Example 86 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class DefaultEvaluation method createRealm.
private Realm createRealm() {
return new Realm() {
@Override
public boolean isUserInGroup(String id, String groupId, boolean checkParent) {
KeycloakSession session = authorizationProvider.getKeycloakSession();
UserModel user = getUser(id, session);
if (Objects.isNull(user)) {
return false;
}
RealmModel realm = session.getContext().getRealm();
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, groupId);
if (Objects.isNull(group)) {
return false;
}
if (checkParent) {
return RoleUtils.isMember(user.getGroupsStream(), group);
}
return user.isMemberOf(group);
}
private UserModel getUser(String id, KeycloakSession session) {
RealmModel realm = session.getContext().getRealm();
UserModel user = session.users().getUserById(realm, id);
if (Objects.isNull(user)) {
user = session.users().getUserByUsername(realm, id);
}
if (Objects.isNull(user)) {
user = session.users().getUserByEmail(realm, id);
}
if (Objects.isNull(user)) {
user = session.users().getServiceAccount(realm.getClientById(id));
}
return user;
}
@Override
public boolean isUserInRealmRole(String id, String roleName) {
KeycloakSession session = authorizationProvider.getKeycloakSession();
UserModel user = getUser(id, session);
if (Objects.isNull(user)) {
return false;
}
Stream<RoleModel> roleMappings = user.getRoleMappingsStream().filter(isNotClientRole);
return RoleUtils.hasRole(roleMappings, session.getContext().getRealm().getRole(roleName));
}
@Override
public boolean isUserInClientRole(String id, String clientId, String roleName) {
KeycloakSession session = authorizationProvider.getKeycloakSession();
RealmModel realm = session.getContext().getRealm();
UserModel user = getUser(id, session);
if (Objects.isNull(user)) {
return false;
}
Set<RoleModel> roleMappings = user.getRoleMappingsStream().filter(RoleModel::isClientRole).filter(role -> Objects.equals(((ClientModel) role.getContainer()).getClientId(), clientId)).collect(Collectors.toSet());
if (roleMappings.isEmpty()) {
return false;
}
RoleModel role = realm.getClientById(roleMappings.iterator().next().getContainer().getId()).getRole(roleName);
if (Objects.isNull(role)) {
return false;
}
return RoleUtils.hasRole(roleMappings, role);
}
@Override
public boolean isGroupInRole(String id, String role) {
KeycloakSession session = authorizationProvider.getKeycloakSession();
RealmModel realm = session.getContext().getRealm();
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, id);
return RoleUtils.hasRoleFromGroup(group, realm.getRole(role), false);
}
@Override
public List<String> getUserRealmRoles(String id) {
return getUser(id, authorizationProvider.getKeycloakSession()).getRoleMappingsStream().filter(isNotClientRole).map(RoleModel::getName).collect(Collectors.toList());
}
@Override
public List<String> getUserClientRoles(String id, String clientId) {
return getUser(id, authorizationProvider.getKeycloakSession()).getRoleMappingsStream().filter(RoleModel::isClientRole).map(RoleModel::getName).collect(Collectors.toList());
}
@Override
public List<String> getUserGroups(String id) {
return getUser(id, authorizationProvider.getKeycloakSession()).getGroupsStream().map(ModelToRepresentation::buildGroupPath).collect(Collectors.toList());
}
@Override
public Map<String, List<String>> getUserAttributes(String id) {
return Collections.unmodifiableMap(getUser(id, authorizationProvider.getKeycloakSession()).getAttributes());
}
};
}
Also used :
UserModel(org.keycloak.models.UserModel)
RealmModel(org.keycloak.models.RealmModel)
ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)
ClientModel(org.keycloak.models.ClientModel)
java.util(java.util)
Effect(org.keycloak.authorization.Decision.Effect)
RealmModel(org.keycloak.models.RealmModel)
KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils)
Predicate(java.util.function.Predicate)
KeycloakSession(org.keycloak.models.KeycloakSession)
RoleModel(org.keycloak.models.RoleModel)
Decision(org.keycloak.authorization.Decision)
Collectors(java.util.stream.Collectors)
RoleUtils(org.keycloak.models.utils.RoleUtils)
Policy(org.keycloak.authorization.model.Policy)
ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation)
Stream(java.util.stream.Stream)
UserModel(org.keycloak.models.UserModel)
Logic(org.keycloak.representations.idm.authorization.Logic)
GroupModel(org.keycloak.models.GroupModel)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
KeycloakSession(org.keycloak.models.KeycloakSession)
GroupModel(org.keycloak.models.GroupModel)
RoleModel(org.keycloak.models.RoleModel)
Example 87 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class ExportUtils method exportFederatedUser.
/**
* Full export of user data stored in federated storage (including role mappings and credentials)
*
* @param id
* @return fully exported user representation
*/
public static UserRepresentation exportFederatedUser(KeycloakSession session, RealmModel realm, String id, ExportOptions options) {
UserRepresentation userRep = new UserRepresentation();
userRep.setId(id);
MultivaluedHashMap<String, String> attributes = session.userFederatedStorage().getAttributes(realm, id);
if (attributes.size() > 0) {
Map<String, List<String>> attrs = new HashMap<>();
attrs.putAll(attributes);
userRep.setAttributes(attrs);
}
List<String> requiredActions = session.userFederatedStorage().getRequiredActionsStream(realm, id).collect(Collectors.toList());
if (requiredActions.size() > 0) {
userRep.setRequiredActions(requiredActions);
}
// Social links
List<FederatedIdentityRepresentation> socialLinkReps = session.userFederatedStorage().getFederatedIdentitiesStream(id, realm).map(ExportUtils::exportSocialLink).collect(Collectors.toList());
if (socialLinkReps.size() > 0) {
userRep.setFederatedIdentities(socialLinkReps);
}
// Role mappings
if (options.isGroupsAndRolesIncluded()) {
Set<RoleModel> roles = session.userFederatedStorage().getRoleMappingsStream(realm, id).collect(Collectors.toSet());
List<String> realmRoleNames = new ArrayList<>();
Map<String, List<String>> clientRoleNames = new HashMap<>();
for (RoleModel role : roles) {
if (role.getContainer() instanceof RealmModel) {
realmRoleNames.add(role.getName());
} else {
ClientModel client = (ClientModel) role.getContainer();
String clientId = client.getClientId();
List<String> currentClientRoles = clientRoleNames.get(clientId);
if (currentClientRoles == null) {
currentClientRoles = new ArrayList<>();
clientRoleNames.put(clientId, currentClientRoles);
}
currentClientRoles.add(role.getName());
}
}
if (realmRoleNames.size() > 0) {
userRep.setRealmRoles(realmRoleNames);
}
if (clientRoleNames.size() > 0) {
userRep.setClientRoles(clientRoleNames);
}
}
// Credentials
List<CredentialRepresentation> credReps = session.userFederatedStorage().getStoredCredentialsStream(realm, id).map(ExportUtils::exportCredential).collect(Collectors.toList());
userRep.setCredentials(credReps);
// Grants
List<UserConsentRepresentation> consentReps = session.users().getConsentsStream(realm, id).map(ModelToRepresentation::toRepresentation).collect(Collectors.toList());
if (consentReps.size() > 0) {
userRep.setClientConsents(consentReps);
}
// Not Before
int notBefore = session.userFederatedStorage().getNotBeforeOfUser(realm, userRep.getId());
userRep.setNotBefore(notBefore);
if (options.isGroupsAndRolesIncluded()) {
List<String> groups = session.userFederatedStorage().getGroupsStream(realm, id).map(ModelToRepresentation::buildGroupPath).collect(Collectors.toList());
userRep.setGroups(groups);
}
return userRep;
}
Also used :
HashMap(java.util.HashMap)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
ArrayList(java.util.ArrayList)
RoleModel(org.keycloak.models.RoleModel)
UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation)
RealmModel(org.keycloak.models.RealmModel)
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
ClientModel(org.keycloak.models.ClientModel)
List(java.util.List)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Example 88 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class ExportUtils method exportRealm.
