Search in sources :

Example 1 with ScopeMappingRepresentation

use of org.keycloak.representations.idm.ScopeMappingRepresentation in project keycloak by keycloak.

the class PartialExportTest method checkScopeMappings.

private void checkScopeMappings(List<ScopeMappingRepresentation> scopeMappings, boolean expectOnlyOfflineAccess) {
    ScopeMappingRepresentation offlineAccessScope = scopeMappings.stream().filter((ScopeMappingRepresentation rep) -> {
        return "offline_access".equals(rep.getClientScope());
    }).findFirst().get();
    Assert.assertTrue(offlineAccessScope.getRoles().contains("offline_access"));
    if (expectOnlyOfflineAccess) {
        Assert.assertEquals(1, scopeMappings.size());
        return;
    }
    Map<String, Set<String>> map = extractScopeMappings(scopeMappings);
    Set<String> set = map.get("test-app");
    Assert.assertTrue("Client test-app contains user", set.contains("user"));
    set = map.get("test-app-scope");
    Assert.assertTrue("Client test-app contains user", set.contains("user"));
    Assert.assertTrue("Client test-app contains admin", set.contains("admin"));
    set = map.get("third-party");
    Assert.assertTrue("Client test-app contains third-party", set.contains("user"));
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) ScopeMappingRepresentation(org.keycloak.representations.idm.ScopeMappingRepresentation)

Example 2 with ScopeMappingRepresentation

use of org.keycloak.representations.idm.ScopeMappingRepresentation in project keycloak by keycloak.

the class ExportUtils method exportRealm.

