Examples with UPAttributePermissions org.keycloak.userprofile.config.UPAttributePermissions used on opensource projects

Search in sources :

Example 6 with UPAttributePermissions

use of org.keycloak.userprofile.config.UPAttributePermissions in project keycloak by keycloak.

the class UserProfileTest method testNoValidationsIfAdminReadOnly.

private static void testNoValidationsIfAdminReadOnly(KeycloakSession session) throws IOException {
    DeclarativeUserProfileProvider provider = getDynamicUserProfileProvider(session);
    ComponentModel component = provider.getComponentModel();
    assertNotNull(component);
    UPConfig config = new UPConfig();
    UPAttribute attribute = new UPAttribute();
    attribute.setName(ATT_ADDRESS);
    UPAttributeRequired requirements = new UPAttributeRequired();
    attribute.setRequired(requirements);
    UPAttributePermissions permissions = new UPAttributePermissions();
    permissions.setEdit(Collections.singleton(UPConfigUtils.ROLE_USER));
    attribute.setPermissions(permissions);
    config.addAttribute(attribute);
    provider.setConfiguration(JsonSerialization.writeValueAsString(config));
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(UserModel.USERNAME, "user");
    // Fails on USER context
    UserProfile profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
    try {
        profile.validate();
        fail("Should fail validation");
    } catch (ValidationException ve) {
        assertTrue(ve.isAttributeOnError(ATT_ADDRESS));
    }
    // NO fail on ADMIN context - User REST API
    profile = provider.create(UserProfileContext.USER_API, attributes);
    profile.validate();
}
Also used : UPAttributePermissions(org.keycloak.userprofile.config.UPAttributePermissions) ComponentValidationException(org.keycloak.component.ComponentValidationException) ValidationException(org.keycloak.userprofile.ValidationException) UserProfile(org.keycloak.userprofile.UserProfile) HashMap(java.util.HashMap) DeclarativeUserProfileProvider(org.keycloak.userprofile.DeclarativeUserProfileProvider) UPConfig(org.keycloak.userprofile.config.UPConfig) ComponentModel(org.keycloak.component.ComponentModel) UPAttributeRequired(org.keycloak.userprofile.config.UPAttributeRequired) UPAttribute(org.keycloak.userprofile.config.UPAttribute)

Example 7 with UPAttributePermissions

use of org.keycloak.userprofile.config.UPAttributePermissions in project keycloak by keycloak.

the class UserProfileTest method testRequiredByClientScope.

private static void testRequiredByClientScope(KeycloakSession session) throws IOException {
    DeclarativeUserProfileProvider provider = getDynamicUserProfileProvider(session);
    ComponentModel component = provider.getComponentModel();
    assertNotNull(component);
    UPConfig config = new UPConfig();
    UPAttribute attribute = new UPAttribute();
    attribute.setName(ATT_ADDRESS);
    UPAttributeRequired requirements = new UPAttributeRequired();
    requirements.setScopes(Collections.singleton("client-a"));
    attribute.setRequired(requirements);
    UPAttributePermissions permissions = new UPAttributePermissions();
    permissions.setEdit(Collections.singleton("user"));
    attribute.setPermissions(permissions);
    config.addAttribute(attribute);
    provider.setConfiguration(JsonSerialization.writeValueAsString(config));
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(UserModel.USERNAME, "user");
    attributes.put(UserModel.EMAIL, "user@email.test");
    // client with default scopes for which is attribute NOT configured as required
    configureAuthenticationSession(session, "client-b", null);
    // no fail on User API nor Account console as they do not have scopes
    UserProfile profile = provider.create(UserProfileContext.USER_API, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.ACCOUNT, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.ACCOUNT_OLD, attributes);
    profile.validate();
    // no fail on auth flow scopes when scope is not required
    profile = provider.create(UserProfileContext.REGISTRATION_PROFILE, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.REGISTRATION_USER_CREATION, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.IDP_REVIEW, attributes);
    profile.validate();
    // client with default scope for which is attribute configured as required
    configureAuthenticationSession(session, "client-a", null);
    // no fail on User API nor Account console as they do not have scopes
    profile = provider.create(UserProfileContext.USER_API, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.ACCOUNT, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.ACCOUNT_OLD, attributes);
    profile.validate();
    // fail on auth flow scopes when scope is required
    try {
        profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
        profile.validate();
        fail("Should fail validation");
    } catch (ValidationException ve) {
        assertTrue(ve.isAttributeOnError(ATT_ADDRESS));
    }
    try {
        profile = provider.create(UserProfileContext.REGISTRATION_PROFILE, attributes);
        profile.validate();
        fail("Should fail validation");
    } catch (ValidationException ve) {
        assertTrue(ve.isAttributeOnError(ATT_ADDRESS));
    }
    try {
        profile = provider.create(UserProfileContext.IDP_REVIEW, attributes);
        profile.validate();
        fail("Should fail validation");
    } catch (ValidationException ve) {
        assertTrue(ve.isAttributeOnError(ATT_ADDRESS));
    }
}
Also used : UPAttributePermissions(org.keycloak.userprofile.config.UPAttributePermissions) ComponentValidationException(org.keycloak.component.ComponentValidationException) ValidationException(org.keycloak.userprofile.ValidationException) UserProfile(org.keycloak.userprofile.UserProfile) HashMap(java.util.HashMap) DeclarativeUserProfileProvider(org.keycloak.userprofile.DeclarativeUserProfileProvider) UPConfig(org.keycloak.userprofile.config.UPConfig) ComponentModel(org.keycloak.component.ComponentModel) UPAttributeRequired(org.keycloak.userprofile.config.UPAttributeRequired) UPAttribute(org.keycloak.userprofile.config.UPAttribute)

