Search in sources :

Example 51 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class UserModelIdentity method hasClientRole.

@Override
public boolean hasClientRole(String clientId, String roleName) {
    ClientModel client = realm.getClientByClientId(clientId);
    RoleModel role = client.getRole(roleName);
    if (role == null)
        return false;
    return user.hasRole(role);
}
Also used : ClientModel(org.keycloak.models.ClientModel) RoleModel(org.keycloak.models.RoleModel)

Example 52 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RealmManager method checkMasterAdminManagementRoles.

private void checkMasterAdminManagementRoles(RealmModel realm) {
    RealmModel adminRealm = model.getRealmByName(Config.getAdminRealm());
    RoleModel adminRole = adminRealm.getRole(AdminRoles.ADMIN);
    ClientModel masterAdminClient = realm.getMasterAdminClient();
    for (String r : AdminRoles.ALL_REALM_ROLES) {
        RoleModel found = masterAdminClient.getRole(r);
        if (found == null) {
            addAndSetAdminRole(r, masterAdminClient, adminRole);
        }
    }
    addQueryCompositeRoles(masterAdminClient);
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) RoleModel(org.keycloak.models.RoleModel)

Example 53 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RealmManager method setupRealmAdminManagement.

private void setupRealmAdminManagement(RealmModel realm) {
    // don't need to do this for master realm
    if (realm.getName().equals(Config.getAdminRealm())) {
        return;
    }
    String realmAdminClientId = getRealmAdminClientId(realm);
    ClientModel realmAdminClient = realm.getClientByClientId(realmAdminClientId);
    if (realmAdminClient == null) {
        realmAdminClient = KeycloakModelUtils.createManagementClient(realm, realmAdminClientId);
        realmAdminClient.setName("${client_" + realmAdminClientId + "}");
    }
    RoleModel adminRole = realmAdminClient.addRole(AdminRoles.REALM_ADMIN);
    adminRole.setDescription("${role_" + AdminRoles.REALM_ADMIN + "}");
    realmAdminClient.setBearerOnly(true);
    realmAdminClient.setFullScopeAllowed(false);
    realmAdminClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    for (String r : AdminRoles.ALL_REALM_ROLES) {
        addAndSetAdminRole(r, realmAdminClient, adminRole);
    }
    addQueryCompositeRoles(realmAdminClient);
}
Also used : ClientModel(org.keycloak.models.ClientModel) RoleModel(org.keycloak.models.RoleModel)

Example 54 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class UserStorageFailureTest method addProvidersBeforeTest.

@Before
public void addProvidersBeforeTest() {
    ComponentRepresentation memProvider = new ComponentRepresentation();
    memProvider.setName("failure");
    memProvider.setProviderId(FailableHardcodedStorageProviderFactory.PROVIDER_ID);
    memProvider.setProviderType(UserStorageProvider.class.getName());
    memProvider.setConfig(new MultivaluedHashMap<>());
    memProvider.getConfig().putSingle("priority", Integer.toString(0));
    failureProviderId = addComponent(memProvider);
    if (initialized)
        return;
    final String authServerRoot = OAuthClient.AUTH_SERVER_ROOT;
    testingClient.server().run(session -> {
        RealmManager manager = new RealmManager(session);
        RealmModel appRealm = manager.getRealmByName(AuthRealm.TEST);
        ClientModel offlineClient = appRealm.addClient("offline-client");
        offlineClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
        offlineClient.setEnabled(true);
        offlineClient.setDirectAccessGrantsEnabled(true);
        offlineClient.setSecret("secret");
        HashSet<String> redirects = new HashSet<>();
        redirects.add(authServerRoot + "/offline-client");
        offlineClient.setRedirectUris(redirects);
        offlineClient.setServiceAccountsEnabled(true);
        offlineClient.setFullScopeAllowed(true);
        UserModel serviceAccount = manager.getSession().users().addUser(appRealm, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + offlineClient.getClientId());
        serviceAccount.setEnabled(true);
        RoleModel role = appRealm.getRole("offline_access");
        Assert.assertNotNull(role);
        serviceAccount.grantRole(role);
        serviceAccount.setServiceAccountClientLink(offlineClient.getClientId());
        UserModel localUser = manager.getSession().userLocalStorage().addUser(appRealm, LOCAL_USER);
        localUser.setEnabled(true);
    });
    initialized = true;
}
Also used : ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) CachedUserModel(org.keycloak.models.cache.CachedUserModel) ClientModel(org.keycloak.models.ClientModel) UserStorageProvider(org.keycloak.storage.UserStorageProvider) RoleModel(org.keycloak.models.RoleModel) RealmManager(org.keycloak.services.managers.RealmManager) HashSet(java.util.HashSet) Before(org.junit.Before)

Example 55 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class GroupAdapter method getRoleMappingsStream.

@Override
public Stream<RoleModel> getRoleMappingsStream() {
    if (isUpdated())
        return updated.getRoleMappingsStream();
    Set<RoleModel> roles = new HashSet<>();
    for (String id : cached.getRoleMappings(modelSupplier)) {
        RoleModel roleById = keycloakSession.roles().getRoleById(realm, id);
        if (roleById == null) {
            // chance that role was removed, so just delegate to persistence and get user invalidated
            getDelegateForUpdate();
            return updated.getRoleMappingsStream();
        }
        roles.add(roleById);
    }
    return roles.stream();
}
Also used : RoleModel(org.keycloak.models.RoleModel) HashSet(java.util.HashSet)

Aggregations

RoleModel (org.keycloak.models.RoleModel)153 ClientModel (org.keycloak.models.ClientModel)73 RealmModel (org.keycloak.models.RealmModel)69 UserModel (org.keycloak.models.UserModel)36 Path (javax.ws.rs.Path)29 Test (org.junit.Test)29 NotFoundException (javax.ws.rs.NotFoundException)25 NoCache (org.jboss.resteasy.annotations.cache.NoCache)20 KeycloakSession (org.keycloak.models.KeycloakSession)19 Consumes (javax.ws.rs.Consumes)17 List (java.util.List)16 GET (javax.ws.rs.GET)16 Produces (javax.ws.rs.Produces)16 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)15 LinkedList (java.util.LinkedList)14 HashMap (java.util.HashMap)13 ArrayList (java.util.ArrayList)12 GroupModel (org.keycloak.models.GroupModel)12 RoleContainerModel (org.keycloak.models.RoleContainerModel)12 Policy (org.keycloak.authorization.model.Policy)11