use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class ManagementPermissionsTest method updateClientRolePermissions.
@Test
public void updateClientRolePermissions() {
RealmResource realmResource = adminClient.realms().realm("test");
ClientRepresentation clientRepresentation = new ClientRepresentation();
clientRepresentation.setName("perm-client-test");
Response response = realmResource.clients().create(clientRepresentation);
String id = ApiUtil.getCreatedId(response);
ClientResource clientResource = realmResource.clients().get(id);
RoleRepresentation roleRepresentation = new RoleRepresentation();
roleRepresentation.setName("perm-client-role-test");
clientResource.roles().create(roleRepresentation);
RoleResource roleResource = clientResource.roles().get("perm-client-role-test");
ManagementPermissionReference result = roleResource.setPermissions(new ManagementPermissionRepresentation(true));
assertNotNull(result);
assertTrue(result.isEnabled());
result = roleResource.getPermissions();
assertNotNull(result);
assertTrue(result.isEnabled());
result = roleResource.setPermissions(new ManagementPermissionRepresentation(false));
assertNotNull(result);
assertFalse(result.isEnabled());
result = roleResource.getPermissions();
assertNotNull(result);
assertFalse(result.isEnabled());
result = roleResource.setPermissions(new ManagementPermissionRepresentation(true));
assertNotNull(result);
assertTrue(result.isEnabled());
result = roleResource.getPermissions();
assertNotNull(result);
assertTrue(result.isEnabled());
result = roleResource.setPermissions(new ManagementPermissionRepresentation(true));
assertNotNull(result);
assertTrue(result.isEnabled());
result = roleResource.getPermissions();
assertNotNull(result);
assertTrue(result.isEnabled());
result = roleResource.setPermissions(new ManagementPermissionRepresentation(false));
assertNotNull(result);
assertFalse(result.isEnabled());
result = roleResource.getPermissions();
assertNotNull(result);
assertFalse(result.isEnabled());
result = roleResource.setPermissions(new ManagementPermissionRepresentation(false));
assertNotNull(result);
assertFalse(result.isEnabled());
result = roleResource.getPermissions();
assertNotNull(result);
assertFalse(result.isEnabled());
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class UserTest method rolesCanBeAssignedEvenWhenTheyAreAlreadyIndirectlyAssigned.
/**
* Test for KEYCLOAK-10603.
*/
@Test
public void rolesCanBeAssignedEvenWhenTheyAreAlreadyIndirectlyAssigned() {
RealmResource realm = adminClient.realms().realm("test");
RoleRepresentation realmCompositeRole = RoleBuilder.create().name("realm-composite").build();
realm.roles().create(realmCompositeRole);
realm.roles().create(RoleBuilder.create().name("realm-child").build());
realm.roles().get("realm-composite").addComposites(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
realm.roles().create(RoleBuilder.create().name("realm-role-in-group").build());
Response response = realm.clients().create(ClientBuilder.create().clientId("myclient").build());
String clientUuid = ApiUtil.getCreatedId(response);
response.close();
RoleRepresentation clientCompositeRole = RoleBuilder.create().name("client-composite").build();
realm.clients().get(clientUuid).roles().create(clientCompositeRole);
realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-child").build());
realm.clients().get(clientUuid).roles().get("client-composite").addComposites(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-child").toRepresentation()));
realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-role-in-group").build());
GroupRepresentation group = GroupBuilder.create().name("mygroup").build();
response = realm.groups().add(group);
String groupId = ApiUtil.getCreatedId(response);
response.close();
response = realm.users().create(UserBuilder.create().username("myuser").build());
String userId = ApiUtil.getCreatedId(response);
response.close();
// Make indirect assignments
// .. add roles to the group and add it to the user
realm.groups().group(groupId).roles().realmLevel().add(Collections.singletonList(realm.roles().get("realm-role-in-group").toRepresentation()));
realm.groups().group(groupId).roles().clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-role-in-group").toRepresentation()));
realm.users().get(userId).joinGroup(groupId);
// .. assign composite roles
RoleMappingResource userRoles = realm.users().get(userId).roles();
userRoles.realmLevel().add(Collections.singletonList(realm.roles().get("realm-composite").toRepresentation()));
userRoles.clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-composite").toRepresentation()));
// check state before making the direct assignments
assertNames(userRoles.realmLevel().listAll(), "realm-composite", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
assertNames(userRoles.realmLevel().listAvailable(), "realm-child", "realm-role-in-group", "admin", "customer-user-premium", "realm-composite-role", "sample-realm-role", "attribute-role", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION);
assertNames(userRoles.realmLevel().listEffective(), "realm-composite", "realm-child", "realm-role-in-group", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
assertNames(userRoles.clientLevel(clientUuid).listAll(), "client-composite");
assertNames(userRoles.clientLevel(clientUuid).listAvailable(), "client-child", "client-role-in-group");
assertNames(userRoles.clientLevel(clientUuid).listEffective(), "client-composite", "client-child", "client-role-in-group");
// Make direct assignments for roles which are already indirectly assigned
userRoles.realmLevel().add(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
userRoles.realmLevel().add(Collections.singletonList(realm.roles().get("realm-role-in-group").toRepresentation()));
userRoles.clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-child").toRepresentation()));
userRoles.clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-role-in-group").toRepresentation()));
// List realm roles
assertNames(userRoles.realmLevel().listAll(), "realm-composite", "realm-child", "realm-role-in-group", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
assertNames(userRoles.realmLevel().listAvailable(), "admin", "customer-user-premium", "realm-composite-role", "sample-realm-role", "attribute-role", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION);
assertNames(userRoles.realmLevel().listEffective(), "realm-composite", "realm-child", "realm-role-in-group", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
// List client roles
assertNames(userRoles.clientLevel(clientUuid).listAll(), "client-composite", "client-child", "client-role-in-group");
assertNames(userRoles.clientLevel(clientUuid).listAvailable());
assertNames(userRoles.clientLevel(clientUuid).listEffective(), "client-composite", "client-child", "client-role-in-group");
// Get mapping representation
MappingsRepresentation all = userRoles.getAll();
assertNames(all.getRealmMappings(), "realm-composite", "realm-child", "realm-role-in-group", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
assertEquals(1, all.getClientMappings().size());
assertNames(all.getClientMappings().get("myclient").getMappings(), "client-composite", "client-child", "client-role-in-group");
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class UsersTest method setupTestEnvironmentWithPermissions.
private RealmResource setupTestEnvironmentWithPermissions(boolean grp1ViewPermissions) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
String testUserId = createUser(realmId, "test-user", "password", "", "", "");
// assign 'query-users' role to test user
ClientRepresentation clientRepresentation = realm.clients().findByClientId("realm-management").get(0);
String realmManagementId = clientRepresentation.getId();
RoleRepresentation roleRepresentation = realm.clients().get(realmManagementId).roles().get("query-users").toRepresentation();
realm.users().get(testUserId).roles().clientLevel(realmManagementId).add(Collections.singletonList(roleRepresentation));
// create test users and groups
List<GroupRepresentation> groups = setupUsersInGroupsWithPermissions();
if (grp1ViewPermissions) {
AuthorizationResource authorizationResource = realm.clients().get(realmManagementId).authorization();
// create a user policy for the test user
UserPolicyRepresentation policy = new UserPolicyRepresentation();
String policyName = "test-policy";
policy.setName(policyName);
policy.setUsers(Collections.singleton(testUserId));
authorizationResource.policies().user().create(policy).close();
PolicyRepresentation policyRepresentation = authorizationResource.policies().findByName(policyName);
// add the policy to grp1
Optional<GroupRepresentation> optional = groups.stream().filter(g -> g.getName().equals("grp1")).findFirst();
assertThat(optional.isPresent(), is(true));
GroupRepresentation grp1 = optional.get();
ScopePermissionRepresentation scopePermissionRepresentation = authorizationResource.permissions().scope().findByName("view.members.permission.group." + grp1.getId());
scopePermissionRepresentation.setPolicies(Collections.singleton(policyRepresentation.getId()));
scopePermissionRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
authorizationResource.permissions().scope().findById(scopePermissionRepresentation.getId()).update(scopePermissionRepresentation);
}
Keycloak testUserClient = AdminClientUtil.createAdminClient(true, realm.toRepresentation().getRealm(), "test-user", "password", "admin-cli", "");
return testUserClient.realm(realm.toRepresentation().getRealm());
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class UsersTest method countUsersByFiltersWithGroupViewPermission.
@Test
public void countUsersByFiltersWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true);
// search username
assertThat(testRealmResource.users().count(null, null, null, "user"), is(3));
assertThat(testRealmResource.users().count(null, null, null, "user1"), is(1));
assertThat(testRealmResource.users().count(null, null, null, "notExisting"), is(0));
assertThat(testRealmResource.users().count(null, null, null, ""), is(3));
// search first name
assertThat(testRealmResource.users().count(null, "FirstName", null, null), is(3));
assertThat(testRealmResource.users().count(null, "user2FirstName", null, null), is(1));
assertThat(testRealmResource.users().count(null, "notExisting", null, null), is(0));
assertThat(testRealmResource.users().count(null, "", null, null), is(3));
// search last name
assertThat(testRealmResource.users().count("LastName", null, null, null), is(3));
assertThat(testRealmResource.users().count("user2LastName", null, null, null), is(1));
assertThat(testRealmResource.users().count("notExisting", null, null, null), is(0));
assertThat(testRealmResource.users().count("", null, null, null), is(3));
// search in email
assertThat(testRealmResource.users().count(null, null, "@example.com", null), is(3));
assertThat(testRealmResource.users().count(null, null, "user1@example.com", null), is(1));
assertThat(testRealmResource.users().count(null, null, "user1@test.com", null), is(0));
assertThat(testRealmResource.users().count(null, null, "", null), is(3));
// search for combinations
assertThat(testRealmResource.users().count("LastName", "FirstName", null, null), is(3));
assertThat(testRealmResource.users().count("user1LastName", "FirstName", null, null), is(1));
assertThat(testRealmResource.users().count("user1LastName", "", null, null), is(1));
assertThat(testRealmResource.users().count("LastName", "", null, null), is(3));
assertThat(testRealmResource.users().count("LastName", "", null, null), is(3));
assertThat(testRealmResource.users().count(null, null, "@example.com", "user"), is(3));
// search not specified (defaults to simply /count)
assertThat(testRealmResource.users().count(null, null, null, null), is(3));
assertThat(testRealmResource.users().count("", "", "", ""), is(3));
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class UsersTest method countUsersWithNoViewPermission.
@Test
public void countUsersWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false);
assertThat(testRealmResource.users().count(), is(0));
}
Aggregations