Examples with RealmManager org.keycloak.services.managers.RealmManager used on opensource projects

Example 21 with RealmManager

use of org.keycloak.services.managers.RealmManager in project keycloak by keycloak.

the class ClientResource method updateClientFromRep.

private void updateClientFromRep(ClientRepresentation rep, ClientModel client, KeycloakSession session) throws ModelDuplicateException {
    UserModel serviceAccount = this.session.users().getServiceAccount(client);
    if (TRUE.equals(rep.isServiceAccountsEnabled())) {
        if (serviceAccount == null) {
            new ClientManager(new RealmManager(session)).enableServiceAccount(client);
        }
    } else {
        if (serviceAccount != null) {
            new UserManager(session).removeUser(realm, serviceAccount);
        }
    }
    if (rep.getClientId() != null && !rep.getClientId().equals(client.getClientId())) {
        new ClientManager(new RealmManager(session)).clientIdChanged(client, rep);
    }
    if (rep.isFullScopeAllowed() != null && rep.isFullScopeAllowed() != client.isFullScopeAllowed()) {
        auth.clients().requireManage(client);
    }
    if ((rep.isBearerOnly() != null && rep.isBearerOnly()) || (rep.isPublicClient() != null && rep.isPublicClient())) {
        rep.setAuthorizationServicesEnabled(false);
    }
    RepresentationToModel.updateClient(rep, client);
    RepresentationToModel.updateClientProtocolMappers(rep, client);
    updateAuthorizationSettings(rep);
}

Example 22 with RealmManager

use of org.keycloak.services.managers.RealmManager in project keycloak by keycloak.

the class ClientsResource method createClient.

/**
 * Create a new client
 *
 * Client's client_id must be unique!
 *
 * @param rep
 * @return
 */
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response createClient(final ClientRepresentation rep) {
    auth.clients().requireManage();
    try {
        session.clientPolicy().triggerOnEvent(new AdminClientRegisterContext(rep, auth.adminAuth()));
        ClientModel clientModel = ClientManager.createClient(session, realm, rep);
        if (TRUE.equals(rep.isServiceAccountsEnabled())) {
            UserModel serviceAccount = session.users().getServiceAccount(clientModel);
            if (serviceAccount == null) {
                new ClientManager(new RealmManager(session)).enableServiceAccount(clientModel);
            }
        }
        adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
        if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && TRUE.equals(rep.getAuthorizationServicesEnabled())) {
            AuthorizationService authorizationService = getAuthorizationService(clientModel);
            authorizationService.enable(true);
            ResourceServerRepresentation authorizationSettings = rep.getAuthorizationSettings();
            if (authorizationSettings != null) {
                authorizationService.resourceServer().importSettings(authorizationSettings);
            }
        }
        ValidationUtil.validateClient(session, clientModel, true, r -> {
            session.getTransactionManager().setRollbackOnly();
            throw new ErrorResponseException(Errors.INVALID_INPUT, r.getAllLocalizedErrorsAsString(AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale())), Response.Status.BAD_REQUEST);
        });
        session.clientPolicy().triggerOnEvent(new AdminClientRegisteredContext(clientModel, auth.adminAuth()));
        return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
    } catch (ModelDuplicateException e) {
        return ErrorResponse.exists("Client " + rep.getClientId() + " already exists");
    } catch (ClientPolicyException cpe) {
        throw new ErrorResponseException(cpe.getError(), cpe.getErrorDetail(), Response.Status.BAD_REQUEST);
    }
}

Example 23 with RealmManager

use of org.keycloak.services.managers.RealmManager in project keycloak by keycloak.

the class AdminConsole method whoAmI.

/**
 * Permission information
 *
 * @param headers
 * @return
 */
@Path("whoami")
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public Response whoAmI(@Context final HttpHeaders headers) {
    RealmManager realmManager = new RealmManager(session);
    AuthenticationManager.AuthResult authResult = new AppAuthManager.BearerTokenAuthenticator(session).setRealm(realm).setConnection(clientConnection).setHeaders(headers).authenticate();
    if (authResult == null) {
        return Response.status(401).build();
    }
    UserModel user = authResult.getUser();
    String displayName;
    if ((user.getFirstName() != null && !user.getFirstName().trim().equals("")) || (user.getLastName() != null && !user.getLastName().trim().equals(""))) {
        displayName = user.getFirstName();
        if (user.getLastName() != null) {
            displayName = displayName != null ? displayName + " " + user.getLastName() : user.getLastName();
        }
    } else {
        displayName = user.getUsername();
    }
    RealmModel masterRealm = getAdminstrationRealm(realmManager);
    Map<String, Set<String>> realmAccess = new HashMap<String, Set<String>>();
    if (masterRealm == null)
        throw new NotFoundException("No realm found");
    boolean createRealm = false;
    if (realm.equals(masterRealm)) {
        logger.debug("setting up realm access for a master realm user");
        createRealm = user.hasRole(masterRealm.getRole(AdminRoles.CREATE_REALM));
        addMasterRealmAccess(user, realmAccess);
    } else {
        logger.debug("setting up realm access for a realm user");
        addRealmAccess(realm, user, realmAccess);
    }
    Locale locale = session.getContext().resolveLocale(user);
    Cors.add(request).allowedOrigins(authResult.getToken()).allowedMethods("GET").auth().build(response);
    return Response.ok(new WhoAmI(user.getId(), realm.getName(), displayName, createRealm, realmAccess, locale)).build();
}

Example 24 with RealmManager

use of org.keycloak.services.managers.RealmManager in project keycloak by keycloak.

the class AdminRoot method authenticateRealmAdminRequest.

protected AdminAuth authenticateRealmAdminRequest(HttpHeaders headers) {
    String tokenString = AppAuthManager.extractAuthorizationHeaderToken(headers);
    if (tokenString == null)
        throw new NotAuthorizedException("Bearer");
    AccessToken token;
    try {
        JWSInput input = new JWSInput(tokenString);
        token = input.readJsonContent(AccessToken.class);
    } catch (JWSInputException e) {
        throw new NotAuthorizedException("Bearer token format error");
    }
    String realmName = token.getIssuer().substring(token.getIssuer().lastIndexOf('/') + 1);
    RealmManager realmManager = new RealmManager(session);
    RealmModel realm = realmManager.getRealmByName(realmName);
    if (realm == null) {
        throw new NotAuthorizedException("Unknown realm in token");
    }
    session.getContext().setRealm(realm);
    AuthenticationManager.AuthResult authResult = new AppAuthManager.BearerTokenAuthenticator(session).setRealm(realm).setConnection(clientConnection).setHeaders(headers).authenticate();
    if (authResult == null) {
        logger.debug("Token not valid");
        throw new NotAuthorizedException("Bearer");
    }
    return new AdminAuth(realm, authResult.getToken(), authResult.getUser(), authResult.getClient());
}

Example 25 with RealmManager

use of org.keycloak.services.managers.RealmManager in project keycloak by keycloak.

the class AdminRoot method getAdminConsole.

/**
 * path to realm admin console ui
 *
 * @exclude
 * @param name Realm name (not id!)
 * @return
 */
@Path("{realm}/console")
public AdminConsole getAdminConsole(@PathParam("realm") final String name) {
    RealmManager realmManager = new RealmManager(session);
    RealmModel realm = locateRealm(name, realmManager);
    AdminConsole service = new AdminConsole(realm);
    ResteasyProviderFactory.getInstance().injectProperties(service);
    return service;
}