Example 21 with AdminPermissionManagement
use of org.keycloak.services.resources.admin.permissions.AdminPermissionManagement in project keycloak by keycloak.
the class BrokerLinkAndTokenExchangeTest method setupRealm.
public static void setupRealm(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName(CHILD_IDP);
ClientModel client = realm.getClientByClientId(ClientApp.DEPLOYMENT_NAME);
IdentityProviderModel idp = realm.getIdentityProviderByAlias(PARENT_IDP);
Assert.assertNotNull(idp);
ClientModel directExchanger = realm.addClient("direct-exchanger");
directExchanger.setClientId("direct-exchanger");
directExchanger.setPublicClient(false);
directExchanger.setDirectAccessGrantsEnabled(true);
directExchanger.setEnabled(true);
directExchanger.setSecret("secret");
directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
directExchanger.setFullScopeAllowed(false);
AdminPermissionManagement management = AdminPermissions.management(session, realm);
management.idps().setPermissionsEnabled(idp, true);
ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation();
clientRep.setName("toIdp");
clientRep.addClient(client.getId());
clientRep.addClient(directExchanger.getId());
ResourceServer server = management.realmResourceServer();
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
management.idps().exchangeToPermission(idp).addAssociatedPolicy(clientPolicy);
// permission for user impersonation for a client
ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
clientImpersonateRep.setName("clientImpersonators");
clientImpersonateRep.addClient(directExchanger.getId());
server = management.realmResourceServer();
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
management.users().setPermissionsEnabled(true);
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
Policy(org.keycloak.authorization.model.Policy)
ClientModel(org.keycloak.models.ClientModel)
ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)
IdentityProviderModel(org.keycloak.models.IdentityProviderModel)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)
Example 22 with AdminPermissionManagement
use of org.keycloak.services.resources.admin.permissions.AdminPermissionManagement in project keycloak by keycloak.
the class ClientTokenExchangeSAML2Test method setupRealm.
public static void setupRealm(KeycloakSession session) {
addTargetClients(session);
addDirectExchanger(session);
RealmModel realm = session.realms().getRealmByName(TEST);
RoleModel exampleRole = realm.getRole("example");
AdminPermissionManagement management = AdminPermissions.management(session, realm);
RoleModel impersonateRole = management.getRealmManagementClient().getRole(ImpersonationConstants.IMPERSONATION_ROLE);
ClientModel clientExchanger = realm.addClient("client-exchanger");
clientExchanger.setClientId("client-exchanger");
clientExchanger.setPublicClient(false);
clientExchanger.setDirectAccessGrantsEnabled(true);
clientExchanger.setEnabled(true);
clientExchanger.setSecret("secret");
clientExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
clientExchanger.setFullScopeAllowed(false);
clientExchanger.addScopeMapping(impersonateRole);
clientExchanger.addProtocolMapper(UserSessionNoteMapper.createUserSessionNoteMapper(IMPERSONATOR_ID));
clientExchanger.addProtocolMapper(UserSessionNoteMapper.createUserSessionNoteMapper(IMPERSONATOR_USERNAME));
ClientModel illegal = realm.addClient("illegal");
illegal.setClientId("illegal");
illegal.setPublicClient(false);
illegal.setDirectAccessGrantsEnabled(true);
illegal.setEnabled(true);
illegal.setSecret("secret");
illegal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
illegal.setFullScopeAllowed(false);
ClientModel legal = realm.addClient("legal");
legal.setClientId("legal");
legal.setPublicClient(false);
legal.setDirectAccessGrantsEnabled(true);
legal.setEnabled(true);
legal.setSecret("secret");
legal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
legal.setFullScopeAllowed(false);
ClientModel directLegal = realm.addClient("direct-legal");
directLegal.setClientId("direct-legal");
directLegal.setPublicClient(false);
directLegal.setDirectAccessGrantsEnabled(true);
directLegal.setEnabled(true);
directLegal.setSecret("secret");
directLegal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
directLegal.setFullScopeAllowed(false);
ClientModel directPublic = realm.addClient("direct-public");
directPublic.setClientId("direct-public");
directPublic.setPublicClient(true);
directPublic.setDirectAccessGrantsEnabled(true);
directPublic.setEnabled(true);
directPublic.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
directPublic.setFullScopeAllowed(false);
ClientModel directNoSecret = realm.addClient("direct-no-secret");
directNoSecret.setClientId("direct-no-secret");
directNoSecret.setPublicClient(false);
directNoSecret.setDirectAccessGrantsEnabled(true);
directNoSecret.setEnabled(true);
directNoSecret.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
directNoSecret.setFullScopeAllowed(false);
// permission for client to client exchange to "target" client
ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation();
clientRep.setName("to");
clientRep.addClient(clientExchanger.getId());
clientRep.addClient(legal.getId());
clientRep.addClient(directLegal.getId());
ClientModel samlSignedTarget = realm.getClientByClientId(SAML_SIGNED_TARGET);
ClientModel samlEncryptedTarget = realm.getClientByClientId(SAML_ENCRYPTED_TARGET);
ClientModel samlSignedAndEncryptedTarget = realm.getClientByClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET);
ClientModel samlUnsignedAndUnencryptedTarget = realm.getClientByClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET);
assertNotNull(samlSignedTarget);
assertNotNull(samlEncryptedTarget);
assertNotNull(samlSignedAndEncryptedTarget);
assertNotNull(samlUnsignedAndUnencryptedTarget);
ResourceServer server = management.realmResourceServer();
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
management.clients().exchangeToPermission(samlSignedTarget).addAssociatedPolicy(clientPolicy);
management.clients().exchangeToPermission(samlEncryptedTarget).addAssociatedPolicy(clientPolicy);
management.clients().exchangeToPermission(samlSignedAndEncryptedTarget).addAssociatedPolicy(clientPolicy);
management.clients().exchangeToPermission(samlUnsignedAndUnencryptedTarget).addAssociatedPolicy(clientPolicy);
// permission for user impersonation for a client
ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
clientImpersonateRep.setName("clientImpersonators");
clientImpersonateRep.addClient(directLegal.getId());
clientImpersonateRep.addClient(directPublic.getId());
clientImpersonateRep.addClient(directNoSecret.getId());
server = management.realmResourceServer();
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
management.users().setPermissionsEnabled(true);
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
UserModel user = session.users().addUser(realm, "user");
user.setEnabled(true);
session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password("password"));
user.grantRole(exampleRole);
user.grantRole(impersonateRole);
UserModel bad = session.users().addUser(realm, "bad-impersonator");
bad.setEnabled(true);
session.userCredentialManager().updateCredential(realm, bad, UserCredentialModel.password("password"));
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
Policy(org.keycloak.authorization.model.Policy)
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)
RoleModel(org.keycloak.models.RoleModel)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)
Example 23 with AdminPermissionManagement
use of org.keycloak.services.resources.admin.permissions.AdminPermissionManagement in project keycloak by keycloak.
the class FineGrainAdminUnitTest method testUserPagination.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testUserPagination() {
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
GroupModel customerAGroup = session.groups().createGroup(realm, "Customer A");
UserModel customerAManager = session.users().addUser(realm, "customer-a-manager");
session.userCredentialManager().updateCredential(realm, customerAManager, UserCredentialModel.password("password"));
ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
customerAManager.grantRole(realmAdminClient.getRole(AdminRoles.QUERY_USERS));
customerAManager.setEnabled(true);
UserModel regularAdminUser = session.users().addUser(realm, "regular-admin-user");
session.userCredentialManager().updateCredential(realm, regularAdminUser, UserCredentialModel.password("password"));
regularAdminUser.grantRole(realmAdminClient.getRole(AdminRoles.VIEW_USERS));
regularAdminUser.setEnabled(true);
AdminPermissionManagement management = AdminPermissions.management(session, realm);
GroupPermissionManagement groupPermission = management.groups();
groupPermission.setPermissionsEnabled(customerAGroup, true);
UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
userPolicyRepresentation.setName("Only " + customerAManager.getUsername());
userPolicyRepresentation.addUser(customerAManager.getId());
Policy policy = groupPermission.viewMembersPermission(customerAGroup);
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
Policy userPolicy = provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer());
policy.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, userPolicy));
for (int i = 0; i < 20; i++) {
UserModel userModel = session.users().addUser(realm, "a" + i);
userModel.setFirstName("test");
}
for (int i = 20; i < 40; i++) {
UserModel userModel = session.users().addUser(realm, "b" + i);
userModel.setFirstName("test");
userModel.joinGroup(customerAGroup);
}
});
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "customer-a-manager", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
List<UserRepresentation> result = client.realm("test").users().search(null, "test", null, null, -1, 20);
Assert.assertEquals(20, result.size());
Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
result = client.realm("test").users().search(null, "test", null, null, 20, 40);
Assert.assertEquals(0, result.size());
}
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
List<UserRepresentation> result = client.realm("test").users().search(null, "test", null, null, -1, 20);
Assert.assertEquals(20, result.size());
Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("a"))));
client.realm("test").users().search(null, null, null, null, -1, -1);
Assert.assertEquals(20, result.size());
Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("a"))));
}
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "customer-a-manager", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
List<UserRepresentation> result = client.realm("test").users().search(null, null, null, null, -1, 20);
Assert.assertEquals(20, result.size());
Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
result = client.realm("test").users().search("test", -1, 20, false);
Assert.assertEquals(20, result.size());
Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
result = client.realm("test").users().search("a", -1, 20, false);
Assert.assertEquals(0, result.size());
}
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
GroupModel(org.keycloak.models.GroupModel)
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)
Keycloak(org.keycloak.admin.client.Keycloak)
GroupPermissionManagement(org.keycloak.services.resources.admin.permissions.GroupPermissionManagement)
AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Example 24 with AdminPermissionManagement
use of org.keycloak.services.resources.admin.permissions.AdminPermissionManagement in project keycloak by keycloak.
the class FineGrainAdminUnitTest method invokeDelete.
public static void invokeDelete(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName(TEST);
AdminPermissionManagement management = AdminPermissions.management(session, realm);
List<Resource> byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
Assert.assertEquals(5, byResourceServer.size());
RoleModel removedRole = realm.getRole("removedRole");
realm.removeRole(removedRole);
ClientModel client = realm.getClientByClientId("removedClient");
RoleModel removedClientRole = client.getRole("removedClientRole");
client.removeRole(removedClientRole);
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, "removedGroup");
realm.removeGroup(group);
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
Assert.assertEquals(2, byResourceServer.size());
realm.removeClient(client.getId());
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
Assert.assertEquals(1, byResourceServer.size());
management.users().setPermissionsEnabled(false);
Resource userResource = management.authz().getStoreFactory().getResourceStore().findByName("Users", management.realmResourceServer().getId());
Assert.assertNull(userResource);
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
Assert.assertEquals(0, byResourceServer.size());
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
ClientModel(org.keycloak.models.ClientModel)
Resource(org.keycloak.authorization.model.Resource)
GroupModel(org.keycloak.models.GroupModel)
RoleModel(org.keycloak.models.RoleModel)
AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)
Example 25 with AdminPermissionManagement
use of org.keycloak.services.resources.admin.permissions.AdminPermissionManagement in project keycloak by keycloak.
the class FineGrainAdminUnitTest method testClientsSearch.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testClientsSearch() {
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
UserModel regularAdminUser = session.users().addUser(realm, "regular-admin-user");
session.userCredentialManager().updateCredential(realm, regularAdminUser, UserCredentialModel.password("password"));
regularAdminUser.grantRole(realmAdminClient.getRole(AdminRoles.QUERY_CLIENTS));
regularAdminUser.setEnabled(true);
UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
userPolicyRepresentation.setName("Only " + regularAdminUser.getUsername());
userPolicyRepresentation.addUser(regularAdminUser.getId());
for (int i = 0; i < 30; i++) {
realm.addClient("client-search-" + (i < 10 ? "0" + i : i));
}
AdminPermissionManagement management = AdminPermissions.management(session, realm);
ClientPermissionManagement clientPermission = management.clients();
ClientModel clientModel = realm.getClientByClientId("client-search-09");
clientPermission.setPermissionsEnabled(clientModel, true);
Policy policy = clientPermission.viewPermission(clientModel);
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
Policy userPolicy = provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer());
policy.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, userPolicy));
});
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
List<ClientRepresentation> result = client.realm("test").clients().findAll("client-search-", true, true, 0, 5);
Assert.assertEquals(1, result.size());
Assert.assertEquals("client-search-09", result.get(0).getClientId());
}
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
AdminPermissionManagement management = AdminPermissions.management(session, realm);
ClientPermissionManagement clientPermission = management.clients();
ClientModel clientModel = realm.getClientByClientId("client-search-10");
clientPermission.setPermissionsEnabled(clientModel, true);
Policy policy = clientPermission.viewPermission(clientModel);
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
policy.addAssociatedPolicy(provider.getStoreFactory().getPolicyStore().findByName("Only regular-admin-user", realmAdminClient.getId()));
});
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
List<ClientRepresentation> result = client.realm("test").clients().findAll("client-search-", true, true, -1, -1);
Assert.assertEquals(2, result.size());
}
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
List<ClientRepresentation> result = client.realm("test").clients().findAll(null, true, false, 0, 5);
Assert.assertEquals(2, result.size());
}
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
List<ClientRepresentation> result = client.realm("test").clients().findAll(null, true, false, 0, 1);
Assert.assertEquals(1, result.size());
Assert.assertThat(result, Matchers.hasItem(Matchers.hasProperty("clientId", Matchers.is("client-search-09"))));
result = client.realm("test").clients().findAll(null, true, false, 1, 1);
Assert.assertThat(result, Matchers.hasItem(Matchers.hasProperty("clientId", Matchers.is("client-search-10"))));
Assert.assertEquals(1, result.size());
result = client.realm("test").clients().findAll(null, true, false, 2, 1);
Assert.assertTrue(result.isEmpty());
}
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
List<ClientRepresentation> result = client.realm("test").clients().findAll(null, true, false, -1, -1);
Assert.assertEquals(2, result.size());
}
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
AdminPermissionManagement management = AdminPermissions.management(session, realm);
ClientPermissionManagement clientPermission = management.clients();
for (int i = 11; i < 30; i++) {
ClientModel clientModel = realm.getClientByClientId("client-search-" + i);
clientPermission.setPermissionsEnabled(clientModel, true);
Policy policy = clientPermission.viewPermission(clientModel);
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
policy.addAssociatedPolicy(provider.getStoreFactory().getPolicyStore().findByName("Only regular-admin-user", realmAdminClient.getId()));
}
});
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
List<ClientRepresentation> clients = new ArrayList<>();
List<ClientRepresentation> result = client.realm("test").clients().findAll("client-search-", true, true, 0, 10);
clients.addAll(result);
Assert.assertEquals(10, result.size());
Assert.assertThat(result.stream().map(rep -> rep.getClientId()).collect(Collectors.toList()), Matchers.is(Arrays.asList("client-search-09", "client-search-10", "client-search-11", "client-search-12", "client-search-13", "client-search-14", "client-search-15", "client-search-16", "client-search-17", "client-search-18")));
result = client.realm("test").clients().findAll("client-search-", true, true, 10, 10);
clients.addAll(result);
Assert.assertEquals(10, result.size());
Assert.assertThat(result.stream().map(rep -> rep.getClientId()).collect(Collectors.toList()), Matchers.is(Arrays.asList("client-search-19", "client-search-20", "client-search-21", "client-search-22", "client-search-23", "client-search-24", "client-search-25", "client-search-26", "client-search-27", "client-search-28")));
result = client.realm("test").clients().findAll("client-search-", true, true, 20, 10);
clients.addAll(result);
Assert.assertEquals(1, result.size());
Assert.assertThat(result, Matchers.hasItems(Matchers.hasProperty("clientId", Matchers.isOneOf("client-search-29"))));
}
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
ArrayList(java.util.ArrayList)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
ClientPermissionManagement(org.keycloak.services.resources.admin.permissions.ClientPermissionManagement)
UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)
Keycloak(org.keycloak.admin.client.Keycloak)
AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Aggregations
AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)26
ClientModel (org.keycloak.models.ClientModel)14
RealmModel (org.keycloak.models.RealmModel)14
Path (javax.ws.rs.Path)12
Produces (javax.ws.rs.Produces)12
NoCache (org.jboss.resteasy.annotations.cache.NoCache)12
Policy (org.keycloak.authorization.model.Policy)12
RoleModel (org.keycloak.models.RoleModel)12
ManagementPermissionReference (org.keycloak.representations.idm.ManagementPermissionReference)12
ResourceServer (org.keycloak.authorization.model.ResourceServer)9
UserModel (org.keycloak.models.UserModel)8
ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)7
Consumes (javax.ws.rs.Consumes)6
GET (javax.ws.rs.GET)6
PUT (javax.ws.rs.PUT)6
GroupModel (org.keycloak.models.GroupModel)5
UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)4
Test (org.junit.Test)3
Keycloak (org.keycloak.admin.client.Keycloak)3
AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)3
