Search in sources :

Example 1 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project openremote by openremote.

the class KeycloakCleanSetup method onStart.

@Override
public void onStart() throws Exception {
    super.onStart();
    // Delete all realms that are not the master realm
    LOG.info("Deleting all non-master realms");
    RealmsResource realmsResource = keycloakProvider.getRealms(accessToken);
    List<RealmRepresentation> realms = realmsResource.findAll();
    for (RealmRepresentation realmRepresentation : realms) {
        if (!realmRepresentation.getRealm().equals(MASTER_REALM)) {
            keycloakProvider.getRealms(accessToken).realm(realmRepresentation.getRealm()).remove();
        }
    }
    // Find out if there is a client already present for this application, if so, delete it
    masterClientsResource.findAll().stream().filter(clientRepresentation -> clientRepresentation.getClientId().equals(KEYCLOAK_CLIENT_ID)).map(ClientRepresentation::getId).forEach(clientObjectId -> {
        LOG.info("Deleting client: " + clientObjectId);
        masterClientsResource.get(clientObjectId).remove();
    });
    // Find out if there are any users except the admin, delete them
    masterUsersResource.search(null, null, null).stream().filter(userRepresentation -> !userRepresentation.getUsername().equals(MASTER_REALM_ADMIN_USER)).map(userRepresentation -> {
        LOG.info("Deleting user: " + userRepresentation);
        return masterUsersResource.get(userRepresentation.getId());
    }).forEach(UserResource::remove);
}
Also used : ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Container(org.openremote.container.Container) List(java.util.List) RealmsResource(org.keycloak.admin.client.resource.RealmsResource) AbstractKeycloakSetup(org.openremote.manager.setup.AbstractKeycloakSetup) UserResource(org.keycloak.admin.client.resource.UserResource) Logger(java.util.logging.Logger) Constants(org.openremote.model.Constants) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) RealmsResource(org.keycloak.admin.client.resource.RealmsResource) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) UserResource(org.keycloak.admin.client.resource.UserResource)

Example 2 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class UpdateCmd method execute.

