use of org.openremote.model.Constants.MASTER_REALM_ADMIN_USER in project openremote by openremote.
the class KeycloakInitSetup method onStart.
@Override
public void onStart() throws Exception {
super.onStart();
// Configure the master realm
RealmRepresentation masterRealm = masterRealmResource.toRepresentation();
masterRealm.setDisplayName("Master");
// Set SMTP server, theme, timeouts, etc.
keycloakProvider.configureRealm(masterRealm, emailConfig);
masterRealmResource.update(masterRealm);
// Create our client application with its default roles
keycloakProvider.createClientApplication(new ClientRequestInfo(null, accessToken), masterRealm.getRealm());
// Get the client application ID so we can assign roles to users at the client
// level (we can only check realm _or_ client application roles in @RolesAllowed!)
String clientObjectId = getClientObjectId(masterClientsResource);
ClientResource clientResource = masterClientsResource.get(clientObjectId);
RolesResource rolesResource = clientResource.roles();
// Give admin all roles on application client level
RoleRepresentation readRole = rolesResource.get(ClientRole.READ.getValue()).toRepresentation();
RoleRepresentation writeRole = rolesResource.get(ClientRole.WRITE.getValue()).toRepresentation();
masterUsersResource.search(MASTER_REALM_ADMIN_USER, null, null, null, null, null).stream().map(userRepresentation -> masterUsersResource.get(userRepresentation.getId())).forEach(adminUser -> {
adminUser.roles().clientLevel(clientObjectId).add(Arrays.asList(readRole, writeRole));
LOG.info("Assigned all application roles to 'admin' user");
UserRepresentation adminRep = adminUser.toRepresentation();
adminRep.setFirstName("System");
adminRep.setLastName("Administrator");
adminUser.update(adminRep);
});
}
Aggregations