Examples with RealmModel org.keycloak.models.RealmModel used on opensource projects

Search in sources :

Example 91 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class FineGrainAdminUnitTest method testClientsSearchAfterFirstPage.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testClientsSearchAfterFirstPage() {
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        session.getContext().setRealm(realm);
        ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
        UserModel regularAdminUser = session.users().addUser(realm, "regular-admin-user");
        session.userCredentialManager().updateCredential(realm, regularAdminUser, UserCredentialModel.password("password"));
        regularAdminUser.grantRole(realmAdminClient.getRole(AdminRoles.QUERY_CLIENTS));
        regularAdminUser.setEnabled(true);
        UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
        userPolicyRepresentation.setName("Only " + regularAdminUser.getUsername());
        userPolicyRepresentation.addUser(regularAdminUser.getId());
        AdminPermissionManagement management = AdminPermissions.management(session, realm);
        ClientPermissionManagement clientPermission = management.clients();
        for (int i = 15; i < 30; i++) {
            ClientModel clientModel = realm.addClient("client-search-" + (i < 10 ? "0" + i : i));
            clientPermission.setPermissionsEnabled(clientModel, true);
            Policy policy = clientPermission.viewPermission(clientModel);
            AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
            if (i == 15) {
                provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer());
            }
            policy.addAssociatedPolicy(provider.getStoreFactory().getPolicyStore().findByName("Only regular-admin-user", realmAdminClient.getId()));
        }
    });
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        List<ClientRepresentation> clients = new ArrayList<>();
        List<ClientRepresentation> result = client.realm("test").clients().findAll("client-search-", true, true, 0, 10);
        clients.addAll(result);
        Assert.assertEquals(10, result.size());
        Assert.assertThat(result.stream().map(rep -> rep.getClientId()).collect(Collectors.toList()), Matchers.is(Arrays.asList("client-search-15", "client-search-16", "client-search-17", "client-search-18", "client-search-19", "client-search-20", "client-search-21", "client-search-22", "client-search-23", "client-search-24")));
        result = client.realm("test").clients().findAll("client-search-", true, true, 10, 10);
        clients.addAll(result);
        Assert.assertEquals(5, result.size());
        Assert.assertThat(result.stream().map(rep -> rep.getClientId()).collect(Collectors.toList()), Matchers.is(Arrays.asList("client-search-25", "client-search-26", "client-search-27", "client-search-28", "client-search-29")));
        result = client.realm("test").clients().findAll("client-search-", true, true, 20, 10);
        clients.addAll(result);
        Assert.assertTrue(result.isEmpty());
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ArrayList(java.util.ArrayList) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) ClientPermissionManagement(org.keycloak.services.resources.admin.permissions.ClientPermissionManagement) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) Keycloak(org.keycloak.admin.client.Keycloak) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 92 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class FineGrainAdminUnitTest method setupPolices.

public static void setupPolices(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
    RoleModel realmRole = realm.addRole("realm-role");
    RoleModel realmRole2 = realm.addRole("realm-role2");
    ClientModel client1 = realm.addClient(CLIENT_NAME);
    realm.addClientScope("scope");
    client1.setFullScopeAllowed(false);
    RoleModel client1Role = client1.addRole("client-role");
    GroupModel group = realm.createGroup("top");
    RoleModel mapperRole = realm.addRole("mapper");
    RoleModel managerRole = realm.addRole("manager");
    RoleModel compositeRole = realm.addRole("composite-role");
    compositeRole.addCompositeRole(mapperRole);
    compositeRole.addCompositeRole(managerRole);
    // realm-role and application.client-role will have a role policy associated with their map-role permission
    {
        permissions.roles().setPermissionsEnabled(client1Role, true);
        Policy mapRolePermission = permissions.roles().mapRolePermission(client1Role);
        ResourceServer server = permissions.roles().resourceServer(client1Role);
        Policy mapperPolicy = permissions.roles().rolePolicy(server, mapperRole);
        mapRolePermission.addAssociatedPolicy(mapperPolicy);
    }
    {
        permissions.roles().setPermissionsEnabled(realmRole, true);
        Policy mapRolePermission = permissions.roles().mapRolePermission(realmRole);
        ResourceServer server = permissions.roles().resourceServer(realmRole);
        Policy mapperPolicy = permissions.roles().rolePolicy(server, mapperRole);
        mapRolePermission.addAssociatedPolicy(mapperPolicy);
    }
    // realmRole2 will have an empty map-role policy
    {
        permissions.roles().setPermissionsEnabled(realmRole2, true);
    }
    // setup Users manage policies
    {
        permissions.users().setPermissionsEnabled(true);
        ResourceServer server = permissions.realmResourceServer();
        Policy managerPolicy = permissions.roles().rolePolicy(server, managerRole);
        Policy permission = permissions.users().managePermission();
        permission.addAssociatedPolicy(managerPolicy);
        permission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    }
    {
        permissions.groups().setPermissionsEnabled(group, true);
    }
    {
        permissions.clients().setPermissionsEnabled(client1, true);
    }
    // setup Users impersonate policy
    {
        ClientModel realmManagementClient = realm.getClientByClientId("realm-management");
        RoleModel adminRole = realmManagementClient.getRole(AdminRoles.REALM_ADMIN);
        permissions.users().setPermissionsEnabled(true);
        ResourceServer server = permissions.realmResourceServer();
        Policy adminPolicy = permissions.roles().rolePolicy(server, adminRole);
        adminPolicy.setLogic(Logic.NEGATIVE);
        Policy permission = permissions.users().userImpersonatedPermission();
        permission.addAssociatedPolicy(adminPolicy);
        permission.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) GroupModel(org.keycloak.models.GroupModel) RoleModel(org.keycloak.models.RoleModel) ResourceServer(org.keycloak.authorization.model.ResourceServer) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)

Example 93 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class FineGrainAdminUnitTest method setupDeleteTest.

// testRestEvaluationMasterRealm
// testRestEvaluationMasterAdminTestRealm
// test role deletion that it cleans up authz objects
public static void setupDeleteTest(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    RoleModel removedRole = realm.addRole("removedRole");
    ClientModel client = realm.addClient("removedClient");
    RoleModel removedClientRole = client.addRole("removedClientRole");
    GroupModel removedGroup = realm.createGroup("removedGroup");
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    management.roles().setPermissionsEnabled(removedRole, true);
    management.roles().setPermissionsEnabled(removedClientRole, true);
    management.groups().setPermissionsEnabled(removedGroup, true);
    management.clients().setPermissionsEnabled(client, true);
    management.users().setPermissionsEnabled(true);
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) GroupModel(org.keycloak.models.GroupModel) RoleModel(org.keycloak.models.RoleModel) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)

Example 94 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class FineGrainAdminUnitTest method setupTokenExchange.

private static void setupTokenExchange(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName("master");
    ClientModel client = session.clients().getClientByClientId(realm, "tokenexclient");
    if (client != null) {
        return;
    }
    ClientModel tokenexclient = realm.addClient("tokenexclient");
    tokenexclient.setEnabled(true);
    tokenexclient.addRedirectUri("http://localhost:*");
    tokenexclient.setPublicClient(false);
    tokenexclient.setSecret("password");
    tokenexclient.setDirectAccessGrantsEnabled(true);
    // permission for client to client exchange to "target" client
    ClientModel adminCli = realm.getClientByClientId(ConfigUtil.DEFAULT_CLIENT);
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    management.clients().setPermissionsEnabled(adminCli, true);
    ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation();
    clientRep.setName("to");
    clientRep.addClient(tokenexclient.getId());
    ResourceServer server = management.realmResourceServer();
    Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
    management.clients().exchangeToPermission(adminCli).addAssociatedPolicy(clientPolicy);
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ResourceServer(org.keycloak.authorization.model.ResourceServer) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)

Example 95 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class FineGrainAdminUnitTest method setup5152.

public static void setup5152(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
    RoleModel realmAdminRole = realmAdminClient.getRole(AdminRoles.REALM_ADMIN);
    UserModel realmUser = session.users().addUser(realm, "realm-admin");
    realmUser.grantRole(realmAdminRole);
    realmUser.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, realmUser, UserCredentialModel.password("password"));
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) RoleModel(org.keycloak.models.RoleModel)

Aggregations

RealmModel (org.keycloak.models.RealmModel)591 Test (org.junit.Test)249 UserModel (org.keycloak.models.UserModel)225 KeycloakSession (org.keycloak.models.KeycloakSession)152 ClientModel (org.keycloak.models.ClientModel)149 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)90 ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)84 ComponentModel (org.keycloak.component.ComponentModel)83 RoleModel (org.keycloak.models.RoleModel)73 UserSessionModel (org.keycloak.models.UserSessionModel)64 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)62 List (java.util.List)55 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)51 GroupModel (org.keycloak.models.GroupModel)47 HashMap (java.util.HashMap)38 Collectors (java.util.stream.Collectors)34 CachedUserModel (org.keycloak.models.cache.CachedUserModel)34 Path (javax.ws.rs.Path)30 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)30 Map (java.util.Map)29
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial