diff --git a/examples/as7-eap-demo/server/pom.xml b/examples/as7-eap-demo/server/pom.xml new file mode 100755 index 00000000000..3408aeaa76f --- /dev/null +++ b/examples/as7-eap-demo/server/pom.xml @@ -0,0 +1,111 @@ + + + + keycloak-parent + org.keycloak + 1.0-alpha-1 + ../../../pom.xml + + 4.0.0 + org.keycloak.example.as7.demo + keycloak-server + war + Keycloak Demo + + + + + org.jboss.resteasy + jose-jwt + provided + + + org.keycloak + keycloak-core + ${project.version} + + + org.keycloak + keycloak-services + ${project.version} + + + org.picketlink + picketlink-idm-api + + + org.picketlink + picketlink-idm-impl + + + org.picketlink + picketlink-idm-schema + + + org.picketlink + picketlink-config + + + org.jboss.resteasy + resteasy-jaxrs + provided + + + log4j + log4j + + + org.slf4j + slf4j-api + + + org.slf4j + slf4j-simple + + + + + org.jboss.resteasy + jaxrs-api + provided + + + com.h2database + h2 + 1.3.161 + + + junit + junit + 4.1 + test + + + + + auth-server + + + org.jboss.as.plugins + jboss-as-maven-plugin + 7.4.Final + + + org.apache.maven.plugins + maven-deploy-plugin + + true + + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.6 + 1.6 + + + + + diff --git a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java new file mode 100755 index 00000000000..90043ace2d7 --- /dev/null +++ b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java @@ -0,0 +1,97 @@ +package org.keycloak.example.demo; + +import org.jboss.resteasy.jwt.JsonSerialization; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.services.managers.RealmManager; +import org.keycloak.services.models.RealmModel; +import org.keycloak.services.models.RequiredCredentialModel; +import org.keycloak.services.models.relationships.RealmAdminRelationship; +import org.keycloak.services.models.relationships.RequiredCredentialRelationship; +import org.keycloak.services.models.relationships.ResourceRelationship; +import org.keycloak.services.models.relationships.ScopeRelationship; +import org.keycloak.services.resources.KeycloakApplication; +import org.keycloak.services.resources.RegistrationService; +import org.picketlink.idm.IdentitySession; +import org.picketlink.idm.IdentitySessionFactory; +import org.picketlink.idm.config.IdentityConfiguration; +import org.picketlink.idm.config.IdentityConfigurationBuilder; +import org.picketlink.idm.internal.DefaultIdentitySessionFactory; +import org.picketlink.idm.jpa.internal.ResourceLocalJpaIdentitySessionHandler; +import org.picketlink.idm.jpa.schema.CredentialObject; +import org.picketlink.idm.jpa.schema.CredentialObjectAttribute; +import org.picketlink.idm.jpa.schema.IdentityObject; +import org.picketlink.idm.jpa.schema.IdentityObjectAttribute; +import org.picketlink.idm.jpa.schema.PartitionObject; +import org.picketlink.idm.jpa.schema.RelationshipIdentityObject; +import org.picketlink.idm.jpa.schema.RelationshipObject; +import org.picketlink.idm.jpa.schema.RelationshipObjectAttribute; +import org.picketlink.idm.model.Realm; +import org.picketlink.idm.model.SimpleRole; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Application; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.HashSet; +import java.util.Set; +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class DemoApplication extends KeycloakApplication { + + public DemoApplication() { + super(); + IdentitySession session = factory.createIdentitySession(); + session.getTransaction().begin(); + RealmManager realmManager = new RealmManager(session); + if (realmManager.defaultRealm() == null) { + install(realmManager); + } + session.getTransaction().commit(); + } + + public void install(RealmManager manager) { + RealmModel defaultRealm = manager.createRealm(Realm.DEFAULT_REALM, Realm.DEFAULT_REALM); + defaultRealm.setName(Realm.DEFAULT_REALM); + defaultRealm.setEnabled(true); + defaultRealm.setTokenLifespan(300); + defaultRealm.setAccessCodeLifespan(60); + defaultRealm.setSslNotRequired(false); + defaultRealm.setCookieLoginAllowed(true); + defaultRealm.setRegistrationAllowed(true); + manager.generateRealmKeys(defaultRealm); + defaultRealm.updateRealm(); + defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD); + defaultRealm.getIdm().add(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE)); + + RealmRepresentation rep = loadJson("META-INF/testrealm.json"); + RealmModel realm = manager.createRealm("demo", rep.getRealm()); + manager.importRealm(rep, realm); + + } + + public static RealmRepresentation loadJson(String path) + { + InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path); + ByteArrayOutputStream os = new ByteArrayOutputStream(); + int c; + try { + while ( (c = is.read()) != -1) + { + os.write(c); + } + byte[] bytes = os.toByteArray(); + //System.out.println(new String(bytes)); + + return JsonSerialization.fromBytes(RealmRepresentation.class, bytes); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + + +} diff --git a/examples/as7-eap-demo/server/src/main/webapp/META-INF/persistence.xml b/examples/as7-eap-demo/server/src/main/webapp/META-INF/persistence.xml new file mode 100755 index 00000000000..32b1acaa716 --- /dev/null +++ b/examples/as7-eap-demo/server/src/main/webapp/META-INF/persistence.xml @@ -0,0 +1,29 @@ + + + org.hibernate.ejb.HibernatePersistence + + org.picketlink.idm.jpa.schema.IdentityObject + org.picketlink.idm.jpa.schema.PartitionObject + org.picketlink.idm.jpa.schema.RelationshipObject + org.picketlink.idm.jpa.schema.RelationshipIdentityObject + org.picketlink.idm.jpa.schema.RelationshipIdentityWeakObject + org.picketlink.idm.jpa.schema.RelationshipObjectAttribute + org.picketlink.idm.jpa.schema.IdentityObjectAttribute + org.picketlink.idm.jpa.schema.CredentialObject + org.picketlink.idm.jpa.schema.CredentialObjectAttribute + + + + + + + + + + + + + diff --git a/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json b/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json new file mode 100755 index 00000000000..40e0fd35b14 --- /dev/null +++ b/examples/as7-eap-demo/server/src/main/webapp/META-INF/testrealm.json @@ -0,0 +1,101 @@ +{ + "realm" : "demo", + "enabled" : true, + "tokenLifespan" : 6000, + "accessCodeLifespan" : 30, + "requiredCredentials" : [ + { + "type" : "Password", + "input" : true, + "secret" : true + } + ], + "users" : [ + { + "username" : "wburke", + "enabled" : true, + "attributes" : { + "email" : "bburke@redhat.com" + }, + "credentials" : [ + { "type" : "Password", + "value" : "userpassword" } + ] + }, + { + "username" : "loginclient", + "enabled" : true, + "credentials" : [ + { "type" : "Password", + "value" : "clientpassword" } + ] + }, + { + "username" : "admin", + "enabled" : true, + "credentials" : [ + { "type" : "Password", + "value" : "adminpassword" } + ] + }, + { + "username" : "oauthclient", + "enabled" : true, + "credentials" : [ + { "type" : "Password", + "value" : "clientpassword" } + ] + } + ], + "roleMappings" : [ + { + "username" : "admin", + "roles" : ["admin"] + } + ], + "scopeMappings" : [ + { + "username" : "loginclient", + "roles" : ["*"] + } + ], + "resources" : [ + { + "name" : "Application", + "roles" : ["admin", "user"], + "roleMappings" : [ + { + "username" : "wburke", + "roles" : ["user"] + }, + { + "username" : "admin", + "roles" : ["admin"] + } + ], + "scopeMappings" : [ + { + "username" : "oauthclient", + "roles" : ["user"] + } + ] + }, + { + "name" : "OtherApp", + "roles" : ["admin", "user"], + "roleMappings" : [ + { + "username" : "wburke", + "roles" : ["user"] + }, + { + "username" : "admin", + "roles" : ["admin"] + } + ] + } + + ] + + +} \ No newline at end of file diff --git a/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/jboss-deployment-structure.xml new file mode 100755 index 00000000000..e5511282612 --- /dev/null +++ b/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/jboss-deployment-structure.xml @@ -0,0 +1,13 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml b/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml new file mode 100755 index 00000000000..c6b4a523774 --- /dev/null +++ b/examples/as7-eap-demo/server/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,36 @@ + + + + Resteasy + org.jboss.resteasy.plugins.server.servlet.HttpServlet30Dispatcher + + javax.ws.rs.Application + org.keycloak.example.demo.DemoApplication + + + resteasy.servlet.mapping.prefix + /rest + + 1 + true + + + + Resteasy + /rest/* + + + + + diff --git a/examples/pom.xml b/examples/pom.xml new file mode 100755 index 00000000000..5e5a46fbd3e --- /dev/null +++ b/examples/pom.xml @@ -0,0 +1,20 @@ + + + keycloak-parent + org.keycloak + 1.0-alpha-1 + ../pom.xml + + Examples + + 4.0.0 + + org.keycloak + examples-pom + pom + + + as7-eap-demo/server + + diff --git a/pom.xml b/pom.xml index 6ba8fd23c4f..d01a72c6a32 100755 --- a/pom.xml +++ b/pom.xml @@ -55,6 +55,7 @@ core services integration + examples @@ -69,16 +70,6 @@ bcmail-jdk16 1.46 - - org.infinispan - infinispan-core - 5.1.6.FINAL - - - org.infinispan - infinispan-tree - 5.1.6.FINAL - org.jboss.resteasy jaxrs-api @@ -145,6 +136,11 @@ tjws ${resteasy.version} + + org.picketlink + picketlink-common + 2.5.0-SNAPSHOT + org.picketlink picketlink-idm-api @@ -165,6 +161,11 @@ picketlink-config 2.5.0-SNAPSHOT + + org.jboss.logging + jboss-logging + 3.1.1.GA + junit junit diff --git a/services/pom.xml b/services/pom.xml index 5daecdd8c9c..87fa920dd3b 100755 --- a/services/pom.xml +++ b/services/pom.xml @@ -19,25 +19,35 @@ ${project.version} provided + + org.jboss.logging + jboss-logging + provided + org.picketlink picketlink-idm-api + provided + + + org.picketlink + picketlink-common + provided org.picketlink picketlink-idm-impl + provided org.picketlink picketlink-idm-schema + provided org.picketlink picketlink-config - - - org.infinispan - infinispan-core + provided org.jboss.resteasy diff --git a/services/src/main/java/org/keycloak/services/filters/IdentitySessionFilter.java b/services/src/main/java/org/keycloak/services/filters/IdentitySessionFilter.java index dbe8461af8c..294ab9af58d 100755 --- a/services/src/main/java/org/keycloak/services/filters/IdentitySessionFilter.java +++ b/services/src/main/java/org/keycloak/services/filters/IdentitySessionFilter.java @@ -1,5 +1,6 @@ package org.keycloak.services.filters; +import org.jboss.resteasy.logging.Logger; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.picketlink.idm.IdentitySession; import org.picketlink.idm.IdentitySessionFactory; @@ -17,6 +18,7 @@ import java.io.IOException; */ @PreMatching public class IdentitySessionFilter implements ContainerRequestFilter, ContainerResponseFilter { + protected static final Logger logger = Logger.getLogger(IdentitySessionFilter.class); protected IdentitySessionFactory factory; public IdentitySessionFilter(IdentitySessionFactory factory) { diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index e77e1c66a4f..8126764b24b 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -5,7 +5,6 @@ import org.keycloak.RSATokenVerifier; import org.keycloak.VerificationException; import org.keycloak.representations.SkeletonKeyToken; import org.keycloak.representations.idm.RequiredCredentialRepresentation; -import org.keycloak.services.models.RealmManager; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; import org.picketlink.idm.credential.Credentials; diff --git a/services/src/main/java/org/keycloak/services/managers/InstallationManager.java b/services/src/main/java/org/keycloak/services/managers/InstallationManager.java index 61545475a8f..0cb0efcaf36 100755 --- a/services/src/main/java/org/keycloak/services/managers/InstallationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/InstallationManager.java @@ -1,6 +1,5 @@ package org.keycloak.services.managers; -import org.keycloak.services.models.RealmManager; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; import org.keycloak.services.resources.RegistrationService; diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java new file mode 100755 index 00000000000..f1828f72d2c --- /dev/null +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -0,0 +1,295 @@ +package org.keycloak.services.managers; + +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.representations.idm.RequiredCredentialRepresentation; +import org.keycloak.representations.idm.ResourceRepresentation; +import org.keycloak.representations.idm.RoleMappingRepresentation; +import org.keycloak.representations.idm.ScopeMappingRepresentation; +import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.services.managers.AuthenticationManager; +import org.keycloak.services.models.RealmModel; +import org.keycloak.services.models.RequiredCredentialModel; +import org.keycloak.services.models.ResourceModel; +import org.keycloak.services.models.UserCredentialModel; +import org.keycloak.services.resources.RegistrationService; +import org.picketlink.idm.IdentityManager; +import org.picketlink.idm.IdentitySession; +import org.picketlink.idm.model.Attribute; +import org.picketlink.idm.model.Realm; +import org.picketlink.idm.model.Role; +import org.picketlink.idm.model.SimpleAgent; +import org.picketlink.idm.model.SimpleRole; +import org.picketlink.idm.model.SimpleUser; +import org.picketlink.idm.model.User; + +import javax.ws.rs.NotAuthorizedException; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.util.HashMap; +import java.util.Map; +import java.util.concurrent.atomic.AtomicLong; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class RealmManager { + private static AtomicLong counter = new AtomicLong(1); + + public static String generateId() { + return counter.getAndIncrement() + "-" + System.currentTimeMillis(); + } + + protected IdentitySession identitySession; + + public RealmManager(IdentitySession IdentitySession) { + this.identitySession = IdentitySession; + } + + public RealmModel defaultRealm() { + return getRealm(Realm.DEFAULT_REALM); + } + + public RealmModel getRealm(String id) { + Realm existing = identitySession.findRealm(id); + if (existing == null) { + return null; + } + return new RealmModel(existing, identitySession); + } + + public RealmModel createRealm(String name) { + return createRealm(generateId(), name); + } + + public RealmModel createRealm(String id, String name) { + Realm newRealm = identitySession.createRealm(id); + IdentityManager idm = identitySession.createIdentityManager(newRealm); + SimpleAgent agent = new SimpleAgent(RealmModel.REALM_AGENT_ID); + idm.add(agent); + RealmModel realm = new RealmModel(newRealm, identitySession); + return realm; + } + + public void generateRealmKeys(RealmModel realm) { + KeyPair keyPair = null; + try { + keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + realm.setPrivateKey(keyPair.getPrivate()); + realm.setPublicKey(keyPair.getPublic()); + realm.updateRealm(); + } + + public RealmModel importRealm(RealmRepresentation rep, User realmCreator) { + verifyRealmRepresentation(rep); + RealmModel realm = createRealm(rep.getRealm()); + importRealm(rep, realm); + realm.addRealmAdmin(realmCreator); + realm.updateRealm(); + return realm; + } + + + public void importRealm(RealmRepresentation rep, RealmModel newRealm) { + generateRealmKeys(newRealm); + newRealm.setName(rep.getRealm()); + newRealm.setEnabled(rep.isEnabled()); + newRealm.setTokenLifespan(rep.getTokenLifespan()); + newRealm.setAccessCodeLifespan(rep.getAccessCodeLifespan()); + newRealm.setSslNotRequired(rep.isSslNotRequired()); + newRealm.setCookieLoginAllowed(rep.isCookieLoginAllowed()); + newRealm.updateRealm(); + + + Map userMap = new HashMap(); + + for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) { + RequiredCredentialModel credential = new RequiredCredentialModel(); + credential.setType(requiredCred.getType()); + credential.setInput(requiredCred.isInput()); + credential.setSecret(requiredCred.isSecret()); + newRealm.addRequiredCredential(credential); + } + + for (UserRepresentation userRep : rep.getUsers()) { + User user = new SimpleUser(userRep.getUsername()); + user.setEnabled(userRep.isEnabled()); + if (userRep.getAttributes() != null) { + for (Map.Entry entry : userRep.getAttributes().entrySet()) { + user.setAttribute(new Attribute(entry.getKey(), entry.getValue())); + } + } + newRealm.getIdm().add(user); + if (userRep.getCredentials() != null) { + for (UserRepresentation.Credential cred : userRep.getCredentials()) { + UserCredentialModel credential = new UserCredentialModel(); + credential.setType(cred.getType()); + credential.setValue(cred.getValue()); + newRealm.updateCredential(user, credential); + } + } + userMap.put(user.getLoginName(), user); + } + + Map roles = new HashMap(); + + if (rep.getRoles() != null) { + for (String roleString : rep.getRoles()) { + SimpleRole role = new SimpleRole(roleString.trim()); + newRealm.getIdm().add(role); + roles.put(role.getName(), role); + } + } + + if (rep.getRoleMappings() != null) { + for (RoleMappingRepresentation mapping : rep.getRoleMappings()) { + User user = userMap.get(mapping.getUsername()); + for (String roleString : mapping.getRoles()) { + Role role = roles.get(roleString.trim()); + if (role == null) { + role = new SimpleRole(roleString.trim()); + newRealm.getIdm().add(role); + roles.put(role.getName(), role); + } + newRealm.getIdm().grantRole(user, role); + } + } + } + + if (rep.getScopeMappings() != null) { + for (ScopeMappingRepresentation scope : rep.getScopeMappings()) { + for (String roleString : scope.getRoles()) { + Role role = roles.get(roleString.trim()); + if (role == null) { + role = new SimpleRole(roleString.trim()); + newRealm.getIdm().add(role); + roles.put(role.getName(), role); + } + User user = userMap.get(scope.getUsername()); + newRealm.addScope(user, role.getName()); + } + + } + } + + if (!roles.containsKey("*")) { + SimpleRole wildcard = new SimpleRole("*"); + newRealm.getIdm().add(wildcard); + roles.put("*", wildcard); + } + + if (rep.getResources() != null) { + createResources(rep, newRealm, userMap); + } + } + + protected void createResources(RealmRepresentation rep, RealmModel realm, Map userMap) { + for (ResourceRepresentation resourceRep : rep.getResources()) { + ResourceModel resource = realm.addResource(resourceRep.getName()); + resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired()); + resource.updateResource(); + Map roles = new HashMap(); + if (resourceRep.getRoles() != null) { + for (String roleString : resourceRep.getRoles()) { + SimpleRole role = new SimpleRole(roleString.trim()); + resource.getIdm().add(role); + roles.put(role.getName(), role); + } + } + if (resourceRep.getRoleMappings() != null) { + for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) { + User user = userMap.get(mapping.getUsername()); + for (String roleString : mapping.getRoles()) { + Role role = roles.get(roleString.trim()); + if (role == null) { + role = new SimpleRole(roleString.trim()); + resource.getIdm().add(role); + roles.put(role.getName(), role); + } + Role role1 = resource.getIdm().getRole(role.getName()); + realm.getIdm().grantRole(user, role1); + } + } + } + if (resourceRep.getScopeMappings() != null) { + for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) { + User user = userMap.get(mapping.getUsername()); + for (String roleString : mapping.getRoles()) { + Role role = roles.get(roleString.trim()); + if (role == null) { + role = new SimpleRole(roleString.trim()); + resource.getIdm().add(role); + roles.put(role.getName(), role); + } + resource.addScope(user, role.getName()); + } + } + } + if (!roles.containsKey("*")) { + SimpleRole wildcard = new SimpleRole("*"); + resource.getIdm().add(wildcard); + roles.put("*", wildcard); + } + + } + } + + protected void verifyRealmRepresentation(RealmRepresentation rep) { + if (rep.getRequiredCredentials() == null) { + throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST) + .entity("Realm credential requirements not defined").type("text/plain").build()); + + } + + HashMap userReps = new HashMap(); + for (UserRepresentation userRep : rep.getUsers()) userReps.put(userRep.getUsername(), userRep); + + // override enabled to false if user does not have at least all of browser or client credentials + for (UserRepresentation userRep : rep.getUsers()) { + if (userRep.getCredentials() == null) { + userRep.setEnabled(false); + } else { + boolean hasBrowserCredentials = true; + for (RequiredCredentialRepresentation credential : rep.getRequiredCredentials()) { + boolean hasCredential = false; + for (UserRepresentation.Credential cred : userRep.getCredentials()) { + if (cred.getType().equals(credential.getType())) { + hasCredential = true; + break; + } + } + if (!hasCredential) { + hasBrowserCredentials = false; + break; + } + } + if (!hasBrowserCredentials) { + userRep.setEnabled(false); + } + + } + } + + if (rep.getResources() != null) { + // check mappings + for (ResourceRepresentation resourceRep : rep.getResources()) { + if (resourceRep.getRoleMappings() != null) { + for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) { + if (!userReps.containsKey(mapping.getUsername())) { + throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST) + .entity("No users declared for role mapping").type("text/plain").build()); + + } + } + } + } + } + } + +} diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java index dc54604c593..c580db79d0d 100755 --- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java +++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java @@ -5,7 +5,6 @@ import org.jboss.resteasy.jose.jws.JWSBuilder; import org.jboss.resteasy.jwt.JsonSerialization; import org.keycloak.representations.SkeletonKeyScope; import org.keycloak.representations.SkeletonKeyToken; -import org.keycloak.services.models.RealmManager; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.ResourceModel; import org.picketlink.idm.model.User; @@ -94,7 +93,7 @@ public class TokenManager { } public SkeletonKeyToken createLoginToken(RealmModel realm, User client, User user) { - Set mapping = realm.getScope(client); + Set mapping = realm.getScopes(client); if (!mapping.contains("*")) { throw new ForbiddenException(Response.status(403).entity("

Security Alert

Known client not authorized to request a user login.

").type("text/html").build()); } diff --git a/services/src/main/java/org/keycloak/services/models/RealmManager.java b/services/src/main/java/org/keycloak/services/models/RealmManager.java deleted file mode 100755 index 77a75b3cc3c..00000000000 --- a/services/src/main/java/org/keycloak/services/models/RealmManager.java +++ /dev/null @@ -1,66 +0,0 @@ -package org.keycloak.services.models; - -import org.picketlink.idm.IdentityManager; -import org.picketlink.idm.IdentitySession; -import org.picketlink.idm.model.Realm; -import org.picketlink.idm.model.SimpleAgent; - -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; -import java.util.concurrent.atomic.AtomicLong; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class RealmManager { - private static AtomicLong counter = new AtomicLong(1); - - public static String generateId() { - return counter.getAndIncrement() + "-" + System.currentTimeMillis(); - } - - protected IdentitySession identitySession; - - public RealmManager(IdentitySession IdentitySession) { - this.identitySession = IdentitySession; - } - - public RealmModel defaultRealm() { - return getRealm(Realm.DEFAULT_REALM); - } - - public RealmModel getRealm(String id) { - Realm existing = identitySession.findRealm(id); - if (existing == null) { - return null; - } - return new RealmModel(existing, identitySession); - } - - public RealmModel createRealm(String name) { - return createRealm(generateId(), name); - } - - public RealmModel createRealm(String id, String name) { - Realm newRealm = identitySession.createRealm(id); - IdentityManager idm = identitySession.createIdentityManager(newRealm); - SimpleAgent agent = new SimpleAgent(RealmModel.REALM_AGENT_ID); - idm.add(agent); - RealmModel realm = new RealmModel(newRealm, identitySession); - return realm; - } - - public void generateRealmKeys(RealmModel realm) { - KeyPair keyPair = null; - try { - keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } - realm.setPrivateKey(keyPair.getPrivate()); - realm.setPublicKey(keyPair.getPublic()); - realm.updateRealm(); - } -} diff --git a/services/src/main/java/org/keycloak/services/models/RealmModel.java b/services/src/main/java/org/keycloak/services/models/RealmModel.java index 0cdf45ca017..ec69d1d1595 100755 --- a/services/src/main/java/org/keycloak/services/models/RealmModel.java +++ b/services/src/main/java/org/keycloak/services/models/RealmModel.java @@ -3,6 +3,7 @@ package org.keycloak.services.models; import org.bouncycastle.openssl.PEMWriter; import org.jboss.resteasy.security.PemUtils; import org.keycloak.representations.idm.RequiredCredentialRepresentation; +import org.keycloak.services.managers.RealmManager; import org.keycloak.services.models.relationships.RealmAdminRelationship; import org.keycloak.services.models.relationships.ResourceRelationship; import org.keycloak.services.models.relationships.RequiredCredentialRelationship; @@ -314,11 +315,12 @@ public class RealmModel { ScopeRelationship scope = new ScopeRelationship(); scope.setClient(agent); scope.setScope(role); + idm.add(scope); } - public Set getScope(Agent agent) { + public Set getScopes(Agent agent) { RelationshipQuery query = getIdm().createRelationshipQuery(ScopeRelationship.class); query.setParameter(ScopeRelationship.CLIENT, agent); List scope = query.getResultList(); diff --git a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java index 79b9f47470b..fdf172d3cbb 100755 --- a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java +++ b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java @@ -54,7 +54,7 @@ public class KeycloakApplication extends Application { factory.close(); } - public static IdentitySessionFactory createFactory() { + public IdentitySessionFactory createFactory() { ResourceLocalJpaIdentitySessionHandler handler = new ResourceLocalJpaIdentitySessionHandler("keycloak-identity-store"); IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder(); diff --git a/services/src/main/java/org/keycloak/services/resources/RealmSubResource.java b/services/src/main/java/org/keycloak/services/resources/RealmSubResource.java index 8e33a5ad13f..7b82cebdeec 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmSubResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmSubResource.java @@ -45,22 +45,10 @@ public class RealmSubResource { public String getRealmHtml(@PathParam("realm") String id) { StringBuffer html = new StringBuffer(); - UriBuilder auth = uriInfo.getBaseUriBuilder(); - auth.path(TokenService.class) - .path(TokenService.class, "requestAccessCode"); - String authUri = auth.build(realm.getId()).toString(); - - UriBuilder code = uriInfo.getBaseUriBuilder(); - code.path(TokenService.class).path(TokenService.class, "accessRequest"); - String codeUri = code.build(realm.getId()).toString(); - - UriBuilder grant = uriInfo.getBaseUriBuilder(); - grant.path(TokenService.class).path(TokenService.class, "accessTokenGrant"); - String grantUrl = grant.build(realm.getId()).toString(); - - UriBuilder idGrant = uriInfo.getBaseUriBuilder(); - grant.path(TokenService.class).path(TokenService.class, "identityTokenGrant"); - String idGrantUrl = idGrant.build(realm.getId()).toString(); + String authUri = TokenService.loginPage(uriInfo).build(realm.getId()).toString(); + String codeUri = TokenService.accessCodeRequest(uriInfo).build(realm.getId()).toString(); + String grantUrl = TokenService.grantRequest(uriInfo).build(realm.getId()).toString(); + String idGrantUrl = TokenService.identityGrantRequest(uriInfo).build(realm.getId()).toString(); html.append("

Realm: ").append(realm.getName()).append("

"); html.append("

auth: ").append(authUri).append("

"); diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index cf7576d431f..ca9eb6adef0 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -2,33 +2,23 @@ package org.keycloak.services.resources; import org.jboss.resteasy.logging.Logger; import org.keycloak.representations.idm.RealmRepresentation; -import org.keycloak.representations.idm.RequiredCredentialRepresentation; -import org.keycloak.representations.idm.ResourceRepresentation; -import org.keycloak.representations.idm.RoleMappingRepresentation; -import org.keycloak.representations.idm.ScopeMappingRepresentation; -import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.TokenManager; -import org.keycloak.services.models.RealmManager; +import org.keycloak.services.managers.RealmManager; import org.keycloak.services.models.RealmModel; -import org.keycloak.services.models.RequiredCredentialModel; -import org.keycloak.services.models.ResourceModel; -import org.keycloak.services.models.UserCredentialModel; import org.picketlink.idm.IdentitySession; -import org.picketlink.idm.model.Attribute; import org.picketlink.idm.model.Realm; import org.picketlink.idm.model.Role; -import org.picketlink.idm.model.SimpleRole; -import org.picketlink.idm.model.SimpleUser; import org.picketlink.idm.model.User; import javax.ws.rs.Consumes; +import javax.ws.rs.GET; import javax.ws.rs.NotAuthorizedException; import javax.ws.rs.NotFoundException; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.PathParam; -import javax.ws.rs.WebApplicationException; +import javax.ws.rs.Produces; import javax.ws.rs.container.ResourceContext; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; @@ -36,8 +26,6 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; -import java.util.HashMap; -import java.util.Map; /** * @author Bill Burke @@ -67,6 +55,7 @@ public class RealmsResource { @Path("{realm}/tokens") public TokenService getTokenService(@PathParam("realm") String id) { + logger.info("**** HERE token service****"); RealmManager realmManager = new RealmManager(identitySession); RealmModel realm = realmManager.getRealm(id); if (realm == null) { @@ -82,6 +71,7 @@ public class RealmsResource { @Path("{realm}") public RealmSubResource getRealmResource(@PathParam("realm") String id) { + logger.info("**** HERE @Path {realm} ****"); RealmManager realmManager = new RealmManager(identitySession); RealmModel realm = realmManager.getRealm(id); if (realm == null) { @@ -101,7 +91,15 @@ public class RealmsResource { identitySession.getTransaction().begin(); RealmModel realm; try { - realm = createRealm(rep); + RealmManager realmManager = new RealmManager(identitySession); + RealmModel defaultRealm = realmManager.getRealm(Realm.DEFAULT_REALM); + User realmCreator = new AuthenticationManager().authenticateToken(defaultRealm, headers); + Role creatorRole = defaultRealm.getIdm().getRole(RegistrationService.REALM_CREATOR_ROLE); + if (!defaultRealm.getIdm().hasRole(realmCreator, creatorRole)) { + logger.warn("not a realm creator"); + throw new NotAuthorizedException("Bearer"); + } + realm = realmManager.importRealm(rep, realmCreator); identitySession.getTransaction().commit(); } catch (RuntimeException re) { identitySession.getTransaction().rollback(); @@ -112,214 +110,4 @@ public class RealmsResource { .entity(RealmSubResource.realmRep(realm, uriInfo)) .type(MediaType.APPLICATION_JSON_TYPE).build(); } - - protected RealmModel createRealm(RealmRepresentation rep) { - RealmManager realmManager = new RealmManager(identitySession); - RealmModel defaultRealm = realmManager.getRealm(Realm.DEFAULT_REALM); - User realmCreator = new AuthenticationManager().authenticateToken(defaultRealm, headers); - Role creatorRole = defaultRealm.getIdm().getRole(RegistrationService.REALM_CREATOR_ROLE); - if (!defaultRealm.getIdm().hasRole(realmCreator, creatorRole)) { - logger.warn("not a realm creator"); - throw new NotAuthorizedException("Bearer"); - } - verifyRealmRepresentation(rep); - - RealmModel realm = realmManager.createRealm(rep.getRealm()); - realmManager.generateRealmKeys(realm); - realm.addRealmAdmin(realmCreator); - realm.setName(rep.getRealm()); - realm.setEnabled(rep.isEnabled()); - realm.setTokenLifespan(rep.getTokenLifespan()); - realm.setAccessCodeLifespan(rep.getAccessCodeLifespan()); - realm.setSslNotRequired(rep.isSslNotRequired()); - realm.setCookieLoginAllowed(rep.isCookieLoginAllowed()); - realm.updateRealm(); - - - Map userMap = new HashMap(); - - for (RequiredCredentialRepresentation requiredCred : rep.getRequiredCredentials()) { - RequiredCredentialModel credential = new RequiredCredentialModel(); - credential.setType(requiredCred.getType()); - credential.setInput(requiredCred.isInput()); - credential.setSecret(requiredCred.isSecret()); - realm.addRequiredCredential(credential); - } - - for (UserRepresentation userRep : rep.getUsers()) { - User user = new SimpleUser(userRep.getUsername()); - user.setEnabled(userRep.isEnabled()); - if (userRep.getAttributes() != null) { - for (Map.Entry entry : userRep.getAttributes().entrySet()) { - user.setAttribute(new Attribute(entry.getKey(), entry.getValue())); - } - } - realm.getIdm().add(user); - if (userRep.getCredentials() != null) { - for (UserRepresentation.Credential cred : userRep.getCredentials()) { - UserCredentialModel credential = new UserCredentialModel(); - credential.setType(cred.getType()); - credential.setValue(cred.getValue()); - realm.updateCredential(user, credential); - } - } - userMap.put(user.getLoginName(), user); - } - - Map roles = new HashMap(); - - if (rep.getRoles() != null) { - for (String roleString : rep.getRoles()) { - SimpleRole role = new SimpleRole(roleString.trim()); - realm.getIdm().add(role); - roles.put(role.getName(), role); - } - } - - if (rep.getRoleMappings() != null) { - for (RoleMappingRepresentation mapping : rep.getRoleMappings()) { - User user = userMap.get(mapping.getUsername()); - for (String roleString : mapping.getRoles()) { - Role role = roles.get(roleString.trim()); - if (role == null) { - role = new SimpleRole(roleString.trim()); - realm.getIdm().add(role); - roles.put(role.getName(), role); - } - realm.getIdm().grantRole(user, role); - } - } - } - - if (rep.getScopeMappings() != null) { - for (ScopeMappingRepresentation scope : rep.getScopeMappings()) { - for (String roleString : scope.getRoles()) { - Role role = roles.get(roleString.trim()); - if (role == null) { - role = new SimpleRole(roleString.trim()); - realm.getIdm().add(role); - roles.put(role.getName(), role); - } - User user = userMap.get(scope.getUsername()); - realm.addScope(user, role.getName()); - } - - } - } - - if (!roles.containsKey("*")) { - SimpleRole wildcard = new SimpleRole("*"); - realm.getIdm().add(wildcard); - roles.put("*", wildcard); - } - - if (rep.getResources() != null) { - createResources(rep, realm, userMap); - } - return realm; - } - - protected void createResources(RealmRepresentation rep, RealmModel realm, Map userMap) { - for (ResourceRepresentation resourceRep : rep.getResources()) { - ResourceModel resource = realm.addResource(resourceRep.getName()); - resource.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired()); - resource.updateResource(); - Map roles = new HashMap(); - if (resourceRep.getRoles() != null) { - for (String roleString : resourceRep.getRoles()) { - SimpleRole role = new SimpleRole(roleString.trim()); - resource.getIdm().add(role); - roles.put(role.getName(), role); - } - } - if (resourceRep.getRoleMappings() != null) { - for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) { - User user = userMap.get(mapping.getUsername()); - for (String roleString : mapping.getRoles()) { - Role role = roles.get(roleString.trim()); - if (role == null) { - role = new SimpleRole(roleString.trim()); - resource.getIdm().add(role); - roles.put(role.getName(), role); - } - Role role1 = resource.getIdm().getRole(role.getName()); - realm.getIdm().grantRole(user, role1); - } - } - } - if (resourceRep.getScopeMappings() != null) { - for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) { - User user = userMap.get(mapping.getUsername()); - for (String roleString : mapping.getRoles()) { - Role role = roles.get(roleString.trim()); - if (role == null) { - role = new SimpleRole(roleString.trim()); - resource.getIdm().add(role); - roles.put(role.getName(), role); - } - resource.addScope(user, role.getName()); - } - } - } - if (!roles.containsKey("*")) { - SimpleRole wildcard = new SimpleRole("*"); - resource.getIdm().add(wildcard); - roles.put("*", wildcard); - } - - } - } - - protected void verifyRealmRepresentation(RealmRepresentation rep) { - if (rep.getRequiredCredentials() == null) { - throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST) - .entity("Realm credential requirements not defined").type("text/plain").build()); - - } - - HashMap userReps = new HashMap(); - for (UserRepresentation userRep : rep.getUsers()) userReps.put(userRep.getUsername(), userRep); - - // override enabled to false if user does not have at least all of browser or client credentials - for (UserRepresentation userRep : rep.getUsers()) { - if (userRep.getCredentials() == null) { - userRep.setEnabled(false); - } else { - boolean hasBrowserCredentials = true; - for (RequiredCredentialRepresentation credential : rep.getRequiredCredentials()) { - boolean hasCredential = false; - for (UserRepresentation.Credential cred : userRep.getCredentials()) { - if (cred.getType().equals(credential.getType())) { - hasCredential = true; - break; - } - } - if (!hasCredential) { - hasBrowserCredentials = false; - break; - } - } - if (!hasBrowserCredentials) { - userRep.setEnabled(false); - } - - } - } - - if (rep.getResources() != null) { - // check mappings - for (ResourceRepresentation resourceRep : rep.getResources()) { - if (resourceRep.getRoleMappings() != null) { - for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) { - if (!userReps.containsKey(mapping.getUsername())) { - throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST) - .entity("No users declared for role mapping").type("text/plain").build()); - - } - } - } - } - } - } - } diff --git a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java index 55c576c3f86..2dfda688609 100755 --- a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java +++ b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java @@ -2,7 +2,7 @@ package org.keycloak.services.resources; import org.jboss.resteasy.logging.Logger; import org.keycloak.representations.idm.UserRepresentation; -import org.keycloak.services.models.RealmManager; +import org.keycloak.services.managers.RealmManager; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.UserCredentialModel; import org.picketlink.idm.IdentitySession; @@ -12,8 +12,10 @@ import org.picketlink.idm.model.User; import javax.ws.rs.Consumes; import javax.ws.rs.ForbiddenException; +import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.Path; +import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java index b9831ce500a..c03a01a91fe 100755 --- a/services/src/main/java/org/keycloak/services/resources/TokenService.java +++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java @@ -71,6 +71,36 @@ public class TokenService { this.tokenManager = tokenManager; } + public static UriBuilder tokenServiceBase(UriInfo uriInfo) { + UriBuilder base = uriInfo.getBaseUriBuilder() + .path(RealmsResource.class).path(RealmsResource.class, "getTokenService"); + return base; + } + + public static UriBuilder accessCodeRequest(UriInfo uriInfo) { + return tokenServiceBase(uriInfo).path(TokenService.class, "accessRequest"); + + } + + public static UriBuilder grantRequest(UriInfo uriInfo) { + return tokenServiceBase(uriInfo).path(TokenService.class, "accessTokenGrant"); + + } + + public static UriBuilder identityGrantRequest(UriInfo uriInfo) { + return tokenServiceBase(uriInfo).path(TokenService.class, "accessTokenGrant"); + + } + + public static UriBuilder loginPage(UriInfo uriInfo) { + return tokenServiceBase(uriInfo).path(TokenService.class, "requestAccessCode"); + } + + public static UriBuilder loginAction(UriInfo uriInfo) { + return tokenServiceBase(uriInfo).path(TokenService.class, "login"); + } + + @Path("grants/identity-token") @POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED) @@ -334,7 +364,7 @@ public class TokenService { } html.append("

To Authorize, please login below

"); } else { - Set scopeMapping = realm.getScope(client); + Set scopeMapping = realm.getScopes(client); if (scopeMapping.contains("*")) { html.append("

Login For ").append(realm.getName()).append(" Realm

"); if (validationError != null) { @@ -388,7 +418,7 @@ public class TokenService { } } - UriBuilder formActionUri = uriInfo.getBaseUriBuilder().path(TokenService.class).path(TokenService.class, "login"); + UriBuilder formActionUri = loginAction(uriInfo); String action = formActionUri.build(realm.getId()).toString(); html.append("
"); html.append("Username:
"); diff --git a/services/src/test/java/org/keycloak/test/AdapterTest.java b/services/src/test/java/org/keycloak/test/AdapterTest.java index 98fa18b0550..78622cca5a9 100755 --- a/services/src/test/java/org/keycloak/test/AdapterTest.java +++ b/services/src/test/java/org/keycloak/test/AdapterTest.java @@ -8,17 +8,33 @@ import org.junit.Test; import org.junit.runners.MethodSorters; import org.keycloak.representations.idm.RequiredCredentialRepresentation; import org.keycloak.services.managers.InstallationManager; -import org.keycloak.services.models.RealmManager; +import org.keycloak.services.managers.RealmManager; import org.keycloak.services.models.RealmModel; import org.keycloak.services.models.RequiredCredentialModel; import org.keycloak.services.models.UserCredentialModel; +import org.keycloak.services.models.relationships.RealmAdminRelationship; +import org.keycloak.services.models.relationships.RequiredCredentialRelationship; +import org.keycloak.services.models.relationships.ResourceRelationship; +import org.keycloak.services.models.relationships.ScopeRelationship; import org.keycloak.services.resources.KeycloakApplication; import org.picketlink.idm.IdentitySession; import org.picketlink.idm.IdentitySessionFactory; import org.picketlink.idm.IdentityManager; +import org.picketlink.idm.config.IdentityConfiguration; +import org.picketlink.idm.config.IdentityConfigurationBuilder; import org.picketlink.idm.credential.Credentials; import org.picketlink.idm.credential.Password; import org.picketlink.idm.credential.UsernamePasswordCredentials; +import org.picketlink.idm.internal.DefaultIdentitySessionFactory; +import org.picketlink.idm.jpa.internal.ResourceLocalJpaIdentitySessionHandler; +import org.picketlink.idm.jpa.schema.CredentialObject; +import org.picketlink.idm.jpa.schema.CredentialObjectAttribute; +import org.picketlink.idm.jpa.schema.IdentityObject; +import org.picketlink.idm.jpa.schema.IdentityObjectAttribute; +import org.picketlink.idm.jpa.schema.PartitionObject; +import org.picketlink.idm.jpa.schema.RelationshipIdentityObject; +import org.picketlink.idm.jpa.schema.RelationshipObject; +import org.picketlink.idm.jpa.schema.RelationshipObjectAttribute; import org.picketlink.idm.model.Role; import org.picketlink.idm.model.SimpleRole; import org.picketlink.idm.model.SimpleUser; @@ -39,11 +55,35 @@ public class AdapterTest { @Before public void before() throws Exception { - factory = KeycloakApplication.createFactory(); + factory = createFactory(); IdentitySession = factory.createIdentitySession(); adapter = new RealmManager(IdentitySession); } + public static IdentitySessionFactory createFactory() { + ResourceLocalJpaIdentitySessionHandler handler = new ResourceLocalJpaIdentitySessionHandler("keycloak-identity-store"); + IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder(); + + builder + .stores() + .jpa() + .identityClass(IdentityObject.class) + .attributeClass(IdentityObjectAttribute.class) + .relationshipClass(RelationshipObject.class) + .relationshipIdentityClass(RelationshipIdentityObject.class) + .relationshipAttributeClass(RelationshipObjectAttribute.class) + .credentialClass(CredentialObject.class) + .credentialAttributeClass(CredentialObjectAttribute.class) + .partitionClass(PartitionObject.class) + .supportAllFeatures() + .supportRelationshipType(RealmAdminRelationship.class, ResourceRelationship.class, RequiredCredentialRelationship.class, ScopeRelationship.class) + .setIdentitySessionHandler(handler); + + IdentityConfiguration build = builder.build(); + return new DefaultIdentitySessionFactory(build); + } + + @After public void after() throws Exception { IdentitySession.close(); diff --git a/services/src/test/java/org/keycloak/test/ImportTest.java b/services/src/test/java/org/keycloak/test/ImportTest.java new file mode 100755 index 00000000000..335169a161e --- /dev/null +++ b/services/src/test/java/org/keycloak/test/ImportTest.java @@ -0,0 +1,116 @@ +package org.keycloak.test; + +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.FixMethodOrder; +import org.junit.Test; +import org.junit.runners.MethodSorters; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.services.managers.RealmManager; +import org.keycloak.services.models.RealmModel; +import org.keycloak.services.models.RequiredCredentialModel; +import org.keycloak.services.models.relationships.RealmAdminRelationship; +import org.keycloak.services.models.relationships.RequiredCredentialRelationship; +import org.keycloak.services.models.relationships.ResourceRelationship; +import org.keycloak.services.models.relationships.ScopeRelationship; +import org.keycloak.services.resources.RegistrationService; +import org.picketlink.idm.IdentitySession; +import org.picketlink.idm.IdentitySessionFactory; +import org.picketlink.idm.config.IdentityConfiguration; +import org.picketlink.idm.config.IdentityConfigurationBuilder; +import org.picketlink.idm.internal.DefaultIdentitySessionFactory; +import org.picketlink.idm.jpa.internal.ResourceLocalJpaIdentitySessionHandler; +import org.picketlink.idm.jpa.schema.CredentialObject; +import org.picketlink.idm.jpa.schema.CredentialObjectAttribute; +import org.picketlink.idm.jpa.schema.IdentityObject; +import org.picketlink.idm.jpa.schema.IdentityObjectAttribute; +import org.picketlink.idm.jpa.schema.PartitionObject; +import org.picketlink.idm.jpa.schema.RelationshipIdentityObject; +import org.picketlink.idm.jpa.schema.RelationshipObject; +import org.picketlink.idm.jpa.schema.RelationshipObjectAttribute; +import org.picketlink.idm.model.Realm; +import org.picketlink.idm.model.SimpleRole; +import org.picketlink.idm.model.User; + +import java.util.Set; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +@FixMethodOrder(MethodSorters.NAME_ASCENDING) +public class ImportTest { + private IdentitySessionFactory factory; + private IdentitySession identitySession; + private RealmManager manager; + private RealmModel realmModel; + + @Before + public void before() throws Exception { + factory = createFactory(); + identitySession = factory.createIdentitySession(); + manager = new RealmManager(identitySession); + } + + public static IdentitySessionFactory createFactory() { + ResourceLocalJpaIdentitySessionHandler handler = new ResourceLocalJpaIdentitySessionHandler("keycloak-identity-store"); + IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder(); + + builder + .stores() + .jpa() + .identityClass(IdentityObject.class) + .attributeClass(IdentityObjectAttribute.class) + .relationshipClass(RelationshipObject.class) + .relationshipIdentityClass(RelationshipIdentityObject.class) + .relationshipAttributeClass(RelationshipObjectAttribute.class) + .credentialClass(CredentialObject.class) + .credentialAttributeClass(CredentialObjectAttribute.class) + .partitionClass(PartitionObject.class) + .supportAllFeatures() + .supportRelationshipType(RealmAdminRelationship.class, ResourceRelationship.class, RequiredCredentialRelationship.class, ScopeRelationship.class) + .setIdentitySessionHandler(handler); + + IdentityConfiguration build = builder.build(); + return new DefaultIdentitySessionFactory(build); + } + + + @After + public void after() throws Exception { + identitySession.close(); + factory.close(); + } + + @Test + public void install() throws Exception { + RealmModel defaultRealm = manager.createRealm(Realm.DEFAULT_REALM, Realm.DEFAULT_REALM); + defaultRealm.setName(Realm.DEFAULT_REALM); + defaultRealm.setEnabled(true); + defaultRealm.setTokenLifespan(300); + defaultRealm.setAccessCodeLifespan(60); + defaultRealm.setSslNotRequired(false); + defaultRealm.setCookieLoginAllowed(true); + defaultRealm.setRegistrationAllowed(true); + manager.generateRealmKeys(defaultRealm); + defaultRealm.updateRealm(); + defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD); + defaultRealm.getIdm().add(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE)); + + RealmRepresentation rep = KeycloakTestBase.loadJson("testrealm.json"); + RealmModel realm = manager.createRealm("demo", rep.getRealm()); + manager.importRealm(rep, realm); + + User user = realm.getIdm().getUser("loginclient"); + Assert.assertNotNull(user); + Set scopes = realm.getScopes(user); + System.out.println("Scopes size: " + scopes.size()); + Assert.assertTrue(scopes.contains("*")); + + } + + + + +} diff --git a/services/src/test/java/org/keycloak/test/RealmCreationTest.java b/services/src/test/java/org/keycloak/test/RealmCreationTest.java index 57d378f3f7b..88cbe49b685 100755 --- a/services/src/test/java/org/keycloak/test/RealmCreationTest.java +++ b/services/src/test/java/org/keycloak/test/RealmCreationTest.java @@ -1,10 +1,8 @@ package org.keycloak.test; -import org.jboss.resteasy.client.jaxrs.ResteasyClient; import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; import org.jboss.resteasy.spi.ResteasyDeployment; import org.jboss.resteasy.test.EmbeddedContainer; -import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; @@ -15,7 +13,7 @@ import org.keycloak.representations.idm.RequiredCredentialRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.InstallationManager; -import org.keycloak.services.models.RealmManager; +import org.keycloak.services.managers.RealmManager; import org.keycloak.services.resources.KeycloakApplication; import org.picketlink.idm.IdentitySession; import org.picketlink.idm.model.Realm; diff --git a/services/src/test/resources/META-INF/persistence.xml b/services/src/test/resources/META-INF/persistence.xml index 7b7e6640908..32b1acaa716 100755 --- a/services/src/test/resources/META-INF/persistence.xml +++ b/services/src/test/resources/META-INF/persistence.xml @@ -21,8 +21,8 @@ - - + + diff --git a/services/src/test/resources/testrealm.json b/services/src/test/resources/testrealm.json old mode 100644 new mode 100755 index 6002c79a839..b58bdd8a7a8 --- a/services/src/test/resources/testrealm.json +++ b/services/src/test/resources/testrealm.json @@ -56,7 +56,7 @@ "scopeMappings" : [ { "username" : "loginclient", - "roles" : ["login"] + "roles" : ["*"] } ], "resources" : [