@Override
public CommandResult execute(CommandInvocation commandInvocation) throws CommandException, InterruptedException {
    List<AttributeOperation> attrs = new LinkedList<>();
    try {
        if (printHelp()) {
            return help ? CommandResult.SUCCESS : CommandResult.FAILURE;
        }
        processGlobalOptions();
        String clientId = null;
        if (args != null) {
            Iterator<String> it = args.iterator();
            if (!it.hasNext()) {
                throw new IllegalArgumentException("CLIENT_ID not specified");
            }
            clientId = it.next();
            if (clientId.startsWith("-")) {
                warnfErr(ParseUtil.CLIENT_OPTION_WARN, clientId);
            }
            while (it.hasNext()) {
                String option = it.next();
                switch(option) {
                    case "-s":
                    case "--set":
                        {
                            if (!it.hasNext()) {
                                throw new IllegalArgumentException("Option " + option + " requires a value");
                            }
                            String[] keyVal = parseKeyVal(it.next());
                            attrs.add(new AttributeOperation(SET, keyVal[0], keyVal[1]));
                            break;
                        }
                    case "-d":
                    case "--delete":
                        {
                            attrs.add(new AttributeOperation(DELETE, it.next()));
                            break;
                        }
                    default:
                        {
                            throw new IllegalArgumentException("Unsupported option: " + option);
                        }
                }
            }
        }
        if (file == null && attrs.size() == 0) {
            throw new IllegalArgumentException("No file nor attribute values specified");
        }
        // 
        if (file == null && attrs.size() > 0) {
            mergeMode = true;
        }
        CmdStdinContext ctx = new CmdStdinContext();
        if (file != null) {
            ctx = parseFileOrStdin(file, regType);
            regType = ctx.getEndpointType();
        }
        if (regType == null) {
            regType = DEFAULT;
            ctx.setEndpointType(regType);
        } else if (regType != DEFAULT && regType != OIDC) {
            throw new RuntimeException("Update not supported for endpoint type: " + regType.getEndpoint());
        }
        // initialize config only after reading from stdin,
        // to allow proper operation when piping 'get' - which consumes the old
        // registration access token, and saves the new one to the config
        ConfigData config = loadConfig();
        config = copyWithServerInfo(config);
        final String server = config.getServerUrl();
        final String realm = config.getRealm();
        if (token == null) {
            // if registration access token is not set via --token, see if it's in the body of any input file
            // but first see if it's overridden by --set, or maybe deliberately muted via -d registrationAccessToken
            boolean processed = false;
            for (AttributeOperation op : attrs) {
                if ("registrationAccessToken".equals(op.getKey().toString())) {
                    processed = true;
                    if (op.getType() == AttributeOperation.Type.SET) {
                        token = op.getValue();
                    }
                    // otherwise it's delete - meaning it should stay null
                    break;
                }
            }
            if (!processed) {
                token = ctx.getRegistrationAccessToken();
            }
        }
        if (token == null) {
            // if registration access token is not set, try use the one from configuration
            token = getRegistrationToken(config.sessionRealmConfigData(), clientId);
        }
        setupTruststore(config, commandInvocation);
        String auth = token;
        if (auth == null) {
            config = ensureAuthInfo(config, commandInvocation);
            config = copyWithServerInfo(config);
            if (credentialsAvailable(config)) {
                auth = ensureToken(config);
            }
        }
        auth = auth != null ? "Bearer " + auth : null;
        if (mergeMode) {
            InputStream response = doGet(server + "/realms/" + realm + "/clients-registrations/" + regType.getEndpoint() + "/" + urlencode(clientId), APPLICATION_JSON, auth);
            String json = readFully(response);
            CmdStdinContext ctxremote = new CmdStdinContext();
            ctxremote.setContent(json);
            ctxremote.setEndpointType(regType);
            try {
                if (regType == DEFAULT) {
                    ctxremote.setClient(JsonSerialization.readValue(json, ClientRepresentation.class));
                    token = ctxremote.getClient().getRegistrationAccessToken();
                } else if (regType == OIDC) {
                    ctxremote.setOidcClient(JsonSerialization.readValue(json, OIDCClientRepresentation.class));
                    token = ctxremote.getOidcClient().getRegistrationAccessToken();
                }
            } catch (JsonParseException e) {
                throw new RuntimeException("Not a valid JSON document. " + e.getMessage(), e);
            } catch (IOException e) {
                throw new RuntimeException("Not a valid JSON document", e);
            }
            // that ensures optimistic locking semantics
            if (token != null) {
                // we use auth with doPost later
                auth = "Bearer " + token;
                String newToken = token;
                String clientToUpdate = clientId;
                saveMergeConfig(cfg -> {
                    setRegistrationToken(cfg.ensureRealmConfigData(server, realm), clientToUpdate, newToken);
                });
            }
            // merge local representation over remote one
            if (ctx.getClient() != null) {
                ReflectionUtil.merge(ctx.getClient(), ctxremote.getClient());
            } else if (ctx.getOidcClient() != null) {
                ReflectionUtil.merge(ctx.getOidcClient(), ctxremote.getOidcClient());
            }
            ctx = ctxremote;
        }
        if (attrs.size() > 0) {
            ctx = mergeAttributes(ctx, attrs);
        }
        // now update
        InputStream response = doPut(server + "/realms/" + realm + "/clients-registrations/" + regType.getEndpoint() + "/" + urlencode(clientId), APPLICATION_JSON, APPLICATION_JSON, ctx.getContent(), auth);
        try {
            if (regType == DEFAULT) {
                ClientRepresentation clirep = JsonSerialization.readValue(response, ClientRepresentation.class);
                outputResult(clirep);
                token = clirep.getRegistrationAccessToken();
            } else if (regType == OIDC) {
                OIDCClientRepresentation clirep = JsonSerialization.readValue(response, OIDCClientRepresentation.class);
                outputResult(clirep);
                token = clirep.getRegistrationAccessToken();
            }
            String newToken = token;
            String clientToUpdate = clientId;
            saveMergeConfig(cfg -> {
                setRegistrationToken(cfg.ensureRealmConfigData(server, realm), clientToUpdate, newToken);
            });
        } catch (IOException e) {
            throw new RuntimeException("Failed to process HTTP response", e);
        }
        return CommandResult.SUCCESS;
    } catch (IllegalArgumentException e) {
        throw new IllegalArgumentException(e.getMessage() + suggestHelp(), e);
    } finally {
        commandInvocation.stop();
    }
}
Also used : AttributeOperation(org.keycloak.client.registration.cli.common.AttributeOperation) InputStream(java.io.InputStream) IOException(java.io.IOException) JsonParseException(com.fasterxml.jackson.core.JsonParseException) LinkedList(java.util.LinkedList) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ConfigData(org.keycloak.client.registration.cli.config.ConfigData) CmdStdinContext(org.keycloak.client.registration.cli.common.CmdStdinContext)

Example 3 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class ParseUtil method parseFileOrStdin.

