Search in sources :

Example 11 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleByIdResource method deleteRole.

/**
 * Delete the role
 *
 * @param id id of role
 */
@Path("{role-id}")
@DELETE
@NoCache
public void deleteRole(@PathParam("role-id") final String id) {
    if (realm.getDefaultRole() == null) {
        logger.warnf("Default role for realm with id '%s' doesn't exist.", realm.getId());
    } else if (realm.getDefaultRole().getId().equals(id)) {
        throw new ErrorResponseException(ErrorResponse.error(realm.getDefaultRole().getName() + " is default role of the realm and cannot be removed.", Response.Status.BAD_REQUEST));
    }
    RoleModel role = getRoleModel(id);
    auth.roles().requireManage(role);
    deleteRole(role);
    if (role.isClientRole()) {
        adminEvent.resource(ResourceType.CLIENT_ROLE);
    } else {
        adminEvent.resource(ResourceType.REALM_ROLE);
    }
    adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
}
Also used : ErrorResponseException(org.keycloak.services.ErrorResponseException) RoleModel(org.keycloak.models.RoleModel) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Example 12 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleByIdResource method getManagementPermissions.

/**
 * Return object stating whether role Authoirzation permissions have been initialized or not and a reference
 *
 * @param id
 * @return
 */
@Path("{role-id}/management/permissions")
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public ManagementPermissionReference getManagementPermissions(@PathParam("role-id") final String id) {
    RoleModel role = getRoleModel(id);
    auth.roles().requireView(role);
    AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
    if (!permissions.roles().isPermissionsEnabled(role)) {
        return new ManagementPermissionReference();
    }
    return toMgmtRef(role, permissions);
}
Also used : ManagementPermissionReference(org.keycloak.representations.idm.ManagementPermissionReference) RoleModel(org.keycloak.models.RoleModel) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Example 13 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ScopeMappedUtil method toClientMappingsRepresentation.

public static ClientMappingsRepresentation toClientMappingsRepresentation(ClientModel client, ScopeContainerModel scopeContainer) {
    Set<RoleModel> roleMappings = KeycloakModelUtils.getClientScopeMappings(client, scopeContainer);
    if (!roleMappings.isEmpty()) {
        ClientMappingsRepresentation mappings = new ClientMappingsRepresentation();
        mappings.setId(client.getId());
        mappings.setClient(client.getClientId());
        List<RoleRepresentation> roles = new LinkedList<>();
        mappings.setMappings(roles);
        for (RoleModel role : roleMappings) {
            roles.add(ModelToRepresentation.toBriefRepresentation(role));
        }
        return mappings;
    } else {
        return null;
    }
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RoleModel(org.keycloak.models.RoleModel) ClientMappingsRepresentation(org.keycloak.representations.idm.ClientMappingsRepresentation) LinkedList(java.util.LinkedList)

Example 14 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ClientTokenExchangeSAML2Test method addDirectExchanger.

private static void addDirectExchanger(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    RoleModel exampleRole = realm.addRole("example");
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    ClientModel directExchanger = realm.addClient("direct-exchanger");
    directExchanger.setName("direct-exchanger");
    directExchanger.setClientId("direct-exchanger");
    directExchanger.setPublicClient(false);
    directExchanger.setDirectAccessGrantsEnabled(true);
    directExchanger.setEnabled(true);
    directExchanger.setSecret("secret");
    directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directExchanger.setFullScopeAllowed(false);
    // permission for client to client exchange to "target" client
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_ENCRYPTED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET), true);
    ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
    clientImpersonateRep.setName("clientImpersonatorsDirect");
    clientImpersonateRep.addClient(directExchanger.getId());
    ResourceServer server = management.realmResourceServer();
    Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
    management.users().setPermissionsEnabled(true);
    management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
    management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user");
    impersonatedUser.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password"));
    impersonatedUser.grantRole(exampleRole);
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) RoleModel(org.keycloak.models.RoleModel) ResourceServer(org.keycloak.authorization.model.ResourceServer) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)

Example 15 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleAdapter method getCompositesStream.

@Override
public Stream<RoleModel> getCompositesStream() {
    if (isUpdated())
        return updated.getCompositesStream();
    if (composites == null) {
        composites = new HashSet<>();
        composites = cached.getComposites().stream().map(id -> {
            RoleModel role = realm.getRoleById(id);
            if (role == null) {
                throw new IllegalStateException("Could not find composite in role " + getName() + ": " + id);
            }
            return role;
        }).collect(Collectors.toSet());
    }
    return composites.stream();
}
Also used : RoleModel(org.keycloak.models.RoleModel)

Aggregations

RoleModel (org.keycloak.models.RoleModel)153 ClientModel (org.keycloak.models.ClientModel)73 RealmModel (org.keycloak.models.RealmModel)69 UserModel (org.keycloak.models.UserModel)36 Path (javax.ws.rs.Path)29 Test (org.junit.Test)29 NotFoundException (javax.ws.rs.NotFoundException)25 NoCache (org.jboss.resteasy.annotations.cache.NoCache)20 KeycloakSession (org.keycloak.models.KeycloakSession)19 Consumes (javax.ws.rs.Consumes)17 List (java.util.List)16 GET (javax.ws.rs.GET)16 Produces (javax.ws.rs.Produces)16 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)15 LinkedList (java.util.LinkedList)14 HashMap (java.util.HashMap)13 ArrayList (java.util.ArrayList)12 GroupModel (org.keycloak.models.GroupModel)12 RoleContainerModel (org.keycloak.models.RoleContainerModel)12 Policy (org.keycloak.authorization.model.Policy)11