keycloak-aplcache
Changes
dependencies/pom.xml 32(+32 -0)
dependencies/server-all/pom.xml 159(+159 -0)
dependencies/server-min/pom.xml 157(+157 -0)
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ApplicationAdapter.java 14(+14 -0)
model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationProviderEntity.java 256(+129 -127)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java 15(+15 -0)
model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/ClientUserSessionAssociationEntity.java 6(+4 -2)
model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UsernameLoginFailureEntity.java 14(+12 -2)
model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UserSessionEntity.java 14(+10 -4)
pom.xml 38(+1 -37)
project-integrations/aerogear-ups/auth-server/pom.xml 185(+12 -173)
project-integrations/aerogear-ups/auth-server/src/main/resources/META-INF/keycloak-server.json 15(+4 -11)
server/pom.xml 286(+2 -284)
testsuite/integration/pom.xml 277(+45 -232)
testsuite/integration/README.md 7(+4 -3)
testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java 2(+1 -1)
testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java 17(+15 -2)
testsuite/integration/src/test/java/org/keycloak/testsuite/exportimport/ExportImportTest.java 75(+49 -26)
testsuite/tools/pom.xml 285(+16 -269)
Details
diff --git a/audit/jpa/src/main/java/org/keycloak/audit/jpa/EventEntity.java b/audit/jpa/src/main/java/org/keycloak/audit/jpa/EventEntity.java
index 4593d2e..b22b576 100644
--- a/audit/jpa/src/main/java/org/keycloak/audit/jpa/EventEntity.java
+++ b/audit/jpa/src/main/java/org/keycloak/audit/jpa/EventEntity.java
@@ -3,34 +3,44 @@ package org.keycloak.audit.jpa;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
+import javax.persistence.Table;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
@Entity
+@Table(name="EVENT_ENTITY")
public class EventEntity {
@Id
- @Column(length = 36)
+ @Column(name="ID", length = 36)
private String id;
+ @Column(name="TIME")
private long time;
+ @Column(name="EVENT")
private String event;
+ @Column(name="REALM_ID")
private String realmId;
+ @Column(name="CLIENT_ID")
private String clientId;
+ @Column(name="USER_ID")
private String userId;
+ @Column(name="SESSION_ID")
private String sessionId;
+ @Column(name="IP_ADDRESS")
private String ipAddress;
+ @Column(name="ERROR")
private String error;
- @Column(length = 2550)
+ @Column(name="DETAILS_JSON", length = 2550)
private String detailsJson;
public String getId() {
diff --git a/connections/jpa/src/main/resources/META-INF/persistence.xml b/connections/jpa/src/main/resources/META-INF/persistence.xml
index 0581b71..7511ed2 100755
--- a/connections/jpa/src/main/resources/META-INF/persistence.xml
+++ b/connections/jpa/src/main/resources/META-INF/persistence.xml
@@ -28,5 +28,9 @@
<class>org.keycloak.audit.jpa.EventEntity</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes>
+
+ <properties>
+ <property name="jboss.as.jpa.managed" value="false"/>
+ </properties>
</persistence-unit>
</persistence>
diff --git a/core/src/main/java/org/keycloak/representations/AccessCode.java b/core/src/main/java/org/keycloak/representations/AccessCode.java
index 1ecebb2..9fe860e 100755
--- a/core/src/main/java/org/keycloak/representations/AccessCode.java
+++ b/core/src/main/java/org/keycloak/representations/AccessCode.java
@@ -1,6 +1,5 @@
package org.keycloak.representations;
-import java.util.HashSet;
import java.util.Set;
/**
@@ -10,15 +9,18 @@ import java.util.Set;
*/
public class AccessCode {
protected String id;
+ protected String clientId;
+ protected String userId;
protected String usernameUsed;
protected String state;
+ protected String sessionState;
protected String redirectUri;
protected boolean rememberMe;
protected String authMethod;
protected int timestamp;
protected int expiration;
- protected AccessToken accessToken;
protected Set<String> requiredActions;
+ protected Set<String> requestedRoles;
public String getId() {
return id;
@@ -28,6 +30,22 @@ public class AccessCode {
this.id = id;
}
+ public String getClientId() {
+ return clientId;
+ }
+
+ public void setClientId(String clientId) {
+ this.clientId = clientId;
+ }
+
+ public String getUserId() {
+ return userId;
+ }
+
+ public void setUserId(String userId) {
+ this.userId = userId;
+ }
+
public String getState() {
return state;
}
@@ -36,6 +54,14 @@ public class AccessCode {
this.state = state;
}
+ public String getSessionState() {
+ return sessionState;
+ }
+
+ public void setSessionState(String sessionState) {
+ this.sessionState = sessionState;
+ }
+
public String getRedirectUri() {
return redirectUri;
}
@@ -68,14 +94,6 @@ public class AccessCode {
this.expiration = expiration;
}
- public AccessToken getAccessToken() {
- return accessToken;
- }
-
- public void setAccessToken(AccessToken accessToken) {
- this.accessToken = accessToken;
- }
-
public int getTimestamp() {
return timestamp;
}
@@ -99,4 +117,12 @@ public class AccessCode {
public void setUsernameUsed(String usernameUsed) {
this.usernameUsed = usernameUsed;
}
+
+ public Set<String> getRequestedRoles() {
+ return requestedRoles;
+ }
+
+ public void setRequestedRoles(Set<String> requestedRoles) {
+ this.requestedRoles = requestedRoles;
+ }
}
dependencies/pom.xml 32(+32 -0)
diff --git a/dependencies/pom.xml b/dependencies/pom.xml
new file mode 100755
index 0000000..896eaa4
--- /dev/null
+++ b/dependencies/pom.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.0-beta-4-SNAPSHOT</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>keycloak-dependencies-parent</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak Dependencies Parent</name>
+ <description/>
+
+ <modules>
+ <module>server-min</module>
+ <module>server-all</module>
+ </modules>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
dependencies/server-all/pom.xml 159(+159 -0)
diff --git a/dependencies/server-all/pom.xml b/dependencies/server-all/pom.xml
new file mode 100755
index 0000000..6316ed9
--- /dev/null
+++ b/dependencies/server-all/pom.xml
@@ -0,0 +1,159 @@
+<?xml version="1.0"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.0-beta-4-SNAPSHOT</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>keycloak-dependencies-server-all</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak Dependencies Server All</name>
+ <description />
+
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-dependencies-server-min</artifactId>
+ <version>${project.version}</version>
+ <type>pom</type>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-connections-jpa</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-model-jpa</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-model-sessions-mem</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-model-sessions-jpa</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-model-sessions-mongo</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-audit-jpa</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-audit-jboss-logging</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-audit-email</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <!-- social -->
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-social-github</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-social-google</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-social-twitter</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.twitter4j</groupId>
+ <artifactId>twitter4j-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-social-facebook</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <!-- authentication api -->
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-authentication-picketlink</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-common</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-idm-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-idm-impl</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-idm-simple-schema</artifactId>
+ </dependency>
+
+ <!-- picketlink -->
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-picketlink-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-picketlink-realm</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <!-- mongo -->
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-connections-mongo</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-model-mongo</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-audit-mongo</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.mongodb</groupId>
+ <artifactId>mongo-java-driver</artifactId>
+ </dependency>
+
+ <!-- export/import -->
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-export-import-zip</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>de.idyl</groupId>
+ <artifactId>winzipaes</artifactId>
+ </dependency>
+ </dependencies>
+
+</project>
\ No newline at end of file
dependencies/server-min/pom.xml 157(+157 -0)
diff --git a/dependencies/server-min/pom.xml b/dependencies/server-min/pom.xml
new file mode 100755
index 0000000..5ae92c6
--- /dev/null
+++ b/dependencies/server-min/pom.xml
@@ -0,0 +1,157 @@
+<?xml version="1.0"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.0-beta-4-SNAPSHOT</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>keycloak-dependencies-server-min</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak Dependencies Server Min</name>
+ <description />
+
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>net.iharder</groupId>
+ <artifactId>base64</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core-jaxrs</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-services</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.google.zxing</groupId>
+ <artifactId>javase</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-model-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-invalidation-cache-model</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-audit-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-js-adapter</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <!-- social -->
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-social-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <!-- forms -->
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-forms-common-freemarker</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.freemarker</groupId>
+ <artifactId>freemarker</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-forms-common-themes</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-account-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-account-freemarker</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-email-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-email-freemarker</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-login-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-login-freemarker</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <!-- authentication api -->
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-authentication-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-authentication-model</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <!-- timer -->
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-timer-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-timer-basic</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <!-- export/import -->
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-export-import-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-export-import-dir</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-export-import-single-file</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ApplicationAdapter.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ApplicationAdapter.java
index 65480b5..58fecaf 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ApplicationAdapter.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ApplicationAdapter.java
@@ -185,6 +185,20 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
}
@Override
+ public boolean hasScope(RoleModel role) {
+ if (super.hasScope(role)) {
+ return true;
+ }
+ Set<RoleModel> roles = getRoles();
+ if (roles.contains(role)) return true;
+
+ for (RoleModel mapping : roles) {
+ if (mapping.hasRole(role)) return true;
+ }
+ return false;
+ }
+
+ @Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || !(o instanceof ApplicationModel)) return false;
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
index fda59ca..f83599c 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
@@ -167,6 +167,20 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
}
@Override
+ public boolean hasScope(RoleModel role) {
+ if (super.hasScope(role)) {
+ return true;
+ }
+ Set<RoleModel> roles = getRoles();
+ if (roles.contains(role)) return true;
+
+ for (RoleModel mapping : roles) {
+ if (mapping.hasRole(role)) return true;
+ }
+ return false;
+ }
+
+ @Override
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> roleMappings = client.getScopeMappings();
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
index 890a9b4..c34761f 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
@@ -4,6 +4,7 @@ import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
+import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.OneToMany;
import javax.persistence.Table;
@@ -33,7 +34,7 @@ public class ApplicationEntity extends ClientEntity {
Collection<RoleEntity> roles = new ArrayList<RoleEntity>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
- @JoinTable(name="APPLICATION_DEFAULT_ROLES")
+ @JoinTable(name="APPLICATION_DEFAULT_ROLES", joinColumns = { @JoinColumn(name="APPLICATION_ID")}, inverseJoinColumns = { @JoinColumn(name="ROLE_ID")})
Collection<RoleEntity> defaultRoles = new ArrayList<RoleEntity>();
public boolean isSurrogateAuthRequired() {
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationProviderEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationProviderEntity.java
index d8e3e61..89cfe49 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationProviderEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationProviderEntity.java
@@ -1,127 +1,129 @@
-package org.keycloak.models.jpa.entities;
-
-import javax.persistence.CollectionTable;
-import javax.persistence.Column;
-import javax.persistence.ElementCollection;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.Id;
-import javax.persistence.IdClass;
-import javax.persistence.JoinColumn;
-import javax.persistence.ManyToOne;
-import javax.persistence.MapKeyColumn;
-import javax.persistence.Table;
-import java.io.Serializable;
-import java.util.Map;
-
-/**
- * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
- */
-@Entity
-@Table(name="AUTH_PROVIDER")
-@IdClass(AuthenticationProviderEntity.Key.class)
-public class AuthenticationProviderEntity {
-
- @Id
- @ManyToOne(fetch = FetchType.LAZY)
- @JoinColumn(name = "REALM_ID")
- protected RealmEntity realm;
-
- @Id
- @Column(name="PROVIDER_NAME")
- private String providerName;
- @Column(name="PASSWORD_UPDATE_SUPPORTED")
- private boolean passwordUpdateSupported;
- @Column(name="PRIORITY")
- private int priority;
-
- @ElementCollection
- @MapKeyColumn(name="name")
- @Column(name="value")
- @CollectionTable(name="AUTH_PROVIDER_CONFIG")
- private Map<String, String> config;
-
- public RealmEntity getRealm() {
- return realm;
- }
-
- public void setRealm(RealmEntity realm) {
- this.realm = realm;
- }
-
- public String getProviderName() {
- return providerName;
- }
-
- public void setProviderName(String providerName) {
- this.providerName = providerName;
- }
-
- public boolean isPasswordUpdateSupported() {
- return passwordUpdateSupported;
- }
-
- public void setPasswordUpdateSupported(boolean passwordUpdateSupported) {
- this.passwordUpdateSupported = passwordUpdateSupported;
- }
-
- public int getPriority() {
- return priority;
- }
-
- public void setPriority(int priority) {
- this.priority = priority;
- }
-
- public Map<String, String> getConfig() {
- return config;
- }
-
- public void setConfig(Map<String, String> config) {
- this.config = config;
- }
-
- public static class Key implements Serializable {
-
- protected RealmEntity realm;
-
- protected String providerName;
-
- public Key() {
- }
-
- public Key(RealmEntity realm, String providerName) {
- this.realm = realm;
- this.providerName = providerName;
- }
-
- public RealmEntity getRealm() {
- return realm;
- }
-
- public String getProviderName() {
- return providerName;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
-
- Key key = (Key) o;
-
- if (providerName != null ? !providerName.equals(key.providerName) : key.providerName != null) return false;
- if (realm != null ? !realm.getId().equals(key.realm != null ? key.realm.getId() : null) : key.realm != null) return false;
-
- return true;
- }
-
- @Override
- public int hashCode() {
- int result = realm != null ? realm.getId().hashCode() : 0;
- result = 31 * result + (providerName != null ? providerName.hashCode() : 0);
- return result;
- }
- }
-
-}
+package org.keycloak.models.jpa.entities;
+
+import javax.persistence.CollectionTable;
+import javax.persistence.Column;
+import javax.persistence.ElementCollection;
+import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.Id;
+import javax.persistence.IdClass;
+import javax.persistence.JoinColumn;
+import javax.persistence.ManyToOne;
+import javax.persistence.MapKeyColumn;
+import javax.persistence.Table;
+import java.io.Serializable;
+import java.util.Map;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+@Entity
+@Table(name="AUTH_PROVIDER")
+@IdClass(AuthenticationProviderEntity.Key.class)
+public class AuthenticationProviderEntity {
+
+ @Id
+ @ManyToOne(fetch = FetchType.LAZY)
+ @JoinColumn(name = "REALM_ID")
+ protected RealmEntity realm;
+
+ @Id
+ @Column(name="PROVIDER_NAME")
+ private String providerName;
+ @Column(name="PASSWORD_UPDATE_SUPPORTED")
+ private boolean passwordUpdateSupported;
+ @Column(name="PRIORITY")
+ private int priority;
+
+ @ElementCollection
+ @MapKeyColumn(name="NAME")
+ @Column(name="VALUE")
+ @CollectionTable(name="AUTH_PROVIDER_CONFIG", joinColumns = {
+ @JoinColumn(name="REALM_ID", referencedColumnName = "REALM_ID"),
+ @JoinColumn(name="AUTH_PROVIDER_NAME", referencedColumnName = "PROVIDER_NAME")})
+ private Map<String, String> config;
+
+ public RealmEntity getRealm() {
+ return realm;
+ }
+
+ public void setRealm(RealmEntity realm) {
+ this.realm = realm;
+ }
+
+ public String getProviderName() {
+ return providerName;
+ }
+
+ public void setProviderName(String providerName) {
+ this.providerName = providerName;
+ }
+
+ public boolean isPasswordUpdateSupported() {
+ return passwordUpdateSupported;
+ }
+
+ public void setPasswordUpdateSupported(boolean passwordUpdateSupported) {
+ this.passwordUpdateSupported = passwordUpdateSupported;
+ }
+
+ public int getPriority() {
+ return priority;
+ }
+
+ public void setPriority(int priority) {
+ this.priority = priority;
+ }
+
+ public Map<String, String> getConfig() {
+ return config;
+ }
+
+ public void setConfig(Map<String, String> config) {
+ this.config = config;
+ }
+
+ public static class Key implements Serializable {
+
+ protected RealmEntity realm;
+
+ protected String providerName;
+
+ public Key() {
+ }
+
+ public Key(RealmEntity realm, String providerName) {
+ this.realm = realm;
+ this.providerName = providerName;
+ }
+
+ public RealmEntity getRealm() {
+ return realm;
+ }
+
+ public String getProviderName() {
+ return providerName;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ Key key = (Key) o;
+
+ if (providerName != null ? !providerName.equals(key.providerName) : key.providerName != null) return false;
+ if (realm != null ? !realm.getId().equals(key.realm != null ? key.realm.getId() : null) : key.realm != null) return false;
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ int result = realm != null ? realm.getId().hashCode() : 0;
+ result = 31 * result + (providerName != null ? providerName.hashCode() : 0);
+ return result;
+ }
+ }
+
+}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java
index 4ba21f0..2f8625b 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java
@@ -44,11 +44,13 @@ public abstract class ClientEntity {
protected RealmEntity realm;
@ElementCollection
- @CollectionTable(name = "WEB_ORIGINS")
+ @Column(name="VALUE")
+ @CollectionTable(name = "WEB_ORIGINS", joinColumns={ @JoinColumn(name="CLIENT_ID") })
protected Set<String> webOrigins = new HashSet<String>();
@ElementCollection
- @CollectionTable(name = "REDIRECT_URIS")
+ @Column(name="VALUE")
+ @CollectionTable(name = "REDIRECT_URIS", joinColumns={ @JoinColumn(name="CLIENT_ID") })
protected Set<String> redirectUris = new HashSet<String>();
public RealmEntity getRealm() {
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/CredentialEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/CredentialEntity.java
index 9b7864e..d67402e 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/CredentialEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/CredentialEntity.java
@@ -25,7 +25,7 @@ import java.io.Serializable;
@Entity
public class CredentialEntity {
@Id
- @Column(length = 36)
+ @Column(name="ID", length = 36)
protected String id;
@Column(name="TYPE")
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
index c81fc8d..b7af403 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
@@ -108,13 +108,11 @@ public class RealmEntity {
@Column(name="EMAIL_THEME")
protected String emailTheme;
- @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
- @JoinTable(name="USER_REQUIRED_CREDS")
+ @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
Collection<RequiredCredentialEntity> requiredCredentials = new ArrayList<RequiredCredentialEntity>();
- @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
- @JoinTable(name="AUTH_PROVIDERS")
+ @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
List<AuthenticationProviderEntity> authenticationProviders = new ArrayList<AuthenticationProviderEntity>();
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
@@ -122,31 +120,32 @@ public class RealmEntity {
List<FederationProviderEntity> federationProviders = new ArrayList<FederationProviderEntity>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
+ @JoinTable(name="REALM_APPLICATION", joinColumns={ @JoinColumn(name="APPLICATION_ID") }, inverseJoinColumns={ @JoinColumn(name="REALM_ID") })
Collection<ApplicationEntity> applications = new ArrayList<ApplicationEntity>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
Collection<RoleEntity> roles = new ArrayList<RoleEntity>();
@ElementCollection
- @MapKeyColumn(name="name")
- @Column(name="value")
- @CollectionTable(name="REALM_SMTP_CONFIG")
+ @MapKeyColumn(name="NAME")
+ @Column(name="VALUE")
+ @CollectionTable(name="REALM_SMTP_CONFIG", joinColumns={ @JoinColumn(name="REALM_ID") })
protected Map<String, String> smtpConfig = new HashMap<String, String>();
@ElementCollection
- @MapKeyColumn(name="name")
- @Column(name="value")
- @CollectionTable(name="REALM_SOCIAL_CONFIG")
+ @MapKeyColumn(name="NAME")
+ @Column(name="VALUE")
+ @CollectionTable(name="REALM_SOCIAL_CONFIG", joinColumns={ @JoinColumn(name="REALM_ID") })
protected Map<String, String> socialConfig = new HashMap<String, String>();
@ElementCollection
- @MapKeyColumn(name="name")
- @Column(name="value")
- @CollectionTable(name="REALM_LDAP_CONFIG")
+ @MapKeyColumn(name="NAME")
+ @Column(name="VALUE")
+ @CollectionTable(name="REALM_LDAP_CONFIG", joinColumns={ @JoinColumn(name="REALM_ID") })
protected Map<String, String> ldapServerConfig = new HashMap<String, String>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true)
- @JoinTable(name="REALM_DEFAULT_ROLES")
+ @JoinTable(name="REALM_DEFAULT_ROLES", joinColumns = { @JoinColumn(name="REALM_ID")}, inverseJoinColumns = { @JoinColumn(name="ROLE_ID")})
protected Collection<RoleEntity> defaultRoles = new ArrayList<RoleEntity>();
@Column(name="AUDIT_ENABLED")
@@ -155,7 +154,8 @@ public class RealmEntity {
protected long auditExpiration;
@ElementCollection
- @CollectionTable(name="REALM_AUDIT_LISTENERS")
+ @Column(name="VALUE")
+ @CollectionTable(name="REALM_AUDIT_LISTENERS", joinColumns={ @JoinColumn(name="REALM_ID") })
protected Set<String> auditListeners= new HashSet<String>();
@OneToOne
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java
index 86acf1e..31e139a 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java
@@ -42,7 +42,7 @@ import java.util.Set;
@NamedQuery(name="deleteUsersByRealm", query="delete from UserEntity u where u.realmId = :realmId")
})
@Entity
-@Table(name="USER", uniqueConstraints = {
+@Table(name="USER_ENTITY", uniqueConstraints = {
@UniqueConstraint(columnNames = { "REALM_ID", "USERNAME" }),
@UniqueConstraint(columnNames = { "REALM_ID", "EMAIL_CONSTRAINT" })
})
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserRequiredActionEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserRequiredActionEntity.java
index 2e1b21d..2d3ddbd 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserRequiredActionEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserRequiredActionEntity.java
@@ -2,6 +2,7 @@ package org.keycloak.models.jpa.entities;
import org.keycloak.models.UserModel;
+import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Id;
@@ -10,6 +11,8 @@ import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+
import java.io.Serializable;
/**
@@ -20,15 +23,17 @@ import java.io.Serializable;
@NamedQuery(name="deleteUserRequiredActionsByRealm", query="delete from UserRequiredActionEntity action where action.user IN (select u from UserEntity u where realm=:realm)")
})
@Entity
+@Table(name="USER_REQUIRED_ACTION")
@IdClass(UserRequiredActionEntity.Key.class)
public class UserRequiredActionEntity {
@Id
@ManyToOne(fetch= FetchType.LAZY)
- @JoinColumn(name="userId")
+ @JoinColumn(name="USER_ID")
protected UserEntity user;
@Id
+ @Column(name="ACTION")
protected UserModel.RequiredAction action;
public UserModel.RequiredAction getAction() {
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
index e7bb15c..2b6ef4c 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
@@ -161,6 +161,20 @@ public class ApplicationAdapter extends ClientAdapter<MongoApplicationEntity> im
}
@Override
+ public boolean hasScope(RoleModel role) {
+ if (super.hasScope(role)) {
+ return true;
+ }
+ Set<RoleModel> roles = getRoles();
+ if (roles.contains(role)) return true;
+
+ for (RoleModel mapping : roles) {
+ if (mapping.hasRole(role)) return true;
+ }
+ return false;
+ }
+
+ @Override
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> result = new HashSet<RoleModel>();
List<MongoRoleEntity> roles = MongoModelUtils.getAllScopesOfClient(client, invocationContext);
@@ -204,6 +218,7 @@ public class ApplicationAdapter extends ClientAdapter<MongoApplicationEntity> im
updateMongoEntity();
}
+
@Override
public boolean equals(Object o) {
if (this == o) return true;
diff --git a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/ClientUserSessionAssociationEntity.java b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/ClientUserSessionAssociationEntity.java
index 3675d50..99eb40e 100755
--- a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/ClientUserSessionAssociationEntity.java
+++ b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/ClientUserSessionAssociationEntity.java
@@ -5,6 +5,7 @@ import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.IdClass;
+import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
@@ -16,7 +17,7 @@ import java.io.Serializable;
* @version $Revision: 1 $
*/
@Entity
-@Table(name = "ClientUserSessionAscEntity")
+@Table(name = "CLIENT_USERSESSION")
@NamedQueries({
@NamedQuery(name = "removeClientUserSessionByRealm", query = "delete from ClientUserSessionAssociationEntity a where a.session IN (select s from UserSessionEntity s where s.realmId = :realmId)"),
@NamedQuery(name = "removeClientUserSessionByUser", query = "delete from ClientUserSessionAssociationEntity a where a.session IN (select s from UserSessionEntity s where s.realmId = :realmId and s.userId = :userId)"),
@@ -28,10 +29,11 @@ public class ClientUserSessionAssociationEntity {
@Id
@ManyToOne(fetch = FetchType.LAZY)
+ @JoinColumn(name = "SESSION_ID")
protected UserSessionEntity session;
@Id
- @Column(length = 36)
+ @Column(name="CLIENT_ID",length = 36)
protected String clientId;
public UserSessionEntity getSession() {
diff --git a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UsernameLoginFailureEntity.java b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UsernameLoginFailureEntity.java
index ed4d483..23dd52f 100755
--- a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UsernameLoginFailureEntity.java
+++ b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UsernameLoginFailureEntity.java
@@ -6,6 +6,8 @@ import javax.persistence.Id;
import javax.persistence.IdClass;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+
import java.io.Serializable;
/**
@@ -13,6 +15,7 @@ import java.io.Serializable;
* @version $Revision: 1 $
*/
@Entity
+@Table(name="USERNAME_LOGIN_FAILURE")
@NamedQueries({
@NamedQuery(name="getAllFailures", query="select failure from UsernameLoginFailureEntity failure"),
@NamedQuery(name = "removeLoginFailuresByRealm", query = "delete from UsernameLoginFailureEntity f where f.realmId = :realmId"),
@@ -22,16 +25,23 @@ import java.io.Serializable;
public class UsernameLoginFailureEntity {
@Id
- @Column(length = 200)
+ @Column(name="USERNAME",length = 200)
protected String username;
@Id
- @Column(length = 36)
+ @Column(name="REALM_ID",length = 36)
protected String realmId;
+ @Column(name="FAILED_LOGIN_NOT_BEFORE")
protected int failedLoginNotBefore;
+
+ @Column(name="NUM_FAILURES")
protected int numFailures;
+
+ @Column(name="LAST_FAILURE")
protected long lastFailure;
+
+ @Column(name="LAST_IP_FAILURE")
protected String lastIPFailure;
public String getUsername() {
diff --git a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UserSessionEntity.java b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UserSessionEntity.java
index 2cefb1c..3d03df1 100755
--- a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UserSessionEntity.java
+++ b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UserSessionEntity.java
@@ -1,16 +1,15 @@
package org.keycloak.models.sessions.jpa.entities;
-import org.hibernate.annotations.GenericGenerator;
-
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
+import javax.persistence.Table;
+
import java.util.ArrayList;
import java.util.Collection;
@@ -18,6 +17,7 @@ import java.util.Collection;
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
@Entity
+@Table(name = "USER_SESSION")
@NamedQueries({
@NamedQuery(name = "getUserSessionByUser", query = "select s from UserSessionEntity s where s.realmId = :realmId and s.userId = :userId order by s.started, s.id"),
@NamedQuery(name = "getUserSessionByClient", query = "select s from UserSessionEntity s join s.clients c where s.realmId = :realmId and c.clientId = :clientId order by s.started, s.id"),
@@ -29,16 +29,22 @@ import java.util.Collection;
public class UserSessionEntity {
@Id
- @Column(length = 36)
+ @Column(name="ID",length = 36)
protected String id;
+ @Column(name="USER_ID")
protected String userId;
+
+ @Column(name="REALM_ID")
protected String realmId;
+ @Column(name="IP_ADDRESS")
protected String ipAddress;
+ @Column(name="STARTED")
protected int started;
+ @Column(name="LAST_SESSION_REFRESH")
protected int lastSessionRefresh;
@OneToMany(fetch = FetchType.LAZY, cascade = CascadeType.REMOVE, orphanRemoval = true, mappedBy="session")
pom.xml 38(+1 -37)
diff --git a/pom.xml b/pom.xml
index 656f16e..65cf8bd 100755
--- a/pom.xml
+++ b/pom.xml
@@ -100,6 +100,7 @@
<module>core</module>
<module>core-jaxrs</module>
<module>connections</module>
+ <module>dependencies</module>
<module>model</module>
<module>integration</module>
<module>picketlink</module>
@@ -628,42 +629,5 @@
<module>distribution</module>
</modules>
</profile>
-
- <!-- MySQL -->
- <profile>
- <activation>
- <property>
- <name>hibernate.connection.driver_class</name>
- <value>com.mysql.jdbc.Driver</value>
- </property>
- </activation>
- <id>mysql</id>
- <dependencies>
- <dependency>
- <groupId>mysql</groupId>
- <artifactId>mysql-connector-java</artifactId>
- <version>${mysql.version}</version>
- </dependency>
- </dependencies>
- </profile>
-
- <!-- PostgreSQL -->
- <profile>
- <activation>
- <property>
- <name>hibernate.connection.driver_class</name>
- <value>org.postgresql.Driver</value>
- </property>
- </activation>
- <id>postgresql</id>
- <dependencies>
- <dependency>
- <groupId>org.postgresql</groupId>
- <artifactId>postgresql</artifactId>
- <version>${postgresql.version}</version>
- </dependency>
- </dependencies>
- </profile>
-
</profiles>
</project>
project-integrations/aerogear-ups/auth-server/pom.xml 185(+12 -173)
diff --git a/project-integrations/aerogear-ups/auth-server/pom.xml b/project-integrations/aerogear-ups/auth-server/pom.xml
index a689697..61a7d86 100755
--- a/project-integrations/aerogear-ups/auth-server/pom.xml
+++ b/project-integrations/aerogear-ups/auth-server/pom.xml
@@ -16,40 +16,27 @@
<dependencies>
<dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-core</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>net.iharder</groupId>
- <artifactId>base64</artifactId>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-core-jaxrs</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-services</artifactId>
+ <artifactId>keycloak-dependencies-server-min</artifactId>
<version>${project.version}</version>
+ <type>pom</type>
</dependency>
+
<dependency>
- <groupId>com.google.zxing</groupId>
- <artifactId>javase</artifactId>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-jaxrs</artifactId>
+ <version>${resteasy.version}</version>
+ <scope>provided</scope>
</dependency>
<dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-api</artifactId>
- <version>${project.version}</version>
+ <groupId>org.jboss.spec.javax.servlet</groupId>
+ <artifactId>jboss-servlet-api_3.0_spec</artifactId>
+ <scope>provided</scope>
</dependency>
+
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-invalidation-cache-model</artifactId>
+ <artifactId>keycloak-connections-jpa</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
@@ -67,154 +54,6 @@
<artifactId>keycloak-model-sessions-jpa</artifactId>
<version>${project.version}</version>
</dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-jpa</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-jboss-logging</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- social -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-core</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- forms -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-forms-common-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.freemarker</groupId>
- <artifactId>freemarker</artifactId>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-forms-common-themes</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-account-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-account-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-login-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-login-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-email-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-email-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-js-adapter</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- authentication api -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-authentication-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-authentication-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- timer -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-timer-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-timer-basic</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-dir</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-single-file</artifactId>
- <version>${project.version}</version>
- </dependency>
-
-
- <dependency>
- <groupId>org.jboss.spec.javax.servlet</groupId>
- <artifactId>jboss-servlet-api_3.0_spec</artifactId>
- <scope>provided</scope>
- </dependency>
- <!-- resteasy -->
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-jaxrs</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-multipart-provider</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>async-http-servlet-3.0</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>jaxrs-api</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-jackson-provider</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
-
-
</dependencies>
<build>
server/pom.xml 286(+2 -284)
diff --git a/server/pom.xml b/server/pom.xml
index 7ab2cbb..53ee2ef 100755
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -16,292 +16,10 @@
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-core</artifactId>
+ <artifactId>keycloak-dependencies-server-all</artifactId>
<version>${project.version}</version>
+ <type>pom</type>
</dependency>
- <dependency>
- <groupId>net.iharder</groupId>
- <artifactId>base64</artifactId>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-core-jaxrs</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-services</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>com.google.zxing</groupId>
- <artifactId>javase</artifactId>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-invalidation-cache-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-jpa</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-sessions-mem</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-sessions-jpa</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-sessions-mongo</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-jpa</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-jboss-logging</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-email</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- social -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-core</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-github</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-google</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-twitter</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.twitter4j</groupId>
- <artifactId>twitter4j-core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-facebook</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- forms -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-forms-common-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.freemarker</groupId>
- <artifactId>freemarker</artifactId>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-forms-common-themes</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-account-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-account-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-email-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-email-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-login-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-login-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-js-adapter</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- authentication api -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-authentication-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-authentication-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-authentication-picketlink</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-common</artifactId>
- </dependency>
- <dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-idm-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-idm-impl</artifactId>
- </dependency>
- <dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-idm-simple-schema</artifactId>
- </dependency>
-
- <!-- timer -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-timer-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-timer-basic</artifactId>
- <version>${project.version}</version>
- </dependency>
-
- <!-- picketlink -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-picketlink-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-picketlink-realm</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.spec.javax.servlet</groupId>
- <artifactId>jboss-servlet-api_3.0_spec</artifactId>
- <scope>provided</scope>
- </dependency>
- <!-- resteasy -->
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-jaxrs</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-multipart-provider</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>async-http-servlet-3.0</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>jaxrs-api</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-jackson-provider</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
-
- <!-- Mongo dependencies -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-mongo</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-mongo</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.mongodb</groupId>
- <artifactId>mongo-java-driver</artifactId>
- </dependency>
-
- <!-- export/import -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-dir</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-zip</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-single-file</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>de.idyl</groupId>
- <artifactId>winzipaes</artifactId>
- </dependency>
-
</dependencies>
<build>
diff --git a/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java b/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java
index 179e730..f5afe34 100755
--- a/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java
+++ b/services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java
@@ -1,9 +1,11 @@
package org.keycloak.services.managers;
