Examples with GroupPermissionManagement org.keycloak.services.resources.admin.permissions.GroupPermissionManagement used on opensource projects

Search in sources :

Example 1 with GroupPermissionManagement

use of org.keycloak.services.resources.admin.permissions.GroupPermissionManagement in project keycloak by keycloak.

the class FineGrainAdminUnitTest method testUserPagination.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testUserPagination() {
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        session.getContext().setRealm(realm);
        GroupModel customerAGroup = session.groups().createGroup(realm, "Customer A");
        UserModel customerAManager = session.users().addUser(realm, "customer-a-manager");
        session.userCredentialManager().updateCredential(realm, customerAManager, UserCredentialModel.password("password"));
        ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
        customerAManager.grantRole(realmAdminClient.getRole(AdminRoles.QUERY_USERS));
        customerAManager.setEnabled(true);
        UserModel regularAdminUser = session.users().addUser(realm, "regular-admin-user");
        session.userCredentialManager().updateCredential(realm, regularAdminUser, UserCredentialModel.password("password"));
        regularAdminUser.grantRole(realmAdminClient.getRole(AdminRoles.VIEW_USERS));
        regularAdminUser.setEnabled(true);
        AdminPermissionManagement management = AdminPermissions.management(session, realm);
        GroupPermissionManagement groupPermission = management.groups();
        groupPermission.setPermissionsEnabled(customerAGroup, true);
        UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
        userPolicyRepresentation.setName("Only " + customerAManager.getUsername());
        userPolicyRepresentation.addUser(customerAManager.getId());
        Policy policy = groupPermission.viewMembersPermission(customerAGroup);
        AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
        Policy userPolicy = provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer());
        policy.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, userPolicy));
        for (int i = 0; i < 20; i++) {
            UserModel userModel = session.users().addUser(realm, "a" + i);
            userModel.setFirstName("test");
        }
        for (int i = 20; i < 40; i++) {
            UserModel userModel = session.users().addUser(realm, "b" + i);
            userModel.setFirstName("test");
            userModel.joinGroup(customerAGroup);
        }
    });
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "customer-a-manager", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        List<UserRepresentation> result = client.realm("test").users().search(null, "test", null, null, -1, 20);
        Assert.assertEquals(20, result.size());
        Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
        result = client.realm("test").users().search(null, "test", null, null, 20, 40);
        Assert.assertEquals(0, result.size());
    }
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        List<UserRepresentation> result = client.realm("test").users().search(null, "test", null, null, -1, 20);
        Assert.assertEquals(20, result.size());
        Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("a"))));
        client.realm("test").users().search(null, null, null, null, -1, -1);
        Assert.assertEquals(20, result.size());
        Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("a"))));
    }
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "customer-a-manager", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        List<UserRepresentation> result = client.realm("test").users().search(null, null, null, null, -1, 20);
        Assert.assertEquals(20, result.size());
        Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
        result = client.realm("test").users().search("test", -1, 20, false);
        Assert.assertEquals(20, result.size());
        Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
        result = client.realm("test").users().search("a", -1, 20, false);
        Assert.assertEquals(0, result.size());
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) GroupModel(org.keycloak.models.GroupModel) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) Keycloak(org.keycloak.admin.client.Keycloak) GroupPermissionManagement(org.keycloak.services.resources.admin.permissions.GroupPermissionManagement) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)1 Keycloak (org.keycloak.admin.client.Keycloak)1 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)1 Policy (org.keycloak.authorization.model.Policy)1 ClientModel (org.keycloak.models.ClientModel)1 GroupModel (org.keycloak.models.GroupModel)1 RealmModel (org.keycloak.models.RealmModel)1 UserModel (org.keycloak.models.UserModel)1 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)1 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)1 AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)1 GroupPermissionManagement (org.keycloak.services.resources.admin.permissions.GroupPermissionManagement)1 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)1 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial