use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class ConsentsTest method createUser.
@Before
public void createUser() {
log.debug("creating user for realm " + providerRealmName());
UserRepresentation user = new UserRepresentation();
user.setUsername(getUserLogin());
user.setEmail(getUserEmail());
user.setFirstName(getUserFirstName());
user.setLastName(getUserLastName());
user.setEmailVerified(true);
user.setEnabled(true);
RealmResource realmResource = adminClient.realm(providerRealmName());
String userId = createUserWithAdminClient(realmResource, user);
resetUserPassword(realmResource.users().get(userId), getUserPassword(), false);
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class ConsentsTest method testConsentWithAdditionalClientAttributes.
@Test
public void testConsentWithAdditionalClientAttributes() {
// setup account client to require consent
RealmResource providerRealm = adminClient.realm(providerRealmName());
ClientResource accountClient = findClientByClientId(providerRealm, "account");
ClientRepresentation clientRepresentation = accountClient.toRepresentation();
clientRepresentation.setConsentRequired(true);
clientRepresentation.getAttributes().put(ClientModel.LOGO_URI, "https://www.keycloak.org/resources/images/keycloak_logo_480x108.png");
clientRepresentation.getAttributes().put(ClientModel.POLICY_URI, "https://www.keycloak.org/policy");
clientRepresentation.getAttributes().put(ClientModel.TOS_URI, "https://www.keycloak.org/tos");
accountClient.update(clientRepresentation);
// setup correct realm
accountPage.setAuthRealm(providerRealmName());
// navigate to account console and login
accountPage.navigateTo();
loginPage.form().login(getUserLogin(), getUserPassword());
consentPage.assertCurrent();
assertTrue("logoUri must be presented", driver.findElement(By.xpath("//img[@src='https://www.keycloak.org/resources/images/keycloak_logo_480x108.png']")).isDisplayed());
assertTrue("policyUri must be presented", driver.findElement(By.xpath("//a[@href='https://www.keycloak.org/policy']")).isDisplayed());
assertTrue("tosUri must be presented", driver.findElement(By.xpath("//a[@href='https://www.keycloak.org/tos']")).isDisplayed());
consentPage.confirm();
// successful login
accountPage.assertCurrent();
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class ConsentsTest method addClients.
@Before
public void addClients() {
List<ClientRepresentation> clients = createProviderClients();
if (clients != null) {
RealmResource providerRealm = adminClient.realm(providerRealmName());
for (ClientRepresentation client : clients) {
log.debug("adding client " + client.getName() + " to realm " + providerRealmName());
providerRealm.clients().create(client);
}
}
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class PermissionsTest method clientScopes.
@Test
public void clientScopes() {
invoke((RealmResource realm) -> {
realm.clientScopes().findAll();
}, Resource.CLIENT, false, true);
invoke((RealmResource realm, AtomicReference<Response> response) -> {
ClientScopeRepresentation scope = new ClientScopeRepresentation();
scope.setName("scope");
response.set(realm.clientScopes().create(scope));
}, Resource.CLIENT, true);
ClientScopeRepresentation scope = adminClient.realms().realm(REALM_NAME).clientScopes().findAll().get(0);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).toRepresentation();
}, Resource.CLIENT, false);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).update(scope);
}, Resource.CLIENT, true);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).remove();
realm.clientScopes().create(scope);
}, Resource.CLIENT, true);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getProtocolMappers().getMappers();
}, Resource.CLIENT, false, true);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getProtocolMappers().getMappersPerProtocol("nosuch");
}, Resource.CLIENT, false, true);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getProtocolMappers().getMapperById("nosuch");
}, Resource.CLIENT, false, true);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getProtocolMappers().update("nosuch", new ProtocolMapperRepresentation());
}, Resource.CLIENT, true);
invoke((RealmResource realm, AtomicReference<Response> response) -> {
response.set(realm.clientScopes().get(scope.getId()).getProtocolMappers().createMapper(new ProtocolMapperRepresentation()));
}, Resource.CLIENT, true);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getProtocolMappers().createMapper(Collections.<ProtocolMapperRepresentation>emptyList());
}, Resource.CLIENT, true);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getProtocolMappers().delete("nosuch");
}, Resource.CLIENT, true);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getScopeMappings().getAll();
}, Resource.CLIENT, false);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getScopeMappings().realmLevel().listAll();
}, Resource.CLIENT, false);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getScopeMappings().realmLevel().listAvailable();
}, Resource.CLIENT, false);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getScopeMappings().realmLevel().listEffective();
}, Resource.CLIENT, false);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getScopeMappings().realmLevel().add(Collections.<RoleRepresentation>emptyList());
}, Resource.CLIENT, true);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getScopeMappings().realmLevel().remove(Collections.<RoleRepresentation>emptyList());
}, Resource.CLIENT, true);
ClientRepresentation realmAccessClient = adminClient.realms().realm(REALM_NAME).clients().findByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID).get(0);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getScopeMappings().clientLevel(realmAccessClient.getId()).listAll();
}, Resource.CLIENT, false);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getScopeMappings().clientLevel(realmAccessClient.getId()).listAvailable();
}, Resource.CLIENT, false);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getScopeMappings().clientLevel(realmAccessClient.getId()).listEffective();
}, Resource.CLIENT, false);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getScopeMappings().clientLevel(realmAccessClient.getId()).add(Collections.<RoleRepresentation>emptyList());
}, Resource.CLIENT, true);
invoke((RealmResource realm) -> {
realm.clientScopes().get(scope.getId()).getScopeMappings().clientLevel(realmAccessClient.getId()).remove(Collections.<RoleRepresentation>emptyList());
}, Resource.CLIENT, true);
// this should throw forbidden as "query-users" role isn't enough
invoke(new Invocation() {
public void invoke(RealmResource realm) {
clients.get(AdminRoles.QUERY_USERS).realm(REALM_NAME).clientScopes().findAll();
}
}, clients.get(AdminRoles.QUERY_USERS), false);
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class PermissionsTest method rolesById.
@Test
public void rolesById() {
RoleRepresentation newRole = new RoleRepresentation();
newRole.setName("role-by-id");
adminClient.realm(REALM_NAME).roles().create(newRole);
RoleRepresentation role = adminClient.realm(REALM_NAME).roles().get("role-by-id").toRepresentation();
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.rolesById().getRole(role.getId());
}
}, Resource.REALM, false, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.rolesById().updateRole(role.getId(), role);
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.rolesById().deleteRole(role.getId());
// need to recreate for other tests
realm.roles().create(newRole);
RoleRepresentation temp = realm.roles().get("role-by-id").toRepresentation();
role.setId(temp.getId());
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.rolesById().getRoleComposites(role.getId());
}
}, Resource.REALM, false, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.rolesById().addComposites(role.getId(), Collections.<RoleRepresentation>emptyList());
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.rolesById().deleteComposites(role.getId(), Collections.<RoleRepresentation>emptyList());
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.rolesById().getRoleComposites(role.getId());
}
}, Resource.REALM, false, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.rolesById().getRealmRoleComposites(role.getId());
}
}, Resource.REALM, false, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.rolesById().getClientRoleComposites(role.getId(), KeycloakModelUtils.generateId());
}
}, Resource.REALM, false, true);
adminClient.realm(REALM_NAME).roles().deleteRole("role-by-id");
}
Aggregations