use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class RoleResolveUtil method addToToken.
private static void addToToken(AccessToken token, RoleModel role) {
AccessToken.Access access = null;
if (role.getContainer() instanceof RealmModel) {
access = token.getRealmAccess();
if (token.getRealmAccess() == null) {
access = new AccessToken.Access();
token.setRealmAccess(access);
} else if (token.getRealmAccess().getRoles() != null && token.getRealmAccess().isUserInRole(role.getName()))
return;
} else {
ClientModel app = (ClientModel) role.getContainer();
access = token.getResourceAccess(app.getClientId());
if (access == null) {
access = token.addAccess(app.getClientId());
if (app.isSurrogateAuthRequired())
access.verifyCaller(true);
} else if (access.isUserInRole(role.getName()))
return;
}
access.addRole(role.getName());
}
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class BrokeringFederatedUsernameHasValueValidator method validate.
@Override
public ValidationContext validate(Object input, String inputHint, ValidationContext context, ValidatorConfig config) {
@SuppressWarnings("unchecked") List<String> values = (List<String>) input;
String value = null;
if (!values.isEmpty()) {
value = values.get(0);
}
RealmModel realm = context.getSession().getContext().getRealm();
if (!realm.isRegistrationEmailAsUsername() && Validation.isBlank(value)) {
context.addError(new ValidationError(ID, inputHint, Messages.MISSING_USERNAME));
}
return context;
}
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class UsernameMutationValidator method validate.
@Override
public ValidationContext validate(Object input, String inputHint, ValidationContext context, ValidatorConfig config) {
@SuppressWarnings("unchecked") List<String> values = (List<String>) input;
if (values.isEmpty()) {
return context;
}
String value = values.get(0);
if (Validation.isBlank(value)) {
return context;
}
AttributeContext attributeContext = UserProfileAttributeValidationContext.from(context).getAttributeContext();
UserModel user = attributeContext.getUser();
RealmModel realm = context.getSession().getContext().getRealm();
if (!realm.isEditUsernameAllowed() && user != null && !value.equals(user.getFirstAttribute(UserModel.USERNAME))) {
if (realm.isRegistrationEmailAsUsername() && UserProfileContext.UPDATE_PROFILE.equals(attributeContext.getContext())) {
// it is expected that username changes when attributes are normalized by the provider
return context;
}
context.addError(new ValidationError(ID, inputHint, Messages.READ_ONLY_USERNAME));
}
return context;
}
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class TestingResourceProvider method generateAudienceClientScope.
/**
* Generate new client scope for specified service client. The "Frontend" clients, who will use this client scope, will be able to
* send their access token to authenticate against specified service client
*
* @param clientId Client ID of service client (typically bearer-only client)
* @return ID of the newly generated clientScope
*/
@Path("generate-audience-client-scope")
@POST
@NoCache
public String generateAudienceClientScope(@QueryParam("realm") final String realmName, @QueryParam("clientId") final String clientId) {
try {
RealmModel realm = getRealmByName(realmName);
ClientModel serviceClient = realm.getClientByClientId(clientId);
if (serviceClient == null) {
throw new NotFoundException("Referenced service client doesn't exist");
}
ClientScopeModel clientScopeModel = realm.addClientScope(clientId);
clientScopeModel.setProtocol(serviceClient.getProtocol() == null ? OIDCLoginProtocol.LOGIN_PROTOCOL : serviceClient.getProtocol());
clientScopeModel.setDisplayOnConsentScreen(true);
clientScopeModel.setConsentScreenText(clientId);
clientScopeModel.setIncludeInTokenScope(true);
// Add audience protocol mapper
ProtocolMapperModel audienceMapper = AudienceProtocolMapper.createClaimMapper("Audience for " + clientId, clientId, null, true, false);
clientScopeModel.addProtocolMapper(audienceMapper);
return clientScopeModel.getId();
} catch (ModelDuplicateException e) {
throw new BadRequestException("Client Scope " + clientId + " already exists");
}
}
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class TestingResourceProvider method removeUserSessions.
@POST
@Path("/remove-user-sessions")
@Produces(MediaType.APPLICATION_JSON)
public Response removeUserSessions(@QueryParam("realm") final String realmName) {
RealmModel realm = getRealmByName(realmName);
session.sessions().removeUserSessions(realm);
return Response.noContent().build();
}
Aggregations