Examples with RoleModel org.keycloak.models.RoleModel used on opensource projects

Search in sources :

Example 71 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class LDAPRoleMappingsTest method test05_getRolesFromUserMemberOfStrategyTest.

// KEYCLOAK-5848
// Test GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE with custom 'Member-Of LDAP Attribute'. As a workaround, we are testing this with custom attribute "street"
// just because it's available on all the LDAP servers
@Test
public void test05_getRolesFromUserMemberOfStrategyTest() throws Exception {
    ComponentRepresentation realmRoleMapper = findMapperRepByName("realmRolesMapper");
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // Create street attribute mapper
        LDAPTestUtils.addUserAttributeMapper(appRealm, ctx.getLdapModel(), "streetMapper", "street", LDAPConstants.STREET);
        // Find DN of "group1"
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper");
        RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(mapperModel, ctx.getLdapProvider(), appRealm);
        LDAPObject ldapRole = roleMapper.loadLDAPRoleByName("realmRole1");
        String ldapRoleDN = ldapRole.getDn().toString();
        // Create new user in LDAP. Add him some "street" referencing existing LDAP Group
        LDAPObject carlos = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "carloskeycloak", "Carlos", "Doel", "carlos.doel@email.org", ldapRoleDN, "1234");
        LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), carlos, "Password1");
        // Update group mapper
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, RoleMapperConfig.USER_ROLES_RETRIEVE_STRATEGY, RoleMapperConfig.GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE, RoleMapperConfig.MEMBEROF_LDAP_ATTRIBUTE, LDAPConstants.STREET);
        appRealm.updateComponent(mapperModel);
    });
    ComponentRepresentation streetMapper = findMapperRepByName("streetMapper");
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // Get user in Keycloak. Ensure that he is member of requested group
        UserModel carlos = session.users().getUserByUsername(appRealm, "carloskeycloak");
        Set<RoleModel> carlosRoles = carlos.getRealmRoleMappingsStream().collect(Collectors.toSet());
        RoleModel realmRole1 = appRealm.getRole("realmRole1");
        RoleModel realmRole2 = appRealm.getRole("realmRole2");
        Assert.assertTrue(carlosRoles.contains(realmRole1));
        Assert.assertFalse(carlosRoles.contains(realmRole2));
    });
    // Revert mappers
    testRealm().components().component(streetMapper.getId()).remove();
    testRealm().components().component(realmRoleMapper.getId()).remove();
    realmRoleMapper.setId(null);
    testRealm().components().add(realmRoleMapper);
}
Also used : ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) RoleModel(org.keycloak.models.RoleModel) RoleLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper) Test(org.junit.Test)

Example 72 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class LDAPRoleMappingsTest method test04_syncRoleMappings.

/**
 * KEYCLOAK-5698
 */
@Test
public void test04_syncRoleMappings() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        LDAPObject john = LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johnrolemapper", "John", "RoleMapper", "johnrolemapper@email.org", null, "1234");
        LDAPTestUtils.updateLDAPPassword(ldapProvider, john, "Password1");
        LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY);
        UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
        SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(session.getKeycloakSessionFactory(), appRealm.getId(), new UserStorageProviderModel(ctx.getLdapModel()));
        syncResult.getAdded();
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // make sure user is cached.
        UserModel johnRoleMapper = session.users().getUserByUsername(appRealm, "johnrolemapper");
        Assert.assertNotNull(johnRoleMapper);
        Assert.assertEquals(0, johnRoleMapper.getRealmRoleMappingsStream().count());
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // Add some role mappings directly in LDAP
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper");
        RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
        LDAPObject johnLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "johnrolemapper");
        roleMapper.addRoleMappingInLDAP("realmRole1", johnLdap);
        roleMapper.addRoleMappingInLDAP("realmRole2", johnLdap);
        // Get user and check that he has requested roles from LDAP
        UserModel johnRoleMapper = session.users().getUserByUsername(appRealm, "johnrolemapper");
        RoleModel realmRole1 = appRealm.getRole("realmRole1");
        RoleModel realmRole2 = appRealm.getRole("realmRole2");
        Set<RoleModel> johnRoles = johnRoleMapper.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertFalse(johnRoles.contains(realmRole1));
        Assert.assertFalse(johnRoles.contains(realmRole2));
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // Add some role mappings directly in LDAP
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper");
        RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
        LDAPObject johnLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "johnrolemapper");
        // not sure why it is here for second time, but it is failing for Active directory - mapping already exists
        if (!ctx.getLdapProvider().getLdapIdentityStore().getConfig().isActiveDirectory()) {
            roleMapper.addRoleMappingInLDAP("realmRole1", johnLdap);
            roleMapper.addRoleMappingInLDAP("realmRole2", johnLdap);
        }
        UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
        SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(session.getKeycloakSessionFactory(), appRealm.getId(), new UserStorageProviderModel(ctx.getLdapModel()));
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // Get user and check that he has requested roles from LDAP
        UserModel johnRoleMapper = session.users().getUserByUsername(appRealm, "johnrolemapper");
        RoleModel realmRole1 = appRealm.getRole("realmRole1");
        RoleModel realmRole2 = appRealm.getRole("realmRole2");
        Set<RoleModel> johnRoles = johnRoleMapper.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertTrue(johnRoles.contains(realmRole1));
        Assert.assertTrue(johnRoles.contains(realmRole2));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) RoleModel(org.keycloak.models.RoleModel) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) UserStorageProviderModel(org.keycloak.storage.UserStorageProviderModel) RoleLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper) Test(org.junit.Test)

Example 73 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class LDAPRoleMappingsNoImportTest method test01ReadMappings.

@Test
public void test01ReadMappings() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY);
        ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
        LDAPObject maryLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "marykeycloak");
        roleMapper.addRoleMappingInLDAP("realmRole1", maryLdap);
        roleMapper.addRoleMappingInLDAP("realmRole2", maryLdap);
    });
    testingClient.server().run(session -> {
        session.userCache().clear();
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
        // make sure we are in no-import mode!
        Assert.assertNull(session.userLocalStorage().getUserByUsername(appRealm, "marykeycloak"));
        // This role should already exists as it was imported from LDAP
        RoleModel realmRole1 = appRealm.getRole("realmRole1");
        // This role should already exists as it was imported from LDAP
        RoleModel realmRole2 = appRealm.getRole("realmRole2");
        Set<RoleModel> maryRoles = mary.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertTrue(maryRoles.contains(realmRole1));
        Assert.assertTrue(maryRoles.contains(realmRole2));
        // Add some role mappings directly into LDAP
        ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
        LDAPObject maryLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "marykeycloak");
        deleteRoleMappingsInLDAP(roleMapper, maryLdap, "realmRole1");
        deleteRoleMappingsInLDAP(roleMapper, maryLdap, "realmRole2");
    });
    testingClient.server().run(session -> {
        session.userCache().clear();
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
        // This role should already exists as it was imported from LDAP
        RoleModel realmRole1 = appRealm.getRole("realmRole1");
        // This role should already exists as it was imported from LDAP
        RoleModel realmRole2 = appRealm.getRole("realmRole2");
        Set<RoleModel> maryRoles = mary.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertFalse(maryRoles.contains(realmRole1));
        Assert.assertFalse(maryRoles.contains(realmRole2));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPTestContext(org.keycloak.testsuite.federation.ldap.LDAPTestContext) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) RoleModel(org.keycloak.models.RoleModel) RoleLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper) Test(org.junit.Test) AbstractLDAPTest(org.keycloak.testsuite.federation.ldap.AbstractLDAPTest)

Example 74 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class LDAPRoleMappingsNoImportTest method test03_newUserDefaultRolesNoImportModeTest.

@Test
public void test03_newUserDefaultRolesNoImportModeTest() throws Exception {
    // Check user group memberships
    testingClient.server().run(session -> {
        session.userCache().clear();
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY);
        UserModel david = session.users().addUser(appRealm, "davidkeycloak");
        // make sure we are in no-import mode
        Assert.assertNull(session.userLocalStorage().getUserByUsername(appRealm, "davidkeycloak"));
        RoleModel defaultRole = appRealm.getRole("realmRole1");
        RoleModel realmRole2 = appRealm.getRole("realmRole2");
        Assert.assertNotNull(defaultRole);
        Assert.assertNotNull(realmRole2);
        // Set a default role on the realm
        appRealm.addToDefaultRoles(defaultRole);
        Set<RoleModel> davidRoles = david.getRealmRoleMappingsStream().collect(Collectors.toSet());
        // default role is not assigned directly
        Assert.assertFalse(davidRoles.contains(defaultRole));
        Assert.assertFalse(davidRoles.contains(realmRole2));
        // but david should have the role as effective
        Assert.assertTrue(david.hasRole(defaultRole));
        Assert.assertFalse(david.hasRole(realmRole2));
        // Make sure john has not received the default role
        UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
        Assert.assertFalse(john.hasRole(defaultRole));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) LDAPTestContext(org.keycloak.testsuite.federation.ldap.LDAPTestContext) RoleModel(org.keycloak.models.RoleModel) Test(org.junit.Test) AbstractLDAPTest(org.keycloak.testsuite.federation.ldap.AbstractLDAPTest)

Example 75 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class LDAPProvidersIntegrationTest method testHardcodedRoleMapper.

@Test
public void testHardcodedRoleMapper() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        RoleModel hardcodedRole = appRealm.addRole("hardcoded-role");
        // assert that user "johnkeycloak" doesn't have hardcoded role
        UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
        Assert.assertFalse(john.hasRole(hardcodedRole));
        ComponentModel hardcodedMapperModel = KeycloakModelUtils.createComponentModel("hardcoded role", ctx.getLdapModel().getId(), HardcodedLDAPRoleStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), HardcodedLDAPRoleStorageMapper.ROLE, "hardcoded-role");
        appRealm.addComponentModel(hardcodedMapperModel);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        RoleModel hardcodedRole = appRealm.getRole("hardcoded-role");
        // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName
        UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
        Assert.assertTrue(john.hasRole(hardcodedRole));
        // Can't remove user from hardcoded role
        try {
            john.deleteRoleMapping(hardcodedRole);
            Assert.fail("Didn't expected to remove role mapping");
        } catch (ModelException expected) {
        }
        // Revert mappers
        ComponentModel hardcodedMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "hardcoded role");
        appRealm.removeComponent(hardcodedMapperModel);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) CachedUserModel(org.keycloak.models.cache.CachedUserModel) UserModel(org.keycloak.models.UserModel) LDAPStorageMapper(org.keycloak.storage.ldap.mappers.LDAPStorageMapper) UserAttributeLDAPStorageMapper(org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper) ModelException(org.keycloak.models.ModelException) ComponentModel(org.keycloak.component.ComponentModel) RoleModel(org.keycloak.models.RoleModel) AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest) Test(org.junit.Test)

Aggregations

RoleModel (org.keycloak.models.RoleModel)153 ClientModel (org.keycloak.models.ClientModel)73 RealmModel (org.keycloak.models.RealmModel)69 UserModel (org.keycloak.models.UserModel)36 Path (javax.ws.rs.Path)29 Test (org.junit.Test)29 NotFoundException (javax.ws.rs.NotFoundException)25 NoCache (org.jboss.resteasy.annotations.cache.NoCache)20 KeycloakSession (org.keycloak.models.KeycloakSession)19 Consumes (javax.ws.rs.Consumes)17 List (java.util.List)16 GET (javax.ws.rs.GET)16 Produces (javax.ws.rs.Produces)16 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)15 LinkedList (java.util.LinkedList)14 HashMap (java.util.HashMap)13 ArrayList (java.util.ArrayList)12 GroupModel (org.keycloak.models.GroupModel)12 RoleContainerModel (org.keycloak.models.RoleContainerModel)12 Policy (org.keycloak.authorization.model.Policy)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial