Examples with RoleModel org.keycloak.models.RoleModel used on opensource projects

Example 11 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleByIdResource method deleteRole.

/**
 * Delete the role
 *
 * @param id id of role
 */
@Path("{role-id}")
@DELETE
@NoCache
public void deleteRole(@PathParam("role-id") final String id) {
    if (realm.getDefaultRole() == null) {
        logger.warnf("Default role for realm with id '%s' doesn't exist.", realm.getId());
    } else if (realm.getDefaultRole().getId().equals(id)) {
        throw new ErrorResponseException(ErrorResponse.error(realm.getDefaultRole().getName() + " is default role of the realm and cannot be removed.", Response.Status.BAD_REQUEST));
    }
    RoleModel role = getRoleModel(id);
    auth.roles().requireManage(role);
    deleteRole(role);
    if (role.isClientRole()) {
        adminEvent.resource(ResourceType.CLIENT_ROLE);
    } else {
        adminEvent.resource(ResourceType.REALM_ROLE);
    }
    adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
}

Example 12 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleByIdResource method getManagementPermissions.

/**
 * Return object stating whether role Authoirzation permissions have been initialized or not and a reference
 *
 * @param id
 * @return
 */
@Path("{role-id}/management/permissions")
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public ManagementPermissionReference getManagementPermissions(@PathParam("role-id") final String id) {
    RoleModel role = getRoleModel(id);
    auth.roles().requireView(role);
    AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
    if (!permissions.roles().isPermissionsEnabled(role)) {
        return new ManagementPermissionReference();
    }
    return toMgmtRef(role, permissions);
}

Example 13 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ScopeMappedUtil method toClientMappingsRepresentation.

public static ClientMappingsRepresentation toClientMappingsRepresentation(ClientModel client, ScopeContainerModel scopeContainer) {
    Set<RoleModel> roleMappings = KeycloakModelUtils.getClientScopeMappings(client, scopeContainer);
    if (!roleMappings.isEmpty()) {
        ClientMappingsRepresentation mappings = new ClientMappingsRepresentation();
        mappings.setId(client.getId());
        mappings.setClient(client.getClientId());
        List<RoleRepresentation> roles = new LinkedList<>();
        mappings.setMappings(roles);
        for (RoleModel role : roleMappings) {
            roles.add(ModelToRepresentation.toBriefRepresentation(role));
        }
        return mappings;
    } else {
        return null;
    }
}

Example 14 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ClientTokenExchangeSAML2Test method addDirectExchanger.

private static void addDirectExchanger(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    RoleModel exampleRole = realm.addRole("example");
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    ClientModel directExchanger = realm.addClient("direct-exchanger");
    directExchanger.setName("direct-exchanger");
    directExchanger.setClientId("direct-exchanger");
    directExchanger.setPublicClient(false);
    directExchanger.setDirectAccessGrantsEnabled(true);
    directExchanger.setEnabled(true);
    directExchanger.setSecret("secret");
    directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directExchanger.setFullScopeAllowed(false);
    // permission for client to client exchange to "target" client
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_ENCRYPTED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET), true);
    ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
    clientImpersonateRep.setName("clientImpersonatorsDirect");
    clientImpersonateRep.addClient(directExchanger.getId());
    ResourceServer server = management.realmResourceServer();
    Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
    management.users().setPermissionsEnabled(true);
    management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
    management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user");
    impersonatedUser.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password"));
    impersonatedUser.grantRole(exampleRole);
}

Example 15 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleAdapter method getCompositesStream.

@Override
public Stream<RoleModel> getCompositesStream() {
    if (isUpdated())
        return updated.getCompositesStream();
    if (composites == null) {
        composites = new HashSet<>();
        composites = cached.getComposites().stream().map(id -> {
            RoleModel role = realm.getRoleById(id);
            if (role == null) {
                throw new IllegalStateException("Could not find composite in role " + getName() + ": " + id);
            }
            return role;
        }).collect(Collectors.toSet());
    }
    return composites.stream();
}