Examples with ClientModel org.keycloak.models.ClientModel used on opensource projects

Search in sources :

Example 11 with ClientModel

use of org.keycloak.models.ClientModel in project keycloak by keycloak.

the class CibaClientValidation method validate.

public void validate() {
    ClientModel client = context.getObjectToValidate();
    // Check only ping mode and poll mode allowed
    CibaConfig cibaConfig = client.getRealm().getCibaPolicy();
    String cibaMode = cibaConfig.getBackchannelTokenDeliveryMode(client);
    if (!CibaConfig.CIBA_SUPPORTED_MODES.contains(cibaMode)) {
        context.addError("cibaBackchannelTokenDeliveryMode", "Unsupported requested CIBA Backchannel Token Delivery Mode", "invalidCibaBackchannelTokenDeliveryMode");
    }
    // Check clientNotificationEndpoint URL configured for ping mode
    if (CibaConfig.CIBA_PING_MODE.equals(cibaMode)) {
        if (cibaConfig.getBackchannelClientNotificationEndpoint(client) == null) {
            context.addError("cibaBackchannelClientNotificationEndpoint", "CIBA Backchannel Client Notification Endpoint must be set for the CIBA ping mode", "missingCibaBackchannelClientNotificationEndpoint");
        }
    }
    // Validate clientNotificationEndpoint URL itself
    try {
        checkUrl(client.getRealm().getSslRequired(), cibaConfig.getBackchannelClientNotificationEndpoint(client), "backchannel_client_notification_endpoint");
    } catch (RuntimeException re) {
        context.addError("cibaBackchannelClientNotificationEndpoint", re.getMessage(), "invalidBackchannelClientNotificationEndpoint");
    }
    Algorithm alg = cibaConfig.getBackchannelAuthRequestSigningAlg(client);
    if (alg != null && !isSupportedBackchannelAuthenticationRequestSigningAlg(context.getSession(), alg.name())) {
        context.addError("cibaBackchannelAuthRequestSigningAlg", "Unsupported requested CIBA Backchannel Authentication Request Signing Algorithm", "invalidCibaBackchannelAuthRequestSigningAlg");
    }
}
Also used : ClientModel(org.keycloak.models.ClientModel) CibaConfig(org.keycloak.models.CibaConfig) Algorithm(org.keycloak.jose.jws.Algorithm)

Example 12 with ClientModel

use of org.keycloak.models.ClientModel in project keycloak by keycloak.

the class HttpAuthenticationChannelProvider method requestAuthentication.

@Override
public boolean requestAuthentication(CIBAAuthenticationRequest request, String infoUsedByAuthenticator) {
    // Creates JWT formatted/JWS signed/JWE encrypted Authentication Channel ID by the same manner in creating auth_req_id.
    // Authentication Channel ID binds Backchannel Authentication Request with Authentication by Authentication Device (AD).
    // JWE serialized Authentication Channel ID works as a bearer token. It includes client_id
    // that can be used on Authentication Channel Callback Endpoint to recognize the Consumption Device (CD)
    // that sent Backchannel Authentication Request.
    // The following scopes should be displayed on AD:
    // 1. scopes specified explicitly as query parameter in the authorization request
    // 2. scopes specified implicitly as default client scope in keycloak
    checkAuthenticationChannel();
    ClientModel client = request.getClient();
    try {
        AuthenticationChannelRequest channelRequest = new AuthenticationChannelRequest();
        channelRequest.setScope(request.getScope());
        channelRequest.setBindingMessage(request.getBindingMessage());
        channelRequest.setLoginHint(infoUsedByAuthenticator);
        channelRequest.setConsentRequired(client.isConsentRequired());
        channelRequest.setAcrValues(request.getAcrValues());
        channelRequest.setAdditionalParameters(request.getOtherClaims());
        SimpleHttp simpleHttp = SimpleHttp.doPost(httpAuthenticationChannelUri, session).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).json(channelRequest).auth(createBearerToken(request, client));
        int status = completeDecoupledAuthnRequest(simpleHttp, channelRequest).asStatus();
        if (status == Status.CREATED.getStatusCode()) {
            return true;
        }
    } catch (IOException ioe) {
        throw new RuntimeException("Authentication Channel Access failed.", ioe);
    }
    return false;
}
Also used : ClientModel(org.keycloak.models.ClientModel) SimpleHttp(org.keycloak.broker.provider.util.SimpleHttp) IOException(java.io.IOException)

Example 13 with ClientModel

use of org.keycloak.models.ClientModel in project keycloak by keycloak.

the class ScopeMappedResource method getScopeMappings.

/**
 * Get all scope mappings for the client
 *
 * @return
 * @deprecated the method is not used neither from admin console or from admin client. It may be removed in future releases.
 */
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
@Deprecated
public MappingsRepresentation getScopeMappings() {
    viewPermission.require();
    if (scopeContainer == null) {
        throw new NotFoundException("Could not find client");
    }
    MappingsRepresentation all = new MappingsRepresentation();
    List<RoleRepresentation> realmRep = scopeContainer.getRealmScopeMappingsStream().map(ModelToRepresentation::toBriefRepresentation).collect(Collectors.toList());
    if (!realmRep.isEmpty()) {
        all.setRealmMappings(realmRep);
    }
    Stream<ClientModel> clients = realm.getClientsStream();
    Map<String, ClientMappingsRepresentation> clientMappings = clients.map(c -> ScopeMappedUtil.toClientMappingsRepresentation(c, scopeContainer)).filter(Objects::nonNull).collect(Collectors.toMap(ClientMappingsRepresentation::getClient, Function.identity()));
    if (!clientMappings.isEmpty()) {
        all.setClientMappings(clientMappings);
    }
    return all;
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ClientModel(org.keycloak.models.ClientModel) MappingsRepresentation(org.keycloak.representations.idm.MappingsRepresentation) ClientMappingsRepresentation(org.keycloak.representations.idm.ClientMappingsRepresentation) NotFoundException(javax.ws.rs.NotFoundException) ClientMappingsRepresentation(org.keycloak.representations.idm.ClientMappingsRepresentation) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Example 14 with ClientModel

use of org.keycloak.models.ClientModel in project keycloak by keycloak.

the class UserResource method getOfflineSessions.

/**
 * Get offline sessions associated with the user and client
 *
 * @return
 */
@Path("offline-sessions/{clientUuid}")
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public Stream<UserSessionRepresentation> getOfflineSessions(@PathParam("clientUuid") final String clientUuid) {
    auth.users().requireView(user);
    ClientModel client = realm.getClientById(clientUuid);
    if (client == null) {
        throw new NotFoundException("Client not found");
    }
    return new UserSessionManager(session).findOfflineSessionsStream(realm, user).map(session -> toUserSessionRepresentation(session, clientUuid)).filter(Objects::nonNull);
}
Also used : UserSessionManager(org.keycloak.services.managers.UserSessionManager) EmailTemplateProvider(org.keycloak.email.EmailTemplateProvider) RedirectUtils(org.keycloak.protocol.oidc.utils.RedirectUtils) Produces(javax.ws.rs.Produces) USER_API(org.keycloak.userprofile.UserProfileContext.USER_API) MediaType(javax.ws.rs.core.MediaType) ErrorResponseException(org.keycloak.services.ErrorResponseException) Validation(org.keycloak.services.validation.Validation) Map(java.util.Map) ClientConnection(org.keycloak.common.ClientConnection) UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation) UriBuilder(javax.ws.rs.core.UriBuilder) Time(org.keycloak.common.util.Time) UserCredentialModel(org.keycloak.models.UserCredentialModel) FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation) Set(java.util.Set) IdentityProviderModel(org.keycloak.models.IdentityProviderModel) ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation) Stream(java.util.stream.Stream) LoginActionsService(org.keycloak.services.resources.LoginActionsService) BruteForceProtector(org.keycloak.services.managers.BruteForceProtector) WebApplicationException(javax.ws.rs.WebApplicationException) GET(javax.ws.rs.GET) Constants(org.keycloak.models.Constants) ArrayList(java.util.ArrayList) ResteasyProviderFactory(org.jboss.resteasy.spi.ResteasyProviderFactory) UserModel(org.keycloak.models.UserModel) UserProfileProvider(org.keycloak.userprofile.UserProfileProvider) UserConsentManager(org.keycloak.services.managers.UserConsentManager) ProviderFactory(org.keycloak.provider.ProviderFactory) UserManager(org.keycloak.models.UserManager) Properties(java.util.Properties) CredentialModel(org.keycloak.credential.CredentialModel) ExecuteActionsActionToken(org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionToken) AdminPermissionEvaluator(org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator) KeycloakSession(org.keycloak.models.KeycloakSession) EventType(org.keycloak.events.EventType) RequiredActionProvider(org.keycloak.authentication.RequiredActionProvider) IMPERSONATOR_USERNAME(org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_USERNAME) ModelDuplicateException(org.keycloak.models.ModelDuplicateException) ValidationException(org.keycloak.userprofile.ValidationException) ResourceType(org.keycloak.events.admin.ResourceType) Path(javax.ws.rs.Path) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) RepresentationToModel(org.keycloak.models.utils.RepresentationToModel) QueryParam(javax.ws.rs.QueryParam) AuthenticationManager(org.keycloak.services.managers.AuthenticationManager) Consumes(javax.ws.rs.Consumes) ReadOnlyException(org.keycloak.storage.ReadOnlyException) AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel) DefaultValue(javax.ws.rs.DefaultValue) CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) BadRequestException(javax.ws.rs.BadRequestException) URI(java.net.URI) AccountFormService(org.keycloak.services.resources.account.AccountFormService) DELETE(javax.ws.rs.DELETE) RealmModel(org.keycloak.models.RealmModel) Context(javax.ws.rs.core.Context) Collectors(java.util.stream.Collectors) NotFoundException(javax.ws.rs.NotFoundException) IMPERSONATOR_ID(org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_ID) Objects(java.util.Objects) List(java.util.List) HttpHeaders(javax.ws.rs.core.HttpHeaders) Response(javax.ws.rs.core.Response) Details(org.keycloak.events.Details) OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol) ForbiddenException(org.keycloak.services.ForbiddenException) ClientModel(org.keycloak.models.ClientModel) OperationType(org.keycloak.events.admin.OperationType) UserProfile(org.keycloak.userprofile.UserProfile) PathParam(javax.ws.rs.PathParam) UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) Profile(org.keycloak.common.Profile) Logger(org.jboss.logging.Logger) HashMap(java.util.HashMap) ServicesLogger(org.keycloak.services.ServicesLogger) ErrorRepresentation(org.keycloak.representations.idm.ErrorRepresentation) MessageFormat(java.text.MessageFormat) HashSet(java.util.HashSet) EventBuilder(org.keycloak.events.EventBuilder) UserConsentModel(org.keycloak.models.UserConsentModel) EmailException(org.keycloak.email.EmailException) GroupModel(org.keycloak.models.GroupModel) LinkedList(java.util.LinkedList) ProfileHelper(org.keycloak.utils.ProfileHelper) Status(javax.ws.rs.core.Response.Status) FederatedIdentityModel(org.keycloak.models.FederatedIdentityModel) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) POST(javax.ws.rs.POST) UserLoginFailureModel(org.keycloak.models.UserLoginFailureModel) UserSessionModel(org.keycloak.models.UserSessionModel) TimeUnit(java.util.concurrent.TimeUnit) NoCache(org.jboss.resteasy.annotations.cache.NoCache) UserSessionManager(org.keycloak.services.managers.UserSessionManager) ModelException(org.keycloak.models.ModelException) PUT(javax.ws.rs.PUT) Collections(java.util.Collections) ErrorResponse(org.keycloak.services.ErrorResponse) ClientModel(org.keycloak.models.ClientModel) Objects(java.util.Objects) NotFoundException(javax.ws.rs.NotFoundException) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Example 15 with ClientModel

use of org.keycloak.models.ClientModel in project keycloak by keycloak.

the class MgmtPermissions method initializeRealmResourceServer.

public ResourceServer initializeRealmResourceServer() {
    if (!Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION))
        return null;
    if (realmResourceServer != null)
        return realmResourceServer;
    ClientModel client = getRealmManagementClient();
    realmResourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client);
    if (realmResourceServer == null) {
        realmResourceServer = authz.getStoreFactory().getResourceServerStore().create(client);
    }
    return realmResourceServer;
}
Also used : ClientModel(org.keycloak.models.ClientModel)

Aggregations

ClientModel (org.keycloak.models.ClientModel)344 RealmModel (org.keycloak.models.RealmModel)148 UserModel (org.keycloak.models.UserModel)88 RoleModel (org.keycloak.models.RoleModel)74 KeycloakSession (org.keycloak.models.KeycloakSession)67 Test (org.junit.Test)64 UserSessionModel (org.keycloak.models.UserSessionModel)41 ResourceServer (org.keycloak.authorization.model.ResourceServer)39 Policy (org.keycloak.authorization.model.Policy)38 HashMap (java.util.HashMap)37 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)36 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)34 ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)34 List (java.util.List)32 Map (java.util.Map)32 Path (javax.ws.rs.Path)29 LinkedList (java.util.LinkedList)28 ClientScopeModel (org.keycloak.models.ClientScopeModel)28 ArrayList (java.util.ArrayList)27 AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)27
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial