Example 1 with RolesResource
use of org.keycloak.admin.client.resource.RolesResource in project openremote by openremote.
the class ManagerKeycloakIdentityProvider method getRoles.
@Override
public Role[] getRoles(ClientRequestInfo clientRequestInfo, String realm, String userId) {
RoleMappingResource roleMappingResource = getRealms(clientRequestInfo).realm(realm).users().get(userId).roles();
ClientsResource clientsResource = getRealms(clientRequestInfo).realm(realm).clients();
String clientId = clientsResource.findByClientId(KEYCLOAK_CLIENT_ID).get(0).getId();
RolesResource rolesResource = clientsResource.get(clientId).roles();
List<RoleRepresentation> allRoles = rolesResource.list();
List<RoleRepresentation> effectiveRoles = roleMappingResource.clientLevel(clientId).listEffective();
List<Role> roles = new ArrayList<>();
for (RoleRepresentation roleRepresentation : allRoles) {
boolean isAssigned = false;
for (RoleRepresentation effectiveRole : effectiveRoles) {
if (effectiveRole.getId().equals(roleRepresentation.getId()))
isAssigned = true;
}
roles.add(new Role(roleRepresentation.getId(), roleRepresentation.getName(), roleRepresentation.isComposite(), isAssigned));
}
return roles.toArray(new Role[roles.size()]);
}
Also used :
ClientsResource(org.keycloak.admin.client.resource.ClientsResource)
ArrayList(java.util.ArrayList)
RolesResource(org.keycloak.admin.client.resource.RolesResource)
RoleMappingResource(org.keycloak.admin.client.resource.RoleMappingResource)
Example 2 with RolesResource
use of org.keycloak.admin.client.resource.RolesResource in project openremote by openremote.
the class KeycloakDemoSetup method onStart.
@Override
public void onStart() throws Exception {
super.onStart();
// Tenants
masterTenant = identityService.getIdentityProvider().getTenantForRealm(Constants.MASTER_REALM);
Tenant customerA = new Tenant();
customerA.setRealm("customerA");
customerA.setDisplayName("Customer A");
customerA.setEnabled(true);
keycloakProvider.createTenant(new ClientRequestInfo(null, accessToken), customerA, emailConfig);
customerATenant = keycloakProvider.getTenantForRealm(customerA.getRealm());
Tenant customerB = new Tenant();
customerB.setRealm("customerB");
customerB.setDisplayName("Customer B");
customerB.setEnabled(true);
keycloakProvider.createTenant(new ClientRequestInfo(null, accessToken), customerB, emailConfig);
customerBTenant = keycloakProvider.getTenantForRealm(customerB.getRealm());
// Users
String masterClientObjectId = getClientObjectId(masterClientsResource);
RolesResource masterRolesResource = masterClientsResource.get(masterClientObjectId).roles();
UserRepresentation testuser1 = new UserRepresentation();
testuser1.setUsername("testuser1");
testuser1.setFirstName("Testuserfirst");
testuser1.setLastName("Testuserlast");
testuser1.setEnabled(true);
masterUsersResource.create(testuser1);
testuser1 = masterUsersResource.search("testuser1", null, null, null, null, null).get(0);
this.testuser1Id = testuser1.getId();
CredentialRepresentation testuser1Credentials = new CredentialRepresentation();
testuser1Credentials.setType("password");
testuser1Credentials.setValue("testuser1");
testuser1Credentials.setTemporary(false);
masterUsersResource.get(testuser1.getId()).resetPassword(testuser1Credentials);
masterUsersResource.get(testuser1.getId()).roles().clientLevel(masterClientObjectId).add(Arrays.asList(masterRolesResource.get(ClientRole.WRITE_USER.getValue()).toRepresentation(), masterRolesResource.get(ClientRole.READ_MAP.getValue()).toRepresentation(), masterRolesResource.get(ClientRole.READ_ASSETS.getValue()).toRepresentation(), masterRolesResource.get(ClientRole.READ_RULES.getValue()).toRepresentation(), masterRolesResource.get(ClientRole.WRITE_ASSETS.getValue()).toRepresentation(), masterRolesResource.get(ClientRole.WRITE_RULES.getValue()).toRepresentation()));
LOG.info("Added demo user '" + testuser1.getUsername() + "' with password '" + testuser1Credentials.getValue() + "'");
UsersResource customerAUsersResource = keycloakProvider.getRealms(accessToken).realm("customerA").users();
ClientsResource customerAClientsResource = keycloakProvider.getRealms(accessToken).realm("customerA").clients();
String customerAClientObjectId = getClientObjectId(customerAClientsResource);
RolesResource customerARolesResource = customerAClientsResource.get(customerAClientObjectId).roles();
UserRepresentation testuser2 = new UserRepresentation();
testuser2.setUsername("testuser2");
testuser2.setFirstName("Testuserfirst");
testuser2.setLastName("Testuserlast");
testuser2.setEnabled(true);
customerAUsersResource.create(testuser2);
testuser2 = customerAUsersResource.search("testuser2", null, null, null, null, null).get(0);
this.testuser2Id = testuser2.getId();
CredentialRepresentation testuser2Credentials = new CredentialRepresentation();
testuser2Credentials.setType("password");
testuser2Credentials.setValue("testuser2");
testuser2Credentials.setTemporary(false);
customerAUsersResource.get(testuser2.getId()).resetPassword(testuser2Credentials);
customerAUsersResource.get(testuser2.getId()).roles().clientLevel(customerAClientObjectId).add(Arrays.asList(customerARolesResource.get(ClientRole.WRITE_USER.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.READ_MAP.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.READ_ASSETS.getValue()).toRepresentation()));
LOG.info("Added demo user '" + testuser2.getUsername() + "' with password '" + testuser2Credentials.getValue() + "'");
