Search in sources :

Example 1 with ClientRequestInfo

use of org.openremote.container.web.ClientRequestInfo in project openremote by openremote.

the class UserResourceImpl method isIllegalMasterAdminUserDeletion.

protected ConstraintViolationReport isIllegalMasterAdminUserDeletion(RequestParams requestParams, String realm, String userId) {
    if (!realm.equals(MASTER_REALM))
        return null;
    if (!identityService.getIdentityProvider().isMasterRealmAdmin(new ClientRequestInfo(getClientRemoteAddress(), requestParams.getBearerAuth()), userId))
        return null;
    ResourceBundle validationMessages = getContainer().getService(I18NService.class).getValidationMessages();
    List<ConstraintViolation> violations = new ArrayList<>();
    ConstraintViolation violation = new ConstraintViolation();
    violation.setConstraintType(ConstraintViolation.Type.PARAMETER);
    violation.setMessage(validationMessages.getString("User.masterAdminDeleted"));
    violations.add(violation);
    ConstraintViolationReport report = new ConstraintViolationReport();
    report.setParameterViolations(violations.toArray(new ConstraintViolation[violations.size()]));
    return report;
}
Also used : I18NService(org.openremote.manager.i18n.I18NService) ConstraintViolationReport(org.openremote.model.http.ConstraintViolationReport) ConstraintViolation(org.openremote.model.http.ConstraintViolation) ArrayList(java.util.ArrayList) ClientRequestInfo(org.openremote.container.web.ClientRequestInfo) ResourceBundle(java.util.ResourceBundle)

Example 2 with ClientRequestInfo

use of org.openremote.container.web.ClientRequestInfo in project openremote by openremote.

the class UserResourceImpl method isIllegalMasterAdminUserMutation.

protected ConstraintViolationReport isIllegalMasterAdminUserMutation(RequestParams requestParams, String realm, User user) {
    if (!realm.equals(MASTER_REALM))
        return null;
    if (!identityService.getIdentityProvider().isMasterRealmAdmin(new ClientRequestInfo(getClientRemoteAddress(), requestParams.getBearerAuth()), user.getId()))
        return null;
    ResourceBundle validationMessages = getContainer().getService(I18NService.class).getValidationMessages();
    List<ConstraintViolation> violations = new ArrayList<>();
    if (user.getEnabled() == null || !user.getEnabled()) {
        ConstraintViolation violation = new ConstraintViolation();
        violation.setConstraintType(ConstraintViolation.Type.PARAMETER);
        violation.setPath("User.enabled");
        violation.setMessage(validationMessages.getString("User.masterAdminDisabled"));
        violations.add(violation);
    }
    if (violations.size() > 0) {
        ConstraintViolationReport report = new ConstraintViolationReport();
        report.setParameterViolations(violations.toArray(new ConstraintViolation[violations.size()]));
        return report;
    }
    return null;
}
Also used : I18NService(org.openremote.manager.i18n.I18NService) ConstraintViolationReport(org.openremote.model.http.ConstraintViolationReport) ConstraintViolation(org.openremote.model.http.ConstraintViolation) ArrayList(java.util.ArrayList) ClientRequestInfo(org.openremote.container.web.ClientRequestInfo) ResourceBundle(java.util.ResourceBundle)

Example 3 with ClientRequestInfo

use of org.openremote.container.web.ClientRequestInfo in project openremote by openremote.

the class KeycloakDemoSetup method onStart.

@Override
public void onStart() throws Exception {
    super.onStart();
    // Tenants
    masterTenant = identityService.getIdentityProvider().getTenantForRealm(Constants.MASTER_REALM);
    Tenant customerA = new Tenant();
    customerA.setRealm("customerA");
    customerA.setDisplayName("Customer A");
    customerA.setEnabled(true);
    keycloakProvider.createTenant(new ClientRequestInfo(null, accessToken), customerA, emailConfig);
    customerATenant = keycloakProvider.getTenantForRealm(customerA.getRealm());
    Tenant customerB = new Tenant();
    customerB.setRealm("customerB");
    customerB.setDisplayName("Customer B");
    customerB.setEnabled(true);
    keycloakProvider.createTenant(new ClientRequestInfo(null, accessToken), customerB, emailConfig);
    customerBTenant = keycloakProvider.getTenantForRealm(customerB.getRealm());
    // Users
    String masterClientObjectId = getClientObjectId(masterClientsResource);
    RolesResource masterRolesResource = masterClientsResource.get(masterClientObjectId).roles();
    UserRepresentation testuser1 = new UserRepresentation();
    testuser1.setUsername("testuser1");
    testuser1.setFirstName("Testuserfirst");
    testuser1.setLastName("Testuserlast");
    testuser1.setEnabled(true);
    masterUsersResource.create(testuser1);
    testuser1 = masterUsersResource.search("testuser1", null, null, null, null, null).get(0);
    this.testuser1Id = testuser1.getId();
    CredentialRepresentation testuser1Credentials = new CredentialRepresentation();
    testuser1Credentials.setType("password");
    testuser1Credentials.setValue("testuser1");
    testuser1Credentials.setTemporary(false);
    masterUsersResource.get(testuser1.getId()).resetPassword(testuser1Credentials);
    masterUsersResource.get(testuser1.getId()).roles().clientLevel(masterClientObjectId).add(Arrays.asList(masterRolesResource.get(ClientRole.WRITE_USER.getValue()).toRepresentation(), masterRolesResource.get(ClientRole.READ_MAP.getValue()).toRepresentation(), masterRolesResource.get(ClientRole.READ_ASSETS.getValue()).toRepresentation(), masterRolesResource.get(ClientRole.READ_RULES.getValue()).toRepresentation(), masterRolesResource.get(ClientRole.WRITE_ASSETS.getValue()).toRepresentation(), masterRolesResource.get(ClientRole.WRITE_RULES.getValue()).toRepresentation()));
    LOG.info("Added demo user '" + testuser1.getUsername() + "' with password '" + testuser1Credentials.getValue() + "'");
    UsersResource customerAUsersResource = keycloakProvider.getRealms(accessToken).realm("customerA").users();
    ClientsResource customerAClientsResource = keycloakProvider.getRealms(accessToken).realm("customerA").clients();
    String customerAClientObjectId = getClientObjectId(customerAClientsResource);
    RolesResource customerARolesResource = customerAClientsResource.get(customerAClientObjectId).roles();
    UserRepresentation testuser2 = new UserRepresentation();
    testuser2.setUsername("testuser2");
    testuser2.setFirstName("Testuserfirst");
    testuser2.setLastName("Testuserlast");
    testuser2.setEnabled(true);
    customerAUsersResource.create(testuser2);
    testuser2 = customerAUsersResource.search("testuser2", null, null, null, null, null).get(0);
    this.testuser2Id = testuser2.getId();
    CredentialRepresentation testuser2Credentials = new CredentialRepresentation();
    testuser2Credentials.setType("password");
    testuser2Credentials.setValue("testuser2");
    testuser2Credentials.setTemporary(false);
    customerAUsersResource.get(testuser2.getId()).resetPassword(testuser2Credentials);
    customerAUsersResource.get(testuser2.getId()).roles().clientLevel(customerAClientObjectId).add(Arrays.asList(customerARolesResource.get(ClientRole.WRITE_USER.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.READ_MAP.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.READ_ASSETS.getValue()).toRepresentation()));
    LOG.info("Added demo user '" + testuser2.getUsername() + "' with password '" + testuser2Credentials.getValue() + "'");
    UserRepresentation testuser3 = new UserRepresentation();
    testuser3.setUsername("testuser3");
    testuser3.setFirstName("Testuserfirst");
    testuser3.setLastName("Testuserlast");
    testuser3.setEnabled(true);
    customerAUsersResource.create(testuser3);
    testuser3 = customerAUsersResource.search("testuser3", null, null, null, null, null).get(0);
    this.testuser3Id = testuser3.getId();
    CredentialRepresentation testuser3Credentials = new CredentialRepresentation();
    testuser3Credentials.setType("password");
    testuser3Credentials.setValue("testuser3");
    testuser3Credentials.setTemporary(false);
    customerAUsersResource.get(testuser3.getId()).resetPassword(testuser3Credentials);
    customerAUsersResource.get(testuser3.getId()).roles().clientLevel(customerAClientObjectId).add(Arrays.asList(customerARolesResource.get(ClientRole.WRITE_USER.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.READ_MAP.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.READ_ASSETS.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.WRITE_RULES.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.WRITE_ASSETS.getValue()).toRepresentation(), customerARolesResource.get(ClientRole.READ_RULES.getValue()).toRepresentation()));
    LOG.info("Added demo user '" + testuser3.getUsername() + "' with password '" + testuser3Credentials.getValue() + "'");
}
Also used : CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) Tenant(org.openremote.model.security.Tenant) UsersResource(org.keycloak.admin.client.resource.UsersResource) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ClientRequestInfo(org.openremote.container.web.ClientRequestInfo) RolesResource(org.keycloak.admin.client.resource.RolesResource) UserRepresentation(org.keycloak.representations.idm.UserRepresentation)

Example 4 with ClientRequestInfo

use of org.openremote.container.web.ClientRequestInfo in project openremote by openremote.

the class KeycloakInitSetup method onStart.

@Override
public void onStart() throws Exception {
    super.onStart();
    // Configure the master realm
    RealmRepresentation masterRealm = masterRealmResource.toRepresentation();
    masterRealm.setDisplayName("Master");
    // Set SMTP server, theme, timeouts, etc.
    keycloakProvider.configureRealm(masterRealm, emailConfig);
    masterRealmResource.update(masterRealm);
    // Create our client application with its default roles
    keycloakProvider.createClientApplication(new ClientRequestInfo(null, accessToken), masterRealm.getRealm());
    // Get the client application ID so we can assign roles to users at the client
    // level (we can only check realm _or_ client application roles in @RolesAllowed!)
    String clientObjectId = getClientObjectId(masterClientsResource);
    ClientResource clientResource = masterClientsResource.get(clientObjectId);
    RolesResource rolesResource = clientResource.roles();
    // Give admin all roles on application client level
    RoleRepresentation readRole = rolesResource.get(ClientRole.READ.getValue()).toRepresentation();
    RoleRepresentation writeRole = rolesResource.get(ClientRole.WRITE.getValue()).toRepresentation();
    masterUsersResource.search(MASTER_REALM_ADMIN_USER, null, null, null, null, null).stream().map(userRepresentation -> masterUsersResource.get(userRepresentation.getId())).forEach(adminUser -> {
        adminUser.roles().clientLevel(clientObjectId).add(Arrays.asList(readRole, writeRole));
        LOG.info("Assigned all application roles to 'admin' user");
        UserRepresentation adminRep = adminUser.toRepresentation();
        adminRep.setFirstName("System");
        adminRep.setLastName("Administrator");
        adminUser.update(adminRep);
    });
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) Container(org.openremote.container.Container) ClientRequestInfo(org.openremote.container.web.ClientRequestInfo) Arrays(java.util.Arrays) MASTER_REALM_ADMIN_USER(org.openremote.model.Constants.MASTER_REALM_ADMIN_USER) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) ClientRole(org.openremote.model.security.ClientRole) AbstractKeycloakSetup(org.openremote.manager.setup.AbstractKeycloakSetup) RolesResource(org.keycloak.admin.client.resource.RolesResource) Logger(java.util.logging.Logger) ClientResource(org.keycloak.admin.client.resource.ClientResource) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientRequestInfo(org.openremote.container.web.ClientRequestInfo) ClientResource(org.keycloak.admin.client.resource.ClientResource) RolesResource(org.keycloak.admin.client.resource.RolesResource) UserRepresentation(org.keycloak.representations.idm.UserRepresentation)

Aggregations

ClientRequestInfo (org.openremote.container.web.ClientRequestInfo)4 ArrayList (java.util.ArrayList)2 ResourceBundle (java.util.ResourceBundle)2 RolesResource (org.keycloak.admin.client.resource.RolesResource)2 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)2 I18NService (org.openremote.manager.i18n.I18NService)2 ConstraintViolation (org.openremote.model.http.ConstraintViolation)2 ConstraintViolationReport (org.openremote.model.http.ConstraintViolationReport)2 Arrays (java.util.Arrays)1 Logger (java.util.logging.Logger)1 ClientResource (org.keycloak.admin.client.resource.ClientResource)1 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)1 UsersResource (org.keycloak.admin.client.resource.UsersResource)1 CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)1 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)1 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)1 Container (org.openremote.container.Container)1 AbstractKeycloakSetup (org.openremote.manager.setup.AbstractKeycloakSetup)1 MASTER_REALM_ADMIN_USER (org.openremote.model.Constants.MASTER_REALM_ADMIN_USER)1 ClientRole (org.openremote.model.security.ClientRole)1