Search in sources :

Example 26 with AdminPermissionManagement

use of org.keycloak.services.resources.admin.permissions.AdminPermissionManagement in project keycloak by keycloak.

the class SocialLoginTest method setupClientExchangePermissions.

public static void setupClientExchangePermissions(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(REALM);
    ClientModel client = session.clients().getClientByClientId(realm, EXCHANGE_CLIENT);
    // lazy init
    if (client != null)
        return;
    client = realm.addClient(EXCHANGE_CLIENT);
    client.setSecret("secret");
    client.setPublicClient(false);
    client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    client.setEnabled(true);
    client.setDirectAccessGrantsEnabled(true);
    ClientPolicyRepresentation clientPolicyRep = new ClientPolicyRepresentation();
    clientPolicyRep.setName("client-policy");
    clientPolicyRep.addClient(client.getId());
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    management.users().setPermissionsEnabled(true);
    ResourceServer server = management.realmResourceServer();
    Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientPolicyRep, server);
    management.users().adminImpersonatingPermission().addAssociatedPolicy(clientPolicy);
    management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    realm.getIdentityProvidersStream().forEach(idp -> {
        management.idps().setPermissionsEnabled(idp, true);
        management.idps().exchangeToPermission(idp).addAssociatedPolicy(clientPolicy);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ResourceServer(org.keycloak.authorization.model.ResourceServer) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)

Aggregations

AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)26 ClientModel (org.keycloak.models.ClientModel)14 RealmModel (org.keycloak.models.RealmModel)14 Path (javax.ws.rs.Path)12 Produces (javax.ws.rs.Produces)12 NoCache (org.jboss.resteasy.annotations.cache.NoCache)12 Policy (org.keycloak.authorization.model.Policy)12 RoleModel (org.keycloak.models.RoleModel)12 ManagementPermissionReference (org.keycloak.representations.idm.ManagementPermissionReference)12 ResourceServer (org.keycloak.authorization.model.ResourceServer)9 UserModel (org.keycloak.models.UserModel)8 ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)7 Consumes (javax.ws.rs.Consumes)6 GET (javax.ws.rs.GET)6 PUT (javax.ws.rs.PUT)6 GroupModel (org.keycloak.models.GroupModel)5 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)4 Test (org.junit.Test)3 Keycloak (org.keycloak.admin.client.Keycloak)3 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)3