Search in sources :

Example 36 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class ManagementPermissionsTest method updateClientRolePermissions.

@Test
public void updateClientRolePermissions() {
    RealmResource realmResource = adminClient.realms().realm("test");
    ClientRepresentation clientRepresentation = new ClientRepresentation();
    clientRepresentation.setName("perm-client-test");
    Response response = realmResource.clients().create(clientRepresentation);
    String id = ApiUtil.getCreatedId(response);
    ClientResource clientResource = realmResource.clients().get(id);
    RoleRepresentation roleRepresentation = new RoleRepresentation();
    roleRepresentation.setName("perm-client-role-test");
    clientResource.roles().create(roleRepresentation);
    RoleResource roleResource = clientResource.roles().get("perm-client-role-test");
    ManagementPermissionReference result = roleResource.setPermissions(new ManagementPermissionRepresentation(true));
    assertNotNull(result);
    assertTrue(result.isEnabled());
    result = roleResource.getPermissions();
    assertNotNull(result);
    assertTrue(result.isEnabled());
    result = roleResource.setPermissions(new ManagementPermissionRepresentation(false));
    assertNotNull(result);
    assertFalse(result.isEnabled());
    result = roleResource.getPermissions();
    assertNotNull(result);
    assertFalse(result.isEnabled());
    result = roleResource.setPermissions(new ManagementPermissionRepresentation(true));
    assertNotNull(result);
    assertTrue(result.isEnabled());
    result = roleResource.getPermissions();
    assertNotNull(result);
    assertTrue(result.isEnabled());
    result = roleResource.setPermissions(new ManagementPermissionRepresentation(true));
    assertNotNull(result);
    assertTrue(result.isEnabled());
    result = roleResource.getPermissions();
    assertNotNull(result);
    assertTrue(result.isEnabled());
    result = roleResource.setPermissions(new ManagementPermissionRepresentation(false));
    assertNotNull(result);
    assertFalse(result.isEnabled());
    result = roleResource.getPermissions();
    assertNotNull(result);
    assertFalse(result.isEnabled());
    result = roleResource.setPermissions(new ManagementPermissionRepresentation(false));
    assertNotNull(result);
    assertFalse(result.isEnabled());
    result = roleResource.getPermissions();
    assertNotNull(result);
    assertFalse(result.isEnabled());
}
Also used : Response(javax.ws.rs.core.Response) RealmResource(org.keycloak.admin.client.resource.RealmResource) RoleResource(org.keycloak.admin.client.resource.RoleResource) ClientResource(org.keycloak.admin.client.resource.ClientResource) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 37 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class UserTest method rolesCanBeAssignedEvenWhenTheyAreAlreadyIndirectlyAssigned.

/**
 * Test for KEYCLOAK-10603.
 */
@Test
public void rolesCanBeAssignedEvenWhenTheyAreAlreadyIndirectlyAssigned() {
    RealmResource realm = adminClient.realms().realm("test");
    RoleRepresentation realmCompositeRole = RoleBuilder.create().name("realm-composite").build();
    realm.roles().create(realmCompositeRole);
    realm.roles().create(RoleBuilder.create().name("realm-child").build());
    realm.roles().get("realm-composite").addComposites(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
    realm.roles().create(RoleBuilder.create().name("realm-role-in-group").build());
    Response response = realm.clients().create(ClientBuilder.create().clientId("myclient").build());
    String clientUuid = ApiUtil.getCreatedId(response);
    response.close();
    RoleRepresentation clientCompositeRole = RoleBuilder.create().name("client-composite").build();
    realm.clients().get(clientUuid).roles().create(clientCompositeRole);
    realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-child").build());
    realm.clients().get(clientUuid).roles().get("client-composite").addComposites(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-child").toRepresentation()));
    realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-role-in-group").build());
    GroupRepresentation group = GroupBuilder.create().name("mygroup").build();
    response = realm.groups().add(group);
    String groupId = ApiUtil.getCreatedId(response);
    response.close();
    response = realm.users().create(UserBuilder.create().username("myuser").build());
    String userId = ApiUtil.getCreatedId(response);
    response.close();
    // Make indirect assignments
    // .. add roles to the group and add it to the user
    realm.groups().group(groupId).roles().realmLevel().add(Collections.singletonList(realm.roles().get("realm-role-in-group").toRepresentation()));
    realm.groups().group(groupId).roles().clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-role-in-group").toRepresentation()));
    realm.users().get(userId).joinGroup(groupId);
    // .. assign composite roles
    RoleMappingResource userRoles = realm.users().get(userId).roles();
    userRoles.realmLevel().add(Collections.singletonList(realm.roles().get("realm-composite").toRepresentation()));
    userRoles.clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-composite").toRepresentation()));
    // check state before making the direct assignments
    assertNames(userRoles.realmLevel().listAll(), "realm-composite", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
    assertNames(userRoles.realmLevel().listAvailable(), "realm-child", "realm-role-in-group", "admin", "customer-user-premium", "realm-composite-role", "sample-realm-role", "attribute-role", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION);
    assertNames(userRoles.realmLevel().listEffective(), "realm-composite", "realm-child", "realm-role-in-group", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
    assertNames(userRoles.clientLevel(clientUuid).listAll(), "client-composite");
    assertNames(userRoles.clientLevel(clientUuid).listAvailable(), "client-child", "client-role-in-group");
    assertNames(userRoles.clientLevel(clientUuid).listEffective(), "client-composite", "client-child", "client-role-in-group");
    // Make direct assignments for roles which are already indirectly assigned
    userRoles.realmLevel().add(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
    userRoles.realmLevel().add(Collections.singletonList(realm.roles().get("realm-role-in-group").toRepresentation()));
    userRoles.clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-child").toRepresentation()));
    userRoles.clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-role-in-group").toRepresentation()));
    // List realm roles
    assertNames(userRoles.realmLevel().listAll(), "realm-composite", "realm-child", "realm-role-in-group", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
    assertNames(userRoles.realmLevel().listAvailable(), "admin", "customer-user-premium", "realm-composite-role", "sample-realm-role", "attribute-role", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION);
    assertNames(userRoles.realmLevel().listEffective(), "realm-composite", "realm-child", "realm-role-in-group", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
    // List client roles
    assertNames(userRoles.clientLevel(clientUuid).listAll(), "client-composite", "client-child", "client-role-in-group");
    assertNames(userRoles.clientLevel(clientUuid).listAvailable());
    assertNames(userRoles.clientLevel(clientUuid).listEffective(), "client-composite", "client-child", "client-role-in-group");
    // Get mapping representation
    MappingsRepresentation all = userRoles.getAll();
    assertNames(all.getRealmMappings(), "realm-composite", "realm-child", "realm-role-in-group", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
    assertEquals(1, all.getClientMappings().size());
    assertNames(all.getClientMappings().get("myclient").getMappings(), "client-composite", "client-child", "client-role-in-group");
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) Response(javax.ws.rs.core.Response) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) MappingsRepresentation(org.keycloak.representations.idm.MappingsRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) RoleMappingResource(org.keycloak.admin.client.resource.RoleMappingResource) Test(org.junit.Test)

Example 38 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class UsersTest method setupTestEnvironmentWithPermissions.

private RealmResource setupTestEnvironmentWithPermissions(boolean grp1ViewPermissions) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
    String testUserId = createUser(realmId, "test-user", "password", "", "", "");
    // assign 'query-users' role to test user
    ClientRepresentation clientRepresentation = realm.clients().findByClientId("realm-management").get(0);
    String realmManagementId = clientRepresentation.getId();
    RoleRepresentation roleRepresentation = realm.clients().get(realmManagementId).roles().get("query-users").toRepresentation();
    realm.users().get(testUserId).roles().clientLevel(realmManagementId).add(Collections.singletonList(roleRepresentation));
    // create test users and groups
    List<GroupRepresentation> groups = setupUsersInGroupsWithPermissions();
    if (grp1ViewPermissions) {
        AuthorizationResource authorizationResource = realm.clients().get(realmManagementId).authorization();
        // create a user policy for the test user
        UserPolicyRepresentation policy = new UserPolicyRepresentation();
        String policyName = "test-policy";
        policy.setName(policyName);
        policy.setUsers(Collections.singleton(testUserId));
        authorizationResource.policies().user().create(policy).close();
        PolicyRepresentation policyRepresentation = authorizationResource.policies().findByName(policyName);
        // add the policy to grp1
        Optional<GroupRepresentation> optional = groups.stream().filter(g -> g.getName().equals("grp1")).findFirst();
        assertThat(optional.isPresent(), is(true));
        GroupRepresentation grp1 = optional.get();
        ScopePermissionRepresentation scopePermissionRepresentation = authorizationResource.permissions().scope().findByName("view.members.permission.group." + grp1.getId());
        scopePermissionRepresentation.setPolicies(Collections.singleton(policyRepresentation.getId()));
        scopePermissionRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
        authorizationResource.permissions().scope().findById(scopePermissionRepresentation.getId()).update(scopePermissionRepresentation);
    }
    Keycloak testUserClient = AdminClientUtil.createAdminClient(true, realm.toRepresentation().getRealm(), "test-user", "password", "admin-cli", "");
    return testUserClient.realm(realm.toRepresentation().getRealm());
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) CoreMatchers.is(org.hamcrest.CoreMatchers.is) Profile(org.keycloak.common.Profile) Matchers.not(org.hamcrest.Matchers.not) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) KeyStoreException(java.security.KeyStoreException) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ArrayList(java.util.ArrayList) ManagementPermissionRepresentation(org.keycloak.representations.idm.ManagementPermissionRepresentation) AdminClientUtil(org.keycloak.testsuite.util.AdminClientUtil) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ProfileAssume(org.keycloak.testsuite.ProfileAssume) Before(org.junit.Before) Matchers.empty(org.hamcrest.Matchers.empty) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation) Test(org.junit.Test) IOException(java.io.IOException) DecisionStrategy(org.keycloak.representations.idm.authorization.DecisionStrategy) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) Keycloak(org.keycloak.admin.client.Keycloak) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) List(java.util.List) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Optional(java.util.Optional) Collections(java.util.Collections) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) Keycloak(org.keycloak.admin.client.Keycloak) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)

Example 39 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class UsersTest method countUsersByFiltersWithGroupViewPermission.

@Test
public void countUsersByFiltersWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
    ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
    RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true);
    // search username
    assertThat(testRealmResource.users().count(null, null, null, "user"), is(3));
    assertThat(testRealmResource.users().count(null, null, null, "user1"), is(1));
    assertThat(testRealmResource.users().count(null, null, null, "notExisting"), is(0));
    assertThat(testRealmResource.users().count(null, null, null, ""), is(3));
    // search first name
    assertThat(testRealmResource.users().count(null, "FirstName", null, null), is(3));
    assertThat(testRealmResource.users().count(null, "user2FirstName", null, null), is(1));
    assertThat(testRealmResource.users().count(null, "notExisting", null, null), is(0));
    assertThat(testRealmResource.users().count(null, "", null, null), is(3));
    // search last name
    assertThat(testRealmResource.users().count("LastName", null, null, null), is(3));
    assertThat(testRealmResource.users().count("user2LastName", null, null, null), is(1));
    assertThat(testRealmResource.users().count("notExisting", null, null, null), is(0));
    assertThat(testRealmResource.users().count("", null, null, null), is(3));
    // search in email
    assertThat(testRealmResource.users().count(null, null, "@example.com", null), is(3));
    assertThat(testRealmResource.users().count(null, null, "user1@example.com", null), is(1));
    assertThat(testRealmResource.users().count(null, null, "user1@test.com", null), is(0));
    assertThat(testRealmResource.users().count(null, null, "", null), is(3));
    // search for combinations
    assertThat(testRealmResource.users().count("LastName", "FirstName", null, null), is(3));
    assertThat(testRealmResource.users().count("user1LastName", "FirstName", null, null), is(1));
    assertThat(testRealmResource.users().count("user1LastName", "", null, null), is(1));
    assertThat(testRealmResource.users().count("LastName", "", null, null), is(3));
    assertThat(testRealmResource.users().count("LastName", "", null, null), is(3));
    assertThat(testRealmResource.users().count(null, null, "@example.com", "user"), is(3));
    // search not specified (defaults to simply /count)
    assertThat(testRealmResource.users().count(null, null, null, null), is(3));
    assertThat(testRealmResource.users().count("", "", "", ""), is(3));
}
Also used : RealmResource(org.keycloak.admin.client.resource.RealmResource) Test(org.junit.Test)

Example 40 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class UsersTest method countUsersWithNoViewPermission.

@Test
public void countUsersWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
    ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
    RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false);
    assertThat(testRealmResource.users().count(), is(0));
}
Also used : RealmResource(org.keycloak.admin.client.resource.RealmResource) Test(org.junit.Test)

Aggregations

RealmResource (org.keycloak.admin.client.resource.RealmResource)263 Test (org.junit.Test)190 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)67 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)61 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)58 Response (javax.ws.rs.core.Response)55 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)48 ClientResource (org.keycloak.admin.client.resource.ClientResource)39 OAuthClient (org.keycloak.testsuite.util.OAuthClient)37 GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)36 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)34 Before (org.junit.Before)31 UserResource (org.keycloak.admin.client.resource.UserResource)30 IdentityProviderRepresentation (org.keycloak.representations.idm.IdentityProviderRepresentation)25 List (java.util.List)19 LinkedList (java.util.LinkedList)16 ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)16 VerifyProfileTest (org.keycloak.testsuite.forms.VerifyProfileTest)14 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)13 AccessToken (org.keycloak.representations.AccessToken)12