keycloak-aplcache
Changes
examples/demo-template/testrealm.json 21(+3 -18)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java 17(+17 -0)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java 17(+17 -0)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java 10(+10 -0)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java 11(+11 -0)
Details
diff --git a/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
index 601bce5..695afef 100755
--- a/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
@@ -14,7 +14,7 @@ public class ApplicationRepresentation {
protected String baseUrl;
protected boolean surrogateAuthRequired;
protected boolean enabled;
- protected List<CredentialRepresentation> credentials;
+ protected String secret;
protected String[] defaultRoles;
protected List<String> redirectUris;
protected List<String> webOrigins;
@@ -68,21 +68,12 @@ public class ApplicationRepresentation {
this.baseUrl = baseUrl;
}
- public List<CredentialRepresentation> getCredentials() {
- return credentials;
+ public String getSecret() {
+ return secret;
}
- public void setCredentials(List<CredentialRepresentation> credentials) {
- this.credentials = credentials;
- }
-
- public ApplicationRepresentation credential(String type, String value) {
- if (this.credentials == null) credentials = new ArrayList<CredentialRepresentation>();
- CredentialRepresentation cred = new CredentialRepresentation();
- cred.setType(type);
- cred.setValue(value);
- credentials.add(cred);
- return this;
+ public void setSecret(String secret) {
+ this.secret = secret;
}
public List<String> getRedirectUris() {
diff --git a/core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java
index cfd33dd..cbe3fb8 100755
--- a/core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java
@@ -13,7 +13,7 @@ public class OAuthClientRepresentation {
protected List<String> redirectUris;
protected List<String> webOrigins;
protected boolean enabled;
- protected List<CredentialRepresentation> credentials;
+ protected String secret;
protected ClaimRepresentation claims;
public String getId() {
@@ -64,12 +64,12 @@ public class OAuthClientRepresentation {
this.webOrigins = webOrigins;
}
- public List<CredentialRepresentation> getCredentials() {
- return credentials;
+ public String getSecret() {
+ return secret;
}
- public void setCredentials(List<CredentialRepresentation> credentials) {
- this.credentials = credentials;
+ public void setSecret(String secret) {
+ this.secret = secret;
}
public ClaimRepresentation getClaims() {
examples/demo-template/testrealm.json 21(+3 -18)
diff --git a/examples/demo-template/testrealm.json b/examples/demo-template/testrealm.json
index 5bcd82b..05addb5 100755
--- a/examples/demo-template/testrealm.json
+++ b/examples/demo-template/testrealm.json
@@ -62,35 +62,20 @@
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
}
],
"oauthClients": [
{
"name": "third-party",
"enabled": true,
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
}
],
"applicationRoleMappings": {
diff --git a/model/api/src/main/java/org/keycloak/models/ClientModel.java b/model/api/src/main/java/org/keycloak/models/ClientModel.java
index 7efae1a..6a34b80 100755
--- a/model/api/src/main/java/org/keycloak/models/ClientModel.java
+++ b/model/api/src/main/java/org/keycloak/models/ClientModel.java
@@ -35,4 +35,8 @@ public interface ClientModel {
boolean isEnabled();
void setEnabled(boolean enabled);
+
+ boolean validateSecret(String secret);
+ String getSecret();
+ public void setSecret(String secret);
}
diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java
index 3f96f4f..faa240b 100755
--- a/model/api/src/main/java/org/keycloak/models/RealmModel.java
+++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java
@@ -185,15 +185,5 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
void setAccountTheme(String name);
- boolean validateSecret(UserModel user, String secret);
-
- /**
- * Secrets can be viewed. They are used by confidential Applications and OAuth clients
- *
- * @param user
- * @return
- */
- UserCredentialModel getSecret(UserModel user);
-
boolean hasScope(ClientModel client, RoleModel role);
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
index 1b9b86e..acdc592 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
@@ -5,6 +5,7 @@ import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.jpa.entities.*;
@@ -332,4 +333,20 @@ public class ApplicationAdapter implements ApplicationModel {
entity.getRedirectUris().remove(redirectUri);
}
+ @Override
+ public String getSecret() {
+ return entity.getSecret();
+ }
+
+ @Override
+ public void setSecret(String secret) {
+ entity.setSecret(secret);
+ }
+
+ @Override
+ public boolean validateSecret(String secret) {
+ return secret.equals(entity.getSecret());
+ }
+
+
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
index e5ab951..b34f224 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
@@ -34,6 +34,7 @@ public class ApplicationEntity {
private boolean surrogateAuthRequired;
private String baseUrl;
private String managementUrl;
+ private String secret;
private long allowedClaimsMask;
@OneToOne(fetch = FetchType.EAGER)
@@ -157,5 +158,11 @@ public class ApplicationEntity {
this.redirectUris = redirectUris;
}
+ public String getSecret() {
+ return secret;
+ }
+ public void setSecret(String secret) {
+ this.secret = secret;
+ }
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java
index eb38b86..1caa6e6 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/OAuthClientEntity.java
@@ -33,6 +33,7 @@ public class OAuthClientEntity {
private String id;
private String name;
+ private String secret;
private long allowedClaimsMask;
@ElementCollection
@@ -102,6 +103,11 @@ public class OAuthClientEntity {
this.redirectUris = redirectUris;
}
+ public String getSecret() {
+ return secret;
+ }
-
+ public void setSecret(String secret) {
+ this.secret = secret;
+ }
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java
index 4098ff0..6b7bc27 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java
@@ -95,6 +95,24 @@ public class OAuthClientAdapter implements OAuthClientModel {
entity.getRedirectUris().remove(redirectUri);
}
+ @Override
+ public String getSecret() {
+ return entity.getSecret();
+ }
+ @Override
+ public void setSecret(String secret) {
+ entity.setSecret(secret);
+ }
+
+
+
+ @Override
+ public boolean validateSecret(String secret) {
+ return secret.equals(entity.getSecret());
+ }
+
+
+
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index 0330586..1de67ed 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -1062,17 +1062,6 @@ public class RealmAdapter implements RealmModel {
}
@Override
- public UserCredentialModel getSecret(UserModel user) {
- for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) {
- if (cred.getType().equals(UserCredentialModel.SECRET)) {
- return UserCredentialModel.secret(cred.getValue());
- }
- }
- return null;
-
- }
-
- @Override
public boolean validatePassword(UserModel user, String password) {
for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) {
if (cred.getType().equals(UserCredentialModel.PASSWORD)) {
@@ -1083,18 +1072,6 @@ public class RealmAdapter implements RealmModel {
}
@Override
- public boolean validateSecret(UserModel user, String secret) {
- for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) {
- if (cred.getType().equals(UserCredentialModel.SECRET)) {
- return secret.equals(cred.getValue());
- }
- }
- return false;
- }
-
-
-
- @Override
public boolean validateTOTP(UserModel user, String password, String token) {
if (!validatePassword(user, password)) return false;
for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) {
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
index 4f17350..a07e135 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
@@ -301,4 +301,21 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo
getMongoStore().pullItemFromList(application, "redirectUris", redirectUri, invocationContext);
}
+ @Override
+ public String getSecret() {
+ return application.getSecret();
+ }
+
+ @Override
+ public void setSecret(String secret) {
+ application.setSecret(secret);
+ }
+
+
+ @Override
+ public boolean validateSecret(String secret) {
+ return secret.equals(application.getSecret());
+ }
+
+
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java
index 043249e..39fe21c 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java
@@ -122,4 +122,21 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo
getMongoStore().pullItemFromList(delegate, "redirectUris", redirectUri, invocationContext);
}
+ @Override
+ public String getSecret() {
+ return delegate.getSecret();
+ }
+
+ @Override
+ public void setSecret(String secret) {
+ delegate.setSecret(secret);
+ }
+
+
+ @Override
+ public boolean validateSecret(String secret) {
+ return secret.equals(delegate.getSecret());
+ }
+
+
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
index 9466bb3..2f85b0f 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
@@ -842,28 +842,6 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
return false;
}
- @Override
- public boolean validateSecret(UserModel user, String secret) {
