Example 51 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class FederatedStorageExportImportTest method testDir.
@Test
public void testDir() {
ComponentExportImportTest.clearExportImportProperties(testingClient);
final String userId = "f:1:path";
testingClient.server().run(session -> {
RealmModel realm = new RealmManager(session).createRealm(REALM_NAME);
RoleModel role = realm.addRole("test-role");
GroupModel group = realm.createGroup("test-group");
List<String> attrValues = new LinkedList<>();
attrValues.add("1");
attrValues.add("2");
session.userFederatedStorage().setSingleAttribute(realm, userId, "single1", "value1");
session.userFederatedStorage().setAttribute(realm, userId, "list1", attrValues);
session.userFederatedStorage().addRequiredAction(realm, userId, "UPDATE_PASSWORD");
PasswordCredentialModel credential = FederatedStorageExportImportTest.getHashProvider(session, realm.getPasswordPolicy()).encodedCredential("password", realm.getPasswordPolicy().getHashIterations());
session.userFederatedStorage().createCredential(realm, userId, credential);
session.userFederatedStorage().grantRole(realm, userId, role);
session.userFederatedStorage().joinGroup(realm, userId, group);
session.userFederatedStorage().setNotBeforeForUser(realm, userId, 50);
});
final String realmId = testRealmResource().toRepresentation().getId();
final String groupId = testRealmResource().getGroupByPath("/test-group").getId();
final String exportDirAbsolutePath = this.exportDirAbsolutePath;
testingClient.server().run(session -> {
ExportImportConfig.setProvider(DirExportProviderFactory.PROVIDER_ID);
ExportImportConfig.setDir(exportDirAbsolutePath);
ExportImportConfig.setRealmName(REALM_NAME);
ExportImportConfig.setAction(ExportImportConfig.ACTION_EXPORT);
new ExportImportManager(session).runExport();
session.realms().removeRealm(realmId);
});
testingClient.server().run(session -> {
Assert.assertNull(session.realms().getRealmByName(REALM_NAME));
ExportImportConfig.setAction(ExportImportConfig.ACTION_IMPORT);
new ExportImportManager(session).runImport();
});
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName(REALM_NAME);
Assert.assertNotNull(realm);
RoleModel role = realm.getRole("test-role");
GroupModel group = realm.getGroupById(groupId);
Assert.assertEquals(1, session.userFederatedStorage().getStoredUsersCount(realm));
MultivaluedHashMap<String, String> attributes = session.userFederatedStorage().getAttributes(realm, userId);
Assert.assertEquals(3, attributes.size());
Assert.assertEquals("value1", attributes.getFirst("single1"));
Assert.assertTrue(attributes.getList("list1").contains("1"));
Assert.assertTrue(attributes.getList("list1").contains("2"));
Assert.assertTrue(session.userFederatedStorage().getRequiredActionsStream(realm, userId).collect(Collectors.toSet()).contains("UPDATE_PASSWORD"));
Assert.assertTrue(session.userFederatedStorage().getRoleMappingsStream(realm, userId).collect(Collectors.toSet()).contains(role));
Assert.assertTrue(session.userFederatedStorage().getGroupsStream(realm, userId).collect(Collectors.toSet()).contains(group));
Assert.assertEquals(50, session.userFederatedStorage().getNotBeforeOfUser(realm, userId));
List<CredentialModel> creds = session.userFederatedStorage().getStoredCredentialsStream(realm, userId).collect(Collectors.toList());
Assert.assertEquals(1, creds.size());
Assert.assertTrue(FederatedStorageExportImportTest.getHashProvider(session, realm.getPasswordPolicy()).verify("password", PasswordCredentialModel.createFromCredentialModel(creds.get(0))));
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
CredentialModel(org.keycloak.credential.CredentialModel)
PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel)
PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel)
GroupModel(org.keycloak.models.GroupModel)
ExportImportManager(org.keycloak.exportimport.ExportImportManager)
RoleModel(org.keycloak.models.RoleModel)
RealmManager(org.keycloak.services.managers.RealmManager)
LinkedList(java.util.LinkedList)
AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest)
Test(org.junit.Test)
Example 52 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class JpaRealmProvider method removeGroup.
@Override
public boolean removeGroup(RealmModel realm, GroupModel group) {
if (group == null) {
return false;
}
GroupModel.GroupRemovedEvent event = new GroupModel.GroupRemovedEvent() {
@Override
public RealmModel getRealm() {
return realm;
}
@Override
public GroupModel getGroup() {
return group;
}
@Override
public KeycloakSession getKeycloakSession() {
return session;
}
};
session.getKeycloakSessionFactory().publish(event);
session.users().preRemove(realm, group);
realm.removeDefaultGroup(group);
group.getSubGroupsStream().forEach(realm::removeGroup);
GroupEntity groupEntity = em.find(GroupEntity.class, group.getId(), LockModeType.PESSIMISTIC_WRITE);
if ((groupEntity == null) || (!groupEntity.getRealm().equals(realm.getId()))) {
return false;
}
em.createNamedQuery("deleteGroupRoleMappingsByGroup").setParameter("group", groupEntity).executeUpdate();
em.remove(groupEntity);
return true;
}
Also used :
GroupEntity(org.keycloak.models.jpa.entities.GroupEntity)
GroupModel(org.keycloak.models.GroupModel)
Example 53 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class LDAPGroupMapperTest method test07_newUserDefaultGroupsImportModeTest.
@Test
public void test07_newUserDefaultGroupsImportModeTest() throws Exception {
// Check user group memberships
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.IMPORT.toString());
appRealm.updateComponent(mapperModel);
UserModel david = session.users().addUser(appRealm, "davidkeycloak");
GroupModel defaultGroup11 = KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup11");
Assert.assertNotNull(defaultGroup11);
GroupModel defaultGroup12 = KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup12");
Assert.assertNotNull(defaultGroup12);
GroupModel group31 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group31");
Assert.assertNotNull(group31);
GroupModel group32 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group32");
Assert.assertNotNull(group32);
GroupModel group4 = KeycloakModelUtils.findGroupByPath(appRealm, "/group4");
Assert.assertNotNull(group4);
Set<GroupModel> groups = david.getGroupsStream().collect(Collectors.toSet());
Assert.assertTrue(groups.contains(defaultGroup11));
Assert.assertTrue(groups.contains(defaultGroup12));
Assert.assertFalse(groups.contains(group31));
Assert.assertFalse(groups.contains(group32));
Assert.assertFalse(groups.contains(group4));
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ComponentModel(org.keycloak.component.ComponentModel)
GroupModel(org.keycloak.models.GroupModel)
Test(org.junit.Test)
Example 54 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class LDAPGroupMapperTest method test01_ldapOnlyGroupMappings.
protected void test01_ldapOnlyGroupMappings(boolean importEnabled) {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString());
appRealm.updateComponent(mapperModel);
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
// 1 - Grant some groups in LDAP
// This group should already exists as it was imported from LDAP
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
john.joinGroup(group1);
// This group should already exists as it was imported from LDAP
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11");
mary.joinGroup(group11);
// This group should already exists as it was imported from LDAP
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12");
john.joinGroup(group12);
mary.joinGroup(group12);
// This group should already exists as it was imported from LDAP
GroupModel groupWithSlashesInName = KeycloakModelUtils.findGroupByPath(appRealm, "Team 2016/2017");
john.joinGroup(groupWithSlashesInName);
mary.joinGroup(groupWithSlashesInName);
// This group should already exists as it was imported from LDAP
GroupModel groupChildWithSlashesInName = KeycloakModelUtils.findGroupByPath(appRealm, "defaultGroup1/Team Child 2018/2019");
john.joinGroup(groupChildWithSlashesInName);
mary.joinGroup(groupChildWithSlashesInName);
Assert.assertEquals("Team SubChild 2020/2021", KeycloakModelUtils.findGroupByPath(appRealm, "defaultGroup1/Team Child 2018/2019/Team SubChild 2020/2021").getName());
Assert.assertEquals("defaultGroup14", KeycloakModelUtils.findGroupByPath(appRealm, "defaultGroup13/Team SubChild 2022/2023/A/B/C/D/E/defaultGroup14").getName());
Assert.assertEquals("Team SubChild 2026/2027", KeycloakModelUtils.findGroupByPath(appRealm, "Team Root 2024/2025/A/B/C/D/defaultGroup15/Team SubChild 2026/2027").getName());
});
// 2 - Check that group mappings are not in local Keycloak DB (They are in LDAP).
if (importEnabled) {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel johnDb = session.userLocalStorage().getUserByUsername(appRealm, "johnkeycloak");
Assert.assertEquals(2, johnDb.getGroupsStream().count());
Assert.assertEquals(2, johnDb.getGroupsStream("Gr", 0, 10).count());
Assert.assertEquals(1, johnDb.getGroupsStream("Gr", 1, 10).count());
Assert.assertEquals(1, johnDb.getGroupsStream("Gr", 0, 1).count());
Assert.assertEquals(1, johnDb.getGroupsStream("12", 0, 10).count());
long dbGroupCount = johnDb.getGroupsCount();
Assert.assertEquals(2, dbGroupCount);
});
}
// 3 - Check that group mappings are in LDAP and hence available through federation
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12");
GroupModel groupTeam20162017 = KeycloakModelUtils.findGroupByPath(appRealm, "Team 2016/2017");
GroupModel groupTeamChild20182019 = KeycloakModelUtils.findGroupByPath(appRealm, "defaultGroup1/Team Child 2018/2019");
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
Set<GroupModel> johnGroups = john.getGroupsStream().collect(Collectors.toSet());
Assert.assertEquals(4, johnGroups.size());
long groupCount = john.getGroupsCount();
Assert.assertEquals(4, groupCount);
Assert.assertTrue(johnGroups.contains(group1));
Assert.assertFalse(johnGroups.contains(group11));
Assert.assertTrue(johnGroups.contains(group12));
Assert.assertTrue(johnGroups.contains(groupTeam20162017));
Assert.assertTrue(johnGroups.contains(groupTeamChild20182019));
Assert.assertEquals(2, john.getGroupsStream("gr", 0, 10).count());
Assert.assertEquals(1, john.getGroupsStream("gr", 1, 10).count());
Assert.assertEquals(1, john.getGroupsStream("gr", 0, 1).count());
Assert.assertEquals(1, john.getGroupsStream("12", 0, 10).count());
Assert.assertEquals(1, john.getGroupsStream("2017", 0, 10).count());
Assert.assertEquals(1, john.getGroupsStream("2018", 0, 10).count());
// 4 - Check through userProvider
List<UserModel> group1Members = session.users().getGroupMembersStream(appRealm, group1, 0, 10).collect(Collectors.toList());
List<UserModel> group11Members = session.users().getGroupMembersStream(appRealm, group11, 0, 10).collect(Collectors.toList());
Stream<UserModel> group12Members = session.users().getGroupMembersStream(appRealm, group12, 0, 10);
Stream<UserModel> groupTeam20162017Members = session.users().getGroupMembersStream(appRealm, groupTeam20162017, 0, 10);
Stream<UserModel> groupTeam20182019Members = session.users().getGroupMembersStream(appRealm, groupTeamChild20182019, 0, 10);
Assert.assertEquals(1, group1Members.size());
Assert.assertEquals("johnkeycloak", group1Members.get(0).getUsername());
Assert.assertEquals(1, group11Members.size());
Assert.assertEquals("marykeycloak", group11Members.get(0).getUsername());
Assert.assertEquals(2, group12Members.count());
Assert.assertEquals(2, groupTeam20162017Members.count());
Assert.assertEquals(2, groupTeam20182019Members.count());
// 4 - Delete some group mappings and check they are deleted
john.leaveGroup(group1);
john.leaveGroup(group12);
john.leaveGroup(groupTeam20162017);
john.leaveGroup(groupTeamChild20182019);
mary.leaveGroup(group1);
mary.leaveGroup(group11);
mary.leaveGroup(group12);
mary.leaveGroup(groupTeam20162017);
mary.leaveGroup(groupTeamChild20182019);
Assert.assertEquals(0, john.getGroupsStream().count());
groupCount = john.getGroupsCount();
Assert.assertEquals(0, groupCount);
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ComponentModel(org.keycloak.component.ComponentModel)
GroupModel(org.keycloak.models.GroupModel)
Example 55 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class LDAPGroupMapperTest method test04_groupReferencingNonExistentMember.
// KEYCLOAK-2682
@Test
public void test04_groupReferencingNonExistentMember() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString());
appRealm.updateComponent(mapperModel);
// Ignoring this test on ActiveDirectory as it's not allowed to have LDAP group referencing nonexistent member. KEYCLOAK-2682 was related to OpenLDAP TODO: Better solution than programmatic...
LDAPConfig config = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
if (config.isActiveDirectory()) {
return;
}
String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
// 1 - Add some group to LDAP for testing
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
LDAPObject group2 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group2", descriptionAttrName, "group2 - description");
// 2 - Add one existing user rob to LDAP group
LDAPObject jamesLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "jameskeycloak");
LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, jamesLdap);
// 3 - Add non-existing user to LDAP group
LDAPDn nonExistentDn = LDAPDn.fromString(ldapProvider.getLdapIdentityStore().getConfig().getUsersDn());
nonExistentDn.addFirst(jamesLdap.getRdnAttributeNames().get(0), "nonexistent");
LDAPObject nonExistentLdapUser = new LDAPObject();
nonExistentLdapUser.setDn(nonExistentDn);
LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, nonExistentLdapUser);
// 4 - Check group members. Just existing user rob should be present
groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(appRealm, "/group2");
List<UserModel> groupUsers = session.users().getGroupMembersStream(appRealm, kcGroup2, 0, 5).collect(Collectors.toList());
Assert.assertEquals(1, groupUsers.size());
UserModel rob = groupUsers.get(0);
Assert.assertEquals("jameskeycloak", rob.getUsername());
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
LDAPConfig(org.keycloak.storage.ldap.LDAPConfig)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
GroupModel(org.keycloak.models.GroupModel)
LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn)
GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)
Test(org.junit.Test)
Aggregations
GroupModel (org.keycloak.models.GroupModel)72
RealmModel (org.keycloak.models.RealmModel)40
Test (org.junit.Test)26
ComponentModel (org.keycloak.component.ComponentModel)23
UserModel (org.keycloak.models.UserModel)20
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)18
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)13
GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)12
RoleModel (org.keycloak.models.RoleModel)10
ClientModel (org.keycloak.models.ClientModel)9
GroupLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)9
HashMap (java.util.HashMap)8
List (java.util.List)8
NotFoundException (javax.ws.rs.NotFoundException)7
SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)7
HashSet (java.util.HashSet)6
Map (java.util.Map)6
Collectors (java.util.stream.Collectors)6
Path (javax.ws.rs.Path)6
Policy (org.keycloak.authorization.model.Policy)6
