Examples with GroupRepresentation org.keycloak.representations.idm.GroupRepresentation used on opensource projects

Search in sources :

Example 16 with GroupRepresentation

use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.

the class PartialExportTest method checkGroups.

private void checkGroups(List<GroupRepresentation> groups) {
    HashSet<String> set = new HashSet<>();
    for (GroupRepresentation g : groups) {
        compileGroups(set, g);
    }
    Assert.assertTrue("Group /roleRichGroup", set.contains("/roleRichGroup"));
    Assert.assertTrue("Group /roleRichGroup/level2group", set.contains("/roleRichGroup/level2group"));
    Assert.assertTrue("Group /topGroup", set.contains("/topGroup"));
    Assert.assertTrue("Group /topGroup/level2group", set.contains("/topGroup/level2group"));
}
Also used : GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) HashSet(java.util.HashSet)

Example 17 with GroupRepresentation

use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.

the class RealmRolesTest method testGroupsInRole.

/**
 * KEYCLOAK-4978 Verifies that Groups assigned to Role are being properly retrieved as members in API endpoint for role membership
 */
@Test
public void testGroupsInRole() {
    RoleResource role = resource.get("role-with-users");
    List<GroupRepresentation> groups = adminClient.realm(REALM_NAME).groups().groups();
    GroupRepresentation groupRep = groups.stream().filter(g -> g.getPath().equals("/test-role-group")).findFirst().get();
    RoleResource roleResource = adminClient.realm(REALM_NAME).roles().get(role.toRepresentation().getName());
    List<RoleRepresentation> rolesToAdd = new LinkedList<>();
    rolesToAdd.add(roleResource.toRepresentation());
    adminClient.realm(REALM_NAME).groups().group(groupRep.getId()).roles().realmLevel().add(rolesToAdd);
    roleResource = adminClient.realm(REALM_NAME).roles().get(role.toRepresentation().getName());
    Set<GroupRepresentation> groupsInRole = roleResource.getRoleGroupMembers();
    assertTrue(groupsInRole.stream().filter(g -> g.getPath().equals("/test-role-group")).findFirst().isPresent());
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) OperationType(org.keycloak.events.admin.OperationType) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) Arrays(java.util.Arrays) ResourceType(org.keycloak.events.admin.ResourceType) Assert(org.keycloak.testsuite.Assert) RoleResource(org.keycloak.admin.client.resource.RoleResource) Matchers.not(org.hamcrest.Matchers.not) Constants(org.keycloak.models.Constants) HashMap(java.util.HashMap) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) ClientErrorException(javax.ws.rs.ClientErrorException) HashSet(java.util.HashSet) Map(java.util.Map) BadRequestException(javax.ws.rs.BadRequestException) Assert.fail(org.junit.Assert.fail) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) UserResource(org.keycloak.admin.client.resource.UserResource) LinkedList(java.util.LinkedList) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) Before(org.junit.Before) ApiUtil(org.keycloak.testsuite.admin.ApiUtil) Matchers.empty(org.hamcrest.Matchers.empty) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AdminEventPaths(org.keycloak.testsuite.util.AdminEventPaths) Matchers.allOf(org.hamcrest.Matchers.allOf) Assert.assertNotNull(org.junit.Assert.assertNotNull) Set(java.util.Set) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) Collectors(java.util.stream.Collectors) NotFoundException(javax.ws.rs.NotFoundException) IsCollectionWithSize.hasSize(org.hamcrest.collection.IsCollectionWithSize.hasSize) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) RoleBuilder(org.keycloak.testsuite.util.RoleBuilder) List(java.util.List) Matchers.hasItem(org.hamcrest.Matchers.hasItem) Assert.assertNull(org.junit.Assert.assertNull) Response(javax.ws.rs.core.Response) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) Assert.assertFalse(org.junit.Assert.assertFalse) RolesResource(org.keycloak.admin.client.resource.RolesResource) ClientBuilder(org.keycloak.testsuite.util.ClientBuilder) Matchers.is(org.hamcrest.Matchers.is) Collections(java.util.Collections) Assert.assertEquals(org.junit.Assert.assertEquals) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) RoleResource(org.keycloak.admin.client.resource.RoleResource) LinkedList(java.util.LinkedList) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) Test(org.junit.Test)

Example 18 with GroupRepresentation

use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.

the class PermissionsTest method realms.

