use of org.keycloak.services.resources.admin.permissions.AdminPermissionManagement in project keycloak by keycloak.
the class SocialLoginTest method setupClientExchangePermissions.
public static void setupClientExchangePermissions(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName(REALM);
ClientModel client = session.clients().getClientByClientId(realm, EXCHANGE_CLIENT);
// lazy init
if (client != null)
return;
client = realm.addClient(EXCHANGE_CLIENT);
client.setSecret("secret");
client.setPublicClient(false);
client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
client.setEnabled(true);
client.setDirectAccessGrantsEnabled(true);
ClientPolicyRepresentation clientPolicyRep = new ClientPolicyRepresentation();
clientPolicyRep.setName("client-policy");
clientPolicyRep.addClient(client.getId());
AdminPermissionManagement management = AdminPermissions.management(session, realm);
management.users().setPermissionsEnabled(true);
ResourceServer server = management.realmResourceServer();
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientPolicyRep, server);
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientPolicy);
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
realm.getIdentityProvidersStream().forEach(idp -> {
management.idps().setPermissionsEnabled(idp, true);
management.idps().exchangeToPermission(idp).addAssociatedPolicy(clientPolicy);
});
}
Aggregations