Search in sources :

Example 26 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class KeycloakModelUtils method setupDeleteAccount.

public static void setupDeleteAccount(ClientModel accountClient) {
    RoleModel deleteOwnAccount = accountClient.getRole(AccountRoles.DELETE_ACCOUNT);
    if (deleteOwnAccount == null) {
        deleteOwnAccount = accountClient.addRole(AccountRoles.DELETE_ACCOUNT);
    }
    deleteOwnAccount.setDescription("${role_" + AccountRoles.DELETE_ACCOUNT + "}");
}
Also used : RoleModel(org.keycloak.models.RoleModel)

Example 27 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class MigrationUtils method addAdminRole.

public static void addAdminRole(RealmModel realm, String roleName) {
    ClientModel client = realm.getMasterAdminClient();
    if (client != null && client.getRole(roleName) == null) {
        RoleModel role = client.addRole(roleName);
        role.setDescription("${role_" + roleName + "}");
        client.getRealm().getRole(AdminRoles.ADMIN).addCompositeRole(role);
    }
    if (!realm.getName().equals(Config.getAdminRealm())) {
        client = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
        if (client != null && client.getRole(roleName) == null) {
            RoleModel role = client.addRole(roleName);
            role.setDescription("${role_" + roleName + "}");
            client.getRole(AdminRoles.REALM_ADMIN).addCompositeRole(role);
        }
    }
}
Also used : ClientModel(org.keycloak.models.ClientModel) RoleModel(org.keycloak.models.RoleModel)

Example 28 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class OIDCLoginProtocolFactory method createDefaultClientScopesImpl.

@Override
protected void createDefaultClientScopesImpl(RealmModel newRealm) {
    // name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, and updated_at.
    ClientScopeModel profileScope = newRealm.addClientScope(OAuth2Constants.SCOPE_PROFILE);
    profileScope.setDescription("OpenID Connect built-in scope: profile");
    profileScope.setDisplayOnConsentScreen(true);
    profileScope.setConsentScreenText(PROFILE_SCOPE_CONSENT_TEXT);
    profileScope.setIncludeInTokenScope(true);
    profileScope.setProtocol(getId());
    profileScope.addProtocolMapper(builtins.get(FULL_NAME));
    profileScope.addProtocolMapper(builtins.get(FAMILY_NAME));
    profileScope.addProtocolMapper(builtins.get(GIVEN_NAME));
    profileScope.addProtocolMapper(builtins.get(MIDDLE_NAME));
    profileScope.addProtocolMapper(builtins.get(NICKNAME));
    profileScope.addProtocolMapper(builtins.get(USERNAME));
    profileScope.addProtocolMapper(builtins.get(PROFILE_CLAIM));
    profileScope.addProtocolMapper(builtins.get(PICTURE));
    profileScope.addProtocolMapper(builtins.get(WEBSITE));
    profileScope.addProtocolMapper(builtins.get(GENDER));
    profileScope.addProtocolMapper(builtins.get(BIRTHDATE));
    profileScope.addProtocolMapper(builtins.get(ZONEINFO));
    profileScope.addProtocolMapper(builtins.get(LOCALE));
    profileScope.addProtocolMapper(builtins.get(UPDATED_AT));
    ClientScopeModel emailScope = newRealm.addClientScope(OAuth2Constants.SCOPE_EMAIL);
    emailScope.setDescription("OpenID Connect built-in scope: email");
    emailScope.setDisplayOnConsentScreen(true);
    emailScope.setConsentScreenText(EMAIL_SCOPE_CONSENT_TEXT);
    emailScope.setIncludeInTokenScope(true);
    emailScope.setProtocol(getId());
    emailScope.addProtocolMapper(builtins.get(EMAIL));
    emailScope.addProtocolMapper(builtins.get(EMAIL_VERIFIED));
    ClientScopeModel addressScope = newRealm.addClientScope(OAuth2Constants.SCOPE_ADDRESS);
    addressScope.setDescription("OpenID Connect built-in scope: address");
    addressScope.setDisplayOnConsentScreen(true);
    addressScope.setConsentScreenText(ADDRESS_SCOPE_CONSENT_TEXT);
    addressScope.setIncludeInTokenScope(true);
    addressScope.setProtocol(getId());
    addressScope.addProtocolMapper(builtins.get(ADDRESS));
    ClientScopeModel phoneScope = newRealm.addClientScope(OAuth2Constants.SCOPE_PHONE);
    phoneScope.setDescription("OpenID Connect built-in scope: phone");
    phoneScope.setDisplayOnConsentScreen(true);
    phoneScope.setConsentScreenText(PHONE_SCOPE_CONSENT_TEXT);
    phoneScope.setIncludeInTokenScope(true);
    phoneScope.setProtocol(getId());
    phoneScope.addProtocolMapper(builtins.get(PHONE_NUMBER));
    phoneScope.addProtocolMapper(builtins.get(PHONE_NUMBER_VERIFIED));
    // 'profile' and 'email' will be default scopes for now. 'address' and 'phone' will be optional scopes
    newRealm.addDefaultClientScope(profileScope, true);
    newRealm.addDefaultClientScope(emailScope, true);
    newRealm.addDefaultClientScope(addressScope, false);
    newRealm.addDefaultClientScope(phoneScope, false);
    RoleModel offlineRole = newRealm.getRole(OAuth2Constants.OFFLINE_ACCESS);
    if (offlineRole != null) {
        ClientScopeModel offlineAccessScope = KeycloakModelUtils.getClientScopeByName(newRealm, OAuth2Constants.OFFLINE_ACCESS);
        if (offlineAccessScope == null) {
            DefaultClientScopes.createOfflineAccessClientScope(newRealm, offlineRole);
        }
    }
    addRolesClientScope(newRealm);
    addWebOriginsClientScope(newRealm);
    addMicroprofileJWTClientScope(newRealm);
}
Also used : ClientScopeModel(org.keycloak.models.ClientScopeModel) RoleModel(org.keycloak.models.RoleModel)