public static RealmRepresentation exportRealm(KeycloakSession session, RealmModel realm, ExportOptions options, boolean internal) {
    RealmRepresentation rep = ModelToRepresentation.toRepresentation(session, realm, internal);
    ModelToRepresentation.exportAuthenticationFlows(realm, rep);
    ModelToRepresentation.exportRequiredActions(realm, rep);
    // Project/product version
    rep.setKeycloakVersion(Version.VERSION_KEYCLOAK);
    // Client Scopes
    rep.setClientScopes(realm.getClientScopesStream().map(ModelToRepresentation::toRepresentation).collect(Collectors.toList()));
    rep.setDefaultDefaultClientScopes(realm.getDefaultClientScopesStream(true).map(ClientScopeModel::getName).collect(Collectors.toList()));
    rep.setDefaultOptionalClientScopes(realm.getDefaultClientScopesStream(false).map(ClientScopeModel::getName).collect(Collectors.toList()));
    // Clients
    List<ClientModel> clients = new LinkedList<>();
    if (options.isClientsIncluded()) {
        // we iterate over all clients in the stream.
        // only those client models that can be translated into a valid client representation will be added to the client list
        // that is later used to retrieve related information about groups and roles
        List<ClientRepresentation> clientReps = ModelToRepresentation.filterValidRepresentations(realm.getClientsStream(), app -> {
            ClientRepresentation clientRepresentation = exportClient(session, app);
            clients.add(app);
            return clientRepresentation;
        }).collect(Collectors.toList());
        rep.setClients(clientReps);
    }
    // Groups and Roles
    if (options.isGroupsAndRolesIncluded()) {
        ModelToRepresentation.exportGroups(realm, rep);
        Map<String, List<RoleRepresentation>> clientRolesReps = new HashMap<>();
        List<RoleRepresentation> realmRoleReps = exportRoles(realm.getRolesStream());
        RolesRepresentation rolesRep = new RolesRepresentation();
        if (!realmRoleReps.isEmpty()) {
            rolesRep.setRealm(realmRoleReps);
        }
        if (options.isClientsIncluded()) {
            for (ClientModel client : clients) {
                Stream<RoleModel> currentAppRoles = client.getRolesStream();
                List<RoleRepresentation> currentAppRoleReps = exportRoles(currentAppRoles);
                clientRolesReps.put(client.getClientId(), currentAppRoleReps);
            }
            if (clientRolesReps.size() > 0) {
                rolesRep.setClient(clientRolesReps);
            }
        }
        rep.setRoles(rolesRep);
    }
    // Scopes
    Map<String, List<ScopeMappingRepresentation>> clientScopeReps = new HashMap<>();
    if (options.isClientsIncluded()) {
        List<ClientModel> allClients = new ArrayList<>(clients);
        // Scopes of clients
        for (ClientModel client : allClients) {
            Set<RoleModel> clientScopes = client.getScopeMappingsStream().collect(Collectors.toSet());
            ScopeMappingRepresentation scopeMappingRep = null;
            for (RoleModel scope : clientScopes) {
                if (scope.getContainer() instanceof RealmModel) {
                    if (scopeMappingRep == null) {
                        scopeMappingRep = rep.clientScopeMapping(client.getClientId());
                    }
                    scopeMappingRep.role(scope.getName());
                } else {
                    ClientModel app = (ClientModel) scope.getContainer();
                    String appName = app.getClientId();
                    List<ScopeMappingRepresentation> currentAppScopes = clientScopeReps.get(appName);
                    if (currentAppScopes == null) {
                        currentAppScopes = new ArrayList<>();
                        clientScopeReps.put(appName, currentAppScopes);
                    }
                    ScopeMappingRepresentation currentClientScope = null;
                    for (ScopeMappingRepresentation scopeMapping : currentAppScopes) {
                        if (client.getClientId().equals(scopeMapping.getClient())) {
                            currentClientScope = scopeMapping;
                            break;
                        }
                    }
                    if (currentClientScope == null) {
                        currentClientScope = new ScopeMappingRepresentation();
                        currentClientScope.setClient(client.getClientId());
                        currentAppScopes.add(currentClientScope);
                    }
                    currentClientScope.role(scope.getName());
                }
            }
        }
    }
    // Scopes of client scopes
    realm.getClientScopesStream().forEach(clientScope -> {
        Set<RoleModel> clientScopes = clientScope.getScopeMappingsStream().collect(Collectors.toSet());
        ScopeMappingRepresentation scopeMappingRep = null;
        for (RoleModel scope : clientScopes) {
            if (scope.getContainer() instanceof RealmModel) {
                if (scopeMappingRep == null) {
                    scopeMappingRep = rep.clientScopeScopeMapping(clientScope.getName());
                }
                scopeMappingRep.role(scope.getName());
            } else {
                ClientModel app = (ClientModel) scope.getContainer();
                String appName = app.getClientId();
                List<ScopeMappingRepresentation> currentAppScopes = clientScopeReps.get(appName);
                if (currentAppScopes == null) {
                    currentAppScopes = new ArrayList<>();
                    clientScopeReps.put(appName, currentAppScopes);
                }
                ScopeMappingRepresentation currentClientTemplateScope = null;
                for (ScopeMappingRepresentation scopeMapping : currentAppScopes) {
                    if (clientScope.getName().equals(scopeMapping.getClientScope())) {
                        currentClientTemplateScope = scopeMapping;
                        break;
                    }
                }
                if (currentClientTemplateScope == null) {
                    currentClientTemplateScope = new ScopeMappingRepresentation();
                    currentClientTemplateScope.setClientScope(clientScope.getName());
                    currentAppScopes.add(currentClientTemplateScope);
                }
                currentClientTemplateScope.role(scope.getName());
            }
        }
    });
    if (clientScopeReps.size() > 0) {
        rep.setClientScopeMappings(clientScopeReps);
    }
    // Finally users if needed
    if (options.isUsersIncluded()) {
        List<UserRepresentation> users = session.users().getUsersStream(realm, true).map(user -> exportUser(session, realm, user, options, internal)).collect(Collectors.toList());
        if (users.size() > 0) {
            rep.setUsers(users);
        }
        List<UserRepresentation> federatedUsers = session.userFederatedStorage().getStoredUsersStream(realm, 0, -1).map(user -> exportFederatedUser(session, realm, user, options)).collect(Collectors.toList());
        if (federatedUsers.size() > 0) {
            rep.setFederatedUsers(federatedUsers);
        }
    } else if (options.isClientsIncluded() && options.isOnlyServiceAccountsIncluded()) {
        List<UserRepresentation> users = new LinkedList<>();
        for (ClientModel app : clients) {
            if (app.isServiceAccountsEnabled() && !app.isPublicClient() && !app.isBearerOnly()) {
                UserModel user = session.users().getServiceAccount(app);
                if (user != null) {
                    UserRepresentation userRep = exportUser(session, realm, user, options, internal);
                    users.add(userRep);
                }
            }
        }
        if (users.size() > 0) {
            rep.setUsers(users);
        }
    }
    // components
    MultivaluedHashMap<String, ComponentExportRepresentation> components = exportComponents(realm, realm.getId());
    rep.setComponents(components);
    return rep;
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Version(org.keycloak.common.Version) RoleContainerModel(org.keycloak.models.RoleContainerModel) Map(java.util.Map) ModelToRepresentation.toRepresentation(org.keycloak.models.utils.ModelToRepresentation.toRepresentation) CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation) ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ClientScopeModel(org.keycloak.models.ClientScopeModel) RealmModel(org.keycloak.models.RealmModel) FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation) Collection(java.util.Collection) AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory) Set(java.util.Set) RoleModel(org.keycloak.models.RoleModel) PolicyStore(org.keycloak.authorization.store.PolicyStore) Collectors(java.util.stream.Collectors) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) List(java.util.List) Stream(java.util.stream.Stream) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) Profile(org.keycloak.common.Profile) JsonGenerator(com.fasterxml.jackson.core.JsonGenerator) ScopeMappingRepresentation(org.keycloak.representations.idm.ScopeMappingRepresentation) StoreFactory(org.keycloak.authorization.store.StoreFactory) HashMap(java.util.HashMap) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) UserModel(org.keycloak.models.UserModel) ComponentExportRepresentation(org.keycloak.representations.idm.ComponentExportRepresentation) JsonEncoding(com.fasterxml.jackson.core.JsonEncoding) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) LinkedList(java.util.LinkedList) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ResourceServer(org.keycloak.authorization.model.ResourceServer) FederatedIdentityModel(org.keycloak.models.FederatedIdentityModel) OutputStream(java.io.OutputStream) RolesRepresentation(org.keycloak.representations.idm.RolesRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) CredentialModel(org.keycloak.credential.CredentialModel) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) JsonSerialization(org.keycloak.util.JsonSerialization) Policy(org.keycloak.authorization.model.Policy) JsonFactory(com.fasterxml.jackson.core.JsonFactory) SerializationFeature(com.fasterxml.jackson.databind.SerializationFeature) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) Resource(org.keycloak.authorization.model.Resource) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) HashMap(java.util.HashMap) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) ScopeMappingRepresentation(org.keycloak.representations.idm.ScopeMappingRepresentation) ArrayList(java.util.ArrayList) ClientScopeModel(org.keycloak.models.ClientScopeModel) RoleModel(org.keycloak.models.RoleModel) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) List(java.util.List) ArrayList(java.util.ArrayList) LinkedList(java.util.LinkedList) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) RolesRepresentation(org.keycloak.representations.idm.RolesRepresentation) ComponentExportRepresentation(org.keycloak.representations.idm.ComponentExportRepresentation) ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation) LinkedList(java.util.LinkedList) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ClientModel(org.keycloak.models.ClientModel)

Example 3 with ScopeMappingRepresentation

use of org.keycloak.representations.idm.ScopeMappingRepresentation in project keycloak by keycloak.

the class RepresentationToModel method importRealm.

public static void importRealm(KeycloakSession session, RealmRepresentation rep, RealmModel newRealm, boolean skipUserDependent) {
    convertDeprecatedSocialProviders(rep);
    convertDeprecatedApplications(session, rep);
    convertDeprecatedClientTemplates(rep);
    newRealm.setName(rep.getRealm());
    if (rep.getDisplayName() != null)
        newRealm.setDisplayName(rep.getDisplayName());
    if (rep.getDisplayNameHtml() != null)
        newRealm.setDisplayNameHtml(rep.getDisplayNameHtml());
    if (rep.isEnabled() != null)
        newRealm.setEnabled(rep.isEnabled());
    if (rep.isUserManagedAccessAllowed() != null)
        newRealm.setUserManagedAccessAllowed(rep.isUserManagedAccessAllowed());
    if (rep.isBruteForceProtected() != null)
        newRealm.setBruteForceProtected(rep.isBruteForceProtected());
    if (rep.isPermanentLockout() != null)
        newRealm.setPermanentLockout(rep.isPermanentLockout());
    if (rep.getMaxFailureWaitSeconds() != null)
        newRealm.setMaxFailureWaitSeconds(rep.getMaxFailureWaitSeconds());
    if (rep.getMinimumQuickLoginWaitSeconds() != null)
        newRealm.setMinimumQuickLoginWaitSeconds(rep.getMinimumQuickLoginWaitSeconds());
    if (rep.getWaitIncrementSeconds() != null)
        newRealm.setWaitIncrementSeconds(rep.getWaitIncrementSeconds());
    if (rep.getQuickLoginCheckMilliSeconds() != null)
        newRealm.setQuickLoginCheckMilliSeconds(rep.getQuickLoginCheckMilliSeconds());
    if (rep.getMaxDeltaTimeSeconds() != null)
        newRealm.setMaxDeltaTimeSeconds(rep.getMaxDeltaTimeSeconds());
    if (rep.getFailureFactor() != null)
        newRealm.setFailureFactor(rep.getFailureFactor());
    if (rep.isEventsEnabled() != null)
        newRealm.setEventsEnabled(rep.isEventsEnabled());
    if (rep.getEnabledEventTypes() != null)
        newRealm.setEnabledEventTypes(new HashSet<>(rep.getEnabledEventTypes()));
    if (rep.getEventsExpiration() != null)
        newRealm.setEventsExpiration(rep.getEventsExpiration());
    if (rep.getEventsListeners() != null)
        newRealm.setEventsListeners(new HashSet<>(rep.getEventsListeners()));
    if (rep.isAdminEventsEnabled() != null)
        newRealm.setAdminEventsEnabled(rep.isAdminEventsEnabled());
    if (rep.isAdminEventsDetailsEnabled() != null)
        newRealm.setAdminEventsDetailsEnabled(rep.isAdminEventsDetailsEnabled());
    if (rep.getNotBefore() != null)
        newRealm.setNotBefore(rep.getNotBefore());
    if (rep.getDefaultSignatureAlgorithm() != null)
        newRealm.setDefaultSignatureAlgorithm(rep.getDefaultSignatureAlgorithm());
    else
        newRealm.setDefaultSignatureAlgorithm(Constants.DEFAULT_SIGNATURE_ALGORITHM);
    if (rep.getRevokeRefreshToken() != null)
        newRealm.setRevokeRefreshToken(rep.getRevokeRefreshToken());
    else
        newRealm.setRevokeRefreshToken(false);
    if (rep.getRefreshTokenMaxReuse() != null)
        newRealm.setRefreshTokenMaxReuse(rep.getRefreshTokenMaxReuse());
    else
        newRealm.setRefreshTokenMaxReuse(0);
    if (rep.getAccessTokenLifespan() != null)
        newRealm.setAccessTokenLifespan(rep.getAccessTokenLifespan());
    else
        newRealm.setAccessTokenLifespan(300);
    if (rep.getAccessTokenLifespanForImplicitFlow() != null)
        newRealm.setAccessTokenLifespanForImplicitFlow(rep.getAccessTokenLifespanForImplicitFlow());
    else
        newRealm.setAccessTokenLifespanForImplicitFlow(Constants.DEFAULT_ACCESS_TOKEN_LIFESPAN_FOR_IMPLICIT_FLOW_TIMEOUT);
    if (rep.getSsoSessionIdleTimeout() != null)
        newRealm.setSsoSessionIdleTimeout(rep.getSsoSessionIdleTimeout());
    else
        newRealm.setSsoSessionIdleTimeout(1800);
    if (rep.getSsoSessionMaxLifespan() != null)
        newRealm.setSsoSessionMaxLifespan(rep.getSsoSessionMaxLifespan());
    else
        newRealm.setSsoSessionMaxLifespan(36000);
    if (rep.getSsoSessionMaxLifespanRememberMe() != null)
        newRealm.setSsoSessionMaxLifespanRememberMe(rep.getSsoSessionMaxLifespanRememberMe());
    if (rep.getSsoSessionIdleTimeoutRememberMe() != null)
        newRealm.setSsoSessionIdleTimeoutRememberMe(rep.getSsoSessionIdleTimeoutRememberMe());
    if (rep.getOfflineSessionIdleTimeout() != null)
        newRealm.setOfflineSessionIdleTimeout(rep.getOfflineSessionIdleTimeout());
    else
        newRealm.setOfflineSessionIdleTimeout(Constants.DEFAULT_OFFLINE_SESSION_IDLE_TIMEOUT);
    // KEYCLOAK-7688 Offline Session Max for Offline Token
    if (rep.getOfflineSessionMaxLifespanEnabled() != null)
        newRealm.setOfflineSessionMaxLifespanEnabled(rep.getOfflineSessionMaxLifespanEnabled());
    else
        newRealm.setOfflineSessionMaxLifespanEnabled(false);
    if (rep.getOfflineSessionMaxLifespan() != null)
        newRealm.setOfflineSessionMaxLifespan(rep.getOfflineSessionMaxLifespan());
    else
        newRealm.setOfflineSessionMaxLifespan(Constants.DEFAULT_OFFLINE_SESSION_MAX_LIFESPAN);
    if (rep.getClientSessionIdleTimeout() != null)
        newRealm.setClientSessionIdleTimeout(rep.getClientSessionIdleTimeout());
    if (rep.getClientSessionMaxLifespan() != null)
        newRealm.setClientSessionMaxLifespan(rep.getClientSessionMaxLifespan());
    if (rep.getClientOfflineSessionIdleTimeout() != null)
        newRealm.setClientOfflineSessionIdleTimeout(rep.getClientOfflineSessionIdleTimeout());
    if (rep.getClientOfflineSessionMaxLifespan() != null)
        newRealm.setClientOfflineSessionMaxLifespan(rep.getClientOfflineSessionMaxLifespan());
    if (rep.getAccessCodeLifespan() != null)
        newRealm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
    else
        newRealm.setAccessCodeLifespan(60);
    if (rep.getAccessCodeLifespanUserAction() != null)
        newRealm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction());
    else
        newRealm.setAccessCodeLifespanUserAction(300);
    if (rep.getAccessCodeLifespanLogin() != null)
        newRealm.setAccessCodeLifespanLogin(rep.getAccessCodeLifespanLogin());
    else
        newRealm.setAccessCodeLifespanLogin(1800);
    if (rep.getActionTokenGeneratedByAdminLifespan() != null)
        newRealm.setActionTokenGeneratedByAdminLifespan(rep.getActionTokenGeneratedByAdminLifespan());
    else
        newRealm.setActionTokenGeneratedByAdminLifespan(12 * 60 * 60);
    if (rep.getActionTokenGeneratedByUserLifespan() != null)
        newRealm.setActionTokenGeneratedByUserLifespan(rep.getActionTokenGeneratedByUserLifespan());
    else
        newRealm.setActionTokenGeneratedByUserLifespan(newRealm.getAccessCodeLifespanUserAction());
    // OAuth 2.0 Device Authorization Grant
    OAuth2DeviceConfig deviceConfig = newRealm.getOAuth2DeviceConfig();
    deviceConfig.setOAuth2DeviceCodeLifespan(rep.getOAuth2DeviceCodeLifespan());
    deviceConfig.setOAuth2DevicePollingInterval(rep.getOAuth2DevicePollingInterval());
    if (rep.getSslRequired() != null)
        newRealm.setSslRequired(SslRequired.valueOf(rep.getSslRequired().toUpperCase()));
    if (rep.isRegistrationAllowed() != null)
        newRealm.setRegistrationAllowed(rep.isRegistrationAllowed());
    if (rep.isRegistrationEmailAsUsername() != null)
        newRealm.setRegistrationEmailAsUsername(rep.isRegistrationEmailAsUsername());
    if (rep.isRememberMe() != null)
        newRealm.setRememberMe(rep.isRememberMe());
    if (rep.isVerifyEmail() != null)
        newRealm.setVerifyEmail(rep.isVerifyEmail());
    if (rep.isLoginWithEmailAllowed() != null)
        newRealm.setLoginWithEmailAllowed(rep.isLoginWithEmailAllowed());
    if (rep.isDuplicateEmailsAllowed() != null)
        newRealm.setDuplicateEmailsAllowed(rep.isDuplicateEmailsAllowed());
    if (rep.isResetPasswordAllowed() != null)
        newRealm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
    if (rep.isEditUsernameAllowed() != null)
        newRealm.setEditUsernameAllowed(rep.isEditUsernameAllowed());
    if (rep.getLoginTheme() != null)
        newRealm.setLoginTheme(rep.getLoginTheme());
    if (rep.getAccountTheme() != null)
        newRealm.setAccountTheme(rep.getAccountTheme());
    if (rep.getAdminTheme() != null)
        newRealm.setAdminTheme(rep.getAdminTheme());
    if (rep.getEmailTheme() != null)
        newRealm.setEmailTheme(rep.getEmailTheme());
    // todo remove this stuff as its all deprecated
    if (rep.getRequiredCredentials() != null) {
        for (String requiredCred : rep.getRequiredCredentials()) {
            newRealm.addRequiredCredential(requiredCred);
        }
    } else {
        newRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
    }
    if (rep.getPasswordPolicy() != null)
        newRealm.setPasswordPolicy(PasswordPolicy.parse(session, rep.getPasswordPolicy()));
    if (rep.getOtpPolicyType() != null)
        newRealm.setOTPPolicy(toPolicy(rep));
    else
        newRealm.setOTPPolicy(OTPPolicy.DEFAULT_POLICY);
    WebAuthnPolicy webAuthnPolicy = getWebAuthnPolicyTwoFactor(rep);
    newRealm.setWebAuthnPolicy(webAuthnPolicy);
    webAuthnPolicy = getWebAuthnPolicyPasswordless(rep);
    newRealm.setWebAuthnPolicyPasswordless(webAuthnPolicy);
    updateCibaSettings(rep, newRealm);
    updateParSettings(rep, newRealm);
    Map<String, String> mappedFlows = importAuthenticationFlows(newRealm, rep);
    if (rep.getRequiredActions() != null) {
        for (RequiredActionProviderRepresentation action : rep.getRequiredActions()) {
            RequiredActionProviderModel model = toModel(action);
            MigrationUtils.updateOTPRequiredAction(model);
            newRealm.addRequiredActionProvider(model);
        }
        DefaultRequiredActions.addDeleteAccountAction(newRealm);
    } else {
        DefaultRequiredActions.addActions(newRealm);
    }
    importIdentityProviders(rep, newRealm, session);
    importIdentityProviderMappers(rep, newRealm);
    Map<String, ClientScopeModel> clientScopes = new HashMap<>();
    if (rep.getClientScopes() != null) {
        clientScopes = createClientScopes(session, rep.getClientScopes(), newRealm);
    }
    if (rep.getDefaultDefaultClientScopes() != null) {
        for (String clientScopeName : rep.getDefaultDefaultClientScopes()) {
            ClientScopeModel clientScope = clientScopes.get(clientScopeName);
            if (clientScope != null) {
                newRealm.addDefaultClientScope(clientScope, true);
            } else {
                logger.warnf("Referenced client scope '%s' doesn't exist", clientScopeName);
            }
        }
    }
    if (rep.getDefaultOptionalClientScopes() != null) {
        for (String clientScopeName : rep.getDefaultOptionalClientScopes()) {
            ClientScopeModel clientScope = clientScopes.get(clientScopeName);
            if (clientScope != null) {
                newRealm.addDefaultClientScope(clientScope, false);
            } else {
                logger.warnf("Referenced client scope '%s' doesn't exist", clientScopeName);
            }
        }
    }
    Map<String, ClientModel> createdClients = new HashMap<>();
    if (rep.getClients() != null) {
        createdClients = createClients(session, rep, newRealm, mappedFlows);
    }
    importRoles(rep.getRoles(), newRealm);
    convertDeprecatedDefaultRoles(rep, newRealm);
    if (rep.getClientScopeMappings() != null) {
        for (Map.Entry<String, List<ScopeMappingRepresentation>> entry : rep.getClientScopeMappings().entrySet()) {
            ClientModel app = createdClients.computeIfAbsent(entry.getKey(), k -> newRealm.getClientByClientId(entry.getKey()));
            if (app == null) {
                throw new RuntimeException("Unable to find client role mappings for client: " + entry.getKey());
            }
            createClientScopeMappings(newRealm, app, entry.getValue());
        }
    }
    if (rep.getScopeMappings() != null) {
        Map<String, RoleModel> roleModelMap = newRealm.getRolesStream().collect(Collectors.toMap(RoleModel::getId, Function.identity()));
        for (ScopeMappingRepresentation scope : rep.getScopeMappings()) {
            ScopeContainerModel scopeContainer = getScopeContainerHavingScope(newRealm, scope);
            for (String roleString : scope.getRoles()) {
