Java Code Examples for org.keycloak.models.UserModel#getRoleMappings()

The following examples show how to use org.keycloak.models.UserModel#getRoleMappings() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RequireRoleAuthenticator.java    From keycloak-extension-playground with Apache License 2.0 6 votes vote down vote up
/**
 * @param realm
 * @param user
 * @param roleName
 * @return true if roleName is in any of all user role mappings including all groups of user
 */
private boolean userHasRole(RealmModel realm, UserModel user, String roleName) {

    if (roleName == null) {
        return false;
    }

    LOG.debugf("Checking if user=%s has role=%s", user.getUsername(), roleName);
    RoleModel requiredRole = getRoleFromString(realm, roleName);

    // First perform cheap role check for direct or composite roles
    Set<RoleModel> directAssignedRoles = user.getRoleMappings();
    if (RoleUtils.hasRole(directAssignedRoles, requiredRole)) {
        return true;
    }

    // Next perform more expensive roles check for group membership role mappings
    Set<RoleModel> nestedAssignedRoles = RoleUtils.getDeepUserRoleMappings(user);
    if (RoleUtils.hasRole(nestedAssignedRoles, requiredRole)) {
        return true;
    }

    LOG.debugf("User does not have the required role. user=%s role=%s assignedRoles=%s", user.getUsername(), requiredRole, nestedAssignedRoles);
    return false;
}
 
Example 2
Source File: CompositeRolesModelTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public static Set<RoleModel> getRequestedRoles(ClientModel application, UserModel user) {

        Set<RoleModel> requestedRoles = new HashSet<>();

        Set<RoleModel> roleMappings = user.getRoleMappings();
        Set<RoleModel> scopeMappings = application.getScopeMappings();
        Set<RoleModel> appRoles = application.getRoles();
        if (appRoles != null) scopeMappings.addAll(appRoles);

        for (RoleModel role : roleMappings) {
            if (role.getContainer().equals(application)) requestedRoles.add(role);
            for (RoleModel desiredRole : scopeMappings) {
                Set<RoleModel> visited = new HashSet<>();
                applyScope(role, desiredRole, visited, requestedRoles);
            }
        }
        return requestedRoles;
    }
 
Example 3
Source File: UserCommands.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private List<String> getRoleMappings(KeycloakSession session, RealmModel realm, UserModel user) {
    Set<RoleModel> roles = user.getRoleMappings();
    List<String> result = new LinkedList<>();
    for (RoleModel role : roles) {
        if (role.getContainer() instanceof RealmModel) {
            result.add(role.getName());
        } else {
            ClientModel client = (ClientModel) role.getContainer();
            result.add(client.getClientId() + "/" + role.getName());
        }
    }
    return result;
}
 
Example 4
Source File: RoleUtils.java    From keycloak with Apache License 2.0 5 votes vote down vote up
/**
 * @param user
 * @return all user role mappings including all groups of user. Composite roles will be expanded
 */
public static Set<RoleModel> getDeepUserRoleMappings(UserModel user) {
    Set<RoleModel> roleMappings = new HashSet<>(user.getRoleMappings());
    for (GroupModel group : user.getGroups()) {
        addGroupRoles(group, roleMappings);
    }

    return expandCompositeRoles(roleMappings);
}