public static RealmRepresentation exportRealm(KeycloakSession session, RealmModel realm, ExportOptions options, boolean internal) {
RealmRepresentation rep = ModelToRepresentation.toRepresentation(session, realm, internal);
ModelToRepresentation.exportAuthenticationFlows(realm, rep);
ModelToRepresentation.exportRequiredActions(realm, rep);
// Project/product version
rep.setKeycloakVersion(Version.VERSION_KEYCLOAK);
// Client Scopes
rep.setClientScopes(realm.getClientScopesStream().map(ModelToRepresentation::toRepresentation).collect(Collectors.toList()));
rep.setDefaultDefaultClientScopes(realm.getDefaultClientScopesStream(true).map(ClientScopeModel::getName).collect(Collectors.toList()));
rep.setDefaultOptionalClientScopes(realm.getDefaultClientScopesStream(false).map(ClientScopeModel::getName).collect(Collectors.toList()));
// Clients
List<ClientModel> clients = new LinkedList<>();
if (options.isClientsIncluded()) {
// we iterate over all clients in the stream.
// only those client models that can be translated into a valid client representation will be added to the client list
// that is later used to retrieve related information about groups and roles
List<ClientRepresentation> clientReps = ModelToRepresentation.filterValidRepresentations(realm.getClientsStream(), app -> {
ClientRepresentation clientRepresentation = exportClient(session, app);
clients.add(app);
return clientRepresentation;
}).collect(Collectors.toList());
rep.setClients(clientReps);
}
// Groups and Roles
if (options.isGroupsAndRolesIncluded()) {
ModelToRepresentation.exportGroups(realm, rep);
Map<String, List<RoleRepresentation>> clientRolesReps = new HashMap<>();
List<RoleRepresentation> realmRoleReps = exportRoles(realm.getRolesStream());
RolesRepresentation rolesRep = new RolesRepresentation();
if (!realmRoleReps.isEmpty()) {
rolesRep.setRealm(realmRoleReps);
}
if (options.isClientsIncluded()) {
for (ClientModel client : clients) {
Stream<RoleModel> currentAppRoles = client.getRolesStream();
List<RoleRepresentation> currentAppRoleReps = exportRoles(currentAppRoles);
clientRolesReps.put(client.getClientId(), currentAppRoleReps);
}
if (clientRolesReps.size() > 0) {
rolesRep.setClient(clientRolesReps);
}
}
rep.setRoles(rolesRep);
}
// Scopes
Map<String, List<ScopeMappingRepresentation>> clientScopeReps = new HashMap<>();
if (options.isClientsIncluded()) {
List<ClientModel> allClients = new ArrayList<>(clients);
// Scopes of clients
for (ClientModel client : allClients) {
Set<RoleModel> clientScopes = client.getScopeMappingsStream().collect(Collectors.toSet());
ScopeMappingRepresentation scopeMappingRep = null;
for (RoleModel scope : clientScopes) {
if (scope.getContainer() instanceof RealmModel) {
if (scopeMappingRep == null) {
scopeMappingRep = rep.clientScopeMapping(client.getClientId());
}
scopeMappingRep.role(scope.getName());
} else {
ClientModel app = (ClientModel) scope.getContainer();
String appName = app.getClientId();
List<ScopeMappingRepresentation> currentAppScopes = clientScopeReps.get(appName);
if (currentAppScopes == null) {
currentAppScopes = new ArrayList<>();
clientScopeReps.put(appName, currentAppScopes);
}
ScopeMappingRepresentation currentClientScope = null;
for (ScopeMappingRepresentation scopeMapping : currentAppScopes) {
if (client.getClientId().equals(scopeMapping.getClient())) {
currentClientScope = scopeMapping;
break;
}
}
if (currentClientScope == null) {
currentClientScope = new ScopeMappingRepresentation();
currentClientScope.setClient(client.getClientId());
currentAppScopes.add(currentClientScope);
}
currentClientScope.role(scope.getName());
}
}
}
}
// Scopes of client scopes
realm.getClientScopesStream().forEach(clientScope -> {
Set<RoleModel> clientScopes = clientScope.getScopeMappingsStream().collect(Collectors.toSet());
ScopeMappingRepresentation scopeMappingRep = null;
for (RoleModel scope : clientScopes) {
if (scope.getContainer() instanceof RealmModel) {
if (scopeMappingRep == null) {
scopeMappingRep = rep.clientScopeScopeMapping(clientScope.getName());
}
scopeMappingRep.role(scope.getName());
} else {
ClientModel app = (ClientModel) scope.getContainer();
String appName = app.getClientId();
List<ScopeMappingRepresentation> currentAppScopes = clientScopeReps.get(appName);
if (currentAppScopes == null) {
currentAppScopes = new ArrayList<>();
clientScopeReps.put(appName, currentAppScopes);
}
ScopeMappingRepresentation currentClientTemplateScope = null;
for (ScopeMappingRepresentation scopeMapping : currentAppScopes) {
if (clientScope.getName().equals(scopeMapping.getClientScope())) {
currentClientTemplateScope = scopeMapping;
break;
}
}
if (currentClientTemplateScope == null) {
currentClientTemplateScope = new ScopeMappingRepresentation();
currentClientTemplateScope.setClientScope(clientScope.getName());
currentAppScopes.add(currentClientTemplateScope);
}
currentClientTemplateScope.role(scope.getName());
}
}
});
if (clientScopeReps.size() > 0) {
rep.setClientScopeMappings(clientScopeReps);
}
// Finally users if needed
if (options.isUsersIncluded()) {
List<UserRepresentation> users = session.users().getUsersStream(realm, true).map(user -> exportUser(session, realm, user, options, internal)).collect(Collectors.toList());
if (users.size() > 0) {
rep.setUsers(users);
}
List<UserRepresentation> federatedUsers = session.userFederatedStorage().getStoredUsersStream(realm, 0, -1).map(user -> exportFederatedUser(session, realm, user, options)).collect(Collectors.toList());
if (federatedUsers.size() > 0) {
rep.setFederatedUsers(federatedUsers);
}
} else if (options.isClientsIncluded() && options.isOnlyServiceAccountsIncluded()) {
List<UserRepresentation> users = new LinkedList<>();
for (ClientModel app : clients) {
if (app.isServiceAccountsEnabled() && !app.isPublicClient() && !app.isBearerOnly()) {
UserModel user = session.users().getServiceAccount(app);
if (user != null) {
UserRepresentation userRep = exportUser(session, realm, user, options, internal);
users.add(userRep);
}
}
}
if (users.size() > 0) {
rep.setUsers(users);
}
}
// components
MultivaluedHashMap<String, ComponentExportRepresentation> components = exportComponents(realm, realm.getId());
rep.setComponents(components);
return rep;
}
Also used :
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
Version(org.keycloak.common.Version)
RoleContainerModel(org.keycloak.models.RoleContainerModel)
Map(java.util.Map)
ModelToRepresentation.toRepresentation(org.keycloak.models.utils.ModelToRepresentation.toRepresentation)
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation)
ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
ClientScopeModel(org.keycloak.models.ClientScopeModel)
RealmModel(org.keycloak.models.RealmModel)
FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation)
Collection(java.util.Collection)
AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory)
Set(java.util.Set)
RoleModel(org.keycloak.models.RoleModel)
PolicyStore(org.keycloak.authorization.store.PolicyStore)
Collectors(java.util.stream.Collectors)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation)
ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation)
List(java.util.List)
Stream(java.util.stream.Stream)
ClientModel(org.keycloak.models.ClientModel)
Scope(org.keycloak.authorization.model.Scope)
Profile(org.keycloak.common.Profile)
JsonGenerator(com.fasterxml.jackson.core.JsonGenerator)
ScopeMappingRepresentation(org.keycloak.representations.idm.ScopeMappingRepresentation)
StoreFactory(org.keycloak.authorization.store.StoreFactory)
HashMap(java.util.HashMap)
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
UserModel(org.keycloak.models.UserModel)
ComponentExportRepresentation(org.keycloak.representations.idm.ComponentExportRepresentation)
JsonEncoding(com.fasterxml.jackson.core.JsonEncoding)
ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation)
LinkedList(java.util.LinkedList)
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
FederatedIdentityModel(org.keycloak.models.FederatedIdentityModel)
OutputStream(java.io.OutputStream)
RolesRepresentation(org.keycloak.representations.idm.RolesRepresentation)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
CredentialModel(org.keycloak.credential.CredentialModel)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
KeycloakSession(org.keycloak.models.KeycloakSession)
IOException(java.io.IOException)
JsonSerialization(org.keycloak.util.JsonSerialization)
Policy(org.keycloak.authorization.model.Policy)
JsonFactory(com.fasterxml.jackson.core.JsonFactory)
SerializationFeature(com.fasterxml.jackson.databind.SerializationFeature)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
Resource(org.keycloak.authorization.model.Resource)
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
HashMap(java.util.HashMap)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
ScopeMappingRepresentation(org.keycloak.representations.idm.ScopeMappingRepresentation)
ArrayList(java.util.ArrayList)
ClientScopeModel(org.keycloak.models.ClientScopeModel)
RoleModel(org.keycloak.models.RoleModel)
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
List(java.util.List)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
RolesRepresentation(org.keycloak.representations.idm.RolesRepresentation)
ComponentExportRepresentation(org.keycloak.representations.idm.ComponentExportRepresentation)
ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation)
LinkedList(java.util.LinkedList)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
ClientModel(org.keycloak.models.ClientModel)
Example 89 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class ExportUtils method exportUser.
/**
* Full export of user (including role mappings and credentials)
*
* @param user
* @return fully exported user representation
*/
public static UserRepresentation exportUser(KeycloakSession session, RealmModel realm, UserModel user, ExportOptions options, boolean internal) {
UserRepresentation userRep = ModelToRepresentation.toRepresentation(session, realm, user);
// Social links
List<FederatedIdentityRepresentation> socialLinkReps = session.users().getFederatedIdentitiesStream(realm, user).map(ExportUtils::exportSocialLink).collect(Collectors.toList());
if (socialLinkReps.size() > 0) {
userRep.setFederatedIdentities(socialLinkReps);
}
// Role mappings
if (options.isGroupsAndRolesIncluded()) {
Set<RoleModel> roles = user.getRoleMappingsStream().collect(Collectors.toSet());
List<String> realmRoleNames = new ArrayList<>();
Map<String, List<String>> clientRoleNames = new HashMap<>();
for (RoleModel role : roles) {
if (role.getContainer() instanceof RealmModel) {
realmRoleNames.add(role.getName());
} else {
ClientModel client = (ClientModel) role.getContainer();
String clientId = client.getClientId();
List<String> currentClientRoles = clientRoleNames.get(clientId);
if (currentClientRoles == null) {
currentClientRoles = new ArrayList<>();
clientRoleNames.put(clientId, currentClientRoles);
}
currentClientRoles.add(role.getName());
}
}
if (realmRoleNames.size() > 0) {
userRep.setRealmRoles(realmRoleNames);
}
if (clientRoleNames.size() > 0) {
userRep.setClientRoles(clientRoleNames);
}
}
// Credentials - extra security, do not export credentials if service accounts
if (internal) {
List<CredentialRepresentation> credReps = session.userCredentialManager().getStoredCredentialsStream(realm, user).map(ExportUtils::exportCredential).collect(Collectors.toList());
userRep.setCredentials(credReps);
}
userRep.setFederationLink(user.getFederationLink());
// Grants
List<UserConsentRepresentation> consentReps = session.users().getConsentsStream(realm, user.getId()).map(ModelToRepresentation::toRepresentation).collect(Collectors.toList());
if (consentReps.size() > 0) {
userRep.setClientConsents(consentReps);
}
// Not Before
int notBefore = session.users().getNotBeforeOfUser(realm, user);
userRep.setNotBefore(notBefore);
// Service account
if (user.getServiceAccountClientLink() != null) {
String clientInternalId = user.getServiceAccountClientLink();
ClientModel client = realm.getClientById(clientInternalId);
if (client != null) {
userRep.setServiceAccountClientId(client.getClientId());
}
}
if (options.isGroupsAndRolesIncluded()) {
List<String> groups = user.getGroupsStream().map(ModelToRepresentation::buildGroupPath).collect(Collectors.toList());
userRep.setGroups(groups);
}
return userRep;
}
Also used :
HashMap(java.util.HashMap)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
ArrayList(java.util.ArrayList)
RoleModel(org.keycloak.models.RoleModel)
UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation)
RealmModel(org.keycloak.models.RealmModel)
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
ClientModel(org.keycloak.models.ClientModel)
List(java.util.List)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Example 90 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class ExportUtils method exportRole.
/**
* Full export of role including composite roles
* @param role
* @return RoleRepresentation with all stuff filled (including composite roles)
*/
public static RoleRepresentation exportRole(RoleModel role) {
RoleRepresentation roleRep = ModelToRepresentation.toRepresentation(role);
Set<RoleModel> composites = role.getCompositesStream().collect(Collectors.toSet());
if (composites != null && composites.size() > 0) {
Set<String> compositeRealmRoles = null;
Map<String, List<String>> compositeClientRoles = null;
for (RoleModel composite : composites) {
RoleContainerModel crContainer = composite.getContainer();
if (crContainer instanceof RealmModel) {
if (compositeRealmRoles == null) {
compositeRealmRoles = new HashSet<>();
}
compositeRealmRoles.add(composite.getName());
} else {
if (compositeClientRoles == null) {
compositeClientRoles = new HashMap<>();
}
ClientModel app = (ClientModel) crContainer;
String appName = app.getClientId();
List<String> currentAppComposites = compositeClientRoles.get(appName);
if (currentAppComposites == null) {
currentAppComposites = new ArrayList<>();
compositeClientRoles.put(appName, currentAppComposites);
}
currentAppComposites.add(composite.getName());
}
}
RoleRepresentation.Composites compRep = new RoleRepresentation.Composites();
if (compositeRealmRoles != null) {
compRep.setRealm(compositeRealmRoles);
}
if (compositeClientRoles != null) {
compRep.setClient(compositeClientRoles);
}
roleRep.setComposites(compRep);
}
return roleRep;
}
Also used :
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
RoleModel(org.keycloak.models.RoleModel)
RealmModel(org.keycloak.models.RealmModel)
ClientModel(org.keycloak.models.ClientModel)
List(java.util.List)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
RoleContainerModel(org.keycloak.models.RoleContainerModel)
Aggregations
RoleModel (org.keycloak.models.RoleModel)153
ClientModel (org.keycloak.models.ClientModel)73
RealmModel (org.keycloak.models.RealmModel)69
UserModel (org.keycloak.models.UserModel)36
Path (javax.ws.rs.Path)29
Test (org.junit.Test)29
NotFoundException (javax.ws.rs.NotFoundException)25
NoCache (org.jboss.resteasy.annotations.cache.NoCache)20
KeycloakSession (org.keycloak.models.KeycloakSession)19
Consumes (javax.ws.rs.Consumes)17
List (java.util.List)16
GET (javax.ws.rs.GET)16
Produces (javax.ws.rs.Produces)16
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)15
LinkedList (java.util.LinkedList)14
HashMap (java.util.HashMap)13
ArrayList (java.util.ArrayList)12
GroupModel (org.keycloak.models.GroupModel)12
RoleContainerModel (org.keycloak.models.RoleContainerModel)12
Policy (org.keycloak.authorization.model.Policy)11