                final String roleStringTrimmed = roleString.trim();
                RoleModel role = roleModelMap.computeIfAbsent(roleStringTrimmed, k -> newRealm.getRole(roleStringTrimmed));
                if (role == null) {
                    role = newRealm.addRole(roleString);
                    roleModelMap.put(role.getId(), role);
                }
                scopeContainer.addScopeMapping(role);
            }
        }
    }
    if (rep.getSmtpServer() != null) {
        newRealm.setSmtpConfig(new HashMap(rep.getSmtpServer()));
    }
    if (rep.getBrowserSecurityHeaders() != null) {
        newRealm.setBrowserSecurityHeaders(rep.getBrowserSecurityHeaders());
    } else {
        newRealm.setBrowserSecurityHeaders(BrowserSecurityHeaders.realmDefaultHeaders);
    }
    if (rep.getComponents() != null) {
        MultivaluedHashMap<String, ComponentExportRepresentation> components = rep.getComponents();
        String parentId = newRealm.getId();
        importComponents(newRealm, components, parentId);
    }
    importUserFederationProvidersAndMappers(session, rep, newRealm);
    if (rep.getGroups() != null) {
        importGroups(newRealm, rep);
        if (rep.getDefaultGroups() != null) {
            for (String path : rep.getDefaultGroups()) {
                GroupModel found = KeycloakModelUtils.findGroupByPath(newRealm, path);
                if (found == null)
                    throw new RuntimeException("default group in realm rep doesn't exist: " + path);
                newRealm.addDefaultGroup(found);
            }
        }
    }
    if (rep.getUsers() != null) {
        for (UserRepresentation userRep : rep.getUsers()) {
            createUser(session, newRealm, userRep);
        }
    }
    if (rep.getFederatedUsers() != null) {
        for (UserRepresentation userRep : rep.getFederatedUsers()) {
            importFederatedUser(session, newRealm, userRep);
        }
    }
    if (!skipUserDependent) {
        importRealmAuthorizationSettings(rep, newRealm, session);
    }
    if (rep.isInternationalizationEnabled() != null) {
        newRealm.setInternationalizationEnabled(rep.isInternationalizationEnabled());
    }
    if (rep.getSupportedLocales() != null) {
        newRealm.setSupportedLocales(new HashSet<String>(rep.getSupportedLocales()));
    }
    if (rep.getDefaultLocale() != null) {
        newRealm.setDefaultLocale(rep.getDefaultLocale());
    }
    if (rep.getAttributes() != null) {
        for (Map.Entry<String, String> attr : rep.getAttributes().entrySet()) {
            newRealm.setAttribute(attr.getKey(), attr.getValue());
        }
    }
    if (newRealm.getComponentsStream(newRealm.getId(), KeyProvider.class.getName()).count() == 0) {
        if (rep.getPrivateKey() != null) {
            DefaultKeyProviders.createProviders(newRealm, rep.getPrivateKey(), rep.getCertificate());
        } else {
            DefaultKeyProviders.createProviders(newRealm);
        }
    }
}
Also used : KeyProvider(org.keycloak.keys.KeyProvider) OAuth2DeviceConfig(org.keycloak.models.OAuth2DeviceConfig) ScopeContainerModel(org.keycloak.models.ScopeContainerModel) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) HashMap(java.util.HashMap) ScopeMappingRepresentation(org.keycloak.representations.idm.ScopeMappingRepresentation) GroupModel(org.keycloak.models.GroupModel) ClientScopeModel(org.keycloak.models.ClientScopeModel) RoleModel(org.keycloak.models.RoleModel) ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString) ArrayList(java.util.ArrayList) List(java.util.List) LinkedList(java.util.LinkedList) HashSet(java.util.HashSet) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) RequiredActionProviderRepresentation(org.keycloak.representations.idm.RequiredActionProviderRepresentation) RequiredActionProviderModel(org.keycloak.models.RequiredActionProviderModel) ComponentExportRepresentation(org.keycloak.representations.idm.ComponentExportRepresentation) ClientModel(org.keycloak.models.ClientModel) WebAuthnPolicy(org.keycloak.models.WebAuthnPolicy) Map(java.util.Map) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) HashMap(java.util.HashMap)

Example 4 with ScopeMappingRepresentation

use of org.keycloak.representations.idm.ScopeMappingRepresentation in project keycloak by keycloak.

the class RepresentationToModel method createClientScopeMappings.

// Scope mappings
public static void createClientScopeMappings(RealmModel realm, ClientModel clientModel, List<ScopeMappingRepresentation> mappings) {
    for (ScopeMappingRepresentation mapping : mappings) {
        ScopeContainerModel scopeContainer = getScopeContainerHavingScope(realm, mapping);
        for (String roleString : mapping.getRoles()) {
            RoleModel role = clientModel.getRole(roleString.trim());
            if (role == null) {
                role = clientModel.addRole(roleString.trim());
            }
            scopeContainer.addScopeMapping(role);
        }
    }
}
Also used : ScopeContainerModel(org.keycloak.models.ScopeContainerModel) ScopeMappingRepresentation(org.keycloak.representations.idm.ScopeMappingRepresentation) RoleModel(org.keycloak.models.RoleModel) ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)

Aggregations

ScopeMappingRepresentation (org.keycloak.representations.idm.ScopeMappingRepresentation)4 HashSet (java.util.HashSet)3 RoleModel (org.keycloak.models.RoleModel)3 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 LinkedList (java.util.LinkedList)2 List (java.util.List)2 Map (java.util.Map)2 Set (java.util.Set)2 MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)2 ClientModel (org.keycloak.models.ClientModel)2 ClientScopeModel (org.keycloak.models.ClientScopeModel)2 ScopeContainerModel (org.keycloak.models.ScopeContainerModel)2 ArtifactBindingUtils.computeArtifactBindingIdentifierString (org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)2 ComponentExportRepresentation (org.keycloak.representations.idm.ComponentExportRepresentation)2 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)2 JsonEncoding (com.fasterxml.jackson.core.JsonEncoding)1 JsonFactory (com.fasterxml.jackson.core.JsonFactory)1 JsonGenerator (com.fasterxml.jackson.core.JsonGenerator)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1