diff --git a/authentication/authentication-api/pom.xml b/authentication/authentication-api/pom.xml deleted file mode 100755 index 8471acd6fc2..00000000000 --- a/authentication/authentication-api/pom.xml +++ /dev/null @@ -1,48 +0,0 @@ - - - keycloak-authentication-parent - org.keycloak - 1.0-beta-4-SNAPSHOT - ../pom.xml - - 4.0.0 - - keycloak-authentication-api - Keycloak Authentication SPI - - - - - org.keycloak - keycloak-core - ${project.version} - provided - - - org.keycloak - keycloak-model-api - ${project.version} - provided - - - org.jboss.logging - jboss-logging - provided - - - - - - - org.apache.maven.plugins - maven-compiler-plugin - - ${maven.compiler.source} - ${maven.compiler.target} - - - - - - diff --git a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthProviderConstants.java b/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthProviderConstants.java deleted file mode 100644 index 1da2c94b1ad..00000000000 --- a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthProviderConstants.java +++ /dev/null @@ -1,15 +0,0 @@ -package org.keycloak.authentication; - -/** - * @author Marek Posolda - */ -public class AuthProviderConstants { - - // Model is default provider. See AuthenticationProviderModel.DEFAULT_PROVIDER - public static final String PROVIDER_NAME_MODEL = "model"; - public static final String PROVIDER_NAME_EXTERNAL_MODEL = "externalModel"; - public static final String PROVIDER_NAME_PICKETLINK = "picketlink"; - - // Used in external-model provider - public static final String EXTERNAL_REALM_ID = "externalRealmId"; -} diff --git a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthProviderStatus.java b/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthProviderStatus.java deleted file mode 100644 index 9a682c14c30..00000000000 --- a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthProviderStatus.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.keycloak.authentication; - -/** - * Result of authentication by AuthenticationProvider - * - * @author Marek Posolda - */ -public enum AuthProviderStatus { - - SUCCESS, INVALID_CREDENTIALS, FAILED - -} diff --git a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthUser.java b/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthUser.java deleted file mode 100644 index 8431721d83f..00000000000 --- a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthUser.java +++ /dev/null @@ -1,83 +0,0 @@ -package org.keycloak.authentication; - -/** - * @author Marek Posolda - */ -public class AuthUser { - - private String id; - private String username; - private String firstName; - private String lastName; - private String email; - - private String providerName; - - public AuthUser(String id, String username, String providerName) { - this.id = id; - this.username = username; - this.providerName = providerName; - } - - public String getId() { - return id; - } - - public AuthUser setId(String id) { - this.id = id; - return this; - } - - public String getUsername() { - return username; - } - - public AuthUser setUsername(String username) { - this.username = username; - return this; - } - - public String getFirstName() { - return firstName; - } - - public AuthUser setName(String name) { - int i = name.lastIndexOf(' '); - if (i != -1) { - firstName = name.substring(0, i); - lastName = name.substring(i + 1); - } else { - firstName = name; - } - - return this; - } - - public AuthUser setName(String firstName, String lastName) { - this.firstName = firstName; - this.lastName = lastName; - return this; - } - - public String getLastName() { - return lastName; - } - - public String getEmail() { - return email; - } - - public AuthUser setEmail(String email) { - this.email = email; - return this; - } - - public String getProviderName() { - return providerName; - } - - public AuthUser setProviderName(String providerName) { - this.providerName = providerName; - return this; - } -} diff --git a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProvider.java b/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProvider.java deleted file mode 100644 index f4ed95ee6a0..00000000000 --- a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProvider.java +++ /dev/null @@ -1,69 +0,0 @@ -package org.keycloak.authentication; - -import java.util.List; -import java.util.Map; - -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserModel; -import org.keycloak.provider.Provider; - -/** - * @author Marek Posolda - */ -public interface AuthenticationProvider extends Provider { - - String getName(); - - /** - * Get names of all available configuration options of current provider - * - * @return options or empty list if no options available - */ - List getAvailableOptions(); - - /** - * Get user by given username or email. Return user instance or null if user doesn't exists in this authentication provider - * - * @param realm - * @param configuration - * @param username or email - * @return found user or null if user with given username doesn't exists - * @throws AuthenticationProviderException - */ - AuthUser getUser(RealmModel realm, Map configuration, String username) throws AuthenticationProviderException; - - /** - * Try to register user with this authentication provider - * - * @param realm - * @param configuration - * @param user Keycloak user, which will be registered on authentication provider side - * @return ID of newly created user (For example ID from LDAP) - * @throws AuthenticationProviderException if user creation couldn't happen - */ - String registerUser(RealmModel realm, Map configuration, UserModel user) throws AuthenticationProviderException; - - /** - * Standard Authentication flow - * - * @param username - * @param password - * @return result of authentication, which might eventually encapsulate info about authenticated user and provider which successfully authenticated - */ - AuthProviderStatus validatePassword(RealmModel realm, Map configuration, String username, String password) throws AuthenticationProviderException; - - - /** - * Update credential - * - * @param realm - * @param configuration - * @param username - * @param password - * @return true if credential has been successfully updated - * @throws AuthenticationProviderException - */ - boolean updateCredential(RealmModel realm, Map configuration, String username, String password) throws AuthenticationProviderException; - - -} diff --git a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderException.java b/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderException.java deleted file mode 100644 index b5ae914d4da..00000000000 --- a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderException.java +++ /dev/null @@ -1,24 +0,0 @@ -package org.keycloak.authentication; - -/** - * @author Marek Posolda - */ -public class AuthenticationProviderException extends Exception { - - private static final long serialVersionUID = 15L; - - protected AuthenticationProviderException() { - } - - public AuthenticationProviderException(String message) { - super(message); - } - - public AuthenticationProviderException(Throwable cause) { - super(cause); - } - - public AuthenticationProviderException(String message, Throwable cause) { - super(message, cause); - } -} diff --git a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderFactory.java b/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderFactory.java deleted file mode 100644 index b0d203fdea7..00000000000 --- a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderFactory.java +++ /dev/null @@ -1,9 +0,0 @@ -package org.keycloak.authentication; - -import org.keycloak.provider.ProviderFactory; - -/** - * @author Marek Posolda - */ -public interface AuthenticationProviderFactory extends ProviderFactory { -} diff --git a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderManager.java b/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderManager.java deleted file mode 100755 index 9c8166585e0..00000000000 --- a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderManager.java +++ /dev/null @@ -1,218 +0,0 @@ -package org.keycloak.authentication; - -import org.jboss.logging.Logger; -import org.keycloak.models.AuthenticationLinkModel; -import org.keycloak.models.AuthenticationProviderModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserModel; - -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -/** - * Access point to authentication SPI. It finds configured and available {@link AuthenticationProvider} instances for current realm - * and then delegates method call to them. - * - * Example of usage: AuthenticationProviderManager.getManager(realm).validateUser("joe", "password"); - * - * @author Marek Posolda - */ -public class AuthenticationProviderManager { - - private static final Logger logger = Logger.getLogger(AuthenticationProviderManager.class); - - private final RealmModel realm; - private final Map delegates; - - public static AuthenticationProviderManager getManager(RealmModel realm, KeycloakSession session) { - Iterable providers = session.getAllProviders(AuthenticationProvider.class); - - Map providersMap = new HashMap(); - for (AuthenticationProvider provider : providers) { - providersMap.put(provider.getName(), provider); - } - - return new AuthenticationProviderManager(realm, providersMap); - } - - public AuthenticationProviderManager(RealmModel realm, Map delegates) { - this.realm = realm; - this.delegates = delegates; - } - - public AuthUser getUser(String username) { - List authProviderModels = getConfiguredProviderModels(realm); - for (AuthenticationProviderModel providerModel : authProviderModels) { - AuthenticationProvider delegate = getProvider(providerModel.getProviderName()); - if (delegate == null) { - continue; - } - - try { - AuthUser authUser = delegate.getUser(realm, providerModel.getConfig(), username); - if (authUser != null) { - logger.debugf("User '%s' found with provider '%s'", username, providerModel.getProviderName()); - return authUser; - } - } catch (AuthenticationProviderException ape) { - logger.warn(ape.getMessage(), ape); - } - } - - logger.debugf("User '%s' not found with any provider", username); - return null; - } - - public AuthProviderStatus validatePassword(UserModel user, String password) { - AuthenticationLinkModel authLink = user.getAuthenticationLink(); - if (authLink == null) { - // User not yet linked with any authenticationProvider. Find provider with biggest priority where he is and link - AuthUser authUser = getUser(user.getUsername()); - authLink = new AuthenticationLinkModel(authUser.getProviderName(), authUser.getId()); - user.setAuthenticationLink(authLink); - logger.infof("User '%s' linked with provider '%s'", authUser.getUsername(), authUser.getProviderName()); - } - - String providerName = authLink.getAuthProvider(); - - AuthenticationProviderModel providerModel = getConfiguredProviderModel(realm, providerName); - AuthenticationProvider delegate = getProvider(providerName); - if (delegate == null || providerModel == null) { - return AuthProviderStatus.FAILED; - } - - try { - checkCorrectAuthLink(delegate, providerModel, authLink, user.getUsername()); - - AuthProviderStatus currentResult = delegate.validatePassword(realm, providerModel.getConfig(), user.getUsername(), password); - logger.debugf("Authentication provider '%s' finished with '%s' for authentication of '%s'", delegate.getName(), currentResult.toString(), user.getUsername()); - return currentResult; - } catch (AuthenticationProviderException ape) { - logger.warn(ape.getMessage(), ape); - return AuthProviderStatus.FAILED; - } - } - - public boolean updatePassword(UserModel user, String password) throws AuthenticationProviderException { - AuthenticationLinkModel authLink = user.getAuthenticationLink(); - if (authLink == null) { - // Find provider with biggest priority where password update is supported. Then register user here and link him - List configuredProviders = getConfiguredProviderModels(realm); - for (AuthenticationProviderModel providerModel : configuredProviders) { - if (providerModel.isPasswordUpdateSupported()) { - AuthenticationProvider delegate = getProvider(providerModel.getProviderName()); - if (delegate != null) { - AuthUser authUser = delegate.getUser(realm, providerModel.getConfig(), user.getUsername()); - if (authUser != null) { - // Linking existing user supported just for "model" provider. In other cases throw exception - if (providerModel.getProviderName().equals(AuthenticationProviderModel.DEFAULT_PROVIDER.getProviderName())) { - authLink = new AuthenticationLinkModel(providerModel.getProviderName(), authUser.getId()); - user.setAuthenticationLink(authLink); - logger.infof("User '%s' linked with provider '%s'", authUser.getUsername(), authUser.getProviderName()); - } else { - throw new AuthenticationProviderException("User " + authUser.getUsername() + " exists in provider " - + authUser.getProviderName() + " but is not linked with model user"); - } - } else { - String userIdInProvider = delegate.registerUser(realm, providerModel.getConfig(), user); - authLink = new AuthenticationLinkModel(providerModel.getProviderName(), userIdInProvider); - user.setAuthenticationLink(authLink); - logger.infof("User '%s' registered in provider '%s' and linked", user.getUsername(), providerModel.getProviderName()); - } - break; - } - } - } - - if (authLink == null) { - logger.warnf("No providers found where password update is supported for user '%s'", user.getUsername()); - return false; - } - } - - String providerName = authLink.getAuthProvider(); - - AuthenticationProviderModel providerModel = getConfiguredProviderModel(realm, providerName); - if (providerModel == null) { - return false; - } - - String username = user.getUsername(); - - // Update just if password update is supported - if (providerModel.isPasswordUpdateSupported()) { - try { - AuthenticationProvider delegate = getProvider(providerName); - if (delegate == null) { - return false; - } - - checkCorrectAuthLink(delegate, providerModel, authLink, username); - - if (delegate.updateCredential(realm,providerModel.getConfig(), user.getUsername(), password)) { - logger.debugf("Updated password in authentication provider '%s' for user '%s'", providerName, username); - return true; - } else { - logger.warnf("Password not updated in authentication provider '%s' for user '%s'", providerName, username); - return false; - } - } catch (AuthenticationProviderException ape) { - // Rethrow it to upper layer - logger.warn("Failed to update password: " + ape.getMessage()); - throw ape; - } - } else { - logger.warnf("Skip password update for authentication provider '%s' for user '%s'", providerName, username); - return false; - } - } - - private AuthenticationProvider getProvider(String providerName) { - AuthenticationProvider delegate = delegates.get(providerName); - if (delegate == null) { - logger.warnf("Provider '%s' not available on classpath", providerName); - } - return delegate; - } - - private static List getConfiguredProviderModels(RealmModel realm) { - List configuredProviders = realm.getAuthenticationProviders(); - - // Use model based authentication of current realm by default - if (configuredProviders == null || configuredProviders.isEmpty()) { - configuredProviders = Collections.EMPTY_LIST; - logger.warnf("No authentication providers found"); - } - - return configuredProviders; - } - - public static AuthenticationProviderModel getConfiguredProviderModel(RealmModel realm, String providerName) { - List providers = getConfiguredProviderModels(realm); - for (AuthenticationProviderModel provider : providers) { - if (providerName.equals(provider.getProviderName())) { - return provider; - } - } - - logger.warnf("Provider '%s' not configured in realm", providerName); - return null; - } - - // Check if ID of linked AuthUser is same as expected ID from authenticationLink . It should catch the case when for example user "john" was deleted in LDAP - // and then user "john" has been created again, but it's actually different user with different ID - private void checkCorrectAuthLink(AuthenticationProvider authProvider, AuthenticationProviderModel providerModel, - AuthenticationLinkModel authLinkModel, String username) throws AuthenticationProviderException { - AuthUser authUser = authProvider.getUser(realm, providerModel.getConfig(), username); - if (authUser == null) { - throw new AuthenticationProviderException("User " + username + " not found in authentication provider " + providerModel.getProviderName()); - } - String userExternalId = authUser.getId(); - if (!userExternalId.equals(authLinkModel.getAuthUserId())) { - throw new AuthenticationProviderException("ID did not match! ID from provider: " + userExternalId + ", ID from authentication link: " + authLinkModel.getAuthUserId()); - } - } -} diff --git a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationSpi.java b/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationSpi.java deleted file mode 100644 index 875b150ca9f..00000000000 --- a/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationSpi.java +++ /dev/null @@ -1,27 +0,0 @@ -package org.keycloak.authentication; - -import org.keycloak.provider.Provider; -import org.keycloak.provider.ProviderFactory; -import org.keycloak.provider.Spi; - -/** - * @author Stian Thorgersen - */ -public class AuthenticationSpi implements Spi { - - @Override - public String getName() { - return "authentication"; - } - - @Override - public Class getProviderClass() { - return AuthenticationProvider.class; - } - - @Override - public Class getProviderFactoryClass() { - return AuthenticationProviderFactory.class; - } - -} diff --git a/authentication/authentication-api/src/main/resources/META-INF/services/org.keycloak.provider.Spi b/authentication/authentication-api/src/main/resources/META-INF/services/org.keycloak.provider.Spi deleted file mode 100644 index 93054018962..00000000000 --- a/authentication/authentication-api/src/main/resources/META-INF/services/org.keycloak.provider.Spi +++ /dev/null @@ -1 +0,0 @@ -org.keycloak.authentication.AuthenticationSpi \ No newline at end of file diff --git a/authentication/authentication-model/pom.xml b/authentication/authentication-model/pom.xml deleted file mode 100755 index 711ea534e0a..00000000000 --- a/authentication/authentication-model/pom.xml +++ /dev/null @@ -1,74 +0,0 @@ - - - keycloak-authentication-parent - org.keycloak - 1.0-beta-4-SNAPSHOT - ../pom.xml - - 4.0.0 - - keycloak-authentication-model - Keycloak Authentication Model Based - - - - - org.keycloak - keycloak-core - ${project.version} - provided - - - org.keycloak - keycloak-model-api - ${project.version} - provided - - - org.keycloak - keycloak-authentication-api - ${project.version} - provided - - - - org.jboss.resteasy - resteasy-jaxrs - provided - - - log4j - log4j - - - org.slf4j - slf4j-api - - - org.slf4j - slf4j-simple - - - - - org.jboss.logging - jboss-logging - provided - - - - - - - org.apache.maven.plugins - maven-compiler-plugin - - ${maven.compiler.source} - ${maven.compiler.target} - - - - - - diff --git a/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/AbstractModelAuthenticationProvider.java b/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/AbstractModelAuthenticationProvider.java deleted file mode 100755 index 63c0ec55363..00000000000 --- a/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/AbstractModelAuthenticationProvider.java +++ /dev/null @@ -1,94 +0,0 @@ -package org.keycloak.authentication.model; - -import java.util.Map; - -import org.jboss.logging.Logger; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserCredentialModel; -import org.keycloak.models.UserModel; -import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.representations.idm.CredentialRepresentation; -import org.keycloak.authentication.AuthProviderStatus; -import org.keycloak.authentication.AuthUser; -import org.keycloak.authentication.AuthenticationProvider; -import org.keycloak.authentication.AuthenticationProviderException; - -/** - * Authentication provider, which delegates calling of all methods to specified realm - * - * @author Marek Posolda - */ -public abstract class AbstractModelAuthenticationProvider implements AuthenticationProvider { - - private static final Logger logger = Logger.getLogger(AbstractModelAuthenticationProvider.class); - - protected KeycloakSession keycloakSession; - - protected AbstractModelAuthenticationProvider(KeycloakSession keycloakSession) { - this.keycloakSession = keycloakSession; - } - - @Override - public AuthUser getUser(RealmModel currentRealm, Map config, String username) throws AuthenticationProviderException { - RealmModel realm = getRealm(currentRealm, config); - UserModel user = KeycloakModelUtils.findUserByNameOrEmail(keycloakSession, realm, username); - return user == null ? null : createAuthenticatedUserInstance(user); - } - - @Override - public String registerUser(RealmModel currentRealm, Map config, UserModel user) throws AuthenticationProviderException { - RealmModel realm = getRealm(currentRealm, config); - UserModel newUser = keycloakSession.users().addUser(realm, user.getUsername()); - newUser.setFirstName(user.getFirstName()); - newUser.setLastName(user.getLastName()); - newUser.setEmail(user.getEmail()); - newUser.setEnabled(true); - return newUser.getId(); - } - - @Override - public AuthProviderStatus validatePassword(RealmModel currentRealm, Map config, String username, String password) throws AuthenticationProviderException { - RealmModel realm = getRealm(currentRealm, config); - UserModel user = KeycloakModelUtils.findUserByNameOrEmail(keycloakSession, realm, username); - - boolean result = keycloakSession.users().validCredentials(realm, user, UserCredentialModel.password(password)); - return result ? AuthProviderStatus.SUCCESS : AuthProviderStatus.INVALID_CREDENTIALS; - } - - @Override - public boolean updateCredential(RealmModel currentRealm, Map config, String username, String password) throws AuthenticationProviderException { - RealmModel realm = getRealm(currentRealm, config); - - // Validate password policy - String error = realm.getPasswordPolicy().validate(password); - if (error != null) { - throw new AuthenticationProviderException(error); - } - - UserModel user = keycloakSession.users().getUserByUsername(username, realm); - if (user == null) { - logger.warnf("User '%s' doesn't exists. Skip password update", username); - return false; - } - - UserCredentialModel cred = new UserCredentialModel(); - cred.setType(CredentialRepresentation.PASSWORD); - cred.setValue(password); - - user.updateCredential(cred); - return true; - } - - @Override - public void close() { - } - - protected abstract RealmModel getRealm(RealmModel currentRealm, Map config) throws AuthenticationProviderException; - - protected AuthUser createAuthenticatedUserInstance(UserModel user) { - return new AuthUser(user.getId(), user.getUsername(), getName()) - .setName(user.getFirstName(), user.getLastName()) - .setEmail(user.getEmail()); - } -} diff --git a/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ExternalModelAuthenticationProvider.java b/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ExternalModelAuthenticationProvider.java deleted file mode 100755 index e109360188e..00000000000 --- a/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ExternalModelAuthenticationProvider.java +++ /dev/null @@ -1,47 +0,0 @@ -package org.keycloak.authentication.model; - -import org.keycloak.authentication.AuthProviderConstants; -import org.keycloak.authentication.AuthenticationProviderException; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; - -import java.util.Arrays; -import java.util.List; -import java.util.Map; - -/** - * AbstractModelAuthenticationProvider, which delegates authentication operations to different (external) realm - * - * @author Marek Posolda - */ -public class ExternalModelAuthenticationProvider extends AbstractModelAuthenticationProvider { - - - public ExternalModelAuthenticationProvider(KeycloakSession session) { - super(session); - } - - @Override - public String getName() { - return AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL; - } - - @Override - public List getAvailableOptions() { - return Arrays.asList(AuthProviderConstants.EXTERNAL_REALM_ID); - } - - @Override - public RealmModel getRealm(RealmModel currentRealm, Map configuration) throws AuthenticationProviderException { - String realmId = configuration.get(AuthProviderConstants.EXTERNAL_REALM_ID); - if (realmId == null) { - throw new AuthenticationProviderException("Option '" + AuthProviderConstants.EXTERNAL_REALM_ID + "' not specified in configuration"); - } - - RealmModel realm = keycloakSession.realms().getRealm(realmId); - if (realm == null) { - throw new AuthenticationProviderException("Realm with id '" + realmId + "' doesn't exists"); - } - return realm; - } -} diff --git a/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ExternalModelAuthenticationProviderFactory.java b/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ExternalModelAuthenticationProviderFactory.java deleted file mode 100644 index 7ef0a5d9f9d..00000000000 --- a/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ExternalModelAuthenticationProviderFactory.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.keycloak.authentication.model; - -import org.keycloak.Config; -import org.keycloak.authentication.AuthProviderConstants; -import org.keycloak.authentication.AuthenticationProvider; -import org.keycloak.authentication.AuthenticationProviderFactory; -import org.keycloak.models.KeycloakSession; - -/** - * @author Marek Posolda - */ -public class ExternalModelAuthenticationProviderFactory implements AuthenticationProviderFactory { - - @Override - public AuthenticationProvider create(KeycloakSession session) { - return new ExternalModelAuthenticationProvider(session); - } - - @Override - public void init(Config.Scope config) { - } - - @Override - public void close() { - } - - @Override - public String getId() { - return AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL; - } - -} diff --git a/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ModelAuthenticationProvider.java b/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ModelAuthenticationProvider.java deleted file mode 100755 index 210d56d8f95..00000000000 --- a/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ModelAuthenticationProvider.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.keycloak.authentication.model; - -import java.util.Collections; -import java.util.List; -import java.util.Map; - -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; -import org.keycloak.authentication.AuthProviderConstants; - -/** - * AbstractModelAuthenticationProvider, which uses current realm to call operations on - * - * @author Marek Posolda - */ -public class ModelAuthenticationProvider extends AbstractModelAuthenticationProvider { - - public ModelAuthenticationProvider(KeycloakSession keycloakSession) { - super(keycloakSession); - } - - @Override - public String getName() { - return AuthProviderConstants.PROVIDER_NAME_MODEL; - } - - @Override - public List getAvailableOptions() { - return Collections.EMPTY_LIST; - } - - @Override - protected RealmModel getRealm(RealmModel currentRealm, Map config) { - return currentRealm; - } -} diff --git a/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ModelAuthenticationProviderFactory.java b/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ModelAuthenticationProviderFactory.java deleted file mode 100755 index bf699e39cff..00000000000 --- a/authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ModelAuthenticationProviderFactory.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.keycloak.authentication.model; - -import org.keycloak.Config; -import org.keycloak.authentication.AuthProviderConstants; -import org.keycloak.authentication.AuthenticationProvider; -import org.keycloak.authentication.AuthenticationProviderFactory; -import org.keycloak.models.KeycloakSession; - -/** - * @author Marek Posolda - */ -public class ModelAuthenticationProviderFactory implements AuthenticationProviderFactory { - - @Override - public AuthenticationProvider create(KeycloakSession session) { - return new ModelAuthenticationProvider(session); - } - - @Override - public void init(Config.Scope config) { - } - - @Override - public void close() { - } - - @Override - public String getId() { - return AuthProviderConstants.PROVIDER_NAME_MODEL; - } - -} diff --git a/authentication/authentication-model/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory b/authentication/authentication-model/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory deleted file mode 100644 index b65d4712b03..00000000000 --- a/authentication/authentication-model/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory +++ /dev/null @@ -1,2 +0,0 @@ -org.keycloak.authentication.model.ModelAuthenticationProviderFactory -org.keycloak.authentication.model.ExternalModelAuthenticationProviderFactory \ No newline at end of file diff --git a/authentication/authentication-picketlink/pom.xml b/authentication/authentication-picketlink/pom.xml deleted file mode 100755 index 3ca1a10a885..00000000000 --- a/authentication/authentication-picketlink/pom.xml +++ /dev/null @@ -1,101 +0,0 @@ - - - keycloak-authentication-parent - org.keycloak - 1.0-beta-4-SNAPSHOT - ../pom.xml - - 4.0.0 - - keycloak-authentication-picketlink - Keycloak Authentication Picketlink Based - - - - - org.keycloak - keycloak-core - ${project.version} - provided - - - org.keycloak - keycloak-model-api - ${project.version} - provided - - - org.keycloak - keycloak-authentication-api - ${project.version} - provided - - - org.keycloak - keycloak-picketlink-api - ${project.version} - provided - - - - org.jboss.resteasy - resteasy-jaxrs - provided - - - log4j - log4j - - - org.slf4j - slf4j-api - - - org.slf4j - slf4j-simple - - - - - org.jboss.logging - jboss-logging - provided - - - - org.picketlink - picketlink-common - provided - - - org.picketlink - picketlink-idm-api - provided - - - org.picketlink - picketlink-idm-impl - provided - - - org.picketlink - picketlink-idm-simple-schema - provided - - - - - - - org.apache.maven.plugins - maven-compiler-plugin - - ${maven.compiler.source} - ${maven.compiler.target} - - - - - - diff --git a/authentication/authentication-picketlink/src/main/java/org/keycloak/authentication/picketlink/PicketlinkAuthenticationProvider.java b/authentication/authentication-picketlink/src/main/java/org/keycloak/authentication/picketlink/PicketlinkAuthenticationProvider.java deleted file mode 100755 index 6cbcaad1c02..00000000000 --- a/authentication/authentication-picketlink/src/main/java/org/keycloak/authentication/picketlink/PicketlinkAuthenticationProvider.java +++ /dev/null @@ -1,140 +0,0 @@ -package org.keycloak.authentication.picketlink; - -import org.jboss.logging.Logger; -import org.keycloak.authentication.AuthProviderConstants; -import org.keycloak.authentication.AuthProviderStatus; -import org.keycloak.authentication.AuthUser; -import org.keycloak.authentication.AuthenticationProvider; -import org.keycloak.authentication.AuthenticationProviderException; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserModel; -import org.keycloak.picketlink.IdentityManagerProvider; -import org.picketlink.idm.IdentityManagementException; -import org.picketlink.idm.IdentityManager; -import org.picketlink.idm.credential.Credentials; -import org.picketlink.idm.credential.Password; -import org.picketlink.idm.credential.UsernamePasswordCredentials; -import org.picketlink.idm.model.basic.BasicModel; -import org.picketlink.idm.model.basic.User; - -import java.util.Collections; -import java.util.List; -import java.util.Map; - -/** - * AuthenticationProvider, which delegates authentication to picketlink - * - * @author Marek Posolda - */ -public class PicketlinkAuthenticationProvider implements AuthenticationProvider { - - private static final Logger logger = Logger.getLogger(PicketlinkAuthenticationProvider.class); - - private final IdentityManagerProvider identityManagerProvider; - - public PicketlinkAuthenticationProvider(IdentityManagerProvider identityManagerProvider) { - this.identityManagerProvider = identityManagerProvider; - } - - @Override - public String getName() { - return AuthProviderConstants.PROVIDER_NAME_PICKETLINK; - } - - @Override - public List getAvailableOptions() { - return Collections.EMPTY_LIST; - } - - @Override - public AuthUser getUser(RealmModel realm, Map configuration, String username) throws AuthenticationProviderException { - IdentityManager identityManager = getIdentityManager(realm); - - try { - User picketlinkUser = BasicModel.getUser(identityManager, username); - if (picketlinkUser == null) { - return null; - } - - String email = (picketlinkUser.getEmail() != null && picketlinkUser.getEmail().trim().length() > 0) ? picketlinkUser.getEmail() : null; - - return new AuthUser(picketlinkUser.getId(), picketlinkUser.getLoginName(), getName()) - .setName(picketlinkUser.getFirstName(), picketlinkUser.getLastName()) - .setEmail(email) - .setProviderName(getName()); - } catch (IdentityManagementException ie) { - throw convertIDMException(ie); - } - } - - @Override - public String registerUser(RealmModel realm, Map configuration, UserModel user) throws AuthenticationProviderException { - IdentityManager identityManager = getIdentityManager(realm); - - try { - User picketlinkUser = new User(user.getUsername()); - picketlinkUser.setFirstName(user.getFirstName()); - picketlinkUser.setLastName(user.getLastName()); - picketlinkUser.setEmail(user.getEmail()); - identityManager.add(picketlinkUser); - return picketlinkUser.getId(); - } catch (IdentityManagementException ie) { - throw convertIDMException(ie); - } - } - - @Override - public AuthProviderStatus validatePassword(RealmModel realm, Map configuration, String username, String password) throws AuthenticationProviderException { - IdentityManager identityManager = getIdentityManager(realm); - - try { - UsernamePasswordCredentials credential = new UsernamePasswordCredentials(); - credential.setUsername(username); - credential.setPassword(new Password(password.toCharArray())); - identityManager.validateCredentials(credential); - if (credential.getStatus() == Credentials.Status.VALID) { - return AuthProviderStatus.SUCCESS; - } else { - return AuthProviderStatus.INVALID_CREDENTIALS; - } - } catch (IdentityManagementException ie) { - throw convertIDMException(ie); - } - } - - @Override - public boolean updateCredential(RealmModel realm, Map configuration, String username, String password) throws AuthenticationProviderException { - IdentityManager identityManager = getIdentityManager(realm); - - try { - User picketlinkUser = BasicModel.getUser(identityManager, username); - if (picketlinkUser == null) { - logger.debugf("User '%s' doesn't exists. Skip password update", username); - return false; - } - - identityManager.updateCredential(picketlinkUser, new Password(password.toCharArray())); - return true; - } catch (IdentityManagementException ie) { - throw convertIDMException(ie); - } - } - - @Override - public void close() { - } - - public IdentityManager getIdentityManager(RealmModel realm) throws AuthenticationProviderException { - return identityManagerProvider.getIdentityManager(realm); - } - - private AuthenticationProviderException convertIDMException(IdentityManagementException ie) { - Throwable realCause = ie; - while (realCause.getCause() != null) { - realCause = realCause.getCause(); - } - - // Use the message from the realCause - return new AuthenticationProviderException(realCause.getMessage(), ie); - } -} diff --git a/authentication/authentication-picketlink/src/main/java/org/keycloak/authentication/picketlink/PicketlinkAuthenticationProviderFactory.java b/authentication/authentication-picketlink/src/main/java/org/keycloak/authentication/picketlink/PicketlinkAuthenticationProviderFactory.java deleted file mode 100644 index f7a18e773ae..00000000000 --- a/authentication/authentication-picketlink/src/main/java/org/keycloak/authentication/picketlink/PicketlinkAuthenticationProviderFactory.java +++ /dev/null @@ -1,33 +0,0 @@ -package org.keycloak.authentication.picketlink; - -import org.keycloak.Config; -import org.keycloak.authentication.AuthProviderConstants; -import org.keycloak.authentication.AuthenticationProvider; -import org.keycloak.authentication.AuthenticationProviderFactory; -import org.keycloak.models.KeycloakSession; -import org.keycloak.picketlink.IdentityManagerProvider; - -/** - * @author Marek Posolda - */ -public class PicketlinkAuthenticationProviderFactory implements AuthenticationProviderFactory { - - @Override - public AuthenticationProvider create(KeycloakSession session) { - return new PicketlinkAuthenticationProvider(session.getProvider(IdentityManagerProvider.class)); - } - - @Override - public void init(Config.Scope config) { - } - - @Override - public void close() { - } - - @Override - public String getId() { - return AuthProviderConstants.PROVIDER_NAME_PICKETLINK; - } - -} diff --git a/authentication/authentication-picketlink/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory b/authentication/authentication-picketlink/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory deleted file mode 100644 index b12d76700d0..00000000000 --- a/authentication/authentication-picketlink/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory +++ /dev/null @@ -1 +0,0 @@ -org.keycloak.authentication.picketlink.PicketlinkAuthenticationProviderFactory \ No newline at end of file diff --git a/authentication/pom.xml b/authentication/pom.xml deleted file mode 100755 index f7ea914bfb4..00000000000 --- a/authentication/pom.xml +++ /dev/null @@ -1,24 +0,0 @@ - - - - keycloak-parent - org.keycloak - 1.0-beta-4-SNAPSHOT - ../pom.xml - - 4.0.0 - pom - - keycloak-authentication-parent - Keycloak Authentication - - - - authentication-api - authentication-model - authentication-picketlink - - - diff --git a/connections/jpa/src/main/resources/META-INF/persistence.xml b/connections/jpa/src/main/resources/META-INF/persistence.xml index e2c80de3501..94f1fd049b5 100755 --- a/connections/jpa/src/main/resources/META-INF/persistence.xml +++ b/connections/jpa/src/main/resources/META-INF/persistence.xml @@ -8,11 +8,9 @@ org.keycloak.models.jpa.entities.OAuthClientEntity org.keycloak.models.jpa.entities.RealmEntity org.keycloak.models.jpa.entities.RequiredCredentialEntity - org.keycloak.models.jpa.entities.AuthenticationProviderEntity org.keycloak.models.jpa.entities.UserFederationProviderEntity org.keycloak.models.jpa.entities.RoleEntity org.keycloak.models.jpa.entities.SocialLinkEntity - org.keycloak.models.jpa.entities.AuthenticationLinkEntity org.keycloak.models.jpa.entities.UserEntity org.keycloak.models.jpa.entities.UserRequiredActionEntity org.keycloak.models.jpa.entities.UserAttributeEntity diff --git a/core/src/main/java/org/keycloak/representations/idm/AuthenticationLinkRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/AuthenticationLinkRepresentation.java deleted file mode 100644 index d59e5824935..00000000000 --- a/core/src/main/java/org/keycloak/representations/idm/AuthenticationLinkRepresentation.java +++ /dev/null @@ -1,26 +0,0 @@ -package org.keycloak.representations.idm; - -/** - * @author Marek Posolda - */ -public class AuthenticationLinkRepresentation { - - private String authProvider; - private String authUserId; - - public String getAuthProvider() { - return authProvider; - } - - public void setAuthProvider(String authProvider) { - this.authProvider = authProvider; - } - - public String getAuthUserId() { - return authUserId; - } - - public void setAuthUserId(String authUserId) { - this.authUserId = authUserId; - } -} diff --git a/core/src/main/java/org/keycloak/representations/idm/AuthenticationProviderRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/AuthenticationProviderRepresentation.java deleted file mode 100755 index f3a0ed23079..00000000000 --- a/core/src/main/java/org/keycloak/representations/idm/AuthenticationProviderRepresentation.java +++ /dev/null @@ -1,56 +0,0 @@ -package org.keycloak.representations.idm; - -import java.util.Map; - -/** - * @author Marek Posolda - */ -public class AuthenticationProviderRepresentation { - - private String providerName; - private boolean passwordUpdateSupported = true; - private Map config; - - public String getProviderName() { - return providerName; - } - - public void setProviderName(String providerName) { - this.providerName = providerName; - } - - public boolean isPasswordUpdateSupported() { - return passwordUpdateSupported; - } - - public void setPasswordUpdateSupported(boolean passwordUpdateSupported) { - this.passwordUpdateSupported = passwordUpdateSupported; - } - - public Map getConfig() { - return config; - } - - public void setConfig(Map config) { - this.config = config; - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - - AuthenticationProviderRepresentation that = (AuthenticationProviderRepresentation) o; - - if (passwordUpdateSupported != that.passwordUpdateSupported) return false; - if (config != null ? !config.equals(that.config) : that.config != null) return false; - if (!providerName.equals(that.providerName)) return false; - - return true; - } - - @Override - public int hashCode() { - return providerName.hashCode(); - } -} diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java index ba38e9985fe..3bb7e836ef3 100755 --- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java @@ -54,8 +54,6 @@ public class RealmRepresentation { protected List oauthClients; protected Map socialProviders; protected Map smtpServer; - protected Map ldapServer; - protected List authenticationProviders; protected List userFederationProviders; protected String loginTheme; protected String accountTheme; @@ -309,22 +307,6 @@ public class RealmRepresentation { this.smtpServer = smtpServer; } - public Map getLdapServer() { - return ldapServer; - } - - public void setLdapServer(Map ldapServer) { - this.ldapServer = ldapServer; - } - - public List getAuthenticationProviders() { - return authenticationProviders; - } - - public void setAuthenticationProviders(List authenticationProviders) { - this.authenticationProviders = authenticationProviders; - } - public List getOauthClients() { return oauthClients; } diff --git a/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java index 257898373d7..45cac164459 100755 --- a/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/UserRepresentation.java @@ -20,7 +20,6 @@ public class UserRepresentation { protected String firstName; protected String lastName; protected String email; - protected AuthenticationLinkRepresentation authenticationLink; protected String federationLink; protected Map attributes; protected List credentials; @@ -101,14 +100,6 @@ public class UserRepresentation { this.emailVerified = emailVerified; } - public AuthenticationLinkRepresentation getAuthenticationLink() { - return authenticationLink; - } - - public void setAuthenticationLink(AuthenticationLinkRepresentation authenticationLink) { - this.authenticationLink = authenticationLink; - } - public Map getAttributes() { return attributes; } diff --git a/dependencies/server-all/pom.xml b/dependencies/server-all/pom.xml index 6316ed96ba7..d36543dd63d 100755 --- a/dependencies/server-all/pom.xml +++ b/dependencies/server-all/pom.xml @@ -89,11 +89,6 @@ - - org.keycloak - keycloak-authentication-picketlink - ${project.version} - org.picketlink picketlink-common @@ -117,11 +112,6 @@ keycloak-picketlink-api ${project.version} - - org.keycloak - keycloak-picketlink-realm - ${project.version} - diff --git a/dependencies/server-min/pom.xml b/dependencies/server-min/pom.xml index 5ae92c6556b..2586cc9d1d9 100755 --- a/dependencies/server-min/pom.xml +++ b/dependencies/server-min/pom.xml @@ -112,18 +112,6 @@ ${project.version} - - - org.keycloak - keycloak-authentication-api - ${project.version} - - - org.keycloak - keycloak-authentication-model - ${project.version} - - org.keycloak diff --git a/examples/providers/pom.xml b/examples/providers/pom.xml index 229057df6e8..6844c7c5030 100755 --- a/examples/providers/pom.xml +++ b/examples/providers/pom.xml @@ -27,6 +27,5 @@ audit-listener-sysout audit-provider-mem - authentication-properties diff --git a/export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportUtils.java b/export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportUtils.java index 4c1cc5befc2..d36828093d0 100755 --- a/export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportUtils.java +++ b/export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ExportUtils.java @@ -2,7 +2,6 @@ package org.keycloak.exportimport.util; import java.io.IOException; import java.io.OutputStream; -import java.nio.charset.Charset; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; @@ -18,9 +17,7 @@ import org.codehaus.jackson.JsonFactory; import org.codehaus.jackson.JsonGenerator; import org.codehaus.jackson.map.ObjectMapper; import org.codehaus.jackson.map.SerializationConfig; -import org.keycloak.exportimport.Strategy; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationLinkModel; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.OAuthClientModel; @@ -32,7 +29,6 @@ import org.keycloak.models.UserCredentialValueModel; import org.keycloak.models.UserModel; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.representations.idm.ApplicationRepresentation; -import org.keycloak.representations.idm.AuthenticationLinkRepresentation; import org.keycloak.representations.idm.ClaimRepresentation; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.OAuthClientRepresentation; @@ -255,13 +251,6 @@ public class ExportUtils { public static UserRepresentation exportUser(KeycloakSession session, RealmModel realm, UserModel user) { UserRepresentation userRep = ModelToRepresentation.toRepresentation(user); - // AuthenticationLink - AuthenticationLinkModel authLink = user.getAuthenticationLink(); - if (authLink != null) { - AuthenticationLinkRepresentation authLinkRepresentation = exportAuthLink(authLink); - userRep.setAuthenticationLink(authLinkRepresentation); - } - // Social links Set socialLinks = session.users().getSocialLinks(user, realm); List socialLinkReps = new ArrayList(); @@ -313,13 +302,6 @@ public class ExportUtils { return userRep; } - public static AuthenticationLinkRepresentation exportAuthLink(AuthenticationLinkModel authLinkModel) { - AuthenticationLinkRepresentation authLinkRep = new AuthenticationLinkRepresentation(); - authLinkRep.setAuthProvider(authLinkModel.getAuthProvider()); - authLinkRep.setAuthUserId(authLinkModel.getAuthUserId()); - return authLinkRep; - } - public static SocialLinkRepresentation exportSocialLink(SocialLinkModel socialLink) { SocialLinkRepresentation socialLinkRep = new SocialLinkRepresentation(); socialLinkRep.setSocialProvider(socialLink.getSocialProvider()); diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/PartitionManagerRegistry.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/PartitionManagerRegistry.java index 5c83bdaca0d..9992b877de8 100755 --- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/PartitionManagerRegistry.java +++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/PartitionManagerRegistry.java @@ -47,7 +47,7 @@ public class PartitionManagerRegistry { * @param ldapConfig from realm * @return PartitionManager instance based on LDAP store */ - protected PartitionManager createPartitionManager(Map ldapConfig) { + public static PartitionManager createPartitionManager(Map ldapConfig) { IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder(); Properties connectionProps = new Properties(); @@ -114,13 +114,13 @@ public class PartitionManagerRegistry { return new DefaultPartitionManager(identityConfigs); } - private void checkSystemProperty(String name, String defaultValue) { + private static void checkSystemProperty(String name, String defaultValue) { if (System.getProperty(name) == null) { System.setProperty(name, defaultValue); } } - private String getNameOfLDAPAttribute(String systemPropertyName, String defaultAttrName, String defaultAttrNameInActiveDirectory, boolean activeDirectory) { + private static String getNameOfLDAPAttribute(String systemPropertyName, String defaultAttrName, String defaultAttrNameInActiveDirectory, boolean activeDirectory) { // System property has biggest priority if available String sysProperty = System.getProperty(systemPropertyName); if (sysProperty != null) { @@ -131,7 +131,7 @@ public class PartitionManagerRegistry { } // Parse array of strings like [ "inetOrgPerson", "organizationalPerson" ] from the string like: "inetOrgPerson, organizationalPerson" - private String[] getUserObjectClasses(Map ldapConfig) { + private static String[] getUserObjectClasses(Map ldapConfig) { String objClassesCfg = ldapConfig.get(LDAPConstants.USER_OBJECT_CLASSES); String objClassesStr = (objClassesCfg != null && objClassesCfg.length() > 0) ? objClassesCfg.trim() : "inetOrgPerson, organizationalPerson"; diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/WritableLDAPUserModelDelegate.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/WritableLDAPUserModelDelegate.java index a98d2b80bbf..9a68f6a1caa 100755 --- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/WritableLDAPUserModelDelegate.java +++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/WritableLDAPUserModelDelegate.java @@ -1,12 +1,8 @@ package org.keycloak.federation.ldap; import org.jboss.logging.Logger; -import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationLinkModel; import org.keycloak.models.ModelException; -import org.keycloak.models.RoleModel; import org.keycloak.models.UserCredentialModel; -import org.keycloak.models.UserCredentialValueModel; import org.keycloak.models.UserModel; import org.keycloak.models.utils.UserModelDelegate; import org.picketlink.idm.IdentityManagementException; @@ -16,10 +12,6 @@ import org.picketlink.idm.credential.TOTPCredential; import org.picketlink.idm.model.basic.BasicModel; import org.picketlink.idm.model.basic.User; -import java.util.List; -import java.util.Map; -import java.util.Set; - /** * @author Bill Burke * @version $Revision: 1 $ diff --git a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountSocialBean.java b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountSocialBean.java index ad2786cf781..51d71c9ca08 100755 --- a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountSocialBean.java +++ b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountSocialBean.java @@ -53,7 +53,7 @@ public class AccountSocialBean { } // Removing last social provider is not possible if you don't have other possibility to authenticate - this.removeLinkPossible = availableLinks > 1 || user.getAuthenticationLink() != null; + this.removeLinkPossible = availableLinks > 1 || user.getFederationLink() != null; } private SocialLinkModel getSocialLink(Set userSocialLinks, String socialProviderId) { diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js index 94970f4dda9..1bbfcf697d7 100755 --- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js +++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js @@ -161,15 +161,6 @@ module.config([ '$routeProvider', function($routeProvider) { }, controller : 'RealmSMTPSettingsCtrl' }) - .when('/realms/:realm/ldap-settings', { - templateUrl : 'partials/realm-ldap.html', - resolve : { - realm : function(RealmLoader) { - return RealmLoader(); - } - }, - controller : 'RealmLDAPSettingsCtrl' - }) .when('/realms/:realm/audit', { templateUrl : 'partials/realm-audit.html', resolve : { @@ -194,39 +185,6 @@ module.config([ '$routeProvider', function($routeProvider) { }, controller : 'RealmAuditCtrl' }) - .when('/realms/:realm/auth-settings', { - templateUrl : 'partials/realm-auth-list.html', - resolve : { - realm : function(RealmLoader) { - return RealmLoader(); - } - }, - controller : 'RealmAuthSettingsCtrl' - }) - .when('/realms/:realm/auth-settings/create', { - templateUrl : 'partials/realm-auth-detail.html', - resolve : { - realm : function(RealmLoader) { - return RealmLoader(); - }, - serverInfo : function(ServerInfoLoader) { - return ServerInfoLoader(); - } - }, - controller : 'RealmAuthSettingsDetailCtrl' - }) - .when('/realms/:realm/auth-settings/:index', { - templateUrl : 'partials/realm-auth-detail.html', - resolve : { - realm : function(RealmLoader) { - return RealmLoader(); - }, - serverInfo : function(ServerInfoLoader) { - return ServerInfoLoader(); - } - }, - controller : 'RealmAuthSettingsDetailCtrl' - }) .when('/create/user/:realm', { templateUrl : 'partials/user-detail.html', resolve : { diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js index 03df9a76cbb..8d456be0c1b 100755 --- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js +++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js @@ -891,185 +891,6 @@ module.controller('RealmSMTPSettingsCtrl', function($scope, Current, Realm, real } }); -module.controller('RealmLDAPSettingsCtrl', function($scope, $location, Notifications, Realm, realm, RealmLDAPConnectionTester) { - console.log('RealmLDAPSettingsCtrl'); - - $scope.ldapVendors = [ - { "id": "ad", "name": "Active Directory" }, - { "id": "rhds", "name": "Red Hat Directory Server" }, - { "id": "other", "name": "Other" } - ]; - - $scope.usernameLDAPAttributes = [ - "uid", "cn", "sAMAccountName" - ]; - - $scope.realm = realm; - - var oldCopy = angular.copy($scope.realm); - $scope.changed = false; - - $scope.lastVendor = realm.ldapServer.vendor; - - $scope.$watch('realm', function() { - if (!angular.equals($scope.realm, oldCopy)) { - $scope.changed = true; - } - - if (!angular.equals($scope.realm.ldapServer.vendor, $scope.lastVendor)) { - console.log("LDAP vendor changed"); - $scope.lastVendor = $scope.realm.ldapServer.vendor; - - if ($scope.lastVendor === "ad") { - $scope.realm.ldapServer.usernameLDAPAttribute = "cn"; - $scope.realm.ldapServer.userObjectClasses = "person, organizationalPerson"; - } else { - $scope.realm.ldapServer.usernameLDAPAttribute = "uid"; - $scope.realm.ldapServer.userObjectClasses = "inetOrgPerson, organizationalPerson"; - } - } - }, true); - - $scope.save = function() { - var realmCopy = angular.copy($scope.realm); - $scope.changed = false; - Realm.update(realmCopy, function () { - $location.url("/realms/" + realm.realm + "/ldap-settings"); - Notifications.success("Your changes have been saved to the realm."); - }); - }; - - $scope.reset = function() { - $scope.realm = angular.copy(oldCopy); - $scope.changed = false; - $scope.lastVendor = $scope.realm.ldapServer.vendor; - }; - - var initConnectionTest = function(testAction, ldapConfig) { - return { - action: testAction, - realm: $scope.realm.realm, - connectionUrl: ldapConfig.connectionUrl, - bindDn: ldapConfig.bindDn, - bindCredential: ldapConfig.bindCredential - }; - }; - - $scope.testConnection = function() { - console.log('RealmLDAPSettingsCtrl: testConnection'); - RealmLDAPConnectionTester.get(initConnectionTest("testConnection", $scope.realm.ldapServer), function() { - Notifications.success("LDAP connection successful."); - }, function() { - Notifications.error("Error when trying to connect to LDAP. See server.log for details."); - }); - } - - $scope.testAuthentication = function() { - console.log('RealmLDAPSettingsCtrl: testAuthentication'); - RealmLDAPConnectionTester.get(initConnectionTest("testAuthentication", $scope.realm.ldapServer), function() { - Notifications.success("LDAP authentication successful."); - }, function() { - Notifications.error("LDAP authentication failed. See server.log for details"); - }); - } -}); - -module.controller('RealmAuthSettingsCtrl', function($scope, realm) { - console.log('RealmAuthSettingsCtrl'); - - $scope.realm = realm; - $scope.authenticationProviders = realm.authenticationProviders; -}); - -module.controller('RealmAuthSettingsDetailCtrl', function($scope, $routeParams, $location, Notifications, Dialog, Realm, realm, serverInfo) { - console.log('RealmAuthSettingsDetailCtrl'); - - $scope.realm = realm; - $scope.availableProviders = serverInfo.authProviders; - $scope.availableProviderNames = Object.keys(serverInfo.authProviders); - - $scope.create = !$routeParams.index; - $scope.changed = false; - - if ($scope.create) { - $scope.authProvider = { - passwordUpdateSupported: true, - config: {} - }; - - $scope.authProviderOptionNames = []; - } else { - $scope.authProvider = realm.authenticationProviders[ $routeParams.index ]; - if (!$scope.authProvider.config) { - $scope.authProvider.config = {}; - } - - $scope.authProviderOptionNames = serverInfo.authProviders[ $scope.authProvider.providerName ]; - $scope.authProviderIndex = $routeParams.index; - } - - var oldCopy = angular.copy($scope.authProvider); - $scope.$watch('authProvider', function() { - if (!angular.equals($scope.authProvider, oldCopy)) { - $scope.changed = true; - } - }, true); - - $scope.changeAuthProvider = function() { - console.log('RealmAuthSettingsDetailCtrl: provider changed to ' + $scope.authProvider.providerName); - $scope.authProviderOptionNames = serverInfo.authProviders[ $scope.authProvider.providerName ]; - } - - $scope.cancel = function() { - $location.url("/realms/" + realm.realm + "/auth-settings"); - } - - $scope.reset = function() { - $scope.authProvider = angular.copy(oldCopy); - $scope.changed = false; - } - - $scope.save = function() { - if (!$scope.authProvider.providerName) { - console.log('RealmAuthSettingsDetailCtrl: no provider selected. Skip creation'); - return; - } - - console.log('RealmAuthSettingsDetailCtrl: creating provider ' + $scope.authProvider.providerName); - var realmCopy = angular.copy($scope.realm); - if (!realmCopy.authenticationProviders) { - realmCopy.authenticationProviders = []; - } - - if ($scope.create) { - realmCopy.authenticationProviders.push($scope.authProvider); - } else { - realmCopy.authenticationProviders[ $scope.authProviderIndex ] = $scope.authProvider; - } - - $scope.changed = false; - Realm.update(realmCopy, function () { - $location.url("/realms/" + realm.realm + "/auth-settings"); - Notifications.success("Authentication provider has been saved."); - }); - }; - - $scope.remove = function() { - Dialog.confirmDelete($scope.realm.authenticationProviders.providerName, 'authentication Provider', function() { - console.log('RealmAuthSettingsDetailCtrl: deleting provider ' + $scope.authProvider.providerName); - - var realmCopy = angular.copy($scope.realm); - realmCopy.authenticationProviders.splice($scope.authProviderIndex, 1); - - $scope.changed = false; - Realm.update(realmCopy, function () { - $location.url("/realms/" + realm.realm + "/auth-settings"); - Notifications.success("Authentication provider has been deleted."); - }); - }); - }; -}); - module.controller('RealmAuditCtrl', function($scope, auditConfig, RealmAudit, RealmAuditEvents, realm, serverInfo, $location, Notifications, TimeUnit, Dialog) { $scope.realm = realm; diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/users.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/users.js index 2b17931e078..66441ddd6e0 100755 --- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/users.js +++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/users.js @@ -564,7 +564,7 @@ module.controller('LDAPCtrl', function($scope, $location, Notifications, Dialog, $scope.testAuthentication = function() { console.log('LDAPCtrl: testAuthentication'); - RealmLDAPConnectionTester.get(initConnectionTest("testAuthentication", $scope.realm.ldapServer), function() { + RealmLDAPConnectionTester.get(initConnectionTest("testAuthentication", $scope.instance.config), function() { Notifications.success("LDAP authentication successful."); }, function() { Notifications.error("LDAP authentication failed. See server.log for details"); diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-auth-detail.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-auth-detail.html deleted file mode 100644 index da9282d5122..00000000000 --- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-auth-detail.html +++ /dev/null @@ -1,70 +0,0 @@ -
-
- - -
- -

{{realm.realm}} Add Authentication provider

- -

{{authProvider.providerName|capitalize}}'s Attributes

- -
-
-
- -
-
-
- -
-
-
-
- -
- -
- -
-
- -
- - -
- -
-
- -
- -
- - -
- -
- - - -
- -
-
-
\ No newline at end of file diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-auth-list.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-auth-list.html deleted file mode 100644 index 8acd99c3242..00000000000 --- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-auth-list.html +++ /dev/null @@ -1,46 +0,0 @@ -
-
- -
- -

{{realm.realm}} Authentication Providers

- - - - - - - - - - - - - - - - - - - - - - -
- -
Provider NamePassword Update SupportedConfiguration
{{authProvider.providerName|capitalize}}{{authProvider.passwordUpdateSupported}} - - - - - -
{{key}}{{value}}
-
No authentication providers available
-
-
\ No newline at end of file diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-ldap.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-ldap.html deleted file mode 100644 index edf8eced937..00000000000 --- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-ldap.html +++ /dev/null @@ -1,88 +0,0 @@ -
-
- -
- -

{{realm.realm}} Ldap Server Settings

-

* Required fields

-
- -
- Required Settings -
- -
-
- -
-
-
-
- -
-
- -
-
-
-
- -
- -
-
-
- -
- -
- -
-
- -
- -
-
-
- -
- -
-
-
- -
- -
-
-
- -
- -
- -
-
- -
- - -
-
-
-
\ No newline at end of file diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/templates/kc-navigation.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/templates/kc-navigation.html index 42687297202..d684fc5ba94 100755 --- a/forms/common-themes/src/main/resources/theme/admin/base/resources/templates/kc-navigation.html +++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/templates/kc-navigation.html @@ -6,6 +6,4 @@
  • Credentials
  • Keys
  • Email
  • -
  • Ldap
  • -
  • Authentication
  • \ No newline at end of file diff --git a/model/api/src/main/java/org/keycloak/models/AuthenticationLinkModel.java b/model/api/src/main/java/org/keycloak/models/AuthenticationLinkModel.java deleted file mode 100644 index 8cc0bd8ee0d..00000000000 --- a/model/api/src/main/java/org/keycloak/models/AuthenticationLinkModel.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.keycloak.models; - -/** - * Link between user and authentication provider - * - * @author Marek Posolda - */ -public class AuthenticationLinkModel { - - private String authProvider; - private String authUserId; - - public AuthenticationLinkModel() {}; - - public AuthenticationLinkModel(String authProvider, String authUserId) { - this.authProvider = authProvider; - this.authUserId = authUserId; - } - - public String getAuthUserId() { - return authUserId; - } - - public void setAuthUserId(String authUserId) { - this.authUserId = authUserId; - } - - public String getAuthProvider() { - return authProvider; - } - - public void setAuthProvider(String authProvider) { - this.authProvider = authProvider; - } -} diff --git a/model/api/src/main/java/org/keycloak/models/AuthenticationProviderModel.java b/model/api/src/main/java/org/keycloak/models/AuthenticationProviderModel.java deleted file mode 100755 index 8aaf97fe809..00000000000 --- a/model/api/src/main/java/org/keycloak/models/AuthenticationProviderModel.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.keycloak.models; - -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; - -/** - * @author Marek Posolda - */ -public class AuthenticationProviderModel { - - public static final AuthenticationProviderModel DEFAULT_PROVIDER = new AuthenticationProviderModel("model", true, Collections.EMPTY_MAP); - - private String providerName; - private boolean passwordUpdateSupported = true; - private Map config = new HashMap(); - - public AuthenticationProviderModel() {}; - - public AuthenticationProviderModel(String providerName, boolean passwordUpdateSupported, Map config) { - this.providerName = providerName; - this.passwordUpdateSupported = passwordUpdateSupported; - if (config != null) { - this.config.putAll(config); - } - } - - public String getProviderName() { - return providerName; - } - - public void setProviderName(String providerName) { - this.providerName = providerName; - } - - public boolean isPasswordUpdateSupported() { - return passwordUpdateSupported; - } - - public void setPasswordUpdateSupported(boolean passwordUpdateSupported) { - this.passwordUpdateSupported = passwordUpdateSupported; - } - - public Map getConfig() { - return config; - } - - public void setConfig(Map config) { - this.config = config; - } -} diff --git a/model/api/src/main/java/org/keycloak/models/KeycloakSession.java b/model/api/src/main/java/org/keycloak/models/KeycloakSession.java index 506d211b259..3dc38e57c1f 100755 --- a/model/api/src/main/java/org/keycloak/models/KeycloakSession.java +++ b/model/api/src/main/java/org/keycloak/models/KeycloakSession.java @@ -51,7 +51,7 @@ public interface KeycloakSession { * * @return */ - UserProvider users(); + UserFederationManager users(); /** * Keycloak user storage. Non-federated, but possibly cache (if it is on) view of users. diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java index 1fe666da53e..633756f7314 100755 --- a/model/api/src/main/java/org/keycloak/models/RealmModel.java +++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java @@ -159,14 +159,6 @@ public interface RealmModel extends RoleContainerModel { void setSocialConfig(Map socialConfig); - Map getLdapServerConfig(); - - void setLdapServerConfig(Map ldapServerConfig); - - List getAuthenticationProviders(); - - void setAuthenticationProviders(List authenticationProviders); - List getUserFederationProviders(); UserFederationProviderModel addUserFederationProvider(String providerName, Map config, int priority, String displayName); diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java index aa197d29371..489fb4e4339 100755 --- a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java +++ b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java @@ -302,16 +302,27 @@ public class UserFederationManager implements UserProvider { session.userStorage().preRemove(realm, role); } + public void updateCredential(RealmModel realm, UserModel user, UserCredentialModel credential) { + if (credential.getType().equals(UserCredentialModel.PASSWORD)) { + if (realm.getPasswordPolicy() != null) { + String error = realm.getPasswordPolicy().validate(credential.getValue()); + if (error != null) throw new ModelException(error); + } + } + user.updateCredential(credential); + } + @Override public boolean validCredentials(RealmModel realm, UserModel user, List input) { UserFederationProvider link = getFederationLink(realm, user); if (link != null) { validateUser(realm, user); - if (link.getSupportedCredentialTypes(user).size() > 0) { + Set supportedCredentialTypes = link.getSupportedCredentialTypes(user); + if (supportedCredentialTypes.size() > 0) { List fedCreds = new ArrayList(); List localCreds = new ArrayList(); for (UserCredentialModel cred : input) { - if (fedCreds.contains(cred.getType())) { + if (supportedCredentialTypes.contains(cred.getType())) { fedCreds.add(cred); } else { localCreds.add(cred); diff --git a/model/api/src/main/java/org/keycloak/models/UserModel.java b/model/api/src/main/java/org/keycloak/models/UserModel.java index 52f398eff70..1047ad252bd 100755 --- a/model/api/src/main/java/org/keycloak/models/UserModel.java +++ b/model/api/src/main/java/org/keycloak/models/UserModel.java @@ -64,12 +64,6 @@ public interface UserModel { void updateCredentialDirectly(UserCredentialValueModel cred); - AuthenticationLinkModel getAuthenticationLink(); - - void setAuthenticationLink(AuthenticationLinkModel authenticationLink); - - - Set getRealmRoleMappings(); Set getApplicationRoleMappings(ApplicationModel app); boolean hasRole(RoleModel role); diff --git a/model/api/src/main/java/org/keycloak/models/entities/AuthenticationLinkEntity.java b/model/api/src/main/java/org/keycloak/models/entities/AuthenticationLinkEntity.java deleted file mode 100644 index 8475b54a47a..00000000000 --- a/model/api/src/main/java/org/keycloak/models/entities/AuthenticationLinkEntity.java +++ /dev/null @@ -1,26 +0,0 @@ -package org.keycloak.models.entities; - -/** - * @author Marek Posolda - */ -public class AuthenticationLinkEntity { - - private String authUserId; - private String authProvider; - - public String getAuthUserId() { - return authUserId; - } - - public void setAuthUserId(String authUserId) { - this.authUserId = authUserId; - } - - public String getAuthProvider() { - return authProvider; - } - - public void setAuthProvider(String authProvider) { - this.authProvider = authProvider; - } -} diff --git a/model/api/src/main/java/org/keycloak/models/entities/AuthenticationProviderEntity.java b/model/api/src/main/java/org/keycloak/models/entities/AuthenticationProviderEntity.java deleted file mode 100644 index 147885d1f07..00000000000 --- a/model/api/src/main/java/org/keycloak/models/entities/AuthenticationProviderEntity.java +++ /dev/null @@ -1,37 +0,0 @@ -package org.keycloak.models.entities; - -import java.util.Map; - -/** - * @author Marek Posolda - */ -public class AuthenticationProviderEntity { - - private String providerName; - private boolean passwordUpdateSupported; - private Map config; - - public String getProviderName() { - return providerName; - } - - public void setProviderName(String providerName) { - this.providerName = providerName; - } - - public boolean isPasswordUpdateSupported() { - return passwordUpdateSupported; - } - - public void setPasswordUpdateSupported(boolean passwordUpdateSupported) { - this.passwordUpdateSupported = passwordUpdateSupported; - } - - public Map getConfig() { - return config; - } - - public void setConfig(Map config) { - this.config = config; - } -} diff --git a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java index 59ac5161272..8d3779b54e9 100755 --- a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java +++ b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java @@ -50,12 +50,10 @@ public class RealmEntity extends AbstractIdentifiableEntity { private List defaultRoles = new ArrayList(); private List requiredCredentials = new ArrayList(); - private List authenticationProviders = new ArrayList(); private List userFederationProviders = new ArrayList(); private Map smtpConfig = new HashMap(); private Map socialConfig = new HashMap(); - private Map ldapServerConfig = new HashMap(); private boolean auditEnabled; private long auditExpiration; @@ -319,14 +317,6 @@ public class RealmEntity extends AbstractIdentifiableEntity { this.requiredCredentials = requiredCredentials; } - public List getAuthenticationProviders() { - return authenticationProviders; - } - - public void setAuthenticationProviders(List authenticationProviders) { - this.authenticationProviders = authenticationProviders; - } - public Map getSmtpConfig() { return smtpConfig; } @@ -343,14 +333,6 @@ public class RealmEntity extends AbstractIdentifiableEntity { this.socialConfig = socialConfig; } - public Map getLdapServerConfig() { - return ldapServerConfig; - } - - public void setLdapServerConfig(Map ldapServerConfig) { - this.ldapServerConfig = ldapServerConfig; - } - public boolean isAuditEnabled() { return auditEnabled; } diff --git a/model/api/src/main/java/org/keycloak/models/entities/UserEntity.java b/model/api/src/main/java/org/keycloak/models/entities/UserEntity.java index 9aa0b0b576e..50be198d335 100755 --- a/model/api/src/main/java/org/keycloak/models/entities/UserEntity.java +++ b/model/api/src/main/java/org/keycloak/models/entities/UserEntity.java @@ -27,7 +27,6 @@ public class UserEntity extends AbstractIdentifiableEntity { private List requiredActions; private List credentials = new ArrayList(); private List socialLinks; - private AuthenticationLinkEntity authenticationLink; private String federationLink; public String getUsername() { @@ -134,14 +133,6 @@ public class UserEntity extends AbstractIdentifiableEntity { this.socialLinks = socialLinks; } - public AuthenticationLinkEntity getAuthenticationLink() { - return authenticationLink; - } - - public void setAuthenticationLink(AuthenticationLinkEntity authenticationLink) { - this.authenticationLink = authenticationLink; - } - public String getFederationLink() { return federationLink; } diff --git a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java index b6495ab9807..c201a77cff0 100755 --- a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java +++ b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java @@ -1,7 +1,6 @@ package org.keycloak.models.utils; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationProviderModel; import org.keycloak.models.ClaimMask; import org.keycloak.models.ClientModel; import org.keycloak.models.ClientSessionModel; @@ -17,7 +16,6 @@ import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; import org.keycloak.representations.idm.UserFederationProviderRepresentation; import org.keycloak.representations.idm.ApplicationRepresentation; -import org.keycloak.representations.idm.AuthenticationProviderRepresentation; import org.keycloak.representations.idm.ClaimRepresentation; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.OAuthClientRepresentation; @@ -107,7 +105,6 @@ public class ModelToRepresentation { rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction()); rep.setSmtpServer(realm.getSmtpConfig()); rep.setSocialProviders(realm.getSocialConfig()); - rep.setLdapServer(realm.getLdapServerConfig()); rep.setAccountTheme(realm.getAccountTheme()); rep.setLoginTheme(realm.getLoginTheme()); rep.setAdminTheme(realm.getAdminTheme()); @@ -133,18 +130,6 @@ public class ModelToRepresentation { } } - List authProviderModels = realm.getAuthenticationProviders(); - if (authProviderModels.size() > 0) { - List authProviderReps = new ArrayList(); - for (AuthenticationProviderModel model : authProviderModels) { - AuthenticationProviderRepresentation authProvRep = new AuthenticationProviderRepresentation(); - authProvRep.setProviderName(model.getProviderName()); - authProvRep.setPasswordUpdateSupported(model.isPasswordUpdateSupported()); - authProvRep.setConfig(model.getConfig()); - authProviderReps.add(authProvRep); - } - rep.setAuthenticationProviders(authProviderReps); - } List fedProviderModels = realm.getUserFederationProviders(); if (fedProviderModels.size() > 0) { List fedProviderReps = new ArrayList(); diff --git a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index c7ab432b25c..ca22cf0ba5e 100755 --- a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -3,8 +3,6 @@ package org.keycloak.models.utils; import net.iharder.Base64; import org.jboss.logging.Logger; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationLinkModel; -import org.keycloak.models.AuthenticationProviderModel; import org.keycloak.models.ClaimMask; import org.keycloak.models.ClientModel; import org.keycloak.models.UserFederationProviderModel; @@ -20,8 +18,6 @@ import org.keycloak.models.UserModel; import org.keycloak.enums.SslRequired; import org.keycloak.representations.idm.UserFederationProviderRepresentation; import org.keycloak.representations.idm.ApplicationRepresentation; -import org.keycloak.representations.idm.AuthenticationLinkRepresentation; -import org.keycloak.representations.idm.AuthenticationProviderRepresentation; import org.keycloak.representations.idm.ClaimRepresentation; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.OAuthClientRepresentation; @@ -34,7 +30,6 @@ import org.keycloak.representations.idm.UserRepresentation; import java.io.IOException; import java.net.URI; import java.util.ArrayList; -import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -204,18 +199,6 @@ public class RepresentationToModel { if (rep.getSocialProviders() != null) { newRealm.setSocialConfig(new HashMap(rep.getSocialProviders())); } - if (rep.getLdapServer() != null) { - newRealm.setLdapServerConfig(new HashMap(rep.getLdapServer())); - } - - if (rep.getAuthenticationProviders() != null) { - List authProviderModels = convertAuthenticationProviders(rep.getAuthenticationProviders()); - newRealm.setAuthenticationProviders(authProviderModels); - } else { - List authProviderModels = Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER); - newRealm.setAuthenticationProviders(authProviderModels); - } - if (rep.getUserFederationProviders() != null) { List providerModels = convertFederationProviders(rep.getUserFederationProviders()); newRealm.setUserFederationProviders(providerModels); @@ -280,14 +263,6 @@ public class RepresentationToModel { realm.setSocialConfig(new HashMap(rep.getSocialProviders())); } - if (rep.getLdapServer() != null) { - realm.setLdapServerConfig(new HashMap(rep.getLdapServer())); - } - if (rep.getAuthenticationProviders() != null) { - List authProviderModels = convertAuthenticationProviders(rep.getAuthenticationProviders()); - realm.setAuthenticationProviders(authProviderModels); - } - if (rep.getUserFederationProviders() != null) { List providerModels = convertFederationProviders(rep.getUserFederationProviders()); realm.setUserFederationProviders(providerModels); @@ -305,17 +280,6 @@ public class RepresentationToModel { } - private static List convertAuthenticationProviders(List authenticationProviders) { - List result = new ArrayList(); - - for (AuthenticationProviderRepresentation representation : authenticationProviders) { - AuthenticationProviderModel model = new AuthenticationProviderModel(representation.getProviderName(), - representation.isPasswordUpdateSupported(), representation.getConfig()); - result.add(model); - } - return result; - } - private static List convertFederationProviders(List providers) { List result = new ArrayList(); @@ -624,11 +588,6 @@ public class RepresentationToModel { updateCredential(user, cred); } } - if (userRep.getAuthenticationLink() != null) { - AuthenticationLinkRepresentation link = userRep.getAuthenticationLink(); - AuthenticationLinkModel authLink = new AuthenticationLinkModel(link.getAuthProvider(), link.getAuthUserId()); - user.setAuthenticationLink(authLink); - } if (userRep.getSocialLinks() != null) { for (SocialLinkRepresentation socialLink : userRep.getSocialLinks()) { SocialLinkModel mappingModel = new SocialLinkModel(socialLink.getSocialProvider(), socialLink.getSocialUserId(), socialLink.getSocialUsername()); diff --git a/model/api/src/main/java/org/keycloak/models/utils/UserModelDelegate.java b/model/api/src/main/java/org/keycloak/models/utils/UserModelDelegate.java index cabdc568ca3..90f54bd2ff7 100755 --- a/model/api/src/main/java/org/keycloak/models/utils/UserModelDelegate.java +++ b/model/api/src/main/java/org/keycloak/models/utils/UserModelDelegate.java @@ -1,7 +1,6 @@ package org.keycloak.models.utils; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationLinkModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserCredentialValueModel; @@ -147,16 +146,6 @@ public class UserModelDelegate implements UserModel { delegate.updateCredentialDirectly(cred); } - @Override - public AuthenticationLinkModel getAuthenticationLink() { - return delegate.getAuthenticationLink(); - } - - @Override - public void setAuthenticationLink(AuthenticationLinkModel authenticationLink) { - delegate.setAuthenticationLink(authenticationLink); - } - @Override public Set getRealmRoleMappings() { return delegate.getRealmRoleMappings(); diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java index 7964c9df95c..a8f1d6165a1 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java @@ -2,7 +2,6 @@ package org.keycloak.models.cache; import org.keycloak.Config; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationProviderModel; import org.keycloak.models.ClientModel; import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.OAuthClientModel; @@ -582,30 +581,6 @@ public class RealmAdapter implements RealmModel { updated.setSocialConfig(socialConfig); } - @Override - public Map getLdapServerConfig() { - if (updated != null) return updated.getLdapServerConfig(); - return cached.getLdapServerConfig(); - } - - @Override - public void setLdapServerConfig(Map ldapServerConfig) { - getDelegateForUpdate(); - updated.setLdapServerConfig(ldapServerConfig); - } - - @Override - public List getAuthenticationProviders() { - if (updated != null) return updated.getAuthenticationProviders(); - return cached.getAuthenticationProviders(); - } - - @Override - public void setAuthenticationProviders(List authenticationProviders) { - getDelegateForUpdate(); - updated.setAuthenticationProviders(authenticationProviders); - } - @Override public List getUserFederationProviders() { if (updated != null) return updated.getUserFederationProviders(); diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java index 9f4ffe3d483..14aea05e470 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java @@ -1,7 +1,6 @@ package org.keycloak.models.cache; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationLinkModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleContainerModel; @@ -191,18 +190,6 @@ public class UserAdapter implements UserModel { updated.updateCredentialDirectly(cred); } - @Override - public AuthenticationLinkModel getAuthenticationLink() { - if (updated != null) return updated.getAuthenticationLink(); - return cached.getAuthenticationLink(); - } - - @Override - public void setAuthenticationLink(AuthenticationLinkModel authenticationLink) { - getDelegateForUpdate(); - updated.setAuthenticationLink(authenticationLink); - } - @Override public String getFederationLink() { if (updated != null) return updated.getFederationLink(); diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java index 6900ad3b721..fc8cc0b4495 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java @@ -1,7 +1,6 @@ package org.keycloak.models.cache.entities; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationProviderModel; import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.RealmProvider; import org.keycloak.models.OAuthClientModel; @@ -65,12 +64,10 @@ public class CachedRealm { private String masterAdminApp; private List requiredCredentials = new ArrayList(); - private List authenticationProviders = new ArrayList(); private List userFederationProviders = new ArrayList(); private Map smtpConfig = new HashMap(); private Map socialConfig = new HashMap(); - private Map ldapServerConfig = new HashMap(); private boolean auditEnabled; private long auditExpiration; @@ -122,12 +119,10 @@ public class CachedRealm { emailTheme = model.getEmailTheme(); requiredCredentials = model.getRequiredCredentials(); - authenticationProviders = model.getAuthenticationProviders(); userFederationProviders = model.getUserFederationProviders(); smtpConfig.putAll(model.getSmtpConfig()); socialConfig.putAll(model.getSocialConfig()); - ldapServerConfig.putAll(model.getLdapServerConfig()); auditEnabled = model.isAuditEnabled(); auditExpiration = model.getAuditExpiration(); @@ -292,14 +287,6 @@ public class CachedRealm { return socialConfig; } - public Map getLdapServerConfig() { - return ldapServerConfig; - } - - public List getAuthenticationProviders() { - return authenticationProviders; - } - public String getLoginTheme() { return loginTheme; } diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java index a3760123734..1e247a7aa0b 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java @@ -1,6 +1,5 @@ package org.keycloak.models.cache.entities; -import org.keycloak.models.AuthenticationLinkModel; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserCredentialValueModel; @@ -27,7 +26,6 @@ public class CachedUser { private List credentials = new LinkedList(); private boolean enabled; private boolean totp; - private AuthenticationLinkModel authenticationLink; private String federationLink; private Map attributes = new HashMap(); private Set requiredActions = new HashSet(); @@ -47,7 +45,6 @@ public class CachedUser { this.totp = user.isTotp(); this.federationLink = user.getFederationLink(); this.requiredActions.addAll(user.getRequiredActions()); - this.authenticationLink = user.getAuthenticationLink(); for (RoleModel role : user.getRoleMappings()) { roleMappings.add(role.getId()); } @@ -101,10 +98,6 @@ public class CachedUser { return roleMappings; } - public AuthenticationLinkModel getAuthenticationLink() { - return authenticationLink; - } - public String getFederationLink() { return federationLink; } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java index b3e5bf767c0..326c3aa3fb5 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java @@ -8,7 +8,6 @@ import org.keycloak.models.SocialLinkModel; import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserProvider; -import org.keycloak.models.jpa.entities.AuthenticationLinkEntity; import org.keycloak.models.jpa.entities.SocialLinkEntity; import org.keycloak.models.jpa.entities.UserEntity; import org.keycloak.models.utils.CredentialValidation; @@ -80,11 +79,6 @@ public class JpaUserProvider implements UserProvider { private void removeUser(UserEntity user) { em.createNamedQuery("deleteUserRoleMappingsByUser").setParameter("user", user).executeUpdate(); em.createNamedQuery("deleteSocialLinkByUser").setParameter("user", user).executeUpdate(); - if (user.getAuthenticationLink() != null) { - for (AuthenticationLinkEntity l : user.getAuthenticationLink()) { - em.remove(l); - } - } em.remove(user); } @@ -127,8 +121,6 @@ public class JpaUserProvider implements UserProvider { .setParameter("realmId", realm.getId()).executeUpdate(); num = em.createNamedQuery("deleteUserAttributesByRealm") .setParameter("realmId", realm.getId()).executeUpdate(); - num = em.createNamedQuery("deleteAuthenticationLinksByRealm") - .setParameter("realmId", realm.getId()).executeUpdate(); num = em.createNamedQuery("deleteUsersByRealm") .setParameter("realmId", realm.getId()).executeUpdate(); } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java index aaab7fe0d2b..9822e98b90f 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java @@ -1,7 +1,6 @@ package org.keycloak.models.jpa; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationProviderModel; import org.keycloak.models.ClientModel; import org.keycloak.models.UserFederationProviderModel; import org.keycloak.enums.SslRequired; @@ -13,7 +12,6 @@ import org.keycloak.models.RealmModel; import org.keycloak.models.RequiredCredentialModel; import org.keycloak.models.RoleModel; import org.keycloak.models.jpa.entities.ApplicationEntity; -import org.keycloak.models.jpa.entities.AuthenticationProviderEntity; import org.keycloak.models.jpa.entities.OAuthClientEntity; import org.keycloak.models.jpa.entities.RealmEntity; import org.keycloak.models.jpa.entities.RequiredCredentialEntity; @@ -660,74 +658,6 @@ public class RealmAdapter implements RealmModel { em.flush(); } - @Override - public Map getLdapServerConfig() { - return realm.getLdapServerConfig(); - } - - @Override - public void setLdapServerConfig(Map ldapServerConfig) { - realm.setLdapServerConfig(ldapServerConfig); - em.flush(); - } - - @Override - public List getAuthenticationProviders() { - List entities = realm.getAuthenticationProviders(); - List copy = new ArrayList(); - for (AuthenticationProviderEntity entity : entities) { - copy.add(entity); - - } - Collections.sort(copy, new Comparator() { - - @Override - public int compare(AuthenticationProviderEntity o1, AuthenticationProviderEntity o2) { - return o1.getPriority() - o2.getPriority(); - } - - }); - List result = new ArrayList(); - for (AuthenticationProviderEntity entity : copy) { - result.add(new AuthenticationProviderModel(entity.getProviderName(), entity.isPasswordUpdateSupported(), entity.getConfig())); - } - - return result; - } - - @Override - public void setAuthenticationProviders(List authenticationProviders) { - List newEntities = new ArrayList(); - int counter = 1; - for (AuthenticationProviderModel model : authenticationProviders) { - AuthenticationProviderEntity entity = new AuthenticationProviderEntity(); - entity.setRealm(realm); - entity.setProviderName(model.getProviderName()); - entity.setPasswordUpdateSupported(model.isPasswordUpdateSupported()); - entity.setConfig(model.getConfig()); - entity.setPriority(counter++); - newEntities.add(entity); - } - - // Remove all existing first - Collection existing = realm.getAuthenticationProviders(); - Collection copy = new ArrayList(existing); - for (AuthenticationProviderEntity apToRemove : copy) { - existing.remove(apToRemove); - em.remove(apToRemove); - } - - em.flush(); - - // Now create all new providers - for (AuthenticationProviderEntity apToAdd : newEntities) { - existing.add(apToAdd); - em.persist(apToAdd); - } - - em.flush(); - } - @Override public List getUserFederationProviders() { List entities = realm.getUserFederationProviders(); diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java index 949efba293c..5ef06fa1ad3 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java @@ -1,7 +1,6 @@ package org.keycloak.models.jpa; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationLinkModel; import org.keycloak.models.PasswordPolicy; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleContainerModel; @@ -9,7 +8,6 @@ import org.keycloak.models.RoleModel; import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserCredentialValueModel; import org.keycloak.models.UserModel; -import org.keycloak.models.jpa.entities.AuthenticationLinkEntity; import org.keycloak.models.jpa.entities.CredentialEntity; import org.keycloak.models.jpa.entities.UserAttributeEntity; import org.keycloak.models.jpa.entities.UserEntity; @@ -21,11 +19,9 @@ import org.keycloak.models.utils.Pbkdf2PasswordEncoder; import javax.persistence.EntityManager; import javax.persistence.TypedQuery; import java.util.ArrayList; -import java.util.Collection; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; -import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.Set; @@ -383,36 +379,6 @@ public class UserAdapter implements UserModel { return roles; } - @Override - public AuthenticationLinkModel getAuthenticationLink() { - Collection col = user.getAuthenticationLink(); - if (col == null || col.isEmpty()) { - return null; - } - AuthenticationLinkEntity authLinkEntity = col.iterator().next(); - return new AuthenticationLinkModel(authLinkEntity.getAuthProvider(), authLinkEntity.getAuthUserId()); - } - - @Override - public void setAuthenticationLink(AuthenticationLinkModel authenticationLink) { - AuthenticationLinkEntity entity = new AuthenticationLinkEntity(); - entity.setAuthProvider(authenticationLink.getAuthProvider()); - entity.setAuthUserId(authenticationLink.getAuthUserId()); - entity.setUser(user); - - if (user.getAuthenticationLink() == null) { - user.setAuthenticationLink(new LinkedList()); - } else if (!user.getAuthenticationLink().isEmpty()) { - AuthenticationLinkEntity old = user.getAuthenticationLink().iterator().next(); - user.getAuthenticationLink().clear(); - em.remove(old); - } - - user.getAuthenticationLink().add(entity); - em.persist(entity); - em.flush(); - } - @Override public String getFederationLink() { return user.getFederationLink(); diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationLinkEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationLinkEntity.java deleted file mode 100755 index e21b4fc8f03..00000000000 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationLinkEntity.java +++ /dev/null @@ -1,105 +0,0 @@ -package org.keycloak.models.jpa.entities; - -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.Id; -import javax.persistence.IdClass; -import javax.persistence.JoinColumn; -import javax.persistence.ManyToOne; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.OneToMany; -import javax.persistence.Table; -import java.io.Serializable; - -/** - * @author Marek Posolda - */ -@NamedQueries({ - @NamedQuery(name="deleteAuthenticationLinksByRealm", query="delete from AuthenticationLinkEntity authLink where authLink.user IN (select u from UserEntity u where u.realmId=:realmId)") -}) -@Table(name="AUTHENTICATION_LINK") -@Entity -@IdClass(AuthenticationLinkEntity.Key.class) -public class AuthenticationLinkEntity { - - @Id - @Column(name="AUTH_PROVIDER") - protected String authProvider; - @Column(name="AUTH_USER_ID") - protected String authUserId; - - @Id - @ManyToOne(fetch = FetchType.LAZY) - @JoinColumn(name="USER_ID") - protected UserEntity user; - - public String getAuthProvider() { - return authProvider; - } - - public void setAuthProvider(String authProvider) { - this.authProvider = authProvider; - } - - public String getAuthUserId() { - return authUserId; - } - - public void setAuthUserId(String authUserId) { - this.authUserId = authUserId; - } - - public UserEntity getUser() { - return user; - } - - public void setUser(UserEntity user) { - this.user = user; - } - - public static class Key implements Serializable { - - protected UserEntity user; - - protected String authProvider; - - public Key() { - } - - public Key(UserEntity user, String authProvider) { - this.user = user; - this.authProvider = authProvider; - } - - public UserEntity getUser() { - return user; - } - - public String getAuthProvider() { - return authProvider; - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - - Key key = (Key) o; - - if (authProvider != null ? !authProvider.equals(key.authProvider) : key.authProvider != null) return false; - if (user != null ? !user.getId().equals(key.user != null ? key.user.getId() : null) : key.user != null) return false; - - return true; - } - - @Override - public int hashCode() { - int result = user != null ? user.getId().hashCode() : 0; - result = 31 * result + (authProvider != null ? authProvider.hashCode() : 0); - return result; - } - } - -} diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationProviderEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationProviderEntity.java deleted file mode 100755 index 89cfe49e50c..00000000000 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationProviderEntity.java +++ /dev/null @@ -1,129 +0,0 @@ -package org.keycloak.models.jpa.entities; - -import javax.persistence.CollectionTable; -import javax.persistence.Column; -import javax.persistence.ElementCollection; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.Id; -import javax.persistence.IdClass; -import javax.persistence.JoinColumn; -import javax.persistence.ManyToOne; -import javax.persistence.MapKeyColumn; -import javax.persistence.Table; -import java.io.Serializable; -import java.util.Map; - -/** - * @author Marek Posolda - */ -@Entity -@Table(name="AUTH_PROVIDER") -@IdClass(AuthenticationProviderEntity.Key.class) -public class AuthenticationProviderEntity { - - @Id - @ManyToOne(fetch = FetchType.LAZY) - @JoinColumn(name = "REALM_ID") - protected RealmEntity realm; - - @Id - @Column(name="PROVIDER_NAME") - private String providerName; - @Column(name="PASSWORD_UPDATE_SUPPORTED") - private boolean passwordUpdateSupported; - @Column(name="PRIORITY") - private int priority; - - @ElementCollection - @MapKeyColumn(name="NAME") - @Column(name="VALUE") - @CollectionTable(name="AUTH_PROVIDER_CONFIG", joinColumns = { - @JoinColumn(name="REALM_ID", referencedColumnName = "REALM_ID"), - @JoinColumn(name="AUTH_PROVIDER_NAME", referencedColumnName = "PROVIDER_NAME")}) - private Map config; - - public RealmEntity getRealm() { - return realm; - } - - public void setRealm(RealmEntity realm) { - this.realm = realm; - } - - public String getProviderName() { - return providerName; - } - - public void setProviderName(String providerName) { - this.providerName = providerName; - } - - public boolean isPasswordUpdateSupported() { - return passwordUpdateSupported; - } - - public void setPasswordUpdateSupported(boolean passwordUpdateSupported) { - this.passwordUpdateSupported = passwordUpdateSupported; - } - - public int getPriority() { - return priority; - } - - public void setPriority(int priority) { - this.priority = priority; - } - - public Map getConfig() { - return config; - } - - public void setConfig(Map config) { - this.config = config; - } - - public static class Key implements Serializable { - - protected RealmEntity realm; - - protected String providerName; - - public Key() { - } - - public Key(RealmEntity realm, String providerName) { - this.realm = realm; - this.providerName = providerName; - } - - public RealmEntity getRealm() { - return realm; - } - - public String getProviderName() { - return providerName; - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - - Key key = (Key) o; - - if (providerName != null ? !providerName.equals(key.providerName) : key.providerName != null) return false; - if (realm != null ? !realm.getId().equals(key.realm != null ? key.realm.getId() : null) : key.realm != null) return false; - - return true; - } - - @Override - public int hashCode() { - int result = realm != null ? realm.getId().hashCode() : 0; - result = 31 * result + (providerName != null ? providerName.hashCode() : 0); - return result; - } - } - -} diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java index edf244d5e8a..39e35c16c31 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java @@ -112,9 +112,6 @@ public class RealmEntity { Collection requiredCredentials = new ArrayList(); - @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm") - List authenticationProviders = new ArrayList(); - @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true) @JoinTable(name="FED_PROVIDERS") List userFederationProviders = new ArrayList(); @@ -138,12 +135,6 @@ public class RealmEntity { @CollectionTable(name="REALM_SOCIAL_CONFIG", joinColumns={ @JoinColumn(name="REALM_ID") }) protected Map socialConfig = new HashMap(); - @ElementCollection - @MapKeyColumn(name="NAME") - @Column(name="VALUE") - @CollectionTable(name="REALM_LDAP_CONFIG", joinColumns={ @JoinColumn(name="REALM_ID") }) - protected Map ldapServerConfig = new HashMap(); - @OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true) @JoinTable(name="REALM_DEFAULT_ROLES", joinColumns = { @JoinColumn(name="REALM_ID")}, inverseJoinColumns = { @JoinColumn(name="ROLE_ID")}) protected Collection defaultRoles = new ArrayList(); @@ -314,14 +305,6 @@ public class RealmEntity { this.requiredCredentials = requiredCredentials; } - public List getAuthenticationProviders() { - return authenticationProviders; - } - - public void setAuthenticationProviders(List authenticationProviders) { - this.authenticationProviders = authenticationProviders; - } - public Collection getApplications() { return applications; } @@ -361,14 +344,6 @@ public class RealmEntity { this.socialConfig = socialConfig; } - public Map getLdapServerConfig() { - return ldapServerConfig; - } - - public void setLdapServerConfig(Map ldapServerConfig) { - this.ldapServerConfig = ldapServerConfig; - } - public Collection getDefaultRoles() { return defaultRoles; } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java index 31e139a41f7..9180184f74c 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java @@ -85,9 +85,6 @@ public class UserEntity { @Column(name="federation_link") protected String federationLink; - @OneToMany(cascade = CascadeType.REMOVE, orphanRemoval = true, mappedBy="user") - protected Collection authenticationLink; - public String getId() { return id; } @@ -193,14 +190,6 @@ public class UserEntity { this.credentials = credentials; } - public Collection getAuthenticationLink() { - return authenticationLink; - } - - public void setAuthenticationLink(Collection authenticationLink) { - this.authenticationLink = authenticationLink; - } - public String getFederationLink() { return federationLink; } diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java index 0b549ab4032..ea75bb135d0 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java @@ -5,7 +5,6 @@ import com.mongodb.QueryBuilder; import org.jboss.logging.Logger; import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationProviderModel; import org.keycloak.models.ClientModel; import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.entities.UserFederationProviderEntity; @@ -16,7 +15,6 @@ import org.keycloak.models.PasswordPolicy; import org.keycloak.models.RealmModel; import org.keycloak.models.RequiredCredentialModel; import org.keycloak.models.RoleModel; -import org.keycloak.models.entities.AuthenticationProviderEntity; import org.keycloak.models.entities.RequiredCredentialEntity; import org.keycloak.enums.SslRequired; import org.keycloak.models.mongo.keycloak.entities.MongoApplicationEntity; @@ -758,43 +756,6 @@ public class RealmAdapter extends AbstractMongoAdapter impleme updateRealm(); } - @Override - public Map getLdapServerConfig() { - return realm.getLdapServerConfig(); - } - - @Override - public void setLdapServerConfig(Map ldapServerConfig) { - realm.setLdapServerConfig(ldapServerConfig); - updateRealm(); - } - - @Override - public List getAuthenticationProviders() { - List entities = realm.getAuthenticationProviders(); - List result = new ArrayList(); - for (AuthenticationProviderEntity entity : entities) { - result.add(new AuthenticationProviderModel(entity.getProviderName(), entity.isPasswordUpdateSupported(), entity.getConfig())); - } - - return result; - } - - @Override - public void setAuthenticationProviders(List authenticationProviders) { - List entities = new ArrayList(); - for (AuthenticationProviderModel model : authenticationProviders) { - AuthenticationProviderEntity entity = new AuthenticationProviderEntity(); - entity.setProviderName(model.getProviderName()); - entity.setPasswordUpdateSupported(model.isPasswordUpdateSupported()); - entity.setConfig(model.getConfig()); - entities.add(entity); - } - - realm.setAuthenticationProviders(entities); - updateRealm(); - } - @Override public UserFederationProviderModel addUserFederationProvider(String providerName, Map config, int priority, String displayName) { UserFederationProviderEntity entity = new UserFederationProviderEntity(); diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java index 1d30a5ba5b7..746e1bc9a76 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java @@ -2,7 +2,6 @@ package org.keycloak.models.mongo.keycloak.adapters; import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationLinkModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.PasswordPolicy; import org.keycloak.models.RealmModel; @@ -10,7 +9,6 @@ import org.keycloak.models.RoleModel; import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserCredentialValueModel; import org.keycloak.models.UserModel; -import org.keycloak.models.entities.AuthenticationLinkEntity; import org.keycloak.models.entities.CredentialEntity; import org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity; import org.keycloak.models.mongo.keycloak.entities.MongoUserEntity; @@ -341,27 +339,6 @@ public class UserAdapter extends AbstractMongoAdapter implement } - @Override - public AuthenticationLinkModel getAuthenticationLink() { - AuthenticationLinkEntity authLinkEntity = user.getAuthenticationLink(); - - if (authLinkEntity == null) { - return null; - } else { - return new AuthenticationLinkModel(authLinkEntity.getAuthProvider(), authLinkEntity.getAuthUserId()); - } - } - - @Override - public void setAuthenticationLink(AuthenticationLinkModel authenticationLink) { - AuthenticationLinkEntity authLinkEntity = new AuthenticationLinkEntity(); - authLinkEntity.setAuthProvider(authenticationLink.getAuthProvider()); - authLinkEntity.setAuthUserId(authenticationLink.getAuthUserId()); - user.setAuthenticationLink(authLinkEntity); - - getMongoStore().updateEntity(user, invocationContext); - } - @Override public boolean equals(Object o) { if (this == o) return true; diff --git a/picketlink/pom.xml b/picketlink/pom.xml index dc07ca55a26..30d9b06e735 100755 --- a/picketlink/pom.xml +++ b/picketlink/pom.xml @@ -17,7 +17,6 @@ keycloak-picketlink-api - keycloak-picketlink-realm diff --git a/pom.xml b/pom.xml index 65cf8bd06e7..6e8c88ddd2d 100755 --- a/pom.xml +++ b/pom.xml @@ -96,7 +96,6 @@ audit - authentication core core-jaxrs connections diff --git a/services/pom.xml b/services/pom.xml index 0f82346b166..d52cf592d5b 100755 --- a/services/pom.xml +++ b/services/pom.xml @@ -73,12 +73,6 @@ ${project.version} provided
    - - org.keycloak - keycloak-authentication-api - ${project.version} - provided - org.keycloak keycloak-social-core diff --git a/services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java b/services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java index b6b55c8514f..bf174297378 100755 --- a/services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java +++ b/services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java @@ -127,7 +127,7 @@ public class DefaultKeycloakSession implements KeycloakSession { } @Override - public UserProvider users() { + public UserFederationManager users() { return federationManager; } diff --git a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java index 4d149a58914..559a39dde3f 100755 --- a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java +++ b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java @@ -4,7 +4,6 @@ import org.jboss.logging.Logger; import org.keycloak.Config; import org.keycloak.models.AdminRoles; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationProviderModel; import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; @@ -16,7 +15,6 @@ import org.keycloak.enums.SslRequired; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.representations.idm.CredentialRepresentation; -import java.util.Arrays; import java.util.Collections; /** @@ -61,7 +59,6 @@ public class ApplianceBootstrap { realm.setSslRequired(SslRequired.EXTERNAL); realm.setRegistrationAllowed(false); KeycloakModelUtils.generateRealmKeys(realm); - realm.setAuthenticationProviders(Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER)); realm.setAuditListeners(Collections.singleton("jboss-logging")); @@ -70,7 +67,7 @@ public class ApplianceBootstrap { UserCredentialModel password = new UserCredentialModel(); password.setType(UserCredentialModel.PASSWORD); password.setValue("admin"); - adminUser.updateCredential(password); + session.users().updateCredential(realm, adminUser, password); adminUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD); RoleModel adminRole = realm.getRole(AdminRoles.ADMIN); diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index e6cd6c93981..b4e68c40690 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -3,11 +3,7 @@ package org.keycloak.services.managers; import org.jboss.logging.Logger; import org.keycloak.RSATokenVerifier; import org.keycloak.VerificationException; -import org.keycloak.authentication.AuthProviderStatus; -import org.keycloak.authentication.AuthUser; -import org.keycloak.authentication.AuthenticationProviderManager; import org.keycloak.jose.jws.JWSBuilder; -import org.keycloak.models.AuthenticationLinkModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RequiredCredentialModel; @@ -29,6 +25,8 @@ import javax.ws.rs.core.NewCookie; import javax.ws.rs.core.UriInfo; import java.net.URI; import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; import java.util.Set; /** @@ -257,20 +255,8 @@ public class AuthenticationManager { UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username); if (user == null) { - AuthUser authUser = AuthenticationProviderManager.getManager(realm, session).getUser(username); - if (authUser != null) { - // Create new user and link him with authentication provider - user = session.users().addUser(realm, authUser.getUsername()); - user.setEnabled(true); - user.setFirstName(authUser.getFirstName()); - user.setLastName(authUser.getLastName()); - user.setEmail(authUser.getEmail()); - user.setAuthenticationLink(new AuthenticationLinkModel(authUser.getProviderName(), authUser.getId())); - logger.info("User " + authUser.getUsername() + " created in Keycloak and linked with provider " + authUser.getProviderName()); - } else { - logger.warn("User " + username + " not found"); - return AuthenticationStatus.INVALID_USER; - } + logger.warn("User " + username + " not found"); + return AuthenticationStatus.INVALID_USER; } if (!checkEnabled(user)) { @@ -284,11 +270,13 @@ public class AuthenticationManager { } if (types.contains(CredentialRepresentation.PASSWORD)) { + List credentials = new LinkedList(); String password = formData.getFirst(CredentialRepresentation.PASSWORD); if (password == null) { logger.warn("Password not provided"); return AuthenticationStatus.MISSING_PASSWORD; } + credentials.add(UserCredentialModel.password(password)); if (user.isTotp()) { String token = formData.getFirst(CredentialRepresentation.TOTP); @@ -296,21 +284,14 @@ public class AuthenticationManager { logger.warn("TOTP token not provided"); return AuthenticationStatus.MISSING_TOTP; } + credentials.add(UserCredentialModel.totp(token)); - logger.debug("validating TOTP"); - if (!session.users().validCredentials(realm, user, UserCredentialModel.totp(token))) { - return AuthenticationStatus.INVALID_CREDENTIALS; - } - } + } logger.debug("validating password for user: " + username); - AuthProviderStatus authStatus = AuthenticationProviderManager.getManager(realm, session).validatePassword(user, password); - if (authStatus == AuthProviderStatus.INVALID_CREDENTIALS) { - logger.debug("invalid password for user: " + username); + if (!session.users().validCredentials(realm, user, credentials)) { return AuthenticationStatus.INVALID_CREDENTIALS; - } else if (authStatus == AuthProviderStatus.FAILED) { - return AuthenticationStatus.FAILED; } if (!user.getRequiredActions().isEmpty()) { @@ -324,6 +305,9 @@ public class AuthenticationManager { logger.warn("Secret not provided"); return AuthenticationStatus.MISSING_PASSWORD; } + if (!session.users().validCredentials(realm, user, UserCredentialModel.secret(secret))) { + return AuthenticationStatus.INVALID_CREDENTIALS; + } if (!user.getRequiredActions().isEmpty()) { return AuthenticationStatus.ACTIONS_REQUIRED; } else { diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java index e89777a2106..b02ff59dc6f 100755 --- a/services/src/main/java/org/keycloak/services/resources/AccountService.java +++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java @@ -33,13 +33,8 @@ import org.keycloak.audit.AuditProvider; import org.keycloak.audit.Details; import org.keycloak.audit.Event; import org.keycloak.audit.EventType; -import org.keycloak.authentication.AuthProviderStatus; -import org.keycloak.authentication.AuthenticationProviderException; -import org.keycloak.authentication.AuthenticationProviderManager; import org.keycloak.models.AccountRoles; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationLinkModel; -import org.keycloak.models.AuthenticationProviderModel; import org.keycloak.models.ClientModel; import org.keycloak.models.ClientSessionModel; import org.keycloak.models.Constants; @@ -146,7 +141,6 @@ public class AccountService { account = session.getProvider(AccountProvider.class).setRealm(realm).setUriInfo(uriInfo); - boolean passwordUpdateSupported = false; AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, uriInfo, clientConnection, headers); if (authResult != null) { auth = new Auth(realm, authResult.getToken(), authResult.getUser(), application, true); @@ -173,16 +167,12 @@ public class AccountService { account.setUser(auth.getUser()); - AuthenticationLinkModel authLinkModel = auth.getUser().getAuthenticationLink(); - if (authLinkModel != null) { - AuthenticationProviderModel authProviderModel = AuthenticationProviderManager.getConfiguredProviderModel(realm, authLinkModel.getAuthProvider()); - passwordUpdateSupported = authProviderModel.isPasswordUpdateSupported(); - } } boolean auditEnabled = auditProvider != null && realm.isAuditEnabled(); - account.setFeatures(realm.isSocial(), auditEnabled, passwordUpdateSupported); + // todo find out from federation if password is updatable + account.setFeatures(realm.isSocial(), auditEnabled, true); } public static UriBuilder accountServiceBaseUrl(UriInfo uriInfo) { @@ -428,7 +418,7 @@ public class AccountService { UserCredentialModel credentials = new UserCredentialModel(); credentials.setType(CredentialRepresentation.TOTP); credentials.setValue(totpSecret); - user.updateCredential(credentials); + session.users().updateCredential(realm, user, credentials); user.setTotp(true); @@ -471,19 +461,18 @@ public class AccountService { return account.setError(Messages.INVALID_PASSWORD_CONFIRM).createResponse(AccountPages.PASSWORD); } - AuthenticationProviderManager authProviderManager = AuthenticationProviderManager.getManager(realm, session); + UserCredentialModel cred = UserCredentialModel.password(password); if (Validation.isEmpty(password)) { return account.setError(Messages.MISSING_PASSWORD).createResponse(AccountPages.PASSWORD); - } else if (authProviderManager.validatePassword(user, password) != AuthProviderStatus.SUCCESS) { - return account.setError(Messages.INVALID_PASSWORD_EXISTING).createResponse(AccountPages.PASSWORD); + } else { + if (!session.users().validCredentials(realm, user, cred)) { + return account.setError(Messages.INVALID_PASSWORD_EXISTING).createResponse(AccountPages.PASSWORD); + } } try { - boolean passwordUpdateSuccess = authProviderManager.updatePassword(user, passwordNew); - if (!passwordUpdateSuccess) { - return account.setError("Password update failed").createResponse(AccountPages.PASSWORD); - } - } catch (AuthenticationProviderException ape) { + session.users().updateCredential(realm, user, UserCredentialModel.password(passwordNew)); + } catch (Exception ape) { return account.setError(ape.getMessage()).createResponse(AccountPages.PASSWORD); } @@ -539,7 +528,7 @@ public class AccountService { if (link != null) { // Removing last social provider is not possible if you don't have other possibility to authenticate - if (session.users().getSocialLinks(user, realm).size() > 1 || user.getAuthenticationLink() != null) { + if (session.users().getSocialLinks(user, realm).size() > 1 || user.getFederationLink() != null) { session.users().removeSocialLink(realm, user, providerId); logger.debug("Social provider " + providerId + " removed successfully from user " + user.getUsername()); diff --git a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java index 402664ee872..5d598e6c0b5 100755 --- a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java +++ b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java @@ -28,8 +28,6 @@ import org.keycloak.audit.Audit; import org.keycloak.audit.Details; import org.keycloak.audit.Errors; import org.keycloak.audit.EventType; -import org.keycloak.authentication.AuthenticationProviderException; -import org.keycloak.authentication.AuthenticationProviderManager; import org.keycloak.email.EmailException; import org.keycloak.email.EmailProvider; import org.keycloak.login.LoginFormsProvider; @@ -167,7 +165,7 @@ public class RequiredActionsService { UserCredentialModel credentials = new UserCredentialModel(); credentials.setType(CredentialRepresentation.TOTP); credentials.setValue(totpSecret); - user.updateCredential(credentials); + session.users().updateCredential(realm, user, credentials); user.setTotp(true); @@ -205,11 +203,8 @@ public class RequiredActionsService { } try { - boolean updateSuccessful = AuthenticationProviderManager.getManager(realm, session).updatePassword(user, passwordNew); - if (!updateSuccessful) { - return loginForms.setError("Password update failed").createResponse(RequiredAction.UPDATE_PASSWORD); - } - } catch (AuthenticationProviderException ape) { + session.users().updateCredential(realm, user, UserCredentialModel.password(passwordNew)); + } catch (Exception ape) { return loginForms.setError(ape.getMessage()).createResponse(RequiredAction.UPDATE_PASSWORD); } diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java index 625055f8947..db6df781d73 100755 --- a/services/src/main/java/org/keycloak/services/resources/TokenService.java +++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java @@ -17,8 +17,6 @@ import org.keycloak.audit.Audit; import org.keycloak.audit.Details; import org.keycloak.audit.Errors; import org.keycloak.audit.EventType; -import org.keycloak.authentication.AuthenticationProviderException; -import org.keycloak.authentication.AuthenticationProviderManager; import org.keycloak.login.LoginFormsProvider; import org.keycloak.models.ApplicationModel; import org.keycloak.models.ClientModel; @@ -639,10 +637,8 @@ public class TokenService { return Flows.forms(session, realm, uriInfo).setError(error).setFormData(formData).createRegistration(); } - AuthenticationProviderManager authenticationProviderManager = AuthenticationProviderManager.getManager(realm, session); - // Validate that user with this username doesn't exist in realm or any authentication provider - if (session.users().getUserByUsername(username, realm) != null || authenticationProviderManager.getUser(username) != null) { + if (session.users().getUserByUsername(username, realm) != null) { audit.error(Errors.USERNAME_IN_USE); return Flows.forms(session, realm, uriInfo).setError(Messages.USERNAME_EXISTS).setFormData(formData).createRegistration(); } @@ -660,11 +656,11 @@ public class TokenService { credentials.setValue(formData.getFirst("password")); boolean passwordUpdateSuccessful; - String passwordUpdateError; + String passwordUpdateError = null; try { - passwordUpdateSuccessful = AuthenticationProviderManager.getManager(realm, session).updatePassword(user, formData.getFirst("password")); - passwordUpdateError = "Password update failed"; - } catch (AuthenticationProviderException ape) { + session.users().updateCredential(realm, user, UserCredentialModel.password(formData.getFirst("password"))); + passwordUpdateSuccessful = true; + } catch (Exception ape) { passwordUpdateSuccessful = false; passwordUpdateError = ape.getMessage(); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java index b023a1197b5..e1b31050d59 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java @@ -1,8 +1,6 @@ package org.keycloak.services.resources.admin; import org.keycloak.audit.AuditListener; -import org.keycloak.authentication.AuthenticationProvider; -import org.keycloak.freemarker.ExtendingThemeManager; import org.keycloak.freemarker.Theme; import org.keycloak.freemarker.ThemeProvider; import org.keycloak.models.KeycloakSession; @@ -36,7 +34,6 @@ public class ServerInfoAdminResource { ServerInfoRepresentation info = new ServerInfoRepresentation(); setSocialProviders(info); setThemes(info); - setAuthProviders(info); setAuditListeners(info); return info; } @@ -61,14 +58,6 @@ public class ServerInfoAdminResource { Collections.sort(info.socialProviders); } - private void setAuthProviders(ServerInfoRepresentation info) { - info.authProviders = new HashMap>(); - Iterable authProviders = session.getAllProviders(AuthenticationProvider.class); - for (AuthenticationProvider authProvider : authProviders) { - info.authProviders.put(authProvider.getName(), authProvider.getAvailableOptions()); - } - } - private void setAuditListeners(ServerInfoRepresentation info) { info.auditListeners = new LinkedList(); @@ -84,7 +73,6 @@ public class ServerInfoAdminResource { private List socialProviders; - private Map> authProviders; private List auditListeners; @@ -99,10 +87,6 @@ public class ServerInfoAdminResource { return socialProviders; } - public Map> getAuthProviders() { - return authProviders; - } - public List getAuditListeners() { return auditListeners; } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java index 52f8436f9c0..f39e28f8328 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java @@ -766,7 +766,7 @@ public class UsersResource { } UserCredentialModel cred = RepresentationToModel.convertCredential(pass); - user.updateCredential(cred); + session.users().updateCredential(realm, user, cred); user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD); } diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/LDAPEmbeddedServer.java b/testsuite/integration/src/main/java/org/keycloak/testutils/LDAPEmbeddedServer.java index 0f7a69bf616..c5e02c887fa 100755 --- a/testsuite/integration/src/main/java/org/keycloak/testutils/LDAPEmbeddedServer.java +++ b/testsuite/integration/src/main/java/org/keycloak/testutils/LDAPEmbeddedServer.java @@ -135,7 +135,6 @@ public class LDAPEmbeddedServer extends AbstractLDAPTest { ldapConfig.put(LDAPConstants.BIND_CREDENTIAL, getBindCredential()); ldapConfig.put(LDAPConstants.USER_DN_SUFFIX, getUserDnSuffix()); ldapConfig.put(LDAPConstants.VENDOR, getVendor()); - realm.setLdapServerConfig(ldapConfig); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/LDAPTestUtils.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/LDAPTestUtils.java old mode 100644 new mode 100755 index b7cdeaf0991..fa9f703fe89 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/LDAPTestUtils.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/LDAPTestUtils.java @@ -1,23 +1,27 @@ package org.keycloak.testsuite; -import org.keycloak.authentication.picketlink.PicketlinkAuthenticationProvider; +import org.keycloak.federation.ldap.PartitionManagerRegistry; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.picketlink.IdentityManagerProvider; import org.picketlink.idm.IdentityManager; +import org.picketlink.idm.PartitionManager; import org.picketlink.idm.credential.Password; import org.picketlink.idm.model.basic.BasicModel; import org.picketlink.idm.model.basic.User; +import java.util.Map; + /** * @author Marek Posolda */ public class LDAPTestUtils { - public static void setLdapPassword(KeycloakSession session, RealmModel realm, String username, String password) { + public static void setLdapPassword(Map ldapConfig, String username, String password) { // Update password directly in ldap. It's workaround, but LDIF import doesn't seem to work on windows for ApacheDS try { - IdentityManager identityManager = new PicketlinkAuthenticationProvider(session.getProvider(IdentityManagerProvider.class)).getIdentityManager(realm); + PartitionManager partitionManager = PartitionManagerRegistry.createPartitionManager(ldapConfig); + IdentityManager identityManager = partitionManager.createIdentityManager(); User user = BasicModel.getUser(identityManager, username); identityManager.updateCredential(user, new Password(password.toCharArray())); } catch (Exception e) { diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java index 1978122b22c..d2656b7d076 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java @@ -33,7 +33,6 @@ import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; import org.keycloak.representations.AccessToken; import org.keycloak.representations.idm.ApplicationRepresentation; -import org.keycloak.representations.idm.AuthenticationProviderRepresentation; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.managers.RealmManager; @@ -279,22 +278,6 @@ public class AdminAPITest { Assert.assertEquals(rep.getSocialProviders(), storedRealm.getSocialProviders()); } - if (rep.getLdapServer() != null) { - Assert.assertEquals(rep.getLdapServer(), storedRealm.getLdapServer()); - } - if (rep.getAuthenticationProviders() != null) { - Set set = new HashSet(); - for (AuthenticationProviderRepresentation authRep : rep.getAuthenticationProviders()) { - set.add(authRep); - } - Set storedSet = new HashSet(); - if (storedRealm.getAuthenticationProviders() != null) { - for (AuthenticationProviderRepresentation authRep : storedRealm.getAuthenticationProviders()) { - storedSet.add(authRep); - } - } - Assert.assertEquals(set, storedSet); - } } protected void testCreateRealm(String path) { diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java index d37cc6b3f64..3a6acd10021 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java @@ -28,7 +28,6 @@ import org.junit.Test; import org.keycloak.OAuth2Constants; import org.keycloak.enums.SslRequired; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationProviderModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; @@ -48,7 +47,6 @@ import org.keycloak.testsuite.rule.WebRule; import org.openqa.selenium.WebDriver; import java.security.PublicKey; -import java.util.Arrays; /** * @author Stian Thorgersen @@ -71,7 +69,6 @@ public class CompositeRoleTest { realm.setSslRequired(SslRequired.EXTERNAL); realm.setEnabled(true); realm.addRequiredCredential(UserCredentialModel.PASSWORD); - realm.setAuthenticationProviders(Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER)); final RoleModel realmRole1 = realm.addRole("REALM_ROLE_1"); final RoleModel realmRole2 = realm.addRole("REALM_ROLE_2"); final RoleModel realmRole3 = realm.addRole("REALM_ROLE_3"); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AuthProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AuthProvidersIntegrationTest.java deleted file mode 100755 index 49ac620e44c..00000000000 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AuthProvidersIntegrationTest.java +++ /dev/null @@ -1,227 +0,0 @@ -package org.keycloak.testsuite.forms; - -import org.junit.Assert; -import org.junit.ClassRule; -import org.junit.FixMethodOrder; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; -import org.junit.runners.MethodSorters; -import org.keycloak.OAuth2Constants; -import org.keycloak.testsuite.LDAPTestUtils; -import org.keycloak.models.AuthenticationProviderModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.PasswordPolicy; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserCredentialModel; -import org.keycloak.models.UserModel; -import org.keycloak.representations.idm.CredentialRepresentation; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.authentication.AuthProviderConstants; -import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.pages.AccountPasswordPage; -import org.keycloak.testsuite.pages.AccountUpdateProfilePage; -import org.keycloak.testsuite.pages.AppPage; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.pages.RegisterPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.openqa.selenium.WebDriver; - -import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; - -/** - * @author Marek Posolda - */ -@FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class AuthProvidersIntegrationTest { - - private static LDAPRule ldapRule = new LDAPRule(); - - private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { - - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - addUser(manager.getSession(), appRealm, "mary", "mary@test.com", "password-app"); - addUser(manager.getSession(), adminstrationRealm, "mary-admin", "mary@admin.com", "password-admin"); - - AuthenticationProviderModel modelProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_MODEL, false, Collections.EMPTY_MAP); - AuthenticationProviderModel picketlinkProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_PICKETLINK, true, Collections.EMPTY_MAP); - - // Delegate authentication to admin realm - Map config = new HashMap(); - config.put(AuthProviderConstants.EXTERNAL_REALM_ID, adminstrationRealm.getId()); - AuthenticationProviderModel externalModelProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, true, config); - - appRealm.setAuthenticationProviders(Arrays.asList(modelProvider, picketlinkProvider, externalModelProvider)); - - // Configure LDAP - ldapRule.getEmbeddedServer().setupLdapInRealm(appRealm); - LDAPTestUtils.setLdapPassword(session, appRealm, "johnkeycloak", "password"); - } - }); - - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); - - @Rule - public WebRule webRule = new WebRule(this); - - @WebResource - protected OAuthClient oauth; - - @WebResource - protected WebDriver driver; - - @WebResource - protected AppPage appPage; - - @WebResource - protected RegisterPage registerPage; - - @WebResource - protected LoginPage loginPage; - - @WebResource - protected AccountUpdateProfilePage profilePage; - - @WebResource - protected AccountPasswordPage changePasswordPage; - - private static UserModel addUser(KeycloakSession session, RealmModel realm, String username, String email, String password) { - UserModel user = session.users().addUser(realm, username); - user.setEmail(email); - user.setEnabled(true); - - UserCredentialModel creds = new UserCredentialModel(); - creds.setType(CredentialRepresentation.PASSWORD); - creds.setValue(password); - - user.updateCredential(creds); - return user; - } - - @Test - public void loginClassic() { - loginPage.open(); - loginPage.login("mary", "password-app"); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - - profilePage.open(); - Assert.assertFalse(profilePage.isPasswordUpdateSupported()); - } - - @Test - public void loginExternalModel() { - loginPage.open(); - loginPage.login("mary-admin", "password-admin"); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - - profilePage.open(); - Assert.assertTrue(profilePage.isPasswordUpdateSupported()); - } - - @Test - public void loginLdap() { - loginPage.open(); - loginPage.login("johnkeycloak", "password"); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - - profilePage.open(); - Assert.assertTrue(profilePage.isPasswordUpdateSupported()); - Assert.assertEquals("John", profilePage.getFirstName()); - Assert.assertEquals("Doe", profilePage.getLastName()); - Assert.assertEquals("john@email.org", profilePage.getEmail()); - } - - @Test - public void passwordChangeExternalModel() { - // Set password-policy for admin realm - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - adminstrationRealm.setPasswordPolicy(new PasswordPolicy("length(6)")); - } - }); - - try { - changePasswordPage.open(); - loginPage.login("mary-admin", "password-admin"); - - // Can't update to "pass" due to passwordPolicy - changePasswordPage.changePassword("password-admin", "pass", "pass"); - Assert.assertEquals("Invalid password: minimum length 6", profilePage.getError()); - - changePasswordPage.changePassword("password-admin", "password-updated", "password-updated"); - Assert.assertEquals("Your password has been updated", profilePage.getSuccess()); - changePasswordPage.logout(); - - loginPage.open(); - loginPage.login("mary-admin", "password-updated"); - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - - } finally { - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - adminstrationRealm.setPasswordPolicy(new PasswordPolicy(null)); - } - }); - } - } - - @Test - public void passwordChangeLdap() throws Exception { - changePasswordPage.open(); - loginPage.login("johnkeycloak", "password"); - changePasswordPage.changePassword("password", "new-password", "new-password"); - - Assert.assertEquals("Your password has been updated", profilePage.getSuccess()); - - changePasswordPage.logout(); - - loginPage.open(); - loginPage.login("johnkeycloak", "password"); - Assert.assertEquals("Invalid username or password.", loginPage.getError()); - - loginPage.open(); - loginPage.login("johnkeycloak", "new-password"); - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - } - - @Test - public void registerExistingLdapUser() { - loginPage.open(); - loginPage.clickRegister(); - registerPage.assertCurrent(); - - registerPage.register("firstName", "lastName", "email", "existing", "password", "password"); - - registerPage.assertCurrent(); - Assert.assertEquals("Username already exists", registerPage.getError()); - } - - @Test - public void registerUserLdapSuccess() { - loginPage.open(); - loginPage.clickRegister(); - registerPage.assertCurrent(); - - registerPage.register("firstName", "lastName", "email", "registerUserSuccess", "password", "password"); - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - } -} diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/FederationProvidersIntegrationTest.java index 73959d02241..52d19d2559c 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/FederationProvidersIntegrationTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/FederationProvidersIntegrationTest.java @@ -76,7 +76,7 @@ public class FederationProvidersIntegrationTest { // Configure LDAP ldapRule.getEmbeddedServer().setupLdapInRealm(appRealm); - LDAPTestUtils.setLdapPassword(session, appRealm, "johnkeycloak", "password"); + LDAPTestUtils.setLdapPassword(ldapConfig, "johnkeycloak", "password"); } }); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthProvidersConfigTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthProvidersConfigTest.java deleted file mode 100755 index 85441109c30..00000000000 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthProvidersConfigTest.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.keycloak.testsuite.model; - -import org.junit.Assert; -import org.junit.Test; -import org.keycloak.authentication.AuthProviderConstants; -import org.keycloak.models.AuthenticationProviderModel; -import org.keycloak.models.RealmModel; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -/** - * @author Marek Posolda - */ -public class AuthProvidersConfigTest extends AbstractModelTest { - - @Test - public void testConfiguration() { - // Create realm and add some providers and ldap config. Then commit - RealmModel realm = realmManager.createRealm("auth-providers-config-test"); - - Map ldapConfig = new HashMap(); - ldapConfig.put("connectionUrl", "ldap://localhost:10389"); - ldapConfig.put("baseDn", "dc=keycloak,dc=org"); - realm.setLdapServerConfig(ldapConfig); - - AuthenticationProviderModel ap1 = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_MODEL, true, Collections.EMPTY_MAP); - AuthenticationProviderModel ap2 = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, true, Collections.EMPTY_MAP); - AuthenticationProviderModel ap3 = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_PICKETLINK, true, Collections.EMPTY_MAP); - - List authProviders = new ArrayList(); - authProviders.add(ap1); - authProviders.add(ap2); - authProviders.add(ap3); - realm.setAuthenticationProviders(authProviders); - - commit(); - - // Assert ldap config are same - RealmModel persisted = realmManager.getRealm(realm.getId()); - Assert.assertEquals(persisted.getLdapServerConfig(), ldapConfig); - - // Assert providers are same and in same order - List persProviders = persisted.getAuthenticationProviders(); - Assert.assertEquals(persProviders.size(), 3); - assertProviderEquals(persProviders.get(0), ap1); - assertProviderEquals(persProviders.get(1), ap2); - assertProviderEquals(persProviders.get(2), ap3); - - // Update providers - authProviders = new ArrayList(); - authProviders.add(ap3); - authProviders.add(ap2); - authProviders.add(ap1); - persisted.setAuthenticationProviders(authProviders); - - commit(); - - // Assert providers are same and in same order - persisted = realmManager.getRealm(realm.getId()); - persProviders = persisted.getAuthenticationProviders(); - Assert.assertEquals(persProviders.size(), 3); - assertProviderEquals(persProviders.get(0), ap3); - assertProviderEquals(persProviders.get(1), ap2); - assertProviderEquals(persProviders.get(2), ap1); - } - - private void assertProviderEquals(AuthenticationProviderModel prov1, AuthenticationProviderModel prov2) { - Assert.assertEquals(prov1.getProviderName(), prov2.getProviderName()); - Assert.assertEquals(prov1.isPasswordUpdateSupported(), prov2.isPasswordUpdateSupported()); - Assert.assertEquals(prov1.getConfig(), prov2.getConfig()); - } -} diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthProvidersExternalModelTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthProvidersExternalModelTest.java deleted file mode 100755 index 0b4b9724810..00000000000 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthProvidersExternalModelTest.java +++ /dev/null @@ -1,196 +0,0 @@ -package org.keycloak.testsuite.model; - -import org.jboss.resteasy.specimpl.MultivaluedMapImpl; -import org.jboss.resteasy.spi.ResteasyProviderFactory; -import org.junit.Assert; -import org.junit.Before; -import org.junit.FixMethodOrder; -import org.junit.Test; -import org.junit.runners.MethodSorters; -import org.keycloak.authentication.AuthProviderConstants; -import org.keycloak.authentication.AuthenticationProviderException; -import org.keycloak.authentication.AuthenticationProviderManager; -import org.keycloak.models.AuthenticationLinkModel; -import org.keycloak.models.AuthenticationProviderModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.PasswordPolicy; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserCredentialModel; -import org.keycloak.models.UserModel; -import org.keycloak.representations.idm.CredentialRepresentation; -import org.keycloak.services.managers.AuthenticationManager; - -import javax.ws.rs.core.MultivaluedMap; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -/** - * @author Marek Posolda - */ -@FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class AuthProvidersExternalModelTest extends AbstractModelTest { - - private RealmModel realm1; - private RealmModel realm2; - private AuthenticationManager am; - - @Before - @Override - public void before() throws Exception { - super.before(); - - // Create 2 realms and user in realm1 - realm1 = realmManager.createRealm("realm1"); - realm1.setBruteForceProtected(false); - realm2 = realmManager.createRealm("realm2"); - realm2.setBruteForceProtected(false); - - realm1.addRequiredCredential(CredentialRepresentation.PASSWORD); - realm2.addRequiredCredential(CredentialRepresentation.PASSWORD); - realm1.setAuthenticationProviders(Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER)); - realm2.setAuthenticationProviders(Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER)); - - UserModel john = realmManager.getSession().users().addUser(realm1, "john"); - john.setEnabled(true); - john.setFirstName("John"); - john.setLastName("Doe"); - john.setEmail("john@email.org"); - - UserCredentialModel credential = new UserCredentialModel(); - credential.setType(CredentialRepresentation.PASSWORD); - credential.setValue("password"); - john.updateCredential(credential); - - am = new AuthenticationManager(); - } - - - @Test - public void testExternalModelAuthentication() { - MultivaluedMap formData = createFormData("john", "password"); - - // Authenticate user with realm1 - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(session, null, realm1, formData)); - - // Verify that user doesn't exists in realm2 and can't authenticate here - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(session, null, realm2, formData)); - Assert.assertNull(realmManager.getSession().users().getUserByUsername("john", realm2)); - - // Add externalModel authenticationProvider into realm2 and point to realm1 - setupAuthenticationProviders(); - - try { - // this is needed for externalModel provider - ResteasyProviderFactory.pushContext(KeycloakSession.class, session); - - // Authenticate john in realm2 and verify that now he exists here. - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(session, null, realm2, formData)); - UserModel john2 = realmManager.getSession().users().getUserByUsername("john", realm2); - Assert.assertNotNull(john2); - Assert.assertEquals("john", john2.getUsername()); - Assert.assertEquals("John", john2.getFirstName()); - Assert.assertEquals("Doe", john2.getLastName()); - Assert.assertEquals("john@email.org", john2.getEmail()); - - // Verify link exists - AuthenticationLinkModel authLink = john2.getAuthenticationLink(); - Assert.assertNotNull(authLink); - Assert.assertEquals(authLink.getAuthProvider(), AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL); - Assert.assertEquals(authLink.getAuthUserId(), realmManager.getSession().users().getUserByUsername("john", realm1).getId()); - } finally { - ResteasyProviderFactory.clearContextData(); - } - - } - - @Test - public void testExternalModelPasswordUpdate() { - // Add externalModel authenticationProvider into realm2 and point to realm1 - setupAuthenticationProviders(); - - // Add john to realm2 and set authentication link - UserModel john = realmManager.getSession().users().addUser(realm2, "john"); - john.setEnabled(true); - john.setAuthenticationLink(new AuthenticationLinkModel(AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, realmManager.getSession().users().getUserByUsername("john", realm1).getId())); - - try { - // this is needed for externalModel provider - ResteasyProviderFactory.pushContext(KeycloakSession.class, session); - - // Change credential via realm2 and validate that they are changed also in realm1 - AuthenticationProviderManager authProviderManager = AuthenticationProviderManager.getManager(realm2, session); - try { - Assert.assertTrue(authProviderManager.updatePassword(john, "password-updated")); - } catch (AuthenticationProviderException ape) { - ape.printStackTrace(); - Assert.fail("Error not expected"); - } - MultivaluedMap formData = createFormData("john", "password-updated"); - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(session, null, realm1, formData)); - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(session, null, realm2, formData)); - - - // Switch to disallow password update propagation to realm1 - setPasswordUpdateForProvider(false, AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, realm2); - - // Change credential and validate that password is updated just for realm2 - try { - Assert.assertFalse(authProviderManager.updatePassword(john, "password-updated2")); - } catch (AuthenticationProviderException ape) { - ape.printStackTrace(); - Assert.fail("Error not expected"); - } - formData = createFormData("john", "password-updated2"); - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_CREDENTIALS, am.authenticateForm(session, null, realm1, formData)); - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_CREDENTIALS, am.authenticateForm(session, null, realm2, formData)); - - - // Allow passwordUpdate propagation again - setPasswordUpdateForProvider(true, AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, realm2); - - // Set passwordPolicy for realm1 and verify that password update fail - realm1.setPasswordPolicy(new PasswordPolicy("length(8)")); - try { - authProviderManager.updatePassword(john, "passw"); - Assert.fail("Update not expected to pass"); - } catch (AuthenticationProviderException ape) { - - } - - } finally { - ResteasyProviderFactory.clearContextData(); - } - } - - /** - * Setup authentication providers into realm2 - */ - private void setupAuthenticationProviders() { - AuthenticationProviderModel ap1 = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_MODEL, true, Collections.EMPTY_MAP); - Map config = new HashMap(); - config.put(AuthProviderConstants.EXTERNAL_REALM_ID, "realm1"); - AuthenticationProviderModel ap2 = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, true, config); - realm2.setAuthenticationProviders(Arrays.asList(ap1, ap2)); - } - - public static void setPasswordUpdateForProvider(boolean isPasswordUpdate, String providerName, RealmModel realm) { - List authProviders = realm.getAuthenticationProviders(); - for (AuthenticationProviderModel authProvider : authProviders) { - if (providerName.equals(authProvider.getProviderName())) { - authProvider.setPasswordUpdateSupported(isPasswordUpdate); - break; - } - } - realm.setAuthenticationProviders(authProviders); - } - - public static MultivaluedMap createFormData(String username, String password) { - MultivaluedMap formData = new MultivaluedMapImpl(); - formData.add("username", username); - formData.add(CredentialRepresentation.PASSWORD, password); - return formData; - } -} diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthProvidersLDAPTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthProvidersLDAPTest.java deleted file mode 100755 index 4894f9bd6d3..00000000000 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthProvidersLDAPTest.java +++ /dev/null @@ -1,183 +0,0 @@ -package org.keycloak.testsuite.model; - -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.FixMethodOrder; -import org.junit.Test; -import org.junit.runners.MethodSorters; -import org.keycloak.authentication.AuthProviderConstants; -import org.keycloak.authentication.AuthenticationProviderException; -import org.keycloak.authentication.AuthenticationProviderManager; -import org.keycloak.testutils.LDAPEmbeddedServer; -import org.keycloak.testsuite.LDAPTestUtils; -import org.keycloak.models.AuthenticationLinkModel; -import org.keycloak.models.AuthenticationProviderModel; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserCredentialModel; -import org.keycloak.models.UserModel; -import org.keycloak.representations.idm.CredentialRepresentation; -import org.keycloak.services.managers.AuthenticationManager; - -import javax.ws.rs.core.MultivaluedMap; -import java.util.Arrays; -import java.util.Collections; - -/** - * @author Marek Posolda - */ -@FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class AuthProvidersLDAPTest extends AbstractModelTest { - - private static LDAPEmbeddedServer embeddedServer; - - private RealmModel realm; - private AuthenticationManager am; - - @BeforeClass - public static void beforeClass() { - try { - embeddedServer = new LDAPEmbeddedServer(); - embeddedServer.setup(); - embeddedServer.importLDIF("ldap/users.ldif"); - } catch (Exception e) { - throw new RuntimeException("Error starting Embedded LDAP server.", e); - } - } - - @AfterClass - public static void afterClass() { - try { - embeddedServer.tearDown(); - } catch (Exception e) { - throw new RuntimeException("Error starting Embedded LDAP server.", e); - } - } - - @Before - public void before() throws Exception { - super.before(); - - // Create realm and configure ldap - realm = realmManager.createRealm("realm"); - realm.setBruteForceProtected(false); - realm.addRequiredCredential(CredentialRepresentation.PASSWORD); - this.embeddedServer.setupLdapInRealm(realm); - - am = new AuthenticationManager(); - } - - @Test - public void testLdapAuthentication() { - MultivaluedMap formData = AuthProvidersExternalModelTest.createFormData("johnkeycloak", "password"); - - // Set password of user in LDAP - LDAPTestUtils.setLdapPassword(session, realm, "johnkeycloak", "password"); - - // Verify that user doesn't exists in realm2 and can't authenticate here - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(session, null, realm, formData)); - Assert.assertNull(session.users().getUserByUsername("johnkeycloak", realm)); - - // Add ldap authenticationProvider - setupAuthenticationProviders(); - - // Authenticate john and verify that now he exists in realm - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(session, null, realm, formData)); - UserModel john = session.users().getUserByUsername("johnkeycloak", realm); - Assert.assertNotNull(john); - Assert.assertEquals("johnkeycloak", john.getUsername()); - Assert.assertEquals("John", john.getFirstName()); - Assert.assertEquals("Doe", john.getLastName()); - Assert.assertEquals("john@email.org", john.getEmail()); - - // Verify link exists - AuthenticationLinkModel authLink = john.getAuthenticationLink(); - Assert.assertNotNull(authLink); - Assert.assertEquals(authLink.getAuthProvider(), AuthProviderConstants.PROVIDER_NAME_PICKETLINK); - } - - @Test - public void testLdapInvalidAuthentication() { - setupAuthenticationProviders(); - // Add some user and password to realm - UserModel realmUser = session.users().addUser(realm, "realmUser"); - realmUser.setEnabled(true); - UserCredentialModel credential = new UserCredentialModel(); - credential.setType(CredentialRepresentation.PASSWORD); - credential.setValue("pass"); - realmUser.updateCredential(credential); - - // User doesn't exists - MultivaluedMap formData = AuthProvidersExternalModelTest.createFormData("invalid", "invalid"); - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(session, null, realm, formData)); - - // User exists in ldap - formData = AuthProvidersExternalModelTest.createFormData("johnkeycloak", "invalid"); - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_CREDENTIALS, am.authenticateForm(session, null, realm, formData)); - - // User exists in realm - formData = AuthProvidersExternalModelTest.createFormData("realmUser", "invalid"); - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_CREDENTIALS, am.authenticateForm(session, null, realm, formData)); - - // User disabled - realmUser.setEnabled(false); - formData = AuthProvidersExternalModelTest.createFormData("realmUser", "pass"); - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.ACCOUNT_DISABLED, am.authenticateForm(session, null, realm, formData)); - - // Successful authentication - realmUser.setEnabled(true); - formData = AuthProvidersExternalModelTest.createFormData("realmUser", "pass"); - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(session, null, realm, formData)); - } - - @Test - public void testLdapPasswordUpdate() { - // Add ldap - setupAuthenticationProviders(); - - LDAPTestUtils.setLdapPassword(session, realm, "johnkeycloak", "password"); - - // First authenticate successfully to sync john into realm - MultivaluedMap formData = AuthProvidersExternalModelTest.createFormData("johnkeycloak", "password"); - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(session, null, realm, formData)); - - // Change credential and validate that user can authenticate - AuthenticationProviderManager authProviderManager = AuthenticationProviderManager.getManager(realm, session); - - UserModel john = session.users().getUserByUsername("johnkeycloak", realm); - try { - Assert.assertTrue(authProviderManager.updatePassword(john, "password-updated")); - } catch (AuthenticationProviderException ape) { - ape.printStackTrace(); - Assert.fail("Error not expected"); - } - formData = AuthProvidersExternalModelTest.createFormData("johnkeycloak", "password-updated"); - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(session, null, realm, formData)); - - // Password updated just in LDAP, so validating directly in realm should fail - Assert.assertFalse(session.users().validCredentials(realm, john, UserCredentialModel.password("password-updated"))); - - // Switch to not allow updating passwords in ldap - AuthProvidersExternalModelTest.setPasswordUpdateForProvider(false, AuthProviderConstants.PROVIDER_NAME_PICKETLINK, realm); - - // Change credential and validate that password is not updated - try { - Assert.assertFalse(authProviderManager.updatePassword(john, "password-updated2")); - } catch (AuthenticationProviderException ape) { - ape.printStackTrace(); - Assert.fail("Error not expected"); - } - formData = AuthProvidersExternalModelTest.createFormData("johnkeycloak", "password-updated2"); - Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_CREDENTIALS, am.authenticateForm(session, null, realm, formData)); - } - - /** - * Setup authentication providers in realm - */ - private void setupAuthenticationProviders() { - AuthenticationProviderModel ap1 = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_MODEL, false, Collections.EMPTY_MAP); - AuthenticationProviderModel ap2 = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_PICKETLINK, true, Collections.EMPTY_MAP); - realm.setAuthenticationProviders(Arrays.asList(ap1, ap2)); - } -} diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthenticationManagerTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthenticationManagerTest.java index b74ef186e1e..a2742b58598 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthenticationManagerTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AuthenticationManagerTest.java @@ -5,7 +5,6 @@ import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.junit.Assert; import org.junit.Before; import org.junit.Test; -import org.keycloak.models.AuthenticationProviderModel; import org.keycloak.models.RealmModel; import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserModel; @@ -18,7 +17,6 @@ import org.keycloak.services.managers.AuthenticationManager.AuthenticationStatus import org.keycloak.services.managers.BruteForceProtector; import javax.ws.rs.core.MultivaluedMap; -import java.util.Arrays; import java.util.UUID; public class AuthenticationManagerTest extends AbstractModelTest { @@ -163,7 +161,6 @@ public class AuthenticationManagerTest extends AbstractModelTest { realm.setPublicKeyPem("0234234"); realm.setAccessTokenLifespan(1000); realm.addRequiredCredential(CredentialRepresentation.PASSWORD); - realm.setAuthenticationProviders(Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER)); protector = ResteasyProviderFactory.getContextData(BruteForceProtector.class); am = new AuthenticationManager(protector); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java index f512c761d22..31ccdf1fa6b 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java @@ -4,10 +4,7 @@ import org.junit.Assert; import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.runners.MethodSorters; -import org.keycloak.authentication.AuthProviderConstants; import org.keycloak.models.ApplicationModel; -import org.keycloak.models.AuthenticationLinkModel; -import org.keycloak.models.AuthenticationProviderModel; import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; @@ -197,32 +194,6 @@ public class ImportTest extends AbstractModelTest { Assert.assertEquals("abc", socialConfig.get("google.key")); Assert.assertEquals("def", socialConfig.get("google.secret")); - // Test ldap config - Map ldapConfig = realm.getLdapServerConfig(); - Assert.assertTrue(ldapConfig.size() == 6); - Assert.assertEquals("ldap://localhost:10389", ldapConfig.get("connectionUrl")); - Assert.assertEquals("dc=keycloak,dc=org", ldapConfig.get("baseDn")); - Assert.assertEquals("ou=People,dc=keycloak,dc=org", ldapConfig.get("userDnSuffix")); - Assert.assertEquals("other", ldapConfig.get("vendor")); - - // Test authentication providers - List authProviderModels = realm.getAuthenticationProviders(); - Assert.assertTrue(authProviderModels.size() == 3); - AuthenticationProviderModel authProv1 = authProviderModels.get(0); - AuthenticationProviderModel authProv2 = authProviderModels.get(1); - AuthenticationProviderModel authProv3 = authProviderModels.get(2); - Assert.assertEquals(AuthProviderConstants.PROVIDER_NAME_MODEL, authProv1.getProviderName()); - Assert.assertTrue(authProv1.isPasswordUpdateSupported()); - Assert.assertEquals(AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, authProv2.getProviderName()); - Assert.assertFalse(authProv2.isPasswordUpdateSupported()); - Assert.assertEquals("trustedRealm", authProv2.getConfig().get("externalRealmId")); - Assert.assertEquals(AuthProviderConstants.PROVIDER_NAME_PICKETLINK, authProv3.getProviderName()); - Assert.assertTrue(authProv3.isPasswordUpdateSupported()); - - // Test authentication linking - AuthenticationLinkModel authLink = socialUser.getAuthenticationLink(); - Assert.assertEquals(AuthProviderConstants.PROVIDER_NAME_PICKETLINK, authLink.getAuthProvider()); - Assert.assertEquals("myUser1", authLink.getAuthUserId()); } @Test diff --git a/testsuite/integration/src/test/resources/model/testrealm.json b/testsuite/integration/src/test/resources/model/testrealm.json index 1e9ff544ac5..f6b212c1c51 100755 --- a/testsuite/integration/src/test/resources/model/testrealm.json +++ b/testsuite/integration/src/test/resources/model/testrealm.json @@ -12,34 +12,10 @@ "host": "localhost", "port":"3025" }, - "ldapServer": { - "connectionUrl": "ldap://localhost:10389", - "baseDn": "dc=keycloak,dc=org", - "userDnSuffix": "ou=People,dc=keycloak,dc=org", - "bindDn": "uid=admin,ou=system", - "bindCredential": "secret", - "vendor": "other" - }, "socialProviders": { "google.key": "abc", "google.secret": "def" }, - "authenticationProviders": [ - { - "providerName": "model" - }, - { - "providerName": "externalModel", - "passwordUpdateSupported": false, - "config": { - "externalRealmId": "trustedRealm" - } - }, - { - "providerName": "picketlink", - "passwordUpdateSupported": true - } - ], "users": [ { "username": "wburke", @@ -86,10 +62,6 @@ { "username": "mySocialUser", "enabled": true, - "authenticationLink": { - "authProvider": "picketlink", - "authUserId": "myUser1" - }, "socialLinks": [ { "socialProvider": "facebook",