Examples with RealmModel org.keycloak.models.RealmModel used on opensource projects

Example 61 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class JpaRealmProviderFactory method onEvent.

@Override
public void onEvent(ProviderEvent event) {
    if (event instanceof RoleContainerModel.RoleRemovedEvent) {
        RoleRemovedEvent e = (RoleContainerModel.RoleRemovedEvent) event;
        RoleModel role = e.getRole();
        RoleContainerModel container = role.getContainer();
        RealmModel realm;
        if (container instanceof RealmModel) {
            realm = (RealmModel) container;
        } else if (container instanceof ClientModel) {
            realm = ((ClientModel) container).getRealm();
        } else {
            return;
        }
        ((JpaRealmProvider) e.getKeycloakSession().getProvider(RealmProvider.class)).preRemove(realm, role);
    }
}

Example 62 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class ConditionalRoleAuthenticator method matchCondition.

@Override
public boolean matchCondition(AuthenticationFlowContext context) {
    UserModel user = context.getUser();
    RealmModel realm = context.getRealm();
    AuthenticatorConfigModel authConfig = context.getAuthenticatorConfig();
    if (user != null && authConfig != null && authConfig.getConfig() != null) {
        String requiredRole = authConfig.getConfig().get(ConditionalRoleAuthenticatorFactory.CONDITIONAL_USER_ROLE);
        boolean negateOutput = Boolean.parseBoolean(authConfig.getConfig().get(ConditionalRoleAuthenticatorFactory.CONF_NEGATE));
        RoleModel role = KeycloakModelUtils.getRoleFromString(realm, requiredRole);
        if (role == null) {
            logger.errorv("Invalid role name submitted: {0}", requiredRole);
            return false;
        }
        return negateOutput != user.hasRole(role);
    }
    return false;
}

Example 63 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class ScriptBasedAuthenticator method getInvocableScriptAdapter.

private InvocableScriptAdapter getInvocableScriptAdapter(AuthenticationFlowContext context) {
    Map<String, String> config = getAuthenticatorConfig(context).getConfig();
    String scriptName = config.get(SCRIPT_NAME);
    String scriptCode = config.get(SCRIPT_CODE);
    String scriptDescription = config.get(SCRIPT_DESCRIPTION);
    RealmModel realm = context.getRealm();
    ScriptingProvider scripting = context.getSession().getProvider(ScriptingProvider.class);
    // TODO lookup script by scriptId instead of creating it every time
    ScriptModel script = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, scriptName, scriptCode, scriptDescription);
    // how to deal with long running scripts -> timeout?
    return scripting.prepareInvocableScript(script, bindings -> {
        bindings.put("script", script);
        bindings.put("realm", context.getRealm());
        bindings.put("user", context.getUser());
        bindings.put("session", context.getSession());
        bindings.put("httpRequest", context.getHttpRequest());
        bindings.put("authenticationSession", context.getAuthenticationSession());
        bindings.put("LOG", LOGGER);
    });
}

Example 64 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class OpenShiftTokenReviewEndpoint method tokenReview.

@Path("/{client_id}")
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response tokenReview(@PathParam("client_id") String clientId, OpenShiftTokenReviewRequestRepresentation reviewRequest) throws Exception {
    event.event(EventType.INTROSPECT_TOKEN);
    if (clientId != null) {
        session.setAttribute("client_id", clientId);
    }
    checkSsl();
    checkRealm();
    authorizeClient();
    RealmModel realm = session.getContext().getRealm();
    AccessToken token = null;
    try {
        TokenVerifier<AccessToken> verifier = TokenVerifier.create(reviewRequest.getSpec().getToken(), AccessToken.class).realmUrl(Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName())).audience(reviewRequest.getSpec().getAudiences());
        SignatureVerifierContext verifierContext = session.getProvider(SignatureProvider.class, verifier.getHeader().getAlgorithm().name()).verifier(verifier.getHeader().getKeyId());
        verifier.verifierContext(verifierContext);
        verifier.verify();
        token = verifier.getToken();
    } catch (VerificationException e) {
        error(401, Errors.INVALID_TOKEN, "Token verification failure");
    }
    if (!tokenManager.checkTokenValidForIntrospection(session, realm, token, true)) {
        error(401, Errors.INVALID_TOKEN, "Token verification failure");
    }
    OpenShiftTokenReviewResponseRepresentation response = new OpenShiftTokenReviewResponseRepresentation();
    response.getStatus().setAuthenticated(true);
    response.getStatus().setUser(new OpenShiftTokenReviewResponseRepresentation.User());
    OpenShiftTokenReviewResponseRepresentation.User userRep = response.getStatus().getUser();
    userRep.setUid(token.getSubject());
    userRep.setUsername(token.getPreferredUsername());
    if (token.getScope() != null && !token.getScope().isEmpty()) {
        OpenShiftTokenReviewResponseRepresentation.Extra extra = new OpenShiftTokenReviewResponseRepresentation.Extra();
        extra.setScopes(token.getScope().split(" "));
        userRep.setExtra(extra);
    }
    if (token.getOtherClaims() != null && token.getOtherClaims().get("groups") != null) {
        List<String> groups = (List<String>) token.getOtherClaims().get("groups");
        userRep.setGroups(groups);
    }
    event.success();
    return Response.ok(response, MediaType.APPLICATION_JSON).build();
}

Example 65 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class DeclarativeUserProfileProvider method setConfiguration.

@Override
public void setConfiguration(String configuration) {
    ComponentModel component = getComponentModel();
    removeConfigJsonFromComponentModel(component);
    RealmModel realm = session.getContext().getRealm();
    if (!isBlank(configuration)) {
        // store new parts
        List<String> parts = UPConfigUtils.getChunks(configuration, 3800);
        MultivaluedHashMap<String, String> config = component.getConfig();
        config.putSingle(UP_PIECES_COUNT_COMPONENT_CONFIG_KEY, "" + parts.size());
        int i = 0;
        for (String part : parts) {
            config.putSingle(UP_PIECE_COMPONENT_CONFIG_KEY_BASE + (i++), part);
        }
        realm.updateComponent(component);
    } else {
        realm.removeComponent(component);
    }
}