Example 21 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class ConditionalRoleAuthenticator method matchCondition.
@Override
public boolean matchCondition(AuthenticationFlowContext context) {
UserModel user = context.getUser();
RealmModel realm = context.getRealm();
AuthenticatorConfigModel authConfig = context.getAuthenticatorConfig();
if (user != null && authConfig != null && authConfig.getConfig() != null) {
String requiredRole = authConfig.getConfig().get(ConditionalRoleAuthenticatorFactory.CONDITIONAL_USER_ROLE);
boolean negateOutput = Boolean.parseBoolean(authConfig.getConfig().get(ConditionalRoleAuthenticatorFactory.CONF_NEGATE));
RoleModel role = KeycloakModelUtils.getRoleFromString(realm, requiredRole);
if (role == null) {
logger.errorv("Invalid role name submitted: {0}", requiredRole);
return false;
}
return negateOutput != user.hasRole(role);
}
return false;
}
Also used :
UserModel(org.keycloak.models.UserModel)
RealmModel(org.keycloak.models.RealmModel)
AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)
RoleModel(org.keycloak.models.RoleModel)
Example 22 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RepresentationToModel method createResourceServer.
public static ResourceServer createResourceServer(ClientModel client, KeycloakSession session, boolean addDefaultRoles) {
if ((client.isBearerOnly() || client.isPublicClient()) && !(client.getClientId().equals(Config.getAdminRealm() + "-realm") || client.getClientId().equals(Constants.REALM_MANAGEMENT_CLIENT_ID))) {
throw new RuntimeException("Only confidential clients are allowed to set authorization settings");
}
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
UserModel serviceAccount = session.users().getServiceAccount(client);
if (serviceAccount == null) {
client.setServiceAccountsEnabled(true);
}
if (addDefaultRoles) {
RoleModel umaProtectionRole = client.getRole(Constants.AUTHZ_UMA_PROTECTION);
if (umaProtectionRole == null) {
umaProtectionRole = client.addRole(Constants.AUTHZ_UMA_PROTECTION);
}
if (serviceAccount != null) {
serviceAccount.grantRole(umaProtectionRole);
}
}
ResourceServerRepresentation representation = new ResourceServerRepresentation();
representation.setAllowRemoteResourceManagement(true);
representation.setClientId(client.getId());
return toModel(representation, authorization, client);
}
Also used :
UserModel(org.keycloak.models.UserModel)
ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
RoleModel(org.keycloak.models.RoleModel)
Example 23 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RepresentationToModel method createFederatedRoleMappings.
public static void createFederatedRoleMappings(UserFederatedStorageProvider federatedStorage, UserRepresentation userRep, RealmModel realm) {
if (userRep.getRealmRoles() != null) {
for (String roleString : userRep.getRealmRoles()) {
RoleModel role = realm.getRole(roleString.trim());
if (role == null) {
role = realm.addRole(roleString.trim());
}
federatedStorage.grantRole(realm, userRep.getId(), role);
}
}
if (userRep.getClientRoles() != null) {
for (Map.Entry<String, List<String>> entry : userRep.getClientRoles().entrySet()) {
ClientModel client = realm.getClientByClientId(entry.getKey());
if (client == null) {
throw new RuntimeException("Unable to find client role mappings for client: " + entry.getKey());
}
createFederatedClientRoleMappings(federatedStorage, realm, client, userRep, entry.getValue());
}
}
}
Also used :
ClientModel(org.keycloak.models.ClientModel)
RoleModel(org.keycloak.models.RoleModel)
ArrayList(java.util.ArrayList)
List(java.util.List)
LinkedList(java.util.LinkedList)
ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)
Map(java.util.Map)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
HashMap(java.util.HashMap)
Example 24 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RepresentationToModel method importRoles.
public static void importRoles(RolesRepresentation realmRoles, RealmModel realm) {
if (realmRoles == null)
return;
if (realmRoles.getRealm() != null) {
// realm roles
for (RoleRepresentation roleRep : realmRoles.getRealm()) {
if (!realm.getDefaultRole().getName().equals(roleRep.getName())) {
// default role was already imported
createRole(realm, roleRep);
}
}
}
if (realmRoles.getClient() != null) {
for (Map.Entry<String, List<RoleRepresentation>> entry : realmRoles.getClient().entrySet()) {
ClientModel client = realm.getClientByClientId(entry.getKey());
if (client == null) {
throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
}
for (RoleRepresentation roleRep : entry.getValue()) {
// Application role may already exists (for example if it is defaultRole)
RoleModel role = roleRep.getId() != null ? client.addRole(roleRep.getId(), roleRep.getName()) : client.addRole(roleRep.getName());
role.setDescription(roleRep.getDescription());
if (roleRep.getAttributes() != null) {
roleRep.getAttributes().forEach((key, value) -> role.setAttribute(key, value));
}
}
}
}
// now that all roles are created, re-iterate and set up composites
if (realmRoles.getRealm() != null) {
// realm roles
for (RoleRepresentation roleRep : realmRoles.getRealm()) {
RoleModel role = realm.getRole(roleRep.getName());
addComposites(role, roleRep, realm);
}
}
if (realmRoles.getClient() != null) {
for (Map.Entry<String, List<RoleRepresentation>> entry : realmRoles.getClient().entrySet()) {
ClientModel client = realm.getClientByClientId(entry.getKey());
if (client == null) {
throw new RuntimeException("App doesn't exist in role definitions: " + entry.getKey());
}
for (RoleRepresentation roleRep : entry.getValue()) {
RoleModel role = client.getRole(roleRep.getName());
addComposites(role, roleRep, realm);
}
}
}
}
Also used :
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
ClientModel(org.keycloak.models.ClientModel)
ArrayList(java.util.ArrayList)
List(java.util.List)
LinkedList(java.util.LinkedList)
RoleModel(org.keycloak.models.RoleModel)
ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)
Map(java.util.Map)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
HashMap(java.util.HashMap)
Example 25 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class KeycloakModelUtils method setupOfflineRole.
public static RoleModel setupOfflineRole(RealmModel realm) {
RoleModel offlineRole = realm.getRole(Constants.OFFLINE_ACCESS_ROLE);
if (offlineRole == null) {
offlineRole = realm.addRole(Constants.OFFLINE_ACCESS_ROLE);
offlineRole.setDescription("${role_offline-access}");
realm.addToDefaultRoles(offlineRole);
}
return offlineRole;
}
Also used :
RoleModel(org.keycloak.models.RoleModel)
Aggregations
RoleModel (org.keycloak.models.RoleModel)153
ClientModel (org.keycloak.models.ClientModel)73
RealmModel (org.keycloak.models.RealmModel)69
UserModel (org.keycloak.models.UserModel)36
Path (javax.ws.rs.Path)29
Test (org.junit.Test)29
NotFoundException (javax.ws.rs.NotFoundException)25
NoCache (org.jboss.resteasy.annotations.cache.NoCache)20
KeycloakSession (org.keycloak.models.KeycloakSession)19
Consumes (javax.ws.rs.Consumes)17
List (java.util.List)16
GET (javax.ws.rs.GET)16
Produces (javax.ws.rs.Produces)16
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)15
LinkedList (java.util.LinkedList)14
HashMap (java.util.HashMap)13
ArrayList (java.util.ArrayList)12
GroupModel (org.keycloak.models.GroupModel)12
RoleContainerModel (org.keycloak.models.RoleContainerModel)12
Policy (org.keycloak.authorization.model.Policy)11
