Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
GRANDGERARD Gilles
keycloak-protocol-cas
Commits
b8d68606
Commit
b8d68606
authored
Jun 17, 2018
by
Matthias Piepkorn
Browse files
update for KEYCLOAK-6630 Client scopes initial support
parent
2dc9e536
Changes
11
Hide whitespace changes
Inline
Side-by-side
src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java
View file @
b8d68606
...
...
@@ -85,7 +85,8 @@ public class CASLoginProtocol implements LoginProtocol {
}
@Override
public
Response
authenticated
(
UserSessionModel
userSession
,
AuthenticatedClientSessionModel
clientSession
)
{
public
Response
authenticated
(
UserSessionModel
userSession
,
ClientSessionContext
clientSessionCtx
)
{
AuthenticatedClientSessionModel
clientSession
=
clientSessionCtx
.
getClientSession
();
ClientSessionCode
<
AuthenticatedClientSessionModel
>
accessCode
=
new
ClientSessionCode
<>(
session
,
realm
,
clientSession
);
String
service
=
clientSession
.
getRedirectUri
();
...
...
src/main/java/org/keycloak/protocol/cas/CASLoginProtocolFactory.java
View file @
b8d68606
...
...
@@ -2,24 +2,22 @@ package org.keycloak.protocol.cas;
import
org.jboss.logging.Logger
;
import
org.keycloak.events.EventBuilder
;
import
org.keycloak.models.*
;
import
org.keycloak.models.ClientModel
;
import
org.keycloak.models.KeycloakSession
;
import
org.keycloak.models.ProtocolMapperModel
;
import
org.keycloak.models.RealmModel
;
import
org.keycloak.protocol.AbstractLoginProtocolFactory
;
import
org.keycloak.protocol.LoginProtocol
;
import
org.keycloak.protocol.ProtocolMapperUtils
;
import
org.keycloak.protocol.cas.mappers.FullNameMapper
;
import
org.keycloak.protocol.cas.mappers.UserAttributeMapper
;
import
org.keycloak.protocol.cas.mappers.UserPropertyMapper
;
import
org.keycloak.representations.idm.ClientRepresentation
;
import
org.keycloak.representations.idm.ClientTemplateRepresentation
;
import
java.util.ArrayList
;
import
java.util.HashMap
;
import
java.util.List
;
import
java.util.Map
;
import
static
org
.
keycloak
.
protocol
.
oidc
.
mappers
.
OIDCAttributeMapperHelper
.
JSON_TYPE
;
import
static
org
.
keycloak
.
protocol
.
oidc
.
mappers
.
OIDCAttributeMapperHelper
.
TOKEN_CLAIM_NAME
;
public
class
CASLoginProtocolFactory
extends
AbstractLoginProtocolFactory
{
private
static
final
Logger
logger
=
Logger
.
getLogger
(
CASLoginProtocolFactory
.
class
);
...
...
@@ -43,51 +41,45 @@ public class CASLoginProtocolFactory extends AbstractLoginProtocolFactory {
}
@Override
public
List
<
ProtocolMapperModel
>
getBuiltinMappers
()
{
public
Map
<
String
,
ProtocolMapperModel
>
getBuiltinMappers
()
{
return
builtins
;
}
@Override
public
List
<
ProtocolMapperModel
>
getDefaultBuiltinMappers
()
{
return
defaultBuiltins
;
}
static
List
<
ProtocolMapperModel
>
builtins
=
new
ArrayList
<>();
static
Map
<
String
,
ProtocolMapperModel
>
builtins
=
new
HashMap
<>();
static
List
<
ProtocolMapperModel
>
defaultBuiltins
=
new
ArrayList
<>();
static
{
ProtocolMapperModel
model
;
model
=
UserPropertyMapper
.
create
(
EMAIL
,
"email"
,
"mail"
,
"String"
,
true
,
EMAIL_CONSENT_TEXT
);
builtins
.
add
(
model
);
model
=
UserPropertyMapper
.
create
(
EMAIL
,
"email"
,
"mail"
,
"String"
);
builtins
.
put
(
EMAIL
,
model
);
defaultBuiltins
.
add
(
model
);
model
=
UserPropertyMapper
.
create
(
GIVEN_NAME
,
"firstName"
,
"givenName"
,
"String"
,
true
,
GIVEN_NAME_CONSENT_TEXT
);
builtins
.
add
(
model
);
model
=
UserPropertyMapper
.
create
(
GIVEN_NAME
,
"firstName"
,
"givenName"
,
"String"
);
builtins
.
put
(
GIVEN_NAME
,
model
);
defaultBuiltins
.
add
(
model
);
model
=
UserPropertyMapper
.
create
(
FAMILY_NAME
,
"lastName"
,
"sn"
,
"String"
,
true
,
FAMILY_NAME_CONSENT_TEXT
);
builtins
.
add
(
model
);
model
=
UserPropertyMapper
.
create
(
FAMILY_NAME
,
"lastName"
,
"sn"
,
"String"
);
builtins
.
put
(
FAMILY_NAME
,
model
);
defaultBuiltins
.
add
(
model
);
model
=
UserPropertyMapper
.
create
(
EMAIL_VERIFIED
,
"emailVerified"
,
"emailVerified"
,
"boolean"
,
false
,
EMAIL_VERIFIED_CONSENT_TEXT
);
builtins
.
add
(
model
);
"emailVerified"
,
"boolean"
);
builtins
.
put
(
EMAIL_VERIFIED
,
model
);
model
=
UserAttributeMapper
.
create
(
LOCALE
,
"locale"
,
"locale"
,
"String"
,
false
,
LOCALE_CONSENT_TEXT
,
false
);
builtins
.
add
(
model
);
builtins
.
put
(
LOCALE
,
model
);
model
=
FullNameMapper
.
create
(
FULL_NAME
,
"cn"
,
true
,
FULL_NAME_CONSENT_TEXT
);
builtins
.
add
(
model
);
model
=
FullNameMapper
.
create
(
FULL_NAME
,
"cn"
);
builtins
.
put
(
FULL_NAME
,
model
);
defaultBuiltins
.
add
(
model
);
}
@Override
protected
void
createDefaultClientScopesImpl
(
RealmModel
newRealm
)
{
// no-op
}
@Override
protected
void
addDefaults
(
ClientModel
client
)
{
for
(
ProtocolMapperModel
model
:
defaultBuiltins
)
client
.
addProtocolMapper
(
model
);
...
...
@@ -116,9 +108,4 @@ public class CASLoginProtocolFactory extends AbstractLoginProtocolFactory {
newClient
.
setManagementUrl
(
rep
.
getRootUrl
());
}
}
@Override
public
void
setupTemplateDefaults
(
ClientTemplateRepresentation
clientRep
,
ClientTemplateModel
newClient
)
{
}
}
src/main/java/org/keycloak/protocol/cas/endpoints/ServiceValidateEndpoint.java
View file @
b8d68606
package
org.keycloak.protocol.cas.endpoints
;
import
org.keycloak.events.EventBuilder
;
import
org.keycloak.models.KeycloakSessionFactory
;
import
org.keycloak.models.ProtocolMapperModel
;
import
org.keycloak.models.RealmModel
;
import
org.keycloak.models.UserSessionModel
;
import
org.keycloak.models.*
;
import
org.keycloak.protocol.ProtocolMapper
;
import
org.keycloak.protocol.cas.mappers.CASAttributeMapper
;
import
org.keycloak.protocol.cas.representations.CASServiceResponse
;
...
...
@@ -12,6 +9,7 @@ import org.keycloak.protocol.cas.utils.CASValidationException;
import
org.keycloak.protocol.cas.utils.ContentTypeHelper
;
import
org.keycloak.protocol.cas.utils.ServiceResponseHelper
;
import
org.keycloak.services.managers.ClientSessionCode
;
import
org.keycloak.services.util.DefaultClientSessionContext
;
import
javax.ws.rs.core.*
;
import
java.util.HashMap
;
...
...
@@ -29,8 +27,10 @@ public class ServiceValidateEndpoint extends ValidateEndpoint {
@Override
protected
Response
successResponse
()
{
UserSessionModel
userSession
=
clientSession
.
getUserSession
();
// CAS protocol does not support scopes, so pass null scopeParam
ClientSessionContext
clientSessionCtx
=
DefaultClientSessionContext
.
fromClientSessionAndScopeParameter
(
clientSession
,
null
);
Set
<
ProtocolMapperModel
>
mappings
=
new
C
lientSessionC
ode
<>(
session
,
realm
,
clientSession
).
getRequested
ProtocolMappers
();
Set
<
ProtocolMapperModel
>
mappings
=
c
lientSessionC
tx
.
get
ProtocolMappers
();
KeycloakSessionFactory
sessionFactory
=
session
.
getKeycloakSessionFactory
();
Map
<
String
,
Object
>
attributes
=
new
HashMap
<>();
for
(
ProtocolMapperModel
mapping
:
mappings
)
{
...
...
src/main/java/org/keycloak/protocol/cas/mappers/CASAttributeMapperHelper.java
View file @
b8d68606
...
...
@@ -10,14 +10,11 @@ import java.util.Map;
public
class
CASAttributeMapperHelper
{
public
static
ProtocolMapperModel
createClaimMapper
(
String
name
,
String
tokenClaimName
,
String
claimType
,
boolean
consentRequired
,
String
consentText
,
String
mapperId
)
{
ProtocolMapperModel
mapper
=
new
ProtocolMapperModel
();
mapper
.
setName
(
name
);
mapper
.
setProtocolMapper
(
mapperId
);
mapper
.
setProtocol
(
CASLoginProtocol
.
LOGIN_PROTOCOL
);
mapper
.
setConsentRequired
(
consentRequired
);
mapper
.
setConsentText
(
consentText
);
Map
<
String
,
String
>
config
=
new
HashMap
<
String
,
String
>();
config
.
put
(
OIDCAttributeMapperHelper
.
TOKEN_CLAIM_NAME
,
tokenClaimName
);
config
.
put
(
OIDCAttributeMapperHelper
.
JSON_TYPE
,
claimType
);
...
...
src/main/java/org/keycloak/protocol/cas/mappers/FullNameMapper.java
View file @
b8d68606
...
...
@@ -48,9 +48,8 @@ public class FullNameMapper extends AbstractCASProtocolMapper {
setMappedAttribute
(
attributes
,
mappingModel
,
first
+
last
);
}
public
static
ProtocolMapperModel
create
(
String
name
,
String
tokenClaimName
,
boolean
consentRequired
,
String
consentText
)
{
public
static
ProtocolMapperModel
create
(
String
name
,
String
tokenClaimName
)
{
return
CASAttributeMapperHelper
.
createClaimMapper
(
name
,
tokenClaimName
,
"String"
,
consentRequired
,
consentText
,
PROVIDER_ID
);
"String"
,
PROVIDER_ID
);
}
}
src/main/java/org/keycloak/protocol/cas/mappers/GroupMembershipMapper.java
View file @
b8d68606
...
...
@@ -69,10 +69,9 @@ public class GroupMembershipMapper extends AbstractCASProtocolMapper {
return
"true"
.
equals
(
mappingModel
.
getConfig
().
get
(
FULL_PATH
));
}
public
static
ProtocolMapperModel
create
(
String
name
,
String
tokenClaimName
,
boolean
consentRequired
,
String
consentText
,
boolean
fullPath
)
{
public
static
ProtocolMapperModel
create
(
String
name
,
String
tokenClaimName
,
boolean
fullPath
)
{
ProtocolMapperModel
mapper
=
CASAttributeMapperHelper
.
createClaimMapper
(
name
,
tokenClaimName
,
"String"
,
consentRequired
,
consentText
,
PROVIDER_ID
);
"String"
,
PROVIDER_ID
);
mapper
.
getConfig
().
put
(
FULL_PATH
,
Boolean
.
toString
(
fullPath
));
return
mapper
;
}
...
...
src/main/java/org/keycloak/protocol/cas/mappers/UserAttributeMapper.java
View file @
b8d68606
...
...
@@ -68,9 +68,9 @@ public class UserAttributeMapper extends AbstractCASProtocolMapper {
public
static
ProtocolMapperModel
create
(
String
name
,
String
userAttribute
,
String
tokenClaimName
,
String
claimType
,
boolean
consentRequired
,
String
consentText
,
boolean
multivalued
)
{
boolean
multivalued
)
{
ProtocolMapperModel
mapper
=
CASAttributeMapperHelper
.
createClaimMapper
(
name
,
tokenClaimName
,
claimType
,
consentRequired
,
consentText
,
PROVIDER_ID
);
claimType
,
PROVIDER_ID
);
mapper
.
getConfig
().
put
(
ProtocolMapperUtils
.
USER_ATTRIBUTE
,
userAttribute
);
if
(
multivalued
)
{
mapper
.
getConfig
().
put
(
ProtocolMapperUtils
.
MULTIVALUED
,
"true"
);
...
...
src/main/java/org/keycloak/protocol/cas/mappers/UserClientRoleMappingMapper.java
View file @
b8d68606
...
...
@@ -2,6 +2,7 @@ package org.keycloak.protocol.cas.mappers;
import
org.keycloak.models.*
;
import
org.keycloak.protocol.ProtocolMapperUtils
;
import
org.keycloak.protocol.oidc.TokenManager
;
import
org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper
;
import
org.keycloak.provider.ProviderConfigProperty
;
...
...
@@ -78,10 +79,7 @@ public class UserClientRoleMappingMapper extends AbstractUserRoleMappingMapper {
return
RoleModel:
:
isClientRole
;
}
ClientTemplateModel
template
=
client
.
getClientTemplate
();
boolean
useTemplateScope
=
template
!=
null
&&
client
.
useTemplateScope
();
boolean
fullScopeAllowed
=
(
useTemplateScope
&&
template
.
isFullScopeAllowed
())
||
client
.
isFullScopeAllowed
();
boolean
fullScopeAllowed
=
client
.
isFullScopeAllowed
();
Set
<
RoleModel
>
clientRoleMappings
=
client
.
getRoles
();
if
(
fullScopeAllowed
)
{
return
clientRoleMappings:
:
contains
;
...
