Examples with RoleModel org.keycloak.models.RoleModel used on opensource projects

Example 41 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ClientModelTest method testRealmRoleRemovalAndClientScope.

@Test
@ModelTest
public void testRealmRoleRemovalAndClientScope(KeycloakSession session) {
    // Client "from" has a role.  Assign this role to a scope to client "scoped".  Delete the role and make sure
    // cache gets cleared
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRealmRoleRemove1) -> {
        currentSession = sessionRealmRoleRemove1;
        RealmModel realm = currentSession.realms().getRealmByName(realmName);
        RoleModel role = realm.addRole("clientRole");
        roleId = role.getId();
        ClientModel scoped = realm.addClient("scoped");
        scoped.setFullScopeAllowed(false);
        scoped.addScopeMapping(role);
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRealmRoleRemove2) -> {
        currentSession = sessionRealmRoleRemove2;
        RealmModel realm = currentSession.realms().getRealmByName(realmName);
        RoleModel role = currentSession.roles().getRoleById(realm, roleId);
        realm.removeRole(role);
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRealmRoleRemove3) -> {
        currentSession = sessionRealmRoleRemove3;
        RealmModel realm = currentSession.realms().getRealmByName(realmName);
        ClientModel scoped = realm.getClientByClientId("scoped");
        // used to throw an NPE
        assertThat("Scope Mappings is not 0", scoped.getScopeMappingsStream().count(), is(0L));
        currentSession.clients().removeClient(realm, scoped.getId());
    });
}

Example 42 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ClientModelTest method testCircularClientScopes.

@Test
@ModelTest
public void testCircularClientScopes(KeycloakSession session) {
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCircuilarClient1) -> {
        currentSession = sessionCircuilarClient1;
        RealmModel realm = currentSession.realms().getRealmByName(realmName);
        ClientModel scoped1 = realm.addClient("scoped1");
        RoleModel role1 = scoped1.addRole("role1");
        ClientModel scoped2 = realm.addClient("scoped2");
        RoleModel role2 = scoped2.addRole("role2");
        scoped1.addScopeMapping(role2);
        scoped2.addScopeMapping(role1);
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCircuilarClient2) -> {
        currentSession = sessionCircuilarClient2;
        RealmModel realm = currentSession.realms().getRealmByName(realmName);
        // this hit the circular cache and failed with a stack overflow
        ClientModel scoped1 = realm.getClientByClientId("scoped1");
        currentSession.clients().removeClient(realm, scoped1.getId());
    });
}

Example 43 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class CacheTest method testRoleMappingsInvalidatedWhenClientRemoved.

// KEYCLOAK-1842
@Test
public void testRoleMappingsInvalidatedWhenClientRemoved() {
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        UserModel user = session.users().addUser(realm, "joel");
        ClientModel client = realm.addClient("foo");
        RoleModel fooRole = client.addRole("foo-role");
        user.grantRole(fooRole);
    });
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        UserModel user = session.users().getUserByUsername(realm, "joel");
        long grantedRolesCount = user.getRoleMappingsStream().count();
        ClientModel client = realm.getClientByClientId("foo");
        realm.removeClient(client.getId());
        realm = session.realms().getRealmByName("test");
        user = session.users().getUserByUsername(realm, "joel");
        Set<RoleModel> roles = user.getRoleMappingsStream().collect(Collectors.toSet());
        for (RoleModel role : roles) {
            Assert.assertNotNull(role.getContainer());
        }
        Assert.assertEquals(roles.size(), grantedRolesCount - 1);
    });
}

Example 44 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class HardcodedLDAPRoleStorageMapper method getRole.

private RoleModel getRole(RealmModel realm) {
    String roleName = mapperModel.getConfig().getFirst(HardcodedLDAPRoleStorageMapper.ROLE);
    RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName);
    if (role == null) {
        logger.warnf("Hardcoded role '%s' configured in mapper '%s' is not available anymore");
    }
    return role;
}

Example 45 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class MapClientProviderFactory method onEvent.

@Override
public void onEvent(ProviderEvent event) {
    if (event instanceof RoleContainerModel.RoleRemovedEvent) {
        RoleRemovedEvent e = (RoleContainerModel.RoleRemovedEvent) event;
        RoleModel role = e.getRole();
        RoleContainerModel container = role.getContainer();
        RealmModel realm;
        if (container instanceof RealmModel) {
            realm = (RealmModel) container;
        } else if (container instanceof ClientModel) {
            realm = ((ClientModel) container).getRealm();
        } else {
            return;
        }
        ((MapClientProvider) e.getKeycloakSession().getProvider(ClientProvider.class)).preRemove(realm, role);
    }
}