Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

public modifiers #1

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

public modifiers #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e98c976
public modifiers
xgp Sep 18, 2023
ae956f9
remove comment
xgp Sep 18, 2023
c01b18e
added ManagementPermissions hack
xgp Sep 18, 2023
a52bf49
simplified-ish the auth setup
xgp Sep 19, 2023
d1614fe
added EventBuilder to AbstractAdminResource
xgp Sep 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion COPYING
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright [yyyy] [name of copyright owner]
Copyright 2023 Phase Two, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/io/phasetwo/keycloak/ext/auth/BaseAuthenticatorFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@ public abstract class BaseAuthenticatorFactory
private final String providerId;
private final AuthenticatorConfigProperties propsProvider;

BaseAuthenticatorFactory(String providerId) {
public BaseAuthenticatorFactory(String providerId) {
this(providerId, new AuthenticatorConfigProperties() {});
}

BaseAuthenticatorFactory(String providerId, AuthenticatorConfigProperties propsProvider) {
public BaseAuthenticatorFactory(String providerId, AuthenticatorConfigProperties propsProvider) {
this.providerId = providerId;
this.propsProvider = propsProvider;
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/io/phasetwo/keycloak/ext/model/jpa/entity/Entities.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

public class Entities {

static <T> void setCollection(Collection<T> src, Collection<T> dest) {
public static <T> void setCollection(Collection<T> src, Collection<T> dest) {
if (dest == null) {
dest = src;
} else if (dest != src) {
Expand Down
51 changes: 20 additions & 31 deletions src/main/java/io/phasetwo/keycloak/ext/resource/AbstractAdminResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,11 @@
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.UriInfo;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import lombok.extern.jbosslog.JBossLog;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.Config;
import org.keycloak.common.ClientConnection;
import org.keycloak.events.EventBuilder;
import org.keycloak.http.HttpRequest;
import org.keycloak.http.HttpResponse;
import org.keycloak.jose.jws.JWSInput;
Expand All @@ -28,6 +25,7 @@
import org.keycloak.services.resources.admin.AdminEventBuilder;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.services.resources.admin.permissions.ManagementPermissions;

/** */
@JBossLog
Expand All @@ -42,6 +40,7 @@ public abstract class AbstractAdminResource<T extends AdminAuth> {
protected T auth;
protected AdminPermissionEvaluator permissions;
protected AdminEventBuilder adminEvent;
protected EventBuilder event;
protected UserModel user;
protected RealmModel adminRealm;

Expand All @@ -64,13 +63,27 @@ protected AbstractAdminResource(AbstractAdminResource<T> parent) {
this.adminRealm = parent.adminRealm;
}

public T createAdminAuth(
RealmModel realm, AccessToken token, UserModel user, ClientModel client) {
return (T) new AdminAuth(realm, token, user, client);
}

public final void setup() {
setupAuth();
setupEvents();
setupPermissions();
setupCors();
}

public void requireAdminRole(String role) {
if (!hasAdminRole(role))
throw new NotAuthorizedException(String.format("%s role is required", role));
}

public boolean hasAdminRole(String role) {
return ManagementPermissions.hasOneAdminRole(session, realm, auth, role);
}

private void setupCors() {
HttpRequest request = session.getContext().getHttpRequest();
HttpResponse response = session.getContext().getHttpResponse();
Expand Down Expand Up @@ -132,39 +145,15 @@ private void setupAuth() {
throw new NotFoundException("Could not find client for authorization");
}

user = authResult.getUser();

Type genericSuperClass = getClass().getGenericSuperclass();
ParameterizedType parametrizedType = null;
while (parametrizedType == null) {
if ((genericSuperClass instanceof ParameterizedType)) {
parametrizedType = (ParameterizedType) genericSuperClass;
} else {
genericSuperClass = ((Class<?>) genericSuperClass).getGenericSuperclass();
}
}

Class clazz = (Class) parametrizedType.getActualTypeArguments()[0];

try {
Constructor<? extends Type> constructor =
clazz.getConstructor(
RealmModel.class, AccessToken.class, UserModel.class, ClientModel.class);
auth = (T) constructor.newInstance(new Object[] {this.realm, token, user, client});
} catch (NoSuchMethodException
| SecurityException
| InstantiationException
| IllegalAccessException
| IllegalArgumentException
| InvocationTargetException ex) {
log.error("Failed to instantiate AdminAuth instance", ex);
}
this.user = authResult.getUser();
auth = createAdminAuth(this.realm, token, this.user, client);
}

private void setupEvents() {
adminEvent =
new AdminEventBuilder(this.realm, auth, session, session.getContext().getConnection())
.realm(realm);
event = new EventBuilder(this.realm, session, connection).realm(realm);
}

private void setupPermissions() {
Expand Down
1 change: 0 additions & 1 deletion src/main/java/io/phasetwo/keycloak/ext/util/Stats.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@
public class Stats {

public static final String PHASETWO_ANALYTICS_DISABLED_KEY = "PHASETWO_ANALYTICS_DISABLED";
// todo make a redirect
public static final String PHASETWO_ANALYTICS_URL = "https://eooemvvcxy5k16a.m.pipedream.net";

public static void collect(String name, String version, String commit, Object... args) {
Expand Down
13 changes: 13 additions & 0 deletions src/main/java/org/keycloak/services/resources/admin/permissions/ManagementPermissions.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
package org.keycloak.services.resources.admin.permissions;

import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.resources.admin.AdminAuth;

// I'm not sure if this is a good idea, but it seems to be the only way to get admin permissions
public class ManagementPermissions {
public static boolean hasOneAdminRole(
KeycloakSession session, RealmModel realm, AdminAuth auth, String... adminRoles) {
return new MgmtPermissions(session, realm, auth).hasOneAdminRole(adminRoles);
}
}