Examples with RoleModel org.keycloak.models.RoleModel used on opensource projects

Search in sources :

Example 66 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleContainerResource method deleteRole.

/**
 * Delete a role by name
 *
 * @param roleName role's name (not id!)
 */
@Path("{role-name}")
@DELETE
@NoCache
public void deleteRole(@PathParam("role-name") final String roleName) {
    auth.roles().requireManage(roleContainer);
    RoleModel role = roleContainer.getRole(roleName);
    if (role == null) {
        throw new NotFoundException("Could not find role");
    } else if (realm.getDefaultRole().getId().equals(role.getId())) {
        throw new ErrorResponseException(ErrorResponse.error(roleName + " is default role of the realm and cannot be removed.", Response.Status.BAD_REQUEST));
    }
    deleteRole(role);
    if (role.isClientRole()) {
        adminEvent.resource(ResourceType.CLIENT_ROLE);
    } else {
        adminEvent.resource(ResourceType.REALM_ROLE);
    }
    adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
}
Also used : NotFoundException(javax.ws.rs.NotFoundException) RoleModel(org.keycloak.models.RoleModel) ErrorResponseException(org.keycloak.services.ErrorResponseException) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Example 67 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class PolicyEvaluationCompositeRoleTest method setup.

public static void setup(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    session.getContext().setRealm(realm);
    ClientModel client = session.clients().addClient(realm, "myclient");
    RoleModel role1 = client.addRole("client-role1");
    AuthorizationProviderFactory factory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
    AuthorizationProvider authz = factory.create(session, realm);
    ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client);
    Policy policy = createRolePolicy(authz, resourceServer, role1);
    Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer);
    Resource resource = authz.getStoreFactory().getResourceStore().create("myresource", resourceServer, resourceServer.getId());
    addScopePermission(authz, resourceServer, "mypermission", resource, scope, policy);
    RoleModel composite = realm.addRole("composite");
    composite.addCompositeRole(role1);
    UserModel user = session.users().addUser(realm, "user");
    user.grantRole(composite);
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) RealmResource(org.keycloak.admin.client.resource.RealmResource) Resource(org.keycloak.authorization.model.Resource) AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory) RoleModel(org.keycloak.models.RoleModel) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 68 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class LDAPRoleMapperTest method test01RoleMapperRealmRoles.

@Test
public void test01RoleMapperRealmRoles() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // check users
        UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
        Assert.assertNotNull(john);
        Assert.assertThat(john.getRealmRoleMappingsStream().map(RoleModel::getName).collect(Collectors.toSet()), Matchers.containsInAnyOrder("group1", "group2"));
        UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
        Assert.assertNotNull(mary);
        Assert.assertThat(mary.getRealmRoleMappingsStream().map(RoleModel::getName).collect(Collectors.toSet()), Matchers.containsInAnyOrder("group1", "group2"));
        UserModel rob = session.users().getUserByUsername(appRealm, "robkeycloak");
        Assert.assertNotNull(rob);
        Assert.assertThat(rob.getRealmRoleMappingsStream().map(RoleModel::getName).collect(Collectors.toSet()), Matchers.containsInAnyOrder("group1"));
        UserModel james = session.users().getUserByUsername(appRealm, "jameskeycloak");
        Assert.assertNotNull(james);
        Assert.assertThat(james.getRealmRoleMappingsStream().collect(Collectors.toSet()), Matchers.empty());
        // check groups
        RoleModel group1 = appRealm.getRole("group1");
        Assert.assertNotNull(group1);
        Assert.assertThat(session.users().getRoleMembersStream(appRealm, group1).map(UserModel::getUsername).collect(Collectors.toSet()), Matchers.containsInAnyOrder("johnkeycloak", "marykeycloak", "robkeycloak"));
        RoleModel group2 = appRealm.getRole("group2");
        Assert.assertNotNull(group2);
        Assert.assertThat(session.users().getRoleMembersStream(appRealm, group2).map(UserModel::getUsername).collect(Collectors.toSet()), Matchers.containsInAnyOrder("johnkeycloak", "marykeycloak"));
        RoleModel group3 = appRealm.getRole("group3");
        Assert.assertNotNull(group3);
        Assert.assertThat(session.users().getRoleMembersStream(appRealm, group3).collect(Collectors.toSet()), Matchers.empty());
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) RoleModel(org.keycloak.models.RoleModel) Test(org.junit.Test)

Example 69 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class LDAPRoleMapperTest method test02RoleMapperClientRoles.