@Test
public void realms() throws Exception {
    // Check returned realms
    invoke((RealmResource realm) -> {
        clients.get("master-none").realms().findAll();
    }, clients.get("none"), false);
    invoke((RealmResource realm) -> {
        clients.get("none").realms().findAll();
    }, clients.get("none"), false);
    Assert.assertNames(clients.get("master-admin").realms().findAll(), "master", REALM_NAME, "realm2");
    Assert.assertNames(clients.get(AdminRoles.REALM_ADMIN).realms().findAll(), REALM_NAME);
    Assert.assertNames(clients.get("REALM2").realms().findAll(), "realm2");
    // Check realm only contains name if missing view realm permission
    List<RealmRepresentation> realms = clients.get(AdminRoles.VIEW_USERS).realms().findAll();
    Assert.assertNames(realms, REALM_NAME);
    assertGettersEmpty(realms.get(0));
    realms = clients.get(AdminRoles.VIEW_REALM).realms().findAll();
    Assert.assertNames(realms, REALM_NAME);
    assertNotNull(realms.get(0).getAccessTokenLifespan());
    // Check the same when access with users from 'master' realm
    realms = clients.get("master-" + AdminRoles.VIEW_USERS).realms().findAll();
    Assert.assertNames(realms, REALM_NAME);
    assertGettersEmpty(realms.get(0));
    realms = clients.get("master-" + AdminRoles.VIEW_REALM).realms().findAll();
    Assert.assertNames(realms, REALM_NAME);
    assertNotNull(realms.get(0).getAccessTokenLifespan());
    // Create realm
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            clients.get("master-admin").realms().create(RealmBuilder.create().name("master").build());
        }
    }, adminClient, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            clients.get("master-" + AdminRoles.MANAGE_USERS).realms().create(RealmBuilder.create().name("master").build());
        }
    }, adminClient, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            clients.get(AdminRoles.REALM_ADMIN).realms().create(RealmBuilder.create().name("master").build());
        }
    }, adminClient, false);
    // Get realm
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.toRepresentation();
        }
    }, Resource.REALM, false, true);
    assertGettersEmpty(clients.get(AdminRoles.QUERY_REALMS).realm(REALM_NAME).toRepresentation());
    // this should pass given that users granted with "query" roles are allowed to access the realm with limited access
    for (String role : AdminRoles.ALL_QUERY_ROLES) {
        invoke(realm -> clients.get(role).realms().realm(REALM_NAME).toRepresentation(), clients.get(role), true);
    }
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.update(new RealmRepresentation());
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.pushRevocation();
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.deleteSession("nosuch");
        }
    }, Resource.USER, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.getClientSessionStats();
        }
    }, Resource.REALM, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.getDefaultGroups();
        }
    }, Resource.REALM, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.addDefaultGroup("nosuch");
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.removeDefaultGroup("nosuch");
        }
    }, Resource.REALM, true);
    GroupRepresentation newGroup = new GroupRepresentation();
    newGroup.setName("sample");
    adminClient.realm(REALM_NAME).groups().add(newGroup);
    GroupRepresentation group = adminClient.realms().realm(REALM_NAME).getGroupByPath("sample");
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.getGroupByPath("sample");
        }
    }, Resource.USER, false);
    adminClient.realms().realm(REALM_NAME).groups().group(group.getId()).remove();
    invoke(new InvocationWithResponse() {

        public void invoke(RealmResource realm, AtomicReference<Response> response) {
            response.set(realm.testLDAPConnection("nosuch", "nosuch", "nosuch", "nosuch", "nosuch", "nosuch"));
        }
    }, Resource.REALM, true);
    invoke(new InvocationWithResponse() {

        public void invoke(RealmResource realm, AtomicReference<Response> response) {
            response.set(realm.partialImport(new PartialImportRepresentation()));
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clearRealmCache();
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clearUserCache();
        }
    }, Resource.REALM, true);
    // Delete realm
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            clients.get("master-admin").realms().realm("nosuch").remove();
        }
    }, adminClient, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            clients.get("REALM2").realms().realm(REALM_NAME).remove();
        }
    }, adminClient, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            clients.get(AdminRoles.MANAGE_USERS).realms().realm(REALM_NAME).remove();
        }
    }, adminClient, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            clients.get(AdminRoles.REALM_ADMIN).realms().realm(REALM_NAME).remove();
        }
    }, adminClient, true);
    // Revert realm removal
    recreatePermissionRealm();
}
Also used : Response(javax.ws.rs.core.Response) PartialImportRepresentation(org.keycloak.representations.idm.PartialImportRepresentation) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 19 with GroupRepresentation

use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.

the class UserTest method groupMembershipSearch.

@Test
public void groupMembershipSearch() {
    String userId = createUser(UserBuilder.create().username("user-b").build());
    for (int i = 1; i <= 10; i++) {
        GroupRepresentation group = new GroupRepresentation();
        group.setName("group-" + i);
        String groupId = createGroup(realm, group).getId();
        realm.users().get(userId).joinGroup(groupId);
        assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userGroupPath(userId, groupId), group, ResourceType.GROUP_MEMBERSHIP);
    }
    List<GroupRepresentation> groups = realm.users().get(userId).groups("-3", 0, 10);
    assertThat(realm.users().get(userId).groupsCount("-3").get("count"), is(1L));
    assertEquals(1, groups.size());
    assertNames(groups, "group-3");
    List<GroupRepresentation> groups2 = realm.users().get(userId).groups("1", 0, 10);
    assertThat(realm.users().get(userId).groupsCount("1").get("count"), is(2L));
    assertEquals(2, groups2.size());
    assertNames(groups2, "group-1", "group-10");
    List<GroupRepresentation> groups3 = realm.users().get(userId).groups("1", 2, 10);
    assertEquals(0, groups3.size());
    List<GroupRepresentation> groups4 = realm.users().get(userId).groups("gr", 2, 10);
    assertThat(realm.users().get(userId).groupsCount("gr").get("count"), is(10L));
    assertEquals(8, groups4.size());
    List<GroupRepresentation> groups5 = realm.users().get(userId).groups("Gr", 2, 10);
    assertEquals(8, groups5.size());
}
Also used : GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) Test(org.junit.Test)

Example 20 with GroupRepresentation

use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.

the class GroupPathPolicyTest method addTestRealms.

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    ProtocolMapperRepresentation groupProtocolMapper = new ProtocolMapperRepresentation();
    groupProtocolMapper.setName("groups");
    groupProtocolMapper.setProtocolMapper(GroupMembershipMapper.PROVIDER_ID);
    groupProtocolMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Map<String, String> config = new HashMap<>();
    config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "groups");
    config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    config.put("full.path", "true");
    groupProtocolMapper.setConfig(config);
    testRealms.add(RealmBuilder.create().name("authz-test").roles(RolesBuilder.create().realmRole(RoleBuilder.create().name("uma_authorization").build())).group(GroupBuilder.create().name("Group A").subGroups(Arrays.asList("Group B", "Group D").stream().map(name -> {
        if ("Group B".equals(name)) {
            return GroupBuilder.create().name(name).subGroups(Arrays.asList("Group C", "Group E").stream().map(new Function<String, GroupRepresentation>() {

                @Override
                public GroupRepresentation apply(String name) {
                    return GroupBuilder.create().name(name).build();
                }
            }).collect(Collectors.toList())).build();
        }
        return GroupBuilder.create().name(name).build();
    }).collect(Collectors.toList())).build()).group(GroupBuilder.create().name("Group E").build()).user(UserBuilder.create().username("marta").password("password").addRoles("uma_authorization").addGroups("Group A")).user(UserBuilder.create().username("alice").password("password").addRoles("uma_authorization")).user(UserBuilder.create().username("kolo").password("password").addRoles("uma_authorization")).client(ClientBuilder.create().clientId("resource-server-test").secret("secret").authorizationServicesEnabled(true).redirectUris("http://localhost/resource-server-test").defaultRoles("uma_protection").directAccessGrants().protocolMapper(groupProtocolMapper)).build());
}
Also used : GroupMembershipMapper(org.keycloak.protocol.oidc.mappers.GroupMembershipMapper) Arrays(java.util.Arrays) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) HashMap(java.util.HashMap) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) AuthzClient(org.keycloak.authorization.client.AuthzClient) Function(java.util.function.Function) RealmBuilder(org.keycloak.testsuite.util.RealmBuilder) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) UserBuilder(org.keycloak.testsuite.util.UserBuilder) Map(java.util.Map) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Assert.fail(org.junit.Assert.fail) AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer) ClientResource(org.keycloak.admin.client.resource.ClientResource) Before(org.junit.Before) OIDCAttributeMapperHelper(org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Assert.assertNotNull(org.junit.Assert.assertNotNull) Predicate(java.util.function.Predicate) RealmResource(org.keycloak.admin.client.resource.RealmResource) RolesBuilder(org.keycloak.testsuite.util.RolesBuilder) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) Test(org.junit.Test) Collectors(java.util.stream.Collectors) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) RoleBuilder(org.keycloak.testsuite.util.RoleBuilder) List(java.util.List) ClientBuilder(org.keycloak.testsuite.util.ClientBuilder) OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol) GroupBuilder(org.keycloak.testsuite.util.GroupBuilder) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) HashMap(java.util.HashMap) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)

Aggregations

GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)81 Test (org.junit.Test)62 RealmResource (org.keycloak.admin.client.resource.RealmResource)36 Response (javax.ws.rs.core.Response)24 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)23 List (java.util.List)17 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)17 ProtocolMappersResource (org.keycloak.admin.client.resource.ProtocolMappersResource)14 UserResource (org.keycloak.admin.client.resource.UserResource)13 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)12 ArrayList (java.util.ArrayList)10 HashMap (java.util.HashMap)10 IDToken (org.keycloak.representations.IDToken)10 OAuthClient (org.keycloak.testsuite.util.OAuthClient)10 LinkedList (java.util.LinkedList)8 Before (org.junit.Before)8 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)7 Map (java.util.Map)6 NotFoundException (javax.ws.rs.NotFoundException)6 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial