Java Code Examples for org.keycloak.models.RealmModel#addRole()

The following examples show how to use org.keycloak.models.RealmModel#addRole() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RepresentationToModel.java    From keycloak with Apache License 2.0 6 votes vote down vote up 
public static void createRoleMappings(UserRepresentation userRep, UserModel user, RealmModel realm) {
    if (userRep.getRealmRoles() != null) {
        for (String roleString : userRep.getRealmRoles()) {
            RoleModel role = realm.getRole(roleString.trim());
            if (role == null) {
                role = realm.addRole(roleString.trim());
            }
            user.grantRole(role);
        }
    }
    if (userRep.getClientRoles() != null) {
        for (Map.Entry<String, List<String>> entry : userRep.getClientRoles().entrySet()) {
            ClientModel client = realm.getClientByClientId(entry.getKey());
            if (client == null) {
                throw new RuntimeException("Unable to find client role mappings for client: " + entry.getKey());
            }
            createClientRoleMappings(client, user, entry.getValue());
        }
    }
}
Example 2
Source File: RepresentationToModel.java    From keycloak with Apache License 2.0 6 votes vote down vote up 
public static void createFederatedRoleMappings(UserFederatedStorageProvider federatedStorage, UserRepresentation userRep, RealmModel realm) {
    if (userRep.getRealmRoles() != null) {
        for (String roleString : userRep.getRealmRoles()) {
            RoleModel role = realm.getRole(roleString.trim());
            if (role == null) {
                role = realm.addRole(roleString.trim());
            }
            federatedStorage.grantRole(realm, userRep.getId(), role);
        }
    }
    if (userRep.getClientRoles() != null) {
        for (Map.Entry<String, List<String>> entry : userRep.getClientRoles().entrySet()) {
            ClientModel client = realm.getClientByClientId(entry.getKey());
            if (client == null) {
                throw new RuntimeException("Unable to find client role mappings for client: " + entry.getKey());
            }
            createFederatedClientRoleMappings(federatedStorage, realm, client, userRep, entry.getValue());
        }
    }
}
Example 3
Source File: FineGrainAdminUnitTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up 
public static void setupDemo(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    realm.addRole("realm-role");
    ClientModel client = realm.addClient("sales-application");
    RoleModel clientAdmin = client.addRole("admin");
    client.addRole("leader-creator");
    client.addRole("viewLeads");
    GroupModel sales = realm.createGroup("sales");


    UserModel admin = session.users().addUser(realm, "salesManager");
    admin.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));

    admin = session.users().addUser(realm, "sales-admin");
    admin.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, admin, UserCredentialModel.password("password"));

    UserModel user = session.users().addUser(realm, "salesman");
    user.setEnabled(true);
    user.joinGroup(sales);

    user = session.users().addUser(realm, "saleswoman");
    user.setEnabled(true);

}
Example 4
Source File: PolicyEvaluationCompositeRoleTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up 
public static void setup(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);

    session.getContext().setRealm(realm);

    ClientModel client = session.realms().addClient(realm, "myclient");
    RoleModel role1 = client.addRole("client-role1");


    AuthorizationProviderFactory factory = (AuthorizationProviderFactory)session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
    AuthorizationProvider authz = factory.create(session, realm);
    ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client.getId());
    Policy policy = createRolePolicy(authz, resourceServer, role1);

    Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer);
    Resource resource = authz.getStoreFactory().getResourceStore().create("myresource", resourceServer, resourceServer.getId());
    addScopePermission(authz, resourceServer, "mypermission", resource, scope, policy);

    RoleModel composite = realm.addRole("composite");
    composite.addCompositeRole(role1);

    UserModel user = session.users().addUser(realm, "user");
    user.grantRole(composite);
}
Example 5
Source File: KeycloakModelUtils.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
public static RoleModel setupOfflineRole(RealmModel realm) {
    RoleModel offlineRole = realm.getRole(Constants.OFFLINE_ACCESS_ROLE);

    if (offlineRole == null) {
        offlineRole = realm.addRole(Constants.OFFLINE_ACCESS_ROLE);
        offlineRole.setDescription("${role_offline-access}");
        realm.addDefaultRole(Constants.OFFLINE_ACCESS_ROLE);
    }

    return offlineRole;
}
Example 6
Source File: KeycloakModelUtils.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
public static void setupAuthorizationServices(RealmModel realm) {
    for (String roleName : Constants.AUTHZ_DEFAULT_AUTHORIZATION_ROLES) {
        if (realm.getRole(roleName) == null) {
            RoleModel role = realm.addRole(roleName);
            role.setDescription("${role_" + roleName + "}");
            realm.addDefaultRole(roleName);
        }
    }
}
Example 7
Source File: RepresentationToModel.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
public static void createRole(RealmModel newRealm, RoleRepresentation roleRep) {
    RoleModel role = roleRep.getId() != null ? newRealm.addRole(roleRep.getId(), roleRep.getName()) : newRealm.addRole(roleRep.getName());
    if (roleRep.getDescription() != null) role.setDescription(roleRep.getDescription());
    if (roleRep.getAttributes() != null) {
        for (Map.Entry<String, List<String>> attribute : roleRep.getAttributes().entrySet()) {
            role.setAttribute(attribute.getKey(), attribute.getValue());
        }
    }
}
Example 8
Source File: FineGrainAdminUnitTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
public static void setupDeleteTest(KeycloakSession session )  {
    RealmModel realm = session.realms().getRealmByName(TEST);
    RoleModel removedRole = realm.addRole("removedRole");
    ClientModel client = realm.addClient("removedClient");
    RoleModel removedClientRole = client.addRole("removedClientRole");
    GroupModel removedGroup = realm.createGroup("removedGroup");
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    management.roles().setPermissionsEnabled(removedRole, true);
    management.roles().setPermissionsEnabled(removedClientRole, true);
    management.groups().setPermissionsEnabled(removedGroup, true);
    management.clients().setPermissionsEnabled(client, true);
    management.users().setPermissionsEnabled(true);
}
Example 9
Source File: MultipleRealmsTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
public static void createObjects(KeycloakSession session, RealmModel realm) {
    ClientModel app1 = realm.addClient("app1");
    realm.addClient("app2");

    session.users().addUser(realm, "user1");
    session.users().addUser(realm, "user2");

    realm.addRole("role1");
    realm.addRole("role2");

    app1.addRole("app1Role1");
    app1.addScopeMapping(realm.getRole("role1"));

    realm.addClient("cl1");
}
Example 10
Source File: ClientTokenExchangeSAML2Test.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
private static void addDirectExchanger(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    RoleModel exampleRole = realm.addRole("example");
    AdminPermissionManagement management = AdminPermissions.management(session, realm);

    ClientModel directExchanger = realm.addClient("direct-exchanger");
    directExchanger.setName("direct-exchanger");
    directExchanger.setClientId("direct-exchanger");
    directExchanger.setPublicClient(false);
    directExchanger.setDirectAccessGrantsEnabled(true);
    directExchanger.setEnabled(true);
    directExchanger.setSecret("secret");
    directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directExchanger.setFullScopeAllowed(false);

    // permission for client to client exchange to "target" client
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_ENCRYPTED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET), true);

    ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
    clientImpersonateRep.setName("clientImpersonatorsDirect");
    clientImpersonateRep.addClient(directExchanger.getId());

    ResourceServer server = management.realmResourceServer();
    Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
    management.users().setPermissionsEnabled(true);
    management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
    management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);

    UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user");
    impersonatedUser.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password"));
    impersonatedUser.grantRole(exampleRole);
}
Example 11
Source File: RealmManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
private void createMasterAdminManagement(RealmModel realm) {
    RealmModel adminRealm;
    RoleModel adminRole;

    if (realm.getName().equals(Config.getAdminRealm())) {
        adminRealm = realm;

        adminRole = realm.addRole(AdminRoles.ADMIN);

        RoleModel createRealmRole = realm.addRole(AdminRoles.CREATE_REALM);
        adminRole.addCompositeRole(createRealmRole);
        createRealmRole.setDescription("${role_" + AdminRoles.CREATE_REALM + "}");
    } else {
        adminRealm = model.getRealm(Config.getAdminRealm());
        adminRole = adminRealm.getRole(AdminRoles.ADMIN);
    }
    adminRole.setDescription("${role_"+AdminRoles.ADMIN+"}");

    ClientModel realmAdminApp = KeycloakModelUtils.createClient(adminRealm, KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm.getName()));
    // No localized name for now
    realmAdminApp.setName(realm.getName() + " Realm");
    realmAdminApp.setBearerOnly(true);
    realm.setMasterAdminClient(realmAdminApp);

    for (String r : AdminRoles.ALL_REALM_ROLES) {
        RoleModel role = realmAdminApp.addRole(r);
        role.setDescription("${role_"+r+"}");
        adminRole.addCompositeRole(role);
    }
    addQueryCompositeRoles(realmAdminApp);
}
Example 12
Source File: ClientTokenExchangeTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up 
private static void addDirectExchanger(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    RoleModel exampleRole = realm.addRole("example");
    AdminPermissionManagement management = AdminPermissions.management(session, realm);

    ClientModel target = realm.addClient("target");
    target.setName("target");
    target.setClientId("target");
    target.setDirectAccessGrantsEnabled(true);
    target.setEnabled(true);
    target.setSecret("secret");
    target.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    target.setFullScopeAllowed(false);
    target.addScopeMapping(exampleRole);

    ClientModel directExchanger = realm.addClient("direct-exchanger");
    directExchanger.setName("direct-exchanger");
    directExchanger.setClientId("direct-exchanger");
    directExchanger.setPublicClient(false);
    directExchanger.setDirectAccessGrantsEnabled(true);
    directExchanger.setEnabled(true);
    directExchanger.setSecret("secret");
    directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directExchanger.setFullScopeAllowed(false);

    // permission for client to client exchange to "target" client
    management.clients().setPermissionsEnabled(target, true);

    ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
    clientImpersonateRep.setName("clientImpersonatorsDirect");
    clientImpersonateRep.addClient(directExchanger.getId());

    ResourceServer server = management.realmResourceServer();
    Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
    management.users().setPermissionsEnabled(true);
    management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
    management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);

    UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user");
    impersonatedUser.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password"));
    impersonatedUser.grantRole(exampleRole);
}
Example 13
Source File: RealmRolesPartialImport.java    From keycloak with Apache License 2.0 4 votes vote down vote up 
@Override
public void create(RealmModel realm, KeycloakSession session, RoleRepresentation roleRep) {
    realm.addRole(getName(roleRep));
}