UserRepresentation testuser3 = new UserRepresentation();
testuser3.setUsername("testuser3");
testuser3.setFirstName("Testuserfirst");
testuser3.setLastName("Testuserlast");
testuser3.setEnabled(true);
customerAUsersResource.create(testuser3);
testuser3 = customerAUsersResource.search("testuser3", null, null, null, null, null).get(0);
this.testuser3Id = testuser3.getId();
CredentialRepresentation testuser3Credentials = new CredentialRepresentation();
testuser3Credentials.setType("password");
testuser3Credentials.setValue("testuser3");
testuser3Credentials.setTemporary(false);
customerAUsersResource.get(testuser3.getId()).resetPassword(testuser3Credentials);
customerAUsersResource.get(testuser3.getId()).roles().clientLevel(customerAClientObjectId).add(Arrays.asList(customerARolesResource.get(ClientRole.WRITE_USER.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.READ_MAP.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.READ_ASSETS.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.WRITE_RULES.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.WRITE_ASSETS.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.READ_RULES.getValue()).toRepresentation()));
LOG.info("Added demo user '" + testuser3.getUsername() + "' with password '" + testuser3Credentials.getValue() + "'");
}
Also used :
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
Tenant(org.openremote.model.security.Tenant)
UsersResource(org.keycloak.admin.client.resource.UsersResource)
ClientsResource(org.keycloak.admin.client.resource.ClientsResource)
ClientRequestInfo(org.openremote.container.web.ClientRequestInfo)
RolesResource(org.keycloak.admin.client.resource.RolesResource)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Example 3 with RolesResource
use of org.keycloak.admin.client.resource.RolesResource in project openremote by openremote.
the class KeycloakInitSetup method onStart.
@Override
public void onStart() throws Exception {
super.onStart();
// Configure the master realm
RealmRepresentation masterRealm = masterRealmResource.toRepresentation();
masterRealm.setDisplayName("Master");
// Set SMTP server, theme, timeouts, etc.
keycloakProvider.configureRealm(masterRealm, emailConfig);
masterRealmResource.update(masterRealm);
// Create our client application with its default roles
keycloakProvider.createClientApplication(new ClientRequestInfo(null, accessToken), masterRealm.getRealm());
// Get the client application ID so we can assign roles to users at the client
// level (we can only check realm _or_ client application roles in @RolesAllowed!)
String clientObjectId = getClientObjectId(masterClientsResource);
ClientResource clientResource = masterClientsResource.get(clientObjectId);
RolesResource rolesResource = clientResource.roles();
// Give admin all roles on application client level
RoleRepresentation readRole = rolesResource.get(ClientRole.READ.getValue()).toRepresentation();
RoleRepresentation writeRole = rolesResource.get(ClientRole.WRITE.getValue()).toRepresentation();
masterUsersResource.search(MASTER_REALM_ADMIN_USER, null, null, null, null, null).stream().map(userRepresentation -> masterUsersResource.get(userRepresentation.getId())).forEach(adminUser -> {
adminUser.roles().clientLevel(clientObjectId).add(Arrays.asList(readRole, writeRole));
LOG.info("Assigned all application roles to 'admin' user");
UserRepresentation adminRep = adminUser.toRepresentation();
adminRep.setFirstName("System");
adminRep.setLastName("Administrator");
adminUser.update(adminRep);
});
}
Also used :
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
Container(org.openremote.container.Container)
ClientRequestInfo(org.openremote.container.web.ClientRequestInfo)
Arrays(java.util.Arrays)
MASTER_REALM_ADMIN_USER(org.openremote.model.Constants.MASTER_REALM_ADMIN_USER)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
ClientRole(org.openremote.model.security.ClientRole)
AbstractKeycloakSetup(org.openremote.manager.setup.AbstractKeycloakSetup)
RolesResource(org.keycloak.admin.client.resource.RolesResource)
Logger(java.util.logging.Logger)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
ClientRequestInfo(org.openremote.container.web.ClientRequestInfo)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
RolesResource(org.keycloak.admin.client.resource.RolesResource)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Aggregations
RolesResource (org.keycloak.admin.client.resource.RolesResource)3
ClientsResource (org.keycloak.admin.client.resource.ClientsResource)2
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)2
ClientRequestInfo (org.openremote.container.web.ClientRequestInfo)2
ArrayList (java.util.ArrayList)1
Arrays (java.util.Arrays)1
Logger (java.util.logging.Logger)1
ClientResource (org.keycloak.admin.client.resource.ClientResource)1
RoleMappingResource (org.keycloak.admin.client.resource.RoleMappingResource)1
UsersResource (org.keycloak.admin.client.resource.UsersResource)1
CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)1
RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)1
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)1
Container (org.openremote.container.Container)1
AbstractKeycloakSetup (org.openremote.manager.setup.AbstractKeycloakSetup)1
MASTER_REALM_ADMIN_USER (org.openremote.model.Constants.MASTER_REALM_ADMIN_USER)1
ClientRole (org.openremote.model.security.ClientRole)1
Tenant (org.openremote.model.security.Tenant)1
