Example 6 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class OIDCProtocolMappersTest method testGroupAttributeTwoGroupNoMultivalueNoAggregate.
@Test
public void testGroupAttributeTwoGroupNoMultivalueNoAggregate() throws Exception {
// get the user
UserResource userResource = findUserByUsernameId(adminClient.realm("test"), "test-user@localhost");
// create two groups with two values (one is the same value)
GroupRepresentation group1 = new GroupRepresentation();
group1.setName("group1");
group1.setAttributes(new HashMap<>());
group1.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
adminClient.realm("test").groups().add(group1);
group1 = adminClient.realm("test").getGroupByPath("/group1");
userResource.joinGroup(group1.getId());
GroupRepresentation group2 = new GroupRepresentation();
group2.setName("group2");
group2.setAttributes(new HashMap<>());
group2.getAttributes().put("group-value", Arrays.asList("value2", "value3"));
adminClient.realm("test").groups().add(group2);
group2 = adminClient.realm("test").getGroupByPath("/group2");
userResource.joinGroup(group2.getId());
// create the attribute mapper
ProtocolMappersResource protocolMappers = findClientResourceByClientId(adminClient.realm("test"), "test-app").getProtocolMappers();
protocolMappers.createMapper(createClaimMapper("group-value", "group-value", "group-value", "String", true, true, false, false)).close();
try {
// test it
OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password");
IDToken idToken = oauth.verifyIDToken(response.getIdToken());
assertNotNull(idToken.getOtherClaims());
assertNotNull(idToken.getOtherClaims().get("group-value"));
assertTrue(idToken.getOtherClaims().get("group-value") instanceof String);
assertTrue("value1".equals(idToken.getOtherClaims().get("group-value")) || "value2".equals(idToken.getOtherClaims().get("group-value")) || "value3".equals(idToken.getOtherClaims().get("group-value")));
} finally {
// revert
userResource.leaveGroup(group1.getId());
adminClient.realm("test").groups().group(group1.getId()).remove();
userResource.leaveGroup(group2.getId());
adminClient.realm("test").groups().group(group2.getId()).remove();
deleteMappers(protocolMappers);
}
}
Also used :
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
UserResource(org.keycloak.admin.client.resource.UserResource)
IDToken(org.keycloak.representations.IDToken)
Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString)
ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Example 7 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class OIDCProtocolMappersTest method testGroupAttributeUserOneGroupMultivalueNoAggregate.
@Test
public void testGroupAttributeUserOneGroupMultivalueNoAggregate() throws Exception {
// get the user
UserResource userResource = findUserByUsernameId(adminClient.realm("test"), "test-user@localhost");
UserRepresentation user = userResource.toRepresentation();
user.setAttributes(new HashMap<>());
user.getAttributes().put("group-value", Arrays.asList("user-value1", "user-value2"));
userResource.update(user);
// create a group1 with two values
GroupRepresentation group1 = new GroupRepresentation();
group1.setName("group1");
group1.setAttributes(new HashMap<>());
group1.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
adminClient.realm("test").groups().add(group1);
group1 = adminClient.realm("test").getGroupByPath("/group1");
userResource.joinGroup(group1.getId());
// create the attribute mapper
ProtocolMappersResource protocolMappers = findClientResourceByClientId(adminClient.realm("test"), "test-app").getProtocolMappers();
protocolMappers.createMapper(createClaimMapper("group-value", "group-value", "group-value", "String", true, true, true, false)).close();
try {
// test it
OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password");
IDToken idToken = oauth.verifyIDToken(response.getIdToken());
assertNotNull(idToken.getOtherClaims());
assertNotNull(idToken.getOtherClaims().get("group-value"));
assertTrue(idToken.getOtherClaims().get("group-value") instanceof List);
assertEquals(2, ((List) idToken.getOtherClaims().get("group-value")).size());
assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("user-value1"));
assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("user-value2"));
} finally {
// revert
user.getAttributes().remove("group-value");
userResource.update(user);
userResource.leaveGroup(group1.getId());
adminClient.realm("test").groups().group(group1.getId()).remove();
deleteMappers(protocolMappers);
}
}
Also used :
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
UserResource(org.keycloak.admin.client.resource.UserResource)
IDToken(org.keycloak.representations.IDToken)
List(java.util.List)
ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Example 8 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class OIDCProtocolMappersTest method testGroupAttributeOneGroupMultiValueAggregate.
@Test
public void testGroupAttributeOneGroupMultiValueAggregate() throws Exception {
// get the user
UserResource userResource = findUserByUsernameId(adminClient.realm("test"), "test-user@localhost");
// create a group1 with two values
GroupRepresentation group1 = new GroupRepresentation();
group1.setName("group1");
group1.setAttributes(new HashMap<>());
group1.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
adminClient.realm("test").groups().add(group1);
group1 = adminClient.realm("test").getGroupByPath("/group1");
userResource.joinGroup(group1.getId());
// create the attribute mapper
ProtocolMappersResource protocolMappers = findClientResourceByClientId(adminClient.realm("test"), "test-app").getProtocolMappers();
protocolMappers.createMapper(createClaimMapper("group-value", "group-value", "group-value", "String", true, true, true, true)).close();
try {
// test it
OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password");
IDToken idToken = oauth.verifyIDToken(response.getIdToken());
assertNotNull(idToken.getOtherClaims());
assertNotNull(idToken.getOtherClaims().get("group-value"));
assertTrue(idToken.getOtherClaims().get("group-value") instanceof List);
assertEquals(2, ((List) idToken.getOtherClaims().get("group-value")).size());
assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("value1"));
assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("value2"));
} finally {
// revert
userResource.leaveGroup(group1.getId());
adminClient.realm("test").groups().group(group1.getId()).remove();
deleteMappers(protocolMappers);
}
}
Also used :
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
UserResource(org.keycloak.admin.client.resource.UserResource)
IDToken(org.keycloak.representations.IDToken)
List(java.util.List)
ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Example 9 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class OIDCProtocolMappersTest method testGroupAttributeTwoGroupMultiValueAggregate.
@Test
public void testGroupAttributeTwoGroupMultiValueAggregate() throws Exception {
// get the user
UserResource userResource = findUserByUsernameId(adminClient.realm("test"), "test-user@localhost");
// create two groups with two values (one is the same value)
GroupRepresentation group1 = new GroupRepresentation();
group1.setName("group1");
group1.setAttributes(new HashMap<>());
group1.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
adminClient.realm("test").groups().add(group1);
group1 = adminClient.realm("test").getGroupByPath("/group1");
userResource.joinGroup(group1.getId());
GroupRepresentation group2 = new GroupRepresentation();
group2.setName("group2");
group2.setAttributes(new HashMap<>());
group2.getAttributes().put("group-value", Arrays.asList("value2", "value3"));
adminClient.realm("test").groups().add(group2);
group2 = adminClient.realm("test").getGroupByPath("/group2");
userResource.joinGroup(group2.getId());
// create the attribute mapper
ProtocolMappersResource protocolMappers = findClientResourceByClientId(adminClient.realm("test"), "test-app").getProtocolMappers();
protocolMappers.createMapper(createClaimMapper("group-value", "group-value", "group-value", "String", true, true, true, true)).close();
try {
// test it
OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password");
IDToken idToken = oauth.verifyIDToken(response.getIdToken());
assertNotNull(idToken.getOtherClaims());
assertNotNull(idToken.getOtherClaims().get("group-value"));
assertTrue(idToken.getOtherClaims().get("group-value") instanceof List);
assertEquals(3, ((List) idToken.getOtherClaims().get("group-value")).size());
assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("value1"));
assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("value2"));
assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("value3"));
} finally {
// revert
userResource.leaveGroup(group1.getId());
adminClient.realm("test").groups().group(group1.getId()).remove();
userResource.leaveGroup(group2.getId());
adminClient.realm("test").groups().group(group2.getId()).remove();
deleteMappers(protocolMappers);
}
}
Also used :
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
UserResource(org.keycloak.admin.client.resource.UserResource)
IDToken(org.keycloak.representations.IDToken)
List(java.util.List)
ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Example 10 with GroupRepresentation
use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.
the class UserTest method rolesCanBeAssignedEvenWhenTheyAreAlreadyIndirectlyAssigned.
/**
* Test for KEYCLOAK-10603.
*/
@Test
public void rolesCanBeAssignedEvenWhenTheyAreAlreadyIndirectlyAssigned() {
RealmResource realm = adminClient.realms().realm("test");
RoleRepresentation realmCompositeRole = RoleBuilder.create().name("realm-composite").build();
realm.roles().create(realmCompositeRole);
realm.roles().create(RoleBuilder.create().name("realm-child").build());
realm.roles().get("realm-composite").addComposites(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
realm.roles().create(RoleBuilder.create().name("realm-role-in-group").build());
Response response = realm.clients().create(ClientBuilder.create().clientId("myclient").build());
String clientUuid = ApiUtil.getCreatedId(response);
response.close();
RoleRepresentation clientCompositeRole = RoleBuilder.create().name("client-composite").build();
realm.clients().get(clientUuid).roles().create(clientCompositeRole);
realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-child").build());
realm.clients().get(clientUuid).roles().get("client-composite").addComposites(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-child").toRepresentation()));
realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-role-in-group").build());
GroupRepresentation group = GroupBuilder.create().name("mygroup").build();
response = realm.groups().add(group);
String groupId = ApiUtil.getCreatedId(response);
response.close();
response = realm.users().create(UserBuilder.create().username("myuser").build());
String userId = ApiUtil.getCreatedId(response);
response.close();
// Make indirect assignments
// .. add roles to the group and add it to the user
realm.groups().group(groupId).roles().realmLevel().add(Collections.singletonList(realm.roles().get("realm-role-in-group").toRepresentation()));
realm.groups().group(groupId).roles().clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-role-in-group").toRepresentation()));
realm.users().get(userId).joinGroup(groupId);
// .. assign composite roles
RoleMappingResource userRoles = realm.users().get(userId).roles();
userRoles.realmLevel().add(Collections.singletonList(realm.roles().get("realm-composite").toRepresentation()));
userRoles.clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-composite").toRepresentation()));
// check state before making the direct assignments
assertNames(userRoles.realmLevel().listAll(), "realm-composite", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
assertNames(userRoles.realmLevel().listAvailable(), "realm-child", "realm-role-in-group", "admin", "customer-user-premium", "realm-composite-role", "sample-realm-role", "attribute-role", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION);
assertNames(userRoles.realmLevel().listEffective(), "realm-composite", "realm-child", "realm-role-in-group", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
assertNames(userRoles.clientLevel(clientUuid).listAll(), "client-composite");
assertNames(userRoles.clientLevel(clientUuid).listAvailable(), "client-child", "client-role-in-group");
assertNames(userRoles.clientLevel(clientUuid).listEffective(), "client-composite", "client-child", "client-role-in-group");
// Make direct assignments for roles which are already indirectly assigned
userRoles.realmLevel().add(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
userRoles.realmLevel().add(Collections.singletonList(realm.roles().get("realm-role-in-group").toRepresentation()));
userRoles.clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-child").toRepresentation()));
userRoles.clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-role-in-group").toRepresentation()));
// List realm roles
assertNames(userRoles.realmLevel().listAll(), "realm-composite", "realm-child", "realm-role-in-group", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
assertNames(userRoles.realmLevel().listAvailable(), "admin", "customer-user-premium", "realm-composite-role", "sample-realm-role", "attribute-role", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION);
assertNames(userRoles.realmLevel().listEffective(), "realm-composite", "realm-child", "realm-role-in-group", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
// List client roles
assertNames(userRoles.clientLevel(clientUuid).listAll(), "client-composite", "client-child", "client-role-in-group");
assertNames(userRoles.clientLevel(clientUuid).listAvailable());
assertNames(userRoles.clientLevel(clientUuid).listEffective(), "client-composite", "client-child", "client-role-in-group");
// Get mapping representation
MappingsRepresentation all = userRoles.getAll();
assertNames(all.getRealmMappings(), "realm-composite", "realm-child", "realm-role-in-group", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
assertEquals(1, all.getClientMappings().size());
assertNames(all.getClientMappings().get("myclient").getMappings(), "client-composite", "client-child", "client-role-in-group");
}
Also used :
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
Response(javax.ws.rs.core.Response)
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
MappingsRepresentation(org.keycloak.representations.idm.MappingsRepresentation)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
RoleMappingResource(org.keycloak.admin.client.resource.RoleMappingResource)
Test(org.junit.Test)
Aggregations
GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)81
Test (org.junit.Test)62
RealmResource (org.keycloak.admin.client.resource.RealmResource)36
Response (javax.ws.rs.core.Response)24
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)23
List (java.util.List)17
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)17
ProtocolMappersResource (org.keycloak.admin.client.resource.ProtocolMappersResource)14
UserResource (org.keycloak.admin.client.resource.UserResource)13
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)12
ArrayList (java.util.ArrayList)10
HashMap (java.util.HashMap)10
IDToken (org.keycloak.representations.IDToken)10
OAuthClient (org.keycloak.testsuite.util.OAuthClient)10
LinkedList (java.util.LinkedList)8
Before (org.junit.Before)8
RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)7
Map (java.util.Map)6
NotFoundException (javax.ws.rs.NotFoundException)6
AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)6
