• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• keycloak-protocol-cas-master
  • src
    • main
      • resources
        • META-INF
          • services
            • org.keycloak.protocol.LoginProtocolFactory
            • org.keycloak.protocol.ClientInstallationProvider
            • org.keycloak.protocol.ProtocolMapper
      • java
        • org
          • keycloak
            • protocol
              • cas
                • CASLoginProtocolService.java
                • utils
                  • CASValidationException.java
                  • ContentTypeHelper.java
                  • LogoutHelper.java
                  • AttributesMapAdapter.java
                  • ServiceResponseHelper.java
                  • ServiceResponseMarshaller.java
                • representations
                  • SamlResponseHelper.java
                  • CASServiceResponseAuthenticationSuccess.java
                  • CASErrorCode.java
                  • CASServiceResponseAuthenticationFailure.java
                  • package-info.java
                  • CASServiceResponse.java
                • CASLoginProtocolFactory.java
                • mappers
                  • UserSessionNoteMapper.java
                  • UserPropertyMapper.java
                  • AbstractCASProtocolMapper.java
                  • AbstractUserRoleMappingMapper.java
                  • UserRealmRoleMappingMapper.java
                  • GroupMembershipMapper.java
                  • HardcodedClaim.java
                  • UserClientRoleMappingMapper.java
                  • CASAttributeMapper.java
                  • UserAttributeMapper.java
                  • CASAttributeMapperHelper.java
                  • FullNameMapper.java
                • endpoints
                  • SamlValidateEndpoint.java
                  • LogoutEndpoint.java
                  • ValidateEndpoint.java
                  • AuthorizationEndpoint.java
                  • AbstractValidateEndpoint.java
                  • ServiceValidateEndpoint.java
                • CASLoginProtocol.java
                • installation
                  • KeycloakCASClientInstallation.java
    • test
      • resources
        • org
          • keycloak
            • protocol
              • cas
                • xmldsig-core-schema.xsd
                • cas-response-schema.xsd
                • oasis-sstc-saml-schema-protocol-1.1.xsd
                • oasis-sstc-saml-schema-assertion-1.1.xsd
      • java
        • org
          • keycloak
            • protocol
              • cas
                • ContentTypeHelperTest.java
                • XMLValidator.java
                • SamlResponseTest.java
                • ServiceResponseTest.java
                • LogoutHelperTest.java
  • pom.xml
  • integrationTest
    • suite.sh
  • LICENSE
  • update.sh
  • .gitattributes
  • .travis.yml
  • README.md
  • .gitignore

package org.keycloak.protocol.cas.mappers;

import org.keycloak.models.ClientSessionContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken;
import org.keycloak.utils.RoleResolveUtil;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;

public class UserRealmRoleMappingMapper extends AbstractUserRoleMappingMapper {
    public static final String PROVIDER_ID = "cas-usermodel-realm-role-mapper";

    private static final List<ProviderConfigProperty> CONFIG_PROPERTIES = new ArrayList<>();

    static {

        ProviderConfigProperty realmRolePrefix = new ProviderConfigProperty();
        realmRolePrefix.setName(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX);
        realmRolePrefix.setLabel(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX_LABEL);
        realmRolePrefix.setHelpText(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX_HELP_TEXT);
        realmRolePrefix.setType(ProviderConfigProperty.STRING_TYPE);
        CONFIG_PROPERTIES.add(realmRolePrefix);

        OIDCAttributeMapperHelper.addTokenClaimNameConfig(CONFIG_PROPERTIES);
    }

    @Override
    public List<ProviderConfigProperty> getConfigProperties() {
        return CONFIG_PROPERTIES;
    }

    @Override
    public String getId() {
        return PROVIDER_ID;
    }

    @Override
    public String getDisplayType() {
        return "User Realm Role";
    }

    @Override
    public String getDisplayCategory() {
        return TOKEN_MAPPER_CATEGORY;
    }

    @Override
    public String getHelpText() {
        return "Map a user realm role to a token claim.";
    }

    @Override
    public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession,
                             KeycloakSession session, ClientSessionContext clientSessionCtx) {
        String rolePrefix = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX);

        AccessToken.Access access = RoleResolveUtil.getResolvedRealmRoles(session, clientSessionCtx, false);
        if (access == null) {
            return;
        }

        setAttribute(attributes, mappingModel, access.getRoles(), rolePrefix);
    }

    public static ProtocolMapperModel create(String realmRolePrefix, String name, String tokenClaimName) {
        ProtocolMapperModel mapper = CASAttributeMapperHelper.createClaimMapper(name, tokenClaimName,
                "String", PROVIDER_ID);
        mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX, realmRolePrefix);
        return mapper;
    }
}