public static CmdStdinContext parseFileOrStdin(String file, EndpointType type) {
    String content = readFileOrStdin(file).trim();
    ClientRepresentation client = null;
    OIDCClientRepresentation oidcClient = null;
    if (type == null) {
        // guess the correct endpoint from content of the file
        if (content.startsWith("<")) {
            // looks like XML
            type = EndpointType.SAML2;
        } else if (content.startsWith("{")) {
            // try parse as ClientRepresentation
            try {
                client = JsonSerialization.readValue(content, ClientRepresentation.class);
                type = EndpointType.DEFAULT;
            } catch (JsonParseException e) {
                throw new RuntimeException("Failed to read the input document as JSON: " + e.getMessage(), e);
            } catch (Exception ignored) {
            // deliberately not logged
            }
            if (client == null) {
                // try parse as OIDCClientRepresentation
                try {
                    oidcClient = JsonSerialization.readValue(content, OIDCClientRepresentation.class);
                    type = EndpointType.OIDC;
                } catch (IOException ne) {
                    throw new RuntimeException("Unable to determine input document type. Use -e TYPE to specify the registration endpoint to use");
                } catch (Exception e) {
                    throw new RuntimeException("Failed to read the input document as JSON", e);
                }
            }
        } else if (content.length() == 0) {
            throw new RuntimeException("Document provided by --file option is empty");
        } else {
            throw new RuntimeException("Unable to determine input document type. Use -e TYPE to specify the registration endpoint to use");
        }
    }
    // check content type, making sure it can be parsed into .json if it's not saml xml
    if (content != null) {
        try {
            if (type == EndpointType.DEFAULT && client == null) {
                client = JsonSerialization.readValue(content, ClientRepresentation.class);
            } else if (type == EndpointType.OIDC && oidcClient == null) {
                oidcClient = JsonSerialization.readValue(content, OIDCClientRepresentation.class);
            }
        } catch (JsonParseException e) {
            throw new RuntimeException("Not a valid JSON document - " + e.getMessage(), e);
        } catch (UnrecognizedPropertyException e) {
            throw new RuntimeException("Attribute '" + e.getPropertyName() + "' not supported on document type '" + type.getName() + "'", e);
        } catch (IOException e) {
            throw new RuntimeException("Not a valid JSON document", e);
        }
    }
    CmdStdinContext ctx = new CmdStdinContext();
    ctx.setEndpointType(type);
    ctx.setContent(content);
    ctx.setClient(client);
    ctx.setOidcClient(oidcClient);
    return ctx;
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) CmdStdinContext(org.keycloak.client.registration.cli.common.CmdStdinContext) UnrecognizedPropertyException(com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException) IOException(java.io.IOException) JsonParseException(com.fasterxml.jackson.core.JsonParseException) UnrecognizedPropertyException(com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException) IOException(java.io.IOException) JsonParseException(com.fasterxml.jackson.core.JsonParseException) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)

Example 4 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class ParseUtil method mergeAttributes.

public static CmdStdinContext mergeAttributes(CmdStdinContext ctx, List<AttributeOperation> attrs) {
    String content = ctx.getContent();
    ClientRepresentation client = ctx.getClient();
    OIDCClientRepresentation oidcClient = ctx.getOidcClient();
    EndpointType type = ctx.getEndpointType();
    try {
        if (content == null) {
            if (type == EndpointType.DEFAULT) {
                client = new ClientRepresentation();
            } else if (type == EndpointType.OIDC) {
                oidcClient = new OIDCClientRepresentation();
            }
        }
        Object rep = client != null ? client : oidcClient;
        if (rep != null) {
            try {
                setAttributes(rep, attrs);
            } catch (AttributeException e) {
                throw new RuntimeException("Failed to set attribute '" + e.getAttributeName() + "' on document type '" + type.getName() + "'", e);
            }
            content = JsonSerialization.writeValueAsString(rep);
        } else {
            throw new RuntimeException("Setting attributes is not supported for type: " + type.getName());
        }
    } catch (IOException e) {
        throw new RuntimeException("Failed to merge set attributes with configuration from file", e);
    }
    ctx.setContent(content);
    ctx.setClient(client);
    ctx.setOidcClient(oidcClient);
    return ctx;
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) EndpointType(org.keycloak.client.registration.cli.common.EndpointType) IOException(java.io.IOException) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)

Example 5 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class ClientRegistration method update.

public ClientRepresentation update(ClientRepresentation client) throws ClientRegistrationException {
    String content = serialize(client);
    InputStream resultStream = httpUtil.doPut(content, JSON, UTF_8, JSON, DEFAULT, client.getClientId());
    return resultStream != null ? deserialize(resultStream, ClientRepresentation.class) : null;
}
Also used : InputStream(java.io.InputStream) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)

Aggregations

ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)576 Test (org.junit.Test)359 ClientResource (org.keycloak.admin.client.resource.ClientResource)189 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)139 OAuthClient (org.keycloak.testsuite.util.OAuthClient)101 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)61 Response (javax.ws.rs.core.Response)59 Matchers.containsString (org.hamcrest.Matchers.containsString)58 RealmResource (org.keycloak.admin.client.resource.RealmResource)58 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)58 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)53 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)43 AuthenticationRequestAcknowledgement (org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement)41 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)38 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)38 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)37 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)37 ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)37 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)37 HashMap (java.util.HashMap)33