@Test
public void test02RoleMapperClientRoles() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // create a client to set the roles in it
        ClientModel rolesClient = session.clients().addClient(appRealm, "role-mapper-client");
        try {
            ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "rolesMapper");
            LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, RoleMapperConfig.USE_REALM_ROLES_MAPPING, "false", RoleMapperConfig.CLIENT_ID, rolesClient.getClientId());
            appRealm.updateComponent(mapperModel);
            // synch to the client to create the roles at the client
            new RoleLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm);
            // check users
            UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
            Assert.assertNotNull(john);
            Assert.assertThat(john.getClientRoleMappingsStream(rolesClient).map(RoleModel::getName).collect(Collectors.toSet()), Matchers.containsInAnyOrder("group1", "group2"));
            UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
            Assert.assertNotNull(mary);
            Assert.assertThat(mary.getClientRoleMappingsStream(rolesClient).map(RoleModel::getName).collect(Collectors.toSet()), Matchers.containsInAnyOrder("group1", "group2"));
            UserModel rob = session.users().getUserByUsername(appRealm, "robkeycloak");
            Assert.assertNotNull(rob);
            Assert.assertThat(rob.getClientRoleMappingsStream(rolesClient).map(RoleModel::getName).collect(Collectors.toSet()), Matchers.containsInAnyOrder("group1"));
            UserModel james = session.users().getUserByUsername(appRealm, "jameskeycloak");
            Assert.assertNotNull(james);
            Assert.assertThat(james.getClientRoleMappingsStream(rolesClient).map(RoleModel::getName).collect(Collectors.toSet()), Matchers.empty());
            // check groups
            RoleModel group1 = rolesClient.getRole("group1");
            Assert.assertNotNull(group1);
            Assert.assertThat(session.users().getRoleMembersStream(appRealm, group1).map(UserModel::getUsername).collect(Collectors.toSet()), Matchers.containsInAnyOrder("johnkeycloak", "marykeycloak", "robkeycloak"));
            RoleModel group2 = rolesClient.getRole("group2");
            Assert.assertNotNull(group2);
            Assert.assertThat(session.users().getRoleMembersStream(appRealm, group2).map(UserModel::getUsername).collect(Collectors.toSet()), Matchers.containsInAnyOrder("johnkeycloak", "marykeycloak"));
            RoleModel group3 = rolesClient.getRole("group3");
            Assert.assertNotNull(group3);
            Assert.assertThat(session.users().getRoleMembersStream(appRealm, group3).collect(Collectors.toSet()), Matchers.empty());
        } finally {
            appRealm.removeClient(rolesClient.getId());
        }
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) RoleLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapperFactory) ComponentModel(org.keycloak.component.ComponentModel) RoleModel(org.keycloak.models.RoleModel) Test(org.junit.Test)

Example 70 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class LDAPRoleMappingsTest method test03_importRoleMappings.

@Test
public void test03_importRoleMappings() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.IMPORT);
        // Add some role mappings directly in LDAP
        ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
        LDAPObject robLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "robkeycloak");
        roleMapper.addRoleMappingInLDAP("realmRole1", robLdap);
        roleMapper.addRoleMappingInLDAP("realmRole2", robLdap);
        // Get user and check that he has requested roles from LDAP
        UserModel rob = session.users().getUserByUsername(appRealm, "robkeycloak");
        RoleModel realmRole1 = appRealm.getRole("realmRole1");
        RoleModel realmRole2 = appRealm.getRole("realmRole2");
        RoleModel realmRole3 = appRealm.getRole("realmRole3");
        if (realmRole3 == null) {
            realmRole3 = appRealm.addRole("realmRole3");
        }
        Set<RoleModel> robRoles = rob.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertTrue(robRoles.contains(realmRole1));
        Assert.assertTrue(robRoles.contains(realmRole2));
        Assert.assertFalse(robRoles.contains(realmRole3));
        // Add some role mappings in model and check that user has it
        rob.grantRole(realmRole3);
        robRoles = rob.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertTrue(robRoles.contains(realmRole3));
        // Delete some role mappings in LDAP and check that it doesn't have any effect and user still has role
        deleteRoleMappingsInLDAP(roleMapper, robLdap, "realmRole1");
        deleteRoleMappingsInLDAP(roleMapper, robLdap, "realmRole2");
        robRoles = rob.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertTrue(robRoles.contains(realmRole1));
        Assert.assertTrue(robRoles.contains(realmRole2));
        // Delete role mappings through model and verifies that user doesn't have them anymore
        rob.deleteRoleMapping(realmRole1);
        rob.deleteRoleMapping(realmRole2);
        rob.deleteRoleMapping(realmRole3);
        robRoles = rob.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertFalse(robRoles.contains(realmRole1));
        Assert.assertFalse(robRoles.contains(realmRole2));
        Assert.assertFalse(robRoles.contains(realmRole3));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) RoleModel(org.keycloak.models.RoleModel) RoleLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper) Test(org.junit.Test)

Aggregations

RoleModel (org.keycloak.models.RoleModel)153 ClientModel (org.keycloak.models.ClientModel)73 RealmModel (org.keycloak.models.RealmModel)69 UserModel (org.keycloak.models.UserModel)36 Path (javax.ws.rs.Path)29 Test (org.junit.Test)29 NotFoundException (javax.ws.rs.NotFoundException)25 NoCache (org.jboss.resteasy.annotations.cache.NoCache)20 KeycloakSession (org.keycloak.models.KeycloakSession)19 Consumes (javax.ws.rs.Consumes)17 List (java.util.List)16 GET (javax.ws.rs.GET)16 Produces (javax.ws.rs.Produces)16 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)15 LinkedList (java.util.LinkedList)14 HashMap (java.util.HashMap)13 ArrayList (java.util.ArrayList)12 GroupModel (org.keycloak.models.GroupModel)12 RoleContainerModel (org.keycloak.models.RoleContainerModel)12 Policy (org.keycloak.authorization.model.Policy)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial