use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RoleByIdResource method deleteRole.
/**
* Delete the role
*
* @param id id of role
*/
@Path("{role-id}")
@DELETE
@NoCache
public void deleteRole(@PathParam("role-id") final String id) {
if (realm.getDefaultRole() == null) {
logger.warnf("Default role for realm with id '%s' doesn't exist.", realm.getId());
} else if (realm.getDefaultRole().getId().equals(id)) {
throw new ErrorResponseException(ErrorResponse.error(realm.getDefaultRole().getName() + " is default role of the realm and cannot be removed.", Response.Status.BAD_REQUEST));
}
RoleModel role = getRoleModel(id);
auth.roles().requireManage(role);
deleteRole(role);
if (role.isClientRole()) {
adminEvent.resource(ResourceType.CLIENT_ROLE);
} else {
adminEvent.resource(ResourceType.REALM_ROLE);
}
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RoleByIdResource method getManagementPermissions.
/**
* Return object stating whether role Authoirzation permissions have been initialized or not and a reference
*
* @param id
* @return
*/
@Path("{role-id}/management/permissions")
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public ManagementPermissionReference getManagementPermissions(@PathParam("role-id") final String id) {
RoleModel role = getRoleModel(id);
auth.roles().requireView(role);
AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
if (!permissions.roles().isPermissionsEnabled(role)) {
return new ManagementPermissionReference();
}
return toMgmtRef(role, permissions);
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class ScopeMappedUtil method toClientMappingsRepresentation.
public static ClientMappingsRepresentation toClientMappingsRepresentation(ClientModel client, ScopeContainerModel scopeContainer) {
Set<RoleModel> roleMappings = KeycloakModelUtils.getClientScopeMappings(client, scopeContainer);
if (!roleMappings.isEmpty()) {
ClientMappingsRepresentation mappings = new ClientMappingsRepresentation();
mappings.setId(client.getId());
mappings.setClient(client.getClientId());
List<RoleRepresentation> roles = new LinkedList<>();
mappings.setMappings(roles);
for (RoleModel role : roleMappings) {
roles.add(ModelToRepresentation.toBriefRepresentation(role));
}
return mappings;
} else {
return null;
}
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class ClientTokenExchangeSAML2Test method addDirectExchanger.
private static void addDirectExchanger(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName(TEST);
RoleModel exampleRole = realm.addRole("example");
AdminPermissionManagement management = AdminPermissions.management(session, realm);
ClientModel directExchanger = realm.addClient("direct-exchanger");
directExchanger.setName("direct-exchanger");
directExchanger.setClientId("direct-exchanger");
directExchanger.setPublicClient(false);
directExchanger.setDirectAccessGrantsEnabled(true);
directExchanger.setEnabled(true);
directExchanger.setSecret("secret");
directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
directExchanger.setFullScopeAllowed(false);
// permission for client to client exchange to "target" client
management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_TARGET), true);
management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_ENCRYPTED_TARGET), true);
management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET), true);
management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET), true);
ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
clientImpersonateRep.setName("clientImpersonatorsDirect");
clientImpersonateRep.addClient(directExchanger.getId());
ResourceServer server = management.realmResourceServer();
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
management.users().setPermissionsEnabled(true);
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user");
impersonatedUser.setEnabled(true);
session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password"));
impersonatedUser.grantRole(exampleRole);
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RoleAdapter method getCompositesStream.
@Override
public Stream<RoleModel> getCompositesStream() {
if (isUpdated())
return updated.getCompositesStream();
if (composites == null) {
composites = new HashSet<>();
composites = cached.getComposites().stream().map(id -> {
RoleModel role = realm.getRoleById(id);
if (role == null) {
throw new IllegalStateException("Could not find composite in role " + getName() + ": " + id);
}
return role;
}).collect(Collectors.toSet());
}
return composites.stream();
}
Aggregations