Java Code Examples for org.keycloak.representations.idm.ClientRepresentation#setPublicClient()
The following examples show how to use
org.keycloak.representations.idm.ClientRepresentation#setPublicClient() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: UserTest.java From keycloak with Apache License 2.0 | 7 votes |
|
@Test
public void countUsersNotServiceAccount() {
createUsers();
Integer count = realm.users().count();
assertEquals(9, count.intValue());
ClientRepresentation client = new ClientRepresentation();
client.setClientId("test-client");
client.setPublicClient(false);
client.setSecret("secret");
client.setServiceAccountsEnabled(true);
client.setEnabled(true);
client.setRedirectUris(Arrays.asList("http://url"));
getAdminClient().realm(REALM_NAME).clients().create(client);
// KEYCLOAK-5660, should not consider service accounts
assertEquals(9, realm.users().count().intValue());
}
Example 2
| Source File: PartialImportTest.java From keycloak with Apache License 2.0 | 6 votes |
|
@Before
public void createClientWithServiceAccount() {
ClientRepresentation client = new ClientRepresentation();
client.setClientId(CLIENT_SERVICE_ACCOUNT);
client.setName(CLIENT_SERVICE_ACCOUNT);
client.setRootUrl("http://localhost/foo");
client.setProtocol("openid-connect");
client.setPublicClient(false);
client.setSecret("secret");
client.setServiceAccountsEnabled(true);
try (Response resp = testRealmResource().clients().create(client)) {
String id = ApiUtil.getCreatedId(resp);
UserRepresentation serviceAccountUser = testRealmResource().clients().get(id).getServiceAccountUser();
assertNotNull(serviceAccountUser);
}
}
Example 3
| Source File: AbstractClientTest.java From keycloak with Apache License 2.0 | 6 votes |
|
public static ClientRepresentation createClientRep(String clientId, String protocol) {
ClientRepresentation client = new ClientRepresentation();
client.setClientId(clientId);
client.setEnabled(true);
client.setProtocol(protocol);
client.setDirectAccessGrantsEnabled(true);
client.setFullScopeAllowed(true);
client.setPublicClient(true);
client.setStandardFlowEnabled(true);
if (protocol.equals(SAML)) {
client.setAttributes(getSAMLAttributes());
}
return client;
}
Example 4
| Source File: OpenShiftTokenReviewEndpointTest.java From keycloak with Apache License 2.0 | 6 votes |
|
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
ClientRepresentation client = testRealm.getClients().stream().filter(r -> r.getClientId().equals("test-app")).findFirst().get();
List<ProtocolMapperRepresentation> mappers = new LinkedList<>();
ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
mapper.setName("groups");
mapper.setProtocolMapper(GroupMembershipMapper.PROVIDER_ID);
mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Map<String, String> config = new HashMap<>();
config.put("full.path", "false");
config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "groups");
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
mapper.setConfig(config);
mappers.add(mapper);
client.setProtocolMappers(mappers);
client.setPublicClient(false);
client.setClientAuthenticatorType("testsuite-client-dummy");
testRealm.getUsers().add(UserBuilder.create().username("groups-user").password("password").addGroups("/topGroup", "/topGroup/level2group").build());
}
Example 5
| Source File: AbstractAuthorizationTest.java From keycloak with Apache License 2.0 | 6 votes |
|
protected void enableAuthorizationServices(boolean enable) {
ClientRepresentation resourceServer = getResourceServer();
resourceServer.setAuthorizationServicesEnabled(enable);
resourceServer.setServiceAccountsEnabled(true);
resourceServer.setPublicClient(false);
resourceServer.setSecret("secret");
getClientResource().update(resourceServer);
if (enable) {
AuthorizationResource authorization = getClientResource().authorization();
ResourceServerRepresentation settings = authorization.exportSettings();
settings.setAllowRemoteResourceManagement(true);
authorization.update(settings);
}
}
Example 6
| Source File: HoKTest.java From keycloak with Apache License 2.0 | 6 votes |
|
private void configTestRealmForTokenIntrospection(RealmRepresentation testRealm) {
ClientRepresentation confApp = KeycloakModelUtils.createClient(testRealm, "confidential-cli");
confApp.setSecret("secret1");
confApp.setServiceAccountsEnabled(Boolean.TRUE);
ClientRepresentation pubApp = KeycloakModelUtils.createClient(testRealm, "public-cli");
pubApp.setPublicClient(Boolean.TRUE);
UserRepresentation user = new UserRepresentation();
user.setUsername("no-permissions");
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType("password");
credential.setValue("password");
List<CredentialRepresentation> creds = new ArrayList<>();
creds.add(credential);
user.setCredentials(creds);
user.setEnabled(Boolean.TRUE);
List<String> realmRoles = new ArrayList<>();
realmRoles.add("user");
user.setRealmRoles(realmRoles);
testRealm.getUsers().add(user);
}
Example 7
| Source File: KeycloakTestResource.java From quarkus with Apache License 2.0 | 6 votes |
|
private static ClientRepresentation createClient(String clientId) {
ClientRepresentation client = new ClientRepresentation();
client.setClientId(clientId);
client.setPublicClient(false);
client.setSecret("secret");
client.setDirectAccessGrantsEnabled(true);
client.setEnabled(true);
client.setAuthorizationServicesEnabled(true);
ResourceServerRepresentation authorizationSettings = new ResourceServerRepresentation();
authorizationSettings.setResources(new ArrayList<>());
authorizationSettings.setPolicies(new ArrayList<>());
configurePermissionResourcePermission(authorizationSettings);
configureClaimBasedPermission(authorizationSettings);
configureHttpResponseClaimBasedPermission(authorizationSettings);
configureBodyClaimBasedPermission(authorizationSettings);
configurePaths(authorizationSettings);
client.setAuthorizationSettings(authorizationSettings);
return client;
}
Example 8
| Source File: AbstractClientTest.java From keycloak with Apache License 2.0 | 5 votes |
|
protected String createOidcConfidentialClientWithAuthz(String name) {
ClientRepresentation clientRep = createOidcClientRep(name);
clientRep.setBearerOnly(Boolean.FALSE);
clientRep.setPublicClient(Boolean.FALSE);
clientRep.setAuthorizationServicesEnabled(Boolean.TRUE);
clientRep.setServiceAccountsEnabled(Boolean.TRUE);
String id = createClient(clientRep);
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientResourcePath(id), ResourceType.AUTHORIZATION_RESOURCE_SERVER);
return id;
}
Example 9
| Source File: AbstractAuthorizationSettingsTest.java From keycloak with Apache License 2.0 | 5 votes |
|
private ClientRepresentation createResourceServer() {
ClientRepresentation newClient = createClientRep("oidc-confidetial", OIDC);
createClient(newClient);
newClient.setRedirectUris(TEST_REDIRECT_URIs);
newClient.setAuthorizationServicesEnabled(true);
clientSettingsPage.form().setAccessType(ClientSettingsForm.OidcAccessType.CONFIDENTIAL);
clientSettingsPage.form().setRedirectUris(TEST_REDIRECT_URIs);
clientSettingsPage.form().setAuthorizationSettingsEnabled(true);
clientSettingsPage.form().save();
assertAlertSuccess();
ClientRepresentation found = findClientByClientId(newClient.getClientId());
assertNotNull("Client " + newClient.getClientId() + " was not found.", found);
newClient.setPublicClient(false);
newClient.setServiceAccountsEnabled(true);
assertClientSettingsEqual(newClient, found);
assertTrue(clientSettingsPage.tabs().getTabs().findElement(By.linkText("Authorization")).isDisplayed());
clientSettingsPage.setId(found.getId());
clientSettingsPage.navigateTo();
authorizationPage.setId(found.getId());
clientSettingsPage.tabs().authorization();
assertTrue(authorizationPage.isCurrent());
newClient.setId(found.getId());
return newClient;
}
Example 10
| Source File: RealmSetup.java From keycloak-custom-protocol-mapper-example with Apache License 2.0 | 5 votes |
|
private List<ClientRepresentation> createClients() {
ClientRepresentation client = new ClientRepresentation();
client.setEnabled(true);
// normally you wouldn't do this, but we use the direct grant to be able
// to fetch the token for demo purposes per curl ;-)
client.setDirectAccessGrantsEnabled(true);
client.setId(CLIENT);
client.setName(CLIENT);
client.setPublicClient(Boolean.TRUE);
return Arrays.asList(client);
}
Example 11
| Source File: PartialImportTest.java From keycloak with Apache License 2.0 | 5 votes |
|
private void addClients(boolean withServiceAccounts) throws IOException {
List<ClientRepresentation> clients = new ArrayList<>();
List<UserRepresentation> serviceAccounts = new ArrayList<>();
for (int i = 0; i < NUM_ENTITIES; i++) {
ClientRepresentation client = new ClientRepresentation();
client.setClientId(CLIENT_PREFIX + i);
client.setName(CLIENT_PREFIX + i);
clients.add(client);
if (withServiceAccounts) {
client.setServiceAccountsEnabled(true);
client.setBearerOnly(false);
client.setPublicClient(false);
client.setAuthorizationSettings(resourceServerSampleSettings);
client.setAuthorizationServicesEnabled(true);
// create the user service account
UserRepresentation serviceAccount = new UserRepresentation();
serviceAccount.setUsername(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId());
serviceAccount.setEnabled(true);
serviceAccount.setEmail(serviceAccount.getUsername() + "@placeholder.org");
serviceAccount.setServiceAccountClientId(client.getClientId());
serviceAccounts.add(serviceAccount);
}
}
if (withServiceAccounts) {
if (piRep.getUsers() == null) {
piRep.setUsers(new ArrayList<>());
}
piRep.getUsers().addAll(serviceAccounts);
}
piRep.setClients(clients);
}
Example 12
| Source File: FineGrainAdminUnitTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void testCreateRealmCreateClientWithMaster() throws Exception {
ClientRepresentation rep = new ClientRepresentation();
rep.setName("fullScopedClient");
rep.setClientId("fullScopedClient");
rep.setFullScopeAllowed(true);
rep.setSecret("618268aa-51e6-4e64-93c4-3c0bc65b8171");
rep.setProtocol("openid-connect");
rep.setPublicClient(false);
rep.setEnabled(true);
adminClient.realm("master").clients().create(rep);
RealmRepresentation newRealm=new RealmRepresentation();
newRealm.setRealm("anotherRealm");
newRealm.setId("anotherRealm");
newRealm.setEnabled(true);
adminClient.realms().create(newRealm);
try {
ClientRepresentation newClient = new ClientRepresentation();
newClient.setName("newClient");
newClient.setClientId("newClient");
newClient.setFullScopeAllowed(true);
newClient.setSecret("secret");
newClient.setProtocol("openid-connect");
newClient.setPublicClient(false);
newClient.setEnabled(true);
Response response = adminClient.realm("anotherRealm").clients().create(newClient);
Assert.assertEquals(201, response.getStatus());
} finally {
adminClient.realm("anotherRealm").remove();
}
}
Example 13
| Source File: KeycloakRealmResourceManager.java From quarkus with Apache License 2.0 | 5 votes |
|
private static ClientRepresentation createClient(String clientId) {
ClientRepresentation client = new ClientRepresentation();
client.setClientId(clientId);
client.setPublicClient(false);
client.setSecret("secret");
client.setDirectAccessGrantsEnabled(true);
client.setEnabled(true);
client.setDefaultRoles(new String[] { "role-" + clientId });
if (clientId.startsWith("quarkus-app-webapp")) {
client.setRedirectUris(Arrays.asList("*"));
client.setDefaultClientScopes(Arrays.asList("microprofile-jwt"));
}
return client;
}
Example 14
| Source File: KeycloakTestResource.java From quarkus with Apache License 2.0 | 5 votes |
|
private static ClientRepresentation createClient(String clientId) {
ClientRepresentation client = new ClientRepresentation();
client.setClientId(clientId);
client.setPublicClient(false);
client.setSecret("secret");
client.setDirectAccessGrantsEnabled(true);
client.setEnabled(true);
client.setAuthorizationServicesEnabled(true);
ResourceServerRepresentation authorizationSettings = new ResourceServerRepresentation();
authorizationSettings.setResources(new ArrayList<>());
authorizationSettings.setPolicies(new ArrayList<>());
configurePermissionResourcePermission(authorizationSettings);
configureClaimBasedPermission(authorizationSettings);
configureHttpResponseClaimBasedPermission(authorizationSettings);
configureBodyClaimBasedPermission(authorizationSettings);
configurePaths(authorizationSettings);
configureScopePermission(authorizationSettings);
client.setAuthorizationSettings(authorizationSettings);
return client;
}
Example 15
| Source File: OpenShiftTokenReviewEndpointTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void publicClientNotPermitted() {
ClientRepresentation clientRep = testRealm().clients().findByClientId("test-app").get(0);
clientRep.setPublicClient(true);
testRealm().clients().get(clientRep.getId()).update(clientRep);
try {
new Review().invoke().assertError(401, "Public client is not permitted to invoke token review endpoint");
} finally {
clientRep.setPublicClient(false);
testRealm().clients().get(clientRep.getId()).update(clientRep);
}
}
Example 16
| Source File: TokenIntrospectionTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
ClientRepresentation confApp = KeycloakModelUtils.createClient(testRealm, "confidential-cli");
confApp.setSecret("secret1");
confApp.setServiceAccountsEnabled(Boolean.TRUE);
ClientRepresentation pubApp = KeycloakModelUtils.createClient(testRealm, "public-cli");
pubApp.setPublicClient(Boolean.TRUE);
ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "saml-client");
samlApp.setSecret("secret2");
samlApp.setServiceAccountsEnabled(Boolean.TRUE);
samlApp.setProtocol("saml");
UserRepresentation user = new UserRepresentation();
user.setUsername("no-permissions");
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType("password");
credential.setValue("password");
List<CredentialRepresentation> creds = new ArrayList<>();
creds.add(credential);
user.setCredentials(creds);
user.setEnabled(Boolean.TRUE);
List<String> realmRoles = new ArrayList<>();
realmRoles.add("user");
user.setRealmRoles(realmRoles);
testRealm.getUsers().add(user);
}
Example 17
| Source File: AdapterInstallationConfigTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Before
@Override
public void before() throws Exception {
super.before();
client = new ClientRepresentation();
client.setEnabled(true);
client.setClientId("RegistrationAccessTokenTest");
client.setSecret("RegistrationAccessTokenTestClientSecret");
client.setPublicClient(false);
client.setRegistrationAccessToken("RegistrationAccessTokenTestRegistrationAccessToken");
client.setRootUrl("http://root");
client = createClient(client);
client.setSecret("RegistrationAccessTokenTestClientSecret");
getCleanup().addClientUuid(client.getId());
client2 = new ClientRepresentation();
client2.setEnabled(true);
client2.setClientId("RegistrationAccessTokenTest2");
client2.setSecret("RegistrationAccessTokenTestClientSecret");
client2.setPublicClient(false);
client2.setRegistrationAccessToken("RegistrationAccessTokenTestRegistrationAccessToken");
client2.setRootUrl("http://root");
client2 = createClient(client2);
getCleanup().addClientUuid(client2.getId());
clientPublic = new ClientRepresentation();
clientPublic.setEnabled(true);
clientPublic.setClientId("RegistrationAccessTokenTestPublic");
clientPublic.setPublicClient(true);
clientPublic.setRegistrationAccessToken("RegistrationAccessTokenTestRegistrationAccessTokenPublic");
clientPublic.setRootUrl("http://root");
clientPublic = createClient(clientPublic);
getCleanup().addClientUuid(clientPublic.getId());
}
Example 18
| Source File: KeycloakRealmResourceManager.java From quarkus with Apache License 2.0 | 5 votes |
|
private static ClientRepresentation createClient(String clientId) {
ClientRepresentation client = new ClientRepresentation();
client.setClientId(clientId);
client.setPublicClient(false);
client.setSecret("secret");
client.setDirectAccessGrantsEnabled(true);
client.setEnabled(true);
return client;
}
Example 19
| Source File: AbstractClientTest.java From keycloak with Apache License 2.0 | 4 votes |
|
protected String createOidcBearerOnlyClient(String name) {
ClientRepresentation clientRep = createOidcClientRep(name);
clientRep.setBearerOnly(Boolean.TRUE);
clientRep.setPublicClient(Boolean.FALSE);
return createClient(clientRep);
}
Example 20
| Source File: FineGrainAdminUnitTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
public void testCreateRealmCreateClient() throws Exception {
ClientRepresentation rep = new ClientRepresentation();
rep.setName("fullScopedClient");
rep.setClientId("fullScopedClient");
rep.setFullScopeAllowed(true);
rep.setSecret("618268aa-51e6-4e64-93c4-3c0bc65b8171");
rep.setProtocol("openid-connect");
rep.setPublicClient(false);
rep.setEnabled(true);
adminClient.realm("master").clients().create(rep);
Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(),
"master", "admin", "admin", "fullScopedClient", "618268aa-51e6-4e64-93c4-3c0bc65b8171");
try {
RealmRepresentation newRealm=new RealmRepresentation();
newRealm.setRealm("anotherRealm");
newRealm.setId("anotherRealm");
newRealm.setEnabled(true);
realmClient.realms().create(newRealm);
ClientRepresentation newClient = new ClientRepresentation();
newClient.setName("newClient");
newClient.setClientId("newClient");
newClient.setFullScopeAllowed(true);
newClient.setSecret("secret");
newClient.setProtocol("openid-connect");
newClient.setPublicClient(false);
newClient.setEnabled(true);
Response response = realmClient.realm("anotherRealm").clients().create(newClient);
Assert.assertEquals(403, response.getStatus());
realmClient.close();
realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(),
"master", "admin", "admin", "fullScopedClient", "618268aa-51e6-4e64-93c4-3c0bc65b8171");
response = realmClient.realm("anotherRealm").clients().create(newClient);
Assert.assertEquals(201, response.getStatus());
} finally {
adminClient.realm("anotherRealm").remove();
realmClient.close();
}
}
