Examples with ClientModel org.keycloak.models.ClientModel used on opensource projects

Search in sources :

Example 86 with ClientModel

use of org.keycloak.models.ClientModel in project keycloak by keycloak.

the class ClientTokenExchangeTest method addDirectExchanger.

private static void addDirectExchanger(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    RoleModel exampleRole = realm.addRole("example");
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    ClientModel target = realm.addClient("target");
    target.setName("target");
    target.setClientId("target");
    target.setDirectAccessGrantsEnabled(true);
    target.setEnabled(true);
    target.setSecret("secret");
    target.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    target.setFullScopeAllowed(false);
    target.addScopeMapping(exampleRole);
    ClientModel directExchanger = realm.addClient("direct-exchanger");
    directExchanger.setName("direct-exchanger");
    directExchanger.setClientId("direct-exchanger");
    directExchanger.setPublicClient(false);
    directExchanger.setDirectAccessGrantsEnabled(true);
    directExchanger.setEnabled(true);
    directExchanger.setSecret("secret");
    directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directExchanger.setFullScopeAllowed(false);
    // permission for client to client exchange to "target" client
    management.clients().setPermissionsEnabled(target, true);
    ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
    clientImpersonateRep.setName("clientImpersonatorsDirect");
    clientImpersonateRep.addClient(directExchanger.getId());
    ResourceServer server = management.realmResourceServer();
    Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
    management.users().setPermissionsEnabled(true);
    management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
    management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user");
    impersonatedUser.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password"));
    impersonatedUser.grantRole(exampleRole);
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) RoleModel(org.keycloak.models.RoleModel) ResourceServer(org.keycloak.authorization.model.ResourceServer) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)

Example 87 with ClientModel

use of org.keycloak.models.ClientModel in project keycloak by keycloak.

the class UserConsentWithUserStorageModelTest method deleteClientScopeTest.

@Test
@ModelTest
public void deleteClientScopeTest(KeycloakSession session) {
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesDelClScope1) -> {
        KeycloakSession currentSession = sesDelClScope1;
        RealmModel realm = currentSession.realms().getRealmByName("original");
        ClientModel fooClient = realm.getClientByClientId("foo-client");
        ClientScopeModel fooScope = KeycloakModelUtils.getClientScopeByName(realm, "foo");
        realm.removeClientScope(fooScope.getId());
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesDelClScope2) -> {
        KeycloakSession currentSession = sesDelClScope2;
        RealmModel realm = currentSession.realms().getRealmByName("original");
        ClientModel fooClient = realm.getClientByClientId("foo-client");
        UserModel john = currentSession.users().getUserByUsername(realm, "john");
        UserConsentModel johnConsent = currentSession.users().getConsentByClient(realm, john.getId(), fooClient.getId());
        Assert.assertEquals(johnConsent.getGrantedClientScopes().size(), 0);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) KeycloakSession(org.keycloak.models.KeycloakSession) ClientScopeModel(org.keycloak.models.ClientScopeModel) UserConsentModel(org.keycloak.models.UserConsentModel) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 88 with ClientModel

use of org.keycloak.models.ClientModel in project keycloak by keycloak.

the class UserSessionProviderOfflineTest method testOfflineSessionsCrud.

@Test
@ModelTest
public void testOfflineSessionsCrud(KeycloakSession session) {
    Map<String, Set<String>> offlineSessions = new HashMap<>();
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCrud) -> {
        // Create some online sessions in infinispan
        reloadState(sessionCrud);
        createSessions(sessionCrud);
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCrud2) -> {
        currentSession = sessionCrud2;
        realm = currentSession.realms().getRealm("test");
        sessionManager = new UserSessionManager(currentSession);
        // Key is userSession ID, values are client UUIDS
        // Persist 3 created userSessions and clientSessions as offline
        ClientModel testApp = realm.getClientByClientId("test-app");
        currentSession.sessions().getUserSessionsStream(realm, testApp).collect(Collectors.toList()).forEach(userSession -> offlineSessions.put(userSession.getId(), createOfflineSessionIncludeClientSessions(currentSession, userSession)));
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCrud3) -> {
        currentSession = sessionCrud3;
        realm = currentSession.realms().getRealm("test");
        sessionManager = new UserSessionManager(currentSession);
        // Assert all previously saved offline sessions found
        for (Map.Entry<String, Set<String>> entry : offlineSessions.entrySet()) {
            UserSessionModel offlineSession = sessionManager.findOfflineUserSession(realm, entry.getKey());
            Assert.assertNotNull(offlineSession);
            Assert.assertEquals(offlineSession.getAuthenticatedClientSessions().keySet(), entry.getValue());
        }
        // Find clients with offline token
        UserModel user1 = currentSession.users().getUserByUsername(realm, "user1");
        Set<ClientModel> clients = sessionManager.findClientsWithOfflineToken(realm, user1);
        Assert.assertEquals(clients.size(), 2);
        for (ClientModel client : clients) {
            Assert.assertTrue(client.getClientId().equals("test-app") || client.getClientId().equals("third-party"));
        }
        UserModel user2 = currentSession.users().getUserByUsername(realm, "user2");
        clients = sessionManager.findClientsWithOfflineToken(realm, user2);
        Assert.assertEquals(clients.size(), 1);
        Assert.assertEquals("test-app", clients.iterator().next().getClientId());
        // Test count
        ClientModel testApp = realm.getClientByClientId("test-app");
        ClientModel thirdparty = realm.getClientByClientId("third-party");
        Assert.assertEquals(3, currentSession.sessions().getOfflineSessionsCount(realm, testApp));
        Assert.assertEquals(1, currentSession.sessions().getOfflineSessionsCount(realm, thirdparty));
        // Revoke "test-app" for user1
        sessionManager.revokeOfflineToken(user1, testApp);
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCrud4) -> {
        currentSession = sessionCrud4;
        realm = currentSession.realms().getRealm("test");
        sessionManager = new UserSessionManager(currentSession);
        // Assert userSession revoked
        ClientModel thirdparty = realm.getClientByClientId("third-party");
        List<UserSessionModel> thirdpartySessions = currentSession.sessions().getOfflineUserSessionsStream(realm, thirdparty, 0, 10).collect(Collectors.toList());
        Assert.assertEquals(1, thirdpartySessions.size());
        Assert.assertEquals("127.0.0.1", thirdpartySessions.get(0).getIpAddress());
        Assert.assertEquals("user1", thirdpartySessions.get(0).getUser().getUsername());
        UserModel user1 = currentSession.users().getUserByUsername(realm, "user1");
        UserModel user2 = currentSession.users().getUserByUsername(realm, "user2");
        Set<ClientModel> clients = sessionManager.findClientsWithOfflineToken(realm, user1);
        Assert.assertEquals(1, clients.size());
        Assert.assertEquals("third-party", clients.iterator().next().getClientId());
        clients = sessionManager.findClientsWithOfflineToken(realm, user2);
        Assert.assertEquals(1, clients.size());
        Assert.assertEquals("test-app", clients.iterator().next().getClientId());
        // Revoke the second currentSession for user1 too.
        sessionManager.revokeOfflineToken(user1, thirdparty);
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCrud5) -> {
        currentSession = sessionCrud5;
        realm = currentSession.realms().getRealm("test");
        sessionManager = new UserSessionManager(currentSession);
        ClientModel testApp = realm.getClientByClientId("test-app");
        ClientModel thirdparty = realm.getClientByClientId("third-party");
        // Accurate count now. All sessions of user1 cleared
        Assert.assertEquals(1, currentSession.sessions().getOfflineSessionsCount(realm, testApp));
        Assert.assertEquals(0, currentSession.sessions().getOfflineSessionsCount(realm, thirdparty));
        List<UserSessionModel> testAppSessions = currentSession.sessions().getOfflineUserSessionsStream(realm, testApp, 0, 10).collect(Collectors.toList());
        Assert.assertEquals(1, testAppSessions.size());
        Assert.assertEquals("127.0.0.3", testAppSessions.get(0).getIpAddress());
        Assert.assertEquals("user2", testAppSessions.get(0).getUser().getUsername());
        UserModel user1 = currentSession.users().getUserByUsername(realm, "user1");
        Set<ClientModel> clients = sessionManager.findClientsWithOfflineToken(realm, user1);
        Assert.assertEquals(0, clients.size());
    });
}
Also used : UserSessionModel(org.keycloak.models.UserSessionModel) HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) UserSessionManager(org.keycloak.services.managers.UserSessionManager) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) KeycloakSession(org.keycloak.models.KeycloakSession) HashMap(java.util.HashMap) Map(java.util.Map) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 89 with ClientModel

use of org.keycloak.models.ClientModel in project keycloak by keycloak.

the class UserSessionProviderOfflineTest method testOnClientRemoved.

@Test
@ModelTest
public void testOnClientRemoved(KeycloakSession session) {
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCR) -> {
        try {
            int started = Time.currentTime();
            AtomicReference<String> userSessionID = new AtomicReference<>();
            KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCR1) -> {
                currentSession = sessionCR1;
                sessionManager = new UserSessionManager(currentSession);
                RealmModel fooRealm = currentSession.realms().createRealm("foo", "foo");
                fooRealm.setDefaultRole(currentSession.roles().addRealmRole(fooRealm, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + fooRealm.getName()));
                fooRealm.setSsoSessionIdleTimeout(1800);
                fooRealm.setSsoSessionMaxLifespan(36000);
                fooRealm.setOfflineSessionIdleTimeout(2592000);
                fooRealm.setOfflineSessionMaxLifespan(5184000);
                fooRealm.addClient("foo-app");
                fooRealm.addClient("bar-app");
                currentSession.users().addUser(fooRealm, "user3");
                UserSessionModel userSession = currentSession.sessions().createUserSession(fooRealm, currentSession.users().getUserByUsername(fooRealm, "user3"), "user3", "127.0.0.1", "form", true, null, null);
                userSessionID.set(userSession.getId());
                createClientSession(currentSession, fooRealm.getClientByClientId("foo-app"), userSession, "http://redirect", "state");
                createClientSession(currentSession, fooRealm.getClientByClientId("bar-app"), userSession, "http://redirect", "state");
            });
            KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCR2) -> {
                currentSession = sessionCR2;
                // Create offline currentSession
                RealmModel fooRealm = currentSession.realms().getRealm("foo");
                UserSessionModel userSession = currentSession.sessions().getUserSession(fooRealm, userSessionID.get());
                createOfflineSessionIncludeClientSessions(currentSession, userSession);
            });
            KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCR3) -> {
                currentSession = sessionCR3;
                RealmManager realmMgr = new RealmManager(currentSession);
                ClientManager clientMgr = new ClientManager(realmMgr);
                RealmModel fooRealm = realmMgr.getRealm("foo");
                // Assert currentSession was persisted with both clientSessions
                UserSessionModel offlineSession = currentSession.sessions().getOfflineUserSession(fooRealm, userSessionID.get());
                assertSession(offlineSession, currentSession.users().getUserByUsername(fooRealm, "user3"), "127.0.0.1", started, started, "foo-app", "bar-app");
                // Remove foo-app client
                ClientModel client = fooRealm.getClientByClientId("foo-app");
                clientMgr.removeClient(fooRealm, client);
            });
            KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCR4) -> {
                currentSession = sessionCR4;
                RealmManager realmMgr = new RealmManager(currentSession);
                ClientManager clientMgr = new ClientManager(realmMgr);
                RealmModel fooRealm = realmMgr.getRealm("foo");
                // Assert just one bar-app clientSession persisted now
                UserSessionModel offlineSession = currentSession.sessions().getOfflineUserSession(fooRealm, userSessionID.get());
                Assert.assertEquals(1, offlineSession.getAuthenticatedClientSessions().size());
                Assert.assertEquals("bar-app", offlineSession.getAuthenticatedClientSessions().values().iterator().next().getClient().getClientId());
                // Remove bar-app client
                ClientModel client = fooRealm.getClientByClientId("bar-app");
                clientMgr.removeClient(fooRealm, client);
            });
            KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCR5) -> {
                currentSession = sessionCR5;
                // Assert nothing loaded - userSession was removed as well because it was last userSession
                RealmManager realmMgr = new RealmManager(currentSession);
                RealmModel fooRealm = realmMgr.getRealm("foo");
                UserSessionModel offlineSession = currentSession.sessions().getOfflineUserSession(fooRealm, userSessionID.get());
                Assert.assertEquals(0, offlineSession.getAuthenticatedClientSessions().size());
            });
        } catch (Exception e) {
            throw new RuntimeException(e);
        } finally {
            KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionTearDown) -> {
                currentSession = sessionTearDown;
                RealmManager realmMgr = new RealmManager(currentSession);
                RealmModel fooRealm = realmMgr.getRealm("foo");
                UserModel user3 = currentSession.users().getUserByUsername(fooRealm, "user3");
                // Remove user3
                new UserManager(currentSession).removeUser(fooRealm, user3);
                // Cleanup
                realmMgr = new RealmManager(currentSession);
                realmMgr.removeRealm(realmMgr.getRealm("foo"));
            });
        }
    });
}
Also used : UserSessionModel(org.keycloak.models.UserSessionModel) AtomicReference(java.util.concurrent.atomic.AtomicReference) RealmManager(org.keycloak.services.managers.RealmManager) UserSessionManager(org.keycloak.services.managers.UserSessionManager) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) UserManager(org.keycloak.models.UserManager) KeycloakSession(org.keycloak.models.KeycloakSession) ClientManager(org.keycloak.services.managers.ClientManager) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 90 with ClientModel

use of org.keycloak.models.ClientModel in project keycloak by keycloak.

the class UserConsentModelTest method getAllConsentTest.

@Test
@ModelTest
public void getAllConsentTest(KeycloakSession session) {
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionACT) -> {
        KeycloakSession currentSession = sessionACT;
        RealmModel realm = currentSession.realms().getRealm("original");
        ClientModel fooClient = realm.getClientByClientId("foo-client");
        UserModel john = currentSession.users().getUserByUsername(realm, "john");
        UserModel mary = currentSession.users().getUserByUsername(realm, "mary");
        Assert.assertEquals(2, currentSession.users().getConsentsStream(realm, john.getId()).count());
        ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
        List<UserConsentModel> maryConsents = currentSession.users().getConsentsStream(realm, mary.getId()).collect(Collectors.toList());
        Assert.assertEquals(2, maryConsents.size());
        UserConsentModel maryConsent = maryConsents.get(0);
        UserConsentModel maryHardcodedConsent = maryConsents.get(1);
        if (maryConsents.get(0).getClient().getId().equals(hardcodedClient.getId())) {
            maryConsent = maryConsents.get(1);
            maryHardcodedConsent = maryConsents.get(0);
        }
        Assert.assertEquals(maryConsent.getClient().getId(), fooClient.getId());
        Assert.assertEquals(maryConsent.getGrantedClientScopes().size(), 1);
        Assert.assertTrue(isClientScopeGranted(realm, "foo", maryConsent));
        Assert.assertEquals(maryHardcodedConsent.getClient().getId(), hardcodedClient.getId());
        Assert.assertEquals(maryHardcodedConsent.getGrantedClientScopes().size(), 0);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) KeycloakSession(org.keycloak.models.KeycloakSession) UserConsentModel(org.keycloak.models.UserConsentModel) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

ClientModel (org.keycloak.models.ClientModel)344 RealmModel (org.keycloak.models.RealmModel)148 UserModel (org.keycloak.models.UserModel)88 RoleModel (org.keycloak.models.RoleModel)74 KeycloakSession (org.keycloak.models.KeycloakSession)67 Test (org.junit.Test)64 UserSessionModel (org.keycloak.models.UserSessionModel)41 ResourceServer (org.keycloak.authorization.model.ResourceServer)39 Policy (org.keycloak.authorization.model.Policy)38 HashMap (java.util.HashMap)37 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)36 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)34 ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)34 List (java.util.List)32 Map (java.util.Map)32 Path (javax.ws.rs.Path)29 LinkedList (java.util.LinkedList)28 ClientScopeModel (org.keycloak.models.ClientScopeModel)28 ArrayList (java.util.ArrayList)27 AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)27
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial