Example 51 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class GroupPathWithoutGroupClaimPolicyTest method addTestRealms.
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
ProtocolMapperRepresentation groupProtocolMapper = new ProtocolMapperRepresentation();
groupProtocolMapper.setName("groups");
groupProtocolMapper.setProtocolMapper(GroupMembershipMapper.PROVIDER_ID);
groupProtocolMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Map<String, String> config = new HashMap<>();
config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "groups");
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
groupProtocolMapper.setConfig(config);
testRealms.add(RealmBuilder.create().name("authz-test").roles(RolesBuilder.create().realmRole(RoleBuilder.create().name("uma_authorization").build())).group(GroupBuilder.create().name("Group A").subGroups(Arrays.asList("Group B", "Group D").stream().map(name -> {
if ("Group B".equals(name)) {
return GroupBuilder.create().name(name).subGroups(Arrays.asList("Group C", "Group E").stream().map(new Function<String, GroupRepresentation>() {
@Override
public GroupRepresentation apply(String name) {
return GroupBuilder.create().name(name).build();
}
}).collect(Collectors.toList())).build();
}
return GroupBuilder.create().name(name).build();
}).collect(Collectors.toList())).build()).group(GroupBuilder.create().name("Group E").build()).user(UserBuilder.create().username("marta").password("password").addRoles("uma_authorization").addGroups("Group A")).user(UserBuilder.create().username("alice").password("password").addRoles("uma_authorization")).user(UserBuilder.create().username("kolo").password("password").addRoles("uma_authorization")).client(ClientBuilder.create().clientId("resource-server-test").secret("secret").authorizationServicesEnabled(true).redirectUris("http://localhost/resource-server-test").defaultRoles("uma_protection").directAccessGrants()).build());
}
Also used :
GroupMembershipMapper(org.keycloak.protocol.oidc.mappers.GroupMembershipMapper)
Arrays(java.util.Arrays)
OIDCAttributeMapperHelper(org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
RolesBuilder(org.keycloak.testsuite.util.RolesBuilder)
HashMap(java.util.HashMap)
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
Function(java.util.function.Function)
Collectors(java.util.stream.Collectors)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
RoleBuilder(org.keycloak.testsuite.util.RoleBuilder)
List(java.util.List)
RealmBuilder(org.keycloak.testsuite.util.RealmBuilder)
UserBuilder(org.keycloak.testsuite.util.UserBuilder)
Map(java.util.Map)
ClientBuilder(org.keycloak.testsuite.util.ClientBuilder)
OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol)
AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer)
GroupBuilder(org.keycloak.testsuite.util.GroupBuilder)
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
HashMap(java.util.HashMap)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
Example 52 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class GroupTest method adminEndpointAccessibleWhenAdminRoleAssignedToGroup.
/**
* Verifies that the role assigned to a user's group is correctly handled by Keycloak Admin endpoint.
* @link https://issues.jboss.org/browse/KEYCLOAK-2964
*/
@Test
public void adminEndpointAccessibleWhenAdminRoleAssignedToGroup() {
String userName = "user-" + UUID.randomUUID();
String groupName = "group-" + UUID.randomUUID();
final String realmName = AuthRealm.MASTER;
RealmResource realm = adminClient.realms().realm(realmName);
RoleRepresentation adminRole = realm.roles().get(AdminRoles.ADMIN).toRepresentation();
assertThat(adminRole, notNullValue());
assertThat(adminRole.getId(), notNullValue());
String userId = createUser(realmName, userName, "pwd");
GroupRepresentation group = GroupBuilder.create().name(groupName).build();
try (Response response = realm.groups().add(group)) {
String groupId = ApiUtil.getCreatedId(response);
RoleMappingResource mappings = realm.groups().group(groupId).roles();
mappings.realmLevel().add(Collections.singletonList(adminRole));
realm.users().get(userId).joinGroup(groupId);
}
try (Keycloak userClient = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", realmName, userName, "pwd", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
assertThat(// Any admin operation will do
userClient.realms().findAll(), not(empty()));
}
}
Also used :
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
Response(javax.ws.rs.core.Response)
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
Keycloak(org.keycloak.admin.client.Keycloak)
RoleMappingResource(org.keycloak.admin.client.resource.RoleMappingResource)
Test(org.junit.Test)
Example 53 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class GroupTest method createAndTestGroups.
@Test
public void createAndTestGroups() throws Exception {
RealmResource realm = adminClient.realms().realm("test");
RoleRepresentation topRole = createRealmRole(realm, RoleBuilder.create().name("topRole").build());
RoleRepresentation level2Role = createRealmRole(realm, RoleBuilder.create().name("level2Role").build());
RoleRepresentation level3Role = createRealmRole(realm, RoleBuilder.create().name("level3Role").build());
// Role events tested elsewhere
assertAdminEvents.clear();
GroupRepresentation topGroup = new GroupRepresentation();
topGroup.setName("top");
topGroup = createGroup(realm, topGroup);
List<RoleRepresentation> roles = new LinkedList<>();
roles.add(topRole);
realm.groups().group(topGroup.getId()).roles().realmLevel().add(roles);
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(topGroup.getId()), roles, ResourceType.REALM_ROLE_MAPPING);
GroupRepresentation level2Group = new GroupRepresentation();
level2Group.setName("level2");
Response response = realm.groups().group(topGroup.getId()).subGroup(level2Group);
response.close();
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupSubgroupsPath(topGroup.getId()), level2Group, ResourceType.GROUP);
URI location = response.getLocation();
final String level2Id = ApiUtil.getCreatedId(response);
final GroupRepresentation level2GroupById = realm.groups().group(level2Id).toRepresentation();
assertEquals(level2Id, level2GroupById.getId());
assertEquals(level2Group.getName(), level2GroupById.getName());
URLAssert.assertGetURL(location, adminClient.tokenManager().getAccessTokenString(), new URLAssert.AssertJSONResponseHandler() {
@Override
protected void assertResponseBody(String body) throws IOException {
GroupRepresentation level2 = JsonSerialization.readValue(body, GroupRepresentation.class);
assertEquals(level2Id, level2.getId());
}
});
level2Group = realm.getGroupByPath("/top/level2");
Assert.assertNotNull(level2Group);
roles.clear();
roles.add(level2Role);
realm.groups().group(level2Group.getId()).roles().realmLevel().add(roles);
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level2Group.getId()), roles, ResourceType.REALM_ROLE_MAPPING);
GroupRepresentation level3Group = new GroupRepresentation();
level3Group.setName("level3");
response = realm.groups().group(level2Group.getId()).subGroup(level3Group);
response.close();
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupSubgroupsPath(level2Group.getId()), level3Group, ResourceType.GROUP);
level3Group = realm.getGroupByPath("/top/level2/level3");
Assert.assertNotNull(level3Group);
roles.clear();
roles.add(level3Role);
realm.groups().group(level3Group.getId()).roles().realmLevel().add(roles);
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level3Group.getId()), roles, ResourceType.REALM_ROLE_MAPPING);
topGroup = realm.getGroupByPath("/top");
assertEquals(1, topGroup.getRealmRoles().size());
assertTrue(topGroup.getRealmRoles().contains("topRole"));
assertEquals(1, topGroup.getSubGroups().size());
level2Group = topGroup.getSubGroups().get(0);
assertEquals("level2", level2Group.getName());
assertEquals(1, level2Group.getRealmRoles().size());
assertTrue(level2Group.getRealmRoles().contains("level2Role"));
assertEquals(1, level2Group.getSubGroups().size());
level3Group = level2Group.getSubGroups().get(0);
assertEquals("level3", level3Group.getName());
assertEquals(1, level3Group.getRealmRoles().size());
assertTrue(level3Group.getRealmRoles().contains("level3Role"));
UserRepresentation user = realm.users().search("direct-login", -1, -1).get(0);
realm.users().get(user.getId()).joinGroup(level3Group.getId());
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userGroupPath(user.getId(), level3Group.getId()), ResourceType.GROUP_MEMBERSHIP);
List<GroupRepresentation> membership = realm.users().get(user.getId()).groups();
assertEquals(1, membership.size());
assertEquals("level3", membership.get(0).getName());
AccessToken token = login("direct-login", "resource-owner", "secret", user.getId());
assertTrue(token.getRealmAccess().getRoles().contains("topRole"));
assertTrue(token.getRealmAccess().getRoles().contains("level2Role"));
assertTrue(token.getRealmAccess().getRoles().contains("level3Role"));
realm.addDefaultGroup(level3Group.getId());
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.defaultGroupPath(level3Group.getId()), ResourceType.GROUP);
List<GroupRepresentation> defaultGroups = realm.getDefaultGroups();
assertEquals(1, defaultGroups.size());
assertEquals(defaultGroups.get(0).getId(), level3Group.getId());
UserRepresentation newUser = new UserRepresentation();
newUser.setUsername("groupUser");
newUser.setEmail("group@group.com");
response = realm.users().create(newUser);
String userId = ApiUtil.getCreatedId(response);
response.close();
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userResourcePath(userId), newUser, ResourceType.USER);
membership = realm.users().get(userId).groups();
assertEquals(1, membership.size());
assertEquals("level3", membership.get(0).getName());
realm.removeDefaultGroup(level3Group.getId());
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.defaultGroupPath(level3Group.getId()), ResourceType.GROUP);
defaultGroups = realm.getDefaultGroups();
assertEquals(0, defaultGroups.size());
realm.groups().group(topGroup.getId()).remove();
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupPath(topGroup.getId()), ResourceType.GROUP);
try {
realm.getGroupByPath("/top/level2/level3");
Assert.fail("Group should not have been found");
} catch (NotFoundException e) {
}
try {
realm.getGroupByPath("/top/level2");
Assert.fail("Group should not have been found");
} catch (NotFoundException e) {
}
try {
realm.getGroupByPath("/top");
Assert.fail("Group should not have been found");
} catch (NotFoundException e) {
}
Assert.assertNull(login("direct-login", "resource-owner", "secret", user.getId()).getRealmAccess());
}
Also used :
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
NotFoundException(javax.ws.rs.NotFoundException)
IOException(java.io.IOException)
URI(java.net.URI)
LinkedList(java.util.LinkedList)
Response(javax.ws.rs.core.Response)
AccessToken(org.keycloak.representations.AccessToken)
URLAssert(org.keycloak.testsuite.util.URLAssert)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Test(org.junit.Test)
Example 54 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class PartialImportTest method addGroups.
private void addGroups() {
List<GroupRepresentation> groups = new ArrayList<>();
for (int i = 0; i < NUM_ENTITIES; i++) {
GroupRepresentation group = new GroupRepresentation();
group.setName(GROUP_PREFIX + i);
group.setPath("/" + GROUP_PREFIX + i);
groups.add(group);
}
piRep.setGroups(groups);
}
Also used :
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
ArrayList(java.util.ArrayList)
Example 55 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class SSSDTest method verifyUserGroups.
private void verifyUserGroups(String username, List<String> groups) {
List<UserRepresentation> users = adminClient.realm(REALM_NAME).users().search(username, 0, 1);
assertThat("There must be at least one user", users.size(), greaterThan(0));
assertThat("Exactly our test user", users.get(0).getUsername(), is(username));
List<GroupRepresentation> assignedGroups = adminClient.realm(REALM_NAME).users().get(users.get(0).getId()).groups();
assertThat("User must have exactly " + groups.size() + " groups", assignedGroups.size(), is(groups.size()));
for (GroupRepresentation group : assignedGroups) {
assertThat(groups.contains(group.getName()), is(true));
}
}
Also used :
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Aggregations
GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)81
Test (org.junit.Test)62
RealmResource (org.keycloak.admin.client.resource.RealmResource)36
Response (javax.ws.rs.core.Response)24
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)23
List (java.util.List)17
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)17
ProtocolMappersResource (org.keycloak.admin.client.resource.ProtocolMappersResource)14
UserResource (org.keycloak.admin.client.resource.UserResource)13
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)12
ArrayList (java.util.ArrayList)10
HashMap (java.util.HashMap)10
IDToken (org.keycloak.representations.IDToken)10
OAuthClient (org.keycloak.testsuite.util.OAuthClient)10
LinkedList (java.util.LinkedList)8
Before (org.junit.Before)8
RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)7
Map (java.util.Map)6
NotFoundException (javax.ws.rs.NotFoundException)6
AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)6
