Search in sources :

Example 81 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class PersisterLastSessionRefreshStore method sendMessage.

protected void sendMessage(KeycloakSession kcSession, Map<String, SessionData> refreshesToSend) {
    Map<String, Set<String>> sessionIdsByRealm = refreshesToSend.entrySet().stream().collect(Collectors.groupingBy(entry -> entry.getValue().getRealmId(), Collectors.mapping(Map.Entry::getKey, Collectors.toSet())));
    // Update DB with a bit lower value than current time to ensure 'revokeRefreshToken' will work correctly taking server
    int lastSessionRefresh = Time.currentTime() - SessionTimeoutHelper.PERIODIC_TASK_INTERVAL_SECONDS;
    if (logger.isDebugEnabled()) {
        logger.debugf("Updating %d userSessions with lastSessionRefresh: %d", refreshesToSend.size(), lastSessionRefresh);
    }
    UserSessionPersisterProvider persister = kcSession.getProvider(UserSessionPersisterProvider.class);
    for (Map.Entry<String, Set<String>> entry : sessionIdsByRealm.entrySet()) {
        RealmModel realm = kcSession.realms().getRealm(entry.getKey());
        // Case when realm was deleted in the meantime. UserSessions were already deleted as well (callback for realm deletion)
        if (realm == null) {
            continue;
        }
        Set<String> userSessionIds = entry.getValue();
        persister.updateLastSessionRefreshes(realm, lastSessionRefresh, userSessionIds, offline);
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserSessionPersisterProvider(org.keycloak.models.session.UserSessionPersisterProvider) Map(java.util.Map) Logger(org.jboss.logging.Logger) SessionTimeoutHelper(org.keycloak.models.utils.SessionTimeoutHelper) Set(java.util.Set) KeycloakSession(org.keycloak.models.KeycloakSession) Collectors(java.util.stream.Collectors) Time(org.keycloak.common.util.Time) RealmModel(org.keycloak.models.RealmModel) Set(java.util.Set) UserSessionPersisterProvider(org.keycloak.models.session.UserSessionPersisterProvider) Map(java.util.Map)

Example 82 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class DefaultHostnameProvider method getRealmFrontEndUrl.

protected URI getRealmFrontEndUrl() {
    KeycloakSession session = Resteasy.getContextData(KeycloakSession.class);
    URI realmUrl = (URI) session.getAttribute(REALM_URI_SESSION_ATTRIBUTE);
    if (realmUrl == null) {
        RealmModel realm = session.getContext().getRealm();
        if (realm != null) {
            String frontendUrl = realm.getAttribute("frontendUrl");
            if (isNotBlank(frontendUrl)) {
                realmUrl = URI.create(frontendUrl);
                session.setAttribute(DefaultHostnameProvider.REALM_URI_SESSION_ATTRIBUTE, realmUrl);
                return realmUrl;
            }
        }
    }
    return realmUrl;
}
Also used : RealmModel(org.keycloak.models.RealmModel) KeycloakSession(org.keycloak.models.KeycloakSession) URI(java.net.URI)

Example 83 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class RepresentationToModel method createCredentials.

public static void createCredentials(UserRepresentation userRep, KeycloakSession session, RealmModel realm, UserModel user, boolean adminRequest) {
    convertDeprecatedCredentialsFormat(userRep);
    if (userRep.getCredentials() != null) {
        for (CredentialRepresentation cred : userRep.getCredentials()) {
            if (cred.getId() != null && session.userCredentialManager().getStoredCredentialById(realm, user, cred.getId()) != null) {
                continue;
            }
            if (cred.getValue() != null && !cred.getValue().isEmpty()) {
                RealmModel origRealm = session.getContext().getRealm();
                try {
                    session.getContext().setRealm(realm);
                    session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password(cred.getValue(), false));
                } catch (ModelException ex) {
                    throw new PasswordPolicyNotMetException(ex.getMessage(), user.getUsername(), ex);
                } finally {
                    session.getContext().setRealm(origRealm);
                }
            } else {
                session.userCredentialManager().createCredentialThroughProvider(realm, user, toModel(cred));
            }
        }
    }
}
Also used : CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) RealmModel(org.keycloak.models.RealmModel) ModelException(org.keycloak.models.ModelException) PasswordPolicyNotMetException(org.keycloak.policy.PasswordPolicyNotMetException)

Example 84 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class RepresentationToModel method toModel.

public static ResourceServer toModel(ResourceServerRepresentation rep, AuthorizationProvider authorization, ClientModel client) {
    ResourceServerStore resourceServerStore = authorization.getStoreFactory().getResourceServerStore();
    ResourceServer resourceServer;
    ResourceServer existing = resourceServerStore.findByClient(client);
    if (existing == null) {
        resourceServer = resourceServerStore.create(client);
        resourceServer.setAllowRemoteResourceManagement(true);
        resourceServer.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING);
    } else {
        resourceServer = existing;
    }
    resourceServer.setPolicyEnforcementMode(rep.getPolicyEnforcementMode());
    resourceServer.setAllowRemoteResourceManagement(rep.isAllowRemoteResourceManagement());
    DecisionStrategy decisionStrategy = rep.getDecisionStrategy();
    if (decisionStrategy == null) {
        decisionStrategy = DecisionStrategy.UNANIMOUS;
    }
    resourceServer.setDecisionStrategy(decisionStrategy);
    for (ScopeRepresentation scope : rep.getScopes()) {
        toModel(scope, resourceServer, authorization);
    }
    KeycloakSession session = authorization.getKeycloakSession();
    RealmModel realm = authorization.getRealm();
    for (ResourceRepresentation resource : rep.getResources()) {
        ResourceOwnerRepresentation owner = resource.getOwner();
        if (owner == null) {
            owner = new ResourceOwnerRepresentation();
            owner.setId(resourceServer.getId());
            resource.setOwner(owner);
        } else if (owner.getName() != null) {
            UserModel user = session.users().getUserByUsername(realm, owner.getName());
            if (user != null) {
                owner.setId(user.getId());
            }
        }
        toModel(resource, resourceServer, authorization);
    }
    importPolicies(authorization, resourceServer, rep.getPolicies(), null);
    return resourceServer;
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) KeycloakSession(org.keycloak.models.KeycloakSession) DecisionStrategy(org.keycloak.representations.idm.authorization.DecisionStrategy) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) ResourceServer(org.keycloak.authorization.model.ResourceServer) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 85 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class DefaultAuthenticationFlows method addIdentityProviderAuthenticator.

public static void addIdentityProviderAuthenticator(RealmModel realm, String defaultProvider) {
    String browserFlowId = realm.getAuthenticationFlowsStream().filter(f -> Objects.equals(f.getAlias(), DefaultAuthenticationFlows.BROWSER_FLOW)).map(AuthenticationFlowModel::getId).findFirst().orElse(null);
    if (browserFlowId != null) {
        if (realm.getAuthenticationExecutionsStream(browserFlowId).anyMatch(e -> Objects.equals(e.getAuthenticator(), "identity-provider-redirector")))
            return;
        AuthenticationExecutionModel execution;
        execution = new AuthenticationExecutionModel();
        execution.setParentFlow(browserFlowId);
        execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        execution.setAuthenticator("identity-provider-redirector");
        execution.setPriority(25);
        execution.setAuthenticatorFlow(false);
        if (defaultProvider != null) {
            AuthenticatorConfigModel configModel = new AuthenticatorConfigModel();
            Map<String, String> config = new HashMap<>();
            config.put("defaultProvider", defaultProvider);
            configModel.setConfig(config);
            configModel.setAlias(defaultProvider);
            configModel = realm.addAuthenticatorConfig(configModel);
            execution.setAuthenticatorConfig(configModel.getId());
        }
        realm.addAuthenticatorExecution(execution);
    }
}
Also used : IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) RequiredCredentialModel(org.keycloak.models.RequiredCredentialModel) java.util(java.util) RealmModel(org.keycloak.models.RealmModel) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)

Aggregations

RealmModel (org.keycloak.models.RealmModel)591 Test (org.junit.Test)249 UserModel (org.keycloak.models.UserModel)225 KeycloakSession (org.keycloak.models.KeycloakSession)152 ClientModel (org.keycloak.models.ClientModel)149 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)90 ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)84 ComponentModel (org.keycloak.component.ComponentModel)83 RoleModel (org.keycloak.models.RoleModel)73 UserSessionModel (org.keycloak.models.UserSessionModel)64 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)62 List (java.util.List)55 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)51 GroupModel (org.keycloak.models.GroupModel)47 HashMap (java.util.HashMap)38 Collectors (java.util.stream.Collectors)34 CachedUserModel (org.keycloak.models.cache.CachedUserModel)34 Path (javax.ws.rs.Path)30 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)30 Map (java.util.Map)29