Skip to content

Commit d9cb1fc

Browse files
patriot1burkepatriot1burke
committed
Merge remote-tracking branch 'upstream/master'
2 parents 1654be0 + d594416 commit d9cb1fc

File tree

46 files changed

+666
-300
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

46 files changed

+666
-300
lines changed

broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -289,10 +289,9 @@ protected JsonWebToken validateToken(PublicKey key, String encodedToken) {
289289
}
290290
JsonWebToken token = jws.readJsonContent(JsonWebToken.class);
291291

292-
String aud = token.getAudience();
293292
String iss = token.getIssuer();
294293

295-
if (aud != null && !aud.equals(getConfig().getClientId())) {
294+
if (!token.hasAudience(getConfig().getClientId())) {
296295
throw new IdentityBrokerException("Wrong audience from token.");
297296
}
298297

core/src/main/java/org/keycloak/json/StringOrArrayDeserializer.java

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
package org.keycloak.json;
2+
3+
import org.codehaus.jackson.JsonNode;
4+
import org.codehaus.jackson.JsonParser;
5+
import org.codehaus.jackson.JsonProcessingException;
6+
import org.codehaus.jackson.map.DeserializationContext;
7+
import org.codehaus.jackson.map.JsonDeserializer;
8+
9+
import java.io.IOException;
10+
import java.util.ArrayList;
11+
import java.util.Iterator;
12+
13+
public class StringOrArrayDeserializer extends JsonDeserializer<Object> {
14+
15+
@Override
16+
public Object deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException {
17+
JsonNode jsonNode = jsonParser.readValueAsTree();
18+
if (jsonNode.isArray()) {
19+
ArrayList<String> a = new ArrayList<>(1);
20+
Iterator<JsonNode> itr = jsonNode.iterator();
21+
while (itr.hasNext()) {
22+
a.add(itr.next().getTextValue());
23+
}
24+
return a.toArray(new String[a.size()]);
25+
} else {
26+
return new String[] { jsonNode.getTextValue() };
27+
}
28+
}
29+
30+
}

core/src/main/java/org/keycloak/json/StringOrArraySerializer.java

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
package org.keycloak.json;
2+
3+
import org.codehaus.jackson.JsonGenerator;
4+
import org.codehaus.jackson.map.JsonSerializer;
5+
import org.codehaus.jackson.map.SerializerProvider;
6+
7+
import java.io.IOException;
8+
9+
public class StringOrArraySerializer extends JsonSerializer<Object> {
10+
@Override
11+
public void serialize(Object o, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
12+
String[] array = (String[]) o;
13+
if (array == null) {
14+
jsonGenerator.writeNull();
15+
} else if (array.length == 1) {
16+
jsonGenerator.writeString(array[0]);
17+
} else {
18+
jsonGenerator.writeStartArray();
19+
for (String s : array) {
20+
jsonGenerator.writeString(s);
21+
}
22+
jsonGenerator.writeEndArray();
23+
}
24+
}
25+
}

core/src/main/java/org/keycloak/representations/AccessToken.java

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -163,11 +163,6 @@ public AccessToken issuer(String issuer) {
163163
return (AccessToken) super.issuer(issuer);
164164
}
165165

166-
@Override
167-
public AccessToken audience(String audience) {
168-
return (AccessToken) super.audience(audience);
169-
}
170-
171166
@Override
172167
public AccessToken subject(String subject) {
173168
return (AccessToken) super.subject(subject);

core/src/main/java/org/keycloak/representations/IDToken.java

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,6 @@
11
package org.keycloak.representations;
22

3-
import org.codehaus.jackson.annotate.JsonAnyGetter;
4-
import org.codehaus.jackson.annotate.JsonAnySetter;
53
import org.codehaus.jackson.annotate.JsonProperty;
6-
import org.codehaus.jackson.annotate.JsonUnwrapped;
7-
8-
import java.util.HashMap;
9-
import java.util.Map;
104

115
/**
126
* @author <a href="mailto:[email protected]">Bill Burke</a>

core/src/main/java/org/keycloak/representations/JsonWebToken.java

Lines changed: 20 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@
44
import org.codehaus.jackson.annotate.JsonAnySetter;
55
import org.codehaus.jackson.annotate.JsonIgnore;
66
import org.codehaus.jackson.annotate.JsonProperty;
7+
import org.codehaus.jackson.map.annotate.JsonDeserialize;
8+
import org.codehaus.jackson.map.annotate.JsonSerialize;
9+
import org.keycloak.json.StringOrArrayDeserializer;
10+
import org.keycloak.json.StringOrArraySerializer;
711
import org.keycloak.util.Time;
812

913
import java.io.Serializable;
@@ -26,14 +30,16 @@ public class JsonWebToken implements Serializable {
2630
@JsonProperty("iss")
2731
protected String issuer;
2832
@JsonProperty("aud")
29-
protected String audience;
33+
@JsonSerialize(using = StringOrArraySerializer.class)
34+
@JsonDeserialize(using = StringOrArrayDeserializer.class)
35+
protected String[] audience;
3036
@JsonProperty("sub")
3137
protected String subject;
3238
@JsonProperty("typ")
3339
protected String type;
3440
@JsonProperty("azp")
3541
public String issuedFor;
36-
protected Map<String, Object> otherClaims = new HashMap<String, Object>();
42+
protected Map<String, Object> otherClaims = new HashMap<>();
3743

3844
public String getId() {
3945
return id;
@@ -72,7 +78,6 @@ public JsonWebToken notBefore(int notBefore) {
7278
@JsonIgnore
7379
public boolean isNotBefore() {
7480
return Time.currentTime() >= notBefore;
75-
7681
}
7782

7883
/**
@@ -113,12 +118,21 @@ public JsonWebToken issuer(String issuer) {
113118
return this;
114119
}
115120

116-
117-
public String getAudience() {
121+
@JsonIgnore
122+
public String[] getAudience() {
118123
return audience;
119124
}
120125

121-
public JsonWebToken audience(String audience) {
126+
public boolean hasAudience(String audience) {
127+
for (String a : this.audience) {
128+
if (a.equals(audience)) {
129+
return true;
130+
}
131+
}
132+
return false;
133+
}
134+
135+
public JsonWebToken audience(String... audience) {
122136
this.audience = audience;
123137
return this;
124138
}

core/src/main/java/org/keycloak/util/JsonSerialization.java

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@
33
import org.codehaus.jackson.map.ObjectMapper;
44
import org.codehaus.jackson.map.SerializationConfig;
55
import org.codehaus.jackson.map.annotate.JsonSerialize;
6-
import org.codehaus.jackson.type.TypeReference;
76

87
import java.io.IOException;
98
import java.io.InputStream;

core/src/test/java/org/keycloak/jose/JsonWebTokenTest.java

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
package org.keycloak.jose;
2+
3+
import org.junit.Test;
4+
import org.keycloak.representations.JsonWebToken;
5+
import org.keycloak.util.JsonSerialization;
6+
7+
import java.io.IOException;
8+
9+
import static org.junit.Assert.*;
10+
11+
/**
12+
* Created by st on 20.08.15.
13+
*/
14+
public class JsonWebTokenTest {
15+
16+
@Test
17+
public void testAudSingle() throws IOException {
18+
String single = "{ \"aud\": \"test\" }";
19+
JsonWebToken s = JsonSerialization.readValue(single, JsonWebToken.class);
20+
assertArrayEquals(new String[] { "test" }, s.getAudience());
21+
}
22+
23+
@Test
24+
public void testAudArray() throws IOException {
25+
String single = "{ \"aud\": [\"test\"] }";
26+
JsonWebToken s = JsonSerialization.readValue(single, JsonWebToken.class);
27+
assertArrayEquals(new String[]{"test"}, s.getAudience());
28+
}
29+
30+
@Test
31+
public void test() throws IOException {
32+
JsonWebToken jsonWebToken = new JsonWebToken();
33+
jsonWebToken.audience("test");
34+
assertTrue(JsonSerialization.writeValueAsPrettyString(jsonWebToken).contains("\"aud\" : \"test\""));
35+
}
36+
37+
@Test
38+
public void testArray() throws IOException {
39+
JsonWebToken jsonWebToken = new JsonWebToken();
40+
jsonWebToken.audience("test", "test2");
41+
assertTrue(JsonSerialization.writeValueAsPrettyString(jsonWebToken).contains("\"aud\" : [ \"test\", \"test2\" ]"));
42+
}
43+
44+
}

docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,14 @@
104104
impacts on performance.
105105
</para>
106106
</simplesect>
107+
<simplesect>
108+
<title>Contact details removed from registration and account management</title>
109+
<para>
110+
In the default theme we have now removed the contact details from the registration page and account management. The admin console now lists
111+
all the users attributes, not just contact specific attributes. The admin console also has the ability to add/remove attributes to a user.
112+
If you want to add contact details, please refer to the address theme included in the examples.
113+
</para>
114+
</simplesect>
107115
</section>
108116
<section>
109117
<title>Migrating to 1.3.0.Final</title>

docbook/reference/en/en-US/modules/javascript-adapter.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -177,6 +177,7 @@ new Keycloak({ url: 'http://localhost/auth', realm: 'myrealm', clientId: 'myApp'
177177
<listitem>resourceAccess - the resource roles assocaited with the token</listitem>
178178
<listitem>refreshToken - the base64 encoded token that can be used to retrieve a new token</listitem>
179179
<listitem>refreshTokenParsed - the parsed refresh token</listitem>
180+
<listitem>timeSkew - estimated skew between local time and Keycloak server in seconds</listitem>
180181
</itemizedlist>
181182
</section>
182183

0 commit comments

Comments
 (0)