Example 66 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class OIDCProtocolMappersTest method testGroupAttributeUserOneGroupNoMultivalueNoAggregate.
@Test
public void testGroupAttributeUserOneGroupNoMultivalueNoAggregate() throws Exception {
// get the user
UserResource userResource = findUserByUsernameId(adminClient.realm("test"), "test-user@localhost");
UserRepresentation user = userResource.toRepresentation();
user.setAttributes(new HashMap<>());
user.getAttributes().put("group-value", Arrays.asList("user-value1", "user-value2"));
userResource.update(user);
// create a group1 with two values
GroupRepresentation group1 = new GroupRepresentation();
group1.setName("group1");
group1.setAttributes(new HashMap<>());
group1.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
adminClient.realm("test").groups().add(group1);
group1 = adminClient.realm("test").getGroupByPath("/group1");
userResource.joinGroup(group1.getId());
// create the attribute mapper
ProtocolMappersResource protocolMappers = findClientResourceByClientId(adminClient.realm("test"), "test-app").getProtocolMappers();
protocolMappers.createMapper(createClaimMapper("group-value", "group-value", "group-value", "String", true, true, false, false)).close();
try {
// test it
OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password");
IDToken idToken = oauth.verifyIDToken(response.getIdToken());
assertNotNull(idToken.getOtherClaims());
assertNotNull(idToken.getOtherClaims().get("group-value"));
assertTrue(idToken.getOtherClaims().get("group-value") instanceof String);
assertTrue("user-value1".equals(idToken.getOtherClaims().get("group-value")) || "user-value2".equals(idToken.getOtherClaims().get("group-value")));
} finally {
// revert
user.getAttributes().remove("group-value");
userResource.update(user);
userResource.leaveGroup(group1.getId());
adminClient.realm("test").groups().group(group1.getId()).remove();
deleteMappers(protocolMappers);
}
}
Also used :
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
UserResource(org.keycloak.admin.client.resource.UserResource)
IDToken(org.keycloak.representations.IDToken)
Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString)
ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Example 67 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class RepresentationToModel method importGroup.
public static void importGroup(RealmModel realm, GroupModel parent, GroupRepresentation group) {
GroupModel newGroup = realm.createGroup(group.getId(), group.getName(), parent);
if (group.getAttributes() != null) {
for (Map.Entry<String, List<String>> attr : group.getAttributes().entrySet()) {
newGroup.setAttribute(attr.getKey(), attr.getValue());
}
}
if (group.getRealmRoles() != null) {
for (String roleString : group.getRealmRoles()) {
RoleModel role = realm.getRole(roleString.trim());
if (role == null) {
role = realm.addRole(roleString.trim());
}
newGroup.grantRole(role);
}
}
if (group.getClientRoles() != null) {
for (Map.Entry<String, List<String>> entry : group.getClientRoles().entrySet()) {
ClientModel client = realm.getClientByClientId(entry.getKey());
if (client == null) {
throw new RuntimeException("Unable to find client role mappings for client: " + entry.getKey());
}
List<String> roleNames = entry.getValue();
for (String roleName : roleNames) {
RoleModel role = client.getRole(roleName.trim());
if (role == null) {
role = client.addRole(roleName.trim());
}
newGroup.grantRole(role);
}
}
}
if (group.getSubGroups() != null) {
for (GroupRepresentation subGroup : group.getSubGroups()) {
importGroup(realm, newGroup, subGroup);
}
}
}
Also used :
ClientModel(org.keycloak.models.ClientModel)
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
GroupModel(org.keycloak.models.GroupModel)
ArrayList(java.util.ArrayList)
List(java.util.List)
LinkedList(java.util.LinkedList)
RoleModel(org.keycloak.models.RoleModel)
ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)
Map(java.util.Map)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
HashMap(java.util.HashMap)
Example 68 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class RepresentationToModel method importGroups.
public static void importGroups(RealmModel realm, RealmRepresentation rep) {
List<GroupRepresentation> groups = rep.getGroups();
if (groups == null)
return;
GroupModel parent = null;
for (GroupRepresentation group : groups) {
importGroup(realm, parent, group);
}
}
Also used :
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
GroupModel(org.keycloak.models.GroupModel)
Example 69 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class GroupPathPolicyTest method getGroup.
private GroupRepresentation getGroup(String path) {
String[] parts = path.split("/");
RealmResource realm = getRealm();
GroupRepresentation parent = null;
for (String part : parts) {
if ("".equals(part)) {
continue;
}
if (parent == null) {
parent = realm.groups().groups().stream().filter(new Predicate<GroupRepresentation>() {
@Override
public boolean test(GroupRepresentation groupRepresentation) {
return part.equals(groupRepresentation.getName());
}
}).findFirst().get();
continue;
}
GroupRepresentation group = getGroup(part, parent.getSubGroups());
if (path.endsWith(group.getName())) {
return group;
}
parent = group;
}
return null;
}
Also used :
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
Predicate(java.util.function.Predicate)
Example 70 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class GroupPathPolicyTest method testOnlyChildrenPolicy.
@Test
public void testOnlyChildrenPolicy() throws Exception {
RealmResource realm = getRealm();
AuthzClient authzClient = getAuthzClient();
PermissionRequest request = new PermissionRequest("Resource B");
String ticket = authzClient.protection().permission().create(request).getTicket();
try {
authzClient.authorization("kolo", "password").authorize(new AuthorizationRequest(ticket));
fail("Should fail because user is not granted with expected role");
} catch (AuthorizationDeniedException ignore) {
}
GroupRepresentation group = getGroup("/Group A/Group B/Group C");
UserRepresentation user = realm.users().search("kolo").get(0);
realm.users().get(user.getId()).joinGroup(group.getId());
AuthorizationResponse response = authzClient.authorization("kolo", "password").authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
try {
authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
fail("Should fail because user is not granted with expected role");
} catch (AuthorizationDeniedException ignore) {
}
}
Also used :
PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest)
AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException)
AuthzClient(org.keycloak.authorization.client.AuthzClient)
AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest)
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)
Test(org.junit.Test)
Aggregations
GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)81
Test (org.junit.Test)62
RealmResource (org.keycloak.admin.client.resource.RealmResource)36
Response (javax.ws.rs.core.Response)24
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)23
List (java.util.List)17
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)17
ProtocolMappersResource (org.keycloak.admin.client.resource.ProtocolMappersResource)14
UserResource (org.keycloak.admin.client.resource.UserResource)13
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)12
ArrayList (java.util.ArrayList)10
HashMap (java.util.HashMap)10
IDToken (org.keycloak.representations.IDToken)10
OAuthClient (org.keycloak.testsuite.util.OAuthClient)10
LinkedList (java.util.LinkedList)8
Before (org.junit.Before)8
RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)7
Map (java.util.Map)6
NotFoundException (javax.ws.rs.NotFoundException)6
AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)6