+import org.keycloak.OAuthErrorException;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.RequiredAction;
import org.keycloak.representations.AccessCode;
@@ -33,29 +35,45 @@ public class AccessCodeEntry {
}
public UserModel getUser() {
- return keycloakSession.users().getUserById(accessCode.getAccessToken().getSubject(), realm);
+ return keycloakSession.users().getUserById(accessCode.getUserId(), realm);
}
public String getSessionState() {
- return accessCode.getAccessToken().getSessionState();
+ return accessCode.getSessionState();
+ }
+
+ public void setSessionState(String state) {
+ accessCode.setSessionState(state);
}
public boolean isExpired() {
return accessCode.getExpiration() != 0 && Time.currentTime() > accessCode.getExpiration();
}
- public AccessToken getToken() {
- return accessCode.getAccessToken();
+ public Set<RoleModel> getRequestedRoles() {
+ Set<RoleModel> requestedRoles = new HashSet<RoleModel>();
+ for (String roleId : accessCode.getRequestedRoles()) {
+ RoleModel role = realm.getRoleById(roleId);
+ if (role == null) {
+ new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid role " + roleId);
+ }
+ requestedRoles.add(realm.getRoleById(roleId));
+ }
+ return requestedRoles;
}
public ClientModel getClient() {
- return realm.findClient(accessCode.getAccessToken().getIssuedFor());
+ return realm.findClient(accessCode.getClientId());
}
public String getState() {
return accessCode.getState();
}
+ public void setState(String state) {
+ accessCode.setState(state);
+ }
+
public String getRedirectUri() {
return accessCode.getRedirectUri();
}
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index e8e1161..e5ba119 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -1,7 +1,6 @@
package org.keycloak.services.managers;
import org.jboss.logging.Logger;
-import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.keycloak.OAuthErrorException;
import org.keycloak.audit.Audit;
import org.keycloak.audit.Details;
@@ -24,12 +23,9 @@ import org.keycloak.representations.IDToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.util.Time;
-import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
import java.util.HashSet;
-import java.util.LinkedList;
-import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
@@ -80,21 +76,24 @@ public class TokenManager {
}
private AccessCodeEntry createAccessCodeEntry(String scopeParam, String state, String redirect, KeycloakSession keycloakSession, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session) {
- List<RoleModel> realmRolesRequested = new LinkedList<RoleModel>();
- MultivaluedMap<String, RoleModel> resourceRolesRequested = new MultivaluedMapImpl<String, RoleModel>();
-
- AccessToken token = createClientAccessToken(scopeParam, realm, client, user, session, realmRolesRequested, resourceRolesRequested);
- if (session != null) token.setSessionState(session.getId());
AccessCode code = new AccessCode();
code.setId(UUID.randomUUID().toString() + System.currentTimeMillis());
- code.setAccessToken(token);
+ code.setClientId(client.getClientId());
+ code.setUserId(user.getId());
code.setTimestamp(Time.currentTime());
code.setExpiration(Time.currentTime() + realm.getAccessCodeLifespan());
- code.setState(state);
+ code.setSessionState(session != null ? session.getId() : null);
code.setRedirectUri(redirect);
+ code.setState(state);
+
+ Set<String> requestedRoles = new HashSet<String>();
+ for (RoleModel r : getAccess(scopeParam, client, user)) {
+ requestedRoles.add(r.getId());
+ }
+ code.setRequestedRoles(requestedRoles);
+
AccessCodeEntry entry = new AccessCodeEntry(keycloakSession, realm, code);
return entry;
-
}
public AccessToken refreshAccessToken(KeycloakSession session, UriInfo uriInfo, RealmModel realm, ClientModel client, String encodedRefreshToken, Audit audit) throws OAuthErrorException {
@@ -142,44 +141,7 @@ public class TokenManager {
throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Stale refresh token");
}
- ApplicationModel clientApp = (client instanceof ApplicationModel) ? (ApplicationModel)client : null;
-
-
- if (refreshToken.getRealmAccess() != null) {
- for (String roleName : refreshToken.getRealmAccess().getRoles()) {
- RoleModel role = realm.getRole(roleName);
- if (role == null) {
- throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid realm role " + roleName);
- }
- if (!user.hasRole(role)) {
- throw new OAuthErrorException(OAuthErrorException.INVALID_SCOPE, "User no long has permission for realm role: " + roleName);
- }
- if (!client.hasScope(role)) {
- throw new OAuthErrorException(OAuthErrorException.INVALID_SCOPE, "Client no longer has realm scope: " + roleName);
- }
- }
- }
- if (refreshToken.getResourceAccess() != null) {
- for (Map.Entry<String, AccessToken.Access> entry : refreshToken.getResourceAccess().entrySet()) {
- ApplicationModel app = realm.getApplicationByName(entry.getKey());
- if (app == null) {
- throw new OAuthErrorException(OAuthErrorException.INVALID_SCOPE, "Application no longer exists", "Application no longer exists: " + app.getName());
- }
- for (String roleName : entry.getValue().getRoles()) {
- RoleModel role = app.getRole(roleName);
- if (role == null) {
- throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid refresh token", "Unknown application role: " + roleName);
- }
- if (!user.hasRole(role)) {
- throw new OAuthErrorException(OAuthErrorException.INVALID_SCOPE, "User no long has permission for application role " + roleName);
- }
- if (clientApp != null && !clientApp.equals(app) && !client.hasScope(role)) {
- throw new OAuthErrorException(OAuthErrorException.INVALID_SCOPE, "Client no longer has application scope" + roleName);
- }
- }
-
- }
- }
+ verifyAccess(refreshToken, realm, client, user);
AccessToken accessToken = initToken(realm, client, user, userSession);
accessToken.setRealmAccess(refreshToken.getRealmAccess());
@@ -193,54 +155,73 @@ public class TokenManager {
return accessToken;
}
- public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session) {
- return createClientAccessToken(scopeParam, realm, client, user, session, new LinkedList<RoleModel>(), new MultivaluedMapImpl<String, RoleModel>());
+ public AccessToken createClientAccessToken(Set<RoleModel> requestedRoles, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session) {
+ AccessToken token = initToken(realm, client, user, session);
+ for (RoleModel role : requestedRoles) {
+ addComposites(token, role);
+ }
+ return token;
}
- public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
+ public Set<RoleModel> getAccess(String scopeParam, ClientModel client, UserModel user) {
// todo scopeParam is ignored until we figure out a scheme that fits with openid connect
+ Set<RoleModel> requestedRoles = new HashSet<RoleModel>();
Set<RoleModel> roleMappings = user.getRoleMappings();
Set<RoleModel> scopeMappings = client.getScopeMappings();
- ApplicationModel clientApp = (client instanceof ApplicationModel) ? (ApplicationModel)client : null;
- Set<RoleModel> clientAppRoles = clientApp == null ? null : clientApp.getRoles();
- if (clientAppRoles != null) scopeMappings.addAll(clientAppRoles);
-
- Set<RoleModel> requestedRoles = new HashSet<RoleModel>();
+ if (client instanceof ApplicationModel) {
+ scopeMappings.addAll(((ApplicationModel) client).getRoles());
+ }
for (RoleModel role : roleMappings) {
- if (clientApp != null && role.getContainer().equals(clientApp)) requestedRoles.add(role);
for (RoleModel desiredRole : scopeMappings) {
Set<RoleModel> visited = new HashSet<RoleModel>();
applyScope(role, desiredRole, visited, requestedRoles);
}
}
- for (RoleModel role : requestedRoles) {
- if (role.getContainer() instanceof RealmModel) {
- realmRolesRequested.add(role);
- } else if (role.getContainer() instanceof ApplicationModel) {
- ApplicationModel app = (ApplicationModel)role.getContainer();
- resourceRolesRequested.add(app.getName(), role);
- }
- }
+ return requestedRoles;
+ }
+
+ public void verifyAccess(AccessToken token, RealmModel realm, ClientModel client, UserModel user) throws OAuthErrorException {
+ ApplicationModel clientApp = (client instanceof ApplicationModel) ? (ApplicationModel)client : null;
- AccessToken token = initToken(realm, client, user, session);
- if (realmRolesRequested.size() > 0) {
- for (RoleModel role : realmRolesRequested) {
- addComposites(token, role);
+ if (token.getRealmAccess() != null) {
+ for (String roleName : token.getRealmAccess().getRoles()) {
+ RoleModel role = realm.getRole(roleName);
+ if (role == null) {
+ throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid realm role " + roleName);
+ }
+ if (!user.hasRole(role)) {
+ throw new OAuthErrorException(OAuthErrorException.INVALID_SCOPE, "User no long has permission for realm role: " + roleName);
+ }
+ if (!client.hasScope(role)) {
+ throw new OAuthErrorException(OAuthErrorException.INVALID_SCOPE, "Client no longer has realm scope: " + roleName);
+ }
}
}
-
- if (resourceRolesRequested.size() > 0) {
- for (List<RoleModel> roles : resourceRolesRequested.values()) {
- for (RoleModel role : roles) {
- addComposites(token, role);
+ if (token.getResourceAccess() != null) {
+ for (Map.Entry<String, AccessToken.Access> entry : token.getResourceAccess().entrySet()) {
+ ApplicationModel app = realm.getApplicationByName(entry.getKey());
+ if (app == null) {
+ throw new OAuthErrorException(OAuthErrorException.INVALID_SCOPE, "Application no longer exists", "Application no longer exists: " + app.getName());
}
+ for (String roleName : entry.getValue().getRoles()) {
+ RoleModel role = app.getRole(roleName);
+ if (role == null) {
+ throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid refresh token", "Unknown application role: " + roleName);
+ }
+ if (!user.hasRole(role)) {
+ throw new OAuthErrorException(OAuthErrorException.INVALID_SCOPE, "User no long has permission for application role " + roleName);
+ }
+ if (clientApp != null && !clientApp.equals(app) && !client.hasScope(role)) {
+ throw new OAuthErrorException(OAuthErrorException.INVALID_SCOPE, "Client no longer has application scope" + roleName);
+ }
+ }
+
}
}
- return token;
}
public void initClaims(IDToken token, ClientModel model, UserModel user) {
@@ -363,7 +344,8 @@ public class TokenManager {
}
public AccessTokenResponseBuilder generateAccessToken(String scopeParam, ClientModel client, UserModel user, UserSessionModel session) {
- accessToken = createClientAccessToken(scopeParam, realm, client, user, session);
+ Set<RoleModel> requestedRoles = getAccess(scopeParam, client, user);
+ accessToken = createClientAccessToken(requestedRoles, realm, client, user, session);
return this;
}
diff --git a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
index c843fbe..06a0e1a 100755
--- a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
@@ -157,32 +157,22 @@ public class OAuthFlows {
if (!isResource) {
accessCode.resetExpiration();
- List<RoleModel> realmRolesRequested = new LinkedList<RoleModel>();
- MultivaluedMap<String, RoleModel> appRolesRequested = new MultivaluedMapImpl<String, RoleModel>();
- if (accessCode.getToken().getRealmAccess() != null) {
- if (accessCode.getToken().getRealmAccess().getRoles() != null) {
- for (String role : accessCode.getToken().getRealmAccess().getRoles()) {
- RoleModel roleModel = realm.getRole(role);
- if (roleModel != null) realmRolesRequested.add(roleModel);
- }
- }
- }
- if (accessCode.getToken().getResourceAccess().size() > 0) {
- for (Map.Entry<String, AccessToken.Access> entry : accessCode.getToken().getResourceAccess().entrySet()) {
- ApplicationModel app = realm.getApplicationByName(entry.getKey());
- if (app == null) continue;
- if (entry.getValue().getRoles() != null) {
- for (String role : entry.getValue().getRoles()) {
- RoleModel roleModel = app.getRole(role);
- if (roleModel != null) appRolesRequested.add(entry.getKey(), roleModel);
- }
-
- }
+
+ List<RoleModel> realmRoles = new LinkedList<RoleModel>();
+ MultivaluedMap<String, RoleModel> resourceRoles = new MultivaluedMapImpl<String, RoleModel>();
+ for (RoleModel r : accessCode.getRequestedRoles()) {
+ if (r.getContainer() instanceof RealmModel) {
+ realmRoles.add(r);
+ } else {
+ resourceRoles.add(((ApplicationModel) r.getContainer()).getName(), r);
}
}
- return Flows.forms(this.session, realm, uriInfo).setAccessCode(accessCode.getCode()).
- setAccessRequest(realmRolesRequested, appRolesRequested).
- setClient(client).createOAuthGrant();
+
+ return Flows.forms(this.session, realm, uriInfo)
+ .setAccessCode(accessCode.getCode())
+ .setAccessRequest(realmRoles, resourceRoles)
+ .setClient(client)
+ .createOAuthGrant();
}
if (redirect != null) {
diff --git a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
index 85eabf5..1a03dc5 100755
--- a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
@@ -227,7 +227,7 @@ public class RequiredActionsService {
// Password reset through email won't have an associated session
if (accessCode.getSessionState() == null) {
UserSessionModel userSession = session.sessions().createUserSession(realm, session.users().getUserById(accessCode.getUser().getId(), realm), clientConnection.getRemoteAddr());
- accessCode.getToken().setSessionState(userSession.getId());
+ accessCode.setSessionState(userSession.getId());
audit.session(userSession);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index dc7c937..ef32859 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -23,6 +23,7 @@ import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
+import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
@@ -641,14 +642,6 @@ public class TokenService {
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
- if (!accessCode.getToken().isActive()) {
- Map<String, String> res = new HashMap<String, String>();
- res.put(OAuth2Constants.ERROR, "invalid_grant");
- res.put(OAuth2Constants.ERROR_DESCRIPTION, "Token expired");
- audit.error(Errors.INVALID_CODE);
- return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
- .build();
- }
audit.user(accessCode.getUser());
audit.session(accessCode.getSessionState());
@@ -698,8 +691,20 @@ public class TokenService {
userSession.associateClient(client);
+ AccessToken token = tokenManager.createClientAccessToken(accessCode.getRequestedRoles(), realm, client, user, userSession);
+
+ try {
+ tokenManager.verifyAccess(token, realm, client, user);
+ } catch (OAuthErrorException e) {
+ Map<String, String> error = new HashMap<String, String>();
+ error.put(OAuth2Constants.ERROR, e.getError());
+ if (e.getDescription() != null) error.put(OAuth2Constants.ERROR_DESCRIPTION, e.getDescription());
+ audit.error(Errors.INVALID_CODE);
+ return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
+ }
+
AccessTokenResponse res = tokenManager.responseBuilder(realm, client, audit)
- .accessToken(accessCode.getToken())
+ .accessToken(token)
.generateIDToken()
.generateRefreshToken().build();
testsuite/integration/pom.xml 277(+45 -232)
diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml
index 05c0b7e..06ae32c 100755
--- a/testsuite/integration/pom.xml
+++ b/testsuite/integration/pom.xml
@@ -25,6 +25,13 @@
<dependencies>
<dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-dependencies-server-all</artifactId>
+ <version>${project.version}</version>
+ <type>pom</type>
+ </dependency>
+
+ <dependency>
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.0_spec</artifactId>
</dependency>
@@ -86,223 +93,15 @@
<artifactId>bcprov-jdk16</artifactId>
</dependency>
<dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-jpa</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-jboss-logging</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-email</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-core</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-core-jaxrs</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-services</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-connections-jpa</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-connections-mongo</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-jpa</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-sessions-mem</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-sessions-jpa</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-sessions-mongo</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-invalidation-cache-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-timer-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-timer-basic</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-js-adapter</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-undertow-adapter</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${keycloak.apache.httpcomponents.version}</version>
</dependency>
-
- <!--
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-picketlink</artifactId>
- <version>${project.version}</version>
- </dependency>
- -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-core</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-github</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-google</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-twitter</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.twitter4j</groupId>
- <artifactId>twitter4j-core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-facebook</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-forms-common-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.freemarker</groupId>
- <artifactId>freemarker</artifactId>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-forms-common-themes</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-email-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-email-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-account-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-account-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-login-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-login-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-authentication-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-authentication-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-picketlink-api</artifactId>
- <version>${project.version}</version>
- </dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-picketlink-realm</artifactId>
- <version>${project.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-dir</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-single-file</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-zip</artifactId>
+ <artifactId>keycloak-undertow-adapter</artifactId>
<version>${project.version}</version>
</dependency>
-
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
@@ -374,35 +173,12 @@
<artifactId>selenium-chrome-driver</artifactId>
</dependency>
- <!-- Mongo dependencies specified here and not in mongo profile, just to allow running tests from IDE -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-mongo</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-mongo</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.mongodb</groupId>
- <artifactId>mongo-java-driver</artifactId>
- </dependency>
-
- <!-- Encrypted ZIP -->
- <dependency>
- <groupId>de.idyl</groupId>
- <artifactId>winzipaes</artifactId>
- </dependency>
-
<!-- This adds couple of other dependencies (like picketlink) -->
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-model-tests</artifactId>
<version>${project.version}</version>
</dependency>
-
</dependencies>
<build>
<plugins>
@@ -560,5 +336,42 @@
</build>
</profile>
+
+ <!-- MySQL -->
+ <profile>
+ <activation>
+ <property>
+ <name>keycloak.connectionsJpa.driver</name>
+ <value>com.mysql.jdbc.Driver</value>
+ </property>
+ </activation>
+ <id>mysql</id>
+ <dependencies>
+ <dependency>
+ <groupId>mysql</groupId>
+ <artifactId>mysql-connector-java</artifactId>
+ <version>${mysql.version}</version>
+ </dependency>
+ </dependencies>
+ </profile>
+
+ <!-- PostgreSQL -->
+ <profile>
+ <activation>
+ <property>
+ <name>keycloak.connectionsJpa.driver</name>
+ <value>org.postgresql.Driver</value>
+ </property>
+ </activation>
+ <id>postgresql</id>
+ <dependencies>
+ <dependency>
+ <groupId>org.postgresql</groupId>
+ <artifactId>postgresql</artifactId>
+ <version>${postgresql.version}</version>
+ </dependency>
+ </dependencies>
+ </profile>
+
</profiles>
</project>
testsuite/integration/README.md 7(+4 -3)
diff --git a/testsuite/integration/README.md b/testsuite/integration/README.md
index a2033eb..564451f 100644
--- a/testsuite/integration/README.md
+++ b/testsuite/integration/README.md
@@ -11,7 +11,8 @@ To run the tests with Firefox add `-Dbrowser=firefox` or for Chrome add `-Dbrows
Mongo
-----
-The testsuite is executed with JPA model implementation with data saved in H2 database by default. To run testsuite with Mongo model, just add property `-Dkeycloak.model.provider=mongo` when executing it.
+The testsuite is executed with JPA model implementation with data saved in H2 database by default. To run testsuite with Mongo model, just add property `-Dkeycloak.realm.provider=mongo` when executing it.
+This single property will cause that mongo will be used for realm-model, user-model and audit.
Note that this will automatically run embedded Mongo database on localhost/27018 and it will stop it after whole testsuite is finished.
So you don't need to have Mongo installed on your laptop to run mongo execution tests.
@@ -52,11 +53,11 @@ For example to use the example themes run the server with:
To start a Keycloak server with identity model data persisted in Mongo database instead of default JPA/H2 you can run:
- mvn exec:java -Pkeycloak-server -Dkeycloak.model.provider=mongo
+ mvn exec:java -Pkeycloak-server -Dkeycloak.realm.provider=mongo -Dkeycloak.user.provider=mongo -Dkeycloak.audit.provider=mongo
By default it's using database `keycloak` on localhost/27017 and it uses already existing data from this DB (no cleanup of existing data during bootstrap). Assumption is that you already have DB running on localhost/27017 . Use system properties to configure things differently:
- mvn exec:java -Pkeycloak-server -Dkeycloak.model.provider=mongo -Dkeycloak.model.mongo.host=localhost -Dkeycloak.model.mongo.port=27017 -Dkeycloak.model.mongo.db=keycloak -Dkeycloak.model.mongo.clearOnStartup=false
+ mvn exec:java -Pkeycloak-server -Dkeycloak.realm.provider=mongo -Dkeycloak.user.provider=mongo -Dkeycloak.audit.provider=mongo -Dkeycloak.connectionsMongo.host=localhost -Dkeycloak.connectionsMongo.port=27017 -Dkeycloak.connectionsMongo.db=keycloak -Dkeycloak.connectionsMongo.clearOnStartup=false
Note that if you are using Mongo model, it would mean that Mongo will be used for audit as well. You may need to use audit related properties for configuration of Mongo if you want to override default ones (For example keycloak.audit.mongo.host, keycloak.audit.mongo.port etc)
diff --git a/testsuite/integration/src/main/resources/META-INF/keycloak-server.json b/testsuite/integration/src/main/resources/META-INF/keycloak-server.json
index fb18bfc..9c23dad 100755
--- a/testsuite/integration/src/main/resources/META-INF/keycloak-server.json
+++ b/testsuite/integration/src/main/resources/META-INF/keycloak-server.json
@@ -66,7 +66,9 @@
"driverDialect": "${keycloak.connectionsJpa.driverDialect:}",
"user": "${keycloak.connectionsJpa.user:sa}",
"password": "${keycloak.connectionsJpa.password:}",
- "databaseSchema": "${keycloak.connectionsJpa.databaseSchema:create-drop}"
+ "databaseSchema": "${keycloak.connectionsJpa.databaseSchema:create-drop}",
+ "showSql": "${keycloak.connectionsJpa.showSql:false}",
+ "formatSql": "${keycloak.connectionsJpa.formatSql:true}"
}
},
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
index f43d735..59bb24b 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
@@ -21,7 +21,7 @@
*/
package org.keycloak.testsuite.adapter;
-import org.jboss.resteasy.util.BasicAuthHelper;
+import org.keycloak.util.BasicAuthHelper;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
@@ -101,7 +101,7 @@ public class AdapterTest {
TokenManager tm = new TokenManager();
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, null);
- AccessToken token = tm.createClientAccessToken(null, adminRealm, adminConsole, admin, userSession);
+ AccessToken token = tm.createClientAccessToken(tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession);
return tm.encodeToken(adminRealm, token);
} finally {
keycloakRule.stopSession(session, true);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java
index f3da0af..7c155fb 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java
@@ -88,7 +88,7 @@ public class RelativeUriAdapterTest {
TokenManager tm = new TokenManager();
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, null);
- AccessToken token = tm.createClientAccessToken(null, adminRealm, adminConsole, admin, userSession);
+ AccessToken token = tm.createClientAccessToken(tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession);
adminToken = tm.encodeToken(adminRealm, token);
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java
index 416cc3d..54f85e2 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java
@@ -80,7 +80,7 @@ public class AdminAPITest {
TokenManager tm = new TokenManager();
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, null);
- AccessToken token = tm.createClientAccessToken(null, adminRealm, adminConsole, admin, userSession);
+ AccessToken token = tm.createClientAccessToken(tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession);
return tm.encodeToken(adminRealm, token);
} finally {
keycloakRule.stopSession(session, true);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
index af4967d..a255f46 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
@@ -184,6 +184,9 @@ public class CompositeRoleTest {
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
}
@@ -207,9 +210,10 @@ public class CompositeRoleTest {
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
- }
-
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
+ }
@Test
public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
@@ -232,6 +236,9 @@ public class CompositeRoleTest {
Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
}
@Test
@@ -254,6 +261,9 @@ public class CompositeRoleTest {
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
}
@Test
@@ -276,6 +286,9 @@ public class CompositeRoleTest {
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/exportimport/ExportImportTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/exportimport/ExportImportTest.java
index e0aa2be..c20eb76 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/exportimport/ExportImportTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/exportimport/ExportImportTest.java
@@ -1,17 +1,21 @@
package org.keycloak.testsuite.exportimport;
import java.io.File;
+import java.util.HashMap;
import java.util.HashSet;
+import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.regex.Matcher;
import org.junit.Assert;
import org.junit.ClassRule;
+import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.rules.ExternalResource;
import org.junit.rules.RuleChain;
import org.junit.rules.TestRule;
+import org.junit.runners.MethodSorters;
import org.keycloak.Config;
import org.keycloak.exportimport.ExportImportConfig;
import org.keycloak.exportimport.dir.DirExportProvider;
@@ -33,15 +37,20 @@ import org.keycloak.testsuite.rule.KeycloakRule;
*/
public class ExportImportTest {
+ private static SystemPropertiesHelper propsHelper = new SystemPropertiesHelper();
+
+ private static final String JPA_CONNECTION_URL = "keycloak.connectionsJpa.url";
+ private static final String JPA_DB_SCHEMA = "keycloak.connectionsJpa.databaseSchema";
+ private static final String MONGO_CLEAR_ON_STARTUP = "keycloak.connectionsMongo.clearOnStartup";
// We want data to be persisted among server restarts
- private static ExternalResource hibernateSetupRule = new ExternalResource() {
+ private static ExternalResource persistenceSetupRule = new ExternalResource() {
- private boolean setupDone = false;
+ private boolean connectionURLSet = false;
@Override
protected void before() throws Throwable {
- if (System.getProperty("keycloak.connectionsJpa.url") == null) {
+ if (System.getProperty(JPA_CONNECTION_URL) == null) {
String baseExportImportDir = getExportImportTestDirectory();
File oldDBFile = new File(baseExportImportDir, "keycloakDB.h2.db");
@@ -50,43 +59,33 @@ public class ExportImportTest {
}
String dbDir = baseExportImportDir + "/keycloakDB";
- System.setProperty("keycloak.connectionsJpa.url", "jdbc:h2:file:" + dbDir + ";DB_CLOSE_DELAY=-1");
- System.setProperty("keycloak.connectionsJpa.databaseSchema", "update");
- setupDone = true;
+ propsHelper.pushProperty(JPA_CONNECTION_URL, "jdbc:h2:file:" + dbDir + ";DB_CLOSE_DELAY=-1");
+ connectionURLSet = true;
}
+ propsHelper.pushProperty(JPA_DB_SCHEMA, "create");
}
@Override
protected void after() {
- if (setupDone) {
- Properties sysProps = System.getProperties();
- sysProps.remove("keycloak.connectionsJpa.url");
- sysProps.remove("keycloak.connectionsJpa.databaseSchema");
+ if (connectionURLSet) {
+ propsHelper.pullProperty(JPA_CONNECTION_URL);
}
}
};
- // We want data to be persisted among server restarts
- private static ExternalResource mongoRule = new ExternalResource() {
-
- private static final String MONGO_CLEAR_ON_STARTUP_PROP_NAME = "keycloak.connectionsMongo.clearOnStartup";
- private String previousMongoClearOnStartup;
+ private static ExternalResource outerPersistenceSetupRule = new ExternalResource() {
@Override
protected void before() throws Throwable {
- previousMongoClearOnStartup = System.getProperty(MONGO_CLEAR_ON_STARTUP_PROP_NAME);
- System.setProperty(MONGO_CLEAR_ON_STARTUP_PROP_NAME, "false");
+ System.setProperty(JPA_DB_SCHEMA, "update");
+ propsHelper.pushProperty(MONGO_CLEAR_ON_STARTUP, "false");
}
@Override
protected void after() {
- if (previousMongoClearOnStartup != null) {
- System.setProperty(MONGO_CLEAR_ON_STARTUP_PROP_NAME, previousMongoClearOnStartup);
- } else {
- System.getProperties().remove(MONGO_CLEAR_ON_STARTUP_PROP_NAME);
- }
+ propsHelper.pullProperty(JPA_DB_SCHEMA);
+ propsHelper.pullProperty(MONGO_CLEAR_ON_STARTUP);
}
-
};
private static KeycloakRule keycloakRule = new KeycloakRule( new KeycloakRule.KeycloakSetup() {
@@ -124,9 +123,9 @@ public class ExportImportTest {
@ClassRule
public static TestRule chain = RuleChain
- .outerRule(hibernateSetupRule)
- .around(mongoRule)
- .around(keycloakRule);
+ .outerRule(persistenceSetupRule)
+ .around(keycloakRule)
+ .around(outerPersistenceSetupRule);
@Test
public void testDirFullExportImport() throws Throwable {
@@ -357,4 +356,28 @@ public class ExportImportTest {
return absolutePath;
}
+ private static class SystemPropertiesHelper {
+
+ private Map<String,String> previousValues = new HashMap<String,String>();
+
+ private void pushProperty(String name, String value) {
+ String currentValue = System.getProperty(name);
+ if (currentValue != null) {
+ previousValues.put(name, currentValue);
+ }
+ System.setProperty(name, value);
+ }
+
+ private void pullProperty(String name) {
+ String prevValue = previousValues.get(name);
+
+ if (prevValue == null) {
+ System.getProperties().remove(name);
+ } else {
+ System.setProperty(name, prevValue);
+ }
+ }
+
+ }
+
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
index 1a4bf74..4d7c211 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
@@ -21,7 +21,6 @@
*/
package org.keycloak.testsuite;
-import net.iharder.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
@@ -32,21 +31,18 @@ import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
-import org.jboss.resteasy.security.PemUtils;
import org.json.JSONObject;
import org.junit.Assert;
import org.keycloak.OAuth2Constants;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
-import org.keycloak.audit.Details;
-import org.keycloak.audit.Event;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.representations.AccessToken;
-import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.RefreshToken;
import org.keycloak.services.resources.TokenService;
import org.keycloak.util.BasicAuthHelper;
+import org.keycloak.util.PemUtils;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java
index 149a638..6ff7436 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java
@@ -10,9 +10,9 @@ import org.keycloak.Config;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.Retry;
import org.keycloak.testutils.KeycloakServer;
@@ -22,7 +22,6 @@ import javax.servlet.Servlet;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.net.ConnectException;
import java.net.Socket;
/**
@@ -45,7 +44,9 @@ public abstract class AbstractKeycloakRule extends ExternalResource {
try {
RealmModel realmByName = session.realms().getRealmByName(realm);
UserModel user = session.users().getUserByUsername(name, realmByName);
- return user != null ? ModelToRepresentation.toRepresentation(user) : null;
+ UserRepresentation userRep = user != null ? ModelToRepresentation.toRepresentation(user) : null;
+ session.getTransaction().commit();
+ return userRep;
} finally {
session.close();
}
@@ -56,7 +57,9 @@ public abstract class AbstractKeycloakRule extends ExternalResource {
session.getTransaction().begin();
try {
RealmModel realmByName = session.realms().getRealmByName(realm);
- return ModelToRepresentation.toRepresentation(session.users().getUserById(id, realmByName));
+ UserRepresentation userRep = ModelToRepresentation.toRepresentation(session.users().getUserById(id, realmByName));
+ session.getTransaction().commit();
+ return userRep;
} finally {
session.close();
}
testsuite/tools/pom.xml 285(+16 -269)
diff --git a/testsuite/tools/pom.xml b/testsuite/tools/pom.xml
index d3b9867..aea718f 100755
--- a/testsuite/tools/pom.xml
+++ b/testsuite/tools/pom.xml
@@ -15,292 +15,39 @@
<description/>
<dependencies>
-
- <dependency>
- <groupId>com.icegreen</groupId>
- <artifactId>greenmail</artifactId>
- <exclusions>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
-
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-core</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>net.iharder</groupId>
- <artifactId>base64</artifactId>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-core-jaxrs</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-services</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>com.google.zxing</groupId>
- <artifactId>javase</artifactId>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-invalidation-cache-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-jpa</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-jpa</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-jboss-logging</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-email</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- social -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-core</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-github</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-google</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-twitter</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.twitter4j</groupId>
- <artifactId>twitter4j-core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-social-facebook</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- forms -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-forms-common-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.freemarker</groupId>
- <artifactId>freemarker</artifactId>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-forms-common-themes</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-account-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-account-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-email-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-email-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-login-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-login-freemarker</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-js-adapter</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- authentication api -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-authentication-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-authentication-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-authentication-picketlink</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-common</artifactId>
- </dependency>
- <dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-idm-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-idm-impl</artifactId>
- </dependency>
- <dependency>
- <groupId>org.picketlink</groupId>
- <artifactId>picketlink-idm-simple-schema</artifactId>
- </dependency>
-
- <!-- timer -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-timer-api</artifactId>
- <version>${project.version}</version>
- </dependency>
<dependency>
<groupId>org.keycloak</groupId>
- <artifactId>keycloak-timer-basic</artifactId>
+ <artifactId>keycloak-dependencies-server-all</artifactId>
<version>${project.version}</version>
+ <type>pom</type>
</dependency>
- <!-- picketlink -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-picketlink-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-picketlink-realm</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.spec.javax.servlet</groupId>
- <artifactId>jboss-servlet-api_3.0_spec</artifactId>
- <scope>provided</scope>
- </dependency>
- <!-- resteasy -->
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-jaxrs</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-multipart-provider</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>async-http-servlet-3.0</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>jaxrs-api</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
+ <version>${resteasy.version.latest}</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-jackson-provider</artifactId>
- <version>${resteasy.version}</version>
- <scope>provided</scope>
- </dependency>
-
- <!-- Mongo dependencies -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-model-mongo</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-audit-mongo</artifactId>
- <version>${project.version}</version>
+ <artifactId>resteasy-jaxrs</artifactId>
+ <version>${resteasy.version.latest}</version>
</dependency>
<dependency>
- <groupId>org.mongodb</groupId>
- <artifactId>mongo-java-driver</artifactId>
+ <groupId>org.jboss.spec.javax.servlet</groupId>
+ <artifactId>jboss-servlet-api_3.0_spec</artifactId>
+ <scope>provided</scope>
</dependency>
- <!-- export/import -->
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-dir</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-zip</artifactId>
- <version>${project.version}</version>
- </dependency>
<dependency>
- <groupId>org.keycloak</groupId>
- <artifactId>keycloak-export-import-single-file</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>de.idyl</groupId>
- <artifactId>winzipaes</artifactId>
+ <groupId>com.icegreen</groupId>
+ <artifactId>greenmail</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
-
</dependencies>
<build>
diff --git a/testsuite/tools/src/main/java/org/keycloak/test/tools/KeycloakTestApplication.java b/testsuite/tools/src/main/java/org/keycloak/test/tools/KeycloakTestApplication.java
index 7184978..a42c618 100644
--- a/testsuite/tools/src/main/java/org/keycloak/test/tools/KeycloakTestApplication.java
+++ b/testsuite/tools/src/main/java/org/keycloak/test/tools/KeycloakTestApplication.java
@@ -5,8 +5,6 @@ import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.services.resources.KeycloakApplication;
import javax.servlet.ServletContext;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
import javax.ws.rs.core.Application;
import javax.ws.rs.core.Context;
import java.util.HashSet;