...
@@ -89,16 +87,10 @@ public class UserClientRoleMappingMapper extends AbstractUserRoleMappingMapper {
Set
<
RoleModel
>
scopeMappings
=
new
HashSet
<>();
if
(
useTemplateScope
)
{
Set
<
RoleModel
>
templateScopeMappings
=
template
.
getScopeMappings
();
if
(
templateScopeMappings
!=
null
)
{
scopeMappings
.
addAll
(
templateScopeMappings
);
}
}
Set
<
RoleModel
>
clientScopeMappings
=
client
.
getScopeMappings
();
if
(
clientScopeMappings
!=
null
)
{
scopeMappings
.
addAll
(
clientScopeMappings
);
// CAS protocol does not support scopes, so pass null scopeParam
Set
<
ClientScopeModel
>
clientScopes
=
TokenManager
.
getRequestedClientScopes
(
null
,
client
);
for
(
ClientScopeModel
clientScope
:
clientScopes
)
{
scopeMappings
.
addAll
(
clientScope
.
getScopeMappings
());
}
return
role
->
clientRoleMappings
.
contains
(
role
)
&&
scopeMappings
.
contains
(
role
);
...
...
@@ -107,7 +99,7 @@ public class UserClientRoleMappingMapper extends AbstractUserRoleMappingMapper {
public
static
ProtocolMapperModel
create
(
String
clientId
,
String
clientRolePrefix
,
String
name
,
String
tokenClaimName
)
{
ProtocolMapperModel
mapper
=
CASAttributeMapperHelper
.
createClaimMapper
(
name
,
tokenClaimName
,
"String"
,
true
,
name
,
PROVIDER_ID
);
"String"
,
PROVIDER_ID
);
mapper
.
getConfig
().
put
(
ProtocolMapperUtils
.
USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID
,
clientId
);
mapper
.
getConfig
().
put
(
ProtocolMapperUtils
.
USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX
,
clientRolePrefix
);
return
mapper
;
...
...
src/main/java/org/keycloak/protocol/cas/mappers/UserPropertyMapper.java
View file @
b8d68606
...
...
@@ -58,10 +58,9 @@ public class UserPropertyMapper extends AbstractCASProtocolMapper {
}
public
static
ProtocolMapperModel
create
(
String
name
,
String
userAttribute
,
String
tokenClaimName
,
String
claimType
,
boolean
consentRequired
,
String
consentText
)
{
String
tokenClaimName
,
String
claimType
)
{
ProtocolMapperModel
mapper
=
CASAttributeMapperHelper
.
createClaimMapper
(
name
,
tokenClaimName
,
claimType
,
consentRequired
,
consentText
,
PROVIDER_ID
);
claimType
,
PROVIDER_ID
);
mapper
.
getConfig
().
put
(
ProtocolMapperUtils
.
USER_ATTRIBUTE
,
userAttribute
);
return
mapper
;
}
...
...
src/main/java/org/keycloak/protocol/cas/mappers/UserRealmRoleMappingMapper.java
View file @
b8d68606
...
...
@@ -60,7 +60,7 @@ public class UserRealmRoleMappingMapper extends AbstractUserRoleMappingMapper {
public
static
ProtocolMapperModel
create
(
String
realmRolePrefix
,
String
name
,
String
tokenClaimName
)
{
ProtocolMapperModel
mapper
=
CASAttributeMapperHelper
.
createClaimMapper
(
name
,
tokenClaimName
,
"String"
,
true
,
name
,
PROVIDER_ID
);
"String"
,
PROVIDER_ID
);
mapper
.
getConfig
().
put
(
ProtocolMapperUtils
.
USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX
,
realmRolePrefix
);
return
mapper
;
}
...
...
src/main/java/org/keycloak/protocol/cas/mappers/UserSessionNoteMapper.java
View file @
b8d68606
...
...
@@ -63,10 +63,9 @@ public class UserSessionNoteMapper extends AbstractCASProtocolMapper {
public
static
ProtocolMapperModel
create
(
String
name
,
String
userSessionNote
,
String
tokenClaimName
,
String
jsonType
,
boolean
consentRequired
,
String
consentText
)
{
String
tokenClaimName
,
String
jsonType
)
{
ProtocolMapperModel
mapper
=
CASAttributeMapperHelper
.
createClaimMapper
(
name
,
tokenClaimName
,
jsonType
,
consentRequired
,
consentText
,
PROVIDER_ID
);
jsonType
,
PROVIDER_ID
);
mapper
.
getConfig
().
put
(
ProtocolMapperUtils
.
USER_SESSION_NOTE
,
userSessionNote
);
return
mapper
;
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment