use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class KeycloakModelUtils method setupDeleteAccount.
public static void setupDeleteAccount(ClientModel accountClient) {
RoleModel deleteOwnAccount = accountClient.getRole(AccountRoles.DELETE_ACCOUNT);
if (deleteOwnAccount == null) {
deleteOwnAccount = accountClient.addRole(AccountRoles.DELETE_ACCOUNT);
}
deleteOwnAccount.setDescription("${role_" + AccountRoles.DELETE_ACCOUNT + "}");
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class MigrationUtils method addAdminRole.
public static void addAdminRole(RealmModel realm, String roleName) {
ClientModel client = realm.getMasterAdminClient();
if (client != null && client.getRole(roleName) == null) {
RoleModel role = client.addRole(roleName);
role.setDescription("${role_" + roleName + "}");
client.getRealm().getRole(AdminRoles.ADMIN).addCompositeRole(role);
}
if (!realm.getName().equals(Config.getAdminRealm())) {
client = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
if (client != null && client.getRole(roleName) == null) {
RoleModel role = client.addRole(roleName);
role.setDescription("${role_" + roleName + "}");
client.getRole(AdminRoles.REALM_ADMIN).addCompositeRole(role);
}
}
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class OIDCLoginProtocolFactory method createDefaultClientScopesImpl.
@Override
protected void createDefaultClientScopesImpl(RealmModel newRealm) {
// name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, and updated_at.
ClientScopeModel profileScope = newRealm.addClientScope(OAuth2Constants.SCOPE_PROFILE);
profileScope.setDescription("OpenID Connect built-in scope: profile");
profileScope.setDisplayOnConsentScreen(true);
profileScope.setConsentScreenText(PROFILE_SCOPE_CONSENT_TEXT);
profileScope.setIncludeInTokenScope(true);
profileScope.setProtocol(getId());
profileScope.addProtocolMapper(builtins.get(FULL_NAME));
profileScope.addProtocolMapper(builtins.get(FAMILY_NAME));
profileScope.addProtocolMapper(builtins.get(GIVEN_NAME));
profileScope.addProtocolMapper(builtins.get(MIDDLE_NAME));
profileScope.addProtocolMapper(builtins.get(NICKNAME));
profileScope.addProtocolMapper(builtins.get(USERNAME));
profileScope.addProtocolMapper(builtins.get(PROFILE_CLAIM));
profileScope.addProtocolMapper(builtins.get(PICTURE));
profileScope.addProtocolMapper(builtins.get(WEBSITE));
profileScope.addProtocolMapper(builtins.get(GENDER));
profileScope.addProtocolMapper(builtins.get(BIRTHDATE));
profileScope.addProtocolMapper(builtins.get(ZONEINFO));
profileScope.addProtocolMapper(builtins.get(LOCALE));
profileScope.addProtocolMapper(builtins.get(UPDATED_AT));
ClientScopeModel emailScope = newRealm.addClientScope(OAuth2Constants.SCOPE_EMAIL);
emailScope.setDescription("OpenID Connect built-in scope: email");
emailScope.setDisplayOnConsentScreen(true);
emailScope.setConsentScreenText(EMAIL_SCOPE_CONSENT_TEXT);
emailScope.setIncludeInTokenScope(true);
emailScope.setProtocol(getId());
emailScope.addProtocolMapper(builtins.get(EMAIL));
emailScope.addProtocolMapper(builtins.get(EMAIL_VERIFIED));
ClientScopeModel addressScope = newRealm.addClientScope(OAuth2Constants.SCOPE_ADDRESS);
addressScope.setDescription("OpenID Connect built-in scope: address");
addressScope.setDisplayOnConsentScreen(true);
addressScope.setConsentScreenText(ADDRESS_SCOPE_CONSENT_TEXT);
addressScope.setIncludeInTokenScope(true);
addressScope.setProtocol(getId());
addressScope.addProtocolMapper(builtins.get(ADDRESS));
ClientScopeModel phoneScope = newRealm.addClientScope(OAuth2Constants.SCOPE_PHONE);
phoneScope.setDescription("OpenID Connect built-in scope: phone");
phoneScope.setDisplayOnConsentScreen(true);
phoneScope.setConsentScreenText(PHONE_SCOPE_CONSENT_TEXT);
phoneScope.setIncludeInTokenScope(true);
phoneScope.setProtocol(getId());
phoneScope.addProtocolMapper(builtins.get(PHONE_NUMBER));
phoneScope.addProtocolMapper(builtins.get(PHONE_NUMBER_VERIFIED));
// 'profile' and 'email' will be default scopes for now. 'address' and 'phone' will be optional scopes
newRealm.addDefaultClientScope(profileScope, true);
newRealm.addDefaultClientScope(emailScope, true);
newRealm.addDefaultClientScope(addressScope, false);
newRealm.addDefaultClientScope(phoneScope, false);
RoleModel offlineRole = newRealm.getRole(OAuth2Constants.OFFLINE_ACCESS);
if (offlineRole != null) {
ClientScopeModel offlineAccessScope = KeycloakModelUtils.getClientScopeByName(newRealm, OAuth2Constants.OFFLINE_ACCESS);
if (offlineAccessScope == null) {
DefaultClientScopes.createOfflineAccessClientScope(newRealm, offlineRole);
}
}
addRolesClientScope(newRealm);
addWebOriginsClientScope(newRealm);
addMicroprofileJWTClientScope(newRealm);
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class ClientRolesPartialImport method deleteRole.
public void deleteRole(RealmModel realm, String clientId, RoleRepresentation roleRep) {
ClientModel client = realm.getClientByClientId(clientId);
if (client == null) {
// client might have been removed as part of this partial import
return;
}
RoleModel role = client.getRole(getName(roleRep));
if (role == null) {
// partial import
return;
}
client.removeRole(role);
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RealmRolesPartialImport method remove.
@Override
public void remove(RealmModel realm, KeycloakSession session, RoleRepresentation roleRep) {
RoleModel role = realm.getRole(getName(roleRep));
RoleHelper helper = new RoleHelper(realm);
helper.deleteRole(role);
}
Aggregations