Java Code Examples for org.keycloak.representations.idm.UserRepresentation#setClientRoles()

The following examples show how to use org.keycloak.representations.idm.UserRepresentation#setClientRoles() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: LoginTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
    UserRepresentation user = UserBuilder.create()
                                         .id("login-test")
                                         .username("login-test")
                                         .email("login@test.com")
                                         .enabled(true)
                                         .password("password")
                                         .build();
    userId = user.getId();

    UserRepresentation user2 = UserBuilder.create()
                                          .id("login-test2")
                                          .username("login-test2")
                                          .email("login2@test.com")
                                          .enabled(true)
                                          .password("password")
                                          .build();
    user2Id = user2.getId();

    UserRepresentation admin = UserBuilder.create()
            .username("admin")
            .password("admin")
            .enabled(true)
            .build();
    HashMap<String, List<String>> clientRoles = new HashMap<>();
    clientRoles.put("realm-management", Arrays.asList("realm-admin"));
    admin.setClientRoles(clientRoles);

    RealmBuilder.edit(testRealm)
                .user(user)
                .user(user2)
                .user(admin);
}
 
Example 2
Source File: AbstractAdmCliTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
void addServiceAccount(RealmRepresentation realm, String clientId) {

        UserRepresentation account = UserBuilder.create()
                .username("service-account-" + clientId)
                .enabled(true)
                .serviceAccountId(clientId)
                .build();

        HashMap<String, List<String>> clientRoles = new HashMap<>();
        clientRoles.put("realm-management", Arrays.asList("realm-admin"));

        account.setClientRoles(clientRoles);

        realm.getUsers().add(account);
    }
 
Example 3
Source File: AbstractRegCliTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
void addServiceAccount(RealmRepresentation realm, String clientId) {

        UserRepresentation account = UserBuilder.create()
                .username("service-account-" + clientId)
                .enabled(true)
                .serviceAccountId(clientId)
                .build();

        HashMap<String, List<String>> clientRoles = new HashMap<>();
        clientRoles.put("realm-management", Arrays.asList("manage-clients"));

        account.setClientRoles(clientRoles);

        realm.getUsers().add(account);
    }
 
Example 4
Source File: AbstractClientRegistrationTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    RealmRepresentation rep = new RealmRepresentation();
    rep.setEnabled(true);
    rep.setId(REALM_NAME);
    rep.setRealm(REALM_NAME);
    rep.setUsers(new LinkedList<UserRepresentation>());

    LinkedList<CredentialRepresentation> credentials = new LinkedList<>();
    CredentialRepresentation password = new CredentialRepresentation();
    password.setType(CredentialRepresentation.PASSWORD);
    password.setValue("password");
    credentials.add(password);

    UserRepresentation user = new UserRepresentation();
    user.setEnabled(true);
    user.setUsername("manage-clients");
    user.setCredentials(credentials);
    user.setClientRoles(Collections.singletonMap(Constants.REALM_MANAGEMENT_CLIENT_ID, Collections.singletonList(AdminRoles.MANAGE_CLIENTS)));

    rep.getUsers().add(user);

    UserRepresentation user2 = new UserRepresentation();
    user2.setEnabled(true);
    user2.setUsername("create-clients");
    user2.setCredentials(credentials);
    user2.setClientRoles(Collections.singletonMap(Constants.REALM_MANAGEMENT_CLIENT_ID, Collections.singletonList(AdminRoles.CREATE_CLIENT)));

    rep.getUsers().add(user2);

    UserRepresentation user3 = new UserRepresentation();
    user3.setEnabled(true);
    user3.setUsername("no-access");
    user3.setCredentials(credentials);

    rep.getUsers().add(user3);

    UserRepresentation appUser = new UserRepresentation();
    appUser.setEnabled(true);
    appUser.setUsername("test-user");
    appUser.setEmail("test-user@localhost");
    appUser.setCredentials(credentials);

    rep.getUsers().add(appUser);

    testRealms.add(rep);
}
 
Example 5
Source File: AbstractAdmCliTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {

    RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
    testRealms.add(realmRepresentation);

    // create admin user account with permissions to manage clients
    UserRepresentation admin = UserBuilder.create()
            .username("user1")
            .password("userpass")
            .enabled(true)
            .build();
    HashMap<String, List<String>> clientRoles = new HashMap<>();
    clientRoles.put("realm-management", Arrays.asList("realm-admin"));
    admin.setClientRoles(clientRoles);
    realmRepresentation.getUsers().add(admin);



    // create client with service account to use Signed JWT credentials with
    ClientRepresentation regClient = ClientBuilder.create()
            .clientId("admin-cli-jwt")
            .attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFXUhpRTTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdyZWctY2xpMB4XDTE2MDkyMjEzMzIxOFoXDTI2MDkyMjEzMzM1OFowEjEQMA4GA1UEAwwHcmVnLWNsaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZn/0Bk1M9oKcTHxzn2cGvBWwO1m6OVLQ8LSVwNIf4ixfGkVIkhI5iEGYND+uD8ame54ZPClTVxMra3JldClLIG+L+ymnbT2vKIhEsVvCROs9PnYxbFALt1dXneLIio2uzF+d7/zQWlmeaWfNunSJT1aHNJDkGgDeUuQa25b0IMqsFjsN8Dg4ATkA97r3wKn4Tp3SE7sTM/B2pmra4atNxGeShVrgihqUiQ/PwDiDGwry64AsexkZnQsCR3bJWBAVUiHef3JWzTfWWN5bfCBG6Mnq1xw7YN+YpV1nR3CGmcKJuLe6aTe7Ps8hYejYiQA7Mp7ZQsoImsVFV5HDOlb0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZl8XvLfKXTPYvq/QyHOg7EDlAdlV3HkmHP9SBAV4BccmHmorMkm5I6I21UA5mfju+0nhbEd0bm0kvJFxIfNU6lJyyVvQx3Gns37KYUOzIV/ocWZuOTBLp5tfIBYbBwfE/s1J4PhpA/3WhBY9JKiLvdJfxECGIgaLs2M0UsylW/7o04+18Od8j/m7crQc7fpe5gJB5m/+hxUDowIjG5CumffX9OHYGDvHBpaUl7QNSGgjP8Bn9ogmIMUBJ7XSYUcohKuk2Cnj6p+GlLuqHbOISUXLVjf0DxhCu6diVxvacKbgAZmyCIO1tGL/UVRxg9GOYdCiC9vHfPuZ8US+ZB0P9g==")
            .authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
            .serviceAccount()
            .build();

    realmRepresentation.getClients().add(regClient);

    // create service account for client reg-cli with permissions to manage clients
    addServiceAccount(realmRepresentation, "admin-cli-jwt");



    // create client to use with user account - enable direct grants
    regClient = ClientBuilder.create()
            .clientId("admin-cli-jwt-direct")
            .attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFXUhpRTTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdyZWctY2xpMB4XDTE2MDkyMjEzMzIxOFoXDTI2MDkyMjEzMzM1OFowEjEQMA4GA1UEAwwHcmVnLWNsaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZn/0Bk1M9oKcTHxzn2cGvBWwO1m6OVLQ8LSVwNIf4ixfGkVIkhI5iEGYND+uD8ame54ZPClTVxMra3JldClLIG+L+ymnbT2vKIhEsVvCROs9PnYxbFALt1dXneLIio2uzF+d7/zQWlmeaWfNunSJT1aHNJDkGgDeUuQa25b0IMqsFjsN8Dg4ATkA97r3wKn4Tp3SE7sTM/B2pmra4atNxGeShVrgihqUiQ/PwDiDGwry64AsexkZnQsCR3bJWBAVUiHef3JWzTfWWN5bfCBG6Mnq1xw7YN+YpV1nR3CGmcKJuLe6aTe7Ps8hYejYiQA7Mp7ZQsoImsVFV5HDOlb0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZl8XvLfKXTPYvq/QyHOg7EDlAdlV3HkmHP9SBAV4BccmHmorMkm5I6I21UA5mfju+0nhbEd0bm0kvJFxIfNU6lJyyVvQx3Gns37KYUOzIV/ocWZuOTBLp5tfIBYbBwfE/s1J4PhpA/3WhBY9JKiLvdJfxECGIgaLs2M0UsylW/7o04+18Od8j/m7crQc7fpe5gJB5m/+hxUDowIjG5CumffX9OHYGDvHBpaUl7QNSGgjP8Bn9ogmIMUBJ7XSYUcohKuk2Cnj6p+GlLuqHbOISUXLVjf0DxhCu6diVxvacKbgAZmyCIO1tGL/UVRxg9GOYdCiC9vHfPuZ8US+ZB0P9g==")
            .authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
            .directAccessGrants()
            .build();

    realmRepresentation.getClients().add(regClient);




    // create client with service account to use client secret with
    regClient = ClientBuilder.create()
            .clientId("admin-cli-secret")
            .secret("password")
            .authenticatorType(ClientIdAndSecretAuthenticator.PROVIDER_ID)
            .serviceAccount()
            .build();

    realmRepresentation.getClients().add(regClient);

    // create service account for client reg-cli with permissions to manage clients
    addServiceAccount(realmRepresentation, "admin-cli-secret");




    // create client to use with user account - enable direct grants
    regClient = ClientBuilder.create()
            .clientId("admin-cli-secret-direct")
            .secret("password")
            .authenticatorType(ClientIdAndSecretAuthenticator.PROVIDER_ID)
            .directAccessGrants()
            .build();

    realmRepresentation.getClients().add(regClient);

}
 
Example 6
Source File: AbstractRegCliTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
    testRealms.add(realmRepresentation);

    // create admin user account with permissions to manage clients
    UserRepresentation admin = UserBuilder.create()
            .username("user1")
            .password("userpass")
            .enabled(true)
            .build();
    HashMap<String, List<String>> clientRoles = new HashMap<>();
    clientRoles.put("realm-management", Arrays.asList("manage-clients"));
    admin.setClientRoles(clientRoles);
    realmRepresentation.getUsers().add(admin);



    // create client with service account to use Signed JWT credentials with
    ClientRepresentation regClient = ClientBuilder.create()
            .clientId("reg-cli-jwt")
            .attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFXUhpRTTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdyZWctY2xpMB4XDTE2MDkyMjEzMzIxOFoXDTI2MDkyMjEzMzM1OFowEjEQMA4GA1UEAwwHcmVnLWNsaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZn/0Bk1M9oKcTHxzn2cGvBWwO1m6OVLQ8LSVwNIf4ixfGkVIkhI5iEGYND+uD8ame54ZPClTVxMra3JldClLIG+L+ymnbT2vKIhEsVvCROs9PnYxbFALt1dXneLIio2uzF+d7/zQWlmeaWfNunSJT1aHNJDkGgDeUuQa25b0IMqsFjsN8Dg4ATkA97r3wKn4Tp3SE7sTM/B2pmra4atNxGeShVrgihqUiQ/PwDiDGwry64AsexkZnQsCR3bJWBAVUiHef3JWzTfWWN5bfCBG6Mnq1xw7YN+YpV1nR3CGmcKJuLe6aTe7Ps8hYejYiQA7Mp7ZQsoImsVFV5HDOlb0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZl8XvLfKXTPYvq/QyHOg7EDlAdlV3HkmHP9SBAV4BccmHmorMkm5I6I21UA5mfju+0nhbEd0bm0kvJFxIfNU6lJyyVvQx3Gns37KYUOzIV/ocWZuOTBLp5tfIBYbBwfE/s1J4PhpA/3WhBY9JKiLvdJfxECGIgaLs2M0UsylW/7o04+18Od8j/m7crQc7fpe5gJB5m/+hxUDowIjG5CumffX9OHYGDvHBpaUl7QNSGgjP8Bn9ogmIMUBJ7XSYUcohKuk2Cnj6p+GlLuqHbOISUXLVjf0DxhCu6diVxvacKbgAZmyCIO1tGL/UVRxg9GOYdCiC9vHfPuZ8US+ZB0P9g==")
            .authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
            .serviceAccount()
            .build();

    realmRepresentation.getClients().add(regClient);

    // create service account for client reg-cli with permissions to manage clients
    addServiceAccount(realmRepresentation, "reg-cli-jwt");



    // create client to use with user account - enable direct grants
    regClient = ClientBuilder.create()
            .clientId("reg-cli-jwt-direct")
            .attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFXUhpRTTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdyZWctY2xpMB4XDTE2MDkyMjEzMzIxOFoXDTI2MDkyMjEzMzM1OFowEjEQMA4GA1UEAwwHcmVnLWNsaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZn/0Bk1M9oKcTHxzn2cGvBWwO1m6OVLQ8LSVwNIf4ixfGkVIkhI5iEGYND+uD8ame54ZPClTVxMra3JldClLIG+L+ymnbT2vKIhEsVvCROs9PnYxbFALt1dXneLIio2uzF+d7/zQWlmeaWfNunSJT1aHNJDkGgDeUuQa25b0IMqsFjsN8Dg4ATkA97r3wKn4Tp3SE7sTM/B2pmra4atNxGeShVrgihqUiQ/PwDiDGwry64AsexkZnQsCR3bJWBAVUiHef3JWzTfWWN5bfCBG6Mnq1xw7YN+YpV1nR3CGmcKJuLe6aTe7Ps8hYejYiQA7Mp7ZQsoImsVFV5HDOlb0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZl8XvLfKXTPYvq/QyHOg7EDlAdlV3HkmHP9SBAV4BccmHmorMkm5I6I21UA5mfju+0nhbEd0bm0kvJFxIfNU6lJyyVvQx3Gns37KYUOzIV/ocWZuOTBLp5tfIBYbBwfE/s1J4PhpA/3WhBY9JKiLvdJfxECGIgaLs2M0UsylW/7o04+18Od8j/m7crQc7fpe5gJB5m/+hxUDowIjG5CumffX9OHYGDvHBpaUl7QNSGgjP8Bn9ogmIMUBJ7XSYUcohKuk2Cnj6p+GlLuqHbOISUXLVjf0DxhCu6diVxvacKbgAZmyCIO1tGL/UVRxg9GOYdCiC9vHfPuZ8US+ZB0P9g==")
            .authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
            .directAccessGrants()
            .build();

    realmRepresentation.getClients().add(regClient);




    // create client with service account to use client secret with
    regClient = ClientBuilder.create()
            .clientId("reg-cli-secret")
            .secret("password")
            .authenticatorType(ClientIdAndSecretAuthenticator.PROVIDER_ID)
            .serviceAccount()
            .build();

    realmRepresentation.getClients().add(regClient);

    // create service account for client reg-cli with permissions to manage clients
    addServiceAccount(realmRepresentation, "reg-cli-secret");




    // create client to use with user account - enable direct grants
    regClient = ClientBuilder.create()
            .clientId("reg-cli-secret-direct")
            .secret("password")
            .authenticatorType(ClientIdAndSecretAuthenticator.PROVIDER_ID)
            .directAccessGrants()
            .build();

    realmRepresentation.getClients().add(regClient);
}
 
Example 7
Source File: ExportUtils.java    From keycloak with Apache License 2.0 4 votes vote down vote up
/**
 * Full export of user data stored in federated storage (including role mappings and credentials)
 *
 * @param id
 * @return fully exported user representation
 */
public static UserRepresentation exportFederatedUser(KeycloakSession session, RealmModel realm, String id, ExportOptions options) {
    UserRepresentation userRep = new UserRepresentation();
    userRep.setId(id);
    MultivaluedHashMap<String, String> attributes = session.userFederatedStorage().getAttributes(realm, id);
    if (attributes.size() > 0) {
        Map<String, List<String>> attrs = new HashMap<>();
        attrs.putAll(attributes);
        userRep.setAttributes(attrs);
    }

    Set<String> requiredActions = session.userFederatedStorage().getRequiredActions(realm, id);
    if (requiredActions.size() > 0) {
        List<String> actions = new LinkedList<>();
        actions.addAll(requiredActions);
        userRep.setRequiredActions(actions);
    }


    // Social links
    Set<FederatedIdentityModel> socialLinks = session.userFederatedStorage().getFederatedIdentities(id, realm);
    List<FederatedIdentityRepresentation> socialLinkReps = new ArrayList<>();
    for (FederatedIdentityModel socialLink : socialLinks) {
        FederatedIdentityRepresentation socialLinkRep = exportSocialLink(socialLink);
        socialLinkReps.add(socialLinkRep);
    }
    if (socialLinkReps.size() > 0) {
        userRep.setFederatedIdentities(socialLinkReps);
    }

    // Role mappings
    if (options.isGroupsAndRolesIncluded()) {
        Set<RoleModel> roles = session.userFederatedStorage().getRoleMappings(realm, id);
        List<String> realmRoleNames = new ArrayList<>();
        Map<String, List<String>> clientRoleNames = new HashMap<>();
        for (RoleModel role : roles) {
            if (role.getContainer() instanceof RealmModel) {
                realmRoleNames.add(role.getName());
            } else {
                ClientModel client = (ClientModel) role.getContainer();
                String clientId = client.getClientId();
                List<String> currentClientRoles = clientRoleNames.get(clientId);
                if (currentClientRoles == null) {
                    currentClientRoles = new ArrayList<>();
                    clientRoleNames.put(clientId, currentClientRoles);
                }

                currentClientRoles.add(role.getName());
            }
        }

        if (realmRoleNames.size() > 0) {
            userRep.setRealmRoles(realmRoleNames);
        }
        if (clientRoleNames.size() > 0) {
            userRep.setClientRoles(clientRoleNames);
        }
    }

    // Credentials
    List<CredentialModel> creds = session.userFederatedStorage().getStoredCredentials(realm, id);
    List<CredentialRepresentation> credReps = new ArrayList<>();
    for (CredentialModel cred : creds) {
        CredentialRepresentation credRep = exportCredential(cred);
        credReps.add(credRep);
    }
    userRep.setCredentials(credReps);

    // Grants
    List<UserConsentModel> consents = session.users().getConsents(realm, id);
    LinkedList<UserConsentRepresentation> consentReps = new LinkedList<>();
    for (UserConsentModel consent : consents) {
        UserConsentRepresentation consentRep = ModelToRepresentation.toRepresentation(consent);
        consentReps.add(consentRep);
    }
    if (consentReps.size() > 0) {
        userRep.setClientConsents(consentReps);
    }

    // Not Before
    int notBefore = session.userFederatedStorage().getNotBeforeOfUser(realm, userRep.getId());
    userRep.setNotBefore(notBefore);

    if (options.isGroupsAndRolesIncluded()) {
        List<String> groups = new LinkedList<>();
        for (GroupModel group : session.userFederatedStorage().getGroups(realm, id)) {
            groups.add(ModelToRepresentation.buildGroupPath(group));
        }
        userRep.setGroups(groups);
    }
    return userRep;
}