUris;
- }
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java
new file mode 100755
index 0000000..8d56d90
--- /dev/null
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java
@@ -0,0 +1,95 @@
+package org.keycloak.models.jpa.entities;
+
+import org.hibernate.annotations.GenericGenerator;
+
+import javax.persistence.CascadeType;
+import javax.persistence.CollectionTable;
+import javax.persistence.ElementCollection;
+import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.GeneratedValue;
+import javax.persistence.Id;
+import javax.persistence.Inheritance;
+import javax.persistence.InheritanceType;
+import javax.persistence.ManyToOne;
+import javax.persistence.OneToMany;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+@Entity
+@Inheritance(strategy = InheritanceType.JOINED)
+public class ClientEntity {
+ @Id
+ @GenericGenerator(name="keycloak_generator", strategy="org.keycloak.models.jpa.utils.JpaIdGenerator")
+ @GeneratedValue(generator = "keycloak_generator")
+ private String id;
+ private String name;
+ private boolean enabled;
+ private String secret;
+ private long allowedClaimsMask;
+
+
+ @ElementCollection
+ @CollectionTable
+ protected Set<String> webOrigins = new HashSet<String>();
+ @ElementCollection
+ @CollectionTable
+ protected Set<String> redirectUris = new HashSet<String>();
+
+
+ public String getId() {
+ return id;
+ }
+
+ public boolean isEnabled() {
+ return enabled;
+ }
+
+ public void setEnabled(boolean enabled) {
+ this.enabled = enabled;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public long getAllowedClaimsMask() {
+ return allowedClaimsMask;
+ }
+
+ public void setAllowedClaimsMask(long allowedClaimsMask) {
+ this.allowedClaimsMask = allowedClaimsMask;
+ }
+
+ public Set<String> getWebOrigins() {
+ return webOrigins;
+ }
+
+ public void setWebOrigins(Set<String> webOrigins) {
+ this.webOrigins = webOrigins;
+ }
+
+ public Set<String> getRedirectUris() {
+ return redirectUris;
+ }
+
+ public void setRedirectUris(Set<String> redirectUris) {
+ this.redirectUris = redirectUris;
+ }
+
+ public String getSecret() {
+ return secret;
+ }
+
+ public void setSecret(String secret) {
+ this.secret = secret;
+ }
+}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java
index eb38b86..ff69530 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java
@@ -21,54 +21,15 @@ import java.util.Set;
* @version $Revision: 1 $
*/
@NamedQueries({
- @NamedQuery(name="findOAuthClientByUser", query="select o from OAuthClientEntity o where o.agent.loginName=:name and o.realm = :realm"),
+ @NamedQuery(name="findOAuthClientByName", query="select o from OAuthClientEntity o where o.name=:name and o.realm = :realm"),
@NamedQuery(name="findOAuthClientByRealm", query="select o from OAuthClientEntity o where o.realm = :realm")
})
@Entity
-public class OAuthClientEntity {
- @Id
- @GenericGenerator(name="keycloak_generator", strategy="org.keycloak.models.jpa.utils.JpaIdGenerator")
- @GeneratedValue(generator = "keycloak_generator")
- private String id;
+public class OAuthClientEntity extends ClientEntity {
- private String name;
- private long allowedClaimsMask;
-
- @ElementCollection
- @CollectionTable
- protected Set<String> webOrigins = new HashSet<String>();
-
- @ElementCollection
- @CollectionTable
- protected Set<String> redirectUris = new HashSet<String>();
-
-
- @OneToOne(fetch = FetchType.EAGER)
- private UserEntity agent;
-
- @ManyToOne
- protected RealmEntity realm;
-
- public String getId() {
- return id;
- }
-
- public UserEntity getAgent() {
- return agent;
- }
-
- public void setAgent(UserEntity agent) {
- this.agent = agent;
- }
-
- public String getName() {
- return name;
- }
-
- public void setName(String name) {
- this.name = name;
- }
+ @ManyToOne()
+ private RealmEntity realm;
public RealmEntity getRealm() {
return realm;
@@ -78,30 +39,5 @@ public class OAuthClientEntity {
this.realm = realm;
}
- public long getAllowedClaimsMask() {
- return allowedClaimsMask;
- }
-
- public void setAllowedClaimsMask(long allowedClaimsMask) {
- this.allowedClaimsMask = allowedClaimsMask;
- }
-
- public Set<String> getWebOrigins() {
- return webOrigins;
- }
-
- public void setWebOrigins(Set<String> webOrigins) {
- this.webOrigins = webOrigins;
- }
-
- public Set<String> getRedirectUris() {
- return redirectUris;
- }
-
- public void setRedirectUris(Set<String> redirectUris) {
- this.redirectUris = redirectUris;
- }
-
-
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
index d2e8370..c4a20a7 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
@@ -62,14 +62,6 @@ public class RealmEntity {
@JoinTable(name="User_RequiredCreds")
Collection<RequiredCredentialEntity> requiredCredentials = new ArrayList<RequiredCredentialEntity>();
- @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
- @JoinTable(name="App_RequiredCreds")
- Collection<RequiredCredentialEntity> requiredAppCredentials = new ArrayList<RequiredCredentialEntity>();
-
- @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
- @JoinTable(name="OAuthClient_RequiredCreds")
- Collection<RequiredCredentialEntity> requiredOAuthClCredentials = new ArrayList<RequiredCredentialEntity>();
-
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
Collection<ApplicationEntity> applications = new ArrayList<ApplicationEntity>();
@@ -236,22 +228,6 @@ public class RealmEntity {
this.requiredCredentials = requiredCredentials;
}
- public Collection<RequiredCredentialEntity> getRequiredAppCredentials() {
- return requiredAppCredentials;
- }
-
- public void setRequiredAppCredentials(Collection<RequiredCredentialEntity> requiredAppCredentials) {
- this.requiredAppCredentials = requiredAppCredentials;
- }
-
- public Collection<RequiredCredentialEntity> getRequiredOAuthClCredentials() {
- return requiredOAuthClCredentials;
- }
-
- public void setRequiredOAuthClCredentials(Collection<RequiredCredentialEntity> requiredOAuthClCredentials) {
- this.requiredOAuthClCredentials = requiredOAuthClCredentials;
- }
-
public Collection<ApplicationEntity> getApplications() {
return applications;
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ScopeMappingEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ScopeMappingEntity.java
new file mode 100755
index 0000000..4709030
--- /dev/null
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ScopeMappingEntity.java
@@ -0,0 +1,55 @@
+package org.keycloak.models.jpa.entities;
+
+import org.hibernate.annotations.GenericGenerator;
+
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.Id;
+import javax.persistence.ManyToOne;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+@NamedQueries({
+ @NamedQuery(name="hasScope", query="select m from ScopeMappingEntity m where m.client = :client and m.role = :role"),
+ @NamedQuery(name="clientScopeMappings", query="select m from ScopeMappingEntity m where m.client = :client")
+})
+@Entity
+public class ScopeMappingEntity {
+ @Id
+ @GenericGenerator(name="keycloak_generator", strategy="org.keycloak.models.jpa.utils.JpaIdGenerator")
+ @GeneratedValue(generator = "keycloak_generator")
+ protected String id;
+ @ManyToOne
+ protected ClientEntity client;
+ @ManyToOne
+ protected RoleEntity role;
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+ public ClientEntity getClient() {
+ return client;
+ }
+
+ public void setClient(ClientEntity client) {
+ this.client = client;
+ }
+
+ public RoleEntity getRole() {
+ return role;
+ }
+
+ public void setRole(RoleEntity role) {
+ this.role = role;
+ }
+
+}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java
index 4098ff0..692a4e1 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java
@@ -11,91 +11,9 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
-public class OAuthClientAdapter implements OAuthClientModel {
- protected OAuthClientEntity entity;
+public class OAuthClientAdapter extends ClientAdapter implements OAuthClientModel {
public OAuthClientAdapter(OAuthClientEntity entity) {
- this.entity = entity;
+ super(entity);
}
-
- public OAuthClientEntity getEntity() {
- return entity;
- }
-
- @Override
- public String getId() {
- return entity.getId();
- }
-
- @Override
- public boolean isEnabled() {
- return getAgent().isEnabled();
- }
-
- @Override
- public void setEnabled(boolean enabled) {
- getAgent().setEnabled(enabled);
- }
-
- @Override
- public UserModel getAgent() {
- return new UserAdapter(entity.getAgent());
- }
- @Override
- public long getAllowedClaimsMask() {
- return entity.getAllowedClaimsMask();
- }
-
- @Override
- public void setAllowedClaimsMask(long mask) {
- entity.setAllowedClaimsMask(mask);
- }
-
- @Override
- public Set<String> getWebOrigins() {
- Set<String> result = new HashSet<String>();
- result.addAll(entity.getWebOrigins());
- return result;
- }
-
- @Override
- public void setWebOrigins(Set<String> webOrigins) {
- entity.setWebOrigins(webOrigins);
- }
-
- @Override
- public void addWebOrigin(String webOrigin) {
- entity.getWebOrigins().add(webOrigin);
- }
-
- @Override
- public void removeWebOrigin(String webOrigin) {
- entity.getWebOrigins().remove(webOrigin);
- }
-
- @Override
- public Set<String> getRedirectUris() {
- Set<String> result = new HashSet<String>();
- result.addAll(entity.getRedirectUris());
- return result;
- }
-
- @Override
- public void setRedirectUris(Set<String> redirectUris) {
- entity.setRedirectUris(redirectUris);
- }
-
- @Override
- public void addRedirectUri(String redirectUri) {
- entity.getRedirectUris().add(redirectUri);
- }
-
- @Override
- public void removeRedirectUri(String redirectUri) {
- entity.getRedirectUris().remove(redirectUri);
- }
-
-
-
-
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index 0330586..e513fe2 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -9,10 +9,10 @@ import org.keycloak.models.jpa.entities.RealmEntity;
import org.keycloak.models.jpa.entities.RealmRoleEntity;
import org.keycloak.models.jpa.entities.RequiredCredentialEntity;
import org.keycloak.models.jpa.entities.RoleEntity;
+import org.keycloak.models.jpa.entities.ScopeMappingEntity;
import org.keycloak.models.jpa.entities.SocialLinkEntity;
import org.keycloak.models.jpa.entities.UserEntity;
import org.keycloak.models.jpa.entities.UserRoleMappingEntity;
-import org.keycloak.models.jpa.entities.UserScopeMappingEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.Pbkdf2PasswordEncoder;
import org.keycloak.models.ApplicationModel;
@@ -313,125 +313,6 @@ public class RealmAdapter implements RealmModel {
return requiredCredentialModels; //To change body of implemented methods use File | Settings | File Templates.
}
- @Override
- public List<RequiredCredentialModel> getRequiredApplicationCredentials() {
- List<RequiredCredentialModel> requiredCredentialModels = new ArrayList<RequiredCredentialModel>();
- Collection<RequiredCredentialEntity> entities = realm.getRequiredAppCredentials();
- if (entities == null) return requiredCredentialModels;
- for (RequiredCredentialEntity entity : entities) {
- RequiredCredentialModel model = new RequiredCredentialModel();
- model.setFormLabel(entity.getFormLabel());
- model.setType(entity.getType());
- model.setSecret(entity.isSecret());
- model.setInput(entity.isInput());
- requiredCredentialModels.add(model);
- }
- return requiredCredentialModels; //To change body of implemented methods use File | Settings | File Templates.
- }
-
- @Override
- public List<RequiredCredentialModel> getRequiredOAuthClientCredentials() {
- List<RequiredCredentialModel> requiredCredentialModels = new ArrayList<RequiredCredentialModel>();
- Collection<RequiredCredentialEntity> entities = realm.getRequiredOAuthClCredentials();
- if (entities == null) return requiredCredentialModels;
- for (RequiredCredentialEntity entity : entities) {
- RequiredCredentialModel model = new RequiredCredentialModel();
- model.setFormLabel(entity.getFormLabel());
- model.setType(entity.getType());
- model.setSecret(entity.isSecret());
- model.setInput(entity.isInput());
- requiredCredentialModels.add(model);
- }
- return requiredCredentialModels; //To change body of implemented methods use File | Settings | File Templates.
- }
-
- public void addRequiredOAuthClientCredential(RequiredCredentialModel model) {
- RequiredCredentialEntity entity = new RequiredCredentialEntity();
- entity.setInput(model.isInput());
- entity.setSecret(model.isSecret());
- entity.setType(model.getType());
- entity.setFormLabel(model.getFormLabel());
- em.persist(entity);
- realm.getRequiredOAuthClCredentials().add(entity);
- em.flush();
- }
-
- @Override
- public void addRequiredOAuthClientCredential(String type) {
- RequiredCredentialModel model = initRequiredCredentialModel(type);
- addRequiredOAuthClientCredential(model);
- em.flush();
- }
-
- public void addRequiredResourceCredential(RequiredCredentialModel model) {
- RequiredCredentialEntity entity = new RequiredCredentialEntity();
- entity.setInput(model.isInput());
- entity.setSecret(model.isSecret());
- entity.setType(model.getType());
- entity.setFormLabel(model.getFormLabel());
- em.persist(entity);
- realm.getRequiredAppCredentials().add(entity);
- em.flush();
- }
-
- @Override
- public void addRequiredResourceCredential(String type) {
- RequiredCredentialModel model = initRequiredCredentialModel(type);
- addRequiredResourceCredential(model);
- em.flush();
- }
-
- @Override
- public void updateRequiredOAuthClientCredentials(Set<String> creds) {
- Collection<RequiredCredentialEntity> relationships = realm.getRequiredOAuthClCredentials();
- if (relationships == null) relationships = new ArrayList<RequiredCredentialEntity>();
-
- Set<String> already = new HashSet<String>();
- List<RequiredCredentialEntity> remove = new ArrayList<RequiredCredentialEntity>();
- for (RequiredCredentialEntity rel : relationships) {
- if (!creds.contains(rel.getType())) {
- remove.add(rel);
- } else {
- already.add(rel.getType());
- }
- }
- for (RequiredCredentialEntity entity : remove) {
- relationships.remove(entity);
- em.remove(entity);
- }
- for (String cred : creds) {
- if (!already.contains(cred)) {
- addRequiredOAuthClientCredential(cred);
- }
- }
- em.flush();
- }
-
- @Override
- public void updateRequiredApplicationCredentials(Set<String> creds) {
- Collection<RequiredCredentialEntity> relationships = realm.getRequiredAppCredentials();
- if (relationships == null) relationships = new ArrayList<RequiredCredentialEntity>();
-
- Set<String> already = new HashSet<String>();
- List<RequiredCredentialEntity> remove = new ArrayList<RequiredCredentialEntity>();
- for (RequiredCredentialEntity rel : relationships) {
- if (!creds.contains(rel.getType())) {
- remove.add(rel);
- } else {
- already.add(rel.getType());
- }
- }
- for (RequiredCredentialEntity entity : remove) {
- relationships.remove(entity);
- em.remove(entity);
- }
- for (String cred : creds) {
- if (!already.contains(cred)) {
- addRequiredResourceCredential(cred);
- }
- }
- em.flush();
- }
@Override
public UserModel getUser(String name) {
@@ -495,7 +376,6 @@ public class RealmAdapter implements RealmModel {
}
private void removeUser(UserEntity user) {
- em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.createQuery("delete from " + SocialLinkEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.remove(user);
@@ -588,12 +468,6 @@ public class RealmAdapter implements RealmModel {
@Override
public ApplicationModel addApplication(String name) {
ApplicationEntity applicationData = new ApplicationEntity();
- UserEntity user = new UserEntity();
- user.setLoginName(name);
- user.setRealm(realm);
- user.setEnabled(true);
- em.persist(user);
- applicationData.setApplicationUser(user);
applicationData.setName(name);
applicationData.setEnabled(true);
applicationData.setRealm(realm);
@@ -634,7 +508,8 @@ public class RealmAdapter implements RealmModel {
return false;
}
em.remove(applicationEntity);
- removeUser(applicationEntity.getApplicationUser());
+ em.createQuery("delete from " + ScopeMappingEntity.class.getSimpleName() + " where client = :client").setParameter("client", applicationEntity).executeUpdate();
+
return true;
}
@@ -783,12 +658,7 @@ public class RealmAdapter implements RealmModel {
@Override
public OAuthClientModel addOAuthClient(String name) {
OAuthClientEntity data = new OAuthClientEntity();
- UserEntity user = new UserEntity();
- user.setLoginName(name);
- user.setRealm(realm);
- user.setEnabled(true);
- em.persist(user);
- data.setAgent(user);
+ data.setEnabled(true);
data.setName(name);
data.setRealm(realm);
em.persist(data);
@@ -799,9 +669,7 @@ public class RealmAdapter implements RealmModel {
@Override
public boolean removeOAuthClient(String id) {
OAuthClientEntity client = em.find(OAuthClientEntity.class, id);
- em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
- em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", client.getAgent()).executeUpdate();
- removeUser(client.getAgent());
+ em.createQuery("delete from " + ScopeMappingEntity.class.getSimpleName() + " where client = :client").setParameter("client", client).executeUpdate();
em.remove(client);
return true;
}
@@ -809,7 +677,7 @@ public class RealmAdapter implements RealmModel {
@Override
public OAuthClientModel getOAuthClient(String name) {
- TypedQuery<OAuthClientEntity> query = em.createNamedQuery("findOAuthClientByUser", OAuthClientEntity.class);
+ TypedQuery<OAuthClientEntity> query = em.createNamedQuery("findOAuthClientByName", OAuthClientEntity.class);
query.setParameter("name", name);
query.setParameter("realm", realm);
List<OAuthClientEntity> entities = query.getResultList();
@@ -894,7 +762,7 @@ public class RealmAdapter implements RealmModel {
realm.getDefaultRoles().remove(role);
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
- em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
+ em.createQuery("delete from " + ScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
em.remove(roleEntity);
@@ -1023,11 +891,11 @@ public class RealmAdapter implements RealmModel {
@Override
public Set<RoleModel> getScopeMappings(ClientModel client) {
- TypedQuery<UserScopeMappingEntity> query = em.createNamedQuery("userScopeMappings", UserScopeMappingEntity.class);
- query.setParameter("user", ((UserAdapter)client.getAgent()).getUser());
- List<UserScopeMappingEntity> entities = query.getResultList();
+ TypedQuery<ScopeMappingEntity> query = em.createNamedQuery("clientScopeMappings", ScopeMappingEntity.class);
+ query.setParameter("client", ((ClientAdapter)client).getEntity());
+ List<ScopeMappingEntity> entities = query.getResultList();
Set<RoleModel> roles = new HashSet<RoleModel>();
- for (UserScopeMappingEntity entity : entities) {
+ for (ScopeMappingEntity entity : entities) {
roles.add(new RoleAdapter(this, em, entity.getRole()));
}
return roles;
@@ -1035,44 +903,31 @@ public class RealmAdapter implements RealmModel {
@Override
public void addScopeMapping(ClientModel client, RoleModel role) {
- UserModel agent = client.getAgent();
if (hasScope(client, role)) return;
- UserScopeMappingEntity entity = new UserScopeMappingEntity();
- entity.setUser(((UserAdapter) agent).getUser());
+ ScopeMappingEntity entity = new ScopeMappingEntity();
+ entity.setClient(((ClientAdapter) client).getEntity());
entity.setRole(((RoleAdapter)role).getRole());
em.persist(entity);
}
@Override
public void deleteScopeMapping(ClientModel client, RoleModel role) {
- UserModel agent = client.getAgent();
- TypedQuery<UserScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) agent, (RoleAdapter) role);
- List<UserScopeMappingEntity> results = query.getResultList();
+ TypedQuery<ScopeMappingEntity> query = getRealmScopeMappingQuery((ClientAdapter) client, (RoleAdapter) role);
+ List<ScopeMappingEntity> results = query.getResultList();
if (results.size() == 0) return;
- for (UserScopeMappingEntity entity : results) {
+ for (ScopeMappingEntity entity : results) {
em.remove(entity);
}
}
- protected TypedQuery<UserScopeMappingEntity> getRealmScopeMappingQuery(UserAdapter user, RoleAdapter role) {
- TypedQuery<UserScopeMappingEntity> query = em.createNamedQuery("userHasScope", UserScopeMappingEntity.class);
- query.setParameter("user", ((UserAdapter)user).getUser());
+ protected TypedQuery<ScopeMappingEntity> getRealmScopeMappingQuery(ClientAdapter client, RoleAdapter role) {
+ TypedQuery<ScopeMappingEntity> query = em.createNamedQuery("hasScope", ScopeMappingEntity.class);
+ query.setParameter("client", client.getEntity());
query.setParameter("role", ((RoleAdapter)role).getRole());
return query;
}
@Override
- public UserCredentialModel getSecret(UserModel user) {
- for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) {
- if (cred.getType().equals(UserCredentialModel.SECRET)) {
- return UserCredentialModel.secret(cred.getValue());
- }
- }
- return null;
-
- }
-
- @Override
public boolean validatePassword(UserModel user, String password) {
for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) {
if (cred.getType().equals(UserCredentialModel.PASSWORD)) {
@@ -1083,18 +938,6 @@ public class RealmAdapter implements RealmModel {
}
@Override
- public boolean validateSecret(UserModel user, String secret) {
- for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) {
- if (cred.getType().equals(UserCredentialModel.SECRET)) {
- return secret.equals(cred.getValue());
- }
- }
- return false;
- }
-
-
-
- @Override
public boolean validateTOTP(UserModel user, String password, String token) {
if (!validatePassword(user, password)) return false;
for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) {
diff --git a/model/jpa/src/test/resources/META-INF/persistence.xml b/model/jpa/src/test/resources/META-INF/persistence.xml
index a020d60..8fa01f2 100755
--- a/model/jpa/src/test/resources/META-INF/persistence.xml
+++ b/model/jpa/src/test/resources/META-INF/persistence.xml
@@ -15,7 +15,7 @@
<class>org.keycloak.models.jpa.entities.SocialLinkEntity</class>
<class>org.keycloak.models.jpa.entities.UserEntity</class>
<class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class>
- <class>org.keycloak.models.jpa.entities.UserScopeMappingEntity</class>
+ <class>org.keycloak.models.jpa.entities.ScopeMappingEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes>
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
index 4f17350..07d8764 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
@@ -24,16 +24,10 @@ import java.util.Set;
public class ApplicationAdapter extends AbstractAdapter implements ApplicationModel {
private final ApplicationEntity application;
- private UserAdapter resourceUser;
public ApplicationAdapter(ApplicationEntity applicationEntity, MongoStoreInvocationContext invContext) {
- this(applicationEntity, null, invContext);
- }
-
- public ApplicationAdapter(ApplicationEntity applicationEntity, UserAdapter resourceUser, MongoStoreInvocationContext invContext) {
super(invContext);
this.application = applicationEntity;
- this.resourceUser = resourceUser;
}
@Override
@@ -42,22 +36,13 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo
}
@Override
- public UserAdapter getAgent() {
- // This is not thread-safe. Assumption is that ApplicationAdapter instance is per-client object
- if (resourceUser == null) {
- UserEntity userEntity = getMongoStore().loadEntity(UserEntity.class, application.getResourceUserId(), invocationContext);
- if (userEntity == null) {
- throw new IllegalStateException("User " + application.getResourceUserId() + " not found");
- }
- resourceUser = new UserAdapter(userEntity, invocationContext);
- }
-
- return resourceUser;
+ public String getId() {
+ return application.getId();
}
@Override
- public String getId() {
- return application.getId();
+ public String getClientId() {
+ return getName();
}
@Override
@@ -197,14 +182,13 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo
@Override
public void addScope(RoleModel role) {
- UserAdapter appUser = getAgent();
- getMongoStore().pushItemToList(appUser.getUser(), "scopeIds", role.getId(), true, invocationContext);
+ getMongoStore().pushItemToList(application, "scopeIds", role.getId(), true, invocationContext);
}
@Override
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> result = new HashSet<RoleModel>();
- List<RoleEntity> roles = MongoModelUtils.getAllScopesOfUser(client.getAgent(), invocationContext);
+ List<RoleEntity> roles = MongoModelUtils.getAllScopesOfClient(client, invocationContext);
for (RoleEntity role : roles) {
if (getId().equals(role.getApplicationId())) {
@@ -301,4 +285,21 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo
getMongoStore().pullItemFromList(application, "redirectUris", redirectUri, invocationContext);
}
+ @Override
+ public String getSecret() {
+ return application.getSecret();
+ }
+
+ @Override
+ public void setSecret(String secret) {
+ application.setSecret(secret);
+ }
+
+
+ @Override
+ public boolean validateSecret(String secret) {
+ return secret.equals(application.getSecret());
+ }
+
+
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java
index 043249e..cbdbec6 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java
@@ -18,16 +18,10 @@ import java.util.Set;
public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientModel {
private final OAuthClientEntity delegate;
- private UserAdapter oauthAgent;
- public OAuthClientAdapter(OAuthClientEntity oauthClientEntity, UserAdapter oauthAgent, MongoStoreInvocationContext invContext) {
+ public OAuthClientAdapter(OAuthClientEntity oauthClientEntity, MongoStoreInvocationContext invContext) {
super(invContext);
this.delegate = oauthClientEntity;
- this.oauthAgent = oauthAgent;
- }
-
- public OAuthClientAdapter(OAuthClientEntity oauthClientEntity, MongoStoreInvocationContext invContext) {
- this(oauthClientEntity, null, invContext);
}
@Override
@@ -36,6 +30,11 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo
}
@Override
+ public String getClientId() {
+ return delegate.getName();
+ }
+
+ @Override
public long getAllowedClaimsMask() {
return delegate.getAllowedClaimsMask();
}
@@ -47,22 +46,12 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo
@Override
public boolean isEnabled() {
- return getAgent().isEnabled();
+ return delegate.isEnabled();
}
@Override
public void setEnabled(boolean enabled) {
- getAgent().setEnabled(enabled);
- }
-
- @Override
- public UserModel getAgent() {
- // This is not thread-safe. Assumption is that OAuthClientAdapter instance is per-client object
- if (oauthAgent == null) {
- UserEntity user = getMongoStore().loadEntity(UserEntity.class, delegate.getOauthAgentId(), invocationContext);
- oauthAgent = user!=null ? new UserAdapter(user, invocationContext) : null;
- }
- return oauthAgent;
+ delegate.setEnabled(enabled);
}
@Override
@@ -122,4 +111,21 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo
getMongoStore().pullItemFromList(delegate, "redirectUris", redirectUri, invocationContext);
}
+ @Override
+ public String getSecret() {
+ return delegate.getSecret();
+ }
+
+ @Override
+ public void setSecret(String secret) {
+ delegate.setSecret(secret);
+ }
+
+
+ @Override
+ public boolean validateSecret(String secret) {
+ return secret.equals(delegate.getSecret());
+ }
+
+
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
index 9466bb3..4655c48 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
@@ -541,16 +541,13 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
@Override
public ApplicationModel addApplication(String name) {
- UserAdapter resourceUser = addUserEntity(name);
-
ApplicationEntity appData = new ApplicationEntity();
appData.setName(name);
appData.setRealmId(getId());
appData.setEnabled(true);
- appData.setResourceUserId(resourceUser.getUser().getId());
getMongoStore().insertEntity(appData, invocationContext);
- return new ApplicationAdapter(appData, resourceUser, invocationContext);
+ return new ApplicationAdapter(appData, invocationContext);
}
@Override
@@ -618,7 +615,7 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
@Override
public Set<RoleModel> getScopeMappings(ClientModel client) {
Set<RoleModel> result = new HashSet<RoleModel>();
- List<RoleEntity> roles = MongoModelUtils.getAllScopesOfUser(client.getAgent(), invocationContext);
+ List<RoleEntity> roles = MongoModelUtils.getAllScopesOfClient(client, invocationContext);
for (RoleEntity role : roles) {
if (getId().equals(role.getRealmId())) {
@@ -661,27 +658,22 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
@Override
public void addScopeMapping(ClientModel client, RoleModel role) {
- UserEntity userEntity = ((UserAdapter)client.getAgent()).getUser();
- getMongoStore().pushItemToList(userEntity, "scopeIds", role.getId(), true, invocationContext);
+ getMongoStore().pushItemToList(((AbstractAdapter)client).getMongoEntity(), "scopeIds", role.getId(), true, invocationContext);
}
@Override
public void deleteScopeMapping(ClientModel client, RoleModel role) {
- UserEntity userEntity = ((UserAdapter)client.getAgent()).getUser();
- getMongoStore().pullItemFromList(userEntity, "scopeIds", role.getId(), invocationContext);
+ getMongoStore().pullItemFromList(((AbstractAdapter)client).getMongoEntity(), "scopeIds", role.getId(), invocationContext);
}
@Override
public OAuthClientModel addOAuthClient(String name) {
- UserAdapter oauthAgent = addUserEntity(name);
-
OAuthClientEntity oauthClient = new OAuthClientEntity();
- oauthClient.setOauthAgentId(oauthAgent.getUser().getId());
oauthClient.setRealmId(getId());
oauthClient.setName(name);
getMongoStore().insertEntity(oauthClient, invocationContext);
- return new OAuthClientAdapter(oauthClient, oauthAgent, invocationContext);
+ return new OAuthClientAdapter(oauthClient, invocationContext);
}
@Override
@@ -691,14 +683,12 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
@Override
public OAuthClientModel getOAuthClient(String name) {
- UserAdapter user = getUser(name);
- if (user == null) return null;
DBObject query = new QueryBuilder()
.and("realmId").is(getId())
- .and("oauthAgentId").is(user.getUser().getId())
+ .and("name").is(name)
.get();
OAuthClientEntity oauthClient = getMongoStore().loadSingleEntity(OAuthClientEntity.class, query, invocationContext);
- return oauthClient == null ? null : new OAuthClientAdapter(oauthClient, user, invocationContext);
+ return oauthClient == null ? null : new OAuthClientAdapter(oauthClient, invocationContext);
}
@Override
@@ -730,18 +720,6 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
addRequiredCredential(credentialModel, realm.getRequiredCredentials());
}
- @Override
- public void addRequiredResourceCredential(String type) {
- RequiredCredentialModel credentialModel = initRequiredCredentialModel(type);
- addRequiredCredential(credentialModel, realm.getRequiredApplicationCredentials());
- }
-
- @Override
- public void addRequiredOAuthClientCredential(String type) {
- RequiredCredentialModel credentialModel = initRequiredCredentialModel(type);
- addRequiredCredential(credentialModel, realm.getRequiredOAuthClientCredentials());
- }
-
protected void addRequiredCredential(RequiredCredentialModel credentialModel, List<RequiredCredentialEntity> persistentCollection) {
RequiredCredentialEntity credEntity = new RequiredCredentialEntity();
credEntity.setType(credentialModel.getType());
@@ -759,16 +737,6 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
updateRequiredCredentials(creds, realm.getRequiredCredentials());
}
- @Override
- public void updateRequiredApplicationCredentials(Set<String> creds) {
- updateRequiredCredentials(creds, realm.getRequiredApplicationCredentials());
- }
-
- @Override
- public void updateRequiredOAuthClientCredentials(Set<String> creds) {
- updateRequiredCredentials(creds, realm.getRequiredOAuthClientCredentials());
- }
-
protected void updateRequiredCredentials(Set<String> creds, List<RequiredCredentialEntity> credsEntities) {
Set<String> already = new HashSet<String>();
Set<RequiredCredentialEntity> toRemove = new HashSet<RequiredCredentialEntity>();
@@ -796,16 +764,6 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
return convertRequiredCredentialEntities(realm.getRequiredCredentials());
}
- @Override
- public List<RequiredCredentialModel> getRequiredApplicationCredentials() {
- return convertRequiredCredentialEntities(realm.getRequiredApplicationCredentials());
- }
-
- @Override
- public List<RequiredCredentialModel> getRequiredOAuthClientCredentials() {
- return convertRequiredCredentialEntities(realm.getRequiredOAuthClientCredentials());
- }
-
protected List<RequiredCredentialModel> convertRequiredCredentialEntities(Collection<RequiredCredentialEntity> credEntities) {
List<RequiredCredentialModel> result = new ArrayList<RequiredCredentialModel>();
@@ -842,28 +800,6 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
return false;
}
- @Override
- public boolean validateSecret(UserModel user, String secret) {
- for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) {
- if (cred.getType().equals(UserCredentialModel.SECRET)) {
- return secret.equals(cred.getValue());
- }
- }
- return false;
- }
-
- @Override
- public UserCredentialModel getSecret(UserModel user) {
- for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) {
- if (cred.getType().equals(UserCredentialModel.SECRET)) {
- return UserCredentialModel.secret(cred.getValue());
- }
- }
- return null;
-
- }
-
-
@Override
public void updateCredential(UserModel user, UserCredentialModel cred) {
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java
index c279934..f77b6a8 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java
@@ -15,17 +15,18 @@ import org.keycloak.models.mongo.api.context.MongoStoreInvocationContext;
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@MongoCollection(collectionName = "applications")
-public class ApplicationEntity extends AbstractMongoIdentifiableEntity implements MongoEntity {
+public class ApplicationEntity extends AbstractMongoIdentifiableEntity implements MongoEntity, ScopedEntity {
private String name;
private boolean enabled;
private boolean surrogateAuthRequired;
private String managementUrl;
private String baseUrl;
+ private String secret;
- private String resourceUserId;
private String realmId;
private long allowedClaimsMask;
+ private List<String> scopeIds;
private List<String> webOrigins;
private List<String> redirectUris;
@@ -78,13 +79,15 @@ public class ApplicationEntity extends AbstractMongoIdentifiableEntity implement
this.baseUrl = baseUrl;
}
+ @Override
@MongoField
- public String getResourceUserId() {
- return resourceUserId;
+ public List<String> getScopeIds() {
+ return scopeIds;
}
- public void setResourceUserId(String resourceUserId) {
- this.resourceUserId = resourceUserId;
+ @Override
+ public void setScopeIds(List<String> scopeIds) {
+ this.scopeIds = scopeIds;
}
@MongoField
@@ -126,6 +129,15 @@ public class ApplicationEntity extends AbstractMongoIdentifiableEntity implement
}
@MongoField
+ public String getSecret() {
+ return secret;
+ }
+
+ public void setSecret(String secret) {
+ this.secret = secret;
+ }
+
+ @MongoField
public List<String> getDefaultRoles() {
return defaultRoles;
}
@@ -136,9 +148,6 @@ public class ApplicationEntity extends AbstractMongoIdentifiableEntity implement
@Override
public void afterRemove(MongoStoreInvocationContext context) {
- // Remove resourceUser of this application
- context.getMongoStore().removeEntity(UserEntity.class, resourceUserId, context);
-
// Remove all roles, which belongs to this application
DBObject query = new QueryBuilder()
.and("applicationId").is(getId())
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java
index 11583e1..c59443f 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java
@@ -12,13 +12,14 @@ import java.util.List;
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@MongoCollection(collectionName = "oauthClients")
-public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implements MongoEntity {
+public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implements MongoEntity, ScopedEntity {
private String name;
-
- private String oauthAgentId;
+ private boolean enabled;
private String realmId;
+ private String secret;
private long allowedClaimsMask;
+ private List<String> scopeIds;
private List<String> webOrigins;
private List<String> redirectUris;
@@ -32,12 +33,12 @@ public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implement
}
@MongoField
- public String getOauthAgentId() {
- return oauthAgentId;
+ public boolean isEnabled() {
+ return enabled;
}
- public void setOauthAgentId(String oauthUserId) {
- this.oauthAgentId = oauthUserId;
+ public void setEnabled(boolean enabled) {
+ this.enabled = enabled;
}
@MongoField
@@ -50,6 +51,16 @@ public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implement
}
@MongoField
+ public String getSecret() {
+ return secret;
+ }
+
+ public void setSecret(String secret) {
+ this.secret = secret;
+ }
+
+
+ @MongoField
public long getAllowedClaimsMask() {
return allowedClaimsMask;
}
@@ -76,11 +87,19 @@ public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implement
this.redirectUris = redirectUris;
}
+ @MongoField
+ public List<String> getScopeIds() {
+ return scopeIds;
+ }
+
+ public void setScopeIds(List<String> scopeIds) {
+ this.scopeIds = scopeIds;
+ }
+
+
@Override
public void afterRemove(MongoStoreInvocationContext context) {
- // Remove user of this oauthClient
- context.getMongoStore().removeEntity(UserEntity.class, oauthAgentId, context);
}
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/RealmEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/RealmEntity.java
index 9147249..893cc4b 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/RealmEntity.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/RealmEntity.java
@@ -46,8 +46,6 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
private List<String> defaultRoles = new ArrayList<String>();
private List<RequiredCredentialEntity> requiredCredentials = new ArrayList<RequiredCredentialEntity>();
- private List<RequiredCredentialEntity> requiredApplicationCredentials = new ArrayList<RequiredCredentialEntity>();
- private List<RequiredCredentialEntity> requiredOAuthClientCredentials = new ArrayList<RequiredCredentialEntity>();
private Map<String, String> smtpConfig = new HashMap<String, String>();
private Map<String, String> socialConfig = new HashMap<String, String>();
@@ -242,24 +240,6 @@ public class RealmEntity extends AbstractMongoIdentifiableEntity implements Mong
}
@MongoField
- public List<RequiredCredentialEntity> getRequiredApplicationCredentials() {
- return requiredApplicationCredentials;
- }
-
- public void setRequiredApplicationCredentials(List<RequiredCredentialEntity> requiredApplicationCredentials) {
- this.requiredApplicationCredentials = requiredApplicationCredentials;
- }
-
- @MongoField
- public List<RequiredCredentialEntity> getRequiredOAuthClientCredentials() {
- return requiredOAuthClientCredentials;
- }
-
- public void setRequiredOAuthClientCredentials(List<RequiredCredentialEntity> requiredOAuthClientCredentials) {
- this.requiredOAuthClientCredentials = requiredOAuthClientCredentials;
- }
-
- @MongoField
public Map<String, String> getSmtpConfig() {
return smtpConfig;
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ScopedEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ScopedEntity.java
new file mode 100755
index 0000000..c1e85f5
--- /dev/null
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ScopedEntity.java
@@ -0,0 +1,16 @@
+package org.keycloak.models.mongo.keycloak.entities;
+
+import org.keycloak.models.mongo.api.MongoField;
+
+import java.util.List;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public interface ScopedEntity {
+ @MongoField
+ List<String> getScopeIds();
+
+ void setScopeIds(List<String> scopeIds);
+}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java
index 7cfa2f7..c21a726 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java
@@ -27,7 +27,6 @@ public class UserEntity extends AbstractMongoIdentifiableEntity implements Mongo
private String realmId;
private List<String> roleIds;
- private List<String> scopeIds;
private Map<String, String> attributes;
private List<UserModel.RequiredAction> requiredActions;
@@ -115,14 +114,6 @@ public class UserEntity extends AbstractMongoIdentifiableEntity implements Mongo
this.roleIds = roleIds;
}
- @MongoField
- public List<String> getScopeIds() {
- return scopeIds;
- }
-
- public void setScopeIds(List<String> scopeIds) {
- this.scopeIds = scopeIds;
- }
@MongoField
public Map<String, String> getAttributes() {
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/utils/MongoModelUtils.java b/model/mongo/src/main/java/org/keycloak/models/mongo/utils/MongoModelUtils.java
old mode 100644
new mode 100755
index b7a9a21..050e936
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/utils/MongoModelUtils.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/utils/MongoModelUtils.java
@@ -8,10 +8,13 @@ import java.util.List;
import com.mongodb.DBObject;
import com.mongodb.QueryBuilder;
import org.bson.types.ObjectId;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.mongo.api.context.MongoStoreInvocationContext;
+import org.keycloak.models.mongo.keycloak.adapters.AbstractAdapter;
import org.keycloak.models.mongo.keycloak.adapters.UserAdapter;
import org.keycloak.models.mongo.keycloak.entities.RoleEntity;
+import org.keycloak.models.mongo.keycloak.entities.ScopedEntity;
import org.keycloak.models.mongo.keycloak.entities.UserEntity;
/**
@@ -35,9 +38,9 @@ public class MongoModelUtils {
}
// Get everything including both application and realm scopes
- public static List<RoleEntity> getAllScopesOfUser(UserModel user, MongoStoreInvocationContext invContext) {
- UserEntity userEntity = ((UserAdapter)user).getUser();
- List<String> scopeIds = userEntity.getScopeIds();
+ public static List<RoleEntity> getAllScopesOfClient(ClientModel client, MongoStoreInvocationContext invContext) {
+ ScopedEntity scopedEntity = (ScopedEntity)((AbstractAdapter)client).getMongoEntity();
+ List<String> scopeIds = scopedEntity.getScopeIds();
if (scopeIds == null || scopeIds.isEmpty()) {
return Collections.EMPTY_LIST;
diff --git a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
index e1d860d..c73f3b0 100755
--- a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
@@ -139,9 +139,6 @@ public class AdapterTest extends AbstractModelTest {
OAuthClientModel oauth = new OAuthClientManager(realmModel).create("oauth-client");
oauth = realmModel.getOAuthClient("oauth-client");
- Assert.assertTrue(realmModel.hasRole(oauth.getAgent(), realmModel.getRole(Constants.IDENTITY_REQUESTER_ROLE)));
-
-
}
@Test
@@ -407,7 +404,7 @@ public class AdapterTest extends AbstractModelTest {
RealmModel otherRealm = adapter.createRealm("other");
otherRealm.addUser("bburke");
- Assert.assertEquals(2, otherRealm.getUsers().size());
+ Assert.assertEquals(1, otherRealm.getUsers().size());
Assert.assertEquals(1, otherRealm.searchForUser("bu").size());
}
@@ -418,7 +415,7 @@ public class AdapterTest extends AbstractModelTest {
realmModel.addRole("admin");
realmModel.addRole("user");
Set<RoleModel> roles = realmModel.getRoles();
- Assert.assertEquals(5, roles.size());
+ Assert.assertEquals(3, roles.size());
UserModel user = realmModel.addUser("bburke");
RoleModel realmUserRole = realmModel.getRole("user");
realmModel.grantRole(user, realmUserRole);
diff --git a/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java b/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java
index 728eaef..d978bdd 100755
--- a/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java
@@ -151,8 +151,6 @@ public class ImportTest extends AbstractModelTest {
Assert.assertFalse(realm.isUpdateProfileOnInitialSocialLogin());
Assert.assertEquals(600, realm.getAccessCodeLifespanUserAction());
verifyRequiredCredentials(realm.getRequiredCredentials(), "password");
- verifyRequiredCredentials(realm.getRequiredApplicationCredentials(), "secret");
- verifyRequiredCredentials(realm.getRequiredOAuthClientCredentials(), "secret");
}
private void verifyRequiredCredentials(List<RequiredCredentialModel> requiredCreds, String expectedType) {
diff --git a/model/tests/src/test/resources/testcomposites.json b/model/tests/src/test/resources/testcomposites.json
index c884a0f..d035fd5 100755
--- a/model/tests/src/test/resources/testcomposites.json
+++ b/model/tests/src/test/resources/testcomposites.json
@@ -65,10 +65,7 @@
{
"name" : "third-party",
"enabled": true,
- "credentials" : [
- { "type" : "secret",
- "value" : "password" }
- ]
+ "secret": "password"
}
],
"roleMappings": [
@@ -105,48 +102,28 @@
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "REALM_ROLE_1_APPLICATION",
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "APP_ROLE_APPLICATION",
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "APP_COMPOSITE_APPLICATION",
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
}
],
"roles" : {
diff --git a/model/tests/src/test/resources/testrealm.json b/model/tests/src/test/resources/testrealm.json
index caeea6c..44709b4 100755
--- a/model/tests/src/test/resources/testrealm.json
+++ b/model/tests/src/test/resources/testrealm.json
@@ -80,10 +80,7 @@
{
"name" : "oauthclient",
"enabled": true,
- "credentials" : [
- { "type" : "secret",
- "value" : "clientpassword" }
- ]
+ "secret": "clientpassword"
}
],
"roles" : {
diff --git a/model/tests/src/test/resources/testrealm-demo.json b/model/tests/src/test/resources/testrealm-demo.json
index b565740..90d348c 100755
--- a/model/tests/src/test/resources/testrealm-demo.json
+++ b/model/tests/src/test/resources/testrealm-demo.json
@@ -26,10 +26,7 @@
{
"name" : "third-party",
"enabled": true,
- "credentials" : [
- { "type" : "secret",
- "value" : "password" }
- ]
+ "secret": "password"
}
],
"roles" : {
@@ -62,23 +59,13 @@
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
- "credentials": [
- {
- "type": "secret",
- "value": "12345"
- }
- ]
+ "secret": "password"
},
{
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
- "credentials": [
- {
- "type": "secret",
- "value": "12345"
- }
- ]
+ "secret": "password"
}
]
}
diff --git a/server/src/main/resources/META-INF/persistence.xml b/server/src/main/resources/META-INF/persistence.xml
index 8055b83..b193044 100755
--- a/server/src/main/resources/META-INF/persistence.xml
+++ b/server/src/main/resources/META-INF/persistence.xml
@@ -14,7 +14,7 @@
<class>org.keycloak.models.jpa.entities.SocialLinkEntity</class>
<class>org.keycloak.models.jpa.entities.UserEntity</class>
<class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class>
- <class>org.keycloak.models.jpa.entities.UserScopeMappingEntity</class>
+ <class>org.keycloak.models.jpa.entities.ScopeMappingEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes>
diff --git a/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java b/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java
index 2011541..e9e3a1d 100755
--- a/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java
@@ -36,7 +36,7 @@ public class AppAuthManager extends AuthenticationManager {
this.tokenManager = tokenManager;
}
- public NewCookie createCookie(RealmModel realm, UserModel client, String code, URI uri) {
+ public NewCookie createCookie(RealmModel realm, ClientModel client, String code, URI uri) {
JWSInput input = new JWSInput(code);
boolean verifiedCode = false;
try {
@@ -67,7 +67,7 @@ public class AppAuthManager extends AuthenticationManager {
throw new BadRequestException();
}
- if (!client.getLoginName().equals(accessCode.getClient().getAgent().getLoginName())) {
+ if (!client.getClientId().equals(accessCode.getClient().getClientId())) {
logger.debug("bad client");
throw new BadRequestException();
}
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
index 337dcf0..9aca67a 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
@@ -45,8 +45,6 @@ public class ApplianceBootstrap {
realm.setName(Constants.ADMIN_REALM);
realm.setEnabled(true);
realm.addRequiredCredential(CredentialRepresentation.PASSWORD);
- realm.addRequiredOAuthClientCredential(CredentialRepresentation.PASSWORD);
- realm.addRequiredResourceCredential(CredentialRepresentation.PASSWORD);
realm.setCentralLoginLifespan(3000);
realm.setAccessTokenLifespan(60);
realm.setRefreshTokenLifespan(3600);
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
index db10338..c4a7f4f 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
@@ -46,11 +46,10 @@ public class ApplicationManager {
* Does not create scope or role mappings!
*
* @param realm
- * @param loginRole
* @param resourceRep
* @return
*/
- public ApplicationModel createApplication(RealmModel realm, RoleModel loginRole, ApplicationRepresentation resourceRep) {
+ public ApplicationModel createApplication(RealmModel realm, ApplicationRepresentation resourceRep) {
logger.debug("************ CREATE APPLICATION: {0}" + resourceRep.getName());
ApplicationModel applicationModel = realm.addApplication(resourceRep.getName());
applicationModel.setEnabled(resourceRep.isEnabled());
@@ -59,16 +58,9 @@ public class ApplicationManager {
applicationModel.setBaseUrl(resourceRep.getBaseUrl());
applicationModel.updateApplication();
- UserModel resourceUser = applicationModel.getAgent();
- if (resourceRep.getCredentials() != null && resourceRep.getCredentials().size() > 0) {
- for (CredentialRepresentation cred : resourceRep.getCredentials()) {
- UserCredentialModel credential = new UserCredentialModel();
- credential.setType(cred.getType());
- credential.setValue(cred.getValue());
- realm.updateCredential(resourceUser, credential);
- }
- } else {
- generateSecret(realm, applicationModel);
+ applicationModel.setSecret(resourceRep.getSecret());
+ if (applicationModel.getSecret() == null) {
+ generateSecret(applicationModel);
}
@@ -79,14 +71,11 @@ public class ApplicationManager {
}
if (resourceRep.getWebOrigins() != null) {
for (String webOrigin : resourceRep.getWebOrigins()) {
- logger.debug("Application: {0} webOrigin: {1}", resourceUser.getLoginName(), webOrigin);
+ logger.debug("Application: {0} webOrigin: {1}", resourceRep.getName(), webOrigin);
applicationModel.addWebOrigin(webOrigin);
}
}
- realm.grantRole(resourceUser, loginRole);
-
-
if (resourceRep.getDefaultRoles() != null) {
applicationModel.updateDefaultRoles(resourceRep.getDefaultRoles());
}
@@ -129,23 +118,16 @@ public class ApplicationManager {
}
}
- public ApplicationModel createApplication(RealmModel realm, ApplicationRepresentation resourceRep) {
- RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
- return createApplication(realm, loginRole, resourceRep);
- }
-
public ApplicationModel createApplication(RealmModel realm, String name) {
- RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
ApplicationModel app = realm.addApplication(name);
- realm.grantRole(app.getAgent(), loginRole);
- generateSecret(realm, app);
+ generateSecret(app);
return app;
}
- public UserCredentialModel generateSecret(RealmModel realm, ApplicationModel app) {
+ public UserCredentialModel generateSecret(ApplicationModel app) {
UserCredentialModel secret = UserCredentialModel.generateSecret();
- realm.updateCredential(app.getAgent(), secret);
+ app.setSecret(secret.getValue());
return secret;
}
@@ -252,7 +234,7 @@ public class ApplicationManager {
rep.setResource(applicationModel.getName());
Map<String, String> creds = new HashMap<String, String>();
- String cred = realmModel.getSecret(applicationModel.getAgent()).getValue();
+ String cred = applicationModel.getSecret();
creds.put(CredentialRepresentation.SECRET, cred);
rep.setCredentials(creds);
@@ -267,7 +249,7 @@ public class ApplicationManager {
buffer.append(" <auth-server-url>").append(baseUri.toString()).append("</auth-server-url>\n");
buffer.append(" <ssl-not-required>").append(realmModel.isSslNotRequired()).append("</ssl-not-required>\n");
buffer.append(" <resource>").append(applicationModel.getName()).append("</resource>\n");
- String cred = realmModel.getSecret(applicationModel.getAgent()).getValue();
+ String cred = applicationModel.getSecret();
buffer.append(" <credential name=\"secret\">").append(cred).append("</credential>\n");
buffer.append("</secure-deployment>\n");
return buffer.toString();
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index 94bf390..08c556c 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -60,7 +60,7 @@ public class AuthenticationManager {
protected NewCookie createLoginCookie(RealmModel realm, UserModel user, ClientModel client, String cookieName, String cookiePath, boolean rememberMe) {
AccessToken identityToken = createIdentityToken(realm, user);
if (client != null) {
- identityToken.issuedFor(client.getAgent().getLoginName());
+ identityToken.issuedFor(client.getClientId());
}
String encoded = encodeToken(realm, identityToken);
boolean secureOnly = !realm.isSslNotRequired();
@@ -174,18 +174,7 @@ public class AuthenticationManager {
Set<String> types = new HashSet<String>();
- List<RequiredCredentialModel> requiredCredentials = null;
- RoleModel applicationRole = realm.getRole(Constants.APPLICATION_ROLE);
- RoleModel identityRequesterRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
- if (realm.hasRole(user, applicationRole)) {
- requiredCredentials = realm.getRequiredApplicationCredentials();
- } else if (realm.hasRole(user, identityRequesterRole)) {
- requiredCredentials = realm.getRequiredOAuthClientCredentials();
- } else {
- requiredCredentials = realm.getRequiredCredentials();
- }
-
- for (RequiredCredentialModel credential : requiredCredentials) {
+ for (RequiredCredentialModel credential : realm.getRequiredCredentials()) {
types.add(credential.getType());
}
@@ -225,10 +214,6 @@ public class AuthenticationManager {
logger.warn("Secret not provided");
return AuthenticationStatus.MISSING_PASSWORD;
}
- if (!realm.validateSecret(user, secret)) {
- logger.debug("invalid secret for user: " + user.getLoginName());
- return AuthenticationStatus.INVALID_CREDENTIALS;
- }
if (!user.getRequiredActions().isEmpty()) {
return AuthenticationStatus.ACTIONS_REQUIRED;
} else {
diff --git a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
index cbdbf81..c8e7a84 100755
--- a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
@@ -32,33 +32,23 @@ public class OAuthClientManager {
this.realm = realm;
}
- public UserCredentialModel generateSecret(RealmModel realm, OAuthClientModel app) {
+ public UserCredentialModel generateSecret(OAuthClientModel app) {
UserCredentialModel secret = UserCredentialModel.generateSecret();
- realm.updateCredential(app.getAgent(), secret);
+ app.setSecret(secret.getValue());
return secret;
}
public OAuthClientModel create(String name) {
OAuthClientModel model = realm.addOAuthClient(name);
- RoleModel role = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
- realm.grantRole(model.getAgent(), role);
- generateSecret(realm, model);
+ generateSecret(model);
return model;
}
public OAuthClientModel create(OAuthClientRepresentation rep) {
OAuthClientModel model = create(rep.getName());
update(rep, model);
- UserModel resourceUser = model.getAgent();
- if (rep.getCredentials() != null) {
- for (CredentialRepresentation cred : rep.getCredentials()) {
- UserCredentialModel credential = new UserCredentialModel();
- credential.setType(cred.getType());
- credential.setValue(cred.getValue());
- realm.updateCredential(resourceUser, credential);
- }
- }
+ model.setSecret(rep.getSecret());
if (rep.getClaims() != null) {
ClaimManager.setClaims(model, rep.getClaims());
} else {
@@ -69,7 +59,7 @@ public class OAuthClientManager {
}
public void update(OAuthClientRepresentation rep, OAuthClientModel model) {
- model.getAgent().setEnabled(rep.isEnabled());
+ model.setEnabled(rep.isEnabled());
List<String> redirectUris = rep.getRedirectUris();
if (redirectUris != null) {
model.setRedirectUris(new HashSet<String>(redirectUris));
@@ -88,8 +78,8 @@ public class OAuthClientManager {
public static OAuthClientRepresentation toRepresentation(OAuthClientModel model) {
OAuthClientRepresentation rep = new OAuthClientRepresentation();
rep.setId(model.getId());
- rep.setName(model.getAgent().getLoginName());
- rep.setEnabled(model.getAgent().isEnabled());
+ rep.setName(model.getClientId());
+ rep.setEnabled(model.isEnabled());
Set<String> redirectUris = model.getRedirectUris();
if (redirectUris != null) {
rep.setRedirectUris(new LinkedList<String>(redirectUris));
@@ -135,10 +125,10 @@ public class OAuthClientManager {
rep.setSslNotRequired(realmModel.isSslNotRequired());
rep.setAuthServerUrl(baseUri.toString());
- rep.setResource(model.getAgent().getLoginName());
+ rep.setResource(model.getClientId());
Map<String, String> creds = new HashMap<String, String>();
- creds.put(CredentialRepresentation.SECRET, realmModel.getSecret(model.getAgent()).getValue());
+ creds.put(CredentialRepresentation.SECRET, model.getSecret());
rep.setCredentials(creds);
return rep;
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index 18f2901..7d62c8d 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -70,15 +70,10 @@ public class RealmManager {
if (id == null) id = KeycloakModelUtils.generateId();
RealmModel realm = identitySession.createRealm(id, name);
realm.setName(name);
- realm.addRole(Constants.APPLICATION_ROLE);
- realm.addRole(Constants.IDENTITY_REQUESTER_ROLE);
setupAdminManagement(realm);
setupAccountManagement(realm);
- realm.addRequiredOAuthClientCredential(UserCredentialModel.SECRET);
- realm.addRequiredResourceCredential(UserCredentialModel.SECRET);
-
return realm;
}
@@ -258,9 +253,6 @@ public class RealmManager {
if (rep.getApplications() != null) {
Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
- for (ApplicationModel app : appMap.values()) {
- userMap.put(app.getAgent().getLoginName(), app.getAgent());
- }
}
if (rep.getRoles() != null) {
@@ -310,11 +302,7 @@ public class RealmManager {
}
if (rep.getOauthClients() != null) {
- Map<String, OAuthClientModel> oauthMap = createOAuthClients(rep, newRealm);
- for (OAuthClientModel app : oauthMap.values()) {
- userMap.put(app.getAgent().getLoginName(), app.getAgent());
- }
-
+ createOAuthClients(rep, newRealm);
}
// Now that all possible users and applications are created (users, apps, and oauth clients), do role mappings and scope mappings
@@ -364,8 +352,7 @@ public class RealmManager {
if (role == null) {
role = newRealm.addRole(roleString.trim());
}
- UserModel user = userMap.get(scope.getClient());
- ClientModel client = newRealm.findClient(user.getLoginName());
+ ClientModel client = newRealm.findClient(scope.getClient());
newRealm.addScopeMapping(client, role);
}
@@ -481,34 +468,21 @@ public class RealmManager {
newRealm.addRequiredCredential(requiredCred);
}
- public void addResourceRequiredCredential(RealmModel newRealm, String requiredCred) {
- newRealm.addRequiredResourceCredential(requiredCred);
- }
-
- public void addOAuthClientRequiredCredential(RealmModel newRealm, String requiredCred) {
- newRealm.addRequiredOAuthClientCredential(requiredCred);
- }
-
-
protected Map<String, ApplicationModel> createApplications(RealmRepresentation rep, RealmModel realm) {
Map<String, ApplicationModel> appMap = new HashMap<String, ApplicationModel>();
- RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
ApplicationManager manager = new ApplicationManager(this);
for (ApplicationRepresentation resourceRep : rep.getApplications()) {
- ApplicationModel app = manager.createApplication(realm, loginRole, resourceRep);
+ ApplicationModel app = manager.createApplication(realm, resourceRep);
appMap.put(app.getName(), app);
}
return appMap;
}
- protected Map<String, OAuthClientModel> createOAuthClients(RealmRepresentation realmRep, RealmModel realm) {
- Map<String, OAuthClientModel> appMap = new HashMap<String, OAuthClientModel>();
+ protected void createOAuthClients(RealmRepresentation realmRep, RealmModel realm) {
OAuthClientManager manager = new OAuthClientManager(realm);
for (OAuthClientRepresentation rep : realmRep.getOauthClients()) {
OAuthClientModel app = manager.create(rep);
- appMap.put(app.getAgent().getLoginName(), app);
}
- return appMap;
}
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index 9aae471..e83d13d 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -290,7 +290,7 @@ public class TokenManager {
token.subject(user.getId());
token.audience(realm.getName());
token.issuedNow();
- token.issuedFor(client.getAgent().getLoginName());
+ token.issuedFor(client.getClientId());
token.issuer(realm.getName());
if (realm.getAccessTokenLifespan() > 0) {
token.expiration((System.currentTimeMillis() / 1000) + realm.getAccessTokenLifespan());
diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index dd94e6f..19f0071 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -254,8 +254,7 @@ public class AccountService {
logger.debug("realm not enabled");
throw new ForbiddenException();
}
- UserModel client = application.getAgent();
- if (!client.isEnabled() || !application.isEnabled()) {
+ if (!application.isEnabled()) {
logger.debug("account management app not enabled");
throw new ForbiddenException();
}
@@ -274,7 +273,7 @@ public class AccountService {
redirectUri = redirectUri.resolve("?referrer=" + referrer);
}
- NewCookie cookie = authManager.createCookie(realm, client, code, Urls.accountBase(uriInfo.getBaseUri()).build(realm.getName()));
+ NewCookie cookie = authManager.createCookie(realm, application, code, Urls.accountBase(uriInfo.getBaseUri()).build(realm.getName()));
return Response.status(302).cookie(cookie).location(redirectUri).build();
} finally {
authManager.expireCookie(Urls.accountBase(uriInfo.getBaseUri()).build(realm.getName()));
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
index 233c5ab..534f5d9 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
@@ -325,8 +325,7 @@ public class AdminService {
return redirectOnLoginError("realm not enabled");
}
ApplicationModel adminConsole = adminRealm.getApplicationNameMap().get(Constants.ADMIN_CONSOLE_APPLICATION);
- UserModel adminConsoleUser = adminConsole.getAgent();
- if (!adminConsole.isEnabled() || !adminConsoleUser.isEnabled()) {
+ if (!adminConsole.isEnabled()) {
logger.debug("admin app not enabled");
return redirectOnLoginError("admin app not enabled");
}
@@ -342,7 +341,7 @@ public class AdminService {
new JaxrsOAuthClient().checkStateCookie(uriInfo, headers);
logger.debug("loginRedirect SUCCESS");
- NewCookie cookie = authManager.createCookie(adminRealm, adminConsoleUser, code, AdminService.saasCookiePath(uriInfo).build());
+ NewCookie cookie = authManager.createCookie(adminRealm, adminConsole, code, AdminService.saasCookiePath(uriInfo).build());
URI redirectUri = contextRoot(uriInfo).path(adminPath).build();
if (path != null) {
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
index 0e28083..2477c40 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
@@ -125,7 +125,7 @@ public class ApplicationResource {
auth.requireManage();
logger.debug("regenerateSecret");
- UserCredentialModel cred = new ApplicationManager().generateSecret(realm, application);
+ UserCredentialModel cred = new ApplicationManager().generateSecret(application);
CredentialRepresentation rep = ModelToRepresentation.toRepresentation(cred);
return rep;
}
@@ -137,7 +137,7 @@ public class ApplicationResource {
auth.requireView();
logger.debug("getClientSecret");
- UserCredentialModel model = realm.getSecret(application.getAgent());
+ UserCredentialModel model = UserCredentialModel.secret(application.getSecret());
if (model == null) throw new NotFoundException("Application does not have a secret");
return ModelToRepresentation.toRepresentation(model);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java
index 5053860..752e997 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java
@@ -112,7 +112,7 @@ public class OAuthClientResource {
logger.debug("regenerateSecret");
UserCredentialModel cred = UserCredentialModel.generateSecret();
- realm.updateCredential(oauthClient.getAgent(), cred);
+ oauthClient.setSecret(cred.getValue());
CredentialRepresentation rep = ModelToRepresentation.toRepresentation(cred);
return rep;
}
@@ -124,7 +124,7 @@ public class OAuthClientResource {
auth.requireView();
logger.debug("getClientSecret");
- UserCredentialModel model = realm.getSecret(oauthClient.getAgent());
+ UserCredentialModel model = UserCredentialModel.secret(oauthClient.getSecret());
if (model == null) throw new NotFoundException("Application does not have a secret");
return ModelToRepresentation.toRepresentation(model);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java
index 0c0deb9..75e7d64 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java
@@ -58,7 +58,7 @@ public class OAuthClientsResource {
rep.add(OAuthClientManager.toRepresentation(oauth));
} else {
OAuthClientRepresentation client = new OAuthClientRepresentation();
- client.setName(oauth.getAgent().getLoginName());
+ client.setName(oauth.getClientId());
rep.add(client);
}
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index dba0217..6b07988 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -199,7 +199,7 @@ public class UsersResource {
}
private boolean isUser(UserModel user) {
- return !realm.hasRole(user, realm.getRole(Constants.IDENTITY_REQUESTER_ROLE)) && !realm.hasRole(user, realm.getRole(Constants.APPLICATION_ROLE));
+ return true;
}
@Path("{username}/role-mappings")
diff --git a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
index 2b741ab..38d00e2 100755
--- a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
@@ -23,6 +23,7 @@ package org.keycloak.services.resources.flows;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.OAuthClientModel;
@@ -107,12 +108,7 @@ public class OAuthFlows {
isTotpConfigurationRequired(user);
isEmailVerificationRequired(user);
- RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
- RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
- boolean isResource = realm.hasRole(client.getAgent(), resourceRole);
- if (!isResource && !realm.hasRole(client.getAgent(), identityRequestRole)) {
- return forwardToSecurityFailure("Login requester not allowed to request login.");
- }
+ boolean isResource = client instanceof ApplicationModel;
AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user);
log.debug("processAccessCode: isResource: {0}", isResource);
log.debug("processAccessCode: go to oauth page?: {0}",
@@ -129,7 +125,6 @@ public class OAuthFlows {
if (!isResource
&& (accessCode.getRealmRolesRequested().size() > 0 || accessCode.getResourceRolesRequested().size() > 0)) {
- OAuthClientModel oauthClient = realm.getOAuthClient(client.getAgent().getLoginName());
accessCode.setExpiration(System.currentTimeMillis() / 1000 + realm.getAccessCodeLifespanUserAction());
return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode.getId(), accessCode.getCode()).
setAccessRequest(accessCode.getRealmRolesRequested(), accessCode.getResourceRolesRequested()).
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index 082c015..16db7d0 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -8,6 +8,7 @@ import org.keycloak.OAuthErrorException;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
+import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
@@ -404,7 +405,7 @@ public class TokenService {
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
- if (!client.getAgent().getLoginName().equals(accessCode.getClient().getAgent().getLoginName())) {
+ if (!client.getClientId().equals(accessCode.getClient().getClientId())) {
Map<String, String> res = new HashMap<String, String>();
res.put("error", "invalid_grant");
res.put("error_description", "Auth error");
@@ -447,7 +448,7 @@ public class TokenService {
throw new BadRequestException("Client is not enabled", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
- if (!realm.validateSecret(client.getAgent(), clientSecret)) {
+ if (!client.validateSecret(clientSecret)) {
Map<String, String> error = new HashMap<String, String>();
error.put("error", "unauthorized_client");
throw new BadRequestException("Unauthorized Client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
@@ -486,14 +487,6 @@ public class TokenService {
return oauth.forwardToSecurityFailure("Invalid redirect_uri.");
}
- logger.info("Checking roles...");
- RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
- RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
- boolean isResource = realm.hasRole(client.getAgent(), resourceRole);
- if (!isResource && !realm.hasRole(client.getAgent(), identityRequestRole)) {
- logger.warn("Login requester not allowed to request login.");
- return oauth.forwardToSecurityFailure("Login requester not allowed to request login.");
- }
logger.info("Checking cookie...");
UserModel user = authManager.authenticateIdentityCookie(realm, uriInfo, headers);
if (user != null) {
diff --git a/testsuite/integration/src/main/resources/META-INF/persistence.xml b/testsuite/integration/src/main/resources/META-INF/persistence.xml
index a020d60..8fa01f2 100755
--- a/testsuite/integration/src/main/resources/META-INF/persistence.xml
+++ b/testsuite/integration/src/main/resources/META-INF/persistence.xml
@@ -15,7 +15,7 @@
<class>org.keycloak.models.jpa.entities.SocialLinkEntity</class>
<class>org.keycloak.models.jpa.entities.UserEntity</class>
<class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class>
- <class>org.keycloak.models.jpa.entities.UserScopeMappingEntity</class>
+ <class>org.keycloak.models.jpa.entities.ScopeMappingEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes>
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
index a8540ed..eebe3ee 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
@@ -86,21 +86,21 @@ public class CompositeRoleTest {
realmComposite1Application.addScope(realmComposite1);
realmComposite1Application.setBaseUrl("http://localhost:8081/app");
realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout");
- realm.updateCredential(realmComposite1Application.getAgent(), UserCredentialModel.secret("password"));
+ realmComposite1Application.setSecret("password");
final ApplicationModel realmRole1Application = new ApplicationManager(manager).createApplication(realm, "REALM_ROLE_1_APPLICATION");
realmRole1Application.setEnabled(true);
realmRole1Application.addScope(realmRole1);
realmRole1Application.setBaseUrl("http://localhost:8081/app");
realmRole1Application.setManagementUrl("http://localhost:8081/app/logout");
- realm.updateCredential(realmRole1Application.getAgent(), UserCredentialModel.secret("password"));
+ realmRole1Application.setSecret("password");
final ApplicationModel appRoleApplication = new ApplicationManager(manager).createApplication(realm, "APP_ROLE_APPLICATION");
appRoleApplication.setEnabled(true);
appRoleApplication.setBaseUrl("http://localhost:8081/app");
appRoleApplication.setManagementUrl("http://localhost:8081/app/logout");
- realm.updateCredential(appRoleApplication.getAgent(), UserCredentialModel.secret("password"));
+ appRoleApplication.setSecret("password");
final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1");
final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2");
@@ -121,7 +121,7 @@ public class CompositeRoleTest {
appCompositeApplication.setEnabled(true);
appCompositeApplication.setBaseUrl("http://localhost:8081/app");
appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout");
- realm.updateCredential(appCompositeApplication.getAgent(), UserCredentialModel.secret("password"));
+ appCompositeApplication.setSecret("password");
final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE");
appCompositeApplication.addScope(appRole2);
appCompositeRole.addCompositeRole(realmRole1);
diff --git a/testsuite/integration/src/test/resources/testcomposite.json b/testsuite/integration/src/test/resources/testcomposite.json
index e6753fb..61038ea 100755
--- a/testsuite/integration/src/test/resources/testcomposite.json
+++ b/testsuite/integration/src/test/resources/testcomposite.json
@@ -65,10 +65,7 @@
{
"name" : "third-party",
"enabled": true,
- "credentials" : [
- { "type" : "secret",
- "value" : "password" }
- ]
+ "secret": "password"
}
],
"roleMappings": [
@@ -105,48 +102,28 @@
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "REALM_ROLE_1_APPLICATION",
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "APP_ROLE_APPLICATION",
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "APP_COMPOSITE_APPLICATION",
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
}
],
"roles" : {
diff --git a/testsuite/integration/src/test/resources/testrealm.json b/testsuite/integration/src/test/resources/testrealm.json
index 59eefc8..ed504aa 100755
--- a/testsuite/integration/src/test/resources/testrealm.json
+++ b/testsuite/integration/src/test/resources/testrealm.json
@@ -32,10 +32,7 @@
{
"name" : "third-party",
"enabled": true,
- "credentials" : [
- { "type" : "secret",
- "value" : "password" }
- ]
+ "secret": "password"
}
],
"roleMappings": [
@@ -60,12 +57,7 @@
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
}
],
"roles" : {
diff --git a/testsuite/performance/src/test/java/org/keycloak/testsuite/performance/CreateRealmsWorker.java b/testsuite/performance/src/test/java/org/keycloak/testsuite/performance/CreateRealmsWorker.java
index c839337..a51c06b 100755
--- a/testsuite/performance/src/test/java/org/keycloak/testsuite/performance/CreateRealmsWorker.java
+++ b/testsuite/performance/src/test/java/org/keycloak/testsuite/performance/CreateRealmsWorker.java
@@ -78,14 +78,8 @@ public class CreateRealmsWorker implements Worker {
// Add required credentials
if (createRequiredCredentials) {
realmManager.addRequiredCredential(realm, CredentialRepresentation.PASSWORD);
- realmManager.addResourceRequiredCredential(realm, CredentialRepresentation.PASSWORD);
- realmManager.addOAuthClientRequiredCredential(realm, CredentialRepresentation.PASSWORD);
realmManager.addRequiredCredential(realm, CredentialRepresentation.TOTP);
- realmManager.addResourceRequiredCredential(realm, CredentialRepresentation.TOTP);
- realmManager.addOAuthClientRequiredCredential(realm, CredentialRepresentation.TOTP);
realmManager.addRequiredCredential(realm, CredentialRepresentation.CLIENT_CERT);
- realmManager.addResourceRequiredCredential(realm, CredentialRepresentation.CLIENT_CERT);
- realmManager.addOAuthClientRequiredCredential(realm, CredentialRepresentation.CLIENT_CERT);
}
log.info("Finished creation of realm " + realmName);