Examples with RoleModel org.keycloak.models.RoleModel used on opensource projects

Example 16 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ApplicationsBean method toApplicationEntry.

/**
 * Constructs a {@link ApplicationEntry} from the specified parameters.
 *
 * @param session a reference to the {@code Keycloak} session.
 * @param realm a reference to the realm.
 * @param user a reference to the user.
 * @param client a reference to the client that contains the applications.
 * @param offlineClients a {@link Set} containing the offline clients.
 * @return the constructed {@link ApplicationEntry} instance or {@code null} if the user can't access the applications
 * in the specified client.
 */
private ApplicationEntry toApplicationEntry(final KeycloakSession session, final RealmModel realm, final UserModel user, final ClientModel client, final Set<ClientModel> offlineClients) {
    // Construct scope parameter with all optional scopes to see all potentially available roles
    Stream<ClientScopeModel> allClientScopes = Stream.concat(client.getClientScopes(true).values().stream(), client.getClientScopes(false).values().stream());
    allClientScopes = Stream.concat(allClientScopes, Stream.of(client)).distinct();
    Set<RoleModel> availableRoles = TokenManager.getAccess(user, client, allClientScopes);
    // unless this is can be changed by approving/revoking consent
    if (!isAdminClient(client) && availableRoles.isEmpty() && !client.isConsentRequired()) {
        return null;
    }
    List<RoleModel> realmRolesAvailable = new LinkedList<>();
    MultivaluedHashMap<String, ClientRoleEntry> resourceRolesAvailable = new MultivaluedHashMap<>();
    processRoles(availableRoles, realmRolesAvailable, resourceRolesAvailable);
    List<ClientScopeModel> orderedScopes = new LinkedList<>();
    if (client.isConsentRequired()) {
        UserConsentModel consent = session.users().getConsentByClient(realm, user.getId(), client.getId());
        if (consent != null) {
            orderedScopes.addAll(consent.getGrantedClientScopes());
        }
    }
    List<String> clientScopesGranted = orderedScopes.stream().sorted(OrderedModel.OrderedModelComparator.getInstance()).map(ClientScopeModel::getConsentScreenText).collect(Collectors.toList());
    List<String> additionalGrants = new ArrayList<>();
    if (offlineClients.contains(client)) {
        additionalGrants.add("${offlineToken}");
    }
    return new ApplicationEntry(session, realmRolesAvailable, resourceRolesAvailable, client, clientScopesGranted, additionalGrants);
}

Example 17 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ApplicationsBean method processRoles.

private void processRoles(Set<RoleModel> inputRoles, List<RoleModel> realmRoles, MultivaluedHashMap<String, ClientRoleEntry> clientRoles) {
    for (RoleModel role : inputRoles) {
        if (role.getContainer() instanceof RealmModel) {
            realmRoles.add(role);
        } else {
            ClientModel currentClient = (ClientModel) role.getContainer();
            ClientRoleEntry clientRole = new ClientRoleEntry(currentClient.getClientId(), currentClient.getName(), role.getName(), role.getDescription());
            clientRoles.add(currentClient.getClientId(), clientRole);
        }
    }
}

Example 18 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleLDAPStorageMapper method syncDataFromKeycloakToFederationProvider.

// Sync roles from Keycloak back to LDAP
@Override
public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm) {
    SynchronizationResult syncResult = new SynchronizationResult() {

        @Override
        public String getStatus() {
            return String.format("%d roles imported to LDAP, %d roles already existed in LDAP", getAdded(), getUpdated());
        }
    };
    if (config.getMode() != LDAPGroupMapperMode.LDAP_ONLY) {
        logger.warnf("Ignored sync for federation mapper '%s' as it's mode is '%s'", mapperModel.getName(), config.getMode().toString());
        return syncResult;
    }
    logger.debugf("Syncing roles from Keycloak into LDAP. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getName());
    // Send LDAP query to see which roles exists there
    try (LDAPQuery ldapQuery = createRoleQuery(false)) {
        List<LDAPObject> ldapRoles = LDAPUtils.loadAllLDAPObjects(ldapQuery, ldapProvider);
        Set<String> ldapRoleNames = new HashSet<>();
        String rolesRdnAttr = config.getRoleNameLdapAttribute();
        for (LDAPObject ldapRole : ldapRoles) {
            String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
            ldapRoleNames.add(roleName);
        }
        RoleContainerModel roleContainer = getTargetRoleContainer(realm);
        Stream<RoleModel> keycloakRoles = roleContainer.getRolesStream();
        Consumer<String> syncRoleFromKCToLDAP = roleName -> {
            if (ldapRoleNames.contains(roleName)) {
                syncResult.increaseUpdated();
            } else {
                logger.debugf("Syncing role [%s] from Keycloak to LDAP", roleName);
                createLDAPRole(roleName);
                syncResult.increaseAdded();
            }
        };
        keycloakRoles.map(RoleModel::getName).forEach(syncRoleFromKCToLDAP);
        return syncResult;
    }
}

Example 19 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleLDAPStorageMapper method onImportUserFromLDAP.

@Override
public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) {
    LDAPGroupMapperMode mode = config.getMode();
    // For now, import LDAP role mappings just during create
    if (mode == LDAPGroupMapperMode.IMPORT && isCreate) {
        List<LDAPObject> ldapRoles = getLDAPRoleMappings(ldapUser);
        // Import role mappings from LDAP into Keycloak DB
        String roleNameAttr = config.getRoleNameLdapAttribute();
        for (LDAPObject ldapRole : ldapRoles) {
            String roleName = ldapRole.getAttributeAsString(roleNameAttr);
            RoleContainerModel roleContainer = getTargetRoleContainer(realm);
            RoleModel role = roleContainer.getRole(roleName);
            if (role == null) {
                role = roleContainer.addRole(roleName);
            }
            logger.debugf("Granting role [%s] to user [%s] during import from LDAP", roleName, user.getUsername());
            user.grantRole(role);
        }
    }
}

Example 20 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class JpaRealmProviderFactory method onEvent.

@Override
public void onEvent(ProviderEvent event) {
    if (event instanceof RoleContainerModel.RoleRemovedEvent) {
        RoleRemovedEvent e = (RoleContainerModel.RoleRemovedEvent) event;
        RoleModel role = e.getRole();
        RoleContainerModel container = role.getContainer();
        RealmModel realm;
        if (container instanceof RealmModel) {
            realm = (RealmModel) container;
        } else if (container instanceof ClientModel) {
            realm = ((ClientModel) container).getRealm();
        } else {
            return;
        }
        ((JpaRealmProvider) e.getKeycloakSession().getProvider(RealmProvider.class)).preRemove(realm, role);
    }
}