keycloak-aplcache
Changes
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java 5(+3 -2)
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java 7(+4 -3)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java 58(+56 -2)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java 68(+68 -0)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java 23(+23 -0)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java 24(+24 -0)
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java 3(+1 -2)
Details
diff --git a/forms/login-api/src/main/java/org/keycloak/login/LoginForms.java b/forms/login-api/src/main/java/org/keycloak/login/LoginForms.java
index 9f91751..e112755 100755
--- a/forms/login-api/src/main/java/org/keycloak/login/LoginForms.java
+++ b/forms/login-api/src/main/java/org/keycloak/login/LoginForms.java
@@ -1,5 +1,6 @@
package org.keycloak.login;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@@ -38,7 +39,7 @@ public interface LoginForms {
public LoginForms setUser(UserModel user);
- public LoginForms setClient(UserModel client);
+ public LoginForms setClient(ClientModel client);
public LoginForms setFormData(MultivaluedMap<String, String> formData);
diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java
index 95f005b..b139aa5 100755
--- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java
+++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java
@@ -17,6 +17,7 @@ import org.keycloak.login.freemarker.model.RegisterBean;
import org.keycloak.login.freemarker.model.SocialBean;
import org.keycloak.login.freemarker.model.TotpBean;
import org.keycloak.login.freemarker.model.UrlBean;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@@ -63,7 +64,7 @@ public class FreeMarkerLoginForms implements LoginForms {
private UserModel user;
- private UserModel client;
+ private ClientModel client;
private UriInfo uriInfo;
@@ -240,7 +241,7 @@ public class FreeMarkerLoginForms implements LoginForms {
return this;
}
- public FreeMarkerLoginForms setClient(UserModel client) {
+ public FreeMarkerLoginForms setClient(ClientModel client) {
this.client = client;
return this;
}
diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java
index d18dde5..1324bfd 100755
--- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java
+++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java
@@ -21,6 +21,7 @@
*/
package org.keycloak.login.freemarker.model;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@@ -36,11 +37,11 @@ public class OAuthGrantBean {
private List<RoleModel> realmRolesRequested;
private MultivaluedMap<String, RoleModel> resourceRolesRequested;
private String code;
- private UserModel client;
+ private ClientModel client;
private String oAuthCode;
private String action;
- public OAuthGrantBean(String code, UserModel client, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
+ public OAuthGrantBean(String code, ClientModel client, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
this.code = code;
this.client = client;
this.realmRolesRequested = realmRolesRequested;
@@ -60,7 +61,7 @@ public class OAuthGrantBean {
}
public String getClient() {
- return client.getLoginName();
+ return client.getAgent().getLoginName();
}
}
diff --git a/model/api/src/main/java/org/keycloak/models/ApplicationModel.java b/model/api/src/main/java/org/keycloak/models/ApplicationModel.java
index 6247cdc..d8688e4 100755
--- a/model/api/src/main/java/org/keycloak/models/ApplicationModel.java
+++ b/model/api/src/main/java/org/keycloak/models/ApplicationModel.java
@@ -14,10 +14,6 @@ public interface ApplicationModel extends RoleContainerModel, ClientModel {
void setName(String name);
- boolean isEnabled();
-
- void setEnabled(boolean enabled);
-
boolean isSurrogateAuthRequired();
void setSurrogateAuthRequired(boolean surrogateAuthRequired);
@@ -38,7 +34,7 @@ public interface ApplicationModel extends RoleContainerModel, ClientModel {
Set<RoleModel> getApplicationRoleMappings(UserModel user);
- Set<RoleModel> getApplicationScopeMappings(UserModel user);
+ Set<RoleModel> getApplicationScopeMappings(ClientModel client);
void addScope(RoleModel role);
diff --git a/model/api/src/main/java/org/keycloak/models/ClientModel.java b/model/api/src/main/java/org/keycloak/models/ClientModel.java
index ab38dd3..7efae1a 100755
--- a/model/api/src/main/java/org/keycloak/models/ClientModel.java
+++ b/model/api/src/main/java/org/keycloak/models/ClientModel.java
@@ -1,15 +1,38 @@
package org.keycloak.models;
+import java.util.Set;
+
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ClientModel {
+ String getId();
+
+ UserModel getAgent();
+
long getAllowedClaimsMask();
void setAllowedClaimsMask(long mask);
- UserModel getAgent();
+ Set<String> getWebOrigins();
- String getId();
+ void setWebOrigins(Set<String> webOrigins);
+
+ void addWebOrigin(String webOrigin);
+
+ void removeWebOrigin(String webOrigin);
+
+ Set<String> getRedirectUris();
+
+ void setRedirectUris(Set<String> redirectUris);
+
+ void addRedirectUri(String redirectUri);
+
+ void removeRedirectUri(String redirectUri);
+
+
+ boolean isEnabled();
+
+ void setEnabled(boolean enabled);
}
diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java
index a49e269..3f96f4f 100755
--- a/model/api/src/main/java/org/keycloak/models/RealmModel.java
+++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java
@@ -107,6 +107,8 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
void updateDefaultRoles(String[] defaultRoles);
+ ClientModel findClient(String clientId);
+
Map<String, ApplicationModel> getApplicationNameMap();
List<ApplicationModel> getApplications();
@@ -173,7 +175,7 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
Set<RoleModel> getRealmRoleMappings(UserModel user);
- Set<RoleModel> getRealmScopeMappings(UserModel user);
+ Set<RoleModel> getRealmScopeMappings(ClientModel client);
String getLoginTheme();
@@ -193,5 +195,5 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
*/
UserCredentialModel getSecret(UserModel user);
- boolean hasScope(UserModel user, RoleModel role);
+ boolean hasScope(ClientModel client, RoleModel role);
}
diff --git a/model/api/src/main/java/org/keycloak/models/ScopeMapperModel.java b/model/api/src/main/java/org/keycloak/models/ScopeMapperModel.java
index d675290..480943b 100755
--- a/model/api/src/main/java/org/keycloak/models/ScopeMapperModel.java
+++ b/model/api/src/main/java/org/keycloak/models/ScopeMapperModel.java
@@ -8,7 +8,7 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public interface ScopeMapperModel {
- Set<RoleModel> getScopeMappings(UserModel agent);
- void addScopeMapping(UserModel agent, RoleModel role);
- void deleteScopeMapping(UserModel user, RoleModel role);
+ Set<RoleModel> getScopeMappings(ClientModel client);
+ void addScopeMapping(ClientModel client, RoleModel role);
+ void deleteScopeMapping(ClientModel client, RoleModel role);
}
diff --git a/model/api/src/main/java/org/keycloak/models/UserModel.java b/model/api/src/main/java/org/keycloak/models/UserModel.java
index b86ee77..2b2a0cf 100755
--- a/model/api/src/main/java/org/keycloak/models/UserModel.java
+++ b/model/api/src/main/java/org/keycloak/models/UserModel.java
@@ -37,22 +37,6 @@ public interface UserModel {
void removeRequiredAction(RequiredAction action);
- Set<String> getWebOrigins();
-
- void setWebOrigins(Set<String> webOrigins);
-
- void addWebOrigin(String webOrigin);
-
- void removeWebOrigin(String webOrigin);
-
- Set<String> getRedirectUris();
-
- void setRedirectUris(Set<String> redirectUris);
-
- void addRedirectUri(String redirectUri);
-
- void removeRedirectUri(String redirectUri);
-
String getFirstName();
void setFirstName(String firstName);
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
index 3b43464..1b9b86e 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
@@ -1,6 +1,7 @@
package org.keycloak.models.jpa;
import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
@@ -22,13 +23,13 @@ import java.util.Set;
public class ApplicationAdapter implements ApplicationModel {
protected EntityManager em;
- protected ApplicationEntity application;
+ protected ApplicationEntity entity;
protected RealmModel realm;
- public ApplicationAdapter(RealmModel realm, EntityManager em, ApplicationEntity application) {
+ public ApplicationAdapter(RealmModel realm, EntityManager em, ApplicationEntity entity) {
this.realm = realm;
this.em = em;
- this.application = application;
+ this.entity = entity;
}
@Override
@@ -38,79 +39,79 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public UserModel getAgent() {
- return new UserAdapter(application.getApplicationUser());
+ return new UserAdapter(entity.getApplicationUser());
}
@Override
public String getId() {
- return application.getId();
+ return entity.getId();
}
@Override
public String getName() {
- return application.getName();
+ return entity.getName();
}
@Override
public void setName(String name) {
- application.setName(name);
+ entity.setName(name);
}
@Override
public boolean isEnabled() {
- return application.isEnabled();
+ return entity.isEnabled();
}
@Override
public void setEnabled(boolean enabled) {
- application.setEnabled(enabled);
+ entity.setEnabled(enabled);
}
@Override
public long getAllowedClaimsMask() {
- return application.getAllowedClaimsMask();
+ return entity.getAllowedClaimsMask();
}
@Override
public void setAllowedClaimsMask(long mask) {
- application.setAllowedClaimsMask(mask);
+ entity.setAllowedClaimsMask(mask);
}
@Override
public boolean isSurrogateAuthRequired() {
- return application.isSurrogateAuthRequired();
+ return entity.isSurrogateAuthRequired();
}
@Override
public void setSurrogateAuthRequired(boolean surrogateAuthRequired) {
- application.setSurrogateAuthRequired(surrogateAuthRequired);
+ entity.setSurrogateAuthRequired(surrogateAuthRequired);
}
@Override
public String getManagementUrl() {
- return application.getManagementUrl();
+ return entity.getManagementUrl();
}
@Override
public void setManagementUrl(String url) {
- application.setManagementUrl(url);
+ entity.setManagementUrl(url);
}
@Override
public String getBaseUrl() {
- return application.getBaseUrl();
+ return entity.getBaseUrl();
}
@Override
public void setBaseUrl(String url) {
- application.setBaseUrl(url);
+ entity.setBaseUrl(url);
}
@Override
public RoleModel getRole(String name) {
TypedQuery<ApplicationRoleEntity> query = em.createNamedQuery("getAppRoleByName", ApplicationRoleEntity.class);
query.setParameter("name", name);
- query.setParameter("application", application);
+ query.setParameter("application", entity);
List<ApplicationRoleEntity> roles = query.getResultList();
if (roles.size() == 0) return null;
return new RoleAdapter(realm, em, roles.get(0));
@@ -120,13 +121,13 @@ public class ApplicationAdapter implements ApplicationModel {
public RoleModel addRole(String name) {
RoleModel role = getRole(name);
if (role != null) return role;
- ApplicationRoleEntity entity = new ApplicationRoleEntity();
- entity.setName(name);
- entity.setApplication(application);
- em.persist(entity);
- application.getRoles().add(entity);
+ ApplicationRoleEntity roleEntity = new ApplicationRoleEntity();
+ roleEntity.setName(name);
+ roleEntity.setApplication(entity);
+ em.persist(roleEntity);
+ entity.getRoles().add(roleEntity);
em.flush();
- return new RoleAdapter(realm, em, entity);
+ return new RoleAdapter(realm, em, roleEntity);
}
@Override
@@ -138,8 +139,8 @@ public class ApplicationAdapter implements ApplicationModel {
ApplicationRoleEntity role = (ApplicationRoleEntity)roleAdapter.getRole();
- application.getRoles().remove(role);
- application.getDefaultRoles().remove(role);
+ entity.getRoles().remove(role);
+ entity.getDefaultRoles().remove(role);
em.createQuery("delete from " + UserScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
@@ -153,7 +154,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public Set<RoleModel> getRoles() {
Set<RoleModel> list = new HashSet<RoleModel>();
- Collection<ApplicationRoleEntity> roles = application.getRoles();
+ Collection<ApplicationRoleEntity> roles = entity.getRoles();
if (roles == null) return list;
for (RoleEntity entity : roles) {
list.add(new RoleAdapter(realm, em, entity));
@@ -168,7 +169,7 @@ public class ApplicationAdapter implements ApplicationModel {
// Check if it's application role and belongs to this application
if (entity == null || !(entity instanceof ApplicationRoleEntity)) return null;
ApplicationRoleEntity appRoleEntity = (ApplicationRoleEntity)entity;
- return (appRoleEntity.getApplication().equals(this.application)) ? new RoleAdapter(this.realm, em, appRoleEntity) : null;
+ return (appRoleEntity.getApplication().equals(this.entity)) ? new RoleAdapter(this.realm, em, appRoleEntity) : null;
}
@Override
@@ -191,8 +192,8 @@ public class ApplicationAdapter implements ApplicationModel {
}
@Override
- public Set<RoleModel> getApplicationScopeMappings(UserModel user) {
- Set<RoleModel> roleMappings = realm.getScopeMappings(user);
+ public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
+ Set<RoleModel> roleMappings = realm.getScopeMappings(client);
Set<RoleModel> appRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
@@ -214,7 +215,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public List<String> getDefaultRoles() {
- Collection<RoleEntity> entities = application.getDefaultRoles();
+ Collection<RoleEntity> entities = entity.getDefaultRoles();
List<String> roles = new ArrayList<String>();
if (entities == null) return roles;
for (RoleEntity entity : entities) {
@@ -229,7 +230,7 @@ public class ApplicationAdapter implements ApplicationModel {
if (role == null) {
role = addRole(name);
}
- Collection<RoleEntity> entities = application.getDefaultRoles();
+ Collection<RoleEntity> entities = entity.getDefaultRoles();
for (RoleEntity entity : entities) {
if (entity.getId().equals(role.getId())) {
return;
@@ -248,7 +249,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public void updateDefaultRoles(String[] defaultRoles) {
- Collection<RoleEntity> entities = application.getDefaultRoles();
+ Collection<RoleEntity> entities = entity.getDefaultRoles();
Set<String> already = new HashSet<String>();
List<RoleEntity> remove = new ArrayList<RoleEntity>();
for (RoleEntity rel : entities) {
@@ -272,7 +273,7 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public void addScope(RoleModel role) {
- realm.addScopeMapping(getAgent(), role);
+ realm.addScopeMapping(this, role);
}
public boolean equals(Object o) {
@@ -286,4 +287,49 @@ public class ApplicationAdapter implements ApplicationModel {
public String toString() {
return getName();
}
+
+ @Override
+ public Set<String> getWebOrigins() {
+ Set<String> result = new HashSet<String>();
+ result.addAll(entity.getWebOrigins());
+ return result;
+ }
+
+ @Override
+ public void setWebOrigins(Set<String> webOrigins) {
+ entity.setWebOrigins(webOrigins);
+ }
+
+ @Override
+ public void addWebOrigin(String webOrigin) {
+ entity.getWebOrigins().add(webOrigin);
+ }
+
+ @Override
+ public void removeWebOrigin(String webOrigin) {
+ entity.getWebOrigins().remove(webOrigin);
+ }
+
+ @Override
+ public Set<String> getRedirectUris() {
+ Set<String> result = new HashSet<String>();
+ result.addAll(entity.getRedirectUris());
+ return result;
+ }
+
+ @Override
+ public void setRedirectUris(Set<String> redirectUris) {
+ entity.setRedirectUris(redirectUris);
+ }
+
+ @Override
+ public void addRedirectUri(String redirectUri) {
+ entity.getRedirectUris().add(redirectUri);
+ }
+
+ @Override
+ public void removeRedirectUri(String redirectUri) {
+ entity.getRedirectUris().remove(redirectUri);
+ }
+
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
index b85f720..e5ab951 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
@@ -1,6 +1,8 @@
package org.keycloak.models.jpa.entities;
import javax.persistence.CascadeType;
+import javax.persistence.CollectionTable;
+import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
@@ -11,6 +13,8 @@ import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
import org.hibernate.annotations.GenericGenerator;
@@ -35,6 +39,14 @@ public class ApplicationEntity {
@OneToOne(fetch = FetchType.EAGER)
private UserEntity applicationUser;
+ @ElementCollection
+ @CollectionTable
+ protected Set<String> webOrigins = new HashSet<String>();
+
+ @ElementCollection
+ @CollectionTable
+ protected Set<String> redirectUris = new HashSet<String>();
+
@OneToMany(fetch = FetchType.EAGER, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "application")
Collection<ApplicationRoleEntity> roles = new ArrayList<ApplicationRoleEntity>();
@@ -128,4 +140,22 @@ public class ApplicationEntity {
public void setAllowedClaimsMask(long allowedClaimsMask) {
this.allowedClaimsMask = allowedClaimsMask;
}
+
+ public Set<String> getWebOrigins() {
+ return webOrigins;
+ }
+
+ public void setWebOrigins(Set<String> webOrigins) {
+ this.webOrigins = webOrigins;
+ }
+
+ public Set<String> getRedirectUris() {
+ return redirectUris;
+ }
+
+ public void setRedirectUris(Set<String> redirectUris) {
+ this.redirectUris = redirectUris;
+ }
+
+
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java
index 9a114a1..eb38b86 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java
@@ -1,5 +1,7 @@
package org.keycloak.models.jpa.entities;
+import javax.persistence.CollectionTable;
+import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
@@ -11,6 +13,9 @@ import javax.persistence.OneToOne;
import org.hibernate.annotations.GenericGenerator;
+import java.util.HashSet;
+import java.util.Set;
+
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
@@ -30,6 +35,15 @@ public class OAuthClientEntity {
private String name;
private long allowedClaimsMask;
+ @ElementCollection
+ @CollectionTable
+ protected Set<String> webOrigins = new HashSet<String>();
+
+ @ElementCollection
+ @CollectionTable
+ protected Set<String> redirectUris = new HashSet<String>();
+
+
@OneToOne(fetch = FetchType.EAGER)
private UserEntity agent;
@@ -72,4 +86,22 @@ public class OAuthClientEntity {
this.allowedClaimsMask = allowedClaimsMask;
}
+ public Set<String> getWebOrigins() {
+ return webOrigins;
+ }
+
+ public void setWebOrigins(Set<String> webOrigins) {
+ this.webOrigins = webOrigins;
+ }
+
+ public Set<String> getRedirectUris() {
+ return redirectUris;
+ }
+
+ public void setRedirectUris(Set<String> redirectUris) {
+ this.redirectUris = redirectUris;
+ }
+
+
+
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java
index 58a9292..51daf7b 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java
@@ -60,14 +60,6 @@ public class UserEntity {
@CollectionTable
protected Set<UserModel.RequiredAction> requiredActions = new HashSet<UserModel.RequiredAction>();
- @ElementCollection
- @CollectionTable
- protected Set<String> webOrigins = new HashSet<String>();
-
- @ElementCollection
- @CollectionTable
- protected Set<String> redirectUris = new HashSet<String>();
-
@OneToMany(cascade = CascadeType.REMOVE, orphanRemoval = true)
protected Collection<CredentialEntity> credentials = new ArrayList<CredentialEntity>();
@@ -151,22 +143,6 @@ public class UserEntity {
this.requiredActions = requiredActions;
}
- public Set<String> getWebOrigins() {
- return webOrigins;
- }
-
- public void setWebOrigins(Set<String> webOrigins) {
- this.webOrigins = webOrigins;
- }
-
- public Set<String> getRedirectUris() {
- return redirectUris;
- }
-
- public void setRedirectUris(Set<String> redirectUris) {
- this.redirectUris = redirectUris;
- }
-
public RealmEntity getRealm() {
return realm;
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java
index 6bb62cc..4098ff0 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java
@@ -4,6 +4,9 @@ import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.jpa.entities.OAuthClientEntity;
+import java.util.HashSet;
+import java.util.Set;
+
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
@@ -25,6 +28,16 @@ public class OAuthClientAdapter implements OAuthClientModel {
}
@Override
+ public boolean isEnabled() {
+ return getAgent().isEnabled();
+ }
+
+ @Override
+ public void setEnabled(boolean enabled) {
+ getAgent().setEnabled(enabled);
+ }
+
+ @Override
public UserModel getAgent() {
return new UserAdapter(entity.getAgent());
}
@@ -38,6 +51,51 @@ public class OAuthClientAdapter implements OAuthClientModel {
entity.setAllowedClaimsMask(mask);
}
+ @Override
+ public Set<String> getWebOrigins() {
+ Set<String> result = new HashSet<String>();
+ result.addAll(entity.getWebOrigins());
+ return result;
+ }
+
+ @Override
+ public void setWebOrigins(Set<String> webOrigins) {
+ entity.setWebOrigins(webOrigins);
+ }
+
+ @Override
+ public void addWebOrigin(String webOrigin) {
+ entity.getWebOrigins().add(webOrigin);
+ }
+
+ @Override
+ public void removeWebOrigin(String webOrigin) {
+ entity.getWebOrigins().remove(webOrigin);
+ }
+
+ @Override
+ public Set<String> getRedirectUris() {
+ Set<String> result = new HashSet<String>();
+ result.addAll(entity.getRedirectUris());
+ return result;
+ }
+
+ @Override
+ public void setRedirectUris(Set<String> redirectUris) {
+ entity.setRedirectUris(redirectUris);
+ }
+
+ @Override
+ public void addRedirectUri(String redirectUri) {
+ entity.getRedirectUris().add(redirectUri);
+ }
+
+ @Override
+ public void removeRedirectUri(String redirectUri) {
+ entity.getRedirectUris().remove(redirectUri);
+ }
+
+
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index a84b5d7..0330586 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -1,5 +1,6 @@
package org.keycloak.models.jpa;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.jpa.entities.ApplicationEntity;
import org.keycloak.models.jpa.entities.CredentialEntity;
@@ -559,6 +560,13 @@ public class RealmAdapter implements RealmModel {
}
@Override
+ public ClientModel findClient(String clientId) {
+ ClientModel model = getApplicationByName(clientId);
+ if (model != null) return model;
+ return getOAuthClient(clientId);
+ }
+
+ @Override
public Map<String, ApplicationModel> getApplicationNameMap() {
Map<String, ApplicationModel> map = new HashMap<String, ApplicationModel>();
for (ApplicationModel app : getApplications()) {
@@ -926,8 +934,8 @@ public class RealmAdapter implements RealmModel {
}
@Override
- public boolean hasScope(UserModel user, RoleModel role) {
- Set<RoleModel> roles = getScopeMappings(user);
+ public boolean hasScope(ClientModel client, RoleModel role) {
+ Set<RoleModel> roles = getScopeMappings(client);
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
@@ -996,8 +1004,8 @@ public class RealmAdapter implements RealmModel {
}
@Override
- public Set<RoleModel> getRealmScopeMappings(UserModel user) {
- Set<RoleModel> roleMappings = getScopeMappings(user);
+ public Set<RoleModel> getRealmScopeMappings(ClientModel client) {
+ Set<RoleModel> roleMappings = getScopeMappings(client);
Set<RoleModel> appRoles = new HashSet<RoleModel>();
for (RoleModel role : roleMappings) {
@@ -1014,9 +1022,9 @@ public class RealmAdapter implements RealmModel {
@Override
- public Set<RoleModel> getScopeMappings(UserModel agent) {
+ public Set<RoleModel> getScopeMappings(ClientModel client) {
TypedQuery<UserScopeMappingEntity> query = em.createNamedQuery("userScopeMappings", UserScopeMappingEntity.class);
- query.setParameter("user", ((UserAdapter)agent).getUser());
+ query.setParameter("user", ((UserAdapter)client.getAgent()).getUser());
List<UserScopeMappingEntity> entities = query.getResultList();
Set<RoleModel> roles = new HashSet<RoleModel>();
for (UserScopeMappingEntity entity : entities) {
@@ -1026,8 +1034,9 @@ public class RealmAdapter implements RealmModel {
}
@Override
- public void addScopeMapping(UserModel agent, RoleModel role) {
- if (hasScope(agent, role)) return;
+ public void addScopeMapping(ClientModel client, RoleModel role) {
+ UserModel agent = client.getAgent();
+ if (hasScope(client, role)) return;
UserScopeMappingEntity entity = new UserScopeMappingEntity();
entity.setUser(((UserAdapter) agent).getUser());
entity.setRole(((RoleAdapter)role).getRole());
@@ -1035,8 +1044,9 @@ public class RealmAdapter implements RealmModel {
}
@Override
- public void deleteScopeMapping(UserModel user, RoleModel role) {
- TypedQuery<UserScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) user, (RoleAdapter) role);
+ public void deleteScopeMapping(ClientModel client, RoleModel role) {
+ UserModel agent = client.getAgent();
+ TypedQuery<UserScopeMappingEntity> query = getRealmScopeMappingQuery((UserAdapter) agent, (RoleAdapter) role);
List<UserScopeMappingEntity> results = query.getResultList();
if (results.size() == 0) return;
for (UserScopeMappingEntity entity : results) {
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java
index 6c2bf30..cff1659 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java
@@ -99,49 +99,6 @@ public class UserAdapter implements UserModel {
user.getRequiredActions().remove(action);
}
- @Override
- public Set<String> getWebOrigins() {
- Set<String> result = new HashSet<String>();
- result.addAll(user.getWebOrigins());
- return result;
- }
-
- @Override
- public void setWebOrigins(Set<String> webOrigins) {
- user.setWebOrigins(webOrigins);
- }
-
- @Override
- public void addWebOrigin(String webOrigin) {
- user.getWebOrigins().add(webOrigin);
- }
-
- @Override
- public void removeWebOrigin(String webOrigin) {
- user.getWebOrigins().remove(webOrigin);
- }
-
- @Override
- public Set<String> getRedirectUris() {
- Set<String> result = new HashSet<String>();
- result.addAll(user.getRedirectUris());
- return result;
- }
-
- @Override
- public void setRedirectUris(Set<String> redirectUris) {
- user.setRedirectUris(redirectUris);
- }
-
- @Override
- public void addRedirectUri(String redirectUri) {
- user.getRedirectUris().add(redirectUri);
- }
-
- @Override
- public void removeRedirectUri(String redirectUri) {
- user.getRedirectUris().remove(redirectUri);
- }
@Override
public String getFirstName() {
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
index a0da211..4f17350 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
@@ -3,6 +3,7 @@ package org.keycloak.models.mongo.keycloak.adapters;
import com.mongodb.DBObject;
import com.mongodb.QueryBuilder;
import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.mongo.api.AbstractMongoIdentifiableEntity;
@@ -201,9 +202,9 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo
}
@Override
- public Set<RoleModel> getApplicationScopeMappings(UserModel user) {
+ public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> result = new HashSet<RoleModel>();
- List<RoleEntity> roles = MongoModelUtils.getAllScopesOfUser(user, invocationContext);
+ List<RoleEntity> roles = MongoModelUtils.getAllScopesOfUser(client.getAgent(), invocationContext);
for (RoleEntity role : roles) {
if (getId().equals(role.getApplicationId())) {
@@ -247,4 +248,57 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo
public AbstractMongoIdentifiableEntity getMongoEntity() {
return application;
}
+
+ @Override
+ public Set<String> getWebOrigins() {
+ Set<String> result = new HashSet<String>();
+ if (application.getWebOrigins() != null) {
+ result.addAll(application.getWebOrigins());
+ }
+ return result;
+ }
+
+ @Override
+ public void setWebOrigins(Set<String> webOrigins) {
+ List<String> result = new ArrayList<String>();
+ result.addAll(webOrigins);
+ application.setWebOrigins(result);
+ }
+
+ @Override
+ public void addWebOrigin(String webOrigin) {
+ getMongoStore().pushItemToList(application, "webOrigins", webOrigin, true, invocationContext);
+ }
+
+ @Override
+ public void removeWebOrigin(String webOrigin) {
+ getMongoStore().pullItemFromList(application, "webOrigins", webOrigin, invocationContext);
+ }
+
+ @Override
+ public Set<String> getRedirectUris() {
+ Set<String> result = new HashSet<String>();
+ if (application.getRedirectUris() != null) {
+ result.addAll(application.getRedirectUris());
+ }
+ return result;
+ }
+
+ @Override
+ public void setRedirectUris(Set<String> redirectUris) {
+ List<String> result = new ArrayList<String>();
+ result.addAll(redirectUris);
+ application.setRedirectUris(result);
+ }
+
+ @Override
+ public void addRedirectUri(String redirectUri) {
+ getMongoStore().pushItemToList(application, "redirectUris", redirectUri, true, invocationContext);
+ }
+
+ @Override
+ public void removeRedirectUri(String redirectUri) {
+ getMongoStore().pullItemFromList(application, "redirectUris", redirectUri, invocationContext);
+ }
+
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java
index ea48f91..043249e 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java
@@ -7,6 +7,11 @@ import org.keycloak.models.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.mongo.keycloak.entities.OAuthClientEntity;
import org.keycloak.models.mongo.keycloak.entities.UserEntity;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@@ -41,6 +46,16 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo
}
@Override
+ public boolean isEnabled() {
+ return getAgent().isEnabled();
+ }
+
+ @Override
+ public void setEnabled(boolean enabled) {
+ getAgent().setEnabled(enabled);
+ }
+
+ @Override
public UserModel getAgent() {
// This is not thread-safe. Assumption is that OAuthClientAdapter instance is per-client object
if (oauthAgent == null) {
@@ -54,4 +69,57 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo
public AbstractMongoIdentifiableEntity getMongoEntity() {
return delegate;
}
+
+ @Override
+ public Set<String> getWebOrigins() {
+ Set<String> result = new HashSet<String>();
+ if (delegate.getWebOrigins() != null) {
+ result.addAll(delegate.getWebOrigins());
+ }
+ return result;
+ }
+
+ @Override
+ public void setWebOrigins(Set<String> webOrigins) {
+ List<String> result = new ArrayList<String>();
+ result.addAll(webOrigins);
+ delegate.setWebOrigins(result);
+ }
+
+ @Override
+ public void addWebOrigin(String webOrigin) {
+ getMongoStore().pushItemToList(delegate, "webOrigins", webOrigin, true, invocationContext);
+ }
+
+ @Override
+ public void removeWebOrigin(String webOrigin) {
+ getMongoStore().pullItemFromList(delegate, "webOrigins", webOrigin, invocationContext);
+ }
+
+ @Override
+ public Set<String> getRedirectUris() {
+ Set<String> result = new HashSet<String>();
+ if (delegate.getRedirectUris() != null) {
+ result.addAll(delegate.getRedirectUris());
+ }
+ return result;
+ }
+
+ @Override
+ public void setRedirectUris(Set<String> redirectUris) {
+ List<String> result = new ArrayList<String>();
+ result.addAll(redirectUris);
+ delegate.setRedirectUris(result);
+ }
+
+ @Override
+ public void addRedirectUri(String redirectUri) {
+ getMongoStore().pushItemToList(delegate, "redirectUris", redirectUri, true, invocationContext);
+ }
+
+ @Override
+ public void removeRedirectUri(String redirectUri) {
+ getMongoStore().pullItemFromList(delegate, "redirectUris", redirectUri, invocationContext);
+ }
+
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
index 7192a6f..9466bb3 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
@@ -4,6 +4,7 @@ import com.mongodb.DBObject;
import com.mongodb.QueryBuilder;
import org.jboss.logging.Logger;
import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
@@ -486,6 +487,14 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
}
@Override
+ public ClientModel findClient(String clientId) {
+ ClientModel model = getApplicationByName(clientId);
+ if (model != null) return model;
+ return getOAuthClient(clientId);
+ }
+
+
+ @Override
public ApplicationModel getApplicationById(String id) {
ApplicationEntity appData = getMongoStore().loadEntity(ApplicationEntity.class, id, invocationContext);
@@ -607,9 +616,9 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
}
@Override
- public Set<RoleModel> getScopeMappings(UserModel user) {
+ public Set<RoleModel> getScopeMappings(ClientModel client) {
Set<RoleModel> result = new HashSet<RoleModel>();
- List<RoleEntity> roles = MongoModelUtils.getAllScopesOfUser(user, invocationContext);
+ List<RoleEntity> roles = MongoModelUtils.getAllScopesOfUser(client.getAgent(), invocationContext);
for (RoleEntity role : roles) {
if (getId().equals(role.getRealmId())) {
@@ -623,8 +632,8 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
}
@Override
- public Set<RoleModel> getRealmScopeMappings(UserModel user) {
- Set<RoleModel> allScopes = getScopeMappings(user);
+ public Set<RoleModel> getRealmScopeMappings(ClientModel client) {
+ Set<RoleModel> allScopes = getScopeMappings(client);
// Filter to retrieve just realm roles TODO: Maybe improve to avoid filter programmatically... Maybe have separate fields for realmRoles and appRoles on user?
Set<RoleModel> realmRoles = new HashSet<RoleModel>();
@@ -639,8 +648,8 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
}
@Override
- public boolean hasScope(UserModel user, RoleModel role) {
- Set<RoleModel> roles = getScopeMappings(user);
+ public boolean hasScope(ClientModel client, RoleModel role) {
+ Set<RoleModel> roles = getScopeMappings(client);
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
@@ -651,14 +660,14 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
@Override
- public void addScopeMapping(UserModel agent, RoleModel role) {
- UserEntity userEntity = ((UserAdapter)agent).getUser();
+ public void addScopeMapping(ClientModel client, RoleModel role) {
+ UserEntity userEntity = ((UserAdapter)client.getAgent()).getUser();
getMongoStore().pushItemToList(userEntity, "scopeIds", role.getId(), true, invocationContext);
}
@Override
- public void deleteScopeMapping(UserModel user, RoleModel role) {
- UserEntity userEntity = ((UserAdapter)user).getUser();
+ public void deleteScopeMapping(ClientModel client, RoleModel role) {
+ UserEntity userEntity = ((UserAdapter)client.getAgent()).getUser();
getMongoStore().pullItemFromList(userEntity, "scopeIds", role.getId(), invocationContext);
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java
index 2276313..8f22a7b 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java
@@ -124,59 +124,6 @@ public class UserAdapter extends AbstractAdapter implements UserModel {
return user;
}
- @Override
- public Set<String> getWebOrigins() {
- Set<String> result = new HashSet<String>();
- if (user.getWebOrigins() != null) {
- result.addAll(user.getWebOrigins());
- }
- return result;
- }
-
- @Override
- public void setWebOrigins(Set<String> webOrigins) {
- List<String> result = new ArrayList<String>();
- result.addAll(webOrigins);
- user.setWebOrigins(result);
- updateUser();
- }
-
- @Override
- public void addWebOrigin(String webOrigin) {
- getMongoStore().pushItemToList(user, "webOrigins", webOrigin, true, invocationContext);
- }
-
- @Override
- public void removeWebOrigin(String webOrigin) {
- getMongoStore().pullItemFromList(user, "webOrigins", webOrigin, invocationContext);
- }
-
- @Override
- public Set<String> getRedirectUris() {
- Set<String> result = new HashSet<String>();
- if (user.getRedirectUris() != null) {
- result.addAll(user.getRedirectUris());
- }
- return result;
- }
-
- @Override
- public void setRedirectUris(Set<String> redirectUris) {
- List<String> result = new ArrayList<String>();
- result.addAll(redirectUris);
- user.setRedirectUris(result);
- updateUser();
- }
-
- @Override
- public void addRedirectUri(String redirectUri) {
- getMongoStore().pushItemToList(user, "redirectUris", redirectUri, true, invocationContext);
- }
-
- @Override
- public void removeRedirectUri(String redirectUri) {
- getMongoStore().pullItemFromList(user, "redirectUris", redirectUri, invocationContext);
- }
@Override
public Set<RequiredAction> getRequiredActions() {
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java
index 2a03171..c279934 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java
@@ -26,6 +26,9 @@ public class ApplicationEntity extends AbstractMongoIdentifiableEntity implement
private String resourceUserId;
private String realmId;
private long allowedClaimsMask;
+ private List<String> webOrigins;
+ private List<String> redirectUris;
+
// We are using names of defaultRoles (not ids)
private List<String> defaultRoles = new ArrayList<String>();
@@ -85,6 +88,26 @@ public class ApplicationEntity extends AbstractMongoIdentifiableEntity implement
}
@MongoField
+ public List<String> getWebOrigins() {
+ return webOrigins;
+ }
+
+ public void setWebOrigins(List<String> webOrigins) {
+ this.webOrigins = webOrigins;
+ }
+
+ @MongoField
+ public List<String> getRedirectUris() {
+ return redirectUris;
+ }
+
+ public void setRedirectUris(List<String> redirectUris) {
+ this.redirectUris = redirectUris;
+ }
+
+
+
+ @MongoField
public long getAllowedClaimsMask() {
return allowedClaimsMask;
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java
index 78c3687..11583e1 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java
@@ -6,6 +6,8 @@ import org.keycloak.models.mongo.api.MongoEntity;
import org.keycloak.models.mongo.api.MongoField;
import org.keycloak.models.mongo.api.context.MongoStoreInvocationContext;
+import java.util.List;
+
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@@ -17,6 +19,8 @@ public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implement
private String oauthAgentId;
private String realmId;
private long allowedClaimsMask;
+ private List<String> webOrigins;
+ private List<String> redirectUris;
@MongoField
public String getName() {
@@ -54,6 +58,26 @@ public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implement
this.allowedClaimsMask = allowedClaimsMask;
}
+ @MongoField
+ public List<String> getWebOrigins() {
+ return webOrigins;
+ }
+
+ public void setWebOrigins(List<String> webOrigins) {
+ this.webOrigins = webOrigins;
+ }
+
+ @MongoField
+ public List<String> getRedirectUris() {
+ return redirectUris;
+ }
+
+ public void setRedirectUris(List<String> redirectUris) {
+ this.redirectUris = redirectUris;
+ }
+
+
+
@Override
public void afterRemove(MongoStoreInvocationContext context) {
// Remove user of this oauthClient
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java
index fdd69a2..7cfa2f7 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java
@@ -30,8 +30,6 @@ public class UserEntity extends AbstractMongoIdentifiableEntity implements Mongo
private List<String> scopeIds;
private Map<String, String> attributes;
- private List<String> webOrigins;
- private List<String> redirectUris;
private List<UserModel.RequiredAction> requiredActions;
private List<CredentialEntity> credentials = new ArrayList<CredentialEntity>();
private List<SocialLinkEntity> socialLinks;
@@ -136,24 +134,6 @@ public class UserEntity extends AbstractMongoIdentifiableEntity implements Mongo
}
@MongoField
- public List<String> getWebOrigins() {
- return webOrigins;
- }
-
- public void setWebOrigins(List<String> webOrigins) {
- this.webOrigins = webOrigins;
- }
-
- @MongoField
- public List<String> getRedirectUris() {
- return redirectUris;
- }
-
- public void setRedirectUris(List<String> redirectUris) {
- this.redirectUris = redirectUris;
- }
-
- @MongoField
public List<UserModel.RequiredAction> getRequiredActions() {
return requiredActions;
}
diff --git a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
index eb119d5..e1d860d 100755
--- a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
@@ -184,10 +184,10 @@ public class AdapterTest extends AbstractModelTest {
RoleModel appRole = app.addRole("test");
realmModel.grantRole(user, appRole);
- realmModel.addScopeMapping(client.getAgent(), appRole);
+ realmModel.addScopeMapping(client, appRole);
RoleModel realmRole = realmModel.addRole("test");
- realmModel.addScopeMapping(app.getAgent(), realmRole);
+ realmModel.addScopeMapping(app, realmRole);
Assert.assertTrue(realmModel.removeApplication(app.getId()));
Assert.assertFalse(realmModel.removeApplication(app.getId()));
@@ -212,10 +212,10 @@ public class AdapterTest extends AbstractModelTest {
RoleModel appRole = app.addRole("test");
realmModel.grantRole(user, appRole);
- realmModel.addScopeMapping(client.getAgent(), appRole);
+ realmModel.addScopeMapping(client, appRole);
RoleModel realmRole = realmModel.addRole("test");
- realmModel.addScopeMapping(app.getAgent(), realmRole);
+ realmModel.addScopeMapping(app, realmRole);
Assert.assertTrue(identitySession.removeRealm(realmModel.getId()));
Assert.assertFalse(identitySession.removeRealm(realmModel.getId()));
@@ -235,10 +235,10 @@ public class AdapterTest extends AbstractModelTest {
RoleModel appRole = app.addRole("test");
realmModel.grantRole(user, appRole);
- realmModel.addScopeMapping(client.getAgent(), appRole);
+ realmModel.addScopeMapping(client, appRole);
RoleModel realmRole = realmModel.addRole("test");
- realmModel.addScopeMapping(app.getAgent(), realmRole);
+ realmModel.addScopeMapping(app, realmRole);
Assert.assertTrue(realmModel.removeRoleById(realmRole.getId()));
Assert.assertFalse(realmModel.removeRoleById(realmRole.getId()));
diff --git a/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java
index 942aab9..c314619 100755
--- a/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java
@@ -37,11 +37,11 @@ public class ApplicationModelTest extends AbstractModelTest {
application.addDefaultRole("role-1");
application.addDefaultRole("role-2");
- application.getAgent().addRedirectUri("redirect-1");
- application.getAgent().addRedirectUri("redirect-2");
+ application.addRedirectUri("redirect-1");
+ application.addRedirectUri("redirect-2");
- application.getAgent().addWebOrigin("origin-1");
- application.getAgent().addWebOrigin("origin-2");
+ application.addWebOrigin("origin-1");
+ application.addWebOrigin("origin-2");
application.updateApplication();
}
@@ -69,11 +69,8 @@ public class ApplicationModelTest extends AbstractModelTest {
Assert.assertEquals(expected.getManagementUrl(), actual.getManagementUrl());
Assert.assertEquals(expected.getDefaultRoles(), actual.getDefaultRoles());
- UserModel auser = actual.getAgent();
- UserModel euser = expected.getAgent();
-
- Assert.assertTrue(euser.getRedirectUris().containsAll(auser.getRedirectUris()));
- Assert.assertTrue(euser.getWebOrigins().containsAll(auser.getWebOrigins()));
+ Assert.assertTrue(expected.getRedirectUris().containsAll(actual.getRedirectUris()));
+ Assert.assertTrue(expected.getWebOrigins().containsAll(actual.getWebOrigins()));
}
public static void assertEquals(List<RoleModel> expected, List<RoleModel> actual) {
diff --git a/model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java
index c0ec969..2472ed0 100755
--- a/model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java
@@ -60,7 +60,7 @@ public class CompositeRolesModelTest extends AbstractModelTest {
ApplicationModel application = realm.getApplicationByName(applicationName);
Set<RoleModel> roleMappings = realm.getRoleMappings(user);
- Set<RoleModel> scopeMappings = realm.getScopeMappings(application.getAgent());
+ Set<RoleModel> scopeMappings = realm.getScopeMappings(application);
Set<RoleModel> appRoles = application.getRoles();
if (appRoles != null) scopeMappings.addAll(appRoles);
diff --git a/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java b/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java
index ba30206..728eaef 100755
--- a/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/ImportTest.java
@@ -6,6 +6,7 @@ import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
@@ -47,8 +48,6 @@ public class ImportTest extends AbstractModelTest {
UserModel user = realm.getUser("loginclient");
Assert.assertNotNull(user);
- Set<RoleModel> scopes = realm.getRealmScopeMappings(user);
- Assert.assertEquals(0, scopes.size());
Assert.assertEquals(0, realm.getSocialLinks(user).size());
List<ApplicationModel> resources = realm.getApplications();
@@ -103,7 +102,7 @@ public class ImportTest extends AbstractModelTest {
// Test scope relationship
- UserModel oauthClient = realm.getUser("oauthclient");
+ ClientModel oauthClient = realm.findClient("oauthclient");
Assert.assertNotNull(oauthClient);
Set<RoleModel> allScopes = realm.getScopeMappings(oauthClient);
Assert.assertEquals(2, allScopes.size());
diff --git a/model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java
index 12b4635..5bc94d2 100755
--- a/model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java
@@ -2,6 +2,8 @@ package org.keycloak.model.test;
import org.junit.Assert;
import org.junit.Test;
+import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.RequiredAction;
@@ -19,15 +21,9 @@ public class UserModelTest extends AbstractModelTest {
user.setLastName("last-name");
user.setEmail("email");
- user.addRedirectUri("redirect-1");
- user.addRedirectUri("redirect-2");
-
user.addRequiredAction(RequiredAction.CONFIGURE_TOTP);
user.addRequiredAction(RequiredAction.UPDATE_PASSWORD);
- user.addWebOrigin("origin-1");
- user.addWebOrigin("origin-2");
-
UserModel persisted = realmManager.getRealm(realm.getId()).getUser("user");
assertEquals(user, persisted);
@@ -39,21 +35,38 @@ public class UserModelTest extends AbstractModelTest {
@Test
public void webOriginSetTest() {
RealmModel realm = realmManager.createRealm("original");
- UserModel user = realm.addUser("user");
+ ClientModel client = realm.addApplication("user");
+
+ Assert.assertTrue(client.getWebOrigins().isEmpty());
+
+ client.addWebOrigin("origin-1");
+ Assert.assertEquals(1, client.getWebOrigins().size());
+
+ client.addWebOrigin("origin-2");
+ Assert.assertEquals(2, client.getWebOrigins().size());
+
+ client.removeWebOrigin("origin-2");
+ Assert.assertEquals(1, client.getWebOrigins().size());
+
+ client.removeWebOrigin("origin-1");
+ Assert.assertTrue(client.getWebOrigins().isEmpty());
+
+ client = realm.addOAuthClient("oauthclient2");
+
+ Assert.assertTrue(client.getWebOrigins().isEmpty());
- Assert.assertTrue(user.getWebOrigins().isEmpty());
+ client.addWebOrigin("origin-1");
+ Assert.assertEquals(1, client.getWebOrigins().size());
- user.addWebOrigin("origin-1");
- Assert.assertEquals(1, user.getWebOrigins().size());
+ client.addWebOrigin("origin-2");
+ Assert.assertEquals(2, client.getWebOrigins().size());
- user.addWebOrigin("origin-2");
- Assert.assertEquals(2, user.getWebOrigins().size());
+ client.removeWebOrigin("origin-2");
+ Assert.assertEquals(1, client.getWebOrigins().size());
- user.removeWebOrigin("origin-2");
- Assert.assertEquals(1, user.getWebOrigins().size());
+ client.removeWebOrigin("origin-1");
+ Assert.assertTrue(client.getWebOrigins().isEmpty());
- user.removeWebOrigin("origin-1");
- Assert.assertTrue(user.getWebOrigins().isEmpty());
}
@Test
@@ -101,9 +114,7 @@ public class UserModelTest extends AbstractModelTest {
Assert.assertEquals(expected.getLoginName(), actual.getLoginName());
Assert.assertEquals(expected.getFirstName(), actual.getFirstName());
Assert.assertEquals(expected.getLastName(), actual.getLastName());
- Assert.assertArrayEquals(expected.getRedirectUris().toArray(), actual.getRedirectUris().toArray());
Assert.assertArrayEquals(expected.getRequiredActions().toArray(), actual.getRequiredActions().toArray());
- Assert.assertArrayEquals(expected.getWebOrigins().toArray(), actual.getWebOrigins().toArray());
}
}
diff --git a/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java b/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java
index a94cb1b..79da6b7 100755
--- a/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java
+++ b/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java
@@ -1,5 +1,6 @@
package org.keycloak.services.managers;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@@ -29,7 +30,7 @@ public class AccessCodeEntry {
protected AccessToken token;
protected UserModel user;
protected Set<RequiredAction> requiredActions;
- protected UserModel client;
+ protected ClientModel client;
protected List<RoleModel> realmRolesRequested = new ArrayList<RoleModel>();
MultivaluedMap<String, RoleModel> resourceRolesRequested = new MultivaluedHashMap<String, RoleModel>();
@@ -73,11 +74,11 @@ public class AccessCodeEntry {
this.token = token;
}
- public UserModel getClient() {
+ public ClientModel getClient() {
return client;
}
- public void setClient(UserModel client) {
+ public void setClient(ClientModel client) {
this.client = client;
}
diff --git a/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java b/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java
old mode 100644
new mode 100755
index 9aea2f3..2011541
--- a/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java
@@ -9,6 +9,7 @@ import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.AccessToken;
@@ -66,7 +67,7 @@ public class AppAuthManager extends AuthenticationManager {
throw new BadRequestException();
}
- if (!client.getLoginName().equals(accessCode.getClient().getLoginName())) {
+ if (!client.getLoginName().equals(accessCode.getClient().getAgent().getLoginName())) {
logger.debug("bad client");
throw new BadRequestException();
}
@@ -74,7 +75,7 @@ public class AppAuthManager extends AuthenticationManager {
return createLoginCookie(realm, accessCode.getUser(), accessCode.getClient(), cookieName, uri.getRawPath(), false);
}
- public NewCookie createRefreshCookie(RealmModel realm, UserModel user, UserModel client, URI uri) {
+ public NewCookie createRefreshCookie(RealmModel realm, UserModel user, ClientModel client, URI uri) {
return createLoginCookie(realm, user, client, cookieName, uri.getRawPath(), false);
}
@@ -117,9 +118,9 @@ public class AppAuthManager extends AuthenticationManager {
return null;
}
- UserModel client = null;
+ ClientModel client = null;
if (token.getIssuedFor() != null) {
- client = realm.getUser(token.getIssuedFor());
+ client = realm.findClient(token.getIssuedFor());
if (client == null || !client.isEnabled()) {
logger.info("Unknown client in cookie");
expireCookie(cookie.getName(), cookie.getPath());
@@ -158,9 +159,9 @@ public class AppAuthManager extends AuthenticationManager {
throw new NotAuthorizedException("invalid_user");
}
- UserModel client = null;
+ ClientModel client = null;
if (token.getIssuedFor() != null) {
- client = realm.getUser(token.getIssuedFor());
+ client = realm.findClient(token.getIssuedFor());
if (client == null || !client.isEnabled()) {
throw new NotAuthorizedException("invalid_user");
}
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
index 3bbd8e4..746b4d5 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
@@ -5,6 +5,7 @@ import org.codehaus.jackson.annotate.JsonPropertyOrder;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClaimMask;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@@ -73,13 +74,13 @@ public class ApplicationManager {
if (resourceRep.getRedirectUris() != null) {
for (String redirectUri : resourceRep.getRedirectUris()) {
- resourceUser.addRedirectUri(redirectUri);
+ applicationModel.addRedirectUri(redirectUri);
}
}
if (resourceRep.getWebOrigins() != null) {
for (String webOrigin : resourceRep.getWebOrigins()) {
logger.debug("Application: {0} webOrigin: {1}", resourceUser.getLoginName(), webOrigin);
- resourceUser.addWebOrigin(webOrigin);
+ applicationModel.addWebOrigin(webOrigin);
}
}
@@ -117,13 +118,13 @@ public class ApplicationManager {
public void createScopeMappings(RealmModel realm, ApplicationModel applicationModel, List<ScopeMappingRepresentation> mappings) {
for (ScopeMappingRepresentation mapping : mappings) {
- UserModel user = realm.getUser(mapping.getUsername());
for (String roleString : mapping.getRoles()) {
RoleModel role = applicationModel.getRole(roleString.trim());
if (role == null) {
role = applicationModel.addRole(roleString.trim());
}
- realm.addScopeMapping(user, role);
+ ClientModel client = realm.findClient(mapping.getUsername());
+ realm.addScopeMapping(client, role);
}
}
}
@@ -162,12 +163,12 @@ public class ApplicationManager {
List<String> redirectUris = rep.getRedirectUris();
if (redirectUris != null) {
- resource.getAgent().setRedirectUris(new HashSet<String>(redirectUris));
+ resource.setRedirectUris(new HashSet<String>(redirectUris));
}
List<String> webOrigins = rep.getWebOrigins();
if (webOrigins != null) {
- resource.getAgent().setWebOrigins(new HashSet<String>(webOrigins));
+ resource.setWebOrigins(new HashSet<String>(webOrigins));
}
if (rep.getClaims() != null) {
@@ -184,12 +185,12 @@ public class ApplicationManager {
rep.setSurrogateAuthRequired(applicationModel.isSurrogateAuthRequired());
rep.setBaseUrl(applicationModel.getBaseUrl());
- Set<String> redirectUris = applicationModel.getAgent().getRedirectUris();
+ Set<String> redirectUris = applicationModel.getRedirectUris();
if (redirectUris != null) {
rep.setRedirectUris(new LinkedList<String>(redirectUris));
}
- Set<String> webOrigins = applicationModel.getAgent().getWebOrigins();
+ Set<String> webOrigins = applicationModel.getWebOrigins();
if (webOrigins != null) {
rep.setWebOrigins(new LinkedList<String>(webOrigins));
}
diff --git a/services/src/main/java/org/keycloak/services/managers/Auth.java b/services/src/main/java/org/keycloak/services/managers/Auth.java
old mode 100644
new mode 100755
index 6bc8628..0718a61
--- a/services/src/main/java/org/keycloak/services/managers/Auth.java
+++ b/services/src/main/java/org/keycloak/services/managers/Auth.java
@@ -1,5 +1,6 @@
package org.keycloak.services.managers;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.AccessToken;
@@ -13,9 +14,9 @@ public class Auth {
private final RealmModel realm;
private final AccessToken token;
private final UserModel user;
- private final UserModel client;
+ private final ClientModel client;
- public Auth(RealmModel realm, UserModel user, UserModel client) {
+ public Auth(RealmModel realm, UserModel user, ClientModel client) {
this.cookie = true;
this.realm = realm;
this.token = null;
@@ -24,7 +25,7 @@ public class Auth {
this.client = client;
}
- public Auth(AccessToken token, UserModel user, UserModel client) {
+ public Auth(AccessToken token, UserModel user, ClientModel client) {
this.cookie = false;
this.token = token;
this.realm = null;
@@ -45,7 +46,7 @@ public class Auth {
return user;
}
- public UserModel getClient() {
+ public ClientModel getClient() {
return client;
}
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index 90ab901..94bf390 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -6,6 +6,7 @@ import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
import org.keycloak.jose.jws.JWSBuilder;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
@@ -56,10 +57,10 @@ public class AuthenticationManager {
return createLoginCookie(realm, user, null, cookieName, cookiePath, rememberMe);
}
- protected NewCookie createLoginCookie(RealmModel realm, UserModel user, UserModel client, String cookieName, String cookiePath, boolean rememberMe) {
+ protected NewCookie createLoginCookie(RealmModel realm, UserModel user, ClientModel client, String cookieName, String cookiePath, boolean rememberMe) {
AccessToken identityToken = createIdentityToken(realm, user);
if (client != null) {
- identityToken.issuedFor(client.getLoginName());
+ identityToken.issuedFor(client.getAgent().getLoginName());
}
String encoded = encodeToken(realm, identityToken);
boolean secureOnly = !realm.isSslNotRequired();
diff --git a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
index 500bbad..cbdbf81 100755
--- a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
@@ -72,12 +72,12 @@ public class OAuthClientManager {
model.getAgent().setEnabled(rep.isEnabled());
List<String> redirectUris = rep.getRedirectUris();
if (redirectUris != null) {
- model.getAgent().setRedirectUris(new HashSet<String>(redirectUris));
+ model.setRedirectUris(new HashSet<String>(redirectUris));
}
List<String> webOrigins = rep.getWebOrigins();
if (webOrigins != null) {
- model.getAgent().setWebOrigins(new HashSet<String>(webOrigins));
+ model.setWebOrigins(new HashSet<String>(webOrigins));
}
if (rep.getClaims() != null) {
@@ -90,12 +90,12 @@ public class OAuthClientManager {
rep.setId(model.getId());
rep.setName(model.getAgent().getLoginName());
rep.setEnabled(model.getAgent().isEnabled());
- Set<String> redirectUris = model.getAgent().getRedirectUris();
+ Set<String> redirectUris = model.getRedirectUris();
if (redirectUris != null) {
rep.setRedirectUris(new LinkedList<String>(redirectUris));
}
- Set<String> webOrigins = model.getAgent().getWebOrigins();
+ Set<String> webOrigins = model.getWebOrigins();
if (webOrigins != null) {
rep.setWebOrigins(new LinkedList<String>(webOrigins));
}
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index 0ee5c38..632504a 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -4,6 +4,7 @@ import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
@@ -361,7 +362,8 @@ public class RealmManager {
role = newRealm.addRole(roleString.trim());
}
UserModel user = userMap.get(scope.getUsername());
- newRealm.addScopeMapping(user, role);
+ ClientModel client = newRealm.findClient(user.getLoginName());
+ newRealm.addScopeMapping(client, role);
}
}
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index 93b7c5d..9aae471 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -87,13 +87,13 @@ public class TokenManager {
- public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) {
+ public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, ClientModel client, UserModel user) {
AccessCodeEntry code = createAccessCodeEntry(scopeParam, state, redirect, realm, client, user);
accessCodeMap.put(code.getId(), code);
return code;
}
- private AccessCodeEntry createAccessCodeEntry(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) {
+ private AccessCodeEntry createAccessCodeEntry(String scopeParam, String state, String redirect, RealmModel realm, ClientModel client, UserModel user) {
AccessCodeEntry code = new AccessCodeEntry();
List<RoleModel> realmRolesRequested = code.getRealmRolesRequested();
MultivaluedMap<String, RoleModel> resourceRolesRequested = code.getResourceRolesRequested();
@@ -117,7 +117,7 @@ public class TokenManager {
return code;
}
- public AccessToken refreshAccessToken(RealmModel realm, UserModel client, String encodedRefreshToken) throws OAuthErrorException {
+ public AccessToken refreshAccessToken(RealmModel realm, ClientModel client, String encodedRefreshToken) throws OAuthErrorException {
JWSInput jws = new JWSInput(encodedRefreshToken);
RefreshToken refreshToken = null;
try {
@@ -142,7 +142,7 @@ public class TokenManager {
}
- ApplicationModel clientApp = realm.getApplicationByName(client.getLoginName());
+ ApplicationModel clientApp = (client instanceof ApplicationModel) ? (ApplicationModel)client : null;
if (refreshToken.getRealmAccess() != null) {
@@ -180,15 +180,14 @@ public class TokenManager {
}
}
- ClientModel claimRequesterModel = getClaimRequester(realm, client);
- AccessToken accessToken = initToken(realm, claimRequesterModel, client, user);
+ AccessToken accessToken = initToken(realm, client, user);
accessToken.setRealmAccess(refreshToken.getRealmAccess());
accessToken.setResourceAccess(refreshToken.getResourceAccess());
return accessToken;
}
- public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, UserModel client, UserModel user) {
+ public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, ClientModel client, UserModel user) {
return createClientAccessToken(scopeParam, realm, client, user, new LinkedList<RoleModel>(), new MultivaluedHashMap<String, RoleModel>());
}
@@ -199,15 +198,14 @@ public class TokenManager {
}
- public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, UserModel client, UserModel user, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
+ public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, ClientModel client, UserModel user, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
AccessScope scopeMap = null;
if (scopeParam != null) scopeMap = decodeScope(scopeParam);
Set<RoleModel> roleMappings = realm.getRoleMappings(user);
Set<RoleModel> scopeMappings = realm.getScopeMappings(client);
- ClientModel claimRequesterModel = getClaimRequester(realm, client);
- ApplicationModel clientApp = realm.getApplicationByName(client.getLoginName());
+ ApplicationModel clientApp = (client instanceof ApplicationModel) ? (ApplicationModel)client : null;
Set<RoleModel> clientAppRoles = clientApp == null ? null : clientApp.getRoles();
if (clientAppRoles != null) scopeMappings.addAll(clientAppRoles);
@@ -233,7 +231,7 @@ public class TokenManager {
}
}
- AccessToken token = initToken(realm, claimRequesterModel, client, user);
+ AccessToken token = initToken(realm, client, user);
if (realmRolesRequested.size() > 0) {
for (RoleModel role : realmRolesRequested) {
@@ -286,13 +284,13 @@ public class TokenManager {
- protected AccessToken initToken(RealmModel realm, ClientModel claimer, UserModel client, UserModel user) {
+ protected AccessToken initToken(RealmModel realm, ClientModel client, UserModel user) {
AccessToken token = new AccessToken();
token.id(KeycloakModelUtils.generateId());
token.subject(user.getId());
token.audience(realm.getName());
token.issuedNow();
- token.issuedFor(client.getLoginName());
+ token.issuedFor(client.getAgent().getLoginName());
token.issuer(realm.getName());
if (realm.getAccessTokenLifespan() > 0) {
token.expiration((System.currentTimeMillis() / 1000) + realm.getAccessTokenLifespan());
@@ -301,7 +299,7 @@ public class TokenManager {
if (allowedOrigins != null) {
token.setAllowedOrigins(allowedOrigins);
}
- initClaims(token, claimer, user);
+ initClaims(token, client, user);
return token;
}
@@ -385,7 +383,7 @@ public class TokenManager {
return this;
}
- public AccessTokenResponseBuilder generateAccessToken(String scopeParam, UserModel client, UserModel user) {
+ public AccessTokenResponseBuilder generateAccessToken(String scopeParam, ClientModel client, UserModel user) {
accessToken = createClientAccessToken(scopeParam, realm, client, user);
return this;
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
index 30270e5..0e28083 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
@@ -145,7 +145,7 @@ public class ApplicationResource {
@Path("scope-mappings")
public ScopeMappedResource getScopeMappedResource() {
- return new ScopeMappedResource(realm, auth, application.getAgent(), session);
+ return new ScopeMappedResource(realm, auth, application, session);
}
@Path("roles")
@@ -160,7 +160,7 @@ public class ApplicationResource {
{
auth.requireView();
- return application.getAgent().getWebOrigins();
+ return application.getWebOrigins();
}
@Path("allowed-origins")
@@ -170,7 +170,7 @@ public class ApplicationResource {
{
auth.requireManage();
- application.getAgent().setWebOrigins(allowedOrigins);
+ application.setWebOrigins(allowedOrigins);
}
@Path("allowed-origins")
@@ -181,7 +181,7 @@ public class ApplicationResource {
auth.requireManage();
for (String origin : allowedOrigins) {
- application.getAgent().removeWebOrigin(origin);
+ application.removeWebOrigin(origin);
}
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java
index cbd6018..5053860 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java
@@ -131,7 +131,7 @@ public class OAuthClientResource {
@Path("scope-mappings")
public ScopeMappedResource getScopeMappedResource() {
- return new ScopeMappedResource(realm, auth, oauthClient.getAgent(), session);
+ return new ScopeMappedResource(realm, auth, oauthClient, session);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
index c5e8662..c6f9b03 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
@@ -2,6 +2,7 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@@ -33,13 +34,13 @@ import java.util.Set;
public class ScopeMappedResource {
protected RealmModel realm;
private RealmAuth auth;
- protected UserModel agent;
+ protected ClientModel client;
protected KeycloakSession session;
- public ScopeMappedResource(RealmModel realm, RealmAuth auth, UserModel account, KeycloakSession session) {
+ public ScopeMappedResource(RealmModel realm, RealmAuth auth, ClientModel client, KeycloakSession session) {
this.realm = realm;
this.auth = auth;
- this.agent = account;
+ this.client = client;
this.session = session;
}
@@ -50,7 +51,7 @@ public class ScopeMappedResource {
auth.requireView();
MappingsRepresentation all = new MappingsRepresentation();
- Set<RoleModel> realmMappings = realm.getRealmScopeMappings(agent);
+ Set<RoleModel> realmMappings = realm.getRealmScopeMappings(client);
RealmManager manager = new RealmManager(session);
if (realmMappings.size() > 0) {
List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>();
@@ -64,7 +65,7 @@ public class ScopeMappedResource {
if (applications.size() > 0) {
Map<String, ApplicationMappingsRepresentation> appMappings = new HashMap<String, ApplicationMappingsRepresentation>();
for (ApplicationModel app : applications) {
- Set<RoleModel> roleMappings = app.getApplicationScopeMappings(agent);
+ Set<RoleModel> roleMappings = app.getApplicationScopeMappings(client);
if (roleMappings.size() > 0) {
ApplicationMappingsRepresentation mappings = new ApplicationMappingsRepresentation();
mappings.setApplicationId(app.getId());
@@ -89,7 +90,7 @@ public class ScopeMappedResource {
public List<RoleRepresentation> getRealmScopeMappings() {
auth.requireView();
- Set<RoleModel> realmMappings = realm.getRealmScopeMappings(agent);
+ Set<RoleModel> realmMappings = realm.getRealmScopeMappings(client);
List<RoleRepresentation> realmMappingsRep = new ArrayList<RoleRepresentation>();
RealmManager manager = new RealmManager(session);
for (RoleModel roleModel : realmMappings) {
@@ -109,7 +110,7 @@ public class ScopeMappedResource {
if (roleModel == null) {
throw new NotFoundException();
}
- realm.addScopeMapping(agent, roleModel);
+ realm.addScopeMapping(client, roleModel);
}
@@ -122,9 +123,9 @@ public class ScopeMappedResource {
auth.requireManage();
if (roles == null) {
- Set<RoleModel> roleModels = realm.getRealmScopeMappings(agent);
+ Set<RoleModel> roleModels = realm.getRealmScopeMappings(client);
for (RoleModel roleModel : roleModels) {
- realm.deleteScopeMapping(agent, roleModel);
+ realm.deleteScopeMapping(client, roleModel);
}
} else {
@@ -133,7 +134,7 @@ public class ScopeMappedResource {
if (roleModel == null) {
throw new NotFoundException();
}
- realm.deleteScopeMapping(agent, roleModel);
+ realm.deleteScopeMapping(client, roleModel);
}
}
}
@@ -151,7 +152,7 @@ public class ScopeMappedResource {
throw new NotFoundException();
}
- Set<RoleModel> mappings = app.getApplicationScopeMappings(agent);
+ Set<RoleModel> mappings = app.getApplicationScopeMappings(client);
List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
for (RoleModel roleModel : mappings) {
mapRep.add(ModelToRepresentation.toRepresentation(roleModel));
@@ -176,7 +177,7 @@ public class ScopeMappedResource {
if (roleModel == null) {
throw new NotFoundException();
}
- realm.addScopeMapping(agent, roleModel);
+ realm.addScopeMapping(client, roleModel);
}
}
@@ -194,9 +195,9 @@ public class ScopeMappedResource {
}
if (roles == null) {
- Set<RoleModel> roleModels = app.getApplicationScopeMappings(agent);
+ Set<RoleModel> roleModels = app.getApplicationScopeMappings(client);
for (RoleModel roleModel : roleModels) {
- realm.deleteScopeMapping(agent, roleModel);
+ realm.deleteScopeMapping(client, roleModel);
}
} else {
@@ -205,7 +206,7 @@ public class ScopeMappedResource {
if (roleModel == null) {
throw new NotFoundException();
}
- realm.deleteScopeMapping(agent, roleModel);
+ realm.deleteScopeMapping(client, roleModel);
}
}
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index 212c6b6..dba0217 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -3,6 +3,7 @@ package org.keycloak.services.resources.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
@@ -467,7 +468,7 @@ public class UsersResource {
String state = null;
String scope = null;
- UserModel client = realm.getUser(clientId);
+ ClientModel client = realm.findClient(clientId);
if (client == null || !client.isEnabled()) {
return Flows.errors().error("Account management not enabled", Response.Status.INTERNAL_SERVER_ERROR);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/Cors.java b/services/src/main/java/org/keycloak/services/resources/Cors.java
index 42c34d1..30f6294 100755
--- a/services/src/main/java/org/keycloak/services/resources/Cors.java
+++ b/services/src/main/java/org/keycloak/services/resources/Cors.java
@@ -7,6 +7,7 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.ResponseBuilder;
import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.UserModel;
/**
@@ -52,7 +53,7 @@ public class Cors {
return this;
}
- public Cors allowedOrigins(UserModel client) {
+ public Cors allowedOrigins(ClientModel client) {
if (client != null) {
allowedOrigins = client.getWebOrigins();
}
diff --git a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
index f523fcc..2b741ab 100755
--- a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
@@ -23,6 +23,7 @@ package org.keycloak.services.resources.flows;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
@@ -88,7 +89,7 @@ public class OAuthFlows {
return location.build();
}
- public Response redirectError(UserModel client, String error, String state, String redirect) {
+ public Response redirectError(ClientModel client, String error, String state, String redirect) {
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam("error", error);
if (state != null) {
redirectUri.queryParam("state", state);
@@ -97,19 +98,19 @@ public class OAuthFlows {
return Response.status(302).location(redirectUri.build()).build();
}
- public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) {
+ public Response processAccessCode(String scopeParam, String state, String redirect, ClientModel client, UserModel user) {
return processAccessCode(scopeParam, state, redirect, client, user, false);
}
- public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user, boolean rememberMe) {
+ public Response processAccessCode(String scopeParam, String state, String redirect, ClientModel client, UserModel user, boolean rememberMe) {
isTotpConfigurationRequired(user);
isEmailVerificationRequired(user);
RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
- boolean isResource = realm.hasRole(client, resourceRole);
- if (!isResource && !realm.hasRole(client, identityRequestRole)) {
+ boolean isResource = realm.hasRole(client.getAgent(), resourceRole);
+ if (!isResource && !realm.hasRole(client.getAgent(), identityRequestRole)) {
return forwardToSecurityFailure("Login requester not allowed to request login.");
}
AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user);
@@ -128,7 +129,7 @@ public class OAuthFlows {
if (!isResource
&& (accessCode.getRealmRolesRequested().size() > 0 || accessCode.getResourceRolesRequested().size() > 0)) {
- OAuthClientModel oauthClient = realm.getOAuthClient(client.getLoginName());
+ OAuthClientModel oauthClient = realm.getOAuthClient(client.getAgent().getLoginName());
accessCode.setExpiration(System.currentTimeMillis() / 1000 + realm.getAccessCodeLifespanUserAction());
return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode.getId(), accessCode.getCode()).
setAccessRequest(accessCode.getRealmRolesRequested(), accessCode.getResourceRolesRequested()).
diff --git a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
index 2d6268c..b8eb4db 100755
--- a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
@@ -26,6 +26,7 @@ import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.login.LoginForms;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
@@ -244,7 +245,7 @@ public class RequiredActionsService {
String redirect = uriInfo.getQueryParameters().getFirst("redirect_uri");
String clientId = uriInfo.getQueryParameters().getFirst("client_id");
- UserModel client = realm.getUser(clientId);
+ ClientModel client = realm.findClient(clientId);
if (client == null) {
return Flows.oauth(realm, request, uriInfo, authManager, tokenManager).forwardToSecurityFailure(
"Unknown login requester.");
diff --git a/services/src/main/java/org/keycloak/services/resources/SocialResource.java b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
index 1d0f0b5..eae0ba4 100755
--- a/services/src/main/java/org/keycloak/services/resources/SocialResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
@@ -24,6 +24,7 @@ package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.SocialLinkModel;
@@ -117,7 +118,7 @@ public class SocialResource {
String clientId = requestData.getClientAttributes().get("clientId");
- UserModel client = realm.getUser(clientId);
+ ClientModel client = realm.findClient(clientId);
if (client == null) {
return oauth.forwardToSecurityFailure("Unknown login requester.");
}
@@ -192,7 +193,7 @@ public class SocialResource {
SocialProviderConfig config = new SocialProviderConfig(key, secret, callbackUri);
- UserModel client = realm.getUser(clientId);
+ ClientModel client = realm.findClient(clientId);
if (client == null) {
logger.warn("Unknown login requester: " + clientId);
return Flows.forms(realm, request, uriInfo).setError("Unknown login requester.").createErrorPage();
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index ba6ce97..082c015 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -8,6 +8,7 @@ import org.keycloak.OAuthErrorException;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakTransaction;
@@ -137,7 +138,7 @@ public class TokenService {
throw new NotAcceptableException("HTTPS required");
}
- UserModel client = authorizeClient(authorizationHeader);
+ ClientModel client = authorizeClient(authorizationHeader);
String username = form.getFirst(AuthenticationManager.FORM_USERNAME);
@@ -176,7 +177,7 @@ public class TokenService {
throw new NotAcceptableException("HTTPS required");
}
- UserModel client = authorizeClient(authorizationHeader);
+ ClientModel client = authorizeClient(authorizationHeader);
String refreshToken = form.getFirst("refresh_token");
AccessToken accessToken = null;
try {
@@ -211,7 +212,7 @@ public class TokenService {
if (!realm.isEnabled()) {
return oauth.forwardToSecurityFailure("Realm not enabled.");
}
- UserModel client = realm.getUser(clientId);
+ ClientModel client = realm.findClient(clientId);
if (client == null) {
return oauth.forwardToSecurityFailure("Unknown login requester.");
}
@@ -282,7 +283,7 @@ public class TokenService {
logger.warn("Realm not enabled");
return oauth.forwardToSecurityFailure("Realm not enabled");
}
- UserModel client = realm.getUser(clientId);
+ ClientModel client = realm.findClient(clientId);
if (client == null) {
logger.warn("Unknown login requester.");
return oauth.forwardToSecurityFailure("Unknown login requester.");
@@ -355,7 +356,7 @@ public class TokenService {
throw new NotAuthorizedException("Realm not enabled");
}
- UserModel client = authorizeClient(authorizationHeader);
+ ClientModel client = authorizeClient(authorizationHeader);
String code = formData.getFirst("code");
if (code == null) {
@@ -403,7 +404,7 @@ public class TokenService {
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
- if (!client.getLoginName().equals(accessCode.getClient().getLoginName())) {
+ if (!client.getAgent().getLoginName().equals(accessCode.getClient().getAgent().getLoginName())) {
Map<String, String> res = new HashMap<String, String>();
res.put("error", "invalid_grant");
res.put("error_description", "Auth error");
@@ -419,7 +420,7 @@ public class TokenService {
return Cors.add(request, Response.ok(res)).allowedOrigins(client).allowedMethods("POST").build();
}
- protected UserModel authorizeClient(String authorizationHeader) {
+ protected ClientModel authorizeClient(String authorizationHeader) {
if (authorizationHeader == null) {
throw new NotAuthorizedException("No Authorization header to authenticate client", "Basic realm=\"" + realm.getName() + "\"");
}
@@ -431,7 +432,7 @@ public class TokenService {
String client_id = usernameSecret[0];
String clientSecret = usernameSecret[1];
- UserModel client = realm.getUser(client_id);
+ ClientModel client = realm.findClient(client_id);
if (client == null) {
Map<String, String> error = new HashMap<String, String>();
error.put("error", "invalid_client");
@@ -446,7 +447,7 @@ public class TokenService {
throw new BadRequestException("Client is not enabled", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
- if (!realm.validateSecret(client, clientSecret)) {
+ if (!realm.validateSecret(client.getAgent(), clientSecret)) {
Map<String, String> error = new HashMap<String, String>();
error.put("error", "unauthorized_client");
throw new BadRequestException("Unauthorized Client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
@@ -470,7 +471,7 @@ public class TokenService {
logger.warn("Realm not enabled");
return oauth.forwardToSecurityFailure("Realm not enabled");
}
- UserModel client = realm.getUser(clientId);
+ ClientModel client = realm.findClient(clientId);
if (client == null) {
logger.warn("Unknown login requester: " + clientId);
return oauth.forwardToSecurityFailure("Unknown login requester.");
@@ -488,8 +489,8 @@ public class TokenService {
logger.info("Checking roles...");
RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
- boolean isResource = realm.hasRole(client, resourceRole);
- if (!isResource && !realm.hasRole(client, identityRequestRole)) {
+ boolean isResource = realm.hasRole(client.getAgent(), resourceRole);
+ if (!isResource && !realm.hasRole(client.getAgent(), identityRequestRole)) {
logger.warn("Login requester not allowed to request login.");
return oauth.forwardToSecurityFailure("Login requester not allowed to request login.");
}
@@ -523,7 +524,7 @@ public class TokenService {
logger.warn("Realm not enabled");
return oauth.forwardToSecurityFailure("Realm not enabled");
}
- UserModel client = realm.getUser(clientId);
+ ClientModel client = realm.findClient(clientId);
if (client == null) {
logger.warn("Unknown login requester.");
return oauth.forwardToSecurityFailure("Unknown login requester.");
@@ -615,7 +616,7 @@ public class TokenService {
return location.build();
}
- public static String verifyRedirectUri(String redirectUri, UserModel client) {
+ public static String verifyRedirectUri(String redirectUri, ClientModel client) {
if (redirectUri == null) {
return client.getRedirectUris().size() == 1 ? client.getRedirectUris().iterator().next() : null;
} else if (client.getRedirectUris().isEmpty()) {
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
index 044d72f..95e9e9b 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
@@ -12,6 +12,7 @@ import org.junit.Rule;
import org.junit.Test;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
@@ -65,11 +66,11 @@ public class ProfileTest {
appRealm.updateCredential(user2, creds);
ApplicationModel app = appRealm.getApplicationNameMap().get("test-app");
- appRealm.addScopeMapping(app.getAgent(), accountApp.getRole(AccountRoles.VIEW_PROFILE));
+ appRealm.addScopeMapping(app, accountApp.getRole(AccountRoles.VIEW_PROFILE));
- app.getAgent().addWebOrigin("http://localtest.me:8081");
+ app.addWebOrigin("http://localtest.me:8081");
- UserModel thirdParty = appRealm.getUser("third-party");
+ ClientModel thirdParty = appRealm.findClient("third-party");
appRealm.addScopeMapping(thirdParty, accountApp.getRole(AccountRoles.VIEW_PROFILE));
}
});
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
index cf7765e..620ecad 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
@@ -82,8 +82,7 @@ public class AuthorizationCodeTest {
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
for (ApplicationModel app : appRealm.getApplications()) {
if (app.getName().equals("test-app")) {
- UserModel client = app.getAgent();
- client.addRedirectUri(oauth.getRedirectUri());
+ app.addRedirectUri(oauth.getRedirectUri());
}
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java
index 8e973c1..55f66fc 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java
@@ -48,7 +48,7 @@ public class OAuthRedirectUriTest {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
ApplicationModel app = appRealm.getApplicationNameMap().get("test-app");
- app.getAgent().addRedirectUri("http://localhost:8081/app");
+ app.addRedirectUri("http://localhost:8081/app");
}
});
@@ -81,7 +81,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
- appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app2");
+ appRealm.getApplicationNameMap().get("test-app").addRedirectUri("http://localhost:8081/app2");
}
});
@@ -95,7 +95,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
- appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app2");
+ appRealm.getApplicationNameMap().get("test-app").removeRedirectUri("http://localhost:8081/app2");
}
});
}
@@ -106,7 +106,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
- appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app");
+ appRealm.getApplicationNameMap().get("test-app").removeRedirectUri("http://localhost:8081/app");
}
});
@@ -120,7 +120,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
- appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app");
+ appRealm.getApplicationNameMap().get("test-app").addRedirectUri("http://localhost:8081/app");
}
});
}
@@ -131,7 +131,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
- appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app");
+ appRealm.getApplicationNameMap().get("test-app").removeRedirectUri("http://localhost:8081/app");
}
});
@@ -144,7 +144,7 @@ public class OAuthRedirectUriTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
- appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app");
+ appRealm.getApplicationNameMap().get("test-app").addRedirectUri("http://localhost:8081/app");
}
});
}
diff --git a/testsuite/performance/src/test/java/org/keycloak/testsuite/performance/ReadUsersWorker.java b/testsuite/performance/src/test/java/org/keycloak/testsuite/performance/ReadUsersWorker.java
index 737fc21..80c8b57 100755
--- a/testsuite/performance/src/test/java/org/keycloak/testsuite/performance/ReadUsersWorker.java
+++ b/testsuite/performance/src/test/java/org/keycloak/testsuite/performance/ReadUsersWorker.java
@@ -3,6 +3,7 @@ package org.keycloak.testsuite.performance;
import org.apache.jmeter.samplers.SampleResult;
import org.apache.jorphan.logging.LoggingManager;
import org.apache.log.Logger;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.SocialLinkModel;
@@ -95,7 +96,8 @@ public class ReadUsersWorker implements Worker {
// Read scopes of user in realm
if (readScopes) {
- realm.getScopeMappings(user);
+ ClientModel client = realm.findClient(username);
+ realm.getScopeMappings(client);
}
// Validate password (shoould be same as username)