Example 8 with UPAttributePermissions

use of org.keycloak.userprofile.config.UPAttributePermissions in project keycloak by keycloak.

the class UserProfileTest method testRequiredIfAdmin.

private static void testRequiredIfAdmin(KeycloakSession session) throws IOException {
    DeclarativeUserProfileProvider provider = getDynamicUserProfileProvider(session);
    ComponentModel component = provider.getComponentModel();
    assertNotNull(component);
    UPConfig config = new UPConfig();
    UPAttribute attribute = new UPAttribute();
    attribute.setName(ATT_ADDRESS);
    UPAttributeRequired requirements = new UPAttributeRequired();
    requirements.setRoles(Collections.singleton(ROLE_ADMIN));
    attribute.setRequired(requirements);
    UPAttributePermissions permissions = new UPAttributePermissions();
    permissions.setEdit(Collections.singleton(UPConfigUtils.ROLE_ADMIN));
    attribute.setPermissions(permissions);
    config.addAttribute(attribute);
    provider.setConfiguration(JsonSerialization.writeValueAsString(config));
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(UserModel.USERNAME, "user");
    // NO fail on common contexts
    UserProfile profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.ACCOUNT, attributes);
    profile.validate();
    profile = provider.create(UserProfileContext.REGISTRATION_PROFILE, attributes);
    profile.validate();
    // fail on User API
    try {
        profile = provider.create(UserProfileContext.USER_API, attributes);
        profile.validate();
        fail("Should fail validation");
    } catch (ValidationException ve) {
        assertTrue(ve.isAttributeOnError(ATT_ADDRESS));
    }
}
Also used : UPAttributePermissions(org.keycloak.userprofile.config.UPAttributePermissions) ComponentValidationException(org.keycloak.component.ComponentValidationException) ValidationException(org.keycloak.userprofile.ValidationException) UserProfile(org.keycloak.userprofile.UserProfile) HashMap(java.util.HashMap) DeclarativeUserProfileProvider(org.keycloak.userprofile.DeclarativeUserProfileProvider) UPConfig(org.keycloak.userprofile.config.UPConfig) ComponentModel(org.keycloak.component.ComponentModel) UPAttributeRequired(org.keycloak.userprofile.config.UPAttributeRequired) UPAttribute(org.keycloak.userprofile.config.UPAttribute)

Example 9 with UPAttributePermissions

use of org.keycloak.userprofile.config.UPAttributePermissions in project keycloak by keycloak.

the class UserProfileTest method testCreateAndUpdateUser.

private static void testCreateAndUpdateUser(KeycloakSession session) throws IOException {
    UserProfileProvider provider = getDynamicUserProfileProvider(session);
    UPConfig config = JsonSerialization.readValue(provider.getConfiguration(), UPConfig.class);
    UPAttribute attribute = new UPAttribute();
    attribute.setName("address");
    UPAttributePermissions permissions = new UPAttributePermissions();
    permissions.setEdit(new HashSet<>(Arrays.asList("admin", "user")));
    attribute.setPermissions(permissions);
    config.addAttribute(attribute);
    attribute = new UPAttribute();
    attribute.setName("business.address");
    permissions = new UPAttributePermissions();
    permissions.setEdit(new HashSet<>(Arrays.asList("admin", "user")));
    attribute.setPermissions(permissions);
    config.addAttribute(attribute);
    provider.setConfiguration(JsonSerialization.writeValueAsString(config));
    Map<String, Object> attributes = new HashMap<>();
    String userName = org.keycloak.models.utils.KeycloakModelUtils.generateId();
    attributes.put(UserModel.USERNAME, userName);
    attributes.put(UserModel.FIRST_NAME, "Joe");
    attributes.put(UserModel.LAST_NAME, "Doe");
    attributes.put("address", "fixed-address");
    UserProfile profile = provider.create(UserProfileContext.ACCOUNT, attributes);
    UserModel user = profile.create();
    assertEquals(userName, user.getUsername());
    assertEquals("fixed-address", user.getFirstAttribute("address"));
    attributes.put(UserModel.FIRST_NAME, "Alice");
    attributes.put(UserModel.LAST_NAME, "In Chains");
    attributes.put(UserModel.EMAIL, "alice@keycloak.org");
    profile = provider.create(UserProfileContext.ACCOUNT, attributes, user);
    Set<String> attributesUpdated = new HashSet<>();
    Map<String, String> attributesUpdatedOldValues = new HashMap<>();
    attributesUpdatedOldValues.put(UserModel.FIRST_NAME, "Joe");
    attributesUpdatedOldValues.put(UserModel.LAST_NAME, "Doe");
    profile.update((attributeName, userModel, oldValue) -> {
        assertTrue(attributesUpdated.add(attributeName));
        assertEquals(attributesUpdatedOldValues.get(attributeName), getSingleValue(oldValue));
        assertEquals(attributes.get(attributeName), userModel.getFirstAttribute(attributeName));
    });
    assertThat(attributesUpdated, containsInAnyOrder(UserModel.FIRST_NAME, UserModel.LAST_NAME, UserModel.EMAIL));
    configureAuthenticationSession(session);
    attributes.put("business.address", "fixed-business-address");
    profile = provider.create(UserProfileContext.ACCOUNT, attributes, user);
    attributesUpdated.clear();
    profile.update((attributeName, userModel, oldValue) -> assertTrue(attributesUpdated.add(attributeName)));
    assertThat(attributesUpdated, containsInAnyOrder("business.address"));
    assertEquals("fixed-business-address", user.getFirstAttribute("business.address"));
}
Also used : UPAttributePermissions(org.keycloak.userprofile.config.UPAttributePermissions) UserProfile(org.keycloak.userprofile.UserProfile) HashMap(java.util.HashMap) DeclarativeUserProfileProvider(org.keycloak.userprofile.DeclarativeUserProfileProvider) UserProfileProvider(org.keycloak.userprofile.UserProfileProvider) UPConfig(org.keycloak.userprofile.config.UPConfig) UserModel(org.keycloak.models.UserModel) UPAttribute(org.keycloak.userprofile.config.UPAttribute) HashSet(java.util.HashSet)

Example 10 with UPAttributePermissions

use of org.keycloak.userprofile.config.UPAttributePermissions in project keycloak by keycloak.

the class UPConfigParserTest method validateConfiguration_attributePermissionsErrors.

public static void validateConfiguration_attributePermissionsErrors(KeycloakSession session) throws IOException {
    UPConfig config = loadValidConfig();
    // we run this test without KeycloakSession so validator configs are not validated here
    UPAttribute attConfig = config.getAttributes().get(1);
    // no permissions configures at all
    attConfig.setPermissions(null);
    List<String> errors = validate(session, config);
    Assert.assertEquals(0, errors.size());
    // no permissions structure fields configured
    UPAttributePermissions permsConfig = new UPAttributePermissions();
    attConfig.setPermissions(permsConfig);
    errors = validate(session, config);
    Assert.assertTrue(errors.isEmpty());
    // valid if both are present, even empty
    permsConfig.setEdit(Collections.emptySet());
    permsConfig.setView(Collections.emptySet());
    attConfig.setPermissions(permsConfig);
    errors = validate(session, config);
    Assert.assertEquals(0, errors.size());
    Set<String> withInvRole = Collections.singleton("invalid");
    // invalid role used for view
    permsConfig.setView(withInvRole);
    errors = validate(session, config);
    Assert.assertEquals(1, errors.size());
    // invalid role used for edit also
    permsConfig.setEdit(withInvRole);
    errors = validate(session, config);
    Assert.assertEquals(2, errors.size());
}
Also used : UPAttributePermissions(org.keycloak.userprofile.config.UPAttributePermissions) UPConfig(org.keycloak.userprofile.config.UPConfig) UPAttribute(org.keycloak.userprofile.config.UPAttribute)

Aggregations

UPAttribute (org.keycloak.userprofile.config.UPAttribute)11 UPAttributePermissions (org.keycloak.userprofile.config.UPAttributePermissions)11 UPConfig (org.keycloak.userprofile.config.UPConfig)11 HashMap (java.util.HashMap)8 ComponentValidationException (org.keycloak.component.ComponentValidationException)8 DeclarativeUserProfileProvider (org.keycloak.userprofile.DeclarativeUserProfileProvider)8 UserProfile (org.keycloak.userprofile.UserProfile)8 UPAttributeRequired (org.keycloak.userprofile.config.UPAttributeRequired)8 ComponentModel (org.keycloak.component.ComponentModel)7 ValidationException (org.keycloak.userprofile.ValidationException)7 UserModel (org.keycloak.models.UserModel)3 RealmModel (org.keycloak.models.RealmModel)2 UserProfileProvider (org.keycloak.userprofile.UserProfileProvider)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1 Collections (java.util.Collections)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Map (java.util.Map)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial