Examples with RoleMappingResource org.keycloak.admin.client.resource.RoleMappingResource used on opensource projects

Search in sources :

Example 11 with RoleMappingResource

use of org.keycloak.admin.client.resource.RoleMappingResource in project keycloak by keycloak.

the class ClientTest method scopes.

@Test
public void scopes() {
    Response response = realm.clients().create(ClientBuilder.create().clientId("client").fullScopeEnabled(false).build());
    String id = ApiUtil.getCreatedId(response);
    getCleanup().addClientUuid(id);
    response.close();
    assertAdminEvents.poll();
    RoleMappingResource scopesResource = realm.clients().get(id).getScopeMappings();
    RoleRepresentation roleRep1 = createRealmRole("realm-composite");
    RoleRepresentation roleRep2 = createRealmRole("realm-child");
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("realm-composite"), roleRep1, ResourceType.REALM_ROLE);
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("realm-child"), roleRep2, ResourceType.REALM_ROLE);
    roleRep1 = realm.roles().get("realm-composite").toRepresentation();
    roleRep2 = realm.roles().get("realm-child").toRepresentation();
    realm.roles().get("realm-composite").addComposites(Collections.singletonList(roleRep2));
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("realm-composite"), Collections.singletonList(roleRep2), ResourceType.REALM_ROLE);
    String accountMgmtId = realm.clients().findByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).get(0).getId();
    RoleRepresentation viewAccountRoleRep = realm.clients().get(accountMgmtId).roles().get(AccountRoles.VIEW_PROFILE).toRepresentation();
    scopesResource.realmLevel().add(Collections.singletonList(roleRep1));
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id), Collections.singletonList(roleRep1), ResourceType.REALM_SCOPE_MAPPING);
    scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep));
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING);
    Assert.assertNames(scopesResource.realmLevel().listAll(), "realm-composite");
    Assert.assertNames(scopesResource.realmLevel().listEffective(), "realm-composite", "realm-child");
    Assert.assertNames(scopesResource.realmLevel().listAvailable(), "realm-child", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + REALM_NAME);
    Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAll(), AccountRoles.VIEW_PROFILE);
    Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listEffective(), AccountRoles.VIEW_PROFILE);
    Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAvailable(), AccountRoles.MANAGE_ACCOUNT, AccountRoles.MANAGE_ACCOUNT_LINKS, AccountRoles.VIEW_APPLICATIONS, AccountRoles.VIEW_CONSENT, AccountRoles.MANAGE_CONSENT, AccountRoles.DELETE_ACCOUNT);
    Assert.assertNames(scopesResource.getAll().getRealmMappings(), "realm-composite");
    Assert.assertNames(scopesResource.getAll().getClientMappings().get(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getMappings(), AccountRoles.VIEW_PROFILE);
    scopesResource.realmLevel().remove(Collections.singletonList(roleRep1));
    assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id), Collections.singletonList(roleRep1), ResourceType.REALM_SCOPE_MAPPING);
    scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep));
    assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING);
    Assert.assertNames(scopesResource.realmLevel().listAll());
    Assert.assertNames(scopesResource.realmLevel().listEffective());
    Assert.assertNames(scopesResource.realmLevel().listAvailable(), "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION, "realm-composite", "realm-child", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + REALM_NAME);
    Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAll());
    Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAvailable(), AccountRoles.VIEW_PROFILE, AccountRoles.MANAGE_ACCOUNT, AccountRoles.MANAGE_ACCOUNT_LINKS, AccountRoles.VIEW_APPLICATIONS, AccountRoles.VIEW_CONSENT, AccountRoles.MANAGE_CONSENT, AccountRoles.DELETE_ACCOUNT);
    Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listEffective());
}
Also used : AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) Response(javax.ws.rs.core.Response) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RoleMappingResource(org.keycloak.admin.client.resource.RoleMappingResource) Test(org.junit.Test)

Example 12 with RoleMappingResource

use of org.keycloak.admin.client.resource.RoleMappingResource in project keycloak by keycloak.

the class ClientTest method scopesRoleRemoval.

@Test
public void scopesRoleRemoval() {
    // clientA to test scope mappins
    Response response = realm.clients().create(ClientBuilder.create().clientId("clientA").fullScopeEnabled(false).build());
    String idA = ApiUtil.getCreatedId(response);
    getCleanup().addClientUuid(idA);
    response.close();
    assertAdminEvents.poll();
    // clientB to create a client role for clientA
    response = realm.clients().create(ClientBuilder.create().clientId("clientB").fullScopeEnabled(false).build());
    String idB = ApiUtil.getCreatedId(response);
    getCleanup().addClientUuid(idB);
    response.close();
    assertAdminEvents.poll();
    RoleMappingResource scopesResource = realm.clients().get(idA).getScopeMappings();
    // create a realm role and a role in clientB
    RoleRepresentation realmRoleRep = createRealmRole("realm-role");
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(realmRoleRep.getName()), realmRoleRep, ResourceType.REALM_ROLE);
    RoleRepresentation clientBRoleRep = RoleBuilder.create().name("clientB-role").build();
    realm.clients().get(idB).roles().create(clientBRoleRep);
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(idB, clientBRoleRep.getName()), clientBRoleRep, ResourceType.CLIENT_ROLE);
    // assing to clientA both roles to the scope mappings
    realmRoleRep = realm.roles().get(realmRoleRep.getName()).toRepresentation();
    clientBRoleRep = realm.clients().get(idB).roles().get(clientBRoleRep.getName()).toRepresentation();
    scopesResource.realmLevel().add(Collections.singletonList(realmRoleRep));
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsRealmLevelPath(idA), Collections.singletonList(realmRoleRep), ResourceType.REALM_SCOPE_MAPPING);
    scopesResource.clientLevel(idB).add(Collections.singletonList(clientBRoleRep));
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsClientLevelPath(idA, idB), Collections.singletonList(clientBRoleRep), ResourceType.CLIENT_SCOPE_MAPPING);
    // assert the roles are there
    Assert.assertNames(scopesResource.realmLevel().listAll(), realmRoleRep.getName());
    Assert.assertNames(scopesResource.clientLevel(idB).listAll(), clientBRoleRep.getName());
    // delete realm role and check everything is refreshed ok
    realm.roles().deleteRole(realmRoleRep.getName());
    assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourcePath(realmRoleRep.getName()), ResourceType.REALM_ROLE);
    Assert.assertNames(scopesResource.realmLevel().listAll());
    Assert.assertNames(scopesResource.clientLevel(idB).listAll(), clientBRoleRep.getName());
    // delete client role and check everything is refreshed ok
    realm.clients().get(idB).roles().deleteRole(clientBRoleRep.getName());
    assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientRoleResourcePath(idB, clientBRoleRep.getName()), ResourceType.CLIENT_ROLE);
    Assert.assertNames(scopesResource.realmLevel().listAll());
    Assert.assertNames(scopesResource.clientLevel(idB).listAll());
}
Also used : AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) Response(javax.ws.rs.core.Response) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RoleMappingResource(org.keycloak.admin.client.resource.RoleMappingResource) Test(org.junit.Test)

Example 13 with RoleMappingResource

use of org.keycloak.admin.client.resource.RoleMappingResource in project keycloak by keycloak.

the class GroupTest method adminEndpointAccessibleWhenAdminRoleAssignedToGroup.

/**
 * Verifies that the role assigned to a user's group is correctly handled by Keycloak Admin endpoint.
 * @link https://issues.jboss.org/browse/KEYCLOAK-2964
 */
@Test
public void adminEndpointAccessibleWhenAdminRoleAssignedToGroup() {
    String userName = "user-" + UUID.randomUUID();
    String groupName = "group-" + UUID.randomUUID();
    final String realmName = AuthRealm.MASTER;
    RealmResource realm = adminClient.realms().realm(realmName);
    RoleRepresentation adminRole = realm.roles().get(AdminRoles.ADMIN).toRepresentation();
    assertThat(adminRole, notNullValue());
    assertThat(adminRole.getId(), notNullValue());
    String userId = createUser(realmName, userName, "pwd");
    GroupRepresentation group = GroupBuilder.create().name(groupName).build();
    try (Response response = realm.groups().add(group)) {
        String groupId = ApiUtil.getCreatedId(response);
        RoleMappingResource mappings = realm.groups().group(groupId).roles();
        mappings.realmLevel().add(Collections.singletonList(adminRole));
        realm.users().get(userId).joinGroup(groupId);
    }
    try (Keycloak userClient = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", realmName, userName, "pwd", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        assertThat(// Any admin operation will do
        userClient.realms().findAll(), not(empty()));
    }
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) Response(javax.ws.rs.core.Response) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) Keycloak(org.keycloak.admin.client.Keycloak) RoleMappingResource(org.keycloak.admin.client.resource.RoleMappingResource) Test(org.junit.Test)

Example 14 with RoleMappingResource

use of org.keycloak.admin.client.resource.RoleMappingResource in project keycloak by keycloak.

the class GroupTest method rolesCanBeAssignedEvenWhenTheyAreAlreadyIndirectlyAssigned.

/**
 * Test for KEYCLOAK-10603.
 */
@Test
public void rolesCanBeAssignedEvenWhenTheyAreAlreadyIndirectlyAssigned() {
    RealmResource realm = adminClient.realms().realm("test");
    createRealmRole(realm, RoleBuilder.create().name("realm-composite").build());
    createRealmRole(realm, RoleBuilder.create().name("realm-child").build());
    realm.roles().get("realm-composite").addComposites(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
    try (Response response = realm.clients().create(ClientBuilder.create().clientId("myclient").build())) {
        String clientId = ApiUtil.getCreatedId(response);
        getCleanup().addClientUuid(clientId);
        realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-composite").build());
        realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-child").build());
        realm.clients().get(clientId).roles().get("client-composite").addComposites(Collections.singletonList(realm.clients().get(clientId).roles().get("client-child").toRepresentation()));
        GroupRepresentation group = new GroupRepresentation();
        group.setName("group");
        // Roles+clients tested elsewhere
        assertAdminEvents.clear();
        String groupId = createGroup(realm, group).getId();
        RoleMappingResource roles = realm.groups().group(groupId).roles();
        // Make indirect assignments: assign composite roles
        roles.realmLevel().add(Collections.singletonList(realm.roles().get("realm-composite").toRepresentation()));
        RoleRepresentation clientComposite = realm.clients().get(clientId).roles().get("client-composite").toRepresentation();
        roles.clientLevel(clientId).add(Collections.singletonList(clientComposite));
        // Check state before making the direct assignments
        assertNames(roles.realmLevel().listAll(), "realm-composite");
        assertNames(roles.realmLevel().listAvailable(), "realm-child", "admin", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION, "user", "customer-user-premium", "realm-composite-role", "sample-realm-role", "attribute-role", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
        assertNames(roles.realmLevel().listEffective(), "realm-composite", "realm-child");
        assertNames(roles.clientLevel(clientId).listAll(), "client-composite");
        assertNames(roles.clientLevel(clientId).listAvailable(), "client-child");
        assertNames(roles.clientLevel(clientId).listEffective(), "client-composite", "client-child");
        // Make direct assignments for roles which are already indirectly assigned
        roles.realmLevel().add(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
        RoleRepresentation clientChild = realm.clients().get(clientId).roles().get("client-child").toRepresentation();
        roles.clientLevel(clientId).add(Collections.singletonList(clientChild));
        // List realm roles
        assertNames(roles.realmLevel().listAll(), "realm-composite", "realm-child");
        assertNames(roles.realmLevel().listAvailable(), "admin", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION, "user", "customer-user-premium", "realm-composite-role", "sample-realm-role", "attribute-role", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
        assertNames(roles.realmLevel().listEffective(), "realm-composite", "realm-child");
        // List client roles
        assertNames(roles.clientLevel(clientId).listAll(), "client-composite", "client-child");
        assertNames(roles.clientLevel(clientId).listAvailable());
        assertNames(roles.clientLevel(clientId).listEffective(), "client-composite", "client-child");
        // Get mapping representation
        MappingsRepresentation all = roles.getAll();
        assertNames(all.getRealmMappings(), "realm-composite", "realm-child");
        assertEquals(1, all.getClientMappings().size());
        assertNames(all.getClientMappings().get("myclient").getMappings(), "client-composite", "client-child");
    }
}
Also used : Response(javax.ws.rs.core.Response) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) MappingsRepresentation(org.keycloak.representations.idm.MappingsRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) RoleMappingResource(org.keycloak.admin.client.resource.RoleMappingResource) Test(org.junit.Test)

Aggregations

RoleMappingResource (org.keycloak.admin.client.resource.RoleMappingResource)14 Test (org.junit.Test)12 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)12 Response (javax.ws.rs.core.Response)10 RealmResource (org.keycloak.admin.client.resource.RealmResource)8 GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)5 MappingsRepresentation (org.keycloak.representations.idm.MappingsRepresentation)5 Keycloak (org.keycloak.admin.client.Keycloak)3 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)3 ArrayList (java.util.ArrayList)2 LinkedList (java.util.LinkedList)2 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)2 ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)2 RolesResource (org.keycloak.admin.client.resource.RolesResource)1 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial