Search in sources :

Example 96 with ComponentModel

use of org.keycloak.component.ComponentModel in project keycloak by keycloak.

the class LDAPRoleMappingsTest method test02_readOnlyRoleMappings.

@Test
public void test02_readOnlyRoleMappings() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.READ_ONLY);
        UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
        RoleModel realmRole1 = appRealm.getRole("realmRole1");
        RoleModel realmRole2 = appRealm.getRole("realmRole2");
        RoleModel realmRole3 = appRealm.getRole("realmRole3");
        if (realmRole3 == null) {
            realmRole3 = appRealm.addRole("realmRole3");
        }
        // Add some role mappings directly into LDAP
        ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
        LDAPObject maryLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "marykeycloak");
        roleMapper.addRoleMappingInLDAP("realmRole1", maryLdap);
        roleMapper.addRoleMappingInLDAP("realmRole2", maryLdap);
        // Add some role to model
        mary.grantRole(realmRole3);
        // Assert that mary has both LDAP and DB mapped roles
        Set<RoleModel> maryRoles = mary.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertTrue(maryRoles.contains(realmRole1));
        Assert.assertTrue(maryRoles.contains(realmRole2));
        Assert.assertTrue(maryRoles.contains(realmRole3));
        // Assert that access through DB will have just DB mapped role
        UserModel maryDB = session.userLocalStorage().getUserByUsername(appRealm, "marykeycloak");
        Set<RoleModel> maryDBRoles = maryDB.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertFalse(maryDBRoles.contains(realmRole1));
        Assert.assertFalse(maryDBRoles.contains(realmRole2));
        Assert.assertTrue(maryDBRoles.contains(realmRole3));
        mary.deleteRoleMapping(realmRole3);
        try {
            mary.deleteRoleMapping(realmRole1);
            Assert.fail("It wasn't expected to successfully delete LDAP role mappings in READ_ONLY mode");
        } catch (ModelException expected) {
        }
        // Delete role mappings directly in LDAP
        deleteRoleMappingsInLDAP(roleMapper, maryLdap, "realmRole1");
        deleteRoleMappingsInLDAP(roleMapper, maryLdap, "realmRole2");
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
        // Assert role mappings is not available
        Set<RoleModel> maryRoles = mary.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole1")));
        Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole2")));
        Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole3")));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ModelException(org.keycloak.models.ModelException) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) RoleModel(org.keycloak.models.RoleModel) RoleLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper) Test(org.junit.Test)

Example 97 with ComponentModel

use of org.keycloak.component.ComponentModel in project keycloak by keycloak.

the class AbstractGeneratedRsaKeyProviderFactory method createFallbackKeys.

@Override
public boolean createFallbackKeys(KeycloakSession session, KeyUse keyUse, String algorithm) {
    if (isValidKeyUse(keyUse) && isSupportedRsaAlgorithm(algorithm)) {
        RealmModel realm = session.getContext().getRealm();
        ComponentModel generated = new ComponentModel();
        generated.setName("fallback-" + algorithm);
        generated.setParentId(realm.getId());
        generated.setProviderId(getId());
        generated.setProviderType(KeyProvider.class.getName());
        MultivaluedHashMap<String, String> config = new MultivaluedHashMap<>();
        config.putSingle(Attributes.PRIORITY_KEY, "-100");
        config.putSingle(Attributes.ALGORITHM_KEY, algorithm);
        generated.setConfig(config);
        realm.addComponentModel(generated);
        return true;
    } else {
        return false;
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) ComponentModel(org.keycloak.component.ComponentModel)

Example 98 with ComponentModel

use of org.keycloak.component.ComponentModel in project keycloak by keycloak.

the class GeneratedAesKeyProviderFactory method createFallbackKeys.

@Override
public boolean createFallbackKeys(KeycloakSession session, KeyUse keyUse, String algorithm) {
    if (keyUse.equals(KeyUse.ENC) && algorithm.equals(Algorithm.AES)) {
        RealmModel realm = session.getContext().getRealm();
        ComponentModel generated = new ComponentModel();
        generated.setName("fallback-" + algorithm);
        generated.setParentId(realm.getId());
        generated.setProviderId(ID);
        generated.setProviderType(KeyProvider.class.getName());
        MultivaluedHashMap<String, String> config = new MultivaluedHashMap<>();
        config.putSingle(Attributes.PRIORITY_KEY, "-100");
        generated.setConfig(config);
        realm.addComponentModel(generated);
        return true;
    } else {
        return false;
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) ComponentModel(org.keycloak.component.ComponentModel)

Example 99 with ComponentModel

use of org.keycloak.component.ComponentModel in project keycloak by keycloak.

the class DefaultClientRegistrationPolicies method addGenericPolicies.

private static void addGenericPolicies(RealmModel realm, String policyTypeKey) {
    ComponentModel protMapperModel = createModelInstance("Allowed Protocol Mapper Types", realm, ProtocolMappersClientRegistrationPolicyFactory.PROVIDER_ID, policyTypeKey);
    protMapperModel.getConfig().put(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, Arrays.asList(DEFAULT_ALLOWED_PROTOCOL_MAPPERS));
    realm.addComponentModel(protMapperModel);
    ComponentModel clientTemplatesModel = createModelInstance("Allowed Client Scopes", realm, ClientScopesClientRegistrationPolicyFactory.PROVIDER_ID, policyTypeKey);
    clientTemplatesModel.getConfig().put(ClientScopesClientRegistrationPolicyFactory.ALLOWED_CLIENT_SCOPES, Collections.emptyList());
    clientTemplatesModel.put(ClientScopesClientRegistrationPolicyFactory.ALLOW_DEFAULT_SCOPES, true);
    realm.addComponentModel(clientTemplatesModel);
}
Also used : ComponentModel(org.keycloak.component.ComponentModel)

Example 100 with ComponentModel

use of org.keycloak.component.ComponentModel in project keycloak by keycloak.

the class DefaultClientRegistrationPolicies method createModelInstance.

private static ComponentModel createModelInstance(String name, RealmModel realm, String providerId, String policyType) {
    ComponentModel model = new ComponentModel();
    model.setName(name);
    model.setParentId(realm.getId());
    model.setProviderId(providerId);
    model.setProviderType(ClientRegistrationPolicy.class.getName());
    model.setSubType(policyType);
    return model;
}
Also used : ComponentModel(org.keycloak.component.ComponentModel)

Aggregations

ComponentModel (org.keycloak.component.ComponentModel)155 RealmModel (org.keycloak.models.RealmModel)74 Test (org.junit.Test)52 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)46 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)34 UserModel (org.keycloak.models.UserModel)29 HashMap (java.util.HashMap)22 UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)22 GroupModel (org.keycloak.models.GroupModel)21 MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)18 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)18 ComponentValidationException (org.keycloak.component.ComponentValidationException)16 UserStorageProvider (org.keycloak.storage.UserStorageProvider)16 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)15 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)15 Path (javax.ws.rs.Path)14 DeclarativeUserProfileProvider (org.keycloak.userprofile.DeclarativeUserProfileProvider)13 ModelException (org.keycloak.models.ModelException)11 UPAttribute (org.keycloak.userprofile.config.UPAttribute)11 UPConfig (org.keycloak.userprofile.config.UPConfig)11