Example 61 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class LDAPGroupMapperSyncWithGroupsPathTest method before.
@Before
public void before() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel realm = ctx.getRealm();
GroupModel groupsPathGroup = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH);
// Subgroup stream needs to be collected, because otherwise we can end up with finding group with id that is
// already removed
groupsPathGroup.getSubGroupsStream().collect(Collectors.toSet()).forEach(realm::removeGroup);
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
GroupModel(org.keycloak.models.GroupModel)
Before(org.junit.Before)
Example 62 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class FineGrainAdminUnitTest method setupDemo.
public static void setupDemo(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName(TEST);
realm.addRole("realm-role");
ClientModel client = realm.addClient("sales-application");
RoleModel clientAdmin = client.addRole("admin");
client.addRole("leader-creator");
client.addRole("viewLeads");
GroupModel sales = realm.createGroup("sales");
UserModel admin = session.users().addUser(realm, "salesManager");
admin.setEnabled(true);
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
admin = session.users().addUser(realm, "sales-admin");
admin.setEnabled(true);
session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));
UserModel user = session.users().addUser(realm, "salesman");
user.setEnabled(true);
user.joinGroup(sales);
user = session.users().addUser(realm, "saleswoman");
user.setEnabled(true);
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
GroupModel(org.keycloak.models.GroupModel)
RoleModel(org.keycloak.models.RoleModel)
Example 63 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class FineGrainAdminUnitTest method testUserPagination.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testUserPagination() {
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
GroupModel customerAGroup = session.groups().createGroup(realm, "Customer A");
UserModel customerAManager = session.users().addUser(realm, "customer-a-manager");
session.userCredentialManager().updateCredential(realm, customerAManager, UserCredentialModel.password("password"));
ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
customerAManager.grantRole(realmAdminClient.getRole(AdminRoles.QUERY_USERS));
customerAManager.setEnabled(true);
UserModel regularAdminUser = session.users().addUser(realm, "regular-admin-user");
session.userCredentialManager().updateCredential(realm, regularAdminUser, UserCredentialModel.password("password"));
regularAdminUser.grantRole(realmAdminClient.getRole(AdminRoles.VIEW_USERS));
regularAdminUser.setEnabled(true);
AdminPermissionManagement management = AdminPermissions.management(session, realm);
GroupPermissionManagement groupPermission = management.groups();
groupPermission.setPermissionsEnabled(customerAGroup, true);
UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
userPolicyRepresentation.setName("Only " + customerAManager.getUsername());
userPolicyRepresentation.addUser(customerAManager.getId());
Policy policy = groupPermission.viewMembersPermission(customerAGroup);
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
Policy userPolicy = provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer());
policy.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, userPolicy));
for (int i = 0; i < 20; i++) {
UserModel userModel = session.users().addUser(realm, "a" + i);
userModel.setFirstName("test");
}
for (int i = 20; i < 40; i++) {
UserModel userModel = session.users().addUser(realm, "b" + i);
userModel.setFirstName("test");
userModel.joinGroup(customerAGroup);
}
});
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "customer-a-manager", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
List<UserRepresentation> result = client.realm("test").users().search(null, "test", null, null, -1, 20);
Assert.assertEquals(20, result.size());
Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
result = client.realm("test").users().search(null, "test", null, null, 20, 40);
Assert.assertEquals(0, result.size());
}
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
List<UserRepresentation> result = client.realm("test").users().search(null, "test", null, null, -1, 20);
Assert.assertEquals(20, result.size());
Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("a"))));
client.realm("test").users().search(null, null, null, null, -1, -1);
Assert.assertEquals(20, result.size());
Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("a"))));
}
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "customer-a-manager", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
List<UserRepresentation> result = client.realm("test").users().search(null, null, null, null, -1, 20);
Assert.assertEquals(20, result.size());
Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
result = client.realm("test").users().search("test", -1, 20, false);
Assert.assertEquals(20, result.size());
Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
result = client.realm("test").users().search("a", -1, 20, false);
Assert.assertEquals(0, result.size());
}
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
GroupModel(org.keycloak.models.GroupModel)
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)
Keycloak(org.keycloak.admin.client.Keycloak)
GroupPermissionManagement(org.keycloak.services.resources.admin.permissions.GroupPermissionManagement)
AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Example 64 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class FineGrainAdminUnitTest method invokeDelete.
public static void invokeDelete(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName(TEST);
AdminPermissionManagement management = AdminPermissions.management(session, realm);
List<Resource> byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
Assert.assertEquals(5, byResourceServer.size());
RoleModel removedRole = realm.getRole("removedRole");
realm.removeRole(removedRole);
ClientModel client = realm.getClientByClientId("removedClient");
RoleModel removedClientRole = client.getRole("removedClientRole");
client.removeRole(removedClientRole);
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, "removedGroup");
realm.removeGroup(group);
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
Assert.assertEquals(2, byResourceServer.size());
realm.removeClient(client.getId());
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
Assert.assertEquals(1, byResourceServer.size());
management.users().setPermissionsEnabled(false);
Resource userResource = management.authz().getStoreFactory().getResourceStore().findByName("Users", management.realmResourceServer().getId());
Assert.assertNull(userResource);
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
Assert.assertEquals(0, byResourceServer.size());
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
ClientModel(org.keycloak.models.ClientModel)
Resource(org.keycloak.authorization.model.Resource)
GroupModel(org.keycloak.models.GroupModel)
RoleModel(org.keycloak.models.RoleModel)
AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)
Example 65 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class UserModelTest method testAddRemoveUsersInTheSameGroupConcurrent.
@Test
public void testAddRemoveUsersInTheSameGroupConcurrent() {
final ConcurrentSkipListSet<String> userIds = new ConcurrentSkipListSet<>();
String groupId = groupIds.get(0);
// Create users and let them join first group
IntStream.range(0, 100).parallel().forEach(index -> inComittedTransaction(index, (session, i) -> {
final RealmModel realm = session.realms().getRealm(realmId);
final UserModel user = session.users().addUser(realm, "user-" + i);
user.joinGroup(session.groups().getGroupById(realm, groupId));
userIds.add(user.getId());
return null;
}));
inComittedTransaction(session -> {
final RealmModel realm = session.realms().getRealm(realmId);
final GroupModel group = session.groups().getGroupById(realm, groupId);
assertThat(session.users().getGroupMembersStream(realm, group).count(), is(100L));
});
// Some of the transactions may fail due to conflicts as there are many parallel request, so repeat until all users are removed
Set<String> remainingUserIds = new HashSet<>();
do {
userIds.stream().parallel().forEach(index -> inComittedTransaction(index, (session, userId) -> {
final RealmModel realm = session.realms().getRealm(realmId);
final UserModel user = session.users().getUserById(realm, userId);
log.debugf("Remove user %s: %s", userId, session.users().removeUser(realm, user));
return null;
}, null, (session, userId) -> remainingUserIds.add(userId)));
userIds.clear();
userIds.addAll(remainingUserIds);
remainingUserIds.clear();
} while (!userIds.isEmpty());
inComittedTransaction(session -> {
final RealmModel realm = session.realms().getRealm(realmId);
final GroupModel group = session.groups().getGroupById(realm, groupId);
assertThat(session.users().getGroupMembersStream(realm, group).collect(Collectors.toList()), Matchers.empty());
});
}
Also used :
IntStream(java.util.stream.IntStream)
Assume.assumeThat(org.junit.Assume.assumeThat)
Constants(org.keycloak.models.Constants)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
UserModel(org.keycloak.models.UserModel)
UserRegistrationProvider(org.keycloak.storage.user.UserRegistrationProvider)
RealmProvider(org.keycloak.models.RealmProvider)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
ComponentModel(org.keycloak.component.ComponentModel)
Matchers.hasSize(org.hamcrest.Matchers.hasSize)
GroupModel(org.keycloak.models.GroupModel)
UserStorageProviderModel(org.keycloak.storage.UserStorageProviderModel)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
UserStorageProviderFactory(org.keycloak.storage.UserStorageProviderFactory)
RealmModel(org.keycloak.models.RealmModel)
UserStorageProvider(org.keycloak.storage.UserStorageProvider)
KeycloakSession(org.keycloak.models.KeycloakSession)
Set(java.util.Set)
Matchers(org.hamcrest.Matchers)
Assert.assertTrue(org.junit.Assert.assertTrue)
Test(org.junit.Test)
Collectors(java.util.stream.Collectors)
UserProvider(org.keycloak.models.UserProvider)
List(java.util.List)
Matchers.hasItem(org.hamcrest.Matchers.hasItem)
Assert.assertNull(org.junit.Assert.assertNull)
ConcurrentSkipListSet(java.util.concurrent.ConcurrentSkipListSet)
Assert.assertFalse(org.junit.Assert.assertFalse)
Matchers.is(org.hamcrest.Matchers.is)
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ConcurrentSkipListSet(java.util.concurrent.ConcurrentSkipListSet)
GroupModel(org.keycloak.models.GroupModel)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Aggregations
GroupModel (org.keycloak.models.GroupModel)72
RealmModel (org.keycloak.models.RealmModel)40
Test (org.junit.Test)26
ComponentModel (org.keycloak.component.ComponentModel)23
UserModel (org.keycloak.models.UserModel)20
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)18
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)13
GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)12
RoleModel (org.keycloak.models.RoleModel)10
ClientModel (org.keycloak.models.ClientModel)9
GroupLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)9
HashMap (java.util.HashMap)8
List (java.util.List)8
NotFoundException (javax.ws.rs.NotFoundException)7
SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)7
HashSet (java.util.HashSet)6
Map (java.util.Map)6
Collectors (java.util.stream.Collectors)6
Path (javax.ws.rs.Path)6
Policy (org.keycloak.authorization.model.Policy)6
