use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class RolePolicyProviderFactory method postInit.
@Override
public void postInit(KeycloakSessionFactory factory) {
factory.register(event -> {
if (event instanceof RoleRemovedEvent) {
KeycloakSession keycloakSession = ((RoleRemovedEvent) event).getKeycloakSession();
AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
StoreFactory storeFactory = provider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore();
RoleModel removedRole = ((RoleRemovedEvent) event).getRole();
RoleContainerModel container = removedRole.getContainer();
ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
if (container instanceof RealmModel) {
RealmModel realm = (RealmModel) container;
realm.getClientsStream().forEach(clientModel -> updateResourceServer(clientModel, removedRole, resourceServerStore, policyStore));
} else {
ClientModel clientModel = (ClientModel) container;
updateResourceServer(clientModel, removedRole, resourceServerStore, policyStore);
}
}
});
}
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class ClientPolicyProviderFactory method onExport.
@Override
public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorization) {
ClientPolicyRepresentation userRep = toRepresentation(policy, authorization);
Map<String, String> config = new HashMap<>();
try {
RealmModel realm = authorization.getRealm();
config.put("clients", JsonSerialization.writeValueAsString(userRep.getClients().stream().map(id -> realm.getClientById(id).getClientId()).collect(Collectors.toList())));
} catch (IOException cause) {
throw new RuntimeException("Failed to export user policy [" + policy.getName() + "]", cause);
}
representation.setConfig(config);
}
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class UserPolicyProviderFactory method updateUsers.
private void updateUsers(Policy policy, AuthorizationProvider authorization, Set<String> users) {
KeycloakSession session = authorization.getKeycloakSession();
RealmModel realm = authorization.getRealm();
UserProvider userProvider = session.users();
Set<String> updatedUsers = new HashSet<>();
if (users != null) {
for (String userId : users) {
UserModel user = null;
try {
user = userProvider.getUserByUsername(realm, userId);
} catch (Exception ignore) {
}
if (user == null) {
user = userProvider.getUserById(realm, userId);
}
if (user == null) {
throw new RuntimeException("Error while updating policy [" + policy.getName() + "]. User [" + userId + "] could not be found.");
}
updatedUsers.add(user.getId());
}
}
try {
policy.putConfig("users", JsonSerialization.writeValueAsString(updatedUsers));
} catch (IOException cause) {
throw new RuntimeException("Failed to serialize users", cause);
}
}
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class DefaultAttributes method normalizeAttributes.
/**
* Normalizes the given {@code attributes} (as they were provided when creating a profile) accordingly to the
* profile configuration and the current context.
*
* @param attributes the denormalized map of attributes
*
* @return a normalized map of attributes
*/
private Map<String, List<String>> normalizeAttributes(Map<String, ?> attributes) {
Map<String, List<String>> newAttributes = new HashMap<>();
RealmModel realm = session.getContext().getRealm();
if (attributes != null) {
for (Map.Entry<String, ?> entry : attributes.entrySet()) {
String key = entry.getKey();
if (!isSupportedAttribute(key)) {
continue;
}
if (key.startsWith(Constants.USER_ATTRIBUTES_PREFIX)) {
key = key.substring(Constants.USER_ATTRIBUTES_PREFIX.length());
}
List<String> values;
Object value = entry.getValue();
if (value instanceof String) {
values = Collections.singletonList((String) value);
} else {
values = (List<String>) value;
}
if (key.equals(UserModel.USERNAME)) {
values = Collections.singletonList(values.get(0).toLowerCase());
}
newAttributes.put(key, Collections.unmodifiableList(values));
}
}
// the profile should always hold all attributes defined in the config
for (String attributeName : metadataByAttribute.keySet()) {
if (!isSupportedAttribute(attributeName) || newAttributes.containsKey(attributeName)) {
continue;
}
List<String> values = EMPTY_VALUE;
AttributeMetadata metadata = metadataByAttribute.get(attributeName);
if (user != null && isIncludeAttributeIfNotProvided(metadata)) {
values = user.getAttributes().getOrDefault(attributeName, EMPTY_VALUE);
}
newAttributes.put(attributeName, values);
}
if (user != null) {
List<String> username = newAttributes.get(UserModel.USERNAME);
if (username == null || username.isEmpty() || (!realm.isEditUsernameAllowed() && UserProfileContext.USER_API.equals(context))) {
newAttributes.put(UserModel.USERNAME, Collections.singletonList(user.getUsername()));
}
}
List<String> email = newAttributes.get(UserModel.EMAIL);
if (email != null && realm.isRegistrationEmailAsUsername()) {
final List<String> lowerCaseEmailList = email.stream().filter(Objects::nonNull).map(String::toLowerCase).collect(Collectors.toList());
newAttributes.put(UserModel.USERNAME, lowerCaseEmailList);
}
return newAttributes;
}
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class AuthenticationProcessor method finishAuthentication.
public Response finishAuthentication(LoginProtocol protocol) {
RealmModel realm = authenticationSession.getRealm();
ClientSessionContext clientSessionCtx = attachSession();
event.success();
return AuthenticationManager.redirectAfterSuccessfulFlow(session, realm, userSession, clientSessionCtx, request, uriInfo, connection, event, authenticationSession, protocol);
}
Aggregations