Search in sources :

Example 66 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class RoleResolveUtil method addToToken.

private static void addToToken(AccessToken token, RoleModel role) {
    AccessToken.Access access = null;
    if (role.getContainer() instanceof RealmModel) {
        access = token.getRealmAccess();
        if (token.getRealmAccess() == null) {
            access = new AccessToken.Access();
            token.setRealmAccess(access);
        } else if (token.getRealmAccess().getRoles() != null && token.getRealmAccess().isUserInRole(role.getName()))
            return;
    } else {
        ClientModel app = (ClientModel) role.getContainer();
        access = token.getResourceAccess(app.getClientId());
        if (access == null) {
            access = token.addAccess(app.getClientId());
            if (app.isSurrogateAuthRequired())
                access.verifyCaller(true);
        } else if (access.isUserInRole(role.getName()))
            return;
    }
    access.addRole(role.getName());
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) AccessToken(org.keycloak.representations.AccessToken)

Example 67 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class BrokeringFederatedUsernameHasValueValidator method validate.

@Override
public ValidationContext validate(Object input, String inputHint, ValidationContext context, ValidatorConfig config) {
    @SuppressWarnings("unchecked") List<String> values = (List<String>) input;
    String value = null;
    if (!values.isEmpty()) {
        value = values.get(0);
    }
    RealmModel realm = context.getSession().getContext().getRealm();
    if (!realm.isRegistrationEmailAsUsername() && Validation.isBlank(value)) {
        context.addError(new ValidationError(ID, inputHint, Messages.MISSING_USERNAME));
    }
    return context;
}
Also used : RealmModel(org.keycloak.models.RealmModel) List(java.util.List) ValidationError(org.keycloak.validate.ValidationError)

Example 68 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class UsernameMutationValidator method validate.

@Override
public ValidationContext validate(Object input, String inputHint, ValidationContext context, ValidatorConfig config) {
    @SuppressWarnings("unchecked") List<String> values = (List<String>) input;
    if (values.isEmpty()) {
        return context;
    }
    String value = values.get(0);
    if (Validation.isBlank(value)) {
        return context;
    }
    AttributeContext attributeContext = UserProfileAttributeValidationContext.from(context).getAttributeContext();
    UserModel user = attributeContext.getUser();
    RealmModel realm = context.getSession().getContext().getRealm();
    if (!realm.isEditUsernameAllowed() && user != null && !value.equals(user.getFirstAttribute(UserModel.USERNAME))) {
        if (realm.isRegistrationEmailAsUsername() && UserProfileContext.UPDATE_PROFILE.equals(attributeContext.getContext())) {
            // it is expected that username changes when attributes are normalized by the provider
            return context;
        }
        context.addError(new ValidationError(ID, inputHint, Messages.READ_ONLY_USERNAME));
    }
    return context;
}
Also used : UserModel(org.keycloak.models.UserModel) RealmModel(org.keycloak.models.RealmModel) AttributeContext(org.keycloak.userprofile.AttributeContext) List(java.util.List) ValidationError(org.keycloak.validate.ValidationError)

Example 69 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class TestingResourceProvider method generateAudienceClientScope.

/**
 * Generate new client scope for specified service client. The "Frontend" clients, who will use this client scope, will be able to
 * send their access token to authenticate against specified service client
 *
 * @param clientId Client ID of service client (typically bearer-only client)
 * @return ID of the newly generated clientScope
 */
@Path("generate-audience-client-scope")
@POST
@NoCache
public String generateAudienceClientScope(@QueryParam("realm") final String realmName, @QueryParam("clientId") final String clientId) {
    try {
        RealmModel realm = getRealmByName(realmName);
        ClientModel serviceClient = realm.getClientByClientId(clientId);
        if (serviceClient == null) {
            throw new NotFoundException("Referenced service client doesn't exist");
        }
        ClientScopeModel clientScopeModel = realm.addClientScope(clientId);
        clientScopeModel.setProtocol(serviceClient.getProtocol() == null ? OIDCLoginProtocol.LOGIN_PROTOCOL : serviceClient.getProtocol());
        clientScopeModel.setDisplayOnConsentScreen(true);
        clientScopeModel.setConsentScreenText(clientId);
        clientScopeModel.setIncludeInTokenScope(true);
        // Add audience protocol mapper
        ProtocolMapperModel audienceMapper = AudienceProtocolMapper.createClaimMapper("Audience for " + clientId, clientId, null, true, false);
        clientScopeModel.addProtocolMapper(audienceMapper);
        return clientScopeModel.getId();
    } catch (ModelDuplicateException e) {
        throw new BadRequestException("Client Scope " + clientId + " already exists");
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) ModelDuplicateException(org.keycloak.models.ModelDuplicateException) NotFoundException(javax.ws.rs.NotFoundException) BadRequestException(javax.ws.rs.BadRequestException) ClientScopeModel(org.keycloak.models.ClientScopeModel) ProtocolMapperModel(org.keycloak.models.ProtocolMapperModel) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Example 70 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class TestingResourceProvider method removeUserSessions.

@POST
@Path("/remove-user-sessions")
@Produces(MediaType.APPLICATION_JSON)
public Response removeUserSessions(@QueryParam("realm") final String realmName) {
    RealmModel realm = getRealmByName(realmName);
    session.sessions().removeUserSessions(realm);
    return Response.noContent().build();
}
Also used : RealmModel(org.keycloak.models.RealmModel) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces)

Aggregations

RealmModel (org.keycloak.models.RealmModel)591 Test (org.junit.Test)249 UserModel (org.keycloak.models.UserModel)225 KeycloakSession (org.keycloak.models.KeycloakSession)152 ClientModel (org.keycloak.models.ClientModel)149 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)90 ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)84 ComponentModel (org.keycloak.component.ComponentModel)83 RoleModel (org.keycloak.models.RoleModel)73 UserSessionModel (org.keycloak.models.UserSessionModel)64 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)62 List (java.util.List)55 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)51 GroupModel (org.keycloak.models.GroupModel)47 HashMap (java.util.HashMap)38 Collectors (java.util.stream.Collectors)34 CachedUserModel (org.keycloak.models.cache.CachedUserModel)34 Path (javax.ws.rs.Path)30 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)30 Map (java.util.Map)29