use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class RealmTest method createRealmWithPasswordPolicyFromJsonWithValidPasswords.
// KEYCLOAK-6146
@Test
public void createRealmWithPasswordPolicyFromJsonWithValidPasswords() {
RealmRepresentation rep = loadJson(getClass().getResourceAsStream("/import/testrealm-keycloak-6146.json"), RealmRepresentation.class);
try (Creator<RealmResource> c = Creator.create(adminClient, rep)) {
RealmRepresentation created = c.resource().toRepresentation();
assertRealm(rep, created);
}
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class GroupTest method doNotAllowSameGroupNameAtSameLevelWhenUpdatingName.
@Test
public // KEYCLOAK-11412 Unintended Groups with same names
void doNotAllowSameGroupNameAtSameLevelWhenUpdatingName() throws Exception {
RealmResource realm = adminClient.realms().realm("test");
GroupRepresentation topGroup = new GroupRepresentation();
topGroup.setName("top1");
topGroup = createGroup(realm, topGroup);
GroupRepresentation anotherTopGroup = new GroupRepresentation();
anotherTopGroup.setName("top2");
anotherTopGroup = createGroup(realm, anotherTopGroup);
anotherTopGroup.setName("top1");
try {
realm.groups().group(anotherTopGroup.getId()).update(anotherTopGroup);
Assert.fail("Expected ClientErrorException");
} catch (ClientErrorException e) {
// conflict status 409 - same name not allowed
assertEquals("HTTP 409 Conflict", e.getMessage());
}
GroupRepresentation level2Group = new GroupRepresentation();
level2Group.setName("level2-1");
addSubGroup(realm, topGroup, level2Group);
GroupRepresentation anotherlevel2Group = new GroupRepresentation();
anotherlevel2Group.setName("level2-2");
addSubGroup(realm, topGroup, anotherlevel2Group);
anotherlevel2Group.setName("level2-1");
try {
realm.groups().group(anotherlevel2Group.getId()).update(anotherlevel2Group);
Assert.fail("Expected ClientErrorException");
} catch (ClientErrorException e) {
// conflict status 409 - same name not allowed
assertEquals("HTTP 409 Conflict", e.getMessage());
}
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class GroupTest method roleMappings.
@Test
public void roleMappings() {
RealmResource realm = adminClient.realms().realm("test");
createRealmRole(realm, RoleBuilder.create().name("realm-role").build());
createRealmRole(realm, RoleBuilder.create().name("realm-composite").build());
createRealmRole(realm, RoleBuilder.create().name("realm-child").build());
realm.roles().get("realm-composite").addComposites(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
try (Response response = realm.clients().create(ClientBuilder.create().clientId("myclient").build())) {
String clientId = ApiUtil.getCreatedId(response);
getCleanup().addClientUuid(clientId);
realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-role").build());
realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-role2").build());
realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-composite").build());
realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-child").build());
realm.clients().get(clientId).roles().get("client-composite").addComposites(Collections.singletonList(realm.clients().get(clientId).roles().get("client-child").toRepresentation()));
// Roles+clients tested elsewhere
assertAdminEvents.clear();
GroupRepresentation group = new GroupRepresentation();
group.setName("group");
String groupId = createGroup(realm, group).getId();
RoleMappingResource roles = realm.groups().group(groupId).roles();
assertEquals(0, roles.realmLevel().listAll().size());
// Add realm roles
List<RoleRepresentation> l = new LinkedList<>();
l.add(realm.roles().get("realm-role").toRepresentation());
l.add(realm.roles().get("realm-composite").toRepresentation());
roles.realmLevel().add(l);
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), l, ResourceType.REALM_ROLE_MAPPING);
// Add client roles
RoleRepresentation clientRole = realm.clients().get(clientId).roles().get("client-role").toRepresentation();
RoleRepresentation clientComposite = realm.clients().get(clientId).roles().get("client-composite").toRepresentation();
roles.clientLevel(clientId).add(Collections.singletonList(clientRole));
roles.clientLevel(clientId).add(Collections.singletonList(clientComposite));
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRole), ResourceType.CLIENT_ROLE_MAPPING);
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientComposite), ResourceType.CLIENT_ROLE_MAPPING);
// List realm roles
assertNames(roles.realmLevel().listAll(), "realm-role", "realm-composite");
assertNames(roles.realmLevel().listAvailable(), "realm-child", "admin", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION, "user", "customer-user-premium", "realm-composite-role", "sample-realm-role", "attribute-role", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
assertNames(roles.realmLevel().listEffective(), "realm-role", "realm-composite", "realm-child");
// List client roles
assertNames(roles.clientLevel(clientId).listAll(), "client-role", "client-composite");
assertNames(roles.clientLevel(clientId).listAvailable(), "client-role2", "client-child");
assertNames(roles.clientLevel(clientId).listEffective(), "client-role", "client-composite", "client-child");
// Get mapping representation
MappingsRepresentation all = roles.getAll();
assertNames(all.getRealmMappings(), "realm-role", "realm-composite");
assertEquals(1, all.getClientMappings().size());
assertNames(all.getClientMappings().get("myclient").getMappings(), "client-role", "client-composite");
// Remove realm role
RoleRepresentation realmRoleRep = realm.roles().get("realm-role").toRepresentation();
roles.realmLevel().remove(Collections.singletonList(realmRoleRep));
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), Collections.singletonList(realmRoleRep), ResourceType.REALM_ROLE_MAPPING);
assertNames(roles.realmLevel().listAll(), "realm-composite");
// Remove client role
RoleRepresentation clientRoleRep = realm.clients().get(clientId).roles().get("client-role").toRepresentation();
roles.clientLevel(clientId).remove(Collections.singletonList(clientRoleRep));
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRoleRep), ResourceType.CLIENT_ROLE_MAPPING);
assertNames(roles.clientLevel(clientId).listAll(), "client-composite");
}
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class GroupTest method searchAndCountGroups.
@Test
public void searchAndCountGroups() throws Exception {
String firstGroupId = "";
RealmResource realm = adminClient.realms().realm("test");
// Clean up all test groups
for (GroupRepresentation group : realm.groups().groups()) {
GroupResource resource = realm.groups().group(group.getId());
resource.remove();
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupPath(group.getId()), ResourceType.GROUP);
}
// Add 20 new groups with known names
for (int i = 0; i < 20; i++) {
GroupRepresentation group = new GroupRepresentation();
group.setName("group" + i);
group = createGroup(realm, group);
if (i == 0) {
firstGroupId = group.getId();
}
}
// Get groups by search and pagination
List<GroupRepresentation> allGroups = realm.groups().groups();
assertEquals(20, allGroups.size());
List<GroupRepresentation> slice = realm.groups().groups(5, 7);
assertEquals(7, slice.size());
List<GroupRepresentation> search = realm.groups().groups("group1", 0, 20);
assertEquals(11, search.size());
for (GroupRepresentation group : search) {
assertTrue(group.getName().contains("group1"));
}
List<GroupRepresentation> noResultSearch = realm.groups().groups("abcd", 0, 20);
assertEquals(0, noResultSearch.size());
// Count
assertEquals(new Long(allGroups.size()), realm.groups().count().get("count"));
assertEquals(new Long(search.size()), realm.groups().count("group1").get("count"));
assertEquals(new Long(noResultSearch.size()), realm.groups().count("abcd").get("count"));
// Add a subgroup for onlyTopLevel flag testing
GroupRepresentation level2Group = new GroupRepresentation();
level2Group.setName("group1111");
Response response = realm.groups().group(firstGroupId).subGroup(level2Group);
response.close();
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupSubgroupsPath(firstGroupId), level2Group, ResourceType.GROUP);
assertEquals(new Long(allGroups.size()), realm.groups().count(true).get("count"));
assertEquals(new Long(allGroups.size() + 1), realm.groups().count(false).get("count"));
// add another subgroup
GroupRepresentation level2Group2 = new GroupRepresentation();
level2Group2.setName("group111111");
realm.groups().group(firstGroupId).subGroup(level2Group2);
// search and count for group with string group11 -> return 2 top level group, group11 and group0 having subgroups group1111 and group111111
search = realm.groups().groups("group11", 0, 10);
assertEquals(2, search.size());
GroupRepresentation group0 = search.stream().filter(group -> "group0".equals(group.getName())).findAny().orElseGet(null);
assertNotNull(group0);
assertEquals(2, group0.getSubGroups().size());
assertThat(group0.getSubGroups().stream().map(GroupRepresentation::getName).collect(Collectors.toList()), Matchers.containsInAnyOrder("group1111", "group111111"));
assertEquals(new Long(search.size()), realm.groups().count("group11").get("count"));
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class GroupTest method adminEndpointAccessibleWhenAdminRoleAssignedToUser.
/**
* Verifies that the role assigned to a user is correctly handled by Keycloak Admin endpoint.
* @link https://issues.jboss.org/browse/KEYCLOAK-2964
*/
@Test
public void adminEndpointAccessibleWhenAdminRoleAssignedToUser() {
String userName = "user-" + UUID.randomUUID();
final String realmName = AuthRealm.MASTER;
RealmResource realm = adminClient.realms().realm(realmName);
RoleRepresentation adminRole = realm.roles().get(AdminRoles.ADMIN).toRepresentation();
assertThat(adminRole, notNullValue());
assertThat(adminRole.getId(), notNullValue());
String userId = createUser(realmName, userName, "pwd");
assertThat(userId, notNullValue());
RoleMappingResource mappings = realm.users().get(userId).roles();
mappings.realmLevel().add(Collections.singletonList(adminRole));
try (Keycloak userClient = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", realmName, userName, "pwd", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
assertThat(// Any admin operation will do
userClient.realms().findAll(), not(empty()));
}
}
Aggregations