- for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) {
- if (cred.getType().equals(UserCredentialModel.SECRET)) {
- return secret.equals(cred.getValue());
- }
- }
- return false;
- }
-
- @Override
- public UserCredentialModel getSecret(UserModel user) {
- for (CredentialEntity cred : ((UserAdapter)user).getUser().getCredentials()) {
- if (cred.getType().equals(UserCredentialModel.SECRET)) {
- return UserCredentialModel.secret(cred.getValue());
- }
- }
- return null;
-
- }
-
-
@Override
public void updateCredential(UserModel user, UserCredentialModel cred) {
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java
index c279934..e2bd360 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java
@@ -22,6 +22,7 @@ public class ApplicationEntity extends AbstractMongoIdentifiableEntity implement
private boolean surrogateAuthRequired;
private String managementUrl;
private String baseUrl;
+ private String secret;
private String resourceUserId;
private String realmId;
@@ -126,6 +127,15 @@ public class ApplicationEntity extends AbstractMongoIdentifiableEntity implement
}
@MongoField
+ public String getSecret() {
+ return secret;
+ }
+
+ public void setSecret(String secret) {
+ this.secret = secret;
+ }
+
+ @MongoField
public List<String> getDefaultRoles() {
return defaultRoles;
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java
index 11583e1..216688b 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java
@@ -18,6 +18,7 @@ public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implement
private String oauthAgentId;
private String realmId;
+ private String secret;
private long allowedClaimsMask;
private List<String> webOrigins;
private List<String> redirectUris;
@@ -50,6 +51,16 @@ public class OAuthClientEntity extends AbstractMongoIdentifiableEntity implement
}
@MongoField
+ public String getSecret() {
+ return secret;
+ }
+
+ public void setSecret(String secret) {
+ this.secret = secret;
+ }
+
+
+ @MongoField
public long getAllowedClaimsMask() {
return allowedClaimsMask;
}
diff --git a/model/tests/src/test/resources/testcomposites.json b/model/tests/src/test/resources/testcomposites.json
index c884a0f..d035fd5 100755
--- a/model/tests/src/test/resources/testcomposites.json
+++ b/model/tests/src/test/resources/testcomposites.json
@@ -65,10 +65,7 @@
{
"name" : "third-party",
"enabled": true,
- "credentials" : [
- { "type" : "secret",
- "value" : "password" }
- ]
+ "secret": "password"
}
],
"roleMappings": [
@@ -105,48 +102,28 @@
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "REALM_ROLE_1_APPLICATION",
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "APP_ROLE_APPLICATION",
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "APP_COMPOSITE_APPLICATION",
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
}
],
"roles" : {
diff --git a/model/tests/src/test/resources/testrealm.json b/model/tests/src/test/resources/testrealm.json
index caeea6c..44709b4 100755
--- a/model/tests/src/test/resources/testrealm.json
+++ b/model/tests/src/test/resources/testrealm.json
@@ -80,10 +80,7 @@
{
"name" : "oauthclient",
"enabled": true,
- "credentials" : [
- { "type" : "secret",
- "value" : "clientpassword" }
- ]
+ "secret": "clientpassword"
}
],
"roles" : {
diff --git a/model/tests/src/test/resources/testrealm-demo.json b/model/tests/src/test/resources/testrealm-demo.json
index b565740..90d348c 100755
--- a/model/tests/src/test/resources/testrealm-demo.json
+++ b/model/tests/src/test/resources/testrealm-demo.json
@@ -26,10 +26,7 @@
{
"name" : "third-party",
"enabled": true,
- "credentials" : [
- { "type" : "secret",
- "value" : "password" }
- ]
+ "secret": "password"
}
],
"roles" : {
@@ -62,23 +59,13 @@
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
- "credentials": [
- {
- "type": "secret",
- "value": "12345"
- }
- ]
+ "secret": "password"
},
{
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
- "credentials": [
- {
- "type": "secret",
- "value": "12345"
- }
- ]
+ "secret": "password"
}
]
}
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
index db10338..62a15d4 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
@@ -60,15 +60,9 @@ public class ApplicationManager {
applicationModel.updateApplication();
UserModel resourceUser = applicationModel.getAgent();
- if (resourceRep.getCredentials() != null && resourceRep.getCredentials().size() > 0) {
- for (CredentialRepresentation cred : resourceRep.getCredentials()) {
- UserCredentialModel credential = new UserCredentialModel();
- credential.setType(cred.getType());
- credential.setValue(cred.getValue());
- realm.updateCredential(resourceUser, credential);
- }
- } else {
- generateSecret(realm, applicationModel);
+ applicationModel.setSecret(resourceRep.getSecret());
+ if (applicationModel.getSecret() == null) {
+ generateSecret(applicationModel);
}
@@ -138,14 +132,14 @@ public class ApplicationManager {
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
ApplicationModel app = realm.addApplication(name);
realm.grantRole(app.getAgent(), loginRole);
- generateSecret(realm, app);
+ generateSecret(app);
return app;
}
- public UserCredentialModel generateSecret(RealmModel realm, ApplicationModel app) {
+ public UserCredentialModel generateSecret(ApplicationModel app) {
UserCredentialModel secret = UserCredentialModel.generateSecret();
- realm.updateCredential(app.getAgent(), secret);
+ app.setSecret(secret.getValue());
return secret;
}
@@ -252,7 +246,7 @@ public class ApplicationManager {
rep.setResource(applicationModel.getName());
Map<String, String> creds = new HashMap<String, String>();
- String cred = realmModel.getSecret(applicationModel.getAgent()).getValue();
+ String cred = applicationModel.getSecret();
creds.put(CredentialRepresentation.SECRET, cred);
rep.setCredentials(creds);
@@ -267,7 +261,7 @@ public class ApplicationManager {
buffer.append(" <auth-server-url>").append(baseUri.toString()).append("</auth-server-url>\n");
buffer.append(" <ssl-not-required>").append(realmModel.isSslNotRequired()).append("</ssl-not-required>\n");
buffer.append(" <resource>").append(applicationModel.getName()).append("</resource>\n");
- String cred = realmModel.getSecret(applicationModel.getAgent()).getValue();
+ String cred = applicationModel.getSecret();
buffer.append(" <credential name=\"secret\">").append(cred).append("</credential>\n");
buffer.append("</secure-deployment>\n");
return buffer.toString();
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index 94bf390..98a80d8 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -225,10 +225,6 @@ public class AuthenticationManager {
logger.warn("Secret not provided");
return AuthenticationStatus.MISSING_PASSWORD;
}
- if (!realm.validateSecret(user, secret)) {
- logger.debug("invalid secret for user: " + user.getLoginName());
- return AuthenticationStatus.INVALID_CREDENTIALS;
- }
if (!user.getRequiredActions().isEmpty()) {
return AuthenticationStatus.ACTIONS_REQUIRED;
} else {
diff --git a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
index cbdbf81..5246105 100755
--- a/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java
@@ -50,15 +50,7 @@ public class OAuthClientManager {
public OAuthClientModel create(OAuthClientRepresentation rep) {
OAuthClientModel model = create(rep.getName());
update(rep, model);
- UserModel resourceUser = model.getAgent();
- if (rep.getCredentials() != null) {
- for (CredentialRepresentation cred : rep.getCredentials()) {
- UserCredentialModel credential = new UserCredentialModel();
- credential.setType(cred.getType());
- credential.setValue(cred.getValue());
- realm.updateCredential(resourceUser, credential);
- }
- }
+ model.setSecret(rep.getSecret());
if (rep.getClaims() != null) {
ClaimManager.setClaims(model, rep.getClaims());
} else {
@@ -138,7 +130,7 @@ public class OAuthClientManager {
rep.setResource(model.getAgent().getLoginName());
Map<String, String> creds = new HashMap<String, String>();
- creds.put(CredentialRepresentation.SECRET, realmModel.getSecret(model.getAgent()).getValue());
+ creds.put(CredentialRepresentation.SECRET, model.getSecret());
rep.setCredentials(creds);
return rep;
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
index 0e28083..2477c40 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
@@ -125,7 +125,7 @@ public class ApplicationResource {
auth.requireManage();
logger.debug("regenerateSecret");
- UserCredentialModel cred = new ApplicationManager().generateSecret(realm, application);
+ UserCredentialModel cred = new ApplicationManager().generateSecret(application);
CredentialRepresentation rep = ModelToRepresentation.toRepresentation(cred);
return rep;
}
@@ -137,7 +137,7 @@ public class ApplicationResource {
auth.requireView();
logger.debug("getClientSecret");
- UserCredentialModel model = realm.getSecret(application.getAgent());
+ UserCredentialModel model = UserCredentialModel.secret(application.getSecret());
if (model == null) throw new NotFoundException("Application does not have a secret");
return ModelToRepresentation.toRepresentation(model);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java
index 5053860..cca12a0 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java
@@ -124,7 +124,7 @@ public class OAuthClientResource {
auth.requireView();
logger.debug("getClientSecret");
- UserCredentialModel model = realm.getSecret(oauthClient.getAgent());
+ UserCredentialModel model = UserCredentialModel.secret(oauthClient.getSecret());
if (model == null) throw new NotFoundException("Application does not have a secret");
return ModelToRepresentation.toRepresentation(model);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index 082c015..9a0e5e4 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -447,7 +447,7 @@ public class TokenService {
throw new BadRequestException("Client is not enabled", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
- if (!realm.validateSecret(client.getAgent(), clientSecret)) {
+ if (!client.validateSecret(clientSecret)) {
Map<String, String> error = new HashMap<String, String>();
error.put("error", "unauthorized_client");
throw new BadRequestException("Unauthorized Client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
index a8540ed..eebe3ee 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
@@ -86,21 +86,21 @@ public class CompositeRoleTest {
realmComposite1Application.addScope(realmComposite1);
realmComposite1Application.setBaseUrl("http://localhost:8081/app");
realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout");
- realm.updateCredential(realmComposite1Application.getAgent(), UserCredentialModel.secret("password"));
+ realmComposite1Application.setSecret("password");
final ApplicationModel realmRole1Application = new ApplicationManager(manager).createApplication(realm, "REALM_ROLE_1_APPLICATION");
realmRole1Application.setEnabled(true);
realmRole1Application.addScope(realmRole1);
realmRole1Application.setBaseUrl("http://localhost:8081/app");
realmRole1Application.setManagementUrl("http://localhost:8081/app/logout");
- realm.updateCredential(realmRole1Application.getAgent(), UserCredentialModel.secret("password"));
+ realmRole1Application.setSecret("password");
final ApplicationModel appRoleApplication = new ApplicationManager(manager).createApplication(realm, "APP_ROLE_APPLICATION");
appRoleApplication.setEnabled(true);
appRoleApplication.setBaseUrl("http://localhost:8081/app");
appRoleApplication.setManagementUrl("http://localhost:8081/app/logout");
- realm.updateCredential(appRoleApplication.getAgent(), UserCredentialModel.secret("password"));
+ appRoleApplication.setSecret("password");
final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1");
final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2");
@@ -121,7 +121,7 @@ public class CompositeRoleTest {
appCompositeApplication.setEnabled(true);
appCompositeApplication.setBaseUrl("http://localhost:8081/app");
appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout");
- realm.updateCredential(appCompositeApplication.getAgent(), UserCredentialModel.secret("password"));
+ appCompositeApplication.setSecret("password");
final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE");
appCompositeApplication.addScope(appRole2);
appCompositeRole.addCompositeRole(realmRole1);
diff --git a/testsuite/integration/src/test/resources/testcomposite.json b/testsuite/integration/src/test/resources/testcomposite.json
index e6753fb..61038ea 100755
--- a/testsuite/integration/src/test/resources/testcomposite.json
+++ b/testsuite/integration/src/test/resources/testcomposite.json
@@ -65,10 +65,7 @@
{
"name" : "third-party",
"enabled": true,
- "credentials" : [
- { "type" : "secret",
- "value" : "password" }
- ]
+ "secret": "password"
}
],
"roleMappings": [
@@ -105,48 +102,28 @@
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "REALM_ROLE_1_APPLICATION",
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "APP_ROLE_APPLICATION",
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
},
{
"name": "APP_COMPOSITE_APPLICATION",
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
}
],
"roles" : {
diff --git a/testsuite/integration/src/test/resources/testrealm.json b/testsuite/integration/src/test/resources/testrealm.json
index 59eefc8..ed504aa 100755
--- a/testsuite/integration/src/test/resources/testrealm.json
+++ b/testsuite/integration/src/test/resources/testrealm.json
@@ -32,10 +32,7 @@
{
"name" : "third-party",
"enabled": true,
- "credentials" : [
- { "type" : "secret",
- "value" : "password" }
- ]
+ "secret": "password"
}
],
"roleMappings": [
@@ -60,12 +57,7 @@
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
- "credentials": [
- {
- "type": "secret",
- "value": "password"
- }
- ]
+ "secret": "password"
}
],
"roles" : {