Example 29 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ClientRolesPartialImport method deleteRole.

public void deleteRole(RealmModel realm, String clientId, RoleRepresentation roleRep) {
    ClientModel client = realm.getClientByClientId(clientId);
    if (client == null) {
        // client might have been removed as part of this partial import
        return;
    }
    RoleModel role = client.getRole(getName(roleRep));
    if (role == null) {
        // partial import
        return;
    }
    client.removeRole(role);
}
Also used : ClientModel(org.keycloak.models.ClientModel) RoleModel(org.keycloak.models.RoleModel)

Example 30 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RealmRolesPartialImport method remove.

@Override
public void remove(RealmModel realm, KeycloakSession session, RoleRepresentation roleRep) {
    RoleModel role = realm.getRole(getName(roleRep));
    RoleHelper helper = new RoleHelper(realm);
    helper.deleteRole(role);
}
Also used : RoleModel(org.keycloak.models.RoleModel)

Aggregations

RoleModel (org.keycloak.models.RoleModel)153 ClientModel (org.keycloak.models.ClientModel)73 RealmModel (org.keycloak.models.RealmModel)69 UserModel (org.keycloak.models.UserModel)36 Path (javax.ws.rs.Path)29 Test (org.junit.Test)29 NotFoundException (javax.ws.rs.NotFoundException)25 NoCache (org.jboss.resteasy.annotations.cache.NoCache)20 KeycloakSession (org.keycloak.models.KeycloakSession)19 Consumes (javax.ws.rs.Consumes)17 List (java.util.List)16 GET (javax.ws.rs.GET)16 Produces (javax.ws.rs.Produces)16 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)15 LinkedList (java.util.LinkedList)14 HashMap (java.util.HashMap)13 ArrayList (java.util.ArrayList)12 GroupModel (org.keycloak.models.GroupModel)12 RoleContainerModel (org.keycloak.models.RoleContainerModel)12 Policy (org.keycloak.authorization.model.Policy)11