Examples with GroupRepresentation org.keycloak.representations.idm.GroupRepresentation used on opensource projects

Example 21 with GroupRepresentation

use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.

the class GroupPathPolicyTest method testAllowParentAndChildren.

@Test
public void testAllowParentAndChildren() {
    AuthzClient authzClient = getAuthzClient();
    PermissionRequest request = new PermissionRequest("Resource A");
    String ticket = authzClient.protection().permission().create(request).getTicket();
    AuthorizationResponse response = authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
    RealmResource realm = getRealm();
    GroupRepresentation group = getGroup("/Group A/Group B/Group C");
    UserRepresentation user = realm.users().search("kolo").get(0);
    realm.users().get(user.getId()).joinGroup(group.getId());
    ticket = authzClient.protection().permission().create(request).getTicket();
    response = authzClient.authorization("kolo", "password").authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
}

Example 22 with GroupRepresentation

use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.

the class GroupTest method doNotAllowSameGroupNameAtSameLevelWhenUpdatingName.

@Test
public // KEYCLOAK-11412 Unintended Groups with same names
void doNotAllowSameGroupNameAtSameLevelWhenUpdatingName() throws Exception {
    RealmResource realm = adminClient.realms().realm("test");
    GroupRepresentation topGroup = new GroupRepresentation();
    topGroup.setName("top1");
    topGroup = createGroup(realm, topGroup);
    GroupRepresentation anotherTopGroup = new GroupRepresentation();
    anotherTopGroup.setName("top2");
    anotherTopGroup = createGroup(realm, anotherTopGroup);
    anotherTopGroup.setName("top1");
    try {
        realm.groups().group(anotherTopGroup.getId()).update(anotherTopGroup);
        Assert.fail("Expected ClientErrorException");
    } catch (ClientErrorException e) {
        // conflict status 409 - same name not allowed
        assertEquals("HTTP 409 Conflict", e.getMessage());
    }
    GroupRepresentation level2Group = new GroupRepresentation();
    level2Group.setName("level2-1");
    addSubGroup(realm, topGroup, level2Group);
    GroupRepresentation anotherlevel2Group = new GroupRepresentation();
    anotherlevel2Group.setName("level2-2");
    addSubGroup(realm, topGroup, anotherlevel2Group);
    anotherlevel2Group.setName("level2-1");
    try {
        realm.groups().group(anotherlevel2Group.getId()).update(anotherlevel2Group);
        Assert.fail("Expected ClientErrorException");
    } catch (ClientErrorException e) {
        // conflict status 409 - same name not allowed
        assertEquals("HTTP 409 Conflict", e.getMessage());
    }
}

Example 23 with GroupRepresentation

use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.

the class GroupTest method roleMappings.

@Test
public void roleMappings() {
    RealmResource realm = adminClient.realms().realm("test");
    createRealmRole(realm, RoleBuilder.create().name("realm-role").build());
    createRealmRole(realm, RoleBuilder.create().name("realm-composite").build());
    createRealmRole(realm, RoleBuilder.create().name("realm-child").build());
    realm.roles().get("realm-composite").addComposites(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
    try (Response response = realm.clients().create(ClientBuilder.create().clientId("myclient").build())) {
        String clientId = ApiUtil.getCreatedId(response);
        getCleanup().addClientUuid(clientId);
        realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-role").build());
        realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-role2").build());
        realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-composite").build());
        realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-child").build());
        realm.clients().get(clientId).roles().get("client-composite").addComposites(Collections.singletonList(realm.clients().get(clientId).roles().get("client-child").toRepresentation()));
        // Roles+clients tested elsewhere
        assertAdminEvents.clear();
        GroupRepresentation group = new GroupRepresentation();
        group.setName("group");
        String groupId = createGroup(realm, group).getId();
        RoleMappingResource roles = realm.groups().group(groupId).roles();
        assertEquals(0, roles.realmLevel().listAll().size());
        // Add realm roles
        List<RoleRepresentation> l = new LinkedList<>();
        l.add(realm.roles().get("realm-role").toRepresentation());
        l.add(realm.roles().get("realm-composite").toRepresentation());
        roles.realmLevel().add(l);
        assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), l, ResourceType.REALM_ROLE_MAPPING);
        // Add client roles
        RoleRepresentation clientRole = realm.clients().get(clientId).roles().get("client-role").toRepresentation();
        RoleRepresentation clientComposite = realm.clients().get(clientId).roles().get("client-composite").toRepresentation();
        roles.clientLevel(clientId).add(Collections.singletonList(clientRole));
        roles.clientLevel(clientId).add(Collections.singletonList(clientComposite));
        assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRole), ResourceType.CLIENT_ROLE_MAPPING);
        assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientComposite), ResourceType.CLIENT_ROLE_MAPPING);
        // List realm roles
        assertNames(roles.realmLevel().listAll(), "realm-role", "realm-composite");
        assertNames(roles.realmLevel().listAvailable(), "realm-child", "admin", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION, "user", "customer-user-premium", "realm-composite-role", "sample-realm-role", "attribute-role", Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
        assertNames(roles.realmLevel().listEffective(), "realm-role", "realm-composite", "realm-child");
        // List client roles
        assertNames(roles.clientLevel(clientId).listAll(), "client-role", "client-composite");
        assertNames(roles.clientLevel(clientId).listAvailable(), "client-role2", "client-child");
        assertNames(roles.clientLevel(clientId).listEffective(), "client-role", "client-composite", "client-child");
        // Get mapping representation
        MappingsRepresentation all = roles.getAll();
        assertNames(all.getRealmMappings(), "realm-role", "realm-composite");
        assertEquals(1, all.getClientMappings().size());
        assertNames(all.getClientMappings().get("myclient").getMappings(), "client-role", "client-composite");
        // Remove realm role
        RoleRepresentation realmRoleRep = realm.roles().get("realm-role").toRepresentation();
        roles.realmLevel().remove(Collections.singletonList(realmRoleRep));
        assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), Collections.singletonList(realmRoleRep), ResourceType.REALM_ROLE_MAPPING);
        assertNames(roles.realmLevel().listAll(), "realm-composite");
        // Remove client role
        RoleRepresentation clientRoleRep = realm.clients().get(clientId).roles().get("client-role").toRepresentation();
        roles.clientLevel(clientId).remove(Collections.singletonList(clientRoleRep));
        assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRoleRep), ResourceType.CLIENT_ROLE_MAPPING);
        assertNames(roles.clientLevel(clientId).listAll(), "client-composite");
    }
}

Example 24 with GroupRepresentation

use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.

the class GroupTest method searchAndCountGroups.

@Test
public void searchAndCountGroups() throws Exception {
    String firstGroupId = "";
    RealmResource realm = adminClient.realms().realm("test");
    // Clean up all test groups
    for (GroupRepresentation group : realm.groups().groups()) {
        GroupResource resource = realm.groups().group(group.getId());
        resource.remove();
        assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupPath(group.getId()), ResourceType.GROUP);
    }
    // Add 20 new groups with known names
    for (int i = 0; i < 20; i++) {
        GroupRepresentation group = new GroupRepresentation();
        group.setName("group" + i);
        group = createGroup(realm, group);
        if (i == 0) {
            firstGroupId = group.getId();
        }
    }
    // Get groups by search and pagination
    List<GroupRepresentation> allGroups = realm.groups().groups();
    assertEquals(20, allGroups.size());
    List<GroupRepresentation> slice = realm.groups().groups(5, 7);
    assertEquals(7, slice.size());
    List<GroupRepresentation> search = realm.groups().groups("group1", 0, 20);
    assertEquals(11, search.size());
    for (GroupRepresentation group : search) {
        assertTrue(group.getName().contains("group1"));
    }
    List<GroupRepresentation> noResultSearch = realm.groups().groups("abcd", 0, 20);
    assertEquals(0, noResultSearch.size());
    // Count
    assertEquals(new Long(allGroups.size()), realm.groups().count().get("count"));
    assertEquals(new Long(search.size()), realm.groups().count("group1").get("count"));
    assertEquals(new Long(noResultSearch.size()), realm.groups().count("abcd").get("count"));
    // Add a subgroup for onlyTopLevel flag testing
    GroupRepresentation level2Group = new GroupRepresentation();
    level2Group.setName("group1111");
    Response response = realm.groups().group(firstGroupId).subGroup(level2Group);
    response.close();
    assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupSubgroupsPath(firstGroupId), level2Group, ResourceType.GROUP);
    assertEquals(new Long(allGroups.size()), realm.groups().count(true).get("count"));
    assertEquals(new Long(allGroups.size() + 1), realm.groups().count(false).get("count"));
    // add another subgroup
    GroupRepresentation level2Group2 = new GroupRepresentation();
    level2Group2.setName("group111111");
    realm.groups().group(firstGroupId).subGroup(level2Group2);
    // search and count for group with string group11 -> return 2 top level group, group11 and group0 having subgroups group1111 and group111111
    search = realm.groups().groups("group11", 0, 10);
    assertEquals(2, search.size());
    GroupRepresentation group0 = search.stream().filter(group -> "group0".equals(group.getName())).findAny().orElseGet(null);
    assertNotNull(group0);
    assertEquals(2, group0.getSubGroups().size());
    assertThat(group0.getSubGroups().stream().map(GroupRepresentation::getName).collect(Collectors.toList()), Matchers.containsInAnyOrder("group1111", "group111111"));
    assertEquals(new Long(search.size()), realm.groups().count("group11").get("count"));
}

Example 25 with GroupRepresentation

use of org.keycloak.representations.idm.GroupRepresentation in project keycloak by keycloak.

the class GroupTest method adminEndpointAccessibleWhenAdminRoleAssignedToGroupAfterUserJoinedIt.

/**
 * Verifies that the role assigned to a user's group is correctly handled by Keycloak Admin endpoint.
 * @link https://issues.jboss.org/browse/KEYCLOAK-2964
 */
@Test
public void adminEndpointAccessibleWhenAdminRoleAssignedToGroupAfterUserJoinedIt() {
    String userName = "user-" + UUID.randomUUID();
    String groupName = "group-" + UUID.randomUUID();
    final String realmName = AuthRealm.MASTER;
    RealmResource realm = adminClient.realms().realm(realmName);
    RoleRepresentation adminRole = realm.roles().get(AdminRoles.ADMIN).toRepresentation();
    assertThat(adminRole, notNullValue());
    assertThat(adminRole.getId(), notNullValue());
    String userId = createUser(realmName, userName, "pwd");
    GroupRepresentation group = GroupBuilder.create().name(groupName).build();
    try (Response response = realm.groups().add(group)) {
        String groupId = ApiUtil.getCreatedId(response);
        realm.users().get(userId).joinGroup(groupId);
        RoleMappingResource mappings = realm.groups().group(groupId).roles();
        mappings.realmLevel().add(Collections.singletonList(adminRole));
    }
    try (Keycloak userClient = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", realmName, userName, "pwd", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        assertThat(// Any admin operation will do
        userClient.realms().findAll(), not(empty()));
    }
}