mirror of
https://github.com/keycloak/keycloak.git
synced 2026-04-29 19:52:41 -05:00
finish using realm name instead of id
This commit is contained in:
Bill Burke
@@ -52,6 +52,10 @@ public class UrlBean {
|
||||
this.referrerURI = referrerURI;
|
||||
}
|
||||
|
||||
protected String getRealmIdentifier() {
|
||||
return realm.getName();
|
||||
}
|
||||
|
||||
public RealmBean getRealm() {
|
||||
return realm;
|
||||
}
|
||||
@@ -61,11 +65,11 @@ public class UrlBean {
|
||||
}
|
||||
|
||||
public String getAccessUrl() {
|
||||
return Urls.accountAccessPage(baseURI, realm.getId()).toString();
|
||||
return Urls.accountAccessPage(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getAccountUrl() {
|
||||
return Urls.accountPage(baseURI, realm.getId()).toString();
|
||||
return Urls.accountPage(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
URI getBaseURI() {
|
||||
@@ -73,24 +77,24 @@ public class UrlBean {
|
||||
}
|
||||
|
||||
public String getLoginAction() {
|
||||
return Urls.realmLoginAction(baseURI, realm.getId()).toString();
|
||||
return Urls.realmLoginAction(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getLoginUrl() {
|
||||
return Urls.realmLoginPage(baseURI, realm.getId()).toString();
|
||||
return Urls.realmLoginPage(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getPasswordUrl() {
|
||||
return Urls.accountPasswordPage(baseURI, realm.getId()).toString();
|
||||
return Urls.accountPasswordPage(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getRegistrationAction() {
|
||||
if (realm.isSaas()) {
|
||||
return Urls.saasRegisterAction(baseURI).toString();
|
||||
} else if (socialRegistration){
|
||||
return Urls.socialRegisterAction(baseURI, realm.getId()).toString();
|
||||
return Urls.socialRegisterAction(baseURI, getRealmIdentifier()).toString();
|
||||
} else {
|
||||
return Urls.realmRegisterAction(baseURI, realm.getId()).toString();
|
||||
return Urls.realmRegisterAction(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -99,48 +103,48 @@ public class UrlBean {
|
||||
// TODO: saas social registration
|
||||
return Urls.saasRegisterPage(baseURI).toString();
|
||||
} else {
|
||||
return Urls.realmRegisterPage(baseURI, realm.getId()).toString();
|
||||
return Urls.realmRegisterPage(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
}
|
||||
|
||||
public String getLoginUpdatePasswordUrl() {
|
||||
return Urls.loginActionUpdatePassword(baseURI, realm.getId()).toString();
|
||||
return Urls.loginActionUpdatePassword(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getLoginUpdateTotpUrl() {
|
||||
return Urls.loginActionUpdateTotp(baseURI, realm.getId()).toString();
|
||||
return Urls.loginActionUpdateTotp(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getLoginUpdateProfileUrl() {
|
||||
return Urls.loginActionUpdateProfile(baseURI, realm.getId()).toString();
|
||||
return Urls.loginActionUpdateProfile(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getSocialUrl() {
|
||||
return Urls.accountSocialPage(baseURI, realm.getId()).toString();
|
||||
return Urls.accountSocialPage(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getTotpUrl() {
|
||||
return Urls.accountTotpPage(baseURI, realm.getId()).toString();
|
||||
return Urls.accountTotpPage(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getTotpRemoveUrl() {
|
||||
return Urls.accountTotpRemove(baseURI, realm.getId()).toString();
|
||||
return Urls.accountTotpRemove(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getLogoutUrl() {
|
||||
return Urls.accountLogout(baseURI, realm.getId()).toString();
|
||||
return Urls.accountLogout(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getLoginPasswordResetUrl() {
|
||||
return Urls.loginPasswordReset(baseURI, realm.getId()).toString();
|
||||
return Urls.loginPasswordReset(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getLoginUsernameReminderUrl() {
|
||||
return Urls.loginUsernameReminder(baseURI, realm.getId()).toString();
|
||||
return Urls.loginUsernameReminder(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getLoginEmailVerificationUrl() {
|
||||
return Urls.loginActionEmailVerification(baseURI, realm.getId()).toString();
|
||||
return Urls.loginActionEmailVerification(baseURI, getRealmIdentifier()).toString();
|
||||
}
|
||||
|
||||
public String getReferrerURI() {
|
||||
|
||||
@@ -7,14 +7,19 @@
|
||||
<!-- Exclude JAVA EE of JBOSS (javax.ws..) => Add dependency javax.annotation -->
|
||||
<module name="javaee.api" />
|
||||
<!-- Exclude RestEasy conflict (javax.ws.rs.ext.RunDelegate) -->
|
||||
<module name="javax.ws.rs.api"/>
|
||||
<module name="org.codehaus.jackson.jackson-core-asl" />
|
||||
<module name="org.jboss.resteasy.resteasy-atom-provider" />
|
||||
<module name="org.jboss.resteasy.resteasy-cdi" />
|
||||
<module name="org.jboss.resteasy.resteasy-crypto" />
|
||||
<module name="org.jboss.resteasy.resteasy-jackson-provider" />
|
||||
<module name="org.jboss.resteasy.resteasy-jaxb-provider" />
|
||||
<module name="org.jboss.resteasy.resteasy-jaxrs" />
|
||||
<module name="org.jboss.resteasy.resteasy-jettison-provider" />
|
||||
<module name="org.jboss.resteasy.resteasy-jsapi" />
|
||||
<module name="org.jboss.resteasy.resteasy-json-p-provider" />
|
||||
<module name="org.jboss.resteasy.resteasy-multipart-provider" />
|
||||
<module name="org.jboss.resteasy.resteasy-validator-provider-11" />
|
||||
<module name="org.jboss.resteasy.resteasy-yaml-provider" />
|
||||
</exclusions>
|
||||
</deployment>
|
||||
|
||||
@@ -107,7 +107,7 @@ public class EmailSender {
|
||||
UriBuilder builder = Urls.loginActionEmailVerificationBuilder(uriInfo.getBaseUri());
|
||||
builder.queryParam("key", accessCode.getId());
|
||||
|
||||
URI uri = builder.build(realm.getId());
|
||||
URI uri = builder.build(realm.getName());
|
||||
|
||||
|
||||
StringBuilder sb = getHeader(user);
|
||||
@@ -128,7 +128,7 @@ public class EmailSender {
|
||||
UriBuilder builder = Urls.loginPasswordResetBuilder(uriInfo.getBaseUri());
|
||||
builder.queryParam("key", accessCode.getId());
|
||||
|
||||
URI uri = builder.build(realm.getId());
|
||||
URI uri = builder.build(realm.getName());
|
||||
|
||||
StringBuilder sb = getHeader(user);
|
||||
|
||||
|
||||
@@ -177,12 +177,12 @@ public class ApplicationManager {
|
||||
|
||||
public BaseAdapterConfig toInstallationRepresentation(RealmModel realmModel, ApplicationModel applicationModel, URI baseUri) {
|
||||
BaseAdapterConfig rep = new BaseAdapterConfig();
|
||||
rep.setRealm(realmModel.getId());
|
||||
rep.setRealm(realmModel.getName());
|
||||
rep.setRealmKey(realmModel.getPublicKeyPem());
|
||||
rep.setSslNotRequired(realmModel.isSslNotRequired());
|
||||
|
||||
rep.setAuthUrl(Urls.realmLoginPage(baseUri, realmModel.getId()).toString());
|
||||
rep.setCodeUrl(Urls.realmCode(baseUri, realmModel.getId()).toString());
|
||||
rep.setAuthUrl(Urls.realmLoginPage(baseUri, realmModel.getName()).toString());
|
||||
rep.setCodeUrl(Urls.realmCode(baseUri, realmModel.getName()).toString());
|
||||
rep.setUseResourceRoleMappings(applicationModel.getRoles().size() > 0);
|
||||
|
||||
rep.setResource(applicationModel.getName());
|
||||
|
||||
@@ -43,7 +43,7 @@ public class AuthenticationManager {
|
||||
token.id(RealmManager.generateId());
|
||||
token.issuedNow();
|
||||
token.principal(username);
|
||||
token.audience(realm.getId());
|
||||
token.audience(realm.getName());
|
||||
if (realm.getTokenLifespan() > 0) {
|
||||
token.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan());
|
||||
}
|
||||
@@ -53,8 +53,7 @@ public class AuthenticationManager {
|
||||
|
||||
public NewCookie createLoginCookie(RealmModel realm, UserModel user, UriInfo uriInfo) {
|
||||
String cookieName = KEYCLOAK_IDENTITY_COOKIE;
|
||||
URI uri = RealmsResource.realmBaseUrl(uriInfo).build(realm.getId());
|
||||
String cookiePath = uri.getRawPath();
|
||||
String cookiePath = getIdentityCookiePath(realm, uriInfo);
|
||||
return createLoginCookie(realm, user, null, cookieName, cookiePath);
|
||||
}
|
||||
|
||||
@@ -92,13 +91,17 @@ public class AuthenticationManager {
|
||||
|
||||
|
||||
public void expireIdentityCookie(RealmModel realm, UriInfo uriInfo) {
|
||||
URI uri = RealmsResource.realmBaseUrl(uriInfo).build(realm.getId());
|
||||
logger.debug("Expiring identity cookie");
|
||||
String path = uri.getRawPath();
|
||||
String path = getIdentityCookiePath(realm, uriInfo);
|
||||
String cookieName = KEYCLOAK_IDENTITY_COOKIE;
|
||||
expireCookie(cookieName, path);
|
||||
}
|
||||
|
||||
protected String getIdentityCookiePath(RealmModel realm, UriInfo uriInfo) {
|
||||
URI uri = RealmsResource.realmBaseUrl(uriInfo).build(realm.getName());
|
||||
return uri.getRawPath();
|
||||
}
|
||||
|
||||
public void expireSaasIdentityCookie(UriInfo uriInfo) {
|
||||
URI uri = AdminService.saasCookiePath(uriInfo).build();
|
||||
String cookiePath = uri.getRawPath();
|
||||
@@ -163,7 +166,7 @@ public class AuthenticationManager {
|
||||
|
||||
String tokenString = cookie.getValue();
|
||||
try {
|
||||
SkeletonKeyToken token = RSATokenVerifier.verifyToken(tokenString, realm.getPublicKey(), realm.getId());
|
||||
SkeletonKeyToken token = RSATokenVerifier.verifyToken(tokenString, realm.getPublicKey(), realm.getName());
|
||||
if (!token.isActive()) {
|
||||
logger.debug("identity cookie expired");
|
||||
expireIdentityCookie(realm, uriInfo);
|
||||
@@ -212,7 +215,7 @@ public class AuthenticationManager {
|
||||
|
||||
|
||||
try {
|
||||
SkeletonKeyToken token = RSATokenVerifier.verifyToken(tokenString, realm.getPublicKey(), realm.getId());
|
||||
SkeletonKeyToken token = RSATokenVerifier.verifyToken(tokenString, realm.getPublicKey(), realm.getName());
|
||||
if (!token.isActive()) {
|
||||
throw new NotAuthorizedException("token_expired");
|
||||
}
|
||||
|
||||
@@ -85,12 +85,12 @@ public class OAuthClientManager {
|
||||
|
||||
public BaseAdapterConfig toInstallationRepresentation(RealmModel realmModel, OAuthClientModel model, URI baseUri) {
|
||||
BaseAdapterConfig rep = new BaseAdapterConfig();
|
||||
rep.setRealm(realmModel.getId());
|
||||
rep.setRealm(realmModel.getName());
|
||||
rep.setRealmKey(realmModel.getPublicKeyPem());
|
||||
rep.setSslNotRequired(realmModel.isSslNotRequired());
|
||||
|
||||
rep.setAuthUrl(Urls.realmLoginPage(baseUri, realmModel.getId()).toString());
|
||||
rep.setCodeUrl(Urls.realmCode(baseUri, realmModel.getId()).toString());
|
||||
rep.setAuthUrl(Urls.realmLoginPage(baseUri, realmModel.getName()).toString());
|
||||
rep.setCodeUrl(Urls.realmCode(baseUri, realmModel.getName()).toString());
|
||||
rep.setUseResourceRoleMappings(false);
|
||||
|
||||
rep.setResource(model.getOAuthAgent().getLoginName());
|
||||
|
||||
@@ -172,7 +172,11 @@ public class RealmManager {
|
||||
}
|
||||
|
||||
public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
|
||||
RealmModel realm = createRealm(rep.getRealm());
|
||||
String id = rep.getId();
|
||||
if (id == null) {
|
||||
id = generateId();
|
||||
}
|
||||
RealmModel realm = createRealm(id, rep.getRealm());
|
||||
importRealm(rep, realm);
|
||||
return realm;
|
||||
}
|
||||
|
||||
@@ -174,7 +174,7 @@ public class TokenManager {
|
||||
token.id(RealmManager.generateId());
|
||||
token.issuedNow();
|
||||
token.principal(user.getLoginName());
|
||||
token.audience(realm.getId());
|
||||
token.audience(realm.getName());
|
||||
if (realm.getTokenLifespan() > 0) {
|
||||
token.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan());
|
||||
}
|
||||
|
||||
@@ -330,10 +330,10 @@ public class AccountService {
|
||||
throw new BadRequestException();
|
||||
}
|
||||
|
||||
URI accountUri = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getId());
|
||||
URI accountUri = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName());
|
||||
URI redirectUri = path != null ? accountUri.resolve(path) : accountUri;
|
||||
|
||||
NewCookie cookie = authManager.createAccountIdentityCookie(realm, accessCode.getUser(), client, Urls.accountBase(uriInfo.getBaseUri()).build(realm.getId()));
|
||||
NewCookie cookie = authManager.createAccountIdentityCookie(realm, accessCode.getUser(), client, Urls.accountBase(uriInfo.getBaseUri()).build(realm.getName()));
|
||||
return Response.status(302).cookie(cookie).location(redirectUri).build();
|
||||
} finally {
|
||||
authManager.expireCookie(AbstractOAuthClient.OAUTH_TOKEN_REQUEST_STATE, uriInfo.getAbsolutePath().getRawPath());
|
||||
@@ -344,7 +344,7 @@ public class AccountService {
|
||||
@GET
|
||||
public Response logout() {
|
||||
// TODO Should use single-sign out via TokenService
|
||||
URI baseUri = Urls.accountBase(uriInfo.getBaseUri()).build(realm.getId());
|
||||
URI baseUri = Urls.accountBase(uriInfo.getBaseUri()).build(realm.getName());
|
||||
authManager.expireIdentityCookie(realm, uriInfo);
|
||||
authManager.expireAccountIdentityCookie(baseUri);
|
||||
return Response.status(302).location(baseUri).build();
|
||||
@@ -352,12 +352,12 @@ public class AccountService {
|
||||
|
||||
private Response login(String path) {
|
||||
JaxrsOAuthClient oauth = new JaxrsOAuthClient();
|
||||
String authUrl = Urls.realmLoginPage(uriInfo.getBaseUri(), realm.getId()).toString();
|
||||
String authUrl = Urls.realmLoginPage(uriInfo.getBaseUri(), realm.getName()).toString();
|
||||
oauth.setAuthUrl(authUrl);
|
||||
|
||||
oauth.setClientId(Constants.ACCOUNT_APPLICATION);
|
||||
|
||||
URI accountUri = Urls.accountPageBuilder(uriInfo.getBaseUri()).path(AccountService.class, "loginRedirect").build(realm.getId());
|
||||
URI accountUri = Urls.accountPageBuilder(uriInfo.getBaseUri()).path(AccountService.class, "loginRedirect").build(realm.getName());
|
||||
|
||||
String referrer = getReferrer();
|
||||
if (referrer != null) {
|
||||
|
||||
@@ -50,10 +50,10 @@ public class PublicRealmResource {
|
||||
public String getRealmHtml(@PathParam("realm") String id) {
|
||||
StringBuffer html = new StringBuffer();
|
||||
|
||||
String authUri = TokenService.loginPageUrl(uriInfo).build(realm.getId()).toString();
|
||||
String codeUri = TokenService.accessCodeToTokenUrl(uriInfo).build(realm.getId()).toString();
|
||||
String grantUrl = TokenService.grantAccessTokenUrl(uriInfo).build(realm.getId()).toString();
|
||||
String idGrantUrl = TokenService.grantIdentityTokenUrl(uriInfo).build(realm.getId()).toString();
|
||||
String authUri = TokenService.loginPageUrl(uriInfo).build(realm.getName()).toString();
|
||||
String codeUri = TokenService.accessCodeToTokenUrl(uriInfo).build(realm.getName()).toString();
|
||||
String grantUrl = TokenService.grantAccessTokenUrl(uriInfo).build(realm.getName()).toString();
|
||||
String idGrantUrl = TokenService.grantIdentityTokenUrl(uriInfo).build(realm.getName()).toString();
|
||||
|
||||
html.append("<html><body><h1>Realm: ").append(realm.getName()).append("</h1>");
|
||||
html.append("<p>auth: ").append(authUri).append("</p>");
|
||||
@@ -74,10 +74,10 @@ public class PublicRealmResource {
|
||||
rep.setPublicKeyPem(realm.getPublicKeyPem());
|
||||
rep.setAdminRole(ADMIN_ROLE);
|
||||
|
||||
rep.setAuthorizationUrl(TokenService.loginPageUrl(uriInfo).build(realm.getId()).toString());
|
||||
rep.setCodeUrl(TokenService.accessCodeToTokenUrl(uriInfo).build(realm.getId()).toString());
|
||||
rep.setGrantUrl(TokenService.grantAccessTokenUrl(uriInfo).build(realm.getId()).toString());
|
||||
String idGrantUrl = TokenService.grantIdentityTokenUrl(uriInfo).build(realm.getId()).toString();
|
||||
rep.setAuthorizationUrl(TokenService.loginPageUrl(uriInfo).build(realm.getName()).toString());
|
||||
rep.setCodeUrl(TokenService.accessCodeToTokenUrl(uriInfo).build(realm.getName()).toString());
|
||||
rep.setGrantUrl(TokenService.grantAccessTokenUrl(uriInfo).build(realm.getName()).toString());
|
||||
String idGrantUrl = TokenService.grantIdentityTokenUrl(uriInfo).build(realm.getName()).toString();
|
||||
rep.setIdentityGrantUrl(idGrantUrl);
|
||||
return rep;
|
||||
}
|
||||
|
||||
@@ -59,8 +59,7 @@ public class RealmsResource {
|
||||
protected RealmModel locateRealm(String name, RealmManager realmManager) {
|
||||
RealmModel realm = realmManager.getRealmByName(name);
|
||||
if (realm == null) {
|
||||
logger.debug("realm not found");
|
||||
throw new NotFoundException();
|
||||
throw new NotFoundException("Realm " + name + " not found");
|
||||
}
|
||||
return realm;
|
||||
}
|
||||
|
||||
@@ -126,7 +126,7 @@ public class OAuthFlows {
|
||||
request.setAttribute("realmRolesRequested", accessCode.getRealmRolesRequested());
|
||||
request.setAttribute("resourceRolesRequested", accessCode.getResourceRolesRequested());
|
||||
request.setAttribute("client", client);
|
||||
request.setAttribute("action", TokenService.processOAuthUrl(uriInfo).build(realm.getId()).toString());
|
||||
request.setAttribute("action", TokenService.processOAuthUrl(uriInfo).build(realm.getName()).toString());
|
||||
request.setAttribute("code", accessCode.getCode());
|
||||
|
||||
return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode).forwardToOAuthGrant();
|
||||
|
||||
Reference in New Issue
Block a user