Search in sources :

Example 91 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class RealmTest method createRealmWithPasswordPolicyFromJsonWithValidPasswords.

// KEYCLOAK-6146
@Test
public void createRealmWithPasswordPolicyFromJsonWithValidPasswords() {
    RealmRepresentation rep = loadJson(getClass().getResourceAsStream("/import/testrealm-keycloak-6146.json"), RealmRepresentation.class);
    try (Creator<RealmResource> c = Creator.create(adminClient, rep)) {
        RealmRepresentation created = c.resource().toRepresentation();
        assertRealm(rep, created);
    }
}
Also used : RealmResource(org.keycloak.admin.client.resource.RealmResource) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) Test(org.junit.Test)

Example 92 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class GroupTest method doNotAllowSameGroupNameAtSameLevelWhenUpdatingName.

@Test
public // KEYCLOAK-11412 Unintended Groups with same names
void doNotAllowSameGroupNameAtSameLevelWhenUpdatingName() throws Exception {
    RealmResource realm = adminClient.realms().realm("test");
    GroupRepresentation topGroup = new GroupRepresentation();
    topGroup.setName("top1");
    topGroup = createGroup(realm, topGroup);
    GroupRepresentation anotherTopGroup = new GroupRepresentation();
    anotherTopGroup.setName("top2");
    anotherTopGroup = createGroup(realm, anotherTopGroup);
    anotherTopGroup.setName("top1");
    try {
        realm.groups().group(anotherTopGroup.getId()).update(anotherTopGroup);
        Assert.fail("Expected ClientErrorException");
    } catch (ClientErrorException e) {
        // conflict status 409 - same name not allowed
        assertEquals("HTTP 409 Conflict", e.getMessage());
    }
    GroupRepresentation level2Group = new GroupRepresentation();
    level2Group.setName("level2-1");
    addSubGroup(realm, topGroup, level2Group);
    GroupRepresentation anotherlevel2Group = new GroupRepresentation();
    anotherlevel2Group.setName("level2-2");
    addSubGroup(realm, topGroup, anotherlevel2Group);
    anotherlevel2Group.setName("level2-1");
    try {
        realm.groups().group(anotherlevel2Group.getId()).update(anotherlevel2Group);
        Assert.fail("Expected ClientErrorException");
    } catch (ClientErrorException e) {
        // conflict status 409 - same name not allowed
        assertEquals("HTTP 409 Conflict", e.getMessage());
    }
}
Also used : GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) ClientErrorException(javax.ws.rs.ClientErrorException) Test(org.junit.Test)

Example 93 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class GroupTest method roleMappings.

