Example 66 with RealmModel
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class RoleResolveUtil method addToToken.
private static void addToToken(AccessToken token, RoleModel role) {
AccessToken.Access access = null;
if (role.getContainer() instanceof RealmModel) {
access = token.getRealmAccess();
if (token.getRealmAccess() == null) {
access = new AccessToken.Access();
token.setRealmAccess(access);
} else if (token.getRealmAccess().getRoles() != null && token.getRealmAccess().isUserInRole(role.getName()))
return;
} else {
ClientModel app = (ClientModel) role.getContainer();
access = token.getResourceAccess(app.getClientId());
if (access == null) {
access = token.addAccess(app.getClientId());
if (app.isSurrogateAuthRequired())
access.verifyCaller(true);
} else if (access.isUserInRole(role.getName()))
return;
}
access.addRole(role.getName());
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
ClientModel(org.keycloak.models.ClientModel)
AccessToken(org.keycloak.representations.AccessToken)
Example 67 with RealmModel
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class BrokeringFederatedUsernameHasValueValidator method validate.
@Override
public ValidationContext validate(Object input, String inputHint, ValidationContext context, ValidatorConfig config) {
@SuppressWarnings("unchecked") List<String> values = (List<String>) input;
String value = null;
if (!values.isEmpty()) {
value = values.get(0);
}
RealmModel realm = context.getSession().getContext().getRealm();
if (!realm.isRegistrationEmailAsUsername() && Validation.isBlank(value)) {
context.addError(new ValidationError(ID, inputHint, Messages.MISSING_USERNAME));
}
return context;
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
List(java.util.List)
ValidationError(org.keycloak.validate.ValidationError)
Example 68 with RealmModel
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class UsernameMutationValidator method validate.
@Override
public ValidationContext validate(Object input, String inputHint, ValidationContext context, ValidatorConfig config) {
@SuppressWarnings("unchecked") List<String> values = (List<String>) input;
if (values.isEmpty()) {
return context;
}
String value = values.get(0);
if (Validation.isBlank(value)) {
return context;
}
AttributeContext attributeContext = UserProfileAttributeValidationContext.from(context).getAttributeContext();
UserModel user = attributeContext.getUser();
RealmModel realm = context.getSession().getContext().getRealm();
if (!realm.isEditUsernameAllowed() && user != null && !value.equals(user.getFirstAttribute(UserModel.USERNAME))) {
if (realm.isRegistrationEmailAsUsername() && UserProfileContext.UPDATE_PROFILE.equals(attributeContext.getContext())) {
// it is expected that username changes when attributes are normalized by the provider
return context;
}
context.addError(new ValidationError(ID, inputHint, Messages.READ_ONLY_USERNAME));
}
return context;
}
Also used :
UserModel(org.keycloak.models.UserModel)
RealmModel(org.keycloak.models.RealmModel)
AttributeContext(org.keycloak.userprofile.AttributeContext)
List(java.util.List)
ValidationError(org.keycloak.validate.ValidationError)
Example 69 with RealmModel
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class TestingResourceProvider method generateAudienceClientScope.
/**
* Generate new client scope for specified service client. The "Frontend" clients, who will use this client scope, will be able to
* send their access token to authenticate against specified service client
*
* @param clientId Client ID of service client (typically bearer-only client)
* @return ID of the newly generated clientScope
*/
@Path("generate-audience-client-scope")
@POST
@NoCache
public String generateAudienceClientScope(@QueryParam("realm") final String realmName, @QueryParam("clientId") final String clientId) {
try {
RealmModel realm = getRealmByName(realmName);
ClientModel serviceClient = realm.getClientByClientId(clientId);
if (serviceClient == null) {
throw new NotFoundException("Referenced service client doesn't exist");
}
ClientScopeModel clientScopeModel = realm.addClientScope(clientId);
clientScopeModel.setProtocol(serviceClient.getProtocol() == null ? OIDCLoginProtocol.LOGIN_PROTOCOL : serviceClient.getProtocol());
clientScopeModel.setDisplayOnConsentScreen(true);
clientScopeModel.setConsentScreenText(clientId);
clientScopeModel.setIncludeInTokenScope(true);
// Add audience protocol mapper
ProtocolMapperModel audienceMapper = AudienceProtocolMapper.createClaimMapper("Audience for " + clientId, clientId, null, true, false);
clientScopeModel.addProtocolMapper(audienceMapper);
return clientScopeModel.getId();
} catch (ModelDuplicateException e) {
throw new BadRequestException("Client Scope " + clientId + " already exists");
}
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
ClientModel(org.keycloak.models.ClientModel)
ModelDuplicateException(org.keycloak.models.ModelDuplicateException)
NotFoundException(javax.ws.rs.NotFoundException)
BadRequestException(javax.ws.rs.BadRequestException)
ClientScopeModel(org.keycloak.models.ClientScopeModel)
ProtocolMapperModel(org.keycloak.models.ProtocolMapperModel)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
NoCache(org.jboss.resteasy.annotations.cache.NoCache)
Example 70 with RealmModel
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class TestingResourceProvider method removeUserSessions.
@POST
@Path("/remove-user-sessions")
@Produces(MediaType.APPLICATION_JSON)
public Response removeUserSessions(@QueryParam("realm") final String realmName) {
RealmModel realm = getRealmByName(realmName);
session.sessions().removeUserSessions(realm);
return Response.noContent().build();
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Aggregations
RealmModel (org.keycloak.models.RealmModel)591
Test (org.junit.Test)249
UserModel (org.keycloak.models.UserModel)225
KeycloakSession (org.keycloak.models.KeycloakSession)152
ClientModel (org.keycloak.models.ClientModel)149
AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)90
ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)84
ComponentModel (org.keycloak.component.ComponentModel)83
RoleModel (org.keycloak.models.RoleModel)73
UserSessionModel (org.keycloak.models.UserSessionModel)64
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)62
List (java.util.List)55
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)51
GroupModel (org.keycloak.models.GroupModel)47
HashMap (java.util.HashMap)38
Collectors (java.util.stream.Collectors)34
CachedUserModel (org.keycloak.models.cache.CachedUserModel)34
Path (javax.ws.rs.Path)30
AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)30
Map (java.util.Map)29
