Java Code Examples for org.keycloak.models.RealmModel#addRole()
The following examples show how to use
org.keycloak.models.RealmModel#addRole() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RepresentationToModel.java From keycloak with Apache License 2.0 | 6 votes |
public static void createRoleMappings(UserRepresentation userRep, UserModel user, RealmModel realm) { if (userRep.getRealmRoles() != null) { for (String roleString : userRep.getRealmRoles()) { RoleModel role = realm.getRole(roleString.trim()); if (role == null) { role = realm.addRole(roleString.trim()); } user.grantRole(role); } } if (userRep.getClientRoles() != null) { for (Map.Entry<String, List<String>> entry : userRep.getClientRoles().entrySet()) { ClientModel client = realm.getClientByClientId(entry.getKey()); if (client == null) { throw new RuntimeException("Unable to find client role mappings for client: " + entry.getKey()); } createClientRoleMappings(client, user, entry.getValue()); } } }
Example 2
Source File: RepresentationToModel.java From keycloak with Apache License 2.0 | 6 votes |
public static void createFederatedRoleMappings(UserFederatedStorageProvider federatedStorage, UserRepresentation userRep, RealmModel realm) { if (userRep.getRealmRoles() != null) { for (String roleString : userRep.getRealmRoles()) { RoleModel role = realm.getRole(roleString.trim()); if (role == null) { role = realm.addRole(roleString.trim()); } federatedStorage.grantRole(realm, userRep.getId(), role); } } if (userRep.getClientRoles() != null) { for (Map.Entry<String, List<String>> entry : userRep.getClientRoles().entrySet()) { ClientModel client = realm.getClientByClientId(entry.getKey()); if (client == null) { throw new RuntimeException("Unable to find client role mappings for client: " + entry.getKey()); } createFederatedClientRoleMappings(federatedStorage, realm, client, userRep, entry.getValue()); } } }
Example 3
Source File: FineGrainAdminUnitTest.java From keycloak with Apache License 2.0 | 6 votes |
public static void setupDemo(KeycloakSession session) { RealmModel realm = session.realms().getRealmByName(TEST); realm.addRole("realm-role"); ClientModel client = realm.addClient("sales-application"); RoleModel clientAdmin = client.addRole("admin"); client.addRole("leader-creator"); client.addRole("viewLeads"); GroupModel sales = realm.createGroup("sales"); UserModel admin = session.users().addUser(realm, "salesManager"); admin.setEnabled(true); session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password")); admin = session.users().addUser(realm, "sales-admin"); admin.setEnabled(true); session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password")); UserModel user = session.users().addUser(realm, "salesman"); user.setEnabled(true); user.joinGroup(sales); user = session.users().addUser(realm, "saleswoman"); user.setEnabled(true); }
Example 4
Source File: PolicyEvaluationCompositeRoleTest.java From keycloak with Apache License 2.0 | 6 votes |
public static void setup(KeycloakSession session) { RealmModel realm = session.realms().getRealmByName(TEST); session.getContext().setRealm(realm); ClientModel client = session.realms().addClient(realm, "myclient"); RoleModel role1 = client.addRole("client-role1"); AuthorizationProviderFactory factory = (AuthorizationProviderFactory)session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class); AuthorizationProvider authz = factory.create(session, realm); ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client.getId()); Policy policy = createRolePolicy(authz, resourceServer, role1); Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer); Resource resource = authz.getStoreFactory().getResourceStore().create("myresource", resourceServer, resourceServer.getId()); addScopePermission(authz, resourceServer, "mypermission", resource, scope, policy); RoleModel composite = realm.addRole("composite"); composite.addCompositeRole(role1); UserModel user = session.users().addUser(realm, "user"); user.grantRole(composite); }
Example 5
Source File: KeycloakModelUtils.java From keycloak with Apache License 2.0 | 5 votes |
public static RoleModel setupOfflineRole(RealmModel realm) { RoleModel offlineRole = realm.getRole(Constants.OFFLINE_ACCESS_ROLE); if (offlineRole == null) { offlineRole = realm.addRole(Constants.OFFLINE_ACCESS_ROLE); offlineRole.setDescription("${role_offline-access}"); realm.addDefaultRole(Constants.OFFLINE_ACCESS_ROLE); } return offlineRole; }
Example 6
Source File: KeycloakModelUtils.java From keycloak with Apache License 2.0 | 5 votes |
public static void setupAuthorizationServices(RealmModel realm) { for (String roleName : Constants.AUTHZ_DEFAULT_AUTHORIZATION_ROLES) { if (realm.getRole(roleName) == null) { RoleModel role = realm.addRole(roleName); role.setDescription("${role_" + roleName + "}"); realm.addDefaultRole(roleName); } } }
Example 7
Source File: RepresentationToModel.java From keycloak with Apache License 2.0 | 5 votes |
public static void createRole(RealmModel newRealm, RoleRepresentation roleRep) { RoleModel role = roleRep.getId() != null ? newRealm.addRole(roleRep.getId(), roleRep.getName()) : newRealm.addRole(roleRep.getName()); if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription()); if (roleRep.getAttributes() != null) { for (Map.Entry<String, List<String>> attribute : roleRep.getAttributes().entrySet()) { role.setAttribute(attribute.getKey(), attribute.getValue()); } } }
Example 8
Source File: FineGrainAdminUnitTest.java From keycloak with Apache License 2.0 | 5 votes |
public static void setupDeleteTest(KeycloakSession session ) { RealmModel realm = session.realms().getRealmByName(TEST); RoleModel removedRole = realm.addRole("removedRole"); ClientModel client = realm.addClient("removedClient"); RoleModel removedClientRole = client.addRole("removedClientRole"); GroupModel removedGroup = realm.createGroup("removedGroup"); AdminPermissionManagement management = AdminPermissions.management(session, realm); management.roles().setPermissionsEnabled(removedRole, true); management.roles().setPermissionsEnabled(removedClientRole, true); management.groups().setPermissionsEnabled(removedGroup, true); management.clients().setPermissionsEnabled(client, true); management.users().setPermissionsEnabled(true); }
Example 9
Source File: MultipleRealmsTest.java From keycloak with Apache License 2.0 | 5 votes |
public static void createObjects(KeycloakSession session, RealmModel realm) { ClientModel app1 = realm.addClient("app1"); realm.addClient("app2"); session.users().addUser(realm, "user1"); session.users().addUser(realm, "user2"); realm.addRole("role1"); realm.addRole("role2"); app1.addRole("app1Role1"); app1.addScopeMapping(realm.getRole("role1")); realm.addClient("cl1"); }
Example 10
Source File: ClientTokenExchangeSAML2Test.java From keycloak with Apache License 2.0 | 5 votes |
private static void addDirectExchanger(KeycloakSession session) { RealmModel realm = session.realms().getRealmByName(TEST); RoleModel exampleRole = realm.addRole("example"); AdminPermissionManagement management = AdminPermissions.management(session, realm); ClientModel directExchanger = realm.addClient("direct-exchanger"); directExchanger.setName("direct-exchanger"); directExchanger.setClientId("direct-exchanger"); directExchanger.setPublicClient(false); directExchanger.setDirectAccessGrantsEnabled(true); directExchanger.setEnabled(true); directExchanger.setSecret("secret"); directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); directExchanger.setFullScopeAllowed(false); // permission for client to client exchange to "target" client management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_TARGET), true); management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_ENCRYPTED_TARGET), true); management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET), true); management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET), true); ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation(); clientImpersonateRep.setName("clientImpersonatorsDirect"); clientImpersonateRep.addClient(directExchanger.getId()); ResourceServer server = management.realmResourceServer(); Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server); management.users().setPermissionsEnabled(true); management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy); management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE); UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user"); impersonatedUser.setEnabled(true); session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password")); impersonatedUser.grantRole(exampleRole); }
Example 11
Source File: RealmManager.java From keycloak with Apache License 2.0 | 5 votes |
private void createMasterAdminManagement(RealmModel realm) { RealmModel adminRealm; RoleModel adminRole; if (realm.getName().equals(Config.getAdminRealm())) { adminRealm = realm; adminRole = realm.addRole(AdminRoles.ADMIN); RoleModel createRealmRole = realm.addRole(AdminRoles.CREATE_REALM); adminRole.addCompositeRole(createRealmRole); createRealmRole.setDescription("${role_" + AdminRoles.CREATE_REALM + "}"); } else { adminRealm = model.getRealm(Config.getAdminRealm()); adminRole = adminRealm.getRole(AdminRoles.ADMIN); } adminRole.setDescription("${role_"+AdminRoles.ADMIN+"}"); ClientModel realmAdminApp = KeycloakModelUtils.createClient(adminRealm, KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm.getName())); // No localized name for now realmAdminApp.setName(realm.getName() + " Realm"); realmAdminApp.setBearerOnly(true); realm.setMasterAdminClient(realmAdminApp); for (String r : AdminRoles.ALL_REALM_ROLES) { RoleModel role = realmAdminApp.addRole(r); role.setDescription("${role_"+r+"}"); adminRole.addCompositeRole(role); } addQueryCompositeRoles(realmAdminApp); }
Example 12
Source File: ClientTokenExchangeTest.java From keycloak with Apache License 2.0 | 4 votes |
private static void addDirectExchanger(KeycloakSession session) { RealmModel realm = session.realms().getRealmByName(TEST); RoleModel exampleRole = realm.addRole("example"); AdminPermissionManagement management = AdminPermissions.management(session, realm); ClientModel target = realm.addClient("target"); target.setName("target"); target.setClientId("target"); target.setDirectAccessGrantsEnabled(true); target.setEnabled(true); target.setSecret("secret"); target.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); target.setFullScopeAllowed(false); target.addScopeMapping(exampleRole); ClientModel directExchanger = realm.addClient("direct-exchanger"); directExchanger.setName("direct-exchanger"); directExchanger.setClientId("direct-exchanger"); directExchanger.setPublicClient(false); directExchanger.setDirectAccessGrantsEnabled(true); directExchanger.setEnabled(true); directExchanger.setSecret("secret"); directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); directExchanger.setFullScopeAllowed(false); // permission for client to client exchange to "target" client management.clients().setPermissionsEnabled(target, true); ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation(); clientImpersonateRep.setName("clientImpersonatorsDirect"); clientImpersonateRep.addClient(directExchanger.getId()); ResourceServer server = management.realmResourceServer(); Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server); management.users().setPermissionsEnabled(true); management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy); management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE); UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user"); impersonatedUser.setEnabled(true); session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password")); impersonatedUser.grantRole(exampleRole); }
Example 13
Source File: RealmRolesPartialImport.java From keycloak with Apache License 2.0 | 4 votes |
@Override public void create(RealmModel realm, KeycloakSession session, RoleRepresentation roleRep) { realm.addRole(getName(roleRep)); }