use of org.keycloak.admin.client.resource.RealmResource in project ART-TIME by Artezio.
the class KeycloakClient method populateCache.
@Timeout
protected void populateCache() {
RealmResource realm = getRealm();
List<UserRepresentation> users = loadUsers(realm);
Set<String> departments = loadDepartments(users);
Map<String, List<UserInfo>> groupTeams = loadUserGroups(users, realm);
this.cache = new Cache(toUserInfo(users), departments, groupTeams);
}
use of org.keycloak.admin.client.resource.RealmResource in project ART-TIME by Artezio.
the class KeycloakClientTest method testLoadUserGroups.
@Test
public void testLoadUserGroups() throws NoSuchFieldException {
keycloakClient = createMockBuilder(KeycloakClient.class).addMockedMethod("listGroups", UserRepresentation.class, RealmResource.class).createMock();
setField(keycloakClient, "settings", settings);
String departmentAttribute = "department";
settings.setKeycloakUserDepartmentAttribute(departmentAttribute);
String username1 = "user1";
String username2 = "user2";
String username3 = "user3";
String group1 = "grp1";
String group2 = "grp2";
String group3 = "grp3";
Map<String, List<String>> user1attributes = new HashMap<>();
Map<String, List<String>> user2attributes = new HashMap<>();
Map<String, List<String>> user3attributes = new HashMap<>();
List<String> user1groups = Arrays.asList(group1, group2);
List<String> user2groups = Arrays.asList(group1, group3);
List<String> user3groups = Arrays.asList(group3);
user1attributes.put(departmentAttribute, user1groups);
user2attributes.put(departmentAttribute, user2groups);
user3attributes.put(departmentAttribute, user3groups);
UserRepresentation user1 = new UserRepresentation();
UserRepresentation user2 = new UserRepresentation();
UserRepresentation user3 = new UserRepresentation();
user1.setUsername(username1);
user2.setUsername(username2);
user3.setUsername(username3);
user1.setAttributes(user1attributes);
user2.setAttributes(user2attributes);
user3.setAttributes(user3attributes);
RealmResource mockRealm = mock(RealmResource.class);
expect(keycloakClient.listGroups(user1, mockRealm)).andReturn(new HashSet<>(user1groups));
expect(keycloakClient.listGroups(user2, mockRealm)).andReturn(new HashSet<>(user2groups));
expect(keycloakClient.listGroups(user3, mockRealm)).andReturn(new HashSet<>(user3groups));
replay(keycloakClient);
Map<String, List<UserInfo>> actual = keycloakClient.loadUserGroups(Arrays.asList(user1, user2, user3), mockRealm);
verify(keycloakClient);
assertTrue(actual.containsKey(group1));
assertTrue(actual.containsKey(group2));
assertTrue(actual.containsKey(group3));
List<UserInfo> userInfosGroup1 = actual.get(group1);
List<UserInfo> userInfosGroup2 = actual.get(group2);
List<UserInfo> userInfosGroup3 = actual.get(group3);
assertTrue(userInfosGroup1.stream().anyMatch(u -> u.getUsername().equals(username1)));
assertTrue(userInfosGroup1.stream().anyMatch(u -> u.getUsername().equals(username2)));
assertFalse(userInfosGroup1.stream().anyMatch(u -> u.getUsername().equals(username3)));
assertTrue(userInfosGroup2.stream().anyMatch(u -> u.getUsername().equals(username1)));
assertFalse(userInfosGroup2.stream().anyMatch(u -> u.getUsername().equals(username2)));
assertFalse(userInfosGroup2.stream().anyMatch(u -> u.getUsername().equals(username3)));
assertFalse(userInfosGroup3.stream().anyMatch(u -> u.getUsername().equals(username1)));
assertTrue(userInfosGroup3.stream().anyMatch(u -> u.getUsername().equals(username2)));
assertTrue(userInfosGroup3.stream().anyMatch(u -> u.getUsername().equals(username3)));
}
use of org.keycloak.admin.client.resource.RealmResource in project ART-TIME by Artezio.
the class KeycloakClientTest method testPopulateCache.
@Test
public void testPopulateCache() {
keycloakClient = createMockBuilder(KeycloakClient.class).addMockedMethod("loadUsers", RealmResource.class).addMockedMethod("loadDepartments", List.class).addMockedMethod("loadUserGroups", List.class, RealmResource.class).addMockedMethod("toUserInfo", List.class).addMockedMethod("getRealm").createMock();
RealmResource mockRealm = createMock(RealmResource.class);
List<UserRepresentation> usersList = new ArrayList<>();
Set<String> departments = new HashSet<>();
expect(keycloakClient.getRealm()).andReturn(mockRealm);
expect(keycloakClient.loadUsers(mockRealm)).andReturn(usersList);
expect(keycloakClient.loadDepartments(usersList)).andReturn(departments);
expect(keycloakClient.loadUserGroups(usersList, mockRealm)).andReturn(Collections.emptyMap());
UserInfo userInfo = new UserInfo("username", null, null, null, null);
expect(keycloakClient.toUserInfo(anyObject(List.class))).andReturn(Arrays.asList(userInfo)).anyTimes();
replay(keycloakClient);
keycloakClient.populateCache();
verify(keycloakClient);
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class BrokerLinkAndTokenExchangeTest method testAccountLinkNoTokenStore.
@Test
@UncaughtServerErrorExpected
public void testAccountLinkNoTokenStore() throws Exception {
testingClient.server().run(BrokerLinkAndTokenExchangeTest::turnOffTokenStore);
RealmResource realm = adminClient.realms().realm(CHILD_IDP);
List<FederatedIdentityRepresentation> links = realm.users().get(childUserId).getFederatedIdentity();
Assert.assertTrue(links.isEmpty());
UriBuilder linkBuilder = UriBuilder.fromUri(appPage.getInjectedUrl().toString()).path("link");
String linkUrl = linkBuilder.clone().queryParam("realm", CHILD_IDP).queryParam("provider", PARENT_IDP).build().toString();
System.out.println("linkUrl: " + linkUrl);
navigateTo(linkUrl);
Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
Assert.assertTrue(driver.getPageSource().contains(PARENT_IDP));
loginPage.login("child", "password");
Assert.assertTrue(loginPage.isCurrent(PARENT_IDP));
loginPage.login(PARENT_USERNAME, "password");
System.out.println("After linking: " + driver.getCurrentUrl());
System.out.println(driver.getPageSource());
Assert.assertTrue(driver.getCurrentUrl().startsWith(linkBuilder.toTemplate()));
Assert.assertTrue(driver.getPageSource().contains("Account Linked"));
Assert.assertTrue(driver.getPageSource().contains("Exchange token received"));
links = realm.users().get(childUserId).getFederatedIdentity();
Assert.assertFalse(links.isEmpty());
logoutAll();
realm.users().get(childUserId).removeFederatedIdentity(PARENT_IDP);
links = realm.users().get(childUserId).getFederatedIdentity();
Assert.assertTrue(links.isEmpty());
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class BrokerLinkAndTokenExchangeTest method testAccountLink.
@Test
@UncaughtServerErrorExpected
public void testAccountLink() throws Exception {
testingClient.server().run(BrokerLinkAndTokenExchangeTest::turnOnTokenStore);
RealmResource realm = adminClient.realms().realm(CHILD_IDP);
List<FederatedIdentityRepresentation> links = realm.users().get(childUserId).getFederatedIdentity();
Assert.assertTrue(links.isEmpty());
String servletUri = appPage.getInjectedUrl().toString();
UriBuilder linkBuilder = UriBuilder.fromUri(servletUri).path("link");
String linkUrl = linkBuilder.clone().queryParam("realm", CHILD_IDP).queryParam("provider", PARENT_IDP).build().toString();
System.out.println("linkUrl: " + linkUrl);
navigateTo(linkUrl);
Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
Assert.assertTrue(driver.getPageSource().contains(PARENT_IDP));
loginPage.login("child", "password");
Assert.assertTrue(loginPage.isCurrent(PARENT_IDP));
loginPage.login(PARENT_USERNAME, "password");
System.out.println("After linking: " + driver.getCurrentUrl());
System.out.println(driver.getPageSource());
Assert.assertTrue(driver.getCurrentUrl().startsWith(linkBuilder.toTemplate()));
Assert.assertTrue(driver.getPageSource().contains("Account Linked"));
Assert.assertTrue(driver.getPageSource().contains("Exchange token received"));
links = realm.users().get(childUserId).getFederatedIdentity();
Assert.assertFalse(links.isEmpty());
// do exchange
String accessToken = oauth.doGrantAccessTokenRequest(CHILD_IDP, "child", "password", null, ClientApp.DEPLOYMENT_NAME, "password").getAccessToken();
Client httpClient = AdminClientUtil.createResteasyClient();
try {
WebTarget exchangeUrl = childTokenExchangeWebTarget(httpClient);
System.out.println("Exchange url: " + exchangeUrl.getUri().toString());
Response response = exchangeUrl.request().header(HttpHeaders.AUTHORIZATION, BasicAuthHelper.createHeader(ClientApp.DEPLOYMENT_NAME, "password")).post(Entity.form(new Form().param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.TOKEN_EXCHANGE_GRANT_TYPE).param(OAuth2Constants.SUBJECT_TOKEN, accessToken).param(OAuth2Constants.SUBJECT_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE).param(OAuth2Constants.REQUESTED_ISSUER, PARENT_IDP)));
Assert.assertEquals(200, response.getStatus());
AccessTokenResponse tokenResponse = response.readEntity(AccessTokenResponse.class);
response.close();
String externalToken = tokenResponse.getToken();
Assert.assertNotNull(externalToken);
Assert.assertTrue(tokenResponse.getExpiresIn() > 0);
setTimeOffset((int) tokenResponse.getExpiresIn() + 1);
// test that token refresh happens
// get access token again because we may have timed out
accessToken = oauth.doGrantAccessTokenRequest(CHILD_IDP, "child", "password", null, ClientApp.DEPLOYMENT_NAME, "password").getAccessToken();
response = exchangeUrl.request().header(HttpHeaders.AUTHORIZATION, BasicAuthHelper.createHeader(ClientApp.DEPLOYMENT_NAME, "password")).post(Entity.form(new Form().param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.TOKEN_EXCHANGE_GRANT_TYPE).param(OAuth2Constants.SUBJECT_TOKEN, accessToken).param(OAuth2Constants.SUBJECT_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE).param(OAuth2Constants.REQUESTED_ISSUER, PARENT_IDP)));
Assert.assertEquals(200, response.getStatus());
tokenResponse = response.readEntity(AccessTokenResponse.class);
response.close();
Assert.assertNotEquals(externalToken, tokenResponse.getToken());
// test direct exchange
response = exchangeUrl.request().header(HttpHeaders.AUTHORIZATION, BasicAuthHelper.createHeader("direct-exchanger", "secret")).post(Entity.form(new Form().param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.TOKEN_EXCHANGE_GRANT_TYPE).param(OAuth2Constants.REQUESTED_SUBJECT, "child").param(OAuth2Constants.REQUESTED_ISSUER, PARENT_IDP)));
Assert.assertEquals(200, response.getStatus());
tokenResponse = response.readEntity(AccessTokenResponse.class);
response.close();
Assert.assertNotEquals(externalToken, tokenResponse.getToken());
logoutAll();
realm.users().get(childUserId).removeFederatedIdentity(PARENT_IDP);
links = realm.users().get(childUserId).getFederatedIdentity();
Assert.assertTrue(links.isEmpty());
} finally {
httpClient.close();
}
}
Aggregations