@Test
public void roleMappings() {
    RealmResource realm = adminClient.realms().realm("test");
    createRealmRole(realm, RoleBuilder.create().name("realm-role").build());
    createRealmRole(realm, RoleBuilder.create().name("realm-composite").build());
    createRealmRole(realm, RoleBuilder.create().name("realm-child").build());
    realm.roles().get("realm-composite").addComposites(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
    try (Response response = realm.clients().create(ClientBuilder.create().clientId("myclient").build())) {
        String clientId = ApiUtil.getCreatedId(response);
        getCleanup().addClientUuid(clientId);
        realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-role").build());
        realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-role2").build());
        realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-composite").build());
        realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-child").build());
        realm.clients().get(clientId).roles().get("client-composite").addComposites(Collections.singletonList(realm.clients().get(clientId).roles().get("client-child").toRepresentation()));
        // Roles+clients tested elsewhere
        assertAdminEvents.clear();
        GroupRepresentation group = new GroupRepresentation();
        group.setName("group");
        String groupId = createGroup(realm, group).getId();
        RoleMappingResource roles = realm.groups().group(groupId).roles();
        assertEquals(0, roles.realmLevel().listAll().size());
        // Add realm roles
        List<RoleRepresentation> l = new LinkedList<>();
        l.add(realm.roles().get("realm-role").toRepresentation());
        l.add(realm.roles().get("realm-composite").toRepresentation());
        roles.realmLevel().add(l);
        assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), l, ResourceType.REALM_ROLE_MAPPING);
        // Add client roles
        RoleRepresentation clientRole = realm.clients().get(clientId).roles().get("client-role").toRepresentation();
        RoleRepresentation clientComposite = realm.clients().get(clientId).roles().get("client-composite").toRepresentation();
        roles.clientLevel(clientId).add(Collections.singletonList(clientRole));
        roles.clientLevel(clientId).add(Collections.singletonList(clientComposite));
        assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRole), ResourceType.CLIENT_ROLE_MAPPING);
        assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientComposite), ResourceType.CLIENT_ROLE_MAPPING);
        // List realm roles
        assertNames(roles.realmLevel().listAll(), "realm-role", "realm-composite");
        assertNames(roles.realmLevel().listAvailable(), "realm-child", "admin", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION, "user", "customer-user-premium", "realm-composite-role", "sample-realm-role", "attribute-role", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
        assertNames(roles.realmLevel().listEffective(), "realm-role", "realm-composite", "realm-child");
        // List client roles
        assertNames(roles.clientLevel(clientId).listAll(), "client-role", "client-composite");
        assertNames(roles.clientLevel(clientId).listAvailable(), "client-role2", "client-child");
        assertNames(roles.clientLevel(clientId).listEffective(), "client-role", "client-composite", "client-child");
        // Get mapping representation
        MappingsRepresentation all = roles.getAll();
        assertNames(all.getRealmMappings(), "realm-role", "realm-composite");
        assertEquals(1, all.getClientMappings().size());
        assertNames(all.getClientMappings().get("myclient").getMappings(), "client-role", "client-composite");
        // Remove realm role
        RoleRepresentation realmRoleRep = realm.roles().get("realm-role").toRepresentation();
        roles.realmLevel().remove(Collections.singletonList(realmRoleRep));
        assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), Collections.singletonList(realmRoleRep), ResourceType.REALM_ROLE_MAPPING);
        assertNames(roles.realmLevel().listAll(), "realm-composite");
        // Remove client role
        RoleRepresentation clientRoleRep = realm.clients().get(clientId).roles().get("client-role").toRepresentation();
        roles.clientLevel(clientId).remove(Collections.singletonList(clientRoleRep));
        assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRoleRep), ResourceType.CLIENT_ROLE_MAPPING);
        assertNames(roles.clientLevel(clientId).listAll(), "client-composite");
    }
}
Also used : Response(javax.ws.rs.core.Response) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) MappingsRepresentation(org.keycloak.representations.idm.MappingsRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) RoleMappingResource(org.keycloak.admin.client.resource.RoleMappingResource) LinkedList(java.util.LinkedList) Test(org.junit.Test)

Example 94 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class GroupTest method searchAndCountGroups.

@Test
public void searchAndCountGroups() throws Exception {
    String firstGroupId = "";
    RealmResource realm = adminClient.realms().realm("test");
    // Clean up all test groups
    for (GroupRepresentation group : realm.groups().groups()) {
        GroupResource resource = realm.groups().group(group.getId());
        resource.remove();
        assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupPath(group.getId()), ResourceType.GROUP);
    }
    // Add 20 new groups with known names
    for (int i = 0; i < 20; i++) {
        GroupRepresentation group = new GroupRepresentation();
        group.setName("group" + i);
        group = createGroup(realm, group);
        if (i == 0) {
            firstGroupId = group.getId();
        }
    }
    // Get groups by search and pagination
    List<GroupRepresentation> allGroups = realm.groups().groups();
    assertEquals(20, allGroups.size());
    List<GroupRepresentation> slice = realm.groups().groups(5, 7);
    assertEquals(7, slice.size());
    List<GroupRepresentation> search = realm.groups().groups("group1", 0, 20);
    assertEquals(11, search.size());
    for (GroupRepresentation group : search) {
        assertTrue(group.getName().contains("group1"));
    }
    List<GroupRepresentation> noResultSearch = realm.groups().groups("abcd", 0, 20);
    assertEquals(0, noResultSearch.size());
    // Count
    assertEquals(new Long(allGroups.size()), realm.groups().count().get("count"));
    assertEquals(new Long(search.size()), realm.groups().count("group1").get("count"));
    assertEquals(new Long(noResultSearch.size()), realm.groups().count("abcd").get("count"));
    // Add a subgroup for onlyTopLevel flag testing
    GroupRepresentation level2Group = new GroupRepresentation();
    level2Group.setName("group1111");
    Response response = realm.groups().group(firstGroupId).subGroup(level2Group);
    response.close();
    assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupSubgroupsPath(firstGroupId), level2Group, ResourceType.GROUP);
    assertEquals(new Long(allGroups.size()), realm.groups().count(true).get("count"));
    assertEquals(new Long(allGroups.size() + 1), realm.groups().count(false).get("count"));
    // add another subgroup
    GroupRepresentation level2Group2 = new GroupRepresentation();
    level2Group2.setName("group111111");
    realm.groups().group(firstGroupId).subGroup(level2Group2);
    // search and count for group with string group11 -> return 2 top level group, group11 and group0 having subgroups group1111 and group111111
    search = realm.groups().groups("group11", 0, 10);
    assertEquals(2, search.size());
    GroupRepresentation group0 = search.stream().filter(group -> "group0".equals(group.getName())).findAny().orElseGet(null);
    assertNotNull(group0);
    assertEquals(2, group0.getSubGroups().size());
    assertThat(group0.getSubGroups().stream().map(GroupRepresentation::getName).collect(Collectors.toList()), Matchers.containsInAnyOrder("group1111", "group111111"));
    assertEquals(new Long(search.size()), realm.groups().count("group11").get("count"));
}
Also used : Response(javax.ws.rs.core.Response) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) GroupResource(org.keycloak.admin.client.resource.GroupResource) Test(org.junit.Test)

Example 95 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class GroupTest method adminEndpointAccessibleWhenAdminRoleAssignedToUser.

/**
 * Verifies that the role assigned to a user is correctly handled by Keycloak Admin endpoint.
 * @link https://issues.jboss.org/browse/KEYCLOAK-2964
 */
@Test
public void adminEndpointAccessibleWhenAdminRoleAssignedToUser() {
    String userName = "user-" + UUID.randomUUID();
    final String realmName = AuthRealm.MASTER;
    RealmResource realm = adminClient.realms().realm(realmName);
    RoleRepresentation adminRole = realm.roles().get(AdminRoles.ADMIN).toRepresentation();
    assertThat(adminRole, notNullValue());
    assertThat(adminRole.getId(), notNullValue());
    String userId = createUser(realmName, userName, "pwd");
    assertThat(userId, notNullValue());
    RoleMappingResource mappings = realm.users().get(userId).roles();
    mappings.realmLevel().add(Collections.singletonList(adminRole));
    try (Keycloak userClient = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", realmName, userName, "pwd", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        assertThat(// Any admin operation will do
        userClient.realms().findAll(), not(empty()));
    }
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) Keycloak(org.keycloak.admin.client.Keycloak) RoleMappingResource(org.keycloak.admin.client.resource.RoleMappingResource) Test(org.junit.Test)

Aggregations

RealmResource (org.keycloak.admin.client.resource.RealmResource)263 Test (org.junit.Test)190 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)67 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)61 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)58 Response (javax.ws.rs.core.Response)55 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)48 ClientResource (org.keycloak.admin.client.resource.ClientResource)39 OAuthClient (org.keycloak.testsuite.util.OAuthClient)37 GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)36 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)34 Before (org.junit.Before)31 UserResource (org.keycloak.admin.client.resource.UserResource)30 IdentityProviderRepresentation (org.keycloak.representations.idm.IdentityProviderRepresentation)25 List (java.util.List)19 LinkedList (java.util.LinkedList)16 ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)16 VerifyProfileTest (org.keycloak.testsuite.forms.VerifyProfileTest)14 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)13 AccessToken (org.keycloak.representations.AccessToken)12