use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class UserModelIdentity method hasClientRole.
@Override
public boolean hasClientRole(String clientId, String roleName) {
ClientModel client = realm.getClientByClientId(clientId);
RoleModel role = client.getRole(roleName);
if (role == null)
return false;
return user.hasRole(role);
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RealmManager method checkMasterAdminManagementRoles.
private void checkMasterAdminManagementRoles(RealmModel realm) {
RealmModel adminRealm = model.getRealmByName(Config.getAdminRealm());
RoleModel adminRole = adminRealm.getRole(AdminRoles.ADMIN);
ClientModel masterAdminClient = realm.getMasterAdminClient();
for (String r : AdminRoles.ALL_REALM_ROLES) {
RoleModel found = masterAdminClient.getRole(r);
if (found == null) {
addAndSetAdminRole(r, masterAdminClient, adminRole);
}
}
addQueryCompositeRoles(masterAdminClient);
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RealmManager method setupRealmAdminManagement.
private void setupRealmAdminManagement(RealmModel realm) {
// don't need to do this for master realm
if (realm.getName().equals(Config.getAdminRealm())) {
return;
}
String realmAdminClientId = getRealmAdminClientId(realm);
ClientModel realmAdminClient = realm.getClientByClientId(realmAdminClientId);
if (realmAdminClient == null) {
realmAdminClient = KeycloakModelUtils.createManagementClient(realm, realmAdminClientId);
realmAdminClient.setName("${client_" + realmAdminClientId + "}");
}
RoleModel adminRole = realmAdminClient.addRole(AdminRoles.REALM_ADMIN);
adminRole.setDescription("${role_" + AdminRoles.REALM_ADMIN + "}");
realmAdminClient.setBearerOnly(true);
realmAdminClient.setFullScopeAllowed(false);
realmAdminClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
for (String r : AdminRoles.ALL_REALM_ROLES) {
addAndSetAdminRole(r, realmAdminClient, adminRole);
}
addQueryCompositeRoles(realmAdminClient);
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class UserStorageFailureTest method addProvidersBeforeTest.
@Before
public void addProvidersBeforeTest() {
ComponentRepresentation memProvider = new ComponentRepresentation();
memProvider.setName("failure");
memProvider.setProviderId(FailableHardcodedStorageProviderFactory.PROVIDER_ID);
memProvider.setProviderType(UserStorageProvider.class.getName());
memProvider.setConfig(new MultivaluedHashMap<>());
memProvider.getConfig().putSingle("priority", Integer.toString(0));
failureProviderId = addComponent(memProvider);
if (initialized)
return;
final String authServerRoot = OAuthClient.AUTH_SERVER_ROOT;
testingClient.server().run(session -> {
RealmManager manager = new RealmManager(session);
RealmModel appRealm = manager.getRealmByName(AuthRealm.TEST);
ClientModel offlineClient = appRealm.addClient("offline-client");
offlineClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
offlineClient.setEnabled(true);
offlineClient.setDirectAccessGrantsEnabled(true);
offlineClient.setSecret("secret");
HashSet<String> redirects = new HashSet<>();
redirects.add(authServerRoot + "/offline-client");
offlineClient.setRedirectUris(redirects);
offlineClient.setServiceAccountsEnabled(true);
offlineClient.setFullScopeAllowed(true);
UserModel serviceAccount = manager.getSession().users().addUser(appRealm, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + offlineClient.getClientId());
serviceAccount.setEnabled(true);
RoleModel role = appRealm.getRole("offline_access");
Assert.assertNotNull(role);
serviceAccount.grantRole(role);
serviceAccount.setServiceAccountClientLink(offlineClient.getClientId());
UserModel localUser = manager.getSession().userLocalStorage().addUser(appRealm, LOCAL_USER);
localUser.setEnabled(true);
});
initialized = true;
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class GroupAdapter method getRoleMappingsStream.
@Override
public Stream<RoleModel> getRoleMappingsStream() {
if (isUpdated())
return updated.getRoleMappingsStream();
Set<RoleModel> roles = new HashSet<>();
for (String id : cached.getRoleMappings(modelSupplier)) {
RoleModel roleById = keycloakSession.roles().getRoleById(realm, id);
if (roleById == null) {
// chance that role was removed, so just delegate to persistence and get user invalidated
getDelegateForUpdate();
return updated.getRoleMappingsStream();
}
roles.add(roleById);
}
return roles.stream();
}
Aggregations